@oscharko-dev/keiko-evidence 0.2.0

package/dist/qualityIntelligence/store.js

@@ -0,0 +1,483 @@
+// Local-state store for Quality Intelligence runs (Issue #274, Epic #270, ADR-0023 D7+D8).
+//
+// Extends the existing `keiko-evidence` JSON-on-disk discipline (NOT a separate database, NOT a
+// new runtime dependency) per ADR-0023 D7 "extend, don't fork". Each QI run is persisted as one
+// schema-validated JSON file `<runId>.qi.json` under a `qi/` subdirectory of the evidence base
+// dir; the four conceptual "tables" of the brief (runs / findings / exports / evidence-refs)
+// surface as the readonly arrays on the manifest itself.
+//
+// Why JSON-on-disk and not a new SQLite table set: the local-state contract (issue #175) freezes
+// the on-disk surface to "evidence is JSON". Introducing a SQLite DB inside keiko-evidence would
+// fork the contract. The brief explicitly allows the "analogous structure if the store is not
+// SQLite" alternative.
+//
+// Safety:
+// - Base dir is realpath-contained once at construction; every child path is derived from a
+//   validated runId and the lexical directory entry is inspected before overwrite/delete.
+// - File names are derived from the VALIDATED runId via assertValidRunId — no separator/`..`/NUL
+//   can reach the resolved path.
+// - Writes are atomic O_EXCL temp + rename. A partial write leaves a `.tmp` that is invisible to
+//   list (which only counts `.qi.json` suffixes), so an unclean shutdown never surfaces a
+//   half-written run.
+// - The QI base dir is created with mode 0o700, files with the default umask + 0o600 intent (the
+//   atomic temp inherits the umask; the rename preserves it).
+import { createHash, randomUUID } from "node:crypto";
+import { chmodSync, mkdirSync, readdirSync, readFileSync, lstatSync, renameSync, rmSync, writeFileSync, } from "node:fs";
+import { join, resolve } from "node:path";
+import { resolveWithinWorkspace } from "@oscharko-dev/keiko-workspace";
+import { nodeWorkspaceFs } from "@oscharko-dev/keiko-workspace/internal/fs";
+import { assertValidRunId } from "@oscharko-dev/keiko-security";
+import { EvidenceReadError, EvidenceWriteError } from "../errors.js";
+import { QUALITY_INTELLIGENCE_EVIDENCE_SCHEMA_VERSION, validateQualityIntelligenceEvidenceManifest, } from "./manifestSchema.js";
+import { redactQualityIntelligenceEvidence, } from "./redaction.js";
+// `qi/` subdir of the evidence base; chosen so `listEvidence()` (the existing API for run-level
+// JSON manifests) does NOT see QI manifests by accident — different layer, different shape.
+export const QI_SUBDIR = "qi";
+const QI_MANIFEST_SUFFIX = ".qi.json";
+const QI_DIR_MODE = 0o700;
+// ─── In-memory store (tests + future port-injected callers) ─────────────────────────
+export function createInMemoryQualityIntelligenceLocalStore() {
+    const data = new Map();
+    return {
+        record: (manifest) => {
+            assertValidRunId(manifest.runId);
+            data.set(manifest.runId, manifest);
+            return `${manifest.runId}${QI_MANIFEST_SUFFIX}`;
+        },
+        load: (runId) => {
+            assertValidRunId(runId);
+            return data.get(runId);
+        },
+        list: () => [...data.keys()].sort(),
+        location: (runId) => {
+            assertValidRunId(runId);
+            return `${runId}${QI_MANIFEST_SUFFIX}`;
+        },
+        delete: (runId) => {
+            assertValidRunId(runId);
+            return data.delete(runId);
+        },
+    };
+}
+// ─── Node adapter ──────────────────────────────────────────────────────────────────
+function prepareQiBaseDir(baseDir, fs) {
+    try {
+        mkdirSync(baseDir, { recursive: true, mode: QI_DIR_MODE });
+        return fs.realPath(baseDir);
+    }
+    catch (error) {
+        throw new EvidenceWriteError(`cannot create QI evidence directory: ${error instanceof Error ? error.message : "unknown"}`);
+    }
+}
+function existingQiBaseDir(baseDir, fs) {
+    if (!fs.exists(baseDir)) {
+        return undefined;
+    }
+    try {
+        return fs.realPath(baseDir);
+    }
+    catch (error) {
+        throw new EvidenceReadError(`cannot read QI evidence directory: ${error instanceof Error ? error.message : "unknown"}`);
+    }
+}
+function lexicalQiManifestPath(runId, realBase) {
+    assertValidRunId(runId);
+    return resolveWithinWorkspace(realBase, `${runId}${QI_MANIFEST_SUFFIX}`);
+}
+function isQiManifestName(name) {
+    if (!name.endsWith(QI_MANIFEST_SUFFIX)) {
+        return false;
+    }
+    const runId = name.slice(0, name.length - QI_MANIFEST_SUFFIX.length);
+    try {
+        assertValidRunId(runId);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+function isSingleLinkRegularFile(path, fs) {
+    try {
+        const stat = fs.stat(path);
+        return stat.isFile && (stat.hardLinkCount ?? 1) <= 1;
+    }
+    catch (error) {
+        throw new EvidenceReadError(`cannot inspect QI manifest: ${error instanceof Error ? error.message : "unknown"}`);
+    }
+}
+function assertWritableQiManifestEntry(target, fs) {
+    const entry = lstatSync(target, { throwIfNoEntry: false });
+    if (entry === undefined)
+        return;
+    if (!entry.isFile() || !isSingleLinkRegularFile(target, fs)) {
+        throw new EvidenceWriteError("cannot overwrite a non-ledger QI manifest");
+    }
+}
+function listQiRunIds(realBase, fs) {
+    const runIds = [];
+    try {
+        for (const entry of readdirSync(realBase, { withFileTypes: true })) {
+            if (entry.isSymbolicLink() ||
+                !entry.isFile() ||
+                !isQiManifestName(entry.name) ||
+                !isSingleLinkRegularFile(join(realBase, entry.name), fs)) {
+                continue;
+            }
+            runIds.push(entry.name.slice(0, entry.name.length - QI_MANIFEST_SUFFIX.length));
+        }
+    }
+    catch (error) {
+        throw new EvidenceReadError(`cannot list QI manifests: ${error instanceof Error ? error.message : "unknown"}`);
+    }
+    return runIds.sort();
+}
+function atomicWriteQiManifest(target, json, randomSuffix) {
+    const temp = `${target}.${randomSuffix()}.tmp`;
+    try {
+        writeFileSync(temp, json, { encoding: "utf8", flag: "wx" });
+        // Best-effort 0o600 on the temp file (the rename preserves the mode). Failure is non-fatal:
+        // POSIX-default umask handles the common case; the assertion is realpath containment, not
+        // permission bits.
+        try {
+            chmodSync(temp, 0o600);
+        }
+        catch {
+            // ignore; not all filesystems support chmod (e.g. Windows)
+        }
+        renameSync(temp, target);
+    }
+    catch (error) {
+        rmSync(temp, { force: true });
+        throw new EvidenceWriteError(`QI manifest write failed: ${error instanceof Error ? error.message : "unknown"}`);
+    }
+}
+function reportQiLocation(baseDir, fs, runId) {
+    assertValidRunId(runId);
+    const realBase = existingQiBaseDir(baseDir, fs);
+    return realBase === undefined
+        ? join(resolve(baseDir), `${runId}${QI_MANIFEST_SUFFIX}`)
+        : lexicalQiManifestPath(runId, realBase);
+}
+function parseAndValidateManifest(json) {
+    let parsed;
+    try {
+        parsed = JSON.parse(json);
+    }
+    catch (error) {
+        throw new EvidenceReadError(`QI manifest is not valid JSON: ${error instanceof Error ? error.message : "unknown"}`);
+    }
+    const validation = validateQualityIntelligenceEvidenceManifest(parsed);
+    if (!validation.ok) {
+        throw new EvidenceReadError(`QI manifest schema invalid: ${validation.reason ?? "unknown"}`);
+    }
+    const manifest = parsed;
+    // Issue #637 — verify recorded SHA-256 integrity hashes AND totals against the live
+    // collections on read. The strict-schema gate above only validates the schema-version literal,
+    // the closed top-level key set, and the status enum; it does NOT detect a tampered finding /
+    // export / evidenceRef payload or a totals/collections drift. Failing closed here keeps the
+    // BFF list endpoint from surfacing corrupted runs and forces the detail endpoint into its
+    // controlled error path.
+    assertManifestIntegrity(manifest);
+    return manifest;
+}
+function assertHashMatches(label, expected, stored) {
+    if (expected !== stored) {
+        throw new EvidenceReadError(`QI manifest ${label} integrity hash mismatch`);
+    }
+}
+function assertIntegrityHashesMatch(manifest) {
+    const expected = buildIntegrityHashes(manifest.findings, manifest.exports, manifest.evidenceRefs);
+    assertHashMatches("findings", expected.findings, manifest.integrityHashes.findings);
+    assertHashMatches("exports", expected.exports, manifest.integrityHashes.exports);
+    assertHashMatches("evidenceRefs", expected.evidenceRefs, manifest.integrityHashes.evidenceRefs);
+    // atomFingerprints are hashed unconditionally whenever present (#821), so compare expected-vs-stored
+    // directly — a removed or added set (stored present, expected absent or vice versa) is caught too.
+    const expectedAtomFingerprints = manifest.atomFingerprints === undefined ? undefined : sha256OfJson(manifest.atomFingerprints);
+    assertHashMatches("atomFingerprints", expectedAtomFingerprints, manifest.integrityHashes.atomFingerprints);
+    // coverageMatrix and sourceFingerprints: derive expected = (collection === undefined ? undefined :
+    // sha256OfJson(collection)) and compare with assertHashMatches so a present collection with a
+    // deleted stored sub-hash FAILS CLOSED (mirrors atomFingerprints above — removal-proof).
+    const expectedCoverageMatrix = manifest.coverageMatrix === undefined ? undefined : sha256OfJson(manifest.coverageMatrix);
+    assertHashMatches("coverageMatrix", expectedCoverageMatrix, manifest.integrityHashes.coverageMatrix);
+    const expectedSourceFingerprints = manifest.sourceFingerprints === undefined
+        ? undefined
+        : sha256OfJson(manifest.sourceFingerprints);
+    assertHashMatches("sourceFingerprints", expectedSourceFingerprints, manifest.integrityHashes.sourceFingerprints);
+}
+// Integrity scope (be precise — this is the on-read tamper-detection contract): we verify the
+// (totals ↔ collection-length) invariant for findings/exports AND the per-group SHA-256 hashes for
+// findings / exports / evidenceRefs / atomFingerprints (+ coverageMatrix / sourceFingerprints when
+// their stored hash is present). We do NOT hash the run-level scalars (`status`, `totals.candidates`,
+// `provenanceRefs`, `qualityScore`, `modelId`, `modelParameters`, `seedUsed`, `planAt`/`completedAt`,
+// `retentionPolicyId`, `policyProfileIds`, `modelGatewayCallCount`, `redactionSummary`): a local
+// on-disk edit of those passes load. This is an accepted limitation of the local-state threat model
+// (the operator owns the disk); extending coverage to a scalar `meta` group is tracked as a #274
+// follow-up (see ADR-0023 D8). The schema gate already rejects unknown/missing top-level keys and a
+// bad status enum, so a scalar edit cannot change the manifest SHAPE — only a value.
+function assertManifestIntegrity(manifest) {
+    if (manifest.totals.findings !== manifest.findings.length) {
+        throw new EvidenceReadError(`QI manifest totals.findings (${String(manifest.totals.findings)}) does not match findings.length (${String(manifest.findings.length)})`);
+    }
+    if (manifest.totals.exports !== manifest.exports.length) {
+        throw new EvidenceReadError(`QI manifest totals.exports (${String(manifest.totals.exports)}) does not match exports.length (${String(manifest.exports.length)})`);
+    }
+    assertIntegrityHashesMatch(manifest);
+}
+function loadQiManifest(baseDir, fs, runId) {
+    assertValidRunId(runId);
+    const realBase = existingQiBaseDir(baseDir, fs);
+    if (realBase === undefined) {
+        return undefined;
+    }
+    const target = join(realBase, `${runId}${QI_MANIFEST_SUFFIX}`);
+    try {
+        if (lstatSync(target, { throwIfNoEntry: false })?.isFile() !== true) {
+            return undefined;
+        }
+        if (!isSingleLinkRegularFile(target, fs)) {
+            return undefined;
+        }
+        const json = readFileSync(target, "utf8");
+        return parseAndValidateManifest(json);
+    }
+    catch (error) {
+        if (error instanceof EvidenceReadError) {
+            throw error;
+        }
+        throw new EvidenceReadError(`cannot read QI manifest: ${error instanceof Error ? error.message : "unknown"}`);
+    }
+}
+function recordQiManifest(baseDir, fs, randomSuffix, manifest) {
+    assertValidRunId(manifest.runId);
+    const realBase = prepareQiBaseDir(baseDir, fs);
+    const target = lexicalQiManifestPath(manifest.runId, realBase);
+    assertWritableQiManifestEntry(target, fs);
+    atomicWriteQiManifest(target, JSON.stringify(manifest), randomSuffix);
+    return target;
+}
+function deleteQiManifest(baseDir, fs, runId) {
+    assertValidRunId(runId);
+    const realBase = existingQiBaseDir(baseDir, fs);
+    if (realBase === undefined) {
+        return false;
+    }
+    const target = lexicalQiManifestPath(runId, realBase);
+    if (lstatSync(target, { throwIfNoEntry: false })?.isFile() !== true) {
+        return false;
+    }
+    if (!isSingleLinkRegularFile(target, fs)) {
+        return false;
+    }
+    rmSync(target, { force: true });
+    return true;
+}
+// Build a QI store that writes under `<evidenceDir>/qi/`. The caller passes the SAME evidence dir
+// it would pass to `createNodeEvidenceStore` (i.e. the output of `resolveEvidenceDir`), and the
+// store layers the `qi/` subdir itself so the local-state contract resolves identically for both
+// the run-level evidence manifest and the QI sub-manifest.
+export function createNodeQualityIntelligenceLocalStore(evidenceDir, options = {}) {
+    const baseDir = join(evidenceDir, QI_SUBDIR);
+    const fs = options.fs ?? nodeWorkspaceFs;
+    const randomSuffix = options.randomSuffix ?? randomUUID;
+    return {
+        record: (manifest) => recordQiManifest(baseDir, fs, randomSuffix, manifest),
+        load: (runId) => loadQiManifest(baseDir, fs, runId),
+        list: () => {
+            const realBase = existingQiBaseDir(baseDir, fs);
+            return realBase === undefined ? [] : listQiRunIds(realBase, fs);
+        },
+        location: (runId) => reportQiLocation(baseDir, fs, runId),
+        delete: (runId) => deleteQiManifest(baseDir, fs, runId),
+    };
+}
+function sha256OfJson(value) {
+    return createHash("sha256").update(JSON.stringify(value)).digest("hex");
+}
+function buildIntegrityHashes(findings, exports_, evidenceRefs, atomFingerprints, coverageMatrix, sourceFingerprints) {
+    return {
+        findings: sha256OfJson(findings),
+        exports: sha256OfJson(exports_),
+        evidenceRefs: sha256OfJson(evidenceRefs),
+        ...(atomFingerprints !== undefined ? { atomFingerprints: sha256OfJson(atomFingerprints) } : {}),
+        ...(coverageMatrix !== undefined ? { coverageMatrix: sha256OfJson(coverageMatrix) } : {}),
+        ...(sourceFingerprints !== undefined
+            ? { sourceFingerprints: sha256OfJson(sourceFingerprints) }
+            : {}),
+    };
+}
+function assertTotalsMatchCollections(input) {
+    // The `candidates` total is reported by the workflow (it isn't carried as a separate collection
+    // on the manifest), so we only validate findings and exports here.
+    if (input.totals.findings !== input.findings.length) {
+        throw new EvidenceWriteError(`QI totals.findings (${String(input.totals.findings)}) does not match findings.length (${String(input.findings.length)})`);
+    }
+    if (input.totals.exports !== input.exports.length) {
+        throw new EvidenceWriteError(`QI totals.exports (${String(input.totals.exports)}) does not match exports.length (${String(input.exports.length)})`);
+    }
+}
+function resolveStore(options) {
+    if (options.store !== undefined) {
+        return options.store;
+    }
+    if (options.evidenceDir !== undefined) {
+        return createNodeQualityIntelligenceLocalStore(options.evidenceDir);
+    }
+    return undefined;
+}
+/** Optional manifest fields that are only present when supplied (exactOptionalPropertyTypes). */
+function optionalManifestFields(input, redacted) {
+    return {
+        // coverageMatrix + modelParameters are taken from the redacted set; the remaining optionals are
+        // ids / sha-256 hashes / numbers that carry no free text and need no persist-time scrub.
+        ...(redacted.coverageMatrix !== undefined ? { coverageMatrix: redacted.coverageMatrix } : {}),
+        ...(input.qualityScore !== undefined ? { qualityScore: input.qualityScore } : {}),
+        ...(input.sourceFingerprints !== undefined
+            ? { sourceFingerprints: input.sourceFingerprints }
+            : {}),
+        ...(input.atomFingerprints !== undefined ? { atomFingerprints: input.atomFingerprints } : {}),
+        ...(input.modelId !== undefined ? { modelId: input.modelId } : {}),
+        ...(redacted.modelParameters !== undefined
+            ? { modelParameters: redacted.modelParameters }
+            : {}),
+        ...(input.seedUsed !== undefined ? { seedUsed: input.seedUsed } : {}),
+    };
+}
+function buildRunManifest(input, redacted, summary, integrityHashes, redactedOptionals) {
+    return {
+        qiEvidenceSchemaVersion: QUALITY_INTELLIGENCE_EVIDENCE_SCHEMA_VERSION,
+        runId: input.runId,
+        planAt: redacted.planAt,
+        completedAt: redacted.completedAt,
+        status: input.status,
+        policyProfileIds: redacted.policyProfileIds,
+        retentionPolicyId: redacted.retentionPolicyId,
+        modelGatewayCallCount: input.modelGatewayCallCount,
+        totals: input.totals,
+        findings: redacted.findings,
+        exports: redacted.exports,
+        evidenceRefs: redacted.evidenceRefs,
+        provenanceRefs: redacted.provenanceRefs,
+        redactionSummary: summary,
+        integrityHashes,
+        ...optionalManifestFields(input, redactedOptionals),
+    };
+}
+export function recordQualityIntelligenceRun(input, options = {}) {
+    assertValidRunId(input.runId);
+    assertTotalsMatchCollections(input);
+    const store = resolveStore(options);
+    if (store === undefined) {
+        throw new EvidenceWriteError("recordQualityIntelligenceRun requires options.store or options.evidenceDir");
+    }
+    // Redact every string leaf of the user-supplied collections + scalars BEFORE the manifest is
+    // assembled or persisted. The summary is the counts-only artefact the audit will cross-check.
+    const { redacted, summary } = redactQualityIntelligenceEvidence({
+        planAt: input.planAt,
+        completedAt: input.completedAt,
+        policyProfileIds: input.policyProfileIds,
+        retentionPolicyId: input.retentionPolicyId,
+        findings: input.findings,
+        exports: input.exports,
+        evidenceRefs: input.evidenceRefs,
+        provenanceRefs: input.provenanceRefs,
+        // coverageMatrix carries requirementExcerptRedacted (derived from raw source text) and
+        // modelParameters is a free-shaped Record; both are string-bearing leaves that must pass the
+        // persist redactor — not just their build-time scrub — so audit storage keeps the same
+        // fail-closed backstop as findings/evidenceRefs (#273 audit — AC#3 audit-storage safety).
+        coverageMatrix: input.coverageMatrix,
+        modelParameters: input.modelParameters,
+    }, options.redaction ?? {});
+    const integrityHashes = buildIntegrityHashes(redacted.findings, redacted.exports, redacted.evidenceRefs, input.atomFingerprints, redacted.coverageMatrix, input.sourceFingerprints);
+    const manifest = buildRunManifest(input, redacted, summary, integrityHashes, {
+        coverageMatrix: redacted.coverageMatrix,
+        modelParameters: redacted.modelParameters,
+    });
+    return { manifest, location: store.record(manifest) };
+}
+// Fold a second redaction summary into a base one so the manifest's counts-only redaction summary
+// stays internally consistent after an export row is appended (the run summary + the row's scan).
+function foldRedactionSummary(base, add) {
+    const patternsMatched = { ...base.patternsMatched };
+    for (const [key, count] of Object.entries(add.patternsMatched)) {
+        patternsMatched[key] = (patternsMatched[key] ?? 0) + count;
+    }
+    return {
+        totalStringsScanned: base.totalStringsScanned + add.totalStringsScanned,
+        stringsRedacted: base.stringsRedacted + add.stringsRedacted,
+        patternsMatched,
+    };
+}
+/**
+ * Append one export-evidence row to an already-recorded run manifest (Issue #283, AC4 — "export
+ * evidence records target type, artifact IDs, mapping profile, and result without leaking secrets";
+ * Audit Addendum — "audit evidence for every export action").
+ *
+ * Every QI export action — a local serialisation download, a binary PDF/ZIP bundle, or a dry-run
+ * preview — emits one audit row recording WHAT was exported (`targetAdapter`), the artifact id, its
+ * integrity hash, the redaction attestation, and whether it was a dry-run. The disabled external-TMS
+ * write path produces no artifact and therefore records nothing.
+ *
+ * Rows are deduplicated by `(id, dryRun)` so re-exporting the same adapter in the same mode is
+ * idempotent — the audit captures each distinct (artifact, mode) once rather than once per click,
+ * which also bounds manifest growth.
+ *
+ * Invariants preserved (mirrors {@link recordQualityIntelligenceRun}):
+ *  - the new row's string leaves pass the persist redactor before assembly (the row carries only
+ *    ids / an enum / a sha-256 hash / booleans, so this is a no-op in practice, but the persist
+ *    redactor is applied unconditionally to keep the fail-closed contract uniform);
+ *  - `integrityHashes.exports` is recomputed over the full new collection; the other hash groups are
+ *    carried over unchanged because their collections did not change;
+ *  - `totals.exports` stays equal to `exports.length` (asserted on read);
+ *  - the counts-only `redactionSummary` folds in the new row's scan;
+ *  - the manifest is rewritten through the same atomic O_EXCL temp + rename path.
+ *
+ * Throws `EvidenceReadError` when the run manifest does not exist (an export cannot precede its run)
+ * and `EvidenceWriteError` when neither `store` nor `evidenceDir` is supplied or the write fails.
+ */
+export function appendQualityIntelligenceExportRow(input, options = {}) {
+    assertValidRunId(input.runId);
+    const store = resolveStore(options);
+    if (store === undefined) {
+        throw new EvidenceWriteError("appendQualityIntelligenceExportRow requires options.store or options.evidenceDir");
+    }
+    const existing = store.load(input.runId);
+    if (existing === undefined) {
+        throw new EvidenceReadError(`cannot append export evidence: QI run "${input.runId}" was not found`);
+    }
+    const { redacted: redactedRow, summary: rowSummary } = redactQualityIntelligenceEvidence(input.export, options.redaction ?? {});
+    const isSameRow = (row) => row.id === redactedRow.id && (row.dryRun ?? false) === (redactedRow.dryRun ?? false);
+    if (existing.exports.some(isSameRow)) {
+        return { manifest: existing, location: store.location(input.runId) };
+    }
+    const exports = [...existing.exports, redactedRow];
+    const integrityHashes = {
+        ...existing.integrityHashes,
+        exports: sha256OfJson(exports),
+    };
+    const manifest = {
+        ...existing,
+        exports,
+        totals: { ...existing.totals, exports: exports.length },
+        integrityHashes,
+        redactionSummary: foldRedactionSummary(existing.redactionSummary, rowSummary),
+    };
+    return { manifest, location: store.record(manifest) };
+}
+export function loadQualityIntelligenceRun(runId, options = {}) {
+    const store = resolveLoadStore(options);
+    return store.load(runId);
+}
+export function listQualityIntelligenceRuns(options = {}) {
+    const store = resolveLoadStore(options);
+    return store.list();
+}
+function resolveLoadStore(options) {
+    if (options.store !== undefined) {
+        return options.store;
+    }
+    if (options.evidenceDir !== undefined) {
+        return createNodeQualityIntelligenceLocalStore(options.evidenceDir);
+    }
+    throw new EvidenceReadError("QI load/list requires options.store or options.evidenceDir");
+}

package/dist/redaction.d.ts

@@ -0,0 +1,2 @@
+export { createAuditRedactor, deepRedactStrings } from "@oscharko-dev/keiko-security";
+//# sourceMappingURL=redaction.d.ts.map

package/dist/redaction.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"redaction.d.ts","sourceRoot":"","sources":["../src/redaction.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC"}

package/dist/redaction.js

@@ -0,0 +1,4 @@
+// Re-export shim: the audit-redaction layer (createAuditRedactor + deepRedactStrings) now lives in
+// @oscharko-dev/keiko-security (issue #159, ADR-0019). All existing import sites
+// (`from "./redaction.js"`) keep resolving unchanged via this barrel.
+export { createAuditRedactor, deepRedactStrings } from "@oscharko-dev/keiko-security";

package/dist/report.d.ts

@@ -0,0 +1,17 @@
+import type { CostClass, RunOutcome, VerificationStatus } from "@oscharko-dev/keiko-contracts";
+import type { EvidenceManifest, EvidenceTaskType, EvidenceUsageTotals } from "./types.js";
+export interface EvidenceReport {
+    readonly evidenceLocation: string;
+    readonly runId: string;
+    readonly fingerprint: string;
+    readonly taskType: EvidenceTaskType;
+    readonly outcome: RunOutcome;
+    readonly changedFiles: number;
+    readonly usageTotals: EvidenceUsageTotals;
+    readonly costClass: CostClass | "unknown";
+    readonly verificationStatus: VerificationStatus | "not-run";
+    readonly knownLimitations: readonly string[];
+}
+export declare function buildEvidenceReport(manifest: EvidenceManifest, location: string): EvidenceReport;
+export declare function renderEvidenceReport(report: EvidenceReport): string;
+//# sourceMappingURL=report.d.ts.map

package/dist/report.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"report.d.ts","sourceRoot":"","sources":["../src/report.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,SAAS,EAAE,UAAU,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAC/F,OAAO,KAAK,EACV,gBAAgB,EAChB,gBAAgB,EAChB,mBAAmB,EAEpB,MAAM,YAAY,CAAC;AAEpB,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,QAAQ,EAAE,gBAAgB,CAAC;IACpC,QAAQ,CAAC,OAAO,EAAE,UAAU,CAAC;IAC7B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,WAAW,EAAE,mBAAmB,CAAC;IAC1C,QAAQ,CAAC,SAAS,EAAE,SAAS,GAAG,SAAS,CAAC;IAC1C,QAAQ,CAAC,kBAAkB,EAAE,kBAAkB,GAAG,SAAS,CAAC;IAC5D,QAAQ,CAAC,gBAAgB,EAAE,SAAS,MAAM,EAAE,CAAC;CAC9C;AAuBD,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,gBAAgB,EAAE,QAAQ,EAAE,MAAM,GAAG,cAAc,CAahG;AAED,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,cAAc,GAAG,MAAM,CAgBnE"}

package/dist/report.js

@@ -0,0 +1,50 @@
+// Final-report payload + renderer (ADR-0010 D9). buildEvidenceReport produces a structured,
+// JSON-serializable summary of a persisted manifest; renderEvidenceReport renders it for the CLI.
+// Both are PURE (no IO). knownLimitations is static text stating the Wave-1 evidence bounds
+// (no tamper-evidence, no encryption at rest, per-run cost attribution) so a reviewer reads the
+// honest trust boundary alongside the evidence.
+const KNOWN_LIMITATIONS = [
+    "Evidence files are developer-writable: no tamper-evidence or immutability (out of scope).",
+    "Evidence is stored as plaintext JSON: no encryption at rest; redaction removes known shapes only.",
+    "Cost attribution is per-run (the declared model's class), not per model call.",
+];
+function statusFromHarnessResults(results) {
+    if (results === undefined || results.length === 0) {
+        return "not-run";
+    }
+    return results.every((result) => result.passed) ? "passed" : "failed";
+}
+function verificationStatus(manifest) {
+    return (manifest.verification?.overallStatus ?? statusFromHarnessResults(manifest.verificationResults));
+}
+export function buildEvidenceReport(manifest, location) {
+    return {
+        evidenceLocation: location,
+        runId: manifest.run.runId,
+        fingerprint: manifest.run.fingerprint,
+        taskType: manifest.run.taskType,
+        outcome: manifest.run.outcome,
+        changedFiles: manifest.patch?.changedFiles ?? 0,
+        usageTotals: manifest.usageTotals,
+        costClass: manifest.model.costClass,
+        verificationStatus: verificationStatus(manifest),
+        knownLimitations: KNOWN_LIMITATIONS,
+    };
+}
+export function renderEvidenceReport(report) {
+    const { usageTotals: u } = report;
+    const lines = [
+        `Evidence: ${report.evidenceLocation}`,
+        `  run            ${report.runId} (fingerprint ${report.fingerprint})`,
+        `  task           ${report.taskType}`,
+        `  outcome        ${report.outcome}`,
+        `  changed files  ${String(report.changedFiles)}`,
+        `  usage          ${String(u.promptTokens)} prompt / ${String(u.completionTokens)} completion tokens, ` +
+            `${String(u.requestCount)} request(s), ${String(u.totalLatencyMs)}ms`,
+        `  cost class     ${report.costClass}`,
+        `  verification   ${report.verificationStatus}`,
+        "  known limitations:",
+        ...report.knownLimitations.map((limitation) => `    - ${limitation}`),
+    ];
+    return `${lines.join("\n")}\n`;
+}

package/dist/retention.d.ts

@@ -0,0 +1,4 @@
+import type { EvidenceStore } from "./store.js";
+import type { RetentionPolicy } from "./types.js";
+export declare function applyRetention(store: EvidenceStore, policy: RetentionPolicy): void;
+//# sourceMappingURL=retention.d.ts.map

package/dist/retention.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"retention.d.ts","sourceRoot":"","sources":["../src/retention.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAChD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AA+FlD,wBAAgB,cAAc,CAAC,KAAK,EAAE,aAAa,EAAE,MAAM,EAAE,eAAe,GAAG,IAAI,CAQlF"}

package/dist/retention.js

@@ -0,0 +1,95 @@
+// Retention and rotation (ADR-0010 D6). The single most dangerous operation in the layer, so it is
+// the most tightly bounded: it deletes ONLY ledger-created `<runId>.json` files (every runId the
+// store enumerates already passed assertValidRunId), inside the contained base dir, via
+// EvidenceStore.delete. It computes the delete set then deletes that set (no recursion). "Oldest" is
+// read from each manifest's finishedAt header — never filesystem mtime, which a developer touch
+// could perturb. When disabled, deletion is a no-op. An unparseable manifest is left untouched
+// rather than risking deletion of a file we cannot read a header from.
+function readHeader(json) {
+    try {
+        const parsed = JSON.parse(json);
+        const finishedAt = parsed.run?.finishedAt;
+        if (typeof finishedAt !== "number") {
+            return undefined;
+        }
+        return { finishedAt, bytes: Buffer.byteLength(json, "utf8") };
+    }
+    catch {
+        return undefined;
+    }
+}
+// Newest-first ordering by finishedAt; ties broken by runId so the order is deterministic.
+function collectCandidates(store) {
+    const candidates = [];
+    for (const runId of store.list()) {
+        const json = store.get(runId);
+        if (json === undefined) {
+            continue;
+        }
+        const header = readHeader(json);
+        if (header === undefined) {
+            continue;
+        }
+        candidates.push({ runId, finishedAt: header.finishedAt, bytes: header.bytes });
+    }
+    candidates.sort((a, b) => b.finishedAt - a.finishedAt || a.runId.localeCompare(b.runId));
+    return candidates;
+}
+function beyondMaxRuns(sorted, maxRuns) {
+    return sorted.slice(Math.max(maxRuns, 0)).map((c) => c.runId);
+}
+function olderThanAge(sorted, maxAgeMs) {
+    const newest = sorted[0]?.finishedAt;
+    if (newest === undefined) {
+        return [];
+    }
+    const cutoff = newest - maxAgeMs;
+    return sorted.filter((c) => c.finishedAt < cutoff).map((c) => c.runId);
+}
+function overByteCap(sorted, maxTotalBytes) {
+    const doomed = [];
+    let running = 0;
+    // Walk newest-first, keeping manifests until the cap is reached; the rest (oldest) are deleted.
+    // The newest manifest (index 0) is ALWAYS kept even if it alone exceeds the cap — retention must
+    // never delete the just-written run, and "delete oldest until under the cap" cannot apply to a
+    // single most-recent file.
+    for (let i = 0; i < sorted.length; i += 1) {
+        const candidate = sorted[i];
+        if (candidate === undefined) {
+            continue;
+        }
+        running += candidate.bytes;
+        if (i > 0 && running > maxTotalBytes) {
+            doomed.push(candidate.runId);
+        }
+    }
+    return doomed;
+}
+function computeDeleteSet(sorted, policy) {
+    const doomed = new Set();
+    if (policy.maxRuns !== undefined) {
+        for (const id of beyondMaxRuns(sorted, policy.maxRuns)) {
+            doomed.add(id);
+        }
+    }
+    if (policy.maxAgeMs !== undefined) {
+        for (const id of olderThanAge(sorted, policy.maxAgeMs)) {
+            doomed.add(id);
+        }
+    }
+    if (policy.maxTotalBytes !== undefined) {
+        for (const id of overByteCap(sorted, policy.maxTotalBytes)) {
+            doomed.add(id);
+        }
+    }
+    return doomed;
+}
+export function applyRetention(store, policy) {
+    if (policy.disabled === true) {
+        return;
+    }
+    const sorted = collectCandidates(store);
+    for (const runId of computeDeleteSet(sorted, policy)) {
+        store.delete(runId);
+    }
+}