@n2world/orchestrator 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (154) hide show
  1. package/dist/agent-os-rd.d.ts +100 -0
  2. package/dist/agent-os-rd.js +258 -0
  3. package/dist/audit-store.d.ts +14 -0
  4. package/dist/audit-store.js +107 -0
  5. package/dist/beta-runner.d.ts +95 -0
  6. package/dist/beta-runner.js +251 -0
  7. package/dist/beta.d.ts +102 -0
  8. package/dist/beta.js +180 -0
  9. package/dist/browser-agent.d.ts +90 -0
  10. package/dist/browser-agent.js +223 -0
  11. package/dist/channel-gateway.d.ts +74 -0
  12. package/dist/channel-gateway.js +270 -0
  13. package/dist/channels.d.ts +120 -0
  14. package/dist/channels.js +432 -0
  15. package/dist/chat-store.d.ts +29 -0
  16. package/dist/chat-store.js +120 -0
  17. package/dist/cli.d.ts +2 -0
  18. package/dist/cli.js +607 -0
  19. package/dist/command-screen.d.ts +12 -0
  20. package/dist/command-screen.js +44 -0
  21. package/dist/commit-gate.d.ts +98 -0
  22. package/dist/commit-gate.js +258 -0
  23. package/dist/companion-api.d.ts +37 -0
  24. package/dist/companion-api.js +101 -0
  25. package/dist/conversation-graph.d.ts +39 -0
  26. package/dist/conversation-graph.js +92 -0
  27. package/dist/cost-estimator.d.ts +27 -0
  28. package/dist/cost-estimator.js +42 -0
  29. package/dist/cron-runner.d.ts +31 -0
  30. package/dist/cron-runner.js +46 -0
  31. package/dist/dashboard/chat.html +326 -0
  32. package/dist/dashboard/dental.html +58 -0
  33. package/dist/dashboard/freebie.png +0 -0
  34. package/dist/dashboard/icon-192.png +0 -0
  35. package/dist/dashboard/index.html +892 -0
  36. package/dist/dashboard/manifest.json +15 -0
  37. package/dist/dashboard/service-worker.js +28 -0
  38. package/dist/dashboard-server.d.ts +37 -0
  39. package/dist/dashboard-server.js +457 -0
  40. package/dist/dental-intake-service.d.ts +37 -0
  41. package/dist/dental-intake-service.js +61 -0
  42. package/dist/dental-metrics.d.ts +25 -0
  43. package/dist/dental-metrics.js +37 -0
  44. package/dist/docking.d.ts +36 -0
  45. package/dist/docking.js +73 -0
  46. package/dist/finance-mcts-candidate.d.ts +37 -0
  47. package/dist/finance-mcts-candidate.js +106 -0
  48. package/dist/finance-regulation-kr.d.ts +33 -0
  49. package/dist/finance-regulation-kr.js +104 -0
  50. package/dist/finance-workflow.d.ts +135 -0
  51. package/dist/finance-workflow.js +242 -0
  52. package/dist/gateway.d.ts +18 -0
  53. package/dist/gateway.js +123 -0
  54. package/dist/governance.d.ts +39 -0
  55. package/dist/governance.js +48 -0
  56. package/dist/governed-executor.d.ts +31 -0
  57. package/dist/governed-executor.js +63 -0
  58. package/dist/governed-llm.d.ts +41 -0
  59. package/dist/governed-llm.js +83 -0
  60. package/dist/gpu-bridge.d.ts +16 -0
  61. package/dist/gpu-bridge.js +53 -0
  62. package/dist/health.d.ts +47 -0
  63. package/dist/health.js +66 -0
  64. package/dist/identity-link.d.ts +32 -0
  65. package/dist/identity-link.js +98 -0
  66. package/dist/index.d.ts +184 -0
  67. package/dist/index.js +417 -0
  68. package/dist/integrations/emr-adapter.d.ts +41 -0
  69. package/dist/integrations/emr-adapter.js +63 -0
  70. package/dist/kakao-oauth.d.ts +16 -0
  71. package/dist/kakao-oauth.js +87 -0
  72. package/dist/knowledge-graph.d.ts +53 -0
  73. package/dist/knowledge-graph.js +156 -0
  74. package/dist/llm.d.ts +65 -0
  75. package/dist/llm.js +357 -0
  76. package/dist/mcp-client-guard.d.ts +32 -0
  77. package/dist/mcp-client-guard.js +179 -0
  78. package/dist/mcp-macaroon.d.ts +75 -0
  79. package/dist/mcp-macaroon.js +161 -0
  80. package/dist/mcts-kernel-bridge.d.ts +36 -0
  81. package/dist/mcts-kernel-bridge.js +99 -0
  82. package/dist/mcts-prior.d.ts +79 -0
  83. package/dist/mcts-prior.js +170 -0
  84. package/dist/model-router.d.ts +51 -0
  85. package/dist/model-router.js +75 -0
  86. package/dist/multi-axis-lift.d.ts +43 -0
  87. package/dist/multi-axis-lift.js +141 -0
  88. package/dist/net-guard.d.ts +39 -0
  89. package/dist/net-guard.js +141 -0
  90. package/dist/onboarding.d.ts +38 -0
  91. package/dist/onboarding.js +94 -0
  92. package/dist/oracle-anchored-search.d.ts +25 -0
  93. package/dist/oracle-anchored-search.js +50 -0
  94. package/dist/oracle.d.ts +22 -0
  95. package/dist/oracle.js +116 -0
  96. package/dist/p6-governance.d.ts +150 -0
  97. package/dist/p6-governance.js +252 -0
  98. package/dist/pairing.d.ts +22 -0
  99. package/dist/pairing.js +81 -0
  100. package/dist/personalization.d.ts +35 -0
  101. package/dist/personalization.js +73 -0
  102. package/dist/pglite-hnsw-bridge.d.ts +118 -0
  103. package/dist/pglite-hnsw-bridge.js +311 -0
  104. package/dist/pglite-store.d.ts +59 -0
  105. package/dist/pglite-store.js +180 -0
  106. package/dist/playbook.d.ts +79 -0
  107. package/dist/playbook.js +83 -0
  108. package/dist/playbooks/dental-intake.d.ts +20 -0
  109. package/dist/playbooks/dental-intake.js +112 -0
  110. package/dist/predictive-agent.d.ts +157 -0
  111. package/dist/predictive-agent.js +535 -0
  112. package/dist/prompt-optimizer.d.ts +18 -0
  113. package/dist/prompt-optimizer.js +104 -0
  114. package/dist/rate-limiter.d.ts +25 -0
  115. package/dist/rate-limiter.js +75 -0
  116. package/dist/safety-anneal.d.ts +83 -0
  117. package/dist/safety-anneal.js +153 -0
  118. package/dist/sandbox-controller.d.ts +12 -0
  119. package/dist/sandbox-controller.js +95 -0
  120. package/dist/satisfaction-metrics.d.ts +26 -0
  121. package/dist/satisfaction-metrics.js +61 -0
  122. package/dist/sensor-bridge.d.ts +53 -0
  123. package/dist/sensor-bridge.js +133 -0
  124. package/dist/session-repair.d.ts +27 -0
  125. package/dist/session-repair.js +66 -0
  126. package/dist/slack-finance-intake.d.ts +42 -0
  127. package/dist/slack-finance-intake.js +122 -0
  128. package/dist/symbolic-dynamics.d.ts +113 -0
  129. package/dist/symbolic-dynamics.js +420 -0
  130. package/dist/telemetry.d.ts +19 -0
  131. package/dist/telemetry.js +68 -0
  132. package/dist/text-embedding.d.ts +6 -0
  133. package/dist/text-embedding.js +42 -0
  134. package/dist/tier-classifier.d.ts +20 -0
  135. package/dist/tier-classifier.js +58 -0
  136. package/dist/tier-guard.d.ts +36 -0
  137. package/dist/tier-guard.js +56 -0
  138. package/dist/tui.d.ts +9 -0
  139. package/dist/tui.js +214 -0
  140. package/dist/update-security.d.ts +31 -0
  141. package/dist/update-security.js +112 -0
  142. package/dist/v-calibration.d.ts +16 -0
  143. package/dist/v-calibration.js +42 -0
  144. package/dist/value-calibration.d.ts +41 -0
  145. package/dist/value-calibration.js +133 -0
  146. package/dist/value-head.d.ts +20 -0
  147. package/dist/value-head.js +91 -0
  148. package/dist/wal-buffer.d.ts +23 -0
  149. package/dist/wal-buffer.js +144 -0
  150. package/dist/wiki-synthesizer.d.ts +80 -0
  151. package/dist/wiki-synthesizer.js +0 -0
  152. package/dist/worker-agent.d.ts +10 -0
  153. package/dist/worker-agent.js +19 -0
  154. package/package.json +65 -0
@@ -0,0 +1,100 @@
1
+ export declare class Macaroon {
2
+ identifier: string;
3
+ caveats: string[];
4
+ signature: string;
5
+ constructor(identifier: string, caveats: string[], signature: string);
6
+ static create(secret: string, identifier: string, target: string): Macaroon;
7
+ static attenuate(macaroon: Macaroon, caveat: string): Macaroon;
8
+ static serialize(macaroon: Macaroon): string;
9
+ static deserialize(token: string): Macaroon;
10
+ }
11
+ export declare class MacaroonVerifier {
12
+ static verify(token: string, secret: string, context: {
13
+ target: string;
14
+ time: number;
15
+ path: string;
16
+ }): boolean;
17
+ }
18
+ export interface A2AContext {
19
+ target: string;
20
+ time: number;
21
+ path: string;
22
+ }
23
+ /** 동료(에이전트)별 평판 원장. 위반에 민감(위반 시 강하게 감점). */
24
+ export declare class ReputationLedger {
25
+ private rep;
26
+ private entry;
27
+ recordSuccess(peerId: string): void;
28
+ recordViolation(peerId: string): void;
29
+ /** 신규 동료는 중립(0.5)에서 시작. 위반이 누적될수록 0에 수렴. */
30
+ get(peerId: string): number;
31
+ }
32
+ export declare class A2ATrustGate {
33
+ private secret;
34
+ private ledger;
35
+ private minTrust;
36
+ constructor(secret: string, ledger?: ReputationLedger, minTrust?: number);
37
+ /** 신뢰 t 산출. HARD_GATE(서명+범위) 통과해야 t>0. 미달이면 allowed=false. */
38
+ evaluate(peerId: string, macaroonToken: string, ctx: A2AContext): {
39
+ trust: number;
40
+ allowed: boolean;
41
+ reason: string;
42
+ };
43
+ ledgerRef(): ReputationLedger;
44
+ }
45
+ export interface OverlayResult {
46
+ supported: boolean;
47
+ coldMs: number;
48
+ hotMs: number;
49
+ coldResult: string;
50
+ hotResult: string;
51
+ }
52
+ export declare class OverlayFsCompilerOptimizer {
53
+ /**
54
+ * [시뮬레이션] 실제 마운트 없이 cold/hot 지연을 흉내낸다. 정직 표기: 이것은 측정이 아니다.
55
+ * 실제 측정은 realOverlayCacheDemo() 사용.
56
+ */
57
+ simulateCompile(mode: 'cold' | 'hot'): Promise<{
58
+ latencyMs: number;
59
+ buildOutput: string;
60
+ }>;
61
+ /**
62
+ * [실측] 무권한 user namespace로 진짜 OverlayFS를 마운트해, 캐시된 툴체인이 재컴파일을
63
+ * 제거함을 측정한다(sudo 불필요, Linux 한정). 비-Linux는 supported=false 로 정직히 표기.
64
+ */
65
+ realOverlayCacheDemo(): Promise<OverlayResult>;
66
+ }
67
+ export interface SchedulerConfig {
68
+ kappa: number;
69
+ v0: number;
70
+ wMin: number;
71
+ wMax: number;
72
+ }
73
+ export declare const DEFAULT_SCHEDULER_CONFIG: SchedulerConfig;
74
+ /** 식(2)의 시그모이드 σ(x)=1/(1+e^-x). P3.5 SmoothSafetyAnneal 등에서 재사용한다. */
75
+ export declare function sigmoid(x: number): number;
76
+ export declare class EbpfSchedulerDriver {
77
+ private currentWeights;
78
+ private cfg;
79
+ constructor(cfg?: Partial<SchedulerConfig>);
80
+ /** 식(2): 정규화된 v_norm∈[0,1] → cgroups CPU 가중치. 단조 증가·조정 가능. */
81
+ weightForValue(vNorm: number): number;
82
+ /** 루트 자식 Q들을 min-max 정규화해 v_norm∈[0,1]로(교차과제 비교가능화). */
83
+ static normalize(q: number, qMin: number, qMax: number): number;
84
+ /**
85
+ * 정규화된 v_norm 으로 cgroups 가중치를 적용한다.
86
+ * - `weight`: 식(2)로 계산한 의도 가중치(플랫폼 무관, 항상 기록).
87
+ * - `success`: 커널 cpu.weight 실기입 성공 여부(Linux+유효 cgroup+권한일 때만 true. 비-Linux는 false — 정직).
88
+ */
89
+ adjustResourceByValue(cgroupPath: string, vNorm: number): {
90
+ weight: number;
91
+ success: boolean;
92
+ };
93
+ /** 원시 Q와 분포(min,max)를 받아 정규화 후 적용하는 편의 메서드. */
94
+ adjustResourceByRawValue(cgroupPath: string, q: number, qMin: number, qMax: number): {
95
+ weight: number;
96
+ vNorm: number;
97
+ success: boolean;
98
+ };
99
+ getWeight(cgroupPath: string): number | undefined;
100
+ }
@@ -0,0 +1,258 @@
1
+ "use strict";
2
+ var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
3
+ if (k2 === undefined) k2 = k;
4
+ var desc = Object.getOwnPropertyDescriptor(m, k);
5
+ if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
6
+ desc = { enumerable: true, get: function() { return m[k]; } };
7
+ }
8
+ Object.defineProperty(o, k2, desc);
9
+ }) : (function(o, m, k, k2) {
10
+ if (k2 === undefined) k2 = k;
11
+ o[k2] = m[k];
12
+ }));
13
+ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
14
+ Object.defineProperty(o, "default", { enumerable: true, value: v });
15
+ }) : function(o, v) {
16
+ o["default"] = v;
17
+ });
18
+ var __importStar = (this && this.__importStar) || (function () {
19
+ var ownKeys = function(o) {
20
+ ownKeys = Object.getOwnPropertyNames || function (o) {
21
+ var ar = [];
22
+ for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
23
+ return ar;
24
+ };
25
+ return ownKeys(o);
26
+ };
27
+ return function (mod) {
28
+ if (mod && mod.__esModule) return mod;
29
+ var result = {};
30
+ if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
31
+ __setModuleDefault(result, mod);
32
+ return result;
33
+ };
34
+ })();
35
+ Object.defineProperty(exports, "__esModule", { value: true });
36
+ exports.EbpfSchedulerDriver = exports.DEFAULT_SCHEDULER_CONFIG = exports.OverlayFsCompilerOptimizer = exports.A2ATrustGate = exports.ReputationLedger = exports.MacaroonVerifier = exports.Macaroon = void 0;
37
+ exports.sigmoid = sigmoid;
38
+ const crypto = __importStar(require("crypto"));
39
+ const child_process_1 = require("child_process");
40
+ const path = __importStar(require("path"));
41
+ const core_1 = require("@n2world/core");
42
+ // ============================================================================
43
+ // 7.1. Macaroon Token based A2A (Agent-to-Agent) Secure Collaboration Protocol
44
+ // ============================================================================
45
+ class Macaroon {
46
+ identifier;
47
+ caveats;
48
+ signature;
49
+ constructor(identifier, caveats, signature) {
50
+ this.identifier = identifier;
51
+ this.caveats = caveats;
52
+ this.signature = signature;
53
+ }
54
+ static create(secret, identifier, target) {
55
+ const rootSig = crypto.createHmac('sha256', secret).update(identifier).digest('hex');
56
+ const targetCaveat = `target = ${target}`;
57
+ const delegatedSig = crypto.createHmac('sha256', rootSig).update(targetCaveat).digest('hex');
58
+ return new Macaroon(identifier, [targetCaveat], delegatedSig);
59
+ }
60
+ static attenuate(macaroon, caveat) {
61
+ const newSig = crypto.createHmac('sha256', macaroon.signature).update(caveat).digest('hex');
62
+ return new Macaroon(macaroon.identifier, [...macaroon.caveats, caveat], newSig);
63
+ }
64
+ static serialize(macaroon) {
65
+ return Buffer.from(JSON.stringify(macaroon)).toString('base64');
66
+ }
67
+ static deserialize(token) {
68
+ const json = Buffer.from(token, 'base64').toString('utf8');
69
+ const obj = JSON.parse(json);
70
+ return new Macaroon(obj.identifier, obj.caveats, obj.signature);
71
+ }
72
+ }
73
+ exports.Macaroon = Macaroon;
74
+ class MacaroonVerifier {
75
+ static verify(token, secret, context) {
76
+ try {
77
+ const macaroon = Macaroon.deserialize(token);
78
+ // Verify signature chain integrity
79
+ let currentSig = crypto.createHmac('sha256', secret).update(macaroon.identifier).digest('hex');
80
+ for (const caveat of macaroon.caveats) {
81
+ currentSig = crypto.createHmac('sha256', currentSig).update(caveat).digest('hex');
82
+ }
83
+ if (currentSig !== macaroon.signature) {
84
+ return false; // Signature validation failed
85
+ }
86
+ // Verify contextual caveats (expire, target path, target agent ID)
87
+ for (const caveat of macaroon.caveats) {
88
+ if (caveat.startsWith('target = ')) {
89
+ const t = caveat.substring(9);
90
+ if (t !== context.target)
91
+ return false;
92
+ }
93
+ if (caveat.startsWith('expires < ')) {
94
+ const t = parseInt(caveat.substring(10), 10);
95
+ if (context.time >= t)
96
+ return false;
97
+ }
98
+ if (caveat.startsWith('path = ')) {
99
+ const p = caveat.substring(7);
100
+ if (!context.path.startsWith(p))
101
+ return false;
102
+ }
103
+ }
104
+ return true;
105
+ }
106
+ catch {
107
+ return false;
108
+ }
109
+ }
110
+ }
111
+ exports.MacaroonVerifier = MacaroonVerifier;
112
+ /** 동료(에이전트)별 평판 원장. 위반에 민감(위반 시 강하게 감점). */
113
+ class ReputationLedger {
114
+ rep = new Map();
115
+ entry(peerId) {
116
+ let r = this.rep.get(peerId);
117
+ if (!r) {
118
+ r = { success: 0, violation: 0 };
119
+ this.rep.set(peerId, r);
120
+ }
121
+ return r;
122
+ }
123
+ recordSuccess(peerId) {
124
+ this.entry(peerId).success += 1;
125
+ }
126
+ recordViolation(peerId) {
127
+ this.entry(peerId).violation += 2; // 위반은 성공보다 무겁게
128
+ }
129
+ /** 신규 동료는 중립(0.5)에서 시작. 위반이 누적될수록 0에 수렴. */
130
+ get(peerId) {
131
+ const r = this.rep.get(peerId);
132
+ if (!r)
133
+ return 0.5;
134
+ const total = r.success + r.violation;
135
+ if (total === 0)
136
+ return 0.5;
137
+ return r.success / (total + 1);
138
+ }
139
+ }
140
+ exports.ReputationLedger = ReputationLedger;
141
+ class A2ATrustGate {
142
+ secret;
143
+ ledger;
144
+ minTrust;
145
+ constructor(secret, ledger = new ReputationLedger(), minTrust = 0.25) {
146
+ this.secret = secret;
147
+ this.ledger = ledger;
148
+ this.minTrust = minTrust;
149
+ }
150
+ /** 신뢰 t 산출. HARD_GATE(서명+범위) 통과해야 t>0. 미달이면 allowed=false. */
151
+ evaluate(peerId, macaroonToken, ctx) {
152
+ const hardGate = MacaroonVerifier.verify(macaroonToken, this.secret, ctx);
153
+ if (!hardGate) {
154
+ this.ledger.recordViolation(peerId); // 위조/범위 밖 시도 → 평판 감점
155
+ return { trust: 0, allowed: false, reason: 'HARD_GATE 실패(서명 또는 Macaroon 범위)' };
156
+ }
157
+ const reputation = this.ledger.get(peerId);
158
+ const trust = 1 * reputation; // HARD_GATE=1
159
+ if (trust < this.minTrust) {
160
+ return { trust, allowed: false, reason: `신뢰 미달(t=${trust.toFixed(3)} < ${this.minTrust})` };
161
+ }
162
+ return { trust, allowed: true, reason: 'ok' };
163
+ }
164
+ ledgerRef() {
165
+ return this.ledger;
166
+ }
167
+ }
168
+ exports.A2ATrustGate = A2ATrustGate;
169
+ class OverlayFsCompilerOptimizer {
170
+ /**
171
+ * [시뮬레이션] 실제 마운트 없이 cold/hot 지연을 흉내낸다. 정직 표기: 이것은 측정이 아니다.
172
+ * 실제 측정은 realOverlayCacheDemo() 사용.
173
+ */
174
+ async simulateCompile(mode) {
175
+ const t0 = performance.now();
176
+ if (mode === 'cold') {
177
+ await new Promise((resolve) => setTimeout(resolve, 50));
178
+ return { latencyMs: performance.now() - t0, buildOutput: '[sim] compiled from scratch' };
179
+ }
180
+ await Promise.resolve();
181
+ return { latencyMs: performance.now() - t0, buildOutput: '[sim] OverlayFS cache mount' };
182
+ }
183
+ /**
184
+ * [실측] 무권한 user namespace로 진짜 OverlayFS를 마운트해, 캐시된 툴체인이 재컴파일을
185
+ * 제거함을 측정한다(sudo 불필요, Linux 한정). 비-Linux는 supported=false 로 정직히 표기.
186
+ */
187
+ async realOverlayCacheDemo() {
188
+ if (process.platform !== 'linux') {
189
+ return { supported: false, coldMs: 0, hotMs: 0, coldResult: 'n/a', hotResult: 'n/a' };
190
+ }
191
+ const script = path.join(__dirname, '..', '..', '..', 'scripts', 'overlay-cache-demo.sh');
192
+ return new Promise((resolve) => {
193
+ (0, child_process_1.execFile)('bash', [script], { timeout: 30000, env: process.env }, (err, stdout) => {
194
+ if (err) {
195
+ resolve({ supported: false, coldMs: 0, hotMs: 0, coldResult: 'error', hotResult: 'error' });
196
+ return;
197
+ }
198
+ try {
199
+ const line = stdout.trim().split('\n').pop();
200
+ const j = JSON.parse(line);
201
+ resolve({ supported: true, coldMs: j.coldMs, hotMs: j.hotMs, coldResult: j.coldResult, hotResult: j.hotResult });
202
+ }
203
+ catch {
204
+ resolve({ supported: false, coldMs: 0, hotMs: 0, coldResult: 'parse-error', hotResult: 'parse-error' });
205
+ }
206
+ });
207
+ });
208
+ }
209
+ }
210
+ exports.OverlayFsCompilerOptimizer = OverlayFsCompilerOptimizer;
211
+ exports.DEFAULT_SCHEDULER_CONFIG = {
212
+ kappa: 12, v0: 0.5, wMin: 100, wMax: 10000,
213
+ };
214
+ /** 식(2)의 시그모이드 σ(x)=1/(1+e^-x). P3.5 SmoothSafetyAnneal 등에서 재사용한다. */
215
+ function sigmoid(x) {
216
+ return 1 / (1 + Math.exp(-x));
217
+ }
218
+ class EbpfSchedulerDriver {
219
+ currentWeights = new Map();
220
+ cfg;
221
+ constructor(cfg = {}) {
222
+ this.cfg = { ...exports.DEFAULT_SCHEDULER_CONFIG, ...cfg };
223
+ }
224
+ /** 식(2): 정규화된 v_norm∈[0,1] → cgroups CPU 가중치. 단조 증가·조정 가능. */
225
+ weightForValue(vNorm) {
226
+ const { kappa, v0, wMin, wMax } = this.cfg;
227
+ const v = Math.max(0, Math.min(1, vNorm));
228
+ const w = wMin + (wMax - wMin) * sigmoid(kappa * (v - v0));
229
+ return Math.round(Math.max(wMin, Math.min(wMax, w)));
230
+ }
231
+ /** 루트 자식 Q들을 min-max 정규화해 v_norm∈[0,1]로(교차과제 비교가능화). */
232
+ static normalize(q, qMin, qMax) {
233
+ if (qMax - qMin < 1e-9)
234
+ return 0.5; // 분산이 없으면 중립값
235
+ return Math.max(0, Math.min(1, (q - qMin) / (qMax - qMin)));
236
+ }
237
+ /**
238
+ * 정규화된 v_norm 으로 cgroups 가중치를 적용한다.
239
+ * - `weight`: 식(2)로 계산한 의도 가중치(플랫폼 무관, 항상 기록).
240
+ * - `success`: 커널 cpu.weight 실기입 성공 여부(Linux+유효 cgroup+권한일 때만 true. 비-Linux는 false — 정직).
241
+ */
242
+ adjustResourceByValue(cgroupPath, vNorm) {
243
+ const weight = this.weightForValue(vNorm);
244
+ this.currentWeights.set(cgroupPath, weight); // 의도 가중치는 항상 기록
245
+ const success = (0, core_1.setCgroupCpuWeight)(cgroupPath, weight); // 실제 커널 기입
246
+ return { weight, success };
247
+ }
248
+ /** 원시 Q와 분포(min,max)를 받아 정규화 후 적용하는 편의 메서드. */
249
+ adjustResourceByRawValue(cgroupPath, q, qMin, qMax) {
250
+ const vNorm = EbpfSchedulerDriver.normalize(q, qMin, qMax);
251
+ const { weight, success } = this.adjustResourceByValue(cgroupPath, vNorm);
252
+ return { weight, vNorm, success };
253
+ }
254
+ getWeight(cgroupPath) {
255
+ return this.currentWeights.get(cgroupPath);
256
+ }
257
+ }
258
+ exports.EbpfSchedulerDriver = EbpfSchedulerDriver;
@@ -0,0 +1,14 @@
1
+ import { AuditEvent, AuditSink } from './governance';
2
+ export declare const DEFAULT_AUDIT_PATH: string;
3
+ export declare class JsonlAuditStore {
4
+ private readonly filePath;
5
+ constructor(filePath?: string);
6
+ /** GovernanceController 에 주입할 영속 sink. append + fsync 로 내구 기록. */
7
+ readonly sink: AuditSink;
8
+ private append;
9
+ /** 디스크에서 감사 이벤트 복원(파일 없음/손상 줄은 건너뜀 — 정직). */
10
+ load(): AuditEvent[];
11
+ /** 기록 건수(디스크 기준). */
12
+ count(): number;
13
+ path(): string;
14
+ }
@@ -0,0 +1,107 @@
1
+ "use strict";
2
+ // ============================================================================
3
+ // JsonlAuditStore — 거버넌스 감사 로그 디스크 영속(append-only JSONL + fsync)
4
+ // ----------------------------------------------------------------------------
5
+ // GovernanceController 의 AuditSink 로 결선해 모든 감사 이벤트를 내구 기록한다.
6
+ // 감사 로그는 append-only 가 자연스럽다(불변 추적). 각 줄은 1 이벤트(JSON).
7
+ // 내구성: append 후 fsync 로 디스크 반영(프로세스가 죽어도 직전 기록까지 보존).
8
+ // 헌법 제4조: 감사 로그는 **로컬 파일에만** 저장한다(외부 전송 없음).
9
+ //
10
+ // 정직 고지(제1계명): 가짜 복원 금지 — 파일 없음/손상 라인은 건너뛰고 정직히 부분 복원.
11
+ // ============================================================================
12
+ var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
13
+ if (k2 === undefined) k2 = k;
14
+ var desc = Object.getOwnPropertyDescriptor(m, k);
15
+ if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
16
+ desc = { enumerable: true, get: function() { return m[k]; } };
17
+ }
18
+ Object.defineProperty(o, k2, desc);
19
+ }) : (function(o, m, k, k2) {
20
+ if (k2 === undefined) k2 = k;
21
+ o[k2] = m[k];
22
+ }));
23
+ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
24
+ Object.defineProperty(o, "default", { enumerable: true, value: v });
25
+ }) : function(o, v) {
26
+ o["default"] = v;
27
+ });
28
+ var __importStar = (this && this.__importStar) || (function () {
29
+ var ownKeys = function(o) {
30
+ ownKeys = Object.getOwnPropertyNames || function (o) {
31
+ var ar = [];
32
+ for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
33
+ return ar;
34
+ };
35
+ return ownKeys(o);
36
+ };
37
+ return function (mod) {
38
+ if (mod && mod.__esModule) return mod;
39
+ var result = {};
40
+ if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
41
+ __setModuleDefault(result, mod);
42
+ return result;
43
+ };
44
+ })();
45
+ Object.defineProperty(exports, "__esModule", { value: true });
46
+ exports.JsonlAuditStore = exports.DEFAULT_AUDIT_PATH = void 0;
47
+ const fs = __importStar(require("fs"));
48
+ const path = __importStar(require("path"));
49
+ exports.DEFAULT_AUDIT_PATH = path.join('audit-data', 'governance-audit.jsonl');
50
+ class JsonlAuditStore {
51
+ filePath;
52
+ constructor(filePath = exports.DEFAULT_AUDIT_PATH) {
53
+ this.filePath = filePath;
54
+ }
55
+ /** GovernanceController 에 주입할 영속 sink. append + fsync 로 내구 기록. */
56
+ sink = (e) => {
57
+ this.append(e);
58
+ };
59
+ append(e) {
60
+ const dir = path.dirname(this.filePath);
61
+ if (dir && !fs.existsSync(dir))
62
+ fs.mkdirSync(dir, { recursive: true });
63
+ const line = JSON.stringify(e) + '\n';
64
+ // append + fsync: 크래시 시에도 직전 줄까지 내구 보존(가짜 ack 금지).
65
+ const fd = fs.openSync(this.filePath, 'a');
66
+ try {
67
+ fs.writeSync(fd, line);
68
+ fs.fsyncSync(fd);
69
+ }
70
+ finally {
71
+ fs.closeSync(fd);
72
+ }
73
+ }
74
+ /** 디스크에서 감사 이벤트 복원(파일 없음/손상 줄은 건너뜀 — 정직). */
75
+ load() {
76
+ let raw;
77
+ try {
78
+ raw = fs.readFileSync(this.filePath, 'utf8');
79
+ }
80
+ catch {
81
+ return []; // 파일 없음 → 빈 로그(날조 금지)
82
+ }
83
+ const out = [];
84
+ for (const line of raw.split('\n')) {
85
+ const s = line.trim();
86
+ if (!s)
87
+ continue;
88
+ try {
89
+ const o = JSON.parse(s);
90
+ if (o && typeof o.t === 'number' && typeof o.type === 'string')
91
+ out.push(o);
92
+ }
93
+ catch {
94
+ /* 손상 줄 건너뜀 */
95
+ }
96
+ }
97
+ return out;
98
+ }
99
+ /** 기록 건수(디스크 기준). */
100
+ count() {
101
+ return this.load().length;
102
+ }
103
+ path() {
104
+ return this.filePath;
105
+ }
106
+ }
107
+ exports.JsonlAuditStore = JsonlAuditStore;
@@ -0,0 +1,95 @@
1
+ import { ConsentGate, ConsentScope, OnboardingTracker, FeedbackStore, TierGuard, ConsentRecord, OnboardingRecord, FeedbackLabel, EgressAttempt } from './beta';
2
+ import { MultiAxisReport } from './multi-axis-lift';
3
+ export type Arm = 'on' | 'off';
4
+ /** 실행 시 누적되는 arm 별 런타임 지표(효율·안전) — 피드백(정오·만족)과 별개로 집계. */
5
+ interface ArmRuntime {
6
+ tasks: number;
7
+ oracleCalls: number;
8
+ totalTimeMs: number;
9
+ safetyChecked: number;
10
+ safetyBlocked: number;
11
+ }
12
+ export interface BetaTaskResult {
13
+ userId: string;
14
+ taskId: string;
15
+ arm: Arm;
16
+ output: string;
17
+ oracleCalls: number;
18
+ timeMs: number;
19
+ personalizationContext: string;
20
+ }
21
+ /** 과제 실행 로그 — 에이전트 출력을 보존해 참가자 라벨링 워크시트를 만든다(라벨 자체는 인간이 입력). */
22
+ export interface BetaTaskLog {
23
+ userId: string;
24
+ taskId: string;
25
+ arm: Arm;
26
+ taskText: string;
27
+ output: string;
28
+ t: number;
29
+ }
30
+ export interface BetaRunnerState {
31
+ consent: ConsentRecord[];
32
+ onboarding: OnboardingRecord[];
33
+ feedback: FeedbackLabel[];
34
+ egress: EgressAttempt[];
35
+ armRuntime: Record<Arm, ArmRuntime>;
36
+ taskLog: BetaTaskLog[];
37
+ }
38
+ export type ShellRunner = (cmd: string) => Promise<string>;
39
+ /**
40
+ * 한 클로즈드 베타 운영 세션. 참가자별 온보딩→과제→피드백을 누적하고 B1 리프트를 산출한다.
41
+ * runShell 은 실 샌드박스 실행기(주입). 미주입 시 과제는 도구 없이 LLM 응답만 받는다.
42
+ */
43
+ export declare class BetaSession {
44
+ readonly consent: ConsentGate;
45
+ readonly onboarding: OnboardingTracker;
46
+ readonly feedback: FeedbackStore;
47
+ readonly tierGuard: TierGuard;
48
+ private profiles;
49
+ private runtime;
50
+ private taskLog;
51
+ /** 참가자 온보딩 — 동의 범위 부여 + signup 기록(실 타임스탬프). */
52
+ onboard(userId: string, scopes?: ConsentScope[], at?: number): void;
53
+ private profile;
54
+ /**
55
+ * 실 LLM 파이프라인으로 과제를 실행한다. arm='on' 이면 누적 사용자 컨텍스트를 주입(얕은 개인화),
56
+ * 'off' 면 주입하지 않는다(A/B 비교군). 효율(①호출·시간)을 실측 누적한다.
57
+ */
58
+ runTask(userId: string, taskId: string, taskText: string, arm: Arm, runShell?: ShellRunner): Promise<BetaTaskResult>;
59
+ /**
60
+ * 참가자(인간)의 라벨을 기록한다. satisfaction1to5 는 1..5 별점(0..1로 정규화), correct 는 정오 판정.
61
+ * **이 라벨은 인간이 준다 — 자체 생성 금지(제1계명).**
62
+ */
63
+ recordFeedback(userId: string, taskId: string, satisfaction1to5: number, correct: boolean | null, arm: Arm, note?: string): void;
64
+ /** 안전 점검 결과를 arm 에 누적(③ 안전 퇴행 — commit-gate/거버넌스 연동 지점). */
65
+ recordSafetyCheck(arm: Arm, blocked: boolean): void;
66
+ onboardedCount(): number;
67
+ /** arm 별 ArmMetrics 구성 — 피드백(정오·만족) + 런타임(효율·안전)에서. */
68
+ private armMetrics;
69
+ /**
70
+ * B1 MultiAxisLift 보고. **실 라벨이 없으면 정직하게 미측정**을 반환한다(자기 채점 금지).
71
+ * 두 arm 모두에 응답된 정오 라벨이 있어야 의미 있는 리프트가 산출된다.
72
+ */
73
+ liftReport(): {
74
+ status: 'measured';
75
+ report: MultiAxisReport;
76
+ onboarded: number;
77
+ } | {
78
+ status: '(목표; 미측정)';
79
+ reason: string;
80
+ onboarded: number;
81
+ };
82
+ /** 이미 라벨된 (task,arm) 인가(중복 라벨 안내 회피용). */
83
+ private isLabeled;
84
+ /**
85
+ * 참가자 라벨링 워크시트(Markdown). 에이전트 출력과 **빈 라벨 칸** + 정확한 feedback 명령을 만든다.
86
+ * ★ 라벨(정오·만족)은 **실참가자가 직접 채운다** — 운영자/에이전트가 대신 채우지 않는다(제1계명).
87
+ */
88
+ worksheet(userId: string): string;
89
+ taskLogFor(userId: string): BetaTaskLog[];
90
+ /** 로컬 영속(헌법 제4조 — 외부 전송 아님). 디렉터리 자동 생성. */
91
+ save(filePath: string): void;
92
+ /** 로컬 스냅샷에서 세션 복원(이어서 운영). */
93
+ static load(filePath: string): BetaSession;
94
+ }
95
+ export {};