@sunaiva/gate 1.0.0 → 1.1.0

package/dist/engine/rule-engine.js

@@ -1,56 +1,266 @@
 /**
  * Rule Engine — loads rules.json, filters active rules, evaluates actions.
+ *
+ * Severity model (v1.0.1):
+ *   - HARD   = constitutional rules (always block on match, no enforcement_mode escape)
+ *   - MEDIUM = standard rule with severity=block (warn-then-block)
+ *   - SOFT   = standard rule with severity=warn (warn only, never block)
+ *
+ * Premium rules: rules with `backend_required: true` and stub detection_pattern
+ * are skipped locally unless a backend URL is configured. Future versions will
+ * call the backend over HTTP for these.
  */
-import { readFileSync } from "fs";
+import { readFileSync, existsSync } from "fs";
 import { join, dirname } from "path";
 import { fileURLToPath } from "url";
 import { matchAction } from "./pattern-matcher.js";
+import { BackendClient } from "./backend-client.js";
 const __dirname = dirname(fileURLToPath(import.meta.url));
-// In dist, rules are in ../rules/ (relative to dist/engine/). In dev, ../../rules/.
-const RULES_PATH = join(__dirname, "../rules/rules.json");
+// Try dist layout first (../rules from dist/engine/), then source layout
+// (../../rules from src/engine/). This lets the same code run under tsc-built
+// dist AND under ts-jest from source without a build step.
+function resolveRulesPath() {
+    const candidates = [
+        join(__dirname, "../rules/rules.json"), // dist: dist/engine -> dist/rules (preferred)
+        join(__dirname, "../../dist/rules/rules.json"), // src: src/engine -> dist/rules (test runs from src after build)
+        join(__dirname, "../../rules/rules.json"), // src: src/engine -> rules (raw fallback, no backend_required flags)
+    ];
+    for (const c of candidates) {
+        if (existsSync(c))
+            return c;
+    }
+    return candidates[0]; // fall back; loadAllRules will fail-open
+}
+const RULES_PATH = resolveRulesPath();
 let _rules = null;
+// ----------------------------------------------------------------------
+// Backend client wiring (B4 closes the orphan B3 left behind)
+// ----------------------------------------------------------------------
+// A single process-wide BackendClient. Lazy-constructed on first use so
+// the no-backend path stays cheap. When SUNAIVA_GATE_API_TOKEN is unset
+// the client still works — it returns `skipped_no_token` for every rule
+// and writes the once-per-process stderr notice.
+let _backendClient = null;
+/** Lazy singleton. Tests can override via setBackendClient(). */
+function getBackendClient() {
+    if (!_backendClient)
+        _backendClient = new BackendClient();
+    return _backendClient;
+}
+/** Test-only injection point. */
+export function setBackendClient(client) {
+    _backendClient = client;
+}
+/** True iff the premium backend is fully configured (token present). */
+function isBackendConfigured() {
+    return getBackendClient().isConfigured();
+}
 export function loadAllRules() {
     if (_rules)
         return _rules;
-    const raw = readFileSync(RULES_PATH, "utf-8");
-    _rules = JSON.parse(raw);
+    try {
+        const raw = readFileSync(RULES_PATH, "utf-8");
+        _rules = JSON.parse(raw);
+    }
+    catch (err) {
+        // FAIL-OPEN: never crash the MCP server on bad rules file.
+        // Stderr log so operator sees the problem; serve no rules.
+        console.error(`[sunaiva-gate] WARN: could not load rules.json at ${RULES_PATH}: ` +
+            (err instanceof Error ? err.message : String(err)));
+        _rules = [];
+    }
     return _rules;
 }
+/**
+ * Returns ONLY the rules whose `enforcement === "constitutional"`.
+ *
+ * This is the canonical "what is constitutional" function used by
+ * B4's immutability guard. It reads from the package-bundled rules
+ * (dist/rules/rules.json), never from the user-editable on-disk
+ * copy at ~/.sunaiva/rules.json — so a user cannot circumvent the
+ * guard by hand-editing their config.
+ *
+ * Cached via loadAllRules().
+ */
+export function loadConstitutionalRulesOnly() {
+    return loadAllRules().filter((r) => r &&
+        (r.enforcement === "constitutional" || r.constitutional === true));
+}
+/**
+ * Resolved path that loadAllRules() reads from. Exported for tests
+ * and diagnostic tooling (e.g. verify-bundle / smoke-test reporting).
+ */
+export function getResolvedRulesPath() {
+    return RULES_PATH;
+}
 export function getActiveRules(config) {
     const all = loadAllRules();
     return all.filter((r) => config.active_rules.includes(r.id));
 }
+/** Returns true if the rule should be enforced locally. */
+function isLocalRule(rule, backendConfigured) {
+    if (!rule.backend_required)
+        return true;
+    // Premium rule + backend configured => future HTTP path. Until that lands,
+    // we still skip locally and log it so the caller can see what was deferred.
+    return backendConfigured;
+}
+/** Map a rule + enforcement_mode to the severity tier label. */
+function deriveSeverity(rule) {
+    if (rule.enforcement === "constitutional")
+        return "HARD";
+    if (rule.severity === "warn")
+        return "SOFT";
+    // standard + block or warn-then-block
+    return "MEDIUM";
+}
 export function evaluateAction(action, config, warningCounts, context) {
     const activeRules = getActiveRules(config);
     const combined = context ? `${action} ${context}` : action;
     const violations = [];
     const warnings = [];
+    const wouldHaveBlocked = [];
+    const skippedPremium = [];
+    // B4: sync evaluateAction always skips premium rules locally — the
+    // BackendClient lives behind the async wrapper `evaluateActionAsync`.
+    // This keeps the smoke test + legacy sync callers synchronous. Premium
+    // rules show up in skipped_premium; the async wrapper then enriches the
+    // result with backend_results when SUNAIVA_GATE_API_TOKEN is set.
+    const backendConfigured = false;
+    let maxSeverity = null;
+    const bumpSeverity = (s) => {
+        if (maxSeverity === null)
+            maxSeverity = s;
+        else if (s === "HARD")
+            maxSeverity = "HARD";
+        else if (s === "MEDIUM" && maxSeverity === "SOFT")
+            maxSeverity = "MEDIUM";
+    };
     for (const rule of activeRules) {
+        if (!isLocalRule(rule, backendConfigured)) {
+            skippedPremium.push(rule.id);
+            continue;
+        }
         const result = matchAction(combined, rule.detection_pattern);
         if (!result.matched)
             continue;
+        const tier = deriveSeverity(rule);
+        bumpSeverity(tier);
         if (rule.enforcement === "constitutional") {
-            // Constitutional rules always block
+            // HARD: always block, regardless of enforcement_mode.
             violations.push(rule);
+            wouldHaveBlocked.push(rule.id);
+        }
+        else if (tier === "SOFT") {
+            // SOFT (warn severity): warning only, never block.
+            warnings.push(rule);
         }
         else {
-            // Standard rules: warn first time, block on repeat
+            // MEDIUM (standard + block): warn-then-block ladder.
             const count = warningCounts.get(rule.id) ?? 0;
-            if (config.enforcement_mode === "warn-only") {
-                warnings.push(rule);
-            }
-            else if (config.enforcement_mode === "audit") {
+            if (config.enforcement_mode === "warn-only" || config.enforcement_mode === "audit") {
                 warnings.push(rule);
+                wouldHaveBlocked.push(rule.id);
             }
             else if (count === 0) {
                 warnings.push(rule);
             }
             else {
                 violations.push(rule);
+                wouldHaveBlocked.push(rule.id);
             }
         }
     }
     const allowed = violations.length === 0;
-    return { allowed, violations, warnings };
+    return {
+        allowed,
+        violations,
+        warnings,
+        severity_tier: maxSeverity,
+        would_have_blocked: wouldHaveBlocked,
+        skipped_premium: skippedPremium,
+    };
+}
+/**
+ * Async wrapper around evaluateAction that ALSO delegates premium
+ * (`backend_required: true`) rules to the BackendClient. Used by
+ * `handleValidateAction` when SUNAIVA_GATE_API_TOKEN is set so premium
+ * rules actually get evaluated server-side instead of silently skipped.
+ *
+ * Failure mode: any backend error (network, 5xx, missing token) becomes
+ * a `skipped_*` status on the per-rule result. The BackendClient itself
+ * is fail-OPEN for the customer — a Sunaiva outage never blocks the user.
+ *
+ * Premium-rule semantics:
+ *   - rule_id in skipped_premium  → backend was NOT consulted (sync path)
+ *   - rule_id in backend_results  → backend WAS consulted; check status field
+ *   - status === "matched"        → backend wants to block; promoted to violation
+ *   - status === "no_match"       → backend evaluated clean
+ *   - status === "skipped_*"      → fail-OPEN (rule deferred, see error field)
+ *
+ * Tests #7 (token unset → skipped_no_token) lives here.
+ */
+export async function evaluateActionAsync(action, config, warningCounts, context) {
+    const sync = evaluateAction(action, config, warningCounts, context);
+    // Premium rule IDs that the sync pass deferred to the backend.
+    const activeRules = getActiveRules(config);
+    const premiumRules = activeRules.filter((r) => r.backend_required === true && sync.skipped_premium.includes(r.id));
+    if (premiumRules.length === 0)
+        return sync;
+    const combined = context ? `${action} ${context}` : action;
+    const client = getBackendClient();
+    const backendEval = await client.evaluate(premiumRules.map((r) => r.id), combined, { action_preview: action.slice(0, 200) });
+    // Promote backend-matched premium rules into violations / warnings
+    // following the same severity-tier ladder used by the local engine.
+    const violations = [...sync.violations];
+    const warnings = [...sync.warnings];
+    const wouldHaveBlocked = [...sync.would_have_blocked];
+    let maxSeverity = sync.severity_tier;
+    const bump = (s) => {
+        if (maxSeverity === null)
+            maxSeverity = s;
+        else if (s === "HARD")
+            maxSeverity = "HARD";
+        else if (s === "MEDIUM" && maxSeverity === "SOFT")
+            maxSeverity = "MEDIUM";
+    };
+    for (const r of backendEval.results) {
+        if (!r.matched)
+            continue;
+        const rule = premiumRules.find((p) => p.id === r.rule_id);
+        if (!rule)
+            continue;
+        // Backend severity overrides local; default to MEDIUM when unspecified.
+        const tier = rule.enforcement === "constitutional"
+            ? "HARD"
+            : r.severity === "warn"
+                ? "SOFT"
+                : "MEDIUM";
+        bump(tier);
+        if (tier === "SOFT") {
+            warnings.push(rule);
+        }
+        else {
+            violations.push(rule);
+            wouldHaveBlocked.push(rule.id);
+        }
+    }
+    // Premium rules that the backend handled are no longer "skipped".
+    const skippedPremium = sync.skipped_premium.filter((id) => !backendEval.results.some((r) => r.rule_id === id && r.status !== "skipped_no_token" && r.status !== "skipped_disabled" && !r.status.startsWith("skipped_")));
+    // Inverse: keep the rules that ARE still skipped (token absent or backend error).
+    const stillSkipped = backendEval.results
+        .filter((r) => r.status.startsWith("skipped_"))
+        .map((r) => r.rule_id);
+    // Union local-deferred + still-skipped (de-dup).
+    const finalSkipped = Array.from(new Set([...skippedPremium, ...stillSkipped]));
+    return {
+        allowed: violations.length === 0,
+        violations,
+        warnings,
+        severity_tier: maxSeverity,
+        would_have_blocked: wouldHaveBlocked,
+        skipped_premium: finalSkipped,
+        backend_results: backendEval.results,
+    };
 }
 //# sourceMappingURL=rule-engine.js.map

package/dist/engine/rule-engine.js.map

@@ -1 +1 @@
-{"version":3,"file":"rule-engine.js","sourceRoot":"","sources":["../../src/engine/rule-engine.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC;AAClC,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AACrC,OAAO,EAAE,aAAa,EAAE,MAAM,KAAK,CAAC;AACpC,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAGnD,MAAM,SAAS,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AAC1D,oFAAoF;AACpF,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,EAAE,qBAAqB,CAAC,CAAC;AAqB1D,IAAI,MAAM,GAAkB,IAAI,CAAC;AAEjC,MAAM,UAAU,YAAY;IAC1B,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAC1B,MAAM,GAAG,GAAG,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IAC9C,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAW,CAAC;IACnC,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,MAAkB;IAC/C,MAAM,GAAG,GAAG,YAAY,EAAE,CAAC;IAC3B,OAAO,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;AAC/D,CAAC;AAED,MAAM,UAAU,cAAc,CAC5B,MAAc,EACd,MAAkB,EAClB,aAAkC,EAClC,OAAgB;IAEhB,MAAM,WAAW,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;IAC3C,MAAM,QAAQ,GAAG,OAAO,CAAC,CAAC,CAAC,GAAG,MAAM,IAAI,OAAO,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC;IAE3D,MAAM,UAAU,GAAW,EAAE,CAAC;IAC9B,MAAM,QAAQ,GAAW,EAAE,CAAC;IAE5B,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,WAAW,CAAC,QAAQ,EAAE,IAAI,CAAC,iBAAiB,CAAC,CAAC;QAC7D,IAAI,CAAC,MAAM,CAAC,OAAO;YAAE,SAAS;QAE9B,IAAI,IAAI,CAAC,WAAW,KAAK,gBAAgB,EAAE,CAAC;YAC1C,oCAAoC;YACpC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACxB,CAAC;aAAM,CAAC;YACN,mDAAmD;YACnD,MAAM,KAAK,GAAG,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;YAC9C,IAAI,MAAM,CAAC,gBAAgB,KAAK,WAAW,EAAE,CAAC;gBAC5C,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtB,CAAC;iBAAM,IAAI,MAAM,CAAC,gBAAgB,KAAK,OAAO,EAAE,CAAC;gBAC/C,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtB,CAAC;iBAAM,IAAI,KAAK,KAAK,CAAC,EAAE,CAAC;gBACvB,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtB,CAAC;iBAAM,CAAC;gBACN,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACxB,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GAAG,UAAU,CAAC,MAAM,KAAK,CAAC,CAAC;IACxC,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,CAAC;AAC3C,CAAC"}
+{"version":3,"file":"rule-engine.js","sourceRoot":"","sources":["../../src/engine/rule-engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,IAAI,CAAC;AAC9C,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AACrC,OAAO,EAAE,aAAa,EAAE,MAAM,KAAK,CAAC;AACpC,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAEnD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAGpD,MAAM,SAAS,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AAC1D,yEAAyE;AACzE,8EAA8E;AAC9E,2DAA2D;AAC3D,SAAS,gBAAgB;IACvB,MAAM,UAAU,GAAG;QACjB,IAAI,CAAC,SAAS,EAAE,qBAAqB,CAAC,EAAU,8CAA8C;QAC9F,IAAI,CAAC,SAAS,EAAE,6BAA6B,CAAC,EAAE,iEAAiE;QACjH,IAAI,CAAC,SAAS,EAAE,wBAAwB,CAAC,EAAO,qEAAqE;KACtH,CAAC;IACF,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;QAC3B,IAAI,UAAU,CAAC,CAAC,CAAC;YAAE,OAAO,CAAC,CAAC;IAC9B,CAAC;IACD,OAAO,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,yCAAyC;AACjE,CAAC;AAED,MAAM,UAAU,GAAG,gBAAgB,EAAE,CAAC;AAiCtC,IAAI,MAAM,GAAkB,IAAI,CAAC;AAEjC,yEAAyE;AACzE,8DAA8D;AAC9D,yEAAyE;AACzE,wEAAwE;AACxE,wEAAwE;AACxE,wEAAwE;AACxE,iDAAiD;AACjD,IAAI,cAAc,GAAyB,IAAI,CAAC;AAEhD,iEAAiE;AACjE,SAAS,gBAAgB;IACvB,IAAI,CAAC,cAAc;QAAE,cAAc,GAAG,IAAI,aAAa,EAAE,CAAC;IAC1D,OAAO,cAAc,CAAC;AACxB,CAAC;AAED,iCAAiC;AACjC,MAAM,UAAU,gBAAgB,CAAC,MAA4B;IAC3D,cAAc,GAAG,MAAM,CAAC;AAC1B,CAAC;AAED,wEAAwE;AACxE,SAAS,mBAAmB;IAC1B,OAAO,gBAAgB,EAAE,CAAC,YAAY,EAAE,CAAC;AAC3C,CAAC;AAED,MAAM,UAAU,YAAY;IAC1B,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAC1B,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAC9C,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAW,CAAC;IACrC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,2DAA2D;QAC3D,2DAA2D;QAC3D,OAAO,CAAC,KAAK,CACX,qDAAqD,UAAU,IAAI;YACjE,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CACrD,CAAC;QACF,MAAM,GAAG,EAAE,CAAC;IACd,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,2BAA2B;IACzC,OAAO,YAAY,EAAE,CAAC,MAAM,CAC1B,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC;QACD,CAAC,CAAC,CAAC,WAAW,KAAK,gBAAgB,IAAI,CAAC,CAAC,cAAc,KAAK,IAAI,CAAC,CACpE,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,oBAAoB;IAClC,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,MAAkB;IAC/C,MAAM,GAAG,GAAG,YAAY,EAAE,CAAC;IAC3B,OAAO,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;AAC/D,CAAC;AAED,2DAA2D;AAC3D,SAAS,WAAW,CAAC,IAAU,EAAE,iBAA0B;IACzD,IAAI,CAAC,IAAI,CAAC,gBAAgB;QAAE,OAAO,IAAI,CAAC;IACxC,2EAA2E;IAC3E,4EAA4E;IAC5E,OAAO,iBAAiB,CAAC;AAC3B,CAAC;AAED,gEAAgE;AAChE,SAAS,cAAc,CAAC,IAAU;IAChC,IAAI,IAAI,CAAC,WAAW,KAAK,gBAAgB;QAAE,OAAO,MAAM,CAAC;IACzD,IAAI,IAAI,CAAC,QAAQ,KAAK,MAAM;QAAE,OAAO,MAAM,CAAC;IAC5C,sCAAsC;IACtC,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,cAAc,CAC5B,MAAc,EACd,MAAkB,EAClB,aAAkC,EAClC,OAAgB;IAEhB,MAAM,WAAW,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;IAC3C,MAAM,QAAQ,GAAG,OAAO,CAAC,CAAC,CAAC,GAAG,MAAM,IAAI,OAAO,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC;IAE3D,MAAM,UAAU,GAAW,EAAE,CAAC;IAC9B,MAAM,QAAQ,GAAW,EAAE,CAAC;IAC5B,MAAM,gBAAgB,GAAa,EAAE,CAAC;IACtC,MAAM,cAAc,GAAa,EAAE,CAAC;IAEpC,mEAAmE;IACnE,sEAAsE;IACtE,uEAAuE;IACvE,wEAAwE;IACxE,kEAAkE;IAClE,MAAM,iBAAiB,GAAG,KAAK,CAAC;IAEhC,IAAI,WAAW,GAAwB,IAAI,CAAC;IAC5C,MAAM,YAAY,GAAG,CAAC,CAAe,EAAE,EAAE;QACvC,IAAI,WAAW,KAAK,IAAI;YAAE,WAAW,GAAG,CAAC,CAAC;aACrC,IAAI,CAAC,KAAK,MAAM;YAAE,WAAW,GAAG,MAAM,CAAC;aACvC,IAAI,CAAC,KAAK,QAAQ,IAAI,WAAW,KAAK,MAAM;YAAE,WAAW,GAAG,QAAQ,CAAC;IAC5E,CAAC,CAAC;IAEF,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;QAC/B,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,iBAAiB,CAAC,EAAE,CAAC;YAC1C,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC7B,SAAS;QACX,CAAC;QAED,MAAM,MAAM,GAAG,WAAW,CAAC,QAAQ,EAAE,IAAI,CAAC,iBAAiB,CAAC,CAAC;QAC7D,IAAI,CAAC,MAAM,CAAC,OAAO;YAAE,SAAS;QAE9B,MAAM,IAAI,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;QAClC,YAAY,CAAC,IAAI,CAAC,CAAC;QAEnB,IAAI,IAAI,CAAC,WAAW,KAAK,gBAAgB,EAAE,CAAC;YAC1C,sDAAsD;YACtD,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtB,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjC,CAAC;aAAM,IAAI,IAAI,KAAK,MAAM,EAAE,CAAC;YAC3B,mDAAmD;YACnD,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtB,CAAC;aAAM,CAAC;YACN,qDAAqD;YACrD,MAAM,KAAK,GAAG,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;YAC9C,IAAI,MAAM,CAAC,gBAAgB,KAAK,WAAW,IAAI,MAAM,CAAC,gBAAgB,KAAK,OAAO,EAAE,CAAC;gBACnF,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACpB,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACjC,CAAC;iBAAM,IAAI,KAAK,KAAK,CAAC,EAAE,CAAC;gBACvB,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtB,CAAC;iBAAM,CAAC;gBACN,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACtB,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACjC,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GAAG,UAAU,CAAC,MAAM,KAAK,CAAC,CAAC;IACxC,OAAO;QACL,OAAO;QACP,UAAU;QACV,QAAQ;QACR,aAAa,EAAE,WAAW;QAC1B,kBAAkB,EAAE,gBAAgB;QACpC,eAAe,EAAE,cAAc;KAChC,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,MAAc,EACd,MAAkB,EAClB,aAAkC,EAClC,OAAgB;IAEhB,MAAM,IAAI,GAAG,cAAc,CAAC,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,OAAO,CAAC,CAAC;IACpE,+DAA+D;IAC/D,MAAM,WAAW,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;IAC3C,MAAM,YAAY,GAAG,WAAW,CAAC,MAAM,CACrC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,gBAAgB,KAAK,IAAI,IAAI,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAC1E,CAAC;IACF,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAE3C,MAAM,QAAQ,GAAG,OAAO,CAAC,CAAC,CAAC,GAAG,MAAM,IAAI,OAAO,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC;IAC3D,MAAM,MAAM,GAAG,gBAAgB,EAAE,CAAC;IAClC,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,QAAQ,CACvC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAC7B,QAAQ,EACR,EAAE,cAAc,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CACzC,CAAC;IAEF,mEAAmE;IACnE,oEAAoE;IACpE,MAAM,UAAU,GAAG,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC;IACxC,MAAM,QAAQ,GAAG,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC;IACpC,MAAM,gBAAgB,GAAG,CAAC,GAAG,IAAI,CAAC,kBAAkB,CAAC,CAAC;IACtD,IAAI,WAAW,GAAG,IAAI,CAAC,aAAa,CAAC;IACrC,MAAM,IAAI,GAAG,CAAC,CAAe,EAAE,EAAE;QAC/B,IAAI,WAAW,KAAK,IAAI;YAAE,WAAW,GAAG,CAAC,CAAC;aACrC,IAAI,CAAC,KAAK,MAAM;YAAE,WAAW,GAAG,MAAM,CAAC;aACvC,IAAI,CAAC,KAAK,QAAQ,IAAI,WAAW,KAAK,MAAM;YAAE,WAAW,GAAG,QAAQ,CAAC;IAC5E,CAAC,CAAC;IAEF,KAAK,MAAM,CAAC,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;QACpC,IAAI,CAAC,CAAC,CAAC,OAAO;YAAE,SAAS;QACzB,MAAM,IAAI,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,OAAO,CAAC,CAAC;QAC1D,IAAI,CAAC,IAAI;YAAE,SAAS;QACpB,wEAAwE;QACxE,MAAM,IAAI,GACR,IAAI,CAAC,WAAW,KAAK,gBAAgB;YACnC,CAAC,CAAC,MAAM;YACR,CAAC,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM;gBACrB,CAAC,CAAC,MAAM;gBACR,CAAC,CAAC,QAAQ,CAAC;QACjB,IAAI,CAAC,IAAI,CAAC,CAAC;QACX,IAAI,IAAI,KAAK,MAAM,EAAE,CAAC;YACpB,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtB,CAAC;aAAM,CAAC;YACN,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtB,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;IAED,kEAAkE;IAClE,MAAM,cAAc,GAAG,IAAI,CAAC,eAAe,CAAC,MAAM,CAChD,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,EAAE,IAAI,CAAC,CAAC,MAAM,KAAK,kBAAkB,IAAI,CAAC,CAAC,MAAM,KAAK,kBAAkB,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,CACrK,CAAC;IACF,kFAAkF;IAClF,MAAM,YAAY,GAAG,WAAW,CAAC,OAAO;SACrC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;SAC9C,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IACzB,iDAAiD;IACjD,MAAM,YAAY,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,CAAC,GAAG,cAAc,EAAE,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;IAE/E,OAAO;QACL,OAAO,EAAE,UAAU,CAAC,MAAM,KAAK,CAAC;QAChC,UAAU;QACV,QAAQ;QACR,aAAa,EAAE,WAAW;QAC1B,kBAAkB,EAAE,gBAAgB;QACpC,eAAe,EAAE,YAAY;QAC7B,eAAe,EAAE,WAAW,CAAC,OAAO;KACrC,CAAC;AACJ,CAAC"}

package/dist/engine/session-state.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"session-state.d.ts","sourceRoot":"","sources":["../../src/engine/session-state.ts"],"names":[],"mappings":"AAIA,UAAU,YAAY;IACpB,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACzC;AAMD,wBAAgB,QAAQ,IAAI,YAAY,CAGvC;AAED,wBAAgB,SAAS,CAAC,CAAC,EAAE,YAAY,GAAG,IAAI,CAE/C;AAED,wBAAgB,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAKpD;AAED,wBAAgB,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAEtD;AAED,wBAAgB,gBAAgB,IAAI,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAGtD;AAED,wBAAgB,eAAe,IAAI,IAAI,CAItC;AAED,wBAAgB,UAAU,IAAI,IAAI,CAEjC"}
+{"version":3,"file":"session-state.d.ts","sourceRoot":"","sources":["../../src/engine/session-state.ts"],"names":[],"mappings":"AAOA,UAAU,YAAY;IACpB,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACzC;AAMD,wBAAgB,QAAQ,IAAI,YAAY,CAGvC;AAED,wBAAgB,SAAS,CAAC,CAAC,EAAE,YAAY,GAAG,IAAI,CAG/C;AAED,wBAAgB,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAKpD;AAED,wBAAgB,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAEtD;AAED,wBAAgB,gBAAgB,IAAI,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAGtD;AAED,wBAAgB,eAAe,IAAI,IAAI,CAItC;AAED,wBAAgB,UAAU,IAAI,IAAI,CAEjC"}

package/dist/engine/session-state.js

@@ -1,5 +1,8 @@
 import { readFileSync, writeFileSync } from "node:fs";
-const STATE_FILE = "/tmp/sunaiva_gate_session.json";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+// Cross-platform tempdir (Windows: %LOCALAPPDATA%\Temp, Unix: /tmp)
+const STATE_FILE = join(tmpdir(), "sunaiva_gate_session.json");
 function defaultState() {
     return { session_start: new Date().toISOString(), action_count: 0, warnings_issued: {} };
 }
@@ -12,7 +15,10 @@ export function getState() {
     }
 }
 export function saveState(s) {
-    writeFileSync(STATE_FILE, JSON.stringify(s, null, 2));
+    try {
+        writeFileSync(STATE_FILE, JSON.stringify(s, null, 2));
+    }
+    catch { /* fail-OPEN: never crash because session state is unwritable */ }
 }
 export function recordWarning(ruleId) {
     const s = getState();

package/dist/engine/session-state.js.map

@@ -1 +1 @@
-{"version":3,"file":"session-state.js","sourceRoot":"","sources":["../../src/engine/session-state.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAEtD,MAAM,UAAU,GAAG,gCAAgC,CAAC;AAQpD,SAAS,YAAY;IACnB,OAAO,EAAE,aAAa,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,YAAY,EAAE,CAAC,EAAE,eAAe,EAAE,EAAE,EAAE,CAAC;AAC3F,CAAC;AAED,MAAM,UAAU,QAAQ;IACtB,IAAI,CAAC;QAAC,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC;IAAC,CAAC;IAC7D,MAAM,CAAC;QAAC,OAAO,YAAY,EAAE,CAAC;IAAC,CAAC;AAClC,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,CAAe;IACvC,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;AACxD,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,MAAc;IAC1C,MAAM,CAAC,GAAG,QAAQ,EAAE,CAAC;IACrB,CAAC,CAAC,eAAe,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;IACjE,SAAS,CAAC,CAAC,CAAC,CAAC;IACb,OAAO,CAAC,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;AACnC,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,MAAc;IAC5C,OAAO,QAAQ,EAAE,CAAC,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;AACjD,CAAC;AAED,MAAM,UAAU,gBAAgB;IAC9B,MAAM,CAAC,GAAG,QAAQ,EAAE,CAAC;IACrB,OAAO,IAAI,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC;AACpD,CAAC;AAED,MAAM,UAAU,eAAe;IAC7B,MAAM,CAAC,GAAG,QAAQ,EAAE,CAAC;IACrB,CAAC,CAAC,YAAY,EAAE,CAAC;IACjB,SAAS,CAAC,CAAC,CAAC,CAAC;AACf,CAAC;AAED,MAAM,UAAU,UAAU;IACxB,SAAS,CAAC,YAAY,EAAE,CAAC,CAAC;AAC5B,CAAC"}
+{"version":3,"file":"session-state.js","sourceRoot":"","sources":["../../src/engine/session-state.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACtD,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,oEAAoE;AACpE,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,EAAE,EAAE,2BAA2B,CAAC,CAAC;AAQ/D,SAAS,YAAY;IACnB,OAAO,EAAE,aAAa,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,YAAY,EAAE,CAAC,EAAE,eAAe,EAAE,EAAE,EAAE,CAAC;AAC3F,CAAC;AAED,MAAM,UAAU,QAAQ;IACtB,IAAI,CAAC;QAAC,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC;IAAC,CAAC;IAC7D,MAAM,CAAC;QAAC,OAAO,YAAY,EAAE,CAAC;IAAC,CAAC;AAClC,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,CAAe;IACvC,IAAI,CAAC;QAAC,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAAC,CAAC;IAC9D,MAAM,CAAC,CAAC,gEAAgE,CAAC,CAAC;AAC5E,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,MAAc;IAC1C,MAAM,CAAC,GAAG,QAAQ,EAAE,CAAC;IACrB,CAAC,CAAC,eAAe,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;IACjE,SAAS,CAAC,CAAC,CAAC,CAAC;IACb,OAAO,CAAC,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;AACnC,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,MAAc;IAC5C,OAAO,QAAQ,EAAE,CAAC,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;AACjD,CAAC;AAED,MAAM,UAAU,gBAAgB;IAC9B,MAAM,CAAC,GAAG,QAAQ,EAAE,CAAC;IACrB,OAAO,IAAI,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC;AACpD,CAAC;AAED,MAAM,UAAU,eAAe;IAC7B,MAAM,CAAC,GAAG,QAAQ,EAAE,CAAC;IACrB,CAAC,CAAC,YAAY,EAAE,CAAC;IACjB,SAAS,CAAC,CAAC,CAAC,CAAC;AACf,CAAC;AAED,MAAM,UAAU,UAAU;IACxB,SAAS,CAAC,YAAY,EAAE,CAAC,CAAC;AAC5B,CAAC"}

package/dist/engine/ship-confidence-gate.d.ts

@@ -0,0 +1,184 @@
+export declare const HOOK_NAME = "ship_confidence_gate";
+export declare const HOOK_VERSION = "1.2.0";
+export declare const RULE_NAME = "Rule 42 \u2014 Ship Confidence Gate";
+export declare const RULE_VERSION = "1.0";
+export type GateDecision = "allow" | "block" | "absent" | "skip_key";
+export interface GateEvidence {
+    verdict_path?: string;
+    verdict_id?: string;
+    level?: string;
+    signed_at?: string;
+    signature_algorithm?: string;
+    age_minutes?: number;
+    token_path?: string;
+    paid_fallthrough_reason?: string;
+}
+export interface GateResult {
+    /** Final policy decision after BOTH tiers are evaluated. */
+    decision: "allow" | "block";
+    /** Which tier produced the result (paid > free; null on block/error). */
+    tier: "paid" | "free" | null;
+    /** Reason string (human-readable). */
+    reason: string;
+    /** Structured evidence for the audit ledger. */
+    evidence: GateEvidence;
+    /** Verdict id if a verdict file was inspected. */
+    verdict_id?: string;
+    /** Verdict level if checked. */
+    level?: string;
+    /** signed_at ISO if checked. */
+    signed_at?: string;
+    /** Age in minutes if checked. */
+    age_minutes?: number;
+    /** Self-stamp block (matching the Python _stamp field). */
+    stamp: GateStamp;
+    /** When dry-run is active, the would-have-been decision is preserved here. */
+    would_have_been?: "allow" | "block";
+    /** When kill-switch active. */
+    bypassed?: boolean;
+}
+export interface GateStamp {
+    hook_name: string;
+    hook_version: string;
+    rule_name: string;
+    rule_version: string;
+    why: string;
+    suggested_fix: string;
+    artifact_id: string;
+    command_preview: string;
+    timestamp: string;
+    label?: string;
+    tier?: "paid" | "free" | null;
+}
+export interface PaidCheckResult {
+    decision: GateDecision;
+    reason: string;
+    evidence: GateEvidence | null;
+}
+export interface GateOptions {
+    /** Override the verdict directory. Default: <genesisRoot>/data/ship_confidence_verdicts */
+    verdictDir?: string;
+    /** Override the approval token directory. Default: <genesisRoot>/data/deploy_queue/APPROVAL_TOKENS */
+    approvalDir?: string;
+    /** Max age of a signed verdict before it's considered stale (minutes). Default 60. */
+    maxAgeMinutes?: number;
+    /** Env var name holding the HMAC signing key. Default SHIP_CONFIDENCE_SIGNING_KEY. */
+    signingKeyEnv?: string;
+    /** Verdict levels that grant allow. Default ["GREEN"]. */
+    allowedLevels?: string[];
+    /** Token TTL in seconds. Default 3600. */
+    tokenTtlSeconds?: number;
+    /** Override the genesis root for path resolution. */
+    genesisRoot?: string;
+    /** Override the audit log path. */
+    auditLogPath?: string;
+    /** Override env (for tests). Defaults to process.env. */
+    env?: NodeJS.ProcessEnv;
+}
+/** Match the Python _sanitize: non-[A-Za-z0-9._-] → '-', strip dashes, max 128. */
+export declare function sanitizeArtifactId(artifactId: string): string;
+/**
+ * Detect the genesis-system root, matching the Python _detect_genesis_root logic.
+ * Priority: env override → WSL path → Windows path → fall back to a path that
+ * may not exist (so log paths stay consistent).
+ */
+declare function detectGenesisRoot(env: NodeJS.ProcessEnv): string;
+/** Parse signed_at ISO timestamps tolerantly (accepts 'Z' suffix). */
+declare function parseSignedAt(raw: unknown): Date | null;
+export declare class ShipConfidenceGate {
+    private readonly verdictDir;
+    private readonly approvalDir;
+    private readonly maxAgeMinutes;
+    private readonly signingKeyEnv;
+    private readonly allowedLevels;
+    private readonly tokenTtlSeconds;
+    private readonly genesisRoot;
+    private readonly auditLogPath;
+    private readonly env;
+    constructor(opts?: GateOptions);
+    /**
+     * Look up and verify the signed Verdict for an artifact.
+     *
+     * Return-value semantics mirror the Python _check_signed_verdict:
+     *   - "allow"     : valid signature, allowed level, fresh → grant
+     *   - "block"     : verdict present but fails policy → HARD block
+     *   - "absent"    : no verdict file → caller tries free-tier fallback
+     *   - "skip_key"  : verdict present but signing key env unset → fall through
+     *
+     * NEVER throws. Any unexpected error → "absent" (the outer fail-open handler
+     * in check() preserves overall fail-OPEN semantics).
+     */
+    checkSignedVerdict(artifactId: string): Promise<PaidCheckResult>;
+    /**
+     * Find a fresh approval token matching the artifact_id.
+     * Token must be JSON with at minimum {artifact_id, timestamp}.
+     */
+    findApprovalToken(artifactId: string): Promise<string | null>;
+    /** Single-use token consumption. Never throws. */
+    consumeToken(tokenPath: string): Promise<void>;
+    /** Self-stamped allow payload (matches Python format_allow + _stamp). */
+    formatAllow(opts: {
+        artifactId: string;
+        tier: "paid" | "free" | null;
+        why: string;
+        commandPreview?: string;
+        label?: string;
+        extraContext?: string;
+    }): {
+        continue: true;
+        additionalContext: string;
+        _stamp: GateStamp;
+    };
+    /** Self-stamped block payload (matches Python format_block + _stamp). */
+    formatBlock(opts: {
+        label: string;
+        reason: string;
+        artifactId: string;
+        commandPreview?: string;
+        suggestedFix: string;
+    }): {
+        continue: false;
+        decision: "block";
+        reason: string;
+        stopReason: string;
+        message: string;
+        _stamp: GateStamp;
+    };
+    /**
+     * Write an entry to the unified audit ledger. Matches the schema in §6.2 of
+     * BUILD_PLAN_1_1_0_WAVE2_BRIEFS.md and tags it with event_type so a single
+     * file is queryable (Opus orchestrator decision on [VERIFY] item 5).
+     */
+    writeAudit(entry: Record<string, unknown>): void;
+    /** Expose the audit log path for tests and tooling. */
+    getAuditLogPath(): string;
+    /**
+     * Run the full gate logic for a given artifact_id + optional command preview.
+     * Returns a GateResult with a final allow/block decision and a self-stamped
+     * payload. Audit entries are written to the unified ledger.
+     *
+     * Behaviour order (matching Python main()):
+     *   0. Kill-switch (DISABLE_SUNAIVA_GATE=1) → allow, log bypass.
+     *   1. Dry-run (SUNAIVA_GATE_DRY_RUN=1) → probe both tiers, log dry-run, allow.
+     *   2. PAID tier → if allow, return allow tier=paid.
+     *                  If block, hard-block (never fall through).
+     *                  If absent/skip_key, continue to free tier.
+     *   3. FREE tier → token present and fresh → allow tier=free.
+     *                  Token missing → block with dual-path hint.
+     *
+     * FAIL-OPEN: any uncaught exception → allow with audit event_type=ship_confidence_error.
+     */
+    check(artifactId: string, options?: {
+        commandPreview?: string;
+        label?: string;
+    }): Promise<GateResult>;
+}
+export declare const __test: {
+    detectGenesisRoot: typeof detectGenesisRoot;
+    parseSignedAt: typeof parseSignedAt;
+    DEFAULT_AUDIT_PATH: string;
+    DEFAULT_AUDIT_DIR: string;
+};
+export declare function defaultAuditLogPath(): string;
+export {};
+//# sourceMappingURL=ship-confidence-gate.d.ts.map

package/dist/engine/ship-confidence-gate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ship-confidence-gate.d.ts","sourceRoot":"","sources":["../../src/engine/ship-confidence-gate.ts"],"names":[],"mappings":"AA+DA,eAAO,MAAM,SAAS,yBAAyB,CAAC;AAChD,eAAO,MAAM,YAAY,UAAU,CAAC;AACpC,eAAO,MAAM,SAAS,wCAAmC,CAAC;AAC1D,eAAO,MAAM,YAAY,QAAQ,CAAC;AAelC,MAAM,MAAM,YAAY,GAAG,OAAO,GAAG,OAAO,GAAG,QAAQ,GAAG,UAAU,CAAC;AAErE,MAAM,WAAW,YAAY;IAC3B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,uBAAuB,CAAC,EAAE,MAAM,CAAC;CAClC;AAED,MAAM,WAAW,UAAU;IACzB,4DAA4D;IAC5D,QAAQ,EAAE,OAAO,GAAG,OAAO,CAAC;IAC5B,yEAAyE;IACzE,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC;IAC7B,sCAAsC;IACtC,MAAM,EAAE,MAAM,CAAC;IACf,gDAAgD;IAChD,QAAQ,EAAE,YAAY,CAAC;IACvB,kDAAkD;IAClD,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,gCAAgC;IAChC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,gCAAgC;IAChC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,iCAAiC;IACjC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,2DAA2D;IAC3D,KAAK,EAAE,SAAS,CAAC;IACjB,8EAA8E;IAC9E,eAAe,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC;IACpC,+BAA+B;IAC/B,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED,MAAM,WAAW,SAAS;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,GAAG,EAAE,MAAM,CAAC;IACZ,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC;CAC/B;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,YAAY,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,YAAY,GAAG,IAAI,CAAC;CAC/B;AAED,MAAM,WAAW,WAAW;IAC1B,2FAA2F;IAC3F,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,sGAAsG;IACtG,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,sFAAsF;IACtF,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,sFAAsF;IACtF,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,0DAA0D;IAC1D,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,0CAA0C;IAC1C,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,qDAAqD;IACrD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,mCAAmC;IACnC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,yDAAyD;IACzD,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC;CACzB;AASD,mFAAmF;AACnF,wBAAgB,kBAAkB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAK7D;AAED;;;;GAIG;AACH,iBAAS,iBAAiB,CAAC,GAAG,EAAE,MAAM,CAAC,UAAU,GAAG,MAAM,CAUzD;AAYD,sEAAsE;AACtE,iBAAS,aAAa,CAAC,GAAG,EAAE,OAAO,GAAG,IAAI,GAAG,IAAI,CAYhD;AAKD,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IACpC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;IACrC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAS;IACvC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAS;IACvC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAW;IACzC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;IACzC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;IACrC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAS;IACtC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAoB;gBAE5B,IAAI,GAAE,WAAgB;IAkBlC;;;;;;;;;;;OAWG;IACG,kBAAkB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAuKtE;;;OAGG;IACG,iBAAiB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAgDnE,kDAAkD;IAC5C,YAAY,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAWpD,yEAAyE;IACzE,WAAW,CAAC,IAAI,EAAE;QAChB,UAAU,EAAE,MAAM,CAAC;QACnB,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC;QAC7B,GAAG,EAAE,MAAM,CAAC;QACZ,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,YAAY,CAAC,EAAE,MAAM,CAAC;KACvB,GAAG;QACF,QAAQ,EAAE,IAAI,CAAC;QACf,iBAAiB,EAAE,MAAM,CAAC;QAC1B,MAAM,EAAE,SAAS,CAAC;KACnB;IAuBD,yEAAyE;IACzE,WAAW,CAAC,IAAI,EAAE;QAChB,KAAK,EAAE,MAAM,CAAC;QACd,MAAM,EAAE,MAAM,CAAC;QACf,UAAU,EAAE,MAAM,CAAC;QACnB,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,YAAY,EAAE,MAAM,CAAC;KACtB,GAAG;QACF,QAAQ,EAAE,KAAK,CAAC;QAChB,QAAQ,EAAE,OAAO,CAAC;QAClB,MAAM,EAAE,MAAM,CAAC;QACf,UAAU,EAAE,MAAM,CAAC;QACnB,OAAO,EAAE,MAAM,CAAC;QAChB,MAAM,EAAE,SAAS,CAAC;KACnB;IAsCD;;;;OAIG;IACH,UAAU,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI;IAUhD,uDAAuD;IACvD,eAAe,IAAI,MAAM;IAOzB;;;;;;;;;;;;;;;OAeG;IACG,KAAK,CACT,UAAU,EAAE,MAAM,EAClB,OAAO,GAAE;QAAE,cAAc,CAAC,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAO,GACxD,OAAO,CAAC,UAAU,CAAC;CAqQvB;AAKD,eAAO,MAAM,MAAM;;;;;CAKlB,CAAC;AAGF,wBAAgB,mBAAmB,IAAI,MAAM,CAE5C"}