@tuent/sentinel 0.1.3 → 0.1.4

package/dist/Sentinel-4QKPFHTI.js

@@ -0,0 +1,10 @@
+import {
+  Sentinel
+} from "./chunk-I2FVDDSG.js";
+import "./chunk-FIEIGBYL.js";
+import "./chunk-KWZ7JKKO.js";
+import "./chunk-NUXSUSYY.js";
+export {
+  Sentinel
+};
+//# sourceMappingURL=Sentinel-4QKPFHTI.js.map

package/dist/{Sentinel-BVoMEF3F.d.ts → Sentinel-DT0IyGQi.d.ts}

@@ -16,6 +16,7 @@ interface SkillNode {
     core?: boolean;
     sharable?: boolean;
     files?: string[];
+    eventCount?: number;
 }
 
 interface DataPoint {
@@ -29,6 +30,7 @@ interface DataPoint {
     files?: string[];
     sharable?: boolean;
     core?: boolean;
+    eventCount?: number;
 }
 
 interface StoredProfile {
@@ -89,16 +91,41 @@ declare class ProfileStore {
     private petalCount;
     private engine;
     private profile;
+    /** Snapshot (label → serialized point) of the on-disk-synced dataPoint set,
+     *  refreshed on every load/create/write. The base for save()'s three-way merge
+     *  of concurrent external writes — lets us tell "I deleted this" (in baseline,
+     *  gone from memory) from "another writer added this" (on disk, not in baseline). */
+    private baseline;
     constructor(options: {
         backend: StorageBackend;
         eventBus?: EventBus;
         petalCount?: number;
     });
     load(): Promise<StoredProfile | null>;
+    /** Snapshot the on-disk-synced dataPoint set for save()'s three-way merge. */
+    private captureBaseline;
     create(name: string): Promise<StoredProfile>;
     addPoint(point: DataPoint): Promise<void>;
     addPoints(points: DataPoint[]): void;
     save(): Promise<void>;
+    /**
+     * Three-way merge of a concurrent external write into the in-memory profile,
+     * invoked by save() when the backend reports the file changed since we last
+     * synced. Writers in this app are single-user but multi-process (agent scanner,
+     * diary watcher, dev server, CLI), so concurrent writes are real but rare.
+     *
+     * Model (base = the dataPoint set at our last load/write, see `baseline`):
+     *   - a point present in memory → kept as-is (the SAVING process's adds/edits
+     *     win on a same-point conflict — save() is an explicit "persist my state");
+     *   - a disk point whose label is NEW since baseline → another writer's
+     *     addition → preserved;
+     *   - a point we dropped (in baseline, absent from memory) → our deletion is
+     *     honored, UNLESS the other writer modified it (then their version is kept
+     *     so a concurrent edit is never silently lost).
+     * Net: nothing vanishes except a same-point simultaneous edit, resolved
+     * last-writer (this save) — a deliberate, documented tie-break.
+     */
+    private mergeExternalChanges;
     build(): SkillNode[];
     getProfile(): StoredProfile | null;
 }
@@ -380,7 +407,6 @@ interface SentinelConfig {
         mcpLogDir?: string;
         webhookPort?: number;
         webhookApiKey?: string;
-        roleDefinitionPath?: string;
         readExisting?: boolean;
     }[];
     alerts?: {
@@ -400,9 +426,6 @@ interface SentinelConfig {
             minKind?: "informational" | "actionable";
         }[];
     };
-    alertWebhook?: string;
-    baselineWindowDays?: number;
-    checkIntervalMs?: number;
 }
 /** A declared task/intent for an agent. */
 interface TaskIntent {
@@ -447,13 +470,18 @@ interface IntentAlignmentResult {
     bypassed?: boolean;
     bypassReason?: string | null;
 }
-/** Configuration for intent alignment scoring. */
+/**
+ * Configuration for intent alignment scoring.
+ *
+ * NOTE: the keywordBoost / acceptableActionBoost / baseScore /
+ * missingTaskScore knobs were removed — they were defined, defaulted, and
+ * typed but never read by any scoring path (vestiges of a pre-weighted
+ * scoring model superseded by SimilarityEngine.keywordSimilarity). They
+ * promised tunability that did not exist; the live weights are fixed in
+ * SimilarityEngine. defaultTtlMs is the only consumed numeric knob.
+ */
 interface IntentAlignmentConfig {
     defaultTtlMs: number;
-    keywordBoost: number;
-    acceptableActionBoost: number;
-    baseScore: number;
-    missingTaskScore: number;
     disableDefaultAcceptable?: boolean;
     denyAcceptable?: string[];
     similarityThreshold?: number;
@@ -864,6 +892,20 @@ declare class AuditTrail {
      * the file when an external append actually happened.
      */
     private reanchorFromDiskTail;
+    /**
+     * Scan the on-disk log backward for the last entry carrying a valid (64-hex)
+     * hash, SKIPPING torn/corrupt trailing lines, and return that hash (or null
+     * when no parseable hashed entry exists).
+     *
+     * Shared by open() (chain resume) and reanchorFromDiskTail() (live
+     * re-anchor). The earlier inline versions inspected only the LAST non-empty
+     * line and broke: a torn tail line (a partial write) left the head at genesis
+     * (open) or stale (reanchor), so the next append forked a fresh chain from
+     * genesis — destroying all prior linkage. Walking back leaves the torn line
+     * as a single localized gap that verify() still flags, while the chain head
+     * stays anchored to the last good entry.
+     */
+    private lastHashOnDisk;
     private readAllEntries;
     private loadCumulativeStats;
     /**
@@ -916,6 +958,54 @@ interface AgentClassifierConfig {
     minDurationMs: number;
 }
 
+interface SensitivityRule {
+    pattern: string;
+    sensitivity: number;
+    category: string;
+    description: string;
+}
+interface TargetSensitivityResult {
+    sensitivity: number;
+    category: string;
+    description: string;
+    matchedRule: string;
+    actionMultiplier: number;
+    effectiveScore: number;
+    groundedInRepoMap: boolean;
+}
+declare class TargetSensitivityScorer {
+    private rules;
+    private repoMap;
+    private repoRoot;
+    private overlay;
+    constructor(customRules?: SensitivityRule[], repoMap?: RepoSensitivityMap, repoRoot?: string, overlay?: SensitivityOverlay);
+    scoreTarget(target: string, action: string): TargetSensitivityResult;
+    /** Pattern-only scoring (Tier 2). Used directly by reject decisions. */
+    private _scoreByPatterns;
+    /**
+     * URL-aware component scoring (Sprint 6b W1 fix).
+     * Parses the URL, extracts path/query-values/fragment, decodes each once,
+     * scores each against forbidden-pattern rules, takes MAX.
+     */
+    private _scoreUrlTarget;
+    scoreEvent(event: AgentActivityEvent): TargetSensitivityResult;
+    /**
+     * Replaces the active repo sensitivity map. Pass null to clear.
+     * If newRepoRoot is provided, it overrides the map's repoRoot.
+     */
+    updateRepoMap(newMap: RepoSensitivityMap | null, newRepoRoot?: string): void;
+    /**
+     * Replaces the active sensitivity overlay. Pass null to clear.
+     */
+    updateOverlay(newOverlay: SensitivityOverlay | null): void;
+    /**
+     * Returns all pattern-based rules that match the target. Does NOT
+     * consult the repo map. Used by RepoSensitivityScanner during
+     * scan-time enumeration.
+     */
+    getAllMatchingRules(target: string): SensitivityRule[];
+}
+
 /** Lazy-init wrapper passed via RoleValidatorOptions so Sentinel can own the cache. */
 interface ForbiddenInodeCacheRef {
     getOrBuild: () => Set<bigint>;
@@ -1229,6 +1319,7 @@ declare class SentinelRunner {
     private _hookEngine?;
     private _maturityConfig?;
     private _validatorOptions?;
+    private _sensitivityScorer?;
     private intentTracker;
     private similarityEngine;
     private recentAlignmentScores;
@@ -1249,6 +1340,12 @@ declare class SentinelRunner {
     setMaturityConfig(config: Partial<BaselineMaturityConfig>): void;
     /** Set RoleValidator options (exception approval fn, audit callback). */
     setRoleValidatorOptions(options: RoleValidatorOptions): void;
+    /**
+     * Inject the facade's shared sensitivity scorer (overlay + repo map aware)
+     * so processEvent's validator scores identically to the facade's check().
+     * Must be called BEFORE start() builds the validator.
+     */
+    setSensitivityScorer(scorer: TargetSensitivityScorer): void;
     /** Set the behavioral baseline and start periodic gap checking. */
     setBaseline(baseline: AgentBaseline): void;
     /** Declare a new task intent for this agent. */
@@ -1265,6 +1362,12 @@ declare class SentinelRunner {
     getActiveTask(): TaskIntent | null;
     /** Expose the similarity engine for pre-execution intent checks. */
     getSimilarityEngine(): SimilarityEngine;
+    /**
+     * Read-only view of the rolling misaligned-score window, for the
+     * pre-execution gate (Sentinel.check) to apply the SAME sustained-drift
+     * severity upgrade as the recording path — without mutating the window.
+     */
+    getRecentAlignmentScores(): readonly number[];
     /**
      * Side-effect-free pre-execution gate: evaluate an event and fire pre_execution
      * hooks WITHOUT running processEvent's full pipeline.

package/dist/{chunk-PDWWRZXF.js → chunk-2IPSTUNH.js}

@@ -16,6 +16,9 @@ var LogAdapter = class {
   pendingFragment = "";
   running = false;
   polling = false;
+  /** The in-flight poll (if any), so stop() can let it finish emitting its
+   *  already-read batch before persisting the cursor. */
+  pollInFlight = null;
   pollTimer = null;
   onEvent = null;
   readExisting;
@@ -33,6 +36,7 @@ var LogAdapter = class {
     if (this.running) return;
     this.onEvent = onEvent;
     this.running = true;
+    this.pendingFragment = "";
     const savedPosition = await this.loadCursor();
     if (savedPosition !== null) {
       this.lastReadPosition = savedPosition;
@@ -47,7 +51,9 @@ var LogAdapter = class {
     } else {
       this.lastReadPosition = 0;
     }
-    this.pollTimer = setInterval(() => this.poll(), this.pollIntervalMs);
+    this.pollTimer = setInterval(() => {
+      this.pollInFlight = this.poll();
+    }, this.pollIntervalMs);
     console.log(`LogAdapter watching ${this.logPath} for agent ${this.agentId}`);
   }
   async stop() {
@@ -55,6 +61,13 @@ var LogAdapter = class {
       clearInterval(this.pollTimer);
       this.pollTimer = null;
     }
+    if (this.pollInFlight) {
+      try {
+        await this.pollInFlight;
+      } catch {
+      }
+      this.pollInFlight = null;
+    }
     await this.saveCursor();
     this.running = false;
     this.onEvent = null;
@@ -66,7 +79,6 @@ var LogAdapter = class {
     try {
       const lines = await this.readNewLines();
       for (const line of lines) {
-        if (!this.running) break;
         const event = this.parseLine(line);
         if (event) {
           try {
@@ -194,10 +206,9 @@ var LogAdapter = class {
     try {
       const { writeFile, mkdir } = await import("fs/promises");
       await mkdir(this.stateDir, { recursive: true });
-      await writeFile(
-        path,
-        JSON.stringify({ position: this.lastReadPosition, logPath: this.logPath }) + "\n"
-      );
+      const fragmentBytes = Buffer.byteLength(this.pendingFragment, "utf-8");
+      const position = Math.max(0, this.lastReadPosition - fragmentBytes);
+      await writeFile(path, JSON.stringify({ position, logPath: this.logPath }) + "\n");
     } catch (err) {
       console.warn(`Failed to save log cursor: ${err}`);
     }
@@ -235,4 +246,4 @@ var LogAdapter = class {
 export {
   LogAdapter
 };
-//# sourceMappingURL=chunk-PDWWRZXF.js.map
+//# sourceMappingURL=chunk-2IPSTUNH.js.map

package/dist/chunk-B6S2PBS4.js

@@ -0,0 +1,47 @@
+// src/setup/policyDiscovery.ts
+import { existsSync, statSync } from "fs";
+import { resolve, join, dirname } from "path";
+function isTrustedPolicyStat(stats, processUid) {
+  if ((stats.mode & 2) !== 0) {
+    return { trusted: false, reason: "file is world-writable" };
+  }
+  if (processUid !== void 0 && stats.uid !== processUid) {
+    return {
+      trusted: false,
+      reason: `file is owned by uid ${stats.uid}, not the current user (uid ${processUid})`
+    };
+  }
+  return { trusted: true, reason: null };
+}
+function isTrustedOnDisk(candidate) {
+  if (process.platform === "win32") return true;
+  let stats;
+  try {
+    stats = statSync(candidate);
+  } catch {
+    return false;
+  }
+  const processUid = typeof process.getuid === "function" ? process.getuid() : void 0;
+  const verdict = isTrustedPolicyStat({ uid: stats.uid, mode: stats.mode }, processUid);
+  if (!verdict.trusted) {
+    console.warn(`[Sentinel] Ignoring untrusted policy file ${candidate}: ${verdict.reason}`);
+  }
+  return verdict.trusted;
+}
+function discoverPolicy(startDir, home) {
+  let dir = resolve(startDir);
+  const homeAbs = resolve(home);
+  while (true) {
+    const candidate = join(dir, ".sentinel.yaml");
+    if (existsSync(candidate) && isTrustedOnDisk(candidate)) return candidate;
+    if (dir === homeAbs) return null;
+    const parent = dirname(dir);
+    if (parent === dir) return null;
+    dir = parent;
+  }
+}
+
+export {
+  discoverPolicy
+};
+//# sourceMappingURL=chunk-B6S2PBS4.js.map