npm - @tenova/swt3-ai - Versions diffs - 0.5.0 → 0.5.2 - Mend

@tenova/swt3-ai 0.5.0 → 0.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (68) hide show

package/README.md +279 -2
package/dist/buffer.d.ts +7 -1
package/dist/buffer.d.ts.map +1 -1
package/dist/buffer.js +38 -3
package/dist/buffer.js.map +1 -1
package/dist/cli.d.ts +13 -0
package/dist/cli.d.ts.map +1 -0
package/dist/cli.js +202 -0
package/dist/cli.js.map +1 -0
package/dist/config.d.ts +18 -5
package/dist/config.d.ts.map +1 -1
package/dist/config.js +346 -42
package/dist/config.js.map +1 -1
package/dist/demo.d.ts +1 -1
package/dist/demo.d.ts.map +1 -1
package/dist/demo.js +88 -4
package/dist/demo.js.map +1 -1
package/dist/doctor.d.ts +20 -0
package/dist/doctor.d.ts.map +1 -0
package/dist/doctor.js +357 -0
package/dist/doctor.js.map +1 -0
package/dist/environment.d.ts +34 -0
package/dist/environment.d.ts.map +1 -0
package/dist/environment.js +99 -0
package/dist/environment.js.map +1 -0
package/dist/exporters/chain-monitor.d.ts +55 -0
package/dist/exporters/chain-monitor.d.ts.map +1 -0
package/dist/exporters/chain-monitor.js +172 -0
package/dist/exporters/chain-monitor.js.map +1 -0
package/dist/hardware.d.ts +96 -0
package/dist/hardware.d.ts.map +1 -0
package/dist/hardware.js +265 -0
package/dist/hardware.js.map +1 -0
package/dist/index.d.ts +19 -3
package/dist/index.d.ts.map +1 -1
package/dist/index.js +10 -2
package/dist/index.js.map +1 -1
package/dist/merkle.d.ts +107 -0
package/dist/merkle.d.ts.map +1 -0
package/dist/merkle.js +226 -0
package/dist/merkle.js.map +1 -0
package/dist/schema.d.ts +18 -0
package/dist/schema.d.ts.map +1 -0
package/dist/schema.js +255 -0
package/dist/schema.js.map +1 -0
package/dist/trust.d.ts +100 -0
package/dist/trust.d.ts.map +1 -0
package/dist/trust.js +222 -0
package/dist/trust.js.map +1 -0
package/dist/types.d.ts +167 -11
package/dist/types.d.ts.map +1 -1
package/dist/types.js +42 -1
package/dist/types.js.map +1 -1
package/dist/wal.d.ts +69 -0
package/dist/wal.d.ts.map +1 -0
package/dist/wal.js +223 -0
package/dist/wal.js.map +1 -0
package/dist/witness.d.ts +293 -1
package/dist/witness.d.ts.map +1 -1
package/dist/witness.js +1234 -5
package/dist/witness.js.map +1 -1
package/package.json +4 -2
package/templates/eu-ai-act-high-risk.yaml +56 -0
package/templates/granite-sovereign.yaml +55 -0
package/templates/minimal.yaml +38 -0
package/templates/mythos-defense.yaml +65 -0
package/templates/nist-ai-rmf.yaml +47 -0
package/templates/owasp-agentic-top10.yaml +50 -0

package/README.md CHANGED Viewed

@@ -3,6 +3,7 @@ Witness your AI. Prove it followed the rules. Cryptographic accountability for e
 [![npm](https://img.shields.io/npm/v/@tenova/swt3-ai)](https://www.npmjs.com/package/@tenova/swt3-ai)
 [![Downloads](https://img.shields.io/npm/dm/@tenova/swt3-ai)](https://www.npmjs.com/package/@tenova/swt3-ai)
 [![License](https://img.shields.io/badge/license-Apache%202.0-blue.svg)](https://github.com/tenova-labs/swt3-ai/blob/main/LICENSE)
+[![MCP Registry](https://img.shields.io/badge/MCP_Registry-io.tenova%2Fswt3--witness-blue)](https://www.npmjs.com/package/@tenova/swt3-mcp)
 # @tenova/swt3-ai
@@ -12,6 +13,72 @@ Works with OpenAI, Anthropic, AWS Bedrock, Vercel AI SDK, and any OpenAI-compati
 GPAI transparency obligations are enforceable now. EU AI Act high-risk enforcement begins **December 2, 2027**. This SDK gives you the evidence chain.
+## MCP Server -- Official Registry
+`@tenova/swt3-mcp` is listed on the official Model Context Protocol Registry as `io.tenova/swt3-witness`. Zero-config compliance governance for Claude Code, Cursor, Windsurf, and any MCP-compatible host.
+```json
+{
+  "mcpServers": {
+    "swt3-witness": {
+      "command": "npx",
+      "args": ["@tenova/swt3-mcp"]
+    }
+  }
+}
+```
+Every tool call your agent makes is witnessed, Merkle-accumulated, and trust-evaluated. No code changes required. [Quick Start](https://www.npmjs.com/package/@tenova/swt3-mcp)
+## Secure Agent-to-Agent Communication
+The SWT3 Trust Mesh enables mutual cryptographic verification between AI agents before they exchange data, invoke tools, or share context. When you adopt SWT3, every partner, vendor, and downstream agent that wants to interact with yours must adopt it too. Compliance becomes the connection protocol. Every agent in the mesh strengthens the network.
+**You run Agent A. Your partner runs Agent B. Both install @tenova/swt3-ai:**
+```typescript
+// === Your side (Agent A) ===
+const witnessA = new Witness({
+  endpoint: "...", apiKey: "axm_...", tenantId: "YOUR_TENANT",
+  agentId: "agent-alpha", signingKey: "swt3_sk_your_key",
+});
+witnessA.trustRegistry.trustTenant("PARTNER_B_TENANT");
+witnessA.trustRegistry.registerSigningKey("agent-beta", process.env.PARTNER_B_KEY!);
+// === Partner's side (Agent B) ===
+const witnessB = new Witness({
+  endpoint: "...", apiKey: "axm_...", tenantId: "PARTNER_B_TENANT",
+  agentId: "agent-beta", signingKey: "swt3_sk_partner_key",
+});
+witnessB.trustRegistry.trustTenant("YOUR_TENANT");
+witnessB.trustRegistry.registerSigningKey("agent-alpha", process.env.YOUR_KEY!);
+// === Handshake (both directions) ===
+const credA = witnessA.presentCredential();
+const resultB = witnessB.verifyTrust(credA);       // B verifies A
+if (resultB.granted) {
+  const credB = witnessB.presentCredential();
+  const resultA = witnessA.verifyTrust(credB);      // A verifies B
+  if (resultA.granted) {
+    // Bidirectional trust established. Exchange data.
+  }
+}
+```
+Configure trust boundaries declaratively in `.swt3.yaml`:
+```yaml
+trust_mesh:
+  mode: strict
+  min_trust_level: 2
+  require_signature: true
+  freshness_window: 3600
+  trusted_tenants: ["PARTNER_B_TENANT"]
+  deny_agents: ["revoked-agent-id"]
+```
+All verification is local. Zero cloud overhead. No data exchanged until both agents clear the trust gate. Unsigned agents are capped at TRUST_BASIC (level 1). Add signing keys for verified trust. Add hardware attestation for sovereign trust.
 ## See It Work (No Account Needed)
 ```bash
@@ -216,6 +283,55 @@ witness.witnessQuantization("gptq", { bits: 4, groupSize: 128 });
 Maps to: EU AI Act Art. 15(4) (resilience against modification), Art. 12(2)(b) (version logging).
+## TPM Platform Attestation (AI-HW.3)
+Prove host firmware integrity via TPM 2.0. Reads PCR registers 0-7 and mints a hardware root-of-trust anchor. All raw values are SHA-256 hashed before leaving the module:
+```typescript
+// Auto-detect: reads /dev/tpm0 via tpm2-tools
+witness.witnessTPMAttestation();
+// Or provide a pre-computed snapshot
+import { queryTPM } from "@tenova/swt3-ai";
+const snapshot = queryTPM();
+witness.witnessTPMAttestation({ snapshot });
+```
+If no TPM is available (cloud VM, dev machine), returns a valid anchor with factor_a=0. No crash, no error. Graceful degradation by design.
+Use case: sovereign/air-gapped deployments where you must prove the host was not tampered with. Combined with AI-HW.1 (GPU inventory), gives full hardware root-of-trust from silicon to model.
+Maps to: NIST 800-53 SC-12 (cryptographic key establishment). Patent pending.
+## Environmental Attestation (Residential and Edge AI)
+Witness the physical compute environment for distributed, edge-deployed, or residential AI nodes. Proves the hardware operated within safe thermal and power bounds during inference:
+```typescript
+// Zero-config: auto-detects Linux thermal sensors
+witness.witnessEnvironment();
+// Manual readings from smart panel APIs or IPMI
+witness.witnessEnvironment({
+  temperatureCelsius: 42,
+  thresholdCelsius: 75,
+  nodeType: "residential",
+});
+// Power integrity: draw vs capacity
+witness.witnessEnergyDraw({
+  powerWatts: 1200,
+  capacityWatts: 2400,
+  nodeType: "edge",
+});
+```
+If no sensors are available (dev machine, cloud VM), returns a valid anchor with zero readings. No crash, no error.
+Use case: enterprises renting compute on distributed residential nodes need cryptographic proof that the node was operating within safe bounds, was not throttled, and was not physically tampered with during their inference window.
+Maps to: NIST 800-53 PE-14 (environmental controls), EU AI Act Annex I (product safety for home-integrated AI).
 ## Skill Manifest Attestation
 Witness which skills, tools, and plugins are loaded in your agent:
@@ -291,6 +407,146 @@ The `agentId` survives all clearing levels. The `signingKey` produces an HMAC-SH
 Receipts include `signature_verified: true` when the server confirms the signature.
+## Trust Mesh (Mutual Agent Verification)
+Before two agents exchange data or invoke each other's tools, each verifies the other's compliance posture. No anchor, no handshake.
+```typescript
+// Agent A: present a signed credential
+const credentialA = witnessA.presentCredential();
+// Send credentialA to Agent B over your transport layer
+// Agent B: verify Agent A's credential
+witnessB.trustRegistry.trustTenant("TENANT_A");
+witnessB.trustRegistry.registerSigningKey("agent-alpha", "shared-secret-a");
+const result = witnessB.verifyTrust(credentialA);
+if (result.granted) {
+  // Trust level: 1=basic, 2=verified, 3=attested, 4=sovereign
+  console.log(`Trusted at level ${result.trustLevel}`);
+} else {
+  console.log(`Denied: ${result.denialReason}`);
+}
+```
+**Trust levels:**
+| Level | Name | Requires |
+|-------|------|----------|
+| 1 | Basic | Valid credential, unsigned or unverifiable |
+| 2 | Verified | Valid credential + verified HMAC signature |
+| 3 | Attested | Verified + hardware attestation + guardrails |
+| 4 | Sovereign | Attested + clearing level >= 2 |
+Unsigned credentials are automatically capped at TRUST_BASIC. You cannot claim a higher trust level without a verified signature.
+**Key exchange:** Exchange signing keys out-of-band (environment variables, secrets manager, KMS). Never send keys over the wire alongside credentials. Each agent registers the counterpart's key:
+```typescript
+// Agent A registers B's key, B registers A's key
+witnessA.trustRegistry.registerSigningKey("agent-beta", process.env.AGENT_B_KEY!);
+witnessB.trustRegistry.registerSigningKey("agent-alpha", process.env.AGENT_A_KEY!);
+```
+**Zero-friction path:** Trust mesh works without signing keys. Agents without keys get TRUST_BASIC (level 1), which is sufficient for non-sensitive coordination. Add keys when you need verified or attested trust.
+**Credential auto-population:** `presentCredential()` automatically includes which procedures the agent has witnessed and whether hardware attestation (AI-HW.1 or AI-HW.3) has been performed. No manual tracking needed.
+Every verification (pass or fail) mints AI-TRUST.1 + AI-TRUST.2 anchors. Denials produce evidence too.
+Maps to: EU AI Act Art. 14 (human oversight and mutual accountability between AI systems).
+## Policy-as-Code (swt3.yaml)
+New in v0.5.2. Define your entire witnessing policy in a YAML file instead of passing 25+ constructor parameters:
+```bash
+npx swt3 init          # interactive profile picker
+npx swt3 init --profile eu-ai-act-high-risk --tenant ACME
+```
+This generates a `swt3.yaml` file. Then load it:
+```typescript
+const witness = Witness.fromConfig();              // auto-finds swt3.yaml
+const witness = Witness.fromConfig("prod.yaml");   // explicit path
+```
+### File Composition (extends)
+Layer configs for environment-specific overrides:
+```yaml
+# prod.yaml
+extends: base.yaml
+clearing_level: 2
+signing_key_env: SWT3_SIGNING_KEY
+```
+Supports single files or chains (`extends: [base.yaml, team.yaml]`). Merge order: extends < profile < explicit config. Cycle detection and depth limit (10) built in.
+### Built-in Profiles
+Three profiles ship with the SDK:
+| Profile | Use Case |
+|---------|----------|
+| `eu-ai-act-high-risk` | EU AI Act high-risk: clearing 2, signing required, jurisdiction required |
+| `nist-ai-rmf` | NIST AI RMF: full procedure coverage, moderate policy |
+| `minimal` | Development: clearing 0, no policy enforcement |
+### Diagnostics
+```bash
+npx swt3 doctor        # 8 checks: YAML, env vars, profile, extends, sections
+npx swt3 doctor --json  # machine-readable for CI/CD
+```
+### Schema Validation
+Validate config files programmatically:
+```typescript
+import { validateSchema } from "@tenova/swt3-ai";
+const result = validateSchema(parsedYaml);
+if (!result.valid) {
+  console.error(result.errors);
+}
+```
+## Merkle Accumulator (Session-Level Integrity)
+New in v0.5.2. Compute Merkle roots over batches of anchors for tamper-evident session integrity:
+```typescript
+import { MerkleAccumulator, verifyMerkleProof } from "@tenova/swt3-ai";
+const acc = new MerkleAccumulator({ tenantId: "ACME" });
+// Accumulate fingerprints as anchors are minted
+acc.add("abc123def456");
+acc.add("789012345678");
+// Compute session root (persisted to JSONL automatically)
+const session = acc.flush();
+console.log(session.root);  // 64-char hex Merkle root
+// Generate an inclusion proof for any fingerprint
+const proof = acc.prove("abc123def456");
+console.log(verifyMerkleProof("abc123def456", proof));  // true
+```
+Enable via config:
+```yaml
+merkle:
+  enabled: true
+  accumulator_interval: 0  # 0 = compute on every flush
+```
+Cross-language parity with Python SDK. Domain-separated (SWT3:LEAF: / SWT3:NODE:) to prevent second-preimage attacks.
 ## Gatekeeper Mode (Pre-Call Enforcement)
 New in v0.3.4. Require guardrails to be active *before* the model is called, not just observed after:
@@ -378,7 +634,7 @@ Each inference produces anchors for these checks. Every check maps to a regulati
 ### EU AI Act Article Mapping
-All 42 SWT3 AI witnessing procedures map to specific EU AI Act obligations:
+All 43 SWT3 AI witnessing procedures map to specific EU AI Act obligations:
 | Procedure | EU AI Act Article | Obligation | Demo | Production |
 |-----------|-------------------|------------|------|------------|
@@ -395,7 +651,7 @@ All 42 SWT3 AI witnessing procedures map to specific EU AI Act obligations:
 | AI-EXPL.1 | Art. 13(1) | Transparency & Explainability | -| ✓ |
 | AI-EXPL.2 | Art. 13(3b) | Confidence Calibration | -| ✓ |
-The demo demonstrates 5 procedures using simulated data. All 42 are available in production with real inference data. 36 cross-language test vectors ensure fingerprint parity across Python, TypeScript, Rust, C#, and Ruby. [See live conformity →](https://sovereign.tenova.io/audit/axm_audit_demo_eu_ai_act_public)
+The demo demonstrates 5 procedures using simulated data. All 43 are available in production with real inference data. 38 cross-language test vectors ensure fingerprint parity across Python, TypeScript, Rust, C#, and Ruby. [See live conformity →](https://sovereign.tenova.io/audit/axm_audit_demo_eu_ai_act_public)
 ## How Verdicts Work
@@ -640,6 +896,24 @@ Your prompts and responses **never leave your infrastructure**. The SDK computes
 ---
+## Upgrading to v0.5.2
+**Policy-as-Code (new):** `swt3 init`, `swt3 doctor`, `extends:` composition, profile templates, YAML schema validator. No breaking changes.
+**Merkle Accumulator (new):** `MerkleAccumulator` class for session-level integrity proofs. `merkle:` config section. No breaking changes.
+**Trust Mesh (v0.5.0):** `presentCredential()` and `verifyTrust()`. No breaking changes for existing code.
+**Credential signing (behavioral change):** If your Witness has a `signingKey`, credentials are now HMAC-signed automatically. Counterpart agents must register your key via `trustRegistry.registerSigningKey()` to verify the signature. Without key registration, signed credentials are denied with `signature_unverifiable`.
+**TPM attestation (v0.5.2):** `witnessTPMAttestation()` for AI-HW.3. Reads PCR registers via tpm2-tools. Graceful degradation without TPM. No breaking changes.
+**Environmental attestation (v0.5.0):** `witnessEnvironment()` and `witnessEnergyDraw()` for AI-ENV.1/AI-ENV.2. No breaking changes.
+**MCP server:** 16 procedure keyword suggestions (was 8). MCP policy section in swt3.yaml. No breaking changes.
+---
 ## Documentation
 - [SDK Reference](https://sovereign.tenova.io/docs/) -- full API, all providers, clearing levels, configuration
@@ -649,6 +923,9 @@ Your prompts and responses **never leave your infrastructure**. The SDK computes
 - [UCT Registry](https://sovereign.tenova.io/registry) -- 162 procedures, full factor definitions
 - [Anchor Verifier](https://sovereign.tenova.io/verify) -- verify any anchor, zero server calls
 - [EU AI Act Regulatory Architecture](https://sovereign.tenova.io/guides/futurium-submission.html) -- VI+CJT+ALF+LAVR framework mapping for conformity assessment bodies
+- [Five Eyes Agentic AI Overlay](https://sovereign.tenova.io/guides/five-eyes-overlay.html) -- CISA/NSA guidance mapped to SWT3 procedures
+- [CMMC Compliance Overlay](https://sovereign.tenova.io/guides/cmmc-overlay.html) -- clearing levels mapped to CMMC and NIST 800-171
+- [SR 11-7 Model Risk Overlay](https://sovereign.tenova.io/guides/sr-11-7-overlay.html) -- clearing levels mapped to SR 11-7 requirements
 ---

package/dist/buffer.d.ts CHANGED Viewed

@@ -10,6 +10,7 @@
  * prevents unbounded memory growth.
  */
 import type { WitnessConfig, WitnessPayload, WitnessReceipt } from "./types.js";
+import type { WriteAheadLog } from "./wal.js";
 export declare class WitnessBuffer {
     private config;
     private queue;
@@ -20,8 +21,13 @@ export declare class WitnessBuffer {
     private stopped;
     private consecutiveFailures;
     private ctaShown;
+    private tokenAccumulator;
     private onFlush?;
-    constructor(config: WitnessConfig, maxRetryBuffer?: number);
+    private wal;
+    private walSeqMap;
+    constructor(config: WitnessConfig, maxRetryBuffer?: number, wal?: WriteAheadLog);
+    /** Cumulative tokens accumulated since last flush (for token_budget monitoring). */
+    get tokensSinceFlush(): number;
     /** Add a single payload to the buffer. */
     enqueue(payload: WitnessPayload): void;
     /** Add multiple payloads. */

package/dist/buffer.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"buffer.d.ts","sourceRoot":"","sources":["../src/buffer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,cAAc,EAAE,cAAc,EAAiB,MAAM,YAAY,CAAC;~~AAI~~/F,qBAAa,aAAa;IACxB,OAAO,CAAC,MAAM,CAAgB;IAC9B,OAAO,CAAC,KAAK,CAAwB;IACrC,OAAO,CAAC,UAAU,CAAwB;IAC1C,OAAO,CAAC,cAAc,CAAS;IAC/B,OAAO,CAAC,WAAW,CAAwB;IAC3C,OAAO,CAAC,KAAK,CAA8C;IAC3D,OAAO,CAAC,OAAO,CAAS;IACxB,OAAO,CAAC,mBAAmB,CAAK;IAChC,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,OAAO,CAAC,CAAmE;~~gBAEvE~~,MAAM,EAAE,aAAa,EAAE,cAAc,SAA2B;~~IAO5E~~,0CAA0C;IAC1C,OAAO,CAAC,OAAO,EAAE,cAAc,GAAG,IAAI;~~IAQtC~~,6BAA6B;IAC7B,WAAW,CAAC,QAAQ,EAAE,cAAc,EAAE,GAAG,IAAI;IAI7C,yCAAyC;IACnC,KAAK,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;IAIxC,oDAAoD;IAC9C,IAAI,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;IAgBvC,yDAAyD;IACzD,IAAI,OAAO,IAAI,MAAM,CAEpB;IAED,oDAAoD;IACpD,IAAI,eAAe,IAAI,MAAM,CAE5B;IAED,2CAA2C;IAC3C,IAAI,QAAQ,IAAI,cAAc,EAAE,CAE/B;IAED,OAAO,CAAC,UAAU;YAYJ,aAAa;~~YAWb~~,SAAS;~~CAmGxB~~"}
1	+ {"version":3,"file":"buffer.d.ts","sourceRoot":"","sources":["../src/buffer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,cAAc,EAAE,cAAc,EAAiB,MAAM,YAAY,CAAC;AAC/F,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAI9C,qBAAa,aAAa;IACxB,OAAO,CAAC,MAAM,CAAgB;IAC9B,OAAO,CAAC,KAAK,CAAwB;IACrC,OAAO,CAAC,UAAU,CAAwB;IAC1C,OAAO,CAAC,cAAc,CAAS;IAC/B,OAAO,CAAC,WAAW,CAAwB;IAC3C,OAAO,CAAC,KAAK,CAA8C;IAC3D,OAAO,CAAC,OAAO,CAAS;IACxB,OAAO,CAAC,mBAAmB,CAAK;IAChC,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,gBAAgB,CAAK;IAC7B,OAAO,CAAC,OAAO,CAAC,CAAmE;IACnF,OAAO,CAAC,GAAG,CAA8B;IACzC,OAAO,CAAC,SAAS,CAA0C;gBAE/C,MAAM,EAAE,aAAa,EAAE,cAAc,SAA2B,EAAE,GAAG,CAAC,EAAE,aAAa;IAQjG,oFAAoF;IACpF,IAAI,gBAAgB,IAAI,MAAM,CAE7B;IAED,0CAA0C;IAC1C,OAAO,CAAC,OAAO,EAAE,cAAc,GAAG,IAAI;IAuBtC,6BAA6B;IAC7B,WAAW,CAAC,QAAQ,EAAE,cAAc,EAAE,GAAG,IAAI;IAI7C,yCAAyC;IACnC,KAAK,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;IAIxC,oDAAoD;IAC9C,IAAI,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;IAgBvC,yDAAyD;IACzD,IAAI,OAAO,IAAI,MAAM,CAEpB;IAED,oDAAoD;IACpD,IAAI,eAAe,IAAI,MAAM,CAE5B;IAED,2CAA2C;IAC3C,IAAI,QAAQ,IAAI,cAAc,EAAE,CAE/B;IAED,OAAO,CAAC,UAAU;YAYJ,aAAa;YAYb,SAAS;CA8GxB"}

package/dist/buffer.js CHANGED Viewed

@@ -20,19 +20,41 @@ export class WitnessBuffer {
     stopped = false;
     consecutiveFailures = 0;
     ctaShown = false;
+    tokenAccumulator = 0;
     onFlush;
-    constructor(config, maxRetryBuffer = DEFAULT_MAX_RETRY_BUFFER) {
+    wal = null;
+    walSeqMap = new Map();
+    constructor(config, maxRetryBuffer = DEFAULT_MAX_RETRY_BUFFER, wal) {
         this.config = config;
         this.maxRetryBuffer = maxRetryBuffer;
         this.onFlush = config.onFlush;
+        this.wal = wal ?? null;
         this.startTimer();
     }
+    /** Cumulative tokens accumulated since last flush (for token_budget monitoring). */
+    get tokensSinceFlush() {
+        return this.tokenAccumulator;
+    }
     /** Add a single payload to the buffer. */
     enqueue(payload) {
         if (this.stopped)
             return;
+        // WAL: replay protection (reject duplicates) + persist to disk
+        if (this.wal) {
+            const seq = this.wal.append(payload);
+            if (seq === -1) {
+                // Duplicate fingerprint -- silently skip
+                return;
+            }
+            this.walSeqMap.set(payload, seq);
+        }
+        // Track token accumulation for tokenBudget flush trigger
+        const tokens = (payload.ai_input_tokens ?? 0) + (payload.ai_output_tokens ?? 0);
+        if (tokens > 0)
+            this.tokenAccumulator += tokens;
         this.queue.push(payload);
-        if (this.queue.length >= this.config.bufferSize) {
+        const tokenBudgetHit = this.config.tokenBudget != null && this.tokenAccumulator >= this.config.tokenBudget;
+        if (this.queue.length >= this.config.bufferSize || tokenBudgetHit) {
             this.flushInternal();
         }
     }
@@ -89,6 +111,7 @@ export class WitnessBuffer {
         const payloads = [...this.deadLetter, ...this.queue];
         this.deadLetter = [];
         this.queue = [];
+        this.tokenAccumulator = 0;
         if (payloads.length === 0)
             return [];
         return this.sendBatch(payloads);
@@ -118,7 +141,7 @@ export class WitnessBuffer {
                     // Client error — don't retry, don't dead-letter
                     const text = await resp.text();
                     // Scrub any key material that might appear in error response body
-                    const safe = text.replace(/(?:Bearer|Authorization|api[_-]?key|signing[_-]?key)[^\s,;"]*/gi, "[REDACTED]");
+                    const safe = text.replace(/(?:Bearer|Authorization|api[_-]?key|signing[_-]?key)\s*[^\s,;"]{4,}/gi, "[REDACTED]");
                     console.error(`[swt3-ai] Batch flush failed (${resp.status}): ${safe.slice(0, 200)}`);
                     return [];
                 }
@@ -126,6 +149,18 @@ export class WitnessBuffer {
                 const receipts = result.receipts ?? [];
                 this.allReceipts.push(...receipts);
                 this.consecutiveFailures = 0;
+                // WAL: mark flushed entries
+                if (this.wal) {
+                    let maxSeq = 0;
+                    for (const p of payloads) {
+                        const s = this.walSeqMap.get(p);
+                        if (s !== undefined && s > maxSeq)
+                            maxSeq = s;
+                        this.walSeqMap.delete(p);
+                    }
+                    if (maxSeq > 0)
+                        this.wal.markFlushed(maxSeq);
+                }
                 if (result.rejected > 0) {
                     console.warn(`[swt3-ai] Batch flush: ${result.accepted} accepted, ${result.rejected} rejected`);
                 }

package/dist/buffer.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"buffer.js","sourceRoot":"","sources":["../src/buffer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;~~AAIH~~,MAAM,wBAAwB,GAAG,IAAI,CAAC;AAEtC,MAAM,OAAO,aAAa;IAChB,MAAM,CAAgB;IACtB,KAAK,GAAqB,EAAE,CAAC;IAC7B,UAAU,GAAqB,EAAE,CAAC;IAClC,cAAc,CAAS;IACvB,WAAW,GAAqB,EAAE,CAAC;IACnC,KAAK,GAAyC,IAAI,CAAC;IACnD,OAAO,GAAG,KAAK,CAAC;IAChB,mBAAmB,GAAG,CAAC,CAAC;IACxB,QAAQ,GAAG,KAAK,CAAC;IACjB,OAAO,CAAoE;~~IAEnF~~,YAAY,MAAqB,EAAE,cAAc,GAAG,wBAAwB;~~QAC1E~~,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,cAAc,GAAG,cAAc,CAAC;QACrC,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;QAC9B,IAAI,CAAC,UAAU,EAAE,CAAC;IACpB,CAAC;IAED,0CAA0C;IAC1C,OAAO,CAAC,OAAuB;QAC7B,IAAI,IAAI,CAAC,OAAO;YAAE,OAAO;~~QACzB~~,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACzB,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;~~YAChD~~,IAAI,CAAC,aAAa,EAAE,CAAC;QACvB,CAAC;IACH,CAAC;IAED,6BAA6B;IAC7B,WAAW,CAAC,QAA0B;QACpC,KAAK,MAAM,CAAC,IAAI,QAAQ;YAAE,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IAC5C,CAAC;IAED,yCAAyC;IACzC,KAAK,CAAC,KAAK;QACT,OAAO,IAAI,CAAC,aAAa,EAAE,CAAC;IAC9B,CAAC;IAED,oDAAoD;IACpD,KAAK,CAAC,IAAI;QACR,IAAI,IAAI,CAAC,OAAO;YAAE,OAAO,EAAE,CAAC;QAC5B,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;QACpB,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACzB,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;QACpB,CAAC;QACD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;QAC5C,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC/B,OAAO,CAAC,IAAI,CACV,iCAAiC,IAAI,CAAC,UAAU,CAAC,MAAM,gCAAgC,CACxF,CAAC;QACJ,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,yDAAyD;IACzD,IAAI,OAAO;QACT,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC;IACpD,CAAC;IAED,oDAAoD;IACpD,IAAI,eAAe;QACjB,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC;IAChC,CAAC;IAED,2CAA2C;IAC3C,IAAI,QAAQ;QACV,OAAO,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,CAAC;IAC/B,CAAC;IAEO,UAAU;QAChB,IAAI,IAAI,CAAC,OAAO;YAAE,OAAO;QACzB,IAAI,CAAC,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;YAC3B,IAAI,CAAC,aAAa,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;YACrC,IAAI,CAAC,UAAU,EAAE,CAAC;QACpB,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,aAAa,GAAG,IAAI,CAAC,CAAC;QACrC,oDAAoD;QACpD,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,IAAI,OAAO,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC3D,IAAI,CAAC,KAAwB,CAAC,KAAK,EAAE,CAAC;QACzC,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,aAAa;QACzB,cAAc;QACd,MAAM,QAAQ,GAAG,CAAC,GAAG,IAAI,CAAC,UAAU,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;QACrD,IAAI,CAAC,UAAU,GAAG,EAAE,CAAC;QACrB,IAAI,CAAC,KAAK,GAAG,EAAE,CAAC;~~QAEhB~~,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,EAAE,CAAC;QAErC,OAAO,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;IAClC,CAAC;IAEO,KAAK,CAAC,SAAS,CAAC,QAA0B;QAChD,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,EAAE,CAAC;QAErC,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,uBAAuB,CAAC;QAC3D,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,CAAC;QACrD,MAAM,OAAO,GAA2B;YACtC,cAAc,EAAE,kBAAkB;YAClC,aAAa,EAAE,UAAU,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE;SAC9C,CAAC;QAEF,IAAI,SAAS,GAAkB,IAAI,CAAC;QAEpC,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,OAAO,EAAE,EAAE,CAAC;YAClE,IAAI,CAAC;gBACH,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;gBACzC,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;gBAE5E,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;oBAC5B,MAAM,EAAE,MAAM;oBACd,OAAO;oBACP,IAAI;oBACJ,MAAM,EAAE,UAAU,CAAC,MAAM;iBAC1B,CAAC,CAAC;gBAEH,YAAY,CAAC,SAAS,CAAC,CAAC;gBAExB,IAAI,IAAI,CAAC,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;oBAC5C,gDAAgD;oBAChD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;oBAC/B,kEAAkE;oBAClE,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,~~iEAAiE~~,EAAE,YAAY,CAAC,CAAC;~~oBAC3G~~,OAAO,CAAC,KAAK,CAAC,iCAAiC,IAAI,CAAC,MAAM,MAAM,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;oBACtF,OAAO,EAAE,CAAC;gBACZ,CAAC;gBAED,MAAM,MAAM,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,EAAE,CAAkB,CAAC;gBAEpD,MAAM,QAAQ,GAAqB,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAC;gBACzD,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,CAAC;gBACnC,IAAI,CAAC,mBAAmB,GAAG,CAAC,CAAC;gBAE7B,IAAI,MAAM,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;oBACxB,OAAO,CAAC,IAAI,CACV,0BAA0B,MAAM,CAAC,QAAQ,cAAc,MAAM,CAAC,QAAQ,WAAW,CAClF,CAAC;gBACJ,CAAC;gBAED,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;oBACjD,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC;oBACrB,OAAO,CAAC,IAAI,CACV,cAAc,MAAM,CAAC,QAAQ,yBAAyB,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE;wBAC5E,wFAAwF;wBACxF,2FAA2F,CAC5F,CAAC;gBACJ,CAAC;gBAED,0EAA0E;gBAC1E,IAAI,IAAI,CAAC,OAAO,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACxC,IAAI,CAAC;wBACH,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;oBACnC,CAAC;oBAAC,OAAO,KAAK,EAAE,CAAC;wBACf,OAAO,CAAC,IAAI,CAAC,+CAA+C,EAAE,KAAK,CAAC,CAAC;oBACvE,CAAC;gBACH,CAAC;gBAED,OAAO,QAAQ,CAAC;YAClB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,SAAS,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBAC7D,OAAO,CAAC,IAAI,CACV,iCAAiC,OAAO,GAAG,CAAC,YAAY,SAAS,EAAE,CACpE,CAAC;gBAEF,kCAAkC;gBAClC,IAAI,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,UAAU,GAAG,CAAC,EAAE,CAAC;oBACzC,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC,IAAI,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC;gBAC/D,CAAC;YACH,CAAC;QACH,CAAC;QAED,oDAAoD;QACpD,IAAI,CAAC,mBAAmB,EAAE,CAAC;QAC3B,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC;QACtC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,CAAC;QAElC,4BAA4B;QAC5B,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;YACjD,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC;YAC7D,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACjD,OAAO,CAAC,KAAK,CACX,qCAAqC,OAAO,kCAAkC,IAAI,CAAC,cAAc,GAAG,CACrG,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,IAAI,CACV,oCAAoC,QAAQ,CAAC,MAAM,0CAA0C,IAAI,CAAC,UAAU,CAAC,MAAM,aAAa,SAAS,EAAE,CAC5I,CAAC;QACJ,CAAC;QAED,OAAO,EAAE,CAAC;IACZ,CAAC;CACF"}
1	+ {"version":3,"file":"buffer.js","sourceRoot":"","sources":["../src/buffer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAKH,MAAM,wBAAwB,GAAG,IAAI,CAAC;AAEtC,MAAM,OAAO,aAAa;IAChB,MAAM,CAAgB;IACtB,KAAK,GAAqB,EAAE,CAAC;IAC7B,UAAU,GAAqB,EAAE,CAAC;IAClC,cAAc,CAAS;IACvB,WAAW,GAAqB,EAAE,CAAC;IACnC,KAAK,GAAyC,IAAI,CAAC;IACnD,OAAO,GAAG,KAAK,CAAC;IAChB,mBAAmB,GAAG,CAAC,CAAC;IACxB,QAAQ,GAAG,KAAK,CAAC;IACjB,gBAAgB,GAAG,CAAC,CAAC;IACrB,OAAO,CAAoE;IAC3E,GAAG,GAAyB,IAAI,CAAC;IACjC,SAAS,GAAgC,IAAI,GAAG,EAAE,CAAC;IAE3D,YAAY,MAAqB,EAAE,cAAc,GAAG,wBAAwB,EAAE,GAAmB;QAC/F,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,cAAc,GAAG,cAAc,CAAC;QACrC,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;QAC9B,IAAI,CAAC,GAAG,GAAG,GAAG,IAAI,IAAI,CAAC;QACvB,IAAI,CAAC,UAAU,EAAE,CAAC;IACpB,CAAC;IAED,oFAAoF;IACpF,IAAI,gBAAgB;QAClB,OAAO,IAAI,CAAC,gBAAgB,CAAC;IAC/B,CAAC;IAED,0CAA0C;IAC1C,OAAO,CAAC,OAAuB;QAC7B,IAAI,IAAI,CAAC,OAAO;YAAE,OAAO;QAEzB,+DAA+D;QAC/D,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;YACb,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YACrC,IAAI,GAAG,KAAK,CAAC,CAAC,EAAE,CAAC;gBACf,yCAAyC;gBACzC,OAAO;YACT,CAAC;YACD,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QACnC,CAAC;QAED,yDAAyD;QACzD,MAAM,MAAM,GAAG,CAAC,OAAO,CAAC,eAAe,IAAI,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,gBAAgB,IAAI,CAAC,CAAC,CAAC;QAChF,IAAI,MAAM,GAAG,CAAC;YAAE,IAAI,CAAC,gBAAgB,IAAI,MAAM,CAAC;QAChD,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACzB,MAAM,cAAc,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,IAAI,IAAI,IAAI,CAAC,gBAAgB,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC;QAC3G,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,cAAc,EAAE,CAAC;YAClE,IAAI,CAAC,aAAa,EAAE,CAAC;QACvB,CAAC;IACH,CAAC;IAED,6BAA6B;IAC7B,WAAW,CAAC,QAA0B;QACpC,KAAK,MAAM,CAAC,IAAI,QAAQ;YAAE,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IAC5C,CAAC;IAED,yCAAyC;IACzC,KAAK,CAAC,KAAK;QACT,OAAO,IAAI,CAAC,aAAa,EAAE,CAAC;IAC9B,CAAC;IAED,oDAAoD;IACpD,KAAK,CAAC,IAAI;QACR,IAAI,IAAI,CAAC,OAAO;YAAE,OAAO,EAAE,CAAC;QAC5B,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;QACpB,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACzB,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;QACpB,CAAC;QACD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;QAC5C,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC/B,OAAO,CAAC,IAAI,CACV,iCAAiC,IAAI,CAAC,UAAU,CAAC,MAAM,gCAAgC,CACxF,CAAC;QACJ,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,yDAAyD;IACzD,IAAI,OAAO;QACT,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC;IACpD,CAAC;IAED,oDAAoD;IACpD,IAAI,eAAe;QACjB,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC;IAChC,CAAC;IAED,2CAA2C;IAC3C,IAAI,QAAQ;QACV,OAAO,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,CAAC;IAC/B,CAAC;IAEO,UAAU;QAChB,IAAI,IAAI,CAAC,OAAO;YAAE,OAAO;QACzB,IAAI,CAAC,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;YAC3B,IAAI,CAAC,aAAa,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;YACrC,IAAI,CAAC,UAAU,EAAE,CAAC;QACpB,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,aAAa,GAAG,IAAI,CAAC,CAAC;QACrC,oDAAoD;QACpD,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,IAAI,OAAO,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC3D,IAAI,CAAC,KAAwB,CAAC,KAAK,EAAE,CAAC;QACzC,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,aAAa;QACzB,cAAc;QACd,MAAM,QAAQ,GAAG,CAAC,GAAG,IAAI,CAAC,UAAU,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;QACrD,IAAI,CAAC,UAAU,GAAG,EAAE,CAAC;QACrB,IAAI,CAAC,KAAK,GAAG,EAAE,CAAC;QAChB,IAAI,CAAC,gBAAgB,GAAG,CAAC,CAAC;QAE1B,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,EAAE,CAAC;QAErC,OAAO,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;IAClC,CAAC;IAEO,KAAK,CAAC,SAAS,CAAC,QAA0B;QAChD,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,EAAE,CAAC;QAErC,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,uBAAuB,CAAC;QAC3D,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,CAAC;QACrD,MAAM,OAAO,GAA2B;YACtC,cAAc,EAAE,kBAAkB;YAClC,aAAa,EAAE,UAAU,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE;SAC9C,CAAC;QAEF,IAAI,SAAS,GAAkB,IAAI,CAAC;QAEpC,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,OAAO,EAAE,EAAE,CAAC;YAClE,IAAI,CAAC;gBACH,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;gBACzC,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;gBAE5E,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;oBAC5B,MAAM,EAAE,MAAM;oBACd,OAAO;oBACP,IAAI;oBACJ,MAAM,EAAE,UAAU,CAAC,MAAM;iBAC1B,CAAC,CAAC;gBAEH,YAAY,CAAC,SAAS,CAAC,CAAC;gBAExB,IAAI,IAAI,CAAC,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;oBAC5C,gDAAgD;oBAChD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;oBAC/B,kEAAkE;oBAClE,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,uEAAuE,EAAE,YAAY,CAAC,CAAC;oBACjH,OAAO,CAAC,KAAK,CAAC,iCAAiC,IAAI,CAAC,MAAM,MAAM,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;oBACtF,OAAO,EAAE,CAAC;gBACZ,CAAC;gBAED,MAAM,MAAM,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,EAAE,CAAkB,CAAC;gBAEpD,MAAM,QAAQ,GAAqB,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAC;gBACzD,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,CAAC;gBACnC,IAAI,CAAC,mBAAmB,GAAG,CAAC,CAAC;gBAE7B,4BAA4B;gBAC5B,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;oBACb,IAAI,MAAM,GAAG,CAAC,CAAC;oBACf,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;wBACzB,MAAM,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;wBAChC,IAAI,CAAC,KAAK,SAAS,IAAI,CAAC,GAAG,MAAM;4BAAE,MAAM,GAAG,CAAC,CAAC;wBAC9C,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;oBAC3B,CAAC;oBACD,IAAI,MAAM,GAAG,CAAC;wBAAE,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;gBAC/C,CAAC;gBAED,IAAI,MAAM,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;oBACxB,OAAO,CAAC,IAAI,CACV,0BAA0B,MAAM,CAAC,QAAQ,cAAc,MAAM,CAAC,QAAQ,WAAW,CAClF,CAAC;gBACJ,CAAC;gBAED,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;oBACjD,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC;oBACrB,OAAO,CAAC,IAAI,CACV,cAAc,MAAM,CAAC,QAAQ,yBAAyB,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE;wBAC5E,wFAAwF;wBACxF,2FAA2F,CAC5F,CAAC;gBACJ,CAAC;gBAED,0EAA0E;gBAC1E,IAAI,IAAI,CAAC,OAAO,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACxC,IAAI,CAAC;wBACH,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;oBACnC,CAAC;oBAAC,OAAO,KAAK,EAAE,CAAC;wBACf,OAAO,CAAC,IAAI,CAAC,+CAA+C,EAAE,KAAK,CAAC,CAAC;oBACvE,CAAC;gBACH,CAAC;gBAED,OAAO,QAAQ,CAAC;YAClB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,SAAS,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBAC7D,OAAO,CAAC,IAAI,CACV,iCAAiC,OAAO,GAAG,CAAC,YAAY,SAAS,EAAE,CACpE,CAAC;gBAEF,kCAAkC;gBAClC,IAAI,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,UAAU,GAAG,CAAC,EAAE,CAAC;oBACzC,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC,IAAI,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC;gBAC/D,CAAC;YACH,CAAC;QACH,CAAC;QAED,oDAAoD;QACpD,IAAI,CAAC,mBAAmB,EAAE,CAAC;QAC3B,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC;QACtC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,CAAC;QAElC,4BAA4B;QAC5B,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;YACjD,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC;YAC7D,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACjD,OAAO,CAAC,KAAK,CACX,qCAAqC,OAAO,kCAAkC,IAAI,CAAC,cAAc,GAAG,CACrG,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,IAAI,CACV,oCAAoC,QAAQ,CAAC,MAAM,0CAA0C,IAAI,CAAC,UAAU,CAAC,MAAM,aAAa,SAAS,EAAE,CAC5I,CAAC;QACJ,CAAC;QAED,OAAO,EAAE,CAAC;IACZ,CAAC;CACF"}

package/dist/cli.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+#!/usr/bin/env node
+/**
+ * SWT3 CLI -- governance tooling for AI systems.
+ *
+ * Commands:
+ *   swt3 init              Interactive governance setup
+ *   swt3 init --profile X  Non-interactive (CI/CD friendly)
+ *   swt3 demo              Run the zero-friction demo
+ *   swt3 doctor            Diagnose config health
+ *   swt3 help              Show usage
+ */
+export declare function generateInitYaml(profile: string, tenantId: string, agentId: string): string;
+//# sourceMappingURL=cli.d.ts.map

package/dist/cli.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA;;;;;;;;;GASG;AA4CH,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,CAoB3F"}