@private.me/xcontinuity 2.1.0

package/dist/cjs/trust.js

@@ -0,0 +1,133 @@
+"use strict";
+/**
+ * @private.me/xcontinuity — Trust Tier Management
+ *
+ * Assigns and manages trust tiers for memory entries based on
+ * provenance verification, contradiction history, and temporal decay.
+ *
+ * Three tiers:
+ *   ratified (3)  — signed + verified by a known author
+ *   inherited (2) — unsigned from a trusted source, or decayed from ratified
+ *   quarantined (1) — unverified, contradicted, or failed verification
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DEFAULT_MAX_AGE = exports.TRUST_TIER_RANK = void 0;
+exports.baselineTier = baselineTier;
+exports.applyContradictionDowngrade = applyContradictionDowngrade;
+exports.isDecayed = isDecayed;
+exports.applyDecay = applyDecay;
+exports.effectiveTier = effectiveTier;
+exports.compareTiers = compareTiers;
+exports.isMoreTrusted = isMoreTrusted;
+exports.leastTrusted = leastTrusted;
+const types_js_1 = require("./types.js");
+Object.defineProperty(exports, "TRUST_TIER_RANK", { enumerable: true, get: function () { return types_js_1.TRUST_TIER_RANK; } });
+Object.defineProperty(exports, "DEFAULT_MAX_AGE", { enumerable: true, get: function () { return types_js_1.DEFAULT_MAX_AGE; } });
+/**
+ * Determine the baseline trust tier for an entry based on its provenance.
+ *
+ * @param provenance - The provenance record (if present)
+ * @param signatureVerified - Whether the Ed25519 signature was verified
+ * @returns The baseline trust tier
+ */
+function baselineTier(provenance, signatureVerified) {
+    if (!provenance)
+        return 'inherited';
+    if (signatureVerified)
+        return 'ratified';
+    return 'quarantined';
+}
+/**
+ * Apply contradiction-based downgrade to a trust tier.
+ *
+ * Rules:
+ * - 0 contradictions: no change
+ * - 1+ contradictions on inherited: downgrade to quarantined
+ * - 1+ contradictions on ratified: downgrade to inherited
+ * - quarantined stays quarantined regardless
+ *
+ * @param currentTier - The current trust tier
+ * @param contradictionCount - Number of active contradictions
+ * @returns The adjusted trust tier
+ */
+function applyContradictionDowngrade(currentTier, contradictionCount) {
+    if (contradictionCount <= 0)
+        return currentTier;
+    switch (currentTier) {
+        case 'ratified':
+            return 'inherited';
+        case 'inherited':
+            return 'quarantined';
+        case 'quarantined':
+            return 'quarantined';
+    }
+}
+/**
+ * Check whether a trust tier has decayed past its maxAge TTL.
+ *
+ * A ratified entry past its maxAge downgrades to inherited.
+ * Inherited and quarantined entries are not affected by decay.
+ *
+ * @param entry - The memory entry to check
+ * @param now - Current timestamp (ms). Defaults to Date.now().
+ * @returns true if the entry has expired and should be downgraded
+ */
+function isDecayed(entry, now) {
+    if (entry.tier !== 'ratified')
+        return false;
+    if (entry.maxAge === undefined)
+        return false;
+    if (!Number.isFinite(entry.maxAge))
+        return false; // Infinity = no decay
+    const ratifiedAt = entry.ratifiedAt ?? entry.provenance?.timestamp ?? 0;
+    const elapsed = (now ?? Date.now()) - ratifiedAt;
+    return elapsed > entry.maxAge;
+}
+/**
+ * Apply temporal decay to a trust tier.
+ *
+ * @param entry - The memory entry to evaluate
+ * @param now - Current timestamp (ms). Defaults to Date.now().
+ * @returns The effective trust tier after decay
+ */
+function applyDecay(entry, now) {
+    if (isDecayed(entry, now))
+        return 'inherited';
+    return entry.tier;
+}
+/**
+ * Get the effective trust tier for an entry, considering both
+ * contradictions and temporal decay.
+ *
+ * @param entry - The memory entry
+ * @param now - Current timestamp (ms). Defaults to Date.now().
+ * @returns The effective trust tier
+ */
+function effectiveTier(entry, now) {
+    const afterDecay = applyDecay(entry, now);
+    return applyContradictionDowngrade(afterDecay, entry.contradictions.length);
+}
+/**
+ * Compare two trust tiers. Returns positive if a > b, negative if a < b, 0 if equal.
+ */
+function compareTiers(a, b) {
+    return types_js_1.TRUST_TIER_RANK[a] - types_js_1.TRUST_TIER_RANK[b];
+}
+/**
+ * Check if tier `a` is strictly more trusted than tier `b`.
+ */
+function isMoreTrusted(a, b) {
+    return types_js_1.TRUST_TIER_RANK[a] > types_js_1.TRUST_TIER_RANK[b];
+}
+/**
+ * Get the least trusted tier from a list.
+ */
+function leastTrusted(...tiers) {
+    let min = 'ratified';
+    for (const t of tiers) {
+        if (types_js_1.TRUST_TIER_RANK[t] < types_js_1.TRUST_TIER_RANK[min]) {
+            min = t;
+        }
+    }
+    return min;
+}

package/dist/cjs/types.js

@@ -0,0 +1,59 @@
+"use strict";
+/**
+ * @private.me/xcontinuity — Type definitions and constants
+ *
+ * All types, interfaces, TLV type codes, and constants for the
+ * cryptographic state continuity substrate.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DEFAULT_ENFORCEMENT_CONFIG = exports.DEFAULT_MAX_AGE = exports.TRUST_TIER_RANK = exports.DEFAULT_RUNTIME_MEMORY_CONFIG = exports.DEFAULT_SPLIT_CONFIG = exports.VALUE_TYPE = exports.CONTINUITY_TLV = void 0;
+/* ── TLV Type Codes (0x80+ to avoid collision with shared TLV_TYPE 0x01-0x0d) ── */
+exports.CONTINUITY_TLV = {
+    /** State metadata header */
+    STATE_METADATA: 0x80,
+    /** Agent identifier */
+    AGENT_ID: 0x81,
+    /** Session identifier */
+    SESSION_ID: 0x82,
+    /** Sequence number (uint32) */
+    SEQUENCE_NUMBER: 0x83,
+    /** Timestamp (float64 ms) */
+    TIMESTAMP: 0x84,
+    /** Tag string */
+    TAG: 0x85,
+    /** State key-value entry */
+    STATE_ENTRY: 0x86,
+    /** Key name (UTF-8) */
+    ENTRY_KEY: 0x87,
+    /** Entry value (typed) */
+    ENTRY_VALUE: 0x88,
+    /** Description string */
+    DESCRIPTION: 0x89,
+    /** Checksum (SHA-256) */
+    CHECKSUM: 0x8a,
+};
+/* ── Value Type Markers ── */
+exports.VALUE_TYPE = {
+    STRING: 0x01,
+    NUMBER: 0x02,
+    BOOLEAN: 0x03,
+    BYTES: 0x04,
+    NULL: 0x05,
+    JSON: 0x06,
+};
+/** Default split configuration: 3-of-2 threshold. */
+exports.DEFAULT_SPLIT_CONFIG = { n: 3, k: 2 };
+exports.DEFAULT_RUNTIME_MEMORY_CONFIG = {
+    maxEntries: 1000,
+};
+/** Numeric ranking for trust tier comparison (higher = more trusted). */
+exports.TRUST_TIER_RANK = {
+    ratified: 3,
+    inherited: 2,
+    quarantined: 1,
+};
+/** Default TTL for trust tier decay (30 days in ms). */
+exports.DEFAULT_MAX_AGE = 30 * 24 * 60 * 60 * 1000;
+exports.DEFAULT_ENFORCEMENT_CONFIG = {
+    escalationThreshold: 3,
+};

package/dist/enforcement.d.ts

@@ -0,0 +1,40 @@
+/**
+ * @private.me/xcontinuity — Enforcement Loop
+ *
+ * Evaluates proposed actions against mission constraints and produces
+ * enforcement decisions: allow, reject (with reason), rewrite (with
+ * suggested alternative), or escalate (on repeated violations).
+ *
+ * Tracks violation history per agent for escalation logic.
+ */
+import type { Result } from '@private.me/shared';
+import type { ProposedAction, EnforcementResult, EnforcementConfig, AuthorRef } from './types.js';
+import type { ContinuityError } from './errors.js';
+import type { MissionGuard } from './mission.js';
+export declare class EnforcementLoop {
+    private readonly guard;
+    private readonly config;
+    /** Violation counts per agent. */
+    private readonly violations;
+    constructor(guard: MissionGuard, config?: Partial<EnforcementConfig>);
+    /**
+     * Check a proposed action against the enforcement loop.
+     *
+     * Flow:
+     *   1. Evaluate against mission guard
+     *   2. If allowed → return allow
+     *   3. If denied and has suggestion → return rewrite
+     *   4. If denied without suggestion → increment violations
+     *   5. If violations >= threshold → return escalate
+     *   6. Otherwise → return reject
+     */
+    check(action: ProposedAction): Result<EnforcementResult, ContinuityError>;
+    /** Get the current violation count for an agent. */
+    getViolationCount(author: AuthorRef): number;
+    /** Reset violation count for an agent. */
+    resetViolations(author: AuthorRef): void;
+    /** Reset all violation counts. */
+    resetAllViolations(): void;
+    /** Get the escalation threshold. */
+    get escalationThreshold(): number;
+}

package/dist/enforcement.js

@@ -0,0 +1,104 @@
+/**
+ * @private.me/xcontinuity — Enforcement Loop
+ *
+ * Evaluates proposed actions against mission constraints and produces
+ * enforcement decisions: allow, reject (with reason), rewrite (with
+ * suggested alternative), or escalate (on repeated violations).
+ *
+ * Tracks violation history per agent for escalation logic.
+ */
+import { ok, err } from '@private.me/shared';
+import { DEFAULT_ENFORCEMENT_CONFIG } from './types.js';
+export class EnforcementLoop {
+    guard;
+    config;
+    /** Violation counts per agent. */
+    violations = new Map();
+    constructor(guard, config) {
+        this.guard = guard;
+        this.config = {
+            ...DEFAULT_ENFORCEMENT_CONFIG,
+            ...config,
+        };
+    }
+    /**
+     * Check a proposed action against the enforcement loop.
+     *
+     * Flow:
+     *   1. Evaluate against mission guard
+     *   2. If allowed → return allow
+     *   3. If denied and has suggestion → return rewrite
+     *   4. If denied without suggestion → increment violations
+     *   5. If violations >= threshold → return escalate
+     *   6. Otherwise → return reject
+     */
+    check(action) {
+        const guardResult = this.guard.evaluate(action);
+        // Guard evaluation error — propagate
+        if (!guardResult.ok) {
+            return err(guardResult.error);
+        }
+        const constraintResult = guardResult.value;
+        // Action allowed
+        if (constraintResult.allowed) {
+            return ok({
+                decision: 'allow',
+                action,
+            });
+        }
+        // Action denied — check for rewrite suggestion
+        if (constraintResult.suggestion) {
+            // Verify the suggestion itself passes constraints
+            const suggestionCheck = this.guard.evaluate(constraintResult.suggestion);
+            if (suggestionCheck.ok && suggestionCheck.value.allowed) {
+                return ok({
+                    decision: 'rewrite',
+                    action,
+                    reason: constraintResult.reason,
+                    rewrittenAction: constraintResult.suggestion,
+                });
+            }
+            // Suggestion also fails — fall through to reject/escalate
+        }
+        // Increment violation count for this agent
+        const currentCount = (this.violations.get(action.author) ?? 0) + 1;
+        this.violations.set(action.author, currentCount);
+        // Check escalation threshold
+        if (currentCount >= this.config.escalationThreshold) {
+            const result = {
+                decision: 'escalate',
+                action,
+                reason: constraintResult.reason,
+                violationCount: currentCount,
+            };
+            // Fire escalation callback if configured
+            if (this.config.onEscalate) {
+                this.config.onEscalate(result);
+            }
+            return ok(result);
+        }
+        // Reject
+        return ok({
+            decision: 'reject',
+            action,
+            reason: constraintResult.reason,
+            violationCount: currentCount,
+        });
+    }
+    /** Get the current violation count for an agent. */
+    getViolationCount(author) {
+        return this.violations.get(author) ?? 0;
+    }
+    /** Reset violation count for an agent. */
+    resetViolations(author) {
+        this.violations.delete(author);
+    }
+    /** Reset all violation counts. */
+    resetAllViolations() {
+        this.violations.clear();
+    }
+    /** Get the escalation threshold. */
+    get escalationThreshold() {
+        return this.config.escalationThreshold;
+    }
+}

package/dist/errors.d.ts

@@ -0,0 +1,25 @@
+/**
+ * @private.me/xcontinuity — Error hierarchy
+ *
+ * Follows the pattern from @private.me/crypto errors.
+ * All fallible public functions return Result<T, ContinuityError>.
+ */
+export type SerializationErrorCode = 'SERIALIZE_FAILED' | 'DESERIALIZE_FAILED' | 'CHECKSUM_MISMATCH' | 'INVALID_TLV' | 'MISSING_FIELD' | 'INVALID_VALUE_TYPE';
+export type SplitErrorCode = 'SPLIT_FAILED' | 'RECONSTRUCT_FAILED' | 'HMAC_FAILURE' | 'INSUFFICIENT_SHARES' | 'INVALID_SHARES' | 'PADDING_ERROR' | 'DELTA_SIZE_MISMATCH';
+export type SessionErrorCode = 'SESSION_CLOSED' | 'SESSION_SUSPENDED' | 'SESSION_ACTIVE' | 'NO_SNAPSHOTS' | 'SNAPSHOT_NOT_FOUND' | 'INVALID_CONFIG';
+export type ChronicleErrorCode = 'ENTRY_NOT_FOUND' | 'INVALID_QUERY';
+export type StoreErrorCode = 'STORE_PUT_FAILED' | 'STORE_GET_FAILED' | 'STORE_DELETE_FAILED';
+export type ProvenanceErrorCode = 'INVALID_SIGNATURE' | 'MISSING_AUTHOR' | 'HASH_CHAIN_BREAK' | 'SIGNATURE_EXPIRED';
+export type TrustErrorCode = 'TIER_DOWNGRADE' | 'QUARANTINED_ENTRY' | 'CONTRADICTION_DETECTED' | 'TRUST_DECAY_EXPIRED';
+export type AdjudicatorErrorCode = 'CONSENSUS_FAILED' | 'POLICY_VIOLATION' | 'QUORUM_NOT_MET' | 'NO_CANDIDATES';
+export type MissionErrorCode = 'CONSTRAINT_VIOLATION' | 'AUTHORITY_EXPIRED' | 'SCOPE_EXCEEDED' | 'INVALID_MISSION_SIGNATURE' | 'NO_ACTIVE_MISSION';
+export type EnforcementErrorCode = 'ACTION_REJECTED' | 'ESCALATION_TRIGGERED' | 'REWRITE_FAILED';
+export type ContinuityErrorCode = SerializationErrorCode | SplitErrorCode | SessionErrorCode | ChronicleErrorCode | StoreErrorCode | ProvenanceErrorCode | TrustErrorCode | AdjudicatorErrorCode | MissionErrorCode | EnforcementErrorCode;
+export interface ContinuityError {
+    readonly code: ContinuityErrorCode;
+    readonly message: string;
+    readonly subCode?: string;
+}
+/** Human-readable descriptions for all error codes. */
+export declare const ERROR_DETAILS: Record<ContinuityErrorCode, string>;
+export declare function continuityError(code: ContinuityErrorCode, message: string, subCode?: string): ContinuityError;

package/dist/errors.js

@@ -0,0 +1,68 @@
+/**
+ * @private.me/xcontinuity — Error hierarchy
+ *
+ * Follows the pattern from @private.me/crypto errors.
+ * All fallible public functions return Result<T, ContinuityError>.
+ */
+/* ── Error Details Map ── */
+/** Human-readable descriptions for all error codes. */
+export const ERROR_DETAILS = {
+    // Serialization
+    SERIALIZE_FAILED: 'State serialization failed. Check that all state values are valid types (string, number, boolean, Uint8Array, null, or plain object).',
+    DESERIALIZE_FAILED: 'State deserialization failed. The TLV data may be corrupt or in an unsupported format.',
+    CHECKSUM_MISMATCH: 'SHA-256 checksum verification failed. The serialized data has been modified since snapshot creation.',
+    INVALID_TLV: 'Invalid TLV structure. The byte stream has a truncated header or value exceeding data length.',
+    MISSING_FIELD: 'Required field missing from serialized data.',
+    INVALID_VALUE_TYPE: 'Unknown value type code in serialized entry. Expected STRING(0x01), NUMBER(0x02), BOOLEAN(0x03), BYTES(0x04), NULL(0x05), or JSON(0x06).',
+    // Split
+    SPLIT_FAILED: 'XorIDA threshold split failed. Verify n >= 2 and 2 <= k <= n.',
+    RECONSTRUCT_FAILED: 'XorIDA share reconstruction failed. Ensure shares are valid and indices are correct.',
+    HMAC_FAILURE: 'HMAC-SHA256 verification failed after reconstruction. One or more shares may be corrupted or tampered.',
+    INSUFFICIENT_SHARES: 'Not enough shares for reconstruction. Provide at least k shares (threshold).',
+    INVALID_SHARES: 'Share validation failed. All shares must have matching stateId, n, and k values.',
+    PADDING_ERROR: 'PKCS#7 unpadding failed after reconstruction. Data may be corrupted.',
+    DELTA_SIZE_MISMATCH: 'Old and new padded state sizes differ. Incremental update requires same padded length; falling back to fresh split.',
+    // Session
+    SESSION_CLOSED: 'Session is closed (terminal state). Create a new session to continue.',
+    SESSION_SUSPENDED: 'Session is suspended. Call resume() before performing operations.',
+    SESSION_ACTIVE: 'Session is already active. Suspend before attempting to resume.',
+    NO_SNAPSHOTS: 'No snapshots available. Create at least one snapshot before restoring.',
+    SNAPSHOT_NOT_FOUND: 'Snapshot not found in store. The stateId may be incorrect or the snapshot was deleted.',
+    INVALID_CONFIG: 'Invalid session configuration. Verify agentId and store are provided.',
+    // Chronicle
+    ENTRY_NOT_FOUND: 'Chronicle entry not found. The stateId or sequence number does not exist in the history.',
+    INVALID_QUERY: 'Invalid chronicle query parameters.',
+    // Store
+    STORE_PUT_FAILED: 'Failed to write split state to store backend.',
+    STORE_GET_FAILED: 'Failed to read split state from store backend.',
+    STORE_DELETE_FAILED: 'Failed to delete split state from store backend.',
+    // Provenance
+    INVALID_SIGNATURE: 'Ed25519 signature verification failed. The entry may have been tampered with or signed by a different key.',
+    MISSING_AUTHOR: 'Provenance record is missing the author field. Every signed entry must have an AuthorRef.',
+    HASH_CHAIN_BREAK: 'Parent hash does not match the expected predecessor. The chronicle chain has a gap or reorder.',
+    SIGNATURE_EXPIRED: 'The signature timestamp is older than the maximum allowed age for this trust tier.',
+    // Trust
+    TIER_DOWNGRADE: 'Trust tier was downgraded due to contradictions or policy violation.',
+    QUARANTINED_ENTRY: 'Entry is quarantined and cannot be used until re-verified or ratified.',
+    CONTRADICTION_DETECTED: 'A contradicting entry was found for the same key with incompatible value.',
+    TRUST_DECAY_EXPIRED: 'Entry exceeded its maxAge TTL and was downgraded from ratified to inherited.',
+    // Adjudicator
+    CONSENSUS_FAILED: 'Multi-agent consensus could not be reached. Quorum threshold not met.',
+    POLICY_VIOLATION: 'The proposed resolution violates the active policy adjudicator rules.',
+    QUORUM_NOT_MET: 'Insufficient agent views to form a quorum for consensus adjudication.',
+    NO_CANDIDATES: 'No candidate entries provided for adjudication.',
+    // Mission
+    CONSTRAINT_VIOLATION: 'The proposed action violates a hard constraint defined by the active mission.',
+    AUTHORITY_EXPIRED: 'The mission authority signature has expired. A new mission must be issued.',
+    SCOPE_EXCEEDED: 'The proposed action falls outside the scopes authorized by the active mission.',
+    INVALID_MISSION_SIGNATURE: 'Ed25519 signature on the mission record failed verification.',
+    NO_ACTIVE_MISSION: 'No active mission is set. A mission must be loaded before constraint evaluation.',
+    // Enforcement
+    ACTION_REJECTED: 'The enforcement loop rejected the proposed action based on constraint evaluation.',
+    ESCALATION_TRIGGERED: 'Repeated violations exceeded the escalation threshold. Human review required.',
+    REWRITE_FAILED: 'The enforcement loop could not produce a valid rewrite for the rejected action.',
+};
+/* ── Error Factory ── */
+export function continuityError(code, message, subCode) {
+    return subCode != null ? { code, message, subCode } : { code, message };
+}

package/dist/index.d.ts

@@ -0,0 +1,34 @@
+/**
+ * @private.me/xcontinuity
+ *
+ * Cryptographic state continuity for AI agents.
+ * Reverse-XorIDA incremental state updates over GF(2).
+ * Trust substrate with provenance, tiers, and enforcement.
+ */
+export declare const VERSION = "2.1.0";
+export type { Result } from '@private.me/shared';
+export { ok, err } from '@private.me/shared';
+export type { StateValue, AgentState, StateMetadata, StateSnapshot, SplitConfig, StateShare, SplitState, StateDelta, SessionStatus, ContinuitySession, SessionConfig, ChronicleEntry, ChronicleQuery, StateStore, RuntimeEntry, RuntimeMemoryConfig, ContinuityTlvType, ValueTypeCode, AuthorRef, TrustTier, ProvenanceRecord, MemoryEntry, TrackedBelief, AdjudicatorResult, AgentView, MissionRecord, HardConstraint, ProposedAction, ConstraintResult, EnforcementDecision, EnforcementResult, EnforcementConfig, TrustStoreEventType, ChangeEvent, ContradictionEvent, TierChangeEvent, EscalationEvent, TrustStoreEvent, TrustStoreListener, } from './types.js';
+export { CONTINUITY_TLV, VALUE_TYPE, DEFAULT_SPLIT_CONFIG, DEFAULT_RUNTIME_MEMORY_CONFIG, TRUST_TIER_RANK, DEFAULT_MAX_AGE, DEFAULT_ENFORCEMENT_CONFIG, } from './types.js';
+export type { ContinuityError, ContinuityErrorCode, SerializationErrorCode, SplitErrorCode, SessionErrorCode, ChronicleErrorCode, StoreErrorCode, ProvenanceErrorCode, TrustErrorCode, AdjudicatorErrorCode, MissionErrorCode, EnforcementErrorCode, } from './errors.js';
+export { continuityError, ERROR_DETAILS } from './errors.js';
+export { serializeState, deserializeState, computeChecksum, statesEqual, } from './state-serializer.js';
+export { splitState, reconstructState, computeDelta, applyDeltaShares, incrementalUpdate, padForSplit, undoDelta, branchState, squashDeltas, blindUpdateShare, refreshShares, blindEqual, networkCodeShares, networkDecodeShare, } from './reverse-xorida.js';
+export { MemoryStateStore } from './store-memory.js';
+export { RuntimeMemory } from './memory-runtime.js';
+export { SessionMemory } from './memory-session.js';
+export { Chronicle, detectContradiction } from './chronicle.js';
+export type { ChronicleContradiction } from './chronicle.js';
+export { SessionManager } from './session.js';
+export type { TrustSessionConfig } from './session.js';
+export { generateSigningKeyPair, publicKeyToAuthorRef, authorRefToPublicKey, canonicalEntryBytes, signEntry, verifyEntry, hashProvenance, verifyChainLink, } from './provenance.js';
+export type { Ed25519KeyPair } from './provenance.js';
+export { baselineTier, applyContradictionDowngrade, isDecayed, applyDecay, effectiveTier, compareTiers, isMoreTrusted, leastTrusted, } from './trust.js';
+export { PolicyAdjudicator, ConsensusAdjudicator } from './adjudicator.js';
+export type { Adjudicator, ViewProvider } from './adjudicator.js';
+export { TrustStore, Hypothesis } from './ratification.js';
+export type { TrustStoreConfig } from './ratification.js';
+export { MissionAuthority, MissionGuard, AlignmentAdjudicator, } from './mission.js';
+export { EnforcementLoop } from './enforcement.js';
+export { CascadeSession, SubAgentCoordinator, DEFAULT_CASCADE_POLICY, DEFAULT_COORDINATOR_CONFIG, } from './cascade.js';
+export type { TrustPropagation, CascadePolicy, CascadeChild, CascadeEscalation, CoordinatorConfig, } from './cascade.js';

package/dist/index.js

@@ -0,0 +1,43 @@
+/**
+ * @private.me/xcontinuity
+ *
+ * Cryptographic state continuity for AI agents.
+ * Reverse-XorIDA incremental state updates over GF(2).
+ * Trust substrate with provenance, tiers, and enforcement.
+ */
+export const VERSION = '2.1.0';
+export { ok, err } from '@private.me/shared';
+export { CONTINUITY_TLV, VALUE_TYPE, DEFAULT_SPLIT_CONFIG, DEFAULT_RUNTIME_MEMORY_CONFIG, 
+// Trust Substrate constants (v2.0.0)
+TRUST_TIER_RANK, DEFAULT_MAX_AGE, DEFAULT_ENFORCEMENT_CONFIG, } from './types.js';
+export { continuityError, ERROR_DETAILS } from './errors.js';
+/* ── State Serializer ── */
+export { serializeState, deserializeState, computeChecksum, statesEqual, } from './state-serializer.js';
+/* ── Reverse-XorIDA ── */
+export { splitState, reconstructState, computeDelta, applyDeltaShares, incrementalUpdate, padForSplit, 
+// Algebraic extensions (v2.0.0)
+undoDelta, branchState, squashDeltas, blindUpdateShare, refreshShares, blindEqual, networkCodeShares, networkDecodeShare, } from './reverse-xorida.js';
+/* ── Store ── */
+export { MemoryStateStore } from './store-memory.js';
+/* ── Memory Layers ── */
+export { RuntimeMemory } from './memory-runtime.js';
+export { SessionMemory } from './memory-session.js';
+/* ── Chronicle ── */
+export { Chronicle, detectContradiction } from './chronicle.js';
+/* ── Session Manager ── */
+export { SessionManager } from './session.js';
+/* ── Trust Substrate (v2.0.0) ── */
+// Provenance
+export { generateSigningKeyPair, publicKeyToAuthorRef, authorRefToPublicKey, canonicalEntryBytes, signEntry, verifyEntry, hashProvenance, verifyChainLink, } from './provenance.js';
+// Trust Tiers
+export { baselineTier, applyContradictionDowngrade, isDecayed, applyDecay, effectiveTier, compareTiers, isMoreTrusted, leastTrusted, } from './trust.js';
+// Adjudicator
+export { PolicyAdjudicator, ConsensusAdjudicator } from './adjudicator.js';
+// Ratification (TrustStore)
+export { TrustStore, Hypothesis } from './ratification.js';
+// Mission
+export { MissionAuthority, MissionGuard, AlignmentAdjudicator, } from './mission.js';
+// Enforcement
+export { EnforcementLoop } from './enforcement.js';
+/* ── Cascade / Sub-Agent Architecture (v2.1.0) ── */
+export { CascadeSession, SubAgentCoordinator, DEFAULT_CASCADE_POLICY, DEFAULT_COORDINATOR_CONFIG, } from './cascade.js';

package/dist/memory-runtime.d.ts

@@ -0,0 +1,36 @@
+/**
+ * @private.me/xcontinuity — Runtime Memory Layer
+ *
+ * In-process ephemeral key-value store backed by Map<string, RuntimeEntry>.
+ * Tracks access counts and update times. LRU eviction at configurable maxEntries.
+ */
+import type { AgentState, StateValue, RuntimeEntry, RuntimeMemoryConfig } from './types.js';
+export declare class RuntimeMemory {
+    private readonly entries;
+    private readonly config;
+    constructor(config?: Partial<RuntimeMemoryConfig>);
+    /** Get a value by key. Returns undefined if not found. Updates access count. */
+    get(key: string): StateValue | undefined;
+    /** Set a value. Evicts LRU entry if at capacity. */
+    set(key: string, value: StateValue): void;
+    /** Delete a key. Returns true if the key existed. */
+    delete(key: string): boolean;
+    /** Check if a key exists. */
+    has(key: string): boolean;
+    /** Get all keys. */
+    keys(): string[];
+    /** Number of entries. */
+    get size(): number;
+    /** Export all entries as an AgentState (flat key-value map). */
+    toAgentState(): AgentState;
+    /** Import from an AgentState, replacing all entries. */
+    fromAgentState(state: AgentState): void;
+    /** Merge an AgentState into existing entries (existing keys updated, new keys added). */
+    merge(state: AgentState): void;
+    /** Get the RuntimeEntry metadata for a key (for inspection/testing). */
+    getEntry(key: string): RuntimeEntry | undefined;
+    /** Clear all entries. */
+    clear(): void;
+    /** Evict the least-recently-used entry (lowest accessCount, oldest updatedAt). */
+    private evictLRU;
+}

package/dist/memory-runtime.js

@@ -0,0 +1,125 @@
+/**
+ * @private.me/xcontinuity — Runtime Memory Layer
+ *
+ * In-process ephemeral key-value store backed by Map<string, RuntimeEntry>.
+ * Tracks access counts and update times. LRU eviction at configurable maxEntries.
+ */
+import { DEFAULT_RUNTIME_MEMORY_CONFIG } from './types.js';
+export class RuntimeMemory {
+    entries = new Map();
+    config;
+    constructor(config = {}) {
+        this.config = { ...DEFAULT_RUNTIME_MEMORY_CONFIG, ...config };
+    }
+    /** Get a value by key. Returns undefined if not found. Updates access count. */
+    get(key) {
+        const entry = this.entries.get(key);
+        if (!entry)
+            return undefined;
+        // Update access count (create new entry for immutability of the interface)
+        const updated = {
+            ...entry,
+            accessCount: entry.accessCount + 1,
+        };
+        this.entries.set(key, updated);
+        return entry.value;
+    }
+    /** Set a value. Evicts LRU entry if at capacity. */
+    set(key, value) {
+        const now = Date.now();
+        const existing = this.entries.get(key);
+        if (existing) {
+            this.entries.set(key, {
+                ...existing,
+                value,
+                accessCount: existing.accessCount + 1,
+                updatedAt: now,
+            });
+            return;
+        }
+        // Evict if at capacity
+        if (this.entries.size >= this.config.maxEntries) {
+            this.evictLRU();
+        }
+        this.entries.set(key, {
+            key,
+            value,
+            accessCount: 1,
+            createdAt: now,
+            updatedAt: now,
+        });
+    }
+    /** Delete a key. Returns true if the key existed. */
+    delete(key) {
+        return this.entries.delete(key);
+    }
+    /** Check if a key exists. */
+    has(key) {
+        return this.entries.has(key);
+    }
+    /** Get all keys. */
+    keys() {
+        return Array.from(this.entries.keys());
+    }
+    /** Number of entries. */
+    get size() {
+        return this.entries.size;
+    }
+    /** Export all entries as an AgentState (flat key-value map). */
+    toAgentState() {
+        const state = {};
+        for (const [key, entry] of this.entries) {
+            state[key] = entry.value;
+        }
+        return state;
+    }
+    /** Import from an AgentState, replacing all entries. */
+    fromAgentState(state) {
+        this.entries.clear();
+        const now = Date.now();
+        for (const [key, value] of Object.entries(state)) {
+            if (value === undefined)
+                continue;
+            this.entries.set(key, {
+                key,
+                value,
+                accessCount: 0,
+                createdAt: now,
+                updatedAt: now,
+            });
+        }
+    }
+    /** Merge an AgentState into existing entries (existing keys updated, new keys added). */
+    merge(state) {
+        for (const [key, value] of Object.entries(state)) {
+            if (value === undefined)
+                continue;
+            this.set(key, value);
+        }
+    }
+    /** Get the RuntimeEntry metadata for a key (for inspection/testing). */
+    getEntry(key) {
+        return this.entries.get(key);
+    }
+    /** Clear all entries. */
+    clear() {
+        this.entries.clear();
+    }
+    /** Evict the least-recently-used entry (lowest accessCount, oldest updatedAt). */
+    evictLRU() {
+        let lruKey = null;
+        let lruAccess = Infinity;
+        let lruTime = Infinity;
+        for (const [key, entry] of this.entries) {
+            if (entry.accessCount < lruAccess ||
+                (entry.accessCount === lruAccess && entry.updatedAt < lruTime)) {
+                lruKey = key;
+                lruAccess = entry.accessCount;
+                lruTime = entry.updatedAt;
+            }
+        }
+        if (lruKey !== null) {
+            this.entries.delete(lruKey);
+        }
+    }
+}