npm - @sovr/engine - Versions diffs - 3.3.0 → 3.4.0 - Mend

@sovr/engine 3.3.0 → 3.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/index.mjs CHANGED Viewed

@@ -649,6 +649,1356 @@ var PricingRulesEngine = class {
   }
 };
+// src/recalculationEngine.ts
+var idCounter = 0;
+function genId(prefix) {
+  return `${prefix}_${Date.now()}_${++idCounter}`;
+}
+function simpleHash(data) {
+  let hash = 0;
+  for (let i = 0; i < data.length; i++) {
+    const char = data.charCodeAt(i);
+    hash = (hash << 5) - hash + char;
+    hash = hash & hash;
+  }
+  return "h_" + Math.abs(hash).toString(16).padStart(8, "0");
+}
+var RecalculationEngine = class {
+  tasks = /* @__PURE__ */ new Map();
+  consistencyResults = /* @__PURE__ */ new Map();
+  snapshots = /* @__PURE__ */ new Map();
+  handlers = /* @__PURE__ */ new Map();
+  config;
+  constructor(config = {}) {
+    this.config = { maxRangeDays: 30, ...config };
+  }
+  /** G3: Trigger recalculation */
+  triggerRecalculation(input) {
+    if (input.fromTs >= input.toTs) throw new Error("fromTs must be before toTs");
+    const maxMs = this.config.maxRangeDays * 864e5;
+    if (input.toTs - input.fromTs > maxMs) throw new Error(`Range exceeds ${this.config.maxRangeDays} days`);
+    const task = {
+      id: genId("recalc"),
+      tenantId: input.tenantId,
+      triggerType: input.triggerType,
+      triggeredBy: input.triggeredBy,
+      reason: input.reason,
+      fromTs: input.fromTs,
+      toTs: input.toTs,
+      granularity: input.granularity || "all",
+      incremental: input.incremental || false,
+      incrementalCheckpoint: input.incrementalCheckpoint,
+      status: "pending",
+      progress: 0,
+      bucketsProcessed: 0,
+      rowsUpserted: 0,
+      createdAt: Date.now(),
+      traceId: genId("trace")
+    };
+    this.tasks.set(task.id, task);
+    this.audit("recalc.triggered", { taskId: task.id, triggerType: task.triggerType, reason: task.reason });
+    return task;
+  }
+  /** Execute recalculation task */
+  async executeTask(taskId) {
+    const task = this.tasks.get(taskId);
+    if (!task) throw new Error(`Task not found: ${taskId}`);
+    if (task.status !== "pending") throw new Error(`Task not pending: ${task.status}`);
+    task.status = "running";
+    task.startedAt = Date.now();
+    this.audit("recalc.started", { taskId: task.id });
+    try {
+      const preSnapshot = this.createSnapshot(task.tenantId, "pre_recalc", task.id);
+      const handler = this.handlers.get(task.granularity);
+      if (handler) {
+        const result = await handler(task);
+        task.bucketsProcessed = result.bucketsProcessed;
+        task.rowsUpserted = result.rowsUpserted;
+        const postSnapshot = this.createSnapshot(task.tenantId, "post_recalc", task.id, result.metrics);
+        task.consistencyResult = this.verifyConsistency(task.id, preSnapshot, postSnapshot, result.metrics);
+      } else {
+        const segmentMs = task.granularity === "5m" ? 3e5 : task.granularity === "1h" ? 36e5 : task.granularity === "1d" ? 864e5 : 36e5;
+        const totalSegments = Math.ceil((task.toTs - task.fromTs) / segmentMs);
+        task.bucketsProcessed = totalSegments;
+        task.progress = 100;
+      }
+      task.status = "completed";
+      task.completedAt = Date.now();
+      task.progress = 100;
+      this.audit("recalc.completed", {
+        taskId: task.id,
+        bucketsProcessed: task.bucketsProcessed,
+        durationMs: task.completedAt - (task.startedAt || 0),
+        consistencyRate: task.consistencyResult?.consistencyRate
+      });
+      return task;
+    } catch (error) {
+      task.status = "failed";
+      task.error = error instanceof Error ? error.message : "Unknown error";
+      task.completedAt = Date.now();
+      this.audit("recalc.failed", { taskId: task.id, error: task.error });
+      return task;
+    }
+  }
+  /** G4: Verify consistency */
+  verifyConsistency(taskId, preSnapshot, postSnapshot, recalculatedMetrics) {
+    const mismatches = [];
+    const metrics = recalculatedMetrics || postSnapshot.metrics;
+    let totalComparisons = 0;
+    let matchCount = 0;
+    for (const [metric, recalcValue] of Object.entries(metrics)) {
+      const currentValue = preSnapshot.metrics[metric];
+      if (currentValue === void 0) continue;
+      totalComparisons++;
+      const deviation = Math.abs(recalcValue - currentValue);
+      const deviationPercent = currentValue !== 0 ? deviation / Math.abs(currentValue) * 100 : recalcValue !== 0 ? 100 : 0;
+      if (deviationPercent < 0.01) {
+        matchCount++;
+      } else {
+        mismatches.push({
+          metric,
+          bucket: `${preSnapshot.id} \u2192 ${postSnapshot.id}`,
+          currentValue,
+          recalculatedValue: recalcValue,
+          deviation,
+          deviationPercent: Math.round(deviationPercent * 100) / 100,
+          severity: deviationPercent > 10 ? "critical" : deviationPercent > 5 ? "high" : deviationPercent > 1 ? "medium" : "low"
+        });
+      }
+    }
+    const consistencyRate = totalComparisons > 0 ? Math.round(matchCount / totalComparisons * 1e4) / 100 : 100;
+    const verificationHash = simpleHash(JSON.stringify({ taskId, pre: preSnapshot.hash, post: postSnapshot.hash, mismatches }));
+    const result = {
+      id: genId("cr"),
+      taskId,
+      status: mismatches.length === 0 ? "consistent" : consistencyRate > 95 ? "partial" : "inconsistent",
+      totalComparisons,
+      matchCount,
+      mismatchCount: mismatches.length,
+      consistencyRate,
+      mismatches,
+      verifiedAt: Date.now(),
+      verificationHash
+    };
+    this.consistencyResults.set(result.id, result);
+    this.audit("recalc.consistency_check", { taskId, consistencyRate, mismatchCount: mismatches.length, status: result.status });
+    return result;
+  }
+  /** G5: Incremental recalculation */
+  triggerIncremental(input) {
+    const completed = Array.from(this.tasks.values()).filter((t) => t.tenantId === input.tenantId && t.status === "completed").sort((a, b) => (b.completedAt || 0) - (a.completedAt || 0));
+    const last = completed[0];
+    const fromTs = last ? last.toTs : Date.now() - 864e5;
+    return this.triggerRecalculation({
+      tenantId: input.tenantId,
+      triggerType: "manual",
+      triggeredBy: input.triggeredBy,
+      reason: input.reason,
+      fromTs,
+      toTs: Date.now(),
+      granularity: input.granularity,
+      incremental: true,
+      incrementalCheckpoint: last?.id
+    });
+  }
+  /** Create aggregate snapshot */
+  createSnapshot(tenantId, snapshotType, taskId, metrics) {
+    const m = metrics || {};
+    const snapshot = {
+      id: genId("snap"),
+      tenantId,
+      snapshotType,
+      taskId,
+      metrics: m,
+      hash: simpleHash(JSON.stringify(m)),
+      createdAt: Date.now()
+    };
+    this.snapshots.set(snapshot.id, snapshot);
+    return snapshot;
+  }
+  /** Register recalculation handler */
+  registerHandler(granularity, handler) {
+    this.handlers.set(granularity, handler);
+  }
+  /** Query functions */
+  getTask(taskId) {
+    return this.tasks.get(taskId);
+  }
+  getTasks(tenantId, limit = 20) {
+    return Array.from(this.tasks.values()).filter((t) => t.tenantId === tenantId).sort((a, b) => b.createdAt - a.createdAt).slice(0, limit);
+  }
+  getConsistencyResult(taskId) {
+    return Array.from(this.consistencyResults.values()).find((r) => r.taskId === taskId);
+  }
+  getSnapshot(snapshotId) {
+    return this.snapshots.get(snapshotId);
+  }
+  cancelTask(taskId) {
+    const task = this.tasks.get(taskId);
+    if (!task || task.status !== "pending") return false;
+    task.status = "cancelled";
+    return true;
+  }
+  audit(type, details) {
+    if (this.config.onAudit) {
+      this.config.onAudit({ type, details, timestamp: Date.now() });
+    }
+  }
+};
+function createRecalculationEngine(config) {
+  return new RecalculationEngine(config);
+}
+// src/autoHarden.ts
+var LEVEL_PRIORITY = {
+  normal: 0,
+  elevated: 1,
+  hardened: 2,
+  lockdown: 3
+};
+var DEFAULT_CONFIG = {
+  enabled: true,
+  levelMeasures: {
+    normal: [],
+    elevated: ["enhanced_audit", "alert_admin"],
+    hardened: ["gate_level_upgrade", "rate_limit_reduce", "enhanced_audit", "alert_admin"],
+    lockdown: ["gate_level_upgrade", "rate_limit_reduce", "enhanced_audit", "ip_block", "session_invalidate", "feature_disable", "alert_admin"]
+  },
+  autoRollbackMs: 30 * 60 * 1e3,
+  rateLimitReductionFactor: 0.25,
+  notifyAdmin: true
+};
+var idCounter2 = 0;
+function genId2(prefix) {
+  return `${prefix}_${Date.now()}_${++idCounter2}`;
+}
+var AutoHardenEngine = class {
+  states = /* @__PURE__ */ new Map();
+  history = [];
+  config;
+  rollbackTimers = /* @__PURE__ */ new Map();
+  maxHistory = 1e3;
+  constructor(config = {}) {
+    this.config = { ...DEFAULT_CONFIG, ...config };
+  }
+  /** Get tenant harden state */
+  getState(tenantId) {
+    return this.states.get(tenantId) || { currentLevel: "normal", activeMeasures: [] };
+  }
+  /** Get current harden level */
+  getLevel(tenantId) {
+    return this.getState(tenantId).currentLevel;
+  }
+  /** Auto-harden (main entry) */
+  async harden(input) {
+    if (!this.config.enabled) throw new Error("AutoHarden is disabled");
+    const state = this.getState(input.tenantId);
+    const traceId = genId2("trace");
+    const targetLevel = input.targetLevel || this.determineLevel(
+      input.manipulationScore || 0,
+      input.reasonCodes || []
+    );
+    if (LEVEL_PRIORITY[targetLevel] <= LEVEL_PRIORITY[state.currentLevel]) {
+      const event2 = {
+        id: genId2("harden"),
+        tenantId: input.tenantId,
+        triggeredBy: input.triggeredBy,
+        reason: `Already at ${state.currentLevel}, target ${targetLevel} skipped`,
+        previousLevel: state.currentLevel,
+        newLevel: state.currentLevel,
+        measures: [],
+        createdAt: Date.now(),
+        rolledBack: false,
+        traceId
+      };
+      this.history.push(event2);
+      return event2;
+    }
+    const measures = this.applyMeasures(input.tenantId, targetLevel);
+    const previousLevel = state.currentLevel;
+    state.currentLevel = targetLevel;
+    state.activeMeasures = measures;
+    state.hardenedSince = Date.now();
+    if (this.config.autoRollbackMs > 0) {
+      state.expectedRollbackAt = Date.now() + this.config.autoRollbackMs;
+      this.scheduleAutoRollback(input.tenantId, this.config.autoRollbackMs);
+    }
+    this.states.set(input.tenantId, state);
+    const event = {
+      id: genId2("harden"),
+      tenantId: input.tenantId,
+      triggeredBy: input.triggeredBy,
+      reason: input.reason,
+      previousLevel,
+      newLevel: targetLevel,
+      measures,
+      createdAt: Date.now(),
+      rolledBack: false,
+      traceId
+    };
+    this.history.push(event);
+    if (this.history.length > this.maxHistory) this.history.shift();
+    state.lastEvent = event;
+    this.audit(event.rolledBack ? "HARDEN_ROLLBACK" : "HARDEN_ACTIVATED", {
+      tenantId: event.tenantId,
+      previousLevel,
+      newLevel: targetLevel,
+      measuresCount: measures.length,
+      measures: measures.map((m) => m.type)
+    });
+    if (this.config.notifyAdmin && this.config.onNotifyAdmin) {
+      try {
+        await this.config.onNotifyAdmin(event);
+      } catch {
+      }
+    }
+    return event;
+  }
+  /** Manual rollback */
+  async rollback(tenantId, rolledBackBy, reason) {
+    const state = this.getState(tenantId);
+    if (state.currentLevel === "normal") throw new Error("Already at normal level");
+    const timer = this.rollbackTimers.get(tenantId);
+    if (timer) {
+      clearTimeout(timer);
+      this.rollbackTimers.delete(tenantId);
+    }
+    const previousLevel = state.currentLevel;
+    const event = {
+      id: genId2("harden"),
+      tenantId,
+      triggeredBy: rolledBackBy,
+      reason: reason || `Manual rollback from ${previousLevel}`,
+      previousLevel,
+      newLevel: "normal",
+      measures: state.activeMeasures.map((m) => ({ ...m, rolledBackAt: Date.now() })),
+      createdAt: Date.now(),
+      rolledBack: true,
+      rolledBackAt: Date.now(),
+      traceId: genId2("trace")
+    };
+    state.currentLevel = "normal";
+    state.activeMeasures = [];
+    state.hardenedSince = void 0;
+    state.expectedRollbackAt = void 0;
+    state.lastEvent = event;
+    this.states.set(tenantId, state);
+    this.history.push(event);
+    this.audit("HARDEN_ROLLBACK", { tenantId, previousLevel, rolledBackBy });
+    return event;
+  }
+  /** Update config */
+  updateConfig(config) {
+    this.config = { ...this.config, ...config };
+    return this.config;
+  }
+  /** Get config */
+  getConfig() {
+    return { ...this.config };
+  }
+  /** Get history */
+  getHistory(tenantId, limit = 50) {
+    const filtered = tenantId ? this.history.filter((e) => e.tenantId === tenantId) : this.history;
+    return filtered.slice(-limit);
+  }
+  /** Get all active hardened states */
+  getActiveStates() {
+    const result = [];
+    this.states.forEach((state, tenantId) => {
+      if (state.currentLevel !== "normal") result.push({ tenantId, state });
+    });
+    return result;
+  }
+  /** Cleanup timers */
+  destroy() {
+    this.rollbackTimers.forEach((t) => clearTimeout(t));
+    this.rollbackTimers.clear();
+  }
+  // Internal
+  determineLevel(score, reasonCodes) {
+    if (reasonCodes.some((c) => c.startsWith("CRIT_"))) return "lockdown";
+    if (score >= 0.8) return "lockdown";
+    if (score >= 0.5) return "hardened";
+    if (score >= 0.3) return "elevated";
+    return "normal";
+  }
+  applyMeasures(tenantId, level) {
+    const types = this.config.levelMeasures[level];
+    return types.map((type) => ({
+      id: genId2("measure"),
+      type,
+      description: this.getMeasureDescription(type, level),
+      applied: true,
+      appliedAt: Date.now()
+    }));
+  }
+  getMeasureDescription(type, level) {
+    const d = {
+      gate_level_upgrade: `Gate approval level upgraded to ${level}`,
+      rate_limit_reduce: `Rate limit reduced to ${this.config.rateLimitReductionFactor * 100}%`,
+      enhanced_audit: "Enhanced audit mode enabled (full recording)",
+      ip_block: "Suspicious IPs blocked",
+      session_invalidate: "All active sessions invalidated",
+      feature_disable: "Non-essential features disabled",
+      alert_admin: "Admin security alert sent"
+    };
+    return d[type] || type;
+  }
+  scheduleAutoRollback(tenantId, delayMs) {
+    const existing = this.rollbackTimers.get(tenantId);
+    if (existing) clearTimeout(existing);
+    const timer = setTimeout(async () => {
+      try {
+        await this.rollback(tenantId, "system:auto_rollback", "Auto rollback after timeout");
+      } catch {
+      }
+      this.rollbackTimers.delete(tenantId);
+    }, delayMs);
+    this.rollbackTimers.set(tenantId, timer);
+  }
+  audit(type, details) {
+    if (this.config.onAudit) {
+      this.config.onAudit({ type, details, timestamp: Date.now() });
+    }
+  }
+};
+function createAutoHardenEngine(config) {
+  return new AutoHardenEngine(config);
+}
+// src/costEstimator.ts
+var DEFAULT_MODEL_PRICING = [
+  {
+    modelId: "gpt-4o",
+    modelName: "GPT-4o",
+    inputPricePerKToken: 25e-4,
+    outputPricePerKToken: 0.01,
+    cachedInputPricePerKToken: 125e-5,
+    maxContextLength: 128e3,
+    updatedAt: /* @__PURE__ */ new Date("2025-01-01")
+  },
+  {
+    modelId: "gpt-4o-mini",
+    modelName: "GPT-4o Mini",
+    inputPricePerKToken: 15e-5,
+    outputPricePerKToken: 6e-4,
+    cachedInputPricePerKToken: 75e-6,
+    maxContextLength: 128e3,
+    updatedAt: /* @__PURE__ */ new Date("2025-01-01")
+  },
+  {
+    modelId: "claude-3.5-sonnet",
+    modelName: "Claude 3.5 Sonnet",
+    inputPricePerKToken: 3e-3,
+    outputPricePerKToken: 0.015,
+    cachedInputPricePerKToken: 3e-4,
+    maxContextLength: 2e5,
+    updatedAt: /* @__PURE__ */ new Date("2025-01-01")
+  },
+  {
+    modelId: "claude-3.5-haiku",
+    modelName: "Claude 3.5 Haiku",
+    inputPricePerKToken: 8e-4,
+    outputPricePerKToken: 4e-3,
+    cachedInputPricePerKToken: 8e-5,
+    maxContextLength: 2e5,
+    updatedAt: /* @__PURE__ */ new Date("2025-01-01")
+  },
+  {
+    modelId: "gemini-2.0-flash",
+    modelName: "Gemini 2.0 Flash",
+    inputPricePerKToken: 1e-4,
+    outputPricePerKToken: 4e-4,
+    maxContextLength: 1e6,
+    updatedAt: /* @__PURE__ */ new Date("2025-01-01")
+  }
+];
+var DEFAULT_TOOL_PRICING = [
+  { toolId: "web_search", toolName: "Web Search", costPerCall: 5e-3, multiplier: 1, updatedAt: /* @__PURE__ */ new Date() },
+  { toolId: "code_exec", toolName: "Code Execution", costPerCall: 2e-3, multiplier: 1, updatedAt: /* @__PURE__ */ new Date() },
+  { toolId: "file_read", toolName: "File Read", costPerCall: 1e-3, multiplier: 1, updatedAt: /* @__PURE__ */ new Date() },
+  { toolId: "db_query", toolName: "Database Query", costPerCall: 3e-3, multiplier: 1, updatedAt: /* @__PURE__ */ new Date() },
+  { toolId: "api_call", toolName: "External API Call", costPerCall: 0.01, multiplier: 1.5, updatedAt: /* @__PURE__ */ new Date() }
+];
+var DEFAULT_HUMAN_RATES = [
+  { level: "standard", hourlyRate: 50, avgReviewMinutes: 5 },
+  { level: "senior", hourlyRate: 100, avgReviewMinutes: 10 },
+  { level: "executive", hourlyRate: 200, avgReviewMinutes: 15 }
+];
+var modelPricing = [...DEFAULT_MODEL_PRICING];
+var toolPricing = [...DEFAULT_TOOL_PRICING];
+var humanRates = [...DEFAULT_HUMAN_RATES];
+var accuracyRecords = [];
+var MAX_ACCURACY_RECORDS = 1e4;
+function estimateCost(request) {
+  const id = `est_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`;
+  const model = modelPricing.find((m) => m.modelId === request.modelId) || modelPricing[0];
+  const inputCost = request.estimatedInputTokens / 1e3 * model.inputPricePerKToken;
+  const outputCost = request.estimatedOutputTokens / 1e3 * model.outputPricePerKToken;
+  const modelCostTotal = inputCost + outputCost;
+  const toolItems = [];
+  let toolCostTotal = 0;
+  if (request.toolCalls) {
+    for (const tc of request.toolCalls) {
+      const tool = toolPricing.find((t) => t.toolId === tc.toolId);
+      if (tool) {
+        const total = tc.estimatedCalls * tool.costPerCall * tool.multiplier;
+        toolItems.push({
+          toolId: tc.toolId,
+          calls: tc.estimatedCalls,
+          costPerCall: tool.costPerCall,
+          total
+        });
+        toolCostTotal += total;
+      }
+    }
+  }
+  let humanCost = null;
+  if (request.requiresHumanReview) {
+    const rate = humanRates.find((r) => r.level === (request.humanReviewLevel || "standard")) || humanRates[0];
+    const humanTotal = rate.avgReviewMinutes / 60 * rate.hourlyRate;
+    humanCost = {
+      level: rate.level,
+      hourlyRate: rate.hourlyRate,
+      estimatedMinutes: rate.avgReviewMinutes,
+      total: humanTotal
+    };
+  }
+  const totalCost = modelCostTotal + toolCostTotal + (humanCost?.total || 0);
+  const avgDeviation = getAverageDeviation();
+  const confidence = {
+    low: totalCost * (1 - avgDeviation),
+    high: totalCost * (1 + avgDeviation),
+    level: Math.max(0, 1 - avgDeviation)
+  };
+  return {
+    id,
+    modelCost: {
+      inputCost: Math.round(inputCost * 1e6) / 1e6,
+      outputCost: Math.round(outputCost * 1e6) / 1e6,
+      total: Math.round(modelCostTotal * 1e6) / 1e6
+    },
+    toolCost: {
+      items: toolItems,
+      total: Math.round(toolCostTotal * 1e6) / 1e6
+    },
+    humanCost,
+    totalCost: Math.round(totalCost * 1e6) / 1e6,
+    confidence,
+    estimatedAt: /* @__PURE__ */ new Date()
+  };
+}
+function recordActualCost(estimateId, actualCost) {
+  const record = {
+    estimateId,
+    estimatedCost: 0,
+    // 需要外部传入
+    actualCost,
+    deviation: 0,
+    deviationPercent: 0,
+    recordedAt: /* @__PURE__ */ new Date()
+  };
+  accuracyRecords.push(record);
+  if (accuracyRecords.length > MAX_ACCURACY_RECORDS) accuracyRecords.shift();
+  return record;
+}
+function getAverageDeviation() {
+  if (accuracyRecords.length === 0) return 0.3;
+  const deviations = accuracyRecords.filter((r) => r.estimatedCost > 0).map((r) => Math.abs(r.deviationPercent));
+  if (deviations.length === 0) return 0.3;
+  return deviations.reduce((sum, d) => sum + d, 0) / deviations.length / 100;
+}
+function updateModelPricing(pricing) {
+  const index = modelPricing.findIndex((m) => m.modelId === pricing.modelId);
+  if (index >= 0) {
+    modelPricing[index] = pricing;
+  } else {
+    modelPricing.push(pricing);
+  }
+}
+function updateToolPricing(pricing) {
+  const index = toolPricing.findIndex((t) => t.toolId === pricing.toolId);
+  if (index >= 0) {
+    toolPricing[index] = pricing;
+  } else {
+    toolPricing.push(pricing);
+  }
+}
+function getModelPricingTable() {
+  return [...modelPricing];
+}
+function getToolPricingTable() {
+  return [...toolPricing];
+}
+function getAccuracyStats() {
+  const avgDev = getAverageDeviation();
+  return {
+    totalRecords: accuracyRecords.length,
+    avgDeviation: avgDev,
+    avgDeviationPercent: avgDev * 100,
+    confidenceLevel: Math.max(0, 1 - avgDev)
+  };
+}
+// src/semanticDriftDetector.ts
+var DEFAULT_CONFIG2 = {
+  lowThreshold: 0.1,
+  mediumThreshold: 0.3,
+  highThreshold: 0.5,
+  criticalThreshold: 0.7,
+  onDriftDetected: void 0,
+  onAudit: void 0
+};
+var SemanticDriftDetectorEngine = class {
+  fingerprints = /* @__PURE__ */ new Map();
+  history = [];
+  config;
+  constructor(config = {}) {
+    this.config = { ...DEFAULT_CONFIG2, ...config };
+  }
+  /**
+   * 计算策略语义指纹
+   */
+  computeFingerprint(snapshot) {
+    const rules = snapshot.rules;
+    const resourceSet = [...new Set(rules.map((r) => r.resource))].sort();
+    const actionSet = [...new Set(rules.map((r) => r.action))].sort();
+    const fingerprint = {
+      version: snapshot.version,
+      hash: this.hashRules(rules),
+      ruleCount: rules.length,
+      allowCount: rules.filter((r) => r.decision === "ALLOW").length,
+      denyCount: rules.filter((r) => r.decision === "DENY").length,
+      reviewCount: rules.filter((r) => r.decision === "REVIEW").length,
+      resourceSet,
+      actionSet,
+      conditionDepth: this.maxConditionDepth(rules),
+      timestamp: Date.now()
+    };
+    this.fingerprints.set(snapshot.version, fingerprint);
+    return fingerprint;
+  }
+  /**
+   * 检测两个版本间的语义漂移
+   */
+  detectDrift(from, to) {
+    const fromRuleMap = new Map(from.rules.map((r) => [r.id, r]));
+    const toRuleMap = new Map(to.rules.map((r) => [r.id, r]));
+    const addedRules = [];
+    const removedRules = [];
+    const modifiedRules = [];
+    const decisionChanges = [];
+    for (const [id, toRule] of toRuleMap) {
+      const fromRule = fromRuleMap.get(id);
+      if (!fromRule) {
+        addedRules.push(id);
+      } else if (this.ruleChanged(fromRule, toRule)) {
+        modifiedRules.push(id);
+        if (fromRule.decision !== toRule.decision) {
+          decisionChanges.push({ ruleId: id, from: fromRule.decision, to: toRule.decision });
+        }
+      }
+    }
+    for (const id of fromRuleMap.keys()) {
+      if (!toRuleMap.has(id)) {
+        removedRules.push(id);
+      }
+    }
+    const fromResources = new Set(from.rules.map((r) => r.resource));
+    const toResources = new Set(to.rules.map((r) => r.resource));
+    const newResources = [...toResources].filter((r) => !fromResources.has(r));
+    const removedResources = [...fromResources].filter((r) => !toResources.has(r));
+    const totalRules = Math.max(from.rules.length, to.rules.length, 1);
+    const changeCount = addedRules.length + removedRules.length + modifiedRules.length;
+    const decisionWeight = decisionChanges.length * 2;
+    const driftScore = Math.min(1, (changeCount + decisionWeight) / totalRules);
+    let severity = "none";
+    if (driftScore >= this.config.criticalThreshold) severity = "critical";
+    else if (driftScore >= this.config.highThreshold) severity = "high";
+    else if (driftScore >= this.config.mediumThreshold) severity = "medium";
+    else if (driftScore >= this.config.lowThreshold) severity = "low";
+    const result = {
+      fromVersion: from.version,
+      toVersion: to.version,
+      driftScore,
+      ruleCountDelta: to.rules.length - from.rules.length,
+      addedRules,
+      removedRules,
+      modifiedRules,
+      decisionChanges,
+      newResources,
+      removedResources,
+      severity,
+      timestamp: Date.now()
+    };
+    this.history.push(result);
+    if (severity !== "none" && this.config.onDriftDetected) {
+      this.config.onDriftDetected(result);
+    }
+    if (this.config.onAudit) {
+      this.config.onAudit({
+        type: "drift_detected",
+        details: { fromVersion: from.version, toVersion: to.version, driftScore, severity },
+        timestamp: Date.now()
+      });
+    }
+    return result;
+  }
+  /**
+   * 获取漂移历史
+   */
+  getDriftHistory() {
+    return [...this.history];
+  }
+  /**
+   * 获取指纹
+   */
+  getFingerprint(version) {
+    return this.fingerprints.get(version) ?? null;
+  }
+  /**
+   * 获取漂移趋势
+   */
+  getDriftTrend() {
+    return this.history.map((h) => ({
+      version: h.toVersion,
+      driftScore: h.driftScore,
+      timestamp: h.timestamp
+    }));
+  }
+  // ============================================
+  // 私有方法
+  // ============================================
+  hashRules(rules) {
+    const sorted = [...rules].sort((a, b) => a.id.localeCompare(b.id));
+    const str = sorted.map((r) => `${r.id}:${r.action}:${r.resource}:${r.decision}:${r.priority}`).join("|");
+    let hash = 0;
+    for (let i = 0; i < str.length; i++) {
+      const char = str.charCodeAt(i);
+      hash = (hash << 5) - hash + char;
+      hash = hash & hash;
+    }
+    return "fp_" + Math.abs(hash).toString(16).padStart(8, "0");
+  }
+  ruleChanged(a, b) {
+    return a.action !== b.action || a.resource !== b.resource || a.decision !== b.decision || a.priority !== b.priority || JSON.stringify(a.conditions) !== JSON.stringify(b.conditions);
+  }
+  maxConditionDepth(rules) {
+    let max = 0;
+    for (const r of rules) {
+      if (r.conditions) {
+        max = Math.max(max, this.objectDepth(r.conditions));
+      }
+    }
+    return max;
+  }
+  objectDepth(obj, depth = 0) {
+    let max = depth;
+    for (const val of Object.values(obj)) {
+      if (val && typeof val === "object" && !Array.isArray(val)) {
+        max = Math.max(max, this.objectDepth(val, depth + 1));
+      }
+    }
+    return max;
+  }
+};
+function createSemanticDriftDetector(config) {
+  return new SemanticDriftDetectorEngine(config);
+}
+// src/costGateEnhanced.ts
+var DEFAULT_CONFIG3 = {
+  defaultBudgetUsd: 100,
+  warningThreshold: 0.8,
+  criticalThreshold: 0.95,
+  humanReviewHourlyRateUsd: 50,
+  toolCosts: [],
+  onAudit: void 0,
+  onBudgetExceeded: void 0
+};
+var CostGateEnhancedEngine = class {
+  records = [];
+  budgets = /* @__PURE__ */ new Map();
+  // tenantId → budgetUsd
+  config;
+  toolCostMap = /* @__PURE__ */ new Map();
+  constructor(config = {}) {
+    this.config = { ...DEFAULT_CONFIG3, ...config };
+    for (const tc of this.config.toolCosts) {
+      this.toolCostMap.set(tc.toolName, tc);
+    }
+  }
+  /**
+   * E2: 记录成本并生成汇总
+   */
+  recordCost(record) {
+    this.records.push(record);
+    this.audit("cost_recorded", record.tenantId, { record });
+    return this.checkBudget(record.tenantId, record.agentId, record.action);
+  }
+  /**
+   * E2: 获取成本汇总（滑动窗口）
+   */
+  getCostSummary(tenantId, period) {
+    const now = Date.now();
+    const periodMs = {
+      "1h": 36e5,
+      "24h": 864e5,
+      "7d": 6048e5,
+      "30d": 2592e6
+    };
+    const startTime = now - (periodMs[period] || 864e5);
+    const filtered = this.records.filter((r) => r.tenantId === tenantId && r.timestamp >= startTime);
+    const byCategory = {
+      llm_inference: 0,
+      tool_call: 0,
+      human_review: 0,
+      storage: 0,
+      network: 0,
+      compute: 0,
+      other: 0
+    };
+    const byAgent = {};
+    const byTool = {};
+    let totalCostUsd = 0;
+    for (const r of filtered) {
+      totalCostUsd += r.costUsd;
+      byCategory[r.category] = (byCategory[r.category] || 0) + r.costUsd;
+      byAgent[r.agentId] = (byAgent[r.agentId] || 0) + r.costUsd;
+      if (r.toolName) {
+        byTool[r.toolName] = (byTool[r.toolName] || 0) + r.costUsd;
+      }
+    }
+    this.audit("summary_generated", tenantId, { period, totalCostUsd, recordCount: filtered.length });
+    return {
+      period,
+      totalCostUsd,
+      byCategory,
+      byAgent,
+      byTool,
+      recordCount: filtered.length,
+      avgCostPerAction: filtered.length > 0 ? totalCostUsd / filtered.length : 0,
+      startTime,
+      endTime: now
+    };
+  }
+  /**
+   * E7: getDailyCostStats — 按天统计
+   */
+  getDailyCostStats(tenantId, days = 30) {
+    const now = Date.now();
+    const startTime = now - days * 864e5;
+    const filtered = this.records.filter((r) => r.tenantId === tenantId && r.timestamp >= startTime);
+    const dailyMap = /* @__PURE__ */ new Map();
+    for (const r of filtered) {
+      const date = new Date(r.timestamp).toISOString().split("T")[0];
+      if (!dailyMap.has(date)) {
+        dailyMap.set(date, { records: [], agents: /* @__PURE__ */ new Set() });
+      }
+      const day = dailyMap.get(date);
+      day.records.push(r);
+      day.agents.add(r.agentId);
+    }
+    const budget = this.budgets.get(tenantId) ?? this.config.defaultBudgetUsd;
+    const dailyBudget = budget / 30;
+    return Array.from(dailyMap.entries()).map(([date, { records, agents }]) => {
+      const byCategory = {
+        llm_inference: 0,
+        tool_call: 0,
+        human_review: 0,
+        storage: 0,
+        network: 0,
+        compute: 0,
+        other: 0
+      };
+      let totalCostUsd = 0;
+      for (const r of records) {
+        totalCostUsd += r.costUsd;
+        byCategory[r.category] = (byCategory[r.category] || 0) + r.costUsd;
+      }
+      return {
+        date,
+        totalCostUsd,
+        byCategory,
+        actionCount: records.length,
+        uniqueAgents: agents.size,
+        budgetUtilization: dailyBudget > 0 ? totalCostUsd / dailyBudget : 0
+      };
+    }).sort((a, b) => a.date.localeCompare(b.date));
+  }
+  /**
+   * E9: 计算工具调用成本
+   */
+  calculateToolCost(toolName, tokenCount) {
+    const config = this.toolCostMap.get(toolName);
+    if (!config) return 1e-3;
+    let cost = config.baseCostUsd + config.perCallCostUsd;
+    if (tokenCount && config.perTokenCostUsd) {
+      cost += tokenCount * config.perTokenCostUsd;
+    }
+    if (config.maxCostPerCallUsd) {
+      cost = Math.min(cost, config.maxCostPerCallUsd);
+    }
+    return cost;
+  }
+  /**
+   * E10: 计算人工审批成本
+   */
+  calculateHumanReviewCost(waitTimeMs, reviewTimeMs) {
+    const totalTimeMs = waitTimeMs + reviewTimeMs;
+    const hours = totalTimeMs / 36e5;
+    const costUsd = hours * this.config.humanReviewHourlyRateUsd;
+    return {
+      reviewId: `review_${Date.now()}`,
+      reviewerType: "human",
+      waitTimeMs,
+      reviewTimeMs,
+      costUsd: Math.round(costUsd * 1e4) / 1e4,
+      hourlyRateUsd: this.config.humanReviewHourlyRateUsd
+    };
+  }
+  /**
+   * 设置租户预算
+   */
+  setBudget(tenantId, budgetUsd) {
+    this.budgets.set(tenantId, budgetUsd);
+  }
+  /**
+   * 获取租户预算使用率
+   */
+  getBudgetUtilization(tenantId) {
+    const budget = this.budgets.get(tenantId) ?? this.config.defaultBudgetUsd;
+    const summary = this.getCostSummary(tenantId, "30d");
+    return {
+      used: summary.totalCostUsd,
+      limit: budget,
+      utilization: budget > 0 ? summary.totalCostUsd / budget : 0
+    };
+  }
+  // ============================================
+  // 私有方法
+  // ============================================
+  checkBudget(tenantId, agentId, action) {
+    const budget = this.budgets.get(tenantId) ?? this.config.defaultBudgetUsd;
+    const summary = this.getCostSummary(tenantId, "30d");
+    const utilization = budget > 0 ? summary.totalCostUsd / budget : 0;
+    if (utilization >= 1) {
+      const event = {
+        code: "BUDGET_EXCEEDED",
+        tenantId,
+        agentId,
+        action,
+        currentCostUsd: summary.totalCostUsd,
+        budgetLimitUsd: budget,
+        overage: summary.totalCostUsd - budget,
+        period: "30d",
+        timestamp: Date.now(),
+        severity: "blocked"
+      };
+      this.audit("budget_exceeded", tenantId, { event });
+      if (this.config.onBudgetExceeded) this.config.onBudgetExceeded(event);
+      return event;
+    }
+    if (utilization >= this.config.criticalThreshold) {
+      this.audit("budget_critical", tenantId, { utilization, budget });
+    } else if (utilization >= this.config.warningThreshold) {
+      this.audit("budget_warning", tenantId, { utilization, budget });
+    }
+    return null;
+  }
+  audit(type, tenantId, details) {
+    if (this.config.onAudit) {
+      this.config.onAudit({ type, tenantId, details, timestamp: Date.now() });
+    }
+  }
+};
+function createCostGateEnhanced(config) {
+  return new CostGateEnhancedEngine(config);
+}
+// src/budgetMultiLevel.ts
+var DEFAULT_ALERT_RULES = [
+  { id: "warn_80", threshold: 0.8, severity: "warning", action: "notify", cooldownMs: 36e5 },
+  { id: "crit_95", threshold: 0.95, severity: "critical", action: "throttle", cooldownMs: 18e5 },
+  { id: "block_100", threshold: 1, severity: "critical", action: "block", cooldownMs: 3e5 }
+];
+var DEFAULT_CONFIG4 = {
+  defaultAlertRules: DEFAULT_ALERT_RULES,
+  trendWindowDays: 30,
+  onAlert: void 0,
+  onAudit: void 0
+};
+var MultiLevelBudgetEngine = class {
+  nodes = /* @__PURE__ */ new Map();
+  spendHistory = [];
+  config;
+  constructor(config = {}) {
+    this.config = { ...DEFAULT_CONFIG4, ...config };
+  }
+  /**
+   * F6: 创建预算节点
+   */
+  createNode(node) {
+    const budgetNode = {
+      ...node,
+      spentUsd: 0,
+      children: [],
+      alertRules: node.alertRules ?? [...this.config.defaultAlertRules]
+    };
+    this.nodes.set(budgetNode.id, budgetNode);
+    if (node.parentId) {
+      const parent = this.nodes.get(node.parentId);
+      if (parent) {
+        parent.children.push(budgetNode.id);
+      }
+    }
+    return budgetNode;
+  }
+  /**
+   * F6: 记录支出（向上冒泡到所有父级）
+   */
+  recordSpend(nodeId, amount) {
+    const alerts = [];
+    let current = this.nodes.get(nodeId);
+    while (current) {
+      current.spentUsd += amount;
+      this.spendHistory.push({ nodeId: current.id, amount, timestamp: Date.now() });
+      const nodeAlerts = this.checkAlerts(current);
+      alerts.push(...nodeAlerts);
+      current = current.parentId ? this.nodes.get(current.parentId) : void 0;
+    }
+    return alerts;
+  }
+  /**
+   * F6: 获取节点预算状态（含子节点汇总）
+   */
+  getNodeStatus(nodeId) {
+    const node = this.nodes.get(nodeId);
+    if (!node) return null;
+    const childrenSpent = this.getChildrenSpent(nodeId);
+    const utilization = node.budgetUsd > 0 ? node.spentUsd / node.budgetUsd : 0;
+    return {
+      node,
+      utilization,
+      childrenSpent,
+      remaining: Math.max(0, node.budgetUsd - node.spentUsd)
+    };
+  }
+  /**
+   * F7: 预测预算耗尽日期
+   */
+  predictExhaustion(nodeId) {
+    const node = this.nodes.get(nodeId);
+    if (!node || node.spentUsd === 0) return null;
+    const remaining = node.budgetUsd - node.spentUsd;
+    if (remaining <= 0) return (/* @__PURE__ */ new Date()).toISOString().split("T")[0];
+    const sevenDaysAgo = Date.now() - 7 * 864e5;
+    const recentSpends = this.spendHistory.filter(
+      (s) => s.nodeId === nodeId && s.timestamp >= sevenDaysAgo
+    );
+    const recentTotal = recentSpends.reduce((sum, s) => sum + s.amount, 0);
+    const dailyRate = recentTotal / 7;
+    if (dailyRate <= 0) return null;
+    const daysRemaining = remaining / dailyRate;
+    const exhaustionDate = new Date(Date.now() + daysRemaining * 864e5);
+    return exhaustionDate.toISOString().split("T")[0];
+  }
+  /**
+   * F8: 生成成本报告
+   */
+  generateReport(rootNodeId) {
+    const nodes = rootNodeId ? this.getSubtree(rootNodeId) : Array.from(this.nodes.values());
+    const byLevel = {
+      organization: { budget: 0, spent: 0, count: 0 },
+      team: { budget: 0, spent: 0, count: 0 },
+      project: { budget: 0, spent: 0, count: 0 },
+      agent: { budget: 0, spent: 0, count: 0 }
+    };
+    let totalBudget = 0;
+    let totalSpent = 0;
+    for (const n of nodes) {
+      byLevel[n.level].budget += n.budgetUsd;
+      byLevel[n.level].spent += n.spentUsd;
+      byLevel[n.level].count++;
+      if (n.children.length === 0) {
+        totalBudget += n.budgetUsd;
+        totalSpent += n.spentUsd;
+      }
+    }
+    const topSpenders = nodes.sort((a, b) => b.spentUsd - a.spentUsd).slice(0, 10).map((n) => ({ id: n.id, name: n.name, level: n.level, spent: n.spentUsd }));
+    const trend = this.generateTrend(rootNodeId);
+    return {
+      reportId: `report_${Date.now()}`,
+      generatedAt: Date.now(),
+      period: { start: Date.now() - this.config.trendWindowDays * 864e5, end: Date.now() },
+      totalBudgetUsd: totalBudget,
+      totalSpentUsd: totalSpent,
+      utilization: totalBudget > 0 ? totalSpent / totalBudget : 0,
+      byLevel,
+      topSpenders,
+      alerts: [],
+      trend
+    };
+  }
+  /**
+   * 获取所有节点
+   */
+  listNodes(level) {
+    const all = Array.from(this.nodes.values());
+    return level ? all.filter((n) => n.level === level) : all;
+  }
+  // ============================================
+  // 私有方法
+  // ============================================
+  checkAlerts(node) {
+    const alerts = [];
+    const utilization = node.budgetUsd > 0 ? node.spentUsd / node.budgetUsd : 0;
+    for (const rule of node.alertRules) {
+      if (utilization >= rule.threshold) {
+        if (rule.lastTriggeredAt && Date.now() - rule.lastTriggeredAt < rule.cooldownMs) {
+          continue;
+        }
+        rule.lastTriggeredAt = Date.now();
+        const alert = {
+          ruleId: rule.id,
+          nodeId: node.id,
+          nodeName: node.name,
+          level: node.level,
+          severity: rule.severity,
+          action: rule.action,
+          utilization,
+          budgetUsd: node.budgetUsd,
+          spentUsd: node.spentUsd,
+          remainingUsd: Math.max(0, node.budgetUsd - node.spentUsd),
+          predictedExhaustionDate: this.predictExhaustion(node.id) ?? void 0,
+          timestamp: Date.now()
+        };
+        alerts.push(alert);
+        if (this.config.onAlert) this.config.onAlert(alert);
+      }
+    }
+    return alerts;
+  }
+  getChildrenSpent(nodeId) {
+    const node = this.nodes.get(nodeId);
+    if (!node) return 0;
+    let total = 0;
+    for (const childId of node.children) {
+      const child = this.nodes.get(childId);
+      if (child) {
+        total += child.spentUsd;
+      }
+    }
+    return total;
+  }
+  getSubtree(nodeId) {
+    const result = [];
+    const queue = [nodeId];
+    while (queue.length > 0) {
+      const id = queue.shift();
+      const node = this.nodes.get(id);
+      if (node) {
+        result.push(node);
+        queue.push(...node.children);
+      }
+    }
+    return result;
+  }
+  generateTrend(rootNodeId) {
+    const nodeIds = rootNodeId ? new Set(this.getSubtree(rootNodeId).map((n) => n.id)) : null;
+    const startTime = Date.now() - this.config.trendWindowDays * 864e5;
+    const filtered = this.spendHistory.filter((s) => {
+      if (s.timestamp < startTime) return false;
+      if (nodeIds && !nodeIds.has(s.nodeId)) return false;
+      return true;
+    });
+    const dailyMap = /* @__PURE__ */ new Map();
+    for (const s of filtered) {
+      const date = new Date(s.timestamp).toISOString().split("T")[0];
+      dailyMap.set(date, (dailyMap.get(date) ?? 0) + s.amount);
+    }
+    return Array.from(dailyMap.entries()).map(([date, spent]) => ({ date, spent })).sort((a, b) => a.date.localeCompare(b.date));
+  }
+};
+function createMultiLevelBudget(config) {
+  return new MultiLevelBudgetEngine(config);
+}
+// src/evolutionChannel.ts
+var DEFAULT_CONFIG5 = {
+  maxVersions: 50,
+  canaryMinDurationMs: 36e5,
+  // 1 小时
+  autoPromoteThreshold: 0.95,
+  onAudit: void 0
+};
+var EvolutionChannelEngine = class {
+  versions = /* @__PURE__ */ new Map();
+  activeVersionId = null;
+  canaryVersionId = null;
+  abTests = /* @__PURE__ */ new Map();
+  config;
+  constructor(config = {}) {
+    this.config = { ...DEFAULT_CONFIG5, ...config };
+  }
+  /**
+   * 发布新策略版本
+   */
+  publish(version) {
+    if (this.versions.size >= this.config.maxVersions) {
+      this.cleanupOldVersions();
+    }
+    version.status = "draft";
+    version.createdAt = Date.now();
+    this.versions.set(version.id, version);
+    this.audit("publish", version.id, version.version, version.createdBy);
+    return version;
+  }
+  /**
+   * 启动灰度发布
+   */
+  startCanary(versionId, percent, actor) {
+    const version = this.versions.get(versionId);
+    if (!version || version.status !== "draft") return false;
+    if (percent < 1 || percent > 99) return false;
+    version.status = "canary";
+    version.canaryPercent = percent;
+    this.canaryVersionId = versionId;
+    this.audit("canary_start", versionId, version.version, actor, { percent });
+    return true;
+  }
+  /**
+   * 灰度晋升为正式版本
+   */
+  promoteCanary(actor) {
+    if (!this.canaryVersionId) return false;
+    const canary = this.versions.get(this.canaryVersionId);
+    if (!canary || canary.status !== "canary") return false;
+    const elapsed = Date.now() - canary.createdAt;
+    if (elapsed < this.config.canaryMinDurationMs) return false;
+    if (this.activeVersionId) {
+      const old = this.versions.get(this.activeVersionId);
+      if (old) old.status = "deprecated";
+    }
+    canary.status = "active";
+    canary.canaryPercent = 100;
+    this.activeVersionId = this.canaryVersionId;
+    this.canaryVersionId = null;
+    this.audit("canary_promote", canary.id, canary.version, actor);
+    return true;
+  }
+  /**
+   * 灰度回滚
+   */
+  rollbackCanary(actor) {
+    if (!this.canaryVersionId) return false;
+    const canary = this.versions.get(this.canaryVersionId);
+    if (!canary) return false;
+    canary.status = "rollback";
+    canary.canaryPercent = 0;
+    this.canaryVersionId = null;
+    this.audit("canary_rollback", canary.id, canary.version, actor);
+    return true;
+  }
+  /**
+   * 路由决策：根据灰度百分比选择策略版本
+   */
+  resolveVersion(requestHash) {
+    if (this.canaryVersionId) {
+      const canary = this.versions.get(this.canaryVersionId);
+      if (canary && canary.status === "canary") {
+        const hash = requestHash ?? Math.random() * 100;
+        if (hash % 100 < canary.canaryPercent) {
+          return canary;
+        }
+      }
+    }
+    if (this.activeVersionId) {
+      return this.versions.get(this.activeVersionId) ?? null;
+    }
+    return null;
+  }
+  /**
+   * 启动 A/B 测试
+   */
+  startABTest(testId, controlId, treatmentId, trafficSplit, actor) {
+    const control = this.versions.get(controlId);
+    const treatment = this.versions.get(treatmentId);
+    if (!control || !treatment) return null;
+    const test = {
+      id: testId,
+      controlVersionId: controlId,
+      treatmentVersionId: treatmentId,
+      trafficSplit: Math.max(1, Math.min(99, trafficSplit)),
+      startedAt: Date.now(),
+      status: "running",
+      metrics: {
+        controlDecisions: 0,
+        treatmentDecisions: 0,
+        controlAllowRate: 0,
+        treatmentAllowRate: 0,
+        controlAvgLatencyMs: 0,
+        treatmentAvgLatencyMs: 0
+      }
+    };
+    this.abTests.set(testId, test);
+    this.audit("ab_test_start", testId, `${control.version} vs ${treatment.version}`, actor, { trafficSplit });
+    return test;
+  }
+  /**
+   * A/B 测试路由
+   */
+  resolveABTest(testId, requestHash) {
+    const test = this.abTests.get(testId);
+    if (!test || test.status !== "running") return null;
+    const hash = requestHash ?? Math.random() * 100;
+    const isTreatment = hash % 100 < test.trafficSplit;
+    const versionId = isTreatment ? test.treatmentVersionId : test.controlVersionId;
+    const version = this.versions.get(versionId);
+    if (!version) return null;
+    return { version, group: isTreatment ? "treatment" : "control" };
+  }
+  /**
+   * 结束 A/B 测试
+   */
+  endABTest(testId, actor) {
+    const test = this.abTests.get(testId);
+    if (!test) return null;
+    test.status = "completed";
+    this.audit("ab_test_end", testId, "", actor, { metrics: test.metrics });
+    return test;
+  }
+  /**
+   * 获取所有版本
+   */
+  listVersions() {
+    return Array.from(this.versions.values()).sort((a, b) => b.createdAt - a.createdAt);
+  }
+  /**
+   * 获取当前 active 版本
+   */
+  getActiveVersion() {
+    return this.activeVersionId ? this.versions.get(this.activeVersionId) ?? null : null;
+  }
+  // ============================================
+  // 私有方法
+  // ============================================
+  cleanupOldVersions() {
+    const deprecated = Array.from(this.versions.values()).filter((v) => v.status === "deprecated" || v.status === "rollback").sort((a, b) => a.createdAt - b.createdAt);
+    if (deprecated.length > 0) {
+      this.versions.delete(deprecated[0].id);
+    }
+  }
+  audit(type, policyId, version, actor, details) {
+    if (this.config.onAudit) {
+      this.config.onAudit({ type, policyId, version, timestamp: Date.now(), actor, details });
+    }
+  }
+};
+function createEvolutionChannel(config) {
+  return new EvolutionChannelEngine(config);
+}
 // src/index.ts
 var DEFAULT_RULES = [
   // --- HTTP Proxy: Dangerous outbound calls ---
@@ -883,7 +2233,7 @@ var RISK_SCORES = {
   high: 70,
   critical: 95
 };
-var ENGINE_VERSION = "3.3.0";
+var ENGINE_VERSION = "3.4.0";
 var ENGINE_VERSION_CHECK_URL = "https://api.sovr.inc/api/sovr/v1/version/check";
 var ENGINE_TIER_LIMITS = {
   free: { evaluationsPerMonth: 50, irreversibleAllowsPerMonth: 0 },
@@ -1138,14 +2488,33 @@ var PolicyEngine = class {
 var index_default = PolicyEngine;
 export {
   AdaptiveThresholdManager,
+  AutoHardenEngine,
+  CostGateEnhancedEngine,
   DEFAULT_RULES,
+  EvolutionChannelEngine,
   FeatureSwitchesManager,
+  MultiLevelBudgetEngine,
   PolicyEngine,
   PricingRulesEngine,
+  RecalculationEngine,
   SOVR_FEATURE_SWITCHES,
+  SemanticDriftDetectorEngine,
   compileFromJSON,
   compileRuleSet,
+  createAutoHardenEngine,
+  createCostGateEnhanced,
+  createEvolutionChannel,
+  createMultiLevelBudget,
+  createRecalculationEngine,
+  createSemanticDriftDetector,
   index_default as default,
+  estimateCost,
   evaluateRules,
-  registerFunction
+  getAccuracyStats,
+  getModelPricingTable,
+  getToolPricingTable,
+  recordActualCost,
+  registerFunction,
+  updateModelPricing,
+  updateToolPricing
 };