@sunaiva/gate 1.0.0 → 1.1.0

package/README.md

@@ -2,17 +2,156 @@
 
 **Stop documenting rules your agents ignore. Start enforcing them.**
 
-Sunaiva Gate is an MCP server that enforces validation rules on AI agent actions. 100 battle-tested rules across 9 categories. Constitutional rules that never bend. Audit trail for every decision.
+`@sunaiva/gate` is an MCP server that intercepts AI agent actions before they
+execute and blocks the ones that violate your rules. It runs locally, in
+process, with zero external dependencies on the Free tier — the rules are baked
+into the package and enforced by a deterministic engine.
 
-## Install
+```bash
+npx @sunaiva/gate
+```
+
+> **Status**: `1.1.0` "Foundation Release" — first publicly-supported release.
+> Closes all 7 CRITICAL findings from the signed Ship-Confidence verdict on
+> `1.0.1`. Full changelog: [`CHANGELOG.md`](./CHANGELOG.md). Roadmap that led
+> here: [`ROADMAP_1_1_0.md`](./ROADMAP_1_1_0.md).
+
+---
+
+## 60-second quickstart
 
 ```bash
+# 1. Install (no signup, no API key, no DNS records)
 npx @sunaiva/gate
+
+# 2. Verify it loaded
+npx @sunaiva/gate --smoke-test
+# → ✓ Gate loaded — 100 rules
+# → ✓ Constitutional rules — 32 (cannot be disabled, enforced locally)
+# → ✓ Premium rules — 68 (require backend service)
+# → Status: HEALTHY
+# → Version: 1.1.0
+
+# 3. Add to your MCP client (Claude Code, Cursor, Windsurf, Cline)
+#    settings — see "MCP configuration" below.
+```
+
+That is the entire onboarding. The 32 constitutional rules are active on first
+boot; no other configuration is required.
+
+---
+
+## What's free, forever
+
+The 1.1.0 Free tier (BUSL-1.1) ships with everything below baked into the npm
+package. No backend, no telemetry, no API key required.
+
+- **32 constitutional rules enforced locally** across five categories —
+  financial-safety, data-protection, action-governance, security, and
+  communication-safety. Detection patterns ship intact inside the package at
+  `dist/rules/rules.json`.
+- **Severity ladder**: `block` / `warn-then-block` / `warn`.
+- **Approval-token workflow** — drop a JSON token at
+  `data/deploy_queue/APPROVAL_TOKENS/<artifact>.json` and the gate honours it
+  once, within a 1-hour TTL. This is the free-tier escape valve for one-shot
+  manual unblocks.
+- **Local audit log** at `~/.sunaiva/audit/audit.jsonl` (lifetime, no rotation
+  cap). Every entry records `tier`, `audit_status`, `evidence`, and
+  `event_type` for queryable history.
+- **Kill-switch** — `DISABLE_SUNAIVA_GATE=1` short-circuits every
+  `validate_action` to `allowed: true` with unconditional stderr disclosure.
+- **Dry-run mode** — `SUNAIVA_GATE_DRY_RUN=1` evaluates rules normally and
+  records `would_have_blocked: [...]` without ever blocking.
+- **Constitutional immutability** — the 32 rules cannot be disabled via
+  `update_rules` and cannot be bypassed via `log_bypass`, even if
+  `~/.sunaiva/gate-config.json` is hand-edited (the loader re-merges on every
+  read).
+- **Fail-CLOSED by default** — uncaught exceptions exit 3, malformed input
+  exits 4. Both write a structured audit entry. Opt-in legacy fail-open via
+  `SUNAIVA_GATE_FAIL_OPEN_ON_ERROR=1`.
+- **MCP integration** — Claude Code, Cursor, Copilot, Windsurf, Cline via the
+  standard `mcpServers` config.
+
+The Free tier is BUSL-1.1 licensed and converts to **Apache-2.0** on
+**2030-05-10**. You can fork it, modify it, embed it in internal CI, and ship
+it in non-production workflows today — no contract, no signup, no credit card.
+
+---
+
+## What you get with Pro — `$79/mo` recommended, BYOK
+
+Pro adds the things a deterministic local engine cannot do on its own. Full
+tier matrix and pricing rationale: [`TIER_DEFINITIONS.md`](./TIER_DEFINITIONS.md).
+
+- **68 additional premium rules** (100 total) evaluated server-side via the
+  premium backend at `https://gate.sunaiva.dev/api/v1/match`. Detection
+  patterns are proprietary and stay in our infrastructure.
+- **Signed Ship-Confidence verdicts** — HMAC-SHA256, 60-minute freshness
+  window. The `ship_confidence_check` MCP tool verifies the signature in
+  constant time and returns `allowed: true` only when the verdict is
+  `GREEN`, fresh, and untampered.
+- **`sunaiva-ship-confidence` skill integration** — three independent
+  verification layers (cross-provider spec verification, property-based
+  testing with Hypothesis, adversarial audit via garak + DeepTeam) that
+  emit signed verdicts the Gate honours automatically in CI.
+- **Dashboard** — rules tab, audit tab, settings tab, billing tab. Cloud
+  audit sync with 90-day retention.
+- **BYOK** — bring your own `ANTHROPIC_API_KEY` and `OPENROUTER_API_KEY`.
+  You pay your own inference bill. We never see your tokens.
+- **Email support** — `support@sunaivadigital.com`, 2-business-day SLA
+  target.
+- **Stripe-managed billing** with the founders coupon `KINANFOUNDER2026`
+  (100% off, first 10 redemptions, per Rule 30).
+
+Enterprise (SSO, on-prem, multi-tenant org dashboard, named CSM) is
+quote-to-cash — see [`TIER_DEFINITIONS.md`](./TIER_DEFINITIONS.md) §3.
+
+---
+
+## Architecture
+
+```
+┌────────────────────────────────────────────────────────────────┐
+│  Your project (Claude Code / Cursor / Windsurf / Cline)        │
+│                                                                │
+│   ┌──────────────────────────────────────────────────────┐    │
+│   │  MCP client invokes a tool                            │    │
+│   │     e.g. Bash("git push origin main")                 │    │
+│   └────────────────────────┬─────────────────────────────┘    │
+└────────────────────────────┼───────────────────────────────────┘
+                             ▼
+┌────────────────────────────────────────────────────────────────┐
+│  @sunaiva/gate  (MCP server, stdio transport)                  │
+│                                                                │
+│   ┌──────────────────────────────────────────────────────┐    │
+│   │  validate_action                                      │    │
+│   │     │                                                  │    │
+│   │     ├─►  Constitutional rules (32) — pattern matched  │    │
+│   │     │     LOCALLY against dist/rules/rules.json       │    │
+│   │     │     ─────────────────────────────► block/warn   │    │
+│   │     │                                                  │    │
+│   │     └─►  Premium rules (68) — only if backend set      │    │
+│   │            POST https://gate.sunaiva.dev/api/v1/match   │    │
+│   │            (JWT auth via SUNAIVA_GATE_API_TOKEN)       │    │
+│   │            ─────────────────────────────► block/warn   │    │
+│   │            (fail-OPEN per-rule on backend error)       │    │
+│   └──────────────────────────────────────────────────────┘    │
+│                                                                │
+│   audit log ─►  ~/.sunaiva/audit/audit.jsonl                  │
+└────────────────────────────────────────────────────────────────┘
 ```
 
-## MCP Configuration
+The Free tier path (constitutional rules) has zero network dependencies. The
+Pro path is opt-in — set `SUNAIVA_GATE_BACKEND_URL` and the engine starts
+POSTing actions to the backend for the premium-rule subset; without it, those
+rules are skipped (recorded as `skipped_premium` in the audit, surfaced once
+per session as a stderr notice).
 
-Add to your Claude Code or Cursor MCP settings:
+---
+
+## MCP configuration
+
+Add to your client's MCP settings:
 
 ```json
 {
@@ -25,43 +164,288 @@ Add to your Claude Code or Cursor MCP settings:
 }
 ```
 
-## Tools
+Restart your MCP client. The first tool call will trigger the gate.
+
+---
+
+## MCP tool reference
+
+| Tool | What it does |
+|------|--------------|
+| `validate_action` | Check a proposed action against all active rules. Returns `{allowed, violations[], warnings[], skipped_premium[], dry_run?, would_have_blocked?, stamp}`. The workhorse — every PreToolUse hook calls this. |
+| `log_bypass` | Record an intentional rule bypass for the audit log. **Rejects constitutional rules** with a structured `CONSTITUTIONAL_RULE_CANNOT_BE_BYPASSED` error. |
+| `get_rules` | List active rules; supports filtering by `category` or `preset`. |
+| `update_rules` | Enable / disable rules. **Rejects disable attempts against constitutional rules** with a structured `CONSTITUTIONAL_RULE_IMMUTABLE` error. |
+| `get_audit_log` | Return recent gate decisions from `~/.sunaiva/audit/audit.jsonl` with `tier`, `audit_status`, `evidence`, `event_type` fields. |
+| `ship_confidence_check` | **Paid-tier production-deploy gate.** Accepts a signed verdict path or artifact ID; verifies HMAC-SHA256 against `SHIP_CONFIDENCE_SIGNING_KEY`; returns `{allowed, tier: "paid"\|"free", reason, evidence}`. Tagged in the audit ledger so you can measure the free-→paid upgrade funnel. |
+
+Total: **6 MCP tools**. The `ship_confidence_check` tool is the ported
+TypeScript implementation of `.claude/hooks/ship_confidence_gate.py` v1.2.0,
+byte-compatible with the Python skill's canonical-JSON HMAC format.
+
+---
+
+## Environment variables
+
+| Variable | Default | Purpose |
+|----------|---------|---------|
+| `DISABLE_SUNAIVA_GATE` | unset | Set to `1` to short-circuit every `validate_action` to `allowed: true`. Unconditionally logs to stderr. |
+| `SUNAIVA_GATE_DRY_RUN` | unset | Set to `1` to evaluate rules normally but never block. Response includes `dry_run: true` and `would_have_blocked: [...]`. |
+| `SUNAIVA_GATE_BACKEND_URL` | unset | Premium backend endpoint. Default for Pro customers: `https://gate.sunaiva.dev/api/v1/match`. When unset, premium rules are skipped (recorded as `skipped_premium`). |
+| `SUNAIVA_GATE_API_TOKEN` | unset | Bearer token (JWT) for the premium backend. Required when `SUNAIVA_GATE_BACKEND_URL` is set. |
+| `SUNAIVA_GATE_BACKEND_TIMEOUT_MS` | `3000` | Backend request timeout. Backend errors fail-OPEN per-rule (logged as `skipped_premium_backend_error`). |
+| `SUNAIVA_GATE_FAIL_OPEN_ON_ERROR` | unset | Set to `1` to restore the 1.0.x fail-open behaviour on uncaught exceptions and malformed input. Default is fail-CLOSED. |
+| `SHIP_CONFIDENCE_SIGNING_KEY` | unset | HMAC-SHA256 key for verifying signed `sunaiva-ship-confidence` verdicts. Required by the `ship_confidence_check` tool. |
+| `SUNAIVA_GATE_AUDIT_PATH` | `~/.sunaiva/audit/audit.jsonl` | Override the audit log path. |
+
+---
+
+## Exit codes
+
+| Code | Meaning |
+|------|---------|
+| `0`  | Allow / success / smoke-test HEALTHY |
+| `1`  | Generic test failure (legacy `--test` flag, smoke-test DEGRADED) |
+| `2`  | Block (Claude Code convention) |
+| `3`  | Fail-CLOSED internal error (uncaught exception). Opt-in fail-open via `SUNAIVA_GATE_FAIL_OPEN_ON_ERROR=1`. |
+| `4`  | Fail-CLOSED invalid input (malformed JSON, empty stdin). Same opt-in escape hatch. |
+| `5`  | Smoke-test DEGRADED with missing required files (e.g. `dist/rules/rules.json` absent). |
+
+---
+
+## Killing the gate (and why we tell you how)
+
+`@sunaiva/gate` discloses its kill-switch in every block and warn message:
+
+```
+[sunaiva-gate v1.1.0] BLOCK — rule: dat-001 (recursive root deletion)
+Escape: export DISABLE_SUNAIVA_GATE=1
+Audit: ~/.sunaiva/audit/audit.jsonl
+```
+
+The escape hint is a deliberate security-disclosure design. An enforcement
+product that hides its own bypass is one that gets routed around in production
+without anyone knowing. The kill-switch invocation is itself logged to the
+audit ledger as `decision: 'bypass_kill_switch'`, so disabling the gate is
+visible to anyone who reads the audit.
+
+```bash
+export DISABLE_SUNAIVA_GATE=1   # All actions allowed (logged)
+unset DISABLE_SUNAIVA_GATE      # Back to normal enforcement
+```
+
+Use dry-run instead of the kill-switch when you want to *measure* what the
+gate would block without actually blocking anything:
 
-| Tool | Description |
-|------|-------------|
-| `validate_action` | Check if a proposed action passes all active rules |
-| `log_bypass` | Record an intentional rule bypass (non-constitutional only) |
-| `get_rules` | List active rules, filter by category or preset |
-| `update_rules` | Enable/disable rules (constitutional rules cannot be disabled) |
-| `get_audit_log` | View recent gate decisions |
+```bash
+export SUNAIVA_GATE_DRY_RUN=1
+# → response.dry_run: true
+# → response.would_have_blocked: [{rule_id, name, severity}, ...]
+```
+
+---
+
+## Decision model — warn-then-block escalation
+
+Constitutional rules block on the first match. Standard rules (the
+non-constitutional subset) implement a session-state escalation:
+
+- **First match in a session** → `warn` (action allowed, message printed).
+- **Subsequent matches in the same session** → `block`.
+
+This avoids one-time false-positive noise while still catching repeated
+violations. The session counter is reset when the MCP server process restarts.
+Confidence is derived from keyword-count thresholds: `≥3` keywords matched →
+`high`, `1-2` → `medium`, `0` → `low` (low confidence is filtered out before
+the response).
+
+---
+
+## Smoke test
+
+```bash
+$ npx @sunaiva/gate --smoke-test
+✓ Gate loaded — 100 rules
+✓ Constitutional rules — 32 (cannot be disabled, enforced locally)
+✓ Premium rules — 68 (require backend service)
+✓ Presets file — 5 presets available
+✓ Live eval (git push origin main) — HARD block via gov-001
+✓ Live eval (ls -la) — ALLOW
+✓ Live eval (rm -rf /) — HARD block via dat-001
+✓ Live eval (stripe.charges.create) — HARD block via fin-001
+✓ Immutability guard — ACTIVE (32 constitutional rules pinned)
+✓ MCP server — ready (not started in smoke test)
+Status: HEALTHY
+Version: 1.1.0
+Issues: https://github.com/Kinan27/sunaiva-gate/issues
+```
+
+Exit codes: `0` = HEALTHY, `1` = DEGRADED, `5` = missing required files.
+
+---
 
 ## Presets
 
-- **minimal** (5 rules) — absolute non-negotiables
-- **essential** (15 rules) — recommended starting point
-- **developer-safety** (25 rules) — for AI coding agents
-- **financial-protection** (24 rules) — all financial + resource rules
-- **full-suite** (100 rules) — everything
+`get_rules` accepts a `preset` argument that filters the active set:
+
+| Preset | Rules | Use case |
+|--------|-------|----------|
+| `minimal` | 5 | Absolute non-negotiables only |
+| `essential` | 15 | Recommended starting point |
+| `developer-safety` | 25 | AI coding agents (Cursor / Windsurf / Cline / Aider) |
+| `financial-protection` | 24 | All financial + resource rules |
+| `full-suite` | 100 | Everything — Free constitutional set + Pro premium set |
+
+Presets read from `dist/rules/presets.json`. Premium presets require
+`SUNAIVA_GATE_BACKEND_URL` to be set; without it the premium rules are skipped
+with a `skipped_premium` audit entry.
+
+---
+
+## Ship Confidence Gate (paid tier)
+
+The `ship_confidence_check` MCP tool is the deploy-time gate for high-blast-
+radius commands (`npm publish`, `wrangler deploy`, `gh repo create --public`,
+`netlify deploy --prod`). It checks for authorization in two tiers:
+
+### Paid path — signed verdict
+1. The `sunaiva-ship-confidence` Python skill runs three verification layers
+   against your product (spec verification, property-based testing,
+   adversarial audit).
+2. It emits a signed verdict at
+   `data/ship_confidence_verdicts/<artifact>.signed.json`.
+3. The `ship_confidence_check` tool verifies:
+   - HMAC-SHA256 signature is valid (constant-time compare, byte-compatible
+     with the Python skill's canonical-JSON encoding).
+   - `level == "GREEN"` (YELLOW and RED hard-block).
+   - Signed within the last 60 minutes
+     (configurable via `VERDICT_MAX_AGE_MINUTES`).
+4. On all-pass: returns `{allowed: true, tier: "paid", ...}` and writes an
+   audit entry tagged `tier: "paid"` with the verdict ID and evidence.
+
+### Free fallback — approval token
+If no signed verdict is found (or `SHIP_CONFIDENCE_SIGNING_KEY` is not set),
+the tool falls back to a one-time approval token at
+`data/deploy_queue/APPROVAL_TOKENS/<artifact>.json` written within the last
+hour. Tagged `tier: "free"` in the audit ledger with an upgrade hint pointing
+at the paid skill.
+
+```bash
+# CLI form for use in CI:
+npx @sunaiva/gate --ship-confidence @sunaiva/gate@1.1.0
+# Exit 0 = allow, 2 = block, 3 = internal error (fail-OPEN logged)
+```
+
+---
+
+## Constitutional rules cannot be disabled or bypassed
+
+This is the package's hard guarantee. The 32 constitutional rules are
+re-merged into `active_rules` on every config load — even if
+`~/.sunaiva/gate-config.json` is hand-edited to remove them — and:
+
+- `update_rules({disable: ['fin-001']})` returns
+  `{error: "CONSTITUTIONAL_RULE_IMMUTABLE", rule_ids: [...]}`. No state
+  change.
+- `log_bypass({rule_id: 'fin-001'})` returns
+  `{error: "CONSTITUTIONAL_RULE_CANNOT_BE_BYPASSED", rule_id: ...}`. Nothing
+  written to the bypass log.
+
+The kill-switch (`DISABLE_SUNAIVA_GATE=1`) is the only way to disable
+constitutional enforcement, and it is loud — stderr disclosure on every
+block, audit-ledger entry on every short-circuit. There are no quiet
+bypasses.
+
+---
+
+## Known limitations — what 1.1.0 does NOT have
+
+We shipped `1.0.1` with seven CRITICAL gaps flagged by our own signed
+Ship-Confidence verdict on our own commit (`01KRDBCEYF2CAB21G6Y3E9VVH5`, RED).
+1.1.0 closes all seven. What is honestly **not** in 1.1.0 yet:
+
+- **Sunaiva-Managed inference** — no flat-fee tier that includes LLM calls.
+  BYOK only in v1. Revisit at 50+ Pro customers.
+- **UI verification layer** (Playwright walkthroughs / computer-use) —
+  designed in
+  `data/ship_confidence_skill_upgrade_2026_05_11.md`, not yet shipped.
+  Folded into Pro at no extra cost when it lands.
+- **Multi-tenant dashboard / "Pro Team" tier** — Pro is single-seat in v1.
+  Team management is Enterprise. A self-serve "Pro Team" tier waits until
+  10+ customers ask for it.
+- **On-prem / VPC deployment** — Enterprise-only roadmap item. Helm chart
+  and Terraform module designs exist; not yet packaged.
+- **Per-call / metered pricing** — abandoned. Subscription wins.
+- **On-chain attestation (ERC-8004)** — aspirational. Deferred to v2.x.
+
+Full deferred-feature list:
+[`TIER_DEFINITIONS.md` §4](./TIER_DEFINITIONS.md).
+
+---
+
+## Cross-platform
+
+- **Linux** — native.
+- **WSL** — native.
+- **macOS** — native.
+- **Windows** — native Node, plus a Python shim for clients that invoke the
+  legacy `hooks/sunaiva_gate_hook.py` PreToolUse path.
+
+---
 
 ## Privacy
 
-Your data stays where you choose:
-- **Managed** — zero config, Gemini Flash included
-- **BYOK** — bring your own API key (Gemini, Claude, OpenRouter)
-- **Local** — Ollama/LM Studio, nothing leaves your machine
+Your data stays where you choose. The Free tier makes **zero** external network
+calls — constitutional rules are evaluated locally against patterns shipped
+inside the package. The Pro path is opt-in: when you set
+`SUNAIVA_GATE_BACKEND_URL`, the engine POSTs only the proposed action text
+and rule IDs to the backend; we never see your code, your secrets, or your
+filesystem. BYOK means your `ANTHROPIC_API_KEY` and `OPENROUTER_API_KEY` go
+direct from your machine to those providers — they do not transit Sunaiva.
+
+---
 
 ## License
 
-**Business Source License 1.1 (BUSL-1.1)**
+[BUSL-1.1](./BUSINESS_LICENSE.md) — free for evaluation, internal development,
+hobby and academic use. Commercial license required if you embed the Gate in
+the critical path of a third-party paying-customer product before the
+**Change Date of 2030-05-10**, after which the wrapper converts to
+**Apache-2.0** automatically. The premium backend stays proprietary regardless
+of the Change Date.
 
 - Licensor: Sunaiva Digital
-- Change Date: 2030-05-09 (4 years from publication)
-- Change License: Apache License, Version 2.0
+- Change Date: **2030-05-10**
+- Change License: **Apache License, Version 2.0**
+
+---
+
+## Support
+
+| Need | Where |
+|------|-------|
+| Bug or crash | [Open an issue](https://github.com/Kinan27/sunaiva-gate/issues/new?template=bug.yml) |
+| Feature request | [Open an issue](https://github.com/Kinan27/sunaiva-gate/issues/new?template=feature.yml) |
+| Security vulnerability | Email `security@sunaivadigital.com` (do not file publicly) |
+| Licensing | `kinan@sunaiva.ai` |
+| Commercial / paid tier | `support@sunaivadigital.com` |
+| General discussion | [GitHub Discussions](https://github.com/Kinan27/sunaiva-gate/discussions) |
+
+Full support guide: [`SUPPORT.md`](./SUPPORT.md).
+
+When reporting bugs, include the output of `npx @sunaiva/gate --smoke-test`
+and `node --version`.
+
+---
 
-Until the Change Date, use is permitted for non-commercial purposes and internal evaluation. Production use requires a commercial license from Sunaiva Digital.
+## Contributing
 
-Full BUSL 1.1 text: https://mariadb.com/bsl11/
+Pull requests welcome. For substantial changes, please open an issue first to
+discuss the proposal. Constitutional rule additions require a corresponding
+test fixture in `tests/bundle.test.ts` and a passing dogfood Ship-Confidence
+verdict on the change.
 
 ---
 
-Built by [Sunaiva Digital](https://sunaivadigital.com). Patent-protected validation infrastructure.
+*Built by a team whose own hooks killed their development for nine hours.
+We fixed it. Then we shipped the fix. Then we signed the proof.*

package/dist/config/defaults.d.ts

@@ -1,9 +1,30 @@
 /**
- * Default configuration values for @sunaiva/gate
+ * Default configuration values for @sunaiva/gate.
+ *
+ * The active_rules list defaults to the full constitutional set
+ * (every rule with `enforcement: "constitutional"` in rules.json).
+ * This guarantees that even a user with no on-disk config gets the
+ * full local enforcement layer out of the box. Constitutional rules
+ * cannot be disabled via `update_rules` (enforced by B4's immutability
+ * guard) — they are listed here for explicitness and so that the in-
+ * memory config matches the on-disk default that getConfig() writes.
+ *
+ * To keep this list in sync with rules/rules.json, see
+ * `scripts/verify-bundle.js` which asserts that every constitutional
+ * rule ID appears in DEFAULT_CONFIG.active_rules at pack time.
  */
 export declare const CONFIG_DIR: string;
 export declare const CONFIG_PATH: string;
 export declare const AUDIT_LOG_PATH: string;
+/**
+ * Every constitutional rule ID (enforcement === "constitutional") shipped
+ * in rules/rules.json. Kept as a frozen array so it can be referenced
+ * by B4's immutability guard and by the bundle-verify script.
+ *
+ * UPDATE PROCEDURE: when rules.json gains a new constitutional rule,
+ * add its ID here. The verify-bundle script will flag a mismatch.
+ */
+export declare const CONSTITUTIONAL_RULE_IDS: readonly string[];
 export declare const DEFAULT_CONFIG: GateConfig;
 export declare const MANAGED_API_BASE = "https://api.sunaiva.ai/v1/gate";
 export interface ModelConfig {

package/dist/config/defaults.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"defaults.d.ts","sourceRoot":"","sources":["../../src/config/defaults.ts"],"names":[],"mappings":"AAAA;;GAEG;AAKH,eAAO,MAAM,UAAU,QAA8B,CAAC;AACtD,eAAO,MAAM,WAAW,QAAuC,CAAC;AAChE,eAAO,MAAM,cAAc,QAAkC,CAAC;AAE9D,eAAO,MAAM,cAAc,EAAE,UAe5B,CAAC;AAEF,eAAO,MAAM,gBAAgB,mCAAmC,CAAC;AAEjE,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,SAAS,GAAG,QAAQ,GAAG,WAAW,GAAG,YAAY,GAAG,OAAO,CAAC;IACtE,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,SAAS,GAAG,WAAW,GAAG,OAAO,CAAC;IACpD,KAAK,EAAE,WAAW,CAAC;IACnB,cAAc,EAAE,MAAM,CAAC;CACxB"}
+{"version":3,"file":"defaults.d.ts","sourceRoot":"","sources":["../../src/config/defaults.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAKH,eAAO,MAAM,UAAU,QAA8B,CAAC;AACtD,eAAO,MAAM,WAAW,QAAuC,CAAC;AAChE,eAAO,MAAM,cAAc,QAAkC,CAAC;AAE9D;;;;;;;GAOG;AACH,eAAO,MAAM,uBAAuB,EAAE,SAAS,MAAM,EAiCnD,CAAC;AAEH,eAAO,MAAM,cAAc,EAAE,UAS5B,CAAC;AAEF,eAAO,MAAM,gBAAgB,mCAAmC,CAAC;AAEjE,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,SAAS,GAAG,QAAQ,GAAG,WAAW,GAAG,YAAY,GAAG,OAAO,CAAC;IACtE,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,SAAS,GAAG,WAAW,GAAG,OAAO,CAAC;IACpD,KAAK,EAAE,WAAW,CAAC;IACnB,cAAc,EAAE,MAAM,CAAC;CACxB"}

package/dist/config/defaults.js

@@ -1,20 +1,68 @@
 /**
- * Default configuration values for @sunaiva/gate
+ * Default configuration values for @sunaiva/gate.
+ *
+ * The active_rules list defaults to the full constitutional set
+ * (every rule with `enforcement: "constitutional"` in rules.json).
+ * This guarantees that even a user with no on-disk config gets the
+ * full local enforcement layer out of the box. Constitutional rules
+ * cannot be disabled via `update_rules` (enforced by B4's immutability
+ * guard) — they are listed here for explicitness and so that the in-
+ * memory config matches the on-disk default that getConfig() writes.
+ *
+ * To keep this list in sync with rules/rules.json, see
+ * `scripts/verify-bundle.js` which asserts that every constitutional
+ * rule ID appears in DEFAULT_CONFIG.active_rules at pack time.
  */
 import { homedir } from "os";
 import { join } from "path";
 export const CONFIG_DIR = join(homedir(), ".sunaiva");
 export const CONFIG_PATH = join(CONFIG_DIR, "gate-config.json");
 export const AUDIT_LOG_PATH = join(CONFIG_DIR, "audit.jsonl");
+/**
+ * Every constitutional rule ID (enforcement === "constitutional") shipped
+ * in rules/rules.json. Kept as a frozen array so it can be referenced
+ * by B4's immutability guard and by the bundle-verify script.
+ *
+ * UPDATE PROCEDURE: when rules.json gains a new constitutional rule,
+ * add its ID here. The verify-bundle script will flag a mismatch.
+ */
+export const CONSTITUTIONAL_RULE_IDS = Object.freeze([
+    "cmp-002",
+    "com-001",
+    "com-002",
+    "com-005",
+    "com-006",
+    "com-007",
+    "com-009",
+    "com-011",
+    "dat-001",
+    "dat-002",
+    "dat-004",
+    "dat-010",
+    "fin-001",
+    "fin-002",
+    "fin-003",
+    "fin-004",
+    "fin-008",
+    "fin-009",
+    "gov-001",
+    "gov-002",
+    "gov-004",
+    "gov-005",
+    "gov-006",
+    "gov-008",
+    "gov-012",
+    "know-009",
+    "sec-001",
+    "sec-002",
+    "sec-004",
+    "sec-006",
+    "sec-010",
+    "sec-011",
+]);
 export const DEFAULT_CONFIG = {
     api_key: "",
-    active_rules: [
-        "fin-001",
-        "gov-001",
-        "gov-002",
-        "dat-001",
-        "gov-008",
-    ],
+    active_rules: [...CONSTITUTIONAL_RULE_IDS],
     active_preset: "minimal",
     enforcement_mode: "enforce",
     model: {

package/dist/config/defaults.js.map

@@ -1 +1 @@
-{"version":3,"file":"defaults.js","sourceRoot":"","sources":["../../src/config/defaults.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAC7B,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAE5B,MAAM,CAAC,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,UAAU,CAAC,CAAC;AACtD,MAAM,CAAC,MAAM,WAAW,GAAG,IAAI,CAAC,UAAU,EAAE,kBAAkB,CAAC,CAAC;AAChE,MAAM,CAAC,MAAM,cAAc,GAAG,IAAI,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;AAE9D,MAAM,CAAC,MAAM,cAAc,GAAe;IACxC,OAAO,EAAE,EAAE;IACX,YAAY,EAAE;QACZ,SAAS;QACT,SAAS;QACT,SAAS;QACT,SAAS;QACT,SAAS;KACV;IACD,aAAa,EAAE,SAAS;IACxB,gBAAgB,EAAE,SAAS;IAC3B,KAAK,EAAE;QACL,QAAQ,EAAE,SAAS;KACpB;IACD,cAAc,EAAE,cAAc;CAC/B,CAAC;AAEF,MAAM,CAAC,MAAM,gBAAgB,GAAG,gCAAgC,CAAC"}
+{"version":3,"file":"defaults.js","sourceRoot":"","sources":["../../src/config/defaults.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAC7B,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAE5B,MAAM,CAAC,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,UAAU,CAAC,CAAC;AACtD,MAAM,CAAC,MAAM,WAAW,GAAG,IAAI,CAAC,UAAU,EAAE,kBAAkB,CAAC,CAAC;AAChE,MAAM,CAAC,MAAM,cAAc,GAAG,IAAI,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;AAE9D;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAsB,MAAM,CAAC,MAAM,CAAC;IACtE,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,UAAU;IACV,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;CACV,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,cAAc,GAAe;IACxC,OAAO,EAAE,EAAE;IACX,YAAY,EAAE,CAAC,GAAG,uBAAuB,CAAC;IAC1C,aAAa,EAAE,SAAS;IACxB,gBAAgB,EAAE,SAAS;IAC3B,KAAK,EAAE;QACL,QAAQ,EAAE,SAAS;KACpB;IACD,cAAc,EAAE,cAAc;CAC/B,CAAC;AAEF,MAAM,CAAC,MAAM,gBAAgB,GAAG,gCAAgC,CAAC"}

package/dist/config/loader.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"loader.d.ts","sourceRoot":"","sources":["../../src/config/loader.ts"],"names":[],"mappings":"AACA,OAAO,EAA2C,KAAK,UAAU,EAAE,MAAM,eAAe,CAAC;AAEzF,wBAAgB,SAAS,IAAI,UAAU,CAMtC;AAED,wBAAgB,UAAU,CAAC,GAAG,EAAE,UAAU,GAAG,IAAI,CAGhD;AAED,wBAAgB,gBAAgB,IAAI,MAAM,EAAE,CAE3C"}
+{"version":3,"file":"loader.d.ts","sourceRoot":"","sources":["../../src/config/loader.ts"],"names":[],"mappings":"AAQA,OAAO,EAIL,KAAK,UAAU,EAChB,MAAM,eAAe,CAAC;AAGvB,wBAAgB,SAAS,IAAI,UAAU,CAgBtC;AAED,wBAAgB,UAAU,CAAC,GAAG,EAAE,UAAU,GAAG,IAAI,CAGhD;AAED,wBAAgB,gBAAgB,IAAI,MAAM,EAAE,CAE3C"}

package/dist/config/loader.js

@@ -1,13 +1,31 @@
+/**
+ * Config loader. Constitutional rule IDs are RE-MERGED into active_rules
+ * on every load — see `enforceConstitutionalActive` in immutability.ts.
+ * This means a user can hand-edit `~/.sunaiva/gate-config.json` to remove
+ * constitutional rules and the next runtime load will simply re-add them
+ * (in-memory only — the on-disk file is left untouched).
+ */
 import { readFileSync, writeFileSync, mkdirSync, existsSync } from "node:fs";
-import { CONFIG_DIR, CONFIG_PATH, DEFAULT_CONFIG } from "./defaults.js";
+import { CONFIG_DIR, CONFIG_PATH, DEFAULT_CONFIG, } from "./defaults.js";
+import { enforceConstitutionalActive } from "../engine/immutability.js";
 export function getConfig() {
+    let loaded;
     try {
-        if (existsSync(CONFIG_PATH))
-            return JSON.parse(readFileSync(CONFIG_PATH, "utf-8"));
+        if (existsSync(CONFIG_PATH)) {
+            loaded = JSON.parse(readFileSync(CONFIG_PATH, "utf-8"));
+        }
+        else {
+            saveConfig(DEFAULT_CONFIG);
+            loaded = { ...DEFAULT_CONFIG };
+        }
     }
-    catch { }
-    saveConfig(DEFAULT_CONFIG);
-    return { ...DEFAULT_CONFIG };
+    catch {
+        saveConfig(DEFAULT_CONFIG);
+        loaded = { ...DEFAULT_CONFIG };
+    }
+    // ALWAYS re-merge constitutional active_rules — user tampering of the
+    // on-disk file cannot disable a constitutional rule.
+    return enforceConstitutionalActive(loaded);
 }
 export function saveConfig(cfg) {
     mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });

package/dist/config/loader.js.map

@@ -1 +1 @@
-{"version":3,"file":"loader.js","sourceRoot":"","sources":["../../src/config/loader.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAC7E,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,cAAc,EAAmB,MAAM,eAAe,CAAC;AAEzF,MAAM,UAAU,SAAS;IACvB,IAAI,CAAC;QACH,IAAI,UAAU,CAAC,WAAW,CAAC;YAAE,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC,CAAC;IACrF,CAAC;IAAC,MAAM,CAAC,CAAA,CAAC;IACV,UAAU,CAAC,cAAc,CAAC,CAAC;IAC3B,OAAO,EAAE,GAAG,cAAc,EAAE,CAAC;AAC/B,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,GAAe;IACxC,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACxD,aAAa,CAAC,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;AAC5E,CAAC;AAED,MAAM,UAAU,gBAAgB;IAC9B,OAAO,SAAS,EAAE,CAAC,YAAY,CAAC;AAClC,CAAC"}
+{"version":3,"file":"loader.js","sourceRoot":"","sources":["../../src/config/loader.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAC7E,OAAO,EACL,UAAU,EACV,WAAW,EACX,cAAc,GAEf,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,2BAA2B,EAAE,MAAM,2BAA2B,CAAC;AAExE,MAAM,UAAU,SAAS;IACvB,IAAI,MAAkB,CAAC;IACvB,IAAI,CAAC;QACH,IAAI,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YAC5B,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC,CAAC;QAC1D,CAAC;aAAM,CAAC;YACN,UAAU,CAAC,cAAc,CAAC,CAAC;YAC3B,MAAM,GAAG,EAAE,GAAG,cAAc,EAAE,CAAC;QACjC,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,UAAU,CAAC,cAAc,CAAC,CAAC;QAC3B,MAAM,GAAG,EAAE,GAAG,cAAc,EAAE,CAAC;IACjC,CAAC;IACD,sEAAsE;IACtE,qDAAqD;IACrD,OAAO,2BAA2B,CAAC,MAAM,CAAC,CAAC;AAC7C,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,GAAe;IACxC,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACxD,aAAa,CAAC,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;AAC5E,CAAC;AAED,MAAM,UAAU,gBAAgB;IAC9B,OAAO,SAAS,EAAE,CAAC,YAAY,CAAC;AAClC,CAAC"}