@red-codes/agentguard 1.0.0 → 1.1.2

package/dist/kernel/blast-radius.d.ts

@@ -1,60 +0,0 @@
-import type { NormalizedIntent } from '../policy/evaluator.js';
-/** Weights applied to different action categories */
-export interface BlastRadiusWeights {
-    /** Multiplier for delete operations (default: 3.0) */
-    delete: number;
-    /** Multiplier for write operations (default: 1.5) */
-    write: number;
-    /** Multiplier for read operations (default: 0.1) */
-    read: number;
-    /** Multiplier for git operations (default: 2.0) */
-    git: number;
-    /** Multiplier for shell exec (default: 1.0) */
-    shell: number;
-    /** Multiplier for sensitive path matches (default: 5.0) */
-    sensitivePath: number;
-    /** Multiplier for config file matches (default: 2.0) */
-    configPath: number;
-}
-/** Result of blast radius computation */
-export interface BlastRadiusResult {
-    /** Raw count of files/entities affected */
-    rawCount: number;
-    /** Weighted score after applying action and path multipliers */
-    weightedScore: number;
-    /** Risk level derived from weighted score */
-    riskLevel: 'low' | 'medium' | 'high';
-    /** Which factors contributed to the score */
-    factors: BlastRadiusFactor[];
-    /** Whether the weighted score exceeds the given threshold */
-    exceeded: boolean;
-    /** The threshold that was checked against */
-    threshold: number;
-}
-/** A single factor contributing to the blast radius score */
-export interface BlastRadiusFactor {
-    name: string;
-    multiplier: number;
-    reason: string;
-}
-declare const DEFAULT_WEIGHTS: BlastRadiusWeights;
-declare const SENSITIVE_PATTERNS: string[];
-declare const CONFIG_PATTERNS: string[];
-/**
- * Compute the blast radius for a normalized intent.
- *
- * The engine applies multipliers for:
- *   - Action type (delete > write > git > shell > read)
- *   - Path sensitivity (secrets, credentials)
- *   - Config file impact (package.json, CI configs, etc.)
- *
- * The final weighted score is the raw file count multiplied by
- * the highest applicable multiplier from each factor category.
- *
- * @param intent     The normalized action intent
- * @param threshold  The policy limit to check against
- * @param weights    Optional custom weights (defaults provided)
- */
-export declare function computeBlastRadius(intent: NormalizedIntent, threshold: number, weights?: BlastRadiusWeights): BlastRadiusResult;
-export { DEFAULT_WEIGHTS, SENSITIVE_PATTERNS, CONFIG_PATTERNS };
-//# sourceMappingURL=blast-radius.d.ts.map

package/dist/kernel/blast-radius.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"blast-radius.d.ts","sourceRoot":"","sources":["../../src/kernel/blast-radius.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAE/D,qDAAqD;AACrD,MAAM,WAAW,kBAAkB;IACjC,sDAAsD;IACtD,MAAM,EAAE,MAAM,CAAC;IACf,qDAAqD;IACrD,KAAK,EAAE,MAAM,CAAC;IACd,oDAAoD;IACpD,IAAI,EAAE,MAAM,CAAC;IACb,mDAAmD;IACnD,GAAG,EAAE,MAAM,CAAC;IACZ,+CAA+C;IAC/C,KAAK,EAAE,MAAM,CAAC;IACd,2DAA2D;IAC3D,aAAa,EAAE,MAAM,CAAC;IACtB,wDAAwD;IACxD,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,yCAAyC;AACzC,MAAM,WAAW,iBAAiB;IAChC,2CAA2C;IAC3C,QAAQ,EAAE,MAAM,CAAC;IACjB,gEAAgE;IAChE,aAAa,EAAE,MAAM,CAAC;IACtB,6CAA6C;IAC7C,SAAS,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;IACrC,6CAA6C;IAC7C,OAAO,EAAE,iBAAiB,EAAE,CAAC;IAC7B,6DAA6D;IAC7D,QAAQ,EAAE,OAAO,CAAC;IAClB,6CAA6C;IAC7C,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,6DAA6D;AAC7D,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,QAAA,MAAM,eAAe,EAAE,kBAQtB,CAAC;AAEF,QAAA,MAAM,kBAAkB,UAA0E,CAAC;AAEnG,QAAA,MAAM,eAAe,UAkBpB,CAAC;AAgFF;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,kBAAkB,CAChC,MAAM,EAAE,gBAAgB,EACxB,SAAS,EAAE,MAAM,EACjB,OAAO,GAAE,kBAAoC,GAC5C,iBAAiB,CA8BnB;AAED,OAAO,EAAE,eAAe,EAAE,kBAAkB,EAAE,eAAe,EAAE,CAAC"}

package/dist/kernel/blast-radius.js

@@ -1,146 +0,0 @@
-// Blast radius computation engine — Phase 2 implementation.
-// Pure domain logic: computes a weighted blast radius score from action metadata.
-// No I/O, no Node.js-specific APIs. Suitable for use inside the synchronous authorize() flow.
-const DEFAULT_WEIGHTS = {
-    delete: 3.0,
-    write: 1.5,
-    read: 0.1,
-    git: 2.0,
-    shell: 1.0,
-    sensitivePath: 5.0,
-    configPath: 2.0,
-};
-const SENSITIVE_PATTERNS = ['.env', 'credentials', '.pem', '.key', 'secret', 'token', '.password'];
-const CONFIG_PATTERNS = [
-    'package.json',
-    'tsconfig.json',
-    'eslint',
-    '.prettierrc',
-    'webpack.config',
-    'vite.config',
-    'next.config',
-    'jest.config',
-    'vitest.config',
-    '.babelrc',
-    'babel.config',
-    'Dockerfile',
-    'docker-compose',
-    '.github/',
-    '.gitlab-ci',
-    'Jenkinsfile',
-    '.circleci/',
-];
-/** Determine the action weight multiplier based on action type */
-function getActionMultiplier(action, weights) {
-    if (action.startsWith('file.delete')) {
-        return { name: 'delete-action', multiplier: weights.delete, reason: 'File deletion' };
-    }
-    if (action.startsWith('file.write') || action === 'file.move') {
-        return { name: 'write-action', multiplier: weights.write, reason: 'File write/move' };
-    }
-    if (action.startsWith('file.read')) {
-        return { name: 'read-action', multiplier: weights.read, reason: 'File read (low impact)' };
-    }
-    if (action.startsWith('git.')) {
-        if (action === 'git.force-push') {
-            return {
-                name: 'force-push',
-                multiplier: weights.git * 2,
-                reason: 'Git force push (history rewrite)',
-            };
-        }
-        if (action === 'git.branch.delete') {
-            return {
-                name: 'branch-delete',
-                multiplier: weights.git * 1.5,
-                reason: 'Git branch deletion',
-            };
-        }
-        return { name: 'git-action', multiplier: weights.git, reason: `Git operation: ${action}` };
-    }
-    if (action === 'shell.exec') {
-        return { name: 'shell-exec', multiplier: weights.shell, reason: 'Shell execution' };
-    }
-    return null;
-}
-/** Check if the target path matches sensitive patterns */
-function getSensitivePathFactor(target, weights) {
-    if (!target)
-        return null;
-    const lower = target.toLowerCase();
-    if (SENSITIVE_PATTERNS.some((p) => lower.includes(p))) {
-        return {
-            name: 'sensitive-path',
-            multiplier: weights.sensitivePath,
-            reason: `Sensitive file path: ${target}`,
-        };
-    }
-    return null;
-}
-/** Check if the target path matches config file patterns */
-function getConfigPathFactor(target, weights) {
-    if (!target)
-        return null;
-    const lower = target.toLowerCase();
-    if (CONFIG_PATTERNS.some((p) => lower.includes(p))) {
-        return {
-            name: 'config-path',
-            multiplier: weights.configPath,
-            reason: `Config/CI file: ${target}`,
-        };
-    }
-    return null;
-}
-/** Derive risk level from a weighted score */
-function deriveRiskLevel(weightedScore) {
-    if (weightedScore >= 50)
-        return 'high';
-    if (weightedScore >= 15)
-        return 'medium';
-    return 'low';
-}
-/**
- * Compute the blast radius for a normalized intent.
- *
- * The engine applies multipliers for:
- *   - Action type (delete > write > git > shell > read)
- *   - Path sensitivity (secrets, credentials)
- *   - Config file impact (package.json, CI configs, etc.)
- *
- * The final weighted score is the raw file count multiplied by
- * the highest applicable multiplier from each factor category.
- *
- * @param intent     The normalized action intent
- * @param threshold  The policy limit to check against
- * @param weights    Optional custom weights (defaults provided)
- */
-export function computeBlastRadius(intent, threshold, weights = DEFAULT_WEIGHTS) {
-    const rawCount = intent.filesAffected ?? 1;
-    const factors = [];
-    // Collect applicable factors
-    const actionFactor = getActionMultiplier(intent.action, weights);
-    if (actionFactor)
-        factors.push(actionFactor);
-    const sensitiveFactor = getSensitivePathFactor(intent.target, weights);
-    if (sensitiveFactor)
-        factors.push(sensitiveFactor);
-    const configFactor = getConfigPathFactor(intent.target, weights);
-    if (configFactor)
-        factors.push(configFactor);
-    // Compute weighted score: raw count * product of all factor multipliers
-    // Each factor category contributes independently (multiplicative)
-    const totalMultiplier = factors.reduce((acc, f) => acc * f.multiplier, 1);
-    const weightedScore = Math.round(rawCount * totalMultiplier * 100) / 100;
-    const riskLevel = deriveRiskLevel(weightedScore);
-    const exceeded = weightedScore > threshold;
-    return {
-        rawCount,
-        weightedScore,
-        riskLevel,
-        factors,
-        exceeded,
-        threshold,
-    };
-}
-export { DEFAULT_WEIGHTS, SENSITIVE_PATTERNS, CONFIG_PATTERNS };
-//# sourceMappingURL=blast-radius.js.map

package/dist/kernel/blast-radius.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"blast-radius.js","sourceRoot":"","sources":["../../src/kernel/blast-radius.ts"],"names":[],"mappings":"AAAA,4DAA4D;AAC5D,kFAAkF;AAClF,8FAA8F;AA6C9F,MAAM,eAAe,GAAuB;IAC1C,MAAM,EAAE,GAAG;IACX,KAAK,EAAE,GAAG;IACV,IAAI,EAAE,GAAG;IACT,GAAG,EAAE,GAAG;IACR,KAAK,EAAE,GAAG;IACV,aAAa,EAAE,GAAG;IAClB,UAAU,EAAE,GAAG;CAChB,CAAC;AAEF,MAAM,kBAAkB,GAAG,CAAC,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,WAAW,CAAC,CAAC;AAEnG,MAAM,eAAe,GAAG;IACtB,cAAc;IACd,eAAe;IACf,QAAQ;IACR,aAAa;IACb,gBAAgB;IAChB,aAAa;IACb,aAAa;IACb,aAAa;IACb,eAAe;IACf,UAAU;IACV,cAAc;IACd,YAAY;IACZ,gBAAgB;IAChB,UAAU;IACV,YAAY;IACZ,aAAa;IACb,YAAY;CACb,CAAC;AAEF,kEAAkE;AAClE,SAAS,mBAAmB,CAC1B,MAAc,EACd,OAA2B;IAE3B,IAAI,MAAM,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;QACrC,OAAO,EAAE,IAAI,EAAE,eAAe,EAAE,UAAU,EAAE,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;IACxF,CAAC;IACD,IAAI,MAAM,CAAC,UAAU,CAAC,YAAY,CAAC,IAAI,MAAM,KAAK,WAAW,EAAE,CAAC;QAC9D,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,UAAU,EAAE,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC;IACxF,CAAC;IACD,IAAI,MAAM,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QACnC,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,UAAU,EAAE,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,wBAAwB,EAAE,CAAC;IAC7F,CAAC;IACD,IAAI,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QAC9B,IAAI,MAAM,KAAK,gBAAgB,EAAE,CAAC;YAChC,OAAO;gBACL,IAAI,EAAE,YAAY;gBAClB,UAAU,EAAE,OAAO,CAAC,GAAG,GAAG,CAAC;gBAC3B,MAAM,EAAE,kCAAkC;aAC3C,CAAC;QACJ,CAAC;QACD,IAAI,MAAM,KAAK,mBAAmB,EAAE,CAAC;YACnC,OAAO;gBACL,IAAI,EAAE,eAAe;gBACrB,UAAU,EAAE,OAAO,CAAC,GAAG,GAAG,GAAG;gBAC7B,MAAM,EAAE,qBAAqB;aAC9B,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,UAAU,EAAE,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,kBAAkB,MAAM,EAAE,EAAE,CAAC;IAC7F,CAAC;IACD,IAAI,MAAM,KAAK,YAAY,EAAE,CAAC;QAC5B,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,UAAU,EAAE,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC;IACtF,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,0DAA0D;AAC1D,SAAS,sBAAsB,CAC7B,MAAc,EACd,OAA2B;IAE3B,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC;IACnC,IAAI,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QACtD,OAAO;YACL,IAAI,EAAE,gBAAgB;YACtB,UAAU,EAAE,OAAO,CAAC,aAAa;YACjC,MAAM,EAAE,wBAAwB,MAAM,EAAE;SACzC,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,4DAA4D;AAC5D,SAAS,mBAAmB,CAC1B,MAAc,EACd,OAA2B;IAE3B,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC;IACnC,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QACnD,OAAO;YACL,IAAI,EAAE,aAAa;YACnB,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,MAAM,EAAE,mBAAmB,MAAM,EAAE;SACpC,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,8CAA8C;AAC9C,SAAS,eAAe,CAAC,aAAqB;IAC5C,IAAI,aAAa,IAAI,EAAE;QAAE,OAAO,MAAM,CAAC;IACvC,IAAI,aAAa,IAAI,EAAE;QAAE,OAAO,QAAQ,CAAC;IACzC,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,kBAAkB,CAChC,MAAwB,EACxB,SAAiB,EACjB,UAA8B,eAAe;IAE7C,MAAM,QAAQ,GAAG,MAAM,CAAC,aAAa,IAAI,CAAC,CAAC;IAC3C,MAAM,OAAO,GAAwB,EAAE,CAAC;IAExC,6BAA6B;IAC7B,MAAM,YAAY,GAAG,mBAAmB,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjE,IAAI,YAAY;QAAE,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAE7C,MAAM,eAAe,GAAG,sBAAsB,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvE,IAAI,eAAe;QAAE,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IAEnD,MAAM,YAAY,GAAG,mBAAmB,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjE,IAAI,YAAY;QAAE,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAE7C,wEAAwE;IACxE,kEAAkE;IAClE,MAAM,eAAe,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;IAC1E,MAAM,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,GAAG,eAAe,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC;IAEzE,MAAM,SAAS,GAAG,eAAe,CAAC,aAAa,CAAC,CAAC;IACjD,MAAM,QAAQ,GAAG,aAAa,GAAG,SAAS,CAAC;IAE3C,OAAO;QACL,QAAQ;QACR,aAAa;QACb,SAAS;QACT,OAAO;QACP,QAAQ;QACR,SAAS;KACV,CAAC;AACJ,CAAC;AAED,OAAO,EAAE,eAAe,EAAE,kBAAkB,EAAE,eAAe,EAAE,CAAC"}

package/dist/kernel/decision.d.ts

@@ -1,40 +0,0 @@
-import type { DomainEvent } from '../core/types.js';
-import type { RawAgentAction } from './aab.js';
-import type { NormalizedIntent, EvalResult } from '../policy/evaluator.js';
-import type { EvidencePack } from './evidence.js';
-import type { AgentGuardInvariant } from '../invariants/definitions.js';
-export declare const INTERVENTION: {
-    readonly DENY: "deny";
-    readonly ROLLBACK: "rollback";
-    readonly PAUSE: "pause";
-    readonly TEST_ONLY: "test-only";
-};
-export type InterventionType = (typeof INTERVENTION)[keyof typeof INTERVENTION];
-export interface EngineDecision {
-    allowed: boolean;
-    intent: NormalizedIntent;
-    decision: EvalResult;
-    violations: Array<{
-        invariantId: string;
-        name: string;
-        severity: number;
-        expected: string;
-        actual: string;
-    }>;
-    events: DomainEvent[];
-    evidencePack: EvidencePack | null;
-    intervention: InterventionType | null;
-}
-export interface EngineConfig {
-    policyDefs?: unknown[];
-    invariants?: AgentGuardInvariant[];
-    onEvent?: (event: DomainEvent) => void;
-}
-export interface Engine {
-    getPolicyErrors(): string[];
-    getPolicyCount(): number;
-    getInvariantCount(): number;
-    evaluate(rawAction: RawAgentAction | null, systemContext?: Record<string, unknown>): EngineDecision;
-}
-export declare function createEngine(config?: EngineConfig): Engine;
-//# sourceMappingURL=decision.d.ts.map

package/dist/kernel/decision.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"decision.d.ts","sourceRoot":"","sources":["../../src/kernel/decision.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAEpD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAC/C,OAAO,KAAK,EAAE,gBAAgB,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAI3E,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAGlD,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AAExE,eAAO,MAAM,YAAY;;;;;CAKf,CAAC;AAEX,MAAM,MAAM,gBAAgB,GAAG,CAAC,OAAO,YAAY,CAAC,CAAC,MAAM,OAAO,YAAY,CAAC,CAAC;AAEhF,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,gBAAgB,CAAC;IACzB,QAAQ,EAAE,UAAU,CAAC;IACrB,UAAU,EAAE,KAAK,CAAC;QAChB,WAAW,EAAE,MAAM,CAAC;QACpB,IAAI,EAAE,MAAM,CAAC;QACb,QAAQ,EAAE,MAAM,CAAC;QACjB,QAAQ,EAAE,MAAM,CAAC;QACjB,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC,CAAC;IACH,MAAM,EAAE,WAAW,EAAE,CAAC;IACtB,YAAY,EAAE,YAAY,GAAG,IAAI,CAAC;IAClC,YAAY,EAAE,gBAAgB,GAAG,IAAI,CAAC;CACvC;AAED,MAAM,WAAW,YAAY;IAC3B,UAAU,CAAC,EAAE,OAAO,EAAE,CAAC;IACvB,UAAU,CAAC,EAAE,mBAAmB,EAAE,CAAC;IACnC,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,WAAW,KAAK,IAAI,CAAC;CACxC;AAED,MAAM,WAAW,MAAM;IACrB,eAAe,IAAI,MAAM,EAAE,CAAC;IAC5B,cAAc,IAAI,MAAM,CAAC;IACzB,iBAAiB,IAAI,MAAM,CAAC;IAC5B,QAAQ,CACN,SAAS,EAAE,cAAc,GAAG,IAAI,EAChC,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GACtC,cAAc,CAAC;CACnB;AAcD,wBAAgB,YAAY,CAAC,MAAM,GAAE,YAAiB,GAAG,MAAM,CAoF9D"}

package/dist/kernel/decision.js

@@ -1,92 +0,0 @@
-// Runtime Assurance Engine — the RTA decision switch.
-// Pure domain logic. No DOM, no Node.js-specific APIs.
-import { authorize } from './aab.js';
-import { checkAllInvariants, buildSystemState } from '../invariants/checker.js';
-import { createEvidencePack } from './evidence.js';
-import { loadPolicies } from '../policy/loader.js';
-import { DEFAULT_INVARIANTS } from '../invariants/definitions.js';
-export const INTERVENTION = {
-    DENY: 'deny',
-    ROLLBACK: 'rollback',
-    PAUSE: 'pause',
-    TEST_ONLY: 'test-only',
-};
-function selectIntervention(decision, violations) {
-    const maxSeverity = Math.max(decision.severity || 0, ...violations.map((v) => v.invariant?.severity || 0));
-    if (maxSeverity >= 5)
-        return INTERVENTION.DENY;
-    if (maxSeverity >= 4)
-        return INTERVENTION.PAUSE;
-    if (maxSeverity >= 3)
-        return INTERVENTION.ROLLBACK;
-    return INTERVENTION.TEST_ONLY;
-}
-export function createEngine(config = {}) {
-    const { policies, errors: policyErrors } = loadPolicies(config.policyDefs || []);
-    const invariants = config.invariants || DEFAULT_INVARIANTS;
-    const onEvent = config.onEvent || null;
-    function emitEvents(events) {
-        if (onEvent) {
-            for (const event of events) {
-                onEvent(event);
-            }
-        }
-    }
-    return {
-        getPolicyErrors() {
-            return [...policyErrors];
-        },
-        getPolicyCount() {
-            return policies.length;
-        },
-        getInvariantCount() {
-            return invariants.length;
-        },
-        evaluate(rawAction, systemContext = {}) {
-            const { intent, result: authResult, events: authEvents } = authorize(rawAction, policies);
-            const state = buildSystemState({
-                ...systemContext,
-                currentTarget: intent.target,
-                currentCommand: intent.command,
-                filesAffected: intent.filesAffected || systemContext.filesAffected,
-                targetBranch: intent.branch || systemContext.targetBranch,
-                forcePush: intent.action === 'git.force-push',
-                directPush: intent.action === 'git.push',
-                isPush: intent.action === 'git.push' || intent.action === 'git.force-push',
-            });
-            const { violations, events: invariantEvents, allHold, } = checkAllInvariants(invariants, state);
-            const allEvents = [...authEvents, ...invariantEvents];
-            const allowed = authResult.allowed && allHold;
-            const needsEvidence = !allowed || allEvents.length > 0;
-            let evidencePack = null;
-            if (needsEvidence && allEvents.length > 0) {
-                const { pack, event: packEvent } = createEvidencePack({
-                    intent,
-                    decision: authResult,
-                    violations,
-                    events: allEvents,
-                });
-                evidencePack = pack;
-                allEvents.push(packEvent);
-            }
-            const intervention = allowed ? null : selectIntervention(authResult, violations);
-            emitEvents(allEvents);
-            return {
-                allowed,
-                intent,
-                decision: authResult,
-                violations: violations.map((v) => ({
-                    invariantId: v.invariant.id,
-                    name: v.invariant.name,
-                    severity: v.invariant.severity,
-                    expected: v.result.expected,
-                    actual: v.result.actual,
-                })),
-                events: allEvents,
-                evidencePack,
-                intervention,
-            };
-        },
-    };
-}
-//# sourceMappingURL=decision.js.map

package/dist/kernel/decision.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"decision.js","sourceRoot":"","sources":["../../src/kernel/decision.ts"],"names":[],"mappings":"AAAA,sDAAsD;AACtD,uDAAuD;AAGvD,OAAO,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AAGrC,OAAO,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAEhF,OAAO,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AAEnD,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,kBAAkB,EAAE,MAAM,8BAA8B,CAAC;AAGlE,MAAM,CAAC,MAAM,YAAY,GAAG;IAC1B,IAAI,EAAE,MAAM;IACZ,QAAQ,EAAE,UAAU;IACpB,KAAK,EAAE,OAAO;IACd,SAAS,EAAE,WAAW;CACd,CAAC;AAoCX,SAAS,kBAAkB,CAAC,QAAoB,EAAE,UAA4B;IAC5E,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,CAC1B,QAAQ,CAAC,QAAQ,IAAI,CAAC,EACtB,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,EAAE,QAAQ,IAAI,CAAC,CAAC,CACrD,CAAC;IAEF,IAAI,WAAW,IAAI,CAAC;QAAE,OAAO,YAAY,CAAC,IAAI,CAAC;IAC/C,IAAI,WAAW,IAAI,CAAC;QAAE,OAAO,YAAY,CAAC,KAAK,CAAC;IAChD,IAAI,WAAW,IAAI,CAAC;QAAE,OAAO,YAAY,CAAC,QAAQ,CAAC;IACnD,OAAO,YAAY,CAAC,SAAS,CAAC;AAChC,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,SAAuB,EAAE;IACpD,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,YAAY,EAAE,GAAG,YAAY,CAAC,MAAM,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC;IACjF,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,IAAI,kBAAkB,CAAC;IAC3D,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,IAAI,IAAI,CAAC;IAEvC,SAAS,UAAU,CAAC,MAAqB;QACvC,IAAI,OAAO,EAAE,CAAC;YACZ,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;gBAC3B,OAAO,CAAC,KAAK,CAAC,CAAC;YACjB,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,eAAe;YACb,OAAO,CAAC,GAAG,YAAY,CAAC,CAAC;QAC3B,CAAC;QAED,cAAc;YACZ,OAAO,QAAQ,CAAC,MAAM,CAAC;QACzB,CAAC;QAED,iBAAiB;YACf,OAAO,UAAU,CAAC,MAAM,CAAC;QAC3B,CAAC;QAED,QAAQ,CAAC,SAAS,EAAE,aAAa,GAAG,EAAE;YACpC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,SAAS,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;YAE1F,MAAM,KAAK,GAAG,gBAAgB,CAAC;gBAC7B,GAAG,aAAa;gBAChB,aAAa,EAAE,MAAM,CAAC,MAAM;gBAC5B,cAAc,EAAE,MAAM,CAAC,OAAO;gBAC9B,aAAa,EAAE,MAAM,CAAC,aAAa,IAAI,aAAa,CAAC,aAAa;gBAClE,YAAY,EAAE,MAAM,CAAC,MAAM,IAAI,aAAa,CAAC,YAAY;gBACzD,SAAS,EAAE,MAAM,CAAC,MAAM,KAAK,gBAAgB;gBAC7C,UAAU,EAAE,MAAM,CAAC,MAAM,KAAK,UAAU;gBACxC,MAAM,EAAE,MAAM,CAAC,MAAM,KAAK,UAAU,IAAI,MAAM,CAAC,MAAM,KAAK,gBAAgB;aAC3E,CAAC,CAAC;YAEH,MAAM,EACJ,UAAU,EACV,MAAM,EAAE,eAAe,EACvB,OAAO,GACR,GAAG,kBAAkB,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;YAE1C,MAAM,SAAS,GAAkB,CAAC,GAAG,UAAU,EAAE,GAAG,eAAe,CAAC,CAAC;YAErE,MAAM,OAAO,GAAG,UAAU,CAAC,OAAO,IAAI,OAAO,CAAC;YAC9C,MAAM,aAAa,GAAG,CAAC,OAAO,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC;YAEvD,IAAI,YAAY,GAAwB,IAAI,CAAC;YAC7C,IAAI,aAAa,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC1C,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,kBAAkB,CAAC;oBACpD,MAAM;oBACN,QAAQ,EAAE,UAAU;oBACpB,UAAU;oBACV,MAAM,EAAE,SAAS;iBAClB,CAAC,CAAC;gBACH,YAAY,GAAG,IAAI,CAAC;gBACpB,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAC5B,CAAC;YAED,MAAM,YAAY,GAAG,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,kBAAkB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;YAEjF,UAAU,CAAC,SAAS,CAAC,CAAC;YAEtB,OAAO;gBACL,OAAO;gBACP,MAAM;gBACN,QAAQ,EAAE,UAAU;gBACpB,UAAU,EAAE,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;oBACjC,WAAW,EAAE,CAAC,CAAC,SAAS,CAAC,EAAE;oBAC3B,IAAI,EAAE,CAAC,CAAC,SAAS,CAAC,IAAI;oBACtB,QAAQ,EAAE,CAAC,CAAC,SAAS,CAAC,QAAQ;oBAC9B,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC,QAAQ;oBAC3B,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM;iBACxB,CAAC,CAAC;gBACH,MAAM,EAAE,SAAS;gBACjB,YAAY;gBACZ,YAAY;aACb,CAAC;QACJ,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/kernel/decisions/factory.d.ts

@@ -1,12 +0,0 @@
-import type { GovernanceDecisionRecord, SimulationSummary } from './types.js';
-import type { MonitorDecision } from '../monitor.js';
-import type { ExecutionResult } from '../../core/types.js';
-export interface DecisionFactoryInput {
-    runId: string;
-    decision: MonitorDecision;
-    execution: ExecutionResult | null;
-    executionDurationMs: number | null;
-    simulation: SimulationSummary | null;
-}
-export declare function buildDecisionRecord(input: DecisionFactoryInput): GovernanceDecisionRecord;
-//# sourceMappingURL=factory.d.ts.map

package/dist/kernel/decisions/factory.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"factory.d.ts","sourceRoot":"","sources":["../../../src/kernel/decisions/factory.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,wBAAwB,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAC9E,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AACrD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAG3D,MAAM,WAAW,oBAAoB;IACnC,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,eAAe,CAAC;IAC1B,SAAS,EAAE,eAAe,GAAG,IAAI,CAAC;IAClC,mBAAmB,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,UAAU,EAAE,iBAAiB,GAAG,IAAI,CAAC;CACtC;AAOD,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,oBAAoB,GAAG,wBAAwB,CAgDzF"}

package/dist/kernel/decisions/factory.js

@@ -1,56 +0,0 @@
-// Decision record factory — builds GovernanceDecisionRecord from kernel data.
-// Pure logic. Combines MonitorDecision + execution result into a single record.
-import { simpleHash } from '../../core/hash.js';
-function generateRecordId(timestamp, runId, action) {
-    const content = `${timestamp}:${runId}:${action}`;
-    return `dec_${timestamp}_${simpleHash(content)}`;
-}
-export function buildDecisionRecord(input) {
-    const { runId, decision, execution, executionDurationMs, simulation } = input;
-    const timestamp = Date.now();
-    const intent = decision.intent;
-    return {
-        recordId: generateRecordId(timestamp, runId, intent.action),
-        runId,
-        timestamp,
-        action: {
-            type: intent.action,
-            target: intent.target,
-            agent: intent.agent,
-            destructive: intent.destructive,
-            command: intent.command,
-        },
-        outcome: decision.allowed ? 'allow' : 'deny',
-        reason: decision.decision.reason,
-        intervention: decision.intervention,
-        policy: {
-            matchedPolicyId: decision.decision.matchedPolicy?.id ?? null,
-            matchedPolicyName: decision.decision.matchedPolicy?.name ?? null,
-            severity: decision.decision.severity,
-        },
-        invariants: {
-            allHold: decision.violations.length === 0,
-            violations: decision.violations.map((v) => ({
-                invariantId: v.invariantId,
-                name: v.name,
-                severity: v.severity,
-                expected: v.expected,
-                actual: v.actual,
-            })),
-        },
-        simulation,
-        evidencePackId: decision.evidencePack?.packId ?? null,
-        monitor: {
-            escalationLevel: decision.monitor.escalationLevel,
-            totalEvaluations: decision.monitor.totalEvaluations,
-            totalDenials: decision.monitor.totalDenials,
-        },
-        execution: {
-            executed: execution !== null,
-            success: execution?.success ?? null,
-            durationMs: executionDurationMs,
-            error: execution?.error ?? null,
-        },
-    };
-}
-//# sourceMappingURL=factory.js.map

package/dist/kernel/decisions/factory.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"factory.js","sourceRoot":"","sources":["../../../src/kernel/decisions/factory.ts"],"names":[],"mappings":"AAAA,8EAA8E;AAC9E,gFAAgF;AAKhF,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAUhD,SAAS,gBAAgB,CAAC,SAAiB,EAAE,KAAa,EAAE,MAAc;IACxE,MAAM,OAAO,GAAG,GAAG,SAAS,IAAI,KAAK,IAAI,MAAM,EAAE,CAAC;IAClD,OAAO,OAAO,SAAS,IAAI,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;AACnD,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,KAA2B;IAC7D,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,SAAS,EAAE,mBAAmB,EAAE,UAAU,EAAE,GAAG,KAAK,CAAC;IAC9E,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC;IAE/B,OAAO;QACL,QAAQ,EAAE,gBAAgB,CAAC,SAAS,EAAE,KAAK,EAAE,MAAM,CAAC,MAAM,CAAC;QAC3D,KAAK;QACL,SAAS;QACT,MAAM,EAAE;YACN,IAAI,EAAE,MAAM,CAAC,MAAM;YACnB,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,OAAO,EAAE,MAAM,CAAC,OAAO;SACxB;QACD,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM;QAC5C,MAAM,EAAE,QAAQ,CAAC,QAAQ,CAAC,MAAM;QAChC,YAAY,EAAE,QAAQ,CAAC,YAAY;QACnC,MAAM,EAAE;YACN,eAAe,EAAE,QAAQ,CAAC,QAAQ,CAAC,aAAa,EAAE,EAAE,IAAI,IAAI;YAC5D,iBAAiB,EAAE,QAAQ,CAAC,QAAQ,CAAC,aAAa,EAAE,IAAI,IAAI,IAAI;YAChE,QAAQ,EAAE,QAAQ,CAAC,QAAQ,CAAC,QAAQ;SACrC;QACD,UAAU,EAAE;YACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC;YACzC,UAAU,EAAE,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBAC1C,WAAW,EAAE,CAAC,CAAC,WAAW;gBAC1B,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ;gBACpB,QAAQ,EAAE,CAAC,CAAC,QAAQ;gBACpB,MAAM,EAAE,CAAC,CAAC,MAAM;aACjB,CAAC,CAAC;SACJ;QACD,UAAU;QACV,cAAc,EAAE,QAAQ,CAAC,YAAY,EAAE,MAAM,IAAI,IAAI;QACrD,OAAO,EAAE;YACP,eAAe,EAAE,QAAQ,CAAC,OAAO,CAAC,eAAe;YACjD,gBAAgB,EAAE,QAAQ,CAAC,OAAO,CAAC,gBAAgB;YACnD,YAAY,EAAE,QAAQ,CAAC,OAAO,CAAC,YAAY;SAC5C;QACD,SAAS,EAAE;YACT,QAAQ,EAAE,SAAS,KAAK,IAAI;YAC5B,OAAO,EAAE,SAAS,EAAE,OAAO,IAAI,IAAI;YACnC,UAAU,EAAE,mBAAmB;YAC/B,KAAK,EAAE,SAAS,EAAE,KAAK,IAAI,IAAI;SAChC;KACF,CAAC;AACJ,CAAC"}

package/dist/kernel/decisions/types.d.ts

@@ -1,70 +0,0 @@
-export interface GovernanceDecisionRecord {
-    /** Unique record ID: "dec_<timestamp>_<hash>" */
-    recordId: string;
-    /** Kernel run ID this decision belongs to */
-    runId: string;
-    /** When the decision was made */
-    timestamp: number;
-    /** The action that was evaluated */
-    action: {
-        type: string;
-        target: string;
-        agent: string;
-        destructive: boolean;
-        command?: string;
-    };
-    /** Final governance outcome */
-    outcome: 'allow' | 'deny';
-    /** Human-readable reason for the outcome */
-    reason: string;
-    /** Intervention type if denied (deny, rollback, pause, test-only) */
-    intervention: string | null;
-    /** Policy matching details */
-    policy: {
-        matchedPolicyId: string | null;
-        matchedPolicyName: string | null;
-        severity: number;
-    };
-    /** Invariant evaluation results */
-    invariants: {
-        allHold: boolean;
-        violations: Array<{
-            invariantId: string;
-            name: string;
-            severity: number;
-            expected: string;
-            actual: string;
-        }>;
-    };
-    /** Pre-execution simulation results (Phase 2 integration point) */
-    simulation: SimulationSummary | null;
-    /** Evidence pack ID if generated */
-    evidencePackId: string | null;
-    /** Monitor state at decision time */
-    monitor: {
-        escalationLevel: number;
-        totalEvaluations: number;
-        totalDenials: number;
-    };
-    /** Execution results (null if denied or dry-run) */
-    execution: {
-        executed: boolean;
-        success: boolean | null;
-        durationMs: number | null;
-        error: string | null;
-    };
-}
-/** Placeholder for Phase 2 simulation integration */
-export interface SimulationSummary {
-    predictedChanges: string[];
-    blastRadius: number;
-    riskLevel: 'low' | 'medium' | 'high';
-    simulatorId: string;
-    durationMs: number;
-}
-/** Sink interface for decision records (mirrors EventSink pattern) */
-export interface DecisionSink {
-    write(record: GovernanceDecisionRecord): void;
-    flush?(): void;
-}
-//# sourceMappingURL=types.d.ts.map

package/dist/kernel/decisions/types.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/kernel/decisions/types.ts"],"names":[],"mappings":"AAIA,MAAM,WAAW,wBAAwB;IACvC,iDAAiD;IACjD,QAAQ,EAAE,MAAM,CAAC;IACjB,6CAA6C;IAC7C,KAAK,EAAE,MAAM,CAAC;IACd,iCAAiC;IACjC,SAAS,EAAE,MAAM,CAAC;IAClB,oCAAoC;IACpC,MAAM,EAAE;QACN,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,KAAK,EAAE,MAAM,CAAC;QACd,WAAW,EAAE,OAAO,CAAC;QACrB,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,CAAC;IACF,+BAA+B;IAC/B,OAAO,EAAE,OAAO,GAAG,MAAM,CAAC;IAC1B,4CAA4C;IAC5C,MAAM,EAAE,MAAM,CAAC;IACf,qEAAqE;IACrE,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,8BAA8B;IAC9B,MAAM,EAAE;QACN,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;QAC/B,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;QACjC,QAAQ,EAAE,MAAM,CAAC;KAClB,CAAC;IACF,mCAAmC;IACnC,UAAU,EAAE;QACV,OAAO,EAAE,OAAO,CAAC;QACjB,UAAU,EAAE,KAAK,CAAC;YAChB,WAAW,EAAE,MAAM,CAAC;YACpB,IAAI,EAAE,MAAM,CAAC;YACb,QAAQ,EAAE,MAAM,CAAC;YACjB,QAAQ,EAAE,MAAM,CAAC;YACjB,MAAM,EAAE,MAAM,CAAC;SAChB,CAAC,CAAC;KACJ,CAAC;IACF,mEAAmE;IACnE,UAAU,EAAE,iBAAiB,GAAG,IAAI,CAAC;IACrC,oCAAoC;IACpC,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,qCAAqC;IACrC,OAAO,EAAE;QACP,eAAe,EAAE,MAAM,CAAC;QACxB,gBAAgB,EAAE,MAAM,CAAC;QACzB,YAAY,EAAE,MAAM,CAAC;KACtB,CAAC;IACF,oDAAoD;IACpD,SAAS,EAAE;QACT,QAAQ,EAAE,OAAO,CAAC;QAClB,OAAO,EAAE,OAAO,GAAG,IAAI,CAAC;QACxB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;QAC1B,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;KACtB,CAAC;CACH;AAED,qDAAqD;AACrD,MAAM,WAAW,iBAAiB;IAChC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;IACrC,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,sEAAsE;AACtE,MAAM,WAAW,YAAY;IAC3B,KAAK,CAAC,MAAM,EAAE,wBAAwB,GAAG,IAAI,CAAC;IAC9C,KAAK,CAAC,IAAI,IAAI,CAAC;CAChB"}

package/dist/kernel/decisions/types.js

@@ -1,5 +0,0 @@
-// Governance Decision Record — first-class audit artifact.
-// Aggregates monitor decision, execution data, and evidence into
-// a single persisted, queryable record per agent action.
-export {};
-//# sourceMappingURL=types.js.map

package/dist/kernel/decisions/types.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/kernel/decisions/types.ts"],"names":[],"mappings":"AAAA,2DAA2D;AAC3D,iEAAiE;AACjE,yDAAyD"}

package/dist/kernel/evidence.d.ts

@@ -1,29 +0,0 @@
-import type { DomainEvent } from '../core/types.js';
-import type { NormalizedIntent, EvalResult } from '../policy/evaluator.js';
-import type { InvariantCheck } from '../invariants/checker.js';
-export interface EvidencePack {
-    packId: string;
-    timestamp: number;
-    intent: NormalizedIntent;
-    decision: EvalResult;
-    violations: Array<{
-        invariantId: string;
-        name: string;
-        severity: number;
-        expected: string;
-        actual: string;
-    }>;
-    events: string[];
-    summary: string;
-    severity: number;
-}
-export declare function createEvidencePack(params: {
-    intent: NormalizedIntent;
-    decision: EvalResult;
-    violations?: InvariantCheck[];
-    events?: DomainEvent[];
-}): {
-    pack: EvidencePack;
-    event: DomainEvent;
-};
-//# sourceMappingURL=evidence.d.ts.map

package/dist/kernel/evidence.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"evidence.d.ts","sourceRoot":"","sources":["../../src/kernel/evidence.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAGpD,OAAO,KAAK,EAAE,gBAAgB,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAC3E,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAE/D,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,gBAAgB,CAAC;IACzB,QAAQ,EAAE,UAAU,CAAC;IACrB,UAAU,EAAE,KAAK,CAAC;QAChB,WAAW,EAAE,MAAM,CAAC;QACpB,IAAI,EAAE,MAAM,CAAC;QACb,QAAQ,EAAE,MAAM,CAAC;QACjB,QAAQ,EAAE,MAAM,CAAC;QACjB,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC,CAAC;IACH,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAyCD,wBAAgB,kBAAkB,CAAC,MAAM,EAAE;IACzC,MAAM,EAAE,gBAAgB,CAAC;IACzB,QAAQ,EAAE,UAAU,CAAC;IACrB,UAAU,CAAC,EAAE,cAAc,EAAE,CAAC;IAC9B,MAAM,CAAC,EAAE,WAAW,EAAE,CAAC;CACxB,GAAG;IAAE,IAAI,EAAE,YAAY,CAAC;IAAC,KAAK,EAAE,WAAW,CAAA;CAAE,CAgC7C"}

package/dist/kernel/evidence.js

@@ -1,61 +0,0 @@
-// Evidence pack generator — creates structured audit records.
-// Pure domain logic. No DOM, no Node.js-specific APIs.
-import { createEvent, EVIDENCE_PACK_GENERATED } from '../events/schema.js';
-import { simpleHash } from '../core/hash.js';
-function generatePackId(timestamp, intent) {
-    const content = `${timestamp}:${intent.action}:${intent.target}:${intent.agent}`;
-    return `pack_${simpleHash(content)}`;
-}
-function computeMaxSeverity(decision, violations) {
-    let maxSeverity = decision.severity || 0;
-    for (const v of violations) {
-        if (v.invariant && v.invariant.severity > maxSeverity) {
-            maxSeverity = v.invariant.severity;
-        }
-    }
-    return maxSeverity;
-}
-function generateSummary(intent, decision, violations) {
-    const parts = [];
-    parts.push(`Action: ${intent.action} on ${intent.target || 'unknown'}`);
-    parts.push(`Decision: ${decision.decision.toUpperCase()}`);
-    if (decision.reason) {
-        parts.push(`Reason: ${decision.reason}`);
-    }
-    if (violations.length > 0) {
-        const names = violations.map((v) => v.invariant.name);
-        parts.push(`Violations: ${names.join(', ')}`);
-    }
-    return parts.join(' | ');
-}
-export function createEvidencePack(params) {
-    const { intent, decision, violations = [], events = [] } = params;
-    const timestamp = Date.now();
-    const packId = generatePackId(timestamp, intent);
-    const severity = computeMaxSeverity(decision, violations);
-    const summary = generateSummary(intent, decision, violations);
-    const pack = {
-        packId,
-        timestamp,
-        intent,
-        decision,
-        violations: violations.map((v) => ({
-            invariantId: v.invariant.id,
-            name: v.invariant.name,
-            severity: v.invariant.severity,
-            expected: v.result.expected,
-            actual: v.result.actual,
-        })),
-        events: events.map((e) => e.id),
-        summary,
-        severity,
-    };
-    const event = createEvent(EVIDENCE_PACK_GENERATED, {
-        packId,
-        eventIds: events.map((e) => e.id),
-        summary,
-        metadata: { severity, violationCount: violations.length },
-    });
-    return { pack, event };
-}
-//# sourceMappingURL=evidence.js.map

package/dist/kernel/evidence.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"evidence.js","sourceRoot":"","sources":["../../src/kernel/evidence.ts"],"names":[],"mappings":"AAAA,8DAA8D;AAC9D,uDAAuD;AAGvD,OAAO,EAAE,WAAW,EAAE,uBAAuB,EAAE,MAAM,qBAAqB,CAAC;AAC3E,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAqB7C,SAAS,cAAc,CAAC,SAAiB,EAAE,MAAwB;IACjE,MAAM,OAAO,GAAG,GAAG,SAAS,IAAI,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;IACjF,OAAO,QAAQ,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;AACvC,CAAC;AAED,SAAS,kBAAkB,CAAC,QAAoB,EAAE,UAA4B;IAC5E,IAAI,WAAW,GAAG,QAAQ,CAAC,QAAQ,IAAI,CAAC,CAAC;IAEzC,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;QAC3B,IAAI,CAAC,CAAC,SAAS,IAAI,CAAC,CAAC,SAAS,CAAC,QAAQ,GAAG,WAAW,EAAE,CAAC;YACtD,WAAW,GAAG,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC;QACrC,CAAC;IACH,CAAC;IAED,OAAO,WAAW,CAAC;AACrB,CAAC;AAED,SAAS,eAAe,CACtB,MAAwB,EACxB,QAAoB,EACpB,UAA4B;IAE5B,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,CAAC,IAAI,CAAC,WAAW,MAAM,CAAC,MAAM,OAAO,MAAM,CAAC,MAAM,IAAI,SAAS,EAAE,CAAC,CAAC;IACxE,KAAK,CAAC,IAAI,CAAC,aAAa,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;IAE3D,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;QACpB,KAAK,CAAC,IAAI,CAAC,WAAW,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IAC3C,CAAC;IAED,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1B,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QACtD,KAAK,CAAC,IAAI,CAAC,eAAe,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAChD,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAC3B,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,MAKlC;IACC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,GAAG,EAAE,EAAE,MAAM,GAAG,EAAE,EAAE,GAAG,MAAM,CAAC;IAClE,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,cAAc,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IACjD,MAAM,QAAQ,GAAG,kBAAkB,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IAC1D,MAAM,OAAO,GAAG,eAAe,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;IAE9D,MAAM,IAAI,GAAiB;QACzB,MAAM;QACN,SAAS;QACT,MAAM;QACN,QAAQ;QACR,UAAU,EAAE,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACjC,WAAW,EAAE,CAAC,CAAC,SAAS,CAAC,EAAE;YAC3B,IAAI,EAAE,CAAC,CAAC,SAAS,CAAC,IAAI;YACtB,QAAQ,EAAE,CAAC,CAAC,SAAS,CAAC,QAAQ;YAC9B,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC,QAAQ;YAC3B,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM;SACxB,CAAC,CAAC;QACH,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC/B,OAAO;QACP,QAAQ;KACT,CAAC;IAEF,MAAM,KAAK,GAAG,WAAW,CAAC,uBAAuB,EAAE;QACjD,MAAM;QACN,QAAQ,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACjC,OAAO;QACP,QAAQ,EAAE,EAAE,QAAQ,EAAE,cAAc,EAAE,UAAU,CAAC,MAAM,EAAE;KAC1D,CAAC,CAAC;IAEH,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;AACzB,CAAC"}