@tuent/sentinel 0.1.3 → 0.1.5

package/dist/{chunk-SSDIBY52.js → chunk-7R6EA7JG.js}

@@ -1,6 +1,5 @@
 import {
   DEFAULT_MAP_PATH,
-  DEFAULT_MEDIUM_DISPOSITION,
   DEFAULT_OVERLAY_PATH,
   RoleValidator,
   TargetSensitivityScorer,
@@ -16,14 +15,17 @@ import {
   saveMap,
   saveOverlay,
   unionWithDefaultForbiddenPatterns,
-  walkForbiddenInodeRoots,
-  withPolicyReadExceptions
-} from "./chunk-JTR2E7RD.js";
+  walkForbiddenInodeRoots
+} from "./chunk-M5EEVMLU.js";
 import {
+  DEFAULT_MEDIUM_DISPOSITION,
+  DEFAULT_QUARANTINE_AFTER,
+  DEFAULT_RESTRICT_AFTER,
   loadPolicy,
   policyToConfig,
-  policyToRole
-} from "./chunk-WLIDSTS4.js";
+  policyToRole,
+  withPolicyReadExceptions
+} from "./chunk-SKE74CYZ.js";
 import {
   publicKeyToBase64,
   reconstructSigningPayload,
@@ -86,6 +88,10 @@ function decayWeight(daysSinceActive, currentWeight = 1, halfLifeDays = DECAY_HA
 }
 
 // ../core/src/dataEngine.ts
+function parseLastActiveMs(lastActive) {
+  const t = new Date(lastActive).getTime();
+  return Number.isNaN(t) ? 0 : t;
+}
 var DataEngine = class _DataEngine {
   points = /* @__PURE__ */ new Map();
   colors;
@@ -113,7 +119,7 @@ var DataEngine = class _DataEngine {
       if (p.core) {
         weights.set(p.label, Math.max(base, CORE_WEIGHT_FLOOR));
       } else {
-        const lastActiveMs = new Date(p.lastActive).getTime();
+        const lastActiveMs = parseLastActiveMs(p.lastActive);
         const daysSince = (effectiveNow - lastActiveMs) / (1e3 * 60 * 60 * 24);
         weights.set(p.label, decayWeight(daysSince, base));
       }
@@ -135,7 +141,7 @@ var DataEngine = class _DataEngine {
   }
   build() {
     const sorted = [...this.points.values()].sort(
-      (a, b) => new Date(a.lastActive).getTime() - new Date(b.lastActive).getTime()
+      (a, b) => parseLastActiveMs(a.lastActive) - parseLastActiveMs(b.lastActive)
     );
     const normalizedWeights = _DataEngine.normalizeWeights(sorted);
     const now = Date.now();
@@ -146,14 +152,14 @@ var DataEngine = class _DataEngine {
     let minTime = now;
     let maxTime = 0;
     for (const p of sorted) {
-      const t = new Date(p.lastActive).getTime();
+      const t = parseLastActiveMs(p.lastActive);
       if (t < minTime) minTime = t;
       if (t > maxTime) maxTime = t;
     }
     const timeRange = maxTime - minTime || 1;
     const petals = sorted.map((point, i) => {
       const layer = sorted.length > 1 ? i / (sorted.length - 1) : 0.5;
-      const t = new Date(point.lastActive).getTime();
+      const t = parseLastActiveMs(point.lastActive);
       const recency = (t - minTime) / timeRange;
       const openness = 0.15 + layer * 0.8;
       const connections = (point.connections ?? []).map((label) => labelToIdMap.get(label)).filter((id) => id !== void 0);
@@ -172,7 +178,8 @@ var DataEngine = class _DataEngine {
         source: point.source,
         core: point.core,
         sharable: point.sharable,
-        files: point.files
+        files: point.files,
+        eventCount: point.eventCount
       };
     });
     const realCount = petals.length;
@@ -288,15 +295,18 @@ function mergeAgentPoints(existing, incoming) {
   const mergedWeight = Math.min((existing.weight ?? 0) + (incoming.weight ?? 0), 1);
   const mergedConnections = incoming.connections || existing.connections ? [.../* @__PURE__ */ new Set([...incoming.connections ?? [], ...existing.connections ?? []])] : void 0;
   const mergedFiles = incoming.files || existing.files ? [.../* @__PURE__ */ new Set([...incoming.files ?? [], ...existing.files ?? []])].slice(0, 20) : void 0;
+  const mergedLastActive = new Date(incoming.lastActive) >= new Date(existing.lastActive) ? incoming.lastActive : existing.lastActive;
+  const mergedEventCount = incoming.eventCount ?? existing.eventCount;
   return preserveUserMetadata(existing, {
     label: incoming.label,
     category: incoming.category,
-    lastActive: incoming.lastActive,
+    lastActive: mergedLastActive,
     description: incoming.description,
     weight: mergedWeight,
     source: "agent",
     ...mergedConnections && { connections: mergedConnections },
-    ...mergedFiles && { files: mergedFiles }
+    ...mergedFiles && { files: mergedFiles },
+    ...mergedEventCount !== void 0 && { eventCount: mergedEventCount }
   });
 }
 var ProfileStore = class {
@@ -305,6 +315,11 @@ var ProfileStore = class {
   petalCount;
   engine;
   profile = null;
+  /** Snapshot (label → serialized point) of the on-disk-synced dataPoint set,
+   *  refreshed on every load/create/write. The base for save()'s three-way merge
+   *  of concurrent external writes — lets us tell "I deleted this" (in baseline,
+   *  gone from memory) from "another writer added this" (on disk, not in baseline). */
+  baseline = /* @__PURE__ */ new Map();
   constructor(options) {
     this.backend = options.backend;
     this.eventBus = options.eventBus;
@@ -336,8 +351,15 @@ var ProfileStore = class {
         payload: { profileId: this.profile.id }
       });
     }
+    this.captureBaseline();
     return this.profile;
   }
+  /** Snapshot the on-disk-synced dataPoint set for save()'s three-way merge. */
+  captureBaseline() {
+    this.baseline = new Map(
+      (this.profile?.dataPoints ?? []).map((p) => [p.label, JSON.stringify(p)])
+    );
+  }
   async create(name) {
     const now = (/* @__PURE__ */ new Date()).toISOString();
     this.profile = {
@@ -349,6 +371,7 @@ var ProfileStore = class {
       updatedAt: now
     };
     await this.backend.write(this.profile);
+    this.captureBaseline();
     return this.profile;
   }
   async addPoint(point) {
@@ -368,6 +391,7 @@ var ProfileStore = class {
     }
     this.profile.updatedAt = (/* @__PURE__ */ new Date()).toISOString();
     await this.backend.write(this.profile);
+    this.captureBaseline();
     this.eventBus?.emit({
       type: "data:updated",
       payload: { timestamp: Date.now() }
@@ -399,9 +423,46 @@ var ProfileStore = class {
   async save() {
     if (!this.profile) throw new Error("No profile loaded");
     if (this.backend.hasExternalChanges && await this.backend.hasExternalChanges()) {
-      await this.load();
+      await this.mergeExternalChanges();
     }
     await this.backend.write(this.profile);
+    this.captureBaseline();
+  }
+  /**
+   * Three-way merge of a concurrent external write into the in-memory profile,
+   * invoked by save() when the backend reports the file changed since we last
+   * synced. Writers in this app are single-user but multi-process (agent scanner,
+   * diary watcher, dev server, CLI), so concurrent writes are real but rare.
+   *
+   * Model (base = the dataPoint set at our last load/write, see `baseline`):
+   *   - a point present in memory → kept as-is (the SAVING process's adds/edits
+   *     win on a same-point conflict — save() is an explicit "persist my state");
+   *   - a disk point whose label is NEW since baseline → another writer's
+   *     addition → preserved;
+   *   - a point we dropped (in baseline, absent from memory) → our deletion is
+   *     honored, UNLESS the other writer modified it (then their version is kept
+   *     so a concurrent edit is never silently lost).
+   * Net: nothing vanishes except a same-point simultaneous edit, resolved
+   * last-writer (this save) — a deliberate, documented tie-break.
+   */
+  async mergeExternalChanges() {
+    if (!this.profile) return;
+    const disk = await this.backend.read();
+    if (!disk || !Array.isArray(disk.dataPoints)) return;
+    const merged = /* @__PURE__ */ new Map();
+    for (const p of this.profile.dataPoints) merged.set(p.label, p);
+    for (const dp of disk.dataPoints) {
+      if (merged.has(dp.label)) continue;
+      const baseJson = this.baseline.get(dp.label);
+      if (baseJson === void 0) {
+        merged.set(dp.label, dp);
+      } else if (baseJson !== JSON.stringify(dp)) {
+        merged.set(dp.label, dp);
+      }
+    }
+    this.profile.dataPoints = [...merged.values()];
+    this.engine = new DataEngine({ petalCount: this.petalCount });
+    for (const p of this.profile.dataPoints) this.engine.addPoint(p);
   }
   build() {
     return this.engine.build();
@@ -614,7 +675,8 @@ var AgentActivityClassifier = class {
       weight,
       source: "agent-monitor",
       files: Array.from(session.targetSet).slice(0, 50),
-      connections: []
+      connections: [],
+      eventCount
     };
   }
 };
@@ -668,27 +730,11 @@ var AuditTrail = class _AuditTrail {
     this.maxFileSizeBytes = (options?.maxFileSizeMB ?? 10) * 1024 * 1024;
   }
   async open() {
-    const { mkdir, appendFile, readFile } = await import("fs/promises");
+    const { mkdir, appendFile } = await import("fs/promises");
     const { dirname: dirname2 } = await import("path");
     await mkdir(dirname2(this.logPath), { recursive: true });
     await appendFile(this.logPath, "");
-    this.currentChainHead = _AuditTrail.GENESIS_HASH;
-    try {
-      const raw = await readFile(this.logPath, "utf-8");
-      const lines = raw.trimEnd().split("\n");
-      for (let i = lines.length - 1; i >= 0; i--) {
-        if (lines[i].length === 0) continue;
-        try {
-          const last = JSON.parse(lines[i]);
-          if (typeof last.hash === "string" && last.hash.length === 64) {
-            this.currentChainHead = last.hash;
-          }
-        } catch {
-        }
-        break;
-      }
-    } catch {
-    }
+    this.currentChainHead = await this.lastHashOnDisk() ?? _AuditTrail.GENESIS_HASH;
     try {
       const { stat } = await import("fs/promises");
       this._lastKnownSize = (await stat(this.logPath)).size;
@@ -886,7 +932,11 @@ var AuditTrail = class _AuditTrail {
     for (const entry of entries) {
       if (options.type && entry.type !== options.type) continue;
       const entryMs = new Date(entry.timestamp).getTime();
-      if (entryMs < startMs || entryMs > endMs) continue;
+      if (Number.isNaN(entryMs)) {
+        if (options.startTime || options.endTime) continue;
+      } else if (entryMs < startMs || entryMs > endMs) {
+        continue;
+      }
       if (options.severity && entry.type === "finding") {
         if (entry.severity !== options.severity) continue;
       }
@@ -979,6 +1029,7 @@ var AuditTrail = class _AuditTrail {
     let signedEntries = 0;
     let unsignedEntries = 0;
     let invalidSignatures = 0;
+    let seenHashedEntry = false;
     let priorFileLastHash = null;
     for (const file of files) {
       const base = basename(file);
@@ -1049,6 +1100,7 @@ var AuditTrail = class _AuditTrail {
           unsignedEntries++;
         }
         globalIndex++;
+        seenHashedEntry = true;
         checkpointReached = true;
         startIndex = aIdx + 1;
         previousHash = checkpoint.anchorHash;
@@ -1085,10 +1137,26 @@ var AuditTrail = class _AuditTrail {
         try {
           entry = JSON.parse(line);
         } catch {
-          globalIndex++;
-          continue;
+          return attach({
+            valid: false,
+            totalEntries: globalIndex + 1,
+            brokenAt: globalIndex,
+            signedEntries,
+            unsignedEntries,
+            invalidSignatures
+          });
         }
         if (typeof entry.hash !== "string" || entry.hash.length !== 64) {
+          if (seenHashedEntry) {
+            return attach({
+              valid: false,
+              totalEntries: globalIndex + 1,
+              brokenAt: globalIndex,
+              signedEntries,
+              unsignedEntries,
+              invalidSignatures
+            });
+          }
           globalIndex++;
           continue;
         }
@@ -1128,6 +1196,7 @@ var AuditTrail = class _AuditTrail {
         }
         previousHash = storedHash;
         globalIndex++;
+        seenHashedEntry = true;
       }
       priorFileLastHash = previousHash;
     }
@@ -1765,6 +1834,23 @@ var AuditTrail = class _AuditTrail {
    * the file when an external append actually happened.
    */
   async reanchorFromDiskTail() {
+    const lastHash = await this.lastHashOnDisk();
+    if (lastHash) this.currentChainHead = lastHash;
+  }
+  /**
+   * Scan the on-disk log backward for the last entry carrying a valid (64-hex)
+   * hash, SKIPPING torn/corrupt trailing lines, and return that hash (or null
+   * when no parseable hashed entry exists).
+   *
+   * Shared by open() (chain resume) and reanchorFromDiskTail() (live
+   * re-anchor). The earlier inline versions inspected only the LAST non-empty
+   * line and broke: a torn tail line (a partial write) left the head at genesis
+   * (open) or stale (reanchor), so the next append forked a fresh chain from
+   * genesis — destroying all prior linkage. Walking back leaves the torn line
+   * as a single localized gap that verify() still flags, while the chain head
+   * stays anchored to the last good entry.
+   */
+  async lastHashOnDisk() {
     const { readFile } = await import("fs/promises");
     try {
       const raw = await readFile(this.logPath, "utf-8");
@@ -1772,16 +1858,16 @@ var AuditTrail = class _AuditTrail {
       for (let i = lines.length - 1; i >= 0; i--) {
         if (lines[i].length === 0) continue;
         try {
-          const last = JSON.parse(lines[i]);
-          if (typeof last.hash === "string" && last.hash.length === 64) {
-            this.currentChainHead = last.hash;
+          const entry = JSON.parse(lines[i]);
+          if (typeof entry.hash === "string" && entry.hash.length === 64) {
+            return entry.hash;
           }
         } catch {
         }
-        break;
       }
     } catch {
     }
+    return null;
   }
   async readAllEntries() {
     const { readFile } = await import("fs/promises");
@@ -2025,7 +2111,7 @@ var DeviationDetector = class {
   checkVolumeSpike(dataPoint) {
     if (this.baseline.averageEventsPerSession === 0) return null;
     const description = dataPoint.description ?? "";
-    const eventCount = parseEventCount(description) ?? estimateEventsFromWeight(dataPoint.weight ?? 0);
+    const eventCount = dataPoint.eventCount ?? parseEventCount(description) ?? estimateEventsFromWeight(dataPoint.weight ?? 0);
     const threshold = this.baseline.averageEventsPerSession * this.config.volumeSpikeMultiplier;
     if (eventCount <= threshold) return null;
     const multiplier = (eventCount / this.baseline.averageEventsPerSession).toFixed(1);
@@ -2174,7 +2260,7 @@ var DeviationDetector = class {
   checkActivityDrop(dataPoint) {
     if (this.baseline.averageEventsPerSession === 0) return null;
     const description = dataPoint.description ?? "";
-    const eventCount = parseEventCount(description) ?? estimateEventsFromWeight(dataPoint.weight ?? 0);
+    const eventCount = dataPoint.eventCount ?? parseEventCount(description) ?? estimateEventsFromWeight(dataPoint.weight ?? 0);
     if (eventCount === 0) return null;
     const ratio = eventCount / this.baseline.averageEventsPerSession;
     if (ratio < 0.1) {
@@ -2368,12 +2454,8 @@ var COMMON_ABBREVIATIONS = /* @__PURE__ */ new Map([
   ["development", "dev"]
 ]);
 var DEFAULT_INTENT_CONFIG = {
-  defaultTtlMs: 8 * 60 * 60 * 1e3,
+  defaultTtlMs: 8 * 60 * 60 * 1e3
   // 8 hours
-  keywordBoost: 0.15,
-  acceptableActionBoost: 0.3,
-  baseScore: 0.2,
-  missingTaskScore: 0.5
 };
 var DEFAULT_ACCEPTABLE_ACTIONS = [
   // Config/manifest reads
@@ -2423,15 +2505,14 @@ var DEFAULT_ACCEPTABLE_ACTIONS = [
   { action: "command_exec", targetPattern: "tsc*", reason: "TypeScript compiler" }
 ];
 function extractKeywords(description) {
-  const words = description.split(/[^a-zA-Z0-9]+/).map((w) => w.toLowerCase()).filter((w) => w.length > 2 && !STOP_WORDS.has(w));
-  const withVariants = new Set(words);
-  for (const word of words) {
-    const variant = COMMON_ABBREVIATIONS.get(word);
-    if (variant) {
-      withVariants.add(variant);
-    }
-  }
-  return [...withVariants];
+  const rawTokens = description.split(/[^a-zA-Z0-9]+/).map((w) => w.toLowerCase()).filter((w) => w.length > 0);
+  const keywords = /* @__PURE__ */ new Set();
+  for (const token of rawTokens) {
+    if (token.length > 2 && !STOP_WORDS.has(token)) keywords.add(token);
+    const variant = COMMON_ABBREVIATIONS.get(token);
+    if (variant) keywords.add(variant);
+  }
+  return [...keywords];
 }
 var IntentTracker = class {
   tasks = /* @__PURE__ */ new Map();
@@ -2720,6 +2801,17 @@ var SimilarityEngine = class {
 // src/evaluation.ts
 var DRIFT_WINDOW_SIZE = 5;
 var SUSTAINED_DRIFT_THRESHOLD = 0.25;
+function computeDriftSeverity(score, windowScores) {
+  const base = score < 0.1 ? "CRITICAL" : score < 0.2 ? "HIGH" : "MEDIUM";
+  if (windowScores.length < DRIFT_WINDOW_SIZE) {
+    return { severity: base, sustained: false, avg: null };
+  }
+  const avg = windowScores.reduce((sum, s) => sum + s, 0) / windowScores.length;
+  if (avg >= SUSTAINED_DRIFT_THRESHOLD) {
+    return { severity: base, sustained: false, avg };
+  }
+  return { severity: base === "CRITICAL" ? "CRITICAL" : "HIGH", sustained: true, avg };
+}
 function evaluateEvent(event, state, deps) {
   const findings = [];
   let intentAlignment;
@@ -2740,9 +2832,9 @@ function evaluateEvent(event, state, deps) {
       if (newScores.length > DRIFT_WINDOW_SIZE) {
         newScores = newScores.slice(newScores.length - DRIFT_WINDOW_SIZE);
       }
-      const scoreSeverity = alignment.score < 0.1 ? "CRITICAL" : alignment.score < 0.2 ? "HIGH" : "MEDIUM";
+      const driftVerdict = computeDriftSeverity(alignment.score, newScores);
       const driftFinding = {
-        severity: scoreSeverity,
+        severity: driftVerdict.severity,
         kind: "informational",
         type: "intent_drift",
         agentId: event.agentId,
@@ -2757,17 +2849,9 @@ function evaluateEvent(event, state, deps) {
         recommendation: `Review whether ${describeEvent(event)} is necessary for the current task.`,
         timestamp: event.timestamp
       };
-      if (newScores.length >= DRIFT_WINDOW_SIZE) {
-        const avg = newScores.reduce((sum, s) => sum + s, 0) / newScores.length;
-        if (avg < SUSTAINED_DRIFT_THRESHOLD) {
-          const sustainedSeverity = "HIGH";
-          const severityRank = { LOW: 0, MEDIUM: 1, HIGH: 2, CRITICAL: 3 };
-          if (severityRank[sustainedSeverity] > severityRank[driftFinding.severity]) {
-            driftFinding.severity = sustainedSeverity;
-          }
-          driftFinding.description = `Sustained intent drift detected (${DRIFT_WINDOW_SIZE} consecutive misaligned actions, avg score ${avg.toFixed(2)}): ${alignment.reason}`;
-          driftFinding.softSignal = true;
-        }
+      if (driftVerdict.sustained) {
+        driftFinding.description = `Sustained intent drift detected (${DRIFT_WINDOW_SIZE} consecutive misaligned actions, avg score ${driftVerdict.avg.toFixed(2)}): ${alignment.reason}`;
+        driftFinding.softSignal = true;
       }
       findings.push(driftFinding);
     } else {
@@ -2810,6 +2894,9 @@ var SentinelRunner = class {
   _maturityConfig;
   // Role validator options (injected by Sentinel facade for exception handling)
   _validatorOptions;
+  // Facade's shared overlay/repo-map-aware scorer (injected before start()).
+  // Falls back to a bare scorer when the runner is used standalone (tests).
+  _sensitivityScorer;
   // Intent alignment
   intentTracker;
   similarityEngine;
@@ -2855,6 +2942,14 @@ var SentinelRunner = class {
   setRoleValidatorOptions(options) {
     this._validatorOptions = options;
   }
+  /**
+   * Inject the facade's shared sensitivity scorer (overlay + repo map aware)
+   * so processEvent's validator scores identically to the facade's check().
+   * Must be called BEFORE start() builds the validator.
+   */
+  setSensitivityScorer(scorer) {
+    this._sensitivityScorer = scorer;
+  }
   /** Set the behavioral baseline and start periodic gap checking. */
   setBaseline(baseline) {
     this._baseline = baseline;
@@ -2911,6 +3006,14 @@ var SentinelRunner = class {
   getSimilarityEngine() {
     return this.similarityEngine;
   }
+  /**
+   * Read-only view of the rolling misaligned-score window, for the
+   * pre-execution gate (Sentinel.check) to apply the SAME sustained-drift
+   * severity upgrade as the recording path — without mutating the window.
+   */
+  getRecentAlignmentScores() {
+    return this.recentAlignmentScores;
+  }
   /**
    * Side-effect-free pre-execution gate: evaluate an event and fire pre_execution
    * hooks WITHOUT running processEvent's full pipeline.
@@ -3022,7 +3125,7 @@ var SentinelRunner = class {
     if (role) {
       this.validator = new RoleValidator(
         role,
-        new TargetSensitivityScorer(),
+        this._sensitivityScorer ?? new TargetSensitivityScorer(),
         this._validatorOptions
       );
     }
@@ -3290,7 +3393,7 @@ var SentinelRunner = class {
     const { type } = this.adapterConfig;
     if (type === "manual") return;
     if (type === "log") {
-      const { LogAdapter } = await import("./logAdapter-IB6ZDEV2.js");
+      const { LogAdapter } = await import("./logAdapter-WM43W3S7.js");
       const logPath = this.adapterConfig.logPath;
       if (!logPath) {
         throw new Error(`SentinelRunner: logPath is required for adapter type "log"`);
@@ -3308,7 +3411,7 @@ var SentinelRunner = class {
         }).catch((err) => console.warn(`SentinelRunner processEvent error: ${err}`));
       });
     } else if (type === "mcp") {
-      const { McpAdapter } = await import("./mcpAdapter-R47GX2P3.js");
+      const { McpAdapter } = await import("./mcpAdapter-WYAXUE7T.js");
       this.adapter = new McpAdapter(this.agentId, this.agentId, {
         logDir: this.adapterConfig.mcpLogDir,
         pollIntervalMs: this.adapterConfig.pollIntervalMs
@@ -3438,6 +3541,9 @@ var SentinelManager = class {
     if (options?.validatorOptions) {
       runner.setRoleValidatorOptions(options.validatorOptions);
     }
+    if (options?.sensitivityScorer) {
+      runner.setSensitivityScorer(options.sensitivityScorer);
+    }
     await runner.start();
     return runner;
   }
@@ -3738,9 +3844,11 @@ var AlertManager = class {
     const topLevelMinKind = this.config.minKind ?? "actionable";
     const findingKindRank = KIND_ORDER[finding.kind] ?? KIND_ORDER.actionable;
     const isConvergedSoftSignal = finding.softSignal === true;
+    let routed = false;
     for (const channel of this.config.channels) {
       const channelMinKind = channel.minKind ?? topLevelMinKind;
       if (!isConvergedSoftSignal && findingKindRank < KIND_ORDER[channelMinKind]) continue;
+      routed = true;
       try {
         if (channel.type === "console") {
           await this.sendConsole(finding);
@@ -3753,7 +3861,9 @@ var AlertManager = class {
         console.warn(`Alert channel "${channel.name}" failed:`, err);
       }
     }
-    this.recentAlerts.set(dedupeKey, Date.now());
+    if (routed) {
+      this.recentAlerts.set(dedupeKey, Date.now());
+    }
   }
   clearDedupeCache() {
     this.recentAlerts.clear();
@@ -5657,7 +5767,7 @@ var HookEngine = class {
       candidate = { kind: "allow" };
       selectedRegistration = null;
     }
-    if (evaluationResult && candidate.kind === "guide" && evaluationResult.findings.some(
+    if (checkpoint === "pre_execution" && evaluationResult && candidate.kind === "guide" && evaluationResult.findings.some(
       (f) => (f.severity === "HIGH" || f.severity === "CRITICAL") && f.kind === "actionable"
     )) {
       const severityRank = { LOW: 0, MEDIUM: 1, HIGH: 2, CRITICAL: 3 };
@@ -5680,7 +5790,7 @@ var HookEngine = class {
         finding: blockingFinding
       };
     }
-    if (candidate.kind === "allow" && evaluationResult && evaluationResult.findings.some(
+    if (checkpoint === "pre_execution" && candidate.kind === "allow" && evaluationResult && evaluationResult.findings.some(
       (f) => (f.severity === "HIGH" || f.severity === "CRITICAL") && f.kind === "actionable"
     )) {
       const severityRank = { LOW: 0, MEDIUM: 1, HIGH: 2, CRITICAL: 3 };
@@ -5926,8 +6036,8 @@ var Sentinel = class _Sentinel {
     this.manager = new SentinelManager(this.profileManager);
     this.sensitivityScorer = new TargetSensitivityScorer();
     this.environment = config?.environment ?? "development";
-    this.restrictThreshold = config?.enforcement?.restrictAfter ?? 2;
-    this.quarantineThreshold = config?.enforcement?.quarantineAfter ?? 3;
+    this.restrictThreshold = config?.enforcement?.restrictAfter ?? DEFAULT_RESTRICT_AFTER;
+    this.quarantineThreshold = config?.enforcement?.quarantineAfter ?? DEFAULT_QUARANTINE_AFTER;
     this.enablePreExecutionHooks = config?.enablePreExecutionHooks ?? false;
     this.promoteSet = new Set(config?.enforcement?.promote ?? []);
     this.maturityConfig = config?.enforcement?.baselineMaturity;
@@ -6167,10 +6277,18 @@ var Sentinel = class _Sentinel {
     );
   }
   async logModeChange(agentId, mode, reason, previousMode) {
-    const runner = this.manager.getRunner(agentId);
-    const trail = runner?.getAuditTrail();
-    if (!trail) return;
-    await trail.logModeChange(mode, reason, previousMode);
+    const liveTrail = this.manager.getRunner(agentId)?.getAuditTrail();
+    if (liveTrail) {
+      await liveTrail.logModeChange(mode, reason, previousMode);
+      return;
+    }
+    const trail = new AuditTrail(agentId, { logDir: `${this.agentsDir}/${agentId}` });
+    await trail.open();
+    try {
+      await trail.logModeChange(mode, reason, previousMode);
+    } finally {
+      await trail.close();
+    }
   }
   async stopAgent(agentId, reason) {
     const { mkdir, writeFile } = await import("fs/promises");
@@ -6277,7 +6395,10 @@ var Sentinel = class _Sentinel {
       const engine = runner.getSimilarityEngine();
       const alignment = engine.computeAlignment(activeTask, event);
       if (!alignment.aligned && !alignment.bypassed) {
-        const severity = alignment.score < 0.1 ? "CRITICAL" : alignment.score < 0.2 ? "HIGH" : "MEDIUM";
+        const projectedWindow = [...runner.getRecentAlignmentScores(), alignment.score].slice(
+          -DRIFT_WINDOW_SIZE
+        );
+        const { severity } = computeDriftSeverity(alignment.score, projectedWindow);
         return {
           severity,
           kind: "informational",
@@ -6402,7 +6523,10 @@ var Sentinel = class _Sentinel {
       // Approach-1 anchoring: give the runner's processEvent validator the SAME
       // workspaceRoot check() uses (this._workspaceRoot), supplied BEFORE start()
       // builds it — otherwise it logs phantom scope_violations on legit reads.
-      validatorOptions: { workspaceRoot: this._workspaceRoot }
+      validatorOptions: { workspaceRoot: this._workspaceRoot },
+      // Share the facade's overlay/repo-map-aware scorer so record() scores
+      // sensitivity identically to check() (same live instance).
+      sensitivityScorer: this.sensitivityScorer
     });
     this.wireRunner(runner);
     await this.enableAuditSigning(runner, agentId);
@@ -6493,7 +6617,8 @@ var Sentinel = class _Sentinel {
       // Approach-1 anchoring: same workspaceRoot as check() (this._workspaceRoot),
       // supplied BEFORE start() builds the runner's validator. This is the live
       // gateway path (fromPolicy → monitor).
-      validatorOptions: { workspaceRoot: this._workspaceRoot }
+      validatorOptions: { workspaceRoot: this._workspaceRoot },
+      sensitivityScorer: this.sensitivityScorer
     });
     this.wireRunner(runner);
     await this.enableAuditSigning(runner, agentId);
@@ -6556,7 +6681,8 @@ var Sentinel = class _Sentinel {
     await this.profileManager.saveRole(agentId, role);
     const runner = await this.manager.getOrCreateAgent(agentId, void 0, {
       auditLogDir: this.agentsDir,
-      validatorOptions: { workspaceRoot: options.workspaceRoot, approvalFn: () => true }
+      validatorOptions: { workspaceRoot: options.workspaceRoot, approvalFn: () => true },
+      sensitivityScorer: this.sensitivityScorer
     });
     this.wireRunner(runner, options.workspaceRoot);
     await this.enableAuditSigning(runner, agentId);
@@ -6617,9 +6743,7 @@ var Sentinel = class _Sentinel {
       workspaceRoot,
       exceptions: role.exceptions,
       networkHosts: role.networkHosts,
-      expectedSchedule: role.expectedSchedule,
-      maxEventsPerHour: role.maxEventsPerHour,
-      maxSessionDuration: role.maxSessionDuration
+      expectedSchedule: role.expectedSchedule
     });
     if (policy.enforcement?.approvalRequired) {
       sentinel.onApprovalRequired(createCliApproval());
@@ -6755,7 +6879,16 @@ var Sentinel = class _Sentinel {
     const recordOpts = this.enablePreExecutionHooks ? { _skipPreHooks: true } : void 0;
     const modeResult = await this.enforceMode(agentId, fullEvent);
     if (modeResult && modeResult.finding) {
-      await this._recordInternal({ ...fullEvent, authorized: false }, recordOpts);
+      const recordResult = await this._recordInternal(
+        { ...fullEvent, authorized: false },
+        recordOpts
+      );
+      const alreadyCounted = recordResult.findings.some(
+        (f) => _Sentinel.isEscalationEligible(f) && f.mentionOnly !== true
+      );
+      if (!alreadyCounted) {
+        await this.logFinding(agentId, modeResult.finding);
+      }
       await this.maybeEscalate(agentId, modeResult.finding);
       return { blocked: true, finding: modeResult.finding, result: void 0 };
     }
@@ -7485,4 +7618,4 @@ export {
   createCliApproval,
   Sentinel
 };
-//# sourceMappingURL=chunk-SSDIBY52.js.map
+//# sourceMappingURL=chunk-7R6EA7JG.js.map