@neuroverseos/governance 0.3.0 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (105) hide show
  1. package/README.md +20 -0
  2. package/package.json +16 -3
  3. package/policies/content-moderation-rules.txt +8 -0
  4. package/policies/marketing-rules.txt +8 -0
  5. package/policies/science-research-rules.txt +11 -0
  6. package/policies/social-media-rules.txt +7 -0
  7. package/policies/strict-rules.txt +8 -0
  8. package/policies/trading-rules.txt +8 -0
  9. package/simulate.html +1899 -0
  10. package/dist/adapters/autoresearch.cjs +0 -196
  11. package/dist/adapters/autoresearch.d.cts +0 -103
  12. package/dist/adapters/autoresearch.d.ts +0 -103
  13. package/dist/adapters/autoresearch.js +0 -7
  14. package/dist/adapters/express.cjs +0 -1114
  15. package/dist/adapters/express.d.cts +0 -66
  16. package/dist/adapters/express.d.ts +0 -66
  17. package/dist/adapters/express.js +0 -12
  18. package/dist/adapters/index.cjs +0 -1669
  19. package/dist/adapters/index.d.cts +0 -6
  20. package/dist/adapters/index.d.ts +0 -6
  21. package/dist/adapters/index.js +0 -46
  22. package/dist/adapters/langchain.cjs +0 -1155
  23. package/dist/adapters/langchain.d.cts +0 -89
  24. package/dist/adapters/langchain.d.ts +0 -89
  25. package/dist/adapters/langchain.js +0 -16
  26. package/dist/adapters/openai.cjs +0 -1185
  27. package/dist/adapters/openai.d.cts +0 -99
  28. package/dist/adapters/openai.d.ts +0 -99
  29. package/dist/adapters/openai.js +0 -16
  30. package/dist/adapters/openclaw.cjs +0 -1177
  31. package/dist/adapters/openclaw.d.cts +0 -99
  32. package/dist/adapters/openclaw.d.ts +0 -99
  33. package/dist/adapters/openclaw.js +0 -16
  34. package/dist/bootstrap-GXVDZNF7.js +0 -114
  35. package/dist/build-P42YFKQV.js +0 -339
  36. package/dist/chunk-2NICNKOM.js +0 -100
  37. package/dist/chunk-2PQU3VAN.js +0 -131
  38. package/dist/chunk-4A7LISES.js +0 -324
  39. package/dist/chunk-4JRYGIO7.js +0 -727
  40. package/dist/chunk-4NGDRRQH.js +0 -10
  41. package/dist/chunk-4QXB6PEO.js +0 -232
  42. package/dist/chunk-6CZSKEY5.js +0 -164
  43. package/dist/chunk-7P3S7MAY.js +0 -1090
  44. package/dist/chunk-A5W4GNQO.js +0 -130
  45. package/dist/chunk-AKW5YVCE.js +0 -96
  46. package/dist/chunk-BUWWN2NX.js +0 -192
  47. package/dist/chunk-COT5XS4V.js +0 -109
  48. package/dist/chunk-ER62HNGF.js +0 -139
  49. package/dist/chunk-FYS2CBUW.js +0 -304
  50. package/dist/chunk-GR6DGCZ2.js +0 -340
  51. package/dist/chunk-I3RRAYK2.js +0 -11
  52. package/dist/chunk-JZPQGIKR.js +0 -79
  53. package/dist/chunk-MWDQ4MJB.js +0 -11
  54. package/dist/chunk-NF5POFCI.js +0 -622
  55. package/dist/chunk-OGL7QXZS.js +0 -608
  56. package/dist/chunk-OT6PXH54.js +0 -61
  57. package/dist/chunk-PDOZHZWL.js +0 -225
  58. package/dist/chunk-Q6O7ZLO2.js +0 -62
  59. package/dist/chunk-QPASI2BR.js +0 -187
  60. package/dist/chunk-T5EUJQE5.js +0 -172
  61. package/dist/chunk-XPDMYECO.js +0 -642
  62. package/dist/chunk-YZFATT7X.js +0 -9
  63. package/dist/cli/neuroverse.cjs +0 -11448
  64. package/dist/cli/neuroverse.d.cts +0 -1
  65. package/dist/cli/neuroverse.d.ts +0 -1
  66. package/dist/cli/neuroverse.js +0 -196
  67. package/dist/cli/plan.cjs +0 -1599
  68. package/dist/cli/plan.d.cts +0 -20
  69. package/dist/cli/plan.d.ts +0 -20
  70. package/dist/cli/plan.js +0 -361
  71. package/dist/cli/run.cjs +0 -1746
  72. package/dist/cli/run.d.cts +0 -20
  73. package/dist/cli/run.d.ts +0 -20
  74. package/dist/cli/run.js +0 -143
  75. package/dist/configure-ai-TK67ZWZL.js +0 -132
  76. package/dist/derive-TLIV4OOU.js +0 -152
  77. package/dist/doctor-XPDLEYXN.js +0 -171
  78. package/dist/explain-IDCRWMPX.js +0 -70
  79. package/dist/guard-RV65TT4L.js +0 -96
  80. package/dist/guard-contract-WZx__PmU.d.cts +0 -709
  81. package/dist/guard-contract-WZx__PmU.d.ts +0 -709
  82. package/dist/guard-engine-JLTUARGU.js +0 -10
  83. package/dist/impact-XPECYRLH.js +0 -59
  84. package/dist/improve-GPUBKTEA.js +0 -85
  85. package/dist/index.cjs +0 -6273
  86. package/dist/index.d.cts +0 -1616
  87. package/dist/index.d.ts +0 -1616
  88. package/dist/index.js +0 -379
  89. package/dist/infer-world-7GVZWFX4.js +0 -543
  90. package/dist/init-PKPIYHYE.js +0 -144
  91. package/dist/init-world-VWMQZQC7.js +0 -223
  92. package/dist/mcp-server-FPVSU32Z.js +0 -13
  93. package/dist/model-adapter-BB7G4MFI.js +0 -11
  94. package/dist/playground-E664U4T6.js +0 -550
  95. package/dist/redteam-Z7WREJ44.js +0 -357
  96. package/dist/session-EKTRSR7C.js +0 -14
  97. package/dist/simulate-VDOYQFRO.js +0 -108
  98. package/dist/test-OGXJK4QU.js +0 -217
  99. package/dist/trace-JVF67VR3.js +0 -166
  100. package/dist/validate-LLBWVPGV.js +0 -81
  101. package/dist/validate-engine-UIABSIHD.js +0 -7
  102. package/dist/world-LAXO6DOX.js +0 -378
  103. package/dist/world-loader-HMPTOEA2.js +0 -9
  104. package/dist/worlds/autoresearch.nv-world.md +0 -230
  105. package/dist/worlds/derivation-world.nv-world.md +0 -278
@@ -1,1669 +0,0 @@
1
- "use strict";
2
- var __create = Object.create;
3
- var __defProp = Object.defineProperty;
4
- var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
5
- var __getOwnPropNames = Object.getOwnPropertyNames;
6
- var __getProtoOf = Object.getPrototypeOf;
7
- var __hasOwnProp = Object.prototype.hasOwnProperty;
8
- var __export = (target, all) => {
9
- for (var name in all)
10
- __defProp(target, name, { get: all[name], enumerable: true });
11
- };
12
- var __copyProps = (to, from, except, desc) => {
13
- if (from && typeof from === "object" || typeof from === "function") {
14
- for (let key of __getOwnPropNames(from))
15
- if (!__hasOwnProp.call(to, key) && key !== except)
16
- __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
17
- }
18
- return to;
19
- };
20
- var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
21
- // If the importer is in node compatibility mode or this is not an ESM
22
- // file that has been converted to a CommonJS file using a Babel-
23
- // compatible transform (i.e. "__esModule" has not been set), then set
24
- // "default" to the CommonJS "module.exports" for node compatibility.
25
- isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
26
- mod
27
- ));
28
- var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
29
-
30
- // src/adapters/index.ts
31
- var adapters_exports = {};
32
- __export(adapters_exports, {
33
- AutoresearchGovernor: () => AutoresearchGovernor,
34
- GovernedToolExecutor: () => GovernedToolExecutor,
35
- LangChainGovernanceBlockedError: () => GovernanceBlockedError,
36
- NeuroVerseCallbackHandler: () => NeuroVerseCallbackHandler,
37
- NeuroVersePlugin: () => NeuroVersePlugin,
38
- OpenAIGovernanceBlockedError: () => GovernanceBlockedError2,
39
- OpenClawGovernanceBlockedError: () => GovernanceBlockedError3,
40
- createGovernanceMiddleware: () => createGovernanceMiddleware,
41
- createGovernanceMiddlewareFromWorld: () => createGovernanceMiddlewareFromWorld,
42
- createGovernedToolExecutor: () => createGovernedToolExecutor,
43
- createGovernedToolExecutorFromWorld: () => createGovernedToolExecutorFromWorld,
44
- createNeuroVerseCallbackHandler: () => createNeuroVerseCallbackHandler,
45
- createNeuroVerseCallbackHandlerFromWorld: () => createNeuroVerseCallbackHandlerFromWorld,
46
- createNeuroVersePlugin: () => createNeuroVersePlugin,
47
- createNeuroVersePluginFromWorld: () => createNeuroVersePluginFromWorld
48
- });
49
- module.exports = __toCommonJS(adapters_exports);
50
-
51
- // src/engine/plan-engine.ts
52
- function keywordMatch(eventText, step) {
53
- const stepText = [
54
- step.label,
55
- step.description ?? "",
56
- ...step.tags ?? []
57
- ].join(" ").toLowerCase();
58
- const keywords = stepText.split(/\s+/).filter((w) => w.length > 3);
59
- if (keywords.length === 0) return false;
60
- const matched = keywords.filter((kw) => eventText.includes(kw));
61
- return matched.length >= Math.ceil(keywords.length * 0.5);
62
- }
63
- function tokenSimilarity(a, b) {
64
- const tokensA = new Set(a.toLowerCase().split(/\s+/).filter((w) => w.length > 2));
65
- const tokensB = new Set(b.toLowerCase().split(/\s+/).filter((w) => w.length > 2));
66
- if (tokensA.size === 0 || tokensB.size === 0) return 0;
67
- let intersection = 0;
68
- for (const t of tokensA) {
69
- if (tokensB.has(t)) intersection++;
70
- }
71
- const union = (/* @__PURE__ */ new Set([...tokensA, ...tokensB])).size;
72
- return union > 0 ? intersection / union : 0;
73
- }
74
- function findMatchingStep(eventText, event, steps) {
75
- const pendingOrActive = steps.filter((s) => s.status === "pending" || s.status === "active");
76
- if (pendingOrActive.length === 0) {
77
- return { matched: null, closest: null, closestScore: 0 };
78
- }
79
- for (const step of pendingOrActive) {
80
- if (keywordMatch(eventText, step)) {
81
- if (step.tools && event.tool && !step.tools.includes(event.tool)) {
82
- continue;
83
- }
84
- return { matched: step, closest: step, closestScore: 1 };
85
- }
86
- }
87
- const intentText = [event.intent, event.tool ?? "", event.scope ?? ""].join(" ");
88
- let bestStep = null;
89
- let bestScore = 0;
90
- for (const step of pendingOrActive) {
91
- const stepText = [step.label, step.description ?? "", ...step.tags ?? []].join(" ");
92
- const score = tokenSimilarity(intentText, stepText);
93
- if (score > bestScore) {
94
- bestScore = score;
95
- bestStep = step;
96
- }
97
- }
98
- const SIMILARITY_THRESHOLD = 0.35;
99
- if (bestScore >= SIMILARITY_THRESHOLD && bestStep) {
100
- if (bestStep.tools && event.tool && !bestStep.tools.includes(event.tool)) {
101
- return { matched: null, closest: bestStep, closestScore: bestScore };
102
- }
103
- return { matched: bestStep, closest: bestStep, closestScore: bestScore };
104
- }
105
- return { matched: null, closest: bestStep, closestScore: bestScore };
106
- }
107
- function isSequenceValid(step, plan) {
108
- if (!plan.sequential) return true;
109
- if (!step.requires || step.requires.length === 0) return true;
110
- return step.requires.every((reqId) => {
111
- const reqStep = plan.steps.find((s) => s.id === reqId);
112
- return reqStep?.status === "completed";
113
- });
114
- }
115
- function checkConstraints(event, eventText, constraints) {
116
- const checks = [];
117
- for (const constraint of constraints) {
118
- if (constraint.type === "approval") {
119
- if (constraint.trigger && eventText.includes(constraint.trigger.substring(0, 10).toLowerCase())) {
120
- checks.push({ constraintId: constraint.id, passed: false, reason: constraint.description });
121
- return { violated: constraint, checks };
122
- }
123
- const keywords = constraint.description.toLowerCase().split(/\s+/).filter((w) => w.length > 3);
124
- const relevant = keywords.some((kw) => eventText.includes(kw));
125
- if (relevant) {
126
- checks.push({ constraintId: constraint.id, passed: false, reason: constraint.description });
127
- return { violated: constraint, checks };
128
- }
129
- checks.push({ constraintId: constraint.id, passed: true });
130
- continue;
131
- }
132
- if (constraint.type === "scope" && constraint.trigger) {
133
- const keywords = constraint.trigger.split(/\s+/).filter((w) => w.length > 3);
134
- const violated = keywords.length > 0 && keywords.every((kw) => eventText.includes(kw));
135
- checks.push({
136
- constraintId: constraint.id,
137
- passed: !violated,
138
- reason: violated ? constraint.description : void 0
139
- });
140
- if (violated) {
141
- return { violated: constraint, checks };
142
- }
143
- continue;
144
- }
145
- checks.push({ constraintId: constraint.id, passed: true });
146
- }
147
- return { violated: null, checks };
148
- }
149
- function getPlanProgress(plan) {
150
- const completed = plan.steps.filter((s) => s.status === "completed").length;
151
- const total = plan.steps.length;
152
- return {
153
- completed,
154
- total,
155
- percentage: total > 0 ? Math.round(completed / total * 100) : 0
156
- };
157
- }
158
- function advancePlan(plan, stepId, evidence) {
159
- const step = plan.steps.find((s) => s.id === stepId);
160
- if (!step) {
161
- return { success: false, reason: `Step "${stepId}" not found in plan.` };
162
- }
163
- if (step.status === "completed") {
164
- return { success: false, reason: `Step "${stepId}" is already completed.` };
165
- }
166
- const mode = plan.completion ?? "trust";
167
- if (mode === "verified" && step.verify) {
168
- if (!evidence) {
169
- return {
170
- success: false,
171
- reason: `Step "${step.label}" requires evidence (verify: ${step.verify}). Provide evidence to advance.`
172
- };
173
- }
174
- if (evidence.type !== step.verify) {
175
- return {
176
- success: false,
177
- reason: `Evidence type "${evidence.type}" does not match required verification "${step.verify}".`
178
- };
179
- }
180
- }
181
- const updatedPlan = {
182
- ...plan,
183
- steps: plan.steps.map(
184
- (s) => s.id === stepId ? { ...s, status: "completed" } : s
185
- )
186
- };
187
- return {
188
- success: true,
189
- plan: updatedPlan,
190
- evidence: evidence ?? void 0
191
- };
192
- }
193
- function evaluatePlan(event, plan) {
194
- const progress = getPlanProgress(plan);
195
- if (plan.expires_at) {
196
- const expiresAt = new Date(plan.expires_at).getTime();
197
- if (Date.now() > expiresAt) {
198
- return {
199
- allowed: true,
200
- status: "PLAN_COMPLETE",
201
- reason: "Plan has expired.",
202
- progress
203
- };
204
- }
205
- }
206
- if (progress.completed === progress.total) {
207
- return {
208
- allowed: true,
209
- status: "PLAN_COMPLETE",
210
- reason: "All plan steps are completed.",
211
- progress
212
- };
213
- }
214
- const eventText = [
215
- event.intent,
216
- event.tool ?? "",
217
- event.scope ?? ""
218
- ].join(" ").toLowerCase();
219
- const { matched, closest, closestScore } = findMatchingStep(eventText, event, plan.steps);
220
- if (!matched) {
221
- return {
222
- allowed: false,
223
- status: "OFF_PLAN",
224
- reason: "Action does not match any plan step.",
225
- closestStep: closest?.label,
226
- similarityScore: closestScore,
227
- progress
228
- };
229
- }
230
- if (!isSequenceValid(matched, plan)) {
231
- const pendingDeps = (matched.requires ?? []).filter((reqId) => plan.steps.find((s) => s.id === reqId)?.status !== "completed").join(", ");
232
- return {
233
- allowed: false,
234
- status: "OFF_PLAN",
235
- reason: `Step "${matched.label}" requires completion of: ${pendingDeps}`,
236
- matchedStep: matched.id,
237
- progress
238
- };
239
- }
240
- const { violated } = checkConstraints(event, eventText, plan.constraints);
241
- if (violated) {
242
- return {
243
- allowed: false,
244
- status: "CONSTRAINT_VIOLATED",
245
- reason: violated.description,
246
- matchedStep: matched.id,
247
- progress
248
- };
249
- }
250
- return {
251
- allowed: true,
252
- status: "ON_PLAN",
253
- reason: `Matches step: ${matched.label}`,
254
- matchedStep: matched.id,
255
- progress
256
- };
257
- }
258
- function buildPlanCheck(event, plan, verdict) {
259
- const eventText = [event.intent, event.tool ?? "", event.scope ?? ""].join(" ").toLowerCase();
260
- const { matched, closest, closestScore } = findMatchingStep(eventText, event, plan.steps);
261
- const { checks: constraintChecks } = checkConstraints(event, eventText, plan.constraints);
262
- const progress = getPlanProgress(plan);
263
- return {
264
- planId: plan.plan_id,
265
- matched: !!matched,
266
- matchedStepId: matched?.id,
267
- matchedStepLabel: matched?.label,
268
- closestStepId: !matched ? closest?.id : void 0,
269
- closestStepLabel: !matched ? closest?.label : void 0,
270
- similarityScore: !matched ? closestScore : void 0,
271
- sequenceValid: matched ? isSequenceValid(matched, plan) : void 0,
272
- constraintsChecked: constraintChecks,
273
- progress: { completed: progress.completed, total: progress.total }
274
- };
275
- }
276
-
277
- // src/engine/guard-engine.ts
278
- var PROMPT_INJECTION_PATTERNS = [
279
- // Instruction override
280
- { pattern: /ignore\s+(previous|all|prior|above)\s+(instructions?|rules?)/i, label: "ignore-instructions" },
281
- { pattern: /disregard\s+(your|the)\s+(rules|constraints)/i, label: "disregard-rules" },
282
- { pattern: /new\s+instructions?:/i, label: "new-instructions" },
283
- // Identity manipulation
284
- { pattern: /you\s+are\s+now/i, label: "identity-override" },
285
- { pattern: /new\s+persona/i, label: "new-persona" },
286
- { pattern: /act\s+as\s+if/i, label: "act-as-if" },
287
- { pattern: /pretend\s+(you|to\s+be|you\s+are\s+unrestricted)/i, label: "pretend-to-be" },
288
- // Context reset
289
- { pattern: /forget\s+(everything|all|your)/i, label: "forget-context" },
290
- { pattern: /system\s*:\s*override/i, label: "system-override" },
291
- // Constraint bypass
292
- { pattern: /override\s+(your|the)\s+(programming|constraints)/i, label: "override-constraints" },
293
- { pattern: /bypass\s+(your|the)\s+(filters|constraints|rules)/i, label: "bypass-filters" },
294
- // Prompt extraction
295
- { pattern: /system\s+prompt/i, label: "system-prompt-probe" },
296
- { pattern: /reveal\s+your\s+(instructions?|prompt|rules)/i, label: "reveal-instructions" },
297
- // Known jailbreak terms
298
- { pattern: /jailbreak/i, label: "jailbreak" },
299
- { pattern: /DAN\s+mode/i, label: "dan-mode" },
300
- { pattern: /developer\s+mode/i, label: "developer-mode" }
301
- ];
302
- var EXECUTION_CLAIM_PATTERNS = [
303
- { pattern: /I have (executed|completed|performed|done|made|created|sent|deleted|modified|updated)/i, label: "claim-i-have" },
304
- { pattern: /Successfully (created|deleted|modified|updated|sent|executed|performed)/i, label: "claim-successfully" },
305
- { pattern: /The file has been/i, label: "claim-file-modified" },
306
- { pattern: /I've made the changes/i, label: "claim-made-changes" },
307
- { pattern: /I('ve| have) (sent|posted|submitted|uploaded|downloaded)/i, label: "claim-sent" },
308
- { pattern: /Your (email|message|file|request) has been (sent|submitted)/i, label: "claim-your-sent" },
309
- { pattern: /Transaction complete/i, label: "claim-transaction" },
310
- { pattern: /Order placed/i, label: "claim-order" },
311
- { pattern: /Payment processed/i, label: "claim-payment" }
312
- ];
313
- var EXECUTION_INTENT_PATTERNS = [
314
- { pattern: /^(execute|run|perform|do this)/i, label: "intent-execute" },
315
- { pattern: /^(create|write|delete|modify) (a |the )?(file|folder|document)/i, label: "intent-file-ops" },
316
- { pattern: /^(send|post|submit) (a |an |the )?(email|message|tweet|post)/i, label: "intent-send" },
317
- { pattern: /^(search|look up|browse) (the )?web/i, label: "intent-web-search" },
318
- { pattern: /^(make|call|invoke) (a |an )?(api|http|rest) (call|request)/i, label: "intent-api-call" },
319
- { pattern: /^(buy|purchase|order|pay|transfer|send money)/i, label: "intent-financial" },
320
- { pattern: /^(book|schedule|reserve)/i, label: "intent-booking" },
321
- { pattern: /^(download|upload|save to|export to)/i, label: "intent-transfer" }
322
- ];
323
- var SCOPE_ESCAPE_PATTERNS = [
324
- { pattern: /\.\.\//, label: "parent-traversal" },
325
- { pattern: /^\/(?!home|project|workspace)/i, label: "absolute-path-outside-safe" },
326
- { pattern: /~\//, label: "home-directory" },
327
- { pattern: /\/etc\//i, label: "system-config" },
328
- { pattern: /\/usr\//i, label: "system-binaries" },
329
- { pattern: /\/var\//i, label: "system-variable-data" }
330
- ];
331
- var NEUTRAL_MESSAGES = {
332
- "prompt-injection": "This input contains patterns that could alter agent behavior.",
333
- "scope-escape": "This action would affect resources outside the declared scope.",
334
- "execution-claim": "This response claims to have performed an action.",
335
- "execution-intent": "This input requests execution in a thinking-only environment.",
336
- "delete": "This action would remove files. Confirmation needed.",
337
- "write-external": "This action would write outside the project folder.",
338
- "network-mutate": "This action would send data to an external service.",
339
- "credential-access": "This action would access stored credentials."
340
- };
341
- function levelRequiresConfirmation(level, actionType) {
342
- if (level === "strict") return true;
343
- if (level === "standard") {
344
- return actionType === "delete" || actionType === "credential-access";
345
- }
346
- return false;
347
- }
348
- function isExternalScope(scope) {
349
- const internalPatterns = [
350
- /^\.?\/?src\//i,
351
- /^\.?\/?lib\//i,
352
- /^\.?\/?app\//i,
353
- /^\.?\/?components\//i,
354
- /^\.?\/?pages\//i,
355
- /^\.?\/?public\//i,
356
- /^\.?\/?assets\//i,
357
- /^\.\//
358
- ];
359
- return !internalPatterns.some((p) => p.test(scope));
360
- }
361
- function evaluateGuard(event, world, options = {}) {
362
- const startTime = performance.now();
363
- const level = options.level ?? "standard";
364
- const includeTrace = options.trace ?? false;
365
- const eventText = (event.intent + " " + (event.tool ?? "") + " " + (event.scope ?? "")).toLowerCase();
366
- const invariantChecks = [];
367
- const safetyChecks = [];
368
- let planCheckResult;
369
- const roleChecks = [];
370
- const guardChecks = [];
371
- const kernelRuleChecks = [];
372
- const levelChecks = [];
373
- let decidingLayer = "default-allow";
374
- let decidingId;
375
- const guardsMatched = [];
376
- const rulesMatched = [];
377
- checkInvariantCoverage(world, invariantChecks);
378
- if (options.sessionAllowlist) {
379
- const key = eventToAllowlistKey(event);
380
- if (options.sessionAllowlist.has(key)) {
381
- decidingLayer = "session-allowlist";
382
- decidingId = `allowlist:${key}`;
383
- return buildVerdict(
384
- "ALLOW",
385
- void 0,
386
- `allowlist:${key}`,
387
- void 0,
388
- world,
389
- level,
390
- invariantChecks,
391
- guardsMatched,
392
- rulesMatched,
393
- includeTrace ? buildTrace(
394
- invariantChecks,
395
- safetyChecks,
396
- planCheckResult,
397
- roleChecks,
398
- guardChecks,
399
- kernelRuleChecks,
400
- levelChecks,
401
- decidingLayer,
402
- decidingId,
403
- startTime
404
- ) : void 0
405
- );
406
- }
407
- }
408
- const safetyVerdict = checkSafety(event, eventText, safetyChecks);
409
- if (safetyVerdict) {
410
- decidingLayer = "safety";
411
- decidingId = safetyVerdict.ruleId;
412
- return buildVerdict(
413
- safetyVerdict.status,
414
- safetyVerdict.reason,
415
- safetyVerdict.ruleId,
416
- void 0,
417
- world,
418
- level,
419
- invariantChecks,
420
- guardsMatched,
421
- rulesMatched,
422
- includeTrace ? buildTrace(
423
- invariantChecks,
424
- safetyChecks,
425
- planCheckResult,
426
- roleChecks,
427
- guardChecks,
428
- kernelRuleChecks,
429
- levelChecks,
430
- decidingLayer,
431
- decidingId,
432
- startTime
433
- ) : void 0
434
- );
435
- }
436
- if (options.plan) {
437
- const planVerdict = evaluatePlan(event, options.plan);
438
- planCheckResult = buildPlanCheck(event, options.plan, planVerdict);
439
- if (!planVerdict.allowed && planVerdict.status !== "PLAN_COMPLETE") {
440
- decidingLayer = "plan-enforcement";
441
- decidingId = `plan-${options.plan.plan_id}`;
442
- const planStatus = planVerdict.status === "CONSTRAINT_VIOLATED" ? "PAUSE" : "BLOCK";
443
- let reason = planVerdict.reason ?? "Action blocked by plan.";
444
- if (planVerdict.status === "OFF_PLAN" && planVerdict.closestStep) {
445
- reason += ` Closest step: "${planVerdict.closestStep}" (similarity: ${(planVerdict.similarityScore ?? 0).toFixed(2)})`;
446
- }
447
- return buildVerdict(
448
- planStatus,
449
- reason,
450
- `plan-${options.plan.plan_id}`,
451
- void 0,
452
- world,
453
- level,
454
- invariantChecks,
455
- guardsMatched,
456
- rulesMatched,
457
- includeTrace ? buildTrace(
458
- invariantChecks,
459
- safetyChecks,
460
- planCheckResult,
461
- roleChecks,
462
- guardChecks,
463
- kernelRuleChecks,
464
- levelChecks,
465
- decidingLayer,
466
- decidingId,
467
- startTime
468
- ) : void 0
469
- );
470
- }
471
- }
472
- const roleVerdict = checkRoleRules(event, eventText, world, roleChecks);
473
- if (roleVerdict) {
474
- decidingLayer = "role";
475
- decidingId = roleVerdict.ruleId;
476
- return buildVerdict(
477
- roleVerdict.status,
478
- roleVerdict.reason,
479
- roleVerdict.ruleId,
480
- void 0,
481
- world,
482
- level,
483
- invariantChecks,
484
- guardsMatched,
485
- rulesMatched,
486
- includeTrace ? buildTrace(
487
- invariantChecks,
488
- safetyChecks,
489
- planCheckResult,
490
- roleChecks,
491
- guardChecks,
492
- kernelRuleChecks,
493
- levelChecks,
494
- decidingLayer,
495
- decidingId,
496
- startTime
497
- ) : void 0
498
- );
499
- }
500
- const guardVerdict = checkGuards(event, eventText, world, guardChecks, guardsMatched);
501
- if (guardVerdict) {
502
- if (guardVerdict.status !== "ALLOW") {
503
- decidingLayer = "guard";
504
- decidingId = guardVerdict.ruleId;
505
- return buildVerdict(
506
- guardVerdict.status,
507
- guardVerdict.reason,
508
- guardVerdict.ruleId,
509
- void 0,
510
- world,
511
- level,
512
- invariantChecks,
513
- guardsMatched,
514
- rulesMatched,
515
- includeTrace ? buildTrace(
516
- invariantChecks,
517
- safetyChecks,
518
- planCheckResult,
519
- roleChecks,
520
- guardChecks,
521
- kernelRuleChecks,
522
- levelChecks,
523
- decidingLayer,
524
- decidingId,
525
- startTime
526
- ) : void 0
527
- );
528
- }
529
- }
530
- const kernelVerdict = checkKernelRules(eventText, world, kernelRuleChecks, rulesMatched);
531
- if (kernelVerdict) {
532
- decidingLayer = "kernel-rule";
533
- decidingId = kernelVerdict.ruleId;
534
- return buildVerdict(
535
- kernelVerdict.status,
536
- kernelVerdict.reason,
537
- kernelVerdict.ruleId,
538
- void 0,
539
- world,
540
- level,
541
- invariantChecks,
542
- guardsMatched,
543
- rulesMatched,
544
- includeTrace ? buildTrace(
545
- invariantChecks,
546
- safetyChecks,
547
- planCheckResult,
548
- roleChecks,
549
- guardChecks,
550
- kernelRuleChecks,
551
- levelChecks,
552
- decidingLayer,
553
- decidingId,
554
- startTime
555
- ) : void 0
556
- );
557
- }
558
- const levelVerdict = checkLevelConstraints(event, level, levelChecks);
559
- if (levelVerdict) {
560
- decidingLayer = "level-constraint";
561
- decidingId = levelVerdict.ruleId;
562
- return buildVerdict(
563
- levelVerdict.status,
564
- levelVerdict.reason,
565
- levelVerdict.ruleId,
566
- void 0,
567
- world,
568
- level,
569
- invariantChecks,
570
- guardsMatched,
571
- rulesMatched,
572
- includeTrace ? buildTrace(
573
- invariantChecks,
574
- safetyChecks,
575
- planCheckResult,
576
- roleChecks,
577
- guardChecks,
578
- kernelRuleChecks,
579
- levelChecks,
580
- decidingLayer,
581
- decidingId,
582
- startTime
583
- ) : void 0
584
- );
585
- }
586
- const warning = guardVerdict?.warning;
587
- return buildVerdict(
588
- "ALLOW",
589
- void 0,
590
- void 0,
591
- warning,
592
- world,
593
- level,
594
- invariantChecks,
595
- guardsMatched,
596
- rulesMatched,
597
- includeTrace ? buildTrace(
598
- invariantChecks,
599
- safetyChecks,
600
- planCheckResult,
601
- roleChecks,
602
- guardChecks,
603
- kernelRuleChecks,
604
- levelChecks,
605
- decidingLayer,
606
- decidingId,
607
- startTime
608
- ) : void 0
609
- );
610
- }
611
- function checkInvariantCoverage(world, checks) {
612
- const invariants = world.invariants ?? [];
613
- const guards = world.guards?.guards ?? [];
614
- for (const invariant of invariants) {
615
- const coveringGuard = guards.find(
616
- (g) => g.invariant_ref === invariant.id && g.immutable
617
- );
618
- checks.push({
619
- invariantId: invariant.id,
620
- label: invariant.label,
621
- hasGuardCoverage: !!coveringGuard,
622
- coveringGuardId: coveringGuard?.id
623
- });
624
- }
625
- }
626
- function checkSafety(event, eventText, checks) {
627
- const textToCheck = event.intent + (event.payload ? JSON.stringify(event.payload) : "");
628
- for (const { pattern, label } of PROMPT_INJECTION_PATTERNS) {
629
- const triggered = pattern.test(textToCheck);
630
- checks.push({
631
- checkType: "prompt-injection",
632
- triggered,
633
- matchedPattern: triggered ? label : void 0
634
- });
635
- if (triggered) {
636
- for (const remaining of PROMPT_INJECTION_PATTERNS.filter((p) => p.label !== label)) {
637
- checks.push({
638
- checkType: "prompt-injection",
639
- triggered: remaining.pattern.test(textToCheck),
640
- matchedPattern: remaining.pattern.test(textToCheck) ? remaining.label : void 0
641
- });
642
- }
643
- return {
644
- status: "PAUSE",
645
- reason: NEUTRAL_MESSAGES["prompt-injection"],
646
- ruleId: `safety-injection-${label}`
647
- };
648
- }
649
- }
650
- const scopeToCheck = event.scope ?? event.intent;
651
- for (const { pattern, label } of SCOPE_ESCAPE_PATTERNS) {
652
- const triggered = pattern.test(scopeToCheck);
653
- checks.push({
654
- checkType: "scope-escape",
655
- triggered,
656
- matchedPattern: triggered ? label : void 0
657
- });
658
- if (triggered) {
659
- for (const remaining of SCOPE_ESCAPE_PATTERNS.filter((p) => p.label !== label)) {
660
- checks.push({
661
- checkType: "scope-escape",
662
- triggered: remaining.pattern.test(scopeToCheck),
663
- matchedPattern: remaining.pattern.test(scopeToCheck) ? remaining.label : void 0
664
- });
665
- }
666
- return {
667
- status: "PAUSE",
668
- reason: NEUTRAL_MESSAGES["scope-escape"],
669
- ruleId: `safety-scope-${label}`
670
- };
671
- }
672
- }
673
- if (event.direction === "output") {
674
- for (const { pattern, label } of EXECUTION_CLAIM_PATTERNS) {
675
- const triggered = pattern.test(textToCheck);
676
- checks.push({
677
- checkType: "execution-claim",
678
- triggered,
679
- matchedPattern: triggered ? label : void 0
680
- });
681
- if (triggered) {
682
- for (const remaining of EXECUTION_CLAIM_PATTERNS.filter((p) => p.label !== label)) {
683
- checks.push({
684
- checkType: "execution-claim",
685
- triggered: remaining.pattern.test(textToCheck),
686
- matchedPattern: remaining.pattern.test(textToCheck) ? remaining.label : void 0
687
- });
688
- }
689
- return {
690
- status: "PAUSE",
691
- reason: NEUTRAL_MESSAGES["execution-claim"],
692
- ruleId: `safety-execution-claim-${label}`
693
- };
694
- }
695
- }
696
- }
697
- if (event.direction === "input") {
698
- const intentTrimmed = event.intent.trim();
699
- for (const { pattern, label } of EXECUTION_INTENT_PATTERNS) {
700
- const triggered = pattern.test(intentTrimmed);
701
- checks.push({
702
- checkType: "execution-intent",
703
- triggered,
704
- matchedPattern: triggered ? label : void 0
705
- });
706
- if (triggered) {
707
- for (const remaining of EXECUTION_INTENT_PATTERNS.filter((p) => p.label !== label)) {
708
- checks.push({
709
- checkType: "execution-intent",
710
- triggered: remaining.pattern.test(intentTrimmed),
711
- matchedPattern: remaining.pattern.test(intentTrimmed) ? remaining.label : void 0
712
- });
713
- }
714
- return {
715
- status: "PAUSE",
716
- reason: NEUTRAL_MESSAGES["execution-intent"],
717
- ruleId: `safety-execution-intent-${label}`
718
- };
719
- }
720
- }
721
- }
722
- return null;
723
- }
724
- function checkRoleRules(event, eventText, world, checks) {
725
- if (!event.roleId || !world.roles) return null;
726
- const role = world.roles.roles.find((r) => r.id === event.roleId);
727
- if (!role) return null;
728
- if (role.requiresApproval) {
729
- checks.push({
730
- roleId: role.id,
731
- roleName: role.name,
732
- rule: "All actions require approval",
733
- ruleType: "requiresApproval",
734
- matched: true
735
- });
736
- return {
737
- status: "PAUSE",
738
- reason: `Role "${role.name}" requires approval for all actions.`,
739
- ruleId: `role-${role.id}-requires-approval`
740
- };
741
- }
742
- for (const rule of role.cannotDo) {
743
- const matched = matchesKeywords(eventText, rule);
744
- checks.push({
745
- roleId: role.id,
746
- roleName: role.name,
747
- rule,
748
- ruleType: "cannotDo",
749
- matched
750
- });
751
- if (matched) {
752
- return {
753
- status: "BLOCK",
754
- reason: `Role "${role.name}" cannot: ${rule}`,
755
- ruleId: `role-${role.id}-cannotdo`
756
- };
757
- }
758
- }
759
- for (const rule of role.canDo) {
760
- checks.push({
761
- roleId: role.id,
762
- roleName: role.name,
763
- rule,
764
- ruleType: "canDo",
765
- matched: matchesKeywords(eventText, rule)
766
- });
767
- }
768
- return null;
769
- }
770
- function checkGuards(event, eventText, world, checks, guardsMatched) {
771
- if (!world.guards) return null;
772
- const guardsConfig = world.guards;
773
- let warnResult = null;
774
- const compiledPatterns = /* @__PURE__ */ new Map();
775
- for (const [key, def] of Object.entries(guardsConfig.intent_vocabulary)) {
776
- try {
777
- compiledPatterns.set(key, new RegExp(def.pattern, "i"));
778
- } catch {
779
- }
780
- }
781
- const eventTool = (event.tool ?? "").toLowerCase();
782
- for (const guard of guardsConfig.guards) {
783
- if (guard.appliesTo && guard.appliesTo.length > 0) {
784
- const normalizedAppliesTo = guard.appliesTo.map((t) => t.toLowerCase());
785
- if (!normalizedAppliesTo.includes(eventTool)) {
786
- continue;
787
- }
788
- }
789
- const enabled = guard.immutable || guard.default_enabled !== false;
790
- const matchedPatterns = [];
791
- for (const patternKey of guard.intent_patterns) {
792
- const regex = compiledPatterns.get(patternKey);
793
- if (regex?.test(eventText)) {
794
- matchedPatterns.push(patternKey);
795
- }
796
- }
797
- const matched = matchedPatterns.length > 0 && enabled;
798
- let roleGated = false;
799
- if (matched && guard.required_roles && guard.required_roles.length > 0 && event.roleId && guard.required_roles.includes(event.roleId)) {
800
- roleGated = true;
801
- }
802
- checks.push({
803
- guardId: guard.id,
804
- label: guard.label,
805
- category: guard.category,
806
- enabled,
807
- matched: matched && !roleGated,
808
- enforcement: guard.enforcement,
809
- matchedPatterns,
810
- roleGated
811
- });
812
- if (!matched || roleGated) continue;
813
- guardsMatched.push(guard.id);
814
- const actionMode = guard.player_modes?.action ?? guard.enforcement;
815
- const reason = guard.redirect ? `${guard.description} \u2014 ${guard.redirect}` : guard.description;
816
- if (actionMode === "block") {
817
- return { status: "BLOCK", reason, ruleId: `guard-${guard.id}` };
818
- }
819
- if (actionMode === "pause") {
820
- return { status: "PAUSE", reason, ruleId: `guard-${guard.id}` };
821
- }
822
- if (actionMode === "warn" && !warnResult) {
823
- warnResult = { status: "ALLOW", warning: reason, ruleId: `guard-${guard.id}` };
824
- }
825
- }
826
- return warnResult;
827
- }
828
- function checkKernelRules(eventText, world, checks, rulesMatched) {
829
- if (!world.kernel) return null;
830
- const forbidden = world.kernel.input_boundaries?.forbidden_patterns ?? [];
831
- const output = world.kernel.output_boundaries?.forbidden_patterns ?? [];
832
- for (const rule of forbidden) {
833
- let matched = false;
834
- let matchMethod = "none";
835
- if (rule.pattern) {
836
- try {
837
- matched = new RegExp(rule.pattern, "i").test(eventText);
838
- matchMethod = "pattern";
839
- } catch {
840
- }
841
- }
842
- if (!matched && rule.reason) {
843
- matched = matchesKeywords(eventText, rule.reason);
844
- if (matched) matchMethod = "keyword";
845
- }
846
- checks.push({
847
- ruleId: rule.id,
848
- text: rule.reason,
849
- category: "forbidden",
850
- matched,
851
- matchMethod
852
- });
853
- if (matched) {
854
- rulesMatched.push(rule.id);
855
- if (rule.action === "BLOCK") {
856
- return {
857
- status: "BLOCK",
858
- reason: rule.reason,
859
- ruleId: `kernel-${rule.id}`
860
- };
861
- }
862
- }
863
- }
864
- return null;
865
- }
866
- function checkLevelConstraints(event, level, checks) {
867
- if (level === "basic") return null;
868
- const intent = event.intent.toLowerCase();
869
- const tool = (event.tool ?? "").toLowerCase();
870
- const isDelete = intent.includes("delete") || intent.includes("remove") || intent.includes("rm ") || tool === "delete";
871
- const deleteTriggered = isDelete && levelRequiresConfirmation(level, "delete");
872
- checks.push({
873
- checkType: "delete",
874
- level,
875
- triggered: deleteTriggered,
876
- reason: deleteTriggered ? NEUTRAL_MESSAGES["delete"] : void 0
877
- });
878
- if (deleteTriggered) {
879
- return { status: "PAUSE", reason: NEUTRAL_MESSAGES["delete"], ruleId: "level-delete-check" };
880
- }
881
- const isExternal = event.scope ? isExternalScope(event.scope) : false;
882
- const externalTriggered = isExternal && levelRequiresConfirmation(level, "write-external");
883
- checks.push({
884
- checkType: "write-external",
885
- level,
886
- triggered: externalTriggered,
887
- reason: externalTriggered ? NEUTRAL_MESSAGES["write-external"] : void 0
888
- });
889
- if (externalTriggered) {
890
- return { status: "PAUSE", reason: NEUTRAL_MESSAGES["write-external"], ruleId: "level-external-write-check" };
891
- }
892
- const isNetwork = tool === "http" || tool === "fetch" || tool === "request" || intent.includes("post ") || intent.includes("sending");
893
- const networkTriggered = isNetwork && levelRequiresConfirmation(level, "network-mutate");
894
- checks.push({
895
- checkType: "network-mutate",
896
- level,
897
- triggered: networkTriggered,
898
- reason: networkTriggered ? NEUTRAL_MESSAGES["network-mutate"] : void 0
899
- });
900
- if (networkTriggered) {
901
- return { status: "PAUSE", reason: NEUTRAL_MESSAGES["network-mutate"], ruleId: "level-network-mutate-check" };
902
- }
903
- const isCredential = intent.includes("credential") || intent.includes("password") || intent.includes("secret") || intent.includes("api key") || intent.includes("token");
904
- const credentialTriggered = isCredential && levelRequiresConfirmation(level, "credential-access");
905
- checks.push({
906
- checkType: "credential-access",
907
- level,
908
- triggered: credentialTriggered,
909
- reason: credentialTriggered ? NEUTRAL_MESSAGES["credential-access"] : void 0
910
- });
911
- if (credentialTriggered) {
912
- return { status: "PAUSE", reason: NEUTRAL_MESSAGES["credential-access"], ruleId: "level-credential-check" };
913
- }
914
- const irreversibleTriggered = !!event.irreversible && level !== "basic";
915
- checks.push({
916
- checkType: "irreversible",
917
- level,
918
- triggered: irreversibleTriggered,
919
- reason: irreversibleTriggered ? "This action is marked as irreversible." : void 0
920
- });
921
- if (irreversibleTriggered) {
922
- return {
923
- status: "PAUSE",
924
- reason: "This action is marked as irreversible.",
925
- ruleId: "level-irreversible-check"
926
- };
927
- }
928
- return null;
929
- }
930
- function matchesKeywords(eventText, ruleText) {
931
- const keywords = ruleText.toLowerCase().split(/\s+/).filter((w) => w.length > 3);
932
- if (keywords.length === 0) return false;
933
- return keywords.every((kw) => eventText.includes(kw));
934
- }
935
- function eventToAllowlistKey(event) {
936
- return `${(event.tool ?? "*").toLowerCase()}::${event.intent.toLowerCase().trim()}`;
937
- }
938
- function buildTrace(invariantChecks, safetyChecks, planCheck, roleChecks, guardChecks, kernelRuleChecks, levelChecks, decidingLayer, decidingId, startTime) {
939
- const trace = {
940
- invariantChecks,
941
- safetyChecks,
942
- roleChecks,
943
- guardChecks,
944
- kernelRuleChecks,
945
- levelChecks,
946
- precedenceResolution: {
947
- decidingLayer,
948
- decidingId,
949
- strategy: "first-match-wins",
950
- chainOrder: [
951
- "invariant-coverage",
952
- "session-allowlist",
953
- "safety-injection",
954
- "safety-scope-escape",
955
- "safety-execution-claim",
956
- "safety-execution-intent",
957
- "plan-enforcement",
958
- "role-rules",
959
- "declarative-guards",
960
- "kernel-rules",
961
- "level-constraints",
962
- "default-allow"
963
- ]
964
- },
965
- durationMs: performance.now() - startTime
966
- };
967
- if (planCheck) {
968
- trace.planCheck = planCheck;
969
- }
970
- return trace;
971
- }
972
- function buildVerdict(status, reason, ruleId, warning, world, level, invariantChecks, guardsMatched, rulesMatched, trace) {
973
- const evidence = {
974
- worldId: world.world.world_id,
975
- worldName: world.world.name,
976
- worldVersion: world.world.version,
977
- evaluatedAt: Date.now(),
978
- invariantsSatisfied: invariantChecks.filter((c) => c.hasGuardCoverage).length,
979
- invariantsTotal: invariantChecks.length,
980
- guardsMatched,
981
- rulesMatched,
982
- enforcementLevel: level
983
- };
984
- const verdict = {
985
- status,
986
- evidence
987
- };
988
- if (reason) verdict.reason = reason;
989
- if (ruleId) verdict.ruleId = ruleId;
990
- if (warning) verdict.warning = warning;
991
- if (trace) verdict.trace = trace;
992
- return verdict;
993
- }
994
-
995
- // src/loader/world-loader.ts
996
- async function loadWorldFromDirectory(dirPath) {
997
- const { readFile } = await import("fs/promises");
998
- const { join } = await import("path");
999
- const { readdirSync } = await import("fs");
1000
- async function readJson(filename) {
1001
- try {
1002
- const content = await readFile(join(dirPath, filename), "utf-8");
1003
- return JSON.parse(content);
1004
- } catch {
1005
- return void 0;
1006
- }
1007
- }
1008
- const worldJson = await readJson("world.json");
1009
- if (!worldJson) {
1010
- throw new Error(`Cannot read world.json in ${dirPath}`);
1011
- }
1012
- const invariantsJson = await readJson("invariants.json");
1013
- const assumptionsJson = await readJson("assumptions.json");
1014
- const stateSchemaJson = await readJson("state-schema.json");
1015
- const gatesJson = await readJson("gates.json");
1016
- const outcomesJson = await readJson("outcomes.json");
1017
- const guardsJson = await readJson("guards.json");
1018
- const rolesJson = await readJson("roles.json");
1019
- const kernelJson = await readJson("kernel.json");
1020
- const metadataJson = await readJson("metadata.json");
1021
- const rules = [];
1022
- try {
1023
- const rulesDir = join(dirPath, "rules");
1024
- const ruleFiles = readdirSync(rulesDir).filter((f) => f.endsWith(".json")).sort();
1025
- for (const file of ruleFiles) {
1026
- const content = await readFile(join(rulesDir, file), "utf-8");
1027
- rules.push(JSON.parse(content));
1028
- }
1029
- } catch {
1030
- }
1031
- return {
1032
- world: worldJson,
1033
- invariants: invariantsJson?.invariants ?? [],
1034
- assumptions: assumptionsJson ?? { profiles: {}, parameter_definitions: {} },
1035
- stateSchema: stateSchemaJson ?? { variables: {}, presets: {} },
1036
- rules,
1037
- gates: gatesJson ?? {
1038
- viability_classification: [],
1039
- structural_override: { description: "", enforcement: "mandatory" },
1040
- sustainability_threshold: 0,
1041
- collapse_visual: { background: "", text: "", border: "", label: "" }
1042
- },
1043
- outcomes: outcomesJson ?? {
1044
- computed_outcomes: [],
1045
- comparison_layout: { primary_card: "", status_badge: "", structural_indicators: [] }
1046
- },
1047
- guards: guardsJson,
1048
- roles: rolesJson,
1049
- kernel: kernelJson,
1050
- metadata: metadataJson ?? {
1051
- format_version: "1.0.0",
1052
- created_at: "",
1053
- last_modified: "",
1054
- authoring_method: "manual-authoring"
1055
- }
1056
- };
1057
- }
1058
- async function loadWorld(worldPath) {
1059
- const { stat } = await import("fs/promises");
1060
- const info = await stat(worldPath);
1061
- if (info.isDirectory()) {
1062
- return loadWorldFromDirectory(worldPath);
1063
- }
1064
- if (worldPath.endsWith(".nv-world.zip")) {
1065
- throw new Error(".nv-world.zip loading not yet implemented \u2014 use a world directory");
1066
- }
1067
- throw new Error(`Cannot load world from: ${worldPath} \u2014 expected a directory or .nv-world.zip`);
1068
- }
1069
-
1070
- // src/adapters/langchain.ts
1071
- var GovernanceBlockedError = class extends Error {
1072
- verdict;
1073
- event;
1074
- constructor(verdict, event) {
1075
- super(`[NeuroVerse] BLOCKED: ${verdict.reason ?? verdict.ruleId ?? "governance rule"}`);
1076
- this.name = "GovernanceBlockedError";
1077
- this.verdict = verdict;
1078
- this.event = event;
1079
- }
1080
- };
1081
- function defaultMapToolCall(toolName, toolInput) {
1082
- return {
1083
- intent: toolName,
1084
- tool: toolName,
1085
- scope: typeof toolInput.path === "string" ? toolInput.path : typeof toolInput.url === "string" ? toolInput.url : void 0,
1086
- args: toolInput,
1087
- direction: "input"
1088
- };
1089
- }
1090
- var NeuroVerseCallbackHandler = class {
1091
- name = "NeuroVerseGovernance";
1092
- world;
1093
- options;
1094
- engineOptions;
1095
- mapToolCall;
1096
- activePlan;
1097
- constructor(world, options = {}) {
1098
- this.world = world;
1099
- this.options = options;
1100
- this.activePlan = options.plan;
1101
- this.engineOptions = {
1102
- trace: options.trace ?? false,
1103
- level: options.level,
1104
- plan: this.activePlan
1105
- };
1106
- this.mapToolCall = options.mapToolCall ?? defaultMapToolCall;
1107
- }
1108
- /**
1109
- * Called before a tool is executed.
1110
- * Evaluates the tool call against the governance world.
1111
- *
1112
- * @throws GovernanceBlockedError if the action is BLOCKED
1113
- * @throws GovernanceBlockedError if the action is PAUSED and onPause returns false
1114
- */
1115
- async handleToolStart(tool, input) {
1116
- let parsedInput;
1117
- try {
1118
- parsedInput = typeof input === "string" ? JSON.parse(input) : input;
1119
- } catch {
1120
- parsedInput = { raw: input };
1121
- }
1122
- const event = this.mapToolCall(tool.name, parsedInput);
1123
- this.engineOptions.plan = this.activePlan;
1124
- const verdict = evaluateGuard(event, this.world, this.engineOptions);
1125
- this.options.onEvaluate?.(verdict, event);
1126
- if (verdict.status === "BLOCK") {
1127
- this.options.onBlock?.(verdict, event);
1128
- throw new GovernanceBlockedError(verdict, event);
1129
- }
1130
- if (verdict.status === "PAUSE") {
1131
- const approved = await this.options.onPause?.(verdict, event);
1132
- if (!approved) {
1133
- throw new GovernanceBlockedError(verdict, event);
1134
- }
1135
- }
1136
- if (verdict.status === "ALLOW" && this.activePlan) {
1137
- const planVerdict = evaluatePlan(event, this.activePlan);
1138
- if (planVerdict.matchedStep) {
1139
- const advResult = advancePlan(this.activePlan, planVerdict.matchedStep);
1140
- if (advResult.success && advResult.plan) {
1141
- this.activePlan = advResult.plan;
1142
- this.engineOptions.plan = this.activePlan;
1143
- }
1144
- const progress = getPlanProgress(this.activePlan);
1145
- this.options.onPlanProgress?.(progress);
1146
- if (progress.completed === progress.total) {
1147
- this.options.onPlanComplete?.();
1148
- }
1149
- }
1150
- }
1151
- }
1152
- };
1153
- async function createNeuroVerseCallbackHandler(worldPath, options) {
1154
- const world = await loadWorld(worldPath);
1155
- return new NeuroVerseCallbackHandler(world, options);
1156
- }
1157
- function createNeuroVerseCallbackHandlerFromWorld(world, options) {
1158
- return new NeuroVerseCallbackHandler(world, options);
1159
- }
1160
-
1161
- // src/adapters/openai.ts
1162
- var GovernanceBlockedError2 = class extends Error {
1163
- verdict;
1164
- toolCallId;
1165
- constructor(verdict, toolCallId) {
1166
- super(`[NeuroVerse] BLOCKED: ${verdict.reason ?? verdict.ruleId ?? "governance rule"}`);
1167
- this.name = "GovernanceBlockedError";
1168
- this.verdict = verdict;
1169
- this.toolCallId = toolCallId;
1170
- }
1171
- };
1172
- function defaultMapFunctionCall(name, args) {
1173
- return {
1174
- intent: name,
1175
- tool: name,
1176
- scope: typeof args.path === "string" ? args.path : typeof args.url === "string" ? args.url : void 0,
1177
- args,
1178
- direction: "input"
1179
- };
1180
- }
1181
- function defaultBlockMessage(verdict) {
1182
- return `Action blocked by governance policy: ${verdict.reason ?? "rule violation"}. Rule: ${verdict.ruleId ?? "unknown"}.`;
1183
- }
1184
- var GovernedToolExecutor = class {
1185
- world;
1186
- options;
1187
- engineOptions;
1188
- mapFn;
1189
- blockMsg;
1190
- activePlan;
1191
- constructor(world, options = {}) {
1192
- this.world = world;
1193
- this.options = options;
1194
- this.activePlan = options.plan;
1195
- this.engineOptions = {
1196
- trace: options.trace ?? false,
1197
- level: options.level,
1198
- plan: this.activePlan
1199
- };
1200
- this.mapFn = options.mapFunctionCall ?? defaultMapFunctionCall;
1201
- this.blockMsg = options.blockMessage ?? defaultBlockMessage;
1202
- }
1203
- /**
1204
- * Evaluate a single tool call against governance rules.
1205
- * Returns the verdict without executing the tool.
1206
- */
1207
- evaluate(toolCall) {
1208
- let args;
1209
- try {
1210
- args = JSON.parse(toolCall.function.arguments);
1211
- } catch {
1212
- args = { raw: toolCall.function.arguments };
1213
- }
1214
- const event = this.mapFn(toolCall.function.name, args);
1215
- this.engineOptions.plan = this.activePlan;
1216
- const verdict = evaluateGuard(event, this.world, this.engineOptions);
1217
- this.options.onEvaluate?.(verdict, event);
1218
- if (verdict.status === "ALLOW" && this.activePlan) {
1219
- const planVerdict = evaluatePlan(event, this.activePlan);
1220
- if (planVerdict.matchedStep) {
1221
- const advResult = advancePlan(this.activePlan, planVerdict.matchedStep);
1222
- if (advResult.success && advResult.plan) {
1223
- this.activePlan = advResult.plan;
1224
- this.engineOptions.plan = this.activePlan;
1225
- }
1226
- const progress = getPlanProgress(this.activePlan);
1227
- this.options.onPlanProgress?.(progress);
1228
- if (progress.completed === progress.total) {
1229
- this.options.onPlanComplete?.();
1230
- }
1231
- }
1232
- }
1233
- return verdict;
1234
- }
1235
- /**
1236
- * Execute a tool call with governance enforcement.
1237
- *
1238
- * If ALLOW: runs the tool and returns the result.
1239
- * If BLOCK: returns a blocked message (no execution).
1240
- * If PAUSE: throws — caller must handle approval flow.
1241
- *
1242
- * @param toolCall - The OpenAI tool call to evaluate
1243
- * @param runner - The actual tool execution function
1244
- * @returns A tool result message ready for the OpenAI API
1245
- */
1246
- async execute(toolCall, runner) {
1247
- const verdict = this.evaluate(toolCall);
1248
- if (verdict.status === "BLOCK") {
1249
- return {
1250
- tool_call_id: toolCall.id,
1251
- role: "tool",
1252
- content: this.blockMsg(verdict),
1253
- _verdict: verdict
1254
- };
1255
- }
1256
- if (verdict.status === "PAUSE") {
1257
- throw new GovernanceBlockedError2(verdict, toolCall.id);
1258
- }
1259
- let args;
1260
- try {
1261
- args = JSON.parse(toolCall.function.arguments);
1262
- } catch {
1263
- args = { raw: toolCall.function.arguments };
1264
- }
1265
- const content = await runner(toolCall.function.name, args);
1266
- return {
1267
- tool_call_id: toolCall.id,
1268
- role: "tool",
1269
- content,
1270
- _verdict: verdict
1271
- };
1272
- }
1273
- };
1274
- async function createGovernedToolExecutor(worldPath, options) {
1275
- const world = await loadWorld(worldPath);
1276
- return new GovernedToolExecutor(world, options);
1277
- }
1278
- function createGovernedToolExecutorFromWorld(world, options) {
1279
- return new GovernedToolExecutor(world, options);
1280
- }
1281
-
1282
- // src/adapters/openclaw.ts
1283
- var GovernanceBlockedError3 = class extends Error {
1284
- verdict;
1285
- action;
1286
- constructor(verdict, action) {
1287
- super(`[NeuroVerse] BLOCKED: ${verdict.reason ?? verdict.ruleId ?? "governance rule"}`);
1288
- this.name = "GovernanceBlockedError";
1289
- this.verdict = verdict;
1290
- this.action = action;
1291
- }
1292
- };
1293
- function defaultMapAction(action, direction) {
1294
- return {
1295
- intent: action.type,
1296
- tool: action.tool ?? action.type,
1297
- args: action.input,
1298
- direction,
1299
- scope: typeof action.input?.path === "string" ? action.input.path : typeof action.input?.url === "string" ? action.input.url : void 0
1300
- };
1301
- }
1302
- var NeuroVersePlugin = class {
1303
- name = "neuroverse-governance";
1304
- world;
1305
- options;
1306
- engineOptions;
1307
- mapAction;
1308
- activePlan;
1309
- constructor(world, options = {}) {
1310
- this.world = world;
1311
- this.options = options;
1312
- this.activePlan = options.plan;
1313
- this.engineOptions = {
1314
- trace: options.trace ?? false,
1315
- level: options.level,
1316
- plan: this.activePlan
1317
- };
1318
- this.mapAction = options.mapAction ?? defaultMapAction;
1319
- }
1320
- /**
1321
- * Evaluate an action before execution.
1322
- *
1323
- * @throws GovernanceBlockedError if BLOCKED
1324
- * @returns HookResult with verdict details
1325
- */
1326
- beforeAction(action) {
1327
- const event = this.mapAction(action, "input");
1328
- this.engineOptions.plan = this.activePlan;
1329
- const verdict = evaluateGuard(event, this.world, this.engineOptions);
1330
- const result = {
1331
- allowed: verdict.status === "ALLOW",
1332
- verdict,
1333
- action
1334
- };
1335
- this.options.onEvaluate?.(result);
1336
- if (verdict.status === "BLOCK") {
1337
- throw new GovernanceBlockedError3(verdict, action);
1338
- }
1339
- if (verdict.status === "ALLOW" && this.activePlan) {
1340
- const planVerdict = evaluatePlan(event, this.activePlan);
1341
- if (planVerdict.matchedStep) {
1342
- const advResult = advancePlan(this.activePlan, planVerdict.matchedStep);
1343
- if (advResult.success && advResult.plan) {
1344
- this.activePlan = advResult.plan;
1345
- this.engineOptions.plan = this.activePlan;
1346
- }
1347
- const progress = getPlanProgress(this.activePlan);
1348
- this.options.onPlanProgress?.(progress);
1349
- if (progress.completed === progress.total) {
1350
- this.options.onPlanComplete?.();
1351
- }
1352
- }
1353
- }
1354
- return result;
1355
- }
1356
- /**
1357
- * Evaluate an action's output (post-execution governance).
1358
- * Only runs if evaluateOutputs is enabled.
1359
- *
1360
- * @returns HookResult or null if output evaluation is disabled
1361
- */
1362
- afterAction(action, _output) {
1363
- if (!this.options.evaluateOutputs) return null;
1364
- const event = this.mapAction(action, "output");
1365
- const verdict = evaluateGuard(event, this.world, this.engineOptions);
1366
- const result = {
1367
- allowed: verdict.status === "ALLOW",
1368
- verdict,
1369
- action
1370
- };
1371
- this.options.onEvaluate?.(result);
1372
- if (verdict.status === "BLOCK") {
1373
- throw new GovernanceBlockedError3(verdict, action);
1374
- }
1375
- return result;
1376
- }
1377
- /**
1378
- * Get the plugin hooks object for agent.use().
1379
- */
1380
- hooks() {
1381
- return {
1382
- beforeAction: (action) => this.beforeAction(action),
1383
- afterAction: (action, output) => this.afterAction(action, output)
1384
- };
1385
- }
1386
- };
1387
- async function createNeuroVersePlugin(worldPath, options) {
1388
- const world = await loadWorld(worldPath);
1389
- return new NeuroVersePlugin(world, options);
1390
- }
1391
- function createNeuroVersePluginFromWorld(world, options) {
1392
- return new NeuroVersePlugin(world, options);
1393
- }
1394
-
1395
- // src/adapters/express.ts
1396
- function methodToCategory(method) {
1397
- switch (method.toUpperCase()) {
1398
- case "GET":
1399
- case "HEAD":
1400
- case "OPTIONS":
1401
- return "read";
1402
- case "POST":
1403
- case "PUT":
1404
- case "PATCH":
1405
- return "write";
1406
- case "DELETE":
1407
- return "delete";
1408
- default:
1409
- return "other";
1410
- }
1411
- }
1412
- function defaultMapRequest(req) {
1413
- const method = (req.method ?? "GET").toUpperCase();
1414
- const path = req.path ?? req.url ?? "/";
1415
- return {
1416
- intent: `${method} ${path}`,
1417
- tool: "http",
1418
- scope: path,
1419
- actionCategory: methodToCategory(method),
1420
- direction: "input",
1421
- args: {
1422
- method,
1423
- path,
1424
- ...req.params ?? {},
1425
- ...req.query ?? {}
1426
- }
1427
- };
1428
- }
1429
- function defaultOnBlock(verdict, _req, res, statusCode) {
1430
- const body = {
1431
- error: "Governance policy violation",
1432
- reason: verdict.reason ?? "Action not permitted",
1433
- ruleId: verdict.ruleId,
1434
- status: verdict.status
1435
- };
1436
- if (res.status && res.json) {
1437
- res.status(statusCode).json(body);
1438
- } else if (res.send) {
1439
- res.statusCode = statusCode;
1440
- res.send(JSON.stringify(body));
1441
- } else if (res.end) {
1442
- res.statusCode = statusCode;
1443
- res.end();
1444
- }
1445
- }
1446
- async function createGovernanceMiddleware(worldPath, options) {
1447
- const world = await loadWorld(worldPath);
1448
- return createGovernanceMiddlewareFromWorld(world, options);
1449
- }
1450
- function createGovernanceMiddlewareFromWorld(world, options = {}) {
1451
- const engineOptions = {
1452
- trace: options.trace ?? false,
1453
- level: options.level
1454
- };
1455
- const mapRequest = options.mapRequest ?? defaultMapRequest;
1456
- const blockStatusCode = options.blockStatusCode ?? 403;
1457
- return async function neuroVerseGovernance(req, res, next) {
1458
- try {
1459
- const event = mapRequest(req);
1460
- const verdict = evaluateGuard(event, world, engineOptions);
1461
- options.onEvaluate?.(verdict, event, req);
1462
- if (verdict.status === "ALLOW") {
1463
- next();
1464
- return;
1465
- }
1466
- if (verdict.status === "PAUSE") {
1467
- const approved = await options.onPause?.(verdict, req);
1468
- if (approved) {
1469
- next();
1470
- return;
1471
- }
1472
- }
1473
- if (options.onBlock) {
1474
- options.onBlock(verdict, req, res);
1475
- } else {
1476
- defaultOnBlock(verdict, req, res, blockStatusCode);
1477
- }
1478
- } catch (err) {
1479
- next(err);
1480
- }
1481
- };
1482
- }
1483
-
1484
- // src/adapters/autoresearch.ts
1485
- var AutoresearchGovernor = class {
1486
- config;
1487
- state;
1488
- constructor(config) {
1489
- this.config = config;
1490
- this.state = {
1491
- experiments_run: 0,
1492
- best_result: null,
1493
- architectures_tested: [],
1494
- experiment_log: [],
1495
- total_compute_minutes: 0,
1496
- keep_count: 0
1497
- };
1498
- }
1499
- /**
1500
- * Convert an experiment proposal into a GuardEvent for governance evaluation.
1501
- */
1502
- proposalToGuardEvent(proposal) {
1503
- return {
1504
- intent: `run experiment: ${proposal.description}`,
1505
- tool: "experiment_runner",
1506
- scope: "experiment",
1507
- roleId: "experiment_runner",
1508
- direction: "output",
1509
- actionCategory: "shell",
1510
- args: {
1511
- experiment_id: String(proposal.experiment_id),
1512
- architecture: proposal.architecture,
1513
- estimated_minutes: String(proposal.estimated_minutes || 5)
1514
- }
1515
- };
1516
- }
1517
- /**
1518
- * Evaluate an experiment proposal against governance rules.
1519
- * Returns a simplified verdict without requiring the full guard engine.
1520
- */
1521
- evaluateProposal(proposal) {
1522
- const warnings = [];
1523
- const estimatedMinutes = proposal.estimated_minutes || 5;
1524
- if (this.state.total_compute_minutes + estimatedMinutes > this.config.computeBudgetMinutes) {
1525
- return {
1526
- allowed: false,
1527
- reason: `Compute budget exhausted: ${this.state.total_compute_minutes}/${this.config.computeBudgetMinutes} minutes used`,
1528
- warnings
1529
- };
1530
- }
1531
- if (this.config.constraints) {
1532
- for (const constraint of this.config.constraints) {
1533
- const lower = constraint.toLowerCase();
1534
- const archLower = proposal.architecture.toLowerCase();
1535
- const descLower = proposal.description.toLowerCase();
1536
- if (lower.startsWith("no ")) {
1537
- const forbidden = lower.slice(3).trim();
1538
- if (archLower.includes(forbidden) || descLower.includes(forbidden)) {
1539
- return {
1540
- allowed: false,
1541
- reason: `Architecture constraint violated: ${constraint}`,
1542
- warnings
1543
- };
1544
- }
1545
- }
1546
- }
1547
- }
1548
- const failureCount = this.state.experiment_log.filter((e) => !e.success).length;
1549
- if (failureCount > 5) {
1550
- warnings.push(`High failure rate: ${failureCount} failed experiments. Consider investigating root cause.`);
1551
- }
1552
- const recentArchitectures = this.state.experiment_log.slice(-5).map((e) => e.architecture);
1553
- const uniqueRecent = new Set(recentArchitectures).size;
1554
- if (recentArchitectures.length >= 5 && uniqueRecent === 1) {
1555
- warnings.push("Research may be stuck: last 5 experiments used the same architecture.");
1556
- }
1557
- return { allowed: true, reason: "Experiment approved", warnings };
1558
- }
1559
- /**
1560
- * Record an experiment result and update research state.
1561
- */
1562
- recordResult(result) {
1563
- this.state.experiments_run++;
1564
- this.state.total_compute_minutes += result.wall_clock_minutes;
1565
- this.state.experiment_log.push(result);
1566
- if (!this.state.architectures_tested.includes(result.architecture)) {
1567
- this.state.architectures_tested.push(result.architecture);
1568
- }
1569
- if (!result.success) {
1570
- return { kept: false, improvement: null, state: { ...this.state } };
1571
- }
1572
- let kept = false;
1573
- let improvement = null;
1574
- if (this.state.best_result === null) {
1575
- kept = true;
1576
- this.state.best_result = result;
1577
- this.state.keep_count++;
1578
- } else {
1579
- const prev = this.state.best_result.metric_value;
1580
- const curr = result.metric_value;
1581
- if (this.config.optimize === "minimize") {
1582
- kept = curr < prev;
1583
- improvement = kept ? prev - curr : null;
1584
- } else {
1585
- kept = curr > prev;
1586
- improvement = kept ? curr - prev : null;
1587
- }
1588
- if (kept) {
1589
- this.state.best_result = result;
1590
- this.state.keep_count++;
1591
- }
1592
- }
1593
- return { kept, improvement, state: { ...this.state } };
1594
- }
1595
- /**
1596
- * Export current state as a state snapshot compatible with the world file.
1597
- */
1598
- toWorldState() {
1599
- const successfulExperiments = this.state.experiment_log.filter((e) => e.success);
1600
- const failedCount = this.state.experiment_log.filter((e) => !e.success).length;
1601
- const keepRate = this.state.experiments_run > 0 ? Math.round(this.state.keep_count / this.state.experiments_run * 100) : 0;
1602
- let improvementRate = 0;
1603
- if (successfulExperiments.length >= 2) {
1604
- const recent = successfulExperiments.slice(-10);
1605
- let improvements = 0;
1606
- for (let i = 1; i < recent.length; i++) {
1607
- const prev = recent[i - 1].metric_value;
1608
- const curr = recent[i].metric_value;
1609
- if (this.config.optimize === "minimize" ? curr < prev : curr > prev) {
1610
- improvements++;
1611
- }
1612
- }
1613
- improvementRate = Math.round(improvements / (recent.length - 1) * 100);
1614
- }
1615
- return {
1616
- experiments_run: this.state.experiments_run,
1617
- best_metric_value: this.state.best_result?.metric_value ?? (this.config.optimize === "minimize" ? 100 : -1e3),
1618
- keep_rate: keepRate,
1619
- compute_used_minutes: Math.round(this.state.total_compute_minutes),
1620
- compute_budget_minutes: this.config.computeBudgetMinutes,
1621
- failed_experiments: failedCount,
1622
- metric_improvement_rate: improvementRate,
1623
- research_context_drift: 0
1624
- // would need NLP to compute properly
1625
- };
1626
- }
1627
- /**
1628
- * Get a summary of the current research state.
1629
- */
1630
- getSummary() {
1631
- return {
1632
- experiments_run: this.state.experiments_run,
1633
- best_result: this.state.best_result,
1634
- keep_rate: this.state.experiments_run > 0 ? Math.round(this.state.keep_count / this.state.experiments_run * 100) : 0,
1635
- compute_remaining_minutes: this.config.computeBudgetMinutes - this.state.total_compute_minutes,
1636
- architectures_tested: [...this.state.architectures_tested]
1637
- };
1638
- }
1639
- /**
1640
- * Load state from a persisted research context file.
1641
- */
1642
- loadState(state) {
1643
- this.state = { ...state };
1644
- }
1645
- /**
1646
- * Export state for persistence.
1647
- */
1648
- exportState() {
1649
- return { ...this.state };
1650
- }
1651
- };
1652
- // Annotate the CommonJS export names for ESM import in node:
1653
- 0 && (module.exports = {
1654
- AutoresearchGovernor,
1655
- GovernedToolExecutor,
1656
- LangChainGovernanceBlockedError,
1657
- NeuroVerseCallbackHandler,
1658
- NeuroVersePlugin,
1659
- OpenAIGovernanceBlockedError,
1660
- OpenClawGovernanceBlockedError,
1661
- createGovernanceMiddleware,
1662
- createGovernanceMiddlewareFromWorld,
1663
- createGovernedToolExecutor,
1664
- createGovernedToolExecutorFromWorld,
1665
- createNeuroVerseCallbackHandler,
1666
- createNeuroVerseCallbackHandlerFromWorld,
1667
- createNeuroVersePlugin,
1668
- createNeuroVersePluginFromWorld
1669
- });