@neuroverseos/governance 0.1.5 → 0.2.1

package/dist/cli/run.cjs

@@ -0,0 +1,1716 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/runtime/model-adapter.ts
+var model_adapter_exports = {};
+__export(model_adapter_exports, {
+  ModelAdapter: () => ModelAdapter,
+  PROVIDERS: () => PROVIDERS,
+  resolveProvider: () => resolveProvider
+});
+function resolveProvider(provider, overrides) {
+  const preset = PROVIDERS[provider];
+  if (!preset) {
+    throw new Error(
+      `Unknown provider: "${provider}". Available: ${Object.keys(PROVIDERS).join(", ")}`
+    );
+  }
+  const apiKey = overrides?.apiKey ?? (preset.envVar ? process.env[preset.envVar] : "") ?? "";
+  if (!apiKey && preset.envVar) {
+    throw new Error(
+      `Missing API key. Set ${preset.envVar} or pass --api-key.`
+    );
+  }
+  return {
+    baseUrl: overrides?.baseUrl ?? preset.baseUrl,
+    apiKey,
+    model: overrides?.model ?? preset.defaultModel,
+    systemPrompt: overrides?.systemPrompt,
+    maxTokens: overrides?.maxTokens
+  };
+}
+var DEFAULT_SYSTEM_PROMPT, ModelAdapter, PROVIDERS;
+var init_model_adapter = __esm({
+  "src/runtime/model-adapter.ts"() {
+    "use strict";
+    DEFAULT_SYSTEM_PROMPT = `You are an AI assistant operating under NeuroVerse governance.
+All your tool calls are evaluated against governance rules before execution.
+If an action is blocked, you will be told why. Adjust your approach accordingly.
+Do not attempt to bypass governance rules.`;
+    ModelAdapter = class {
+      config;
+      messages;
+      tools;
+      constructor(config, tools = []) {
+        this.config = config;
+        this.tools = tools;
+        this.messages = [];
+        const systemPrompt = config.systemPrompt ?? DEFAULT_SYSTEM_PROMPT;
+        this.messages.push({ role: "system", content: systemPrompt });
+      }
+      /**
+       * Send a user message and get the model's response.
+       */
+      async chat(userMessage) {
+        this.messages.push({ role: "user", content: userMessage });
+        return this.complete();
+      }
+      /**
+       * Send a tool result back to the model and get the next response.
+       */
+      async sendToolResult(toolCallId, result) {
+        this.messages.push({
+          role: "tool",
+          content: result,
+          tool_call_id: toolCallId
+        });
+        return this.complete();
+      }
+      /**
+       * Send a governance block message as a tool result.
+       */
+      async sendBlockedResult(toolCallId, reason) {
+        return this.sendToolResult(
+          toolCallId,
+          `[GOVERNANCE BLOCKED] ${reason}. Please adjust your approach.`
+        );
+      }
+      /**
+       * Call the model API and parse the response.
+       */
+      async complete() {
+        const url = `${this.config.baseUrl}/chat/completions`;
+        const body = {
+          model: this.config.model,
+          messages: this.messages,
+          max_tokens: this.config.maxTokens ?? 4096
+        };
+        if (this.tools.length > 0) {
+          body.tools = this.tools;
+        }
+        const response = await fetch(url, {
+          method: "POST",
+          headers: {
+            "Content-Type": "application/json",
+            "Authorization": `Bearer ${this.config.apiKey}`
+          },
+          body: JSON.stringify(body)
+        });
+        if (!response.ok) {
+          const text = await response.text();
+          throw new Error(`Model API error ${response.status}: ${text}`);
+        }
+        const data = await response.json();
+        const choice = data.choices?.[0];
+        if (!choice) {
+          throw new Error("Model returned no choices");
+        }
+        const message = choice.message;
+        this.messages.push(message);
+        return {
+          content: message.content ?? null,
+          toolCalls: message.tool_calls ?? [],
+          finishReason: choice.finish_reason ?? "stop"
+        };
+      }
+      /** Get current message count (for context tracking). */
+      get messageCount() {
+        return this.messages.length;
+      }
+    };
+    PROVIDERS = {
+      openai: {
+        baseUrl: "https://api.openai.com/v1",
+        defaultModel: "gpt-4o",
+        envVar: "OPENAI_API_KEY"
+      },
+      anthropic: {
+        baseUrl: "https://api.anthropic.com/v1",
+        defaultModel: "claude-sonnet-4-20250514",
+        envVar: "ANTHROPIC_API_KEY"
+      },
+      ollama: {
+        baseUrl: "http://localhost:11434/v1",
+        defaultModel: "llama3",
+        envVar: ""
+      }
+    };
+  }
+});
+
+// src/engine/plan-engine.ts
+function keywordMatch(eventText, step) {
+  const stepText = [
+    step.label,
+    step.description ?? "",
+    ...step.tags ?? []
+  ].join(" ").toLowerCase();
+  const keywords = stepText.split(/\s+/).filter((w) => w.length > 3);
+  if (keywords.length === 0) return false;
+  const matched = keywords.filter((kw) => eventText.includes(kw));
+  return matched.length >= Math.ceil(keywords.length * 0.5);
+}
+function tokenSimilarity(a, b) {
+  const tokensA = new Set(a.toLowerCase().split(/\s+/).filter((w) => w.length > 2));
+  const tokensB = new Set(b.toLowerCase().split(/\s+/).filter((w) => w.length > 2));
+  if (tokensA.size === 0 || tokensB.size === 0) return 0;
+  let intersection = 0;
+  for (const t of tokensA) {
+    if (tokensB.has(t)) intersection++;
+  }
+  const union = (/* @__PURE__ */ new Set([...tokensA, ...tokensB])).size;
+  return union > 0 ? intersection / union : 0;
+}
+function findMatchingStep(eventText, event, steps) {
+  const pendingOrActive = steps.filter((s) => s.status === "pending" || s.status === "active");
+  if (pendingOrActive.length === 0) {
+    return { matched: null, closest: null, closestScore: 0 };
+  }
+  for (const step of pendingOrActive) {
+    if (keywordMatch(eventText, step)) {
+      if (step.tools && event.tool && !step.tools.includes(event.tool)) {
+        continue;
+      }
+      return { matched: step, closest: step, closestScore: 1 };
+    }
+  }
+  const intentText = [event.intent, event.tool ?? "", event.scope ?? ""].join(" ");
+  let bestStep = null;
+  let bestScore = 0;
+  for (const step of pendingOrActive) {
+    const stepText = [step.label, step.description ?? "", ...step.tags ?? []].join(" ");
+    const score = tokenSimilarity(intentText, stepText);
+    if (score > bestScore) {
+      bestScore = score;
+      bestStep = step;
+    }
+  }
+  const SIMILARITY_THRESHOLD = 0.35;
+  if (bestScore >= SIMILARITY_THRESHOLD && bestStep) {
+    if (bestStep.tools && event.tool && !bestStep.tools.includes(event.tool)) {
+      return { matched: null, closest: bestStep, closestScore: bestScore };
+    }
+    return { matched: bestStep, closest: bestStep, closestScore: bestScore };
+  }
+  return { matched: null, closest: bestStep, closestScore: bestScore };
+}
+function isSequenceValid(step, plan) {
+  if (!plan.sequential) return true;
+  if (!step.requires || step.requires.length === 0) return true;
+  return step.requires.every((reqId) => {
+    const reqStep = plan.steps.find((s) => s.id === reqId);
+    return reqStep?.status === "completed";
+  });
+}
+function checkConstraints(event, eventText, constraints) {
+  const checks = [];
+  for (const constraint of constraints) {
+    if (constraint.type === "approval") {
+      if (constraint.trigger && eventText.includes(constraint.trigger.substring(0, 10).toLowerCase())) {
+        checks.push({ constraintId: constraint.id, passed: false, reason: constraint.description });
+        return { violated: constraint, checks };
+      }
+      const keywords = constraint.description.toLowerCase().split(/\s+/).filter((w) => w.length > 3);
+      const relevant = keywords.some((kw) => eventText.includes(kw));
+      if (relevant) {
+        checks.push({ constraintId: constraint.id, passed: false, reason: constraint.description });
+        return { violated: constraint, checks };
+      }
+      checks.push({ constraintId: constraint.id, passed: true });
+      continue;
+    }
+    if (constraint.type === "scope" && constraint.trigger) {
+      const keywords = constraint.trigger.split(/\s+/).filter((w) => w.length > 3);
+      const violated = keywords.length > 0 && keywords.every((kw) => eventText.includes(kw));
+      checks.push({
+        constraintId: constraint.id,
+        passed: !violated,
+        reason: violated ? constraint.description : void 0
+      });
+      if (violated) {
+        return { violated: constraint, checks };
+      }
+      continue;
+    }
+    checks.push({ constraintId: constraint.id, passed: true });
+  }
+  return { violated: null, checks };
+}
+function getPlanProgress(plan) {
+  const completed = plan.steps.filter((s) => s.status === "completed").length;
+  const total = plan.steps.length;
+  return {
+    completed,
+    total,
+    percentage: total > 0 ? Math.round(completed / total * 100) : 0
+  };
+}
+function advancePlan(plan, stepId) {
+  return {
+    ...plan,
+    steps: plan.steps.map(
+      (s) => s.id === stepId ? { ...s, status: "completed" } : s
+    )
+  };
+}
+function evaluatePlan(event, plan) {
+  const progress = getPlanProgress(plan);
+  if (plan.expires_at) {
+    const expiresAt = new Date(plan.expires_at).getTime();
+    if (Date.now() > expiresAt) {
+      return {
+        allowed: true,
+        status: "PLAN_COMPLETE",
+        reason: "Plan has expired.",
+        progress
+      };
+    }
+  }
+  if (progress.completed === progress.total) {
+    return {
+      allowed: true,
+      status: "PLAN_COMPLETE",
+      reason: "All plan steps are completed.",
+      progress
+    };
+  }
+  const eventText = [
+    event.intent,
+    event.tool ?? "",
+    event.scope ?? ""
+  ].join(" ").toLowerCase();
+  const { matched, closest, closestScore } = findMatchingStep(eventText, event, plan.steps);
+  if (!matched) {
+    return {
+      allowed: false,
+      status: "OFF_PLAN",
+      reason: "Action does not match any plan step.",
+      closestStep: closest?.label,
+      similarityScore: closestScore,
+      progress
+    };
+  }
+  if (!isSequenceValid(matched, plan)) {
+    const pendingDeps = (matched.requires ?? []).filter((reqId) => plan.steps.find((s) => s.id === reqId)?.status !== "completed").join(", ");
+    return {
+      allowed: false,
+      status: "OFF_PLAN",
+      reason: `Step "${matched.label}" requires completion of: ${pendingDeps}`,
+      matchedStep: matched.id,
+      progress
+    };
+  }
+  const { violated } = checkConstraints(event, eventText, plan.constraints);
+  if (violated) {
+    return {
+      allowed: false,
+      status: "CONSTRAINT_VIOLATED",
+      reason: violated.description,
+      matchedStep: matched.id,
+      progress
+    };
+  }
+  return {
+    allowed: true,
+    status: "ON_PLAN",
+    reason: `Matches step: ${matched.label}`,
+    matchedStep: matched.id,
+    progress
+  };
+}
+function buildPlanCheck(event, plan, verdict) {
+  const eventText = [event.intent, event.tool ?? "", event.scope ?? ""].join(" ").toLowerCase();
+  const { matched, closest, closestScore } = findMatchingStep(eventText, event, plan.steps);
+  const { checks: constraintChecks } = checkConstraints(event, eventText, plan.constraints);
+  const progress = getPlanProgress(plan);
+  return {
+    planId: plan.plan_id,
+    matched: !!matched,
+    matchedStepId: matched?.id,
+    matchedStepLabel: matched?.label,
+    closestStepId: !matched ? closest?.id : void 0,
+    closestStepLabel: !matched ? closest?.label : void 0,
+    similarityScore: !matched ? closestScore : void 0,
+    sequenceValid: matched ? isSequenceValid(matched, plan) : void 0,
+    constraintsChecked: constraintChecks,
+    progress: { completed: progress.completed, total: progress.total }
+  };
+}
+var init_plan_engine = __esm({
+  "src/engine/plan-engine.ts"() {
+    "use strict";
+  }
+});
+
+// src/engine/guard-engine.ts
+function levelRequiresConfirmation(level, actionType) {
+  if (level === "strict") return true;
+  if (level === "standard") {
+    return actionType === "delete" || actionType === "credential-access";
+  }
+  return false;
+}
+function isExternalScope(scope) {
+  const internalPatterns = [
+    /^\.?\/?src\//i,
+    /^\.?\/?lib\//i,
+    /^\.?\/?app\//i,
+    /^\.?\/?components\//i,
+    /^\.?\/?pages\//i,
+    /^\.?\/?public\//i,
+    /^\.?\/?assets\//i,
+    /^\.\//
+  ];
+  return !internalPatterns.some((p) => p.test(scope));
+}
+function evaluateGuard(event, world, options = {}) {
+  const startTime = performance.now();
+  const level = options.level ?? "standard";
+  const includeTrace = options.trace ?? false;
+  const eventText = (event.intent + " " + (event.tool ?? "") + " " + (event.scope ?? "")).toLowerCase();
+  const invariantChecks = [];
+  const safetyChecks = [];
+  let planCheckResult;
+  const roleChecks = [];
+  const guardChecks = [];
+  const kernelRuleChecks = [];
+  const levelChecks = [];
+  let decidingLayer = "default-allow";
+  let decidingId;
+  const guardsMatched = [];
+  const rulesMatched = [];
+  checkInvariantCoverage(world, invariantChecks);
+  if (options.sessionAllowlist) {
+    const key = eventToAllowlistKey(event);
+    if (options.sessionAllowlist.has(key)) {
+      decidingLayer = "session-allowlist";
+      decidingId = `allowlist:${key}`;
+      return buildVerdict(
+        "ALLOW",
+        void 0,
+        `allowlist:${key}`,
+        void 0,
+        world,
+        level,
+        invariantChecks,
+        guardsMatched,
+        rulesMatched,
+        includeTrace ? buildTrace(
+          invariantChecks,
+          safetyChecks,
+          planCheckResult,
+          roleChecks,
+          guardChecks,
+          kernelRuleChecks,
+          levelChecks,
+          decidingLayer,
+          decidingId,
+          startTime
+        ) : void 0
+      );
+    }
+  }
+  const safetyVerdict = checkSafety(event, eventText, safetyChecks);
+  if (safetyVerdict) {
+    decidingLayer = "safety";
+    decidingId = safetyVerdict.ruleId;
+    return buildVerdict(
+      safetyVerdict.status,
+      safetyVerdict.reason,
+      safetyVerdict.ruleId,
+      void 0,
+      world,
+      level,
+      invariantChecks,
+      guardsMatched,
+      rulesMatched,
+      includeTrace ? buildTrace(
+        invariantChecks,
+        safetyChecks,
+        planCheckResult,
+        roleChecks,
+        guardChecks,
+        kernelRuleChecks,
+        levelChecks,
+        decidingLayer,
+        decidingId,
+        startTime
+      ) : void 0
+    );
+  }
+  if (options.plan) {
+    const planVerdict = evaluatePlan(event, options.plan);
+    planCheckResult = buildPlanCheck(event, options.plan, planVerdict);
+    if (!planVerdict.allowed && planVerdict.status !== "PLAN_COMPLETE") {
+      decidingLayer = "plan-enforcement";
+      decidingId = `plan-${options.plan.plan_id}`;
+      const planStatus = planVerdict.status === "CONSTRAINT_VIOLATED" ? "PAUSE" : "BLOCK";
+      let reason = planVerdict.reason ?? "Action blocked by plan.";
+      if (planVerdict.status === "OFF_PLAN" && planVerdict.closestStep) {
+        reason += ` Closest step: "${planVerdict.closestStep}" (similarity: ${(planVerdict.similarityScore ?? 0).toFixed(2)})`;
+      }
+      return buildVerdict(
+        planStatus,
+        reason,
+        `plan-${options.plan.plan_id}`,
+        void 0,
+        world,
+        level,
+        invariantChecks,
+        guardsMatched,
+        rulesMatched,
+        includeTrace ? buildTrace(
+          invariantChecks,
+          safetyChecks,
+          planCheckResult,
+          roleChecks,
+          guardChecks,
+          kernelRuleChecks,
+          levelChecks,
+          decidingLayer,
+          decidingId,
+          startTime
+        ) : void 0
+      );
+    }
+  }
+  const roleVerdict = checkRoleRules(event, eventText, world, roleChecks);
+  if (roleVerdict) {
+    decidingLayer = "role";
+    decidingId = roleVerdict.ruleId;
+    return buildVerdict(
+      roleVerdict.status,
+      roleVerdict.reason,
+      roleVerdict.ruleId,
+      void 0,
+      world,
+      level,
+      invariantChecks,
+      guardsMatched,
+      rulesMatched,
+      includeTrace ? buildTrace(
+        invariantChecks,
+        safetyChecks,
+        planCheckResult,
+        roleChecks,
+        guardChecks,
+        kernelRuleChecks,
+        levelChecks,
+        decidingLayer,
+        decidingId,
+        startTime
+      ) : void 0
+    );
+  }
+  const guardVerdict = checkGuards(event, eventText, world, guardChecks, guardsMatched);
+  if (guardVerdict) {
+    if (guardVerdict.status !== "ALLOW") {
+      decidingLayer = "guard";
+      decidingId = guardVerdict.ruleId;
+      return buildVerdict(
+        guardVerdict.status,
+        guardVerdict.reason,
+        guardVerdict.ruleId,
+        void 0,
+        world,
+        level,
+        invariantChecks,
+        guardsMatched,
+        rulesMatched,
+        includeTrace ? buildTrace(
+          invariantChecks,
+          safetyChecks,
+          planCheckResult,
+          roleChecks,
+          guardChecks,
+          kernelRuleChecks,
+          levelChecks,
+          decidingLayer,
+          decidingId,
+          startTime
+        ) : void 0
+      );
+    }
+  }
+  const kernelVerdict = checkKernelRules(eventText, world, kernelRuleChecks, rulesMatched);
+  if (kernelVerdict) {
+    decidingLayer = "kernel-rule";
+    decidingId = kernelVerdict.ruleId;
+    return buildVerdict(
+      kernelVerdict.status,
+      kernelVerdict.reason,
+      kernelVerdict.ruleId,
+      void 0,
+      world,
+      level,
+      invariantChecks,
+      guardsMatched,
+      rulesMatched,
+      includeTrace ? buildTrace(
+        invariantChecks,
+        safetyChecks,
+        planCheckResult,
+        roleChecks,
+        guardChecks,
+        kernelRuleChecks,
+        levelChecks,
+        decidingLayer,
+        decidingId,
+        startTime
+      ) : void 0
+    );
+  }
+  const levelVerdict = checkLevelConstraints(event, level, levelChecks);
+  if (levelVerdict) {
+    decidingLayer = "level-constraint";
+    decidingId = levelVerdict.ruleId;
+    return buildVerdict(
+      levelVerdict.status,
+      levelVerdict.reason,
+      levelVerdict.ruleId,
+      void 0,
+      world,
+      level,
+      invariantChecks,
+      guardsMatched,
+      rulesMatched,
+      includeTrace ? buildTrace(
+        invariantChecks,
+        safetyChecks,
+        planCheckResult,
+        roleChecks,
+        guardChecks,
+        kernelRuleChecks,
+        levelChecks,
+        decidingLayer,
+        decidingId,
+        startTime
+      ) : void 0
+    );
+  }
+  const warning = guardVerdict?.warning;
+  return buildVerdict(
+    "ALLOW",
+    void 0,
+    void 0,
+    warning,
+    world,
+    level,
+    invariantChecks,
+    guardsMatched,
+    rulesMatched,
+    includeTrace ? buildTrace(
+      invariantChecks,
+      safetyChecks,
+      planCheckResult,
+      roleChecks,
+      guardChecks,
+      kernelRuleChecks,
+      levelChecks,
+      decidingLayer,
+      decidingId,
+      startTime
+    ) : void 0
+  );
+}
+function checkInvariantCoverage(world, checks) {
+  const invariants = world.invariants ?? [];
+  const guards = world.guards?.guards ?? [];
+  for (const invariant of invariants) {
+    const coveringGuard = guards.find(
+      (g) => g.invariant_ref === invariant.id && g.immutable
+    );
+    checks.push({
+      invariantId: invariant.id,
+      label: invariant.label,
+      hasGuardCoverage: !!coveringGuard,
+      coveringGuardId: coveringGuard?.id
+    });
+  }
+}
+function checkSafety(event, eventText, checks) {
+  const textToCheck = event.intent + (event.payload ? JSON.stringify(event.payload) : "");
+  for (const { pattern, label } of PROMPT_INJECTION_PATTERNS) {
+    const triggered = pattern.test(textToCheck);
+    checks.push({
+      checkType: "prompt-injection",
+      triggered,
+      matchedPattern: triggered ? label : void 0
+    });
+    if (triggered) {
+      for (const remaining of PROMPT_INJECTION_PATTERNS.filter((p) => p.label !== label)) {
+        checks.push({
+          checkType: "prompt-injection",
+          triggered: remaining.pattern.test(textToCheck),
+          matchedPattern: remaining.pattern.test(textToCheck) ? remaining.label : void 0
+        });
+      }
+      return {
+        status: "PAUSE",
+        reason: NEUTRAL_MESSAGES["prompt-injection"],
+        ruleId: `safety-injection-${label}`
+      };
+    }
+  }
+  const scopeToCheck = event.scope ?? event.intent;
+  for (const { pattern, label } of SCOPE_ESCAPE_PATTERNS) {
+    const triggered = pattern.test(scopeToCheck);
+    checks.push({
+      checkType: "scope-escape",
+      triggered,
+      matchedPattern: triggered ? label : void 0
+    });
+    if (triggered) {
+      for (const remaining of SCOPE_ESCAPE_PATTERNS.filter((p) => p.label !== label)) {
+        checks.push({
+          checkType: "scope-escape",
+          triggered: remaining.pattern.test(scopeToCheck),
+          matchedPattern: remaining.pattern.test(scopeToCheck) ? remaining.label : void 0
+        });
+      }
+      return {
+        status: "PAUSE",
+        reason: NEUTRAL_MESSAGES["scope-escape"],
+        ruleId: `safety-scope-${label}`
+      };
+    }
+  }
+  if (event.direction === "output") {
+    for (const { pattern, label } of EXECUTION_CLAIM_PATTERNS) {
+      const triggered = pattern.test(textToCheck);
+      checks.push({
+        checkType: "execution-claim",
+        triggered,
+        matchedPattern: triggered ? label : void 0
+      });
+      if (triggered) {
+        for (const remaining of EXECUTION_CLAIM_PATTERNS.filter((p) => p.label !== label)) {
+          checks.push({
+            checkType: "execution-claim",
+            triggered: remaining.pattern.test(textToCheck),
+            matchedPattern: remaining.pattern.test(textToCheck) ? remaining.label : void 0
+          });
+        }
+        return {
+          status: "PAUSE",
+          reason: NEUTRAL_MESSAGES["execution-claim"],
+          ruleId: `safety-execution-claim-${label}`
+        };
+      }
+    }
+  }
+  if (event.direction === "input") {
+    const intentTrimmed = event.intent.trim();
+    for (const { pattern, label } of EXECUTION_INTENT_PATTERNS) {
+      const triggered = pattern.test(intentTrimmed);
+      checks.push({
+        checkType: "execution-intent",
+        triggered,
+        matchedPattern: triggered ? label : void 0
+      });
+      if (triggered) {
+        for (const remaining of EXECUTION_INTENT_PATTERNS.filter((p) => p.label !== label)) {
+          checks.push({
+            checkType: "execution-intent",
+            triggered: remaining.pattern.test(intentTrimmed),
+            matchedPattern: remaining.pattern.test(intentTrimmed) ? remaining.label : void 0
+          });
+        }
+        return {
+          status: "PAUSE",
+          reason: NEUTRAL_MESSAGES["execution-intent"],
+          ruleId: `safety-execution-intent-${label}`
+        };
+      }
+    }
+  }
+  return null;
+}
+function checkRoleRules(event, eventText, world, checks) {
+  if (!event.roleId || !world.roles) return null;
+  const role = world.roles.roles.find((r) => r.id === event.roleId);
+  if (!role) return null;
+  if (role.requiresApproval) {
+    checks.push({
+      roleId: role.id,
+      roleName: role.name,
+      rule: "All actions require approval",
+      ruleType: "requiresApproval",
+      matched: true
+    });
+    return {
+      status: "PAUSE",
+      reason: `Role "${role.name}" requires approval for all actions.`,
+      ruleId: `role-${role.id}-requires-approval`
+    };
+  }
+  for (const rule of role.cannotDo) {
+    const matched = matchesKeywords(eventText, rule);
+    checks.push({
+      roleId: role.id,
+      roleName: role.name,
+      rule,
+      ruleType: "cannotDo",
+      matched
+    });
+    if (matched) {
+      return {
+        status: "BLOCK",
+        reason: `Role "${role.name}" cannot: ${rule}`,
+        ruleId: `role-${role.id}-cannotdo`
+      };
+    }
+  }
+  for (const rule of role.canDo) {
+    checks.push({
+      roleId: role.id,
+      roleName: role.name,
+      rule,
+      ruleType: "canDo",
+      matched: matchesKeywords(eventText, rule)
+    });
+  }
+  return null;
+}
+function checkGuards(event, eventText, world, checks, guardsMatched) {
+  if (!world.guards) return null;
+  const guardsConfig = world.guards;
+  let warnResult = null;
+  const compiledPatterns = /* @__PURE__ */ new Map();
+  for (const [key, def] of Object.entries(guardsConfig.intent_vocabulary)) {
+    try {
+      compiledPatterns.set(key, new RegExp(def.pattern, "i"));
+    } catch {
+    }
+  }
+  const eventTool = (event.tool ?? "").toLowerCase();
+  for (const guard of guardsConfig.guards) {
+    if (guard.appliesTo && guard.appliesTo.length > 0) {
+      const normalizedAppliesTo = guard.appliesTo.map((t) => t.toLowerCase());
+      if (!normalizedAppliesTo.includes(eventTool)) {
+        continue;
+      }
+    }
+    const enabled = guard.immutable || guard.default_enabled !== false;
+    const matchedPatterns = [];
+    for (const patternKey of guard.intent_patterns) {
+      const regex = compiledPatterns.get(patternKey);
+      if (regex?.test(eventText)) {
+        matchedPatterns.push(patternKey);
+      }
+    }
+    const matched = matchedPatterns.length > 0 && enabled;
+    let roleGated = false;
+    if (matched && guard.required_roles && guard.required_roles.length > 0 && event.roleId && guard.required_roles.includes(event.roleId)) {
+      roleGated = true;
+    }
+    checks.push({
+      guardId: guard.id,
+      label: guard.label,
+      category: guard.category,
+      enabled,
+      matched: matched && !roleGated,
+      enforcement: guard.enforcement,
+      matchedPatterns,
+      roleGated
+    });
+    if (!matched || roleGated) continue;
+    guardsMatched.push(guard.id);
+    const actionMode = guard.player_modes?.action ?? guard.enforcement;
+    const reason = guard.redirect ? `${guard.description} \u2014 ${guard.redirect}` : guard.description;
+    if (actionMode === "block") {
+      return { status: "BLOCK", reason, ruleId: `guard-${guard.id}` };
+    }
+    if (actionMode === "pause") {
+      return { status: "PAUSE", reason, ruleId: `guard-${guard.id}` };
+    }
+    if (actionMode === "warn" && !warnResult) {
+      warnResult = { status: "ALLOW", warning: reason, ruleId: `guard-${guard.id}` };
+    }
+  }
+  return warnResult;
+}
+function checkKernelRules(eventText, world, checks, rulesMatched) {
+  if (!world.kernel) return null;
+  const forbidden = world.kernel.input_boundaries?.forbidden_patterns ?? [];
+  const output = world.kernel.output_boundaries?.forbidden_patterns ?? [];
+  for (const rule of forbidden) {
+    let matched = false;
+    let matchMethod = "none";
+    if (rule.pattern) {
+      try {
+        matched = new RegExp(rule.pattern, "i").test(eventText);
+        matchMethod = "pattern";
+      } catch {
+      }
+    }
+    if (!matched && rule.reason) {
+      matched = matchesKeywords(eventText, rule.reason);
+      if (matched) matchMethod = "keyword";
+    }
+    checks.push({
+      ruleId: rule.id,
+      text: rule.reason,
+      category: "forbidden",
+      matched,
+      matchMethod
+    });
+    if (matched) {
+      rulesMatched.push(rule.id);
+      if (rule.action === "BLOCK") {
+        return {
+          status: "BLOCK",
+          reason: rule.reason,
+          ruleId: `kernel-${rule.id}`
+        };
+      }
+    }
+  }
+  return null;
+}
+function checkLevelConstraints(event, level, checks) {
+  if (level === "basic") return null;
+  const intent = event.intent.toLowerCase();
+  const tool = (event.tool ?? "").toLowerCase();
+  const isDelete = intent.includes("delete") || intent.includes("remove") || intent.includes("rm ") || tool === "delete";
+  const deleteTriggered = isDelete && levelRequiresConfirmation(level, "delete");
+  checks.push({
+    checkType: "delete",
+    level,
+    triggered: deleteTriggered,
+    reason: deleteTriggered ? NEUTRAL_MESSAGES["delete"] : void 0
+  });
+  if (deleteTriggered) {
+    return { status: "PAUSE", reason: NEUTRAL_MESSAGES["delete"], ruleId: "level-delete-check" };
+  }
+  const isExternal = event.scope ? isExternalScope(event.scope) : false;
+  const externalTriggered = isExternal && levelRequiresConfirmation(level, "write-external");
+  checks.push({
+    checkType: "write-external",
+    level,
+    triggered: externalTriggered,
+    reason: externalTriggered ? NEUTRAL_MESSAGES["write-external"] : void 0
+  });
+  if (externalTriggered) {
+    return { status: "PAUSE", reason: NEUTRAL_MESSAGES["write-external"], ruleId: "level-external-write-check" };
+  }
+  const isNetwork = tool === "http" || tool === "fetch" || tool === "request" || intent.includes("post ") || intent.includes("sending");
+  const networkTriggered = isNetwork && levelRequiresConfirmation(level, "network-mutate");
+  checks.push({
+    checkType: "network-mutate",
+    level,
+    triggered: networkTriggered,
+    reason: networkTriggered ? NEUTRAL_MESSAGES["network-mutate"] : void 0
+  });
+  if (networkTriggered) {
+    return { status: "PAUSE", reason: NEUTRAL_MESSAGES["network-mutate"], ruleId: "level-network-mutate-check" };
+  }
+  const isCredential = intent.includes("credential") || intent.includes("password") || intent.includes("secret") || intent.includes("api key") || intent.includes("token");
+  const credentialTriggered = isCredential && levelRequiresConfirmation(level, "credential-access");
+  checks.push({
+    checkType: "credential-access",
+    level,
+    triggered: credentialTriggered,
+    reason: credentialTriggered ? NEUTRAL_MESSAGES["credential-access"] : void 0
+  });
+  if (credentialTriggered) {
+    return { status: "PAUSE", reason: NEUTRAL_MESSAGES["credential-access"], ruleId: "level-credential-check" };
+  }
+  const irreversibleTriggered = !!event.irreversible && level !== "basic";
+  checks.push({
+    checkType: "irreversible",
+    level,
+    triggered: irreversibleTriggered,
+    reason: irreversibleTriggered ? "This action is marked as irreversible." : void 0
+  });
+  if (irreversibleTriggered) {
+    return {
+      status: "PAUSE",
+      reason: "This action is marked as irreversible.",
+      ruleId: "level-irreversible-check"
+    };
+  }
+  return null;
+}
+function matchesKeywords(eventText, ruleText) {
+  const keywords = ruleText.toLowerCase().split(/\s+/).filter((w) => w.length > 3);
+  if (keywords.length === 0) return false;
+  return keywords.every((kw) => eventText.includes(kw));
+}
+function eventToAllowlistKey(event) {
+  return `${(event.tool ?? "*").toLowerCase()}::${event.intent.toLowerCase().trim()}`;
+}
+function buildTrace(invariantChecks, safetyChecks, planCheck, roleChecks, guardChecks, kernelRuleChecks, levelChecks, decidingLayer, decidingId, startTime) {
+  const trace = {
+    invariantChecks,
+    safetyChecks,
+    roleChecks,
+    guardChecks,
+    kernelRuleChecks,
+    levelChecks,
+    precedenceResolution: {
+      decidingLayer,
+      decidingId,
+      strategy: "first-match-wins",
+      chainOrder: [
+        "invariant-coverage",
+        "session-allowlist",
+        "safety-injection",
+        "safety-scope-escape",
+        "safety-execution-claim",
+        "safety-execution-intent",
+        "plan-enforcement",
+        "role-rules",
+        "declarative-guards",
+        "kernel-rules",
+        "level-constraints",
+        "default-allow"
+      ]
+    },
+    durationMs: performance.now() - startTime
+  };
+  if (planCheck) {
+    trace.planCheck = planCheck;
+  }
+  return trace;
+}
+function buildVerdict(status, reason, ruleId, warning, world, level, invariantChecks, guardsMatched, rulesMatched, trace) {
+  const evidence = {
+    worldId: world.world.world_id,
+    worldName: world.world.name,
+    worldVersion: world.world.version,
+    evaluatedAt: Date.now(),
+    invariantsSatisfied: invariantChecks.filter((c) => c.hasGuardCoverage).length,
+    invariantsTotal: invariantChecks.length,
+    guardsMatched,
+    rulesMatched,
+    enforcementLevel: level
+  };
+  const verdict = {
+    status,
+    evidence
+  };
+  if (reason) verdict.reason = reason;
+  if (ruleId) verdict.ruleId = ruleId;
+  if (warning) verdict.warning = warning;
+  if (trace) verdict.trace = trace;
+  return verdict;
+}
+var PROMPT_INJECTION_PATTERNS, EXECUTION_CLAIM_PATTERNS, EXECUTION_INTENT_PATTERNS, SCOPE_ESCAPE_PATTERNS, NEUTRAL_MESSAGES;
+var init_guard_engine = __esm({
+  "src/engine/guard-engine.ts"() {
+    "use strict";
+    init_plan_engine();
+    PROMPT_INJECTION_PATTERNS = [
+      // Instruction override
+      { pattern: /ignore\s+(previous|all|prior|above)\s+(instructions?|rules?)/i, label: "ignore-instructions" },
+      { pattern: /disregard\s+(your|the)\s+(rules|constraints)/i, label: "disregard-rules" },
+      { pattern: /new\s+instructions?:/i, label: "new-instructions" },
+      // Identity manipulation
+      { pattern: /you\s+are\s+now/i, label: "identity-override" },
+      { pattern: /new\s+persona/i, label: "new-persona" },
+      { pattern: /act\s+as\s+if/i, label: "act-as-if" },
+      { pattern: /pretend\s+(you|to\s+be|you\s+are\s+unrestricted)/i, label: "pretend-to-be" },
+      // Context reset
+      { pattern: /forget\s+(everything|all|your)/i, label: "forget-context" },
+      { pattern: /system\s*:\s*override/i, label: "system-override" },
+      // Constraint bypass
+      { pattern: /override\s+(your|the)\s+(programming|constraints)/i, label: "override-constraints" },
+      { pattern: /bypass\s+(your|the)\s+(filters|constraints|rules)/i, label: "bypass-filters" },
+      // Prompt extraction
+      { pattern: /system\s+prompt/i, label: "system-prompt-probe" },
+      { pattern: /reveal\s+your\s+(instructions?|prompt|rules)/i, label: "reveal-instructions" },
+      // Known jailbreak terms
+      { pattern: /jailbreak/i, label: "jailbreak" },
+      { pattern: /DAN\s+mode/i, label: "dan-mode" },
+      { pattern: /developer\s+mode/i, label: "developer-mode" }
+    ];
+    EXECUTION_CLAIM_PATTERNS = [
+      { pattern: /I have (executed|completed|performed|done|made|created|sent|deleted|modified|updated)/i, label: "claim-i-have" },
+      { pattern: /Successfully (created|deleted|modified|updated|sent|executed|performed)/i, label: "claim-successfully" },
+      { pattern: /The file has been/i, label: "claim-file-modified" },
+      { pattern: /I've made the changes/i, label: "claim-made-changes" },
+      { pattern: /I('ve| have) (sent|posted|submitted|uploaded|downloaded)/i, label: "claim-sent" },
+      { pattern: /Your (email|message|file|request) has been (sent|submitted)/i, label: "claim-your-sent" },
+      { pattern: /Transaction complete/i, label: "claim-transaction" },
+      { pattern: /Order placed/i, label: "claim-order" },
+      { pattern: /Payment processed/i, label: "claim-payment" }
+    ];
+    EXECUTION_INTENT_PATTERNS = [
+      { pattern: /^(execute|run|perform|do this)/i, label: "intent-execute" },
+      { pattern: /^(create|write|delete|modify) (a |the )?(file|folder|document)/i, label: "intent-file-ops" },
+      { pattern: /^(send|post|submit) (a |an |the )?(email|message|tweet|post)/i, label: "intent-send" },
+      { pattern: /^(search|look up|browse) (the )?web/i, label: "intent-web-search" },
+      { pattern: /^(make|call|invoke) (a |an )?(api|http|rest) (call|request)/i, label: "intent-api-call" },
+      { pattern: /^(buy|purchase|order|pay|transfer|send money)/i, label: "intent-financial" },
+      { pattern: /^(book|schedule|reserve)/i, label: "intent-booking" },
+      { pattern: /^(download|upload|save to|export to)/i, label: "intent-transfer" }
+    ];
+    SCOPE_ESCAPE_PATTERNS = [
+      { pattern: /\.\.\//, label: "parent-traversal" },
+      { pattern: /^\/(?!home|project|workspace)/i, label: "absolute-path-outside-safe" },
+      { pattern: /~\//, label: "home-directory" },
+      { pattern: /\/etc\//i, label: "system-config" },
+      { pattern: /\/usr\//i, label: "system-binaries" },
+      { pattern: /\/var\//i, label: "system-variable-data" }
+    ];
+    NEUTRAL_MESSAGES = {
+      "prompt-injection": "This input contains patterns that could alter agent behavior.",
+      "scope-escape": "This action would affect resources outside the declared scope.",
+      "execution-claim": "This response claims to have performed an action.",
+      "execution-intent": "This input requests execution in a thinking-only environment.",
+      "delete": "This action would remove files. Confirmation needed.",
+      "write-external": "This action would write outside the project folder.",
+      "network-mutate": "This action would send data to an external service.",
+      "credential-access": "This action would access stored credentials."
+    };
+  }
+});
+
+// src/loader/world-loader.ts
+async function loadWorldFromDirectory(dirPath) {
+  const { readFile } = await import("fs/promises");
+  const { join: join3 } = await import("path");
+  const { readdirSync: readdirSync3 } = await import("fs");
+  async function readJson(filename) {
+    try {
+      const content = await readFile(join3(dirPath, filename), "utf-8");
+      return JSON.parse(content);
+    } catch {
+      return void 0;
+    }
+  }
+  const worldJson = await readJson("world.json");
+  if (!worldJson) {
+    throw new Error(`Cannot read world.json in ${dirPath}`);
+  }
+  const invariantsJson = await readJson("invariants.json");
+  const assumptionsJson = await readJson("assumptions.json");
+  const stateSchemaJson = await readJson("state-schema.json");
+  const gatesJson = await readJson("gates.json");
+  const outcomesJson = await readJson("outcomes.json");
+  const guardsJson = await readJson("guards.json");
+  const rolesJson = await readJson("roles.json");
+  const kernelJson = await readJson("kernel.json");
+  const metadataJson = await readJson("metadata.json");
+  const rules = [];
+  try {
+    const rulesDir = join3(dirPath, "rules");
+    const ruleFiles = readdirSync3(rulesDir).filter((f) => f.endsWith(".json")).sort();
+    for (const file of ruleFiles) {
+      const content = await readFile(join3(rulesDir, file), "utf-8");
+      rules.push(JSON.parse(content));
+    }
+  } catch {
+  }
+  return {
+    world: worldJson,
+    invariants: invariantsJson?.invariants ?? [],
+    assumptions: assumptionsJson ?? { profiles: {}, parameter_definitions: {} },
+    stateSchema: stateSchemaJson ?? { variables: {}, presets: {} },
+    rules,
+    gates: gatesJson ?? {
+      viability_classification: [],
+      structural_override: { description: "", enforcement: "mandatory" },
+      sustainability_threshold: 0,
+      collapse_visual: { background: "", text: "", border: "", label: "" }
+    },
+    outcomes: outcomesJson ?? {
+      computed_outcomes: [],
+      comparison_layout: { primary_card: "", status_badge: "", structural_indicators: [] }
+    },
+    guards: guardsJson,
+    roles: rolesJson,
+    kernel: kernelJson,
+    metadata: metadataJson ?? {
+      format_version: "1.0.0",
+      created_at: "",
+      last_modified: "",
+      authoring_method: "manual-authoring"
+    }
+  };
+}
+async function loadWorld(worldPath) {
+  const { stat } = await import("fs/promises");
+  const info = await stat(worldPath);
+  if (info.isDirectory()) {
+    return loadWorldFromDirectory(worldPath);
+  }
+  if (worldPath.endsWith(".nv-world.zip")) {
+    throw new Error(".nv-world.zip loading not yet implemented \u2014 use a world directory");
+  }
+  throw new Error(`Cannot load world from: ${worldPath} \u2014 expected a directory or .nv-world.zip`);
+}
+var init_world_loader = __esm({
+  "src/loader/world-loader.ts"() {
+    "use strict";
+  }
+});
+
+// src/runtime/session.ts
+var session_exports = {};
+__export(session_exports, {
+  SessionManager: () => SessionManager,
+  runInteractiveMode: () => runInteractiveMode,
+  runPipeMode: () => runPipeMode
+});
+async function defaultToolExecutor(name, args) {
+  return `Tool "${name}" executed successfully with args: ${JSON.stringify(args)}`;
+}
+async function runPipeMode(config) {
+  const session = new SessionManager(config);
+  await session.start();
+  const state = session.getState();
+  process.stderr.write(`[neuroverse] Pipe mode active
+`);
+  process.stderr.write(`[neuroverse] World: ${state.world.world.name}
+`);
+  if (state.plan) {
+    process.stderr.write(`[neuroverse] Plan: ${state.plan.plan_id} (${state.plan.objective})
+`);
+  }
+  return new Promise((resolve2, reject) => {
+    let buffer = "";
+    process.stdin.setEncoding("utf-8");
+    process.stdin.on("data", (chunk) => {
+      buffer += chunk;
+      const lines = buffer.split("\n");
+      buffer = lines.pop() ?? "";
+      for (const line of lines) {
+        const trimmed = line.trim();
+        if (!trimmed) continue;
+        try {
+          const event = JSON.parse(trimmed);
+          if (!event.intent) {
+            process.stderr.write(`[neuroverse] Warning: event missing "intent" field
+`);
+            continue;
+          }
+          const verdict = session.evaluate(event);
+          process.stdout.write(JSON.stringify(verdict) + "\n");
+        } catch (err) {
+          process.stderr.write(`[neuroverse] Error parsing line: ${err}
+`);
+        }
+      }
+    });
+    process.stdin.on("end", () => {
+      if (buffer.trim()) {
+        try {
+          const event = JSON.parse(buffer.trim());
+          if (event.intent) {
+            const verdict = session.evaluate(event);
+            process.stdout.write(JSON.stringify(verdict) + "\n");
+          }
+        } catch {
+        }
+      }
+      const finalState = session.stop();
+      process.stderr.write(
+        `[neuroverse] Session complete: ${finalState.actionsEvaluated} evaluated, ${finalState.actionsAllowed} allowed, ${finalState.actionsBlocked} blocked, ${finalState.actionsPaused} paused
+`
+      );
+      resolve2();
+    });
+    process.stdin.on("error", reject);
+  });
+}
+async function runInteractiveMode(config, model) {
+  const session = new SessionManager(config);
+  await session.start();
+  const state = session.getState();
+  process.stdout.write("\n");
+  process.stdout.write(`  World: ${state.world.world.name}
+`);
+  if (state.plan) {
+    process.stdout.write(`  Plan: ${state.plan.plan_id}
+`);
+    process.stdout.write(`  Goal: ${state.plan.objective}
+`);
+    process.stdout.write(`  Steps: ${state.progress?.total ?? 0}
+`);
+  }
+  process.stdout.write(`  Type "exit" to end session.
+`);
+  process.stdout.write("\n");
+  const readline = await import("readline");
+  const rl = readline.createInterface({
+    input: process.stdin,
+    output: process.stdout,
+    prompt: "> "
+  });
+  const printProgress = () => {
+    const s = session.getState();
+    if (s.progress) {
+      process.stdout.write(
+        `  [plan: ${s.progress.completed}/${s.progress.total} (${s.progress.percentage}%)]
+`
+      );
+    }
+  };
+  rl.prompt();
+  rl.on("line", async (input) => {
+    const trimmed = input.trim();
+    if (!trimmed) {
+      rl.prompt();
+      return;
+    }
+    if (trimmed === "exit" || trimmed === "quit") {
+      const finalState = session.stop();
+      process.stdout.write("\n");
+      process.stdout.write(`  Session complete.
+`);
+      process.stdout.write(`  Actions: ${finalState.actionsEvaluated} evaluated`);
+      process.stdout.write(`, ${finalState.actionsAllowed} allowed`);
+      process.stdout.write(`, ${finalState.actionsBlocked} blocked
+`);
+      if (finalState.progress) {
+        process.stdout.write(
+          `  Plan: ${finalState.progress.completed}/${finalState.progress.total} steps completed
+`
+        );
+      }
+      process.stdout.write("\n");
+      rl.close();
+      return;
+    }
+    if (trimmed === "status") {
+      const s = session.getState();
+      process.stdout.write(`
+  World: ${s.world.world.name}
+`);
+      process.stdout.write(`  Actions: ${s.actionsEvaluated} evaluated
+`);
+      process.stdout.write(`  Allowed: ${s.actionsAllowed} | Blocked: ${s.actionsBlocked} | Paused: ${s.actionsPaused}
+`);
+      if (s.progress && s.plan) {
+        process.stdout.write(`  Plan: ${s.plan.plan_id} \u2014 ${s.progress.completed}/${s.progress.total} (${s.progress.percentage}%)
+`);
+        for (const step of s.plan.steps) {
+          const icon = step.status === "completed" ? "[x]" : "[ ]";
+          process.stdout.write(`    ${icon} ${step.label}
+`);
+        }
+      }
+      process.stdout.write("\n");
+      rl.prompt();
+      return;
+    }
+    try {
+      const response = await model.chat(trimmed);
+      if (response.toolCalls.length > 0) {
+        const finalResponse = await session.processModelResponse(response, model);
+        if (finalResponse.content) {
+          process.stdout.write(`
+${finalResponse.content}
+
+`);
+        }
+        printProgress();
+      } else if (response.content) {
+        process.stdout.write(`
+${response.content}
+
+`);
+      }
+    } catch (err) {
+      process.stderr.write(`
+  Error: ${err}
+
+`);
+    }
+    rl.prompt();
+  });
+  rl.on("close", () => {
+    session.stop();
+  });
+  return new Promise((resolve2) => {
+    rl.on("close", resolve2);
+  });
+}
+var SessionManager;
+var init_session = __esm({
+  "src/runtime/session.ts"() {
+    "use strict";
+    init_guard_engine();
+    init_plan_engine();
+    init_world_loader();
+    SessionManager = class {
+      config;
+      state;
+      engineOptions;
+      executor;
+      constructor(config) {
+        this.config = config;
+        this.executor = config.toolExecutor ?? defaultToolExecutor;
+        this.engineOptions = {
+          trace: config.trace ?? false,
+          level: config.level,
+          plan: config.plan
+        };
+        this.state = {
+          active: false,
+          world: config.world,
+          plan: config.plan,
+          progress: config.plan ? getPlanProgress(config.plan) : void 0,
+          actionsEvaluated: 0,
+          actionsAllowed: 0,
+          actionsBlocked: 0,
+          actionsPaused: 0
+        };
+      }
+      /**
+       * Initialize the session — load world from disk if needed.
+       */
+      async start() {
+        if (this.config.worldPath && !this.config.world) {
+          this.state.world = await loadWorld(this.config.worldPath);
+        }
+        if (!this.state.world) {
+          throw new Error("No world provided. Use --world or pass a world definition.");
+        }
+        this.state.active = true;
+        return this.getState();
+      }
+      /**
+       * Evaluate a single event against governance.
+       * Returns the verdict without executing anything.
+       */
+      evaluate(event) {
+        this.engineOptions.plan = this.state.plan;
+        const verdict = evaluateGuard(event, this.state.world, this.engineOptions);
+        this.state.actionsEvaluated++;
+        if (verdict.status === "ALLOW") this.state.actionsAllowed++;
+        if (verdict.status === "BLOCK") this.state.actionsBlocked++;
+        if (verdict.status === "PAUSE") this.state.actionsPaused++;
+        this.config.onVerdict?.(verdict, event);
+        return verdict;
+      }
+      /**
+       * Evaluate and execute a tool call.
+       * Returns the execution result or block reason.
+       */
+      async executeToolCall(toolCall) {
+        let args;
+        try {
+          args = JSON.parse(toolCall.function.arguments);
+        } catch {
+          args = { raw: toolCall.function.arguments };
+        }
+        const event = {
+          intent: toolCall.function.name,
+          tool: toolCall.function.name,
+          args,
+          direction: "input"
+        };
+        const verdict = this.evaluate(event);
+        if (verdict.status === "BLOCK") {
+          return { allowed: false, verdict };
+        }
+        if (verdict.status === "PAUSE") {
+          return { allowed: false, verdict };
+        }
+        const result = await this.executor(toolCall.function.name, args);
+        this.config.onToolResult?.(toolCall.function.name, result);
+        if (this.state.plan) {
+          const planVerdict = evaluatePlan(event, this.state.plan);
+          if (planVerdict.matchedStep) {
+            this.state.plan = advancePlan(this.state.plan, planVerdict.matchedStep);
+            this.engineOptions.plan = this.state.plan;
+            this.state.progress = getPlanProgress(this.state.plan);
+            this.config.onPlanProgress?.(this.state.progress);
+            if (this.state.progress.completed === this.state.progress.total) {
+              this.config.onPlanComplete?.();
+            }
+          }
+        }
+        return { allowed: true, verdict, result };
+      }
+      /**
+       * Process a model response — evaluate and execute all tool calls.
+       * Returns results for each tool call.
+       */
+      async processModelResponse(response, model) {
+        if (response.toolCalls.length === 0) {
+          return response;
+        }
+        for (const toolCall of response.toolCalls) {
+          const { allowed, verdict, result } = await this.executeToolCall(toolCall);
+          if (allowed && result) {
+            const nextResponse = await model.sendToolResult(toolCall.id, result);
+            if (nextResponse.toolCalls.length > 0) {
+              return this.processModelResponse(nextResponse, model);
+            }
+            return nextResponse;
+          } else {
+            const reason = verdict.reason ?? "Action blocked by governance.";
+            const nextResponse = await model.sendBlockedResult(toolCall.id, reason);
+            if (nextResponse.toolCalls.length > 0) {
+              return this.processModelResponse(nextResponse, model);
+            }
+            return nextResponse;
+          }
+        }
+        return response;
+      }
+      /** Get current session state. */
+      getState() {
+        return { ...this.state };
+      }
+      /** Stop the session. */
+      stop() {
+        this.state.active = false;
+        return this.getState();
+      }
+    };
+  }
+});
+
+// src/cli/run.ts
+var run_exports = {};
+__export(run_exports, {
+  main: () => main
+});
+module.exports = __toCommonJS(run_exports);
+var import_fs2 = require("fs");
+var import_path2 = require("path");
+
+// src/loader/world-resolver.ts
+var import_fs = require("fs");
+var import_path = require("path");
+var WORLDS_DIR = ".neuroverse/worlds";
+var ACTIVE_WORLD_FILE = ".neuroverse/active_world";
+function listWorlds(cwd = process.cwd()) {
+  const worldsDir = (0, import_path.join)(cwd, WORLDS_DIR);
+  if (!(0, import_fs.existsSync)(worldsDir)) return [];
+  const activeName = getActiveWorldName(cwd);
+  const entries = (0, import_fs.readdirSync)(worldsDir);
+  return entries.filter((name) => {
+    const worldJson = (0, import_path.join)(worldsDir, name, "world.json");
+    return (0, import_fs.existsSync)(worldJson);
+  }).map((name) => ({
+    name,
+    path: (0, import_path.join)(worldsDir, name),
+    active: name === activeName
+  })).sort((a, b) => a.name.localeCompare(b.name));
+}
+function getActiveWorldName(cwd = process.cwd()) {
+  const filePath = (0, import_path.join)(cwd, ACTIVE_WORLD_FILE);
+  try {
+    return (0, import_fs.readFileSync)(filePath, "utf-8").trim() || void 0;
+  } catch {
+    return void 0;
+  }
+}
+function resolveWorldPath(explicit, cwd = process.cwd()) {
+  if (explicit) {
+    return resolveNameOrPath(explicit, cwd);
+  }
+  const envWorld = process.env.NEUROVERSE_WORLD;
+  if (envWorld) {
+    return resolveNameOrPath(envWorld, cwd);
+  }
+  const activeName = getActiveWorldName(cwd);
+  if (activeName) {
+    return resolveNameOrPath(activeName, cwd);
+  }
+  const worlds = listWorlds(cwd);
+  if (worlds.length === 1) {
+    return (0, import_path.resolve)(worlds[0].path);
+  }
+  return void 0;
+}
+function describeActiveWorld(explicit, cwd = process.cwd()) {
+  if (explicit) {
+    return { name: explicit, source: "--world flag" };
+  }
+  const envWorld = process.env.NEUROVERSE_WORLD;
+  if (envWorld) {
+    return { name: envWorld, source: "NEUROVERSE_WORLD env var" };
+  }
+  const activeName = getActiveWorldName(cwd);
+  if (activeName) {
+    return { name: activeName, source: ".neuroverse/active_world" };
+  }
+  const worlds = listWorlds(cwd);
+  if (worlds.length === 1) {
+    return { name: worlds[0].name, source: "auto-detected (only world)" };
+  }
+  return void 0;
+}
+function resolveNameOrPath(ref, cwd) {
+  if (ref.includes("/") || ref.includes("\\") || ref.startsWith(".") || (0, import_path.isAbsolute)(ref)) {
+    return (0, import_path.resolve)(cwd, ref);
+  }
+  const namedPath = (0, import_path.join)(cwd, WORLDS_DIR, ref);
+  if ((0, import_fs.existsSync)((0, import_path.join)(namedPath, "world.json"))) {
+    return (0, import_path.resolve)(namedPath);
+  }
+  return (0, import_path.resolve)(cwd, ref);
+}
+
+// src/cli/run.ts
+function parseArg(args, flag) {
+  const idx = args.indexOf(flag);
+  return idx >= 0 && idx + 1 < args.length ? args[idx + 1] : void 0;
+}
+function hasFlag(args, flag) {
+  return args.includes(flag);
+}
+function autoDetectPlan() {
+  const nvDir = ".neuroverse/plans";
+  if (!(0, import_fs2.existsSync)(nvDir)) return void 0;
+  const entries = (0, import_fs2.readdirSync)(nvDir).filter((e) => e.endsWith(".json"));
+  if (entries.length === 1) {
+    try {
+      return JSON.parse((0, import_fs2.readFileSync)((0, import_path2.join)(nvDir, entries[0]), "utf-8"));
+    } catch {
+      return void 0;
+    }
+  }
+  return void 0;
+}
+function loadPlan(path) {
+  return JSON.parse((0, import_fs2.readFileSync)(path, "utf-8"));
+}
+var RUN_USAGE = `
+neuroverse run \u2014 Governed runtime for AI agents.
+
+Modes:
+  --pipe            JSON lines in \u2192 verdicts out (default if stdin is piped)
+  --interactive     Chat session with model + governance
+
+Options:
+  --world <path>    Path to world directory
+  --plan <path>     Path to plan.json
+  --level <level>   Enforcement level (basic|standard|strict)
+  --trace           Include evaluation trace in verdicts
+  --provider <name> Model provider (openai|anthropic|ollama)
+  --model <name>    Model name override
+  --api-key <key>   API key (or set via env var)
+
+Usage:
+  # Pipe mode \u2014 works with any agent
+  my_agent | neuroverse run --world ./world/ --plan plan.json
+
+  # Interactive mode \u2014 governed chat session
+  neuroverse run --interactive --world ./world/ --provider openai
+
+  # Auto-detect world and plan
+  neuroverse run
+`.trim();
+async function main(args) {
+  if (hasFlag(args, "--help") || hasFlag(args, "-h")) {
+    process.stdout.write(RUN_USAGE + "\n");
+    process.exit(0);
+    return;
+  }
+  const worldPath = resolveWorldPath(parseArg(args, "--world"));
+  if (!worldPath) {
+    process.stderr.write(
+      "Error: No world found.\nUse --world <path>, set NEUROVERSE_WORLD, or run `neuroverse world use <name>`\n"
+    );
+    process.exit(1);
+    return;
+  }
+  const explicitWorld = parseArg(args, "--world");
+  const worldInfo = describeActiveWorld(explicitWorld);
+  if (worldInfo) {
+    process.stderr.write(`Using world: ${worldInfo.name}
+`);
+  }
+  const planPath = parseArg(args, "--plan");
+  const plan = planPath ? loadPlan(planPath) : autoDetectPlan();
+  const level = parseArg(args, "--level");
+  const trace = hasFlag(args, "--trace");
+  const isPipeMode = hasFlag(args, "--pipe") || !process.stdin.isTTY;
+  const isInteractive = hasFlag(args, "--interactive");
+  if (isInteractive) {
+    const providerName = parseArg(args, "--provider");
+    if (!providerName) {
+      process.stderr.write(
+        "Error: Interactive mode requires --provider (openai|anthropic|ollama)\n"
+      );
+      process.exit(1);
+      return;
+    }
+    const { resolveProvider: resolveProvider2, ModelAdapter: ModelAdapter2 } = await Promise.resolve().then(() => (init_model_adapter(), model_adapter_exports));
+    const { runInteractiveMode: runInteractiveMode2 } = await Promise.resolve().then(() => (init_session(), session_exports));
+    const modelConfig = resolveProvider2(providerName, {
+      model: parseArg(args, "--model"),
+      apiKey: parseArg(args, "--api-key")
+    });
+    const model = new ModelAdapter2(modelConfig);
+    await runInteractiveMode2(
+      {
+        worldPath,
+        plan,
+        level,
+        trace,
+        onVerdict: (verdict, event) => {
+          if (verdict.status !== "ALLOW") {
+            process.stderr.write(
+              `  [${verdict.status}] ${event.intent} \u2014 ${verdict.reason ?? verdict.ruleId ?? "governance rule"}
+`
+            );
+          }
+        },
+        onPlanProgress: (progress) => {
+          process.stderr.write(
+            `  [plan] ${progress.completed}/${progress.total} (${progress.percentage}%)
+`
+          );
+        },
+        onPlanComplete: () => {
+          process.stderr.write(`  [plan] Complete!
+`);
+        }
+      },
+      model
+    );
+  } else if (isPipeMode) {
+    const { runPipeMode: runPipeMode2 } = await Promise.resolve().then(() => (init_session(), session_exports));
+    await runPipeMode2({
+      worldPath,
+      plan,
+      level,
+      trace
+    });
+  } else {
+    process.stdout.write(RUN_USAGE + "\n");
+    process.exit(0);
+  }
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  main
+});