@neuroverseos/governance 0.3.0 → 0.3.1

package/dist/adapters/openai.cjs

@@ -1,1185 +0,0 @@
-"use strict";
-var __create = Object.create;
-var __defProp = Object.defineProperty;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __getProtoOf = Object.getPrototypeOf;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
-};
-var __copyProps = (to, from, except, desc) => {
-  if (from && typeof from === "object" || typeof from === "function") {
-    for (let key of __getOwnPropNames(from))
-      if (!__hasOwnProp.call(to, key) && key !== except)
-        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
-  }
-  return to;
-};
-var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
-  // If the importer is in node compatibility mode or this is not an ESM
-  // file that has been converted to a CommonJS file using a Babel-
-  // compatible transform (i.e. "__esModule" has not been set), then set
-  // "default" to the CommonJS "module.exports" for node compatibility.
-  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
-  mod
-));
-var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
-
-// src/adapters/openai.ts
-var openai_exports = {};
-__export(openai_exports, {
-  GovernanceBlockedError: () => GovernanceBlockedError,
-  GovernedToolExecutor: () => GovernedToolExecutor,
-  createGovernedToolExecutor: () => createGovernedToolExecutor,
-  createGovernedToolExecutorFromWorld: () => createGovernedToolExecutorFromWorld
-});
-module.exports = __toCommonJS(openai_exports);
-
-// src/engine/plan-engine.ts
-function keywordMatch(eventText, step) {
-  const stepText = [
-    step.label,
-    step.description ?? "",
-    ...step.tags ?? []
-  ].join(" ").toLowerCase();
-  const keywords = stepText.split(/\s+/).filter((w) => w.length > 3);
-  if (keywords.length === 0) return false;
-  const matched = keywords.filter((kw) => eventText.includes(kw));
-  return matched.length >= Math.ceil(keywords.length * 0.5);
-}
-function tokenSimilarity(a, b) {
-  const tokensA = new Set(a.toLowerCase().split(/\s+/).filter((w) => w.length > 2));
-  const tokensB = new Set(b.toLowerCase().split(/\s+/).filter((w) => w.length > 2));
-  if (tokensA.size === 0 || tokensB.size === 0) return 0;
-  let intersection = 0;
-  for (const t of tokensA) {
-    if (tokensB.has(t)) intersection++;
-  }
-  const union = (/* @__PURE__ */ new Set([...tokensA, ...tokensB])).size;
-  return union > 0 ? intersection / union : 0;
-}
-function findMatchingStep(eventText, event, steps) {
-  const pendingOrActive = steps.filter((s) => s.status === "pending" || s.status === "active");
-  if (pendingOrActive.length === 0) {
-    return { matched: null, closest: null, closestScore: 0 };
-  }
-  for (const step of pendingOrActive) {
-    if (keywordMatch(eventText, step)) {
-      if (step.tools && event.tool && !step.tools.includes(event.tool)) {
-        continue;
-      }
-      return { matched: step, closest: step, closestScore: 1 };
-    }
-  }
-  const intentText = [event.intent, event.tool ?? "", event.scope ?? ""].join(" ");
-  let bestStep = null;
-  let bestScore = 0;
-  for (const step of pendingOrActive) {
-    const stepText = [step.label, step.description ?? "", ...step.tags ?? []].join(" ");
-    const score = tokenSimilarity(intentText, stepText);
-    if (score > bestScore) {
-      bestScore = score;
-      bestStep = step;
-    }
-  }
-  const SIMILARITY_THRESHOLD = 0.35;
-  if (bestScore >= SIMILARITY_THRESHOLD && bestStep) {
-    if (bestStep.tools && event.tool && !bestStep.tools.includes(event.tool)) {
-      return { matched: null, closest: bestStep, closestScore: bestScore };
-    }
-    return { matched: bestStep, closest: bestStep, closestScore: bestScore };
-  }
-  return { matched: null, closest: bestStep, closestScore: bestScore };
-}
-function isSequenceValid(step, plan) {
-  if (!plan.sequential) return true;
-  if (!step.requires || step.requires.length === 0) return true;
-  return step.requires.every((reqId) => {
-    const reqStep = plan.steps.find((s) => s.id === reqId);
-    return reqStep?.status === "completed";
-  });
-}
-function checkConstraints(event, eventText, constraints) {
-  const checks = [];
-  for (const constraint of constraints) {
-    if (constraint.type === "approval") {
-      if (constraint.trigger && eventText.includes(constraint.trigger.substring(0, 10).toLowerCase())) {
-        checks.push({ constraintId: constraint.id, passed: false, reason: constraint.description });
-        return { violated: constraint, checks };
-      }
-      const keywords = constraint.description.toLowerCase().split(/\s+/).filter((w) => w.length > 3);
-      const relevant = keywords.some((kw) => eventText.includes(kw));
-      if (relevant) {
-        checks.push({ constraintId: constraint.id, passed: false, reason: constraint.description });
-        return { violated: constraint, checks };
-      }
-      checks.push({ constraintId: constraint.id, passed: true });
-      continue;
-    }
-    if (constraint.type === "scope" && constraint.trigger) {
-      const keywords = constraint.trigger.split(/\s+/).filter((w) => w.length > 3);
-      const violated = keywords.length > 0 && keywords.every((kw) => eventText.includes(kw));
-      checks.push({
-        constraintId: constraint.id,
-        passed: !violated,
-        reason: violated ? constraint.description : void 0
-      });
-      if (violated) {
-        return { violated: constraint, checks };
-      }
-      continue;
-    }
-    checks.push({ constraintId: constraint.id, passed: true });
-  }
-  return { violated: null, checks };
-}
-function getPlanProgress(plan) {
-  const completed = plan.steps.filter((s) => s.status === "completed").length;
-  const total = plan.steps.length;
-  return {
-    completed,
-    total,
-    percentage: total > 0 ? Math.round(completed / total * 100) : 0
-  };
-}
-function advancePlan(plan, stepId, evidence) {
-  const step = plan.steps.find((s) => s.id === stepId);
-  if (!step) {
-    return { success: false, reason: `Step "${stepId}" not found in plan.` };
-  }
-  if (step.status === "completed") {
-    return { success: false, reason: `Step "${stepId}" is already completed.` };
-  }
-  const mode = plan.completion ?? "trust";
-  if (mode === "verified" && step.verify) {
-    if (!evidence) {
-      return {
-        success: false,
-        reason: `Step "${step.label}" requires evidence (verify: ${step.verify}). Provide evidence to advance.`
-      };
-    }
-    if (evidence.type !== step.verify) {
-      return {
-        success: false,
-        reason: `Evidence type "${evidence.type}" does not match required verification "${step.verify}".`
-      };
-    }
-  }
-  const updatedPlan = {
-    ...plan,
-    steps: plan.steps.map(
-      (s) => s.id === stepId ? { ...s, status: "completed" } : s
-    )
-  };
-  return {
-    success: true,
-    plan: updatedPlan,
-    evidence: evidence ?? void 0
-  };
-}
-function evaluatePlan(event, plan) {
-  const progress = getPlanProgress(plan);
-  if (plan.expires_at) {
-    const expiresAt = new Date(plan.expires_at).getTime();
-    if (Date.now() > expiresAt) {
-      return {
-        allowed: true,
-        status: "PLAN_COMPLETE",
-        reason: "Plan has expired.",
-        progress
-      };
-    }
-  }
-  if (progress.completed === progress.total) {
-    return {
-      allowed: true,
-      status: "PLAN_COMPLETE",
-      reason: "All plan steps are completed.",
-      progress
-    };
-  }
-  const eventText = [
-    event.intent,
-    event.tool ?? "",
-    event.scope ?? ""
-  ].join(" ").toLowerCase();
-  const { matched, closest, closestScore } = findMatchingStep(eventText, event, plan.steps);
-  if (!matched) {
-    return {
-      allowed: false,
-      status: "OFF_PLAN",
-      reason: "Action does not match any plan step.",
-      closestStep: closest?.label,
-      similarityScore: closestScore,
-      progress
-    };
-  }
-  if (!isSequenceValid(matched, plan)) {
-    const pendingDeps = (matched.requires ?? []).filter((reqId) => plan.steps.find((s) => s.id === reqId)?.status !== "completed").join(", ");
-    return {
-      allowed: false,
-      status: "OFF_PLAN",
-      reason: `Step "${matched.label}" requires completion of: ${pendingDeps}`,
-      matchedStep: matched.id,
-      progress
-    };
-  }
-  const { violated } = checkConstraints(event, eventText, plan.constraints);
-  if (violated) {
-    return {
-      allowed: false,
-      status: "CONSTRAINT_VIOLATED",
-      reason: violated.description,
-      matchedStep: matched.id,
-      progress
-    };
-  }
-  return {
-    allowed: true,
-    status: "ON_PLAN",
-    reason: `Matches step: ${matched.label}`,
-    matchedStep: matched.id,
-    progress
-  };
-}
-function buildPlanCheck(event, plan, verdict) {
-  const eventText = [event.intent, event.tool ?? "", event.scope ?? ""].join(" ").toLowerCase();
-  const { matched, closest, closestScore } = findMatchingStep(eventText, event, plan.steps);
-  const { checks: constraintChecks } = checkConstraints(event, eventText, plan.constraints);
-  const progress = getPlanProgress(plan);
-  return {
-    planId: plan.plan_id,
-    matched: !!matched,
-    matchedStepId: matched?.id,
-    matchedStepLabel: matched?.label,
-    closestStepId: !matched ? closest?.id : void 0,
-    closestStepLabel: !matched ? closest?.label : void 0,
-    similarityScore: !matched ? closestScore : void 0,
-    sequenceValid: matched ? isSequenceValid(matched, plan) : void 0,
-    constraintsChecked: constraintChecks,
-    progress: { completed: progress.completed, total: progress.total }
-  };
-}
-
-// src/engine/guard-engine.ts
-var PROMPT_INJECTION_PATTERNS = [
-  // Instruction override
-  { pattern: /ignore\s+(previous|all|prior|above)\s+(instructions?|rules?)/i, label: "ignore-instructions" },
-  { pattern: /disregard\s+(your|the)\s+(rules|constraints)/i, label: "disregard-rules" },
-  { pattern: /new\s+instructions?:/i, label: "new-instructions" },
-  // Identity manipulation
-  { pattern: /you\s+are\s+now/i, label: "identity-override" },
-  { pattern: /new\s+persona/i, label: "new-persona" },
-  { pattern: /act\s+as\s+if/i, label: "act-as-if" },
-  { pattern: /pretend\s+(you|to\s+be|you\s+are\s+unrestricted)/i, label: "pretend-to-be" },
-  // Context reset
-  { pattern: /forget\s+(everything|all|your)/i, label: "forget-context" },
-  { pattern: /system\s*:\s*override/i, label: "system-override" },
-  // Constraint bypass
-  { pattern: /override\s+(your|the)\s+(programming|constraints)/i, label: "override-constraints" },
-  { pattern: /bypass\s+(your|the)\s+(filters|constraints|rules)/i, label: "bypass-filters" },
-  // Prompt extraction
-  { pattern: /system\s+prompt/i, label: "system-prompt-probe" },
-  { pattern: /reveal\s+your\s+(instructions?|prompt|rules)/i, label: "reveal-instructions" },
-  // Known jailbreak terms
-  { pattern: /jailbreak/i, label: "jailbreak" },
-  { pattern: /DAN\s+mode/i, label: "dan-mode" },
-  { pattern: /developer\s+mode/i, label: "developer-mode" }
-];
-var EXECUTION_CLAIM_PATTERNS = [
-  { pattern: /I have (executed|completed|performed|done|made|created|sent|deleted|modified|updated)/i, label: "claim-i-have" },
-  { pattern: /Successfully (created|deleted|modified|updated|sent|executed|performed)/i, label: "claim-successfully" },
-  { pattern: /The file has been/i, label: "claim-file-modified" },
-  { pattern: /I've made the changes/i, label: "claim-made-changes" },
-  { pattern: /I('ve| have) (sent|posted|submitted|uploaded|downloaded)/i, label: "claim-sent" },
-  { pattern: /Your (email|message|file|request) has been (sent|submitted)/i, label: "claim-your-sent" },
-  { pattern: /Transaction complete/i, label: "claim-transaction" },
-  { pattern: /Order placed/i, label: "claim-order" },
-  { pattern: /Payment processed/i, label: "claim-payment" }
-];
-var EXECUTION_INTENT_PATTERNS = [
-  { pattern: /^(execute|run|perform|do this)/i, label: "intent-execute" },
-  { pattern: /^(create|write|delete|modify) (a |the )?(file|folder|document)/i, label: "intent-file-ops" },
-  { pattern: /^(send|post|submit) (a |an |the )?(email|message|tweet|post)/i, label: "intent-send" },
-  { pattern: /^(search|look up|browse) (the )?web/i, label: "intent-web-search" },
-  { pattern: /^(make|call|invoke) (a |an )?(api|http|rest) (call|request)/i, label: "intent-api-call" },
-  { pattern: /^(buy|purchase|order|pay|transfer|send money)/i, label: "intent-financial" },
-  { pattern: /^(book|schedule|reserve)/i, label: "intent-booking" },
-  { pattern: /^(download|upload|save to|export to)/i, label: "intent-transfer" }
-];
-var SCOPE_ESCAPE_PATTERNS = [
-  { pattern: /\.\.\//, label: "parent-traversal" },
-  { pattern: /^\/(?!home|project|workspace)/i, label: "absolute-path-outside-safe" },
-  { pattern: /~\//, label: "home-directory" },
-  { pattern: /\/etc\//i, label: "system-config" },
-  { pattern: /\/usr\//i, label: "system-binaries" },
-  { pattern: /\/var\//i, label: "system-variable-data" }
-];
-var NEUTRAL_MESSAGES = {
-  "prompt-injection": "This input contains patterns that could alter agent behavior.",
-  "scope-escape": "This action would affect resources outside the declared scope.",
-  "execution-claim": "This response claims to have performed an action.",
-  "execution-intent": "This input requests execution in a thinking-only environment.",
-  "delete": "This action would remove files. Confirmation needed.",
-  "write-external": "This action would write outside the project folder.",
-  "network-mutate": "This action would send data to an external service.",
-  "credential-access": "This action would access stored credentials."
-};
-function levelRequiresConfirmation(level, actionType) {
-  if (level === "strict") return true;
-  if (level === "standard") {
-    return actionType === "delete" || actionType === "credential-access";
-  }
-  return false;
-}
-function isExternalScope(scope) {
-  const internalPatterns = [
-    /^\.?\/?src\//i,
-    /^\.?\/?lib\//i,
-    /^\.?\/?app\//i,
-    /^\.?\/?components\//i,
-    /^\.?\/?pages\//i,
-    /^\.?\/?public\//i,
-    /^\.?\/?assets\//i,
-    /^\.\//
-  ];
-  return !internalPatterns.some((p) => p.test(scope));
-}
-function evaluateGuard(event, world, options = {}) {
-  const startTime = performance.now();
-  const level = options.level ?? "standard";
-  const includeTrace = options.trace ?? false;
-  const eventText = (event.intent + " " + (event.tool ?? "") + " " + (event.scope ?? "")).toLowerCase();
-  const invariantChecks = [];
-  const safetyChecks = [];
-  let planCheckResult;
-  const roleChecks = [];
-  const guardChecks = [];
-  const kernelRuleChecks = [];
-  const levelChecks = [];
-  let decidingLayer = "default-allow";
-  let decidingId;
-  const guardsMatched = [];
-  const rulesMatched = [];
-  checkInvariantCoverage(world, invariantChecks);
-  if (options.sessionAllowlist) {
-    const key = eventToAllowlistKey(event);
-    if (options.sessionAllowlist.has(key)) {
-      decidingLayer = "session-allowlist";
-      decidingId = `allowlist:${key}`;
-      return buildVerdict(
-        "ALLOW",
-        void 0,
-        `allowlist:${key}`,
-        void 0,
-        world,
-        level,
-        invariantChecks,
-        guardsMatched,
-        rulesMatched,
-        includeTrace ? buildTrace(
-          invariantChecks,
-          safetyChecks,
-          planCheckResult,
-          roleChecks,
-          guardChecks,
-          kernelRuleChecks,
-          levelChecks,
-          decidingLayer,
-          decidingId,
-          startTime
-        ) : void 0
-      );
-    }
-  }
-  const safetyVerdict = checkSafety(event, eventText, safetyChecks);
-  if (safetyVerdict) {
-    decidingLayer = "safety";
-    decidingId = safetyVerdict.ruleId;
-    return buildVerdict(
-      safetyVerdict.status,
-      safetyVerdict.reason,
-      safetyVerdict.ruleId,
-      void 0,
-      world,
-      level,
-      invariantChecks,
-      guardsMatched,
-      rulesMatched,
-      includeTrace ? buildTrace(
-        invariantChecks,
-        safetyChecks,
-        planCheckResult,
-        roleChecks,
-        guardChecks,
-        kernelRuleChecks,
-        levelChecks,
-        decidingLayer,
-        decidingId,
-        startTime
-      ) : void 0
-    );
-  }
-  if (options.plan) {
-    const planVerdict = evaluatePlan(event, options.plan);
-    planCheckResult = buildPlanCheck(event, options.plan, planVerdict);
-    if (!planVerdict.allowed && planVerdict.status !== "PLAN_COMPLETE") {
-      decidingLayer = "plan-enforcement";
-      decidingId = `plan-${options.plan.plan_id}`;
-      const planStatus = planVerdict.status === "CONSTRAINT_VIOLATED" ? "PAUSE" : "BLOCK";
-      let reason = planVerdict.reason ?? "Action blocked by plan.";
-      if (planVerdict.status === "OFF_PLAN" && planVerdict.closestStep) {
-        reason += ` Closest step: "${planVerdict.closestStep}" (similarity: ${(planVerdict.similarityScore ?? 0).toFixed(2)})`;
-      }
-      return buildVerdict(
-        planStatus,
-        reason,
-        `plan-${options.plan.plan_id}`,
-        void 0,
-        world,
-        level,
-        invariantChecks,
-        guardsMatched,
-        rulesMatched,
-        includeTrace ? buildTrace(
-          invariantChecks,
-          safetyChecks,
-          planCheckResult,
-          roleChecks,
-          guardChecks,
-          kernelRuleChecks,
-          levelChecks,
-          decidingLayer,
-          decidingId,
-          startTime
-        ) : void 0
-      );
-    }
-  }
-  const roleVerdict = checkRoleRules(event, eventText, world, roleChecks);
-  if (roleVerdict) {
-    decidingLayer = "role";
-    decidingId = roleVerdict.ruleId;
-    return buildVerdict(
-      roleVerdict.status,
-      roleVerdict.reason,
-      roleVerdict.ruleId,
-      void 0,
-      world,
-      level,
-      invariantChecks,
-      guardsMatched,
-      rulesMatched,
-      includeTrace ? buildTrace(
-        invariantChecks,
-        safetyChecks,
-        planCheckResult,
-        roleChecks,
-        guardChecks,
-        kernelRuleChecks,
-        levelChecks,
-        decidingLayer,
-        decidingId,
-        startTime
-      ) : void 0
-    );
-  }
-  const guardVerdict = checkGuards(event, eventText, world, guardChecks, guardsMatched);
-  if (guardVerdict) {
-    if (guardVerdict.status !== "ALLOW") {
-      decidingLayer = "guard";
-      decidingId = guardVerdict.ruleId;
-      return buildVerdict(
-        guardVerdict.status,
-        guardVerdict.reason,
-        guardVerdict.ruleId,
-        void 0,
-        world,
-        level,
-        invariantChecks,
-        guardsMatched,
-        rulesMatched,
-        includeTrace ? buildTrace(
-          invariantChecks,
-          safetyChecks,
-          planCheckResult,
-          roleChecks,
-          guardChecks,
-          kernelRuleChecks,
-          levelChecks,
-          decidingLayer,
-          decidingId,
-          startTime
-        ) : void 0
-      );
-    }
-  }
-  const kernelVerdict = checkKernelRules(eventText, world, kernelRuleChecks, rulesMatched);
-  if (kernelVerdict) {
-    decidingLayer = "kernel-rule";
-    decidingId = kernelVerdict.ruleId;
-    return buildVerdict(
-      kernelVerdict.status,
-      kernelVerdict.reason,
-      kernelVerdict.ruleId,
-      void 0,
-      world,
-      level,
-      invariantChecks,
-      guardsMatched,
-      rulesMatched,
-      includeTrace ? buildTrace(
-        invariantChecks,
-        safetyChecks,
-        planCheckResult,
-        roleChecks,
-        guardChecks,
-        kernelRuleChecks,
-        levelChecks,
-        decidingLayer,
-        decidingId,
-        startTime
-      ) : void 0
-    );
-  }
-  const levelVerdict = checkLevelConstraints(event, level, levelChecks);
-  if (levelVerdict) {
-    decidingLayer = "level-constraint";
-    decidingId = levelVerdict.ruleId;
-    return buildVerdict(
-      levelVerdict.status,
-      levelVerdict.reason,
-      levelVerdict.ruleId,
-      void 0,
-      world,
-      level,
-      invariantChecks,
-      guardsMatched,
-      rulesMatched,
-      includeTrace ? buildTrace(
-        invariantChecks,
-        safetyChecks,
-        planCheckResult,
-        roleChecks,
-        guardChecks,
-        kernelRuleChecks,
-        levelChecks,
-        decidingLayer,
-        decidingId,
-        startTime
-      ) : void 0
-    );
-  }
-  const warning = guardVerdict?.warning;
-  return buildVerdict(
-    "ALLOW",
-    void 0,
-    void 0,
-    warning,
-    world,
-    level,
-    invariantChecks,
-    guardsMatched,
-    rulesMatched,
-    includeTrace ? buildTrace(
-      invariantChecks,
-      safetyChecks,
-      planCheckResult,
-      roleChecks,
-      guardChecks,
-      kernelRuleChecks,
-      levelChecks,
-      decidingLayer,
-      decidingId,
-      startTime
-    ) : void 0
-  );
-}
-function checkInvariantCoverage(world, checks) {
-  const invariants = world.invariants ?? [];
-  const guards = world.guards?.guards ?? [];
-  for (const invariant of invariants) {
-    const coveringGuard = guards.find(
-      (g) => g.invariant_ref === invariant.id && g.immutable
-    );
-    checks.push({
-      invariantId: invariant.id,
-      label: invariant.label,
-      hasGuardCoverage: !!coveringGuard,
-      coveringGuardId: coveringGuard?.id
-    });
-  }
-}
-function checkSafety(event, eventText, checks) {
-  const textToCheck = event.intent + (event.payload ? JSON.stringify(event.payload) : "");
-  for (const { pattern, label } of PROMPT_INJECTION_PATTERNS) {
-    const triggered = pattern.test(textToCheck);
-    checks.push({
-      checkType: "prompt-injection",
-      triggered,
-      matchedPattern: triggered ? label : void 0
-    });
-    if (triggered) {
-      for (const remaining of PROMPT_INJECTION_PATTERNS.filter((p) => p.label !== label)) {
-        checks.push({
-          checkType: "prompt-injection",
-          triggered: remaining.pattern.test(textToCheck),
-          matchedPattern: remaining.pattern.test(textToCheck) ? remaining.label : void 0
-        });
-      }
-      return {
-        status: "PAUSE",
-        reason: NEUTRAL_MESSAGES["prompt-injection"],
-        ruleId: `safety-injection-${label}`
-      };
-    }
-  }
-  const scopeToCheck = event.scope ?? event.intent;
-  for (const { pattern, label } of SCOPE_ESCAPE_PATTERNS) {
-    const triggered = pattern.test(scopeToCheck);
-    checks.push({
-      checkType: "scope-escape",
-      triggered,
-      matchedPattern: triggered ? label : void 0
-    });
-    if (triggered) {
-      for (const remaining of SCOPE_ESCAPE_PATTERNS.filter((p) => p.label !== label)) {
-        checks.push({
-          checkType: "scope-escape",
-          triggered: remaining.pattern.test(scopeToCheck),
-          matchedPattern: remaining.pattern.test(scopeToCheck) ? remaining.label : void 0
-        });
-      }
-      return {
-        status: "PAUSE",
-        reason: NEUTRAL_MESSAGES["scope-escape"],
-        ruleId: `safety-scope-${label}`
-      };
-    }
-  }
-  if (event.direction === "output") {
-    for (const { pattern, label } of EXECUTION_CLAIM_PATTERNS) {
-      const triggered = pattern.test(textToCheck);
-      checks.push({
-        checkType: "execution-claim",
-        triggered,
-        matchedPattern: triggered ? label : void 0
-      });
-      if (triggered) {
-        for (const remaining of EXECUTION_CLAIM_PATTERNS.filter((p) => p.label !== label)) {
-          checks.push({
-            checkType: "execution-claim",
-            triggered: remaining.pattern.test(textToCheck),
-            matchedPattern: remaining.pattern.test(textToCheck) ? remaining.label : void 0
-          });
-        }
-        return {
-          status: "PAUSE",
-          reason: NEUTRAL_MESSAGES["execution-claim"],
-          ruleId: `safety-execution-claim-${label}`
-        };
-      }
-    }
-  }
-  if (event.direction === "input") {
-    const intentTrimmed = event.intent.trim();
-    for (const { pattern, label } of EXECUTION_INTENT_PATTERNS) {
-      const triggered = pattern.test(intentTrimmed);
-      checks.push({
-        checkType: "execution-intent",
-        triggered,
-        matchedPattern: triggered ? label : void 0
-      });
-      if (triggered) {
-        for (const remaining of EXECUTION_INTENT_PATTERNS.filter((p) => p.label !== label)) {
-          checks.push({
-            checkType: "execution-intent",
-            triggered: remaining.pattern.test(intentTrimmed),
-            matchedPattern: remaining.pattern.test(intentTrimmed) ? remaining.label : void 0
-          });
-        }
-        return {
-          status: "PAUSE",
-          reason: NEUTRAL_MESSAGES["execution-intent"],
-          ruleId: `safety-execution-intent-${label}`
-        };
-      }
-    }
-  }
-  return null;
-}
-function checkRoleRules(event, eventText, world, checks) {
-  if (!event.roleId || !world.roles) return null;
-  const role = world.roles.roles.find((r) => r.id === event.roleId);
-  if (!role) return null;
-  if (role.requiresApproval) {
-    checks.push({
-      roleId: role.id,
-      roleName: role.name,
-      rule: "All actions require approval",
-      ruleType: "requiresApproval",
-      matched: true
-    });
-    return {
-      status: "PAUSE",
-      reason: `Role "${role.name}" requires approval for all actions.`,
-      ruleId: `role-${role.id}-requires-approval`
-    };
-  }
-  for (const rule of role.cannotDo) {
-    const matched = matchesKeywords(eventText, rule);
-    checks.push({
-      roleId: role.id,
-      roleName: role.name,
-      rule,
-      ruleType: "cannotDo",
-      matched
-    });
-    if (matched) {
-      return {
-        status: "BLOCK",
-        reason: `Role "${role.name}" cannot: ${rule}`,
-        ruleId: `role-${role.id}-cannotdo`
-      };
-    }
-  }
-  for (const rule of role.canDo) {
-    checks.push({
-      roleId: role.id,
-      roleName: role.name,
-      rule,
-      ruleType: "canDo",
-      matched: matchesKeywords(eventText, rule)
-    });
-  }
-  return null;
-}
-function checkGuards(event, eventText, world, checks, guardsMatched) {
-  if (!world.guards) return null;
-  const guardsConfig = world.guards;
-  let warnResult = null;
-  const compiledPatterns = /* @__PURE__ */ new Map();
-  for (const [key, def] of Object.entries(guardsConfig.intent_vocabulary)) {
-    try {
-      compiledPatterns.set(key, new RegExp(def.pattern, "i"));
-    } catch {
-    }
-  }
-  const eventTool = (event.tool ?? "").toLowerCase();
-  for (const guard of guardsConfig.guards) {
-    if (guard.appliesTo && guard.appliesTo.length > 0) {
-      const normalizedAppliesTo = guard.appliesTo.map((t) => t.toLowerCase());
-      if (!normalizedAppliesTo.includes(eventTool)) {
-        continue;
-      }
-    }
-    const enabled = guard.immutable || guard.default_enabled !== false;
-    const matchedPatterns = [];
-    for (const patternKey of guard.intent_patterns) {
-      const regex = compiledPatterns.get(patternKey);
-      if (regex?.test(eventText)) {
-        matchedPatterns.push(patternKey);
-      }
-    }
-    const matched = matchedPatterns.length > 0 && enabled;
-    let roleGated = false;
-    if (matched && guard.required_roles && guard.required_roles.length > 0 && event.roleId && guard.required_roles.includes(event.roleId)) {
-      roleGated = true;
-    }
-    checks.push({
-      guardId: guard.id,
-      label: guard.label,
-      category: guard.category,
-      enabled,
-      matched: matched && !roleGated,
-      enforcement: guard.enforcement,
-      matchedPatterns,
-      roleGated
-    });
-    if (!matched || roleGated) continue;
-    guardsMatched.push(guard.id);
-    const actionMode = guard.player_modes?.action ?? guard.enforcement;
-    const reason = guard.redirect ? `${guard.description} \u2014 ${guard.redirect}` : guard.description;
-    if (actionMode === "block") {
-      return { status: "BLOCK", reason, ruleId: `guard-${guard.id}` };
-    }
-    if (actionMode === "pause") {
-      return { status: "PAUSE", reason, ruleId: `guard-${guard.id}` };
-    }
-    if (actionMode === "warn" && !warnResult) {
-      warnResult = { status: "ALLOW", warning: reason, ruleId: `guard-${guard.id}` };
-    }
-  }
-  return warnResult;
-}
-function checkKernelRules(eventText, world, checks, rulesMatched) {
-  if (!world.kernel) return null;
-  const forbidden = world.kernel.input_boundaries?.forbidden_patterns ?? [];
-  const output = world.kernel.output_boundaries?.forbidden_patterns ?? [];
-  for (const rule of forbidden) {
-    let matched = false;
-    let matchMethod = "none";
-    if (rule.pattern) {
-      try {
-        matched = new RegExp(rule.pattern, "i").test(eventText);
-        matchMethod = "pattern";
-      } catch {
-      }
-    }
-    if (!matched && rule.reason) {
-      matched = matchesKeywords(eventText, rule.reason);
-      if (matched) matchMethod = "keyword";
-    }
-    checks.push({
-      ruleId: rule.id,
-      text: rule.reason,
-      category: "forbidden",
-      matched,
-      matchMethod
-    });
-    if (matched) {
-      rulesMatched.push(rule.id);
-      if (rule.action === "BLOCK") {
-        return {
-          status: "BLOCK",
-          reason: rule.reason,
-          ruleId: `kernel-${rule.id}`
-        };
-      }
-    }
-  }
-  return null;
-}
-function checkLevelConstraints(event, level, checks) {
-  if (level === "basic") return null;
-  const intent = event.intent.toLowerCase();
-  const tool = (event.tool ?? "").toLowerCase();
-  const isDelete = intent.includes("delete") || intent.includes("remove") || intent.includes("rm ") || tool === "delete";
-  const deleteTriggered = isDelete && levelRequiresConfirmation(level, "delete");
-  checks.push({
-    checkType: "delete",
-    level,
-    triggered: deleteTriggered,
-    reason: deleteTriggered ? NEUTRAL_MESSAGES["delete"] : void 0
-  });
-  if (deleteTriggered) {
-    return { status: "PAUSE", reason: NEUTRAL_MESSAGES["delete"], ruleId: "level-delete-check" };
-  }
-  const isExternal = event.scope ? isExternalScope(event.scope) : false;
-  const externalTriggered = isExternal && levelRequiresConfirmation(level, "write-external");
-  checks.push({
-    checkType: "write-external",
-    level,
-    triggered: externalTriggered,
-    reason: externalTriggered ? NEUTRAL_MESSAGES["write-external"] : void 0
-  });
-  if (externalTriggered) {
-    return { status: "PAUSE", reason: NEUTRAL_MESSAGES["write-external"], ruleId: "level-external-write-check" };
-  }
-  const isNetwork = tool === "http" || tool === "fetch" || tool === "request" || intent.includes("post ") || intent.includes("sending");
-  const networkTriggered = isNetwork && levelRequiresConfirmation(level, "network-mutate");
-  checks.push({
-    checkType: "network-mutate",
-    level,
-    triggered: networkTriggered,
-    reason: networkTriggered ? NEUTRAL_MESSAGES["network-mutate"] : void 0
-  });
-  if (networkTriggered) {
-    return { status: "PAUSE", reason: NEUTRAL_MESSAGES["network-mutate"], ruleId: "level-network-mutate-check" };
-  }
-  const isCredential = intent.includes("credential") || intent.includes("password") || intent.includes("secret") || intent.includes("api key") || intent.includes("token");
-  const credentialTriggered = isCredential && levelRequiresConfirmation(level, "credential-access");
-  checks.push({
-    checkType: "credential-access",
-    level,
-    triggered: credentialTriggered,
-    reason: credentialTriggered ? NEUTRAL_MESSAGES["credential-access"] : void 0
-  });
-  if (credentialTriggered) {
-    return { status: "PAUSE", reason: NEUTRAL_MESSAGES["credential-access"], ruleId: "level-credential-check" };
-  }
-  const irreversibleTriggered = !!event.irreversible && level !== "basic";
-  checks.push({
-    checkType: "irreversible",
-    level,
-    triggered: irreversibleTriggered,
-    reason: irreversibleTriggered ? "This action is marked as irreversible." : void 0
-  });
-  if (irreversibleTriggered) {
-    return {
-      status: "PAUSE",
-      reason: "This action is marked as irreversible.",
-      ruleId: "level-irreversible-check"
-    };
-  }
-  return null;
-}
-function matchesKeywords(eventText, ruleText) {
-  const keywords = ruleText.toLowerCase().split(/\s+/).filter((w) => w.length > 3);
-  if (keywords.length === 0) return false;
-  return keywords.every((kw) => eventText.includes(kw));
-}
-function eventToAllowlistKey(event) {
-  return `${(event.tool ?? "*").toLowerCase()}::${event.intent.toLowerCase().trim()}`;
-}
-function buildTrace(invariantChecks, safetyChecks, planCheck, roleChecks, guardChecks, kernelRuleChecks, levelChecks, decidingLayer, decidingId, startTime) {
-  const trace = {
-    invariantChecks,
-    safetyChecks,
-    roleChecks,
-    guardChecks,
-    kernelRuleChecks,
-    levelChecks,
-    precedenceResolution: {
-      decidingLayer,
-      decidingId,
-      strategy: "first-match-wins",
-      chainOrder: [
-        "invariant-coverage",
-        "session-allowlist",
-        "safety-injection",
-        "safety-scope-escape",
-        "safety-execution-claim",
-        "safety-execution-intent",
-        "plan-enforcement",
-        "role-rules",
-        "declarative-guards",
-        "kernel-rules",
-        "level-constraints",
-        "default-allow"
-      ]
-    },
-    durationMs: performance.now() - startTime
-  };
-  if (planCheck) {
-    trace.planCheck = planCheck;
-  }
-  return trace;
-}
-function buildVerdict(status, reason, ruleId, warning, world, level, invariantChecks, guardsMatched, rulesMatched, trace) {
-  const evidence = {
-    worldId: world.world.world_id,
-    worldName: world.world.name,
-    worldVersion: world.world.version,
-    evaluatedAt: Date.now(),
-    invariantsSatisfied: invariantChecks.filter((c) => c.hasGuardCoverage).length,
-    invariantsTotal: invariantChecks.length,
-    guardsMatched,
-    rulesMatched,
-    enforcementLevel: level
-  };
-  const verdict = {
-    status,
-    evidence
-  };
-  if (reason) verdict.reason = reason;
-  if (ruleId) verdict.ruleId = ruleId;
-  if (warning) verdict.warning = warning;
-  if (trace) verdict.trace = trace;
-  return verdict;
-}
-
-// src/loader/world-loader.ts
-async function loadWorldFromDirectory(dirPath) {
-  const { readFile } = await import("fs/promises");
-  const { join } = await import("path");
-  const { readdirSync } = await import("fs");
-  async function readJson(filename) {
-    try {
-      const content = await readFile(join(dirPath, filename), "utf-8");
-      return JSON.parse(content);
-    } catch {
-      return void 0;
-    }
-  }
-  const worldJson = await readJson("world.json");
-  if (!worldJson) {
-    throw new Error(`Cannot read world.json in ${dirPath}`);
-  }
-  const invariantsJson = await readJson("invariants.json");
-  const assumptionsJson = await readJson("assumptions.json");
-  const stateSchemaJson = await readJson("state-schema.json");
-  const gatesJson = await readJson("gates.json");
-  const outcomesJson = await readJson("outcomes.json");
-  const guardsJson = await readJson("guards.json");
-  const rolesJson = await readJson("roles.json");
-  const kernelJson = await readJson("kernel.json");
-  const metadataJson = await readJson("metadata.json");
-  const rules = [];
-  try {
-    const rulesDir = join(dirPath, "rules");
-    const ruleFiles = readdirSync(rulesDir).filter((f) => f.endsWith(".json")).sort();
-    for (const file of ruleFiles) {
-      const content = await readFile(join(rulesDir, file), "utf-8");
-      rules.push(JSON.parse(content));
-    }
-  } catch {
-  }
-  return {
-    world: worldJson,
-    invariants: invariantsJson?.invariants ?? [],
-    assumptions: assumptionsJson ?? { profiles: {}, parameter_definitions: {} },
-    stateSchema: stateSchemaJson ?? { variables: {}, presets: {} },
-    rules,
-    gates: gatesJson ?? {
-      viability_classification: [],
-      structural_override: { description: "", enforcement: "mandatory" },
-      sustainability_threshold: 0,
-      collapse_visual: { background: "", text: "", border: "", label: "" }
-    },
-    outcomes: outcomesJson ?? {
-      computed_outcomes: [],
-      comparison_layout: { primary_card: "", status_badge: "", structural_indicators: [] }
-    },
-    guards: guardsJson,
-    roles: rolesJson,
-    kernel: kernelJson,
-    metadata: metadataJson ?? {
-      format_version: "1.0.0",
-      created_at: "",
-      last_modified: "",
-      authoring_method: "manual-authoring"
-    }
-  };
-}
-async function loadWorld(worldPath) {
-  const { stat } = await import("fs/promises");
-  const info = await stat(worldPath);
-  if (info.isDirectory()) {
-    return loadWorldFromDirectory(worldPath);
-  }
-  if (worldPath.endsWith(".nv-world.zip")) {
-    throw new Error(".nv-world.zip loading not yet implemented \u2014 use a world directory");
-  }
-  throw new Error(`Cannot load world from: ${worldPath} \u2014 expected a directory or .nv-world.zip`);
-}
-
-// src/adapters/openai.ts
-var GovernanceBlockedError = class extends Error {
-  verdict;
-  toolCallId;
-  constructor(verdict, toolCallId) {
-    super(`[NeuroVerse] BLOCKED: ${verdict.reason ?? verdict.ruleId ?? "governance rule"}`);
-    this.name = "GovernanceBlockedError";
-    this.verdict = verdict;
-    this.toolCallId = toolCallId;
-  }
-};
-function defaultMapFunctionCall(name, args) {
-  return {
-    intent: name,
-    tool: name,
-    scope: typeof args.path === "string" ? args.path : typeof args.url === "string" ? args.url : void 0,
-    args,
-    direction: "input"
-  };
-}
-function defaultBlockMessage(verdict) {
-  return `Action blocked by governance policy: ${verdict.reason ?? "rule violation"}. Rule: ${verdict.ruleId ?? "unknown"}.`;
-}
-var GovernedToolExecutor = class {
-  world;
-  options;
-  engineOptions;
-  mapFn;
-  blockMsg;
-  activePlan;
-  constructor(world, options = {}) {
-    this.world = world;
-    this.options = options;
-    this.activePlan = options.plan;
-    this.engineOptions = {
-      trace: options.trace ?? false,
-      level: options.level,
-      plan: this.activePlan
-    };
-    this.mapFn = options.mapFunctionCall ?? defaultMapFunctionCall;
-    this.blockMsg = options.blockMessage ?? defaultBlockMessage;
-  }
-  /**
-   * Evaluate a single tool call against governance rules.
-   * Returns the verdict without executing the tool.
-   */
-  evaluate(toolCall) {
-    let args;
-    try {
-      args = JSON.parse(toolCall.function.arguments);
-    } catch {
-      args = { raw: toolCall.function.arguments };
-    }
-    const event = this.mapFn(toolCall.function.name, args);
-    this.engineOptions.plan = this.activePlan;
-    const verdict = evaluateGuard(event, this.world, this.engineOptions);
-    this.options.onEvaluate?.(verdict, event);
-    if (verdict.status === "ALLOW" && this.activePlan) {
-      const planVerdict = evaluatePlan(event, this.activePlan);
-      if (planVerdict.matchedStep) {
-        const advResult = advancePlan(this.activePlan, planVerdict.matchedStep);
-        if (advResult.success && advResult.plan) {
-          this.activePlan = advResult.plan;
-          this.engineOptions.plan = this.activePlan;
-        }
-        const progress = getPlanProgress(this.activePlan);
-        this.options.onPlanProgress?.(progress);
-        if (progress.completed === progress.total) {
-          this.options.onPlanComplete?.();
-        }
-      }
-    }
-    return verdict;
-  }
-  /**
-   * Execute a tool call with governance enforcement.
-   *
-   * If ALLOW: runs the tool and returns the result.
-   * If BLOCK: returns a blocked message (no execution).
-   * If PAUSE: throws — caller must handle approval flow.
-   *
-   * @param toolCall - The OpenAI tool call to evaluate
-   * @param runner - The actual tool execution function
-   * @returns A tool result message ready for the OpenAI API
-   */
-  async execute(toolCall, runner) {
-    const verdict = this.evaluate(toolCall);
-    if (verdict.status === "BLOCK") {
-      return {
-        tool_call_id: toolCall.id,
-        role: "tool",
-        content: this.blockMsg(verdict),
-        _verdict: verdict
-      };
-    }
-    if (verdict.status === "PAUSE") {
-      throw new GovernanceBlockedError(verdict, toolCall.id);
-    }
-    let args;
-    try {
-      args = JSON.parse(toolCall.function.arguments);
-    } catch {
-      args = { raw: toolCall.function.arguments };
-    }
-    const content = await runner(toolCall.function.name, args);
-    return {
-      tool_call_id: toolCall.id,
-      role: "tool",
-      content,
-      _verdict: verdict
-    };
-  }
-};
-async function createGovernedToolExecutor(worldPath, options) {
-  const world = await loadWorld(worldPath);
-  return new GovernedToolExecutor(world, options);
-}
-function createGovernedToolExecutorFromWorld(world, options) {
-  return new GovernedToolExecutor(world, options);
-}
-// Annotate the CommonJS export names for ESM import in node:
-0 && (module.exports = {
-  GovernanceBlockedError,
-  GovernedToolExecutor,
-  createGovernedToolExecutor,
-  createGovernedToolExecutorFromWorld
-});