npm - @vauban-org/agent-sdk - Versions diffs - 1.0.0 → 1.2.0 - Mend

@vauban-org/agent-sdk 1.0.0 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (442) hide show

package/CONTRACT.md +6401 -813
package/dist/adapters/llm/anthropic-direct.d.ts +1 -0
package/dist/adapters/llm/anthropic-direct.d.ts.map +1 -1
package/dist/adapters/llm/anthropic-direct.js +43 -0
package/dist/adapters/llm/anthropic-direct.js.map +1 -1
package/dist/adapters/llm/cascade.d.ts.map +1 -1
package/dist/adapters/llm/cascade.js +57 -14
package/dist/adapters/llm/cascade.js.map +1 -1
package/dist/adapters/llm/litellm.d.ts +2 -0
package/dist/adapters/llm/litellm.d.ts.map +1 -1
package/dist/adapters/llm/litellm.js +44 -0
package/dist/adapters/llm/litellm.js.map +1 -1
package/dist/compute/difficulty-estimator.d.ts +53 -0
package/dist/compute/difficulty-estimator.d.ts.map +1 -0
package/dist/compute/difficulty-estimator.js +82 -0
package/dist/compute/difficulty-estimator.js.map +1 -0
package/dist/compute/strategies/mixture-of-agents.d.ts +40 -0
package/dist/compute/strategies/mixture-of-agents.d.ts.map +1 -0
package/dist/compute/strategies/mixture-of-agents.js +110 -0
package/dist/compute/strategies/mixture-of-agents.js.map +1 -0
package/dist/compute/strategies/tree-of-thoughts.d.ts +48 -0
package/dist/compute/strategies/tree-of-thoughts.d.ts.map +1 -0
package/dist/compute/strategies/tree-of-thoughts.js +242 -0
package/dist/compute/strategies/tree-of-thoughts.js.map +1 -0
package/dist/compute/strategies/two-phase-orient.d.ts +72 -0
package/dist/compute/strategies/two-phase-orient.d.ts.map +1 -0
package/dist/compute/strategies/two-phase-orient.js +85 -0
package/dist/compute/strategies/two-phase-orient.js.map +1 -0
package/dist/constitution/types.d.ts +10 -10
package/dist/container/protocol.d.ts +134 -0
package/dist/container/protocol.d.ts.map +1 -0
package/dist/container/protocol.js +157 -0
package/dist/container/protocol.js.map +1 -0
package/dist/container/runtime.d.ts +140 -0
package/dist/container/runtime.d.ts.map +1 -0
package/dist/container/runtime.js +256 -0
package/dist/container/runtime.js.map +1 -0
package/dist/events/catalogue.d.ts +46 -46
package/dist/events/schemas/agent.completed.v1.d.ts +4 -4
package/dist/events/schemas/agent.failed.v1.d.ts +2 -2
package/dist/events/schemas/agent.hitl_resolved.v1.d.ts +2 -2
package/dist/events/schemas/agent.started.v1.d.ts +2 -2
package/dist/events/schemas/brain.skill.extracted.v1.d.ts +4 -4
package/dist/events/schemas/cc.cost.anomaly_detected.v1.d.ts +2 -2
package/dist/events/schemas/cc.cost.recorded.v1.d.ts +4 -4
package/dist/events/schemas/citadel.sprint.analyzed.v1.d.ts +6 -6
package/dist/events/schemas/citadel.sprint.closed.v1.d.ts +2 -2
package/dist/events/schemas/forge.inbox.reply_classified.v1.d.ts +6 -6
package/dist/events/schemas/forge.lead.qualified.v1.d.ts +2 -2
package/dist/events/schemas/forge.outreach.sent.v1.d.ts +4 -4
package/dist/events/schemas/incident.detected.v1.d.ts +2 -2
package/dist/events/schemas/vauban.goal.checked.v1.d.ts +2 -2
package/dist/events/schemas/vauban.rebalancing.checked.v1.d.ts +2 -2
package/dist/events/schemas/vauban.tax.checked.v1.d.ts +2 -2
package/dist/events/schemas/vauban.vault.analyzed.v1.d.ts +6 -6
package/dist/identity/agent-persona.d.ts +73 -0
package/dist/identity/agent-persona.d.ts.map +1 -0
package/dist/identity/agent-persona.js +165 -0
package/dist/identity/agent-persona.js.map +1 -0
package/dist/identity/persona-prompt.d.ts +25 -0
package/dist/identity/persona-prompt.d.ts.map +1 -0
package/dist/identity/persona-prompt.js +71 -0
package/dist/identity/persona-prompt.js.map +1 -0
package/dist/identity/persona-schema.d.ts +120 -0
package/dist/identity/persona-schema.d.ts.map +1 -0
package/dist/identity/persona-schema.js +103 -0
package/dist/identity/persona-schema.js.map +1 -0
package/dist/index.d.ts +37 -2
package/dist/index.d.ts.map +1 -1
package/dist/index.js +29 -1
package/dist/index.js.map +1 -1
package/dist/loop/minimal-loop.js +293 -287
package/dist/memory/episodic-rrf.d.ts +114 -0
package/dist/memory/episodic-rrf.d.ts.map +1 -0
package/dist/memory/episodic-rrf.js +148 -0
package/dist/memory/episodic-rrf.js.map +1 -0
package/dist/mesh/attenuation.d.ts +78 -0
package/dist/mesh/attenuation.d.ts.map +1 -0
package/dist/mesh/attenuation.js +141 -0
package/dist/mesh/attenuation.js.map +1 -0
package/dist/mesh/delegate.d.ts +96 -0
package/dist/mesh/delegate.d.ts.map +1 -0
package/dist/mesh/delegate.js +172 -0
package/dist/mesh/delegate.js.map +1 -0
package/dist/mesh/dispatcher.d.ts +119 -0
package/dist/mesh/dispatcher.d.ts.map +1 -0
package/dist/mesh/dispatcher.js +207 -0
package/dist/mesh/dispatcher.js.map +1 -0
package/dist/mesh/index.d.ts +12 -0
package/dist/mesh/index.d.ts.map +1 -0
package/dist/mesh/index.js +11 -0
package/dist/mesh/index.js.map +1 -0
package/dist/mesh/types.d.ts +30 -0
package/dist/mesh/types.d.ts.map +1 -0
package/dist/mesh/types.js +11 -0
package/dist/mesh/types.js.map +1 -0
package/dist/orchestration/ooda/skills.d.ts +104 -0
package/dist/orchestration/ooda/skills.d.ts.map +1 -1
package/dist/orchestration/ooda/skills.js +106 -0
package/dist/orchestration/ooda/skills.js.map +1 -1
package/dist/ports/bastion-action.contract.test.d.ts +11 -0
package/dist/ports/bastion-action.contract.test.d.ts.map +1 -0
package/dist/ports/bastion-action.contract.test.js +238 -0
package/dist/ports/bastion-action.contract.test.js.map +1 -0
package/dist/ports/bastion-action.d.ts +133 -0
package/dist/ports/bastion-action.d.ts.map +1 -0
package/dist/ports/bastion-action.js +73 -0
package/dist/ports/bastion-action.js.map +1 -0
package/dist/ports/brain.d.ts +31 -0
package/dist/ports/brain.d.ts.map +1 -1
package/dist/ports/brain.js +115 -1
package/dist/ports/brain.js.map +1 -1
package/dist/ports/citadel-action.contract.test.d.ts +11 -0
package/dist/ports/citadel-action.contract.test.d.ts.map +1 -0
package/dist/ports/citadel-action.contract.test.js +317 -0
package/dist/ports/citadel-action.contract.test.js.map +1 -0
package/dist/ports/citadel-action.d.ts +111 -0
package/dist/ports/citadel-action.d.ts.map +1 -0
package/dist/ports/citadel-action.js +62 -0
package/dist/ports/citadel-action.js.map +1 -0
package/dist/ports/compliance-contract.d.ts +123 -0
package/dist/ports/compliance-contract.d.ts.map +1 -0
package/dist/ports/compliance-contract.js +35 -0
package/dist/ports/compliance-contract.js.map +1 -0
package/dist/ports/db.d.ts +38 -0
package/dist/ports/db.d.ts.map +1 -1
package/dist/ports/db.js +88 -1
package/dist/ports/db.js.map +1 -1
package/dist/ports/delegation.contract.test.d.ts +9 -0
package/dist/ports/delegation.contract.test.d.ts.map +1 -0
package/dist/ports/delegation.contract.test.js +337 -0
package/dist/ports/delegation.contract.test.js.map +1 -0
package/dist/ports/delegation.d.ts +134 -0
package/dist/ports/delegation.d.ts.map +1 -0
package/dist/ports/delegation.js +105 -0
package/dist/ports/delegation.js.map +1 -0
package/dist/ports/event-bus.d.ts +29 -0
package/dist/ports/event-bus.d.ts.map +1 -1
package/dist/ports/event-bus.js +106 -1
package/dist/ports/event-bus.js.map +1 -1
package/dist/ports/federation.contract.test.d.ts +9 -0
package/dist/ports/federation.contract.test.d.ts.map +1 -0
package/dist/ports/federation.contract.test.js +279 -0
package/dist/ports/federation.contract.test.js.map +1 -0
package/dist/ports/federation.d.ts +140 -0
package/dist/ports/federation.d.ts.map +1 -0
package/dist/ports/federation.js +57 -0
package/dist/ports/federation.js.map +1 -0
package/dist/ports/index.d.ts +28 -2
package/dist/ports/index.d.ts.map +1 -1
package/dist/ports/index.js +17 -2
package/dist/ports/index.js.map +1 -1
package/dist/ports/llm-provider.d.ts +37 -0
package/dist/ports/llm-provider.d.ts.map +1 -1
package/dist/ports/llm-provider.js +99 -1
package/dist/ports/llm-provider.js.map +1 -1
package/dist/ports/logger.d.ts +27 -0
package/dist/ports/logger.d.ts.map +1 -1
package/dist/ports/logger.js +87 -0
package/dist/ports/logger.js.map +1 -1
package/dist/ports/manifest-registry.contract.test.d.ts +9 -0
package/dist/ports/manifest-registry.contract.test.d.ts.map +1 -0
package/dist/ports/manifest-registry.contract.test.js +246 -0
package/dist/ports/manifest-registry.contract.test.js.map +1 -0
package/dist/ports/manifest-registry.d.ts +116 -0
package/dist/ports/manifest-registry.d.ts.map +1 -0
package/dist/ports/manifest-registry.js +79 -0
package/dist/ports/manifest-registry.js.map +1 -0
package/dist/ports/observability.contract.test.d.ts +12 -0
package/dist/ports/observability.contract.test.d.ts.map +1 -0
package/dist/ports/observability.contract.test.js +260 -0
package/dist/ports/observability.contract.test.js.map +1 -0
package/dist/ports/observability.d.ts +98 -0
package/dist/ports/observability.d.ts.map +1 -0
package/dist/ports/observability.js +59 -0
package/dist/ports/observability.js.map +1 -0
package/dist/ports/outcome.d.ts +26 -0
package/dist/ports/outcome.d.ts.map +1 -1
package/dist/ports/outcome.js +62 -1
package/dist/ports/outcome.js.map +1 -1
package/dist/ports/privacy.contract.test.d.ts +12 -0
package/dist/ports/privacy.contract.test.d.ts.map +1 -0
package/dist/ports/privacy.contract.test.js +325 -0
package/dist/ports/privacy.contract.test.js.map +1 -0
package/dist/ports/privacy.d.ts +132 -0
package/dist/ports/privacy.d.ts.map +1 -0
package/dist/ports/privacy.js +83 -0
package/dist/ports/privacy.js.map +1 -0
package/dist/ports/tenant-context.contract.test.d.ts +14 -0
package/dist/ports/tenant-context.contract.test.d.ts.map +1 -0
package/dist/ports/tenant-context.contract.test.js +352 -0
package/dist/ports/tenant-context.contract.test.js.map +1 -0
package/dist/ports/tenant-context.d.ts +103 -0
package/dist/ports/tenant-context.d.ts.map +1 -0
package/dist/ports/tenant-context.js +48 -0
package/dist/ports/tenant-context.js.map +1 -0
package/dist/ports/vauban-finance-action.contract.test.d.ts +11 -0
package/dist/ports/vauban-finance-action.contract.test.d.ts.map +1 -0
package/dist/ports/vauban-finance-action.contract.test.js +260 -0
package/dist/ports/vauban-finance-action.contract.test.js.map +1 -0
package/dist/ports/vauban-finance-action.d.ts +106 -0
package/dist/ports/vauban-finance-action.d.ts.map +1 -0
package/dist/ports/vauban-finance-action.js +60 -0
package/dist/ports/vauban-finance-action.js.map +1 -0
package/dist/ports/workflow-runtime.d.ts +204 -0
package/dist/ports/workflow-runtime.d.ts.map +1 -0
package/dist/ports/workflow-runtime.js +72 -0
package/dist/ports/workflow-runtime.js.map +1 -0
package/dist/proof/cert-verify.d.ts +80 -0
package/dist/proof/cert-verify.d.ts.map +1 -0
package/dist/proof/cert-verify.js +178 -0
package/dist/proof/cert-verify.js.map +1 -0
package/dist/replay/replay.d.ts.map +1 -1
package/dist/replay/replay.js +5 -1
package/dist/replay/replay.js.map +1 -1
package/dist/retry/index.d.ts +129 -0
package/dist/retry/index.d.ts.map +1 -0
package/dist/retry/index.js +156 -0
package/dist/retry/index.js.map +1 -0
package/dist/retry/presets.d.ts +39 -0
package/dist/retry/presets.d.ts.map +1 -0
package/dist/retry/presets.js +69 -0
package/dist/retry/presets.js.map +1 -0
package/dist/skill-loop/ab-runner.d.ts +67 -0
package/dist/skill-loop/ab-runner.d.ts.map +1 -0
package/dist/skill-loop/ab-runner.js +160 -0
package/dist/skill-loop/ab-runner.js.map +1 -0
package/dist/skill-loop/adoption.d.ts +67 -0
package/dist/skill-loop/adoption.d.ts.map +1 -0
package/dist/skill-loop/adoption.js +126 -0
package/dist/skill-loop/adoption.js.map +1 -0
package/dist/skill-loop/candidate.d.ts +45 -0
package/dist/skill-loop/candidate.d.ts.map +1 -0
package/dist/skill-loop/candidate.js +43 -0
package/dist/skill-loop/candidate.js.map +1 -0
package/dist/skill-loop/evaluator.d.ts +42 -0
package/dist/skill-loop/evaluator.d.ts.map +1 -0
package/dist/skill-loop/evaluator.js +184 -0
package/dist/skill-loop/evaluator.js.map +1 -0
package/dist/skill-loop/index.d.ts +27 -0
package/dist/skill-loop/index.d.ts.map +1 -0
package/dist/skill-loop/index.js +27 -0
package/dist/skill-loop/index.js.map +1 -0
package/dist/skill-loop/reflexion-replay.d.ts +87 -0
package/dist/skill-loop/reflexion-replay.d.ts.map +1 -0
package/dist/skill-loop/reflexion-replay.js +110 -0
package/dist/skill-loop/reflexion-replay.js.map +1 -0
package/dist/skill-loop/sign-off.d.ts +88 -0
package/dist/skill-loop/sign-off.d.ts.map +1 -0
package/dist/skill-loop/sign-off.js +146 -0
package/dist/skill-loop/sign-off.js.map +1 -0
package/dist/skill-loop/value-metric.d.ts +55 -0
package/dist/skill-loop/value-metric.d.ts.map +1 -0
package/dist/skill-loop/value-metric.js +69 -0
package/dist/skill-loop/value-metric.js.map +1 -0
package/dist/skill-loop/versioning.d.ts +36 -0
package/dist/skill-loop/versioning.d.ts.map +1 -0
package/dist/skill-loop/versioning.js +47 -0
package/dist/skill-loop/versioning.js.map +1 -0
package/dist/skill-manifest/anchor.d.ts +91 -0
package/dist/skill-manifest/anchor.d.ts.map +1 -0
package/dist/skill-manifest/anchor.js +331 -0
package/dist/skill-manifest/anchor.js.map +1 -0
package/dist/skill-manifest/builder.d.ts +47 -0
package/dist/skill-manifest/builder.d.ts.map +1 -0
package/dist/skill-manifest/builder.js +93 -0
package/dist/skill-manifest/builder.js.map +1 -0
package/dist/skill-manifest/index.d.ts +13 -0
package/dist/skill-manifest/index.d.ts.map +1 -0
package/dist/skill-manifest/index.js +9 -0
package/dist/skill-manifest/index.js.map +1 -0
package/dist/skill-manifest/types.d.ts +67 -0
package/dist/skill-manifest/types.d.ts.map +1 -0
package/dist/skill-manifest/types.js +16 -0
package/dist/skill-manifest/types.js.map +1 -0
package/dist/skill-manifest/verifier.d.ts +42 -0
package/dist/skill-manifest/verifier.d.ts.map +1 -0
package/dist/skill-manifest/verifier.js +136 -0
package/dist/skill-manifest/verifier.js.map +1 -0
package/dist/skills/brain-query.d.ts +4 -4
package/dist/skills/brain-store.d.ts +6 -6
package/dist/skills/errors.d.ts +15 -0
package/dist/skills/errors.d.ts.map +1 -1
package/dist/skills/errors.js +21 -0
package/dist/skills/errors.js.map +1 -1
package/dist/skills/hitl-request.d.ts +2 -2
package/dist/skills/index.d.ts +3 -1
package/dist/skills/index.d.ts.map +1 -1
package/dist/skills/index.js +4 -1
package/dist/skills/index.js.map +1 -1
package/dist/skills/markdown/loader.d.ts +52 -0
package/dist/skills/markdown/loader.d.ts.map +1 -0
package/dist/skills/markdown/loader.js +93 -0
package/dist/skills/markdown/loader.js.map +1 -0
package/dist/skills/markdown/schema.d.ts +432 -0
package/dist/skills/markdown/schema.d.ts.map +1 -0
package/dist/skills/markdown/schema.js +121 -0
package/dist/skills/markdown/schema.js.map +1 -0
package/dist/skills/poc-md-loader/markdown-loader.d.ts +77 -0
package/dist/skills/poc-md-loader/markdown-loader.d.ts.map +1 -0
package/dist/skills/poc-md-loader/markdown-loader.js +125 -0
package/dist/skills/poc-md-loader/markdown-loader.js.map +1 -0
package/dist/skills/poc-md-loader/runner.d.ts +24 -0
package/dist/skills/poc-md-loader/runner.d.ts.map +1 -0
package/dist/skills/poc-md-loader/runner.js +57 -0
package/dist/skills/poc-md-loader/runner.js.map +1 -0
package/dist/skills/poc-md-loader/vitest.poc.config.d.ts +3 -0
package/dist/skills/poc-md-loader/vitest.poc.config.d.ts.map +1 -0
package/dist/skills/poc-md-loader/vitest.poc.config.js +13 -0
package/dist/skills/poc-md-loader/vitest.poc.config.js.map +1 -0
package/dist/skills/poc-md-loader/web-search/script.d.ts +33 -0
package/dist/skills/poc-md-loader/web-search/script.d.ts.map +1 -0
package/dist/skills/poc-md-loader/web-search/script.js +75 -0
package/dist/skills/poc-md-loader/web-search/script.js.map +1 -0
package/dist/skills/record-outcome.d.ts +4 -4
package/dist/skills/send-email.d.ts.map +1 -1
package/dist/skills/send-email.js +15 -3
package/dist/skills/send-email.js.map +1 -1
package/dist/skills/slack-notify.d.ts +4 -4
package/dist/skills/starknet-balance.d.ts +1 -1
package/dist/skills/telegram-notify.d.ts +4 -4
package/dist/skills/web-search.d.ts +1 -1
package/dist/testing/index.d.ts +3 -0
package/dist/testing/test-brain-port.d.ts +4 -0
package/dist/testing/test-brain-port.d.ts.map +1 -1
package/dist/testing/test-brain-port.js +75 -20
package/dist/testing/test-brain-port.js.map +1 -1
package/dist/testing/test-event-bus.d.ts.map +1 -1
package/dist/testing/test-event-bus.js +89 -36
package/dist/testing/test-event-bus.js.map +1 -1
package/dist/trace/schema.d.ts +1 -1
package/dist/trace/schema.d.ts.map +1 -1
package/dist/trace/schema.js +1 -1
package/dist/trace/schema.js.map +1 -1
package/dist/verify/formal/index.d.ts +44 -0
package/dist/verify/formal/index.d.ts.map +1 -0
package/dist/verify/formal/index.js +98 -0
package/dist/verify/formal/index.js.map +1 -0
package/dist/verify/formal/policy.d.ts +105 -0
package/dist/verify/formal/policy.d.ts.map +1 -0
package/dist/verify/formal/policy.js +159 -0
package/dist/verify/formal/policy.js.map +1 -0
package/dist/verify/formal/result.d.ts +50 -0
package/dist/verify/formal/result.d.ts.map +1 -0
package/dist/verify/formal/result.js +21 -0
package/dist/verify/formal/result.js.map +1 -0
package/dist/verify/formal/solver.d.ts +67 -0
package/dist/verify/formal/solver.d.ts.map +1 -0
package/dist/verify/formal/solver.js +184 -0
package/dist/verify/formal/solver.js.map +1 -0
package/dist/verify/formal/spec-language.d.ts +80 -0
package/dist/verify/formal/spec-language.d.ts.map +1 -0
package/dist/verify/formal/spec-language.js +219 -0
package/dist/verify/formal/spec-language.js.map +1 -0
package/docs/attestation.md +199 -0
package/docs/identity.md +193 -0
package/package.json +34 -17
package/src/adapters/llm/anthropic-direct.ts +51 -0
package/src/adapters/llm/cascade.ts +64 -19
package/src/adapters/llm/litellm.ts +49 -0
package/src/compute/difficulty-estimator.ts +111 -0
package/src/compute/strategies/mixture-of-agents.ts +150 -0
package/src/compute/strategies/tree-of-thoughts.ts +293 -0
package/src/compute/strategies/two-phase-orient.ts +147 -0
package/src/container/protocol.ts +243 -0
package/src/container/runtime.ts +424 -0
package/src/db/migrations/026_formal_verify_results.sql +30 -0
package/src/identity/agent-persona.ts +203 -0
package/src/identity/persona-prompt.ts +84 -0
package/src/identity/persona-schema.ts +127 -0
package/src/index.ts +338 -1
package/src/memory/episodic-rrf.ts +224 -0
package/src/mesh/attenuation.ts +190 -0
package/src/mesh/delegate.ts +254 -0
package/src/mesh/dispatcher.ts +301 -0
package/src/mesh/index.ts +39 -0
package/src/mesh/types.ts +31 -0
package/src/orchestration/ooda/skills.ts +177 -0
package/src/ports/bastion-action.contract.test.ts +355 -0
package/src/ports/bastion-action.ts +198 -0
package/src/ports/brain.ts +177 -15
package/src/ports/citadel-action.contract.test.ts +430 -0
package/src/ports/citadel-action.ts +174 -0
package/src/ports/compliance-contract.ts +191 -0
package/src/ports/db.ts +98 -0
package/src/ports/delegation.contract.test.ts +428 -0
package/src/ports/delegation.ts +211 -0
package/src/ports/event-bus.ts +133 -0
package/src/ports/federation.contract.test.ts +355 -0
package/src/ports/federation.ts +190 -0
package/src/ports/index.ts +186 -1
package/src/ports/llm-provider.ts +123 -0
package/src/ports/logger.ts +104 -0
package/src/ports/manifest-registry.contract.test.ts +324 -0
package/src/ports/manifest-registry.ts +188 -0
package/src/ports/observability.contract.test.ts +315 -0
package/src/ports/observability.ts +150 -0
package/src/ports/outcome.ts +69 -0
package/src/ports/privacy.contract.test.ts +413 -0
package/src/ports/privacy.ts +207 -0
package/src/ports/tenant-context.contract.test.ts +454 -0
package/src/ports/tenant-context.ts +150 -0
package/src/ports/vauban-finance-action.contract.test.ts +335 -0
package/src/ports/vauban-finance-action.ts +166 -0
package/src/ports/workflow-runtime.ts +327 -0
package/src/proof/cert-verify.ts +249 -0
package/src/replay/replay.ts +11 -8
package/src/retry/index.ts +227 -0
package/src/retry/presets.ts +75 -0
package/src/skill-loop/ab-runner.ts +196 -0
package/src/skill-loop/adoption.ts +188 -0
package/src/skill-loop/candidate.ts +75 -0
package/src/skill-loop/evaluator.ts +238 -0
package/src/skill-loop/index.ts +51 -0
package/src/skill-loop/reflexion-replay.ts +173 -0
package/src/skill-loop/sign-off.ts +247 -0
package/src/skill-loop/value-metric.ts +120 -0
package/src/skill-loop/versioning.ts +75 -0
package/src/skill-manifest/anchor.ts +401 -0
package/src/skill-manifest/builder.ts +129 -0
package/src/skill-manifest/index.ts +18 -0
package/src/skill-manifest/types.ts +72 -0
package/src/skill-manifest/verifier.ts +198 -0
package/src/skills/errors.ts +30 -2
package/src/skills/index.ts +19 -0
package/src/skills/markdown/loader.ts +129 -0
package/src/skills/markdown/schema.ts +144 -0
package/src/skills/poc-md-loader/e2e-parity.test.ts +237 -0
package/src/skills/poc-md-loader/markdown-loader.ts +161 -0
package/src/skills/poc-md-loader/runner.ts +82 -0
package/src/skills/poc-md-loader/vitest.poc.config.ts +13 -0
package/src/skills/poc-md-loader/web-search/SKILL.md +42 -0
package/src/skills/poc-md-loader/web-search/script.ts +109 -0
package/src/skills/send-email.ts +15 -3
package/src/testing/test-brain-port.ts +98 -24
package/src/testing/test-event-bus.ts +104 -43
package/src/trace/schema.ts +1 -1
package/src/verify/formal/index.ts +154 -0
package/src/verify/formal/policy.ts +253 -0
package/src/verify/formal/result.ts +52 -0
package/src/verify/formal/solver.ts +235 -0
package/src/verify/formal/spec-language.ts +274 -0

package/src/ports/event-bus.ts CHANGED Viewed

@@ -19,6 +19,10 @@
  * ADR-ECO-017: Cross-product events MUST carry a DomainEvent signature.
  * Use DomainEvent for inter-product events and CloudEvent for intra-product.
  *
+ * OTel instrumentation: import { createTracedEventBusPort } to wrap any
+ * EventBusPort implementation with OpenTelemetry spans per publish/subscribe call.
+ * Gracefully degrades to noop spans when no OTel SDK is installed.
+ *
  * @public
  */
@@ -179,3 +183,132 @@ export interface EventBusPort {
    */
   pendingCount(stream: string, consumerGroup: string): Promise<number>;
 }
+// ─── Typed errors ─────────────────────────────────────────────────────────────
+/**
+ * Thrown when an event could not be published to Redis (connection lost,
+ * stream key conflict, or OOM on XADD). The original event is available
+ * for retry or DLQ routing.
+ */
+export class EventPublishError extends Error {
+  /** The stream key the event was targeting. */
+  readonly stream: string;
+  /** The event id (UUIDv7) that failed to publish. */
+  readonly eventId: string;
+  constructor(
+    message: string,
+    stream: string,
+    eventId: string,
+    public readonly cause?: unknown
+  ) {
+    super(message);
+    this.name = "EventPublishError";
+    this.stream = stream;
+    this.eventId = eventId;
+    Object.setPrototypeOf(this, new.target.prototype);
+  }
+}
+// ─── OTel-traced wrapper ──────────────────────────────────────────────────────
+import type { Span } from "@opentelemetry/api";
+import { SpanStatusCode, trace } from "@opentelemetry/api";
+const PORT_TRACER = trace.getTracer("vauban-agent-sdk.ports", "0.1.0");
+/**
+ * Wrap any EventBusPort implementation with OTel spans.
+ * Publishes and subscribeDomain calls each get a span with the event type
+ * and stream as attributes. Gracefully degrades to noop spans when no OTel
+ * SDK is installed.
+ *
+ * Usage:
+ *   const raw: EventBusPort = buildRedisEventBus(...);
+ *   const traced = createTracedEventBusPort(raw);
+ *   await traced.publish(event, "vault.events") // emits "event-bus.publish" span
+ */
+export function createTracedEventBusPort(impl: EventBusPort): EventBusPort {
+  function spanName(op: string): string {
+    return `event-bus.${op}`;
+  }
+  return {
+    async publish(event, stream) {
+      return PORT_TRACER.startActiveSpan(
+        spanName("publish"),
+        {
+          attributes: {
+            "event.type": event.type,
+            "event.stream": stream,
+            "event.id": event.id,
+            "vauban.port.name": "event-bus",
+          },
+        },
+        async (span: Span) => {
+          try {
+            await impl.publish(event, stream);
+            span.setStatus({ code: SpanStatusCode.OK });
+          } catch (err) {
+            const message = err instanceof Error ? err.message : String(err);
+            span.setStatus({ code: SpanStatusCode.ERROR, message });
+            if (err instanceof Error) span.recordException(err);
+            throw err;
+          } finally {
+            span.end();
+          }
+        }
+      );
+    },
+    async publishWithIdempotency<T>(
+      event: Omit<DomainEvent<T>, "signature">,
+      key: string
+    ) {
+      return PORT_TRACER.startActiveSpan(
+        spanName("publishWithIdempotency"),
+        {
+          attributes: {
+            "event.type": event.type,
+            "event.idempotency_key": key,
+            "vauban.port.name": "event-bus",
+          },
+        },
+        async (span: Span) => {
+          try {
+            await impl.publishWithIdempotency<T>(event, key);
+            span.setStatus({ code: SpanStatusCode.OK });
+          } catch (err) {
+            const message = err instanceof Error ? err.message : String(err);
+            span.setStatus({ code: SpanStatusCode.ERROR, message });
+            if (err instanceof Error) span.recordException(err);
+            throw err;
+          } finally {
+            span.end();
+          }
+        }
+      );
+    },
+    subscribeDomain<T>(
+      eventType: string,
+      handler: (event: DomainEvent<T>) => Promise<void>,
+      opts?: { groupId?: string; dlq?: string }
+    ) {
+      return impl.subscribeDomain<T>(eventType, handler, opts);
+    },
+    replayFrom(streamKey, fromId) {
+      return impl.replayFrom(streamKey, fromId);
+    },
+    dlq() {
+      return impl.dlq();
+    },
+    pendingCount(stream, consumerGroup) {
+      return impl.pendingCount(stream, consumerGroup);
+    },
+  };
+}

package/src/ports/federation.contract.test.ts ADDED Viewed

@@ -0,0 +1,355 @@
+/**
+ * FederationPort contract tests (S4 spec).
+ *
+ * Applied to any FederationPort implementation.
+ * Verifies: send→receive roundtrip, signature verification, delegation chain preservation,
+ * consistent hash routing determinism, replay protection via nonce.
+ */
+import { describe, expect, test } from "vitest";
+import type {
+  FederationMessage,
+  FederationMessageHeader,
+  ContentClaim,
+  TransportMeta,
+} from "./federation.js";
+import {
+  FederationSignatureInvalidError,
+  FederationDelegationChainError,
+  FederationMessageExpiredError,
+} from "./federation.js";
+/**
+ * Factory function to create a minimal valid FederationMessage for testing.
+ */
+function makeFederationMessage(
+  overrides: Partial<FederationMessage> = {}
+): FederationMessage {
+  const now = new Date().toISOString();
+  const expiresAt = new Date(Date.now() + 86400000).toISOString(); // +24h
+  const header: FederationMessageHeader = {
+    message_id: crypto.randomUUID(),
+    from_agent: {
+      agent_id: "vauban.cc.test@v1.0",
+      tenant_id: "test-tenant-1",
+      agent_card_url: "https://example.com/cards/test-agent",
+    },
+    to_agent: {
+      agent_id: "vauban.cc.receiver@v1.0",
+      tenant_id: "test-tenant-2",
+    },
+    correlation_id: crypto.randomUUID(),
+    timestamp: now,
+    nonce: crypto.getRandomValues(new Uint8Array(32)).toString(),
+  };
+  const contentClaim: ContentClaim = {
+    subject: `digest:${header.message_id}`,
+    predicate: {
+      domain: "vauban.federation.message.v1",
+      body: {
+        action: "test_message",
+        payload: { test_data: "hello world" },
+      },
+    },
+    evidence: {
+      proof: "ed25519_" + crypto.randomUUID().replace(/-/g, "").slice(0, 32),
+      public_inputs: {
+        from_agent: header.from_agent.agent_id,
+        to_agent: header.to_agent.agent_id,
+      },
+    },
+    temporal_frame: {
+      not_before: now,
+      not_after: expiresAt,
+      revoked_at: null,
+    },
+    revelation_mask: {
+      disclosed: ["/subject", "/predicate", "/temporal_frame"],
+      committed: [],
+    },
+    anchor: [
+      {
+        chain: "StarknetMainnet",
+        tx_hash: "0x" + crypto.randomUUID().replace(/-/g, "").slice(0, 32),
+      },
+    ],
+  };
+  const transport: TransportMeta = {
+    protocol: "mcp",
+    version: "1.0.0",
+    jws_signature:
+      "eyJ" +
+      crypto.randomUUID().replace(/-/g, "").slice(0, 48) +
+      ".payload.signature",
+  };
+  return {
+    id: header.message_id,
+    header,
+    content_claim: contentClaim,
+    transport,
+    ...overrides,
+  };
+}
+export const federationPortContract = (factory: () => any) => {
+  describe("FederationPort contract", () => {
+    test("send→receive roundtrip delivers message to destination tenant", async () => {
+      const port = factory();
+      const msg = makeFederationMessage();
+      // Send message
+      const msgId = await port.send(msg);
+      expect(msgId).toBe(msg.id);
+      // Receive should deliver it to the destination tenant
+      const received = await port.receive({
+        destinationTenantId: msg.header.to_agent.tenant_id,
+        timeout: 2000,
+      });
+      expect(received.length).toBeGreaterThan(0);
+      const deliveredMsg = received.find(
+        (m: FederationMessage) => m.id === msg.id
+      );
+      expect(deliveredMsg).toBeDefined();
+      expect(deliveredMsg?.header.to_agent.tenant_id).toBe(
+        msg.header.to_agent.tenant_id
+      );
+    });
+    test("verifyMessage rejects tampered signature", async () => {
+      const port = factory();
+      const msg = makeFederationMessage();
+      // Tamper with the signature
+      const tamperedMsg: FederationMessage = {
+        ...msg,
+        transport: {
+          ...msg.transport,
+          jws_signature: "invalid_signature_header.payload.signature",
+        },
+      };
+      const result = await port.verifyMessage(tamperedMsg);
+      expect(result.valid).toBe(false);
+      expect(result.errors.length).toBeGreaterThan(0);
+    });
+    test("verifyMessage accepts valid message signature and structure", async () => {
+      const port = factory();
+      const msg = makeFederationMessage();
+      // For this test, we mock a proper signature check
+      // In real implementation, this would verify Ed25519
+      const result = await port.verifyMessage(msg);
+      // Result should indicate validation (or require real crypto)
+      // This test is structural — real crypto is adapter responsibility
+      expect(result.signer_agent_id).toBeDefined();
+    });
+    test("delegation chain narrowing is preserved (R-1 invariant)", async () => {
+      const port = factory();
+      // Message with delegation chain showing authority narrowing
+      const msg = makeFederationMessage({
+        delegation_chain: [
+          {
+            id: crypto.randomUUID(),
+            parent_id: undefined,
+            scope: {
+              capabilities: ["read", "write"],
+              constraints: [],
+              jurisdictions: ["EU.v1"],
+              expires_at: new Date(Date.now() + 86400000).toISOString(),
+            },
+            ed25519_sig: "sig1",
+            ttl: 86400,
+            issuer: "root-agent",
+            holder: "intermediate-agent",
+          } as any,
+          {
+            id: crypto.randomUUID(),
+            parent_id: "parent1",
+            scope: {
+              capabilities: ["read"], // narrowed from ["read", "write"]
+              constraints: [],
+              jurisdictions: ["EU.v1"],
+              expires_at: new Date(Date.now() + 86400000).toISOString(),
+            },
+            ed25519_sig: "sig2",
+            ttl: 86400,
+            issuer: "intermediate-agent",
+            holder: "delegated-agent",
+          } as any,
+        ],
+      });
+      // Send and verify
+      const msgId = await port.send(msg);
+      expect(msgId).toBe(msg.id);
+      const result = await port.verifyMessage(msg);
+      // Delegation chain should be preserved
+      expect(result.chain_depth).toBe(2);
+    });
+    test("routing by consistent hash is deterministic", async () => {
+      const port = factory();
+      // Two messages from same tenant should hash to same node
+      const msg1 = makeFederationMessage({
+        header: {
+          ...makeFederationMessage().header,
+          message_id: "msg-1",
+        } as any,
+      });
+      const msg2 = makeFederationMessage({
+        header: {
+          ...makeFederationMessage().header,
+          message_id: "msg-2",
+          to_agent: { ...msg1.header.to_agent }, // same dest tenant
+        } as any,
+      });
+      // Both sent to same tenant
+      await port.send(msg1);
+      await port.send(msg2);
+      // Receive from that tenant — both should arrive
+      const received = await port.receive({
+        destinationTenantId: msg1.header.to_agent.tenant_id,
+        maxMessages: 10,
+        timeout: 1000,
+      });
+      const ids = received.map((m: FederationMessage) => m.id);
+      expect(ids).toContain("msg-1");
+      expect(ids).toContain("msg-2");
+    });
+    test("expired message is rejected by verifyMessage", async () => {
+      const port = factory();
+      const now = new Date();
+      const expired = new Date(now.getTime() - 3600000); // 1h ago
+      const msg = makeFederationMessage({
+        content_claim: {
+          ...makeFederationMessage().content_claim,
+          temporal_frame: {
+            not_before: new Date(now.getTime() - 7200000).toISOString(),
+            not_after: expired.toISOString(),
+            revoked_at: null,
+          },
+        },
+      });
+      const result = await port.verifyMessage(msg);
+      expect(result.valid).toBe(false);
+      expect(result.errors.some((e: string) => e.includes("expired"))).toBe(
+        true
+      );
+    });
+    test("ack marks message as consumed and prevents redelivery", async () => {
+      const port = factory();
+      const msg = makeFederationMessage();
+      await port.send(msg);
+      // First receive
+      let received = await port.receive({
+        destinationTenantId: msg.header.to_agent.tenant_id,
+        timeout: 1000,
+      });
+      expect(received.length).toBeGreaterThan(0);
+      const msgId = received[0]!.id;
+      // Ack it
+      await port.ack(msgId);
+      // Second receive should NOT return the same message
+      received = await port.receive({
+        destinationTenantId: msg.header.to_agent.tenant_id,
+        timeout: 500,
+      });
+      const acked = received.find((m: FederationMessage) => m.id === msgId);
+      expect(acked).toBeUndefined();
+    });
+    test("nack returns message to queue (max 3 attempts)", async () => {
+      const port = factory();
+      const msg = makeFederationMessage();
+      await port.send(msg);
+      const received = await port.receive({
+        destinationTenantId: msg.header.to_agent.tenant_id,
+        timeout: 1000,
+      });
+      expect(received.length).toBeGreaterThan(0);
+      const msgId = received[0]!.id;
+      // Nack it (1st time)
+      await port.nack(msgId, "retry");
+      // Should reappear in next receive
+      const redelivered = await port.receive({
+        destinationTenantId: msg.header.to_agent.tenant_id,
+        timeout: 1000,
+      });
+      const redeliveredMsg = redelivered.find(
+        (m: FederationMessage) => m.id === msgId
+      );
+      expect(redeliveredMsg).toBeDefined();
+    });
+  });
+};
+// ─── Apply contract to test implementations ────────────────────────────────
+// Placeholder: real implementations will hook this up
+// federationPortContract(() => new MyFederationPortImpl());
+// ─── Error type tests ─────────────────────────────────────────────────────
+describe("FederationPort — error types", () => {
+  test("FederationSignatureInvalidError captures messageId and reason", () => {
+    const err = new FederationSignatureInvalidError(
+      "msg-123",
+      "Ed25519 verification failed"
+    );
+    expect(err.messageId).toBe("msg-123");
+    expect(err.reason).toContain("Ed25519");
+    expect(err.name).toBe("FederationSignatureInvalidError");
+  });
+  test("FederationDelegationChainError captures depth and reason", () => {
+    const err = new FederationDelegationChainError(
+      "msg-456",
+      3,
+      "Narrowing invariant violated"
+    );
+    expect(err.messageId).toBe("msg-456");
+    expect(err.chainDepth).toBe(3);
+    expect(err.reason).toContain("Narrowing");
+    expect(err.name).toBe("FederationDelegationChainError");
+  });
+  test("FederationMessageExpiredError captures temporal bounds", () => {
+    const notAfter = "2025-01-01T00:00:00Z";
+    const err = new FederationMessageExpiredError("msg-789", notAfter);
+    expect(err.messageId).toBe("msg-789");
+    expect(err.notAfter).toBe(notAfter);
+    expect(err.name).toBe("FederationMessageExpiredError");
+  });
+});

package/src/ports/federation.ts ADDED Viewed

@@ -0,0 +1,190 @@
+/**
+ * FederationPort — agent-to-agent messaging with cryptographic provenance (S4 spec).
+ *
+ * Implements A2A v1.0 transport (JWS RFC 7515) superset with Vauban Claim sextuplet
+ * payload. Messages routed by consistent hashing on tenant_id. Delegation chains preserved.
+ * Ed25519 signatures over CBOR canonical encoding.
+ *
+ * Spec: docs/plans/PreCarre/canonical/specs/S4.md
+ */
+// ─── Message types (S4 §3) ────────────────────────────────────────────────────
+export type Protocol = "mcp" | "a2a-jsonrpc" | "a2a-grpc" | "http-gateway";
+export interface AgentRef {
+  readonly agent_id: string; // e.g. "vauban.cc.synthesizer@v2.1"
+  readonly tenant_id: string; // crosslink S2
+  readonly agent_card_url?: string; // A2A discovery URL
+}
+export interface FederationMessageHeader {
+  readonly message_id: string; // UUIDv7, timestamp-ordered
+  readonly from_agent: AgentRef;
+  readonly to_agent: AgentRef;
+  readonly correlation_id: string; // conversation tracking
+  readonly causation_id?: string; // parent message in chain
+  readonly timestamp: string; // ISO 8601
+  readonly nonce: string; // 32-byte hex, replay protection
+}
+export interface TransportMeta {
+  readonly protocol: Protocol;
+  readonly version: string; // SemVer
+  readonly jws_signature: string; // RFC 7515 JWS (outer, transport-level)
+}
+/**
+ * Content claim payload — Vauban Claim sextuplet.
+ * Domain normalized to "vauban.federation.message.v1" for all S4 messages.
+ */
+export interface ContentClaim {
+  readonly subject: string; // ArtefactDigest(message_id)
+  readonly predicate: {
+    readonly domain: "vauban.federation.message.v1";
+    readonly body: Record<string, unknown>; // action + payload
+  };
+  readonly evidence: {
+    readonly proof: string; // Ed25519 hex signature
+    readonly public_inputs: Record<string, unknown>;
+  };
+  readonly temporal_frame: {
+    readonly not_before: string; // ISO 8601
+    readonly not_after: string; // ISO 8601
+    readonly revoked_at?: string | null;
+  };
+  readonly revelation_mask: {
+    readonly disclosed: string[]; // JSON pointers
+    readonly committed: string[];
+  };
+  readonly anchor: ReadonlyArray<{
+    readonly chain: "StarknetMainnet" | "StarknetL3Glacis";
+    readonly tx_hash?: string;
+  }>;
+}
+export interface FederationMessage {
+  readonly id: string;
+  readonly header: FederationMessageHeader;
+  readonly content_claim: ContentClaim;
+  readonly transport: TransportMeta;
+  readonly delegation_chain?: ReadonlyArray<{
+    readonly id: string;
+    readonly parent_id?: string;
+    readonly scope: {
+      readonly capabilities: ReadonlyArray<string>;
+      readonly constraints: ReadonlyArray<unknown>;
+      readonly jurisdictions: ReadonlyArray<string>;
+      readonly expires_at: string;
+    };
+    readonly ed25519_sig: string;
+  }>; // optional narrow chain
+}
+export type MessageId = string;
+// ─── Verification result ──────────────────────────────────────────────────────
+export interface VerifyResult {
+  readonly valid: boolean;
+  readonly errors: string[]; // empty if valid
+  readonly signer_agent_id?: string; // extracted from signature
+  readonly chain_depth?: number; // delegation chain length if present
+}
+// ─── Receive options ─────────────────────────────────────────────────────────
+export interface ReceiveOpts {
+  readonly destinationTenantId?: string; // filter by dest
+  readonly timeout?: number; // ms, default 5000
+  readonly maxMessages?: number; // batch size, default 10
+}
+// ─── FederationPort interface ────────────────────────────────────────────────
+export interface FederationPort {
+  /**
+   * Send a message to another agent.
+   * Message is JWS-signed and routed by consistent hashing on destination tenant_id.
+   * Returns message_id on success.
+   */
+  send(
+    message: FederationMessage,
+    opts?: { timeoutMs?: number }
+  ): Promise<MessageId>;
+  /**
+   * Receive pending messages (subscriber pattern).
+   * Messages are routed to this agent's tenant by consistent hash.
+   * Returns empty array if no messages within timeout window.
+   */
+  receive(opts?: ReceiveOpts): Promise<FederationMessage[]>;
+  /**
+   * Verify JWS signature and Claim sextuplet integrity.
+   * Checks Ed25519 signature, CBOR canonicalization, temporal bounds, delegation chain narrowing.
+   * Does NOT verify on-chain anchor (separate concern).
+   */
+  verifyMessage(msg: FederationMessage): Promise<VerifyResult>;
+  /**
+   * Acknowledge a received message to mark it as consumed.
+   * Prevents redelivery.
+   */
+  ack(messageId: MessageId): Promise<void>;
+  /**
+   * Nack a message to return it to the queue (poison pill protection).
+   * Max 3 nacks per message, then dead-letter.
+   */
+  nack(messageId: MessageId, reason?: string): Promise<void>;
+}
+// ─── Typed errors ─────────────────────────────────────────────────────────────
+export class FederationSignatureInvalidError extends Error {
+  constructor(
+    public readonly messageId: string,
+    public readonly reason: string
+  ) {
+    super(`Federation signature invalid (${messageId}): ${reason}`);
+    this.name = "FederationSignatureInvalidError";
+    Object.setPrototypeOf(this, new.target.prototype);
+  }
+}
+export class FederationRoutingError extends Error {
+  constructor(
+    public readonly tenantId: string,
+    public readonly reason: string
+  ) {
+    super(`Federation routing failed for tenant ${tenantId}: ${reason}`);
+    this.name = "FederationRoutingError";
+    Object.setPrototypeOf(this, new.target.prototype);
+  }
+}
+export class FederationDelegationChainError extends Error {
+  constructor(
+    public readonly messageId: string,
+    public readonly chainDepth: number,
+    public readonly reason: string
+  ) {
+    super(
+      `Federation delegation chain invalid (${messageId}, depth=${chainDepth}): ${reason}`
+    );
+    this.name = "FederationDelegationChainError";
+    Object.setPrototypeOf(this, new.target.prototype);
+  }
+}
+export class FederationMessageExpiredError extends Error {
+  constructor(
+    public readonly messageId: string,
+    public readonly notAfter: string
+  ) {
+    super(`Federation message expired (${messageId}): not_after=${notAfter}`);
+    this.name = "FederationMessageExpiredError";
+    Object.setPrototypeOf(this, new.target.prototype);
+  }
+}