npm - @vauban-org/agent-sdk - Versions diffs - 1.0.0 → 1.2.0 - Mend

@vauban-org/agent-sdk 1.0.0 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (442) hide show

package/CONTRACT.md +6401 -813
package/dist/adapters/llm/anthropic-direct.d.ts +1 -0
package/dist/adapters/llm/anthropic-direct.d.ts.map +1 -1
package/dist/adapters/llm/anthropic-direct.js +43 -0
package/dist/adapters/llm/anthropic-direct.js.map +1 -1
package/dist/adapters/llm/cascade.d.ts.map +1 -1
package/dist/adapters/llm/cascade.js +57 -14
package/dist/adapters/llm/cascade.js.map +1 -1
package/dist/adapters/llm/litellm.d.ts +2 -0
package/dist/adapters/llm/litellm.d.ts.map +1 -1
package/dist/adapters/llm/litellm.js +44 -0
package/dist/adapters/llm/litellm.js.map +1 -1
package/dist/compute/difficulty-estimator.d.ts +53 -0
package/dist/compute/difficulty-estimator.d.ts.map +1 -0
package/dist/compute/difficulty-estimator.js +82 -0
package/dist/compute/difficulty-estimator.js.map +1 -0
package/dist/compute/strategies/mixture-of-agents.d.ts +40 -0
package/dist/compute/strategies/mixture-of-agents.d.ts.map +1 -0
package/dist/compute/strategies/mixture-of-agents.js +110 -0
package/dist/compute/strategies/mixture-of-agents.js.map +1 -0
package/dist/compute/strategies/tree-of-thoughts.d.ts +48 -0
package/dist/compute/strategies/tree-of-thoughts.d.ts.map +1 -0
package/dist/compute/strategies/tree-of-thoughts.js +242 -0
package/dist/compute/strategies/tree-of-thoughts.js.map +1 -0
package/dist/compute/strategies/two-phase-orient.d.ts +72 -0
package/dist/compute/strategies/two-phase-orient.d.ts.map +1 -0
package/dist/compute/strategies/two-phase-orient.js +85 -0
package/dist/compute/strategies/two-phase-orient.js.map +1 -0
package/dist/constitution/types.d.ts +10 -10
package/dist/container/protocol.d.ts +134 -0
package/dist/container/protocol.d.ts.map +1 -0
package/dist/container/protocol.js +157 -0
package/dist/container/protocol.js.map +1 -0
package/dist/container/runtime.d.ts +140 -0
package/dist/container/runtime.d.ts.map +1 -0
package/dist/container/runtime.js +256 -0
package/dist/container/runtime.js.map +1 -0
package/dist/events/catalogue.d.ts +46 -46
package/dist/events/schemas/agent.completed.v1.d.ts +4 -4
package/dist/events/schemas/agent.failed.v1.d.ts +2 -2
package/dist/events/schemas/agent.hitl_resolved.v1.d.ts +2 -2
package/dist/events/schemas/agent.started.v1.d.ts +2 -2
package/dist/events/schemas/brain.skill.extracted.v1.d.ts +4 -4
package/dist/events/schemas/cc.cost.anomaly_detected.v1.d.ts +2 -2
package/dist/events/schemas/cc.cost.recorded.v1.d.ts +4 -4
package/dist/events/schemas/citadel.sprint.analyzed.v1.d.ts +6 -6
package/dist/events/schemas/citadel.sprint.closed.v1.d.ts +2 -2
package/dist/events/schemas/forge.inbox.reply_classified.v1.d.ts +6 -6
package/dist/events/schemas/forge.lead.qualified.v1.d.ts +2 -2
package/dist/events/schemas/forge.outreach.sent.v1.d.ts +4 -4
package/dist/events/schemas/incident.detected.v1.d.ts +2 -2
package/dist/events/schemas/vauban.goal.checked.v1.d.ts +2 -2
package/dist/events/schemas/vauban.rebalancing.checked.v1.d.ts +2 -2
package/dist/events/schemas/vauban.tax.checked.v1.d.ts +2 -2
package/dist/events/schemas/vauban.vault.analyzed.v1.d.ts +6 -6
package/dist/identity/agent-persona.d.ts +73 -0
package/dist/identity/agent-persona.d.ts.map +1 -0
package/dist/identity/agent-persona.js +165 -0
package/dist/identity/agent-persona.js.map +1 -0
package/dist/identity/persona-prompt.d.ts +25 -0
package/dist/identity/persona-prompt.d.ts.map +1 -0
package/dist/identity/persona-prompt.js +71 -0
package/dist/identity/persona-prompt.js.map +1 -0
package/dist/identity/persona-schema.d.ts +120 -0
package/dist/identity/persona-schema.d.ts.map +1 -0
package/dist/identity/persona-schema.js +103 -0
package/dist/identity/persona-schema.js.map +1 -0
package/dist/index.d.ts +37 -2
package/dist/index.d.ts.map +1 -1
package/dist/index.js +29 -1
package/dist/index.js.map +1 -1
package/dist/loop/minimal-loop.js +293 -287
package/dist/memory/episodic-rrf.d.ts +114 -0
package/dist/memory/episodic-rrf.d.ts.map +1 -0
package/dist/memory/episodic-rrf.js +148 -0
package/dist/memory/episodic-rrf.js.map +1 -0
package/dist/mesh/attenuation.d.ts +78 -0
package/dist/mesh/attenuation.d.ts.map +1 -0
package/dist/mesh/attenuation.js +141 -0
package/dist/mesh/attenuation.js.map +1 -0
package/dist/mesh/delegate.d.ts +96 -0
package/dist/mesh/delegate.d.ts.map +1 -0
package/dist/mesh/delegate.js +172 -0
package/dist/mesh/delegate.js.map +1 -0
package/dist/mesh/dispatcher.d.ts +119 -0
package/dist/mesh/dispatcher.d.ts.map +1 -0
package/dist/mesh/dispatcher.js +207 -0
package/dist/mesh/dispatcher.js.map +1 -0
package/dist/mesh/index.d.ts +12 -0
package/dist/mesh/index.d.ts.map +1 -0
package/dist/mesh/index.js +11 -0
package/dist/mesh/index.js.map +1 -0
package/dist/mesh/types.d.ts +30 -0
package/dist/mesh/types.d.ts.map +1 -0
package/dist/mesh/types.js +11 -0
package/dist/mesh/types.js.map +1 -0
package/dist/orchestration/ooda/skills.d.ts +104 -0
package/dist/orchestration/ooda/skills.d.ts.map +1 -1
package/dist/orchestration/ooda/skills.js +106 -0
package/dist/orchestration/ooda/skills.js.map +1 -1
package/dist/ports/bastion-action.contract.test.d.ts +11 -0
package/dist/ports/bastion-action.contract.test.d.ts.map +1 -0
package/dist/ports/bastion-action.contract.test.js +238 -0
package/dist/ports/bastion-action.contract.test.js.map +1 -0
package/dist/ports/bastion-action.d.ts +133 -0
package/dist/ports/bastion-action.d.ts.map +1 -0
package/dist/ports/bastion-action.js +73 -0
package/dist/ports/bastion-action.js.map +1 -0
package/dist/ports/brain.d.ts +31 -0
package/dist/ports/brain.d.ts.map +1 -1
package/dist/ports/brain.js +115 -1
package/dist/ports/brain.js.map +1 -1
package/dist/ports/citadel-action.contract.test.d.ts +11 -0
package/dist/ports/citadel-action.contract.test.d.ts.map +1 -0
package/dist/ports/citadel-action.contract.test.js +317 -0
package/dist/ports/citadel-action.contract.test.js.map +1 -0
package/dist/ports/citadel-action.d.ts +111 -0
package/dist/ports/citadel-action.d.ts.map +1 -0
package/dist/ports/citadel-action.js +62 -0
package/dist/ports/citadel-action.js.map +1 -0
package/dist/ports/compliance-contract.d.ts +123 -0
package/dist/ports/compliance-contract.d.ts.map +1 -0
package/dist/ports/compliance-contract.js +35 -0
package/dist/ports/compliance-contract.js.map +1 -0
package/dist/ports/db.d.ts +38 -0
package/dist/ports/db.d.ts.map +1 -1
package/dist/ports/db.js +88 -1
package/dist/ports/db.js.map +1 -1
package/dist/ports/delegation.contract.test.d.ts +9 -0
package/dist/ports/delegation.contract.test.d.ts.map +1 -0
package/dist/ports/delegation.contract.test.js +337 -0
package/dist/ports/delegation.contract.test.js.map +1 -0
package/dist/ports/delegation.d.ts +134 -0
package/dist/ports/delegation.d.ts.map +1 -0
package/dist/ports/delegation.js +105 -0
package/dist/ports/delegation.js.map +1 -0
package/dist/ports/event-bus.d.ts +29 -0
package/dist/ports/event-bus.d.ts.map +1 -1
package/dist/ports/event-bus.js +106 -1
package/dist/ports/event-bus.js.map +1 -1
package/dist/ports/federation.contract.test.d.ts +9 -0
package/dist/ports/federation.contract.test.d.ts.map +1 -0
package/dist/ports/federation.contract.test.js +279 -0
package/dist/ports/federation.contract.test.js.map +1 -0
package/dist/ports/federation.d.ts +140 -0
package/dist/ports/federation.d.ts.map +1 -0
package/dist/ports/federation.js +57 -0
package/dist/ports/federation.js.map +1 -0
package/dist/ports/index.d.ts +28 -2
package/dist/ports/index.d.ts.map +1 -1
package/dist/ports/index.js +17 -2
package/dist/ports/index.js.map +1 -1
package/dist/ports/llm-provider.d.ts +37 -0
package/dist/ports/llm-provider.d.ts.map +1 -1
package/dist/ports/llm-provider.js +99 -1
package/dist/ports/llm-provider.js.map +1 -1
package/dist/ports/logger.d.ts +27 -0
package/dist/ports/logger.d.ts.map +1 -1
package/dist/ports/logger.js +87 -0
package/dist/ports/logger.js.map +1 -1
package/dist/ports/manifest-registry.contract.test.d.ts +9 -0
package/dist/ports/manifest-registry.contract.test.d.ts.map +1 -0
package/dist/ports/manifest-registry.contract.test.js +246 -0
package/dist/ports/manifest-registry.contract.test.js.map +1 -0
package/dist/ports/manifest-registry.d.ts +116 -0
package/dist/ports/manifest-registry.d.ts.map +1 -0
package/dist/ports/manifest-registry.js +79 -0
package/dist/ports/manifest-registry.js.map +1 -0
package/dist/ports/observability.contract.test.d.ts +12 -0
package/dist/ports/observability.contract.test.d.ts.map +1 -0
package/dist/ports/observability.contract.test.js +260 -0
package/dist/ports/observability.contract.test.js.map +1 -0
package/dist/ports/observability.d.ts +98 -0
package/dist/ports/observability.d.ts.map +1 -0
package/dist/ports/observability.js +59 -0
package/dist/ports/observability.js.map +1 -0
package/dist/ports/outcome.d.ts +26 -0
package/dist/ports/outcome.d.ts.map +1 -1
package/dist/ports/outcome.js +62 -1
package/dist/ports/outcome.js.map +1 -1
package/dist/ports/privacy.contract.test.d.ts +12 -0
package/dist/ports/privacy.contract.test.d.ts.map +1 -0
package/dist/ports/privacy.contract.test.js +325 -0
package/dist/ports/privacy.contract.test.js.map +1 -0
package/dist/ports/privacy.d.ts +132 -0
package/dist/ports/privacy.d.ts.map +1 -0
package/dist/ports/privacy.js +83 -0
package/dist/ports/privacy.js.map +1 -0
package/dist/ports/tenant-context.contract.test.d.ts +14 -0
package/dist/ports/tenant-context.contract.test.d.ts.map +1 -0
package/dist/ports/tenant-context.contract.test.js +352 -0
package/dist/ports/tenant-context.contract.test.js.map +1 -0
package/dist/ports/tenant-context.d.ts +103 -0
package/dist/ports/tenant-context.d.ts.map +1 -0
package/dist/ports/tenant-context.js +48 -0
package/dist/ports/tenant-context.js.map +1 -0
package/dist/ports/vauban-finance-action.contract.test.d.ts +11 -0
package/dist/ports/vauban-finance-action.contract.test.d.ts.map +1 -0
package/dist/ports/vauban-finance-action.contract.test.js +260 -0
package/dist/ports/vauban-finance-action.contract.test.js.map +1 -0
package/dist/ports/vauban-finance-action.d.ts +106 -0
package/dist/ports/vauban-finance-action.d.ts.map +1 -0
package/dist/ports/vauban-finance-action.js +60 -0
package/dist/ports/vauban-finance-action.js.map +1 -0
package/dist/ports/workflow-runtime.d.ts +204 -0
package/dist/ports/workflow-runtime.d.ts.map +1 -0
package/dist/ports/workflow-runtime.js +72 -0
package/dist/ports/workflow-runtime.js.map +1 -0
package/dist/proof/cert-verify.d.ts +80 -0
package/dist/proof/cert-verify.d.ts.map +1 -0
package/dist/proof/cert-verify.js +178 -0
package/dist/proof/cert-verify.js.map +1 -0
package/dist/replay/replay.d.ts.map +1 -1
package/dist/replay/replay.js +5 -1
package/dist/replay/replay.js.map +1 -1
package/dist/retry/index.d.ts +129 -0
package/dist/retry/index.d.ts.map +1 -0
package/dist/retry/index.js +156 -0
package/dist/retry/index.js.map +1 -0
package/dist/retry/presets.d.ts +39 -0
package/dist/retry/presets.d.ts.map +1 -0
package/dist/retry/presets.js +69 -0
package/dist/retry/presets.js.map +1 -0
package/dist/skill-loop/ab-runner.d.ts +67 -0
package/dist/skill-loop/ab-runner.d.ts.map +1 -0
package/dist/skill-loop/ab-runner.js +160 -0
package/dist/skill-loop/ab-runner.js.map +1 -0
package/dist/skill-loop/adoption.d.ts +67 -0
package/dist/skill-loop/adoption.d.ts.map +1 -0
package/dist/skill-loop/adoption.js +126 -0
package/dist/skill-loop/adoption.js.map +1 -0
package/dist/skill-loop/candidate.d.ts +45 -0
package/dist/skill-loop/candidate.d.ts.map +1 -0
package/dist/skill-loop/candidate.js +43 -0
package/dist/skill-loop/candidate.js.map +1 -0
package/dist/skill-loop/evaluator.d.ts +42 -0
package/dist/skill-loop/evaluator.d.ts.map +1 -0
package/dist/skill-loop/evaluator.js +184 -0
package/dist/skill-loop/evaluator.js.map +1 -0
package/dist/skill-loop/index.d.ts +27 -0
package/dist/skill-loop/index.d.ts.map +1 -0
package/dist/skill-loop/index.js +27 -0
package/dist/skill-loop/index.js.map +1 -0
package/dist/skill-loop/reflexion-replay.d.ts +87 -0
package/dist/skill-loop/reflexion-replay.d.ts.map +1 -0
package/dist/skill-loop/reflexion-replay.js +110 -0
package/dist/skill-loop/reflexion-replay.js.map +1 -0
package/dist/skill-loop/sign-off.d.ts +88 -0
package/dist/skill-loop/sign-off.d.ts.map +1 -0
package/dist/skill-loop/sign-off.js +146 -0
package/dist/skill-loop/sign-off.js.map +1 -0
package/dist/skill-loop/value-metric.d.ts +55 -0
package/dist/skill-loop/value-metric.d.ts.map +1 -0
package/dist/skill-loop/value-metric.js +69 -0
package/dist/skill-loop/value-metric.js.map +1 -0
package/dist/skill-loop/versioning.d.ts +36 -0
package/dist/skill-loop/versioning.d.ts.map +1 -0
package/dist/skill-loop/versioning.js +47 -0
package/dist/skill-loop/versioning.js.map +1 -0
package/dist/skill-manifest/anchor.d.ts +91 -0
package/dist/skill-manifest/anchor.d.ts.map +1 -0
package/dist/skill-manifest/anchor.js +331 -0
package/dist/skill-manifest/anchor.js.map +1 -0
package/dist/skill-manifest/builder.d.ts +47 -0
package/dist/skill-manifest/builder.d.ts.map +1 -0
package/dist/skill-manifest/builder.js +93 -0
package/dist/skill-manifest/builder.js.map +1 -0
package/dist/skill-manifest/index.d.ts +13 -0
package/dist/skill-manifest/index.d.ts.map +1 -0
package/dist/skill-manifest/index.js +9 -0
package/dist/skill-manifest/index.js.map +1 -0
package/dist/skill-manifest/types.d.ts +67 -0
package/dist/skill-manifest/types.d.ts.map +1 -0
package/dist/skill-manifest/types.js +16 -0
package/dist/skill-manifest/types.js.map +1 -0
package/dist/skill-manifest/verifier.d.ts +42 -0
package/dist/skill-manifest/verifier.d.ts.map +1 -0
package/dist/skill-manifest/verifier.js +136 -0
package/dist/skill-manifest/verifier.js.map +1 -0
package/dist/skills/brain-query.d.ts +4 -4
package/dist/skills/brain-store.d.ts +6 -6
package/dist/skills/errors.d.ts +15 -0
package/dist/skills/errors.d.ts.map +1 -1
package/dist/skills/errors.js +21 -0
package/dist/skills/errors.js.map +1 -1
package/dist/skills/hitl-request.d.ts +2 -2
package/dist/skills/index.d.ts +3 -1
package/dist/skills/index.d.ts.map +1 -1
package/dist/skills/index.js +4 -1
package/dist/skills/index.js.map +1 -1
package/dist/skills/markdown/loader.d.ts +52 -0
package/dist/skills/markdown/loader.d.ts.map +1 -0
package/dist/skills/markdown/loader.js +93 -0
package/dist/skills/markdown/loader.js.map +1 -0
package/dist/skills/markdown/schema.d.ts +432 -0
package/dist/skills/markdown/schema.d.ts.map +1 -0
package/dist/skills/markdown/schema.js +121 -0
package/dist/skills/markdown/schema.js.map +1 -0
package/dist/skills/poc-md-loader/markdown-loader.d.ts +77 -0
package/dist/skills/poc-md-loader/markdown-loader.d.ts.map +1 -0
package/dist/skills/poc-md-loader/markdown-loader.js +125 -0
package/dist/skills/poc-md-loader/markdown-loader.js.map +1 -0
package/dist/skills/poc-md-loader/runner.d.ts +24 -0
package/dist/skills/poc-md-loader/runner.d.ts.map +1 -0
package/dist/skills/poc-md-loader/runner.js +57 -0
package/dist/skills/poc-md-loader/runner.js.map +1 -0
package/dist/skills/poc-md-loader/vitest.poc.config.d.ts +3 -0
package/dist/skills/poc-md-loader/vitest.poc.config.d.ts.map +1 -0
package/dist/skills/poc-md-loader/vitest.poc.config.js +13 -0
package/dist/skills/poc-md-loader/vitest.poc.config.js.map +1 -0
package/dist/skills/poc-md-loader/web-search/script.d.ts +33 -0
package/dist/skills/poc-md-loader/web-search/script.d.ts.map +1 -0
package/dist/skills/poc-md-loader/web-search/script.js +75 -0
package/dist/skills/poc-md-loader/web-search/script.js.map +1 -0
package/dist/skills/record-outcome.d.ts +4 -4
package/dist/skills/send-email.d.ts.map +1 -1
package/dist/skills/send-email.js +15 -3
package/dist/skills/send-email.js.map +1 -1
package/dist/skills/slack-notify.d.ts +4 -4
package/dist/skills/starknet-balance.d.ts +1 -1
package/dist/skills/telegram-notify.d.ts +4 -4
package/dist/skills/web-search.d.ts +1 -1
package/dist/testing/index.d.ts +3 -0
package/dist/testing/test-brain-port.d.ts +4 -0
package/dist/testing/test-brain-port.d.ts.map +1 -1
package/dist/testing/test-brain-port.js +75 -20
package/dist/testing/test-brain-port.js.map +1 -1
package/dist/testing/test-event-bus.d.ts.map +1 -1
package/dist/testing/test-event-bus.js +89 -36
package/dist/testing/test-event-bus.js.map +1 -1
package/dist/trace/schema.d.ts +1 -1
package/dist/trace/schema.d.ts.map +1 -1
package/dist/trace/schema.js +1 -1
package/dist/trace/schema.js.map +1 -1
package/dist/verify/formal/index.d.ts +44 -0
package/dist/verify/formal/index.d.ts.map +1 -0
package/dist/verify/formal/index.js +98 -0
package/dist/verify/formal/index.js.map +1 -0
package/dist/verify/formal/policy.d.ts +105 -0
package/dist/verify/formal/policy.d.ts.map +1 -0
package/dist/verify/formal/policy.js +159 -0
package/dist/verify/formal/policy.js.map +1 -0
package/dist/verify/formal/result.d.ts +50 -0
package/dist/verify/formal/result.d.ts.map +1 -0
package/dist/verify/formal/result.js +21 -0
package/dist/verify/formal/result.js.map +1 -0
package/dist/verify/formal/solver.d.ts +67 -0
package/dist/verify/formal/solver.d.ts.map +1 -0
package/dist/verify/formal/solver.js +184 -0
package/dist/verify/formal/solver.js.map +1 -0
package/dist/verify/formal/spec-language.d.ts +80 -0
package/dist/verify/formal/spec-language.d.ts.map +1 -0
package/dist/verify/formal/spec-language.js +219 -0
package/dist/verify/formal/spec-language.js.map +1 -0
package/docs/attestation.md +199 -0
package/docs/identity.md +193 -0
package/package.json +34 -17
package/src/adapters/llm/anthropic-direct.ts +51 -0
package/src/adapters/llm/cascade.ts +64 -19
package/src/adapters/llm/litellm.ts +49 -0
package/src/compute/difficulty-estimator.ts +111 -0
package/src/compute/strategies/mixture-of-agents.ts +150 -0
package/src/compute/strategies/tree-of-thoughts.ts +293 -0
package/src/compute/strategies/two-phase-orient.ts +147 -0
package/src/container/protocol.ts +243 -0
package/src/container/runtime.ts +424 -0
package/src/db/migrations/026_formal_verify_results.sql +30 -0
package/src/identity/agent-persona.ts +203 -0
package/src/identity/persona-prompt.ts +84 -0
package/src/identity/persona-schema.ts +127 -0
package/src/index.ts +338 -1
package/src/memory/episodic-rrf.ts +224 -0
package/src/mesh/attenuation.ts +190 -0
package/src/mesh/delegate.ts +254 -0
package/src/mesh/dispatcher.ts +301 -0
package/src/mesh/index.ts +39 -0
package/src/mesh/types.ts +31 -0
package/src/orchestration/ooda/skills.ts +177 -0
package/src/ports/bastion-action.contract.test.ts +355 -0
package/src/ports/bastion-action.ts +198 -0
package/src/ports/brain.ts +177 -15
package/src/ports/citadel-action.contract.test.ts +430 -0
package/src/ports/citadel-action.ts +174 -0
package/src/ports/compliance-contract.ts +191 -0
package/src/ports/db.ts +98 -0
package/src/ports/delegation.contract.test.ts +428 -0
package/src/ports/delegation.ts +211 -0
package/src/ports/event-bus.ts +133 -0
package/src/ports/federation.contract.test.ts +355 -0
package/src/ports/federation.ts +190 -0
package/src/ports/index.ts +186 -1
package/src/ports/llm-provider.ts +123 -0
package/src/ports/logger.ts +104 -0
package/src/ports/manifest-registry.contract.test.ts +324 -0
package/src/ports/manifest-registry.ts +188 -0
package/src/ports/observability.contract.test.ts +315 -0
package/src/ports/observability.ts +150 -0
package/src/ports/outcome.ts +69 -0
package/src/ports/privacy.contract.test.ts +413 -0
package/src/ports/privacy.ts +207 -0
package/src/ports/tenant-context.contract.test.ts +454 -0
package/src/ports/tenant-context.ts +150 -0
package/src/ports/vauban-finance-action.contract.test.ts +335 -0
package/src/ports/vauban-finance-action.ts +166 -0
package/src/ports/workflow-runtime.ts +327 -0
package/src/proof/cert-verify.ts +249 -0
package/src/replay/replay.ts +11 -8
package/src/retry/index.ts +227 -0
package/src/retry/presets.ts +75 -0
package/src/skill-loop/ab-runner.ts +196 -0
package/src/skill-loop/adoption.ts +188 -0
package/src/skill-loop/candidate.ts +75 -0
package/src/skill-loop/evaluator.ts +238 -0
package/src/skill-loop/index.ts +51 -0
package/src/skill-loop/reflexion-replay.ts +173 -0
package/src/skill-loop/sign-off.ts +247 -0
package/src/skill-loop/value-metric.ts +120 -0
package/src/skill-loop/versioning.ts +75 -0
package/src/skill-manifest/anchor.ts +401 -0
package/src/skill-manifest/builder.ts +129 -0
package/src/skill-manifest/index.ts +18 -0
package/src/skill-manifest/types.ts +72 -0
package/src/skill-manifest/verifier.ts +198 -0
package/src/skills/errors.ts +30 -2
package/src/skills/index.ts +19 -0
package/src/skills/markdown/loader.ts +129 -0
package/src/skills/markdown/schema.ts +144 -0
package/src/skills/poc-md-loader/e2e-parity.test.ts +237 -0
package/src/skills/poc-md-loader/markdown-loader.ts +161 -0
package/src/skills/poc-md-loader/runner.ts +82 -0
package/src/skills/poc-md-loader/vitest.poc.config.ts +13 -0
package/src/skills/poc-md-loader/web-search/SKILL.md +42 -0
package/src/skills/poc-md-loader/web-search/script.ts +109 -0
package/src/skills/send-email.ts +15 -3
package/src/testing/test-brain-port.ts +98 -24
package/src/testing/test-event-bus.ts +104 -43
package/src/trace/schema.ts +1 -1
package/src/verify/formal/index.ts +154 -0
package/src/verify/formal/policy.ts +253 -0
package/src/verify/formal/result.ts +52 -0
package/src/verify/formal/solver.ts +235 -0
package/src/verify/formal/spec-language.ts +274 -0

package/src/container/runtime.ts ADDED Viewed

@@ -0,0 +1,424 @@
+/**
+ * ContainerRuntime — execute automations as local binaries or as containers,
+ * speaking the {@link ./protocol.ts | Container Execution Protocol}.
+ *
+ * Two modes:
+ *
+ *   - **Binary**: spawn a local executable directly (Rust/Go/Python binary).
+ *     The runtime uses `node:child_process.spawn` by default; tests inject a
+ *     `SpawnFn` to avoid actually running anything.
+ *
+ *   - **Container**: delegate to a host-provided {@link SandboxExecutor}.
+ *     This is structurally compatible with Command Center's `DockerExecutor`
+ *     (hardened isolation), so the SDK stays decoupled from any specific
+ *     sandbox implementation.
+ *
+ * @public @since 1.2.0
+ */
+import { randomUUID } from "node:crypto";
+import { type ChildProcess, spawn as nodeSpawn } from "node:child_process";
+import {
+  buildProtocolEnv,
+  type ExecutionResult,
+  parseProtocolOutput,
+  parseStderrLogs,
+  ProtocolParseError,
+} from "./protocol.js";
+/**
+ * Description of a sandboxed job — structurally identical to Command Center's
+ * `SandboxJob`. Defined here so the SDK has no dependency on a specific
+ * sandbox implementation.
+ *
+ * @public
+ */
+export interface SandboxJob {
+  image: string;
+  command: string[];
+  stdin?: string;
+  env?: Record<string, string>;
+  cwd?: string;
+  timeoutMs: number;
+  networkMode?: "none" | "outbound" | "bridge";
+  readOnlyRoot?: boolean;
+  memoryMb?: number;
+  cpuQuota?: number;
+}
+/**
+ * Outcome of a sandbox run — structurally identical to Command Center's
+ * `SandboxResult`.
+ *
+ * @public
+ */
+export interface SandboxResult {
+  exitCode: number;
+  stdout: string;
+  stderr: string;
+  timedOut: boolean;
+  durationMs: number;
+}
+/**
+ * Port for a process sandbox (Docker, Firecracker, etc.). The host injects an
+ * implementation at runtime; the SDK never depends on a concrete sandbox.
+ *
+ * @public
+ */
+export interface SandboxExecutor {
+  run(job: SandboxJob): Promise<SandboxResult>;
+}
+/**
+ * Spawn function signature, mirrors `node:child_process.spawn`. Injectable so
+ * tests can avoid spawning real subprocesses.
+ *
+ * @public
+ */
+export type SpawnFn = (
+  cmd: string,
+  args: string[],
+  opts: {
+    env?: NodeJS.ProcessEnv;
+    cwd?: string;
+    stdio: ["pipe", "pipe", "pipe"];
+    signal?: AbortSignal;
+  }
+) => ChildProcess;
+/**
+ * Options for {@link ContainerRuntime.executeContainer}.
+ *
+ * @public
+ */
+export interface ContainerExecutionOptions {
+  executionId?: string;
+  timeoutSeconds?: number;
+  extraEnv?: Record<string, string>;
+  mode?: string;
+  networkMode?: "none" | "outbound" | "bridge";
+  readOnlyRoot?: boolean;
+  memoryMb?: number;
+  cpuQuota?: number;
+}
+/**
+ * Options for {@link ContainerRuntime.executeBinary}.
+ *
+ * @public
+ */
+export interface BinaryExecutionOptions {
+  executionId?: string;
+  timeoutSeconds?: number;
+  extraEnv?: Record<string, string>;
+  cwd?: string;
+  mode?: string;
+}
+/**
+ * Construct a {@link ContainerRuntime} bound to a {@link SandboxExecutor}
+ * (for container mode) and optionally a custom {@link SpawnFn} (for binary
+ * mode tests).
+ *
+ * @public
+ */
+export interface ContainerRuntimeOptions {
+  /** Sandbox executor for container mode. Required if executeContainer() is called. */
+  sandbox?: SandboxExecutor;
+  /** Spawn function for binary mode. Defaults to node:child_process.spawn. */
+  spawnFn?: SpawnFn;
+  /** Default timeout when callers don't specify one. */
+  defaultTimeoutSeconds?: number;
+}
+const DEFAULT_TIMEOUT_SECONDS = 300;
+const MAX_OUTPUT_BYTES = 1_048_576; // 1 MB
+const TRUNCATION_MARKER = "\n[TRUNCATED — output exceeded 1 MB]";
+/**
+ * Run automations via either a sandboxed container (host-injected) or a local
+ * binary subprocess. Both paths produce a uniform {@link ExecutionResult}.
+ *
+ * @public
+ */
+export class ContainerRuntime {
+  private readonly sandbox: SandboxExecutor | undefined;
+  private readonly spawnFn: SpawnFn;
+  private readonly defaultTimeoutSeconds: number;
+  constructor(opts: ContainerRuntimeOptions = {}) {
+    this.sandbox = opts.sandbox;
+    this.spawnFn = opts.spawnFn ?? (nodeSpawn as unknown as SpawnFn);
+    this.defaultTimeoutSeconds =
+      opts.defaultTimeoutSeconds ?? DEFAULT_TIMEOUT_SECONDS;
+  }
+  /**
+   * Execute an automation packaged as a container image. Delegates to the
+   * injected {@link SandboxExecutor} so isolation policy (caps, network,
+   * read-only FS) lives in the host implementation.
+   */
+  async executeContainer<T = unknown>(
+    image: string,
+    automationName: string,
+    input: unknown,
+    options: ContainerExecutionOptions = {}
+  ): Promise<ExecutionResult<T>> {
+    if (!this.sandbox) {
+      throw new Error(
+        "ContainerRuntime.executeContainer: no SandboxExecutor injected"
+      );
+    }
+    const executionId = options.executionId ?? randomUUID();
+    const timeoutSeconds = options.timeoutSeconds ?? this.defaultTimeoutSeconds;
+    const startedAt = new Date();
+    const env = buildProtocolEnv({
+      executionId,
+      automationName,
+      input,
+      timeoutSeconds,
+      mode: options.mode,
+      extraEnv: options.extraEnv,
+    });
+    const job: SandboxJob = {
+      image,
+      command: [],
+      env,
+      timeoutMs: timeoutSeconds * 1000,
+      networkMode: options.networkMode ?? "none",
+      readOnlyRoot: options.readOnlyRoot ?? true,
+      memoryMb: options.memoryMb ?? 256,
+      cpuQuota: options.cpuQuota ?? 0.5,
+    };
+    const result = await this.sandbox.run(job);
+    return this.toExecutionResult<T>({
+      executionId,
+      automationName,
+      input,
+      startedAt,
+      sandboxResult: result,
+    });
+  }
+  /**
+   * Execute an automation packaged as a local binary (Rust release, Python
+   * wrapper, shell script). No container — just a hardened subprocess.
+   */
+  async executeBinary<T = unknown>(
+    command: string[],
+    automationName: string,
+    input: unknown,
+    options: BinaryExecutionOptions = {}
+  ): Promise<ExecutionResult<T>> {
+    if (!Array.isArray(command) || command.length === 0) {
+      throw new Error(
+        "ContainerRuntime.executeBinary: command must be a non-empty array"
+      );
+    }
+    const executionId = options.executionId ?? randomUUID();
+    const timeoutSeconds = options.timeoutSeconds ?? this.defaultTimeoutSeconds;
+    const startedAt = new Date();
+    const protocolEnv = buildProtocolEnv({
+      executionId,
+      automationName,
+      input,
+      timeoutSeconds,
+      mode: options.mode,
+      extraEnv: options.extraEnv,
+    });
+    const env: NodeJS.ProcessEnv = { ...process.env, ...protocolEnv };
+    const result = await this.runSubprocess({
+      cmd: command[0]!,
+      args: command.slice(1),
+      env,
+      cwd: options.cwd,
+      timeoutMs: timeoutSeconds * 1000,
+    });
+    return this.toExecutionResult<T>({
+      executionId,
+      automationName,
+      input,
+      startedAt,
+      sandboxResult: result,
+    });
+  }
+  // ─── Internals ────────────────────────────────────────────────────────
+  private async runSubprocess(args: {
+    cmd: string;
+    args: string[];
+    env: NodeJS.ProcessEnv;
+    cwd: string | undefined;
+    timeoutMs: number;
+  }): Promise<SandboxResult> {
+    const startedAt = Date.now();
+    const abortController = new AbortController();
+    const timeoutHandle = setTimeout(
+      () => abortController.abort(),
+      args.timeoutMs
+    );
+    let stdoutBuf = "";
+    let stderrBuf = "";
+    let timedOut = false;
+    const spawnOpts: {
+      env?: NodeJS.ProcessEnv;
+      cwd?: string;
+      stdio: ["pipe", "pipe", "pipe"];
+      signal?: AbortSignal;
+    } = {
+      env: args.env,
+      stdio: ["pipe", "pipe", "pipe"],
+      signal: abortController.signal,
+    };
+    if (args.cwd !== undefined) spawnOpts.cwd = args.cwd;
+    const child = this.spawnFn(args.cmd, args.args, spawnOpts);
+    if (child.stdin) child.stdin.end();
+    child.stdout?.on("data", (chunk: Buffer) => {
+      const remaining = MAX_OUTPUT_BYTES - Buffer.byteLength(stdoutBuf, "utf8");
+      if (remaining <= 0) return;
+      const piece = chunk.toString("utf8");
+      if (Buffer.byteLength(piece, "utf8") <= remaining) {
+        stdoutBuf += piece;
+      } else {
+        stdoutBuf += piece.slice(0, remaining) + TRUNCATION_MARKER;
+      }
+    });
+    child.stderr?.on("data", (chunk: Buffer) => {
+      const remaining = MAX_OUTPUT_BYTES - Buffer.byteLength(stderrBuf, "utf8");
+      if (remaining <= 0) return;
+      const piece = chunk.toString("utf8");
+      if (Buffer.byteLength(piece, "utf8") <= remaining) {
+        stderrBuf += piece;
+      } else {
+        stderrBuf += piece.slice(0, remaining) + TRUNCATION_MARKER;
+      }
+    });
+    const exitCode = await new Promise<number>((resolve) => {
+      child.on("close", (code) => resolve(code ?? 1));
+      child.on("error", (err: NodeJS.ErrnoException) => {
+        if (err.name === "AbortError" || abortController.signal.aborted) {
+          timedOut = true;
+          resolve(137);
+        } else {
+          resolve(1);
+        }
+      });
+    });
+    clearTimeout(timeoutHandle);
+    return {
+      exitCode,
+      stdout: stdoutBuf,
+      stderr: stderrBuf,
+      timedOut,
+      durationMs: Date.now() - startedAt,
+    };
+  }
+  private toExecutionResult<T>(args: {
+    executionId: string;
+    automationName: string;
+    input: unknown;
+    startedAt: Date;
+    sandboxResult: SandboxResult;
+  }): ExecutionResult<T> {
+    const completedAt = new Date(
+      args.startedAt.getTime() + args.sandboxResult.durationMs
+    );
+    const logs = parseStderrLogs(args.sandboxResult.stderr);
+    if (args.sandboxResult.timedOut) {
+      return {
+        executionId: args.executionId,
+        automationName: args.automationName,
+        status: "timeout",
+        input: args.input,
+        error: {
+          code: "TIMEOUT",
+          message: `execution timed out after ${args.sandboxResult.durationMs}ms`,
+        },
+        startedAt: args.startedAt,
+        completedAt,
+        durationMs: args.sandboxResult.durationMs,
+        logs,
+      };
+    }
+    // Try to parse the protocol result FIRST — a non-zero exit with a valid
+    // protocol "failed" payload is a business failure, not a container crash.
+    try {
+      const protocol = parseProtocolOutput<T>(args.sandboxResult.stdout);
+      if (protocol.status === "completed") {
+        return {
+          executionId: args.executionId,
+          automationName: args.automationName,
+          status: "completed",
+          input: args.input,
+          output: protocol.output,
+          startedAt: args.startedAt,
+          completedAt,
+          durationMs: args.sandboxResult.durationMs,
+          logs,
+        };
+      }
+      return {
+        executionId: args.executionId,
+        automationName: args.automationName,
+        status: "failed",
+        input: args.input,
+        error: { ...protocol.error },
+        startedAt: args.startedAt,
+        completedAt,
+        durationMs: args.sandboxResult.durationMs,
+        logs,
+      };
+    } catch (err) {
+      // No parseable protocol output. If the process exited non-zero, surface
+      // it as a container crash; otherwise the binary returned 0 but said
+      // nothing useful — also a protocol violation.
+      const code =
+        args.sandboxResult.exitCode === 0
+          ? "INVALID_OUTPUT"
+          : "CONTAINER_EXIT_ERROR";
+      const message =
+        args.sandboxResult.exitCode === 0
+          ? "process exited 0 but produced no protocol result"
+          : `process exited with code ${args.sandboxResult.exitCode}`;
+      const stderrTail = args.sandboxResult.stderr.slice(-2000);
+      const stdoutTail = args.sandboxResult.stdout.slice(-2000);
+      const rawTail = err instanceof ProtocolParseError ? err.rawTail : "";
+      return {
+        executionId: args.executionId,
+        automationName: args.automationName,
+        status: "failed",
+        input: args.input,
+        error: {
+          code,
+          message,
+          details: { stderr: stderrTail, stdout: stdoutTail, rawTail },
+        },
+        startedAt: args.startedAt,
+        completedAt,
+        durationMs: args.sandboxResult.durationMs,
+        logs,
+      };
+    }
+  }
+}

package/src/db/migrations/026_formal_verify_results.sql ADDED Viewed

@@ -0,0 +1,30 @@
+-- 026_formal_verify_results.sql
+--
+-- Sprint-587 — Persistence for Z3 formal verification outcomes.
+--
+-- One row per (cycle_id, axiom) verification attempt. UNKNOWN and SKIPPED
+-- are first-class states (NOT folded into SAFE/UNSAFE). The `mode` and
+-- `context` columns preserve enough metadata to reproduce the decision
+-- under a different policy without re-running the solver.
+CREATE TABLE IF NOT EXISTS formal_verify_results (
+  id              UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+  cycle_id        TEXT NOT NULL,
+  axiom           TEXT NOT NULL,
+  state           TEXT NOT NULL CHECK (state IN ('SAFE','UNSAFE','UNKNOWN','SKIPPED')),
+  rationale       TEXT,
+  witness         TEXT,
+  counterexample  TEXT,
+  time_ms         INT,
+  mode            TEXT NOT NULL DEFAULT 'permissive'
+                  CHECK (mode IN ('strict','permissive','audit_only')),
+  context         TEXT NOT NULL DEFAULT 'runtime'
+                  CHECK (context IN ('runtime','skill_ingestion')),
+  created_at      TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+CREATE INDEX IF NOT EXISTS idx_formal_verify_cycle
+  ON formal_verify_results (cycle_id);
+CREATE INDEX IF NOT EXISTS idx_formal_verify_state
+  ON formal_verify_results (state, created_at DESC);

package/src/identity/agent-persona.ts ADDED Viewed

@@ -0,0 +1,203 @@
+/**
+ * AgentPersona — load, save, and resolve a per-agent persona.
+ *
+ * Pipeline:
+ *   1. Resolve persona for agent X
+ *   2. base = DEFAULT_PERSONA
+ *   3. brain = loadFromBrain(X) (Tier 3 semantic memory query)
+ *   4. local = loadFromFile(`.cc/persona.yaml`) — optional
+ *   5. effective = merge(base, brain, local)
+ *
+ * Brain entries use category `agent-persona`, tags `["persona", agentId]`.
+ * The latest entry per agent wins (Brain query returns entries sorted by
+ * recency).
+ *
+ * @see ./persona-schema.ts
+ * @public
+ */
+import { readFile, writeFile } from "node:fs/promises";
+import { parse as parseYaml, stringify as stringifyYaml } from "yaml";
+import type { SemanticMemoryPort } from "../ports/brain.js";
+import {
+  DEFAULT_PERSONA,
+  mergePersona,
+  PersonaSchema,
+  validatePersona,
+  type AgentPersona,
+} from "./persona-schema.js";
+export const PERSONA_BRAIN_CATEGORY = "agent-persona";
+/** Tags used to query/archive a persona for a given agent. */
+export function personaTags(agentId: string): string[] {
+  return ["persona", agentId];
+}
+// ─── Brain layer ────────────────────────────────────────────────────────────
+/**
+ * Save (archive) a persona for an agent in Brain Tier 3 (semantic).
+ *
+ * The persona is serialized as JSON in the `content` field — keep this
+ * structured so future queries can parse it deterministically. Tags include
+ * the agent id so per-agent retrieval is precise.
+ *
+ * Returns the archived entry id, or null when the brain port returns null
+ * (e.g. replay mode, no brain configured).
+ */
+export async function savePersonaToBrain(
+  brain: SemanticMemoryPort,
+  agentId: string,
+  persona: AgentPersona
+): Promise<string | null> {
+  validatePersona(persona);
+  // Wrap the JSON body with a discoverable header line — FTS-backed Brain
+  // backends use the query string as a keyword filter, so the content MUST
+  // contain the literal "persona" + agent id for `query("persona ...")` hits.
+  const content = `persona for agent ${agentId}\n${JSON.stringify(persona)}`;
+  const entry = await brain.archive({
+    content,
+    content_type: "persona",
+    category: PERSONA_BRAIN_CATEGORY,
+    tags: personaTags(agentId),
+    metadata: { agent_id: agentId, schema_version: 1 },
+  });
+  return entry?.id ?? null;
+}
+/**
+ * Extract the JSON body from a persona Brain entry (strips the header line).
+ * Returns null if the content doesn't follow the wrapper format.
+ */
+function extractPersonaJson(content: string): string | null {
+  const nl = content.indexOf("\n");
+  if (nl === -1) {
+    // Backward-compat: legacy entries stored raw JSON.
+    return content;
+  }
+  return content.slice(nl + 1);
+}
+/**
+ * Query Brain for the latest persona for an agent.
+ *
+ * Returns the parsed persona or `null` if no entry is found (or if the
+ * latest entry's content does not parse).
+ */
+export async function loadPersonaFromBrain(
+  brain: SemanticMemoryPort,
+  agentId: string
+): Promise<AgentPersona | null> {
+  const results = await brain.query("persona", {
+    category: PERSONA_BRAIN_CATEGORY,
+    tags: personaTags(agentId),
+    limit: 5,
+  });
+  if (results.length === 0) return null;
+  // Prefer the most recent entry by created_at if available.
+  const sorted = [...results].sort((a, b) => {
+    const ta = a.created_at ? Date.parse(a.created_at) : 0;
+    const tb = b.created_at ? Date.parse(b.created_at) : 0;
+    return tb - ta;
+  });
+  for (const entry of sorted) {
+    const json = extractPersonaJson(entry.content);
+    if (!json) continue;
+    try {
+      const parsed = JSON.parse(json) as unknown;
+      const validated = PersonaSchema.safeParse(parsed);
+      if (validated.success) return validated.data;
+    } catch {
+      // skip malformed entry, try next
+    }
+  }
+  return null;
+}
+// ─── File layer ─────────────────────────────────────────────────────────────
+/**
+ * Load a persona from a YAML file. Returns null if the file is missing or
+ * the content does not validate. Throws only on filesystem errors other
+ * than ENOENT.
+ */
+export async function loadPersonaFromFile(
+  path: string
+): Promise<AgentPersona | null> {
+  let raw: string;
+  try {
+    raw = await readFile(path, "utf-8");
+  } catch (err) {
+    const code = (err as NodeJS.ErrnoException).code;
+    if (code === "ENOENT") return null;
+    throw err;
+  }
+  let parsed: unknown;
+  try {
+    parsed = parseYaml(raw);
+  } catch {
+    return null;
+  }
+  const result = PersonaSchema.safeParse(parsed);
+  return result.success ? result.data : null;
+}
+/**
+ * Persist a persona to a YAML file (overwrites). Validates first.
+ */
+export async function savePersonaToFile(
+  path: string,
+  persona: AgentPersona
+): Promise<void> {
+  const validated = validatePersona(persona);
+  const yaml = stringifyYaml(validated, { indent: 2 });
+  await writeFile(path, yaml, "utf-8");
+}
+// ─── Resolution ─────────────────────────────────────────────────────────────
+export interface ResolvePersonaOptions {
+  agentId: string;
+  brain?: SemanticMemoryPort;
+  localPath?: string;
+}
+export interface ResolvedPersona {
+  effective: AgentPersona;
+  /** Layers actually applied, in order (latest wins). */
+  layers: Array<"defaults" | "brain" | "local">;
+}
+/**
+ * Resolve the effective persona for an agent.
+ *
+ * Composition order (each layer overrides the previous):
+ *   1. DEFAULT_PERSONA
+ *   2. Brain entry (Tier 3 semantic, optional)
+ *   3. Local `.cc/persona.yaml` (optional)
+ *
+ * The returned `layers` array documents which sources contributed, useful
+ * for diagnostics (e.g. `cc persona show --explain`).
+ */
+export async function resolvePersona(
+  opts: ResolvePersonaOptions
+): Promise<ResolvedPersona> {
+  const layers: ResolvedPersona["layers"] = ["defaults"];
+  let effective: AgentPersona = DEFAULT_PERSONA;
+  if (opts.brain) {
+    const fromBrain = await loadPersonaFromBrain(opts.brain, opts.agentId);
+    if (fromBrain) {
+      effective = mergePersona(effective, fromBrain);
+      layers.push("brain");
+    }
+  }
+  if (opts.localPath) {
+    const fromFile = await loadPersonaFromFile(opts.localPath);
+    if (fromFile) {
+      effective = mergePersona(effective, fromFile);
+      layers.push("local");
+    }
+  }
+  return { effective, layers };
+}