npm - @vauban-org/agent-sdk - Versions diffs - 1.0.0 → 1.2.0 - Mend

@vauban-org/agent-sdk 1.0.0 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (442) hide show

package/CONTRACT.md +6401 -813
package/dist/adapters/llm/anthropic-direct.d.ts +1 -0
package/dist/adapters/llm/anthropic-direct.d.ts.map +1 -1
package/dist/adapters/llm/anthropic-direct.js +43 -0
package/dist/adapters/llm/anthropic-direct.js.map +1 -1
package/dist/adapters/llm/cascade.d.ts.map +1 -1
package/dist/adapters/llm/cascade.js +57 -14
package/dist/adapters/llm/cascade.js.map +1 -1
package/dist/adapters/llm/litellm.d.ts +2 -0
package/dist/adapters/llm/litellm.d.ts.map +1 -1
package/dist/adapters/llm/litellm.js +44 -0
package/dist/adapters/llm/litellm.js.map +1 -1
package/dist/compute/difficulty-estimator.d.ts +53 -0
package/dist/compute/difficulty-estimator.d.ts.map +1 -0
package/dist/compute/difficulty-estimator.js +82 -0
package/dist/compute/difficulty-estimator.js.map +1 -0
package/dist/compute/strategies/mixture-of-agents.d.ts +40 -0
package/dist/compute/strategies/mixture-of-agents.d.ts.map +1 -0
package/dist/compute/strategies/mixture-of-agents.js +110 -0
package/dist/compute/strategies/mixture-of-agents.js.map +1 -0
package/dist/compute/strategies/tree-of-thoughts.d.ts +48 -0
package/dist/compute/strategies/tree-of-thoughts.d.ts.map +1 -0
package/dist/compute/strategies/tree-of-thoughts.js +242 -0
package/dist/compute/strategies/tree-of-thoughts.js.map +1 -0
package/dist/compute/strategies/two-phase-orient.d.ts +72 -0
package/dist/compute/strategies/two-phase-orient.d.ts.map +1 -0
package/dist/compute/strategies/two-phase-orient.js +85 -0
package/dist/compute/strategies/two-phase-orient.js.map +1 -0
package/dist/constitution/types.d.ts +10 -10
package/dist/container/protocol.d.ts +134 -0
package/dist/container/protocol.d.ts.map +1 -0
package/dist/container/protocol.js +157 -0
package/dist/container/protocol.js.map +1 -0
package/dist/container/runtime.d.ts +140 -0
package/dist/container/runtime.d.ts.map +1 -0
package/dist/container/runtime.js +256 -0
package/dist/container/runtime.js.map +1 -0
package/dist/events/catalogue.d.ts +46 -46
package/dist/events/schemas/agent.completed.v1.d.ts +4 -4
package/dist/events/schemas/agent.failed.v1.d.ts +2 -2
package/dist/events/schemas/agent.hitl_resolved.v1.d.ts +2 -2
package/dist/events/schemas/agent.started.v1.d.ts +2 -2
package/dist/events/schemas/brain.skill.extracted.v1.d.ts +4 -4
package/dist/events/schemas/cc.cost.anomaly_detected.v1.d.ts +2 -2
package/dist/events/schemas/cc.cost.recorded.v1.d.ts +4 -4
package/dist/events/schemas/citadel.sprint.analyzed.v1.d.ts +6 -6
package/dist/events/schemas/citadel.sprint.closed.v1.d.ts +2 -2
package/dist/events/schemas/forge.inbox.reply_classified.v1.d.ts +6 -6
package/dist/events/schemas/forge.lead.qualified.v1.d.ts +2 -2
package/dist/events/schemas/forge.outreach.sent.v1.d.ts +4 -4
package/dist/events/schemas/incident.detected.v1.d.ts +2 -2
package/dist/events/schemas/vauban.goal.checked.v1.d.ts +2 -2
package/dist/events/schemas/vauban.rebalancing.checked.v1.d.ts +2 -2
package/dist/events/schemas/vauban.tax.checked.v1.d.ts +2 -2
package/dist/events/schemas/vauban.vault.analyzed.v1.d.ts +6 -6
package/dist/identity/agent-persona.d.ts +73 -0
package/dist/identity/agent-persona.d.ts.map +1 -0
package/dist/identity/agent-persona.js +165 -0
package/dist/identity/agent-persona.js.map +1 -0
package/dist/identity/persona-prompt.d.ts +25 -0
package/dist/identity/persona-prompt.d.ts.map +1 -0
package/dist/identity/persona-prompt.js +71 -0
package/dist/identity/persona-prompt.js.map +1 -0
package/dist/identity/persona-schema.d.ts +120 -0
package/dist/identity/persona-schema.d.ts.map +1 -0
package/dist/identity/persona-schema.js +103 -0
package/dist/identity/persona-schema.js.map +1 -0
package/dist/index.d.ts +37 -2
package/dist/index.d.ts.map +1 -1
package/dist/index.js +29 -1
package/dist/index.js.map +1 -1
package/dist/loop/minimal-loop.js +293 -287
package/dist/memory/episodic-rrf.d.ts +114 -0
package/dist/memory/episodic-rrf.d.ts.map +1 -0
package/dist/memory/episodic-rrf.js +148 -0
package/dist/memory/episodic-rrf.js.map +1 -0
package/dist/mesh/attenuation.d.ts +78 -0
package/dist/mesh/attenuation.d.ts.map +1 -0
package/dist/mesh/attenuation.js +141 -0
package/dist/mesh/attenuation.js.map +1 -0
package/dist/mesh/delegate.d.ts +96 -0
package/dist/mesh/delegate.d.ts.map +1 -0
package/dist/mesh/delegate.js +172 -0
package/dist/mesh/delegate.js.map +1 -0
package/dist/mesh/dispatcher.d.ts +119 -0
package/dist/mesh/dispatcher.d.ts.map +1 -0
package/dist/mesh/dispatcher.js +207 -0
package/dist/mesh/dispatcher.js.map +1 -0
package/dist/mesh/index.d.ts +12 -0
package/dist/mesh/index.d.ts.map +1 -0
package/dist/mesh/index.js +11 -0
package/dist/mesh/index.js.map +1 -0
package/dist/mesh/types.d.ts +30 -0
package/dist/mesh/types.d.ts.map +1 -0
package/dist/mesh/types.js +11 -0
package/dist/mesh/types.js.map +1 -0
package/dist/orchestration/ooda/skills.d.ts +104 -0
package/dist/orchestration/ooda/skills.d.ts.map +1 -1
package/dist/orchestration/ooda/skills.js +106 -0
package/dist/orchestration/ooda/skills.js.map +1 -1
package/dist/ports/bastion-action.contract.test.d.ts +11 -0
package/dist/ports/bastion-action.contract.test.d.ts.map +1 -0
package/dist/ports/bastion-action.contract.test.js +238 -0
package/dist/ports/bastion-action.contract.test.js.map +1 -0
package/dist/ports/bastion-action.d.ts +133 -0
package/dist/ports/bastion-action.d.ts.map +1 -0
package/dist/ports/bastion-action.js +73 -0
package/dist/ports/bastion-action.js.map +1 -0
package/dist/ports/brain.d.ts +31 -0
package/dist/ports/brain.d.ts.map +1 -1
package/dist/ports/brain.js +115 -1
package/dist/ports/brain.js.map +1 -1
package/dist/ports/citadel-action.contract.test.d.ts +11 -0
package/dist/ports/citadel-action.contract.test.d.ts.map +1 -0
package/dist/ports/citadel-action.contract.test.js +317 -0
package/dist/ports/citadel-action.contract.test.js.map +1 -0
package/dist/ports/citadel-action.d.ts +111 -0
package/dist/ports/citadel-action.d.ts.map +1 -0
package/dist/ports/citadel-action.js +62 -0
package/dist/ports/citadel-action.js.map +1 -0
package/dist/ports/compliance-contract.d.ts +123 -0
package/dist/ports/compliance-contract.d.ts.map +1 -0
package/dist/ports/compliance-contract.js +35 -0
package/dist/ports/compliance-contract.js.map +1 -0
package/dist/ports/db.d.ts +38 -0
package/dist/ports/db.d.ts.map +1 -1
package/dist/ports/db.js +88 -1
package/dist/ports/db.js.map +1 -1
package/dist/ports/delegation.contract.test.d.ts +9 -0
package/dist/ports/delegation.contract.test.d.ts.map +1 -0
package/dist/ports/delegation.contract.test.js +337 -0
package/dist/ports/delegation.contract.test.js.map +1 -0
package/dist/ports/delegation.d.ts +134 -0
package/dist/ports/delegation.d.ts.map +1 -0
package/dist/ports/delegation.js +105 -0
package/dist/ports/delegation.js.map +1 -0
package/dist/ports/event-bus.d.ts +29 -0
package/dist/ports/event-bus.d.ts.map +1 -1
package/dist/ports/event-bus.js +106 -1
package/dist/ports/event-bus.js.map +1 -1
package/dist/ports/federation.contract.test.d.ts +9 -0
package/dist/ports/federation.contract.test.d.ts.map +1 -0
package/dist/ports/federation.contract.test.js +279 -0
package/dist/ports/federation.contract.test.js.map +1 -0
package/dist/ports/federation.d.ts +140 -0
package/dist/ports/federation.d.ts.map +1 -0
package/dist/ports/federation.js +57 -0
package/dist/ports/federation.js.map +1 -0
package/dist/ports/index.d.ts +28 -2
package/dist/ports/index.d.ts.map +1 -1
package/dist/ports/index.js +17 -2
package/dist/ports/index.js.map +1 -1
package/dist/ports/llm-provider.d.ts +37 -0
package/dist/ports/llm-provider.d.ts.map +1 -1
package/dist/ports/llm-provider.js +99 -1
package/dist/ports/llm-provider.js.map +1 -1
package/dist/ports/logger.d.ts +27 -0
package/dist/ports/logger.d.ts.map +1 -1
package/dist/ports/logger.js +87 -0
package/dist/ports/logger.js.map +1 -1
package/dist/ports/manifest-registry.contract.test.d.ts +9 -0
package/dist/ports/manifest-registry.contract.test.d.ts.map +1 -0
package/dist/ports/manifest-registry.contract.test.js +246 -0
package/dist/ports/manifest-registry.contract.test.js.map +1 -0
package/dist/ports/manifest-registry.d.ts +116 -0
package/dist/ports/manifest-registry.d.ts.map +1 -0
package/dist/ports/manifest-registry.js +79 -0
package/dist/ports/manifest-registry.js.map +1 -0
package/dist/ports/observability.contract.test.d.ts +12 -0
package/dist/ports/observability.contract.test.d.ts.map +1 -0
package/dist/ports/observability.contract.test.js +260 -0
package/dist/ports/observability.contract.test.js.map +1 -0
package/dist/ports/observability.d.ts +98 -0
package/dist/ports/observability.d.ts.map +1 -0
package/dist/ports/observability.js +59 -0
package/dist/ports/observability.js.map +1 -0
package/dist/ports/outcome.d.ts +26 -0
package/dist/ports/outcome.d.ts.map +1 -1
package/dist/ports/outcome.js +62 -1
package/dist/ports/outcome.js.map +1 -1
package/dist/ports/privacy.contract.test.d.ts +12 -0
package/dist/ports/privacy.contract.test.d.ts.map +1 -0
package/dist/ports/privacy.contract.test.js +325 -0
package/dist/ports/privacy.contract.test.js.map +1 -0
package/dist/ports/privacy.d.ts +132 -0
package/dist/ports/privacy.d.ts.map +1 -0
package/dist/ports/privacy.js +83 -0
package/dist/ports/privacy.js.map +1 -0
package/dist/ports/tenant-context.contract.test.d.ts +14 -0
package/dist/ports/tenant-context.contract.test.d.ts.map +1 -0
package/dist/ports/tenant-context.contract.test.js +352 -0
package/dist/ports/tenant-context.contract.test.js.map +1 -0
package/dist/ports/tenant-context.d.ts +103 -0
package/dist/ports/tenant-context.d.ts.map +1 -0
package/dist/ports/tenant-context.js +48 -0
package/dist/ports/tenant-context.js.map +1 -0
package/dist/ports/vauban-finance-action.contract.test.d.ts +11 -0
package/dist/ports/vauban-finance-action.contract.test.d.ts.map +1 -0
package/dist/ports/vauban-finance-action.contract.test.js +260 -0
package/dist/ports/vauban-finance-action.contract.test.js.map +1 -0
package/dist/ports/vauban-finance-action.d.ts +106 -0
package/dist/ports/vauban-finance-action.d.ts.map +1 -0
package/dist/ports/vauban-finance-action.js +60 -0
package/dist/ports/vauban-finance-action.js.map +1 -0
package/dist/ports/workflow-runtime.d.ts +204 -0
package/dist/ports/workflow-runtime.d.ts.map +1 -0
package/dist/ports/workflow-runtime.js +72 -0
package/dist/ports/workflow-runtime.js.map +1 -0
package/dist/proof/cert-verify.d.ts +80 -0
package/dist/proof/cert-verify.d.ts.map +1 -0
package/dist/proof/cert-verify.js +178 -0
package/dist/proof/cert-verify.js.map +1 -0
package/dist/replay/replay.d.ts.map +1 -1
package/dist/replay/replay.js +5 -1
package/dist/replay/replay.js.map +1 -1
package/dist/retry/index.d.ts +129 -0
package/dist/retry/index.d.ts.map +1 -0
package/dist/retry/index.js +156 -0
package/dist/retry/index.js.map +1 -0
package/dist/retry/presets.d.ts +39 -0
package/dist/retry/presets.d.ts.map +1 -0
package/dist/retry/presets.js +69 -0
package/dist/retry/presets.js.map +1 -0
package/dist/skill-loop/ab-runner.d.ts +67 -0
package/dist/skill-loop/ab-runner.d.ts.map +1 -0
package/dist/skill-loop/ab-runner.js +160 -0
package/dist/skill-loop/ab-runner.js.map +1 -0
package/dist/skill-loop/adoption.d.ts +67 -0
package/dist/skill-loop/adoption.d.ts.map +1 -0
package/dist/skill-loop/adoption.js +126 -0
package/dist/skill-loop/adoption.js.map +1 -0
package/dist/skill-loop/candidate.d.ts +45 -0
package/dist/skill-loop/candidate.d.ts.map +1 -0
package/dist/skill-loop/candidate.js +43 -0
package/dist/skill-loop/candidate.js.map +1 -0
package/dist/skill-loop/evaluator.d.ts +42 -0
package/dist/skill-loop/evaluator.d.ts.map +1 -0
package/dist/skill-loop/evaluator.js +184 -0
package/dist/skill-loop/evaluator.js.map +1 -0
package/dist/skill-loop/index.d.ts +27 -0
package/dist/skill-loop/index.d.ts.map +1 -0
package/dist/skill-loop/index.js +27 -0
package/dist/skill-loop/index.js.map +1 -0
package/dist/skill-loop/reflexion-replay.d.ts +87 -0
package/dist/skill-loop/reflexion-replay.d.ts.map +1 -0
package/dist/skill-loop/reflexion-replay.js +110 -0
package/dist/skill-loop/reflexion-replay.js.map +1 -0
package/dist/skill-loop/sign-off.d.ts +88 -0
package/dist/skill-loop/sign-off.d.ts.map +1 -0
package/dist/skill-loop/sign-off.js +146 -0
package/dist/skill-loop/sign-off.js.map +1 -0
package/dist/skill-loop/value-metric.d.ts +55 -0
package/dist/skill-loop/value-metric.d.ts.map +1 -0
package/dist/skill-loop/value-metric.js +69 -0
package/dist/skill-loop/value-metric.js.map +1 -0
package/dist/skill-loop/versioning.d.ts +36 -0
package/dist/skill-loop/versioning.d.ts.map +1 -0
package/dist/skill-loop/versioning.js +47 -0
package/dist/skill-loop/versioning.js.map +1 -0
package/dist/skill-manifest/anchor.d.ts +91 -0
package/dist/skill-manifest/anchor.d.ts.map +1 -0
package/dist/skill-manifest/anchor.js +331 -0
package/dist/skill-manifest/anchor.js.map +1 -0
package/dist/skill-manifest/builder.d.ts +47 -0
package/dist/skill-manifest/builder.d.ts.map +1 -0
package/dist/skill-manifest/builder.js +93 -0
package/dist/skill-manifest/builder.js.map +1 -0
package/dist/skill-manifest/index.d.ts +13 -0
package/dist/skill-manifest/index.d.ts.map +1 -0
package/dist/skill-manifest/index.js +9 -0
package/dist/skill-manifest/index.js.map +1 -0
package/dist/skill-manifest/types.d.ts +67 -0
package/dist/skill-manifest/types.d.ts.map +1 -0
package/dist/skill-manifest/types.js +16 -0
package/dist/skill-manifest/types.js.map +1 -0
package/dist/skill-manifest/verifier.d.ts +42 -0
package/dist/skill-manifest/verifier.d.ts.map +1 -0
package/dist/skill-manifest/verifier.js +136 -0
package/dist/skill-manifest/verifier.js.map +1 -0
package/dist/skills/brain-query.d.ts +4 -4
package/dist/skills/brain-store.d.ts +6 -6
package/dist/skills/errors.d.ts +15 -0
package/dist/skills/errors.d.ts.map +1 -1
package/dist/skills/errors.js +21 -0
package/dist/skills/errors.js.map +1 -1
package/dist/skills/hitl-request.d.ts +2 -2
package/dist/skills/index.d.ts +3 -1
package/dist/skills/index.d.ts.map +1 -1
package/dist/skills/index.js +4 -1
package/dist/skills/index.js.map +1 -1
package/dist/skills/markdown/loader.d.ts +52 -0
package/dist/skills/markdown/loader.d.ts.map +1 -0
package/dist/skills/markdown/loader.js +93 -0
package/dist/skills/markdown/loader.js.map +1 -0
package/dist/skills/markdown/schema.d.ts +432 -0
package/dist/skills/markdown/schema.d.ts.map +1 -0
package/dist/skills/markdown/schema.js +121 -0
package/dist/skills/markdown/schema.js.map +1 -0
package/dist/skills/poc-md-loader/markdown-loader.d.ts +77 -0
package/dist/skills/poc-md-loader/markdown-loader.d.ts.map +1 -0
package/dist/skills/poc-md-loader/markdown-loader.js +125 -0
package/dist/skills/poc-md-loader/markdown-loader.js.map +1 -0
package/dist/skills/poc-md-loader/runner.d.ts +24 -0
package/dist/skills/poc-md-loader/runner.d.ts.map +1 -0
package/dist/skills/poc-md-loader/runner.js +57 -0
package/dist/skills/poc-md-loader/runner.js.map +1 -0
package/dist/skills/poc-md-loader/vitest.poc.config.d.ts +3 -0
package/dist/skills/poc-md-loader/vitest.poc.config.d.ts.map +1 -0
package/dist/skills/poc-md-loader/vitest.poc.config.js +13 -0
package/dist/skills/poc-md-loader/vitest.poc.config.js.map +1 -0
package/dist/skills/poc-md-loader/web-search/script.d.ts +33 -0
package/dist/skills/poc-md-loader/web-search/script.d.ts.map +1 -0
package/dist/skills/poc-md-loader/web-search/script.js +75 -0
package/dist/skills/poc-md-loader/web-search/script.js.map +1 -0
package/dist/skills/record-outcome.d.ts +4 -4
package/dist/skills/send-email.d.ts.map +1 -1
package/dist/skills/send-email.js +15 -3
package/dist/skills/send-email.js.map +1 -1
package/dist/skills/slack-notify.d.ts +4 -4
package/dist/skills/starknet-balance.d.ts +1 -1
package/dist/skills/telegram-notify.d.ts +4 -4
package/dist/skills/web-search.d.ts +1 -1
package/dist/testing/index.d.ts +3 -0
package/dist/testing/test-brain-port.d.ts +4 -0
package/dist/testing/test-brain-port.d.ts.map +1 -1
package/dist/testing/test-brain-port.js +75 -20
package/dist/testing/test-brain-port.js.map +1 -1
package/dist/testing/test-event-bus.d.ts.map +1 -1
package/dist/testing/test-event-bus.js +89 -36
package/dist/testing/test-event-bus.js.map +1 -1
package/dist/trace/schema.d.ts +1 -1
package/dist/trace/schema.d.ts.map +1 -1
package/dist/trace/schema.js +1 -1
package/dist/trace/schema.js.map +1 -1
package/dist/verify/formal/index.d.ts +44 -0
package/dist/verify/formal/index.d.ts.map +1 -0
package/dist/verify/formal/index.js +98 -0
package/dist/verify/formal/index.js.map +1 -0
package/dist/verify/formal/policy.d.ts +105 -0
package/dist/verify/formal/policy.d.ts.map +1 -0
package/dist/verify/formal/policy.js +159 -0
package/dist/verify/formal/policy.js.map +1 -0
package/dist/verify/formal/result.d.ts +50 -0
package/dist/verify/formal/result.d.ts.map +1 -0
package/dist/verify/formal/result.js +21 -0
package/dist/verify/formal/result.js.map +1 -0
package/dist/verify/formal/solver.d.ts +67 -0
package/dist/verify/formal/solver.d.ts.map +1 -0
package/dist/verify/formal/solver.js +184 -0
package/dist/verify/formal/solver.js.map +1 -0
package/dist/verify/formal/spec-language.d.ts +80 -0
package/dist/verify/formal/spec-language.d.ts.map +1 -0
package/dist/verify/formal/spec-language.js +219 -0
package/dist/verify/formal/spec-language.js.map +1 -0
package/docs/attestation.md +199 -0
package/docs/identity.md +193 -0
package/package.json +34 -17
package/src/adapters/llm/anthropic-direct.ts +51 -0
package/src/adapters/llm/cascade.ts +64 -19
package/src/adapters/llm/litellm.ts +49 -0
package/src/compute/difficulty-estimator.ts +111 -0
package/src/compute/strategies/mixture-of-agents.ts +150 -0
package/src/compute/strategies/tree-of-thoughts.ts +293 -0
package/src/compute/strategies/two-phase-orient.ts +147 -0
package/src/container/protocol.ts +243 -0
package/src/container/runtime.ts +424 -0
package/src/db/migrations/026_formal_verify_results.sql +30 -0
package/src/identity/agent-persona.ts +203 -0
package/src/identity/persona-prompt.ts +84 -0
package/src/identity/persona-schema.ts +127 -0
package/src/index.ts +338 -1
package/src/memory/episodic-rrf.ts +224 -0
package/src/mesh/attenuation.ts +190 -0
package/src/mesh/delegate.ts +254 -0
package/src/mesh/dispatcher.ts +301 -0
package/src/mesh/index.ts +39 -0
package/src/mesh/types.ts +31 -0
package/src/orchestration/ooda/skills.ts +177 -0
package/src/ports/bastion-action.contract.test.ts +355 -0
package/src/ports/bastion-action.ts +198 -0
package/src/ports/brain.ts +177 -15
package/src/ports/citadel-action.contract.test.ts +430 -0
package/src/ports/citadel-action.ts +174 -0
package/src/ports/compliance-contract.ts +191 -0
package/src/ports/db.ts +98 -0
package/src/ports/delegation.contract.test.ts +428 -0
package/src/ports/delegation.ts +211 -0
package/src/ports/event-bus.ts +133 -0
package/src/ports/federation.contract.test.ts +355 -0
package/src/ports/federation.ts +190 -0
package/src/ports/index.ts +186 -1
package/src/ports/llm-provider.ts +123 -0
package/src/ports/logger.ts +104 -0
package/src/ports/manifest-registry.contract.test.ts +324 -0
package/src/ports/manifest-registry.ts +188 -0
package/src/ports/observability.contract.test.ts +315 -0
package/src/ports/observability.ts +150 -0
package/src/ports/outcome.ts +69 -0
package/src/ports/privacy.contract.test.ts +413 -0
package/src/ports/privacy.ts +207 -0
package/src/ports/tenant-context.contract.test.ts +454 -0
package/src/ports/tenant-context.ts +150 -0
package/src/ports/vauban-finance-action.contract.test.ts +335 -0
package/src/ports/vauban-finance-action.ts +166 -0
package/src/ports/workflow-runtime.ts +327 -0
package/src/proof/cert-verify.ts +249 -0
package/src/replay/replay.ts +11 -8
package/src/retry/index.ts +227 -0
package/src/retry/presets.ts +75 -0
package/src/skill-loop/ab-runner.ts +196 -0
package/src/skill-loop/adoption.ts +188 -0
package/src/skill-loop/candidate.ts +75 -0
package/src/skill-loop/evaluator.ts +238 -0
package/src/skill-loop/index.ts +51 -0
package/src/skill-loop/reflexion-replay.ts +173 -0
package/src/skill-loop/sign-off.ts +247 -0
package/src/skill-loop/value-metric.ts +120 -0
package/src/skill-loop/versioning.ts +75 -0
package/src/skill-manifest/anchor.ts +401 -0
package/src/skill-manifest/builder.ts +129 -0
package/src/skill-manifest/index.ts +18 -0
package/src/skill-manifest/types.ts +72 -0
package/src/skill-manifest/verifier.ts +198 -0
package/src/skills/errors.ts +30 -2
package/src/skills/index.ts +19 -0
package/src/skills/markdown/loader.ts +129 -0
package/src/skills/markdown/schema.ts +144 -0
package/src/skills/poc-md-loader/e2e-parity.test.ts +237 -0
package/src/skills/poc-md-loader/markdown-loader.ts +161 -0
package/src/skills/poc-md-loader/runner.ts +82 -0
package/src/skills/poc-md-loader/vitest.poc.config.ts +13 -0
package/src/skills/poc-md-loader/web-search/SKILL.md +42 -0
package/src/skills/poc-md-loader/web-search/script.ts +109 -0
package/src/skills/send-email.ts +15 -3
package/src/testing/test-brain-port.ts +98 -24
package/src/testing/test-event-bus.ts +104 -43
package/src/trace/schema.ts +1 -1
package/src/verify/formal/index.ts +154 -0
package/src/verify/formal/policy.ts +253 -0
package/src/verify/formal/result.ts +52 -0
package/src/verify/formal/solver.ts +235 -0
package/src/verify/formal/spec-language.ts +274 -0

package/dist/verify/formal/policy.js ADDED Viewed

@@ -0,0 +1,159 @@
+/**
+ * src/verify/formal/policy.ts
+ *
+ * Sprint-587 — Per-axiom policy + consumer mode resolution.
+ *
+ * The policy layer maps a 4-state {@link FormalVerifyResult} to an action
+ * (proceed / block / escalate / log), parameterised by :
+ *   - the axiom (Robuste, Institutionnel, … — each has different sensitivity)
+ *   - the consumer mode (strict / permissive / audit_only)
+ *   - the calling context (runtime vs skill_ingestion — see Tension Sprint C)
+ *
+ * Tension Sprint C : skill-loop ingestion is ALWAYS strict on UNKNOWN.
+ * Even if the runtime policy says "proceed_with_log" on UNKNOWN for the
+ * Profitable axiom, the skill-ingestion path must refuse to ingest the
+ * skill until UNKNOWN becomes SAFE. This prevents UNKNOWN-tainted skills
+ * from accumulating in the skill library.
+ *
+ * @module verify/formal/policy
+ */
+/**
+ * Default per-axiom policies.
+ *
+ * Rationale :
+ *   Robuste / Institutionnel : hard axioms — UNSAFE blocks, UNKNOWN escalates
+ *   SOTA                     : UNKNOWN allowed with audit log (SOTA evolves)
+ *   AntiFragile / Profitable : softer — UNSAFE escalates, UNKNOWN logs
+ */
+export const DEFAULT_POLICIES = {
+    Robuste: {
+        onSafe: "proceed",
+        onUnsafe: "block",
+        onUnknown: "escalate_human",
+        timeout_ms: 5000,
+        skillLoopStrict: true,
+    },
+    Institutionnel: {
+        onSafe: "proceed",
+        onUnsafe: "block",
+        onUnknown: "escalate_human",
+        timeout_ms: 10_000,
+        skillLoopStrict: true,
+    },
+    SOTA: {
+        onSafe: "proceed",
+        onUnsafe: "escalate_human",
+        onUnknown: "proceed_with_audit_log",
+        timeout_ms: 2000,
+        skillLoopStrict: true,
+    },
+    AntiFragile: {
+        onSafe: "proceed",
+        onUnsafe: "escalate_human",
+        onUnknown: "proceed_with_log",
+        timeout_ms: 1000,
+        skillLoopStrict: true,
+    },
+    Profitable: {
+        onSafe: "proceed",
+        onUnsafe: "escalate_human",
+        onUnknown: "proceed_with_log",
+        timeout_ms: 1000,
+        skillLoopStrict: true,
+    },
+};
+/**
+ * Whether an axiom is in the "hard" set (Robuste, Institutionnel) whose
+ * UNSAFE outcomes are non-negotiable.
+ */
+function isHardAxiom(axiom) {
+    return axiom === "Robuste" || axiom === "Institutionnel";
+}
+/**
+ * Apply the policy + mode + context to a single verification result.
+ *
+ * Decision order :
+ *   1. SKIPPED                                        → log
+ *   2. skill_ingestion + UNKNOWN                      → block  (Tension Sprint C)
+ *   3. mode = audit_only                              → log
+ *   4. mode = permissive + UNKNOWN                    → log    (treated as SKIPPED)
+ *   5. mode = permissive + UNSAFE + non-hard axiom    → log
+ *   6. otherwise                                      → policy.on{Safe,Unsafe,Unknown}
+ */
+export function applyPolicy(result, policy, mode, context) {
+    // 1. SKIPPED → log
+    if (result.state === "SKIPPED") {
+        return {
+            action: "log",
+            rationale: `Axiom ${result.axiom} verification was skipped (${result.rationale})`,
+        };
+    }
+    // 2. Tension Sprint C : skill_ingestion + UNKNOWN → block, always.
+    if (context === "skill_ingestion" && result.state === "UNKNOWN") {
+        return {
+            action: "block",
+            rationale: `Skill ingestion refuses UNKNOWN on axiom ${result.axiom} ` +
+                `(Tension Sprint C : skill-loop is always strict on UNKNOWN)`,
+        };
+    }
+    // 3. audit_only never blocks.
+    if (mode === "audit_only") {
+        return {
+            action: "log",
+            rationale: `audit_only mode : axiom ${result.axiom} = ${result.state}`,
+        };
+    }
+    // SAFE is always proceed.
+    if (result.state === "SAFE") {
+        return {
+            action: "proceed",
+            rationale: `Axiom ${result.axiom} proved SAFE in ${result.time_ms.toFixed(0)}ms`,
+        };
+    }
+    // 4 + 5. Permissive softening.
+    if (mode === "permissive") {
+        if (result.state === "UNKNOWN") {
+            return {
+                action: "log",
+                rationale: `permissive mode : UNKNOWN on axiom ${result.axiom} treated as ` +
+                    `non-blocking (${result.rationale})`,
+            };
+        }
+        if (result.state === "UNSAFE" && !isHardAxiom(result.axiom)) {
+            return {
+                action: "log",
+                rationale: `permissive mode : UNSAFE on soft axiom ${result.axiom} downgraded ` +
+                    `to log (${result.rationale})`,
+            };
+        }
+        // UNSAFE on hard axiom : fall through to strict policy.
+    }
+    // 6. Strict policy resolution.
+    if (result.state === "UNSAFE") {
+        return {
+            action: policy.onUnsafe,
+            rationale: `UNSAFE on axiom ${result.axiom} : ${policy.onUnsafe} ` +
+                `(counterexample : ${result.counterexample ?? "n/a"})`,
+        };
+    }
+    // result.state === "UNKNOWN" (runtime context only)
+    switch (policy.onUnknown) {
+        case "escalate_human":
+            return {
+                action: "escalate_human",
+                rationale: `UNKNOWN on axiom ${result.axiom} : escalating (${result.rationale})`,
+            };
+        case "proceed_with_audit_log":
+            return {
+                action: "log",
+                rationale: `UNKNOWN on axiom ${result.axiom} : audit-log proceed (${result.rationale})`,
+            };
+        case "proceed_with_log":
+        default:
+            return {
+                action: "log",
+                rationale: `UNKNOWN on axiom ${result.axiom} : log-proceed (${result.rationale})`,
+            };
+    }
+}
+//# sourceMappingURL=policy.js.map

package/dist/verify/formal/policy.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"policy.js","sourceRoot":"","sources":["../../../src/verify/formal/policy.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAqDH;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAgC;IAC3D,OAAO,EAAE;QACP,MAAM,EAAE,SAAS;QACjB,QAAQ,EAAE,OAAO;QACjB,SAAS,EAAE,gBAAgB;QAC3B,UAAU,EAAE,IAAI;QAChB,eAAe,EAAE,IAAI;KACtB;IACD,cAAc,EAAE;QACd,MAAM,EAAE,SAAS;QACjB,QAAQ,EAAE,OAAO;QACjB,SAAS,EAAE,gBAAgB;QAC3B,UAAU,EAAE,MAAM;QAClB,eAAe,EAAE,IAAI;KACtB;IACD,IAAI,EAAE;QACJ,MAAM,EAAE,SAAS;QACjB,QAAQ,EAAE,gBAAgB;QAC1B,SAAS,EAAE,wBAAwB;QACnC,UAAU,EAAE,IAAI;QAChB,eAAe,EAAE,IAAI;KACtB;IACD,WAAW,EAAE;QACX,MAAM,EAAE,SAAS;QACjB,QAAQ,EAAE,gBAAgB;QAC1B,SAAS,EAAE,kBAAkB;QAC7B,UAAU,EAAE,IAAI;QAChB,eAAe,EAAE,IAAI;KACtB;IACD,UAAU,EAAE;QACV,MAAM,EAAE,SAAS;QACjB,QAAQ,EAAE,gBAAgB;QAC1B,SAAS,EAAE,kBAAkB;QAC7B,UAAU,EAAE,IAAI;QAChB,eAAe,EAAE,IAAI;KACtB;CACF,CAAC;AA0BF;;;GAGG;AACH,SAAS,WAAW,CAAC,KAAa;IAChC,OAAO,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,gBAAgB,CAAC;AAC3D,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,WAAW,CACzB,MAA0B,EAC1B,MAAmB,EACnB,IAAkB,EAClB,OAAsB;IAEtB,mBAAmB;IACnB,IAAI,MAAM,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;QAC/B,OAAO;YACL,MAAM,EAAE,KAAK;YACb,SAAS,EAAE,SAAS,MAAM,CAAC,KAAK,8BAA8B,MAAM,CAAC,SAAS,GAAG;SAClF,CAAC;IACJ,CAAC;IAED,mEAAmE;IACnE,IAAI,OAAO,KAAK,iBAAiB,IAAI,MAAM,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;QAChE,OAAO;YACL,MAAM,EAAE,OAAO;YACf,SAAS,EACP,4CAA4C,MAAM,CAAC,KAAK,GAAG;gBAC3D,6DAA6D;SAChE,CAAC;IACJ,CAAC;IAED,8BAA8B;IAC9B,IAAI,IAAI,KAAK,YAAY,EAAE,CAAC;QAC1B,OAAO;YACL,MAAM,EAAE,KAAK;YACb,SAAS,EAAE,2BAA2B,MAAM,CAAC,KAAK,MAAM,MAAM,CAAC,KAAK,EAAE;SACvE,CAAC;IACJ,CAAC;IAED,0BAA0B;IAC1B,IAAI,MAAM,CAAC,KAAK,KAAK,MAAM,EAAE,CAAC;QAC5B,OAAO;YACL,MAAM,EAAE,SAAS;YACjB,SAAS,EAAE,SAAS,MAAM,CAAC,KAAK,mBAAmB,MAAM,CAAC,OAAO,CAAC,OAAO,CACvE,CAAC,CACF,IAAI;SACN,CAAC;IACJ,CAAC;IAED,+BAA+B;IAC/B,IAAI,IAAI,KAAK,YAAY,EAAE,CAAC;QAC1B,IAAI,MAAM,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;YAC/B,OAAO;gBACL,MAAM,EAAE,KAAK;gBACb,SAAS,EACP,sCAAsC,MAAM,CAAC,KAAK,cAAc;oBAChE,iBAAiB,MAAM,CAAC,SAAS,GAAG;aACvC,CAAC;QACJ,CAAC;QACD,IAAI,MAAM,CAAC,KAAK,KAAK,QAAQ,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YAC5D,OAAO;gBACL,MAAM,EAAE,KAAK;gBACb,SAAS,EACP,0CAA0C,MAAM,CAAC,KAAK,cAAc;oBACpE,WAAW,MAAM,CAAC,SAAS,GAAG;aACjC,CAAC;QACJ,CAAC;QACD,wDAAwD;IAC1D,CAAC;IAED,+BAA+B;IAC/B,IAAI,MAAM,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO;YACL,MAAM,EAAE,MAAM,CAAC,QAAQ;YACvB,SAAS,EACP,mBAAmB,MAAM,CAAC,KAAK,MAAM,MAAM,CAAC,QAAQ,GAAG;gBACvD,qBAAqB,MAAM,CAAC,cAAc,IAAI,KAAK,GAAG;SACzD,CAAC;IACJ,CAAC;IAED,oDAAoD;IACpD,QAAQ,MAAM,CAAC,SAAS,EAAE,CAAC;QACzB,KAAK,gBAAgB;YACnB,OAAO;gBACL,MAAM,EAAE,gBAAgB;gBACxB,SAAS,EAAE,oBAAoB,MAAM,CAAC,KAAK,kBAAkB,MAAM,CAAC,SAAS,GAAG;aACjF,CAAC;QACJ,KAAK,wBAAwB;YAC3B,OAAO;gBACL,MAAM,EAAE,KAAK;gBACb,SAAS,EAAE,oBAAoB,MAAM,CAAC,KAAK,yBAAyB,MAAM,CAAC,SAAS,GAAG;aACxF,CAAC;QACJ,KAAK,kBAAkB,CAAC;QACxB;YACE,OAAO;gBACL,MAAM,EAAE,KAAK;gBACb,SAAS,EAAE,oBAAoB,MAAM,CAAC,KAAK,mBAAmB,MAAM,CAAC,SAAS,GAAG;aAClF,CAAC;IACN,CAAC;AACH,CAAC"}

package/dist/verify/formal/result.d.ts ADDED Viewed

@@ -0,0 +1,50 @@
+/**
+ * src/verify/formal/result.ts
+ *
+ * Sprint-587 — Z3 formal verification result type.
+ *
+ * 4-state result discipline:
+ *   - SAFE     : Z3 proved the post-conditions hold under pre-conditions
+ *   - UNSAFE   : Z3 found a counterexample (state where pre-conditions hold
+ *                but post-conditions are violated)
+ *   - UNKNOWN  : Z3 returned `unknown` (timeout, undecidable, or solver
+ *                limitation). EXPLICIT — never silently treated as SAFE.
+ *   - SKIPPED  : Verification not run (consumer mode = permissive opt-out,
+ *                or solver binary unavailable when caller chooses to skip)
+ *
+ * The distinction between UNKNOWN and SAFE is the core epistemic discipline
+ * of this module : we never assert proof when none was produced.
+ *
+ * @module verify/formal/result
+ */
+/**
+ * Discriminated state of a formal verification attempt.
+ */
+export type FormalVerifyState = "SAFE" | "UNSAFE" | "UNKNOWN" | "SKIPPED";
+/**
+ * Solver backend identifier — currently only Z3 or `none` (no solver).
+ */
+export type FormalSolver = "z3" | "none";
+/**
+ * Result of running a single axiom spec through the formal verifier.
+ *
+ * `state`           : 4-state outcome (see {@link FormalVerifyState})
+ * `axiom`           : human-readable axiom label (e.g. "Robuste")
+ * `rationale`       : human-readable explanation of the outcome
+ * `witness`         : when SAFE, optional UNSAT-core or proof witness string
+ *                     emitted by the solver (informational only)
+ * `counterexample`  : when UNSAFE, SMT model (variable assignment) that
+ *                     violates the post-conditions
+ * `time_ms`         : wall-clock time spent in the solver, in milliseconds
+ * `solver`          : which backend produced the result
+ */
+export interface FormalVerifyResult {
+    state: FormalVerifyState;
+    axiom: string;
+    rationale: string;
+    witness?: string;
+    counterexample?: string;
+    time_ms: number;
+    solver: FormalSolver;
+}
+//# sourceMappingURL=result.d.ts.map

package/dist/verify/formal/result.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"result.d.ts","sourceRoot":"","sources":["../../../src/verify/formal/result.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH;;GAEG;AACH,MAAM,MAAM,iBAAiB,GAAG,MAAM,GAAG,QAAQ,GAAG,SAAS,GAAG,SAAS,CAAC;AAE1E;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG,IAAI,GAAG,MAAM,CAAC;AAEzC;;;;;;;;;;;;GAYG;AACH,MAAM,WAAW,kBAAkB;IACjC,KAAK,EAAE,iBAAiB,CAAC;IACzB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,YAAY,CAAC;CACtB"}

package/dist/verify/formal/result.js ADDED Viewed

@@ -0,0 +1,21 @@
+/**
+ * src/verify/formal/result.ts
+ *
+ * Sprint-587 — Z3 formal verification result type.
+ *
+ * 4-state result discipline:
+ *   - SAFE     : Z3 proved the post-conditions hold under pre-conditions
+ *   - UNSAFE   : Z3 found a counterexample (state where pre-conditions hold
+ *                but post-conditions are violated)
+ *   - UNKNOWN  : Z3 returned `unknown` (timeout, undecidable, or solver
+ *                limitation). EXPLICIT — never silently treated as SAFE.
+ *   - SKIPPED  : Verification not run (consumer mode = permissive opt-out,
+ *                or solver binary unavailable when caller chooses to skip)
+ *
+ * The distinction between UNKNOWN and SAFE is the core epistemic discipline
+ * of this module : we never assert proof when none was produced.
+ *
+ * @module verify/formal/result
+ */
+export {};
+//# sourceMappingURL=result.js.map

package/dist/verify/formal/result.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"result.js","sourceRoot":"","sources":["../../../src/verify/formal/result.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG"}

package/dist/verify/formal/solver.d.ts ADDED Viewed

@@ -0,0 +1,67 @@
+/**
+ * src/verify/formal/solver.ts
+ *
+ * Sprint-587 — Z3 SMT solver wrapper.
+ *
+ * Strategy : avoid adding `z3-solver` as a hard npm dependency (heavy WASM
+ * package, ~5MB) by spawning the `z3` binary as a subprocess and piping
+ * SMT-LIB v2 source on stdin. If `z3` is not in PATH, the wrapper degrades
+ * gracefully by returning `{ sat: null }` so callers can map that to the
+ * UNKNOWN state.
+ *
+ * This keeps the SDK lean : consumers that want formal verification install
+ * `z3` system-wide (apt / brew / scoop). Consumers that do not, get UNKNOWN
+ * results and can route them according to their policy.
+ *
+ * @module verify/formal/solver
+ */
+/**
+ * Options accepted by {@link checkSmt}.
+ */
+export interface SolverOptions {
+    /** Wall-clock timeout in milliseconds. Defaults to 5000ms. */
+    timeout_ms?: number;
+    /** Optional path to the z3 binary (defaults to `z3` resolved via PATH). */
+    z3_path?: string;
+}
+/**
+ * Outcome of a single SMT-LIB check-sat invocation.
+ *
+ * `sat`     : `true`  → solver returned `sat` (formula is satisfiable, i.e.
+ *                       a counterexample exists for a violation query)
+ *             `false` → solver returned `unsat` (no counterexample, the
+ *                       property holds)
+ *             `null`  → solver returned `unknown`, timed out, was not
+ *                       installed, or failed to run
+ * `model`   : when `sat === true`, the textual SMT-LIB model string emitted
+ *             by `(get-model)` — useful as a counterexample witness
+ * `time_ms` : wall-clock time spent waiting on the solver subprocess
+ * `reason`  : optional human-readable diagnostic for UNKNOWN / null outcomes
+ */
+export interface SmtCheckResult {
+    sat: boolean | null;
+    model?: string;
+    time_ms: number;
+    reason?: string;
+}
+/**
+ * Run a single SMT-LIB v2 formula through Z3 and return the satisfiability
+ * outcome.
+ *
+ * Convention : the caller frames the property as a NEGATION (i.e. asserts the
+ * conjunction of preconditions AND the negation of the postcondition). Then :
+ *   - `sat`   → counterexample found → property VIOLATED → UNSAFE
+ *   - `unsat` → no counterexample exists → property HOLDS → SAFE
+ *   - `unknown` / timeout / missing binary → UNKNOWN
+ *
+ * The function never throws : transport errors and missing binaries are
+ * surfaced via `sat: null` with a `reason` string.
+ */
+export declare function checkSmt(smtFormula: string, options?: SolverOptions): Promise<SmtCheckResult>;
+export declare function isZ3Available(z3Path?: string): Promise<boolean>;
+/**
+ * Test-only helper to reset the cached availability probe.
+ * @internal
+ */
+export declare function __resetZ3AvailabilityCache(): void;
+//# sourceMappingURL=solver.d.ts.map

package/dist/verify/formal/solver.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"solver.d.ts","sourceRoot":"","sources":["../../../src/verify/formal/solver.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAKH;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,8DAA8D;IAC9D,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,2EAA2E;IAC3E,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,WAAW,cAAc;IAC7B,GAAG,EAAE,OAAO,GAAG,IAAI,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAID;;;;;;;;;;;;GAYG;AACH,wBAAsB,QAAQ,CAC5B,UAAU,EAAE,MAAM,EAClB,OAAO,GAAE,aAAkB,GAC1B,OAAO,CAAC,cAAc,CAAC,CAmHzB;AAWD,wBAAsB,aAAa,CAAC,MAAM,SAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CA8BnE;AAED;;;GAGG;AACH,wBAAgB,0BAA0B,IAAI,IAAI,CAEjD"}

package/dist/verify/formal/solver.js ADDED Viewed

@@ -0,0 +1,184 @@
+/**
+ * src/verify/formal/solver.ts
+ *
+ * Sprint-587 — Z3 SMT solver wrapper.
+ *
+ * Strategy : avoid adding `z3-solver` as a hard npm dependency (heavy WASM
+ * package, ~5MB) by spawning the `z3` binary as a subprocess and piping
+ * SMT-LIB v2 source on stdin. If `z3` is not in PATH, the wrapper degrades
+ * gracefully by returning `{ sat: null }` so callers can map that to the
+ * UNKNOWN state.
+ *
+ * This keeps the SDK lean : consumers that want formal verification install
+ * `z3` system-wide (apt / brew / scoop). Consumers that do not, get UNKNOWN
+ * results and can route them according to their policy.
+ *
+ * @module verify/formal/solver
+ */
+import { spawn } from "node:child_process";
+import { performance } from "node:perf_hooks";
+const DEFAULT_TIMEOUT_MS = 5000;
+/**
+ * Run a single SMT-LIB v2 formula through Z3 and return the satisfiability
+ * outcome.
+ *
+ * Convention : the caller frames the property as a NEGATION (i.e. asserts the
+ * conjunction of preconditions AND the negation of the postcondition). Then :
+ *   - `sat`   → counterexample found → property VIOLATED → UNSAFE
+ *   - `unsat` → no counterexample exists → property HOLDS → SAFE
+ *   - `unknown` / timeout / missing binary → UNKNOWN
+ *
+ * The function never throws : transport errors and missing binaries are
+ * surfaced via `sat: null` with a `reason` string.
+ */
+export async function checkSmt(smtFormula, options = {}) {
+    const timeoutMs = options.timeout_ms ?? DEFAULT_TIMEOUT_MS;
+    const z3Path = options.z3_path ?? "z3";
+    const start = performance.now();
+    return new Promise((resolve) => {
+        let child;
+        try {
+            child = spawn(z3Path, ["-in", `-T:${Math.ceil(timeoutMs / 1000)}`], {
+                stdio: ["pipe", "pipe", "pipe"],
+            });
+        }
+        catch (err) {
+            resolve({
+                sat: null,
+                time_ms: performance.now() - start,
+                reason: `z3 spawn failed : ${err instanceof Error ? err.message : String(err)}`,
+            });
+            return;
+        }
+        let stdout = "";
+        let stderr = "";
+        let settled = false;
+        const settle = (r) => {
+            if (settled)
+                return;
+            settled = true;
+            resolve(r);
+        };
+        const timer = setTimeout(() => {
+            try {
+                child.kill("SIGKILL");
+            }
+            catch {
+                /* ignored */
+            }
+            settle({
+                sat: null,
+                time_ms: performance.now() - start,
+                reason: `z3 timeout after ${timeoutMs}ms`,
+            });
+        }, timeoutMs);
+        child.stdout.on("data", (chunk) => {
+            stdout += chunk.toString();
+        });
+        child.stderr.on("data", (chunk) => {
+            stderr += chunk.toString();
+        });
+        child.on("error", (err) => {
+            clearTimeout(timer);
+            settle({
+                sat: null,
+                time_ms: performance.now() - start,
+                reason: `z3 not available : ${err.message}`,
+            });
+        });
+        child.on("close", (code) => {
+            clearTimeout(timer);
+            const time_ms = performance.now() - start;
+            // z3 exits 0 even on `unsat`; non-zero usually means parse error.
+            const out = stdout.trim();
+            const firstLine = out.split(/\r?\n/)[0]?.trim() ?? "";
+            if (firstLine === "sat") {
+                // Extract model block if present (everything after the first line).
+                const modelStart = out.indexOf("\n");
+                const model = modelStart >= 0 ? out.slice(modelStart + 1).trim() : undefined;
+                settle({ sat: true, model: model || undefined, time_ms });
+                return;
+            }
+            if (firstLine === "unsat") {
+                settle({ sat: false, time_ms });
+                return;
+            }
+            if (firstLine === "unknown") {
+                settle({
+                    sat: null,
+                    time_ms,
+                    reason: "z3 returned unknown (likely timeout or undecidable fragment)",
+                });
+                return;
+            }
+            // Parse error or other failure : surface stderr.
+            settle({
+                sat: null,
+                time_ms,
+                reason: `z3 unexpected output (exit ${code}) : ${(stderr || out).slice(0, 200)}`,
+            });
+        });
+        try {
+            child.stdin.write(smtFormula);
+            child.stdin.end();
+        }
+        catch (err) {
+            clearTimeout(timer);
+            settle({
+                sat: null,
+                time_ms: performance.now() - start,
+                reason: `z3 stdin write failed : ${err instanceof Error ? err.message : String(err)}`,
+            });
+        }
+    });
+}
+/**
+ * Probe : check whether a usable `z3` binary is reachable.
+ * Returns `true` if `z3 --version` exits 0 within 1s.
+ *
+ * Cached for the lifetime of the process — the binary's presence does not
+ * change at runtime.
+ */
+let z3Available;
+export async function isZ3Available(z3Path = "z3") {
+    if (z3Available !== undefined)
+        return z3Available;
+    z3Available = await new Promise((resolve) => {
+        let child;
+        try {
+            child = spawn(z3Path, ["--version"], {
+                stdio: ["ignore", "pipe", "pipe"],
+            });
+        }
+        catch {
+            resolve(false);
+            return;
+        }
+        const t = setTimeout(() => {
+            try {
+                child.kill("SIGKILL");
+            }
+            catch {
+                /* ignored */
+            }
+            resolve(false);
+        }, 1000);
+        child.on("error", () => {
+            clearTimeout(t);
+            resolve(false);
+        });
+        child.on("close", (code) => {
+            clearTimeout(t);
+            resolve(code === 0);
+        });
+    });
+    return z3Available;
+}
+/**
+ * Test-only helper to reset the cached availability probe.
+ * @internal
+ */
+export function __resetZ3AvailabilityCache() {
+    z3Available = undefined;
+}
+//# sourceMappingURL=solver.js.map

package/dist/verify/formal/solver.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"solver.js","sourceRoot":"","sources":["../../../src/verify/formal/solver.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC3C,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAiC9C,MAAM,kBAAkB,GAAG,IAAI,CAAC;AAEhC;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,KAAK,UAAU,QAAQ,CAC5B,UAAkB,EAClB,UAAyB,EAAE;IAE3B,MAAM,SAAS,GAAG,OAAO,CAAC,UAAU,IAAI,kBAAkB,CAAC;IAC3D,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,IAAI,IAAI,CAAC;IAEvC,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;IAEhC,OAAO,IAAI,OAAO,CAAiB,CAAC,OAAO,EAAE,EAAE;QAC7C,IAAI,KAAK,CAAC;QACV,IAAI,CAAC;YACH,KAAK,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,MAAM,IAAI,CAAC,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,EAAE,CAAC,EAAE;gBAClE,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;aAChC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC;gBACN,GAAG,EAAE,IAAI;gBACT,OAAO,EAAE,WAAW,CAAC,GAAG,EAAE,GAAG,KAAK;gBAClC,MAAM,EAAE,qBACN,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CACjD,EAAE;aACH,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,IAAI,OAAO,GAAG,KAAK,CAAC;QAEpB,MAAM,MAAM,GAAG,CAAC,CAAiB,EAAQ,EAAE;YACzC,IAAI,OAAO;gBAAE,OAAO;YACpB,OAAO,GAAG,IAAI,CAAC;YACf,OAAO,CAAC,CAAC,CAAC,CAAC;QACb,CAAC,CAAC;QAEF,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;YAC5B,IAAI,CAAC;gBACH,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACxB,CAAC;YAAC,MAAM,CAAC;gBACP,aAAa;YACf,CAAC;YACD,MAAM,CAAC;gBACL,GAAG,EAAE,IAAI;gBACT,OAAO,EAAE,WAAW,CAAC,GAAG,EAAE,GAAG,KAAK;gBAClC,MAAM,EAAE,oBAAoB,SAAS,IAAI;aAC1C,CAAC,CAAC;QACL,CAAC,EAAE,SAAS,CAAC,CAAC;QAEd,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACxC,MAAM,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;QAC7B,CAAC,CAAC,CAAC;QACH,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACxC,MAAM,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;QAC7B,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YACxB,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,MAAM,CAAC;gBACL,GAAG,EAAE,IAAI;gBACT,OAAO,EAAE,WAAW,CAAC,GAAG,EAAE,GAAG,KAAK;gBAClC,MAAM,EAAE,sBAAsB,GAAG,CAAC,OAAO,EAAE;aAC5C,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;YACzB,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC;YAC1C,kEAAkE;YAClE,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC;YAC1B,MAAM,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;YAEtD,IAAI,SAAS,KAAK,KAAK,EAAE,CAAC;gBACxB,oEAAoE;gBACpE,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;gBACrC,MAAM,KAAK,GACT,UAAU,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;gBACjE,MAAM,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,IAAI,SAAS,EAAE,OAAO,EAAE,CAAC,CAAC;gBAC1D,OAAO;YACT,CAAC;YACD,IAAI,SAAS,KAAK,OAAO,EAAE,CAAC;gBAC1B,MAAM,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;gBAChC,OAAO;YACT,CAAC;YACD,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;gBAC5B,MAAM,CAAC;oBACL,GAAG,EAAE,IAAI;oBACT,OAAO;oBACP,MAAM,EACJ,8DAA8D;iBACjE,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YACD,iDAAiD;YACjD,MAAM,CAAC;gBACL,GAAG,EAAE,IAAI;gBACT,OAAO;gBACP,MAAM,EAAE,8BAA8B,IAAI,OAAO,CAAC,MAAM,IAAI,GAAG,CAAC,CAAC,KAAK,CACpE,CAAC,EACD,GAAG,CACJ,EAAE;aACJ,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC;YACH,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;YAC9B,KAAK,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC;QACpB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,MAAM,CAAC;gBACL,GAAG,EAAE,IAAI;gBACT,OAAO,EAAE,WAAW,CAAC,GAAG,EAAE,GAAG,KAAK;gBAClC,MAAM,EAAE,2BACN,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CACjD,EAAE;aACH,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;;;GAMG;AACH,IAAI,WAAgC,CAAC;AAErC,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,MAAM,GAAG,IAAI;IAC/C,IAAI,WAAW,KAAK,SAAS;QAAE,OAAO,WAAW,CAAC;IAClD,WAAW,GAAG,MAAM,IAAI,OAAO,CAAU,CAAC,OAAO,EAAE,EAAE;QACnD,IAAI,KAAK,CAAC;QACV,IAAI,CAAC;YACH,KAAK,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,WAAW,CAAC,EAAE;gBACnC,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;aAClC,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,CAAC,KAAK,CAAC,CAAC;YACf,OAAO;QACT,CAAC;QACD,MAAM,CAAC,GAAG,UAAU,CAAC,GAAG,EAAE;YACxB,IAAI,CAAC;gBACH,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACxB,CAAC;YAAC,MAAM,CAAC;gBACP,aAAa;YACf,CAAC;YACD,OAAO,CAAC,KAAK,CAAC,CAAC;QACjB,CAAC,EAAE,IAAI,CAAC,CAAC;QACT,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;YACrB,YAAY,CAAC,CAAC,CAAC,CAAC;YAChB,OAAO,CAAC,KAAK,CAAC,CAAC;QACjB,CAAC,CAAC,CAAC;QACH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;YACzB,YAAY,CAAC,CAAC,CAAC,CAAC;YAChB,OAAO,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC;QACtB,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IACH,OAAO,WAAW,CAAC;AACrB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,0BAA0B;IACxC,WAAW,GAAG,SAAS,CAAC;AAC1B,CAAC"}

package/dist/verify/formal/spec-language.d.ts ADDED Viewed

@@ -0,0 +1,80 @@
+/**
+ * src/verify/formal/spec-language.ts
+ *
+ * Sprint-587 — DSL for axiom specifications, compiled to SMT-LIB v2.
+ *
+ * Design philosophy (inspired by FormalJudge, arXiv:2602.11136) : agent-cycle
+ * properties are expressed as small, typed pre/post-condition tuples. Each
+ * condition is mapped to an SMT-LIB fragment by {@link compileToSmt}, which
+ * frames the property as a NEGATION of the post-conditions under the
+ * pre-conditions. This way, Z3 returning `sat` means a counterexample exists
+ * (= UNSAFE) and `unsat` means the post-conditions hold (= SAFE).
+ *
+ * Bound types : Reals for budgets and ratios, Bools for binary properties,
+ * Sets-as-symbols for scope subset checks.
+ *
+ * @module verify/formal/spec-language
+ */
+/**
+ * One verifiable axiom-level property.
+ */
+export interface AxiomSpec {
+    /** Human-readable axiom label (e.g. "Robuste", "Profitable"). */
+    axiom: string;
+    /** Conditions that must hold for the spec to be meaningful. */
+    preconditions: Condition[];
+    /** Conditions whose conjunction defines the post-state to verify. */
+    postconditions: Condition[];
+    /** Solver timeout in ms — see {@link DEFAULT_POLICIES}. */
+    timeout_ms?: number;
+}
+/**
+ * Tagged union of all supported condition kinds.
+ *
+ * `custom_smt` is the escape hatch : the consumer supplies a raw SMT-LIB
+ * fragment that will be inlined under an `(assert ...)`. Use sparingly —
+ * mistakes here are silent semantic bugs.
+ */
+export type Condition = {
+    type: "budget_constraint";
+    child_max_fraction: number;
+} | {
+    type: "scope_subset";
+    parent_scope: string[];
+    child_scope: string[];
+} | {
+    type: "no_pii_in_output";
+    pii_count_var?: string;
+} | {
+    type: "cost_positive_roi";
+    min_roi_ratio: number;
+} | {
+    type: "response_time";
+    max_ms: number;
+} | {
+    type: "custom_smt";
+    smt_fragment: string;
+};
+/**
+ * Compile an {@link AxiomSpec} into an SMT-LIB v2 program string.
+ *
+ * Pattern : preconditions are asserted as-is ; postconditions are joined by
+ * conjunction and asserted NEGATED. A counterexample (z3 returns `sat`)
+ * therefore means : "pre-conditions hold AND at least one post-condition
+ * fails" — i.e. an UNSAFE outcome.
+ *
+ * Includes `(check-sat)` and `(get-model)` as terminating commands.
+ */
+export declare function compileToSmt(spec: AxiomSpec): string;
+/**
+ * Default per-axiom AxiomSpec presets. Consumers can override the timeout
+ * or augment with additional conditions before passing to `formalVerify`.
+ *
+ * Robuste        : 5s — engineering robustness, may need richer checks
+ * Institutionnel : 10s — strongest spec, PII + scope-subset + budget
+ * SOTA           : 2s  — lightweight (single ROI check on cost)
+ * AntiFragile    : 1s  — response-time bound only
+ * Profitable     : 1s  — cost-vs-value ROI check
+ */
+export declare const AXIOM_SPECS: Record<string, AxiomSpec>;
+//# sourceMappingURL=spec-language.d.ts.map

package/dist/verify/formal/spec-language.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"spec-language.d.ts","sourceRoot":"","sources":["../../../src/verify/formal/spec-language.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,iEAAiE;IACjE,KAAK,EAAE,MAAM,CAAC;IACd,+DAA+D;IAC/D,aAAa,EAAE,SAAS,EAAE,CAAC;IAC3B,qEAAqE;IACrE,cAAc,EAAE,SAAS,EAAE,CAAC;IAC5B,2DAA2D;IAC3D,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;;;;;GAMG;AACH,MAAM,MAAM,SAAS,GACjB;IAAE,IAAI,EAAE,mBAAmB,CAAC;IAAC,kBAAkB,EAAE,MAAM,CAAA;CAAE,GACzD;IAAE,IAAI,EAAE,cAAc,CAAC;IAAC,YAAY,EAAE,MAAM,EAAE,CAAC;IAAC,WAAW,EAAE,MAAM,EAAE,CAAA;CAAE,GACvE;IAAE,IAAI,EAAE,kBAAkB,CAAC;IAAC,aAAa,CAAC,EAAE,MAAM,CAAA;CAAE,GACpD;IAAE,IAAI,EAAE,mBAAmB,CAAC;IAAC,aAAa,EAAE,MAAM,CAAA;CAAE,GACpD;IAAE,IAAI,EAAE,eAAe,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,GACzC;IAAE,IAAI,EAAE,YAAY,CAAC;IAAC,YAAY,EAAE,MAAM,CAAA;CAAE,CAAC;AAiGjD;;;;;;;;;GASG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,SAAS,GAAG,MAAM,CAoEpD;AAMD;;;;;;;;;GASG;AACH,eAAO,MAAM,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,SAAS,CAqCjD,CAAC"}