npm - @vauban-org/agent-sdk - Versions diffs - 0.17.4 → 1.2.0 - Mend

@vauban-org/agent-sdk 0.17.4 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (506) hide show

package/CONTRACT.md +6401 -813
package/dist/adapters/llm/anthropic-direct.d.ts +1 -0
package/dist/adapters/llm/anthropic-direct.d.ts.map +1 -1
package/dist/adapters/llm/anthropic-direct.js +43 -0
package/dist/adapters/llm/anthropic-direct.js.map +1 -1
package/dist/adapters/llm/cascade.d.ts.map +1 -1
package/dist/adapters/llm/cascade.js +57 -14
package/dist/adapters/llm/cascade.js.map +1 -1
package/dist/adapters/llm/litellm.d.ts +2 -0
package/dist/adapters/llm/litellm.d.ts.map +1 -1
package/dist/adapters/llm/litellm.js +44 -0
package/dist/adapters/llm/litellm.js.map +1 -1
package/dist/compute/difficulty-estimator.d.ts +53 -0
package/dist/compute/difficulty-estimator.d.ts.map +1 -0
package/dist/compute/difficulty-estimator.js +82 -0
package/dist/compute/difficulty-estimator.js.map +1 -0
package/dist/compute/strategies/mixture-of-agents.d.ts +40 -0
package/dist/compute/strategies/mixture-of-agents.d.ts.map +1 -0
package/dist/compute/strategies/mixture-of-agents.js +110 -0
package/dist/compute/strategies/mixture-of-agents.js.map +1 -0
package/dist/compute/strategies/tree-of-thoughts.d.ts +48 -0
package/dist/compute/strategies/tree-of-thoughts.d.ts.map +1 -0
package/dist/compute/strategies/tree-of-thoughts.js +242 -0
package/dist/compute/strategies/tree-of-thoughts.js.map +1 -0
package/dist/compute/strategies/two-phase-orient.d.ts +72 -0
package/dist/compute/strategies/two-phase-orient.d.ts.map +1 -0
package/dist/compute/strategies/two-phase-orient.js +85 -0
package/dist/compute/strategies/two-phase-orient.js.map +1 -0
package/dist/constitution/types.d.ts +10 -10
package/dist/container/protocol.d.ts +134 -0
package/dist/container/protocol.d.ts.map +1 -0
package/dist/container/protocol.js +157 -0
package/dist/container/protocol.js.map +1 -0
package/dist/container/runtime.d.ts +140 -0
package/dist/container/runtime.d.ts.map +1 -0
package/dist/container/runtime.js +256 -0
package/dist/container/runtime.js.map +1 -0
package/dist/events/catalogue.d.ts +327 -30
package/dist/events/catalogue.d.ts.map +1 -1
package/dist/events/catalogue.js +18 -0
package/dist/events/catalogue.js.map +1 -1
package/dist/events/index.d.ts +9 -0
package/dist/events/index.d.ts.map +1 -1
package/dist/events/index.js +9 -0
package/dist/events/index.js.map +1 -1
package/dist/events/schemas/agent.completed.v1.d.ts +4 -4
package/dist/events/schemas/agent.failed.v1.d.ts +2 -2
package/dist/events/schemas/agent.hitl_resolved.v1.d.ts +2 -2
package/dist/events/schemas/agent.started.v1.d.ts +2 -2
package/dist/events/schemas/brain.skill.extracted.v1.d.ts +4 -4
package/dist/events/schemas/cc.cost.anomaly_detected.v1.d.ts +2 -2
package/dist/events/schemas/cc.cost.recorded.v1.d.ts +4 -4
package/dist/events/schemas/citadel.sprint.analyzed.v1.d.ts +55 -0
package/dist/events/schemas/citadel.sprint.analyzed.v1.d.ts.map +1 -0
package/dist/events/schemas/citadel.sprint.analyzed.v1.js +22 -0
package/dist/events/schemas/citadel.sprint.analyzed.v1.js.map +1 -0
package/dist/events/schemas/citadel.sprint.closed.v1.d.ts +2 -2
package/dist/events/schemas/forge.inbox.reply_classified.v1.d.ts +33 -0
package/dist/events/schemas/forge.inbox.reply_classified.v1.d.ts.map +1 -0
package/dist/events/schemas/forge.inbox.reply_classified.v1.js +15 -0
package/dist/events/schemas/forge.inbox.reply_classified.v1.js.map +1 -0
package/dist/events/schemas/forge.lead.qualified.v1.d.ts +2 -2
package/dist/events/schemas/forge.outreach.sent.v1.d.ts +4 -4
package/dist/events/schemas/incident.detected.v1.d.ts +2 -2
package/dist/events/schemas/vauban-finance.forecast.generated.v1.d.ts +21 -0
package/dist/events/schemas/vauban-finance.forecast.generated.v1.d.ts.map +1 -0
package/dist/events/schemas/vauban-finance.forecast.generated.v1.js +11 -0
package/dist/events/schemas/vauban-finance.forecast.generated.v1.js.map +1 -0
package/dist/events/schemas/vauban-finance.trade.executed.v1.d.ts +24 -0
package/dist/events/schemas/vauban-finance.trade.executed.v1.d.ts.map +1 -0
package/dist/events/schemas/vauban-finance.trade.executed.v1.js +12 -0
package/dist/events/schemas/vauban-finance.trade.executed.v1.js.map +1 -0
package/dist/events/schemas/vauban.goal.checked.v1.d.ts +21 -0
package/dist/events/schemas/vauban.goal.checked.v1.d.ts.map +1 -0
package/dist/events/schemas/vauban.goal.checked.v1.js +11 -0
package/dist/events/schemas/vauban.goal.checked.v1.js.map +1 -0
package/dist/events/schemas/vauban.rebalancing.checked.v1.d.ts +21 -0
package/dist/events/schemas/vauban.rebalancing.checked.v1.d.ts.map +1 -0
package/dist/events/schemas/vauban.rebalancing.checked.v1.js +11 -0
package/dist/events/schemas/vauban.rebalancing.checked.v1.js.map +1 -0
package/dist/events/schemas/vauban.tax.checked.v1.d.ts +21 -0
package/dist/events/schemas/vauban.tax.checked.v1.d.ts.map +1 -0
package/dist/events/schemas/vauban.tax.checked.v1.js +11 -0
package/dist/events/schemas/vauban.tax.checked.v1.js.map +1 -0
package/dist/events/schemas/vauban.vault.analyzed.v1.d.ts +59 -0
package/dist/events/schemas/vauban.vault.analyzed.v1.d.ts.map +1 -0
package/dist/events/schemas/vauban.vault.analyzed.v1.js +19 -0
package/dist/events/schemas/vauban.vault.analyzed.v1.js.map +1 -0
package/dist/events/schemas/vauban.vault.compounded.v1.d.ts +24 -0
package/dist/events/schemas/vauban.vault.compounded.v1.d.ts.map +1 -0
package/dist/events/schemas/vauban.vault.compounded.v1.js +12 -0
package/dist/events/schemas/vauban.vault.compounded.v1.js.map +1 -0
package/dist/identity/agent-persona.d.ts +73 -0
package/dist/identity/agent-persona.d.ts.map +1 -0
package/dist/identity/agent-persona.js +165 -0
package/dist/identity/agent-persona.js.map +1 -0
package/dist/identity/persona-prompt.d.ts +25 -0
package/dist/identity/persona-prompt.d.ts.map +1 -0
package/dist/identity/persona-prompt.js +71 -0
package/dist/identity/persona-prompt.js.map +1 -0
package/dist/identity/persona-schema.d.ts +120 -0
package/dist/identity/persona-schema.d.ts.map +1 -0
package/dist/identity/persona-schema.js +103 -0
package/dist/identity/persona-schema.js.map +1 -0
package/dist/index.d.ts +37 -2
package/dist/index.d.ts.map +1 -1
package/dist/index.js +29 -1
package/dist/index.js.map +1 -1
package/dist/loop/index.d.ts +1 -1
package/dist/loop/index.d.ts.map +1 -1
package/dist/loop/index.js.map +1 -1
package/dist/loop/minimal-loop.js +293 -287
package/dist/loop/sdk-loop.d.ts +1 -3
package/dist/loop/sdk-loop.d.ts.map +1 -1
package/dist/loop/sdk-loop.js +1 -1
package/dist/loop/sdk-loop.js.map +1 -1
package/dist/memory/episodic-rrf.d.ts +114 -0
package/dist/memory/episodic-rrf.d.ts.map +1 -0
package/dist/memory/episodic-rrf.js +148 -0
package/dist/memory/episodic-rrf.js.map +1 -0
package/dist/mesh/attenuation.d.ts +78 -0
package/dist/mesh/attenuation.d.ts.map +1 -0
package/dist/mesh/attenuation.js +141 -0
package/dist/mesh/attenuation.js.map +1 -0
package/dist/mesh/delegate.d.ts +96 -0
package/dist/mesh/delegate.d.ts.map +1 -0
package/dist/mesh/delegate.js +172 -0
package/dist/mesh/delegate.js.map +1 -0
package/dist/mesh/dispatcher.d.ts +119 -0
package/dist/mesh/dispatcher.d.ts.map +1 -0
package/dist/mesh/dispatcher.js +207 -0
package/dist/mesh/dispatcher.js.map +1 -0
package/dist/mesh/index.d.ts +12 -0
package/dist/mesh/index.d.ts.map +1 -0
package/dist/mesh/index.js +11 -0
package/dist/mesh/index.js.map +1 -0
package/dist/mesh/types.d.ts +30 -0
package/dist/mesh/types.d.ts.map +1 -0
package/dist/mesh/types.js +11 -0
package/dist/mesh/types.js.map +1 -0
package/dist/orchestration/ooda/skills.d.ts +104 -0
package/dist/orchestration/ooda/skills.d.ts.map +1 -1
package/dist/orchestration/ooda/skills.js +106 -0
package/dist/orchestration/ooda/skills.js.map +1 -1
package/dist/orchestration/ooda/types.d.ts +3 -8
package/dist/orchestration/ooda/types.d.ts.map +1 -1
package/dist/ports/bastion-action.contract.test.d.ts +11 -0
package/dist/ports/bastion-action.contract.test.d.ts.map +1 -0
package/dist/ports/bastion-action.contract.test.js +238 -0
package/dist/ports/bastion-action.contract.test.js.map +1 -0
package/dist/ports/bastion-action.d.ts +133 -0
package/dist/ports/bastion-action.d.ts.map +1 -0
package/dist/ports/bastion-action.js +73 -0
package/dist/ports/bastion-action.js.map +1 -0
package/dist/ports/brain.d.ts +31 -0
package/dist/ports/brain.d.ts.map +1 -1
package/dist/ports/brain.js +115 -1
package/dist/ports/brain.js.map +1 -1
package/dist/ports/citadel-action.contract.test.d.ts +11 -0
package/dist/ports/citadel-action.contract.test.d.ts.map +1 -0
package/dist/ports/citadel-action.contract.test.js +317 -0
package/dist/ports/citadel-action.contract.test.js.map +1 -0
package/dist/ports/citadel-action.d.ts +111 -0
package/dist/ports/citadel-action.d.ts.map +1 -0
package/dist/ports/citadel-action.js +62 -0
package/dist/ports/citadel-action.js.map +1 -0
package/dist/ports/compliance-contract.d.ts +123 -0
package/dist/ports/compliance-contract.d.ts.map +1 -0
package/dist/ports/compliance-contract.js +35 -0
package/dist/ports/compliance-contract.js.map +1 -0
package/dist/ports/db.d.ts +38 -0
package/dist/ports/db.d.ts.map +1 -1
package/dist/ports/db.js +88 -1
package/dist/ports/db.js.map +1 -1
package/dist/ports/delegation.contract.test.d.ts +9 -0
package/dist/ports/delegation.contract.test.d.ts.map +1 -0
package/dist/ports/delegation.contract.test.js +337 -0
package/dist/ports/delegation.contract.test.js.map +1 -0
package/dist/ports/delegation.d.ts +134 -0
package/dist/ports/delegation.d.ts.map +1 -0
package/dist/ports/delegation.js +105 -0
package/dist/ports/delegation.js.map +1 -0
package/dist/ports/event-bus.d.ts +29 -13
package/dist/ports/event-bus.d.ts.map +1 -1
package/dist/ports/event-bus.js +106 -1
package/dist/ports/event-bus.js.map +1 -1
package/dist/ports/federation.contract.test.d.ts +9 -0
package/dist/ports/federation.contract.test.d.ts.map +1 -0
package/dist/ports/federation.contract.test.js +279 -0
package/dist/ports/federation.contract.test.js.map +1 -0
package/dist/ports/federation.d.ts +140 -0
package/dist/ports/federation.d.ts.map +1 -0
package/dist/ports/federation.js +57 -0
package/dist/ports/federation.js.map +1 -0
package/dist/ports/index.d.ts +28 -2
package/dist/ports/index.d.ts.map +1 -1
package/dist/ports/index.js +17 -2
package/dist/ports/index.js.map +1 -1
package/dist/ports/llm-provider.d.ts +37 -0
package/dist/ports/llm-provider.d.ts.map +1 -1
package/dist/ports/llm-provider.js +99 -1
package/dist/ports/llm-provider.js.map +1 -1
package/dist/ports/logger.d.ts +27 -0
package/dist/ports/logger.d.ts.map +1 -1
package/dist/ports/logger.js +87 -0
package/dist/ports/logger.js.map +1 -1
package/dist/ports/manifest-registry.contract.test.d.ts +9 -0
package/dist/ports/manifest-registry.contract.test.d.ts.map +1 -0
package/dist/ports/manifest-registry.contract.test.js +246 -0
package/dist/ports/manifest-registry.contract.test.js.map +1 -0
package/dist/ports/manifest-registry.d.ts +116 -0
package/dist/ports/manifest-registry.d.ts.map +1 -0
package/dist/ports/manifest-registry.js +79 -0
package/dist/ports/manifest-registry.js.map +1 -0
package/dist/ports/observability.contract.test.d.ts +12 -0
package/dist/ports/observability.contract.test.d.ts.map +1 -0
package/dist/ports/observability.contract.test.js +260 -0
package/dist/ports/observability.contract.test.js.map +1 -0
package/dist/ports/observability.d.ts +98 -0
package/dist/ports/observability.d.ts.map +1 -0
package/dist/ports/observability.js +59 -0
package/dist/ports/observability.js.map +1 -0
package/dist/ports/outcome.d.ts +26 -0
package/dist/ports/outcome.d.ts.map +1 -1
package/dist/ports/outcome.js +62 -1
package/dist/ports/outcome.js.map +1 -1
package/dist/ports/privacy.contract.test.d.ts +12 -0
package/dist/ports/privacy.contract.test.d.ts.map +1 -0
package/dist/ports/privacy.contract.test.js +325 -0
package/dist/ports/privacy.contract.test.js.map +1 -0
package/dist/ports/privacy.d.ts +132 -0
package/dist/ports/privacy.d.ts.map +1 -0
package/dist/ports/privacy.js +83 -0
package/dist/ports/privacy.js.map +1 -0
package/dist/ports/tenant-context.contract.test.d.ts +14 -0
package/dist/ports/tenant-context.contract.test.d.ts.map +1 -0
package/dist/ports/tenant-context.contract.test.js +352 -0
package/dist/ports/tenant-context.contract.test.js.map +1 -0
package/dist/ports/tenant-context.d.ts +103 -0
package/dist/ports/tenant-context.d.ts.map +1 -0
package/dist/ports/tenant-context.js +48 -0
package/dist/ports/tenant-context.js.map +1 -0
package/dist/ports/vauban-finance-action.contract.test.d.ts +11 -0
package/dist/ports/vauban-finance-action.contract.test.d.ts.map +1 -0
package/dist/ports/vauban-finance-action.contract.test.js +260 -0
package/dist/ports/vauban-finance-action.contract.test.js.map +1 -0
package/dist/ports/vauban-finance-action.d.ts +106 -0
package/dist/ports/vauban-finance-action.d.ts.map +1 -0
package/dist/ports/vauban-finance-action.js +60 -0
package/dist/ports/vauban-finance-action.js.map +1 -0
package/dist/ports/workflow-runtime.d.ts +204 -0
package/dist/ports/workflow-runtime.d.ts.map +1 -0
package/dist/ports/workflow-runtime.js +72 -0
package/dist/ports/workflow-runtime.js.map +1 -0
package/dist/proof/cert-verify.d.ts +80 -0
package/dist/proof/cert-verify.d.ts.map +1 -0
package/dist/proof/cert-verify.js +178 -0
package/dist/proof/cert-verify.js.map +1 -0
package/dist/replay/replay.d.ts.map +1 -1
package/dist/replay/replay.js +5 -1
package/dist/replay/replay.js.map +1 -1
package/dist/retry/index.d.ts +129 -0
package/dist/retry/index.d.ts.map +1 -0
package/dist/retry/index.js +156 -0
package/dist/retry/index.js.map +1 -0
package/dist/retry/presets.d.ts +39 -0
package/dist/retry/presets.d.ts.map +1 -0
package/dist/retry/presets.js +69 -0
package/dist/retry/presets.js.map +1 -0
package/dist/skill-loop/ab-runner.d.ts +67 -0
package/dist/skill-loop/ab-runner.d.ts.map +1 -0
package/dist/skill-loop/ab-runner.js +160 -0
package/dist/skill-loop/ab-runner.js.map +1 -0
package/dist/skill-loop/adoption.d.ts +67 -0
package/dist/skill-loop/adoption.d.ts.map +1 -0
package/dist/skill-loop/adoption.js +126 -0
package/dist/skill-loop/adoption.js.map +1 -0
package/dist/skill-loop/candidate.d.ts +45 -0
package/dist/skill-loop/candidate.d.ts.map +1 -0
package/dist/skill-loop/candidate.js +43 -0
package/dist/skill-loop/candidate.js.map +1 -0
package/dist/skill-loop/evaluator.d.ts +42 -0
package/dist/skill-loop/evaluator.d.ts.map +1 -0
package/dist/skill-loop/evaluator.js +184 -0
package/dist/skill-loop/evaluator.js.map +1 -0
package/dist/skill-loop/index.d.ts +27 -0
package/dist/skill-loop/index.d.ts.map +1 -0
package/dist/skill-loop/index.js +27 -0
package/dist/skill-loop/index.js.map +1 -0
package/dist/skill-loop/reflexion-replay.d.ts +87 -0
package/dist/skill-loop/reflexion-replay.d.ts.map +1 -0
package/dist/skill-loop/reflexion-replay.js +110 -0
package/dist/skill-loop/reflexion-replay.js.map +1 -0
package/dist/skill-loop/sign-off.d.ts +88 -0
package/dist/skill-loop/sign-off.d.ts.map +1 -0
package/dist/skill-loop/sign-off.js +146 -0
package/dist/skill-loop/sign-off.js.map +1 -0
package/dist/skill-loop/value-metric.d.ts +55 -0
package/dist/skill-loop/value-metric.d.ts.map +1 -0
package/dist/skill-loop/value-metric.js +69 -0
package/dist/skill-loop/value-metric.js.map +1 -0
package/dist/skill-loop/versioning.d.ts +36 -0
package/dist/skill-loop/versioning.d.ts.map +1 -0
package/dist/skill-loop/versioning.js +47 -0
package/dist/skill-loop/versioning.js.map +1 -0
package/dist/skill-manifest/anchor.d.ts +91 -0
package/dist/skill-manifest/anchor.d.ts.map +1 -0
package/dist/skill-manifest/anchor.js +331 -0
package/dist/skill-manifest/anchor.js.map +1 -0
package/dist/skill-manifest/builder.d.ts +47 -0
package/dist/skill-manifest/builder.d.ts.map +1 -0
package/dist/skill-manifest/builder.js +93 -0
package/dist/skill-manifest/builder.js.map +1 -0
package/dist/skill-manifest/index.d.ts +13 -0
package/dist/skill-manifest/index.d.ts.map +1 -0
package/dist/skill-manifest/index.js +9 -0
package/dist/skill-manifest/index.js.map +1 -0
package/dist/skill-manifest/types.d.ts +67 -0
package/dist/skill-manifest/types.d.ts.map +1 -0
package/dist/skill-manifest/types.js +16 -0
package/dist/skill-manifest/types.js.map +1 -0
package/dist/skill-manifest/verifier.d.ts +42 -0
package/dist/skill-manifest/verifier.d.ts.map +1 -0
package/dist/skill-manifest/verifier.js +136 -0
package/dist/skill-manifest/verifier.js.map +1 -0
package/dist/skills/brain-query.d.ts +4 -4
package/dist/skills/brain-store.d.ts +6 -6
package/dist/skills/errors.d.ts +15 -0
package/dist/skills/errors.d.ts.map +1 -1
package/dist/skills/errors.js +21 -0
package/dist/skills/errors.js.map +1 -1
package/dist/skills/hitl-request.d.ts +2 -2
package/dist/skills/index.d.ts +3 -1
package/dist/skills/index.d.ts.map +1 -1
package/dist/skills/index.js +4 -1
package/dist/skills/index.js.map +1 -1
package/dist/skills/markdown/loader.d.ts +52 -0
package/dist/skills/markdown/loader.d.ts.map +1 -0
package/dist/skills/markdown/loader.js +93 -0
package/dist/skills/markdown/loader.js.map +1 -0
package/dist/skills/markdown/schema.d.ts +432 -0
package/dist/skills/markdown/schema.d.ts.map +1 -0
package/dist/skills/markdown/schema.js +121 -0
package/dist/skills/markdown/schema.js.map +1 -0
package/dist/skills/poc-md-loader/markdown-loader.d.ts +77 -0
package/dist/skills/poc-md-loader/markdown-loader.d.ts.map +1 -0
package/dist/skills/poc-md-loader/markdown-loader.js +125 -0
package/dist/skills/poc-md-loader/markdown-loader.js.map +1 -0
package/dist/skills/poc-md-loader/runner.d.ts +24 -0
package/dist/skills/poc-md-loader/runner.d.ts.map +1 -0
package/dist/skills/poc-md-loader/runner.js +57 -0
package/dist/skills/poc-md-loader/runner.js.map +1 -0
package/dist/skills/poc-md-loader/vitest.poc.config.d.ts +3 -0
package/dist/skills/poc-md-loader/vitest.poc.config.d.ts.map +1 -0
package/dist/skills/poc-md-loader/vitest.poc.config.js +13 -0
package/dist/skills/poc-md-loader/vitest.poc.config.js.map +1 -0
package/dist/skills/poc-md-loader/web-search/script.d.ts +33 -0
package/dist/skills/poc-md-loader/web-search/script.d.ts.map +1 -0
package/dist/skills/poc-md-loader/web-search/script.js +75 -0
package/dist/skills/poc-md-loader/web-search/script.js.map +1 -0
package/dist/skills/record-outcome.d.ts +4 -4
package/dist/skills/send-email.d.ts.map +1 -1
package/dist/skills/send-email.js +15 -3
package/dist/skills/send-email.js.map +1 -1
package/dist/skills/slack-notify.d.ts +4 -4
package/dist/skills/starknet-balance.d.ts +1 -1
package/dist/skills/telegram-notify.d.ts +4 -4
package/dist/skills/web-search.d.ts +1 -1
package/dist/testing/contracts/event-bus.contract.d.ts.map +1 -1
package/dist/testing/contracts/event-bus.contract.js +14 -12
package/dist/testing/contracts/event-bus.contract.js.map +1 -1
package/dist/testing/index.d.ts +3 -0
package/dist/testing/test-brain-port.d.ts +4 -0
package/dist/testing/test-brain-port.d.ts.map +1 -1
package/dist/testing/test-brain-port.js +75 -20
package/dist/testing/test-brain-port.js.map +1 -1
package/dist/testing/test-event-bus.d.ts.map +1 -1
package/dist/testing/test-event-bus.js +89 -36
package/dist/testing/test-event-bus.js.map +1 -1
package/dist/trace/schema.d.ts +1 -1
package/dist/trace/schema.d.ts.map +1 -1
package/dist/trace/schema.js +1 -1
package/dist/trace/schema.js.map +1 -1
package/dist/verify/formal/index.d.ts +44 -0
package/dist/verify/formal/index.d.ts.map +1 -0
package/dist/verify/formal/index.js +98 -0
package/dist/verify/formal/index.js.map +1 -0
package/dist/verify/formal/policy.d.ts +105 -0
package/dist/verify/formal/policy.d.ts.map +1 -0
package/dist/verify/formal/policy.js +159 -0
package/dist/verify/formal/policy.js.map +1 -0
package/dist/verify/formal/result.d.ts +50 -0
package/dist/verify/formal/result.d.ts.map +1 -0
package/dist/verify/formal/result.js +21 -0
package/dist/verify/formal/result.js.map +1 -0
package/dist/verify/formal/solver.d.ts +67 -0
package/dist/verify/formal/solver.d.ts.map +1 -0
package/dist/verify/formal/solver.js +184 -0
package/dist/verify/formal/solver.js.map +1 -0
package/dist/verify/formal/spec-language.d.ts +80 -0
package/dist/verify/formal/spec-language.d.ts.map +1 -0
package/dist/verify/formal/spec-language.js +219 -0
package/dist/verify/formal/spec-language.js.map +1 -0
package/docs/attestation.md +199 -0
package/docs/identity.md +193 -0
package/package.json +22 -1
package/src/adapters/llm/anthropic-direct.ts +51 -0
package/src/adapters/llm/cascade.ts +64 -19
package/src/adapters/llm/litellm.ts +49 -0
package/src/compute/difficulty-estimator.ts +111 -0
package/src/compute/strategies/mixture-of-agents.ts +150 -0
package/src/compute/strategies/tree-of-thoughts.ts +293 -0
package/src/compute/strategies/two-phase-orient.ts +147 -0
package/src/container/protocol.ts +243 -0
package/src/container/runtime.ts +424 -0
package/src/db/migrations/026_formal_verify_results.sql +30 -0
package/src/events/catalogue.ts +54 -0
package/src/events/index.ts +9 -0
package/src/events/schemas/citadel.sprint.analyzed.v1.ts +23 -0
package/src/events/schemas/forge.inbox.reply_classified.v1.ts +15 -0
package/src/events/schemas/vauban-finance.forecast.generated.v1.ts +11 -0
package/src/events/schemas/vauban-finance.trade.executed.v1.ts +12 -0
package/src/events/schemas/vauban.goal.checked.v1.ts +11 -0
package/src/events/schemas/vauban.rebalancing.checked.v1.ts +11 -0
package/src/events/schemas/vauban.tax.checked.v1.ts +11 -0
package/src/events/schemas/vauban.vault.analyzed.v1.ts +21 -0
package/src/events/schemas/vauban.vault.compounded.v1.ts +12 -0
package/src/identity/agent-persona.ts +203 -0
package/src/identity/persona-prompt.ts +84 -0
package/src/identity/persona-schema.ts +127 -0
package/src/index.ts +338 -1
package/src/loop/index.ts +0 -1
package/src/loop/sdk-loop.ts +5 -8
package/src/memory/episodic-rrf.ts +224 -0
package/src/mesh/attenuation.ts +190 -0
package/src/mesh/delegate.ts +254 -0
package/src/mesh/dispatcher.ts +301 -0
package/src/mesh/index.ts +39 -0
package/src/mesh/types.ts +31 -0
package/src/orchestration/ooda/skills.ts +177 -0
package/src/orchestration/ooda/types.ts +3 -9
package/src/ports/bastion-action.contract.test.ts +355 -0
package/src/ports/bastion-action.ts +198 -0
package/src/ports/brain.ts +177 -15
package/src/ports/citadel-action.contract.test.ts +430 -0
package/src/ports/citadel-action.ts +174 -0
package/src/ports/compliance-contract.ts +191 -0
package/src/ports/db.ts +98 -0
package/src/ports/delegation.contract.test.ts +428 -0
package/src/ports/delegation.ts +211 -0
package/src/ports/event-bus.ts +133 -18
package/src/ports/federation.contract.test.ts +355 -0
package/src/ports/federation.ts +190 -0
package/src/ports/index.ts +186 -1
package/src/ports/llm-provider.ts +123 -0
package/src/ports/logger.ts +104 -0
package/src/ports/manifest-registry.contract.test.ts +324 -0
package/src/ports/manifest-registry.ts +188 -0
package/src/ports/observability.contract.test.ts +315 -0
package/src/ports/observability.ts +150 -0
package/src/ports/outcome.ts +69 -0
package/src/ports/privacy.contract.test.ts +413 -0
package/src/ports/privacy.ts +207 -0
package/src/ports/tenant-context.contract.test.ts +454 -0
package/src/ports/tenant-context.ts +150 -0
package/src/ports/vauban-finance-action.contract.test.ts +335 -0
package/src/ports/vauban-finance-action.ts +166 -0
package/src/ports/workflow-runtime.ts +327 -0
package/src/proof/cert-verify.ts +249 -0
package/src/replay/replay.ts +11 -8
package/src/retry/index.ts +227 -0
package/src/retry/presets.ts +75 -0
package/src/skill-loop/ab-runner.ts +196 -0
package/src/skill-loop/adoption.ts +188 -0
package/src/skill-loop/candidate.ts +75 -0
package/src/skill-loop/evaluator.ts +238 -0
package/src/skill-loop/index.ts +51 -0
package/src/skill-loop/reflexion-replay.ts +173 -0
package/src/skill-loop/sign-off.ts +247 -0
package/src/skill-loop/value-metric.ts +120 -0
package/src/skill-loop/versioning.ts +75 -0
package/src/skill-manifest/anchor.ts +401 -0
package/src/skill-manifest/builder.ts +129 -0
package/src/skill-manifest/index.ts +18 -0
package/src/skill-manifest/types.ts +72 -0
package/src/skill-manifest/verifier.ts +198 -0
package/src/skills/errors.ts +30 -2
package/src/skills/index.ts +19 -0
package/src/skills/markdown/loader.ts +129 -0
package/src/skills/markdown/schema.ts +144 -0
package/src/skills/poc-md-loader/e2e-parity.test.ts +237 -0
package/src/skills/poc-md-loader/markdown-loader.ts +161 -0
package/src/skills/poc-md-loader/runner.ts +82 -0
package/src/skills/poc-md-loader/vitest.poc.config.ts +13 -0
package/src/skills/poc-md-loader/web-search/SKILL.md +42 -0
package/src/skills/poc-md-loader/web-search/script.ts +109 -0
package/src/skills/send-email.ts +15 -3
package/src/testing/contracts/event-bus.contract.ts +16 -14
package/src/testing/test-brain-port.ts +98 -24
package/src/testing/test-event-bus.ts +104 -43
package/src/trace/schema.ts +1 -1
package/src/verify/formal/index.ts +154 -0
package/src/verify/formal/policy.ts +253 -0
package/src/verify/formal/result.ts +52 -0
package/src/verify/formal/solver.ts +235 -0
package/src/verify/formal/spec-language.ts +274 -0

package/dist/verify/formal/spec-language.d.ts ADDED Viewed

@@ -0,0 +1,80 @@
+/**
+ * src/verify/formal/spec-language.ts
+ *
+ * Sprint-587 — DSL for axiom specifications, compiled to SMT-LIB v2.
+ *
+ * Design philosophy (inspired by FormalJudge, arXiv:2602.11136) : agent-cycle
+ * properties are expressed as small, typed pre/post-condition tuples. Each
+ * condition is mapped to an SMT-LIB fragment by {@link compileToSmt}, which
+ * frames the property as a NEGATION of the post-conditions under the
+ * pre-conditions. This way, Z3 returning `sat` means a counterexample exists
+ * (= UNSAFE) and `unsat` means the post-conditions hold (= SAFE).
+ *
+ * Bound types : Reals for budgets and ratios, Bools for binary properties,
+ * Sets-as-symbols for scope subset checks.
+ *
+ * @module verify/formal/spec-language
+ */
+/**
+ * One verifiable axiom-level property.
+ */
+export interface AxiomSpec {
+    /** Human-readable axiom label (e.g. "Robuste", "Profitable"). */
+    axiom: string;
+    /** Conditions that must hold for the spec to be meaningful. */
+    preconditions: Condition[];
+    /** Conditions whose conjunction defines the post-state to verify. */
+    postconditions: Condition[];
+    /** Solver timeout in ms — see {@link DEFAULT_POLICIES}. */
+    timeout_ms?: number;
+}
+/**
+ * Tagged union of all supported condition kinds.
+ *
+ * `custom_smt` is the escape hatch : the consumer supplies a raw SMT-LIB
+ * fragment that will be inlined under an `(assert ...)`. Use sparingly —
+ * mistakes here are silent semantic bugs.
+ */
+export type Condition = {
+    type: "budget_constraint";
+    child_max_fraction: number;
+} | {
+    type: "scope_subset";
+    parent_scope: string[];
+    child_scope: string[];
+} | {
+    type: "no_pii_in_output";
+    pii_count_var?: string;
+} | {
+    type: "cost_positive_roi";
+    min_roi_ratio: number;
+} | {
+    type: "response_time";
+    max_ms: number;
+} | {
+    type: "custom_smt";
+    smt_fragment: string;
+};
+/**
+ * Compile an {@link AxiomSpec} into an SMT-LIB v2 program string.
+ *
+ * Pattern : preconditions are asserted as-is ; postconditions are joined by
+ * conjunction and asserted NEGATED. A counterexample (z3 returns `sat`)
+ * therefore means : "pre-conditions hold AND at least one post-condition
+ * fails" — i.e. an UNSAFE outcome.
+ *
+ * Includes `(check-sat)` and `(get-model)` as terminating commands.
+ */
+export declare function compileToSmt(spec: AxiomSpec): string;
+/**
+ * Default per-axiom AxiomSpec presets. Consumers can override the timeout
+ * or augment with additional conditions before passing to `formalVerify`.
+ *
+ * Robuste        : 5s — engineering robustness, may need richer checks
+ * Institutionnel : 10s — strongest spec, PII + scope-subset + budget
+ * SOTA           : 2s  — lightweight (single ROI check on cost)
+ * AntiFragile    : 1s  — response-time bound only
+ * Profitable     : 1s  — cost-vs-value ROI check
+ */
+export declare const AXIOM_SPECS: Record<string, AxiomSpec>;
+//# sourceMappingURL=spec-language.d.ts.map

package/dist/verify/formal/spec-language.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"spec-language.d.ts","sourceRoot":"","sources":["../../../src/verify/formal/spec-language.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,iEAAiE;IACjE,KAAK,EAAE,MAAM,CAAC;IACd,+DAA+D;IAC/D,aAAa,EAAE,SAAS,EAAE,CAAC;IAC3B,qEAAqE;IACrE,cAAc,EAAE,SAAS,EAAE,CAAC;IAC5B,2DAA2D;IAC3D,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;;;;;GAMG;AACH,MAAM,MAAM,SAAS,GACjB;IAAE,IAAI,EAAE,mBAAmB,CAAC;IAAC,kBAAkB,EAAE,MAAM,CAAA;CAAE,GACzD;IAAE,IAAI,EAAE,cAAc,CAAC;IAAC,YAAY,EAAE,MAAM,EAAE,CAAC;IAAC,WAAW,EAAE,MAAM,EAAE,CAAA;CAAE,GACvE;IAAE,IAAI,EAAE,kBAAkB,CAAC;IAAC,aAAa,CAAC,EAAE,MAAM,CAAA;CAAE,GACpD;IAAE,IAAI,EAAE,mBAAmB,CAAC;IAAC,aAAa,EAAE,MAAM,CAAA;CAAE,GACpD;IAAE,IAAI,EAAE,eAAe,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,GACzC;IAAE,IAAI,EAAE,YAAY,CAAC;IAAC,YAAY,EAAE,MAAM,CAAA;CAAE,CAAC;AAiGjD;;;;;;;;;GASG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,SAAS,GAAG,MAAM,CAoEpD;AAMD;;;;;;;;;GASG;AACH,eAAO,MAAM,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,SAAS,CAqCjD,CAAC"}

package/dist/verify/formal/spec-language.js ADDED Viewed

@@ -0,0 +1,219 @@
+/**
+ * src/verify/formal/spec-language.ts
+ *
+ * Sprint-587 — DSL for axiom specifications, compiled to SMT-LIB v2.
+ *
+ * Design philosophy (inspired by FormalJudge, arXiv:2602.11136) : agent-cycle
+ * properties are expressed as small, typed pre/post-condition tuples. Each
+ * condition is mapped to an SMT-LIB fragment by {@link compileToSmt}, which
+ * frames the property as a NEGATION of the post-conditions under the
+ * pre-conditions. This way, Z3 returning `sat` means a counterexample exists
+ * (= UNSAFE) and `unsat` means the post-conditions hold (= SAFE).
+ *
+ * Bound types : Reals for budgets and ratios, Bools for binary properties,
+ * Sets-as-symbols for scope subset checks.
+ *
+ * @module verify/formal/spec-language
+ */
+function ensureDecl(ctx, decl, name) {
+    if (ctx.declared.has(name))
+        return;
+    ctx.declared.add(name);
+    ctx.declarations.push(decl);
+}
+/**
+ * Lower a single Condition into SMT-LIB assertions appended to `ctx`.
+ * `negated` flag : when true, the condition is being added as a negated
+ * post-condition (i.e. we want to find a counterexample).
+ */
+function lowerCondition(c, ctx, negated) {
+    switch (c.type) {
+        case "budget_constraint": {
+            // parent_budget >= 0, child_budget >= 0, child_budget <= parent_budget * fraction
+            ensureDecl(ctx, "(declare-const parent_budget Real)", "parent_budget");
+            ensureDecl(ctx, "(declare-const child_budget Real)", "child_budget");
+            // Positivity is part of the pre-state, always assert.
+            ctx.assertions.push("(assert (>= parent_budget 0))");
+            ctx.assertions.push("(assert (>= child_budget 0))");
+            const expr = `(<= child_budget (* parent_budget ${c.child_max_fraction}))`;
+            ctx.assertions.push(`(assert ${negated ? `(not ${expr})` : expr})`);
+            return;
+        }
+        case "scope_subset": {
+            // Encode each child element as a Bool : it must be present in parent.
+            // We do this by reducing to a boolean conjunction over the listed
+            // child elements. Mismatches surface as a counterexample.
+            const parentSet = new Set(c.parent_scope);
+            const childOk = c.child_scope.every((s) => parentSet.has(s));
+            // No declarations needed — fold the result statically into a bool.
+            const expr = childOk ? "true" : "false";
+            ctx.assertions.push(`(assert ${negated ? `(not ${expr})` : expr})`);
+            return;
+        }
+        case "no_pii_in_output": {
+            const name = c.pii_count_var ?? "pii_count";
+            ensureDecl(ctx, `(declare-const ${name} Int)`, name);
+            // pii_count >= 0 (always)
+            ctx.assertions.push(`(assert (>= ${name} 0))`);
+            const expr = `(= ${name} 0)`;
+            ctx.assertions.push(`(assert ${negated ? `(not ${expr})` : expr})`);
+            return;
+        }
+        case "cost_positive_roi": {
+            ensureDecl(ctx, "(declare-const cost Real)", "cost");
+            ensureDecl(ctx, "(declare-const value Real)", "value");
+            ctx.assertions.push("(assert (> cost 0))");
+            ctx.assertions.push("(assert (>= value 0))");
+            const expr = `(>= (/ value cost) ${c.min_roi_ratio})`;
+            ctx.assertions.push(`(assert ${negated ? `(not ${expr})` : expr})`);
+            return;
+        }
+        case "response_time": {
+            ensureDecl(ctx, "(declare-const response_ms Real)", "response_ms");
+            ctx.assertions.push("(assert (>= response_ms 0))");
+            const expr = `(<= response_ms ${c.max_ms})`;
+            ctx.assertions.push(`(assert ${negated ? `(not ${expr})` : expr})`);
+            return;
+        }
+        case "custom_smt": {
+            const frag = c.smt_fragment.trim();
+            // The custom fragment is expected to be a parenthesised assertion body.
+            if (negated) {
+                ctx.assertions.push(`(assert (not ${frag}))`);
+            }
+            else {
+                ctx.assertions.push(`(assert ${frag})`);
+            }
+            return;
+        }
+    }
+}
+/**
+ * Compile an {@link AxiomSpec} into an SMT-LIB v2 program string.
+ *
+ * Pattern : preconditions are asserted as-is ; postconditions are joined by
+ * conjunction and asserted NEGATED. A counterexample (z3 returns `sat`)
+ * therefore means : "pre-conditions hold AND at least one post-condition
+ * fails" — i.e. an UNSAFE outcome.
+ *
+ * Includes `(check-sat)` and `(get-model)` as terminating commands.
+ */
+export function compileToSmt(spec) {
+    const ctx = {
+        declared: new Set(),
+        declarations: [],
+        assertions: [],
+    };
+    // Header — set logic to QF_LRA (quantifier-free linear real arithmetic
+    // plus integers) which covers all our supported condition kinds.
+    const header = ["(set-logic ALL)", `; AxiomSpec : ${spec.axiom}`];
+    // Preconditions : assert as-is (positive form).
+    for (const pre of spec.preconditions) {
+        lowerCondition(pre, ctx, false);
+    }
+    // Postconditions : conjoin and negate.
+    // Strategy : assert each one negated separately using De Morgan. We want
+    //   NOT (post1 AND post2 AND …) ≡ (NOT post1) OR (NOT post2) OR …
+    // For check-sat-as-counterexample, we want the solver to find *any*
+    // violation, so we encode the disjunction with an auxiliary Bool flag
+    // per postcondition. Simpler equivalent : assert (or (not post1) (not post2) …).
+    if (spec.postconditions.length === 0) {
+        // Empty postcondition set : trivially SAFE (no obligation to verify).
+        ctx.assertions.push("(assert false)");
+    }
+    else if (spec.postconditions.length === 1) {
+        lowerCondition(spec.postconditions[0], ctx, true);
+    }
+    else {
+        // Build per-postcondition expression strings via a side-context, then
+        // emit a single `(assert (or ...))`.
+        const subCtx = {
+            declared: ctx.declared,
+            declarations: ctx.declarations,
+            assertions: [],
+        };
+        const negatedExprs = [];
+        for (const post of spec.postconditions) {
+            const before = subCtx.assertions.length;
+            lowerCondition(post, subCtx, true);
+            // The last appended assertion is "(assert <neg expr>)" or pre-assertions.
+            // To recover only the negated post-condition body, we accept that some
+            // conditions append additional non-negotiable preconditions (positivity).
+            // Those are valid in any case and stay in the main assertion list.
+            for (let i = before; i < subCtx.assertions.length; i++) {
+                const a = subCtx.assertions[i];
+                // Heuristic : split positivity asserts (>= x 0) and the negated body.
+                // The negated body always contains "(not ".
+                if (a.includes("(not ")) {
+                    // Extract the inner expr "(not …)" inside the outer assert.
+                    const inner = a.slice("(assert ".length, -1);
+                    negatedExprs.push(inner);
+                }
+            }
+            // Drop the negated body assertions from subCtx so we only keep
+            // the positivity ones in the main assertion list.
+            subCtx.assertions = subCtx.assertions.filter((a) => !a.includes("(not "));
+        }
+        ctx.assertions = subCtx.assertions;
+        ctx.assertions.push(`(assert (or ${negatedExprs.join(" ")}))`);
+    }
+    return [
+        ...header,
+        ...ctx.declarations,
+        ...ctx.assertions,
+        "(check-sat)",
+        "(get-model)",
+    ].join("\n");
+}
+// ---------------------------------------------------------------------------
+// Pre-built specs for the 5 Vauban axioms
+// ---------------------------------------------------------------------------
+/**
+ * Default per-axiom AxiomSpec presets. Consumers can override the timeout
+ * or augment with additional conditions before passing to `formalVerify`.
+ *
+ * Robuste        : 5s — engineering robustness, may need richer checks
+ * Institutionnel : 10s — strongest spec, PII + scope-subset + budget
+ * SOTA           : 2s  — lightweight (single ROI check on cost)
+ * AntiFragile    : 1s  — response-time bound only
+ * Profitable     : 1s  — cost-vs-value ROI check
+ */
+export const AXIOM_SPECS = {
+    Robuste: {
+        axiom: "Robuste",
+        preconditions: [],
+        postconditions: [
+            { type: "budget_constraint", child_max_fraction: 1.0 },
+            { type: "response_time", max_ms: 30_000 },
+        ],
+        timeout_ms: 5000,
+    },
+    Institutionnel: {
+        axiom: "Institutionnel",
+        preconditions: [],
+        postconditions: [
+            { type: "no_pii_in_output" },
+            { type: "budget_constraint", child_max_fraction: 1.0 },
+        ],
+        timeout_ms: 10_000,
+    },
+    SOTA: {
+        axiom: "SOTA",
+        preconditions: [],
+        postconditions: [{ type: "cost_positive_roi", min_roi_ratio: 1.0 }],
+        timeout_ms: 2000,
+    },
+    AntiFragile: {
+        axiom: "AntiFragile",
+        preconditions: [],
+        postconditions: [{ type: "response_time", max_ms: 60_000 }],
+        timeout_ms: 1000,
+    },
+    Profitable: {
+        axiom: "Profitable",
+        preconditions: [],
+        postconditions: [{ type: "cost_positive_roi", min_roi_ratio: 1.5 }],
+        timeout_ms: 1000,
+    },
+};
+//# sourceMappingURL=spec-language.js.map

package/dist/verify/formal/spec-language.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"spec-language.js","sourceRoot":"","sources":["../../../src/verify/formal/spec-language.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AA4CH,SAAS,UAAU,CAAC,GAAmB,EAAE,IAAY,EAAE,IAAY;IACjE,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC;QAAE,OAAO;IACnC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACvB,GAAG,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC9B,CAAC;AAED;;;;GAIG;AACH,SAAS,cAAc,CACrB,CAAY,EACZ,GAAmB,EACnB,OAAgB;IAEhB,QAAQ,CAAC,CAAC,IAAI,EAAE,CAAC;QACf,KAAK,mBAAmB,CAAC,CAAC,CAAC;YACzB,kFAAkF;YAClF,UAAU,CAAC,GAAG,EAAE,oCAAoC,EAAE,eAAe,CAAC,CAAC;YACvE,UAAU,CAAC,GAAG,EAAE,mCAAmC,EAAE,cAAc,CAAC,CAAC;YACrE,sDAAsD;YACtD,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;YACrD,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;YACpD,MAAM,IAAI,GAAG,qCAAqC,CAAC,CAAC,kBAAkB,IAAI,CAAC;YAC3E,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,OAAO,CAAC,CAAC,CAAC,QAAQ,IAAI,GAAG,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC;YACpE,OAAO;QACT,CAAC;QAED,KAAK,cAAc,CAAC,CAAC,CAAC;YACpB,sEAAsE;YACtE,kEAAkE;YAClE,0DAA0D;YAC1D,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC;YAC1C,MAAM,OAAO,GAAG,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YAC7D,mEAAmE;YACnE,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC;YACxC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,OAAO,CAAC,CAAC,CAAC,QAAQ,IAAI,GAAG,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC;YACpE,OAAO;QACT,CAAC;QAED,KAAK,kBAAkB,CAAC,CAAC,CAAC;YACxB,MAAM,IAAI,GAAG,CAAC,CAAC,aAAa,IAAI,WAAW,CAAC;YAC5C,UAAU,CAAC,GAAG,EAAE,kBAAkB,IAAI,OAAO,EAAE,IAAI,CAAC,CAAC;YACrD,0BAA0B;YAC1B,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,eAAe,IAAI,MAAM,CAAC,CAAC;YAC/C,MAAM,IAAI,GAAG,MAAM,IAAI,KAAK,CAAC;YAC7B,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,OAAO,CAAC,CAAC,CAAC,QAAQ,IAAI,GAAG,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC;YACpE,OAAO;QACT,CAAC;QAED,KAAK,mBAAmB,CAAC,CAAC,CAAC;YACzB,UAAU,CAAC,GAAG,EAAE,2BAA2B,EAAE,MAAM,CAAC,CAAC;YACrD,UAAU,CAAC,GAAG,EAAE,4BAA4B,EAAE,OAAO,CAAC,CAAC;YACvD,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;YAC3C,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;YAC7C,MAAM,IAAI,GAAG,sBAAsB,CAAC,CAAC,aAAa,GAAG,CAAC;YACtD,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,OAAO,CAAC,CAAC,CAAC,QAAQ,IAAI,GAAG,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC;YACpE,OAAO;QACT,CAAC;QAED,KAAK,eAAe,CAAC,CAAC,CAAC;YACrB,UAAU,CAAC,GAAG,EAAE,kCAAkC,EAAE,aAAa,CAAC,CAAC;YACnE,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;YACnD,MAAM,IAAI,GAAG,mBAAmB,CAAC,CAAC,MAAM,GAAG,CAAC;YAC5C,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,OAAO,CAAC,CAAC,CAAC,QAAQ,IAAI,GAAG,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC;YACpE,OAAO;QACT,CAAC;QAED,KAAK,YAAY,CAAC,CAAC,CAAC;YAClB,MAAM,IAAI,GAAG,CAAC,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;YACnC,wEAAwE;YACxE,IAAI,OAAO,EAAE,CAAC;gBACZ,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,gBAAgB,IAAI,IAAI,CAAC,CAAC;YAChD,CAAC;iBAAM,CAAC;gBACN,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,IAAI,GAAG,CAAC,CAAC;YAC1C,CAAC;YACD,OAAO;QACT,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,YAAY,CAAC,IAAe;IAC1C,MAAM,GAAG,GAAmB;QAC1B,QAAQ,EAAE,IAAI,GAAG,EAAE;QACnB,YAAY,EAAE,EAAE;QAChB,UAAU,EAAE,EAAE;KACf,CAAC;IAEF,uEAAuE;IACvE,iEAAiE;IACjE,MAAM,MAAM,GAAG,CAAC,iBAAiB,EAAE,iBAAiB,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;IAElE,gDAAgD;IAChD,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;QACrC,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;IAClC,CAAC;IAED,uCAAuC;IACvC,yEAAyE;IACzE,kEAAkE;IAClE,oEAAoE;IACpE,sEAAsE;IACtE,iFAAiF;IACjF,IAAI,IAAI,CAAC,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrC,sEAAsE;QACtE,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;IACxC,CAAC;SAAM,IAAI,IAAI,CAAC,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5C,cAAc,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAE,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;IACrD,CAAC;SAAM,CAAC;QACN,sEAAsE;QACtE,qCAAqC;QACrC,MAAM,MAAM,GAAmB;YAC7B,QAAQ,EAAE,GAAG,CAAC,QAAQ;YACtB,YAAY,EAAE,GAAG,CAAC,YAAY;YAC9B,UAAU,EAAE,EAAE;SACf,CAAC;QACF,MAAM,YAAY,GAAa,EAAE,CAAC;QAClC,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACvC,MAAM,MAAM,GAAG,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC;YACxC,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;YACnC,0EAA0E;YAC1E,uEAAuE;YACvE,0EAA0E;YAC1E,mEAAmE;YACnE,KAAK,IAAI,CAAC,GAAG,MAAM,EAAE,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACvD,MAAM,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAE,CAAC;gBAChC,sEAAsE;gBACtE,4CAA4C;gBAC5C,IAAI,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;oBACxB,4DAA4D;oBAC5D,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC;oBAC7C,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBAC3B,CAAC;YACH,CAAC;YACD,+DAA+D;YAC/D,kDAAkD;YAClD,MAAM,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;QAC5E,CAAC;QACD,GAAG,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC;QACnC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,eAAe,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACjE,CAAC;IAED,OAAO;QACL,GAAG,MAAM;QACT,GAAG,GAAG,CAAC,YAAY;QACnB,GAAG,GAAG,CAAC,UAAU;QACjB,aAAa;QACb,aAAa;KACd,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED,8EAA8E;AAC9E,0CAA0C;AAC1C,8EAA8E;AAE9E;;;;;;;;;GASG;AACH,MAAM,CAAC,MAAM,WAAW,GAA8B;IACpD,OAAO,EAAE;QACP,KAAK,EAAE,SAAS;QAChB,aAAa,EAAE,EAAE;QACjB,cAAc,EAAE;YACd,EAAE,IAAI,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,GAAG,EAAE;YACtD,EAAE,IAAI,EAAE,eAAe,EAAE,MAAM,EAAE,MAAM,EAAE;SAC1C;QACD,UAAU,EAAE,IAAI;KACjB;IACD,cAAc,EAAE;QACd,KAAK,EAAE,gBAAgB;QACvB,aAAa,EAAE,EAAE;QACjB,cAAc,EAAE;YACd,EAAE,IAAI,EAAE,kBAAkB,EAAE;YAC5B,EAAE,IAAI,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,GAAG,EAAE;SACvD;QACD,UAAU,EAAE,MAAM;KACnB;IACD,IAAI,EAAE;QACJ,KAAK,EAAE,MAAM;QACb,aAAa,EAAE,EAAE;QACjB,cAAc,EAAE,CAAC,EAAE,IAAI,EAAE,mBAAmB,EAAE,aAAa,EAAE,GAAG,EAAE,CAAC;QACnE,UAAU,EAAE,IAAI;KACjB;IACD,WAAW,EAAE;QACX,KAAK,EAAE,aAAa;QACpB,aAAa,EAAE,EAAE;QACjB,cAAc,EAAE,CAAC,EAAE,IAAI,EAAE,eAAe,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;QAC3D,UAAU,EAAE,IAAI;KACjB;IACD,UAAU,EAAE;QACV,KAAK,EAAE,YAAY;QACnB,aAAa,EAAE,EAAE;QACjB,cAAc,EAAE,CAAC,EAAE,IAAI,EAAE,mBAAmB,EAAE,aAAa,EAAE,GAAG,EAAE,CAAC;QACnE,UAAU,EAAE,IAAI;KACjB;CACF,CAAC"}

package/docs/attestation.md ADDED Viewed

@@ -0,0 +1,199 @@
+# Run Certificate Verification (Standalone)
+**Module:** `@vauban-org/agent-sdk/proof/cert-verify` · **Since:** CC v3.1 sprint-562 (Livrable D, 2026-05-14)
+The standalone verifier in `src/proof/cert-verify.ts` verifies a `SignedRunProofCertificate` without any database or network dependency. It is the verification counterpart to the CC server's signing surface (`src/proof/ed25519-signer.ts`) and implements [draft-vauban-skill-attestation-00 §5](https://datatracker.ietf.org/doc/draft-vauban-skill-attestation/).
+Suitable for: CI pipelines, third-party integrators, audits, and the `preste attest verify` CLI command.
+## Quick start
+```typescript
+import { verifyRunCertificate } from "@vauban-org/agent-sdk/proof/cert-verify";
+import { readFileSync } from "node:fs";
+const cert = JSON.parse(readFileSync("cert.json", "utf-8"));
+const result = verifyRunCertificate(cert);
+if (!result.valid) {
+  console.error(`Verification failed: ${result.reason} — ${result.details}`);
+  process.exit(1);
+}
+console.log("Certificate valid. hash:", result.recomputed_cert_hash_felt252);
+```
+---
+## Imports
+```typescript
+import {
+  verifyRunCertificate,
+  computeCertHashFelt252,
+  publicKeyFromSpkiB64,
+  CERT_MARKER_FELT,
+} from "@vauban-org/agent-sdk/proof/cert-verify";
+import type {
+  CertVerifyResult,
+  CertVerifyFailReason,
+  CertVerifyOptions,
+  SignedRunProofCertificateLike,
+  SignaturePayload,
+} from "@vauban-org/agent-sdk/proof/cert-verify";
+```
+---
+## Types
+```typescript
+interface CertVerifyResult {
+  valid: boolean;
+  reason?: CertVerifyFailReason;          // only when valid === false
+  details?: string;                       // human-readable context
+  recomputed_cert_hash_felt252: string;   // always present — useful for debug
+}
+type CertVerifyFailReason =
+  | "missing_signature"    // cert.signature field absent
+  | "wrong_alg"            // alg !== "Ed25519"
+  | "hash_mismatch"        // embedded cert_hash_felt252 != recomputed
+  | "kid_mismatch"         // expectedKid set and does not match
+  | "pubkey_unresolvable"  // SPKI base64 malformed or not Ed25519
+  | "signature_invalid"    // Ed25519 verify returns false
+  | "malformed_signature"; // signature.value is not valid base64 / wrong length
+interface CertVerifyOptions {
+  expectedPublicKey?: KeyObject;  // Node.js KeyObject (bypass embedded SPKI)
+  expectedKid?: string;           // pin to a specific key ID
+}
+```
+---
+## `verifyRunCertificate(cert, opts?)`
+```typescript
+function verifyRunCertificate(
+  cert: SignedRunProofCertificateLike,
+  opts?: CertVerifyOptions
+): CertVerifyResult
+```
+Returns synchronously — all crypto is Node.js built-in `node:crypto`. Never throws on verification failure; only throws when `cert` is not a plain object.
+`recomputed_cert_hash_felt252` is always returned regardless of outcome — use it to debug `hash_mismatch` failures without a separate call.
+### Basic verification
+```typescript
+const result = verifyRunCertificate(cert);
+if (!result.valid) {
+  console.error(`Invalid: ${result.reason} — ${result.details}`);
+}
+```
+### Pin to a known public key (recommended for production)
+```typescript
+import { publicKeyFromSpkiB64, verifyRunCertificate } from "@vauban-org/agent-sdk/proof/cert-verify";
+const pubkey = publicKeyFromSpkiB64(process.env["CC_ATTEST_PUBKEY_SPKI_B64"]!);
+const result = verifyRunCertificate(cert, { expectedPublicKey: pubkey });
+```
+`publicKeyFromSpkiB64` throws if the base64 is malformed or the key is not Ed25519. Call it once at startup and cache the `KeyObject`.
+### Pin to a key ID
+```typescript
+const result = verifyRunCertificate(cert, {
+  expectedKid: "cc-attest-2026-05",
+});
+// → reason: "kid_mismatch" if cert was signed with a different key
+```
+### CI pipeline — exit code gate
+```typescript
+import { verifyRunCertificate } from "@vauban-org/agent-sdk/proof/cert-verify";
+import { readFileSync } from "node:fs";
+const cert = JSON.parse(readFileSync("cert.json", "utf-8"));
+const { valid, reason, recomputed_cert_hash_felt252 } = verifyRunCertificate(cert);
+console.log(`hash: ${recomputed_cert_hash_felt252}`);
+process.exit(valid ? 0 : 1);
+```
+---
+## Verification algorithm
+Implements draft-vauban-skill-attestation-00 §5. Seven sequential checks — the first failure stops the chain:
+| Step | Check | Failure reason |
+|------|-------|----------------|
+| 1 | `cert.signature` field is present | `missing_signature` |
+| 2 | `signature.alg === "Ed25519"` | `wrong_alg` |
+| 3 | Strip `signature`, JCS-canonicalize (RFC 8785 subset: sorted keys, `-0 → 0`), SHA-256 first 31 bytes → felt252, Poseidon(`[0x1, sha_felt, CERT_MARKER_FELT]`) — compare with `signature.cert_hash_felt252` | `hash_mismatch` |
+| 4 | If `opts.expectedKid` set, compare with `signature.kid` | `kid_mismatch` |
+| 5 | Resolve public key: `opts.expectedPublicKey` if provided, else `publicKeyFromSpkiB64(signature.pubkey_spki_b64)` | `pubkey_unresolvable` |
+| 6 | Decode `signature.value` from base64, assert 64 bytes | `malformed_signature` |
+| 7 | Ed25519 verify: `crypto.verify(null, felt252Bytes(recomputed), pubkey, sigBytes)` | `signature_invalid` |
+**`CERT_MARKER_FELT`** is the domain separator — UTF-8 `"run_cert"` encoded as a felt252 (right-aligned, zero-padded). It prevents cross-context signature reuse: a signature over a different cert type cannot satisfy the Poseidon preimage.
+---
+## `computeCertHashFelt252(cert)`
+Standalone hash computation — useful for debugging `hash_mismatch` failures.
+```typescript
+import { computeCertHashFelt252 } from "@vauban-org/agent-sdk/proof/cert-verify";
+const expected = cert.signature?.cert_hash_felt252;
+const recomputed = computeCertHashFelt252(cert);
+if (expected !== recomputed) {
+  console.error("Hash mismatch:");
+  console.error("  embedded  :", expected);
+  console.error("  recomputed:", recomputed);
+}
+```
+`computeCertHashFelt252` strips the embedded `signature` field before hashing — calling it on a signed cert and on the pre-signature cert produces the same result.
+---
+## Security considerations
+!!! warning "Treat embedded `pubkey_spki_b64` as a key-discovery hint, not a security guarantee"
+    The `pubkey_spki_b64` field in `signature` helps resolve the signing key for display and debugging, but an attacker can substitute it with their own public key and produce a valid self-consistent signature.
+    For production use, always pin to a known public key via `opts.expectedPublicKey` (loaded from a trusted source such as an environment variable, K8s secret, or a JWKS registry keyed on `signature.kid`). Never accept a certificate as authoritative based solely on its embedded public key.
+---
+## `preste attest verify` CLI
+The standalone verifier is the engine behind the CLI command:
+```bash
+preste attest verify cert.json
+# Exit 0: certificate valid
+# Exit 1: verification failed — reason printed to stderr
+preste attest verify cert.json --kid cc-attest-2026-05
+# Adds kid pinning
+preste attest verify cert.json --pubkey "$CC_ATTEST_PUBKEY_SPKI_B64"
+# Pins to an explicit SPKI base64 public key
+```
+The CLI sets `process.exitCode` to `1` on failure so it composes naturally with `&&` in shell scripts and CI steps.