@o-lang/olang 1.2.15 → 1.2.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/package.json +1 -1
  2. package/src/runtime/RuntimeAPI.js +46 -84
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@o-lang/olang",
3
- "version": "1.2.15",
3
+ "version": "1.2.16",
4
4
  "author": "Olalekan Ogundipe <info@workfily.com>",
5
5
  "description": "O-Lang: A governance language for user-directed, rule-enforced agent workflows",
6
6
  "main": "./src/runtime/index.js",
package/src/runtime/RuntimeAPI.js CHANGED
@@ -721,12 +721,50 @@ class RuntimeAPI {
721
721
  });
722
722
  }
723
723
 
724
- // -----------------------------
724
+ // -----------------------------
725
725
  // ✅ KERNEL-LEVEL LLM HALLUCINATION PREVENTION (CONJUGATION-AWARE + EVASION-RESISTANT)
726
726
  // -----------------------------
727
727
  _validateLLMOutput(output, actionContext) {
728
728
  if (!output || typeof output !== 'string') return { passed: true };
729
-
729
+
730
+ // ── __verified_intent takes priority ──────────────────────────────────────
731
+ // If the workflow author has defined intent rules, use those exclusively.
732
+ // This makes governance dynamic — skip hardcoded patterns entirely.
733
+ const intent = this.context.__verified_intent;
734
+ if (intent) {
735
+ if (intent.prohibited_actions && Array.isArray(intent.prohibited_actions)) {
736
+ const lower = output.toLowerCase();
737
+ for (const action of intent.prohibited_actions) {
738
+ if (lower.includes(action.toLowerCase())) {
739
+ return {
740
+ passed: false,
741
+ reason: `Output violates prohibited action "${action}" defined in __verified_intent`,
742
+ detected: action,
743
+ language: 'multi'
744
+ };
745
+ }
746
+ }
747
+ }
748
+
749
+ if (intent.prohibited_topics && Array.isArray(intent.prohibited_topics)) {
750
+ const lower = output.toLowerCase();
751
+ for (const topic of intent.prohibited_topics) {
752
+ if (lower.includes(topic.toLowerCase())) {
753
+ return {
754
+ passed: false,
755
+ reason: `Output violates prohibited topic "${topic}" defined in __verified_intent`,
756
+ detected: topic,
757
+ language: 'multi'
758
+ };
759
+ }
760
+ }
761
+ }
762
+
763
+ // __verified_intent present and passed — skip hardcoded patterns
764
+ return { passed: true };
765
+ }
766
+
767
+ // ── No __verified_intent — fall through to hardcoded patterns ─────────────
730
768
  // 🔑 Extract allowed capabilities from workflow allowlist
731
769
  const allowedCapabilities = Array.from(this.allowedResolvers)
732
770
  .filter(name => !name.startsWith('llm-') && name !== 'builtInMathResolver')
@@ -737,33 +775,23 @@ class RuntimeAPI {
737
775
  // ────────────────────────────────────────────────
738
776
  // 🇳🇬 NIGERIAN LANGUAGES (Conjugation-aware)
739
777
  // ────────────────────────────────────────────────
740
- // Yoruba (yo) - Perfective "ti" + Progressive "ń/ǹ/n"
741
778
  { pattern: /\bti\s+(?:fi|san|gba|da|lo)\b/i, capability: 'unauthorized_action', lang: 'yo' },
742
779
  { pattern: /\b(?:ń|ǹ|n)\s+(?:fi|san|gba)\b/i, capability: 'unauthorized_action', lang: 'yo' },
743
780
  { pattern: /\b(fi\s+(?:owo|ẹ̀wọ̀|ewo|ku|fun|s'ọkọọ))\b/i, capability: 'transfer', lang: 'yo' },
744
781
  { pattern: /\b(san\s+(?:owo|ẹ̀wọ̀|ewo|fun|wo))\b/i, capability: 'payment', lang: 'yo' },
745
782
  { pattern: /\b(gba\s+owo)\b/i, capability: 'withdrawal', lang: 'yo' },
746
783
  { pattern: /\b(mo\s+ti\s+(?:fi|san|gba))\b/i, capability: 'unauthorized_action', lang: 'yo' },
747
-
748
- // Hausa (ha) - Perfective "ya/ta/su" + Future "za a/za ta"
749
784
  { pattern: /\b(?:ya|ta|su)\s+(?:ciyar|biya|sahawa|sake)\b/i, capability: 'unauthorized_action', lang: 'ha' },
750
785
  { pattern: /\b(?:za\sa|za\s+ta)\s+(?:ciyar|biya)\b/i, capability: 'unauthorized_action', lang: 'ha' },
751
786
  { pattern: /\b(ciyar\s*(?:da)?|ciya\s*(?:da)?|shiga\s+kuɗi)\b/i, capability: 'transfer', lang: 'ha' },
752
787
  { pattern: /\b(biya\s*(?:da)?)\b/i, capability: 'payment', lang: 'ha' },
753
788
  { pattern: /\b(sahaw[ae]\s+kuɗi)\b/i, capability: 'withdrawal', lang: 'ha' },
754
789
  { pattern: /\b(ina\s+(?:ciyar|biya|sahawa))\b/i, capability: 'unauthorized_action', lang: 'ha' },
755
-
756
- // Igbo (ig) - Perfective suffixes
757
790
  { pattern: /\b(?:ziri|bururu|tinyere|gbara)\b/i, capability: 'unauthorized_action', lang: 'ig' },
758
791
  { pattern: /\b(zipu\s+(?:ego|moni|isi|na))\b/i, capability: 'transfer', lang: 'ig' },
759
792
  { pattern: /\b(buru\s+(?:ego|moni|isi))\b/i, capability: 'transfer', lang: 'ig' },
760
793
  { pattern: /\b(tinye\s+(?:ego|moni|isi))\b/i, capability: 'deposit', lang: 'ig' },
761
794
  { pattern: /\b(m\s+(?:ziri|buru|zipuru|tinyere))\b/i, capability: 'unauthorized_action', lang: 'ig' },
762
-
763
- // ────────────────────────────────────────────────
764
- // 🌍 PAN-AFRICAN LANGUAGES (Conjugation-aware + Evasion-resistant)
765
- // ────────────────────────────────────────────────
766
- // Swahili (sw) - ALL ASPECTS: Perfect, Continuous Passive, Future
767
795
  { pattern: /\b(?:ni|u|a|tu|m|wa|ki|vi|zi|i)\s*me\s*(?:ongeza|weka|tuma|peleka|lipa|wasilisha)\b/i, capability: 'unauthorized_action', lang: 'sw' },
768
796
  { pattern: /\b(?:kime|lime|ime|ume|nime|vime|zyme|yame|mame)(?:ongezwa|wekwa|tumwa|pelekwa|lipwa|wasilishwa|fanyika)\b/i, capability: 'unauthorized_action', lang: 'sw' },
769
797
  { pattern: /\b(?:ki|vi|mi|ma|u|wa|i|zi|ya|li|tu|mu|a|pa|ku)na(?:cho|vyo|yo|lo|mo|o)?(?:tum|pelek|wasil|ongez|wek|lip)\w*wa\b/i, capability: 'unauthorized_action', lang: 'sw' },
@@ -772,77 +800,44 @@ class RuntimeAPI {
772
800
  { pattern: /\b(lipa|maliza\s+malipo)\b/i, capability: 'payment', lang: 'sw' },
773
801
  { pattern: /\b(ongez[ae]?\s*(?:kiasi|pesa|fedha)|wek[ae]?\s+(?:katika|ndani)\s+(?:akaunti|hisa))\b/i, capability: 'deposit', lang: 'sw' },
774
802
  { pattern: /\b(nime(?:tuma|lipa|ongeza|weka|peleka))\b/i, capability: 'unauthorized_action', lang: 'sw' },
775
-
776
- // Amharic (am) - Perfective suffix (Ethiopic script)
777
803
  { pattern: /[\u1200-\u137F]{0,4}(?:ተላላፈ|ላክ|ክፈል|ጨምር|ወጣ|ገባ)[\u1200-\u137F]{0,2}(?:\u1205|\u122d|\u1265)[\u1200-\u137F]{0,2}/u, capability: 'financial_action', lang: 'am' },
778
-
779
- // Oromo (om) - Perfective "ni...e"
780
804
  { pattern: /\bni\s+(?:kuufe|dhiibe|kennine|gurgure)\b/i, capability: 'unauthorized_action', lang: 'om' },
781
805
  { pattern: /\b(kuuf\s+(?:qilleensaa|bilbila)|dhiib\s+(?:qilleensaa|bilbila))\b/i, capability: 'transfer', lang: 'om' },
782
806
  { pattern: /\b(kenn\s*i|gurgur\s*i)\b/i, capability: 'payment', lang: 'om' },
783
-
784
- // Fula (ff)
785
807
  { pattern: /\b(sakkit\s+(?:ndo|ndoo)|tawt\s+(?:ndo|ndoo))\b/i, capability: 'transfer', lang: 'ff' },
786
808
  { pattern: /\b(jokk\s*i|soodug\s*i)\b/i, capability: 'payment', lang: 'ff' },
787
-
788
- // Somali (so) - Perfective "waxaa"
789
809
  { pattern: /\bwaxaa\s+(?:diray|bixiyay|ku\s+daray|sameeyay)\b/i, capability: 'unauthorized_action', lang: 'so' },
790
810
  { pattern: /\b(dir\s+(?:lacag|maal|qarsoon))\b/i, capability: 'transfer', lang: 'so' },
791
811
  { pattern: /\b(bixi|bixis\s*o)\b/i, capability: 'payment', lang: 'so' },
792
-
793
- // Zulu (zu) - Perfective "-ile"
794
812
  { pattern: /\b(?:thumel|hlawul|fik)\s*ile\b/i, capability: 'unauthorized_action', lang: 'zu' },
795
813
  { pattern: /\b(thumel\s*a\s+(?:imali|imali))\b/i, capability: 'transfer', lang: 'zu' },
796
814
  { pattern: /\b(hlawul\s*a|hlawulel\s*a)\b/i, capability: 'payment', lang: 'zu' },
797
815
  { pattern: /\b(siyithumel\s*e|siyihlawul\s*e)\b/i, capability: 'unauthorized_action', lang: 'zu' },
798
-
799
- // Shona (sn) - Perfective "-a/-e"
800
816
  { pattern: /\b(?:tumir|bhadhar)\s*a\b/i, capability: 'unauthorized_action', lang: 'sn' },
801
817
  { pattern: /\b(tumir\s*a\s+(?:mhando|ari))\b/i, capability: 'transfer', lang: 'sn' },
802
818
  { pattern: /\b(bhadhara|bhadharis\s*o)\b/i, capability: 'payment', lang: 'sn' },
803
-
804
819
  // ────────────────────────────────────────────────
805
- // 🌐 GLOBAL LANGUAGES (Conjugation-aware)
820
+ // 🌐 GLOBAL LANGUAGES
806
821
  // ────────────────────────────────────────────────
807
- // English (en) - Perfective + Passive
808
822
  { pattern: /\b(?:have|has|had)\s+(?:transferred|sent|paid|withdrawn|deposited|wire[d])\b/i, capability: 'unauthorized_action', lang: 'en' },
809
823
  { pattern: /\b(?:was|were|been)\s+(?:added|credited|transferred|sent|paid)\b/i, capability: 'unauthorized_action', lang: 'en' },
810
824
  { pattern: /\b(transfer(?:red|ring)?|send(?:t|ing)?|wire(?:d)?|pay(?:ed|ing)?|withdraw(?:n)?|deposit(?:ed|ing)?|disburse(?:d)?)\b/i, capability: 'financial_action', lang: 'en' },
811
825
  { pattern: /\bI\s+(?:can|will|am able to|have|'ve|did|already)\s+(?:transfer|send|pay|withdraw|deposit|wire)\b/i, capability: 'unauthorized_action', lang: 'en' },
812
-
813
- // French (fr) - Past participle
814
826
  { pattern: /\b(?:j'?ai|tu as|il a|elle a|nous avons|vous avez|ils ont|elles ont)\s+(?:viré|transféré|envoyé|payé|retiré|déposé)\b/i, capability: 'unauthorized_action', lang: 'fr' },
815
827
  { pattern: /\b(virer|transférer|envoyer|payer|retirer|déposer|débiter|créditer)\b/i, capability: 'financial_action', lang: 'fr' },
816
-
817
- // Arabic (ar) - Perfective past tense
818
828
  { pattern: /[\u0600-\u06FF]{0,3}(?:حوّل|أرسل|ادفع|اودع|سحب)[\u0600-\u06FF]{0,3}(?:ت|نا|تم|تا|تِ|تُ|تَ)[\u0600-\u06FF]{0,3}/u, capability: 'financial_action', lang: 'ar' },
819
829
  { pattern: /[\u0600-\u06FF]{0,3}(?:أنا|تم|لقد)\s*(?:حوّلت|أرسلت|دفعت|اودعت)[\u0600-\u06FF]{0,3}/u, capability: 'unauthorized_action', lang: 'ar' },
820
-
821
- // Chinese (zh) - Perfective "le" particle
822
830
  { pattern: /[\u4e00-\u9fff]{0,2}(?:转账 | 支付 | 存款 | 取款)[\u4e00-\u9fff]{0,2}(?:了)[\u4e00-\u9fff]{0,2}/u, capability: 'financial_action', lang: 'zh' },
823
831
  { pattern: /[\u4e00-\u9fff]{0,2}(?:转账 | 转帐 | 支付 | 付款 | 提款 | 取款 | 存款 | 存入 | 汇款 | 存)[\u4e00-\u9fff]{0,2}/u, capability: 'financial_action', lang: 'zh' },
824
832
  { pattern: /[\u4e00-\u9fff]{0,2}(?:我 | 已 | 已经)\s*(?:转账 | 支付 | 提款 | 存款)[\u4e00-\u9fff]{0,2}/u, capability: 'unauthorized_action', lang: 'zh' },
825
-
826
833
  // ────────────────────────────────────────────────
827
- // 🛡️ EVASION-RESISTANT NUMERIC DECEPTION
828
- // ────────────────────────────────────────────────
829
- {
830
- pattern: /(?:^|\s|[:\(\[])(?:\d{1,3}(?:[,\s.]\d{3})*(?:[.,]\d{1,2})?|\d+(?:[.,]\d{1,2})?)(?:\s*(?:naira|ngn|₦|\$|usd|kes|tzs|ugx|rwf|cdf|xof|xaf|ghs|zar))?.{0,40}(?:account|acct|a\/c|akaunti|asusu|akwụkwọ\s+ọkụ|hesabu|namba|#)\b/i,
831
- capability: 'unauthorized_action',
832
- lang: 'multi'
833
- },
834
-
835
- // ────────────────────────────────────────────────
836
- // 🔒 PII LEAKAGE PATTERNS
834
+ // 🛡️ EVASION-RESISTANT + PII + FAKE CONFIRMATION
837
835
  // ────────────────────────────────────────────────
836
+ { pattern: /(?:^|\s|[:\(\[])(?:\d{1,3}(?:[,\s.]\d{3})*(?:[.,]\d{1,2})?|\d+(?:[.,]\d{1,2})?)(?:\s*(?:naira|ngn|₦|\$|usd|kes|tzs|ugx|rwf|cdf|xof|xaf|ghs|zar))?.{0,40}(?:account|acct|a\/c|akaunti|asusu|akwụkwọ\s+ọkụ|hesabu|namba|#)\b/i, capability: 'unauthorized_action', lang: 'multi' },
838
837
  { pattern: /\b(?:account|acct|a\/c|akaunti|asusu|akwụkwọ\s+ọkụ|hesabu|namba|#)\s*[:\-—–]?\s*(\d{6,})\b/i, capability: 'pii_exposure', lang: 'multi' },
839
838
  { pattern: /\b(?:bvn|bank verification number)\s*[:\-]?\s*(\d{11})\b/i, capability: 'pii_exposure', lang: 'multi' },
840
839
  { pattern: /\b(?:\+?234\s*|0)(?:70|80|81|90|91)\d{8}\b/, capability: 'pii_exposure', lang: 'multi' },
841
-
842
- // ────────────────────────────────────────────────
843
- // ✅ FAKE CONFIRMATION PATTERNS
844
- // ────────────────────────────────────────────────
845
- { pattern: /\b(successful(?:ly)?|confirmed|approved|completed|processed|accepted|verified|imethibitishwa|imefanikiwa|amthibitishwa|ti\s+da|ti\s+ṣe|gụnyere|kimefanyika|yamekamilika)\b/i, capability: 'deceptive_claim', lang: 'multi' }
840
+ { pattern: /\b(successful(?:ly)?|confirmed|approved|completed|processed|accepted|verified|imethibitishwa|imefanikiwa|amthibitishwa|ti\s+da|ti\s+ṣe|gụnyere|kimefanyika|yamekamilika)\b/i, capability: 'deceptive_claim', lang: 'multi' },
846
841
  ];
847
842
 
848
843
  // 🔍 SCAN OUTPUT FOR FORBIDDEN INTENTS
@@ -856,7 +851,7 @@ class RuntimeAPI {
856
851
  c.includes('deposit') ||
857
852
  c.includes('withdraw')
858
853
  );
859
-
854
+
860
855
  if (!hasCapability) {
861
856
  const match = output.match(pattern);
862
857
  return {
@@ -868,42 +863,9 @@ class RuntimeAPI {
868
863
  }
869
864
  }
870
865
  }
871
-
872
- // ✅ SEMANTIC INTENT DRIFT DETECTION
873
- const intent = this.context.__verified_intent;
874
- if (intent) {
875
- if (intent.prohibited_topics && Array.isArray(intent.prohibited_topics)) {
876
- const lower = output.toLowerCase();
877
- for (const topic of intent.prohibited_topics) {
878
- if (lower.includes(topic.toLowerCase())) {
879
- return {
880
- passed: false,
881
- reason: `Resolver output violates prohibited topic "${topic}" defined in __verified_intent`,
882
- detected: topic,
883
- language: 'multi'
884
- };
885
- }
886
- }
887
- }
888
-
889
- if (intent.prohibited_actions && Array.isArray(intent.prohibited_actions)) {
890
- const lower = output.toLowerCase();
891
- for (const action of intent.prohibited_actions) {
892
- if (lower.includes(action.toLowerCase())) {
893
- return {
894
- passed: false,
895
- reason: `Resolver output violates prohibited action "${action}" defined in __verified_intent`,
896
- detected: action,
897
- language: 'multi'
898
- };
899
- }
900
- }
901
- }
902
- }
903
-
866
+
904
867
  return { passed: true };
905
868
  }
906
-
907
869
  // -----------------------------
908
870
  // ✅ CRITICAL FIX: Resolver output unwrapping helper
909
871
  // -----------------------------