npm - @remnic/core - Versions diffs - 1.1.1 → 1.1.3 - Mend

@remnic/core 1.1.1 → 1.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (497) hide show

package/dist/abort-error.js +1 -0
package/dist/abstraction-nodes.js +1 -0
package/dist/access-audit.js +1 -0
package/dist/access-cli.js +76 -51
package/dist/access-cli.js.map +1 -1
package/dist/access-http.d.ts +50 -5
package/dist/access-http.js +38 -16
package/dist/access-idempotency.js +1 -0
package/dist/access-mcp.d.ts +10 -5
package/dist/access-mcp.js +37 -14
package/dist/access-schema.d.ts +133 -13
package/dist/access-schema.js +20 -1
package/dist/access-service-_AEUMVyX.d.ts +1981 -0
package/dist/access-service.d.ts +11 -6
package/dist/access-service.js +39 -14
package/dist/active-memory-bridge.js +1 -0
package/dist/active-recall.js +1 -0
package/dist/active-recall.js.map +1 -1
package/dist/behavior-learner.js +1 -0
package/dist/behavior-learner.js.map +1 -1
package/dist/behavior-signals.js +1 -0
package/dist/bootstrap.d.ts +6 -4
package/dist/bootstrap.js +1 -0
package/dist/boxes.js +1 -0
package/dist/briefing.d.ts +9 -5
package/dist/briefing.js +10 -6
package/dist/buffer-surprise-report.js +1 -0
package/dist/buffer-surprise.js +1 -0
package/dist/buffer.d.ts +1 -1
package/dist/buffer.js +1 -0
package/dist/calibration.d.ts +8 -1
package/dist/calibration.js +10 -2
package/dist/calibration.js.map +1 -1
package/dist/capsule-cli.d.ts +137 -0
package/dist/capsule-cli.js +34 -0
package/dist/capsule-crypto-5CYAGVC5.js +18 -0
package/dist/capsule-export-NZQPOTQ4.js +17 -0
package/dist/capsule-export-NZQPOTQ4.js.map +1 -0
package/dist/capsule-import-SDCUXLEV.js +16 -0
package/dist/capsule-import-SDCUXLEV.js.map +1 -0
package/dist/capsule-merge-DI7PNQ2H.js +189 -0
package/dist/capsule-merge-DI7PNQ2H.js.map +1 -0
package/dist/causal-behavior.js +1 -0
package/dist/causal-behavior.js.map +1 -1
package/dist/causal-chain.js +1 -0
package/dist/causal-consolidation.js +12 -9
package/dist/causal-consolidation.js.map +1 -1
package/dist/causal-retrieval.js +2 -1
package/dist/causal-retrieval.js.map +1 -1
package/dist/causal-trajectory-graph.js +4 -1
package/dist/causal-trajectory-graph.js.map +1 -1
package/dist/causal-trajectory.js +2 -1
package/dist/chunk-2LSZVONP.js +67 -0
package/dist/chunk-2LSZVONP.js.map +1 -0
package/dist/chunk-32KD5IHZ.js +245 -0
package/dist/chunk-32KD5IHZ.js.map +1 -0
package/dist/{chunk-VDX363PS.js → chunk-34F3PLWZ.js} +10 -3
package/dist/chunk-34F3PLWZ.js.map +1 -0
package/dist/chunk-3KIS4VGT.js +228 -0
package/dist/chunk-3KIS4VGT.js.map +1 -0
package/dist/chunk-3LCWFNVS.js +350 -0
package/dist/chunk-3LCWFNVS.js.map +1 -0
package/dist/chunk-43EKP2UK.js +26 -0
package/dist/chunk-43EKP2UK.js.map +1 -0
package/dist/chunk-457A4P3L.js +119 -0
package/dist/chunk-457A4P3L.js.map +1 -0
package/dist/{chunk-KUB6JU6H.js → chunk-47WOM4YW.js} +2 -2
package/dist/{chunk-HK3FGIEW.js → chunk-4PLGJRBV.js} +656 -20
package/dist/chunk-4PLGJRBV.js.map +1 -0
package/dist/{chunk-BGJGXLZ7.js → chunk-55FXRRSJ.js} +11 -8
package/dist/chunk-55FXRRSJ.js.map +1 -0
package/dist/{chunk-ULYOGL6R.js → chunk-5HRY2WRF.js} +7 -3
package/dist/chunk-5HRY2WRF.js.map +1 -0
package/dist/chunk-6TBWYBJ3.js +236 -0
package/dist/chunk-6TBWYBJ3.js.map +1 -0
package/dist/chunk-74EMIVE4.js +329 -0
package/dist/chunk-74EMIVE4.js.map +1 -0
package/dist/chunk-74WWN7ZW.js +82 -0
package/dist/chunk-74WWN7ZW.js.map +1 -0
package/dist/{chunk-B5WXLVDY.js → chunk-7GCMLT7J.js} +245 -25
package/dist/chunk-7GCMLT7J.js.map +1 -0
package/dist/chunk-A6XUJE5D.js +126 -0
package/dist/chunk-A6XUJE5D.js.map +1 -0
package/dist/chunk-AJA46VX5.js +393 -0
package/dist/chunk-AJA46VX5.js.map +1 -0
package/dist/{chunk-DFTTJYSO.js → chunk-AKUCB2OG.js} +525 -24
package/dist/chunk-AKUCB2OG.js.map +1 -0
package/dist/chunk-ASIQZXYO.js +277 -0
package/dist/chunk-ASIQZXYO.js.map +1 -0
package/dist/{chunk-ZEM3OK2K.js → chunk-B2TL6GA2.js} +3 -3
package/dist/chunk-BJMBJZ2Y.js +290 -0
package/dist/chunk-BJMBJZ2Y.js.map +1 -0
package/dist/chunk-BT7NVCML.js +79 -0
package/dist/chunk-BT7NVCML.js.map +1 -0
package/dist/chunk-CK5NTM2S.js +454 -0
package/dist/chunk-CK5NTM2S.js.map +1 -0
package/dist/{chunk-3GXCSUXR.js → chunk-CRU27Q4J.js} +2 -2
package/dist/{chunk-F5VP6YCB.js → chunk-DCE6SQLA.js} +572 -155
package/dist/chunk-DCE6SQLA.js.map +1 -0
package/dist/{chunk-CUPFXL3J.js → chunk-DHRQHX36.js} +4 -4
package/dist/chunk-DHRQHX36.js.map +1 -0
package/dist/{chunk-GKFXUTJ2.js → chunk-DR7MCMPS.js} +981 -61
package/dist/chunk-DR7MCMPS.js.map +1 -0
package/dist/chunk-FP2373TW.js +149 -0
package/dist/chunk-FP2373TW.js.map +1 -0
package/dist/{chunk-RBBWYEFJ.js → chunk-G2WADRQ3.js} +1 -1
package/dist/chunk-G7D6GZ5J.js +48 -0
package/dist/chunk-G7D6GZ5J.js.map +1 -0
package/dist/chunk-H7XKCNR6.js +60 -0
package/dist/chunk-H7XKCNR6.js.map +1 -0
package/dist/{chunk-VYM3VWOF.js → chunk-IM3JSE73.js} +966 -329
package/dist/chunk-IM3JSE73.js.map +1 -0
package/dist/chunk-IXEJRKCZ.js +18 -0
package/dist/chunk-IXEJRKCZ.js.map +1 -0
package/dist/chunk-IYY4MCPG.js +275 -0
package/dist/chunk-IYY4MCPG.js.map +1 -0
package/dist/{chunk-BK2EFTE2.js → chunk-JWSENLQI.js} +508 -28
package/dist/chunk-JWSENLQI.js.map +1 -0
package/dist/chunk-KNKUID7G.js +183 -0
package/dist/chunk-KNKUID7G.js.map +1 -0
package/dist/chunk-L2IO2QPY.js +2036 -0
package/dist/chunk-L2IO2QPY.js.map +1 -0
package/dist/{chunk-SPI27QT6.js → chunk-L5IIGA5V.js} +9 -4
package/dist/chunk-L5IIGA5V.js.map +1 -0
package/dist/{chunk-RGLL5SPU.js → chunk-LVYGDT5V.js} +56 -82
package/dist/chunk-LVYGDT5V.js.map +1 -0
package/dist/{chunk-ZAIM4TUE.js → chunk-LW2NMHDW.js} +46 -1
package/dist/chunk-LW2NMHDW.js.map +1 -0
package/dist/{chunk-3OGMS3PE.js → chunk-LZRYQK6L.js} +3 -2
package/dist/chunk-LZRYQK6L.js.map +1 -0
package/dist/chunk-MDYG7VI7.js +48 -0
package/dist/chunk-MDYG7VI7.js.map +1 -0
package/dist/chunk-MXC3AP5I.js +74 -0
package/dist/chunk-MXC3AP5I.js.map +1 -0
package/dist/{chunk-S3EEFKNY.js → chunk-N7X62G74.js} +26 -11
package/dist/chunk-N7X62G74.js.map +1 -0
package/dist/chunk-NN3TS5BM.js +147 -0
package/dist/chunk-NN3TS5BM.js.map +1 -0
package/dist/chunk-OA3L7BFR.js +183 -0
package/dist/chunk-OA3L7BFR.js.map +1 -0
package/dist/{chunk-LK6SGL53.js → chunk-OR64ZGRZ.js} +3 -2
package/dist/chunk-OR64ZGRZ.js.map +1 -0
package/dist/chunk-OZHRDTDX.js +240 -0
package/dist/chunk-OZHRDTDX.js.map +1 -0
package/dist/chunk-PCUKNJAZ.js +165 -0
package/dist/chunk-PCUKNJAZ.js.map +1 -0
package/dist/{chunk-6PFRXT4K.js → chunk-PFV5C235.js} +11 -6
package/dist/chunk-PFV5C235.js.map +1 -0
package/dist/chunk-PZ5AY32C.js +10 -0
package/dist/chunk-PZ5AY32C.js.map +1 -0
package/dist/{chunk-XZ2TIKGC.js → chunk-Q7FJ5ZHM.js} +30 -10
package/dist/chunk-Q7FJ5ZHM.js.map +1 -0
package/dist/{chunk-7I7FKFZH.js → chunk-R2L7SUX2.js} +6 -6
package/dist/{chunk-JL2PU6AI.js → chunk-R2XRID2N.js} +2 -2
package/dist/{chunk-WCLICCGB.js → chunk-RILIVK4O.js} +91 -4
package/dist/chunk-RILIVK4O.js.map +1 -0
package/dist/{chunk-C2EFFULQ.js → chunk-RK2Y4XOM.js} +163 -20
package/dist/chunk-RK2Y4XOM.js.map +1 -0
package/dist/{chunk-TP4FZJIZ.js → chunk-RULE4VG5.js} +5 -1
package/dist/chunk-RULE4VG5.js.map +1 -0
package/dist/{chunk-PVPWZSSI.js → chunk-SMA4IMHV.js} +19 -3
package/dist/chunk-SMA4IMHV.js.map +1 -0
package/dist/{chunk-WVVA7F5A.js → chunk-SS253RXF.js} +30 -16
package/dist/chunk-SS253RXF.js.map +1 -0
package/dist/chunk-TUFG6VXY.js +875 -0
package/dist/chunk-TUFG6VXY.js.map +1 -0
package/dist/chunk-TYEOAFH3.js +251 -0
package/dist/chunk-TYEOAFH3.js.map +1 -0
package/dist/chunk-UKJAGEXH.js +260 -0
package/dist/chunk-UKJAGEXH.js.map +1 -0
package/dist/{chunk-KVBLZUKV.js → chunk-USFPPRAF.js} +93 -3
package/dist/chunk-USFPPRAF.js.map +1 -0
package/dist/{chunk-EPQJM2GC.js → chunk-VTJVUHRK.js} +22 -36
package/dist/chunk-VTJVUHRK.js.map +1 -0
package/dist/{chunk-O5ETUNBT.js → chunk-VTU2B4VF.js} +7 -3
package/dist/chunk-VTU2B4VF.js.map +1 -0
package/dist/chunk-WIICJPET.js +45 -0
package/dist/chunk-WIICJPET.js.map +1 -0
package/dist/{chunk-VBVG2M5G.js → chunk-WPGJYVUH.js} +6 -2
package/dist/chunk-WPGJYVUH.js.map +1 -0
package/dist/{chunk-YNQKWQT4.js → chunk-WSZIHQBK.js} +31 -11
package/dist/{chunk-YNQKWQT4.js.map → chunk-WSZIHQBK.js.map} +1 -1
package/dist/{chunk-NZLQTHS5.js → chunk-WW3QQF4H.js} +4 -1
package/dist/chunk-WW3QQF4H.js.map +1 -0
package/dist/{chunk-FVA6TGI3.js → chunk-Y3WQ4ZWK.js} +42 -2
package/dist/chunk-Y3WQ4ZWK.js.map +1 -0
package/dist/chunk-YNJHCGDT.js +309 -0
package/dist/chunk-YNJHCGDT.js.map +1 -0
package/dist/{chunk-ALXMCZEU.js → chunk-Z2E7VW55.js} +6 -3
package/dist/chunk-Z2E7VW55.js.map +1 -0
package/dist/{chunk-INXV5JBT.js → chunk-ZGXSCMQN.js} +1992 -410
package/dist/chunk-ZGXSCMQN.js.map +1 -0
package/dist/{chunk-W6SL7OFG.js → chunk-ZTSE2ZJ6.js} +12 -2
package/dist/{chunk-W6SL7OFG.js.map → chunk-ZTSE2ZJ6.js.map} +1 -1
package/dist/chunking.js +1 -0
package/dist/cipher-GVE2GQ5H.js +28 -0
package/dist/cipher-GVE2GQ5H.js.map +1 -0
package/dist/citations.js +1 -0
package/dist/{cli-BkeRaYfk.d.ts → cli-x2APT9a6.d.ts} +26 -7
package/dist/cli.d.ts +11 -6
package/dist/cli.js +68 -34
package/dist/codex-thread-key.js +1 -0
package/dist/commitment-ledger.js +1 -0
package/dist/compression-optimizer.js +1 -0
package/dist/config.d.ts +2 -1
package/dist/config.js +5 -2
package/dist/connectors-cli-DFGtY2DB.d.ts +257 -0
package/dist/connectors-cli.d.ts +2 -0
package/dist/connectors-cli.js +22 -0
package/dist/connectors-cli.js.map +1 -0
package/dist/consolidation-operator.d.ts +65 -5
package/dist/consolidation-operator.js +6 -1
package/dist/consolidation-provenance-check.d.ts +1 -1
package/dist/consolidation-provenance-check.js +3 -2
package/dist/consolidation-undo.d.ts +1 -1
package/dist/consolidation-undo.js +1 -0
package/dist/consolidation-undo.js.map +1 -1
package/dist/{contradiction-review-WIUBAR52.js → contradiction-review-5LTTVDQV.js} +2 -1
package/dist/contradiction-review-5LTTVDQV.js.map +1 -0
package/dist/{contradiction-scan-E3GJTI4F.js → contradiction-scan-3Z6YW7YA.js} +2 -1
package/dist/{contradiction-scan-E3GJTI4F.js.map → contradiction-scan-3Z6YW7YA.js.map} +1 -1
package/dist/cross-namespace-budget.js +1 -0
package/dist/cue-anchors.js +1 -0
package/dist/dashboard-runtime.js +1 -0
package/dist/day-summary.js +1 -0
package/dist/delinearize.js +1 -0
package/dist/direct-answer-wiring.js +1 -0
package/dist/direct-answer.js +1 -0
package/dist/dreams-ledger-LR2NBAZE.js +286 -0
package/dist/dreams-ledger-LR2NBAZE.js.map +1 -0
package/dist/embedding-fallback.js +3 -1
package/dist/{engine-F3GOXGE5.js → engine-ICC2DSQF.js} +10 -7
package/dist/engine-ICC2DSQF.js.map +1 -0
package/dist/entity-retrieval.d.ts +1 -1
package/dist/entity-retrieval.js +9 -6
package/dist/entity-schema.js +1 -0
package/dist/evals.js +1 -0
package/dist/evidence-pack.d.ts +16 -0
package/dist/evidence-pack.js +8 -0
package/dist/evidence-pack.js.map +1 -0
package/dist/explicit-capture.d.ts +6 -4
package/dist/explicit-capture.js +1 -0
package/dist/extraction-judge-telemetry.js +1 -0
package/dist/extraction-judge-training.js +1 -0
package/dist/extraction-judge.js +1 -0
package/dist/extraction.js +9 -8
package/dist/fallback-llm.js +3 -2
package/dist/first-start-migration-4MHQEOSD.js +263 -0
package/dist/first-start-migration-4MHQEOSD.js.map +1 -0
package/dist/forget-PLR6J5DN.js +69 -0
package/dist/forget-PLR6J5DN.js.map +1 -0
package/dist/framework-CyHYDcri.d.ts +153 -0
package/dist/fs-utils-IRVUFB6G.js +30 -0
package/dist/fs-utils-IRVUFB6G.js.map +1 -0
package/dist/graph-dashboard-diff.js +1 -0
package/dist/graph-dashboard-key.js +1 -0
package/dist/graph-dashboard-parser.js +1 -0
package/dist/graph-edge-decay-PWB63GRE.js +207 -0
package/dist/graph-edge-decay-PWB63GRE.js.map +1 -0
package/dist/graph-edge-reinforcement.d.ts +81 -0
package/dist/graph-edge-reinforcement.js +24 -0
package/dist/graph-edge-reinforcement.js.map +1 -0
package/dist/graph-events.d.ts +87 -0
package/dist/graph-events.js +14 -0
package/dist/graph-events.js.map +1 -0
package/dist/graph-recall.js +1 -0
package/dist/graph-retrieval.js +1 -0
package/dist/graph-snapshot.d.ts +112 -0
package/dist/graph-snapshot.js +19 -0
package/dist/graph-snapshot.js.map +1 -0
package/dist/graph.d.ts +105 -7
package/dist/graph.js +20 -3
package/dist/harmonic-retrieval.js +1 -0
package/dist/himem.js +1 -0
package/dist/hygiene.js +1 -0
package/dist/identity-continuity.js +1 -0
package/dist/importance.js +1 -0
package/dist/index.d.ts +562 -13
package/dist/index.js +365 -96
package/dist/index.js.map +1 -1
package/dist/intent.js +1 -0
package/dist/json-extract.js +1 -0
package/dist/json-store.js +1 -0
package/dist/kdf-7S6RWKLZ.js +26 -0
package/dist/kdf-7S6RWKLZ.js.map +1 -0
package/dist/legacy-hook-compat.js +1 -0
package/dist/legacy-hook-compat.js.map +1 -1
package/dist/lifecycle.js +1 -0
package/dist/live-connectors-runner.d.ts +48 -0
package/dist/live-connectors-runner.js +17 -0
package/dist/live-connectors-runner.js.map +1 -0
package/dist/local-llm.js +3 -2
package/dist/logger.js +1 -0
package/dist/memory-action-policy.js +1 -0
package/dist/memory-cache.d.ts +2 -1
package/dist/memory-cache.js +4 -1
package/dist/memory-governance-KG52RITE.js +37 -0
package/dist/memory-governance-KG52RITE.js.map +1 -0
package/dist/memory-lifecycle-ledger-utils.d.ts +2 -1
package/dist/memory-lifecycle-ledger-utils.js +4 -1
package/dist/memory-projection-format.js +1 -0
package/dist/{memory-projection-store-DeSXPh1j.d.ts → memory-projection-store-D3vBHS4J.d.ts} +1 -0
package/dist/memory-projection-store.d.ts +1 -1
package/dist/memory-projection-store.js +1 -0
package/dist/memory-worth-bench.js +1 -0
package/dist/memory-worth-bench.js.map +1 -1
package/dist/memory-worth-filter.js +1 -0
package/dist/memory-worth-outcomes.d.ts +1 -1
package/dist/memory-worth-outcomes.js +1 -0
package/dist/memory-worth.js +1 -0
package/dist/metadata-FC3XPDRQ.js +21 -0
package/dist/metadata-FC3XPDRQ.js.map +1 -0
package/dist/migrate-from-identity-anchor-TTEDEJGX.js +8 -0
package/dist/migrate-from-identity-anchor-TTEDEJGX.js.map +1 -0
package/dist/model-registry.js +1 -0
package/dist/models-json.js +1 -0
package/dist/native-knowledge.js +1 -0
package/dist/negative.js +1 -0
package/dist/objective-state-writers.js +1 -0
package/dist/objective-state-writers.js.map +1 -1
package/dist/objective-state.js +1 -0
package/dist/openai-chat-compat.js +1 -0
package/dist/operator-toolkit.d.ts +46 -2
package/dist/operator-toolkit.js +29 -17
package/dist/opik-exporter.js +1 -0
package/dist/opik-exporter.js.map +1 -1
package/dist/{orchestrator-CmJ-NTdJ.d.ts → orchestrator-ChkesB8U.d.ts} +177 -13
package/dist/orchestrator.d.ts +6 -4
package/dist/orchestrator.js +58 -42
package/dist/page-versioning.js +1 -0
package/dist/path-RMTY5Y5A.js +9 -0
package/dist/path-RMTY5Y5A.js.map +1 -0
package/dist/patterns-cli.d.ts +160 -0
package/dist/patterns-cli.js +29 -0
package/dist/patterns-cli.js.map +1 -0
package/dist/peers-6OSQ3NK6.js +44 -0
package/dist/peers-6OSQ3NK6.js.map +1 -0
package/dist/plugin-id.js +1 -0
package/dist/policy-runtime.js +1 -0
package/dist/{port-BADbLZU5.d.ts → port-hqGnoStS.d.ts} +6 -0
package/dist/profiling.js +1 -0
package/dist/purge-6ATBGT77.js +205 -0
package/dist/purge-6ATBGT77.js.map +1 -0
package/dist/qmd-recall-cache.d.ts +1 -1
package/dist/qmd-recall-cache.js +1 -0
package/dist/qmd.d.ts +2 -1
package/dist/qmd.js +4 -3
package/dist/reasoning-trace-recall.js +1 -0
package/dist/reasoning-trace-types.js +1 -0
package/dist/recall-audit-anomaly.js +1 -0
package/dist/recall-audit.js +1 -0
package/dist/recall-disclosure-escalation.d.ts +84 -0
package/dist/recall-disclosure-escalation.js +14 -0
package/dist/recall-disclosure-escalation.js.map +1 -0
package/dist/recall-explain-renderer.js +4 -1
package/dist/recall-mmr.js +1 -0
package/dist/recall-qos.js +1 -0
package/dist/recall-query-policy.js +1 -0
package/dist/recall-state.d.ts +7 -0
package/dist/recall-state.js +2 -1
package/dist/recall-tag-filter.d.ts +56 -0
package/dist/recall-tag-filter.js +14 -0
package/dist/recall-tag-filter.js.map +1 -0
package/dist/recall-tokenization.js +1 -0
package/dist/recall-xray-cli.d.ts +9 -2
package/dist/recall-xray-cli.js +9 -4
package/dist/recall-xray-renderer.js +4 -1
package/dist/recall-xray.d.ts +116 -2
package/dist/recall-xray.js +9 -3
package/dist/reconstruct.js +1 -0
package/dist/release-changelog.js +2 -0
package/dist/release-changelog.js.map +1 -1
package/dist/relevance.js +1 -0
package/dist/rerank.js +1 -0
package/dist/{resolution-QBTDHTG7.js → resolution-YGIBORXI.js} +2 -1
package/dist/{resolution-QBTDHTG7.js.map → resolution-YGIBORXI.js.map} +1 -1
package/dist/resolve-auth-token.d.ts +51 -0
package/dist/resolve-auth-token.js +12 -0
package/dist/resolve-auth-token.js.map +1 -0
package/dist/resolve-provider-secret.d.ts +13 -1
package/dist/resolve-provider-secret.js +6 -1
package/dist/resume-bundles.js +5 -4
package/dist/retrieval-agents.d.ts +1 -1
package/dist/retrieval-agents.js +1 -0
package/dist/retrieval-tiers.js +1 -0
package/dist/retrieval.js +1 -0
package/dist/sanitize.js +1 -0
package/dist/schemas.d.ts +15 -2
package/dist/schemas.js +2 -1
package/dist/sdk-compat.js +1 -0
package/dist/sdk-compat.js.map +1 -1
package/dist/secure-store-4R2GSO7S.js +156 -0
package/dist/secure-store-4R2GSO7S.js.map +1 -0
package/dist/semantic-chunking.js +1 -0
package/dist/{semantic-consolidation-CxJU6MJk.d.ts → semantic-consolidation-ByBXb-sf.d.ts} +3 -3
package/dist/semantic-consolidation.d.ts +2 -2
package/dist/semantic-consolidation.js +12 -6
package/dist/semantic-rule-promotion.d.ts +1 -1
package/dist/semantic-rule-promotion.js +9 -6
package/dist/semantic-rule-verifier.d.ts +1 -1
package/dist/semantic-rule-verifier.js +9 -6
package/dist/session-integrity.js +1 -0
package/dist/session-observer-bands.js +1 -0
package/dist/session-observer-state.js +1 -0
package/dist/session-toggles.js +2 -0
package/dist/session-toggles.js.map +1 -1
package/dist/signal.js +1 -0
package/dist/skills-registry.js +2 -0
package/dist/skills-registry.js.map +1 -1
package/dist/source-attribution.js +1 -0
package/dist/state-NCHQ4TRG.js +8 -0
package/dist/state-NCHQ4TRG.js.map +1 -0
package/dist/state-store-3EH7HYIN.js +16 -0
package/dist/state-store-3EH7HYIN.js.map +1 -0
package/dist/storage.d.ts +76 -2
package/dist/storage.js +8 -5
package/dist/store-contract.js +1 -0
package/dist/summarizer.js +6 -5
package/dist/summary-snapshot.js +1 -0
package/dist/temporal-index.js +1 -0
package/dist/temporal-supersession.d.ts +1 -1
package/dist/temporal-supersession.js +2 -1
package/dist/temporal-validity.d.ts +52 -0
package/dist/temporal-validity.js +14 -0
package/dist/temporal-validity.js.map +1 -0
package/dist/threading.js +1 -0
package/dist/tier-migration.d.ts +2 -2
package/dist/tier-migration.js +1 -0
package/dist/tier-routing.js +1 -0
package/dist/tier-stats-62ZVDFKS.js +152 -0
package/dist/tier-stats-62ZVDFKS.js.map +1 -0
package/dist/tmt.js +1 -0
package/dist/tokens.js +3 -1
package/dist/topics.js +1 -0
package/dist/trace-C5ETWBEF.js +290 -0
package/dist/trace-C5ETWBEF.js.map +1 -0
package/dist/transcript.js +1 -0
package/dist/trust-zones.js +1 -0
package/dist/tui-RI7P6PBS.js +13 -0
package/dist/tui-RI7P6PBS.js.map +1 -0
package/dist/types-V3FJ26TF.js +30 -0
package/dist/types-V3FJ26TF.js.map +1 -0
package/dist/types.d.ts +634 -9
package/dist/types.js +10 -3
package/dist/utility-learner.js +1 -0
package/dist/utility-runtime.js +1 -0
package/dist/utility-telemetry.js +1 -0
package/dist/verified-recall.js +9 -6
package/dist/version-utils.js +1 -0
package/dist/whitespace.js +1 -0
package/dist/work-product-ledger.js +1 -0
package/package.json +2 -1
package/dist/access-service-Br8ZydTK.d.ts +0 -827
package/dist/chunk-3OGMS3PE.js.map +0 -1
package/dist/chunk-6PFRXT4K.js.map +0 -1
package/dist/chunk-ALXMCZEU.js.map +0 -1
package/dist/chunk-B5WXLVDY.js.map +0 -1
package/dist/chunk-BGJGXLZ7.js.map +0 -1
package/dist/chunk-BK2EFTE2.js.map +0 -1
package/dist/chunk-C2EFFULQ.js.map +0 -1
package/dist/chunk-CUPFXL3J.js.map +0 -1
package/dist/chunk-DFTTJYSO.js.map +0 -1
package/dist/chunk-EPQJM2GC.js.map +0 -1
package/dist/chunk-F5VP6YCB.js.map +0 -1
package/dist/chunk-FVA6TGI3.js.map +0 -1
package/dist/chunk-GKFXUTJ2.js.map +0 -1
package/dist/chunk-HK3FGIEW.js.map +0 -1
package/dist/chunk-INXV5JBT.js.map +0 -1
package/dist/chunk-KVBLZUKV.js.map +0 -1
package/dist/chunk-LK6SGL53.js.map +0 -1
package/dist/chunk-LTCGGW2D.js +0 -14
package/dist/chunk-LTCGGW2D.js.map +0 -1
package/dist/chunk-NZLQTHS5.js.map +0 -1
package/dist/chunk-O5ETUNBT.js.map +0 -1
package/dist/chunk-PVPWZSSI.js.map +0 -1
package/dist/chunk-RGLL5SPU.js.map +0 -1
package/dist/chunk-S3EEFKNY.js.map +0 -1
package/dist/chunk-SPI27QT6.js.map +0 -1
package/dist/chunk-TP4FZJIZ.js.map +0 -1
package/dist/chunk-ULYOGL6R.js.map +0 -1
package/dist/chunk-VBVG2M5G.js.map +0 -1
package/dist/chunk-VDX363PS.js.map +0 -1
package/dist/chunk-VYM3VWOF.js.map +0 -1
package/dist/chunk-WCLICCGB.js.map +0 -1
package/dist/chunk-WVVA7F5A.js.map +0 -1
package/dist/chunk-X6GF3FX2.js +0 -26
package/dist/chunk-X6GF3FX2.js.map +0 -1
package/dist/chunk-XZ2TIKGC.js.map +0 -1
package/dist/chunk-ZAIM4TUE.js.map +0 -1
/package/dist/{contradiction-review-WIUBAR52.js.map → capsule-cli.js.map} +0 -0
/package/dist/{engine-F3GOXGE5.js.map → capsule-crypto-5CYAGVC5.js.map} +0 -0
/package/dist/{chunk-KUB6JU6H.js.map → chunk-47WOM4YW.js.map} +0 -0
/package/dist/{chunk-ZEM3OK2K.js.map → chunk-B2TL6GA2.js.map} +0 -0
/package/dist/{chunk-3GXCSUXR.js.map → chunk-CRU27Q4J.js.map} +0 -0
/package/dist/{chunk-RBBWYEFJ.js.map → chunk-G2WADRQ3.js.map} +0 -0
/package/dist/{chunk-7I7FKFZH.js.map → chunk-R2L7SUX2.js.map} +0 -0
/package/dist/{chunk-JL2PU6AI.js.map → chunk-R2XRID2N.js.map} +0 -0

package/dist/chunk-FP2373TW.js ADDED Viewed

@@ -0,0 +1,149 @@
+// src/secure-store/kdf.ts
+import { scryptSync, timingSafeEqual } from "crypto";
+import { createRequire } from "module";
+var requireArgon2 = createRequire(import.meta.url);
+var argon2Runtime;
+function loadArgon2Runtime() {
+  try {
+    argon2Runtime ??= requireArgon2("@node-rs/argon2");
+    return argon2Runtime;
+  } catch (cause) {
+    throw new Error(
+      "Argon2id KDF requires @node-rs/argon2 to be installed and loadable on this platform. Use scrypt compatibility mode for stores that must run without the Argon2 native binding.",
+      { cause }
+    );
+  }
+}
+var DEFAULT_SCRYPT_PARAMS = Object.freeze({
+  // 2^17. Hex-coding the literal would obscure the doubling chain.
+  N: 1 << 17,
+  r: 8,
+  p: 1,
+  keyLength: 32,
+  // 256 MiB ceiling — comfortably above the 128 MiB scrypt needs at N=2^17.
+  maxmem: 256 * 1024 * 1024
+});
+var DEFAULT_ARGON2ID_PARAMS = Object.freeze({
+  memoryKiB: 64 * 1024,
+  iterations: 3,
+  parallelism: 4,
+  keyLength: 32
+});
+var KDF_SALT_LENGTH = 16;
+var KDF_KEY_LENGTH = 32;
+function validateScryptParams(params) {
+  const { N, r, p, keyLength, maxmem } = params;
+  if (!Number.isInteger(N) || N < 2) {
+    throw new Error(`scrypt N must be an integer \u2265 2, got ${N}`);
+  }
+  if (N > 2 ** 30) {
+    throw new Error(`scrypt N is unreasonably large (max 2^30), got ${N}`);
+  }
+  if (!Number.isInteger(Math.log2(N))) {
+    throw new Error(`scrypt N must be a power of 2, got ${N}`);
+  }
+  if (!Number.isInteger(r) || r < 1) {
+    throw new Error(`scrypt r must be a positive integer, got ${r}`);
+  }
+  if (!Number.isInteger(p) || p < 1) {
+    throw new Error(`scrypt p must be a positive integer, got ${p}`);
+  }
+  if (!Number.isInteger(keyLength) || keyLength < 16) {
+    throw new Error(
+      `scrypt keyLength must be \u2265 16 (need 32 for AES-256), got ${keyLength}`
+    );
+  }
+  if (!Number.isInteger(maxmem) || maxmem < 1024) {
+    throw new Error(`scrypt maxmem must be a sane positive integer, got ${maxmem}`);
+  }
+}
+function validateArgon2idParams(params) {
+  const { memoryKiB, iterations, parallelism, keyLength } = params;
+  if (!Number.isInteger(memoryKiB) || memoryKiB < 8) {
+    throw new Error(`argon2id memoryKiB must be an integer \u2265 8, got ${memoryKiB}`);
+  }
+  if (!Number.isInteger(iterations) || iterations < 1) {
+    throw new Error(`argon2id iterations must be a positive integer, got ${iterations}`);
+  }
+  if (!Number.isInteger(parallelism) || parallelism < 1 || parallelism > 255) {
+    throw new Error(`argon2id parallelism must be an integer in [1, 255], got ${parallelism}`);
+  }
+  if (!Number.isInteger(keyLength) || keyLength !== KDF_KEY_LENGTH) {
+    throw new Error(
+      `argon2id keyLength must be ${KDF_KEY_LENGTH} (AES-256 requires a 32-byte key), got ${keyLength}`
+    );
+  }
+}
+function deriveKeyScrypt(passphrase, salt, params = DEFAULT_SCRYPT_PARAMS) {
+  if (typeof passphrase !== "string") {
+    throw new Error("passphrase must be a string");
+  }
+  if (passphrase.length === 0) {
+    throw new Error("passphrase must not be empty");
+  }
+  if (!(salt instanceof Uint8Array) || salt.length < 8) {
+    throw new Error(
+      `salt must be a Uint8Array of at least 8 bytes, got ${salt?.length ?? "non-buffer"}`
+    );
+  }
+  validateScryptParams(params);
+  return scryptSync(passphrase, Buffer.from(salt), params.keyLength, {
+    N: params.N,
+    r: params.r,
+    p: params.p,
+    maxmem: params.maxmem
+  });
+}
+function deriveKeyArgon2id(passphrase, salt, params = DEFAULT_ARGON2ID_PARAMS) {
+  if (typeof passphrase !== "string") {
+    throw new Error("passphrase must be a string");
+  }
+  if (passphrase.length === 0) {
+    throw new Error("passphrase must not be empty");
+  }
+  if (!(salt instanceof Uint8Array) || salt.length < 8) {
+    throw new Error(
+      `salt must be a Uint8Array of at least 8 bytes, got ${salt?.length ?? "non-buffer"}`
+    );
+  }
+  validateArgon2idParams(params);
+  const { Algorithm, Version, hashRawSync } = loadArgon2Runtime();
+  return hashRawSync(passphrase, {
+    algorithm: Algorithm.Argon2id,
+    version: Version.V0x13,
+    memoryCost: params.memoryKiB,
+    timeCost: params.iterations,
+    parallelism: params.parallelism,
+    outputLen: params.keyLength,
+    salt
+  });
+}
+function deriveKey(algorithm, passphrase, salt, params) {
+  if (algorithm === "scrypt") {
+    return deriveKeyScrypt(passphrase, salt, params);
+  }
+  if (algorithm === "argon2id") {
+    return deriveKeyArgon2id(passphrase, salt, params);
+  }
+  throw new Error(`unknown KDF algorithm: ${algorithm}`);
+}
+function constantTimeEqual(a, b) {
+  if (a.length !== b.length) {
+    return false;
+  }
+  return timingSafeEqual(Buffer.from(a), Buffer.from(b));
+}
+export {
+  DEFAULT_SCRYPT_PARAMS,
+  DEFAULT_ARGON2ID_PARAMS,
+  KDF_SALT_LENGTH,
+  KDF_KEY_LENGTH,
+  validateScryptParams,
+  validateArgon2idParams,
+  deriveKeyScrypt,
+  deriveKeyArgon2id,
+  deriveKey,
+  constantTimeEqual
+};
+//# sourceMappingURL=chunk-FP2373TW.js.map

package/dist/chunk-FP2373TW.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/secure-store/kdf.ts"],"sourcesContent":["/**\n * Key-derivation functions for the secure-store module.\n *\n * Issue #690 (PR 1/4) — pure primitives, no I/O.\n *\n * Naming note\n * -----------\n * The directory is named `secure-store/` — NOT `vault/` — because\n * `vault` is already a content-source concept in `native-knowledge.ts`\n * (Obsidian vaults: `ObsidianVaultState`, `vaultId`, `obsidianVaults`\n * config, etc.). Reusing the `vault` namespace for at-rest encryption\n * would cause symbol collisions and reader confusion.\n *\n * KDF choice — Argon2id primary, scrypt compatibility\n * ---------------------------------------------------\n * Issue #690 specifies Argon2id (OWASP m=64 MiB, t=3, p=4) as the\n * preferred KDF. We use `@node-rs/argon2` for the Argon2id runtime\n * and keep scrypt as the compatibility path for stores initialized\n * before Argon2id support landed.\n *\n * The algorithm name + params are persisted in the metadata file, so\n * stores keep deriving with the same KDF they were initialized with.\n *\n * Trade-off summary:\n * - scrypt N=2^17, r=8, p=1 → ~128 MiB memory, ~150 ms on a modern\n * laptop. Memory-hard. Resists GPU/ASIC attacks meaningfully.\n * - Argon2id m=64 MiB, t=3, p=4 → ~64 MiB memory, similar wall\n * time. Considered the modern best-in-class but requires native\n * bindings.\n *\n * Both produce a 32-byte key suitable for AES-256-GCM.\n */\n\nimport { scryptSync, timingSafeEqual } from \"node:crypto\";\nimport { createRequire } from \"node:module\";\n\ntype Argon2Runtime = typeof import(\"@node-rs/argon2\");\n\nconst requireArgon2 = createRequire(import.meta.url);\nlet argon2Runtime: Argon2Runtime | undefined;\n\nfunction loadArgon2Runtime(): Argon2Runtime {\n try {\n argon2Runtime ??= requireArgon2(\"@node-rs/argon2\") as Argon2Runtime;\n return argon2Runtime;\n } catch (cause) {\n throw new Error(\n \"Argon2id KDF requires @node-rs/argon2 to be installed and loadable on this platform. \" +\n \"Use scrypt compatibility mode for stores that must run without the Argon2 native binding.\",\n { cause },\n );\n }\n}\n\n/** KDF algorithms supported by the secure-store metadata format. */\nexport type KdfAlgorithm = \"scrypt\" | \"argon2id\";\n\n/** Parameters for the scrypt KDF (RFC 7914). */\nexport interface ScryptParams {\n /** CPU/memory cost. Must be a power of 2. Default 2^17 = 131072. */\n N: number;\n /** Block size. Default 8. */\n r: number;\n /** Parallelization. Default 1. */\n p: number;\n /** Output key length in bytes. Default 32 (AES-256). */\n keyLength: number;\n /** maxmem ceiling for scrypt; defaults to 256 MiB. */\n maxmem: number;\n}\n\n/** Parameters for the Argon2id KDF. */\nexport interface Argon2idParams {\n /** Memory cost in KiB. OWASP default 65536 (64 MiB). */\n memoryKiB: number;\n /** Time cost (iterations). OWASP default 3. */\n iterations: number;\n /** Parallelism. OWASP default 4. */\n parallelism: number;\n /** Output key length in bytes. Default 32 (AES-256). */\n keyLength: number;\n}\n\n/** Strong scrypt defaults (OWASP-acceptable for 2024+). */\nexport const DEFAULT_SCRYPT_PARAMS: Readonly<ScryptParams> = Object.freeze({\n // 2^17. Hex-coding the literal would obscure the doubling chain.\n N: 1 << 17,\n r: 8,\n p: 1,\n keyLength: 32,\n // 256 MiB ceiling — comfortably above the 128 MiB scrypt needs at N=2^17.\n maxmem: 256 * 1024 * 1024,\n});\n\n/** OWASP Argon2id defaults. */\nexport const DEFAULT_ARGON2ID_PARAMS: Readonly<Argon2idParams> = Object.freeze({\n memoryKiB: 64 * 1024,\n iterations: 3,\n parallelism: 4,\n keyLength: 32,\n});\n\n/** Salt length in bytes. 128 bits is the modern minimum. */\nexport const KDF_SALT_LENGTH = 16;\n\n/** Required derived-key length for AES-256 (32 bytes). */\nexport const KDF_KEY_LENGTH = 32;\n\n/**\n * Validate that scrypt parameters are within sane bounds and that\n * `N` is a power of 2 (required by RFC 7914).\n */\nexport function validateScryptParams(params: ScryptParams): void {\n const { N, r, p, keyLength, maxmem } = params;\n if (!Number.isInteger(N) || N < 2) {\n throw new Error(`scrypt N must be an integer ≥ 2, got ${N}`);\n }\n // Cursor Low + codex P2: a `(N & (N - 1)) !== 0` check truncates\n // to 32-bit semantics for `N >= 2**31`, so values like `5 * 2**30`\n // would pass even though they are not powers of two, and absurdly\n // large values like `2**33` would silently lock up the KDF. Use\n // Math.log2-based detection plus an explicit upper bound at 2**30\n // (already orders of magnitude past any practical memory budget)\n // so out-of-range or non-power-of-two values are rejected loudly.\n if (N > 2 ** 30) {\n throw new Error(`scrypt N is unreasonably large (max 2^30), got ${N}`);\n }\n if (!Number.isInteger(Math.log2(N))) {\n throw new Error(`scrypt N must be a power of 2, got ${N}`);\n }\n if (!Number.isInteger(r) || r < 1) {\n throw new Error(`scrypt r must be a positive integer, got ${r}`);\n }\n if (!Number.isInteger(p) || p < 1) {\n throw new Error(`scrypt p must be a positive integer, got ${p}`);\n }\n if (!Number.isInteger(keyLength) || keyLength < 16) {\n throw new Error(\n `scrypt keyLength must be ≥ 16 (need 32 for AES-256), got ${keyLength}`,\n );\n }\n if (!Number.isInteger(maxmem) || maxmem < 1024) {\n throw new Error(`scrypt maxmem must be a sane positive integer, got ${maxmem}`);\n }\n}\n\n/** Validate Argon2id parameters before invoking the native KDF binding. */\nexport function validateArgon2idParams(params: Argon2idParams): void {\n const { memoryKiB, iterations, parallelism, keyLength } = params;\n if (!Number.isInteger(memoryKiB) || memoryKiB < 8) {\n throw new Error(`argon2id memoryKiB must be an integer ≥ 8, got ${memoryKiB}`);\n }\n if (!Number.isInteger(iterations) || iterations < 1) {\n throw new Error(`argon2id iterations must be a positive integer, got ${iterations}`);\n }\n if (!Number.isInteger(parallelism) || parallelism < 1 || parallelism > 255) {\n throw new Error(`argon2id parallelism must be an integer in [1, 255], got ${parallelism}`);\n }\n if (!Number.isInteger(keyLength) || keyLength !== KDF_KEY_LENGTH) {\n throw new Error(\n `argon2id keyLength must be ${KDF_KEY_LENGTH} (AES-256 requires a 32-byte key), got ${keyLength}`,\n );\n }\n}\n\n/**\n * Derive a key from a passphrase + salt using scrypt.\n *\n * Pure: no I/O, no global state, deterministic for a given\n * (passphrase, salt, params) tuple.\n *\n * @throws if params are invalid.\n */\nexport function deriveKeyScrypt(\n passphrase: string,\n salt: Uint8Array,\n params: ScryptParams = DEFAULT_SCRYPT_PARAMS,\n): Buffer {\n if (typeof passphrase !== \"string\") {\n throw new Error(\"passphrase must be a string\");\n }\n if (passphrase.length === 0) {\n throw new Error(\"passphrase must not be empty\");\n }\n if (!(salt instanceof Uint8Array) || salt.length < 8) {\n throw new Error(\n `salt must be a Uint8Array of at least 8 bytes, got ${salt?.length ?? \"non-buffer\"}`,\n );\n }\n validateScryptParams(params);\n return scryptSync(passphrase, Buffer.from(salt), params.keyLength, {\n N: params.N,\n r: params.r,\n p: params.p,\n maxmem: params.maxmem,\n });\n}\n\n/**\n * Derive a key from a passphrase + salt using Argon2id.\n *\n * The returned raw hash is used directly as the AES-256-GCM master key.\n * The same public KDF params are persisted in secure-store metadata so\n * unlock can reproduce the exact key later.\n */\nexport function deriveKeyArgon2id(\n passphrase: string,\n salt: Uint8Array,\n params: Argon2idParams = DEFAULT_ARGON2ID_PARAMS,\n): Buffer {\n if (typeof passphrase !== \"string\") {\n throw new Error(\"passphrase must be a string\");\n }\n if (passphrase.length === 0) {\n throw new Error(\"passphrase must not be empty\");\n }\n if (!(salt instanceof Uint8Array) || salt.length < 8) {\n throw new Error(\n `salt must be a Uint8Array of at least 8 bytes, got ${salt?.length ?? \"non-buffer\"}`,\n );\n }\n validateArgon2idParams(params);\n const { Algorithm, Version, hashRawSync } = loadArgon2Runtime();\n return hashRawSync(passphrase, {\n algorithm: Algorithm.Argon2id,\n version: Version.V0x13,\n memoryCost: params.memoryKiB,\n timeCost: params.iterations,\n parallelism: params.parallelism,\n outputLen: params.keyLength,\n salt,\n });\n}\n\n/**\n * Algorithm-dispatching KDF. The algorithm name is recorded in the\n * metadata file so existing stores continue using their original KDF.\n */\nexport function deriveKey(\n algorithm: KdfAlgorithm,\n passphrase: string,\n salt: Uint8Array,\n params: ScryptParams | Argon2idParams,\n): Buffer {\n if (algorithm === \"scrypt\") {\n return deriveKeyScrypt(passphrase, salt, params as ScryptParams);\n }\n if (algorithm === \"argon2id\") {\n return deriveKeyArgon2id(passphrase, salt, params as Argon2idParams);\n }\n throw new Error(`unknown KDF algorithm: ${algorithm as string}`);\n}\n\n/**\n * Constant-time equality for two derived keys / MACs. Re-exported so\n * callers don't reach into `node:crypto` directly for this primitive.\n */\nexport function constantTimeEqual(a: Uint8Array, b: Uint8Array): boolean {\n if (a.length !== b.length) {\n return false;\n }\n return timingSafeEqual(Buffer.from(a), Buffer.from(b));\n}\n"],"mappings":";AAiCA,SAAS,YAAY,uBAAuB;AAC5C,SAAS,qBAAqB;AAI9B,IAAM,gBAAgB,cAAc,YAAY,GAAG;AACnD,IAAI;AAEJ,SAAS,oBAAmC;AAC1C,MAAI;AACF,sBAAkB,cAAc,iBAAiB;AACjD,WAAO;AAAA,EACT,SAAS,OAAO;AACd,UAAM,IAAI;AAAA,MACR;AAAA,MAEA,EAAE,MAAM;AAAA,IACV;AAAA,EACF;AACF;AAgCO,IAAM,wBAAgD,OAAO,OAAO;AAAA;AAAA,EAEzE,GAAG,KAAK;AAAA,EACR,GAAG;AAAA,EACH,GAAG;AAAA,EACH,WAAW;AAAA;AAAA,EAEX,QAAQ,MAAM,OAAO;AACvB,CAAC;AAGM,IAAM,0BAAoD,OAAO,OAAO;AAAA,EAC7E,WAAW,KAAK;AAAA,EAChB,YAAY;AAAA,EACZ,aAAa;AAAA,EACb,WAAW;AACb,CAAC;AAGM,IAAM,kBAAkB;AAGxB,IAAM,iBAAiB;AAMvB,SAAS,qBAAqB,QAA4B;AAC/D,QAAM,EAAE,GAAG,GAAG,GAAG,WAAW,OAAO,IAAI;AACvC,MAAI,CAAC,OAAO,UAAU,CAAC,KAAK,IAAI,GAAG;AACjC,UAAM,IAAI,MAAM,6CAAwC,CAAC,EAAE;AAAA,EAC7D;AAQA,MAAI,IAAI,KAAK,IAAI;AACf,UAAM,IAAI,MAAM,kDAAkD,CAAC,EAAE;AAAA,EACvE;AACA,MAAI,CAAC,OAAO,UAAU,KAAK,KAAK,CAAC,CAAC,GAAG;AACnC,UAAM,IAAI,MAAM,sCAAsC,CAAC,EAAE;AAAA,EAC3D;AACA,MAAI,CAAC,OAAO,UAAU,CAAC,KAAK,IAAI,GAAG;AACjC,UAAM,IAAI,MAAM,4CAA4C,CAAC,EAAE;AAAA,EACjE;AACA,MAAI,CAAC,OAAO,UAAU,CAAC,KAAK,IAAI,GAAG;AACjC,UAAM,IAAI,MAAM,4CAA4C,CAAC,EAAE;AAAA,EACjE;AACA,MAAI,CAAC,OAAO,UAAU,SAAS,KAAK,YAAY,IAAI;AAClD,UAAM,IAAI;AAAA,MACR,iEAA4D,SAAS;AAAA,IACvE;AAAA,EACF;AACA,MAAI,CAAC,OAAO,UAAU,MAAM,KAAK,SAAS,MAAM;AAC9C,UAAM,IAAI,MAAM,sDAAsD,MAAM,EAAE;AAAA,EAChF;AACF;AAGO,SAAS,uBAAuB,QAA8B;AACnE,QAAM,EAAE,WAAW,YAAY,aAAa,UAAU,IAAI;AAC1D,MAAI,CAAC,OAAO,UAAU,SAAS,KAAK,YAAY,GAAG;AACjD,UAAM,IAAI,MAAM,uDAAkD,SAAS,EAAE;AAAA,EAC/E;AACA,MAAI,CAAC,OAAO,UAAU,UAAU,KAAK,aAAa,GAAG;AACnD,UAAM,IAAI,MAAM,uDAAuD,UAAU,EAAE;AAAA,EACrF;AACA,MAAI,CAAC,OAAO,UAAU,WAAW,KAAK,cAAc,KAAK,cAAc,KAAK;AAC1E,UAAM,IAAI,MAAM,4DAA4D,WAAW,EAAE;AAAA,EAC3F;AACA,MAAI,CAAC,OAAO,UAAU,SAAS,KAAK,cAAc,gBAAgB;AAChE,UAAM,IAAI;AAAA,MACR,8BAA8B,cAAc,0CAA0C,SAAS;AAAA,IACjG;AAAA,EACF;AACF;AAUO,SAAS,gBACd,YACA,MACA,SAAuB,uBACf;AACR,MAAI,OAAO,eAAe,UAAU;AAClC,UAAM,IAAI,MAAM,6BAA6B;AAAA,EAC/C;AACA,MAAI,WAAW,WAAW,GAAG;AAC3B,UAAM,IAAI,MAAM,8BAA8B;AAAA,EAChD;AACA,MAAI,EAAE,gBAAgB,eAAe,KAAK,SAAS,GAAG;AACpD,UAAM,IAAI;AAAA,MACR,sDAAsD,MAAM,UAAU,YAAY;AAAA,IACpF;AAAA,EACF;AACA,uBAAqB,MAAM;AAC3B,SAAO,WAAW,YAAY,OAAO,KAAK,IAAI,GAAG,OAAO,WAAW;AAAA,IACjE,GAAG,OAAO;AAAA,IACV,GAAG,OAAO;AAAA,IACV,GAAG,OAAO;AAAA,IACV,QAAQ,OAAO;AAAA,EACjB,CAAC;AACH;AASO,SAAS,kBACd,YACA,MACA,SAAyB,yBACjB;AACR,MAAI,OAAO,eAAe,UAAU;AAClC,UAAM,IAAI,MAAM,6BAA6B;AAAA,EAC/C;AACA,MAAI,WAAW,WAAW,GAAG;AAC3B,UAAM,IAAI,MAAM,8BAA8B;AAAA,EAChD;AACA,MAAI,EAAE,gBAAgB,eAAe,KAAK,SAAS,GAAG;AACpD,UAAM,IAAI;AAAA,MACR,sDAAsD,MAAM,UAAU,YAAY;AAAA,IACpF;AAAA,EACF;AACA,yBAAuB,MAAM;AAC7B,QAAM,EAAE,WAAW,SAAS,YAAY,IAAI,kBAAkB;AAC9D,SAAO,YAAY,YAAY;AAAA,IAC7B,WAAW,UAAU;AAAA,IACrB,SAAS,QAAQ;AAAA,IACjB,YAAY,OAAO;AAAA,IACnB,UAAU,OAAO;AAAA,IACjB,aAAa,OAAO;AAAA,IACpB,WAAW,OAAO;AAAA,IAClB;AAAA,EACF,CAAC;AACH;AAMO,SAAS,UACd,WACA,YACA,MACA,QACQ;AACR,MAAI,cAAc,UAAU;AAC1B,WAAO,gBAAgB,YAAY,MAAM,MAAsB;AAAA,EACjE;AACA,MAAI,cAAc,YAAY;AAC5B,WAAO,kBAAkB,YAAY,MAAM,MAAwB;AAAA,EACrE;AACA,QAAM,IAAI,MAAM,0BAA0B,SAAmB,EAAE;AACjE;AAMO,SAAS,kBAAkB,GAAe,GAAwB;AACvE,MAAI,EAAE,WAAW,EAAE,QAAQ;AACzB,WAAO;AAAA,EACT;AACA,SAAO,gBAAgB,OAAO,KAAK,CAAC,GAAG,OAAO,KAAK,CAAC,CAAC;AACvD;","names":[]}

package/dist/{chunk-RBBWYEFJ.js → chunk-G2WADRQ3.js} RENAMED Viewed

@@ -216,4 +216,4 @@ export {
   getCausalTrajectoryStoreStatus,
   searchCausalTrajectories
 };
-//# sourceMappingURL=chunk-RBBWYEFJ.js.map
+//# sourceMappingURL=chunk-G2WADRQ3.js.map

package/dist/chunk-G7D6GZ5J.js ADDED Viewed

@@ -0,0 +1,48 @@
+// src/consolidation-operator.ts
+var CONSOLIDATION_OPERATORS = [
+  "split",
+  "merge",
+  "update",
+  "pattern-reinforcement"
+];
+var DERIVED_FROM_ENTRY_RE = /^(.+):(\d+)$/;
+var DERIVED_FROM_MEMORY_ID_RE = /^[A-Za-z0-9][A-Za-z0-9_:-]*$/;
+function looksLikeSnapshotEntry(entry) {
+  const match = entry.match(DERIVED_FROM_ENTRY_RE);
+  if (!match) return false;
+  const pathPart = match[1];
+  return pathPart.includes("/") || pathPart.includes(".");
+}
+function isValidDerivedFromEntry(entry) {
+  if (typeof entry !== "string") return false;
+  if (entry.length === 0) return false;
+  if (looksLikeSnapshotEntry(entry)) {
+    const match = entry.match(DERIVED_FROM_ENTRY_RE);
+    if (!match) return false;
+    const pathPart = match[1];
+    if (pathPart.length === 0 || pathPart.trim().length === 0) return false;
+    const versionNum = Number(match[2]);
+    return Number.isInteger(versionNum) && versionNum >= 0;
+  }
+  return DERIVED_FROM_MEMORY_ID_RE.test(entry);
+}
+function isConsolidationOperator(value) {
+  return typeof value === "string" && CONSOLIDATION_OPERATORS.includes(value);
+}
+var SEMANTIC_CONSOLIDATION_LLM_OPERATORS = [
+  "split",
+  "merge",
+  "update"
+];
+function isSemanticConsolidationLlmOperator(value) {
+  return typeof value === "string" && SEMANTIC_CONSOLIDATION_LLM_OPERATORS.includes(value);
+}
+export {
+  CONSOLIDATION_OPERATORS,
+  DERIVED_FROM_MEMORY_ID_RE,
+  isValidDerivedFromEntry,
+  isConsolidationOperator,
+  isSemanticConsolidationLlmOperator
+};
+//# sourceMappingURL=chunk-G7D6GZ5J.js.map

package/dist/chunk-G7D6GZ5J.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/consolidation-operator.ts"],"sourcesContent":["/**\n * consolidation-operator.ts — Standalone operator vocabulary + validators\n * for the consolidation subsystem (issue #561, All-Mem paper\n * arxiv:2603.19595).\n *\n * This module is intentionally dependency-free so storage, the `remnic\n * doctor` check (PR 4), and the undo CLI (PR 5) can import the validators\n * without dragging in the full consolidation engine — which in turn pulls\n * in the Codex materialize runner and creates a `storage → consolidation\n * → codex-materialize-runner → storage` import cycle.\n *\n * The `semantic-consolidation.ts` module re-exports these symbols so\n * existing import paths continue to work.\n */\n\n/**\n * Operator algebra for non-destructive consolidation.\n *\n * - `split` — one source memory is rewritten as multiple smaller memories.\n * - `merge` — multiple source memories are collapsed into one canonical\n * memory.\n * - `update` — a newer value supersedes an older value within the same\n * logical fact.\n * - `pattern-reinforcement` (issue #687 PR 2/4) — emitted by the\n * pattern-reinforcement maintenance job when it clusters duplicate\n * non-procedural memories and promotes the most recent member to\n * canonical. Unlike the other operators, the job does not produce\n * page-versioning snapshots — it just stamps reinforcement metadata\n * on the canonical and points superseded duplicates at it. See\n * `maintenance/pattern-reinforcement.ts`.\n */\nexport type ConsolidationOperator =\n | \"split\"\n | \"merge\"\n | \"update\"\n | \"pattern-reinforcement\";\n\n/**\n * Allowed values for the `derived_via` frontmatter field. Used by storage\n * validation to reject unknown operator values on write.\n */\nexport const CONSOLIDATION_OPERATORS: readonly ConsolidationOperator[] = [\n \"split\",\n \"merge\",\n \"update\",\n \"pattern-reinforcement\",\n] as const;\n\n/**\n * Regular expression for validating a single `derived_from` entry.\n *\n * Format: `<non-empty memory path>:<integer version >= 0>`. Matches the\n * `path:versionNumber` convention used by `page-versioning.ts` snapshots\n * (e.g. `\"facts/preferences.md:3\"`). The path portion is greedy-last so\n * paths that themselves contain a colon remain parseable — only the final\n * `:<digits>` is consumed as the version.\n */\nconst DERIVED_FROM_ENTRY_RE = /^(.+):(\\d+)$/;\n\n/**\n * Regular expression for validating a memory-id `derived_from` entry\n * (issue #687 PR 2/4). Pattern reinforcement records source memory IDs\n * directly rather than page-versioning snapshots, so we also need to\n * accept that shape.\n *\n * Memory IDs are alphanumeric with hyphens, underscores, or COLONS —\n * the namespace-prefixed form (e.g. `global:fact-abc-123`,\n * `entity:person-alice`) is a legitimate ID format already used\n * throughout the graph-retrieval code path (`stripDerivedFromVersion`).\n * The disambiguation against `<path>:<version>` is *not* \"no colons\n * allowed\" — it's \"the segment after the last colon must NOT be a\n * non-negative integer\" (PR #730 review feedback, Codex P1).\n *\n * Slashes and dots remain forbidden so paths cannot accidentally pass\n * as memory IDs.\n *\n * Exported so the consolidation-provenance integrity scanner (PR\n * #730 review feedback) can recognize bare memory IDs instead of\n * flagging them as malformed snapshot references.\n */\nexport const DERIVED_FROM_MEMORY_ID_RE = /^[A-Za-z0-9][A-Za-z0-9_:-]*$/;\n\n/**\n * Disambiguator: an entry is a `<path>:<version>` snapshot reference\n * iff it ends with `:<digits>` AND the left side contains a `/` or\n * `.` (path-shape). Without the path-shape requirement a legitimate\n * namespace-prefixed memory id like `global:42` would be silently\n * misinterpreted as a snapshot reference.\n *\n * This mirrors the precedence used by `stripDerivedFromVersion` in\n * `graph-retrieval.ts`: only strip the trailing `:<digits>` when the\n * left side actually looks like a stored path.\n */\nfunction looksLikeSnapshotEntry(entry: string): boolean {\n const match = entry.match(DERIVED_FROM_ENTRY_RE);\n if (!match) return false;\n const pathPart = match[1];\n // A real snapshot path always contains a directory separator or a\n // file extension dot. Memory IDs use neither.\n return pathPart.includes(\"/\") || pathPart.includes(\".\");\n}\n\n/**\n * Validate a `derived_from` entry string. Returns `true` for either\n * - the snapshot format `<non-empty path>:<integer >= 0>` (issue #561), or\n * - a memory-id of the form `[A-Za-z0-9][A-Za-z0-9_:-]*` (issue #687\n * PR 2/4 — used by pattern-reinforcement provenance). Memory IDs\n * may include `:` for namespace-prefixed forms like\n * `global:fact-abc-123` (PR #730 review feedback, Codex P1).\n *\n * Disambiguation rule: only treat the entry as `<path>:<version>` when\n * the trailing segment after the last `:` is a non-negative integer\n * AND the left side looks like a path (contains `/` or `.`).\n * Otherwise treat the entire string as a memory ID. This is the same\n * heuristic the graph retrieval path uses when splitting derived_from\n * references back into a memory id.\n *\n * Kept pure so storage and future CLI/doctor paths can share the same\n * validator.\n */\nexport function isValidDerivedFromEntry(entry: unknown): entry is string {\n if (typeof entry !== \"string\") return false;\n if (entry.length === 0) return false;\n // Snapshot format takes precedence ONLY when the left side looks\n // like a real path. This avoids misclassifying memory IDs whose\n // tail happens to be numeric (e.g. `global:42`).\n if (looksLikeSnapshotEntry(entry)) {\n const match = entry.match(DERIVED_FROM_ENTRY_RE);\n if (!match) return false;\n const pathPart = match[1];\n if (pathPart.length === 0 || pathPart.trim().length === 0) return false;\n const versionNum = Number(match[2]);\n return Number.isInteger(versionNum) && versionNum >= 0;\n }\n // Otherwise treat as a memory ID. Empty or `:`-only entries are\n // already excluded by the leading-alphanumeric requirement of the\n // regex.\n return DERIVED_FROM_MEMORY_ID_RE.test(entry);\n}\n\n/**\n * Type guard for `ConsolidationOperator`.\n */\nexport function isConsolidationOperator(value: unknown): value is ConsolidationOperator {\n return (\n typeof value === \"string\" &&\n (CONSOLIDATION_OPERATORS as readonly string[]).includes(value)\n );\n}\n\n/**\n * Narrow operator vocabulary for the LLM-driven semantic-consolidation\n * pass (issue #561 PR 3). This explicitly excludes\n * `\"pattern-reinforcement\"` (issue #687 PR 2/4), which is reserved for\n * the maintenance job and must NEVER be emitted by the consolidation\n * LLM. Without this narrow gate, a hallucinated\n * `{\"operator\":\"pattern-reinforcement\"}` response from the LLM would\n * write misleading provenance on a semantic-consolidation memory\n * (Cursor Bugbot review, PR #730 head `aa1c2a8`).\n */\nexport type SemanticConsolidationLlmOperator = \"split\" | \"merge\" | \"update\";\n\nconst SEMANTIC_CONSOLIDATION_LLM_OPERATORS: readonly SemanticConsolidationLlmOperator[] = [\n \"split\",\n \"merge\",\n \"update\",\n] as const;\n\n/**\n * Type guard restricted to the operator subset the\n * semantic-consolidation LLM is allowed to emit. Use this in any\n * code path that validates LLM output — `isConsolidationOperator` is\n * for validating values that came from disk / internal callers.\n */\nexport function isSemanticConsolidationLlmOperator(\n value: unknown,\n): value is SemanticConsolidationLlmOperator {\n return (\n typeof value === \"string\" &&\n (SEMANTIC_CONSOLIDATION_LLM_OPERATORS as readonly string[]).includes(value)\n );\n}\n"],"mappings":";AAyCO,IAAM,0BAA4D;AAAA,EACvE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAWA,IAAM,wBAAwB;AAuBvB,IAAM,4BAA4B;AAazC,SAAS,uBAAuB,OAAwB;AACtD,QAAM,QAAQ,MAAM,MAAM,qBAAqB;AAC/C,MAAI,CAAC,MAAO,QAAO;AACnB,QAAM,WAAW,MAAM,CAAC;AAGxB,SAAO,SAAS,SAAS,GAAG,KAAK,SAAS,SAAS,GAAG;AACxD;AAoBO,SAAS,wBAAwB,OAAiC;AACvE,MAAI,OAAO,UAAU,SAAU,QAAO;AACtC,MAAI,MAAM,WAAW,EAAG,QAAO;AAI/B,MAAI,uBAAuB,KAAK,GAAG;AACjC,UAAM,QAAQ,MAAM,MAAM,qBAAqB;AAC/C,QAAI,CAAC,MAAO,QAAO;AACnB,UAAM,WAAW,MAAM,CAAC;AACxB,QAAI,SAAS,WAAW,KAAK,SAAS,KAAK,EAAE,WAAW,EAAG,QAAO;AAClE,UAAM,aAAa,OAAO,MAAM,CAAC,CAAC;AAClC,WAAO,OAAO,UAAU,UAAU,KAAK,cAAc;AAAA,EACvD;AAIA,SAAO,0BAA0B,KAAK,KAAK;AAC7C;AAKO,SAAS,wBAAwB,OAAgD;AACtF,SACE,OAAO,UAAU,YAChB,wBAA8C,SAAS,KAAK;AAEjE;AAcA,IAAM,uCAAoF;AAAA,EACxF;AAAA,EACA;AAAA,EACA;AACF;AAQO,SAAS,mCACd,OAC2C;AAC3C,SACE,OAAO,UAAU,YAChB,qCAA2D,SAAS,KAAK;AAE9E;","names":[]}

package/dist/chunk-H7XKCNR6.js ADDED Viewed

@@ -0,0 +1,60 @@
+// src/recall-disclosure-escalation.ts
+var DISCLOSURE_ESCALATION_MODES = [
+  "manual",
+  "auto"
+];
+function isDisclosureEscalationMode(value) {
+  return typeof value === "string" && DISCLOSURE_ESCALATION_MODES.includes(value);
+}
+var DEFAULT_DISCLOSURE_ESCALATION_THRESHOLD = 0.5;
+function decideDisclosureEscalation(input) {
+  if (input.mode === "manual") {
+    return {
+      effective: input.originalDisclosure,
+      escalated: false,
+      reason: "escalation-mode=manual"
+    };
+  }
+  if (input.callerProvidedDisclosure) {
+    return {
+      effective: input.originalDisclosure,
+      escalated: false,
+      reason: "caller-explicit-disclosure"
+    };
+  }
+  if (input.originalDisclosure !== "chunk") {
+    return {
+      effective: input.originalDisclosure,
+      escalated: false,
+      reason: `original-disclosure=${input.originalDisclosure}-not-eligible-for-auto`
+    };
+  }
+  if (input.topKConfidence === void 0 || !Number.isFinite(input.topKConfidence)) {
+    return {
+      effective: input.originalDisclosure,
+      escalated: false,
+      reason: "no-top-k-confidence"
+    };
+  }
+  const threshold = Number.isFinite(input.threshold) && input.threshold >= 0 && input.threshold <= 1 ? input.threshold : DEFAULT_DISCLOSURE_ESCALATION_THRESHOLD;
+  if (input.topKConfidence < threshold) {
+    return {
+      effective: "section",
+      escalated: true,
+      reason: `top-k-confidence=${input.topKConfidence.toFixed(3)}<${threshold}`
+    };
+  }
+  return {
+    effective: input.originalDisclosure,
+    escalated: false,
+    reason: `top-k-confidence=${input.topKConfidence.toFixed(3)}>=${threshold}`
+  };
+}
+export {
+  DISCLOSURE_ESCALATION_MODES,
+  isDisclosureEscalationMode,
+  DEFAULT_DISCLOSURE_ESCALATION_THRESHOLD,
+  decideDisclosureEscalation
+};
+//# sourceMappingURL=chunk-H7XKCNR6.js.map

package/dist/chunk-H7XKCNR6.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/recall-disclosure-escalation.ts"],"sourcesContent":["/**\n * Recall disclosure auto-escalation policy (issue #677 PR 4/4).\n *\n * Pure helper that decides the *effective* disclosure depth for a recall\n * given the configured policy and the observed top-K confidence. Lives\n * outside `access-service.ts` so the decision logic can be unit-tested\n * exhaustively without booting an orchestrator.\n *\n * Policy summary:\n *\n * manual (default):\n * The caller's `disclosure` is honored verbatim. Auto-escalation\n * does not run.\n *\n * auto:\n * If the caller did NOT explicitly specify a disclosure (i.e. the\n * value in use is the system default) AND the recall's top-K\n * confidence falls below the configured threshold, escalate from\n * `chunk` to `section`. `raw` is never auto-selected — it requires\n * an explicit caller request because of its higher cost and the\n * LCM-archive read paths it activates. If the caller explicitly\n * passed a disclosure (even `chunk`), the policy respects that\n * choice and does not escalate.\n *\n * The threshold compares against `final` from the top result's score\n * decomposition. When the snapshot has no results or no scores, no\n * escalation fires (`undefined` confidence is treated as \"skip\" rather\n * than \"always escalate\").\n */\n\nimport type { RecallDisclosure } from \"./types.js\";\n\nexport type DisclosureEscalationMode = \"manual\" | \"auto\";\n\nexport const DISCLOSURE_ESCALATION_MODES: readonly DisclosureEscalationMode[] = [\n \"manual\",\n \"auto\",\n] as const;\n\nexport function isDisclosureEscalationMode(\n value: unknown,\n): value is DisclosureEscalationMode {\n return (\n typeof value === \"string\" &&\n (DISCLOSURE_ESCALATION_MODES as readonly string[]).includes(value)\n );\n}\n\n/**\n * Threshold defaults — applied when config-side coercion produces an\n * out-of-range or missing value. 0.5 is a deliberate midpoint:\n * confidently-served recalls (top-K >= 0.5) stay on the cheap chunk\n * tier; ambiguous recalls escalate to section.\n */\nexport const DEFAULT_DISCLOSURE_ESCALATION_THRESHOLD = 0.5;\n\nexport interface DisclosureEscalationDecision {\n /** The disclosure depth the caller should use to shape the response. */\n effective: RecallDisclosure;\n /**\n * `true` when the policy escalated from the original disclosure;\n * `false` when the original was kept (either by manual mode, by\n * caller explicit choice, or because confidence stayed above the\n * threshold).\n */\n escalated: boolean;\n /**\n * Human-readable reason for the decision. Always populated; surfaces\n * in operator-facing telemetry / debug paths.\n */\n reason: string;\n}\n\nexport interface DecideDisclosureEscalationInput {\n /** The mode from config (`manual` | `auto`). */\n mode: DisclosureEscalationMode;\n /** Threshold in [0, 1]; values outside this range fall back to the default. */\n threshold: number;\n /** Disclosure resolved at request time (after default-fill). */\n originalDisclosure: RecallDisclosure;\n /**\n * Whether the caller explicitly specified a disclosure value. Auto\n * mode only acts when the caller did NOT specify, so explicit\n * `chunk` requests are not silently upgraded.\n */\n callerProvidedDisclosure: boolean;\n /**\n * Top-K confidence (`final` score from the highest-ranked result),\n * or `undefined` when the snapshot has no scored results.\n */\n topKConfidence: number | undefined;\n}\n\n/**\n * Decide whether to escalate disclosure depth based on policy + signals.\n * Pure function — no IO, no state.\n */\nexport function decideDisclosureEscalation(\n input: DecideDisclosureEscalationInput,\n): DisclosureEscalationDecision {\n if (input.mode === \"manual\") {\n return {\n effective: input.originalDisclosure,\n escalated: false,\n reason: \"escalation-mode=manual\",\n };\n }\n\n if (input.callerProvidedDisclosure) {\n return {\n effective: input.originalDisclosure,\n escalated: false,\n reason: \"caller-explicit-disclosure\",\n };\n }\n\n // Only chunk → section auto-escalation is allowed. Section and raw\n // are never demoted; raw is never auto-selected.\n if (input.originalDisclosure !== \"chunk\") {\n return {\n effective: input.originalDisclosure,\n escalated: false,\n reason: `original-disclosure=${input.originalDisclosure}-not-eligible-for-auto`,\n };\n }\n\n if (\n input.topKConfidence === undefined ||\n !Number.isFinite(input.topKConfidence)\n ) {\n return {\n effective: input.originalDisclosure,\n escalated: false,\n reason: \"no-top-k-confidence\",\n };\n }\n\n const threshold =\n Number.isFinite(input.threshold) &&\n input.threshold >= 0 &&\n input.threshold <= 1\n ? input.threshold\n : DEFAULT_DISCLOSURE_ESCALATION_THRESHOLD;\n\n if (input.topKConfidence < threshold) {\n return {\n effective: \"section\",\n escalated: true,\n reason: `top-k-confidence=${input.topKConfidence.toFixed(3)}<${threshold}`,\n };\n }\n\n return {\n effective: input.originalDisclosure,\n escalated: false,\n reason: `top-k-confidence=${input.topKConfidence.toFixed(3)}>=${threshold}`,\n };\n}\n"],"mappings":";AAkCO,IAAM,8BAAmE;AAAA,EAC9E;AAAA,EACA;AACF;AAEO,SAAS,2BACd,OACmC;AACnC,SACE,OAAO,UAAU,YAChB,4BAAkD,SAAS,KAAK;AAErE;AAQO,IAAM,0CAA0C;AA2ChD,SAAS,2BACd,OAC8B;AAC9B,MAAI,MAAM,SAAS,UAAU;AAC3B,WAAO;AAAA,MACL,WAAW,MAAM;AAAA,MACjB,WAAW;AAAA,MACX,QAAQ;AAAA,IACV;AAAA,EACF;AAEA,MAAI,MAAM,0BAA0B;AAClC,WAAO;AAAA,MACL,WAAW,MAAM;AAAA,MACjB,WAAW;AAAA,MACX,QAAQ;AAAA,IACV;AAAA,EACF;AAIA,MAAI,MAAM,uBAAuB,SAAS;AACxC,WAAO;AAAA,MACL,WAAW,MAAM;AAAA,MACjB,WAAW;AAAA,MACX,QAAQ,uBAAuB,MAAM,kBAAkB;AAAA,IACzD;AAAA,EACF;AAEA,MACE,MAAM,mBAAmB,UACzB,CAAC,OAAO,SAAS,MAAM,cAAc,GACrC;AACA,WAAO;AAAA,MACL,WAAW,MAAM;AAAA,MACjB,WAAW;AAAA,MACX,QAAQ;AAAA,IACV;AAAA,EACF;AAEA,QAAM,YACJ,OAAO,SAAS,MAAM,SAAS,KAC/B,MAAM,aAAa,KACnB,MAAM,aAAa,IACf,MAAM,YACN;AAEN,MAAI,MAAM,iBAAiB,WAAW;AACpC,WAAO;AAAA,MACL,WAAW;AAAA,MACX,WAAW;AAAA,MACX,QAAQ,oBAAoB,MAAM,eAAe,QAAQ,CAAC,CAAC,IAAI,SAAS;AAAA,IAC1E;AAAA,EACF;AAEA,SAAO;AAAA,IACL,WAAW,MAAM;AAAA,IACjB,WAAW;AAAA,IACX,QAAQ,oBAAoB,MAAM,eAAe,QAAQ,CAAC,CAAC,KAAK,SAAS;AAAA,EAC3E;AACF;","names":[]}