@private.me/xcontinuity 2.1.0

package/dist/cjs/index.js

@@ -0,0 +1,108 @@
+"use strict";
+/**
+ * @private.me/xcontinuity
+ *
+ * Cryptographic state continuity for AI agents.
+ * Reverse-XorIDA incremental state updates over GF(2).
+ * Trust substrate with provenance, tiers, and enforcement.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.compareTiers = exports.effectiveTier = exports.applyDecay = exports.isDecayed = exports.applyContradictionDowngrade = exports.baselineTier = exports.verifyChainLink = exports.hashProvenance = exports.verifyEntry = exports.signEntry = exports.canonicalEntryBytes = exports.authorRefToPublicKey = exports.publicKeyToAuthorRef = exports.generateSigningKeyPair = exports.SessionManager = exports.detectContradiction = exports.Chronicle = exports.SessionMemory = exports.RuntimeMemory = exports.MemoryStateStore = exports.networkDecodeShare = exports.networkCodeShares = exports.blindEqual = exports.refreshShares = exports.blindUpdateShare = exports.squashDeltas = exports.branchState = exports.undoDelta = exports.padForSplit = exports.incrementalUpdate = exports.applyDeltaShares = exports.computeDelta = exports.reconstructState = exports.splitState = exports.statesEqual = exports.computeChecksum = exports.deserializeState = exports.serializeState = exports.ERROR_DETAILS = exports.continuityError = exports.DEFAULT_ENFORCEMENT_CONFIG = exports.DEFAULT_MAX_AGE = exports.TRUST_TIER_RANK = exports.DEFAULT_RUNTIME_MEMORY_CONFIG = exports.DEFAULT_SPLIT_CONFIG = exports.VALUE_TYPE = exports.CONTINUITY_TLV = exports.err = exports.ok = exports.VERSION = void 0;
+exports.DEFAULT_COORDINATOR_CONFIG = exports.DEFAULT_CASCADE_POLICY = exports.SubAgentCoordinator = exports.CascadeSession = exports.EnforcementLoop = exports.AlignmentAdjudicator = exports.MissionGuard = exports.MissionAuthority = exports.Hypothesis = exports.TrustStore = exports.ConsensusAdjudicator = exports.PolicyAdjudicator = exports.leastTrusted = exports.isMoreTrusted = void 0;
+exports.VERSION = '2.1.0';
+var shared_1 = require("@private.me/shared");
+Object.defineProperty(exports, "ok", { enumerable: true, get: function () { return shared_1.ok; } });
+Object.defineProperty(exports, "err", { enumerable: true, get: function () { return shared_1.err; } });
+var types_js_1 = require("./types.js");
+Object.defineProperty(exports, "CONTINUITY_TLV", { enumerable: true, get: function () { return types_js_1.CONTINUITY_TLV; } });
+Object.defineProperty(exports, "VALUE_TYPE", { enumerable: true, get: function () { return types_js_1.VALUE_TYPE; } });
+Object.defineProperty(exports, "DEFAULT_SPLIT_CONFIG", { enumerable: true, get: function () { return types_js_1.DEFAULT_SPLIT_CONFIG; } });
+Object.defineProperty(exports, "DEFAULT_RUNTIME_MEMORY_CONFIG", { enumerable: true, get: function () { return types_js_1.DEFAULT_RUNTIME_MEMORY_CONFIG; } });
+// Trust Substrate constants (v2.0.0)
+Object.defineProperty(exports, "TRUST_TIER_RANK", { enumerable: true, get: function () { return types_js_1.TRUST_TIER_RANK; } });
+Object.defineProperty(exports, "DEFAULT_MAX_AGE", { enumerable: true, get: function () { return types_js_1.DEFAULT_MAX_AGE; } });
+Object.defineProperty(exports, "DEFAULT_ENFORCEMENT_CONFIG", { enumerable: true, get: function () { return types_js_1.DEFAULT_ENFORCEMENT_CONFIG; } });
+var errors_js_1 = require("./errors.js");
+Object.defineProperty(exports, "continuityError", { enumerable: true, get: function () { return errors_js_1.continuityError; } });
+Object.defineProperty(exports, "ERROR_DETAILS", { enumerable: true, get: function () { return errors_js_1.ERROR_DETAILS; } });
+/* ── State Serializer ── */
+var state_serializer_js_1 = require("./state-serializer.js");
+Object.defineProperty(exports, "serializeState", { enumerable: true, get: function () { return state_serializer_js_1.serializeState; } });
+Object.defineProperty(exports, "deserializeState", { enumerable: true, get: function () { return state_serializer_js_1.deserializeState; } });
+Object.defineProperty(exports, "computeChecksum", { enumerable: true, get: function () { return state_serializer_js_1.computeChecksum; } });
+Object.defineProperty(exports, "statesEqual", { enumerable: true, get: function () { return state_serializer_js_1.statesEqual; } });
+/* ── Reverse-XorIDA ── */
+var reverse_xorida_js_1 = require("./reverse-xorida.js");
+Object.defineProperty(exports, "splitState", { enumerable: true, get: function () { return reverse_xorida_js_1.splitState; } });
+Object.defineProperty(exports, "reconstructState", { enumerable: true, get: function () { return reverse_xorida_js_1.reconstructState; } });
+Object.defineProperty(exports, "computeDelta", { enumerable: true, get: function () { return reverse_xorida_js_1.computeDelta; } });
+Object.defineProperty(exports, "applyDeltaShares", { enumerable: true, get: function () { return reverse_xorida_js_1.applyDeltaShares; } });
+Object.defineProperty(exports, "incrementalUpdate", { enumerable: true, get: function () { return reverse_xorida_js_1.incrementalUpdate; } });
+Object.defineProperty(exports, "padForSplit", { enumerable: true, get: function () { return reverse_xorida_js_1.padForSplit; } });
+// Algebraic extensions (v2.0.0)
+Object.defineProperty(exports, "undoDelta", { enumerable: true, get: function () { return reverse_xorida_js_1.undoDelta; } });
+Object.defineProperty(exports, "branchState", { enumerable: true, get: function () { return reverse_xorida_js_1.branchState; } });
+Object.defineProperty(exports, "squashDeltas", { enumerable: true, get: function () { return reverse_xorida_js_1.squashDeltas; } });
+Object.defineProperty(exports, "blindUpdateShare", { enumerable: true, get: function () { return reverse_xorida_js_1.blindUpdateShare; } });
+Object.defineProperty(exports, "refreshShares", { enumerable: true, get: function () { return reverse_xorida_js_1.refreshShares; } });
+Object.defineProperty(exports, "blindEqual", { enumerable: true, get: function () { return reverse_xorida_js_1.blindEqual; } });
+Object.defineProperty(exports, "networkCodeShares", { enumerable: true, get: function () { return reverse_xorida_js_1.networkCodeShares; } });
+Object.defineProperty(exports, "networkDecodeShare", { enumerable: true, get: function () { return reverse_xorida_js_1.networkDecodeShare; } });
+/* ── Store ── */
+var store_memory_js_1 = require("./store-memory.js");
+Object.defineProperty(exports, "MemoryStateStore", { enumerable: true, get: function () { return store_memory_js_1.MemoryStateStore; } });
+/* ── Memory Layers ── */
+var memory_runtime_js_1 = require("./memory-runtime.js");
+Object.defineProperty(exports, "RuntimeMemory", { enumerable: true, get: function () { return memory_runtime_js_1.RuntimeMemory; } });
+var memory_session_js_1 = require("./memory-session.js");
+Object.defineProperty(exports, "SessionMemory", { enumerable: true, get: function () { return memory_session_js_1.SessionMemory; } });
+/* ── Chronicle ── */
+var chronicle_js_1 = require("./chronicle.js");
+Object.defineProperty(exports, "Chronicle", { enumerable: true, get: function () { return chronicle_js_1.Chronicle; } });
+Object.defineProperty(exports, "detectContradiction", { enumerable: true, get: function () { return chronicle_js_1.detectContradiction; } });
+/* ── Session Manager ── */
+var session_js_1 = require("./session.js");
+Object.defineProperty(exports, "SessionManager", { enumerable: true, get: function () { return session_js_1.SessionManager; } });
+/* ── Trust Substrate (v2.0.0) ── */
+// Provenance
+var provenance_js_1 = require("./provenance.js");
+Object.defineProperty(exports, "generateSigningKeyPair", { enumerable: true, get: function () { return provenance_js_1.generateSigningKeyPair; } });
+Object.defineProperty(exports, "publicKeyToAuthorRef", { enumerable: true, get: function () { return provenance_js_1.publicKeyToAuthorRef; } });
+Object.defineProperty(exports, "authorRefToPublicKey", { enumerable: true, get: function () { return provenance_js_1.authorRefToPublicKey; } });
+Object.defineProperty(exports, "canonicalEntryBytes", { enumerable: true, get: function () { return provenance_js_1.canonicalEntryBytes; } });
+Object.defineProperty(exports, "signEntry", { enumerable: true, get: function () { return provenance_js_1.signEntry; } });
+Object.defineProperty(exports, "verifyEntry", { enumerable: true, get: function () { return provenance_js_1.verifyEntry; } });
+Object.defineProperty(exports, "hashProvenance", { enumerable: true, get: function () { return provenance_js_1.hashProvenance; } });
+Object.defineProperty(exports, "verifyChainLink", { enumerable: true, get: function () { return provenance_js_1.verifyChainLink; } });
+// Trust Tiers
+var trust_js_1 = require("./trust.js");
+Object.defineProperty(exports, "baselineTier", { enumerable: true, get: function () { return trust_js_1.baselineTier; } });
+Object.defineProperty(exports, "applyContradictionDowngrade", { enumerable: true, get: function () { return trust_js_1.applyContradictionDowngrade; } });
+Object.defineProperty(exports, "isDecayed", { enumerable: true, get: function () { return trust_js_1.isDecayed; } });
+Object.defineProperty(exports, "applyDecay", { enumerable: true, get: function () { return trust_js_1.applyDecay; } });
+Object.defineProperty(exports, "effectiveTier", { enumerable: true, get: function () { return trust_js_1.effectiveTier; } });
+Object.defineProperty(exports, "compareTiers", { enumerable: true, get: function () { return trust_js_1.compareTiers; } });
+Object.defineProperty(exports, "isMoreTrusted", { enumerable: true, get: function () { return trust_js_1.isMoreTrusted; } });
+Object.defineProperty(exports, "leastTrusted", { enumerable: true, get: function () { return trust_js_1.leastTrusted; } });
+// Adjudicator
+var adjudicator_js_1 = require("./adjudicator.js");
+Object.defineProperty(exports, "PolicyAdjudicator", { enumerable: true, get: function () { return adjudicator_js_1.PolicyAdjudicator; } });
+Object.defineProperty(exports, "ConsensusAdjudicator", { enumerable: true, get: function () { return adjudicator_js_1.ConsensusAdjudicator; } });
+// Ratification (TrustStore)
+var ratification_js_1 = require("./ratification.js");
+Object.defineProperty(exports, "TrustStore", { enumerable: true, get: function () { return ratification_js_1.TrustStore; } });
+Object.defineProperty(exports, "Hypothesis", { enumerable: true, get: function () { return ratification_js_1.Hypothesis; } });
+// Mission
+var mission_js_1 = require("./mission.js");
+Object.defineProperty(exports, "MissionAuthority", { enumerable: true, get: function () { return mission_js_1.MissionAuthority; } });
+Object.defineProperty(exports, "MissionGuard", { enumerable: true, get: function () { return mission_js_1.MissionGuard; } });
+Object.defineProperty(exports, "AlignmentAdjudicator", { enumerable: true, get: function () { return mission_js_1.AlignmentAdjudicator; } });
+// Enforcement
+var enforcement_js_1 = require("./enforcement.js");
+Object.defineProperty(exports, "EnforcementLoop", { enumerable: true, get: function () { return enforcement_js_1.EnforcementLoop; } });
+/* ── Cascade / Sub-Agent Architecture (v2.1.0) ── */
+var cascade_js_1 = require("./cascade.js");
+Object.defineProperty(exports, "CascadeSession", { enumerable: true, get: function () { return cascade_js_1.CascadeSession; } });
+Object.defineProperty(exports, "SubAgentCoordinator", { enumerable: true, get: function () { return cascade_js_1.SubAgentCoordinator; } });
+Object.defineProperty(exports, "DEFAULT_CASCADE_POLICY", { enumerable: true, get: function () { return cascade_js_1.DEFAULT_CASCADE_POLICY; } });
+Object.defineProperty(exports, "DEFAULT_COORDINATOR_CONFIG", { enumerable: true, get: function () { return cascade_js_1.DEFAULT_COORDINATOR_CONFIG; } });

package/dist/cjs/memory-runtime.js

@@ -0,0 +1,129 @@
+"use strict";
+/**
+ * @private.me/xcontinuity — Runtime Memory Layer
+ *
+ * In-process ephemeral key-value store backed by Map<string, RuntimeEntry>.
+ * Tracks access counts and update times. LRU eviction at configurable maxEntries.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RuntimeMemory = void 0;
+const types_js_1 = require("./types.js");
+class RuntimeMemory {
+    entries = new Map();
+    config;
+    constructor(config = {}) {
+        this.config = { ...types_js_1.DEFAULT_RUNTIME_MEMORY_CONFIG, ...config };
+    }
+    /** Get a value by key. Returns undefined if not found. Updates access count. */
+    get(key) {
+        const entry = this.entries.get(key);
+        if (!entry)
+            return undefined;
+        // Update access count (create new entry for immutability of the interface)
+        const updated = {
+            ...entry,
+            accessCount: entry.accessCount + 1,
+        };
+        this.entries.set(key, updated);
+        return entry.value;
+    }
+    /** Set a value. Evicts LRU entry if at capacity. */
+    set(key, value) {
+        const now = Date.now();
+        const existing = this.entries.get(key);
+        if (existing) {
+            this.entries.set(key, {
+                ...existing,
+                value,
+                accessCount: existing.accessCount + 1,
+                updatedAt: now,
+            });
+            return;
+        }
+        // Evict if at capacity
+        if (this.entries.size >= this.config.maxEntries) {
+            this.evictLRU();
+        }
+        this.entries.set(key, {
+            key,
+            value,
+            accessCount: 1,
+            createdAt: now,
+            updatedAt: now,
+        });
+    }
+    /** Delete a key. Returns true if the key existed. */
+    delete(key) {
+        return this.entries.delete(key);
+    }
+    /** Check if a key exists. */
+    has(key) {
+        return this.entries.has(key);
+    }
+    /** Get all keys. */
+    keys() {
+        return Array.from(this.entries.keys());
+    }
+    /** Number of entries. */
+    get size() {
+        return this.entries.size;
+    }
+    /** Export all entries as an AgentState (flat key-value map). */
+    toAgentState() {
+        const state = {};
+        for (const [key, entry] of this.entries) {
+            state[key] = entry.value;
+        }
+        return state;
+    }
+    /** Import from an AgentState, replacing all entries. */
+    fromAgentState(state) {
+        this.entries.clear();
+        const now = Date.now();
+        for (const [key, value] of Object.entries(state)) {
+            if (value === undefined)
+                continue;
+            this.entries.set(key, {
+                key,
+                value,
+                accessCount: 0,
+                createdAt: now,
+                updatedAt: now,
+            });
+        }
+    }
+    /** Merge an AgentState into existing entries (existing keys updated, new keys added). */
+    merge(state) {
+        for (const [key, value] of Object.entries(state)) {
+            if (value === undefined)
+                continue;
+            this.set(key, value);
+        }
+    }
+    /** Get the RuntimeEntry metadata for a key (for inspection/testing). */
+    getEntry(key) {
+        return this.entries.get(key);
+    }
+    /** Clear all entries. */
+    clear() {
+        this.entries.clear();
+    }
+    /** Evict the least-recently-used entry (lowest accessCount, oldest updatedAt). */
+    evictLRU() {
+        let lruKey = null;
+        let lruAccess = Infinity;
+        let lruTime = Infinity;
+        for (const [key, entry] of this.entries) {
+            if (entry.accessCount < lruAccess ||
+                (entry.accessCount === lruAccess && entry.updatedAt < lruTime)) {
+                lruKey = key;
+                lruAccess = entry.accessCount;
+                lruTime = entry.updatedAt;
+            }
+        }
+        if (lruKey !== null) {
+            this.entries.delete(lruKey);
+        }
+    }
+}
+exports.RuntimeMemory = RuntimeMemory;

package/dist/cjs/memory-session.js

@@ -0,0 +1,134 @@
+"use strict";
+/**
+ * @private.me/xcontinuity — Session Memory Layer
+ *
+ * Orchestration layer over serializer + reverse-xorida + store.
+ * Maintains lastSplitState for incremental updates.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SessionMemory = void 0;
+const shared_1 = require("@private.me/shared");
+const types_js_1 = require("./types.js");
+const errors_js_1 = require("./errors.js");
+const state_serializer_js_1 = require("./state-serializer.js");
+const reverse_xorida_js_1 = require("./reverse-xorida.js");
+class SessionMemory {
+    lastSplitState = null;
+    lastSnapshot = null;
+    store;
+    splitConfig;
+    constructor(store, splitConfig = types_js_1.DEFAULT_SPLIT_CONFIG) {
+        this.store = store;
+        this.splitConfig = splitConfig;
+    }
+    /**
+     * Save agent state: serialize, split (incremental if possible), persist to store.
+     *
+     * @param state - Agent state to persist
+     * @param metadata - State metadata
+     * @returns The state snapshot (with stateId for later retrieval)
+     */
+    async save(state, metadata) {
+        // Serialize
+        const serResult = await (0, state_serializer_js_1.serializeState)(state, metadata);
+        if (!serResult.ok)
+            return serResult;
+        const snapshot = serResult.value;
+        // Split (incremental if we have a previous split)
+        let splitResult;
+        if (this.lastSplitState && this.lastSnapshot) {
+            splitResult = await (0, reverse_xorida_js_1.incrementalUpdate)(this.lastSplitState, this.lastSnapshot, snapshot);
+        }
+        else {
+            splitResult = await (0, reverse_xorida_js_1.splitState)(snapshot, this.splitConfig);
+        }
+        if (!splitResult.ok)
+            return splitResult;
+        // Persist to store
+        await this.store.putShares(splitResult.value);
+        // Update tracking
+        this.lastSplitState = splitResult.value;
+        this.lastSnapshot = snapshot;
+        return (0, shared_1.ok)(snapshot);
+    }
+    /**
+     * Load agent state from store by stateId.
+     * If no stateId provided, uses the last saved state.
+     *
+     * @param stateId - Optional state ID to load (defaults to last saved)
+     * @returns Reconstructed AgentState
+     */
+    async load(stateId) {
+        const targetId = stateId ?? this.lastSplitState?.stateId;
+        if (!targetId) {
+            return (0, shared_1.err)((0, errors_js_1.continuityError)('NO_SNAPSHOTS', 'No state ID provided and no previous save'));
+        }
+        const splitState = await this.store.getShares(targetId);
+        if (!splitState) {
+            return (0, shared_1.err)((0, errors_js_1.continuityError)('SNAPSHOT_NOT_FOUND', `State ${targetId} not found in store`));
+        }
+        // Reconstruct from shares
+        const reconResult = await (0, reverse_xorida_js_1.reconstructState)(splitState.shares);
+        if (!reconResult.ok)
+            return reconResult;
+        // Deserialize the snapshot
+        const snapshot = {
+            stateId: reconResult.value.stateId,
+            metadata: splitState.metadata,
+            serializedBytes: reconResult.value.serializedBytes,
+            checksum: new Uint8Array(0), // Will be recomputed during deserialization
+        };
+        // Compute fresh checksum for verification
+        const { computeChecksum } = await Promise.resolve().then(() => __importStar(require('./state-serializer.js')));
+        const freshChecksum = await computeChecksum(reconResult.value.serializedBytes);
+        const verifiedSnapshot = { ...snapshot, checksum: freshChecksum };
+        return (0, state_serializer_js_1.deserializeState)(verifiedSnapshot);
+    }
+    /** Get the last split state (for inspection/testing). */
+    getLastSplitState() {
+        return this.lastSplitState;
+    }
+    /** Get the last snapshot (for inspection/testing). */
+    getLastSnapshot() {
+        return this.lastSnapshot;
+    }
+    /** Reset internal tracking state. */
+    reset() {
+        this.lastSplitState = null;
+        this.lastSnapshot = null;
+    }
+}
+exports.SessionMemory = SessionMemory;

package/dist/cjs/mission.js

@@ -0,0 +1,178 @@
+"use strict";
+/**
+ * @private.me/xcontinuity — Mission (Human-Anchored Goals)
+ *
+ * Ensures AI agents operate within human-defined boundaries.
+ *
+ * Components:
+ *   MissionAuthority — validates mission signatures, checks expiry/scope
+ *   MissionGuard — pre-write check against active mission constraints
+ *   AlignmentAdjudicator — wraps any Adjudicator, adding mission checks
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AlignmentAdjudicator = exports.MissionGuard = exports.MissionAuthority = void 0;
+const shared_1 = require("@private.me/shared");
+const errors_js_1 = require("./errors.js");
+const provenance_js_1 = require("./provenance.js");
+/**
+ * Validates mission records and checks authority.
+ */
+class MissionAuthority {
+    activeMission = null;
+    /**
+     * Load a mission record after verifying its signature and validity.
+     */
+    async loadMission(mission) {
+        // Check expiry
+        if (mission.expiresAt !== undefined && Date.now() > mission.expiresAt) {
+            return (0, shared_1.err)((0, errors_js_1.continuityError)('AUTHORITY_EXPIRED', `Mission ${mission.missionId} has expired`));
+        }
+        // Verify signature
+        try {
+            const publicKey = await (0, provenance_js_1.authorRefToPublicKey)(mission.authority);
+            const encoder = new TextEncoder();
+            const missionBytes = encoder.encode(canonicalMissionString(mission));
+            const valid = await crypto.subtle.verify('Ed25519', publicKey, mission.signature.buffer, missionBytes.buffer);
+            if (!valid) {
+                return (0, shared_1.err)((0, errors_js_1.continuityError)('INVALID_MISSION_SIGNATURE', `Mission ${mission.missionId} signature invalid`));
+            }
+        }
+        catch (e) {
+            return (0, shared_1.err)((0, errors_js_1.continuityError)('INVALID_MISSION_SIGNATURE', `Signature verification failed: ${e instanceof Error ? e.message : String(e)}`));
+        }
+        this.activeMission = mission;
+        return (0, shared_1.ok)(undefined);
+    }
+    /**
+     * Load a mission without signature verification (for testing or trusted sources).
+     */
+    loadTrustedMission(mission) {
+        this.activeMission = mission;
+    }
+    /** Get the active mission. */
+    getActiveMission() {
+        return this.activeMission;
+    }
+    /** Clear the active mission. */
+    clearMission() {
+        this.activeMission = null;
+    }
+    /**
+     * Check if an action falls within the active mission's scopes.
+     */
+    isInScope(action) {
+        if (!this.activeMission) {
+            return (0, shared_1.err)((0, errors_js_1.continuityError)('NO_ACTIVE_MISSION', 'No mission loaded'));
+        }
+        // Check expiry
+        if (this.activeMission.expiresAt !== undefined && Date.now() > this.activeMission.expiresAt) {
+            return (0, shared_1.err)((0, errors_js_1.continuityError)('AUTHORITY_EXPIRED', `Mission ${this.activeMission.missionId} has expired`));
+        }
+        // Empty scopes = all actions allowed
+        if (this.activeMission.scopes.length === 0) {
+            return (0, shared_1.ok)(true);
+        }
+        // Check if action type or key matches any scope
+        const actionScope = `${action.type}:${action.key}`;
+        const inScope = this.activeMission.scopes.some(scope => actionScope.startsWith(scope) || action.type === scope || scope === '*');
+        return (0, shared_1.ok)(inScope);
+    }
+}
+exports.MissionAuthority = MissionAuthority;
+/**
+ * Pre-write guard that evaluates actions against mission constraints.
+ */
+class MissionGuard {
+    authority;
+    constraints = [];
+    constructor(authority) {
+        this.authority = authority;
+    }
+    /** Add a hard constraint. */
+    addConstraint(constraint) {
+        this.constraints.push(constraint);
+    }
+    /** Remove a constraint by ID. */
+    removeConstraint(constraintId) {
+        const idx = this.constraints.findIndex(c => c.constraintId === constraintId);
+        if (idx === -1)
+            return false;
+        this.constraints.splice(idx, 1);
+        return true;
+    }
+    /** Get all active constraints. */
+    getConstraints() {
+        return this.constraints.slice();
+    }
+    /**
+     * Evaluate a proposed action against all constraints and mission scope.
+     *
+     * @returns ConstraintResult — allowed:true if all pass, or first violation
+     */
+    evaluate(action) {
+        // Check mission scope first
+        const scopeResult = this.authority.isInScope(action);
+        if (!scopeResult.ok)
+            return scopeResult;
+        if (!scopeResult.value) {
+            return (0, shared_1.ok)({
+                allowed: false,
+                reason: `Action "${action.type}:${action.key}" is outside mission scope`,
+            });
+        }
+        // Evaluate each constraint
+        for (const constraint of this.constraints) {
+            const result = constraint.evaluate(action);
+            if (!result.allowed) {
+                return (0, shared_1.ok)(result);
+            }
+        }
+        return (0, shared_1.ok)({ allowed: true });
+    }
+}
+exports.MissionGuard = MissionGuard;
+/**
+ * Adjudicator wrapper that adds mission constraint checking.
+ *
+ * Delegates resolution to the inner adjudicator, but rejects
+ * any winning entry that violates active mission constraints.
+ */
+class AlignmentAdjudicator {
+    inner;
+    guard;
+    constructor(inner, guard) {
+        this.inner = inner;
+        this.guard = guard;
+    }
+    resolve(key, candidates) {
+        const result = this.inner.resolve(key, candidates);
+        if (!result.ok)
+            return result;
+        // Check if winning entry passes mission constraints
+        const action = {
+            author: result.value.winner.provenance?.author ?? '',
+            type: 'write',
+            key,
+            value: result.value.winner.value,
+        };
+        const guardResult = this.guard.evaluate(action);
+        if (!guardResult.ok)
+            return guardResult;
+        if (!guardResult.value.allowed) {
+            return (0, shared_1.err)((0, errors_js_1.continuityError)('CONSTRAINT_VIOLATION', `Winner for "${key}" violates constraint: ${guardResult.value.reason}`));
+        }
+        return result;
+    }
+}
+exports.AlignmentAdjudicator = AlignmentAdjudicator;
+/* ── Internal helpers ── */
+function canonicalMissionString(mission) {
+    return [
+        mission.missionId,
+        mission.goal,
+        mission.authority,
+        String(mission.issuedAt),
+        String(mission.expiresAt ?? ''),
+        [...mission.scopes].sort().join(','),
+    ].join('\0');
+}

package/dist/cjs/package.json

@@ -0,0 +1 @@
+{"type":"commonjs"}