@neuroverseos/governance 0.10.0 → 0.12.0

package/dist/cli/neuroverse.js

@@ -97,27 +97,31 @@ async function main() {
       return validateMain(subArgs);
     }
     case "guard": {
-      const { main: guardMain } = await import("../guard-IHJEKHL2.js");
+      const { main: guardMain } = await import("../guard-PQ3SYV4Y.js");
       return guardMain(subArgs);
     }
+    case "audit": {
+      const { main: auditMain } = await import("../audit-JYNN3MOQ.js");
+      return auditMain(subArgs);
+    }
     case "test": {
-      const { main: testMain } = await import("../test-XDB2DH3L.js");
+      const { main: testMain } = await import("../test-LIHGWHBA.js");
       return testMain(subArgs);
     }
     case "redteam": {
-      const { main: redteamMain } = await import("../redteam-W644UMWN.js");
+      const { main: redteamMain } = await import("../redteam-KCULS7EW.js");
       return redteamMain(subArgs);
     }
     case "demo": {
-      const { main: demoMain } = await import("../demo-6W3YXLAX.js");
+      const { main: demoMain } = await import("../demo-GYX6CYHC.js");
       return demoMain(subArgs);
     }
     case "doctor": {
-      const { main: doctorMain } = await import("../doctor-XEMLO6UA.js");
+      const { main: doctorMain } = await import("../doctor-SIWQGTAO.js");
       return doctorMain(subArgs);
     }
     case "playground": {
-      const { main: playgroundMain } = await import("../playground-3TTBN7XD.js");
+      const { main: playgroundMain } = await import("../playground-SSZRNUAF.js");
       return playgroundMain(subArgs);
     }
     case "plan": {
@@ -129,7 +133,7 @@ async function main() {
       return runMain(subArgs);
     }
     case "mcp": {
-      const { startMcpServer } = await import("../mcp-server-CKYBHXWK.js");
+      const { startMcpServer } = await import("../mcp-server-W3MWSKD7.js");
       return startMcpServer(subArgs);
     }
     case "worlds": {
@@ -137,15 +141,15 @@ async function main() {
       return worldMain(["list", ...subArgs]);
     }
     case "trace": {
-      const { main: traceMain } = await import("../trace-2YDNAXMK.js");
+      const { main: traceMain } = await import("../trace-DC3D7XPD.js");
       return traceMain(subArgs);
     }
     case "impact": {
-      const { main: impactMain } = await import("../impact-WIAM66IH.js");
+      const { main: impactMain } = await import("../impact-LDJLTVRU.js");
       return impactMain(subArgs);
     }
     case "behavioral": {
-      const { main: behavioralMain } = await import("../behavioral-SPWPGYXL.js");
+      const { main: behavioralMain } = await import("../behavioral-4TKMHZQZ.js");
       return behavioralMain(subArgs);
     }
     case "world": {
@@ -158,11 +162,11 @@ async function main() {
       return deriveMain(subArgs);
     }
     case "decision-flow": {
-      const { main: decisionFlowMain } = await import("../decision-flow-IJPNMVQK.js");
+      const { main: decisionFlowMain } = await import("../decision-flow-5VI5YG6A.js");
       return decisionFlowMain(subArgs);
     }
     case "equity-penalties": {
-      const { main: equityPenaltiesMain } = await import("../equity-penalties-CCO3GVHS.js");
+      const { main: equityPenaltiesMain } = await import("../equity-penalties-NOM46NEO.js");
       return equityPenaltiesMain(subArgs);
     }
     case "keygen": {

package/dist/cli/plan.cjs

@@ -1223,6 +1223,24 @@ function isExternalScope(scope) {
   return !internalPatterns.some((p) => p.test(scope));
 }
 function evaluateGuard(event, world, options = {}) {
+  const verdict = evaluateGuardCore(event, world, options);
+  return options.mode === "observe" ? toShadowVerdict(verdict) : verdict;
+}
+function toShadowVerdict(verdict) {
+  if (verdict.status === "ALLOW") return verdict;
+  return {
+    ...verdict,
+    status: "ALLOW",
+    shadowStatus: verdict.status,
+    shadowReason: verdict.reason,
+    // Preserve the original reason as shadowReason and wipe the
+    // top-level reason so callers that display `reason` for BLOCK/PAUSE
+    // don't accidentally surface an enforcement message.
+    reason: void 0,
+    warning: verdict.reason ? `Observe mode: would have ${verdict.status.toLowerCase()} \u2014 ${verdict.reason}` : `Observe mode: would have ${verdict.status.toLowerCase()}`
+  };
+}
+function evaluateGuardCore(event, world, options = {}) {
   const startTime = performance.now();
   const level = options.level ?? "standard";
   const includeTrace = options.trace ?? false;

package/dist/cli/radiant.cjs

@@ -2813,6 +2813,24 @@ function isExternalScope(scope) {
   return !internalPatterns.some((p) => p.test(scope));
 }
 function evaluateGuard(event, world, options = {}) {
+  const verdict = evaluateGuardCore(event, world, options);
+  return options.mode === "observe" ? toShadowVerdict(verdict) : verdict;
+}
+function toShadowVerdict(verdict) {
+  if (verdict.status === "ALLOW") return verdict;
+  return {
+    ...verdict,
+    status: "ALLOW",
+    shadowStatus: verdict.status,
+    shadowReason: verdict.reason,
+    // Preserve the original reason as shadowReason and wipe the
+    // top-level reason so callers that display `reason` for BLOCK/PAUSE
+    // don't accidentally surface an enforcement message.
+    reason: void 0,
+    warning: verdict.reason ? `Observe mode: would have ${verdict.status.toLowerCase()} \u2014 ${verdict.reason}` : `Observe mode: would have ${verdict.status.toLowerCase()}`
+  };
+}
+function evaluateGuardCore(event, world, options = {}) {
   const startTime = performance.now();
   const level = options.level ?? "standard";
   const includeTrace = options.trace ?? false;
@@ -3779,6 +3797,7 @@ async function auditGovernance(events, worldPath) {
     return emptyAudit(events.length, "Could not load compiled worldmodel for governance audit.");
   }
   const verdicts = [];
+  const crossings = [];
   for (const ce of events) {
     const intent = ce.event.content?.slice(0, 500) || ce.event.kind || "activity";
     const scope = ce.event.metadata?.scope || void 0;
@@ -3789,16 +3808,32 @@ async function auditGovernance(events, worldPath) {
           scope,
           actionCategory: mapKindToCategory(ce.event.kind)
         },
-        world
+        world,
+        { mode: "observe" }
       );
+      const shadow = result.shadowStatus ?? "ALLOW";
       verdicts.push({
         eventId: ce.event.id,
         domain: ce.domain,
-        status: result.status,
-        reason: result.reason,
+        status: shadow,
+        reason: result.shadowReason,
         ruleId: result.ruleId,
         warning: result.warning
       });
+      if (shadow !== "ALLOW") {
+        crossings.push({
+          eventId: ce.event.id,
+          timestamp: ce.event.timestamp,
+          kind: ce.event.kind,
+          actorId: ce.event.actor.id,
+          shadowStatus: shadow,
+          shadowReason: result.shadowReason,
+          ruleId: result.ruleId,
+          excerpt: intent.length > 280 ? intent.slice(0, 279) + "\u2026" : intent,
+          wouldHaveBlocked: true,
+          verdict: result
+        });
+      }
     } catch {
       verdicts.push({
         eventId: ce.event.id,
@@ -3817,6 +3852,7 @@ async function auditGovernance(events, worldPath) {
     human,
     cyber,
     joint,
+    crossings,
     summary
   };
 }
@@ -3872,6 +3908,7 @@ function emptyAudit(total, reason) {
     human: { allow: 0, modify: 0, block: 0, details: [] },
     cyber: { allow: 0, modify: 0, block: 0, details: [] },
     joint: { allow: 0, modify: 0, block: 0, details: [] },
+    crossings: [],
     summary: reason
   };
 }
@@ -4896,7 +4933,8 @@ Compare stated intent against actual GitHub activity. Gaps = drift.`;
     scores,
     eventCount: events.length,
     activeAdapters,
-    worldStack
+    worldStack,
+    governance
   };
 }
 function filterEventsByUser(events, username) {

package/dist/cli/radiant.js

@@ -7,12 +7,12 @@ import {
   readExocortex,
   summarizeExocortex,
   think
-} from "../chunk-BZYQHJDM.js";
+} from "../chunk-2KTPIE57.js";
 import {
   listLenses
 } from "../chunk-TCGGED4G.js";
 import "../chunk-I4RTIMLX.js";
-import "../chunk-ZAF6JH23.js";
+import "../chunk-MBOW6YXN.js";
 import "../chunk-QLPTHTVB.js";
 import "../chunk-QWGCMQQD.js";
 
@@ -743,7 +743,7 @@ async function main(argv) {
     case "emergent":
       return cmdEmergent(args);
     case "mcp": {
-      const { startRadiantMcp } = await import("../server-EI5JCIBU.js");
+      const { startRadiantMcp } = await import("../server-EGRGGSM2.js");
       return startRadiantMcp(argv);
     }
     case "decision":

package/dist/cli/run.cjs

@@ -308,6 +308,24 @@ function isExternalScope(scope) {
   return !internalPatterns.some((p) => p.test(scope));
 }
 function evaluateGuard(event, world, options = {}) {
+  const verdict = evaluateGuardCore(event, world, options);
+  return options.mode === "observe" ? toShadowVerdict(verdict) : verdict;
+}
+function toShadowVerdict(verdict) {
+  if (verdict.status === "ALLOW") return verdict;
+  return {
+    ...verdict,
+    status: "ALLOW",
+    shadowStatus: verdict.status,
+    shadowReason: verdict.reason,
+    // Preserve the original reason as shadowReason and wipe the
+    // top-level reason so callers that display `reason` for BLOCK/PAUSE
+    // don't accidentally surface an enforcement message.
+    reason: void 0,
+    warning: verdict.reason ? `Observe mode: would have ${verdict.status.toLowerCase()} \u2014 ${verdict.reason}` : `Observe mode: would have ${verdict.status.toLowerCase()}`
+  };
+}
+function evaluateGuardCore(event, world, options = {}) {
   const startTime = performance.now();
   const level = options.level ?? "standard";
   const includeTrace = options.trace ?? false;

package/dist/cli/run.js

@@ -1,12 +1,12 @@
 import {
   FileAuditLogger,
   verdictToAuditEvent
-} from "../chunk-2VAWP6FI.js";
+} from "../chunk-RAS62JXV.js";
 import {
   describeActiveWorld,
   resolveWorldPath
 } from "../chunk-AKW5YVCE.js";
-import "../chunk-ZAF6JH23.js";
+import "../chunk-MBOW6YXN.js";
 import "../chunk-QLPTHTVB.js";
 import "../chunk-QWGCMQQD.js";
 
@@ -105,7 +105,7 @@ async function main(args) {
       return;
     }
     const { resolveProvider, ModelAdapter } = await import("../model-adapter-VXEKB4LS.js");
-    const { runInteractiveMode } = await import("../session-FMAROEIE.js");
+    const { runInteractiveMode } = await import("../session-PZLTL22G.js");
     const modelConfig = resolveProvider(providerName, {
       model: parseArg(args, "--model"),
       apiKey: parseArg(args, "--api-key")
@@ -142,7 +142,7 @@ async function main(args) {
       model
     );
   } else if (isPipeMode) {
-    const { runPipeMode } = await import("../session-FMAROEIE.js");
+    const { runPipeMode } = await import("../session-PZLTL22G.js");
     await runPipeMode({
       worldPath,
       plan,

package/dist/{decision-flow-IJPNMVQK.js → decision-flow-5VI5YG6A.js}

@@ -4,8 +4,8 @@ import {
 } from "./chunk-D2UCV5AK.js";
 import {
   readAuditLog
-} from "./chunk-2VAWP6FI.js";
-import "./chunk-ZAF6JH23.js";
+} from "./chunk-RAS62JXV.js";
+import "./chunk-MBOW6YXN.js";
 import "./chunk-QLPTHTVB.js";
 import "./chunk-QWGCMQQD.js";
 

package/dist/{demo-6W3YXLAX.js → demo-GYX6CYHC.js}

@@ -6,7 +6,7 @@ import {
   handleListPresets,
   handleReasonRequest,
   writeTempWorld
-} from "./chunk-7FL3U7Z5.js";
+} from "./chunk-MWGEXHOD.js";
 import {
   adaptationFromVerdict,
   detectBehavioralPatterns,
@@ -20,7 +20,7 @@ import {
   loadBundledWorld,
   loadWorld
 } from "./chunk-I4RTIMLX.js";
-import "./chunk-ZAF6JH23.js";
+import "./chunk-MBOW6YXN.js";
 import "./chunk-QLPTHTVB.js";
 import {
   __require

package/dist/engine/guard-engine.cjs

@@ -320,8 +320,26 @@ function isExternalScope(scope) {
   ];
   return !internalPatterns.some((p) => p.test(scope));
 }
-var MAX_INPUT_LENGTH = 1e5;
 function evaluateGuard(event, world, options = {}) {
+  const verdict = evaluateGuardCore(event, world, options);
+  return options.mode === "observe" ? toShadowVerdict(verdict) : verdict;
+}
+function toShadowVerdict(verdict) {
+  if (verdict.status === "ALLOW") return verdict;
+  return {
+    ...verdict,
+    status: "ALLOW",
+    shadowStatus: verdict.status,
+    shadowReason: verdict.reason,
+    // Preserve the original reason as shadowReason and wipe the
+    // top-level reason so callers that display `reason` for BLOCK/PAUSE
+    // don't accidentally surface an enforcement message.
+    reason: void 0,
+    warning: verdict.reason ? `Observe mode: would have ${verdict.status.toLowerCase()} \u2014 ${verdict.reason}` : `Observe mode: would have ${verdict.status.toLowerCase()}`
+  };
+}
+var MAX_INPUT_LENGTH = 1e5;
+function evaluateGuardCore(event, world, options = {}) {
   const startTime = performance.now();
   const level = options.level ?? "standard";
   const includeTrace = options.trace ?? false;

package/dist/engine/guard-engine.d.cts

@@ -1,5 +1,5 @@
 import { WorldDefinition, GovernanceEvent } from '../types.cjs';
-import { a as GuardEvent, b as GuardEngineOptions, G as GuardVerdict, d as GuardStatus } from '../guard-contract-ddiIPlOg.cjs';
+import { a as GuardEvent, b as GuardEngineOptions, G as GuardVerdict, d as GuardStatus } from '../guard-contract-Oznf-Kgq.cjs';
 
 /**
  * Guard Engine — Deterministic Governance Evaluator
@@ -28,6 +28,26 @@ import { a as GuardEvent, b as GuardEngineOptions, G as GuardVerdict, d as Guard
  *   - No hidden logic. Everything is in the world file or declared here.
  */
 
+/**
+ * Evaluate a guard event against a world definition.
+ *
+ * This is the entire guard engine. One function. Deterministic.
+ * No class instantiation, no state, no side effects.
+ *
+ * Two modes, same evaluation logic:
+ *
+ *   mode: 'enforce' (default)
+ *     Returns the real verdict — BLOCK blocks, PAUSE pauses, MODIFY
+ *     modifies, PENALIZE penalizes.
+ *
+ *   mode: 'observe'
+ *     Runs every layer identically, then coerces any non-ALLOW verdict
+ *     to ALLOW before returning — preserving the original status on
+ *     `shadowStatus`. The caller passes the action through; Radiant /
+ *     Bevia / audit logs read `shadowStatus` to see what WOULD have
+ *     happened. This is how teams roll out governance without the
+ *     political cost of enforcement.
+ */
 declare function evaluateGuard(event: GuardEvent, world: WorldDefinition, options?: GuardEngineOptions): GuardVerdict;
 /**
  * Build a normalized allowlist key from a GuardEvent.

package/dist/engine/guard-engine.d.ts

@@ -1,5 +1,5 @@
 import { WorldDefinition, GovernanceEvent } from '../types.js';
-import { a as GuardEvent, b as GuardEngineOptions, G as GuardVerdict, d as GuardStatus } from '../guard-contract-q6HJAq3Q.js';
+import { a as GuardEvent, b as GuardEngineOptions, G as GuardVerdict, d as GuardStatus } from '../guard-contract-w_i_6gh-.js';
 
 /**
  * Guard Engine — Deterministic Governance Evaluator
@@ -28,6 +28,26 @@ import { a as GuardEvent, b as GuardEngineOptions, G as GuardVerdict, d as Guard
  *   - No hidden logic. Everything is in the world file or declared here.
  */
 
+/**
+ * Evaluate a guard event against a world definition.
+ *
+ * This is the entire guard engine. One function. Deterministic.
+ * No class instantiation, no state, no side effects.
+ *
+ * Two modes, same evaluation logic:
+ *
+ *   mode: 'enforce' (default)
+ *     Returns the real verdict — BLOCK blocks, PAUSE pauses, MODIFY
+ *     modifies, PENALIZE penalizes.
+ *
+ *   mode: 'observe'
+ *     Runs every layer identically, then coerces any non-ALLOW verdict
+ *     to ALLOW before returning — preserving the original status on
+ *     `shadowStatus`. The caller passes the action through; Radiant /
+ *     Bevia / audit logs read `shadowStatus` to see what WOULD have
+ *     happened. This is how teams roll out governance without the
+ *     political cost of enforcement.
+ */
 declare function evaluateGuard(event: GuardEvent, world: WorldDefinition, options?: GuardEngineOptions): GuardVerdict;
 /**
  * Build a normalized allowlist key from a GuardEvent.

package/dist/engine/guard-engine.js

@@ -2,7 +2,7 @@ import {
   evaluateGuard,
   eventToAllowlistKey,
   verdictToEvent
-} from "../chunk-ZAF6JH23.js";
+} from "../chunk-MBOW6YXN.js";
 import "../chunk-QLPTHTVB.js";
 import "../chunk-QWGCMQQD.js";
 export {

package/dist/{equity-penalties-CCO3GVHS.js → equity-penalties-NOM46NEO.js}

@@ -8,13 +8,13 @@ import {
 } from "./chunk-D2UCV5AK.js";
 import {
   verdictToAuditEvent
-} from "./chunk-2VAWP6FI.js";
+} from "./chunk-RAS62JXV.js";
 import {
   loadWorld
 } from "./chunk-I4RTIMLX.js";
 import {
   evaluateGuard
-} from "./chunk-ZAF6JH23.js";
+} from "./chunk-MBOW6YXN.js";
 import "./chunk-QLPTHTVB.js";
 import "./chunk-QWGCMQQD.js";
 

package/dist/{guard-IHJEKHL2.js → guard-PQ3SYV4Y.js}

@@ -4,12 +4,12 @@ import {
 import {
   GUARD_EXIT_CODES,
   evaluateGuardWithAI
-} from "./chunk-6CV4XG3J.js";
+} from "./chunk-QFDFAWZ6.js";
 import "./chunk-INWQHLPS.js";
 import {
   FileAuditLogger,
   verdictToAuditEvent
-} from "./chunk-2VAWP6FI.js";
+} from "./chunk-RAS62JXV.js";
 import {
   describeActiveWorld,
   resolveWorldPath
@@ -19,7 +19,7 @@ import {
 } from "./chunk-I4RTIMLX.js";
 import {
   evaluateGuard
-} from "./chunk-ZAF6JH23.js";
+} from "./chunk-MBOW6YXN.js";
 import "./chunk-QLPTHTVB.js";
 import "./chunk-QWGCMQQD.js";
 

package/dist/{guard-contract-ddiIPlOg.d.cts → guard-contract-Oznf-Kgq.d.cts}

@@ -364,6 +364,20 @@ interface GuardVerdict {
     reason?: string;
     /** ID of the rule/guard that produced this verdict */
     ruleId?: string;
+    /**
+     * Shadow verdict — populated when the engine ran in `mode: 'observe'`.
+     * If the real enforcement decision would have been BLOCK/PAUSE/MODIFY/
+     * PENALIZE, that original status is captured here while `status` is
+     * coerced to ALLOW so the caller passes the action through.
+     *
+     * Use this for observe/shadow/mirror-mode governance: the engine
+     * records every crossing of a rule without stopping anything. Lets
+     * teams adopt governance without the political cost of enforcement,
+     * and lets tools like Radiant surface which invariants got bumped.
+     */
+    shadowStatus?: GuardStatus;
+    /** Reason the shadow verdict fired (empty when shadowStatus is absent) */
+    shadowReason?: string;
     /** Advisory warning (for ALLOW with warn-mode guards) */
     warning?: string;
     /** Consequence applied (for PENALIZE verdicts) */
@@ -494,6 +508,24 @@ interface GuardEngineOptions {
     trace?: boolean;
     /** Enforcement level override. If not set, uses world default or 'standard'. */
     level?: 'basic' | 'standard' | 'strict';
+    /**
+     * Enforcement mode.
+     *
+     * - `'enforce'` (default) — the engine returns its real verdict. BLOCK
+     *   blocks, PAUSE pauses, PENALIZE penalizes, MODIFY modifies.
+     *
+     * - `'observe'` — the engine evaluates every rule exactly the same way,
+     *   but coerces non-ALLOW verdicts to ALLOW before returning. The
+     *   original status is preserved on `shadowStatus` so the caller can
+     *   record the crossing without blocking the action. Used by Radiant
+     *   + Bevia to show leaders where their worldmodel is being touched
+     *   without imposing enforcement, and by teams who want to roll out
+     *   governance gradually rule-by-rule.
+     *
+     * Observe mode does NOT alter the evaluation — all layers still run.
+     * It only changes how the final verdict is packaged for the caller.
+     */
+    mode?: 'enforce' | 'observe';
     /**
      * Session allowlist — set of pre-approved event keys.
      * Use `eventToAllowlistKey(event)` to build keys.

package/dist/{guard-contract-q6HJAq3Q.d.ts → guard-contract-w_i_6gh-.d.ts}

@@ -364,6 +364,20 @@ interface GuardVerdict {
     reason?: string;
     /** ID of the rule/guard that produced this verdict */
     ruleId?: string;
+    /**
+     * Shadow verdict — populated when the engine ran in `mode: 'observe'`.
+     * If the real enforcement decision would have been BLOCK/PAUSE/MODIFY/
+     * PENALIZE, that original status is captured here while `status` is
+     * coerced to ALLOW so the caller passes the action through.
+     *
+     * Use this for observe/shadow/mirror-mode governance: the engine
+     * records every crossing of a rule without stopping anything. Lets
+     * teams adopt governance without the political cost of enforcement,
+     * and lets tools like Radiant surface which invariants got bumped.
+     */
+    shadowStatus?: GuardStatus;
+    /** Reason the shadow verdict fired (empty when shadowStatus is absent) */
+    shadowReason?: string;
     /** Advisory warning (for ALLOW with warn-mode guards) */
     warning?: string;
     /** Consequence applied (for PENALIZE verdicts) */
@@ -494,6 +508,24 @@ interface GuardEngineOptions {
     trace?: boolean;
     /** Enforcement level override. If not set, uses world default or 'standard'. */
     level?: 'basic' | 'standard' | 'strict';
+    /**
+     * Enforcement mode.
+     *
+     * - `'enforce'` (default) — the engine returns its real verdict. BLOCK
+     *   blocks, PAUSE pauses, PENALIZE penalizes, MODIFY modifies.
+     *
+     * - `'observe'` — the engine evaluates every rule exactly the same way,
+     *   but coerces non-ALLOW verdicts to ALLOW before returning. The
+     *   original status is preserved on `shadowStatus` so the caller can
+     *   record the crossing without blocking the action. Used by Radiant
+     *   + Bevia to show leaders where their worldmodel is being touched
+     *   without imposing enforcement, and by teams who want to roll out
+     *   governance gradually rule-by-rule.
+     *
+     * Observe mode does NOT alter the evaluation — all layers still run.
+     * It only changes how the final verdict is packaged for the caller.
+     */
+    mode?: 'enforce' | 'observe';
     /**
      * Session allowlist — set of pre-approved event keys.
      * Use `eventToAllowlistKey(event)` to build keys.

package/dist/{impact-WIAM66IH.js → impact-LDJLTVRU.js}

@@ -1,11 +1,11 @@
 import {
   generateImpactReport,
   renderImpactReport
-} from "./chunk-OQU65525.js";
+} from "./chunk-24YW7BHC.js";
 import {
   readAuditLog
-} from "./chunk-2VAWP6FI.js";
-import "./chunk-ZAF6JH23.js";
+} from "./chunk-RAS62JXV.js";
+import "./chunk-MBOW6YXN.js";
 import "./chunk-QLPTHTVB.js";
 import "./chunk-QWGCMQQD.js";
 

package/dist/index.cjs

@@ -966,6 +966,8 @@ __export(index_exports, {
   advancePlan: () => advancePlan,
   applyConsequence: () => applyConsequence,
   applyReward: () => applyReward,
+  auditBehavior: () => auditBehavior,
+  auditBehaviors: () => auditBehaviors,
   buildPlanCheck: () => buildPlanCheck,
   classifyAdaptation: () => classifyAdaptation,
   classifyIntent: () => classifyIntent,
@@ -1362,8 +1364,26 @@ function isExternalScope(scope) {
   ];
   return !internalPatterns.some((p) => p.test(scope));
 }
-var MAX_INPUT_LENGTH = 1e5;
 function evaluateGuard(event, world, options = {}) {
+  const verdict = evaluateGuardCore(event, world, options);
+  return options.mode === "observe" ? toShadowVerdict(verdict) : verdict;
+}
+function toShadowVerdict(verdict) {
+  if (verdict.status === "ALLOW") return verdict;
+  return {
+    ...verdict,
+    status: "ALLOW",
+    shadowStatus: verdict.status,
+    shadowReason: verdict.reason,
+    // Preserve the original reason as shadowReason and wipe the
+    // top-level reason so callers that display `reason` for BLOCK/PAUSE
+    // don't accidentally surface an enforcement message.
+    reason: void 0,
+    warning: verdict.reason ? `Observe mode: would have ${verdict.status.toLowerCase()} \u2014 ${verdict.reason}` : `Observe mode: would have ${verdict.status.toLowerCase()}`
+  };
+}
+var MAX_INPUT_LENGTH = 1e5;
+function evaluateGuardCore(event, world, options = {}) {
   const startTime = performance.now();
   const level = options.level ?? "standard";
   const includeTrace = options.trace ?? false;
@@ -2151,6 +2171,45 @@ function verdictToEvent(status, intent) {
   };
 }
 
+// src/engine/audit-behavior.ts
+function auditBehavior(event, world) {
+  const guardEvent = toGuardEvent(event);
+  const verdict = evaluateGuard(guardEvent, world, { mode: "observe" });
+  const wouldHaveBlocked = verdict.shadowStatus !== void 0 && verdict.shadowStatus !== "ALLOW";
+  return {
+    eventId: event.id,
+    timestamp: event.timestamp,
+    kind: event.kind,
+    actorId: event.actorId,
+    shadowStatus: verdict.shadowStatus ?? "ALLOW",
+    shadowReason: verdict.shadowReason,
+    ruleId: verdict.ruleId,
+    excerpt: event.content ? excerptContent(event.content) : void 0,
+    wouldHaveBlocked,
+    verdict
+  };
+}
+function auditBehaviors(events, world) {
+  return events.map((e) => auditBehavior(e, world));
+}
+function toGuardEvent(event) {
+  return {
+    intent: event.content ?? event.kind ?? "unspecified",
+    tool: event.kind,
+    scope: event.scope,
+    payload: {
+      actorId: event.actorId,
+      actorKind: event.actorKind,
+      timestamp: event.timestamp,
+      sourceEventId: event.id
+    }
+  };
+}
+function excerptContent(content, max = 280) {
+  if (content.length <= max) return content;
+  return content.slice(0, max - 1).trimEnd() + "\u2026";
+}
+
 // src/providers/ai-provider.ts
 var ChatCompletionsProvider = class {
   model;
@@ -8357,6 +8416,8 @@ function handleCreateCapsule(body) {
   advancePlan,
   applyConsequence,
   applyReward,
+  auditBehavior,
+  auditBehaviors,
   buildPlanCheck,
   classifyAdaptation,
   classifyIntent,