@private.me/xcontinuity 2.1.0

package/dist/cjs/cascade.js

@@ -0,0 +1,328 @@
+"use strict";
+/**
+ * @private.me/xcontinuity — Cascade / Sub-Agent Architecture
+ *
+ * Enables parent-child session hierarchies where child sessions
+ * inherit trust context from their parent. Proves that v2.0.0's
+ * trust substrate API composes correctly in multi-agent patterns.
+ *
+ * @since 2.1.0
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SubAgentCoordinator = exports.DEFAULT_COORDINATOR_CONFIG = exports.CascadeSession = exports.DEFAULT_CASCADE_POLICY = void 0;
+const shared_1 = require("@private.me/shared");
+const errors_js_1 = require("./errors.js");
+const session_js_1 = require("./session.js");
+const ratification_js_1 = require("./ratification.js");
+const enforcement_js_1 = require("./enforcement.js");
+/** Default cascade policy. */
+exports.DEFAULT_CASCADE_POLICY = {
+    propagation: 'inherit',
+    maxChildTier: 'ratified',
+    escalateToParent: true,
+    maxDepth: 5,
+};
+/**
+ * CascadeSession wraps a SessionManager with parent-child hierarchy.
+ * Child sessions inherit trust context from their parent based on CascadePolicy.
+ */
+class CascadeSession {
+    session;
+    trustStore;
+    missionGuard;
+    enforcementLoop;
+    children = new Map();
+    parentId;
+    depth;
+    policy;
+    defaultMaxAge;
+    escalations = [];
+    constructor(session, trustStore, options) {
+        this.session = session;
+        this.trustStore = trustStore;
+        this.missionGuard = options?.missionGuard;
+        this.enforcementLoop = options?.enforcementLoop;
+        this.parentId = options?.parentId;
+        this.depth = options?.depth ?? 0;
+        this.policy = options?.policy ?? exports.DEFAULT_CASCADE_POLICY;
+        this.defaultMaxAge = options?.defaultMaxAge;
+    }
+    /** Get the underlying session manager. */
+    getSession() {
+        return this.session;
+    }
+    /** Get the trust store for this cascade node. */
+    getTrustStore() {
+        return this.trustStore;
+    }
+    /** Get the cascade depth (0 = root). */
+    getDepth() {
+        return this.depth;
+    }
+    /** Get the parent session ID (undefined for root). */
+    getParentId() {
+        return this.parentId;
+    }
+    /** Get all child IDs. */
+    getChildIds() {
+        return Array.from(this.children.keys());
+    }
+    /** Get a child by ID. */
+    getChild(childId) {
+        return this.children.get(childId);
+    }
+    /** Get escalation records from child sessions. */
+    getEscalations() {
+        return this.escalations;
+    }
+    /**
+     * Spawn a child session that inherits trust context from this parent.
+     *
+     * The child's trust store is populated based on the cascade policy:
+     * - 'inherit': Child receives parent's trust entries at their current tier.
+     * - 'downgrade': Child receives entries downgraded one tier level.
+     * - 'isolate': Child starts with an empty trust store.
+     */
+    spawnChild(childAgentId, store, childPolicy) {
+        const mergedPolicy = { ...this.policy, ...childPolicy };
+        const childDepth = this.depth + 1;
+        if (childDepth > mergedPolicy.maxDepth) {
+            return (0, shared_1.err)((0, errors_js_1.continuityError)('CONSTRAINT_VIOLATION', `Cascade depth ${childDepth} exceeds maximum ${mergedPolicy.maxDepth}`));
+        }
+        // Create child trust store
+        const childTrustStore = new ratification_js_1.TrustStore({
+            defaultMaxAge: this.defaultMaxAge,
+        });
+        // Propagate trust entries from parent to child
+        if (mergedPolicy.propagation !== 'isolate') {
+            const parentEntries = this.trustStore.all();
+            const propagated = [];
+            for (const entry of parentEntries) {
+                const childTier = this.propagateTier(entry.tier, mergedPolicy);
+                if (childTier && this.tierRank(childTier) <= this.tierRank(mergedPolicy.maxChildTier)) {
+                    propagated.push({
+                        key: entry.key,
+                        value: entry.value,
+                        provenance: entry.provenance,
+                        tier: childTier,
+                        contradictions: [],
+                        maxAge: entry.maxAge,
+                        ratifiedAt: childTier === 'ratified' ? entry.ratifiedAt : undefined,
+                    });
+                }
+            }
+            if (propagated.length > 0) {
+                childTrustStore.restore(propagated);
+            }
+        }
+        // Create child enforcement loop that escalates to parent
+        let childEnforcement;
+        if (this.missionGuard) {
+            const escalateToParent = mergedPolicy.escalateToParent;
+            childEnforcement = new enforcement_js_1.EnforcementLoop(this.missionGuard, {
+                escalationThreshold: 3,
+                onEscalate: escalateToParent
+                    ? (result) => {
+                        this.escalations.push({
+                            childId: childAgentId,
+                            agentId: result.action.author,
+                            violationCount: result.violationCount ?? 0,
+                            timestamp: Date.now(),
+                            action: result.action,
+                        });
+                    }
+                    : undefined,
+            });
+        }
+        // Create child session
+        const childConfig = {
+            agentId: childAgentId,
+            store,
+            trustStore: childTrustStore,
+            missionGuard: this.missionGuard,
+            enforcementLoop: childEnforcement,
+        };
+        const childSession = session_js_1.SessionManager.create(childConfig);
+        const sessionId = childSession.session.sessionId;
+        const cascadeChild = new CascadeSession(childSession, childTrustStore, {
+            missionGuard: this.missionGuard,
+            enforcementLoop: childEnforcement,
+            parentId: this.session.session.sessionId,
+            depth: childDepth,
+            policy: mergedPolicy,
+            defaultMaxAge: this.defaultMaxAge,
+        });
+        this.children.set(sessionId, {
+            childId: sessionId,
+            session: childSession,
+            trustStore: childTrustStore,
+            policy: mergedPolicy,
+            depth: childDepth,
+            createdAt: Date.now(),
+        });
+        return (0, shared_1.ok)(cascadeChild);
+    }
+    /**
+     * Merge a child's trusted state back into the parent.
+     * Only entries at or above 'inherited' tier are merged.
+     * The child session is closed after merging.
+     */
+    mergeChild(childId) {
+        const child = this.children.get(childId);
+        if (!child) {
+            return (0, shared_1.err)((0, errors_js_1.continuityError)('SNAPSHOT_NOT_FOUND', `Child session "${childId}" not found`));
+        }
+        let merged = 0;
+        const childEntries = child.trustStore.all();
+        for (const entry of childEntries) {
+            if (this.tierRank(entry.tier) >= this.tierRank('inherited')) {
+                // Check parent enforcement before merging
+                if (this.enforcementLoop) {
+                    const check = this.enforcementLoop.check({
+                        author: child.session.session.agentId,
+                        type: 'write',
+                        key: entry.key,
+                        value: entry.value,
+                    });
+                    if (check.ok && check.value.decision !== 'allow') {
+                        continue; // Skip entries that violate parent constraints
+                    }
+                }
+                this.trustStore.write(entry.key, entry.value, entry.provenance);
+                merged++;
+            }
+        }
+        // Close child session
+        child.session.close();
+        this.children.delete(childId);
+        return (0, shared_1.ok)(merged);
+    }
+    /**
+     * Close all children and then this session.
+     */
+    closeAll() {
+        for (const [, child] of this.children) {
+            child.session.close();
+        }
+        this.children.clear();
+        this.session.close();
+    }
+    /** Number of active children. */
+    get childCount() {
+        return this.children.size;
+    }
+    propagateTier(parentTier, policy) {
+        if (policy.propagation === 'isolate')
+            return null;
+        if (policy.propagation === 'inherit')
+            return parentTier;
+        // Downgrade: ratified -> inherited, inherited -> quarantined, quarantined -> null
+        if (parentTier === 'ratified')
+            return 'inherited';
+        if (parentTier === 'inherited')
+            return 'quarantined';
+        return null; // quarantined cannot be downgraded further
+    }
+    tierRank(tier) {
+        const ranks = {
+            ratified: 3,
+            inherited: 2,
+            quarantined: 1,
+        };
+        return ranks[tier];
+    }
+}
+exports.CascadeSession = CascadeSession;
+/** Default coordinator configuration. */
+exports.DEFAULT_COORDINATOR_CONFIG = {
+    maxAgents: 10,
+    defaultPolicy: exports.DEFAULT_CASCADE_POLICY,
+    autoMerge: false,
+};
+/**
+ * SubAgentCoordinator manages the lifecycle of sub-agent sessions
+ * within a cascade hierarchy. It provides:
+ * - Spawning with trust delegation
+ * - State merging with enforcement checking
+ * - Lifecycle management (close, cleanup)
+ */
+class SubAgentCoordinator {
+    root;
+    config;
+    activeAgents = new Map();
+    constructor(root, config) {
+        this.root = root;
+        this.config = { ...exports.DEFAULT_COORDINATOR_CONFIG, ...config };
+    }
+    /** Get the root cascade session. */
+    getRoot() {
+        return this.root;
+    }
+    /** Get the count of active sub-agents. */
+    get activeCount() {
+        return this.activeAgents.size;
+    }
+    /**
+     * Spawn a sub-agent with trust delegation from the root.
+     */
+    spawn(agentId, store, policy) {
+        if (this.activeAgents.size >= this.config.maxAgents) {
+            return (0, shared_1.err)((0, errors_js_1.continuityError)('CONSTRAINT_VIOLATION', `Maximum sub-agents (${this.config.maxAgents}) reached`));
+        }
+        const mergedPolicy = { ...this.config.defaultPolicy, ...policy };
+        const result = this.root.spawnChild(agentId, store, mergedPolicy);
+        if (!result.ok)
+            return result;
+        const child = result.value;
+        const childId = child.getSession().session.sessionId;
+        this.activeAgents.set(childId, child);
+        return (0, shared_1.ok)(child);
+    }
+    /**
+     * Complete a sub-agent and optionally merge its state back into the root.
+     */
+    complete(childId) {
+        const child = this.activeAgents.get(childId);
+        if (!child) {
+            return (0, shared_1.err)((0, errors_js_1.continuityError)('SNAPSHOT_NOT_FOUND', `Sub-agent "${childId}" not found in coordinator`));
+        }
+        let merged = 0;
+        if (this.config.autoMerge) {
+            const mergeResult = this.root.mergeChild(childId);
+            if (mergeResult.ok)
+                merged = mergeResult.value;
+        }
+        else {
+            child.getSession().close();
+        }
+        this.activeAgents.delete(childId);
+        return (0, shared_1.ok)(merged);
+    }
+    /**
+     * Merge a specific sub-agent's state into the root (manual merge).
+     */
+    merge(childId) {
+        if (!this.activeAgents.has(childId)) {
+            return (0, shared_1.err)((0, errors_js_1.continuityError)('SNAPSHOT_NOT_FOUND', `Sub-agent "${childId}" not found in coordinator`));
+        }
+        const result = this.root.mergeChild(childId);
+        if (result.ok) {
+            this.activeAgents.delete(childId);
+        }
+        return result;
+    }
+    /**
+     * Close all sub-agents and the root session.
+     */
+    shutdown() {
+        this.activeAgents.clear();
+        this.root.closeAll();
+    }
+    /**
+     * Get all active sub-agent IDs.
+     */
+    getActiveIds() {
+        return Array.from(this.activeAgents.keys());
+    }
+}
+exports.SubAgentCoordinator = SubAgentCoordinator;

package/dist/cjs/chronicle.js

@@ -0,0 +1,178 @@
+"use strict";
+/**
+ * @private.me/xcontinuity — Chronicle (State History)
+ *
+ * Append-only ordered state history with navigation.
+ * Secondary index (Map stateId->index) for O(1) lookup.
+ * Query with filters: sessionId, time range, tags, limit/offset pagination.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Chronicle = void 0;
+exports.detectContradiction = detectContradiction;
+const shared_1 = require("@private.me/shared");
+const errors_js_1 = require("./errors.js");
+class Chronicle {
+    entries = [];
+    indexByStateId = new Map();
+    /** Track the latest stateId for each key (for contradiction detection). */
+    latestByKey = new Map();
+    /** Detected contradictions. */
+    contradictions = [];
+    /** Append a new entry to the chronicle. */
+    append(entry) {
+        const idx = this.entries.length;
+        this.entries.push(entry);
+        this.indexByStateId.set(entry.stateId, idx);
+    }
+    /**
+     * Append an entry and check for contradictions against the latest
+     * value for the same key. Returns detected contradictions (if any).
+     *
+     * @param entry - The chronicle entry
+     * @param key - The state key this entry represents
+     * @param value - The new value for the key
+     * @param existingValue - The most recent known value for the key (if any)
+     * @returns Array of contradictions detected (empty if none)
+     */
+    appendWithContradictionCheck(entry, key, value, existingValue) {
+        const detected = [];
+        const previousStateId = this.latestByKey.get(key);
+        if (previousStateId !== undefined && existingValue !== undefined) {
+            if (detectContradiction(value, existingValue)) {
+                const contradiction = {
+                    incomingStateId: entry.stateId,
+                    existingStateId: previousStateId,
+                    key,
+                    detectedAt: Date.now(),
+                };
+                detected.push(contradiction);
+                this.contradictions.push(contradiction);
+            }
+        }
+        this.latestByKey.set(key, entry.stateId);
+        this.append(entry);
+        return detected;
+    }
+    /** Get all detected contradictions. */
+    getContradictions() {
+        return this.contradictions.slice();
+    }
+    /** Get contradictions for a specific key. */
+    getContradictionsForKey(key) {
+        return this.contradictions.filter(c => c.key === key);
+    }
+    /** Get the latest stateId recorded for a given key. */
+    getLatestForKey(key) {
+        return this.latestByKey.get(key);
+    }
+    /** Get an entry by stateId. O(1) lookup. */
+    get(stateId) {
+        const idx = this.indexByStateId.get(stateId);
+        if (idx === undefined) {
+            return (0, shared_1.err)((0, errors_js_1.continuityError)('ENTRY_NOT_FOUND', `Chronicle entry ${stateId} not found`));
+        }
+        return (0, shared_1.ok)(this.entries[idx]);
+    }
+    /** Get the latest entry, or null if empty. */
+    latest() {
+        if (this.entries.length === 0)
+            return null;
+        return this.entries[this.entries.length - 1];
+    }
+    /** Get entry at a specific sequence position. */
+    atSequence(sequence) {
+        const entry = this.entries.find(e => e.sequence === sequence);
+        if (!entry) {
+            return (0, shared_1.err)((0, errors_js_1.continuityError)('ENTRY_NOT_FOUND', `No entry with sequence ${sequence}`));
+        }
+        return (0, shared_1.ok)(entry);
+    }
+    /** Get the parent entry (if parentStateId is set). */
+    parent(stateId) {
+        const entryResult = this.get(stateId);
+        if (!entryResult.ok)
+            return entryResult;
+        const entry = entryResult.value;
+        if (!entry.parentStateId) {
+            return (0, shared_1.err)((0, errors_js_1.continuityError)('ENTRY_NOT_FOUND', `Entry ${stateId} has no parent`));
+        }
+        return this.get(entry.parentStateId);
+    }
+    /**
+     * Query chronicle entries with filters.
+     *
+     * @param query - Filter criteria (sessionId, time range, tags, limit/offset)
+     * @returns Matching entries ordered by timestamp
+     */
+    query(query = {}) {
+        let results = this.entries.slice();
+        if (query.sessionId) {
+            results = results.filter(e => e.sessionId === query.sessionId);
+        }
+        if (query.after !== undefined) {
+            results = results.filter(e => e.timestamp >= query.after);
+        }
+        if (query.before !== undefined) {
+            results = results.filter(e => e.timestamp <= query.before);
+        }
+        if (query.tags && query.tags.length > 0) {
+            const tagSet = new Set(query.tags);
+            results = results.filter(e => e.tags.some(t => tagSet.has(t)));
+        }
+        // Pagination
+        const offset = query.offset ?? 0;
+        const limit = query.limit ?? results.length;
+        return results.slice(offset, offset + limit);
+    }
+    /** Total number of entries. */
+    get length() {
+        return this.entries.length;
+    }
+    /** Get all entries (readonly copy). */
+    all() {
+        return this.entries.slice();
+    }
+    /** Clear all entries. */
+    clear() {
+        this.entries.length = 0;
+        this.indexByStateId.clear();
+        this.latestByKey.clear();
+        this.contradictions.length = 0;
+    }
+}
+exports.Chronicle = Chronicle;
+/**
+ * Detect whether two values for the same key contradict each other.
+ *
+ * Contradiction = values are structurally different.
+ * Identical values are not contradictions (they're confirmations).
+ */
+function detectContradiction(newValue, existingValue) {
+    // Null checks
+    if (newValue === null && existingValue === null)
+        return false;
+    if (newValue === null || existingValue === null)
+        return true;
+    // Uint8Array comparison
+    if (newValue instanceof Uint8Array && existingValue instanceof Uint8Array) {
+        if (newValue.length !== existingValue.length)
+            return true;
+        for (let i = 0; i < newValue.length; i++) {
+            if (newValue[i] !== existingValue[i])
+                return true;
+        }
+        return false;
+    }
+    // Type mismatch
+    if (typeof newValue !== typeof existingValue)
+        return true;
+    if (newValue instanceof Uint8Array || existingValue instanceof Uint8Array)
+        return true;
+    // Object comparison (deterministic JSON)
+    if (typeof newValue === 'object' && typeof existingValue === 'object') {
+        return JSON.stringify(newValue, Object.keys(newValue).sort())
+            !== JSON.stringify(existingValue, Object.keys(existingValue).sort());
+    }
+    // Primitive comparison
+    return newValue !== existingValue;
+}

package/dist/cjs/enforcement.js

@@ -0,0 +1,108 @@
+"use strict";
+/**
+ * @private.me/xcontinuity — Enforcement Loop
+ *
+ * Evaluates proposed actions against mission constraints and produces
+ * enforcement decisions: allow, reject (with reason), rewrite (with
+ * suggested alternative), or escalate (on repeated violations).
+ *
+ * Tracks violation history per agent for escalation logic.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EnforcementLoop = void 0;
+const shared_1 = require("@private.me/shared");
+const types_js_1 = require("./types.js");
+class EnforcementLoop {
+    guard;
+    config;
+    /** Violation counts per agent. */
+    violations = new Map();
+    constructor(guard, config) {
+        this.guard = guard;
+        this.config = {
+            ...types_js_1.DEFAULT_ENFORCEMENT_CONFIG,
+            ...config,
+        };
+    }
+    /**
+     * Check a proposed action against the enforcement loop.
+     *
+     * Flow:
+     *   1. Evaluate against mission guard
+     *   2. If allowed → return allow
+     *   3. If denied and has suggestion → return rewrite
+     *   4. If denied without suggestion → increment violations
+     *   5. If violations >= threshold → return escalate
+     *   6. Otherwise → return reject
+     */
+    check(action) {
+        const guardResult = this.guard.evaluate(action);
+        // Guard evaluation error — propagate
+        if (!guardResult.ok) {
+            return (0, shared_1.err)(guardResult.error);
+        }
+        const constraintResult = guardResult.value;
+        // Action allowed
+        if (constraintResult.allowed) {
+            return (0, shared_1.ok)({
+                decision: 'allow',
+                action,
+            });
+        }
+        // Action denied — check for rewrite suggestion
+        if (constraintResult.suggestion) {
+            // Verify the suggestion itself passes constraints
+            const suggestionCheck = this.guard.evaluate(constraintResult.suggestion);
+            if (suggestionCheck.ok && suggestionCheck.value.allowed) {
+                return (0, shared_1.ok)({
+                    decision: 'rewrite',
+                    action,
+                    reason: constraintResult.reason,
+                    rewrittenAction: constraintResult.suggestion,
+                });
+            }
+            // Suggestion also fails — fall through to reject/escalate
+        }
+        // Increment violation count for this agent
+        const currentCount = (this.violations.get(action.author) ?? 0) + 1;
+        this.violations.set(action.author, currentCount);
+        // Check escalation threshold
+        if (currentCount >= this.config.escalationThreshold) {
+            const result = {
+                decision: 'escalate',
+                action,
+                reason: constraintResult.reason,
+                violationCount: currentCount,
+            };
+            // Fire escalation callback if configured
+            if (this.config.onEscalate) {
+                this.config.onEscalate(result);
+            }
+            return (0, shared_1.ok)(result);
+        }
+        // Reject
+        return (0, shared_1.ok)({
+            decision: 'reject',
+            action,
+            reason: constraintResult.reason,
+            violationCount: currentCount,
+        });
+    }
+    /** Get the current violation count for an agent. */
+    getViolationCount(author) {
+        return this.violations.get(author) ?? 0;
+    }
+    /** Reset violation count for an agent. */
+    resetViolations(author) {
+        this.violations.delete(author);
+    }
+    /** Reset all violation counts. */
+    resetAllViolations() {
+        this.violations.clear();
+    }
+    /** Get the escalation threshold. */
+    get escalationThreshold() {
+        return this.config.escalationThreshold;
+    }
+}
+exports.EnforcementLoop = EnforcementLoop;

package/dist/cjs/errors.js

@@ -0,0 +1,72 @@
+"use strict";
+/**
+ * @private.me/xcontinuity — Error hierarchy
+ *
+ * Follows the pattern from @private.me/crypto errors.
+ * All fallible public functions return Result<T, ContinuityError>.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ERROR_DETAILS = void 0;
+exports.continuityError = continuityError;
+/* ── Error Details Map ── */
+/** Human-readable descriptions for all error codes. */
+exports.ERROR_DETAILS = {
+    // Serialization
+    SERIALIZE_FAILED: 'State serialization failed. Check that all state values are valid types (string, number, boolean, Uint8Array, null, or plain object).',
+    DESERIALIZE_FAILED: 'State deserialization failed. The TLV data may be corrupt or in an unsupported format.',
+    CHECKSUM_MISMATCH: 'SHA-256 checksum verification failed. The serialized data has been modified since snapshot creation.',
+    INVALID_TLV: 'Invalid TLV structure. The byte stream has a truncated header or value exceeding data length.',
+    MISSING_FIELD: 'Required field missing from serialized data.',
+    INVALID_VALUE_TYPE: 'Unknown value type code in serialized entry. Expected STRING(0x01), NUMBER(0x02), BOOLEAN(0x03), BYTES(0x04), NULL(0x05), or JSON(0x06).',
+    // Split
+    SPLIT_FAILED: 'XorIDA threshold split failed. Verify n >= 2 and 2 <= k <= n.',
+    RECONSTRUCT_FAILED: 'XorIDA share reconstruction failed. Ensure shares are valid and indices are correct.',
+    HMAC_FAILURE: 'HMAC-SHA256 verification failed after reconstruction. One or more shares may be corrupted or tampered.',
+    INSUFFICIENT_SHARES: 'Not enough shares for reconstruction. Provide at least k shares (threshold).',
+    INVALID_SHARES: 'Share validation failed. All shares must have matching stateId, n, and k values.',
+    PADDING_ERROR: 'PKCS#7 unpadding failed after reconstruction. Data may be corrupted.',
+    DELTA_SIZE_MISMATCH: 'Old and new padded state sizes differ. Incremental update requires same padded length; falling back to fresh split.',
+    // Session
+    SESSION_CLOSED: 'Session is closed (terminal state). Create a new session to continue.',
+    SESSION_SUSPENDED: 'Session is suspended. Call resume() before performing operations.',
+    SESSION_ACTIVE: 'Session is already active. Suspend before attempting to resume.',
+    NO_SNAPSHOTS: 'No snapshots available. Create at least one snapshot before restoring.',
+    SNAPSHOT_NOT_FOUND: 'Snapshot not found in store. The stateId may be incorrect or the snapshot was deleted.',
+    INVALID_CONFIG: 'Invalid session configuration. Verify agentId and store are provided.',
+    // Chronicle
+    ENTRY_NOT_FOUND: 'Chronicle entry not found. The stateId or sequence number does not exist in the history.',
+    INVALID_QUERY: 'Invalid chronicle query parameters.',
+    // Store
+    STORE_PUT_FAILED: 'Failed to write split state to store backend.',
+    STORE_GET_FAILED: 'Failed to read split state from store backend.',
+    STORE_DELETE_FAILED: 'Failed to delete split state from store backend.',
+    // Provenance
+    INVALID_SIGNATURE: 'Ed25519 signature verification failed. The entry may have been tampered with or signed by a different key.',
+    MISSING_AUTHOR: 'Provenance record is missing the author field. Every signed entry must have an AuthorRef.',
+    HASH_CHAIN_BREAK: 'Parent hash does not match the expected predecessor. The chronicle chain has a gap or reorder.',
+    SIGNATURE_EXPIRED: 'The signature timestamp is older than the maximum allowed age for this trust tier.',
+    // Trust
+    TIER_DOWNGRADE: 'Trust tier was downgraded due to contradictions or policy violation.',
+    QUARANTINED_ENTRY: 'Entry is quarantined and cannot be used until re-verified or ratified.',
+    CONTRADICTION_DETECTED: 'A contradicting entry was found for the same key with incompatible value.',
+    TRUST_DECAY_EXPIRED: 'Entry exceeded its maxAge TTL and was downgraded from ratified to inherited.',
+    // Adjudicator
+    CONSENSUS_FAILED: 'Multi-agent consensus could not be reached. Quorum threshold not met.',
+    POLICY_VIOLATION: 'The proposed resolution violates the active policy adjudicator rules.',
+    QUORUM_NOT_MET: 'Insufficient agent views to form a quorum for consensus adjudication.',
+    NO_CANDIDATES: 'No candidate entries provided for adjudication.',
+    // Mission
+    CONSTRAINT_VIOLATION: 'The proposed action violates a hard constraint defined by the active mission.',
+    AUTHORITY_EXPIRED: 'The mission authority signature has expired. A new mission must be issued.',
+    SCOPE_EXCEEDED: 'The proposed action falls outside the scopes authorized by the active mission.',
+    INVALID_MISSION_SIGNATURE: 'Ed25519 signature on the mission record failed verification.',
+    NO_ACTIVE_MISSION: 'No active mission is set. A mission must be loaded before constraint evaluation.',
+    // Enforcement
+    ACTION_REJECTED: 'The enforcement loop rejected the proposed action based on constraint evaluation.',
+    ESCALATION_TRIGGERED: 'Repeated violations exceeded the escalation threshold. Human review required.',
+    REWRITE_FAILED: 'The enforcement loop could not produce a valid rewrite for the rejected action.',
+};
+/* ── Error Factory ── */
+function continuityError(code, message, subCode) {
+    return subCode != null ? { code, message, subCode } : { code, message };
+}