@neuroverseos/governance 0.1.5 → 0.2.1

package/dist/{chunk-B4NF3OLW.js → chunk-PQBJBVSW.js}

@@ -1,3 +1,8 @@
+import {
+  buildPlanCheck,
+  evaluatePlan
+} from "./chunk-P74Y66ZV.js";
+
 // src/engine/guard-engine.ts
 var PROMPT_INJECTION_PATTERNS = [
   // Instruction override
@@ -89,6 +94,7 @@ function evaluateGuard(event, world, options = {}) {
   const eventText = (event.intent + " " + (event.tool ?? "") + " " + (event.scope ?? "")).toLowerCase();
   const invariantChecks = [];
   const safetyChecks = [];
+  let planCheckResult;
   const roleChecks = [];
   const guardChecks = [];
   const kernelRuleChecks = [];
@@ -116,6 +122,7 @@ function evaluateGuard(event, world, options = {}) {
         includeTrace ? buildTrace(
           invariantChecks,
           safetyChecks,
+          planCheckResult,
           roleChecks,
           guardChecks,
           kernelRuleChecks,
@@ -144,6 +151,7 @@ function evaluateGuard(event, world, options = {}) {
       includeTrace ? buildTrace(
         invariantChecks,
         safetyChecks,
+        planCheckResult,
         roleChecks,
         guardChecks,
         kernelRuleChecks,
@@ -154,6 +162,42 @@ function evaluateGuard(event, world, options = {}) {
       ) : void 0
     );
   }
+  if (options.plan) {
+    const planVerdict = evaluatePlan(event, options.plan);
+    planCheckResult = buildPlanCheck(event, options.plan, planVerdict);
+    if (!planVerdict.allowed && planVerdict.status !== "PLAN_COMPLETE") {
+      decidingLayer = "plan-enforcement";
+      decidingId = `plan-${options.plan.plan_id}`;
+      const planStatus = planVerdict.status === "CONSTRAINT_VIOLATED" ? "PAUSE" : "BLOCK";
+      let reason = planVerdict.reason ?? "Action blocked by plan.";
+      if (planVerdict.status === "OFF_PLAN" && planVerdict.closestStep) {
+        reason += ` Closest step: "${planVerdict.closestStep}" (similarity: ${(planVerdict.similarityScore ?? 0).toFixed(2)})`;
+      }
+      return buildVerdict(
+        planStatus,
+        reason,
+        `plan-${options.plan.plan_id}`,
+        void 0,
+        world,
+        level,
+        invariantChecks,
+        guardsMatched,
+        rulesMatched,
+        includeTrace ? buildTrace(
+          invariantChecks,
+          safetyChecks,
+          planCheckResult,
+          roleChecks,
+          guardChecks,
+          kernelRuleChecks,
+          levelChecks,
+          decidingLayer,
+          decidingId,
+          startTime
+        ) : void 0
+      );
+    }
+  }
   const roleVerdict = checkRoleRules(event, eventText, world, roleChecks);
   if (roleVerdict) {
     decidingLayer = "role";
@@ -171,6 +215,7 @@ function evaluateGuard(event, world, options = {}) {
       includeTrace ? buildTrace(
         invariantChecks,
         safetyChecks,
+        planCheckResult,
         roleChecks,
         guardChecks,
         kernelRuleChecks,
@@ -199,6 +244,7 @@ function evaluateGuard(event, world, options = {}) {
         includeTrace ? buildTrace(
           invariantChecks,
           safetyChecks,
+          planCheckResult,
           roleChecks,
           guardChecks,
           kernelRuleChecks,
@@ -227,6 +273,7 @@ function evaluateGuard(event, world, options = {}) {
       includeTrace ? buildTrace(
         invariantChecks,
         safetyChecks,
+        planCheckResult,
         roleChecks,
         guardChecks,
         kernelRuleChecks,
@@ -254,6 +301,7 @@ function evaluateGuard(event, world, options = {}) {
       includeTrace ? buildTrace(
         invariantChecks,
         safetyChecks,
+        planCheckResult,
         roleChecks,
         guardChecks,
         kernelRuleChecks,
@@ -278,6 +326,7 @@ function evaluateGuard(event, world, options = {}) {
     includeTrace ? buildTrace(
       invariantChecks,
       safetyChecks,
+      planCheckResult,
       roleChecks,
       guardChecks,
       kernelRuleChecks,
@@ -615,8 +664,8 @@ function matchesKeywords(eventText, ruleText) {
 function eventToAllowlistKey(event) {
   return `${(event.tool ?? "*").toLowerCase()}::${event.intent.toLowerCase().trim()}`;
 }
-function buildTrace(invariantChecks, safetyChecks, roleChecks, guardChecks, kernelRuleChecks, levelChecks, decidingLayer, decidingId, startTime) {
-  return {
+function buildTrace(invariantChecks, safetyChecks, planCheck, roleChecks, guardChecks, kernelRuleChecks, levelChecks, decidingLayer, decidingId, startTime) {
+  const trace = {
     invariantChecks,
     safetyChecks,
     roleChecks,
@@ -634,6 +683,7 @@ function buildTrace(invariantChecks, safetyChecks, roleChecks, guardChecks, kern
         "safety-scope-escape",
         "safety-execution-claim",
         "safety-execution-intent",
+        "plan-enforcement",
         "role-rules",
         "declarative-guards",
         "kernel-rules",
@@ -643,6 +693,10 @@ function buildTrace(invariantChecks, safetyChecks, roleChecks, guardChecks, kern
     },
     durationMs: performance.now() - startTime
   };
+  if (planCheck) {
+    trace.planCheck = planCheck;
+  }
+  return trace;
 }
 function buildVerdict(status, reason, ruleId, warning, world, level, invariantChecks, guardsMatched, rulesMatched, trace) {
   const evidence = {

package/dist/{chunk-T4X42QXC.js → chunk-Q6O7ZLO2.js}

@@ -42,61 +42,6 @@ function createProvider(config) {
   return new ChatCompletionsProvider(config);
 }
 
-// src/providers/config-manager.ts
-import { readFile, writeFile, mkdir, chmod } from "fs/promises";
-import { join } from "path";
-import { homedir } from "os";
-function getConfigDir() {
-  const xdg = process.env.XDG_CONFIG_HOME;
-  if (xdg) return join(xdg, "neuroverse");
-  return join(homedir(), ".neuroverse");
-}
-function getConfigPath() {
-  return join(getConfigDir(), "config.json");
-}
-async function loadConfig() {
-  try {
-    const raw = await readFile(getConfigPath(), "utf-8");
-    const parsed = JSON.parse(raw);
-    if (!parsed.provider || !parsed.model || !parsed.apiKey) {
-      return null;
-    }
-    return {
-      provider: parsed.provider,
-      model: parsed.model,
-      apiKey: parsed.apiKey,
-      endpoint: parsed.endpoint ?? null
-    };
-  } catch {
-    return null;
-  }
-}
-async function saveConfig(config) {
-  const dir = getConfigDir();
-  await mkdir(dir, { recursive: true });
-  const configPath = getConfigPath();
-  const content = JSON.stringify(
-    {
-      provider: config.provider,
-      model: config.model,
-      apiKey: config.apiKey,
-      endpoint: config.endpoint
-    },
-    null,
-    2
-  );
-  await writeFile(configPath, content, { mode: 384 });
-  await chmod(configPath, 384);
-}
-function redactConfig(config) {
-  return {
-    provider: config.provider,
-    model: config.model,
-    apiKey: config.apiKey ? `${config.apiKey.slice(0, 4)}...${config.apiKey.slice(-4)}` : "(not set)",
-    endpoint: config.endpoint
-  };
-}
-
 // src/contracts/derive-contract.ts
 var DERIVE_EXIT_CODES = {
   SUCCESS: 0,
@@ -112,10 +57,6 @@ var CONFIGURE_AI_EXIT_CODES = {
 
 export {
   createProvider,
-  getConfigPath,
-  loadConfig,
-  saveConfig,
-  redactConfig,
   DERIVE_EXIT_CODES,
   CONFIGURE_AI_EXIT_CODES
 };

package/dist/{chunk-FZQCRGUU.js → chunk-TINSRYXQ.js}

@@ -1,9 +1,14 @@
 import {
   evaluateGuard
-} from "./chunk-B4NF3OLW.js";
+} from "./chunk-PQBJBVSW.js";
 import {
   loadWorld
-} from "./chunk-M3TZFGHO.js";
+} from "./chunk-JZPQGIKR.js";
+import {
+  advancePlan,
+  evaluatePlan,
+  getPlanProgress
+} from "./chunk-P74Y66ZV.js";
 
 // src/adapters/openai.ts
 var GovernanceBlockedError = class extends Error {
@@ -34,12 +39,15 @@ var GovernedToolExecutor = class {
   engineOptions;
   mapFn;
   blockMsg;
+  activePlan;
   constructor(world, options = {}) {
     this.world = world;
     this.options = options;
+    this.activePlan = options.plan;
     this.engineOptions = {
       trace: options.trace ?? false,
-      level: options.level
+      level: options.level,
+      plan: this.activePlan
     };
     this.mapFn = options.mapFunctionCall ?? defaultMapFunctionCall;
     this.blockMsg = options.blockMessage ?? defaultBlockMessage;
@@ -56,8 +64,21 @@ var GovernedToolExecutor = class {
       args = { raw: toolCall.function.arguments };
     }
     const event = this.mapFn(toolCall.function.name, args);
+    this.engineOptions.plan = this.activePlan;
     const verdict = evaluateGuard(event, this.world, this.engineOptions);
     this.options.onEvaluate?.(verdict, event);
+    if (verdict.status === "ALLOW" && this.activePlan) {
+      const planVerdict = evaluatePlan(event, this.activePlan);
+      if (planVerdict.matchedStep) {
+        this.activePlan = advancePlan(this.activePlan, planVerdict.matchedStep);
+        this.engineOptions.plan = this.activePlan;
+        const progress = getPlanProgress(this.activePlan);
+        this.options.onPlanProgress?.(progress);
+        if (progress.completed === progress.total) {
+          this.options.onPlanComplete?.();
+        }
+      }
+    }
     return verdict;
   }
   /**

package/dist/{chunk-CROPZ75A.js → chunk-UPJNTSVM.js}

@@ -1,9 +1,14 @@
 import {
   evaluateGuard
-} from "./chunk-B4NF3OLW.js";
+} from "./chunk-PQBJBVSW.js";
 import {
   loadWorld
-} from "./chunk-M3TZFGHO.js";
+} from "./chunk-JZPQGIKR.js";
+import {
+  advancePlan,
+  evaluatePlan,
+  getPlanProgress
+} from "./chunk-P74Y66ZV.js";
 
 // src/adapters/openclaw.ts
 var GovernanceBlockedError = class extends Error {
@@ -31,12 +36,15 @@ var NeuroVersePlugin = class {
   options;
   engineOptions;
   mapAction;
+  activePlan;
   constructor(world, options = {}) {
     this.world = world;
     this.options = options;
+    this.activePlan = options.plan;
     this.engineOptions = {
       trace: options.trace ?? false,
-      level: options.level
+      level: options.level,
+      plan: this.activePlan
     };
     this.mapAction = options.mapAction ?? defaultMapAction;
   }
@@ -48,6 +56,7 @@ var NeuroVersePlugin = class {
    */
   beforeAction(action) {
     const event = this.mapAction(action, "input");
+    this.engineOptions.plan = this.activePlan;
     const verdict = evaluateGuard(event, this.world, this.engineOptions);
     const result = {
       allowed: verdict.status === "ALLOW",
@@ -58,6 +67,18 @@ var NeuroVersePlugin = class {
     if (verdict.status === "BLOCK") {
       throw new GovernanceBlockedError(verdict, action);
     }
+    if (verdict.status === "ALLOW" && this.activePlan) {
+      const planVerdict = evaluatePlan(event, this.activePlan);
+      if (planVerdict.matchedStep) {
+        this.activePlan = advancePlan(this.activePlan, planVerdict.matchedStep);
+        this.engineOptions.plan = this.activePlan;
+        const progress = getPlanProgress(this.activePlan);
+        this.options.onPlanProgress?.(progress);
+        if (progress.completed === progress.total) {
+          this.options.onPlanComplete?.();
+        }
+      }
+    }
     return result;
   }
   /**

package/dist/chunk-YZFATT7X.js

@@ -0,0 +1,9 @@
+var __glob = (map) => (path) => {
+  var fn = map[path];
+  if (fn) return fn();
+  throw new Error("Module not found in bundle: " + path);
+};
+
+export {
+  __glob
+};

package/dist/{chunk-Z2S2HIV5.js → chunk-ZL4AHY4X.js}

@@ -1,9 +1,9 @@
 import {
   evaluateGuard
-} from "./chunk-B4NF3OLW.js";
+} from "./chunk-PQBJBVSW.js";
 import {
   loadWorld
-} from "./chunk-M3TZFGHO.js";
+} from "./chunk-JZPQGIKR.js";
 
 // src/adapters/express.ts
 function methodToCategory(method) {