@neuroverseos/governance 0.2.3 → 0.3.1

package/dist/worlds/coding-agent.nv-world.md

@@ -1,211 +0,0 @@
----
-world_id: coding-agent
-name: Coding Agent Governance
-version: 1.0.0
-runtime_mode: COMPLIANCE
-default_profile: standard
-alternative_profile: strict
----
-
-# Thesis
-
-Autonomous coding agents that can read files, write code, execute shell commands, and interact with version control require a governance layer. Without enforceable rules, a single misguided tool call can delete data, leak secrets, break production, or escalate beyond its intended scope. This world defines the boundaries within which a coding agent operates safely.
-
-# Invariants
-
-- `no_system_destruction` — Agents must never execute commands that destroy system-level resources (recursive force-delete of root paths, disk formatting, fork bombs) (structural, immutable)
-- `no_secret_exposure` — Agents must never read, log, or transmit credentials, API keys, private keys, or environment secrets outside the project boundary (structural, immutable)
-- `no_unauthorized_push` — Agents must never push directly to main or master branches without explicit approval (structural, immutable)
-- `no_scope_escape` — Agents must never access files or execute commands outside the declared project directory (structural, immutable)
-- `no_pipe_to_shell` — Agents must never pipe downloaded content directly into a shell interpreter (structural, immutable)
-- `changes_must_be_reversible` — Every file modification must be recoverable through version control; destructive operations require confirmation (prompt, immutable)
-
-# State
-
-## files_modified
-- type: number
-- min: 0
-- max: 100000
-- step: 1
-- default: 0
-- label: Files Modified
-- description: Total number of files written or edited in this session
-
-## files_deleted
-- type: number
-- min: 0
-- max: 100000
-- step: 1
-- default: 0
-- label: Files Deleted
-- description: Total number of files deleted in this session
-
-## shell_commands_run
-- type: number
-- min: 0
-- max: 10000
-- step: 1
-- default: 0
-- label: Shell Commands Run
-- description: Total number of shell commands executed
-
-## dangerous_commands_blocked
-- type: number
-- min: 0
-- max: 10000
-- step: 1
-- default: 0
-- label: Dangerous Commands Blocked
-- description: Number of shell commands blocked by governance rules
-
-## git_pushes
-- type: number
-- min: 0
-- max: 100
-- step: 1
-- default: 0
-- label: Git Pushes
-- description: Number of git push operations executed
-
-## sub_agents_spawned
-- type: number
-- min: 0
-- max: 50
-- step: 1
-- default: 0
-- label: Sub-Agents Spawned
-- description: Number of sub-agent processes created
-
-## scope_violations
-- type: number
-- min: 0
-- max: 1000
-- step: 1
-- default: 0
-- label: Scope Violations
-- description: Number of attempted actions outside the declared project scope
-
-# Assumptions
-
-## standard
-- name: Standard Development
-- description: Normal development workflow. File reads are unrestricted. File writes within project scope are allowed. Shell commands are evaluated for safety. Git pushes require feature branches.
-- file_read_policy: unrestricted
-- file_write_policy: project_scope_only
-- shell_policy: safety_evaluated
-- git_policy: feature_branches_only
-- network_policy: restricted
-
-## strict
-- name: Strict Lockdown
-- description: High-security mode. All file writes require confirmation. All shell commands require approval. No network access. No git pushes without explicit authorization.
-- file_read_policy: unrestricted
-- file_write_policy: approval_required
-- shell_policy: approval_required
-- git_policy: approval_required
-- network_policy: blocked
-
-# Rules
-
-## rule-001: Destructive Shell Command (structural)
-Shell commands that can cause irreversible system damage must be blocked unconditionally.
-
-When shell_commands_run > 0 [state] AND dangerous_commands_blocked > 0 [state]
-Then agent_safety *= 0.50
-
-> trigger: Agent attempted a destructive shell command (rm -rf, mkfs, dd, fork bomb, etc.).
-> rule: Destructive commands cannot be undone. No amount of productivity justifies risking system integrity.
-> shift: Agent safety score drops. Continued violations may halt the session.
-> effect: Agent safety reduced by 50%.
-
-## rule-002: Scope Escape Attempt (structural)
-Accessing files or running commands outside the project directory is a governance violation.
-
-When scope_violations > 0 [state]
-Then agent_safety *= 0.40
-Collapse: agent_safety < 0.10
-
-> trigger: Agent attempted to access resources outside its declared project scope.
-> rule: Agents operate within boundaries. Scope escape indicates either a misconfigured agent or a prompt injection attempt.
-> shift: Agent safety drops sharply. Multiple violations halt the session.
-> effect: Agent safety reduced to 40%.
-
-## rule-003: Excessive File Deletion (degradation)
-Deleting many files in a single session indicates potentially destructive behavior.
-
-When files_deleted > 10 [state]
-Then agent_safety *= 0.60
-
-> trigger: More than 10 files deleted in a single session.
-> rule: Bulk deletion is rarely intentional in normal development. This warrants review.
-> shift: Agent safety degrades. Remaining deletions may require approval.
-> effect: Agent safety reduced to 60%.
-
-## rule-004: Uncontrolled Sub-Agent Spawning (degradation)
-Too many sub-agents indicate either a runaway loop or poorly scoped task decomposition.
-
-When sub_agents_spawned > 10 [state]
-Then agent_safety *= 0.70
-
-> trigger: More than 10 sub-agents spawned in a single session.
-> rule: Each sub-agent inherits the parent's capabilities. Uncontrolled spawning multiplies risk.
-> shift: Agent safety degrades. Further spawning may be blocked.
-> effect: Agent safety reduced to 70%.
-
-## rule-005: Clean Session (advantage)
-A session with no violations and productive output validates the governance model.
-
-When files_modified > 0 [state] AND scope_violations == 0 [state] AND dangerous_commands_blocked == 0 [state]
-Then agent_safety *= 1.10
-
-> trigger: Agent has modified files without triggering any governance violations.
-> rule: Good behavior should be recognized. Clean sessions build trust in the agent's judgment.
-> shift: Agent safety improves slightly. Trust accumulates over clean sessions.
-> effect: Agent safety boosted by 10%.
-
-## rule-006: Unauthorized Push to Protected Branch (structural)
-Pushing to main or master without approval violates version control governance.
-
-When git_pushes > 0 [state] AND scope_violations > 0 [state]
-Then agent_safety *= 0.30
-Collapse: agent_safety < 0.10
-
-> trigger: Agent pushed to a protected branch without authorization.
-> rule: Protected branches exist for a reason. Direct pushes bypass code review and CI/CD.
-> shift: Agent safety drops critically. Session may be halted.
-> effect: Agent safety reduced to 30%.
-
-# Gates
-
-- TRUSTED: agent_safety >= 90
-- OPERATING: agent_safety >= 60
-- CAUTIOUS: agent_safety >= 35
-- RESTRICTED: agent_safety > 10
-- HALTED: agent_safety <= 10
-
-# Outcomes
-
-## agent_safety
-- type: number
-- range: 0-100
-- display: percentage
-- label: Agent Safety Score
-- primary: true
-
-## files_modified
-- type: number
-- range: 0-100000
-- display: integer
-- label: Files Modified
-
-## dangerous_commands_blocked
-- type: number
-- range: 0-10000
-- display: integer
-- label: Dangerous Commands Blocked
-
-## scope_violations
-- type: number
-- range: 0-1000
-- display: integer
-- label: Scope Violations

package/dist/worlds/derivation-world.nv-world.md

@@ -1,278 +0,0 @@
----
-world_id: derivationworld
-name: DerivationWorld
-version: 1.0.0
-runtime_mode: synthesis
-default_profile: strict_synthesis
-alternative_profile: permissive_synthesis
----
-
-# Thesis
-
-AI-synthesized governance documents must be structurally valid, epistemically honest, and deterministically verifiable. A derived .nv-world.md is only legitimate if it satisfies the same parser constraints as a hand-authored world, distinguishes declared facts from inferred claims, and never introduces governance domains beyond the source material.
-
-# Invariants
-
-- `output_must_be_valid_nv_world` — Synthesized output must parse successfully under parseWorldMarkdown with zero errors (prompt, immutable)
-- `must_include_required_sections` — Output must contain Thesis, Invariants, State, Rules, Gates, and Outcomes sections (prompt, immutable)
-- `must_distinguish_declared_vs_inferred` — Invariants derived from explicit source statements must be marked structural; those inferred by the model must be marked operational (prompt, immutable)
-- `must_not_invent_external_domains` — All state variables, rules, and invariants must trace to concepts present in the input markdown (prompt, immutable)
-- `invariants_must_be_enforceable_or_marked` — Every invariant must be structurally enforceable via rules, or explicitly tagged as non-enforceable with rationale (prompt, immutable)
-- `no_json_output` — Output must be .nv-world.md markdown only, never JSON (prompt, immutable)
-- `no_extra_commentary` — Output must contain only the .nv-world.md document, no preamble, explanation, or trailing commentary (prompt, immutable)
-- `frontmatter_must_be_complete` — Output frontmatter must include world_id, name, and version fields (prompt, immutable)
-- `rules_must_have_triggers_and_effects` — Every rule must include a When trigger line and a Then effect line (prompt, immutable)
-- `gate_thresholds_must_be_ordered` — Gate thresholds must be monotonically decreasing from best to worst status (prompt, immutable)
-
-# State
-
-## source_section_count
-- type: number
-- min: 0
-- max: 100
-- step: 1
-- default: 5
-- label: Source Section Count
-- description: Number of distinct sections or files in the input markdown. More sections generally means richer synthesis material.
-
-## source_token_estimate
-- type: number
-- min: 0
-- max: 200000
-- step: 100
-- default: 2000
-- label: Source Token Estimate
-- description: Approximate token count of concatenated input. Determines whether context window constraints may truncate material.
-
-## declared_concept_count
-- type: number
-- min: 0
-- max: 200
-- step: 1
-- default: 10
-- label: Declared Concept Count
-- description: Number of distinct governance concepts explicitly named in source material. Drives state variable and rule generation.
-
-## concept_specificity
-- type: number
-- min: 0
-- max: 100
-- default: 50
-- label: Concept Specificity
-- description: How precisely the source material defines its governance concepts. 0 = vague aspirations. 100 = precise structural claims with measurable criteria.
-
-## domain_coherence
-- type: number
-- min: 0
-- max: 100
-- default: 60
-- label: Domain Coherence
-- description: How well source sections relate to a single governance domain. Low coherence indicates conflicting or unrelated source material.
-
-## synthesis_fidelity
-- type: number
-- min: 0.00
-- max: 1.00
-- step: 0.01
-- default: 0.70
-- label: Synthesis Fidelity
-- description: Measure of how faithfully the derived world represents the source material. Primary outcome metric.
-
-## structural_completeness
-- type: number
-- min: 0
-- max: 100
-- default: 60
-- label: Structural Completeness
-- description: Percentage of required .nv-world.md sections that contain meaningful content rather than stubs.
-
-## epistemic_honesty
-- type: number
-- min: 0
-- max: 100
-- default: 70
-- label: Epistemic Honesty
-- description: Degree to which the output correctly distinguishes source-declared constraints from model-inferred constraints. 0 = everything claimed as declared. 100 = perfect attribution.
-
-## invention_ratio
-- type: number
-- min: 0.00
-- max: 1.00
-- step: 0.01
-- default: 0.10
-- label: Invention Ratio
-- description: Fraction of output concepts that have no traceable origin in the source material. Should be near zero. Above 0.30 indicates hallucination.
-
-# Assumptions
-
-## strict_synthesis
-- name: Strict Synthesis
-- description: Conservative derivation that only produces governance elements with clear source basis. Prefers omission over invention. Marks all inferred elements as operational.
-- invention_tolerance: minimal
-- attribution_mode: strict
-- completeness_priority: low
-- fidelity_priority: high
-
-## permissive_synthesis
-- name: Permissive Synthesis
-- description: Broader derivation that fills structural gaps with reasonable inferences. Produces more complete worlds but with higher invention ratio. All inferences are still marked operational.
-- invention_tolerance: moderate
-- attribution_mode: standard
-- completeness_priority: high
-- fidelity_priority: moderate
-
-# Rules
-
-## rule-001: Empty Source Rejection (structural)
-Synthesis from empty or trivially short input cannot produce meaningful governance. The derivation must fail rather than fabricate.
-
-When source_section_count < 1 [state]
-Then synthesis_fidelity *= 0.00
-Collapse: synthesis_fidelity < 0.05
-
-> trigger: Source input contains no sections — nothing to derive from.
-> rule: A world cannot be synthesized from nothing. Empty input must produce a clear failure, not a fabricated world.
-> shift: Derivation halts. No output file is written.
-> effect: Synthesis fidelity set to zero. Derivation rejected.
-
-## rule-002: Sparse Source Warning (degradation)
-Minimal source material limits the quality of derived governance. Output will be structurally thin.
-
-When source_section_count < 3 [state] AND source_token_estimate < 500 [state]
-Then synthesis_fidelity *= 0.50, structural_completeness *= 0.60
-
-> trigger: Source has fewer than 3 sections and under 500 tokens — sparse material.
-> rule: Sparse input yields sparse governance. The model cannot reliably infer structure from fragments.
-> shift: Output quality degrades. State variables and rules will be minimal.
-> effect: Synthesis fidelity reduced to 50%. Structural completeness reduced to 60%.
-
-## rule-003: Concept Vagueness Penalty (degradation)
-Source material with low concept specificity produces invariants and rules that are aspirational rather than structural.
-
-When concept_specificity < 25 [state]
-Then synthesis_fidelity *= 0.60, epistemic_honesty *= 0.70
-
-> trigger: Source concept specificity below 25% — governance concepts are vague.
-> rule: Vague concepts cannot produce structural invariants. The model must either invent specificity or produce unenforceable constraints.
-> shift: Output invariants trend toward aspiration. Rules lack deterministic triggers.
-> effect: Synthesis fidelity reduced to 60%. Epistemic honesty reduced to 70%.
-
-## rule-004: Domain Incoherence Penalty (degradation)
-Source material spanning unrelated domains produces a world with conflicting governance logic.
-
-When domain_coherence < 30 [state]
-Then synthesis_fidelity *= 0.55
-
-> trigger: Domain coherence below 30% — source material is internally contradictory or covers unrelated domains.
-> rule: A single .nv-world.md should govern a coherent domain. Mixed domains produce conflicting rules and meaningless invariants.
-> shift: Output becomes structurally confused. State variables may not relate to each other.
-> effect: Synthesis fidelity reduced to 55%.
-
-## rule-005: Invention Threshold Breach (structural)
-Excessive invention without source basis constitutes fabrication, not derivation.
-
-When invention_ratio > 0.30 [state]
-Then synthesis_fidelity *= 0.30, epistemic_honesty *= 0.40
-Collapse: synthesis_fidelity < 0.05
-
-> trigger: Invention ratio exceeds 30% — more than a third of output has no source basis.
-> rule: Derivation must be grounded. A world that is mostly invented does not represent the user's governance intent.
-> shift: Output crosses from synthesis to hallucination. Fidelity drops below usable threshold.
-> effect: Synthesis fidelity reduced to 30%. Epistemic honesty reduced to 40%.
-
-## rule-006: High Fidelity Source (advantage)
-Rich, specific, coherent source material enables high-quality derivation.
-
-When concept_specificity > 70 [state] AND domain_coherence > 70 [state] AND declared_concept_count > 8 [state]
-Then synthesis_fidelity *= 1.20, structural_completeness *= 1.15
-
-> trigger: High concept specificity, strong domain coherence, and rich concept count.
-> rule: Quality source material produces quality governance. The model has enough structure to derive rather than invent.
-> shift: Output is well-grounded. Most invariants and rules trace directly to source.
-> effect: Synthesis fidelity boosted by 20%. Structural completeness boosted by 15%.
-
-## rule-007: Structural Completeness Gate (degradation)
-A derived world missing critical sections is not usable regardless of quality in present sections.
-
-When structural_completeness < 40 [state]
-Then synthesis_fidelity *= 0.50
-
-> trigger: Structural completeness below 40% — too many required sections are empty or stub.
-> rule: A partial world is not a valid world. Missing sections mean missing governance.
-> shift: The output may parse but cannot function as meaningful governance.
-> effect: Synthesis fidelity reduced to 50%.
-
-## rule-008: Epistemic Honesty Reward (advantage)
-Correct attribution of declared versus inferred constraints makes output trustworthy and auditable.
-
-When epistemic_honesty > 80 [state]
-Then synthesis_fidelity *= 1.10
-
-> trigger: Epistemic honesty above 80% — model correctly attributes constraint origins.
-> rule: Honest attribution makes governance auditable. Users can verify which constraints they declared versus which the model suggested.
-> shift: Output gains trust. Declared constraints can be relied upon; inferred ones can be reviewed.
-> effect: Synthesis fidelity boosted by 10%.
-
-## rule-009: Context Window Overflow Risk (degradation)
-Extremely large source material risks truncation and missed governance concepts.
-
-When source_token_estimate > 100000 [state]
-Then synthesis_fidelity *= 0.75
-
-> trigger: Source material exceeds 100k tokens — likely to be truncated.
-> rule: Truncated input means incomplete synthesis. The model may miss governance concepts that appear late in the concatenation.
-> shift: Output may be partial. Critical sections from later source files may be absent.
-> effect: Synthesis fidelity reduced to 75% due to truncation risk.
-
-## rule-010: Derivation Coherence Reward (advantage)
-Aligned quality metrics across fidelity, honesty, and invention produce a genuine governance document.
-
-When synthesis_fidelity > 0.80 [state] AND epistemic_honesty > 75 [state] AND invention_ratio < 0.15 [state]
-Then synthesis_fidelity *= 1.15
-Collapse: synthesis_fidelity < 0.05
-
-> trigger: Synthesis fidelity above 80%, epistemic honesty above 75%, and invention ratio below 15%.
-> rule: Coherent derivation across all metrics indicates a faithful, usable governance document.
-> shift: The derived world moves from draft to production-quality. Suitable for bootstrap and validation.
-> effect: Synthesis fidelity boosted by 15%. Derivation coherence achieved.
-
-# Gates
-
-- FAITHFUL: synthesis_fidelity >= 0.85
-- USABLE: synthesis_fidelity >= 0.60
-- REVIEWABLE: synthesis_fidelity >= 0.40
-- SUSPECT: synthesis_fidelity > 0.15
-- DERIVATION_REJECTED: synthesis_fidelity <= 0.15
-
-# Outcomes
-
-## synthesis_fidelity
-- type: number
-- range: 0-1
-- display: percentage
-- label: Synthesis Fidelity
-- primary: true
-
-## structural_completeness
-- type: number
-- range: 0-100
-- display: percentage
-- label: Structural Completeness
-
-## epistemic_honesty
-- type: number
-- range: 0-100
-- display: percentage
-- label: Epistemic Honesty
-
-## invention_ratio
-- type: number
-- range: 0-1
-- display: percentage
-- label: Invention Ratio
-- assignment: external
-
-## derivation_status
-- type: enum
-- label: Derivation Status
-- assignment: external