@neuroverseos/governance 0.4.3 → 0.5.1

package/dist/cli/neuroverse.js

@@ -29,6 +29,10 @@ Commands:
   decision-flow  Intent \u2192 Rule \u2192 Outcome visualization (behavioral governance)
   equity-penalties  Fortune 500 equity PENALIZE/REWARD simulation
   world          World management (status, diff, snapshot, rollback)
+  keygen         Generate Ed25519 signing keypair
+  sign           Sign a world artifact (cryptographic manifest)
+  verify         Verify a signed world artifact
+  migrate        Migrate world schema between versions
   derive         AI-assisted synthesis of .nv-world.md from markdown
   bootstrap      Compile .nv-world.md \u2192 world JSON files
   configure-ai   Configure AI provider credentials
@@ -66,6 +70,10 @@ Usage:
   neuroverse equity-penalties --world <dir> [--agents N] [--rounds N] [--json]
   neuroverse configure-ai --provider <name> --model <name> --api-key <key>
   neuroverse configure-world [--output <dir>]
+  neuroverse keygen [--output <dir>] [--name <name>]
+  neuroverse sign --world <dir> [--key <path>]
+  neuroverse verify --world <dir> [--key <path>]
+  neuroverse migrate --world <dir> [--dry-run] [--backup]
   neuroverse lens list [--world <dir>] [--json]
   neuroverse lens preview <id> [--world <dir>]
   neuroverse lens compile <id,...> [--world <dir>] [--role <role>] [--json]
@@ -100,23 +108,23 @@ async function main() {
   const subArgs = args.slice(1);
   switch (command) {
     case "add": {
-      const { main: addMain } = await import("../add-XSANI3FK.js");
+      const { main: addMain } = await import("../add-JP7TC2K3.js");
       return addMain(subArgs);
     }
     case "build": {
-      const { main: buildMain } = await import("../build-EGBGZFIJ.js");
+      const { main: buildMain } = await import("../build-THUEYMVT.js");
       return buildMain(subArgs);
     }
     case "explain": {
-      const { main: explainMain } = await import("../explain-HDFN4ION.js");
+      const { main: explainMain } = await import("../explain-42TVC3QD.js");
       return explainMain(subArgs);
     }
     case "simulate": {
-      const { main: simulateMain } = await import("../simulate-VT437EEL.js");
+      const { main: simulateMain } = await import("../simulate-4YNOBMES.js");
       return simulateMain(subArgs);
     }
     case "improve": {
-      const { main: improveMain } = await import("../improve-2PWGGO5B.js");
+      const { main: improveMain } = await import("../improve-HLZGJ54Z.js");
       return improveMain(subArgs);
     }
     case "init": {
@@ -132,35 +140,35 @@ async function main() {
       return inferWorldMain(subArgs);
     }
     case "bootstrap": {
-      const { main: bootstrapMain } = await import("../bootstrap-2OW5ZLBL.js");
+      const { main: bootstrapMain } = await import("../bootstrap-IP5QMC3Q.js");
       return bootstrapMain(subArgs);
     }
     case "validate": {
-      const { main: validateMain } = await import("../validate-M52DX22Y.js");
+      const { main: validateMain } = await import("../validate-6MFQZ2EG.js");
       return validateMain(subArgs);
     }
     case "guard": {
-      const { main: guardMain } = await import("../guard-6KSCWT2W.js");
+      const { main: guardMain } = await import("../guard-TPYDFG6V.js");
       return guardMain(subArgs);
     }
     case "test": {
-      const { main: testMain } = await import("../test-4WTX6RKQ.js");
+      const { main: testMain } = await import("../test-HDBPMQTG.js");
       return testMain(subArgs);
     }
     case "redteam": {
-      const { main: redteamMain } = await import("../redteam-HV6LMKEH.js");
+      const { main: redteamMain } = await import("../redteam-VK6OVHAE.js");
       return redteamMain(subArgs);
     }
     case "demo": {
-      const { main: demoMain } = await import("../demo-6OQYWRR6.js");
+      const { main: demoMain } = await import("../demo-N5K4VXJW.js");
       return demoMain(subArgs);
     }
     case "doctor": {
-      const { main: doctorMain } = await import("../doctor-EC5OYTI3.js");
+      const { main: doctorMain } = await import("../doctor-Q5APJOTS.js");
       return doctorMain(subArgs);
     }
     case "playground": {
-      const { main: playgroundMain } = await import("../playground-3FLDGBET.js");
+      const { main: playgroundMain } = await import("../playground-2EU5CFIH.js");
       return playgroundMain(subArgs);
     }
     case "plan": {
@@ -172,11 +180,11 @@ async function main() {
       return runMain(subArgs);
     }
     case "mcp": {
-      const { startMcpServer } = await import("../mcp-server-TNIWZ7B5.js");
+      const { startMcpServer } = await import("../mcp-server-5XXNG6VC.js");
       return startMcpServer(subArgs);
     }
     case "worlds": {
-      const { main: worldMain } = await import("../world-O4HTQPDP.js");
+      const { main: worldMain } = await import("../world-H5WVURKU.js");
       return worldMain(["list", ...subArgs]);
     }
     case "trace": {
@@ -188,27 +196,43 @@ async function main() {
       return impactMain(subArgs);
     }
     case "behavioral": {
-      const { main: behavioralMain } = await import("../behavioral-SLW7ALEK.js");
+      const { main: behavioralMain } = await import("../behavioral-SPWPGYXL.js");
       return behavioralMain(subArgs);
     }
     case "world": {
-      const { main: worldMain } = await import("../world-O4HTQPDP.js");
+      const { main: worldMain } = await import("../world-H5WVURKU.js");
       return worldMain(subArgs);
     }
     case "derive": {
-      const { main: deriveMain } = await import("../derive-7Y7YWVLU.js");
+      const { main: deriveMain } = await import("../derive-5LOMN7GO.js");
       return deriveMain(subArgs);
     }
     case "decision-flow": {
-      const { main: decisionFlowMain } = await import("../decision-flow-3K4D72G4.js");
+      const { main: decisionFlowMain } = await import("../decision-flow-IJPNMVQK.js");
       return decisionFlowMain(subArgs);
     }
     case "equity-penalties": {
-      const { main: equityPenaltiesMain } = await import("../equity-penalties-NVBAB5WL.js");
+      const { main: equityPenaltiesMain } = await import("../equity-penalties-PYCJ3Q4U.js");
       return equityPenaltiesMain(subArgs);
     }
+    case "keygen": {
+      const { main: keygenMain } = await import("../keygen-BSZH3NM2.js");
+      return keygenMain(subArgs);
+    }
+    case "sign": {
+      const { main: signMain } = await import("../sign-RRELHKWM.js");
+      return signMain(subArgs);
+    }
+    case "verify": {
+      const { main: verifyMain } = await import("../verify-6AVTWX75.js");
+      return verifyMain(subArgs);
+    }
+    case "migrate": {
+      const { main: migrateMain } = await import("../migrate-NH5PVMX4.js");
+      return migrateMain(subArgs);
+    }
     case "configure-ai": {
-      const { main: configureAiMain } = await import("../configure-ai-LL3VAPQW.js");
+      const { main: configureAiMain } = await import("../configure-ai-5MP5DWTT.js");
       return configureAiMain(subArgs);
     }
     case "configure-world": {
@@ -216,7 +240,7 @@ async function main() {
       return configureWorldMain(subArgs);
     }
     case "lens": {
-      const { main: lensMain } = await import("../lens-MHMUDCMQ.js");
+      const { main: lensMain } = await import("../lens-NFGZHD76.js");
       return lensMain(subArgs);
     }
     case "--help":

package/dist/cli/plan.js

@@ -100,7 +100,7 @@ async function checkCommand(args) {
   }
   const worldPath = parseArg(args, "--world");
   if (worldPath) {
-    const { loadWorld } = await import("../world-loader-YTYFOP7D.js");
+    const { loadWorld } = await import("../world-loader-J47PCPDZ.js");
     const { evaluateGuard } = await import("../engine/guard-engine.js");
     const world = await loadWorld(worldPath);
     const verdict2 = evaluateGuard(event, world, { plan });

package/dist/cli/run.cjs

@@ -30,143 +30,6 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
 ));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
-// src/runtime/model-adapter.ts
-var model_adapter_exports = {};
-__export(model_adapter_exports, {
-  ModelAdapter: () => ModelAdapter,
-  PROVIDERS: () => PROVIDERS,
-  resolveProvider: () => resolveProvider
-});
-function resolveProvider(provider, overrides) {
-  const preset = PROVIDERS[provider];
-  if (!preset) {
-    throw new Error(
-      `Unknown provider: "${provider}". Available: ${Object.keys(PROVIDERS).join(", ")}`
-    );
-  }
-  const apiKey = overrides?.apiKey ?? (preset.envVar ? process.env[preset.envVar] : "") ?? "";
-  if (!apiKey && preset.envVar) {
-    throw new Error(
-      `Missing API key. Set ${preset.envVar} or pass --api-key.`
-    );
-  }
-  return {
-    baseUrl: overrides?.baseUrl ?? preset.baseUrl,
-    apiKey,
-    model: overrides?.model ?? preset.defaultModel,
-    systemPrompt: overrides?.systemPrompt,
-    maxTokens: overrides?.maxTokens
-  };
-}
-var DEFAULT_SYSTEM_PROMPT, ModelAdapter, PROVIDERS;
-var init_model_adapter = __esm({
-  "src/runtime/model-adapter.ts"() {
-    "use strict";
-    DEFAULT_SYSTEM_PROMPT = `You are an AI assistant operating under NeuroVerse governance.
-All your tool calls are evaluated against governance rules before execution.
-If an action is blocked, you will be told why. Adjust your approach accordingly.
-Do not attempt to bypass governance rules.`;
-    ModelAdapter = class {
-      config;
-      messages;
-      tools;
-      constructor(config, tools = []) {
-        this.config = config;
-        this.tools = tools;
-        this.messages = [];
-        const systemPrompt = config.systemPrompt ?? DEFAULT_SYSTEM_PROMPT;
-        this.messages.push({ role: "system", content: systemPrompt });
-      }
-      /**
-       * Send a user message and get the model's response.
-       */
-      async chat(userMessage) {
-        this.messages.push({ role: "user", content: userMessage });
-        return this.complete();
-      }
-      /**
-       * Send a tool result back to the model and get the next response.
-       */
-      async sendToolResult(toolCallId, result) {
-        this.messages.push({
-          role: "tool",
-          content: result,
-          tool_call_id: toolCallId
-        });
-        return this.complete();
-      }
-      /**
-       * Send a governance block message as a tool result.
-       */
-      async sendBlockedResult(toolCallId, reason) {
-        return this.sendToolResult(
-          toolCallId,
-          `[GOVERNANCE BLOCKED] ${reason}. Please adjust your approach.`
-        );
-      }
-      /**
-       * Call the model API and parse the response.
-       */
-      async complete() {
-        const url = `${this.config.baseUrl}/chat/completions`;
-        const body = {
-          model: this.config.model,
-          messages: this.messages,
-          max_tokens: this.config.maxTokens ?? 4096
-        };
-        if (this.tools.length > 0) {
-          body.tools = this.tools;
-        }
-        const response = await fetch(url, {
-          method: "POST",
-          headers: {
-            "Content-Type": "application/json",
-            "Authorization": `Bearer ${this.config.apiKey}`
-          },
-          body: JSON.stringify(body)
-        });
-        if (!response.ok) {
-          const text = await response.text();
-          throw new Error(`Model API error ${response.status}: ${text}`);
-        }
-        const data = await response.json();
-        const choice = data.choices?.[0];
-        if (!choice) {
-          throw new Error("Model returned no choices");
-        }
-        const message = choice.message;
-        this.messages.push(message);
-        return {
-          content: message.content ?? null,
-          toolCalls: message.tool_calls ?? [],
-          finishReason: choice.finish_reason ?? "stop"
-        };
-      }
-      /** Get current message count (for context tracking). */
-      get messageCount() {
-        return this.messages.length;
-      }
-    };
-    PROVIDERS = {
-      openai: {
-        baseUrl: "https://api.openai.com/v1",
-        defaultModel: "gpt-4o",
-        envVar: "OPENAI_API_KEY"
-      },
-      anthropic: {
-        baseUrl: "https://api.anthropic.com/v1",
-        defaultModel: "claude-sonnet-4-20250514",
-        envVar: "ANTHROPIC_API_KEY"
-      },
-      ollama: {
-        baseUrl: "http://localhost:11434/v1",
-        defaultModel: "llama3",
-        envVar: ""
-      }
-    };
-  }
-});
-
 // src/engine/text-utils.ts
 function normalizeEventText(event) {
   return [
@@ -1304,6 +1167,143 @@ var init_guard_engine = __esm({
   }
 });
 
+// src/runtime/model-adapter.ts
+var model_adapter_exports = {};
+__export(model_adapter_exports, {
+  ModelAdapter: () => ModelAdapter,
+  PROVIDERS: () => PROVIDERS,
+  resolveProvider: () => resolveProvider
+});
+function resolveProvider(provider, overrides) {
+  const preset = PROVIDERS[provider];
+  if (!preset) {
+    throw new Error(
+      `Unknown provider: "${provider}". Available: ${Object.keys(PROVIDERS).join(", ")}`
+    );
+  }
+  const apiKey = overrides?.apiKey ?? (preset.envVar ? process.env[preset.envVar] : "") ?? "";
+  if (!apiKey && preset.envVar) {
+    throw new Error(
+      `Missing API key. Set ${preset.envVar} or pass --api-key.`
+    );
+  }
+  return {
+    baseUrl: overrides?.baseUrl ?? preset.baseUrl,
+    apiKey,
+    model: overrides?.model ?? preset.defaultModel,
+    systemPrompt: overrides?.systemPrompt,
+    maxTokens: overrides?.maxTokens
+  };
+}
+var DEFAULT_SYSTEM_PROMPT, ModelAdapter, PROVIDERS;
+var init_model_adapter = __esm({
+  "src/runtime/model-adapter.ts"() {
+    "use strict";
+    DEFAULT_SYSTEM_PROMPT = `You are an AI assistant operating under NeuroVerse governance.
+All your tool calls are evaluated against governance rules before execution.
+If an action is blocked, you will be told why. Adjust your approach accordingly.
+Do not attempt to bypass governance rules.`;
+    ModelAdapter = class {
+      config;
+      messages;
+      tools;
+      constructor(config, tools = []) {
+        this.config = config;
+        this.tools = tools;
+        this.messages = [];
+        const systemPrompt = config.systemPrompt ?? DEFAULT_SYSTEM_PROMPT;
+        this.messages.push({ role: "system", content: systemPrompt });
+      }
+      /**
+       * Send a user message and get the model's response.
+       */
+      async chat(userMessage) {
+        this.messages.push({ role: "user", content: userMessage });
+        return this.complete();
+      }
+      /**
+       * Send a tool result back to the model and get the next response.
+       */
+      async sendToolResult(toolCallId, result) {
+        this.messages.push({
+          role: "tool",
+          content: result,
+          tool_call_id: toolCallId
+        });
+        return this.complete();
+      }
+      /**
+       * Send a governance block message as a tool result.
+       */
+      async sendBlockedResult(toolCallId, reason) {
+        return this.sendToolResult(
+          toolCallId,
+          `[GOVERNANCE BLOCKED] ${reason}. Please adjust your approach.`
+        );
+      }
+      /**
+       * Call the model API and parse the response.
+       */
+      async complete() {
+        const url = `${this.config.baseUrl}/chat/completions`;
+        const body = {
+          model: this.config.model,
+          messages: this.messages,
+          max_tokens: this.config.maxTokens ?? 4096
+        };
+        if (this.tools.length > 0) {
+          body.tools = this.tools;
+        }
+        const response = await fetch(url, {
+          method: "POST",
+          headers: {
+            "Content-Type": "application/json",
+            "Authorization": `Bearer ${this.config.apiKey}`
+          },
+          body: JSON.stringify(body)
+        });
+        if (!response.ok) {
+          const text = await response.text();
+          throw new Error(`Model API error ${response.status}: ${text}`);
+        }
+        const data = await response.json();
+        const choice = data.choices?.[0];
+        if (!choice) {
+          throw new Error("Model returned no choices");
+        }
+        const message = choice.message;
+        this.messages.push(message);
+        return {
+          content: message.content ?? null,
+          toolCalls: message.tool_calls ?? [],
+          finishReason: choice.finish_reason ?? "stop"
+        };
+      }
+      /** Get current message count (for context tracking). */
+      get messageCount() {
+        return this.messages.length;
+      }
+    };
+    PROVIDERS = {
+      openai: {
+        baseUrl: "https://api.openai.com/v1",
+        defaultModel: "gpt-4o",
+        envVar: "OPENAI_API_KEY"
+      },
+      anthropic: {
+        baseUrl: "https://api.anthropic.com/v1",
+        defaultModel: "claude-sonnet-4-20250514",
+        envVar: "ANTHROPIC_API_KEY"
+      },
+      ollama: {
+        baseUrl: "http://localhost:11434/v1",
+        defaultModel: "llama3",
+        envVar: ""
+      }
+    };
+  }
+});
+
 // src/loader/world-loader.ts
 async function loadWorldFromDirectory(dirPath) {
   const { readFile } = await import("fs/promises");
@@ -1500,11 +1500,17 @@ async function runPipeMode(config) {
     process.stderr.write(`[neuroverse] Plan: ${state.plan.plan_id} (${state.plan.objective})
 `);
   }
+  const MAX_BUFFER_SIZE = 1e6;
   return new Promise((resolve2, reject) => {
     let buffer = "";
     process.stdin.setEncoding("utf-8");
     process.stdin.on("data", (chunk) => {
       buffer += chunk;
+      if (buffer.length > MAX_BUFFER_SIZE) {
+        process.stderr.write("[neuroverse] Warning: pipe buffer exceeded 1MB, resetting\n");
+        buffer = "";
+        return;
+      }
       const lines = buffer.split("\n");
       buffer = lines.pop() ?? "";
       for (const line of lines) {
@@ -1669,7 +1675,9 @@ var init_session = __esm({
     init_plan_engine();
     init_world_loader();
     init_decision_flow_engine();
-    SessionManager = class {
+    SessionManager = class _SessionManager {
+      /** Maximum unique agent IDs tracked before eviction. Prevents unbounded memory growth. */
+      static MAX_AGENTS = 1e4;
       config;
       state;
       engineOptions;
@@ -1733,6 +1741,16 @@ var init_session = __esm({
           if (verdict.status === "REWARD" && verdict.reward) {
             agentState = applyReward(agentState, verdict.reward, verdict.ruleId ?? "unknown");
           }
+          if (this.state.agentStates.size >= _SessionManager.MAX_AGENTS && !this.state.agentStates.has(event.roleId)) {
+            const oldest = this.state.agentStates.keys().next().value;
+            if (oldest !== void 0) {
+              this.state.agentStates.delete(oldest);
+            }
+            process.stderr.write(
+              `[neuroverse] Warning: agent state map at capacity (${_SessionManager.MAX_AGENTS}), evicted oldest entry
+`
+            );
+          }
           this.state.agentStates.set(event.roleId, agentState);
         }
         this.config.onVerdict?.(verdict, event);
@@ -1917,6 +1935,77 @@ function resolveNameOrPath(ref, cwd) {
   return (0, import_path.resolve)(cwd, ref);
 }
 
+// src/engine/audit-logger.ts
+init_guard_engine();
+var FileAuditLogger = class {
+  logPath;
+  buffer = [];
+  flushTimer = null;
+  flushIntervalMs;
+  constructor(logPath, options) {
+    this.logPath = logPath;
+    this.flushIntervalMs = options?.flushIntervalMs ?? 1e3;
+  }
+  log(event) {
+    this.buffer.push(JSON.stringify(event));
+    if (!this.flushTimer) {
+      this.flushTimer = setTimeout(() => {
+        void this.flush();
+      }, this.flushIntervalMs);
+    }
+  }
+  async flush() {
+    if (this.buffer.length === 0) return;
+    if (this.flushTimer) {
+      clearTimeout(this.flushTimer);
+      this.flushTimer = null;
+    }
+    const lines = this.buffer.splice(0).join("\n") + "\n";
+    try {
+      const { appendFile, mkdir } = await import("fs/promises");
+      const { dirname } = await import("path");
+      await mkdir(dirname(this.logPath), { recursive: true });
+      await appendFile(this.logPath, lines, "utf-8");
+    } catch {
+    }
+  }
+};
+function verdictToAuditEvent(event, verdict) {
+  const auditEvent = {
+    timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+    worldId: verdict.evidence.worldId,
+    worldName: verdict.evidence.worldName,
+    worldVersion: verdict.evidence.worldVersion,
+    intent: event.intent,
+    tool: event.tool,
+    scope: event.scope,
+    actor: event.roleId,
+    direction: event.direction,
+    decision: verdict.status,
+    reason: verdict.reason,
+    ruleId: verdict.ruleId,
+    warning: verdict.warning,
+    guardsMatched: verdict.evidence.guardsMatched,
+    rulesMatched: verdict.evidence.rulesMatched,
+    invariantsSatisfied: verdict.evidence.invariantsSatisfied,
+    invariantsTotal: verdict.evidence.invariantsTotal,
+    enforcementLevel: verdict.evidence.enforcementLevel,
+    durationMs: verdict.trace?.durationMs,
+    args: event.args
+  };
+  if (verdict.consequence) {
+    auditEvent.consequence = verdict.consequence;
+  }
+  if (verdict.reward) {
+    auditEvent.reward = verdict.reward;
+  }
+  if (verdict.intentRecord) {
+    auditEvent.originalIntent = verdict.intentRecord.originalIntent;
+    auditEvent.finalAction = verdict.intentRecord.finalAction;
+  }
+  return auditEvent;
+}
+
 // src/cli/run.ts
 function parseArg(args, flag) {
   const idx = args.indexOf(flag);
@@ -1991,8 +2080,15 @@ async function main(args) {
   const plan = planPath ? loadPlan(planPath) : autoDetectPlan();
   const level = parseArg(args, "--level");
   const trace = hasFlag(args, "--trace");
+  const logPath = parseArg(args, "--log");
   const isPipeMode = hasFlag(args, "--pipe") || !process.stdin.isTTY;
   const isInteractive = hasFlag(args, "--interactive");
+  let auditLogger;
+  if (logPath) {
+    auditLogger = new FileAuditLogger(logPath);
+    process.stderr.write(`[neuroverse] Audit logging to ${logPath}
+`);
+  }
   if (isInteractive) {
     const providerName = parseArg(args, "--provider");
     if (!providerName) {
@@ -2016,6 +2112,9 @@ async function main(args) {
         level,
         trace,
         onVerdict: (verdict, event) => {
+          if (auditLogger) {
+            auditLogger.log(verdictToAuditEvent(event, verdict));
+          }
           if (verdict.status !== "ALLOW") {
             process.stderr.write(
               `  [${verdict.status}] ${event.intent} \u2014 ${verdict.reason ?? verdict.ruleId ?? "governance rule"}
@@ -2042,8 +2141,12 @@ async function main(args) {
       worldPath,
       plan,
       level,
-      trace
+      trace,
+      onVerdict: auditLogger ? (verdict, event) => {
+        auditLogger.log(verdictToAuditEvent(event, verdict));
+      } : void 0
     });
+    if (auditLogger) await auditLogger.flush();
   } else {
     process.stdout.write(RUN_USAGE + "\n");
     process.exit(0);

package/dist/cli/run.js

@@ -1,7 +1,13 @@
+import {
+  FileAuditLogger,
+  verdictToAuditEvent
+} from "../chunk-2VAWP6FI.js";
 import {
   describeActiveWorld,
   resolveWorldPath
 } from "../chunk-AKW5YVCE.js";
+import "../chunk-ZAF6JH23.js";
+import "../chunk-QLPTHTVB.js";
 import "../chunk-QWGCMQQD.js";
 
 // src/cli/run.ts
@@ -80,8 +86,15 @@ async function main(args) {
   const plan = planPath ? loadPlan(planPath) : autoDetectPlan();
   const level = parseArg(args, "--level");
   const trace = hasFlag(args, "--trace");
+  const logPath = parseArg(args, "--log");
   const isPipeMode = hasFlag(args, "--pipe") || !process.stdin.isTTY;
   const isInteractive = hasFlag(args, "--interactive");
+  let auditLogger;
+  if (logPath) {
+    auditLogger = new FileAuditLogger(logPath);
+    process.stderr.write(`[neuroverse] Audit logging to ${logPath}
+`);
+  }
   if (isInteractive) {
     const providerName = parseArg(args, "--provider");
     if (!providerName) {
@@ -92,7 +105,7 @@ async function main(args) {
       return;
     }
     const { resolveProvider, ModelAdapter } = await import("../model-adapter-VXEKB4LS.js");
-    const { runInteractiveMode } = await import("../session-XZP2754M.js");
+    const { runInteractiveMode } = await import("../session-NGA4DUPL.js");
     const modelConfig = resolveProvider(providerName, {
       model: parseArg(args, "--model"),
       apiKey: parseArg(args, "--api-key")
@@ -105,6 +118,9 @@ async function main(args) {
         level,
         trace,
         onVerdict: (verdict, event) => {
+          if (auditLogger) {
+            auditLogger.log(verdictToAuditEvent(event, verdict));
+          }
           if (verdict.status !== "ALLOW") {
             process.stderr.write(
               `  [${verdict.status}] ${event.intent} \u2014 ${verdict.reason ?? verdict.ruleId ?? "governance rule"}
@@ -126,13 +142,17 @@ async function main(args) {
       model
     );
   } else if (isPipeMode) {
-    const { runPipeMode } = await import("../session-XZP2754M.js");
+    const { runPipeMode } = await import("../session-NGA4DUPL.js");
     await runPipeMode({
       worldPath,
       plan,
       level,
-      trace
+      trace,
+      onVerdict: auditLogger ? (verdict, event) => {
+        auditLogger.log(verdictToAuditEvent(event, verdict));
+      } : void 0
     });
+    if (auditLogger) await auditLogger.flush();
   } else {
     process.stdout.write(RUN_USAGE + "\n");
     process.exit(0);