@neuroverseos/governance 0.3.0 → 0.3.3

package/dist/adapters/index.cjs

@@ -31,12 +31,18 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 var adapters_exports = {};
 __export(adapters_exports, {
   AutoresearchGovernor: () => AutoresearchGovernor,
+  DeepAgentsGovernanceBlockedError: () => GovernanceBlockedError5,
+  DeepAgentsGuard: () => DeepAgentsGuard,
+  GovernanceBlockedError: () => GovernanceBlockedError,
   GovernedToolExecutor: () => GovernedToolExecutor,
-  LangChainGovernanceBlockedError: () => GovernanceBlockedError,
+  LangChainGovernanceBlockedError: () => GovernanceBlockedError2,
   NeuroVerseCallbackHandler: () => NeuroVerseCallbackHandler,
   NeuroVersePlugin: () => NeuroVersePlugin,
-  OpenAIGovernanceBlockedError: () => GovernanceBlockedError2,
-  OpenClawGovernanceBlockedError: () => GovernanceBlockedError3,
+  OpenAIGovernanceBlockedError: () => GovernanceBlockedError3,
+  OpenClawGovernanceBlockedError: () => GovernanceBlockedError4,
+  buildEngineOptions: () => buildEngineOptions,
+  createDeepAgentsGuard: () => createDeepAgentsGuard,
+  createDeepAgentsGuardFromWorld: () => createDeepAgentsGuardFromWorld,
   createGovernanceMiddleware: () => createGovernanceMiddleware,
   createGovernanceMiddlewareFromWorld: () => createGovernanceMiddlewareFromWorld,
   createGovernedToolExecutor: () => createGovernedToolExecutor,
@@ -44,21 +50,34 @@ __export(adapters_exports, {
   createNeuroVerseCallbackHandler: () => createNeuroVerseCallbackHandler,
   createNeuroVerseCallbackHandlerFromWorld: () => createNeuroVerseCallbackHandlerFromWorld,
   createNeuroVersePlugin: () => createNeuroVersePlugin,
-  createNeuroVersePluginFromWorld: () => createNeuroVersePluginFromWorld
+  createNeuroVersePluginFromWorld: () => createNeuroVersePluginFromWorld,
+  defaultBlockMessage: () => defaultBlockMessage,
+  extractScope: () => extractScope,
+  trackPlanProgress: () => trackPlanProgress
 });
 module.exports = __toCommonJS(adapters_exports);
 
-// src/engine/plan-engine.ts
-function keywordMatch(eventText, step) {
-  const stepText = [
-    step.label,
-    step.description ?? "",
-    ...step.tags ?? []
+// src/engine/text-utils.ts
+function normalizeEventText(event) {
+  return [
+    event.intent,
+    event.tool ?? "",
+    event.scope ?? ""
   ].join(" ").toLowerCase();
-  const keywords = stepText.split(/\s+/).filter((w) => w.length > 3);
+}
+function extractKeywords(text, minLength = 3) {
+  return text.toLowerCase().split(/\s+/).filter((w) => w.length > minLength);
+}
+function matchesAllKeywords(eventText, ruleText) {
+  const keywords = extractKeywords(ruleText);
+  if (keywords.length === 0) return false;
+  return keywords.every((kw) => eventText.includes(kw));
+}
+function matchesKeywordThreshold(eventText, ruleText, threshold = 0.5) {
+  const keywords = extractKeywords(ruleText);
   if (keywords.length === 0) return false;
   const matched = keywords.filter((kw) => eventText.includes(kw));
-  return matched.length >= Math.ceil(keywords.length * 0.5);
+  return matched.length >= Math.ceil(keywords.length * threshold);
 }
 function tokenSimilarity(a, b) {
   const tokensA = new Set(a.toLowerCase().split(/\s+/).filter((w) => w.length > 2));
@@ -71,6 +90,19 @@ function tokenSimilarity(a, b) {
   const union = (/* @__PURE__ */ new Set([...tokensA, ...tokensB])).size;
   return union > 0 ? intersection / union : 0;
 }
+
+// src/engine/plan-engine.ts
+function keywordMatch(eventText, step) {
+  const stepText = [
+    step.label,
+    step.description ?? "",
+    ...step.tags ?? []
+  ].join(" ");
+  return matchesKeywordThreshold(eventText, stepText, 0.5);
+}
+function tokenSimilarity2(a, b) {
+  return tokenSimilarity(a, b);
+}
 function findMatchingStep(eventText, event, steps) {
   const pendingOrActive = steps.filter((s) => s.status === "pending" || s.status === "active");
   if (pendingOrActive.length === 0) {
@@ -89,7 +121,7 @@ function findMatchingStep(eventText, event, steps) {
   let bestScore = 0;
   for (const step of pendingOrActive) {
     const stepText = [step.label, step.description ?? "", ...step.tags ?? []].join(" ");
-    const score = tokenSimilarity(intentText, stepText);
+    const score = tokenSimilarity2(intentText, stepText);
     if (score > bestScore) {
       bestScore = score;
       bestStep = step;
@@ -130,7 +162,7 @@ function checkConstraints(event, eventText, constraints) {
       continue;
     }
     if (constraint.type === "scope" && constraint.trigger) {
-      const keywords = constraint.trigger.split(/\s+/).filter((w) => w.length > 3);
+      const keywords = extractKeywords(constraint.trigger);
       const violated = keywords.length > 0 && keywords.every((kw) => eventText.includes(kw));
       checks.push({
         constraintId: constraint.id,
@@ -211,11 +243,7 @@ function evaluatePlan(event, plan) {
       progress
     };
   }
-  const eventText = [
-    event.intent,
-    event.tool ?? "",
-    event.scope ?? ""
-  ].join(" ").toLowerCase();
+  const eventText = normalizeEventText(event);
   const { matched, closest, closestScore } = findMatchingStep(eventText, event, plan.steps);
   if (!matched) {
     return {
@@ -256,7 +284,7 @@ function evaluatePlan(event, plan) {
   };
 }
 function buildPlanCheck(event, plan, verdict) {
-  const eventText = [event.intent, event.tool ?? "", event.scope ?? ""].join(" ").toLowerCase();
+  const eventText = normalizeEventText(event);
   const { matched, closest, closestScore } = findMatchingStep(eventText, event, plan.steps);
   const { checks: constraintChecks } = checkConstraints(event, eventText, plan.constraints);
   const progress = getPlanProgress(plan);
@@ -274,6 +302,50 @@ function buildPlanCheck(event, plan, verdict) {
   };
 }
 
+// src/adapters/shared.ts
+var GovernanceBlockedError = class extends Error {
+  verdict;
+  constructor(verdict, message) {
+    super(message ?? `[NeuroVerse] BLOCKED: ${verdict.reason ?? verdict.ruleId ?? "governance rule"}`);
+    this.name = "GovernanceBlockedError";
+    this.verdict = verdict;
+  }
+};
+function trackPlanProgress(event, state, callbacks) {
+  if (!state.activePlan) return;
+  const planVerdict = evaluatePlan(event, state.activePlan);
+  if (planVerdict.matchedStep) {
+    const advResult = advancePlan(state.activePlan, planVerdict.matchedStep);
+    if (advResult.success && advResult.plan) {
+      state.activePlan = advResult.plan;
+      state.engineOptions.plan = state.activePlan;
+    }
+    const progress = getPlanProgress(state.activePlan);
+    callbacks.onPlanProgress?.(progress);
+    if (progress.completed === progress.total) {
+      callbacks.onPlanComplete?.();
+    }
+  }
+}
+function extractScope(args) {
+  if (typeof args.path === "string") return args.path;
+  if (typeof args.file_path === "string") return args.file_path;
+  if (typeof args.filename === "string") return args.filename;
+  if (typeof args.url === "string") return args.url;
+  if (typeof args.command === "string") return args.command;
+  return void 0;
+}
+function buildEngineOptions(options, plan) {
+  return {
+    trace: options.trace ?? false,
+    level: options.level,
+    plan: plan ?? options.plan
+  };
+}
+function defaultBlockMessage(verdict) {
+  return `Action blocked by governance policy: ${verdict.reason ?? "rule violation"}. Rule: ${verdict.ruleId ?? "unknown"}.`;
+}
+
 // src/engine/guard-engine.ts
 var PROMPT_INJECTION_PATTERNS = [
   // Instruction override
@@ -358,11 +430,49 @@ function isExternalScope(scope) {
   ];
   return !internalPatterns.some((p) => p.test(scope));
 }
+var MAX_INPUT_LENGTH = 1e5;
 function evaluateGuard(event, world, options = {}) {
   const startTime = performance.now();
   const level = options.level ?? "standard";
   const includeTrace = options.trace ?? false;
-  const eventText = (event.intent + " " + (event.tool ?? "") + " " + (event.scope ?? "")).toLowerCase();
+  if (!event.intent || typeof event.intent !== "string") {
+    return {
+      status: "BLOCK",
+      reason: "GuardEvent.intent is required and must be a string",
+      ruleId: "safety-input-validation",
+      evidence: {
+        worldId: world.world?.world_id ?? "",
+        worldName: world.world?.name ?? "",
+        worldVersion: world.world?.version ?? "",
+        evaluatedAt: Date.now(),
+        invariantsSatisfied: 0,
+        invariantsTotal: 0,
+        guardsMatched: [],
+        rulesMatched: [],
+        enforcementLevel: level
+      }
+    };
+  }
+  const inputLength = event.intent.length + (event.tool?.length ?? 0) + (event.scope?.length ?? 0) + (event.payload ? JSON.stringify(event.payload).length : 0);
+  if (inputLength > MAX_INPUT_LENGTH) {
+    return {
+      status: "BLOCK",
+      reason: `Input exceeds maximum allowed length (${MAX_INPUT_LENGTH} characters)`,
+      ruleId: "safety-input-length",
+      evidence: {
+        worldId: world.world?.world_id ?? "",
+        worldName: world.world?.name ?? "",
+        worldVersion: world.world?.version ?? "",
+        evaluatedAt: Date.now(),
+        invariantsSatisfied: 0,
+        invariantsTotal: 0,
+        guardsMatched: [],
+        rulesMatched: [],
+        enforcementLevel: level
+      }
+    };
+  }
+  const eventText = normalizeEventText(event);
   const invariantChecks = [];
   const safetyChecks = [];
   let planCheckResult;
@@ -375,6 +485,43 @@ function evaluateGuard(event, world, options = {}) {
   const guardsMatched = [];
   const rulesMatched = [];
   checkInvariantCoverage(world, invariantChecks);
+  if (event.roleId && options.agentStates) {
+    const agentState = options.agentStates.get(event.roleId);
+    if (agentState && agentState.cooldownRemaining > 0) {
+      decidingLayer = "safety";
+      decidingId = `penalize-cooldown-${event.roleId}`;
+      const verdict = buildVerdict(
+        "PENALIZE",
+        `Agent "${event.roleId}" is frozen for ${agentState.cooldownRemaining} more round(s) due to prior penalty.`,
+        `penalize-cooldown-${event.roleId}`,
+        void 0,
+        world,
+        level,
+        invariantChecks,
+        guardsMatched,
+        rulesMatched,
+        includeTrace ? buildTrace(
+          invariantChecks,
+          safetyChecks,
+          planCheckResult,
+          roleChecks,
+          guardChecks,
+          kernelRuleChecks,
+          levelChecks,
+          decidingLayer,
+          decidingId,
+          startTime
+        ) : void 0
+      );
+      verdict.intentRecord = {
+        originalIntent: event.intent,
+        finalAction: "blocked (agent frozen)",
+        enforcement: "PENALIZE",
+        consequence: { type: "freeze", rounds: agentState.cooldownRemaining, description: "Agent still in cooldown from prior penalty" }
+      };
+      return verdict;
+    }
+  }
   if (options.sessionAllowlist) {
     const key = eventToAllowlistKey(event);
     if (options.sessionAllowlist.has(key)) {
@@ -502,7 +649,16 @@ function evaluateGuard(event, world, options = {}) {
     if (guardVerdict.status !== "ALLOW") {
       decidingLayer = "guard";
       decidingId = guardVerdict.ruleId;
-      return buildVerdict(
+      const intentRecord = {
+        originalIntent: event.intent,
+        finalAction: guardVerdict.status === "MODIFY" ? guardVerdict.modifiedTo ?? "modified" : guardVerdict.status === "PENALIZE" ? "blocked + penalized" : guardVerdict.status === "REWARD" ? event.intent : guardVerdict.status === "NEUTRAL" ? event.intent : guardVerdict.status === "BLOCK" ? "blocked" : "paused",
+        ruleApplied: guardVerdict.ruleId,
+        enforcement: guardVerdict.status,
+        modifiedTo: guardVerdict.modifiedTo,
+        consequence: guardVerdict.consequence,
+        reward: guardVerdict.reward
+      };
+      const verdict = buildVerdict(
         guardVerdict.status,
         guardVerdict.reason,
         guardVerdict.ruleId,
@@ -525,6 +681,10 @@ function evaluateGuard(event, world, options = {}) {
           startTime
         ) : void 0
       );
+      verdict.intentRecord = intentRecord;
+      if (guardVerdict.consequence) verdict.consequence = guardVerdict.consequence;
+      if (guardVerdict.reward) verdict.reward = guardVerdict.reward;
+      return verdict;
     }
   }
   const kernelVerdict = checkKernelRules(eventText, world, kernelRuleChecks, rulesMatched);
@@ -819,6 +979,21 @@ function checkGuards(event, eventText, world, checks, guardsMatched) {
     if (actionMode === "pause") {
       return { status: "PAUSE", reason, ruleId: `guard-${guard.id}` };
     }
+    if (actionMode === "penalize") {
+      const consequence = guard.consequence ? { ...guard.consequence } : { type: "freeze", rounds: 1, description: `Penalized for violating: ${guard.label}` };
+      return { status: "PENALIZE", reason, ruleId: `guard-${guard.id}`, consequence };
+    }
+    if (actionMode === "reward") {
+      const reward = guard.reward ? { ...guard.reward } : { type: "boost_influence", magnitude: 0.1, description: `Rewarded for: ${guard.label}` };
+      return { status: "REWARD", reason, ruleId: `guard-${guard.id}`, reward };
+    }
+    if (actionMode === "modify") {
+      const modifiedTo = guard.modify_to ?? guard.redirect ?? "hold";
+      return { status: "MODIFY", reason: `${reason} \u2192 Modified to: ${modifiedTo}`, ruleId: `guard-${guard.id}`, modifiedTo };
+    }
+    if (actionMode === "neutral") {
+      return { status: "NEUTRAL", reason, ruleId: `guard-${guard.id}` };
+    }
     if (actionMode === "warn" && !warnResult) {
       warnResult = { status: "ALLOW", warning: reason, ruleId: `guard-${guard.id}` };
     }
@@ -928,9 +1103,7 @@ function checkLevelConstraints(event, level, checks) {
   return null;
 }
 function matchesKeywords(eventText, ruleText) {
-  const keywords = ruleText.toLowerCase().split(/\s+/).filter((w) => w.length > 3);
-  if (keywords.length === 0) return false;
-  return keywords.every((kw) => eventText.includes(kw));
+  return matchesAllKeywords(eventText, ruleText);
 }
 function eventToAllowlistKey(event) {
   return `${(event.tool ?? "*").toLowerCase()}::${event.intent.toLowerCase().trim()}`;
@@ -998,10 +1171,18 @@ async function loadWorldFromDirectory(dirPath) {
   const { join } = await import("path");
   const { readdirSync } = await import("fs");
   async function readJson(filename) {
+    const filePath = join(dirPath, filename);
     try {
-      const content = await readFile(join(dirPath, filename), "utf-8");
+      const content = await readFile(filePath, "utf-8");
       return JSON.parse(content);
-    } catch {
+    } catch (err) {
+      if (err instanceof Error && "code" in err && err.code === "ENOENT") {
+        return void 0;
+      }
+      process.stderr.write(
+        `[neuroverse] Warning: Failed to read ${filename}: ${err instanceof Error ? err.message : String(err)}
+`
+      );
       return void 0;
     }
   }
@@ -1023,10 +1204,23 @@ async function loadWorldFromDirectory(dirPath) {
     const rulesDir = join(dirPath, "rules");
     const ruleFiles = readdirSync(rulesDir).filter((f) => f.endsWith(".json")).sort();
     for (const file of ruleFiles) {
-      const content = await readFile(join(rulesDir, file), "utf-8");
-      rules.push(JSON.parse(content));
+      try {
+        const content = await readFile(join(rulesDir, file), "utf-8");
+        rules.push(JSON.parse(content));
+      } catch (err) {
+        process.stderr.write(
+          `[neuroverse] Warning: Failed to parse rule ${file}: ${err instanceof Error ? err.message : String(err)}
+`
+        );
+      }
+    }
+  } catch (err) {
+    if (!(err instanceof Error && "code" in err && err.code === "ENOENT")) {
+      process.stderr.write(
+        `[neuroverse] Warning: Failed to read rules directory: ${err instanceof Error ? err.message : String(err)}
+`
+      );
     }
-  } catch {
   }
   return {
     world: worldJson,
@@ -1061,20 +1255,14 @@ async function loadWorld(worldPath) {
   if (info.isDirectory()) {
     return loadWorldFromDirectory(worldPath);
   }
-  if (worldPath.endsWith(".nv-world.zip")) {
-    throw new Error(".nv-world.zip loading not yet implemented \u2014 use a world directory");
-  }
-  throw new Error(`Cannot load world from: ${worldPath} \u2014 expected a directory or .nv-world.zip`);
+  throw new Error(`Cannot load world from: ${worldPath} \u2014 expected a directory`);
 }
 
 // src/adapters/langchain.ts
-var GovernanceBlockedError = class extends Error {
-  verdict;
+var GovernanceBlockedError2 = class extends GovernanceBlockedError {
   event;
   constructor(verdict, event) {
-    super(`[NeuroVerse] BLOCKED: ${verdict.reason ?? verdict.ruleId ?? "governance rule"}`);
-    this.name = "GovernanceBlockedError";
-    this.verdict = verdict;
+    super(verdict);
     this.event = event;
   }
 };
@@ -1082,7 +1270,7 @@ function defaultMapToolCall(toolName, toolInput) {
   return {
     intent: toolName,
     tool: toolName,
-    scope: typeof toolInput.path === "string" ? toolInput.path : typeof toolInput.url === "string" ? toolInput.url : void 0,
+    scope: extractScope(toolInput),
     args: toolInput,
     direction: "input"
   };
@@ -1098,11 +1286,7 @@ var NeuroVerseCallbackHandler = class {
     this.world = world;
     this.options = options;
     this.activePlan = options.plan;
-    this.engineOptions = {
-      trace: options.trace ?? false,
-      level: options.level,
-      plan: this.activePlan
-    };
+    this.engineOptions = buildEngineOptions(options, this.activePlan);
     this.mapToolCall = options.mapToolCall ?? defaultMapToolCall;
   }
   /**
@@ -1125,28 +1309,16 @@ var NeuroVerseCallbackHandler = class {
     this.options.onEvaluate?.(verdict, event);
     if (verdict.status === "BLOCK") {
       this.options.onBlock?.(verdict, event);
-      throw new GovernanceBlockedError(verdict, event);
+      throw new GovernanceBlockedError2(verdict, event);
     }
     if (verdict.status === "PAUSE") {
       const approved = await this.options.onPause?.(verdict, event);
       if (!approved) {
-        throw new GovernanceBlockedError(verdict, event);
+        throw new GovernanceBlockedError2(verdict, event);
       }
     }
-    if (verdict.status === "ALLOW" && this.activePlan) {
-      const planVerdict = evaluatePlan(event, this.activePlan);
-      if (planVerdict.matchedStep) {
-        const advResult = advancePlan(this.activePlan, planVerdict.matchedStep);
-        if (advResult.success && advResult.plan) {
-          this.activePlan = advResult.plan;
-          this.engineOptions.plan = this.activePlan;
-        }
-        const progress = getPlanProgress(this.activePlan);
-        this.options.onPlanProgress?.(progress);
-        if (progress.completed === progress.total) {
-          this.options.onPlanComplete?.();
-        }
-      }
+    if (verdict.status === "ALLOW") {
+      trackPlanProgress(event, this, this.options);
     }
   }
 };
@@ -1159,13 +1331,10 @@ function createNeuroVerseCallbackHandlerFromWorld(world, options) {
 }
 
 // src/adapters/openai.ts
-var GovernanceBlockedError2 = class extends Error {
-  verdict;
+var GovernanceBlockedError3 = class extends GovernanceBlockedError {
   toolCallId;
   constructor(verdict, toolCallId) {
-    super(`[NeuroVerse] BLOCKED: ${verdict.reason ?? verdict.ruleId ?? "governance rule"}`);
-    this.name = "GovernanceBlockedError";
-    this.verdict = verdict;
+    super(verdict);
     this.toolCallId = toolCallId;
   }
 };
@@ -1173,14 +1342,11 @@ function defaultMapFunctionCall(name, args) {
   return {
     intent: name,
     tool: name,
-    scope: typeof args.path === "string" ? args.path : typeof args.url === "string" ? args.url : void 0,
+    scope: extractScope(args),
     args,
     direction: "input"
   };
 }
-function defaultBlockMessage(verdict) {
-  return `Action blocked by governance policy: ${verdict.reason ?? "rule violation"}. Rule: ${verdict.ruleId ?? "unknown"}.`;
-}
 var GovernedToolExecutor = class {
   world;
   options;
@@ -1192,11 +1358,7 @@ var GovernedToolExecutor = class {
     this.world = world;
     this.options = options;
     this.activePlan = options.plan;
-    this.engineOptions = {
-      trace: options.trace ?? false,
-      level: options.level,
-      plan: this.activePlan
-    };
+    this.engineOptions = buildEngineOptions(options, this.activePlan);
     this.mapFn = options.mapFunctionCall ?? defaultMapFunctionCall;
     this.blockMsg = options.blockMessage ?? defaultBlockMessage;
   }
@@ -1215,20 +1377,8 @@ var GovernedToolExecutor = class {
     this.engineOptions.plan = this.activePlan;
     const verdict = evaluateGuard(event, this.world, this.engineOptions);
     this.options.onEvaluate?.(verdict, event);
-    if (verdict.status === "ALLOW" && this.activePlan) {
-      const planVerdict = evaluatePlan(event, this.activePlan);
-      if (planVerdict.matchedStep) {
-        const advResult = advancePlan(this.activePlan, planVerdict.matchedStep);
-        if (advResult.success && advResult.plan) {
-          this.activePlan = advResult.plan;
-          this.engineOptions.plan = this.activePlan;
-        }
-        const progress = getPlanProgress(this.activePlan);
-        this.options.onPlanProgress?.(progress);
-        if (progress.completed === progress.total) {
-          this.options.onPlanComplete?.();
-        }
-      }
+    if (verdict.status === "ALLOW") {
+      trackPlanProgress(event, this, this.options);
     }
     return verdict;
   }
@@ -1254,7 +1404,7 @@ var GovernedToolExecutor = class {
       };
     }
     if (verdict.status === "PAUSE") {
-      throw new GovernanceBlockedError2(verdict, toolCall.id);
+      throw new GovernanceBlockedError3(verdict, toolCall.id);
     }
     let args;
     try {
@@ -1280,13 +1430,10 @@ function createGovernedToolExecutorFromWorld(world, options) {
 }
 
 // src/adapters/openclaw.ts
-var GovernanceBlockedError3 = class extends Error {
-  verdict;
+var GovernanceBlockedError4 = class extends GovernanceBlockedError {
   action;
   constructor(verdict, action) {
-    super(`[NeuroVerse] BLOCKED: ${verdict.reason ?? verdict.ruleId ?? "governance rule"}`);
-    this.name = "GovernanceBlockedError";
-    this.verdict = verdict;
+    super(verdict);
     this.action = action;
   }
 };
@@ -1296,7 +1443,7 @@ function defaultMapAction(action, direction) {
     tool: action.tool ?? action.type,
     args: action.input,
     direction,
-    scope: typeof action.input?.path === "string" ? action.input.path : typeof action.input?.url === "string" ? action.input.url : void 0
+    scope: action.input ? extractScope(action.input) : void 0
   };
 }
 var NeuroVersePlugin = class {
@@ -1310,11 +1457,7 @@ var NeuroVersePlugin = class {
     this.world = world;
     this.options = options;
     this.activePlan = options.plan;
-    this.engineOptions = {
-      trace: options.trace ?? false,
-      level: options.level,
-      plan: this.activePlan
-    };
+    this.engineOptions = buildEngineOptions(options, this.activePlan);
     this.mapAction = options.mapAction ?? defaultMapAction;
   }
   /**
@@ -1334,22 +1477,10 @@ var NeuroVersePlugin = class {
     };
     this.options.onEvaluate?.(result);
     if (verdict.status === "BLOCK") {
-      throw new GovernanceBlockedError3(verdict, action);
+      throw new GovernanceBlockedError4(verdict, action);
     }
-    if (verdict.status === "ALLOW" && this.activePlan) {
-      const planVerdict = evaluatePlan(event, this.activePlan);
-      if (planVerdict.matchedStep) {
-        const advResult = advancePlan(this.activePlan, planVerdict.matchedStep);
-        if (advResult.success && advResult.plan) {
-          this.activePlan = advResult.plan;
-          this.engineOptions.plan = this.activePlan;
-        }
-        const progress = getPlanProgress(this.activePlan);
-        this.options.onPlanProgress?.(progress);
-        if (progress.completed === progress.total) {
-          this.options.onPlanComplete?.();
-        }
-      }
+    if (verdict.status === "ALLOW") {
+      trackPlanProgress(event, this, this.options);
     }
     return result;
   }
@@ -1370,7 +1501,7 @@ var NeuroVersePlugin = class {
     };
     this.options.onEvaluate?.(result);
     if (verdict.status === "BLOCK") {
-      throw new GovernanceBlockedError3(verdict, action);
+      throw new GovernanceBlockedError4(verdict, action);
     }
     return result;
   }
@@ -1433,8 +1564,9 @@ function defaultOnBlock(verdict, _req, res, statusCode) {
     ruleId: verdict.ruleId,
     status: verdict.status
   };
-  if (res.status && res.json) {
-    res.status(statusCode).json(body);
+  if (typeof res.status === "function" && typeof res.json === "function") {
+    const r = res.status(statusCode);
+    r.json(body);
   } else if (res.send) {
     res.statusCode = statusCode;
     res.send(JSON.stringify(body));
@@ -1485,8 +1617,12 @@ function createGovernanceMiddlewareFromWorld(world, options = {}) {
 var AutoresearchGovernor = class {
   config;
   state;
+  world;
+  engineOptions;
   constructor(config) {
     this.config = config;
+    this.world = config.world;
+    this.engineOptions = { trace: true };
     this.state = {
       experiments_run: 0,
       best_result: null,
@@ -1516,10 +1652,23 @@ var AutoresearchGovernor = class {
   }
   /**
    * Evaluate an experiment proposal against governance rules.
-   * Returns a simplified verdict without requiring the full guard engine.
+   * Routes through the guard engine when a world is loaded,
+   * then layers on research-specific checks (budget, constraints, drift).
    */
   evaluateProposal(proposal) {
     const warnings = [];
+    const event = this.proposalToGuardEvent(proposal);
+    if (this.world) {
+      const verdict = evaluateGuard(event, this.world, this.engineOptions);
+      if (verdict.status === "BLOCK" || verdict.status === "PAUSE") {
+        return {
+          allowed: false,
+          reason: verdict.reason ?? `Governance ${verdict.status}: ${verdict.ruleId ?? "unknown rule"}`,
+          warnings,
+          verdict
+        };
+      }
+    }
     const estimatedMinutes = proposal.estimated_minutes || 5;
     if (this.state.total_compute_minutes + estimatedMinutes > this.config.computeBudgetMinutes) {
       return {
@@ -1649,15 +1798,306 @@ var AutoresearchGovernor = class {
     return { ...this.state };
   }
 };
+
+// src/engine/tool-classifier.ts
+var TOOL_CATEGORY_MAP = {
+  // File operations
+  read_file: "file_read",
+  read: "file_read",
+  glob: "file_read",
+  grep: "file_read",
+  list_files: "file_read",
+  write_file: "file_write",
+  write: "file_write",
+  create_file: "file_write",
+  edit_file: "file_write",
+  edit: "file_write",
+  patch: "file_write",
+  delete_file: "file_delete",
+  remove_file: "file_delete",
+  // Shell
+  shell: "shell",
+  bash: "shell",
+  execute: "shell",
+  run_command: "shell",
+  terminal: "shell",
+  // Git
+  git: "git",
+  git_commit: "git",
+  git_push: "git",
+  git_checkout: "git",
+  // Network
+  http: "network",
+  fetch: "network",
+  curl: "network",
+  web_search: "network",
+  // Sub-agents
+  sub_agent: "sub_agent",
+  spawn_agent: "sub_agent",
+  delegate: "sub_agent",
+  // Context management
+  summarize: "context",
+  compress_context: "context"
+};
+function classifyTool(toolName) {
+  const normalized = toolName.toLowerCase().replace(/[-\s]/g, "_");
+  return TOOL_CATEGORY_MAP[normalized] ?? "unknown";
+}
+var DANGEROUS_SHELL_PATTERNS = [
+  { pattern: /rm\s+(-[a-zA-Z]*f[a-zA-Z]*\s+|.*-rf\s+|.*--force)/, label: "force-delete" },
+  { pattern: /rm\s+-[a-zA-Z]*r/, label: "recursive-delete" },
+  { pattern: />\s*\/dev\/sd/, label: "disk-overwrite" },
+  { pattern: /mkfs\./, label: "format-disk" },
+  { pattern: /dd\s+if=/, label: "disk-dump" },
+  { pattern: /chmod\s+(-R\s+)?777/, label: "world-writable" },
+  { pattern: /curl\s+.*\|\s*(bash|sh|zsh)/, label: "pipe-to-shell" },
+  { pattern: /wget\s+.*\|\s*(bash|sh|zsh)/, label: "pipe-to-shell" },
+  { pattern: /:(){ :\|:& };:/, label: "fork-bomb" },
+  { pattern: />\s*\/etc\//, label: "system-config-overwrite" },
+  { pattern: /shutdown|reboot|halt|poweroff/, label: "system-shutdown" },
+  { pattern: /kill\s+-9\s+1\b/, label: "kill-init" }
+];
+var DANGEROUS_GIT_PATTERNS = [
+  { pattern: /push\s+.*--force/, label: "force-push" },
+  { pattern: /push\s+.*-f\b/, label: "force-push" },
+  { pattern: /push\s+(origin\s+)?main\b/, label: "push-main" },
+  { pattern: /push\s+(origin\s+)?master\b/, label: "push-master" },
+  { pattern: /reset\s+--hard/, label: "hard-reset" },
+  { pattern: /clean\s+-fd/, label: "clean-force" },
+  { pattern: /branch\s+-D/, label: "force-delete-branch" }
+];
+function isDangerousCommand(command) {
+  const matched = DANGEROUS_SHELL_PATTERNS.filter((p) => p.pattern.test(command)).map((p) => p.label);
+  return { dangerous: matched.length > 0, labels: matched };
+}
+function isDangerousGitCommand(command) {
+  const matched = DANGEROUS_GIT_PATTERNS.filter((p) => p.pattern.test(command)).map((p) => p.label);
+  return { dangerous: matched.length > 0, labels: matched };
+}
+function assessRiskLevel(category) {
+  if (category === "file_read" || category === "context") return "low";
+  if (category === "file_write" || category === "sub_agent") return "medium";
+  if (category === "shell" || category === "file_delete" || category === "git" || category === "network") return "high";
+  return void 0;
+}
+function categoryToActionCategory(category) {
+  if (category === "file_read" || category === "context") return "read";
+  if (category === "file_write") return "write";
+  if (category === "file_delete") return "delete";
+  if (category === "shell") return "shell";
+  if (category === "network") return "network";
+  return "other";
+}
+
+// src/adapters/deep-agents.ts
+var GovernanceBlockedError5 = class extends GovernanceBlockedError {
+  toolCall;
+  category;
+  constructor(verdict, toolCall, category) {
+    super(verdict);
+    this.toolCall = toolCall;
+    this.category = category;
+  }
+};
+function defaultMapToolCall2(toolCall) {
+  const category = classifyTool(toolCall.tool);
+  const args = toolCall.args;
+  const scope = extractScope(args);
+  let intent = toolCall.tool;
+  if (category === "shell" && typeof args.command === "string") {
+    intent = `shell: ${args.command}`;
+  } else if (category === "git" && typeof args.command === "string") {
+    intent = `git ${args.command}`;
+  } else if (category === "file_write" && scope) {
+    intent = `write ${scope}`;
+  } else if (category === "file_delete" && scope) {
+    intent = `delete ${scope}`;
+  }
+  const riskLevel = assessRiskLevel(category);
+  let irreversible = false;
+  if (category === "shell" && typeof args.command === "string") {
+    irreversible = DANGEROUS_SHELL_PATTERNS.some((p) => p.pattern.test(args.command));
+  } else if (category === "git" && typeof args.command === "string") {
+    irreversible = DANGEROUS_GIT_PATTERNS.some((p) => p.pattern.test(args.command));
+  } else if (category === "file_delete") {
+    irreversible = true;
+  }
+  return {
+    intent,
+    tool: toolCall.tool,
+    scope,
+    args,
+    direction: "input",
+    actionCategory: categoryToActionCategory(category),
+    riskLevel,
+    irreversible
+  };
+}
+var DeepAgentsGuard = class {
+  name = "neuroverse-deep-agents-guard";
+  world;
+  options;
+  engineOptions;
+  mapToolCall;
+  activePlan;
+  constructor(world, options = {}) {
+    this.world = world;
+    this.options = options;
+    this.activePlan = options.plan;
+    this.engineOptions = buildEngineOptions(options, this.activePlan);
+    this.mapToolCall = options.mapToolCall ?? defaultMapToolCall2;
+  }
+  /**
+   * Evaluate a tool call against governance rules.
+   * Returns the result without side effects.
+   */
+  evaluate(toolCall) {
+    const event = this.mapToolCall(toolCall);
+    this.engineOptions.plan = this.activePlan;
+    const verdict = evaluateGuard(event, this.world, this.engineOptions);
+    const category = classifyTool(toolCall.tool);
+    const result = {
+      allowed: verdict.status === "ALLOW",
+      verdict,
+      toolCall,
+      category
+    };
+    this.options.onEvaluate?.(result);
+    if (verdict.status === "ALLOW" && this.activePlan) {
+      this.trackPlanProgressInternal(event);
+    }
+    return result;
+  }
+  /**
+   * Evaluate and enforce governance on a tool call.
+   *
+   * @throws GovernanceBlockedError if BLOCKED
+   * @throws GovernanceBlockedError if PAUSED and onPause returns false
+   * @returns DeepAgentsGuardResult on ALLOW
+   */
+  async enforce(toolCall) {
+    const result = this.evaluate(toolCall);
+    if (result.verdict.status === "BLOCK") {
+      this.options.onBlock?.(result);
+      throw new GovernanceBlockedError5(result.verdict, toolCall, result.category);
+    }
+    if (result.verdict.status === "PAUSE") {
+      const approved = await this.options.onPause?.(result);
+      if (!approved) {
+        throw new GovernanceBlockedError5(result.verdict, toolCall, result.category);
+      }
+    }
+    return result;
+  }
+  /**
+   * Evaluate and execute a tool call with governance enforcement.
+   *
+   * If ALLOW: runs the executor and returns its result.
+   * If BLOCK: returns a governance-blocked message.
+   * If PAUSE: calls onPause; blocks if not approved.
+   *
+   * @param toolCall - The Deep Agents tool call to evaluate
+   * @param executor - The actual tool execution function
+   * @returns The tool execution result or a blocked message
+   */
+  async execute(toolCall, executor) {
+    const guardResult = this.evaluate(toolCall);
+    if (guardResult.verdict.status === "BLOCK") {
+      this.options.onBlock?.(guardResult);
+      return {
+        blocked: true,
+        verdict: guardResult.verdict,
+        reason: guardResult.verdict.reason ?? "Action blocked by governance policy."
+      };
+    }
+    if (guardResult.verdict.status === "PAUSE") {
+      const approved = await this.options.onPause?.(guardResult);
+      if (!approved) {
+        return {
+          blocked: true,
+          verdict: guardResult.verdict,
+          reason: guardResult.verdict.reason ?? "Action requires approval."
+        };
+      }
+    }
+    const result = await executor(toolCall);
+    return { result, verdict: guardResult.verdict };
+  }
+  /**
+   * Returns a middleware function compatible with Deep Agents' tool pipeline.
+   *
+   * The middleware intercepts tool calls before execution:
+   *   agent.use(guard.middleware());
+   */
+  middleware() {
+    return async (toolCall, next) => {
+      await this.enforce(toolCall);
+      return next();
+    };
+  }
+  /**
+   * Returns a callback-handler-style object for LangChain integration.
+   * Compatible with Deep Agents' callback system.
+   */
+  callbacks() {
+    return {
+      handleToolStart: async (tool, input) => {
+        let parsedInput;
+        try {
+          parsedInput = typeof input === "string" ? JSON.parse(input) : input;
+        } catch {
+          parsedInput = { raw: input };
+        }
+        await this.enforce({ tool: tool.name, args: parsedInput });
+      }
+    };
+  }
+  /**
+   * Check if a shell command contains dangerous patterns.
+   * Useful for pre-screening before full governance evaluation.
+   */
+  static isDangerousCommand(command) {
+    return isDangerousCommand(command);
+  }
+  /**
+   * Check if a git command contains dangerous patterns.
+   */
+  static isDangerousGitCommand(command) {
+    return isDangerousGitCommand(command);
+  }
+  /**
+   * Classify a tool name into a category.
+   */
+  static classifyTool(toolName) {
+    return classifyTool(toolName);
+  }
+  // ─── Private ──────────────────────────────────────────────────────────────
+  trackPlanProgressInternal(event) {
+    trackPlanProgress(event, this, this.options);
+  }
+};
+async function createDeepAgentsGuard(worldPath, options) {
+  const world = await loadWorld(worldPath);
+  return new DeepAgentsGuard(world, options);
+}
+function createDeepAgentsGuardFromWorld(world, options) {
+  return new DeepAgentsGuard(world, options);
+}
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   AutoresearchGovernor,
+  DeepAgentsGovernanceBlockedError,
+  DeepAgentsGuard,
+  GovernanceBlockedError,
   GovernedToolExecutor,
   LangChainGovernanceBlockedError,
   NeuroVerseCallbackHandler,
   NeuroVersePlugin,
   OpenAIGovernanceBlockedError,
   OpenClawGovernanceBlockedError,
+  buildEngineOptions,
+  createDeepAgentsGuard,
+  createDeepAgentsGuardFromWorld,
   createGovernanceMiddleware,
   createGovernanceMiddlewareFromWorld,
   createGovernedToolExecutor,
@@ -1665,5 +2105,8 @@ var AutoresearchGovernor = class {
   createNeuroVerseCallbackHandler,
   createNeuroVerseCallbackHandlerFromWorld,
   createNeuroVersePlugin,
-  createNeuroVersePluginFromWorld
+  createNeuroVersePluginFromWorld,
+  defaultBlockMessage,
+  extractScope,
+  trackPlanProgress
 });