npm - @usejarvis/brain - Versions diffs - 0.1.0 - Mend

@usejarvis/brain 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (266) hide show

package/LICENSE +153 -0
package/README.md +278 -0
package/bin/jarvis.ts +413 -0
package/package.json +74 -0
package/scripts/ensure-bun.cjs +8 -0
package/src/actions/README.md +421 -0
package/src/actions/app-control/desktop-controller.test.ts +26 -0
package/src/actions/app-control/desktop-controller.ts +438 -0
package/src/actions/app-control/interface.ts +64 -0
package/src/actions/app-control/linux.ts +273 -0
package/src/actions/app-control/macos.ts +54 -0
package/src/actions/app-control/sidecar-launcher.test.ts +23 -0
package/src/actions/app-control/sidecar-launcher.ts +286 -0
package/src/actions/app-control/windows.ts +44 -0
package/src/actions/browser/cdp.ts +138 -0
package/src/actions/browser/chrome-launcher.ts +252 -0
package/src/actions/browser/session.ts +437 -0
package/src/actions/browser/stealth.ts +49 -0
package/src/actions/index.ts +20 -0
package/src/actions/terminal/executor.ts +157 -0
package/src/actions/terminal/wsl-bridge.ts +126 -0
package/src/actions/test.ts +93 -0
package/src/actions/tools/agents.ts +321 -0
package/src/actions/tools/builtin.ts +846 -0
package/src/actions/tools/commitments.ts +192 -0
package/src/actions/tools/content.ts +217 -0
package/src/actions/tools/delegate.ts +147 -0
package/src/actions/tools/desktop.test.ts +55 -0
package/src/actions/tools/desktop.ts +305 -0
package/src/actions/tools/goals.ts +376 -0
package/src/actions/tools/local-tools-guard.ts +20 -0
package/src/actions/tools/registry.ts +171 -0
package/src/actions/tools/research.ts +111 -0
package/src/actions/tools/sidecar-list.ts +57 -0
package/src/actions/tools/sidecar-route.ts +105 -0
package/src/actions/tools/workflows.ts +216 -0
package/src/agents/agent.ts +132 -0
package/src/agents/delegation.ts +107 -0
package/src/agents/hierarchy.ts +113 -0
package/src/agents/index.ts +19 -0
package/src/agents/messaging.ts +125 -0
package/src/agents/orchestrator.ts +576 -0
package/src/agents/role-discovery.ts +61 -0
package/src/agents/sub-agent-runner.ts +307 -0
package/src/agents/task-manager.ts +151 -0
package/src/authority/approval-delivery.ts +59 -0
package/src/authority/approval.ts +196 -0
package/src/authority/audit.ts +158 -0
package/src/authority/authority.test.ts +519 -0
package/src/authority/deferred-executor.ts +103 -0
package/src/authority/emergency.ts +66 -0
package/src/authority/engine.ts +297 -0
package/src/authority/index.ts +12 -0
package/src/authority/learning.ts +111 -0
package/src/authority/tool-action-map.ts +74 -0
package/src/awareness/analytics.ts +466 -0
package/src/awareness/awareness.test.ts +332 -0
package/src/awareness/capture-engine.ts +305 -0
package/src/awareness/context-graph.ts +130 -0
package/src/awareness/context-tracker.ts +349 -0
package/src/awareness/index.ts +25 -0
package/src/awareness/intelligence.ts +321 -0
package/src/awareness/ocr-engine.ts +88 -0
package/src/awareness/service.ts +528 -0
package/src/awareness/struggle-detector.ts +342 -0
package/src/awareness/suggestion-engine.ts +476 -0
package/src/awareness/types.ts +201 -0
package/src/cli/autostart.ts +241 -0
package/src/cli/deps.ts +449 -0
package/src/cli/doctor.ts +230 -0
package/src/cli/helpers.ts +401 -0
package/src/cli/onboard.ts +580 -0
package/src/comms/README.md +329 -0
package/src/comms/auth-error.html +48 -0
package/src/comms/channels/discord.ts +228 -0
package/src/comms/channels/signal.ts +56 -0
package/src/comms/channels/telegram.ts +316 -0
package/src/comms/channels/whatsapp.ts +60 -0
package/src/comms/channels.test.ts +173 -0
package/src/comms/desktop-notify.ts +114 -0
package/src/comms/example.ts +129 -0
package/src/comms/index.ts +129 -0
package/src/comms/streaming.ts +142 -0
package/src/comms/voice.test.ts +152 -0
package/src/comms/voice.ts +291 -0
package/src/comms/websocket.test.ts +409 -0
package/src/comms/websocket.ts +473 -0
package/src/config/README.md +387 -0
package/src/config/index.ts +6 -0
package/src/config/loader.test.ts +137 -0
package/src/config/loader.ts +142 -0
package/src/config/types.ts +260 -0
package/src/daemon/README.md +232 -0
package/src/daemon/agent-service-interface.ts +9 -0
package/src/daemon/agent-service.ts +600 -0
package/src/daemon/api-routes.ts +2119 -0
package/src/daemon/background-agent-service.ts +396 -0
package/src/daemon/background-agent.test.ts +78 -0
package/src/daemon/channel-service.ts +201 -0
package/src/daemon/commitment-executor.ts +297 -0
package/src/daemon/event-classifier.ts +239 -0
package/src/daemon/event-coalescer.ts +123 -0
package/src/daemon/event-reactor.ts +214 -0
package/src/daemon/health.ts +220 -0
package/src/daemon/index.ts +1004 -0
package/src/daemon/llm-settings.ts +316 -0
package/src/daemon/observer-service.ts +150 -0
package/src/daemon/pid.ts +98 -0
package/src/daemon/research-queue.ts +155 -0
package/src/daemon/services.ts +175 -0
package/src/daemon/ws-service.ts +788 -0
package/src/goals/accountability.ts +240 -0
package/src/goals/awareness-bridge.ts +185 -0
package/src/goals/estimator.ts +185 -0
package/src/goals/events.ts +28 -0
package/src/goals/goals.test.ts +400 -0
package/src/goals/integration.test.ts +329 -0
package/src/goals/nl-builder.test.ts +220 -0
package/src/goals/nl-builder.ts +256 -0
package/src/goals/rhythm.test.ts +177 -0
package/src/goals/rhythm.ts +275 -0
package/src/goals/service.test.ts +135 -0
package/src/goals/service.ts +348 -0
package/src/goals/types.ts +106 -0
package/src/goals/workflow-bridge.ts +96 -0
package/src/integrations/google-api.ts +134 -0
package/src/integrations/google-auth.ts +175 -0
package/src/llm/README.md +291 -0
package/src/llm/anthropic.ts +386 -0
package/src/llm/gemini.ts +371 -0
package/src/llm/index.ts +19 -0
package/src/llm/manager.ts +153 -0
package/src/llm/ollama.ts +307 -0
package/src/llm/openai.ts +350 -0
package/src/llm/provider.test.ts +231 -0
package/src/llm/provider.ts +60 -0
package/src/llm/test.ts +87 -0
package/src/observers/README.md +278 -0
package/src/observers/calendar.ts +113 -0
package/src/observers/clipboard.ts +136 -0
package/src/observers/email.ts +109 -0
package/src/observers/example.ts +58 -0
package/src/observers/file-watcher.ts +124 -0
package/src/observers/index.ts +159 -0
package/src/observers/notifications.ts +197 -0
package/src/observers/observers.test.ts +203 -0
package/src/observers/processes.ts +225 -0
package/src/personality/README.md +61 -0
package/src/personality/adapter.ts +196 -0
package/src/personality/index.ts +20 -0
package/src/personality/learner.ts +209 -0
package/src/personality/model.ts +132 -0
package/src/personality/personality.test.ts +236 -0
package/src/roles/README.md +252 -0
package/src/roles/authority.ts +119 -0
package/src/roles/example-usage.ts +198 -0
package/src/roles/index.ts +42 -0
package/src/roles/loader.ts +143 -0
package/src/roles/prompt-builder.ts +194 -0
package/src/roles/test-multi.ts +102 -0
package/src/roles/test-role.yaml +77 -0
package/src/roles/test-utils.ts +93 -0
package/src/roles/test.ts +106 -0
package/src/roles/tool-guide.ts +190 -0
package/src/roles/types.ts +36 -0
package/src/roles/utils.ts +200 -0
package/src/scripts/google-setup.ts +168 -0
package/src/sidecar/connection.ts +179 -0
package/src/sidecar/index.ts +6 -0
package/src/sidecar/manager.ts +542 -0
package/src/sidecar/protocol.ts +85 -0
package/src/sidecar/rpc.ts +161 -0
package/src/sidecar/scheduler.ts +136 -0
package/src/sidecar/types.ts +112 -0
package/src/sidecar/validator.ts +144 -0
package/src/vault/README.md +110 -0
package/src/vault/awareness.ts +341 -0
package/src/vault/commitments.ts +299 -0
package/src/vault/content-pipeline.ts +260 -0
package/src/vault/conversations.ts +173 -0
package/src/vault/entities.ts +180 -0
package/src/vault/extractor.test.ts +356 -0
package/src/vault/extractor.ts +345 -0
package/src/vault/facts.ts +190 -0
package/src/vault/goals.ts +477 -0
package/src/vault/index.ts +87 -0
package/src/vault/keychain.ts +99 -0
package/src/vault/observations.ts +115 -0
package/src/vault/relationships.ts +178 -0
package/src/vault/retrieval.test.ts +126 -0
package/src/vault/retrieval.ts +227 -0
package/src/vault/schema.ts +658 -0
package/src/vault/settings.ts +38 -0
package/src/vault/vectors.ts +92 -0
package/src/vault/workflows.ts +403 -0
package/src/workflows/auto-suggest.ts +290 -0
package/src/workflows/engine.ts +366 -0
package/src/workflows/events.ts +24 -0
package/src/workflows/executor.ts +207 -0
package/src/workflows/nl-builder.ts +198 -0
package/src/workflows/nodes/actions/agent-task.ts +73 -0
package/src/workflows/nodes/actions/calendar-action.ts +85 -0
package/src/workflows/nodes/actions/code-execution.ts +73 -0
package/src/workflows/nodes/actions/discord.ts +77 -0
package/src/workflows/nodes/actions/file-write.ts +73 -0
package/src/workflows/nodes/actions/gmail.ts +69 -0
package/src/workflows/nodes/actions/http-request.ts +117 -0
package/src/workflows/nodes/actions/notification.ts +85 -0
package/src/workflows/nodes/actions/run-tool.ts +55 -0
package/src/workflows/nodes/actions/send-message.ts +82 -0
package/src/workflows/nodes/actions/shell-command.ts +76 -0
package/src/workflows/nodes/actions/telegram.ts +60 -0
package/src/workflows/nodes/builtin.ts +119 -0
package/src/workflows/nodes/error/error-handler.ts +37 -0
package/src/workflows/nodes/error/fallback.ts +47 -0
package/src/workflows/nodes/error/retry.ts +82 -0
package/src/workflows/nodes/logic/delay.ts +42 -0
package/src/workflows/nodes/logic/if-else.ts +41 -0
package/src/workflows/nodes/logic/loop.ts +90 -0
package/src/workflows/nodes/logic/merge.ts +38 -0
package/src/workflows/nodes/logic/race.ts +40 -0
package/src/workflows/nodes/logic/switch.ts +59 -0
package/src/workflows/nodes/logic/template-render.ts +53 -0
package/src/workflows/nodes/logic/variable-get.ts +37 -0
package/src/workflows/nodes/logic/variable-set.ts +59 -0
package/src/workflows/nodes/registry.ts +99 -0
package/src/workflows/nodes/transform/aggregate.ts +99 -0
package/src/workflows/nodes/transform/csv-parse.ts +70 -0
package/src/workflows/nodes/transform/json-parse.ts +63 -0
package/src/workflows/nodes/transform/map-filter.ts +84 -0
package/src/workflows/nodes/transform/regex-match.ts +89 -0
package/src/workflows/nodes/triggers/calendar.ts +33 -0
package/src/workflows/nodes/triggers/clipboard.ts +32 -0
package/src/workflows/nodes/triggers/cron.ts +40 -0
package/src/workflows/nodes/triggers/email.ts +40 -0
package/src/workflows/nodes/triggers/file-change.ts +45 -0
package/src/workflows/nodes/triggers/git.ts +46 -0
package/src/workflows/nodes/triggers/manual.ts +23 -0
package/src/workflows/nodes/triggers/poll.ts +81 -0
package/src/workflows/nodes/triggers/process.ts +44 -0
package/src/workflows/nodes/triggers/screen-event.ts +37 -0
package/src/workflows/nodes/triggers/webhook.ts +39 -0
package/src/workflows/safe-eval.ts +139 -0
package/src/workflows/template.ts +118 -0
package/src/workflows/triggers/cron.ts +311 -0
package/src/workflows/triggers/manager.ts +285 -0
package/src/workflows/triggers/observer-bridge.ts +172 -0
package/src/workflows/triggers/poller.ts +201 -0
package/src/workflows/triggers/screen-condition.ts +218 -0
package/src/workflows/triggers/triggers.test.ts +740 -0
package/src/workflows/triggers/webhook.ts +191 -0
package/src/workflows/types.ts +133 -0
package/src/workflows/variables.ts +72 -0
package/src/workflows/workflows.test.ts +383 -0
package/src/workflows/yaml.ts +104 -0
package/ui/dist/index-j75njzc1.css +1199 -0
package/ui/dist/index-p2zh407q.js +80603 -0
package/ui/dist/index.html +13 -0
package/ui/public/openwakeword/models/embedding_model.onnx +0 -0
package/ui/public/openwakeword/models/hey_jarvis_v0.1.onnx +0 -0
package/ui/public/openwakeword/models/melspectrogram.onnx +0 -0
package/ui/public/openwakeword/models/silero_vad.onnx +0 -0
package/ui/public/ort/ort-wasm-simd-threaded.jsep.mjs +106 -0
package/ui/public/ort/ort-wasm-simd-threaded.jsep.wasm +0 -0
package/ui/public/ort/ort-wasm-simd-threaded.mjs +59 -0
package/ui/public/ort/ort-wasm-simd-threaded.wasm +0 -0

package/src/authority/audit.ts ADDED Viewed

@@ -0,0 +1,158 @@
+/**
+ * Audit Trail — Logs every tool execution decision for review.
+ */
+import { getDb, generateId } from '../vault/schema.ts';
+import type { ActionCategory } from '../roles/authority.ts';
+export type AuthorityDecisionType = 'allowed' | 'denied' | 'approval_required';
+export type AuditEntry = {
+  id: string;
+  agent_id: string;
+  agent_name: string;
+  tool_name: string;
+  action_category: ActionCategory;
+  authority_decision: AuthorityDecisionType;
+  approval_id: string | null;
+  executed: number; // 0 or 1
+  execution_time_ms: number | null;
+  created_at: number;
+};
+export class AuditTrail {
+  /**
+   * Log a tool execution decision.
+   */
+  log(entry: {
+    agent_id: string;
+    agent_name: string;
+    tool_name: string;
+    action_category: ActionCategory;
+    authority_decision: AuthorityDecisionType;
+    approval_id?: string | null;
+    executed: boolean;
+    execution_time_ms?: number | null;
+  }): AuditEntry {
+    const db = getDb();
+    const id = generateId();
+    const now = Date.now();
+    db.run(
+      `INSERT INTO audit_trail (id, agent_id, agent_name, tool_name, action_category, authority_decision, approval_id, executed, execution_time_ms, created_at)
+       VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,
+      [
+        id,
+        entry.agent_id,
+        entry.agent_name,
+        entry.tool_name,
+        entry.action_category,
+        entry.authority_decision,
+        entry.approval_id ?? null,
+        entry.executed ? 1 : 0,
+        entry.execution_time_ms ?? null,
+        now,
+      ]
+    );
+    return {
+      id,
+      agent_id: entry.agent_id,
+      agent_name: entry.agent_name,
+      tool_name: entry.tool_name,
+      action_category: entry.action_category as ActionCategory,
+      authority_decision: entry.authority_decision,
+      approval_id: entry.approval_id ?? null,
+      executed: entry.executed ? 1 : 0,
+      execution_time_ms: entry.execution_time_ms ?? null,
+      created_at: now,
+    };
+  }
+  /**
+   * Query audit entries with filters.
+   */
+  query(filters?: {
+    agentId?: string;
+    action?: ActionCategory;
+    tool?: string;
+    decision?: AuthorityDecisionType;
+    since?: number;
+    limit?: number;
+  }): AuditEntry[] {
+    const db = getDb();
+    const conditions: string[] = [];
+    const values: unknown[] = [];
+    if (filters?.agentId) {
+      conditions.push('agent_id = ?');
+      values.push(filters.agentId);
+    }
+    if (filters?.action) {
+      conditions.push('action_category = ?');
+      values.push(filters.action);
+    }
+    if (filters?.tool) {
+      conditions.push('tool_name = ?');
+      values.push(filters.tool);
+    }
+    if (filters?.decision) {
+      conditions.push('authority_decision = ?');
+      values.push(filters.decision);
+    }
+    if (filters?.since) {
+      conditions.push('created_at >= ?');
+      values.push(filters.since);
+    }
+    const where = conditions.length > 0 ? `WHERE ${conditions.join(' AND ')}` : '';
+    const limit = filters?.limit ?? 100;
+    return db.query(
+      `SELECT * FROM audit_trail ${where} ORDER BY created_at DESC LIMIT ?`
+    ).all(...[...values, limit] as any[]) as AuditEntry[];
+  }
+  /**
+   * Get aggregate statistics.
+   */
+  getStats(since?: number): {
+    total: number;
+    allowed: number;
+    denied: number;
+    approvalRequired: number;
+    byCategory: Record<string, number>;
+  } {
+    const db = getDb();
+    const sinceClause = since ? `WHERE created_at >= ${since}` : '';
+    const totals = db.query(
+      `SELECT authority_decision, COUNT(*) as count FROM audit_trail ${sinceClause} GROUP BY authority_decision`
+    ).all() as { authority_decision: string; count: number }[];
+    const categories = db.query(
+      `SELECT action_category, COUNT(*) as count FROM audit_trail ${sinceClause} GROUP BY action_category`
+    ).all() as { action_category: string; count: number }[];
+    const stats = {
+      total: 0,
+      allowed: 0,
+      denied: 0,
+      approvalRequired: 0,
+      byCategory: {} as Record<string, number>,
+    };
+    for (const row of totals) {
+      stats.total += row.count;
+      if (row.authority_decision === 'allowed') stats.allowed = row.count;
+      if (row.authority_decision === 'denied') stats.denied = row.count;
+      if (row.authority_decision === 'approval_required') stats.approvalRequired = row.count;
+    }
+    for (const row of categories) {
+      stats.byCategory[row.action_category] = row.count;
+    }
+    return stats;
+  }
+}

package/src/authority/authority.test.ts ADDED Viewed

@@ -0,0 +1,519 @@
+import { test, expect, describe, beforeEach } from 'bun:test';
+import { initDatabase, closeDb, getDb } from '../vault/schema.ts';
+import { AuthorityEngine, type AuthorityConfig } from './engine.ts';
+import { ApprovalManager } from './approval.ts';
+import { AuditTrail } from './audit.ts';
+import { AuthorityLearner } from './learning.ts';
+import { EmergencyController } from './emergency.ts';
+import { getActionForTool } from './tool-action-map.ts';
+import type { ActionCategory } from '../roles/authority.ts';
+function makeConfig(overrides?: Partial<AuthorityConfig>): AuthorityConfig {
+  return {
+    default_level: 3,
+    governed_categories: ['send_email', 'send_message', 'make_payment'],
+    overrides: [],
+    context_rules: [],
+    learning: { enabled: true, suggest_threshold: 5 },
+    emergency_state: 'normal',
+    ...overrides,
+  };
+}
+function makeCheckParams(overrides?: Partial<Parameters<AuthorityEngine['checkAuthority']>[0]>) {
+  return {
+    agentId: 'agent-1',
+    agentAuthorityLevel: 5,
+    agentRoleId: 'personal-assistant',
+    toolName: 'browser_navigate',
+    toolCategory: 'browser',
+    actionCategory: 'access_browser' as ActionCategory,
+    temporaryGrants: new Map<string, ActionCategory[]>(),
+    ...overrides,
+  };
+}
+// --- AuthorityEngine ---
+describe('AuthorityEngine', () => {
+  test('allows action when level meets requirement', () => {
+    const engine = new AuthorityEngine(makeConfig());
+    const decision = engine.checkAuthority(makeCheckParams({
+      agentAuthorityLevel: 5,
+      actionCategory: 'access_browser', // requires 5
+    }));
+    expect(decision.allowed).toBe(true);
+    expect(decision.requiresApproval).toBe(false);
+  });
+  test('denies action when level is below requirement', () => {
+    const engine = new AuthorityEngine(makeConfig());
+    const decision = engine.checkAuthority(makeCheckParams({
+      agentAuthorityLevel: 4,
+      actionCategory: 'execute_command', // requires 5
+    }));
+    expect(decision.allowed).toBe(false);
+  });
+  test('requires approval for governed categories', () => {
+    const engine = new AuthorityEngine(makeConfig());
+    const decision = engine.checkAuthority(makeCheckParams({
+      agentAuthorityLevel: 7,
+      actionCategory: 'send_email', // requires 7, governed
+    }));
+    expect(decision.allowed).toBe(true);
+    expect(decision.requiresApproval).toBe(true);
+  });
+  test('does not require approval for non-governed categories', () => {
+    const engine = new AuthorityEngine(makeConfig());
+    const decision = engine.checkAuthority(makeCheckParams({
+      agentAuthorityLevel: 5,
+      actionCategory: 'access_browser', // not governed
+    }));
+    expect(decision.requiresApproval).toBe(false);
+  });
+  test('per-action override: explicit deny', () => {
+    const engine = new AuthorityEngine(makeConfig({
+      overrides: [{ action: 'access_browser', allowed: false }],
+    }));
+    const decision = engine.checkAuthority(makeCheckParams({
+      agentAuthorityLevel: 10, // would normally allow
+    }));
+    expect(decision.allowed).toBe(false);
+  });
+  test('per-action override: explicit allow with approval', () => {
+    const engine = new AuthorityEngine(makeConfig({
+      overrides: [{ action: 'send_email', role_id: 'personal-assistant', allowed: true, requires_approval: true }],
+    }));
+    const decision = engine.checkAuthority(makeCheckParams({
+      agentAuthorityLevel: 7,
+      actionCategory: 'send_email',
+    }));
+    expect(decision.allowed).toBe(true);
+    expect(decision.requiresApproval).toBe(true);
+  });
+  test('per-action override: explicit allow without approval', () => {
+    const engine = new AuthorityEngine(makeConfig({
+      overrides: [{ action: 'send_email', allowed: true }],
+    }));
+    const decision = engine.checkAuthority(makeCheckParams({
+      agentAuthorityLevel: 7,
+      actionCategory: 'send_email',
+    }));
+    expect(decision.allowed).toBe(true);
+    expect(decision.requiresApproval).toBe(false);
+  });
+  test('role-specific override takes priority over global', () => {
+    const engine = new AuthorityEngine(makeConfig({
+      overrides: [
+        { action: 'send_email', allowed: false }, // global: deny
+        { action: 'send_email', role_id: 'personal-assistant', allowed: true }, // role: allow
+      ],
+    }));
+    const decision = engine.checkAuthority(makeCheckParams({
+      agentAuthorityLevel: 7,
+      actionCategory: 'send_email',
+    }));
+    expect(decision.allowed).toBe(true);
+  });
+  test('temporary grants override everything', () => {
+    const engine = new AuthorityEngine(makeConfig({
+      overrides: [{ action: 'make_payment', allowed: false }], // Explicitly denied
+    }));
+    const grants = new Map<string, ActionCategory[]>();
+    grants.set('agent-1', ['make_payment']);
+    const decision = engine.checkAuthority(makeCheckParams({
+      agentAuthorityLevel: 1, // Way below requirement
+      actionCategory: 'make_payment',
+      temporaryGrants: grants,
+    }));
+    expect(decision.allowed).toBe(true);
+    expect(decision.requiresApproval).toBe(false);
+  });
+  test('context rule: time_range', () => {
+    const now = new Date();
+    const engine = new AuthorityEngine(makeConfig({
+      context_rules: [{
+        id: 'no-email-at-night',
+        action: 'send_email',
+        condition: 'time_range',
+        params: { start_hour: now.getHours(), end_hour: now.getHours() + 1 },
+        effect: 'deny',
+        description: 'No emails during current hour',
+      }],
+    }));
+    const decision = engine.checkAuthority(makeCheckParams({
+      agentAuthorityLevel: 7,
+      actionCategory: 'send_email',
+    }));
+    expect(decision.allowed).toBe(false);
+    expect(decision.contextRule).toBe('no-email-at-night');
+  });
+  test('context rule: tool_name', () => {
+    const engine = new AuthorityEngine(makeConfig({
+      context_rules: [{
+        id: 'no-delete-command',
+        action: 'execute_command',
+        condition: 'tool_name',
+        params: { tool_name: 'run_command' },
+        effect: 'require_approval',
+        description: 'Shell commands need approval',
+      }],
+    }));
+    const decision = engine.checkAuthority(makeCheckParams({
+      agentAuthorityLevel: 5,
+      toolName: 'run_command',
+      actionCategory: 'execute_command',
+    }));
+    expect(decision.allowed).toBe(true);
+    expect(decision.requiresApproval).toBe(true);
+  });
+  test('describeRulesForAgent returns readable text', () => {
+    const engine = new AuthorityEngine(makeConfig());
+    const rules = engine.describeRulesForAgent(5, 'personal-assistant');
+    expect(rules).toContain('authority level: 5/10');
+    expect(rules).toContain('send_email');
+    expect(rules).toContain('make_payment');
+  });
+  test('all 13 action categories are checkable', () => {
+    const engine = new AuthorityEngine(makeConfig({ governed_categories: [] }));
+    const categories: ActionCategory[] = [
+      'read_data', 'write_data', 'delete_data',
+      'send_message', 'send_email',
+      'execute_command', 'install_software',
+      'make_payment', 'modify_settings',
+      'spawn_agent', 'terminate_agent',
+      'access_browser', 'control_app',
+    ];
+    for (const cat of categories) {
+      const decision = engine.checkAuthority(makeCheckParams({
+        agentAuthorityLevel: 10,
+        actionCategory: cat,
+      }));
+      expect(decision.allowed).toBe(true);
+    }
+  });
+});
+// --- Tool Action Map ---
+describe('getActionForTool', () => {
+  test('maps known tools by name', () => {
+    expect(getActionForTool('run_command', 'terminal')).toBe('execute_command');
+    expect(getActionForTool('read_file', 'file-ops')).toBe('read_data');
+    expect(getActionForTool('write_file', 'file-ops')).toBe('write_data');
+    expect(getActionForTool('browser_navigate', 'browser')).toBe('access_browser');
+    expect(getActionForTool('desktop_click', 'desktop')).toBe('control_app');
+    expect(getActionForTool('delegate_task', 'delegation')).toBe('spawn_agent');
+  });
+  test('falls back to category map for unknown tools', () => {
+    expect(getActionForTool('some_browser_tool', 'browser')).toBe('access_browser');
+    expect(getActionForTool('some_terminal_tool', 'terminal')).toBe('execute_command');
+  });
+  test('defaults to read_data for completely unknown tools', () => {
+    expect(getActionForTool('unknown_tool', 'unknown_category')).toBe('read_data');
+  });
+});
+// --- EmergencyController ---
+describe('EmergencyController', () => {
+  test('starts in normal state', () => {
+    const ec = new EmergencyController();
+    expect(ec.getState()).toBe('normal');
+    expect(ec.canExecute()).toBe(true);
+  });
+  test('pause blocks execution', () => {
+    const ec = new EmergencyController();
+    ec.pause();
+    expect(ec.getState()).toBe('paused');
+    expect(ec.canExecute()).toBe(false);
+  });
+  test('resume restores execution', () => {
+    const ec = new EmergencyController();
+    ec.pause();
+    ec.resume();
+    expect(ec.getState()).toBe('normal');
+    expect(ec.canExecute()).toBe(true);
+  });
+  test('kill blocks execution', () => {
+    const ec = new EmergencyController();
+    ec.kill();
+    expect(ec.getState()).toBe('killed');
+    expect(ec.canExecute()).toBe(false);
+  });
+  test('cannot pause from killed state', () => {
+    const ec = new EmergencyController();
+    ec.kill();
+    ec.pause();
+    expect(ec.getState()).toBe('killed');
+  });
+  test('reset restores from killed', () => {
+    const ec = new EmergencyController();
+    ec.kill();
+    ec.reset();
+    expect(ec.getState()).toBe('normal');
+    expect(ec.canExecute()).toBe(true);
+  });
+  test('fires state change callback', () => {
+    const ec = new EmergencyController();
+    const states: string[] = [];
+    ec.setStateChangeCallback(s => states.push(s));
+    ec.pause();
+    ec.resume();
+    expect(states).toEqual(['paused', 'normal']);
+  });
+});
+// --- ApprovalManager (requires DB) ---
+describe('ApprovalManager', () => {
+  beforeEach(() => {
+    initDatabase(':memory:');
+  });
+  test('creates and retrieves approval request', () => {
+    const mgr = new ApprovalManager();
+    const req = mgr.createRequest({
+      agentId: 'agent-1',
+      agentName: 'Personal Assistant',
+      toolName: 'send_email',
+      toolArguments: { to: 'test@example.com', subject: 'hi' },
+      actionCategory: 'send_email',
+      urgency: 'urgent',
+      reason: 'Governed action',
+      context: 'User asked to send email',
+    });
+    expect(req.id).toBeTruthy();
+    expect(req.status).toBe('pending');
+    expect(req.urgency).toBe('urgent');
+    const retrieved = mgr.getRequest(req.id);
+    expect(retrieved).not.toBeNull();
+    expect(retrieved!.tool_name).toBe('send_email');
+  });
+  test('approve changes status', () => {
+    const mgr = new ApprovalManager();
+    const req = mgr.createRequest({
+      agentId: 'a1', agentName: 'PA', toolName: 'send_email',
+      toolArguments: {}, actionCategory: 'send_email',
+      urgency: 'normal', reason: 'test', context: '',
+    });
+    const approved = mgr.approve(req.id, 'dashboard');
+    expect(approved).not.toBeNull();
+    expect(approved!.status).toBe('approved');
+    expect(approved!.decided_by).toBe('dashboard');
+  });
+  test('deny changes status', () => {
+    const mgr = new ApprovalManager();
+    const req = mgr.createRequest({
+      agentId: 'a1', agentName: 'PA', toolName: 'send_email',
+      toolArguments: {}, actionCategory: 'send_email',
+      urgency: 'normal', reason: 'test', context: '',
+    });
+    const denied = mgr.deny(req.id, 'telegram');
+    expect(denied).not.toBeNull();
+    expect(denied!.status).toBe('denied');
+  });
+  test('cannot approve already decided request', () => {
+    const mgr = new ApprovalManager();
+    const req = mgr.createRequest({
+      agentId: 'a1', agentName: 'PA', toolName: 'send_email',
+      toolArguments: {}, actionCategory: 'send_email',
+      urgency: 'normal', reason: 'test', context: '',
+    });
+    mgr.deny(req.id, 'dashboard');
+    const result = mgr.approve(req.id, 'dashboard');
+    expect(result).toBeNull();
+  });
+  test('getPending returns only pending', () => {
+    const mgr = new ApprovalManager();
+    mgr.createRequest({
+      agentId: 'a1', agentName: 'PA', toolName: 'send_email',
+      toolArguments: {}, actionCategory: 'send_email',
+      urgency: 'normal', reason: 'test', context: '',
+    });
+    const req2 = mgr.createRequest({
+      agentId: 'a1', agentName: 'PA', toolName: 'make_payment',
+      toolArguments: {}, actionCategory: 'make_payment',
+      urgency: 'urgent', reason: 'test2', context: '',
+    });
+    mgr.approve(req2.id, 'dashboard');
+    const pending = mgr.getPending();
+    expect(pending.length).toBe(1);
+    expect(pending[0]!.tool_name).toBe('send_email');
+  });
+  test('findByShortId works', () => {
+    const mgr = new ApprovalManager();
+    const req = mgr.createRequest({
+      agentId: 'a1', agentName: 'PA', toolName: 'send_email',
+      toolArguments: {}, actionCategory: 'send_email',
+      urgency: 'normal', reason: 'test', context: '',
+    });
+    const found = mgr.findByShortId(req.id.slice(0, 8));
+    expect(found).not.toBeNull();
+    expect(found!.id).toBe(req.id);
+  });
+  test('markExecuted updates fields', () => {
+    const mgr = new ApprovalManager();
+    const req = mgr.createRequest({
+      agentId: 'a1', agentName: 'PA', toolName: 'send_email',
+      toolArguments: {}, actionCategory: 'send_email',
+      urgency: 'normal', reason: 'test', context: '',
+    });
+    mgr.approve(req.id, 'dashboard');
+    mgr.markExecuted(req.id, 'Email sent successfully');
+    const updated = mgr.getRequest(req.id);
+    expect(updated!.status).toBe('executed');
+    expect(updated!.execution_result).toBe('Email sent successfully');
+  });
+  test('expireOld expires old pending requests', () => {
+    const mgr = new ApprovalManager();
+    mgr.createRequest({
+      agentId: 'a1', agentName: 'PA', toolName: 'send_email',
+      toolArguments: {}, actionCategory: 'send_email',
+      urgency: 'normal', reason: 'test', context: '',
+    });
+    // Expire with very large max age — nothing should expire
+    const noneExpired = mgr.expireOld(999999999);
+    expect(noneExpired).toBe(0);
+    // Manually update created_at to the past so expiry works
+    getDb().run('UPDATE approval_requests SET created_at = created_at - 10000');
+    const expired = mgr.expireOld(5000);
+    expect(expired).toBe(1);
+    const pending = mgr.getPending();
+    expect(pending.length).toBe(0);
+  });
+});
+// --- AuditTrail (requires DB) ---
+describe('AuditTrail', () => {
+  beforeEach(() => {
+    initDatabase(':memory:');
+  });
+  test('logs and queries audit entries', () => {
+    const trail = new AuditTrail();
+    trail.log({
+      agent_id: 'a1', agent_name: 'PA',
+      tool_name: 'browser_navigate', action_category: 'access_browser',
+      authority_decision: 'allowed', executed: true, execution_time_ms: 150,
+    });
+    trail.log({
+      agent_id: 'a1', agent_name: 'PA',
+      tool_name: 'send_email', action_category: 'send_email',
+      authority_decision: 'approval_required', executed: false,
+    });
+    const all = trail.query();
+    expect(all.length).toBe(2);
+    const browserOnly = trail.query({ action: 'access_browser' });
+    expect(browserOnly.length).toBe(1);
+    expect(browserOnly[0]!.tool_name).toBe('browser_navigate');
+  });
+  test('getStats aggregates correctly', () => {
+    const trail = new AuditTrail();
+    trail.log({ agent_id: 'a1', agent_name: 'PA', tool_name: 't1', action_category: 'read_data', authority_decision: 'allowed', executed: true });
+    trail.log({ agent_id: 'a1', agent_name: 'PA', tool_name: 't2', action_category: 'write_data', authority_decision: 'allowed', executed: true });
+    trail.log({ agent_id: 'a1', agent_name: 'PA', tool_name: 't3', action_category: 'send_email', authority_decision: 'denied', executed: false });
+    const stats = trail.getStats();
+    expect(stats.total).toBe(3);
+    expect(stats.allowed).toBe(2);
+    expect(stats.denied).toBe(1);
+    expect(stats.byCategory['read_data']).toBe(1);
+    expect(stats.byCategory['send_email']).toBe(1);
+  });
+});
+// --- AuthorityLearner (requires DB) ---
+describe('AuthorityLearner', () => {
+  beforeEach(() => {
+    initDatabase(':memory:');
+  });
+  test('no suggestions below threshold', () => {
+    const learner = new AuthorityLearner(3);
+    learner.recordDecision('send_email', 'send_email', true);
+    learner.recordDecision('send_email', 'send_email', true);
+    expect(learner.getSuggestions().length).toBe(0);
+  });
+  test('suggests after threshold consecutive approvals', () => {
+    const learner = new AuthorityLearner(3);
+    learner.recordDecision('send_email', 'send_email', true);
+    learner.recordDecision('send_email', 'send_email', true);
+    learner.recordDecision('send_email', 'send_email', true);
+    const suggestions = learner.getSuggestions();
+    expect(suggestions.length).toBe(1);
+    expect(suggestions[0]!.actionCategory).toBe('send_email');
+    expect(suggestions[0]!.consecutiveApprovals).toBe(3);
+  });
+  test('denial resets consecutive count', () => {
+    const learner = new AuthorityLearner(3);
+    learner.recordDecision('send_email', 'send_email', true);
+    learner.recordDecision('send_email', 'send_email', true);
+    learner.recordDecision('send_email', 'send_email', false); // reset
+    learner.recordDecision('send_email', 'send_email', true);
+    expect(learner.getSuggestions().length).toBe(0);
+  });
+  test('markSuggestionSent prevents re-suggestion', () => {
+    const learner = new AuthorityLearner(2);
+    learner.recordDecision('send_email', 'send_email', true);
+    learner.recordDecision('send_email', 'send_email', true);
+    expect(learner.getSuggestions().length).toBe(1);
+    learner.markSuggestionSent('send_email', 'send_email');
+    expect(learner.getSuggestions().length).toBe(0);
+  });
+});