@n2world/orchestrator 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/agent-os-rd.d.ts +100 -0
- package/dist/agent-os-rd.js +258 -0
- package/dist/audit-store.d.ts +14 -0
- package/dist/audit-store.js +107 -0
- package/dist/beta-runner.d.ts +95 -0
- package/dist/beta-runner.js +251 -0
- package/dist/beta.d.ts +102 -0
- package/dist/beta.js +180 -0
- package/dist/browser-agent.d.ts +90 -0
- package/dist/browser-agent.js +223 -0
- package/dist/channel-gateway.d.ts +74 -0
- package/dist/channel-gateway.js +270 -0
- package/dist/channels.d.ts +120 -0
- package/dist/channels.js +432 -0
- package/dist/chat-store.d.ts +29 -0
- package/dist/chat-store.js +120 -0
- package/dist/cli.d.ts +2 -0
- package/dist/cli.js +607 -0
- package/dist/command-screen.d.ts +12 -0
- package/dist/command-screen.js +44 -0
- package/dist/commit-gate.d.ts +98 -0
- package/dist/commit-gate.js +258 -0
- package/dist/companion-api.d.ts +37 -0
- package/dist/companion-api.js +101 -0
- package/dist/conversation-graph.d.ts +39 -0
- package/dist/conversation-graph.js +92 -0
- package/dist/cost-estimator.d.ts +27 -0
- package/dist/cost-estimator.js +42 -0
- package/dist/cron-runner.d.ts +31 -0
- package/dist/cron-runner.js +46 -0
- package/dist/dashboard/chat.html +326 -0
- package/dist/dashboard/dental.html +58 -0
- package/dist/dashboard/freebie.png +0 -0
- package/dist/dashboard/icon-192.png +0 -0
- package/dist/dashboard/index.html +892 -0
- package/dist/dashboard/manifest.json +15 -0
- package/dist/dashboard/service-worker.js +28 -0
- package/dist/dashboard-server.d.ts +37 -0
- package/dist/dashboard-server.js +457 -0
- package/dist/dental-intake-service.d.ts +37 -0
- package/dist/dental-intake-service.js +61 -0
- package/dist/dental-metrics.d.ts +25 -0
- package/dist/dental-metrics.js +37 -0
- package/dist/docking.d.ts +36 -0
- package/dist/docking.js +73 -0
- package/dist/finance-mcts-candidate.d.ts +37 -0
- package/dist/finance-mcts-candidate.js +106 -0
- package/dist/finance-regulation-kr.d.ts +33 -0
- package/dist/finance-regulation-kr.js +104 -0
- package/dist/finance-workflow.d.ts +135 -0
- package/dist/finance-workflow.js +242 -0
- package/dist/gateway.d.ts +18 -0
- package/dist/gateway.js +123 -0
- package/dist/governance.d.ts +39 -0
- package/dist/governance.js +48 -0
- package/dist/governed-executor.d.ts +31 -0
- package/dist/governed-executor.js +63 -0
- package/dist/governed-llm.d.ts +41 -0
- package/dist/governed-llm.js +83 -0
- package/dist/gpu-bridge.d.ts +16 -0
- package/dist/gpu-bridge.js +53 -0
- package/dist/health.d.ts +47 -0
- package/dist/health.js +66 -0
- package/dist/identity-link.d.ts +32 -0
- package/dist/identity-link.js +98 -0
- package/dist/index.d.ts +184 -0
- package/dist/index.js +417 -0
- package/dist/integrations/emr-adapter.d.ts +41 -0
- package/dist/integrations/emr-adapter.js +63 -0
- package/dist/kakao-oauth.d.ts +16 -0
- package/dist/kakao-oauth.js +87 -0
- package/dist/knowledge-graph.d.ts +53 -0
- package/dist/knowledge-graph.js +156 -0
- package/dist/llm.d.ts +65 -0
- package/dist/llm.js +357 -0
- package/dist/mcp-client-guard.d.ts +32 -0
- package/dist/mcp-client-guard.js +179 -0
- package/dist/mcp-macaroon.d.ts +75 -0
- package/dist/mcp-macaroon.js +161 -0
- package/dist/mcts-kernel-bridge.d.ts +36 -0
- package/dist/mcts-kernel-bridge.js +99 -0
- package/dist/mcts-prior.d.ts +79 -0
- package/dist/mcts-prior.js +170 -0
- package/dist/model-router.d.ts +51 -0
- package/dist/model-router.js +75 -0
- package/dist/multi-axis-lift.d.ts +43 -0
- package/dist/multi-axis-lift.js +141 -0
- package/dist/net-guard.d.ts +39 -0
- package/dist/net-guard.js +141 -0
- package/dist/onboarding.d.ts +38 -0
- package/dist/onboarding.js +94 -0
- package/dist/oracle-anchored-search.d.ts +25 -0
- package/dist/oracle-anchored-search.js +50 -0
- package/dist/oracle.d.ts +22 -0
- package/dist/oracle.js +116 -0
- package/dist/p6-governance.d.ts +150 -0
- package/dist/p6-governance.js +252 -0
- package/dist/pairing.d.ts +22 -0
- package/dist/pairing.js +81 -0
- package/dist/personalization.d.ts +35 -0
- package/dist/personalization.js +73 -0
- package/dist/pglite-hnsw-bridge.d.ts +118 -0
- package/dist/pglite-hnsw-bridge.js +311 -0
- package/dist/pglite-store.d.ts +59 -0
- package/dist/pglite-store.js +180 -0
- package/dist/playbook.d.ts +79 -0
- package/dist/playbook.js +83 -0
- package/dist/playbooks/dental-intake.d.ts +20 -0
- package/dist/playbooks/dental-intake.js +112 -0
- package/dist/predictive-agent.d.ts +157 -0
- package/dist/predictive-agent.js +535 -0
- package/dist/prompt-optimizer.d.ts +18 -0
- package/dist/prompt-optimizer.js +104 -0
- package/dist/rate-limiter.d.ts +25 -0
- package/dist/rate-limiter.js +75 -0
- package/dist/safety-anneal.d.ts +83 -0
- package/dist/safety-anneal.js +153 -0
- package/dist/sandbox-controller.d.ts +12 -0
- package/dist/sandbox-controller.js +95 -0
- package/dist/satisfaction-metrics.d.ts +26 -0
- package/dist/satisfaction-metrics.js +61 -0
- package/dist/sensor-bridge.d.ts +53 -0
- package/dist/sensor-bridge.js +133 -0
- package/dist/session-repair.d.ts +27 -0
- package/dist/session-repair.js +66 -0
- package/dist/slack-finance-intake.d.ts +42 -0
- package/dist/slack-finance-intake.js +122 -0
- package/dist/symbolic-dynamics.d.ts +113 -0
- package/dist/symbolic-dynamics.js +420 -0
- package/dist/telemetry.d.ts +19 -0
- package/dist/telemetry.js +68 -0
- package/dist/text-embedding.d.ts +6 -0
- package/dist/text-embedding.js +42 -0
- package/dist/tier-classifier.d.ts +20 -0
- package/dist/tier-classifier.js +58 -0
- package/dist/tier-guard.d.ts +36 -0
- package/dist/tier-guard.js +56 -0
- package/dist/tui.d.ts +9 -0
- package/dist/tui.js +214 -0
- package/dist/update-security.d.ts +31 -0
- package/dist/update-security.js +112 -0
- package/dist/v-calibration.d.ts +16 -0
- package/dist/v-calibration.js +42 -0
- package/dist/value-calibration.d.ts +41 -0
- package/dist/value-calibration.js +133 -0
- package/dist/value-head.d.ts +20 -0
- package/dist/value-head.js +91 -0
- package/dist/wal-buffer.d.ts +23 -0
- package/dist/wal-buffer.js +144 -0
- package/dist/wiki-synthesizer.d.ts +80 -0
- package/dist/wiki-synthesizer.js +0 -0
- package/dist/worker-agent.d.ts +10 -0
- package/dist/worker-agent.js +19 -0
- package/package.json +65 -0
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
export type OnboardMode = 'local' | 'cloud';
|
|
2
|
+
export interface DeviceSpec {
|
|
3
|
+
ramGB: number;
|
|
4
|
+
hasGpu: boolean;
|
|
5
|
+
}
|
|
6
|
+
export interface ModelRec {
|
|
7
|
+
id: string;
|
|
8
|
+
sizeGB: number;
|
|
9
|
+
note: string;
|
|
10
|
+
}
|
|
11
|
+
/** 기기사양 → 권장 로컬 모델(저사양=소형). 기본 1~2개만(300 노출 금지). */
|
|
12
|
+
export declare function recommendLocalModels(spec: DeviceSpec): ModelRec[];
|
|
13
|
+
export interface OnboardPlan {
|
|
14
|
+
mode: OnboardMode;
|
|
15
|
+
needsApiKey: boolean;
|
|
16
|
+
recommendedModels: ModelRec[];
|
|
17
|
+
budgetMonthlyTokens?: number;
|
|
18
|
+
}
|
|
19
|
+
/** 온보딩 결정: 로컬이면 키 불요. */
|
|
20
|
+
export declare function planOnboarding(mode: OnboardMode, spec: DeviceSpec, budget?: number): OnboardPlan;
|
|
21
|
+
export interface SecretStore {
|
|
22
|
+
set(name: string, value: string): void;
|
|
23
|
+
get(name: string): string | null;
|
|
24
|
+
has(name: string): boolean;
|
|
25
|
+
}
|
|
26
|
+
/**
|
|
27
|
+
* 인메모리 암호화 폴백(테스트/비OS). 실배포는 OS 키체인 어댑터로 교체.
|
|
28
|
+
* 평문으로 보관하지 않음(AES-256-GCM, 프로세스 키).
|
|
29
|
+
*/
|
|
30
|
+
export declare class EncryptedMemoryStore implements SecretStore {
|
|
31
|
+
private key;
|
|
32
|
+
private blobs;
|
|
33
|
+
set(name: string, value: string): void;
|
|
34
|
+
get(name: string): string | null;
|
|
35
|
+
has(name: string): boolean;
|
|
36
|
+
/** 저장 원문이 평문으로 남지 않음을 증명(감사용): 직렬화에 원문 미포함. */
|
|
37
|
+
rawDump(): string;
|
|
38
|
+
}
|
|
@@ -0,0 +1,94 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
// ============================================================================
|
|
3
|
+
// P1 — 로컬 기본 온보딩 (키 불요) + 모델 추천 + 키 보관 (앱 v1.2 §4.1)
|
|
4
|
+
// ----------------------------------------------------------------------------
|
|
5
|
+
// 비기술자가 *키 없이* 로컬 모델로 시작. 기기사양→권장 로컬 모델, 기본 1~2개만 노출.
|
|
6
|
+
// 클라우드는 선택(키→키체인, 평문 금지).
|
|
7
|
+
//
|
|
8
|
+
// 정직 고지(제1계명): 키체인 네이티브 호출은 OS별(이 환경 일부 미검증). 본 모듈은
|
|
9
|
+
// *결정 로직 + 비평문 보관 인터페이스*(테스트 가능). 실 Keychain/CredMgr는 어댑터로.
|
|
10
|
+
// ============================================================================
|
|
11
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
12
|
+
if (k2 === undefined) k2 = k;
|
|
13
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
14
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
15
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
16
|
+
}
|
|
17
|
+
Object.defineProperty(o, k2, desc);
|
|
18
|
+
}) : (function(o, m, k, k2) {
|
|
19
|
+
if (k2 === undefined) k2 = k;
|
|
20
|
+
o[k2] = m[k];
|
|
21
|
+
}));
|
|
22
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
23
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
24
|
+
}) : function(o, v) {
|
|
25
|
+
o["default"] = v;
|
|
26
|
+
});
|
|
27
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
28
|
+
var ownKeys = function(o) {
|
|
29
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
30
|
+
var ar = [];
|
|
31
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
32
|
+
return ar;
|
|
33
|
+
};
|
|
34
|
+
return ownKeys(o);
|
|
35
|
+
};
|
|
36
|
+
return function (mod) {
|
|
37
|
+
if (mod && mod.__esModule) return mod;
|
|
38
|
+
var result = {};
|
|
39
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
40
|
+
__setModuleDefault(result, mod);
|
|
41
|
+
return result;
|
|
42
|
+
};
|
|
43
|
+
})();
|
|
44
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
45
|
+
exports.EncryptedMemoryStore = void 0;
|
|
46
|
+
exports.recommendLocalModels = recommendLocalModels;
|
|
47
|
+
exports.planOnboarding = planOnboarding;
|
|
48
|
+
const crypto = __importStar(require("crypto"));
|
|
49
|
+
/** 기기사양 → 권장 로컬 모델(저사양=소형). 기본 1~2개만(300 노출 금지). */
|
|
50
|
+
function recommendLocalModels(spec) {
|
|
51
|
+
if (spec.ramGB >= 16 || spec.hasGpu) {
|
|
52
|
+
return [
|
|
53
|
+
{ id: 'llama3.1:8b', sizeGB: 4.7, note: '권장(균형)' },
|
|
54
|
+
{ id: 'qwen2.5:3b', sizeGB: 1.9, note: '빠름' },
|
|
55
|
+
];
|
|
56
|
+
}
|
|
57
|
+
if (spec.ramGB >= 8) {
|
|
58
|
+
return [{ id: 'qwen2.5:3b', sizeGB: 1.9, note: '권장(중간사양)' }, { id: 'gemma:2b', sizeGB: 1.7, note: '경량' }];
|
|
59
|
+
}
|
|
60
|
+
return [{ id: 'gemma:2b', sizeGB: 1.7, note: '저사양 경량(좁은 플레이북 권장)' }];
|
|
61
|
+
}
|
|
62
|
+
/** 온보딩 결정: 로컬이면 키 불요. */
|
|
63
|
+
function planOnboarding(mode, spec, budget) {
|
|
64
|
+
if (mode === 'local') {
|
|
65
|
+
return { mode, needsApiKey: false, recommendedModels: recommendLocalModels(spec), budgetMonthlyTokens: budget };
|
|
66
|
+
}
|
|
67
|
+
return { mode, needsApiKey: true, recommendedModels: [], budgetMonthlyTokens: budget };
|
|
68
|
+
}
|
|
69
|
+
/**
|
|
70
|
+
* 인메모리 암호화 폴백(테스트/비OS). 실배포는 OS 키체인 어댑터로 교체.
|
|
71
|
+
* 평문으로 보관하지 않음(AES-256-GCM, 프로세스 키).
|
|
72
|
+
*/
|
|
73
|
+
class EncryptedMemoryStore {
|
|
74
|
+
key = crypto.randomBytes(32);
|
|
75
|
+
blobs = new Map();
|
|
76
|
+
set(name, value) {
|
|
77
|
+
const iv = crypto.randomBytes(12);
|
|
78
|
+
const c = crypto.createCipheriv('aes-256-gcm', this.key, iv);
|
|
79
|
+
const data = Buffer.concat([c.update(value, 'utf8'), c.final()]);
|
|
80
|
+
this.blobs.set(name, { iv, tag: c.getAuthTag(), data });
|
|
81
|
+
}
|
|
82
|
+
get(name) {
|
|
83
|
+
const b = this.blobs.get(name);
|
|
84
|
+
if (!b)
|
|
85
|
+
return null;
|
|
86
|
+
const d = crypto.createDecipheriv('aes-256-gcm', this.key, b.iv);
|
|
87
|
+
d.setAuthTag(b.tag);
|
|
88
|
+
return Buffer.concat([d.update(b.data), d.final()]).toString('utf8');
|
|
89
|
+
}
|
|
90
|
+
has(name) { return this.blobs.has(name); }
|
|
91
|
+
/** 저장 원문이 평문으로 남지 않음을 증명(감사용): 직렬화에 원문 미포함. */
|
|
92
|
+
rawDump() { return JSON.stringify([...this.blobs.entries()].map(([k, v]) => [k, v.data.toString('hex')])); }
|
|
93
|
+
}
|
|
94
|
+
exports.EncryptedMemoryStore = EncryptedMemoryStore;
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
import { MctsEngine } from '@n2world/core';
|
|
2
|
+
export interface YieldedLeaf {
|
|
3
|
+
leaf: number;
|
|
4
|
+
x: number;
|
|
5
|
+
y: number;
|
|
6
|
+
}
|
|
7
|
+
export interface OracleAnchoredResult {
|
|
8
|
+
bestAction: number;
|
|
9
|
+
confidence: number;
|
|
10
|
+
oracleCalls: number;
|
|
11
|
+
simulations: number;
|
|
12
|
+
}
|
|
13
|
+
export declare class OracleAnchoredSearch {
|
|
14
|
+
private engine;
|
|
15
|
+
constructor(engine: MctsEngine);
|
|
16
|
+
/**
|
|
17
|
+
* @param oracle 불확실 분기에 대한 2단계 진실값∈[0,1] (예: 독립 오라클의 테스트 통과율).
|
|
18
|
+
* 이것이 v 의 최종 보상 앵커다(g_fast 가 아니라).
|
|
19
|
+
*/
|
|
20
|
+
run(startX: number, startY: number, oracle: (leaf: YieldedLeaf) => Promise<number>, opts?: {
|
|
21
|
+
rounds?: number;
|
|
22
|
+
budget?: number;
|
|
23
|
+
margin?: number;
|
|
24
|
+
}): Promise<OracleAnchoredResult>;
|
|
25
|
+
}
|
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.OracleAnchoredSearch = void 0;
|
|
4
|
+
class OracleAnchoredSearch {
|
|
5
|
+
engine;
|
|
6
|
+
constructor(engine) {
|
|
7
|
+
this.engine = engine;
|
|
8
|
+
}
|
|
9
|
+
/**
|
|
10
|
+
* @param oracle 불확실 분기에 대한 2단계 진실값∈[0,1] (예: 독립 오라클의 테스트 통과율).
|
|
11
|
+
* 이것이 v 의 최종 보상 앵커다(g_fast 가 아니라).
|
|
12
|
+
*/
|
|
13
|
+
async run(startX, startY, oracle, opts = {}) {
|
|
14
|
+
const rounds = opts.rounds ?? 200;
|
|
15
|
+
const budget = opts.budget ?? 20;
|
|
16
|
+
const margin = opts.margin ?? 0.05;
|
|
17
|
+
this.engine.begin(startX, startY);
|
|
18
|
+
let oracleCalls = 0;
|
|
19
|
+
let simulations = 0;
|
|
20
|
+
let bestAction = 0;
|
|
21
|
+
let rootValue = 0;
|
|
22
|
+
let completed = false;
|
|
23
|
+
for (let r = 0; r < rounds; r++) {
|
|
24
|
+
const out = JSON.parse(this.engine.stepUntilYield(budget, margin));
|
|
25
|
+
simulations += budget;
|
|
26
|
+
if (out.yield) {
|
|
27
|
+
// 2단계: 오라클(진실)을 호출해 동결된 리프의 가치를 받아 resume.
|
|
28
|
+
const v = await oracle({ leaf: out.leaf, x: out.x, y: out.y });
|
|
29
|
+
oracleCalls++;
|
|
30
|
+
this.engine.resume(v);
|
|
31
|
+
}
|
|
32
|
+
else if (out.done) {
|
|
33
|
+
bestAction = out.bestAction;
|
|
34
|
+
rootValue = out.rootValue;
|
|
35
|
+
completed = true;
|
|
36
|
+
break;
|
|
37
|
+
}
|
|
38
|
+
}
|
|
39
|
+
// done에 도달하지 못했으면(계속 yield) 엔진의 현재 트리 상태를 읽어 마무리.
|
|
40
|
+
if (!completed) {
|
|
41
|
+
rootValue = this.engine.rootValue();
|
|
42
|
+
const top = JSON.parse(this.engine.topActionsJson());
|
|
43
|
+
if (top.length > 0)
|
|
44
|
+
bestAction = top[0].action;
|
|
45
|
+
}
|
|
46
|
+
const confidence = Math.max(0, Math.min(1, rootValue));
|
|
47
|
+
return { bestAction, confidence, oracleCalls, simulations };
|
|
48
|
+
}
|
|
49
|
+
}
|
|
50
|
+
exports.OracleAnchoredSearch = OracleAnchoredSearch;
|
package/dist/oracle.d.ts
ADDED
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
export declare class CrossValidationOracle {
|
|
2
|
+
private referenceTestHashes;
|
|
3
|
+
registerReferenceTest(testFilePath: string): Promise<void>;
|
|
4
|
+
private simpleHash;
|
|
5
|
+
validateCode(agentCodePath: string, testFilePath: string, runCommand: string): Promise<{
|
|
6
|
+
success: boolean;
|
|
7
|
+
logs: string;
|
|
8
|
+
cheatDetected: boolean;
|
|
9
|
+
}>;
|
|
10
|
+
/**
|
|
11
|
+
* P4.7 재사용: 되돌릴 수 없는 행동의 **위험 패턴 규칙 스크린**(독립 오라클의 규칙층).
|
|
12
|
+
* commit-gate 가 모델-비평 전에 이 규칙층을 먼저 적용한다(deny-by-default 의 1차 망).
|
|
13
|
+
* 정직 고지: 규칙은 **알려진** 위험만 잡는다 — 의미적 위반·OOD 는 못 잡으므로 충분조건이 아니다.
|
|
14
|
+
*/
|
|
15
|
+
screenDangerousAction(command: string): {
|
|
16
|
+
flagged: boolean;
|
|
17
|
+
matched: string[];
|
|
18
|
+
};
|
|
19
|
+
/** @deprecated 규칙은 command-screen.ts 의 DANGER_RULES 로 통합됨(단일 출처). */
|
|
20
|
+
static readonly DANGER_RULES: import("./command-screen").DangerRule[];
|
|
21
|
+
private detectCheating;
|
|
22
|
+
}
|
package/dist/oracle.js
ADDED
|
@@ -0,0 +1,116 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
+
var ownKeys = function(o) {
|
|
20
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
+
var ar = [];
|
|
22
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
+
return ar;
|
|
24
|
+
};
|
|
25
|
+
return ownKeys(o);
|
|
26
|
+
};
|
|
27
|
+
return function (mod) {
|
|
28
|
+
if (mod && mod.__esModule) return mod;
|
|
29
|
+
var result = {};
|
|
30
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
+
__setModuleDefault(result, mod);
|
|
32
|
+
return result;
|
|
33
|
+
};
|
|
34
|
+
})();
|
|
35
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
36
|
+
exports.CrossValidationOracle = void 0;
|
|
37
|
+
const fs = __importStar(require("fs/promises"));
|
|
38
|
+
const path = __importStar(require("path"));
|
|
39
|
+
const child_process_1 = require("child_process");
|
|
40
|
+
const command_screen_1 = require("./command-screen");
|
|
41
|
+
class CrossValidationOracle {
|
|
42
|
+
referenceTestHashes = new Map();
|
|
43
|
+
async registerReferenceTest(testFilePath) {
|
|
44
|
+
try {
|
|
45
|
+
const content = await fs.readFile(testFilePath, 'utf8');
|
|
46
|
+
const hash = this.simpleHash(content);
|
|
47
|
+
this.referenceTestHashes.set(path.resolve(testFilePath), hash);
|
|
48
|
+
}
|
|
49
|
+
catch (err) {
|
|
50
|
+
// ignore if not found
|
|
51
|
+
}
|
|
52
|
+
}
|
|
53
|
+
simpleHash(content) {
|
|
54
|
+
let hash = 0;
|
|
55
|
+
for (let i = 0; i < content.length; i++) {
|
|
56
|
+
hash = (hash * 31 + content.charCodeAt(i)) | 0;
|
|
57
|
+
}
|
|
58
|
+
return hash.toString();
|
|
59
|
+
}
|
|
60
|
+
async validateCode(agentCodePath, testFilePath, runCommand) {
|
|
61
|
+
// 1. Check test file integrity
|
|
62
|
+
const resolvedTestPath = path.resolve(testFilePath);
|
|
63
|
+
const expectedHash = this.referenceTestHashes.get(resolvedTestPath);
|
|
64
|
+
if (expectedHash) {
|
|
65
|
+
const currentContent = await fs.readFile(resolvedTestPath, 'utf8');
|
|
66
|
+
const currentHash = this.simpleHash(currentContent);
|
|
67
|
+
if (currentHash !== expectedHash) {
|
|
68
|
+
return {
|
|
69
|
+
success: false,
|
|
70
|
+
logs: 'Validation failed: Test file integrity compromise detected.',
|
|
71
|
+
cheatDetected: true,
|
|
72
|
+
};
|
|
73
|
+
}
|
|
74
|
+
}
|
|
75
|
+
// 2. Check agent code for cheating patterns
|
|
76
|
+
const agentCode = await fs.readFile(agentCodePath, 'utf8');
|
|
77
|
+
if (this.detectCheating(agentCode)) {
|
|
78
|
+
return {
|
|
79
|
+
success: false,
|
|
80
|
+
logs: 'Validation failed: Cheating/Hardcoded mock behavior detected in implementation.',
|
|
81
|
+
cheatDetected: true,
|
|
82
|
+
};
|
|
83
|
+
}
|
|
84
|
+
// 3. Run the test suite
|
|
85
|
+
return new Promise((resolve) => {
|
|
86
|
+
(0, child_process_1.exec)(runCommand, (err, stdout, stderr) => {
|
|
87
|
+
const success = !err;
|
|
88
|
+
resolve({
|
|
89
|
+
success,
|
|
90
|
+
logs: stdout + '\n' + stderr,
|
|
91
|
+
cheatDetected: false,
|
|
92
|
+
});
|
|
93
|
+
});
|
|
94
|
+
});
|
|
95
|
+
}
|
|
96
|
+
/**
|
|
97
|
+
* P4.7 재사용: 되돌릴 수 없는 행동의 **위험 패턴 규칙 스크린**(독립 오라클의 규칙층).
|
|
98
|
+
* commit-gate 가 모델-비평 전에 이 규칙층을 먼저 적용한다(deny-by-default 의 1차 망).
|
|
99
|
+
* 정직 고지: 규칙은 **알려진** 위험만 잡는다 — 의미적 위반·OOD 는 못 잡으므로 충분조건이 아니다.
|
|
100
|
+
*/
|
|
101
|
+
screenDangerousAction(command) {
|
|
102
|
+
// H1 — 단일 출처(command-screen.ts)로 위임. 대시보드·CLI·샌드박스와 동일 규칙.
|
|
103
|
+
return (0, command_screen_1.screenDangerousCommand)(command);
|
|
104
|
+
}
|
|
105
|
+
/** @deprecated 규칙은 command-screen.ts 의 DANGER_RULES 로 통합됨(단일 출처). */
|
|
106
|
+
static DANGER_RULES = command_screen_1.DANGER_RULES;
|
|
107
|
+
detectCheating(code) {
|
|
108
|
+
const cheatRegexes = [
|
|
109
|
+
/if\s*\(\s*\w+\s*(===|==)\s*['"`][^'`"]+['"`]\s*\)\s*return\s*['"`][^'`"]+['"`]/i,
|
|
110
|
+
/switch\s*\(\s*\w+\s*\)\s*\{\s*case\s*['"`][^'`"]+['"`]/i,
|
|
111
|
+
/return\s*['"`](test-input|test-output|mock|dummy|cheated)['"`]/i
|
|
112
|
+
];
|
|
113
|
+
return cheatRegexes.some(regex => regex.test(code));
|
|
114
|
+
}
|
|
115
|
+
}
|
|
116
|
+
exports.CrossValidationOracle = CrossValidationOracle;
|
|
@@ -0,0 +1,150 @@
|
|
|
1
|
+
import { GovernanceController } from './governance';
|
|
2
|
+
export interface GovernanceEvent {
|
|
3
|
+
t: number;
|
|
4
|
+
kind: 'mcp-authz' | 'commit-gate' | 'tier-egress';
|
|
5
|
+
id: string;
|
|
6
|
+
allowed: boolean;
|
|
7
|
+
reason: string;
|
|
8
|
+
tool?: string;
|
|
9
|
+
dataTier?: 0 | 1 | 2;
|
|
10
|
+
destination?: 'local' | 'external';
|
|
11
|
+
hardGate?: boolean;
|
|
12
|
+
tier0ExfilBlocked?: boolean;
|
|
13
|
+
/** Tier-0 데이터가 실제로 외부로 나갔는가(true 면 헌법 위반 — 즉시 롤백 대상). */
|
|
14
|
+
tier0ExfilEscaped?: boolean;
|
|
15
|
+
trust?: number | null;
|
|
16
|
+
layer?: 'rule' | 'model-critic' | 'deny-by-default' | 'not-gated' | 'rule-only-passthrough';
|
|
17
|
+
cost?: {
|
|
18
|
+
criticCalls?: number;
|
|
19
|
+
latencyMs?: number;
|
|
20
|
+
tokens?: number | null;
|
|
21
|
+
};
|
|
22
|
+
}
|
|
23
|
+
export type EventListener = (e: GovernanceEvent) => void;
|
|
24
|
+
export interface EventCounts {
|
|
25
|
+
total: number;
|
|
26
|
+
blocked: number;
|
|
27
|
+
blockRate: number;
|
|
28
|
+
tier0ExternalAttempts: number;
|
|
29
|
+
tier0ExfilEscaped: number;
|
|
30
|
+
denyByDefault: number;
|
|
31
|
+
hardGateFailures: number;
|
|
32
|
+
criticCalls: number;
|
|
33
|
+
totalTokens: number;
|
|
34
|
+
}
|
|
35
|
+
/** 기본 이벤트 보관 상한(링버퍼). 장수명 대시보드에서 메모리 무한 증가 방지. */
|
|
36
|
+
export declare const DEFAULT_MAX_RETAINED_EVENTS = 1000;
|
|
37
|
+
/**
|
|
38
|
+
* 위반/차단 이벤트 버스 — 실 이벤트만 집계·구독 배포(가짜 텔레메트리 0).
|
|
39
|
+
*
|
|
40
|
+
* 메모리: 최근 `maxRetained` 건만 링버퍼로 보관(표시용 `recent`/`all`). **누적 집계(`counts`)는
|
|
41
|
+
* 보관과 독립적으로 증분 카운터에 유지**되므로, 보관을 상한해도 all-time 통계(특히 안전 핵심인
|
|
42
|
+
* `tier0ExfilEscaped`)는 정확하다. 장수명 서버에서 `events` 가 무한 증가하던 문제 해소.
|
|
43
|
+
*/
|
|
44
|
+
export declare class GovernanceEventBus {
|
|
45
|
+
private listeners;
|
|
46
|
+
private events;
|
|
47
|
+
private readonly maxRetained;
|
|
48
|
+
private agg;
|
|
49
|
+
constructor(maxRetained?: number);
|
|
50
|
+
subscribe(fn: EventListener): () => void;
|
|
51
|
+
publish(e: GovernanceEvent): void;
|
|
52
|
+
recent(n?: number): GovernanceEvent[];
|
|
53
|
+
/** 보관된(최근 maxRetained 건) 이벤트. all-time 누적이 필요하면 `counts()` 를 쓴다. */
|
|
54
|
+
all(): GovernanceEvent[];
|
|
55
|
+
/** 실측 누적 집계 — 대시보드가 표시할 안전·비용 지표(보관 상한과 무관하게 all-time). */
|
|
56
|
+
counts(): EventCounts;
|
|
57
|
+
}
|
|
58
|
+
export interface RollbackConfig {
|
|
59
|
+
/** 차단율 슬라이딩 윈도우 크기(최근 N 이벤트). */
|
|
60
|
+
denyRateWindow: number;
|
|
61
|
+
/** 윈도우 차단율이 이 값을 넘으면 롤백(레드팀 거부 급증 등). */
|
|
62
|
+
denyRateThreshold: number;
|
|
63
|
+
}
|
|
64
|
+
export declare const DEFAULT_ROLLBACK_CONFIG: RollbackConfig;
|
|
65
|
+
export interface RollbackState {
|
|
66
|
+
rolledBack: boolean;
|
|
67
|
+
reason: string;
|
|
68
|
+
at: number | null;
|
|
69
|
+
/** 권장 회귀 정책(대시보드·운영자용). */
|
|
70
|
+
recommendedFallback: string | null;
|
|
71
|
+
}
|
|
72
|
+
/**
|
|
73
|
+
* 헌법 위반(① Tier-0 실유출 ② 차단율 급증)을 이벤트 버스로 구독해 **즉시 중단·롤백**한다.
|
|
74
|
+
* 중단은 GovernanceController.kill 로(재사용), 회귀는 권장 폴백 신호로 노출(P3.5 단순화 철회·개인화 OFF 등).
|
|
75
|
+
*/
|
|
76
|
+
export declare class ConstitutionalRollback {
|
|
77
|
+
private gov;
|
|
78
|
+
private cfg;
|
|
79
|
+
private state;
|
|
80
|
+
private window;
|
|
81
|
+
constructor(gov: GovernanceController, cfg?: RollbackConfig);
|
|
82
|
+
/** 버스에 구독한다(반환: 구독 해제 함수). */
|
|
83
|
+
attach(bus: GovernanceEventBus): () => void;
|
|
84
|
+
private trigger;
|
|
85
|
+
onEvent(e: GovernanceEvent): void;
|
|
86
|
+
status(): RollbackState;
|
|
87
|
+
/** 운영자 확인 후 롤백 해제(킬스위치 리셋 포함). */
|
|
88
|
+
reset(): void;
|
|
89
|
+
}
|
|
90
|
+
export type Urgency = 'low' | 'normal' | 'high';
|
|
91
|
+
export interface QuietTimeConfig {
|
|
92
|
+
/** 정온 시작 시각(0–23). */
|
|
93
|
+
startHour: number;
|
|
94
|
+
/** 정온 종료 시각(0–23). startHour>endHour 이면 자정 넘김(예: 22→7). */
|
|
95
|
+
endHour: number;
|
|
96
|
+
/** 능동성 강도∈[0,1]. 0=정온 중 완전 억제, 1=평소. */
|
|
97
|
+
intensity: number;
|
|
98
|
+
}
|
|
99
|
+
export declare const DEFAULT_QUIET_CONFIG: QuietTimeConfig;
|
|
100
|
+
export declare class QuietTimeGate {
|
|
101
|
+
private cfg;
|
|
102
|
+
constructor(cfg?: Partial<QuietTimeConfig>);
|
|
103
|
+
setIntensity(x: number): void;
|
|
104
|
+
config(): QuietTimeConfig;
|
|
105
|
+
/** 주어진 시각이 정온 시간대인가(자정 넘김 처리). */
|
|
106
|
+
isQuiet(date?: Date): boolean;
|
|
107
|
+
/**
|
|
108
|
+
* 백그라운드 능동 작업을 허용할지. 정온 시간엔 억제하되, 긴급도와 능동성 강도로 조절한다.
|
|
109
|
+
* 규칙: 정온 아니면 허용. 정온이면 (urgencyScore + intensity ≥ 1.0) 일 때만 허용.
|
|
110
|
+
* - intensity=0: 정온 중 전부 억제(high 도). intensity=1: 전부 허용.
|
|
111
|
+
* - high(0.9)는 intensity≥0.1, normal(0.5)은 intensity≥0.5, low(0.2)는 intensity≥0.8 필요.
|
|
112
|
+
*/
|
|
113
|
+
allowBackgroundAction(date?: Date, urgency?: Urgency): {
|
|
114
|
+
allowed: boolean;
|
|
115
|
+
reason: string;
|
|
116
|
+
};
|
|
117
|
+
}
|
|
118
|
+
export type CriterionStatus = 'met' | 'partial' | 'unmet';
|
|
119
|
+
export interface DoDCriterion {
|
|
120
|
+
name: string;
|
|
121
|
+
status: CriterionStatus;
|
|
122
|
+
evidence: string;
|
|
123
|
+
}
|
|
124
|
+
export interface DoDReport {
|
|
125
|
+
criteria: DoDCriterion[];
|
|
126
|
+
metCount: number;
|
|
127
|
+
partialCount: number;
|
|
128
|
+
unmetCount: number;
|
|
129
|
+
/** 5개 전부 met 여야 v2.x "완료". 아니면 미완(정직). */
|
|
130
|
+
complete: boolean;
|
|
131
|
+
verdict: string;
|
|
132
|
+
}
|
|
133
|
+
export interface DoDInputs {
|
|
134
|
+
/** 실사용자 베타 N명 인도 완료? (코드·로그 증거) */
|
|
135
|
+
betaUsersDelivered: number;
|
|
136
|
+
/** B1 MultiAxisLift 가 실사용자 데이터로 측정됐는가. */
|
|
137
|
+
realUserLiftMeasured: boolean;
|
|
138
|
+
/** 안전: 거부율 분리 보고 + Tier-0 반출 관측 0/N 충족? */
|
|
139
|
+
safetySeparatedReported: boolean;
|
|
140
|
+
tier0ExfilObserved: number;
|
|
141
|
+
/** 정직성: (목표;미측정) 준수 + mock 0 + 명칭 인플레이션 0. */
|
|
142
|
+
honestyHeld: boolean;
|
|
143
|
+
/** 복잡도: 신규 컴포넌트·LOC 영가설 준수(정당화 못 한 부품 0). */
|
|
144
|
+
complexityWithinBudget: boolean;
|
|
145
|
+
}
|
|
146
|
+
/**
|
|
147
|
+
* v2.x 완료 정의 5개를 점검한다. **베타 미가동이면 ①②를 정직하게 unmet 으로** 표기한다
|
|
148
|
+
* (접지 영가설 — master §2: 바닥은 인간이다). 억지 통과 금지.
|
|
149
|
+
*/
|
|
150
|
+
export declare function v2DoDReport(inp: DoDInputs): DoDReport;
|