@openprose/reactor-cradle 0.1.0-rc.1

package/dist/recompile/index.js

@@ -0,0 +1,690 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.POLICY_RECOMPILE_D1_AUTHOR_CASSETTE_VERSION_V0 = exports.POLICY_RECOMPILE_D1_AUTHOR_CASSETTE_SCHEMA_V0 = exports.POLICY_RECOMPILE_D1_SCENARIO_VERSION_V0 = exports.POLICY_RECOMPILE_D1_SCENARIO_SCHEMA_V0 = void 0;
+exports.makeRecordedPolicyRecompileD1ScenarioV0 = makeRecordedPolicyRecompileD1ScenarioV0;
+exports.assertRecordedPolicyRecompileD1ScenarioV0 = assertRecordedPolicyRecompileD1ScenarioV0;
+exports.createRecordedPolicyRecompileAuthorDoubleV0 = createRecordedPolicyRecompileAuthorDoubleV0;
+exports.createPolicyRecompileGatewayProbeV0 = createPolicyRecompileGatewayProbeV0;
+exports.runRecordedPolicyRecompileD1ProofV0 = runRecordedPolicyRecompileD1ProofV0;
+exports.normalizePolicyRecompileDecisionV0 = normalizePolicyRecompileDecisionV0;
+exports.normalizePolicyRecompileExecutionV0 = normalizePolicyRecompileExecutionV0;
+exports.createRecordedPolicyRecompilePlannerDoubleV0 = createRecordedPolicyRecompilePlannerDoubleV0;
+exports.createRecordedPolicyRecompileExecutorDoubleV0 = createRecordedPolicyRecompileExecutorDoubleV0;
+const node_crypto_1 = require("node:crypto");
+const policy_drift_1 = require("../policy-drift");
+const { canonicalizePolicyArtifactV0, validatePolicyArtifactV0, } = loadReactorPolicy();
+exports.POLICY_RECOMPILE_D1_SCENARIO_SCHEMA_V0 = "openprose.reactor-cradle.recompile-d1-scenario";
+exports.POLICY_RECOMPILE_D1_SCENARIO_VERSION_V0 = 0;
+exports.POLICY_RECOMPILE_D1_AUTHOR_CASSETTE_SCHEMA_V0 = "openprose.reactor-cradle.recompile-d1-author-cassette";
+exports.POLICY_RECOMPILE_D1_AUTHOR_CASSETTE_VERSION_V0 = 0;
+function makeRecordedPolicyRecompileD1ScenarioV0() {
+    const driftScenario = (0, policy_drift_1.makeRecordedPolicyDriftP2ScenarioV0)();
+    const policyArtifact = driftScenario.cost_drift_artifact;
+    const validation = validatePolicyArtifactV0(policyArtifact);
+    if (!validation.ok) {
+        throw new Error(`recorded D1 policy artifact is invalid: ${validation.errors.join("; ")}`);
+    }
+    return {
+        schema: exports.POLICY_RECOMPILE_D1_SCENARIO_SCHEMA_V0,
+        v: exports.POLICY_RECOMPILE_D1_SCENARIO_VERSION_V0,
+        responsibility_id: driftScenario.responsibility_id,
+        contract_revision: driftScenario.contract_revision,
+        contract_summary: [
+            "kind: responsibility",
+            "Goal: The incident channel has a current, accurate briefing.",
+            "Criteria: impact, timeline, owner, next action, and customer-facing status are current.",
+        ].join("\n"),
+        as_of: driftScenario.as_of,
+        last_recompile_at_allowed: "2026-05-18T22:30:00.000Z",
+        last_recompile_at_blocked: "2026-05-18T23:30:00.000Z",
+        min_recompile_interval_ms: policyArtifact.hysteresis.min_recompile_interval_ms,
+        receipt_history: driftScenario.receipt_history,
+        policy_artifact: policyArtifact,
+        policy_artifact_bytes: validation.bytes,
+        policy_artifact_content_hash: validation.content_hash,
+        recompiled_registry_snapshot: makeRecompiledRegistrySnapshotV0(policyArtifact, driftScenario.receipt_history),
+        drift_scenario: driftScenario,
+    };
+}
+function assertRecordedPolicyRecompileD1ScenarioV0(scenario) {
+    if (scenario.schema !== exports.POLICY_RECOMPILE_D1_SCENARIO_SCHEMA_V0) {
+        throw new Error("policy recompile D1 scenario schema is malformed");
+    }
+    if (scenario.v !== exports.POLICY_RECOMPILE_D1_SCENARIO_VERSION_V0) {
+        throw new Error("policy recompile D1 scenario version must be 0");
+    }
+    if (scenario.receipt_history.length === 0) {
+        throw new Error("policy recompile D1 scenario must include receipt history");
+    }
+    if (scenario.min_recompile_interval_ms !==
+        scenario.policy_artifact.hysteresis.min_recompile_interval_ms) {
+        throw new Error("policy recompile D1 scenario min interval must match artifact hysteresis");
+    }
+    assertRecompileIntervalVariant(scenario, scenario.last_recompile_at_allowed, "allowed");
+    assertRecompileIntervalVariant(scenario, scenario.last_recompile_at_blocked, "blocked");
+    if (scenario.policy_artifact.falsification_predicate.kind !==
+        "greater-than-or-equal" ||
+        scenario.policy_artifact.falsification_predicate.fact !==
+            policy_drift_1.POLICY_DRIFT_P2_COST_FACT) {
+        throw new Error("policy recompile D1 scenario must use the P2 cost trip");
+    }
+    const validation = validatePolicyArtifactV0(scenario.policy_artifact);
+    if (!validation.ok) {
+        throw new Error(`policy recompile D1 artifact is invalid: ${validation.errors.join("; ")}`);
+    }
+    if (validation.bytes !== scenario.policy_artifact_bytes) {
+        throw new Error("policy recompile D1 artifact bytes are stale");
+    }
+    if (validation.content_hash !== scenario.policy_artifact_content_hash) {
+        throw new Error("policy recompile D1 artifact content hash is stale");
+    }
+    assertRegistrySnapshotMatchesScenario(scenario.recompiled_registry_snapshot, scenario);
+}
+function createRecordedPolicyRecompileAuthorDoubleV0(scenario) {
+    assertRecordedPolicyRecompileD1ScenarioV0(scenario);
+    const invocations = [];
+    const agentExchanges = [];
+    const recompiledArtifact = readRecompiledArtifactFromScenario(scenario);
+    const authorPolicyArtifactV0 = (input) => {
+        assertPolicyAuthorInputMatchesScenario(input, scenario);
+        const inputSnapshot = createCanonicalSnapshot(sanitizeForCanonical(input), "policy recompile author input");
+        const outputSnapshot = createCanonicalSnapshot(scenario.recompiled_registry_snapshot, "policy recompile author output");
+        invocations.push({
+            input: inputSnapshot.value,
+            input_canonical: inputSnapshot.canonical,
+            input_hash: inputSnapshot.hash,
+            output: outputSnapshot.value,
+            output_canonical: outputSnapshot.canonical,
+            output_hash: outputSnapshot.hash,
+        });
+        return cloneFromCanonical(outputSnapshot);
+    };
+    const agentSdk = {
+        launch(request) {
+            if (request.kind !== "policy-author") {
+                throw new Error("policy recompile author double only handles policy-author launches");
+            }
+            const requestSnapshot = createCanonicalSnapshot(sanitizeForCanonical(request), "policy recompile author agent request");
+            const exchangeIndex = agentExchanges.length;
+            const response = exchangeIndex === 0
+                ? {
+                    payload: recompiledArtifact.provenance.history_query,
+                }
+                : exchangeIndex === 1
+                    ? {
+                        payload: {
+                            schema: "openprose.reactor.policy-author.artifact-response",
+                            v: 0,
+                            artifact: recompiledArtifact,
+                        },
+                    }
+                    : undefined;
+            if (response === undefined) {
+                throw new Error(`unexpected policy recompile author launch ${exchangeIndex}`);
+            }
+            const responseSnapshot = createCanonicalSnapshot(response, "policy recompile author agent response");
+            agentExchanges.push({
+                request: requestSnapshot.value,
+                request_canonical: requestSnapshot.canonical,
+                request_hash: requestSnapshot.hash,
+                response: responseSnapshot.value,
+                response_canonical: responseSnapshot.canonical,
+                response_hash: responseSnapshot.hash,
+            });
+            return cloneFromCanonical(responseSnapshot);
+        },
+    };
+    return {
+        authorPolicyArtifactV0,
+        agentSdk,
+        get cassette() {
+            return {
+                schema: exports.POLICY_RECOMPILE_D1_AUTHOR_CASSETTE_SCHEMA_V0,
+                v: exports.POLICY_RECOMPILE_D1_AUTHOR_CASSETTE_VERSION_V0,
+                invocations: invocations.map((invocation) => ({ ...invocation })),
+                agent_exchanges: agentExchanges.map((exchange) => ({ ...exchange })),
+                author_session_count: countAuthorSessions(invocations, agentExchanges),
+            };
+        },
+        get invocation_count() {
+            return countAuthorSessions(invocations, agentExchanges);
+        },
+        assertInvokedExactly(expected) {
+            const actual = countAuthorSessions(invocations, agentExchanges);
+            if (actual !== expected) {
+                throw new Error(`expected policy recompile author to be invoked ${expected} time(s), received ${actual}`);
+            }
+        },
+    };
+}
+function createPolicyRecompileGatewayProbeV0() {
+    let agentLaunchCount = 0;
+    let modelGatewayInvocationCount = 0;
+    const agentSdk = {
+        launch(_request) {
+            agentLaunchCount += 1;
+            throw new Error("policy recompile D1 proof must not launch agent SDK directly");
+        },
+    };
+    const modelGateway = {
+        invoke(_request) {
+            modelGatewayInvocationCount += 1;
+            throw new Error("policy recompile D1 proof must not call model gateway");
+        },
+    };
+    return {
+        agentSdk,
+        agent_sdk: agentSdk,
+        modelGateway,
+        model_gateway: modelGateway,
+        get agent_launch_count() {
+            return agentLaunchCount;
+        },
+        get model_gateway_invocation_count() {
+            return modelGatewayInvocationCount;
+        },
+        assertNoInvocations() {
+            if (agentLaunchCount !== 0 || modelGatewayInvocationCount !== 0) {
+                throw new Error(`policy recompile D1 proof invoked forbidden inference gateways: agent=${agentLaunchCount}, model=${modelGatewayInvocationCount}`);
+            }
+        },
+    };
+}
+async function runRecordedPolicyRecompileD1ProofV0(input) {
+    const scenario = input.scenario ?? makeRecordedPolicyRecompileD1ScenarioV0();
+    assertRecordedPolicyRecompileD1ScenarioV0(scenario);
+    const requested = normalizePolicyRecompileDecisionV0(await input.planPolicyRecompileV0(buildPlanInput(scenario, scenario.last_recompile_at_allowed)));
+    assertRecompileDecision(requested, "recompile-requested", scenario);
+    const requestedAuthor = createRecordedPolicyRecompileAuthorDoubleV0(scenario);
+    const requestedProbe = createPolicyRecompileGatewayProbeV0();
+    const requestedExecution = normalizePolicyRecompileExecutionV0(await input.executePolicyRecompileV0(buildExecutionInput(scenario, requested, scenario.last_recompile_at_allowed, requestedAuthor, requestedProbe)), requested, requestedAuthor.invocation_count);
+    requestedAuthor.assertInvokedExactly(1);
+    requestedProbe.assertNoInvocations();
+    assertRegistrySnapshotMatchesScenario(requestedExecution.registry_snapshot ?? scenario.recompiled_registry_snapshot, scenario);
+    const delayed = normalizePolicyRecompileDecisionV0(await input.planPolicyRecompileV0(buildPlanInput(scenario, scenario.last_recompile_at_blocked)));
+    assertRecompileDecision(delayed, "recompile-delayed", scenario);
+    const delayedAuthor = createRecordedPolicyRecompileAuthorDoubleV0(scenario);
+    const delayedProbe = createPolicyRecompileGatewayProbeV0();
+    const delayedExecution = normalizePolicyRecompileExecutionV0(await input.executePolicyRecompileV0(buildExecutionInput(scenario, delayed, scenario.last_recompile_at_blocked, delayedAuthor, delayedProbe)), delayed, delayedAuthor.invocation_count);
+    delayedAuthor.assertInvokedExactly(0);
+    delayedProbe.assertNoInvocations();
+    return {
+        scenario,
+        requested,
+        delayed,
+        requested_execution: requestedExecution,
+        delayed_execution: delayedExecution,
+        requested_author_cassette: requestedAuthor.cassette,
+        delayed_author_cassette: delayedAuthor.cassette,
+        requested_policy_author_invocation_count: 1,
+        delayed_policy_author_invocation_count: 0,
+        gateway_invocations: {
+            requested: {
+                agent_launch_count: 0,
+                model_gateway_invocation_count: 0,
+            },
+            delayed: {
+                agent_launch_count: 0,
+                model_gateway_invocation_count: 0,
+            },
+        },
+    };
+}
+function normalizePolicyRecompileDecisionV0(result) {
+    if (!isRecord(result)) {
+        throw new Error("policy recompile decision must be an object");
+    }
+    const outcome = readRecompileOutcome(result["outcome"] ?? result["decision"] ?? result["status"] ?? result["kind"]);
+    const driftRecord = readOptionalRecord(result["drift_evaluation"] ??
+        result["policy_drift"] ??
+        result["drift"] ??
+        result["trigger"] ??
+        result["trigger_evaluation"]);
+    const driftOutcome = driftRecord === undefined
+        ? undefined
+        : readOptionalDriftOutcome(driftRecord["outcome"] ??
+            driftRecord["status"] ??
+            driftRecord["decision"] ??
+            driftRecord["kind"]);
+    const evidenceReceiptHashes = readContentHashArrayFromUnknown(result["evidence_receipt_hashes"] ??
+        result["evidence_hashes"] ??
+        result["receipt_hashes"] ??
+        driftRecord?.["evidence_receipt_hashes"] ??
+        driftRecord?.["evidence_hashes"] ??
+        [], "policy recompile evidence receipt hashes");
+    return {
+        outcome,
+        ...(driftOutcome === undefined ? {} : { drift_outcome: driftOutcome }),
+        evidence_receipt_hashes: evidenceReceiptHashes,
+        raw: result,
+    };
+}
+function normalizePolicyRecompileExecutionV0(result, decision, authorInvocationCount) {
+    const resultRecord = isRecord(result) ? result : undefined;
+    const registrySnapshot = readOptionalRegistrySnapshot(resultRecord?.["registry_snapshot"] ??
+        resultRecord?.["registry"] ??
+        resultRecord?.["snapshot"] ??
+        resultRecord?.["policy_registry_snapshot"]);
+    const rawOutcome = resultRecord?.["outcome"] ?? resultRecord?.["status"];
+    const outcome = rawOutcome === "recompiled" ||
+        rawOutcome === "policy-recompiled" ||
+        rawOutcome === "recompile-authored" ||
+        rawOutcome === "executed"
+        ? "recompiled"
+        : rawOutcome === "skipped" ||
+            rawOutcome === "noop" ||
+            rawOutcome === "no-op" ||
+            rawOutcome === "recompile-delayed"
+            ? "skipped"
+            : decision.outcome === "recompile-requested" && authorInvocationCount === 1
+                ? "recompiled"
+                : decision.outcome !== "recompile-requested" && authorInvocationCount === 0
+                    ? "skipped"
+                    : "unknown";
+    return {
+        outcome,
+        ...(registrySnapshot === undefined ? {} : { registry_snapshot: registrySnapshot }),
+        raw: result,
+    };
+}
+function createRecordedPolicyRecompilePlannerDoubleV0() {
+    return (input) => {
+        const lastRecompileAt = input.last_recompile_at;
+        if (lastRecompileAt === null) {
+            throw new Error("recorded D1 planner double requires last_recompile_at");
+        }
+        const intervalMs = input.artifact.hysteresis.min_recompile_interval_ms;
+        const elapsedMs = parseReplayableInstantMs(input.as_of, "as_of") -
+            parseReplayableInstantMs(lastRecompileAt, "last_recompile_at");
+        const outcome = elapsedMs >= intervalMs ? "recompile-requested" : "recompile-delayed";
+        return {
+            schema: "openprose.reactor-cradle.recompile-d1-planner-double",
+            v: 0,
+            outcome,
+            reason: outcome === "recompile-requested"
+                ? "policy drift predicate tripped and min interval elapsed"
+                : "policy drift predicate tripped but min interval has not elapsed",
+            as_of: input.as_of,
+            last_recompile_at: lastRecompileAt,
+            min_recompile_interval_ms: intervalMs,
+            evidence_receipt_hashes: input.receipt_history.map((receipt) => receipt.content_hash),
+            drift_evaluation: {
+                outcome: "tripped",
+                facts: {
+                    [policy_drift_1.POLICY_DRIFT_P2_COST_FACT]: 1725,
+                    [policy_drift_1.POLICY_DRIFT_P2_BACKSTOP_FACT]: 0,
+                    "receipt.escalation_precision_7d": 0.5,
+                },
+                predicate: {
+                    outcome: "tripped",
+                },
+                evidence_receipt_hashes: input.receipt_history.map((receipt) => receipt.content_hash),
+            },
+        };
+    };
+}
+function createRecordedPolicyRecompileExecutorDoubleV0() {
+    return async (input) => {
+        const decision = normalizePolicyRecompileDecisionV0(input.decision);
+        if (decision.outcome !== "recompile-requested") {
+            return {
+                schema: "openprose.reactor-cradle.recompile-d1-executor-double",
+                v: 0,
+                outcome: "skipped",
+                skipped_reason: decision.outcome,
+                decision: input.decision,
+            };
+        }
+        const snapshot = await input.authorPolicyArtifactV0({
+            responsibility_id: input.responsibility_id,
+            contract_revision: input.contract_revision,
+            contract_summary: input.contract_summary,
+            no_anchor: input.no_anchor,
+            live_observables: input.live_observables,
+            receipt_history: input.receipt_history,
+            receipts: input.receipt_history,
+            as_of: input.as_of,
+            policy_artifact_namespace: input.policy_artifact_namespace,
+            trigger_decision: input.decision,
+        });
+        return {
+            schema: "openprose.reactor-cradle.recompile-d1-executor-double",
+            v: 0,
+            outcome: "recompiled",
+            decision: input.decision,
+            registry_snapshot: snapshot,
+        };
+    };
+}
+function buildPlanInput(scenario, lastRecompileAt) {
+    return {
+        artifact: scenario.policy_artifact,
+        policy_artifact: scenario.policy_artifact,
+        receipts: scenario.receipt_history,
+        receipt_history: scenario.receipt_history,
+        as_of: scenario.as_of,
+        last_recompile_at: lastRecompileAt,
+        last_policy_recompile_at: lastRecompileAt,
+        last_policy_revalidated_at: lastRecompileAt ?? scenario.as_of,
+        last_unforced_deep_at: lastRecompileAt ?? scenario.as_of,
+    };
+}
+function buildExecutionInput(scenario, decision, lastRecompileAt, authorDouble, gatewayProbe) {
+    return {
+        decision: decision.raw,
+        plan: decision.raw,
+        recompile_decision: decision.raw,
+        normalized_decision: decision,
+        artifact: scenario.policy_artifact,
+        policy_artifact: scenario.policy_artifact,
+        receipts: scenario.receipt_history,
+        receipt_history: scenario.receipt_history,
+        responsibility_id: scenario.responsibility_id,
+        contract_revision: scenario.contract_revision,
+        contract_summary: scenario.contract_summary,
+        no_anchor: scenario.policy_artifact.no_anchor,
+        live_observables: scenario.policy_artifact.live_observables,
+        as_of: scenario.as_of,
+        last_recompile_at: lastRecompileAt,
+        last_policy_recompile_at: lastRecompileAt,
+        policy_artifact_namespace: scenario.policy_artifact.registry_id,
+        authorPolicyArtifactV0: authorDouble.authorPolicyArtifactV0,
+        author_policy_artifact_v0: authorDouble.authorPolicyArtifactV0,
+        author_input: {
+            responsibility_id: scenario.responsibility_id,
+            contract_revision: scenario.contract_revision,
+            contract_summary: scenario.contract_summary,
+            no_anchor: scenario.policy_artifact.no_anchor,
+            live_observables: scenario.policy_artifact.live_observables,
+            receipt_history: scenario.receipt_history,
+            agentSdk: authorDouble.agentSdk,
+            policy_artifact_namespace: scenario.policy_artifact.registry_id,
+        },
+        agentSdk: gatewayProbe.agentSdk,
+        agent_sdk: gatewayProbe.agent_sdk,
+        modelGateway: gatewayProbe.modelGateway,
+        model_gateway: gatewayProbe.model_gateway,
+    };
+}
+function makeRecompiledRegistrySnapshotV0(previousArtifact, receiptHistory) {
+    const historyQuery = {
+        schema: "openprose.reactor.policy-author.history-query",
+        v: 0,
+        selected_receipt_hashes: previousArtifact.provenance.explored_receipt_hashes,
+        rationale: "recorded D1 proof selects the same tripping receipt slice before authoring",
+    };
+    const nextArtifact = {
+        ...previousArtifact,
+        policy_revision: `${previousArtifact.policy_revision}.d1-recompiled`,
+        provenance: {
+            contract_revision: previousArtifact.provenance.contract_revision,
+            receipt_history_summary_hash: hashPolicyAuthorReceiptHistorySummary(receiptHistory),
+            explored_receipt_hashes: previousArtifact.provenance.explored_receipt_hashes,
+            history_query: historyQuery,
+        },
+    };
+    const validation = validatePolicyArtifactV0(nextArtifact);
+    if (!validation.ok) {
+        throw new Error(`recorded D1 recompiled artifact is invalid: ${validation.errors.join("; ")}`);
+    }
+    const validationState = {
+        status: "validated",
+        validator_id: "openprose.reactor-cradle.recompile-d1-recorded-author",
+    };
+    return {
+        contract_revision: validation.artifact.provenance.contract_revision,
+        policy_artifact_id: validation.artifact.registry_id,
+        policy_artifact_identity: validation.artifact.registry_id,
+        policy_artifact_namespace: validation.artifact.registry_id,
+        policy_artifact_revision: validation.artifact.policy_revision,
+        policy_artifact_validation_state: validationState,
+        validation_state: validationState,
+        policy_artifact_bytes: canonicalizePolicyArtifactV0(validation.artifact),
+        policy_artifact_content_hash: validation.content_hash,
+    };
+}
+function readRecompiledArtifactFromScenario(scenario) {
+    const bytes = scenario.recompiled_registry_snapshot.policy_artifact_bytes;
+    if (typeof bytes !== "string" || bytes.length === 0) {
+        throw new Error("recorded D1 recompiled snapshot must carry artifact bytes");
+    }
+    const parsed = JSON.parse(bytes);
+    const validation = validatePolicyArtifactV0(parsed);
+    if (!validation.ok) {
+        throw new Error(`recorded D1 recompiled snapshot artifact is invalid: ${validation.errors.join("; ")}`);
+    }
+    return validation.artifact;
+}
+function hashPolicyAuthorReceiptHistorySummary(receiptHistory) {
+    return hashCanonical(renderCanonical(receiptHistory.map((receipt) => ({
+        content_hash: receipt.content_hash,
+        contract_revision: receipt.core.contract_revision,
+        as_of: receipt.core.as_of,
+        role: receipt.core.role,
+        event_cause: receipt.core.event_cause,
+        verdict_status: receipt.verdict.status,
+        next_forecast_recheck: receipt.freshness.next_forecast_recheck,
+        surprise_cause: receipt.cost.surprise_cause,
+    }))));
+}
+function countAuthorSessions(invocations, agentExchanges) {
+    return invocations.length + Math.floor(agentExchanges.length / 2);
+}
+function assertRecompileDecision(decision, expected, scenario) {
+    if (decision.outcome !== expected) {
+        throw new Error(`expected policy recompile decision ${expected}, received ${decision.outcome}`);
+    }
+    if (decision.drift_outcome !== undefined &&
+        decision.drift_outcome !== "tripped") {
+        throw new Error(`policy recompile D1 must preserve tripped drift evidence, received ${decision.drift_outcome}`);
+    }
+    if (decision.evidence_receipt_hashes.length === 0) {
+        throw new Error("policy recompile D1 decision must expose drift evidence receipts");
+    }
+    const knownHashes = new Set(scenario.receipt_history.map((receipt) => receipt.content_hash));
+    const unknownHashes = decision.evidence_receipt_hashes.filter((hash) => !knownHashes.has(hash));
+    if (unknownHashes.length > 0) {
+        throw new Error(`policy recompile D1 decision referenced receipts outside the recorded log: ${unknownHashes.join(", ")}`);
+    }
+}
+function assertRecompileIntervalVariant(scenario, lastRecompileAt, variant) {
+    const elapsedMs = parseReplayableInstantMs(scenario.as_of, "scenario.as_of") -
+        parseReplayableInstantMs(lastRecompileAt, `scenario.${variant}_last_recompile_at`);
+    if (variant === "allowed" && elapsedMs < scenario.min_recompile_interval_ms) {
+        throw new Error("D1 allowed variant must be outside the min interval");
+    }
+    if (variant === "blocked" && elapsedMs >= scenario.min_recompile_interval_ms) {
+        throw new Error("D1 blocked variant must be inside the min interval");
+    }
+}
+function assertRegistrySnapshotMatchesScenario(snapshot, scenario) {
+    if (snapshot.policy_artifact_revision.length === 0) {
+        throw new Error("policy recompile registry snapshot must name a revision");
+    }
+    if (snapshot.policy_artifact_namespace.length === 0) {
+        throw new Error("policy recompile registry snapshot must name a namespace");
+    }
+    if (snapshot.contract_revision !== undefined &&
+        snapshot.contract_revision !== scenario.contract_revision) {
+        throw new Error("policy recompile registry snapshot changed contract revision");
+    }
+    if (typeof snapshot.policy_artifact_bytes === "string" &&
+        snapshot.policy_artifact_content_hash !== hashCanonical(snapshot.policy_artifact_bytes)) {
+        throw new Error("policy recompile registry snapshot content hash is stale");
+    }
+}
+function assertPolicyAuthorInputMatchesScenario(input, scenario) {
+    if (!isRecord(input)) {
+        throw new Error("policy recompile author input must be an object");
+    }
+    const responsibilityId = input["responsibility_id"];
+    if (typeof responsibilityId === "string" &&
+        responsibilityId !== scenario.responsibility_id) {
+        throw new Error("policy recompile author received the wrong responsibility");
+    }
+    const contractRevision = input["contract_revision"];
+    if (typeof contractRevision === "string" &&
+        contractRevision !== scenario.contract_revision) {
+        throw new Error("policy recompile author received the wrong contract revision");
+    }
+    const receiptValue = input["receipt_history"] ?? input["receipts"];
+    if (!Array.isArray(receiptValue)) {
+        throw new Error("policy recompile author must receive recorded receipt history");
+    }
+    const inputHashes = receiptValue.map((receipt, index) => {
+        if (!isRecord(receipt) || typeof receipt["content_hash"] !== "string") {
+            throw new Error(`policy recompile author receipt ${index} lacks content_hash`);
+        }
+        return receipt["content_hash"];
+    });
+    const scenarioHashes = scenario.receipt_history.map((receipt) => receipt.content_hash);
+    if (inputHashes.join("\0") !== scenarioHashes.join("\0")) {
+        throw new Error("policy recompile author received a different receipt history");
+    }
+}
+function readRecompileOutcome(value) {
+    if (value === "no-recompile-needed" ||
+        value === "recompile-requested" ||
+        value === "recompile-delayed" ||
+        value === "needs-judgment") {
+        return value;
+    }
+    throw new Error("policy recompile decision outcome must be no-recompile-needed, recompile-requested, recompile-delayed, or needs-judgment");
+}
+function readOptionalDriftOutcome(value) {
+    if (value === "not-tripped" ||
+        value === "tripped" ||
+        value === "indeterminate") {
+        return value;
+    }
+    return undefined;
+}
+function readOptionalRecord(value) {
+    return isRecord(value) ? value : undefined;
+}
+function readOptionalRegistrySnapshot(value) {
+    if (!isRecord(value)) {
+        return undefined;
+    }
+    if (typeof value["policy_artifact_namespace"] !== "string" ||
+        typeof value["policy_artifact_revision"] !== "string") {
+        return undefined;
+    }
+    return value;
+}
+function readContentHashArrayFromUnknown(value, label) {
+    if (!Array.isArray(value)) {
+        throw new Error(`${label} must be an array`);
+    }
+    const hashes = value.map((item, index) => {
+        if (typeof item !== "string" || !isContentHash(item)) {
+            throw new Error(`${label}[${index}] must be a sha256 content hash`);
+        }
+        return item;
+    });
+    return Object.freeze(hashes);
+}
+function createCanonicalSnapshot(value, label) {
+    try {
+        const canonical = renderCanonical(value);
+        return {
+            value: JSON.parse(canonical),
+            canonical,
+            hash: hashCanonical(canonical),
+        };
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : "canonicalization failed";
+        throw new Error(`${label} must be canonical JSON: ${message}`);
+    }
+}
+function cloneFromCanonical(snapshot) {
+    return JSON.parse(snapshot.canonical);
+}
+function sanitizeForCanonical(value) {
+    if (value === null ||
+        typeof value === "string" ||
+        typeof value === "number" ||
+        typeof value === "boolean") {
+        return value;
+    }
+    if (typeof value === "function") {
+        return "[function]";
+    }
+    if (Array.isArray(value)) {
+        return value.map((item) => sanitizeForCanonical(item));
+    }
+    if (isRecord(value)) {
+        const sanitized = {};
+        for (const [key, child] of Object.entries(value)) {
+            sanitized[key] = sanitizeForCanonical(child);
+        }
+        return sanitized;
+    }
+    return String(value);
+}
+function renderCanonical(value) {
+    if (value === null) {
+        return "null";
+    }
+    switch (typeof value) {
+        case "boolean":
+            return value ? "true" : "false";
+        case "number":
+            if (!Number.isFinite(value)) {
+                throw new TypeError("Cannot canonicalize non-finite numbers");
+            }
+            return JSON.stringify(value);
+        case "string":
+            return JSON.stringify(value);
+        case "object":
+            if (Array.isArray(value)) {
+                return `[${value.map((item) => renderCanonical(item)).join(",")}]`;
+            }
+            if (!isRecord(value)) {
+                throw new TypeError("Cannot canonicalize non-plain objects");
+            }
+            return `{${Object.keys(value)
+                .sort((left, right) => left.localeCompare(right))
+                .map((key) => `${JSON.stringify(key)}:${renderCanonical(value[key])}`)
+                .join(",")}}`;
+        default:
+            throw new TypeError(`Cannot canonicalize ${typeof value}`);
+    }
+}
+function hashCanonical(canonical) {
+    return `sha256:${(0, node_crypto_1.createHash)("sha256").update(canonical).digest("hex")}`;
+}
+function isContentHash(value) {
+    return /^sha256:[a-f0-9]{64}$/.test(value);
+}
+function parseReplayableInstantMs(value, path) {
+    if (!/^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(?:\.\d{3})?Z$/.test(value)) {
+        throw new Error(`${path} must be a replayable UTC ISO instant`);
+    }
+    const ms = Date.parse(value);
+    if (!Number.isSafeInteger(ms)) {
+        throw new Error(`${path} must parse to a safe millisecond instant`);
+    }
+    return ms;
+}
+function isRecord(value) {
+    return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function loadReactorPolicy() {
+    try {
+        return require("@openprose/reactor/policy");
+    }
+    catch (error) {
+        if (isMissingReactorSubpath(error, "@openprose/reactor/policy")) {
+            return require("../../../reactor/dist/policy");
+        }
+        throw error;
+    }
+}
+function isMissingReactorSubpath(error, subpath) {
+    return (isRecord(error) &&
+        error["code"] === "MODULE_NOT_FOUND" &&
+        typeof error["message"] === "string" &&
+        error["message"].includes(subpath));
+}