@neuroverseos/governance 0.2.2 → 0.2.3

package/dist/adapters/deep-agents.d.cts

@@ -0,0 +1,181 @@
+import { b as GuardEngineOptions, P as PlanDefinition, W as WorldDefinition, a as GuardVerdict, G as GuardEvent, c as PlanProgress } from '../guard-contract-C9_zKbzd.cjs';
+import { G as GovernanceBlockedError$1 } from '../shared-HpAG90PX.cjs';
+
+/**
+ * Centralized Tool Classification & Risk Pattern Detection
+ *
+ * Extracted from deep-agents.ts where it was the only adapter
+ * with comprehensive tool classification and dangerous command
+ * detection. Now available to all adapters and the core engine.
+ */
+type ToolCategory = 'file_read' | 'file_write' | 'file_delete' | 'shell' | 'git' | 'network' | 'sub_agent' | 'context' | 'unknown';
+
+/**
+ * NeuroVerse Adapter — Deep Agents (LangChain)
+ *
+ * Intercepts tool execution in LangChain's Deep Agents framework
+ * and evaluates every action against a NeuroVerse world definition
+ * before allowing it to proceed.
+ *
+ * Deep Agents exposes a coding-agent loop with tools for file I/O,
+ * shell execution, sub-agent spawning, and context management.
+ * This adapter sits between the agent and those tools, enforcing
+ * governance rules deterministically.
+ *
+ * Usage:
+ *   import { createDeepAgentsGuard } from '@neuroverseos/governance/adapters/deep-agents';
+ *
+ *   const guard = await createDeepAgentsGuard('./world/');
+ *
+ *   // Wrap the agent's tool executor:
+ *   agent.use(guard.middleware());
+ *
+ *   // Or evaluate manually:
+ *   const verdict = guard.evaluate({ tool: 'shell', command: 'rm -rf /' });
+ */
+
+/** Shape of a Deep Agents tool invocation. */
+interface DeepAgentsToolCall {
+    /** Tool name: read_file, write_file, shell, edit_file, sub_agent, etc. */
+    tool: string;
+    /** Tool arguments as passed by the agent. */
+    args: Record<string, unknown>;
+    /** Optional run/session identifier. */
+    runId?: string;
+}
+/** Categorized tool types recognized by the adapter (re-exported from tool-classifier). */
+type DeepAgentsToolCategory = ToolCategory;
+/** Result of a governed evaluation. */
+interface DeepAgentsGuardResult {
+    allowed: boolean;
+    verdict: GuardVerdict;
+    toolCall: DeepAgentsToolCall;
+    category: DeepAgentsToolCategory;
+}
+interface DeepAgentsGuardOptions {
+    /** Include full evaluation trace in verdicts. Default: false. */
+    trace?: boolean;
+    /** Enforcement level override. */
+    level?: 'basic' | 'standard' | 'strict';
+    /** Called when an action is blocked. */
+    onBlock?: (result: DeepAgentsGuardResult) => void;
+    /** Called when an action requires approval. Return true to allow. */
+    onPause?: (result: DeepAgentsGuardResult) => Promise<boolean> | boolean;
+    /** Called for every evaluation (logging hook). */
+    onEvaluate?: (result: DeepAgentsGuardResult) => void;
+    /** Custom mapping from Deep Agents tool call to GuardEvent. */
+    mapToolCall?: (toolCall: DeepAgentsToolCall) => GuardEvent;
+    /** Active plan overlay for task-scoped governance. */
+    plan?: PlanDefinition;
+    /** Called when plan progress changes. */
+    onPlanProgress?: (progress: PlanProgress) => void;
+    /** Called when all plan steps are completed. */
+    onPlanComplete?: () => void;
+}
+declare class GovernanceBlockedError extends GovernanceBlockedError$1 {
+    readonly toolCall: DeepAgentsToolCall;
+    readonly category: DeepAgentsToolCategory;
+    constructor(verdict: GuardVerdict, toolCall: DeepAgentsToolCall, category: DeepAgentsToolCategory);
+}
+/**
+ * NeuroVerse governance guard for LangChain Deep Agents.
+ *
+ * Evaluates every tool invocation against a world definition before
+ * allowing execution. Supports blocking, pausing (approval required),
+ * and plan-scoped governance.
+ */
+declare class DeepAgentsGuard {
+    readonly name = "neuroverse-deep-agents-guard";
+    private world;
+    private options;
+    engineOptions: GuardEngineOptions;
+    private mapToolCall;
+    activePlan?: PlanDefinition;
+    constructor(world: WorldDefinition, options?: DeepAgentsGuardOptions);
+    /**
+     * Evaluate a tool call against governance rules.
+     * Returns the result without side effects.
+     */
+    evaluate(toolCall: DeepAgentsToolCall): DeepAgentsGuardResult;
+    /**
+     * Evaluate and enforce governance on a tool call.
+     *
+     * @throws GovernanceBlockedError if BLOCKED
+     * @throws GovernanceBlockedError if PAUSED and onPause returns false
+     * @returns DeepAgentsGuardResult on ALLOW
+     */
+    enforce(toolCall: DeepAgentsToolCall): Promise<DeepAgentsGuardResult>;
+    /**
+     * Evaluate and execute a tool call with governance enforcement.
+     *
+     * If ALLOW: runs the executor and returns its result.
+     * If BLOCK: returns a governance-blocked message.
+     * If PAUSE: calls onPause; blocks if not approved.
+     *
+     * @param toolCall - The Deep Agents tool call to evaluate
+     * @param executor - The actual tool execution function
+     * @returns The tool execution result or a blocked message
+     */
+    execute<T>(toolCall: DeepAgentsToolCall, executor: (toolCall: DeepAgentsToolCall) => Promise<T>): Promise<{
+        result: T;
+        verdict: GuardVerdict;
+    } | {
+        blocked: true;
+        verdict: GuardVerdict;
+        reason: string;
+    }>;
+    /**
+     * Returns a middleware function compatible with Deep Agents' tool pipeline.
+     *
+     * The middleware intercepts tool calls before execution:
+     *   agent.use(guard.middleware());
+     */
+    middleware(): (toolCall: DeepAgentsToolCall, next: () => Promise<unknown>) => Promise<unknown>;
+    /**
+     * Returns a callback-handler-style object for LangChain integration.
+     * Compatible with Deep Agents' callback system.
+     */
+    callbacks(): {
+        handleToolStart: (tool: {
+            name: string;
+        }, input: string) => Promise<void>;
+    };
+    /**
+     * Check if a shell command contains dangerous patterns.
+     * Useful for pre-screening before full governance evaluation.
+     */
+    static isDangerousCommand(command: string): {
+        dangerous: boolean;
+        labels: string[];
+    };
+    /**
+     * Check if a git command contains dangerous patterns.
+     */
+    static isDangerousGitCommand(command: string): {
+        dangerous: boolean;
+        labels: string[];
+    };
+    /**
+     * Classify a tool name into a category.
+     */
+    static classifyTool(toolName: string): DeepAgentsToolCategory;
+    private trackPlanProgressInternal;
+}
+/**
+ * Create a Deep Agents guard from a world path.
+ *
+ * @param worldPath - Path to world directory, .nv-world.md, or .nv-world.zip
+ * @param options - Guard configuration
+ * @returns A guard ready to plug into Deep Agents
+ */
+declare function createDeepAgentsGuard(worldPath: string, options?: DeepAgentsGuardOptions): Promise<DeepAgentsGuard>;
+/**
+ * Create a Deep Agents guard from a pre-loaded world.
+ *
+ * @param world - A loaded WorldDefinition
+ * @param options - Guard configuration
+ * @returns A guard ready to plug into Deep Agents
+ */
+declare function createDeepAgentsGuardFromWorld(world: WorldDefinition, options?: DeepAgentsGuardOptions): DeepAgentsGuard;
+
+export { DeepAgentsGuard, type DeepAgentsGuardOptions, type DeepAgentsGuardResult, type DeepAgentsToolCall, type DeepAgentsToolCategory, GovernanceBlockedError, createDeepAgentsGuard, createDeepAgentsGuardFromWorld };

package/dist/adapters/deep-agents.d.ts

@@ -0,0 +1,181 @@
+import { b as GuardEngineOptions, P as PlanDefinition, W as WorldDefinition, a as GuardVerdict, G as GuardEvent, c as PlanProgress } from '../guard-contract-C9_zKbzd.js';
+import { G as GovernanceBlockedError$1 } from '../shared--Q8wPBVN.js';
+
+/**
+ * Centralized Tool Classification & Risk Pattern Detection
+ *
+ * Extracted from deep-agents.ts where it was the only adapter
+ * with comprehensive tool classification and dangerous command
+ * detection. Now available to all adapters and the core engine.
+ */
+type ToolCategory = 'file_read' | 'file_write' | 'file_delete' | 'shell' | 'git' | 'network' | 'sub_agent' | 'context' | 'unknown';
+
+/**
+ * NeuroVerse Adapter — Deep Agents (LangChain)
+ *
+ * Intercepts tool execution in LangChain's Deep Agents framework
+ * and evaluates every action against a NeuroVerse world definition
+ * before allowing it to proceed.
+ *
+ * Deep Agents exposes a coding-agent loop with tools for file I/O,
+ * shell execution, sub-agent spawning, and context management.
+ * This adapter sits between the agent and those tools, enforcing
+ * governance rules deterministically.
+ *
+ * Usage:
+ *   import { createDeepAgentsGuard } from '@neuroverseos/governance/adapters/deep-agents';
+ *
+ *   const guard = await createDeepAgentsGuard('./world/');
+ *
+ *   // Wrap the agent's tool executor:
+ *   agent.use(guard.middleware());
+ *
+ *   // Or evaluate manually:
+ *   const verdict = guard.evaluate({ tool: 'shell', command: 'rm -rf /' });
+ */
+
+/** Shape of a Deep Agents tool invocation. */
+interface DeepAgentsToolCall {
+    /** Tool name: read_file, write_file, shell, edit_file, sub_agent, etc. */
+    tool: string;
+    /** Tool arguments as passed by the agent. */
+    args: Record<string, unknown>;
+    /** Optional run/session identifier. */
+    runId?: string;
+}
+/** Categorized tool types recognized by the adapter (re-exported from tool-classifier). */
+type DeepAgentsToolCategory = ToolCategory;
+/** Result of a governed evaluation. */
+interface DeepAgentsGuardResult {
+    allowed: boolean;
+    verdict: GuardVerdict;
+    toolCall: DeepAgentsToolCall;
+    category: DeepAgentsToolCategory;
+}
+interface DeepAgentsGuardOptions {
+    /** Include full evaluation trace in verdicts. Default: false. */
+    trace?: boolean;
+    /** Enforcement level override. */
+    level?: 'basic' | 'standard' | 'strict';
+    /** Called when an action is blocked. */
+    onBlock?: (result: DeepAgentsGuardResult) => void;
+    /** Called when an action requires approval. Return true to allow. */
+    onPause?: (result: DeepAgentsGuardResult) => Promise<boolean> | boolean;
+    /** Called for every evaluation (logging hook). */
+    onEvaluate?: (result: DeepAgentsGuardResult) => void;
+    /** Custom mapping from Deep Agents tool call to GuardEvent. */
+    mapToolCall?: (toolCall: DeepAgentsToolCall) => GuardEvent;
+    /** Active plan overlay for task-scoped governance. */
+    plan?: PlanDefinition;
+    /** Called when plan progress changes. */
+    onPlanProgress?: (progress: PlanProgress) => void;
+    /** Called when all plan steps are completed. */
+    onPlanComplete?: () => void;
+}
+declare class GovernanceBlockedError extends GovernanceBlockedError$1 {
+    readonly toolCall: DeepAgentsToolCall;
+    readonly category: DeepAgentsToolCategory;
+    constructor(verdict: GuardVerdict, toolCall: DeepAgentsToolCall, category: DeepAgentsToolCategory);
+}
+/**
+ * NeuroVerse governance guard for LangChain Deep Agents.
+ *
+ * Evaluates every tool invocation against a world definition before
+ * allowing execution. Supports blocking, pausing (approval required),
+ * and plan-scoped governance.
+ */
+declare class DeepAgentsGuard {
+    readonly name = "neuroverse-deep-agents-guard";
+    private world;
+    private options;
+    engineOptions: GuardEngineOptions;
+    private mapToolCall;
+    activePlan?: PlanDefinition;
+    constructor(world: WorldDefinition, options?: DeepAgentsGuardOptions);
+    /**
+     * Evaluate a tool call against governance rules.
+     * Returns the result without side effects.
+     */
+    evaluate(toolCall: DeepAgentsToolCall): DeepAgentsGuardResult;
+    /**
+     * Evaluate and enforce governance on a tool call.
+     *
+     * @throws GovernanceBlockedError if BLOCKED
+     * @throws GovernanceBlockedError if PAUSED and onPause returns false
+     * @returns DeepAgentsGuardResult on ALLOW
+     */
+    enforce(toolCall: DeepAgentsToolCall): Promise<DeepAgentsGuardResult>;
+    /**
+     * Evaluate and execute a tool call with governance enforcement.
+     *
+     * If ALLOW: runs the executor and returns its result.
+     * If BLOCK: returns a governance-blocked message.
+     * If PAUSE: calls onPause; blocks if not approved.
+     *
+     * @param toolCall - The Deep Agents tool call to evaluate
+     * @param executor - The actual tool execution function
+     * @returns The tool execution result or a blocked message
+     */
+    execute<T>(toolCall: DeepAgentsToolCall, executor: (toolCall: DeepAgentsToolCall) => Promise<T>): Promise<{
+        result: T;
+        verdict: GuardVerdict;
+    } | {
+        blocked: true;
+        verdict: GuardVerdict;
+        reason: string;
+    }>;
+    /**
+     * Returns a middleware function compatible with Deep Agents' tool pipeline.
+     *
+     * The middleware intercepts tool calls before execution:
+     *   agent.use(guard.middleware());
+     */
+    middleware(): (toolCall: DeepAgentsToolCall, next: () => Promise<unknown>) => Promise<unknown>;
+    /**
+     * Returns a callback-handler-style object for LangChain integration.
+     * Compatible with Deep Agents' callback system.
+     */
+    callbacks(): {
+        handleToolStart: (tool: {
+            name: string;
+        }, input: string) => Promise<void>;
+    };
+    /**
+     * Check if a shell command contains dangerous patterns.
+     * Useful for pre-screening before full governance evaluation.
+     */
+    static isDangerousCommand(command: string): {
+        dangerous: boolean;
+        labels: string[];
+    };
+    /**
+     * Check if a git command contains dangerous patterns.
+     */
+    static isDangerousGitCommand(command: string): {
+        dangerous: boolean;
+        labels: string[];
+    };
+    /**
+     * Classify a tool name into a category.
+     */
+    static classifyTool(toolName: string): DeepAgentsToolCategory;
+    private trackPlanProgressInternal;
+}
+/**
+ * Create a Deep Agents guard from a world path.
+ *
+ * @param worldPath - Path to world directory, .nv-world.md, or .nv-world.zip
+ * @param options - Guard configuration
+ * @returns A guard ready to plug into Deep Agents
+ */
+declare function createDeepAgentsGuard(worldPath: string, options?: DeepAgentsGuardOptions): Promise<DeepAgentsGuard>;
+/**
+ * Create a Deep Agents guard from a pre-loaded world.
+ *
+ * @param world - A loaded WorldDefinition
+ * @param options - Guard configuration
+ * @returns A guard ready to plug into Deep Agents
+ */
+declare function createDeepAgentsGuardFromWorld(world: WorldDefinition, options?: DeepAgentsGuardOptions): DeepAgentsGuard;
+
+export { DeepAgentsGuard, type DeepAgentsGuardOptions, type DeepAgentsGuardResult, type DeepAgentsToolCall, type DeepAgentsToolCategory, GovernanceBlockedError, createDeepAgentsGuard, createDeepAgentsGuardFromWorld };

package/dist/adapters/deep-agents.js

@@ -0,0 +1,17 @@
+import {
+  DeepAgentsGuard,
+  GovernanceBlockedError,
+  createDeepAgentsGuard,
+  createDeepAgentsGuardFromWorld
+} from "../chunk-JCKSW2PZ.js";
+import "../chunk-5U2MQO5P.js";
+import "../chunk-IZSO75NZ.js";
+import "../chunk-QLPTHTVB.js";
+import "../chunk-JZPQGIKR.js";
+import "../chunk-YZFATT7X.js";
+export {
+  DeepAgentsGuard,
+  GovernanceBlockedError,
+  createDeepAgentsGuard,
+  createDeepAgentsGuardFromWorld
+};

package/dist/adapters/express.cjs

@@ -35,17 +35,27 @@ __export(express_exports, {
 });
 module.exports = __toCommonJS(express_exports);
 
-// src/engine/plan-engine.ts
-function keywordMatch(eventText, step) {
-  const stepText = [
-    step.label,
-    step.description ?? "",
-    ...step.tags ?? []
+// src/engine/text-utils.ts
+function normalizeEventText(event) {
+  return [
+    event.intent,
+    event.tool ?? "",
+    event.scope ?? ""
   ].join(" ").toLowerCase();
-  const keywords = stepText.split(/\s+/).filter((w) => w.length > 3);
+}
+function extractKeywords(text, minLength = 3) {
+  return text.toLowerCase().split(/\s+/).filter((w) => w.length > minLength);
+}
+function matchesAllKeywords(eventText, ruleText) {
+  const keywords = extractKeywords(ruleText);
+  if (keywords.length === 0) return false;
+  return keywords.every((kw) => eventText.includes(kw));
+}
+function matchesKeywordThreshold(eventText, ruleText, threshold = 0.5) {
+  const keywords = extractKeywords(ruleText);
   if (keywords.length === 0) return false;
   const matched = keywords.filter((kw) => eventText.includes(kw));
-  return matched.length >= Math.ceil(keywords.length * 0.5);
+  return matched.length >= Math.ceil(keywords.length * threshold);
 }
 function tokenSimilarity(a, b) {
   const tokensA = new Set(a.toLowerCase().split(/\s+/).filter((w) => w.length > 2));
@@ -58,6 +68,19 @@ function tokenSimilarity(a, b) {
   const union = (/* @__PURE__ */ new Set([...tokensA, ...tokensB])).size;
   return union > 0 ? intersection / union : 0;
 }
+
+// src/engine/plan-engine.ts
+function keywordMatch(eventText, step) {
+  const stepText = [
+    step.label,
+    step.description ?? "",
+    ...step.tags ?? []
+  ].join(" ");
+  return matchesKeywordThreshold(eventText, stepText, 0.5);
+}
+function tokenSimilarity2(a, b) {
+  return tokenSimilarity(a, b);
+}
 function findMatchingStep(eventText, event, steps) {
   const pendingOrActive = steps.filter((s) => s.status === "pending" || s.status === "active");
   if (pendingOrActive.length === 0) {
@@ -76,7 +99,7 @@ function findMatchingStep(eventText, event, steps) {
   let bestScore = 0;
   for (const step of pendingOrActive) {
     const stepText = [step.label, step.description ?? "", ...step.tags ?? []].join(" ");
-    const score = tokenSimilarity(intentText, stepText);
+    const score = tokenSimilarity2(intentText, stepText);
     if (score > bestScore) {
       bestScore = score;
       bestStep = step;
@@ -117,7 +140,7 @@ function checkConstraints(event, eventText, constraints) {
       continue;
     }
     if (constraint.type === "scope" && constraint.trigger) {
-      const keywords = constraint.trigger.split(/\s+/).filter((w) => w.length > 3);
+      const keywords = extractKeywords(constraint.trigger);
       const violated = keywords.length > 0 && keywords.every((kw) => eventText.includes(kw));
       checks.push({
         constraintId: constraint.id,
@@ -163,11 +186,7 @@ function evaluatePlan(event, plan) {
       progress
     };
   }
-  const eventText = [
-    event.intent,
-    event.tool ?? "",
-    event.scope ?? ""
-  ].join(" ").toLowerCase();
+  const eventText = normalizeEventText(event);
   const { matched, closest, closestScore } = findMatchingStep(eventText, event, plan.steps);
   if (!matched) {
     return {
@@ -208,7 +227,7 @@ function evaluatePlan(event, plan) {
   };
 }
 function buildPlanCheck(event, plan, verdict) {
-  const eventText = [event.intent, event.tool ?? "", event.scope ?? ""].join(" ").toLowerCase();
+  const eventText = normalizeEventText(event);
   const { matched, closest, closestScore } = findMatchingStep(eventText, event, plan.steps);
   const { checks: constraintChecks } = checkConstraints(event, eventText, plan.constraints);
   const progress = getPlanProgress(plan);
@@ -314,7 +333,7 @@ function evaluateGuard(event, world, options = {}) {
   const startTime = performance.now();
   const level = options.level ?? "standard";
   const includeTrace = options.trace ?? false;
-  const eventText = (event.intent + " " + (event.tool ?? "") + " " + (event.scope ?? "")).toLowerCase();
+  const eventText = normalizeEventText(event);
   const invariantChecks = [];
   const safetyChecks = [];
   let planCheckResult;
@@ -327,6 +346,43 @@ function evaluateGuard(event, world, options = {}) {
   const guardsMatched = [];
   const rulesMatched = [];
   checkInvariantCoverage(world, invariantChecks);
+  if (event.roleId && options.agentStates) {
+    const agentState = options.agentStates.get(event.roleId);
+    if (agentState && agentState.cooldownRemaining > 0) {
+      decidingLayer = "safety";
+      decidingId = `penalize-cooldown-${event.roleId}`;
+      const verdict = buildVerdict(
+        "PENALIZE",
+        `Agent "${event.roleId}" is frozen for ${agentState.cooldownRemaining} more round(s) due to prior penalty.`,
+        `penalize-cooldown-${event.roleId}`,
+        void 0,
+        world,
+        level,
+        invariantChecks,
+        guardsMatched,
+        rulesMatched,
+        includeTrace ? buildTrace(
+          invariantChecks,
+          safetyChecks,
+          planCheckResult,
+          roleChecks,
+          guardChecks,
+          kernelRuleChecks,
+          levelChecks,
+          decidingLayer,
+          decidingId,
+          startTime
+        ) : void 0
+      );
+      verdict.intentRecord = {
+        originalIntent: event.intent,
+        finalAction: "blocked (agent frozen)",
+        enforcement: "PENALIZE",
+        consequence: { type: "freeze", rounds: agentState.cooldownRemaining, description: "Agent still in cooldown from prior penalty" }
+      };
+      return verdict;
+    }
+  }
   if (options.sessionAllowlist) {
     const key = eventToAllowlistKey(event);
     if (options.sessionAllowlist.has(key)) {
@@ -454,7 +510,16 @@ function evaluateGuard(event, world, options = {}) {
     if (guardVerdict.status !== "ALLOW") {
       decidingLayer = "guard";
       decidingId = guardVerdict.ruleId;
-      return buildVerdict(
+      const intentRecord = {
+        originalIntent: event.intent,
+        finalAction: guardVerdict.status === "MODIFY" ? guardVerdict.modifiedTo ?? "modified" : guardVerdict.status === "PENALIZE" ? "blocked + penalized" : guardVerdict.status === "REWARD" ? event.intent : guardVerdict.status === "NEUTRAL" ? event.intent : guardVerdict.status === "BLOCK" ? "blocked" : "paused",
+        ruleApplied: guardVerdict.ruleId,
+        enforcement: guardVerdict.status,
+        modifiedTo: guardVerdict.modifiedTo,
+        consequence: guardVerdict.consequence,
+        reward: guardVerdict.reward
+      };
+      const verdict = buildVerdict(
         guardVerdict.status,
         guardVerdict.reason,
         guardVerdict.ruleId,
@@ -477,6 +542,10 @@ function evaluateGuard(event, world, options = {}) {
           startTime
         ) : void 0
       );
+      verdict.intentRecord = intentRecord;
+      if (guardVerdict.consequence) verdict.consequence = guardVerdict.consequence;
+      if (guardVerdict.reward) verdict.reward = guardVerdict.reward;
+      return verdict;
     }
   }
   const kernelVerdict = checkKernelRules(eventText, world, kernelRuleChecks, rulesMatched);
@@ -771,6 +840,21 @@ function checkGuards(event, eventText, world, checks, guardsMatched) {
     if (actionMode === "pause") {
       return { status: "PAUSE", reason, ruleId: `guard-${guard.id}` };
     }
+    if (actionMode === "penalize") {
+      const consequence = guard.consequence ? { ...guard.consequence } : { type: "freeze", rounds: 1, description: `Penalized for violating: ${guard.label}` };
+      return { status: "PENALIZE", reason, ruleId: `guard-${guard.id}`, consequence };
+    }
+    if (actionMode === "reward") {
+      const reward = guard.reward ? { ...guard.reward } : { type: "boost_influence", magnitude: 0.1, description: `Rewarded for: ${guard.label}` };
+      return { status: "REWARD", reason, ruleId: `guard-${guard.id}`, reward };
+    }
+    if (actionMode === "modify") {
+      const modifiedTo = guard.modify_to ?? guard.redirect ?? "hold";
+      return { status: "MODIFY", reason: `${reason} \u2192 Modified to: ${modifiedTo}`, ruleId: `guard-${guard.id}`, modifiedTo };
+    }
+    if (actionMode === "neutral") {
+      return { status: "NEUTRAL", reason, ruleId: `guard-${guard.id}` };
+    }
     if (actionMode === "warn" && !warnResult) {
       warnResult = { status: "ALLOW", warning: reason, ruleId: `guard-${guard.id}` };
     }
@@ -880,9 +964,7 @@ function checkLevelConstraints(event, level, checks) {
   return null;
 }
 function matchesKeywords(eventText, ruleText) {
-  const keywords = ruleText.toLowerCase().split(/\s+/).filter((w) => w.length > 3);
-  if (keywords.length === 0) return false;
-  return keywords.every((kw) => eventText.includes(kw));
+  return matchesAllKeywords(eventText, ruleText);
 }
 function eventToAllowlistKey(event) {
   return `${(event.tool ?? "*").toLowerCase()}::${event.intent.toLowerCase().trim()}`;

package/dist/adapters/express.d.cts

@@ -1,4 +1,4 @@
-import { G as GuardVerdict, a as GuardEvent, W as WorldDefinition } from '../guard-contract-Cm91Kp4j.cjs';
+import { a as GuardVerdict, G as GuardEvent, W as WorldDefinition } from '../guard-contract-C9_zKbzd.cjs';
 
 /**
  * NeuroVerse Adapter — Express / Fastify

package/dist/adapters/express.d.ts

@@ -1,4 +1,4 @@
-import { G as GuardVerdict, a as GuardEvent, W as WorldDefinition } from '../guard-contract-Cm91Kp4j.js';
+import { a as GuardVerdict, G as GuardEvent, W as WorldDefinition } from '../guard-contract-C9_zKbzd.js';
 
 /**
  * NeuroVerse Adapter — Express / Fastify

package/dist/adapters/express.js

@@ -1,10 +1,10 @@
 import {
   createGovernanceMiddleware,
   createGovernanceMiddlewareFromWorld
-} from "../chunk-2NICNKOM.js";
-import "../chunk-4JRYGIO7.js";
+} from "../chunk-4L6OPKMQ.js";
+import "../chunk-IZSO75NZ.js";
+import "../chunk-QLPTHTVB.js";
 import "../chunk-JZPQGIKR.js";
-import "../chunk-4QXB6PEO.js";
 import "../chunk-YZFATT7X.js";
 export {
   createGovernanceMiddleware,