@neuroverseos/governance 0.3.0 → 0.3.3

package/dist/{world-LAXO6DOX.js → world-BIP4GZBZ.js}

@@ -1,3 +1,6 @@
+import {
+  validateWorld
+} from "./chunk-7P3S7MAY.js";
 import {
   describeActiveWorld,
   getActiveWorldName,
@@ -5,13 +8,10 @@ import {
   resolveWorldPath,
   setActiveWorld
 } from "./chunk-AKW5YVCE.js";
-import {
-  validateWorld
-} from "./chunk-7P3S7MAY.js";
 import {
   loadWorld
-} from "./chunk-JZPQGIKR.js";
-import "./chunk-YZFATT7X.js";
+} from "./chunk-CTZHONLA.js";
+import "./chunk-QWGCMQQD.js";
 
 // src/cli/world.ts
 var USAGE = `
@@ -56,10 +56,8 @@ async function worldStatus(worldPath, json) {
       rules: world.rules.length,
       roles: world.roles?.roles.length ?? 0,
       kernel: world.kernel ? {
-        allowedInputs: world.kernel.allowed_inputs?.length ?? 0,
-        forbiddenInputs: world.kernel.forbidden_inputs?.length ?? 0,
-        allowedOutputs: world.kernel.allowed_outputs?.length ?? 0,
-        forbiddenOutputs: world.kernel.forbidden_outputs?.length ?? 0
+        forbiddenInputs: world.kernel.input_boundaries?.forbidden_patterns?.length ?? 0,
+        forbiddenOutputs: world.kernel.output_boundaries?.forbidden_patterns?.length ?? 0
       } : null,
       validation: report.summary
     }, null, 2) + "\n");
@@ -69,7 +67,7 @@ async function worldStatus(worldPath, json) {
   lines.push("WORLD STATUS");
   lines.push("\u2500".repeat(40));
   lines.push(`  Name:       ${world.world.name}`);
-  lines.push(`  ID:         ${world.world.id}`);
+  lines.push(`  ID:         ${world.world.world_id}`);
   lines.push(`  Version:    ${world.world.version}`);
   lines.push(`  Created:    ${world.metadata.created_at || "\u2014"}`);
   lines.push(`  Modified:   ${world.metadata.last_modified || "\u2014"}`);
@@ -83,7 +81,7 @@ async function worldStatus(worldPath, json) {
   lines.push(`  Roles:       ${world.roles?.roles.length ?? 0}`);
   if (world.kernel) {
     const k = world.kernel;
-    const totalRules = (k.allowed_inputs?.length ?? 0) + (k.forbidden_inputs?.length ?? 0) + (k.allowed_outputs?.length ?? 0) + (k.forbidden_outputs?.length ?? 0);
+    const totalRules = (k.input_boundaries?.forbidden_patterns?.length ?? 0) + (k.output_boundaries?.forbidden_patterns?.length ?? 0);
     lines.push(`  Kernel:      ${totalRules} rules`);
   }
   lines.push("");

package/dist/world-loader-Y6HMQH2D.js

@@ -0,0 +1,13 @@
+import {
+  DEFAULT_BUNDLED_WORLD,
+  loadBundledWorld,
+  loadWorld,
+  loadWorldFromDirectory
+} from "./chunk-CTZHONLA.js";
+import "./chunk-QWGCMQQD.js";
+export {
+  DEFAULT_BUNDLED_WORLD,
+  loadBundledWorld,
+  loadWorld,
+  loadWorldFromDirectory
+};

package/dist/worlds/coding-agent.nv-world.md

@@ -0,0 +1,211 @@
+---
+world_id: coding-agent
+name: Coding Agent Governance
+version: 1.0.0
+runtime_mode: COMPLIANCE
+default_profile: standard
+alternative_profile: strict
+---
+
+# Thesis
+
+Autonomous coding agents that can read files, write code, execute shell commands, and interact with version control require a governance layer. Without enforceable rules, a single misguided tool call can delete data, leak secrets, break production, or escalate beyond its intended scope. This world defines the boundaries within which a coding agent operates safely.
+
+# Invariants
+
+- `no_system_destruction` — Agents must never execute commands that destroy system-level resources (recursive force-delete of root paths, disk formatting, fork bombs) (structural, immutable)
+- `no_secret_exposure` — Agents must never read, log, or transmit credentials, API keys, private keys, or environment secrets outside the project boundary (structural, immutable)
+- `no_unauthorized_push` — Agents must never push directly to main or master branches without explicit approval (structural, immutable)
+- `no_scope_escape` — Agents must never access files or execute commands outside the declared project directory (structural, immutable)
+- `no_pipe_to_shell` — Agents must never pipe downloaded content directly into a shell interpreter (structural, immutable)
+- `changes_must_be_reversible` — Every file modification must be recoverable through version control; destructive operations require confirmation (prompt, immutable)
+
+# State
+
+## files_modified
+- type: number
+- min: 0
+- max: 100000
+- step: 1
+- default: 0
+- label: Files Modified
+- description: Total number of files written or edited in this session
+
+## files_deleted
+- type: number
+- min: 0
+- max: 100000
+- step: 1
+- default: 0
+- label: Files Deleted
+- description: Total number of files deleted in this session
+
+## shell_commands_run
+- type: number
+- min: 0
+- max: 10000
+- step: 1
+- default: 0
+- label: Shell Commands Run
+- description: Total number of shell commands executed
+
+## dangerous_commands_blocked
+- type: number
+- min: 0
+- max: 10000
+- step: 1
+- default: 0
+- label: Dangerous Commands Blocked
+- description: Number of shell commands blocked by governance rules
+
+## git_pushes
+- type: number
+- min: 0
+- max: 100
+- step: 1
+- default: 0
+- label: Git Pushes
+- description: Number of git push operations executed
+
+## sub_agents_spawned
+- type: number
+- min: 0
+- max: 50
+- step: 1
+- default: 0
+- label: Sub-Agents Spawned
+- description: Number of sub-agent processes created
+
+## scope_violations
+- type: number
+- min: 0
+- max: 1000
+- step: 1
+- default: 0
+- label: Scope Violations
+- description: Number of attempted actions outside the declared project scope
+
+# Assumptions
+
+## standard
+- name: Standard Development
+- description: Normal development workflow. File reads are unrestricted. File writes within project scope are allowed. Shell commands are evaluated for safety. Git pushes require feature branches.
+- file_read_policy: unrestricted
+- file_write_policy: project_scope_only
+- shell_policy: safety_evaluated
+- git_policy: feature_branches_only
+- network_policy: restricted
+
+## strict
+- name: Strict Lockdown
+- description: High-security mode. All file writes require confirmation. All shell commands require approval. No network access. No git pushes without explicit authorization.
+- file_read_policy: unrestricted
+- file_write_policy: approval_required
+- shell_policy: approval_required
+- git_policy: approval_required
+- network_policy: blocked
+
+# Rules
+
+## rule-001: Destructive Shell Command (structural)
+Shell commands that can cause irreversible system damage must be blocked unconditionally.
+
+When shell_commands_run > 0 [state] AND dangerous_commands_blocked > 0 [state]
+Then agent_safety *= 0.50
+
+> trigger: Agent attempted a destructive shell command (rm -rf, mkfs, dd, fork bomb, etc.).
+> rule: Destructive commands cannot be undone. No amount of productivity justifies risking system integrity.
+> shift: Agent safety score drops. Continued violations may halt the session.
+> effect: Agent safety reduced by 50%.
+
+## rule-002: Scope Escape Attempt (structural)
+Accessing files or running commands outside the project directory is a governance violation.
+
+When scope_violations > 0 [state]
+Then agent_safety *= 0.40
+Collapse: agent_safety < 0.10
+
+> trigger: Agent attempted to access resources outside its declared project scope.
+> rule: Agents operate within boundaries. Scope escape indicates either a misconfigured agent or a prompt injection attempt.
+> shift: Agent safety drops sharply. Multiple violations halt the session.
+> effect: Agent safety reduced to 40%.
+
+## rule-003: Excessive File Deletion (degradation)
+Deleting many files in a single session indicates potentially destructive behavior.
+
+When files_deleted > 10 [state]
+Then agent_safety *= 0.60
+
+> trigger: More than 10 files deleted in a single session.
+> rule: Bulk deletion is rarely intentional in normal development. This warrants review.
+> shift: Agent safety degrades. Remaining deletions may require approval.
+> effect: Agent safety reduced to 60%.
+
+## rule-004: Uncontrolled Sub-Agent Spawning (degradation)
+Too many sub-agents indicate either a runaway loop or poorly scoped task decomposition.
+
+When sub_agents_spawned > 10 [state]
+Then agent_safety *= 0.70
+
+> trigger: More than 10 sub-agents spawned in a single session.
+> rule: Each sub-agent inherits the parent's capabilities. Uncontrolled spawning multiplies risk.
+> shift: Agent safety degrades. Further spawning may be blocked.
+> effect: Agent safety reduced to 70%.
+
+## rule-005: Clean Session (advantage)
+A session with no violations and productive output validates the governance model.
+
+When files_modified > 0 [state] AND scope_violations == 0 [state] AND dangerous_commands_blocked == 0 [state]
+Then agent_safety *= 1.10
+
+> trigger: Agent has modified files without triggering any governance violations.
+> rule: Good behavior should be recognized. Clean sessions build trust in the agent's judgment.
+> shift: Agent safety improves slightly. Trust accumulates over clean sessions.
+> effect: Agent safety boosted by 10%.
+
+## rule-006: Unauthorized Push to Protected Branch (structural)
+Pushing to main or master without approval violates version control governance.
+
+When git_pushes > 0 [state] AND scope_violations > 0 [state]
+Then agent_safety *= 0.30
+Collapse: agent_safety < 0.10
+
+> trigger: Agent pushed to a protected branch without authorization.
+> rule: Protected branches exist for a reason. Direct pushes bypass code review and CI/CD.
+> shift: Agent safety drops critically. Session may be halted.
+> effect: Agent safety reduced to 30%.
+
+# Gates
+
+- TRUSTED: agent_safety >= 90
+- OPERATING: agent_safety >= 60
+- CAUTIOUS: agent_safety >= 35
+- RESTRICTED: agent_safety > 10
+- HALTED: agent_safety <= 10
+
+# Outcomes
+
+## agent_safety
+- type: number
+- range: 0-100
+- display: percentage
+- label: Agent Safety Score
+- primary: true
+
+## files_modified
+- type: number
+- range: 0-100000
+- display: integer
+- label: Files Modified
+
+## dangerous_commands_blocked
+- type: number
+- range: 0-10000
+- display: integer
+- label: Dangerous Commands Blocked
+
+## scope_violations
+- type: number
+- range: 0-1000
+- display: integer
+- label: Scope Violations

package/dist/worlds/research-agent.nv-world.md

@@ -0,0 +1,169 @@
+---
+world_id: research-agent
+name: Research Agent Governance
+version: 1.0.0
+runtime_mode: COMPLIANCE
+default_profile: conservative
+alternative_profile: exploratory
+---
+
+# Thesis
+
+AI research agents that autonomously search, synthesize, and publish findings must operate within governance boundaries. An ungoverned research agent can fabricate citations, plagiarize content, exceed API rate limits, or publish unreviewed conclusions. Research governance ensures rigor, attribution, and responsible resource usage.
+
+# Invariants
+
+- `sources_must_be_cited` — Every claim must be traceable to a declared source; unsourced assertions are forbidden (structural, immutable)
+- `no_fabricated_citations` — Agent must never invent, hallucinate, or misattribute sources or data (structural, immutable)
+- `no_plagiarism` — Agent must not reproduce copyrighted content without proper attribution and licensing compliance (structural, immutable)
+- `api_rate_limits_respected` — Agent must respect rate limits on all external APIs and data sources (structural, immutable)
+- `no_unauthorized_publication` — Research findings must not be published externally without human review and approval (prompt, immutable)
+- `data_provenance_tracked` — Every piece of data used must have clear provenance (source URL, access date, license) (structural, immutable)
+
+# State
+
+## sources_consulted
+- type: number
+- min: 0
+- max: 10000
+- step: 1
+- default: 0
+- label: Sources Consulted
+- description: Total number of unique sources accessed
+
+## claims_made
+- type: number
+- min: 0
+- max: 10000
+- step: 1
+- default: 0
+- label: Claims Made
+- description: Total assertions or findings produced
+
+## unsourced_claims
+- type: number
+- min: 0
+- max: 10000
+- step: 1
+- default: 0
+- label: Unsourced Claims
+- description: Claims without traceable source attribution
+
+## api_calls_made
+- type: number
+- min: 0
+- max: 100000
+- step: 1
+- default: 0
+- label: API Calls Made
+- description: Total external API calls made
+
+## api_budget
+- type: number
+- min: 0
+- max: 100000
+- step: 100
+- default: 5000
+- label: API Call Budget
+- description: Maximum allowed API calls for this research session
+
+## synthesis_quality
+- type: number
+- min: 0
+- max: 100
+- step: 1
+- default: 50
+- label: Synthesis Quality
+- description: Quality score based on source diversity, citation coverage, and coherence
+
+# Assumptions
+
+## conservative
+- name: Conservative Research
+- description: Prioritize accuracy over speed. Require multiple sources per claim. Strict API budget adherence. No publication without review.
+- source_requirement: multiple_per_claim
+- api_strictness: hard_limit
+- publication_gate: human_required
+
+## exploratory
+- name: Exploratory Research
+- description: Allow broader exploration with single-source claims. Softer API limits. Still require review for publication.
+- source_requirement: at_least_one
+- api_strictness: soft_warning
+- publication_gate: human_required
+
+# Rules
+
+## rule-001: API Budget Exhausted (structural)
+When the API call budget is exceeded, no further external calls are allowed.
+
+When api_calls_made > api_budget [state]
+Then research_viability *= 0.00
+Collapse: research_viability < 0.05
+
+> trigger: API call budget exceeded — no more external requests allowed.
+> rule: Rate limits and budgets exist to prevent abuse and cost overruns.
+> shift: Research loop halts for external calls. Agent must work with existing data.
+> effect: Research viability set to zero for external operations.
+
+## rule-002: Unsourced Claims (degradation)
+Research with many unsourced claims lacks rigor and trustworthiness.
+
+When unsourced_claims > 3 [state] AND claims_made > 0 [state]
+Then research_viability *= 0.40
+
+> trigger: More than 3 claims made without source attribution.
+> rule: Every assertion must be traceable. Unsourced claims undermine research integrity.
+> shift: Research viability drops significantly. Agent must add citations.
+> effect: Research viability reduced to 40%.
+
+## rule-003: Source Diversity (advantage)
+Consulting many diverse sources produces higher quality research.
+
+When sources_consulted > 10 [state] AND unsourced_claims == 0 [state]
+Then research_viability *= 1.25
+
+> trigger: 10+ sources consulted with zero unsourced claims.
+> rule: Diverse, well-cited research is the gold standard.
+> shift: Research viability improves. Findings are well-supported.
+> effect: Research viability boosted by 25%.
+
+## rule-004: Low Source Coverage (degradation)
+Making many claims from few sources indicates shallow research.
+
+When claims_made > 10 [state] AND sources_consulted < 3 [state]
+Then research_viability *= 0.50
+
+> trigger: 10+ claims from fewer than 3 sources — research is too narrow.
+> rule: Good research requires multiple perspectives and cross-referencing.
+> shift: Research viability degrades. Agent should broaden its sources.
+> effect: Research viability reduced to 50%.
+
+# Gates
+
+- RIGOROUS: research_viability >= 85
+- SOLID: research_viability >= 60
+- DEVELOPING: research_viability >= 35
+- WEAK: research_viability > 10
+- UNRELIABLE: research_viability <= 10
+
+# Outcomes
+
+## research_viability
+- type: number
+- range: 0-100
+- display: percentage
+- label: Research Viability
+- primary: true
+
+## sources_consulted
+- type: number
+- range: 0-10000
+- display: integer
+- label: Sources Consulted
+
+## unsourced_claims
+- type: number
+- range: 0-10000
+- display: integer
+- label: Unsourced Claims

package/dist/worlds/social-media.nv-world.md

@@ -0,0 +1,198 @@
+---
+world_id: social-media
+name: Social Media Governance
+version: 1.0.0
+runtime_mode: COMPLIANCE
+default_profile: moderate
+alternative_profile: strict
+---
+
+# Thesis
+
+Social media platforms hosting AI agents must govern what agents can post, share, amplify, and interact with. An ungoverned social network of AI agents allows misinformation to cascade, bot amplification to distort discourse, and coordinated inauthentic behavior to manipulate public opinion. Governance doesn't silence agents — it shapes how they participate, turning potential harm into constructive discourse.
+
+# Invariants
+
+- `no_unverified_amplification` — Agents must not amplify unverified claims to large audiences (structural, immutable)
+- `no_bot_amplification` — Bot accounts must not create original posts or amplify content (structural, immutable)
+- `no_coordinated_inauthentic_behavior` — Coordinated campaigns from low-credibility accounts must be blocked (structural, immutable)
+- `misinfo_cascade_prevention` — When misinformation levels exceed thresholds, sharing restrictions tighten automatically (structural, immutable)
+- `source_verification_required` — Agents sharing factual claims must have credibility above minimum threshold (structural, immutable)
+- `audit_trail_maintained` — Every post, share, block, and moderation action must be logged (structural, immutable)
+
+# State
+
+## misinfo_level
+- type: number
+- min: 0
+- max: 100
+- step: 1
+- default: 0
+- label: Misinformation Level
+- description: Percentage of recent feed content that is misinformation (0-100)
+
+## network_mood
+- type: enum
+- options: calm, neutral, agitated, polarized
+- default: neutral
+- label: Network Mood
+- description: Overall emotional state of the agent network
+
+## engagement_health
+- type: number
+- min: 0
+- max: 100
+- step: 1
+- default: 80
+- label: Engagement Health
+- description: Quality of discourse (high = constructive, low = toxic)
+
+## trust_score
+- type: number
+- min: 0
+- max: 100
+- step: 1
+- default: 50
+- label: Network Trust Score
+- description: Aggregate trust in content authenticity across the network
+
+## active_agents
+- type: number
+- min: 0
+- max: 1000
+- step: 1
+- default: 50
+- label: Active Agents
+- description: Number of agents currently active on the network
+
+## total_reach
+- type: number
+- min: 0
+- max: 100000000
+- step: 100
+- default: 0
+- label: Total Reach
+- description: Cumulative audience reach across all posts
+
+# Assumptions
+
+## moderate
+- name: Moderate Governance
+- description: Balance free expression with misinformation prevention. Allow sharing with verification requirements. Penalize repeat offenders.
+- amplification_threshold: 0.5
+- bot_posting: blocked
+- credibility_floor: 0.2
+- cascade_threshold: 40
+
+## strict
+- name: Strict Governance
+- description: Aggressive misinformation prevention. Higher credibility requirements. Lower cascade thresholds. Faster enforcement.
+- amplification_threshold: 0.3
+- bot_posting: blocked
+- credibility_floor: 0.4
+- cascade_threshold: 25
+
+# Rules
+
+## rule-001: Misinformation Amplification (structural)
+When misinformation is being shared by agents with significant influence, block the amplification.
+
+When misinfo_level > 40 [state]
+Then engagement_health *= 0.30
+Collapse: engagement_health < 10
+
+> trigger: Misinformation level exceeds 40% of recent feed content.
+> rule: Unverified claims cannot be amplified to large audiences. Block sharing content marked as misinformation when the agent has influence above the threshold.
+> shift: Amplification halts. Agents who were sharing misinformation go silent or redirect to fact-checking.
+> effect: Engagement health drops severely. Network enters protective mode.
+
+## rule-002: Bot Content Creation (structural)
+Bot accounts must not create original posts. They can only interact passively.
+
+When active_agents > 0 [state]
+Then engagement_health *= 0.70
+
+> trigger: Bot agent attempts to create an original post.
+> rule: Bot accounts are restricted to passive actions (like, scroll). They cannot create posts, share content, or amplify messages. This prevents automated content flooding.
+> shift: Bot agents are redirected from posting to passive observation.
+> effect: Engagement health reduced. Bot activity is suppressed.
+
+## rule-003: Low Credibility Sharing (degradation)
+Agents with very low credibility scores should face restrictions on sharing content.
+
+When trust_score < 30 [state]
+Then engagement_health *= 0.60
+
+> trigger: Agent credibility score falls below 0.2 threshold.
+> rule: Low-credibility agents (bots, trolls, new accounts) face sharing restrictions. They can still consume content but cannot amplify it. Credibility is earned through constructive participation.
+> shift: Low-credibility agents are penalized. Their sharing ability is reduced.
+> effect: Engagement health degrades. Network quality is protected at the cost of some participation.
+
+## rule-004: Cascade Prevention (structural)
+When misinformation reaches dangerous levels, emergency sharing restrictions activate.
+
+When misinfo_level > 60 [state]
+Then engagement_health *= 0.10
+Collapse: engagement_health < 10
+
+> trigger: Misinformation exceeds 60% of recent content — cascade imminent.
+> rule: Emergency governance mode. All sharing paused except from high-credibility agents (scientists, fact-checkers). This is the kill switch for information cascades.
+> shift: Network goes quiet. Only verified voices can still share. Cascade is prevented at the cost of reduced activity.
+> effect: Engagement health near-zero. Network enters lockdown.
+
+## rule-005: Fact-Checker Reward (advantage)
+Agents who report misinformation constructively should be rewarded.
+
+When trust_score > 60 [state] AND misinfo_level > 10 [state]
+Then engagement_health *= 1.25
+
+> trigger: High-credibility agent reports or debunks misinformation.
+> rule: Constructive correction of misinformation is the behavior governance should encourage. Fact-checkers and scientists who report false content get influence boosts and priority.
+> shift: Fact-checking behavior is amplified. Constructive correction becomes the dominant response to misinformation.
+> effect: Engagement health improves. Network self-corrects.
+
+## rule-006: Healthy Discourse (advantage)
+When misinformation is low and engagement is constructive, the network thrives.
+
+When misinfo_level < 10 [state] AND trust_score > 70 [state]
+Then engagement_health *= 1.20
+
+> trigger: Low misinformation, high trust — the network is functioning well.
+> rule: Healthy discourse deserves recognition. When governance has successfully maintained a clean information environment, all agents benefit from increased engagement quality.
+> shift: Network enters virtuous cycle. Constructive participation increases.
+> effect: Engagement health boosted. Trust reinforced.
+
+# Gates
+
+- THRIVING: engagement_health >= 80
+- HEALTHY: engagement_health >= 60
+- STRESSED: engagement_health >= 35
+- CRITICAL: engagement_health > 10
+- COLLAPSED: engagement_health <= 10
+
+# Outcomes
+
+## engagement_health
+- type: number
+- range: 0-100
+- display: percentage
+- label: Engagement Health
+- primary: true
+
+## misinfo_level
+- type: number
+- range: 0-100
+- display: percentage
+- label: Misinformation Level
+
+## trust_score
+- type: number
+- range: 0-100
+- display: percentage
+- label: Network Trust
+
+## total_reach
+- type: number
+- range: 0-100000000
+- display: integer
+- label: Total Reach