@vauban-org/agent-sdk 1.0.0 → 1.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CONTRACT.md +6918 -742
- package/dist/adapters/llm/anthropic-direct.d.ts +1 -0
- package/dist/adapters/llm/anthropic-direct.d.ts.map +1 -1
- package/dist/adapters/llm/anthropic-direct.js +43 -0
- package/dist/adapters/llm/anthropic-direct.js.map +1 -1
- package/dist/adapters/llm/cascade.d.ts.map +1 -1
- package/dist/adapters/llm/cascade.js +57 -14
- package/dist/adapters/llm/cascade.js.map +1 -1
- package/dist/adapters/llm/litellm.d.ts +2 -0
- package/dist/adapters/llm/litellm.d.ts.map +1 -1
- package/dist/adapters/llm/litellm.js +44 -0
- package/dist/adapters/llm/litellm.js.map +1 -1
- package/dist/compute/difficulty-estimator.d.ts +53 -0
- package/dist/compute/difficulty-estimator.d.ts.map +1 -0
- package/dist/compute/difficulty-estimator.js +82 -0
- package/dist/compute/difficulty-estimator.js.map +1 -0
- package/dist/compute/strategies/mixture-of-agents.d.ts +40 -0
- package/dist/compute/strategies/mixture-of-agents.d.ts.map +1 -0
- package/dist/compute/strategies/mixture-of-agents.js +110 -0
- package/dist/compute/strategies/mixture-of-agents.js.map +1 -0
- package/dist/compute/strategies/tree-of-thoughts.d.ts +48 -0
- package/dist/compute/strategies/tree-of-thoughts.d.ts.map +1 -0
- package/dist/compute/strategies/tree-of-thoughts.js +242 -0
- package/dist/compute/strategies/tree-of-thoughts.js.map +1 -0
- package/dist/compute/strategies/two-phase-orient.d.ts +72 -0
- package/dist/compute/strategies/two-phase-orient.d.ts.map +1 -0
- package/dist/compute/strategies/two-phase-orient.js +85 -0
- package/dist/compute/strategies/two-phase-orient.js.map +1 -0
- package/dist/constitution/types.d.ts +10 -10
- package/dist/container/protocol.d.ts +134 -0
- package/dist/container/protocol.d.ts.map +1 -0
- package/dist/container/protocol.js +157 -0
- package/dist/container/protocol.js.map +1 -0
- package/dist/container/runtime.d.ts +140 -0
- package/dist/container/runtime.d.ts.map +1 -0
- package/dist/container/runtime.js +256 -0
- package/dist/container/runtime.js.map +1 -0
- package/dist/events/catalogue.d.ts +46 -46
- package/dist/events/schemas/agent.completed.v1.d.ts +4 -4
- package/dist/events/schemas/agent.failed.v1.d.ts +2 -2
- package/dist/events/schemas/agent.hitl_resolved.v1.d.ts +2 -2
- package/dist/events/schemas/agent.started.v1.d.ts +2 -2
- package/dist/events/schemas/brain.skill.extracted.v1.d.ts +4 -4
- package/dist/events/schemas/cc.cost.anomaly_detected.v1.d.ts +2 -2
- package/dist/events/schemas/cc.cost.recorded.v1.d.ts +4 -4
- package/dist/events/schemas/citadel.sprint.analyzed.v1.d.ts +6 -6
- package/dist/events/schemas/citadel.sprint.closed.v1.d.ts +2 -2
- package/dist/events/schemas/forge.inbox.reply_classified.v1.d.ts +6 -6
- package/dist/events/schemas/forge.lead.qualified.v1.d.ts +2 -2
- package/dist/events/schemas/forge.outreach.sent.v1.d.ts +4 -4
- package/dist/events/schemas/incident.detected.v1.d.ts +2 -2
- package/dist/events/schemas/vauban.goal.checked.v1.d.ts +2 -2
- package/dist/events/schemas/vauban.rebalancing.checked.v1.d.ts +2 -2
- package/dist/events/schemas/vauban.tax.checked.v1.d.ts +2 -2
- package/dist/events/schemas/vauban.vault.analyzed.v1.d.ts +6 -6
- package/dist/identity/agent-persona.d.ts +73 -0
- package/dist/identity/agent-persona.d.ts.map +1 -0
- package/dist/identity/agent-persona.js +165 -0
- package/dist/identity/agent-persona.js.map +1 -0
- package/dist/identity/persona-prompt.d.ts +25 -0
- package/dist/identity/persona-prompt.d.ts.map +1 -0
- package/dist/identity/persona-prompt.js +71 -0
- package/dist/identity/persona-prompt.js.map +1 -0
- package/dist/identity/persona-schema.d.ts +120 -0
- package/dist/identity/persona-schema.d.ts.map +1 -0
- package/dist/identity/persona-schema.js +103 -0
- package/dist/identity/persona-schema.js.map +1 -0
- package/dist/index.d.ts +41 -3
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +31 -1
- package/dist/index.js.map +1 -1
- package/dist/loop/minimal-loop.js +293 -287
- package/dist/memory/episodic-rrf.d.ts +114 -0
- package/dist/memory/episodic-rrf.d.ts.map +1 -0
- package/dist/memory/episodic-rrf.js +148 -0
- package/dist/memory/episodic-rrf.js.map +1 -0
- package/dist/mesh/attenuation.d.ts +78 -0
- package/dist/mesh/attenuation.d.ts.map +1 -0
- package/dist/mesh/attenuation.js +141 -0
- package/dist/mesh/attenuation.js.map +1 -0
- package/dist/mesh/delegate.d.ts +96 -0
- package/dist/mesh/delegate.d.ts.map +1 -0
- package/dist/mesh/delegate.js +172 -0
- package/dist/mesh/delegate.js.map +1 -0
- package/dist/mesh/dispatcher.d.ts +119 -0
- package/dist/mesh/dispatcher.d.ts.map +1 -0
- package/dist/mesh/dispatcher.js +207 -0
- package/dist/mesh/dispatcher.js.map +1 -0
- package/dist/mesh/index.d.ts +12 -0
- package/dist/mesh/index.d.ts.map +1 -0
- package/dist/mesh/index.js +11 -0
- package/dist/mesh/index.js.map +1 -0
- package/dist/mesh/types.d.ts +30 -0
- package/dist/mesh/types.d.ts.map +1 -0
- package/dist/mesh/types.js +11 -0
- package/dist/mesh/types.js.map +1 -0
- package/dist/orchestration/ooda/agent.d.ts.map +1 -1
- package/dist/orchestration/ooda/agent.js +36 -0
- package/dist/orchestration/ooda/agent.js.map +1 -1
- package/dist/orchestration/ooda/skills.d.ts +104 -0
- package/dist/orchestration/ooda/skills.d.ts.map +1 -1
- package/dist/orchestration/ooda/skills.js +106 -0
- package/dist/orchestration/ooda/skills.js.map +1 -1
- package/dist/orchestration/ooda/types.d.ts +11 -0
- package/dist/orchestration/ooda/types.d.ts.map +1 -1
- package/dist/ports/bastion-action.contract.test.d.ts +11 -0
- package/dist/ports/bastion-action.contract.test.d.ts.map +1 -0
- package/dist/ports/bastion-action.contract.test.js +238 -0
- package/dist/ports/bastion-action.contract.test.js.map +1 -0
- package/dist/ports/bastion-action.d.ts +133 -0
- package/dist/ports/bastion-action.d.ts.map +1 -0
- package/dist/ports/bastion-action.js +73 -0
- package/dist/ports/bastion-action.js.map +1 -0
- package/dist/ports/brain.d.ts +31 -0
- package/dist/ports/brain.d.ts.map +1 -1
- package/dist/ports/brain.js +115 -1
- package/dist/ports/brain.js.map +1 -1
- package/dist/ports/citadel-action.contract.test.d.ts +11 -0
- package/dist/ports/citadel-action.contract.test.d.ts.map +1 -0
- package/dist/ports/citadel-action.contract.test.js +317 -0
- package/dist/ports/citadel-action.contract.test.js.map +1 -0
- package/dist/ports/citadel-action.d.ts +111 -0
- package/dist/ports/citadel-action.d.ts.map +1 -0
- package/dist/ports/citadel-action.js +62 -0
- package/dist/ports/citadel-action.js.map +1 -0
- package/dist/ports/compliance-contract.d.ts +123 -0
- package/dist/ports/compliance-contract.d.ts.map +1 -0
- package/dist/ports/compliance-contract.js +35 -0
- package/dist/ports/compliance-contract.js.map +1 -0
- package/dist/ports/db.d.ts +38 -0
- package/dist/ports/db.d.ts.map +1 -1
- package/dist/ports/db.js +88 -1
- package/dist/ports/db.js.map +1 -1
- package/dist/ports/delegation.contract.test.d.ts +9 -0
- package/dist/ports/delegation.contract.test.d.ts.map +1 -0
- package/dist/ports/delegation.contract.test.js +337 -0
- package/dist/ports/delegation.contract.test.js.map +1 -0
- package/dist/ports/delegation.d.ts +134 -0
- package/dist/ports/delegation.d.ts.map +1 -0
- package/dist/ports/delegation.js +105 -0
- package/dist/ports/delegation.js.map +1 -0
- package/dist/ports/event-bus.d.ts +29 -0
- package/dist/ports/event-bus.d.ts.map +1 -1
- package/dist/ports/event-bus.js +106 -1
- package/dist/ports/event-bus.js.map +1 -1
- package/dist/ports/federation.contract.test.d.ts +9 -0
- package/dist/ports/federation.contract.test.d.ts.map +1 -0
- package/dist/ports/federation.contract.test.js +279 -0
- package/dist/ports/federation.contract.test.js.map +1 -0
- package/dist/ports/federation.d.ts +140 -0
- package/dist/ports/federation.d.ts.map +1 -0
- package/dist/ports/federation.js +57 -0
- package/dist/ports/federation.js.map +1 -0
- package/dist/ports/index.d.ts +28 -2
- package/dist/ports/index.d.ts.map +1 -1
- package/dist/ports/index.js +17 -2
- package/dist/ports/index.js.map +1 -1
- package/dist/ports/llm-provider.d.ts +37 -0
- package/dist/ports/llm-provider.d.ts.map +1 -1
- package/dist/ports/llm-provider.js +99 -1
- package/dist/ports/llm-provider.js.map +1 -1
- package/dist/ports/logger.d.ts +27 -0
- package/dist/ports/logger.d.ts.map +1 -1
- package/dist/ports/logger.js +87 -0
- package/dist/ports/logger.js.map +1 -1
- package/dist/ports/manifest-registry.contract.test.d.ts +9 -0
- package/dist/ports/manifest-registry.contract.test.d.ts.map +1 -0
- package/dist/ports/manifest-registry.contract.test.js +246 -0
- package/dist/ports/manifest-registry.contract.test.js.map +1 -0
- package/dist/ports/manifest-registry.d.ts +116 -0
- package/dist/ports/manifest-registry.d.ts.map +1 -0
- package/dist/ports/manifest-registry.js +79 -0
- package/dist/ports/manifest-registry.js.map +1 -0
- package/dist/ports/observability.contract.test.d.ts +12 -0
- package/dist/ports/observability.contract.test.d.ts.map +1 -0
- package/dist/ports/observability.contract.test.js +260 -0
- package/dist/ports/observability.contract.test.js.map +1 -0
- package/dist/ports/observability.d.ts +98 -0
- package/dist/ports/observability.d.ts.map +1 -0
- package/dist/ports/observability.js +59 -0
- package/dist/ports/observability.js.map +1 -0
- package/dist/ports/outcome.d.ts +26 -0
- package/dist/ports/outcome.d.ts.map +1 -1
- package/dist/ports/outcome.js +62 -1
- package/dist/ports/outcome.js.map +1 -1
- package/dist/ports/privacy.contract.test.d.ts +12 -0
- package/dist/ports/privacy.contract.test.d.ts.map +1 -0
- package/dist/ports/privacy.contract.test.js +325 -0
- package/dist/ports/privacy.contract.test.js.map +1 -0
- package/dist/ports/privacy.d.ts +132 -0
- package/dist/ports/privacy.d.ts.map +1 -0
- package/dist/ports/privacy.js +83 -0
- package/dist/ports/privacy.js.map +1 -0
- package/dist/ports/tenant-context.contract.test.d.ts +14 -0
- package/dist/ports/tenant-context.contract.test.d.ts.map +1 -0
- package/dist/ports/tenant-context.contract.test.js +352 -0
- package/dist/ports/tenant-context.contract.test.js.map +1 -0
- package/dist/ports/tenant-context.d.ts +103 -0
- package/dist/ports/tenant-context.d.ts.map +1 -0
- package/dist/ports/tenant-context.js +48 -0
- package/dist/ports/tenant-context.js.map +1 -0
- package/dist/ports/vauban-finance-action.contract.test.d.ts +11 -0
- package/dist/ports/vauban-finance-action.contract.test.d.ts.map +1 -0
- package/dist/ports/vauban-finance-action.contract.test.js +260 -0
- package/dist/ports/vauban-finance-action.contract.test.js.map +1 -0
- package/dist/ports/vauban-finance-action.d.ts +106 -0
- package/dist/ports/vauban-finance-action.d.ts.map +1 -0
- package/dist/ports/vauban-finance-action.js +60 -0
- package/dist/ports/vauban-finance-action.js.map +1 -0
- package/dist/ports/workflow-runtime.d.ts +204 -0
- package/dist/ports/workflow-runtime.d.ts.map +1 -0
- package/dist/ports/workflow-runtime.js +72 -0
- package/dist/ports/workflow-runtime.js.map +1 -0
- package/dist/proof/cert-verify.d.ts +80 -0
- package/dist/proof/cert-verify.d.ts.map +1 -0
- package/dist/proof/cert-verify.js +178 -0
- package/dist/proof/cert-verify.js.map +1 -0
- package/dist/replay/replay.d.ts.map +1 -1
- package/dist/replay/replay.js +5 -1
- package/dist/replay/replay.js.map +1 -1
- package/dist/retry/index.d.ts +129 -0
- package/dist/retry/index.d.ts.map +1 -0
- package/dist/retry/index.js +156 -0
- package/dist/retry/index.js.map +1 -0
- package/dist/retry/presets.d.ts +39 -0
- package/dist/retry/presets.d.ts.map +1 -0
- package/dist/retry/presets.js +69 -0
- package/dist/retry/presets.js.map +1 -0
- package/dist/skill-loop/ab-runner.d.ts +67 -0
- package/dist/skill-loop/ab-runner.d.ts.map +1 -0
- package/dist/skill-loop/ab-runner.js +160 -0
- package/dist/skill-loop/ab-runner.js.map +1 -0
- package/dist/skill-loop/adoption.d.ts +67 -0
- package/dist/skill-loop/adoption.d.ts.map +1 -0
- package/dist/skill-loop/adoption.js +126 -0
- package/dist/skill-loop/adoption.js.map +1 -0
- package/dist/skill-loop/candidate.d.ts +45 -0
- package/dist/skill-loop/candidate.d.ts.map +1 -0
- package/dist/skill-loop/candidate.js +43 -0
- package/dist/skill-loop/candidate.js.map +1 -0
- package/dist/skill-loop/evaluator.d.ts +42 -0
- package/dist/skill-loop/evaluator.d.ts.map +1 -0
- package/dist/skill-loop/evaluator.js +184 -0
- package/dist/skill-loop/evaluator.js.map +1 -0
- package/dist/skill-loop/index.d.ts +27 -0
- package/dist/skill-loop/index.d.ts.map +1 -0
- package/dist/skill-loop/index.js +27 -0
- package/dist/skill-loop/index.js.map +1 -0
- package/dist/skill-loop/reflexion-replay.d.ts +87 -0
- package/dist/skill-loop/reflexion-replay.d.ts.map +1 -0
- package/dist/skill-loop/reflexion-replay.js +110 -0
- package/dist/skill-loop/reflexion-replay.js.map +1 -0
- package/dist/skill-loop/sign-off.d.ts +88 -0
- package/dist/skill-loop/sign-off.d.ts.map +1 -0
- package/dist/skill-loop/sign-off.js +146 -0
- package/dist/skill-loop/sign-off.js.map +1 -0
- package/dist/skill-loop/value-metric.d.ts +55 -0
- package/dist/skill-loop/value-metric.d.ts.map +1 -0
- package/dist/skill-loop/value-metric.js +69 -0
- package/dist/skill-loop/value-metric.js.map +1 -0
- package/dist/skill-loop/versioning.d.ts +36 -0
- package/dist/skill-loop/versioning.d.ts.map +1 -0
- package/dist/skill-loop/versioning.js +47 -0
- package/dist/skill-loop/versioning.js.map +1 -0
- package/dist/skill-manifest/anchor.d.ts +91 -0
- package/dist/skill-manifest/anchor.d.ts.map +1 -0
- package/dist/skill-manifest/anchor.js +331 -0
- package/dist/skill-manifest/anchor.js.map +1 -0
- package/dist/skill-manifest/builder.d.ts +47 -0
- package/dist/skill-manifest/builder.d.ts.map +1 -0
- package/dist/skill-manifest/builder.js +93 -0
- package/dist/skill-manifest/builder.js.map +1 -0
- package/dist/skill-manifest/index.d.ts +13 -0
- package/dist/skill-manifest/index.d.ts.map +1 -0
- package/dist/skill-manifest/index.js +9 -0
- package/dist/skill-manifest/index.js.map +1 -0
- package/dist/skill-manifest/types.d.ts +67 -0
- package/dist/skill-manifest/types.d.ts.map +1 -0
- package/dist/skill-manifest/types.js +16 -0
- package/dist/skill-manifest/types.js.map +1 -0
- package/dist/skill-manifest/verifier.d.ts +42 -0
- package/dist/skill-manifest/verifier.d.ts.map +1 -0
- package/dist/skill-manifest/verifier.js +136 -0
- package/dist/skill-manifest/verifier.js.map +1 -0
- package/dist/skills/_secrets.d.ts +16 -0
- package/dist/skills/_secrets.d.ts.map +1 -0
- package/dist/skills/_secrets.js +20 -0
- package/dist/skills/_secrets.js.map +1 -0
- package/dist/skills/alpaca-quote.d.ts +2 -2
- package/dist/skills/alpaca-quote.d.ts.map +1 -1
- package/dist/skills/alpaca-quote.js +51 -20
- package/dist/skills/alpaca-quote.js.map +1 -1
- package/dist/skills/brain-query.d.ts +4 -4
- package/dist/skills/brain-store.d.ts +6 -6
- package/dist/skills/errors.d.ts +15 -0
- package/dist/skills/errors.d.ts.map +1 -1
- package/dist/skills/errors.js +21 -0
- package/dist/skills/errors.js.map +1 -1
- package/dist/skills/hitl-request.d.ts +2 -2
- package/dist/skills/index.d.ts +3 -1
- package/dist/skills/index.d.ts.map +1 -1
- package/dist/skills/index.js +4 -1
- package/dist/skills/index.js.map +1 -1
- package/dist/skills/markdown/loader.d.ts +52 -0
- package/dist/skills/markdown/loader.d.ts.map +1 -0
- package/dist/skills/markdown/loader.js +93 -0
- package/dist/skills/markdown/loader.js.map +1 -0
- package/dist/skills/markdown/schema.d.ts +432 -0
- package/dist/skills/markdown/schema.d.ts.map +1 -0
- package/dist/skills/markdown/schema.js +121 -0
- package/dist/skills/markdown/schema.js.map +1 -0
- package/dist/skills/poc-md-loader/markdown-loader.d.ts +77 -0
- package/dist/skills/poc-md-loader/markdown-loader.d.ts.map +1 -0
- package/dist/skills/poc-md-loader/markdown-loader.js +125 -0
- package/dist/skills/poc-md-loader/markdown-loader.js.map +1 -0
- package/dist/skills/poc-md-loader/runner.d.ts +24 -0
- package/dist/skills/poc-md-loader/runner.d.ts.map +1 -0
- package/dist/skills/poc-md-loader/runner.js +57 -0
- package/dist/skills/poc-md-loader/runner.js.map +1 -0
- package/dist/skills/poc-md-loader/vitest.poc.config.d.ts +3 -0
- package/dist/skills/poc-md-loader/vitest.poc.config.d.ts.map +1 -0
- package/dist/skills/poc-md-loader/vitest.poc.config.js +13 -0
- package/dist/skills/poc-md-loader/vitest.poc.config.js.map +1 -0
- package/dist/skills/poc-md-loader/web-search/script.d.ts +33 -0
- package/dist/skills/poc-md-loader/web-search/script.d.ts.map +1 -0
- package/dist/skills/poc-md-loader/web-search/script.js +75 -0
- package/dist/skills/poc-md-loader/web-search/script.js.map +1 -0
- package/dist/skills/record-outcome.d.ts +4 -4
- package/dist/skills/send-email.d.ts +2 -2
- package/dist/skills/send-email.d.ts.map +1 -1
- package/dist/skills/send-email.js +4 -3
- package/dist/skills/send-email.js.map +1 -1
- package/dist/skills/slack-notify.d.ts +4 -4
- package/dist/skills/slack-notify.d.ts.map +1 -1
- package/dist/skills/slack-notify.js +52 -21
- package/dist/skills/slack-notify.js.map +1 -1
- package/dist/skills/starknet-balance.d.ts +1 -1
- package/dist/skills/telegram-notify.d.ts +4 -4
- package/dist/skills/telegram-notify.d.ts.map +1 -1
- package/dist/skills/telegram-notify.js +48 -19
- package/dist/skills/telegram-notify.js.map +1 -1
- package/dist/skills/web-search.d.ts +1 -1
- package/dist/skills/web-search.d.ts.map +1 -1
- package/dist/skills/web-search.js +85 -40
- package/dist/skills/web-search.js.map +1 -1
- package/dist/telemetry/bus.d.ts +54 -0
- package/dist/telemetry/bus.d.ts.map +1 -0
- package/dist/telemetry/bus.js +159 -0
- package/dist/telemetry/bus.js.map +1 -0
- package/dist/telemetry/index.d.ts +35 -0
- package/dist/telemetry/index.d.ts.map +1 -0
- package/dist/telemetry/index.js +30 -0
- package/dist/telemetry/index.js.map +1 -0
- package/dist/telemetry/port.d.ts +121 -0
- package/dist/telemetry/port.d.ts.map +1 -0
- package/dist/telemetry/port.js +48 -0
- package/dist/telemetry/port.js.map +1 -0
- package/dist/telemetry/sinks/otlp.d.ts +45 -0
- package/dist/telemetry/sinks/otlp.d.ts.map +1 -0
- package/dist/telemetry/sinks/otlp.js +195 -0
- package/dist/telemetry/sinks/otlp.js.map +1 -0
- package/dist/telemetry/sinks/sqlite.d.ts +32 -0
- package/dist/telemetry/sinks/sqlite.d.ts.map +1 -0
- package/dist/telemetry/sinks/sqlite.js +170 -0
- package/dist/telemetry/sinks/sqlite.js.map +1 -0
- package/dist/telemetry/sinks/stdout.d.ts +22 -0
- package/dist/telemetry/sinks/stdout.d.ts.map +1 -0
- package/dist/telemetry/sinks/stdout.js +38 -0
- package/dist/telemetry/sinks/stdout.js.map +1 -0
- package/dist/testing/index.d.ts +3 -0
- package/dist/testing/test-brain-port.d.ts +4 -0
- package/dist/testing/test-brain-port.d.ts.map +1 -1
- package/dist/testing/test-brain-port.js +75 -20
- package/dist/testing/test-brain-port.js.map +1 -1
- package/dist/testing/test-event-bus.d.ts.map +1 -1
- package/dist/testing/test-event-bus.js +89 -36
- package/dist/testing/test-event-bus.js.map +1 -1
- package/dist/trace/schema.d.ts +1 -1
- package/dist/trace/schema.d.ts.map +1 -1
- package/dist/trace/schema.js +1 -1
- package/dist/trace/schema.js.map +1 -1
- package/dist/verify/formal/index.d.ts +44 -0
- package/dist/verify/formal/index.d.ts.map +1 -0
- package/dist/verify/formal/index.js +98 -0
- package/dist/verify/formal/index.js.map +1 -0
- package/dist/verify/formal/policy.d.ts +105 -0
- package/dist/verify/formal/policy.d.ts.map +1 -0
- package/dist/verify/formal/policy.js +159 -0
- package/dist/verify/formal/policy.js.map +1 -0
- package/dist/verify/formal/result.d.ts +50 -0
- package/dist/verify/formal/result.d.ts.map +1 -0
- package/dist/verify/formal/result.js +21 -0
- package/dist/verify/formal/result.js.map +1 -0
- package/dist/verify/formal/solver.d.ts +67 -0
- package/dist/verify/formal/solver.d.ts.map +1 -0
- package/dist/verify/formal/solver.js +184 -0
- package/dist/verify/formal/solver.js.map +1 -0
- package/dist/verify/formal/spec-language.d.ts +80 -0
- package/dist/verify/formal/spec-language.d.ts.map +1 -0
- package/dist/verify/formal/spec-language.js +219 -0
- package/dist/verify/formal/spec-language.js.map +1 -0
- package/docs/attestation.md +199 -0
- package/docs/identity.md +193 -0
- package/docs/telemetry/migration.md +155 -0
- package/docs/telemetry/overview.md +154 -0
- package/docs/telemetry/privacy.md +127 -0
- package/docs/telemetry/sinks/cc.md +155 -0
- package/docs/telemetry/sinks/otlp.md +146 -0
- package/docs/telemetry/sinks/sqlite.md +126 -0
- package/docs/telemetry/sinks/stdout.md +82 -0
- package/package.json +18 -2
- package/src/adapters/llm/anthropic-direct.ts +51 -0
- package/src/adapters/llm/cascade.ts +64 -19
- package/src/adapters/llm/litellm.ts +49 -0
- package/src/compute/difficulty-estimator.ts +111 -0
- package/src/compute/strategies/mixture-of-agents.ts +150 -0
- package/src/compute/strategies/tree-of-thoughts.ts +293 -0
- package/src/compute/strategies/two-phase-orient.ts +147 -0
- package/src/container/protocol.ts +243 -0
- package/src/container/runtime.ts +424 -0
- package/src/db/migrations/026_formal_verify_results.sql +30 -0
- package/src/identity/agent-persona.ts +203 -0
- package/src/identity/persona-prompt.ts +84 -0
- package/src/identity/persona-schema.ts +127 -0
- package/src/index.ts +368 -2
- package/src/memory/episodic-rrf.ts +224 -0
- package/src/mesh/attenuation.ts +190 -0
- package/src/mesh/delegate.ts +254 -0
- package/src/mesh/dispatcher.ts +301 -0
- package/src/mesh/index.ts +39 -0
- package/src/mesh/types.ts +31 -0
- package/src/orchestration/ooda/agent.ts +50 -0
- package/src/orchestration/ooda/skills.ts +177 -0
- package/src/orchestration/ooda/types.ts +12 -0
- package/src/ports/bastion-action.contract.test.ts +355 -0
- package/src/ports/bastion-action.ts +198 -0
- package/src/ports/brain.ts +177 -15
- package/src/ports/citadel-action.contract.test.ts +430 -0
- package/src/ports/citadel-action.ts +174 -0
- package/src/ports/compliance-contract.ts +191 -0
- package/src/ports/db.ts +98 -0
- package/src/ports/delegation.contract.test.ts +428 -0
- package/src/ports/delegation.ts +211 -0
- package/src/ports/event-bus.ts +133 -0
- package/src/ports/federation.contract.test.ts +355 -0
- package/src/ports/federation.ts +190 -0
- package/src/ports/index.ts +186 -1
- package/src/ports/llm-provider.ts +123 -0
- package/src/ports/logger.ts +104 -0
- package/src/ports/manifest-registry.contract.test.ts +324 -0
- package/src/ports/manifest-registry.ts +188 -0
- package/src/ports/observability.contract.test.ts +315 -0
- package/src/ports/observability.ts +150 -0
- package/src/ports/outcome.ts +69 -0
- package/src/ports/privacy.contract.test.ts +413 -0
- package/src/ports/privacy.ts +207 -0
- package/src/ports/tenant-context.contract.test.ts +454 -0
- package/src/ports/tenant-context.ts +150 -0
- package/src/ports/vauban-finance-action.contract.test.ts +335 -0
- package/src/ports/vauban-finance-action.ts +166 -0
- package/src/ports/workflow-runtime.ts +327 -0
- package/src/proof/cert-verify.ts +249 -0
- package/src/replay/replay.ts +11 -8
- package/src/retry/index.ts +227 -0
- package/src/retry/presets.ts +75 -0
- package/src/skill-loop/ab-runner.ts +196 -0
- package/src/skill-loop/adoption.ts +188 -0
- package/src/skill-loop/candidate.ts +75 -0
- package/src/skill-loop/evaluator.ts +238 -0
- package/src/skill-loop/index.ts +51 -0
- package/src/skill-loop/reflexion-replay.ts +173 -0
- package/src/skill-loop/sign-off.ts +247 -0
- package/src/skill-loop/value-metric.ts +120 -0
- package/src/skill-loop/versioning.ts +75 -0
- package/src/skill-manifest/anchor.ts +401 -0
- package/src/skill-manifest/builder.ts +129 -0
- package/src/skill-manifest/index.ts +18 -0
- package/src/skill-manifest/types.ts +72 -0
- package/src/skill-manifest/verifier.ts +198 -0
- package/src/skills/_secrets.ts +25 -0
- package/src/skills/alpaca-quote.ts +68 -23
- package/src/skills/errors.ts +30 -2
- package/src/skills/index.ts +19 -0
- package/src/skills/markdown/loader.ts +129 -0
- package/src/skills/markdown/schema.ts +144 -0
- package/src/skills/poc-md-loader/e2e-parity.test.ts +237 -0
- package/src/skills/poc-md-loader/markdown-loader.ts +161 -0
- package/src/skills/poc-md-loader/runner.ts +82 -0
- package/src/skills/poc-md-loader/vitest.poc.config.ts +13 -0
- package/src/skills/poc-md-loader/web-search/SKILL.md +42 -0
- package/src/skills/poc-md-loader/web-search/script.ts +109 -0
- package/src/skills/send-email.ts +4 -3
- package/src/skills/slack-notify.ts +73 -30
- package/src/skills/telegram-notify.ts +70 -24
- package/src/skills/web-search.ts +132 -50
- package/src/telemetry/bus.test.ts +231 -0
- package/src/telemetry/bus.ts +241 -0
- package/src/telemetry/index.ts +49 -0
- package/src/telemetry/port.ts +160 -0
- package/src/telemetry/sinks/otlp.test.ts +146 -0
- package/src/telemetry/sinks/otlp.ts +250 -0
- package/src/telemetry/sinks/sqlite.test.ts +121 -0
- package/src/telemetry/sinks/sqlite.ts +260 -0
- package/src/telemetry/sinks/stdout.test.ts +109 -0
- package/src/telemetry/sinks/stdout.ts +59 -0
- package/src/testing/test-brain-port.ts +98 -24
- package/src/testing/test-event-bus.ts +104 -43
- package/src/trace/schema.ts +1 -1
- package/src/verify/formal/index.ts +154 -0
- package/src/verify/formal/policy.ts +253 -0
- package/src/verify/formal/result.ts +52 -0
- package/src/verify/formal/solver.ts +235 -0
- package/src/verify/formal/spec-language.ts +274 -0
|
@@ -0,0 +1,199 @@
|
|
|
1
|
+
# Run Certificate Verification (Standalone)
|
|
2
|
+
|
|
3
|
+
**Module:** `@vauban-org/agent-sdk/proof/cert-verify` · **Since:** CC v3.1 sprint-562 (Livrable D, 2026-05-14)
|
|
4
|
+
|
|
5
|
+
The standalone verifier in `src/proof/cert-verify.ts` verifies a `SignedRunProofCertificate` without any database or network dependency. It is the verification counterpart to the CC server's signing surface (`src/proof/ed25519-signer.ts`) and implements [draft-vauban-skill-attestation-00 §5](https://datatracker.ietf.org/doc/draft-vauban-skill-attestation/).
|
|
6
|
+
|
|
7
|
+
Suitable for: CI pipelines, third-party integrators, audits, and the `preste attest verify` CLI command.
|
|
8
|
+
|
|
9
|
+
## Quick start
|
|
10
|
+
|
|
11
|
+
```typescript
|
|
12
|
+
import { verifyRunCertificate } from "@vauban-org/agent-sdk/proof/cert-verify";
|
|
13
|
+
import { readFileSync } from "node:fs";
|
|
14
|
+
|
|
15
|
+
const cert = JSON.parse(readFileSync("cert.json", "utf-8"));
|
|
16
|
+
|
|
17
|
+
const result = verifyRunCertificate(cert);
|
|
18
|
+
|
|
19
|
+
if (!result.valid) {
|
|
20
|
+
console.error(`Verification failed: ${result.reason} — ${result.details}`);
|
|
21
|
+
process.exit(1);
|
|
22
|
+
}
|
|
23
|
+
|
|
24
|
+
console.log("Certificate valid. hash:", result.recomputed_cert_hash_felt252);
|
|
25
|
+
```
|
|
26
|
+
|
|
27
|
+
---
|
|
28
|
+
|
|
29
|
+
## Imports
|
|
30
|
+
|
|
31
|
+
```typescript
|
|
32
|
+
import {
|
|
33
|
+
verifyRunCertificate,
|
|
34
|
+
computeCertHashFelt252,
|
|
35
|
+
publicKeyFromSpkiB64,
|
|
36
|
+
CERT_MARKER_FELT,
|
|
37
|
+
} from "@vauban-org/agent-sdk/proof/cert-verify";
|
|
38
|
+
|
|
39
|
+
import type {
|
|
40
|
+
CertVerifyResult,
|
|
41
|
+
CertVerifyFailReason,
|
|
42
|
+
CertVerifyOptions,
|
|
43
|
+
SignedRunProofCertificateLike,
|
|
44
|
+
SignaturePayload,
|
|
45
|
+
} from "@vauban-org/agent-sdk/proof/cert-verify";
|
|
46
|
+
```
|
|
47
|
+
|
|
48
|
+
---
|
|
49
|
+
|
|
50
|
+
## Types
|
|
51
|
+
|
|
52
|
+
```typescript
|
|
53
|
+
interface CertVerifyResult {
|
|
54
|
+
valid: boolean;
|
|
55
|
+
reason?: CertVerifyFailReason; // only when valid === false
|
|
56
|
+
details?: string; // human-readable context
|
|
57
|
+
recomputed_cert_hash_felt252: string; // always present — useful for debug
|
|
58
|
+
}
|
|
59
|
+
|
|
60
|
+
type CertVerifyFailReason =
|
|
61
|
+
| "missing_signature" // cert.signature field absent
|
|
62
|
+
| "wrong_alg" // alg !== "Ed25519"
|
|
63
|
+
| "hash_mismatch" // embedded cert_hash_felt252 != recomputed
|
|
64
|
+
| "kid_mismatch" // expectedKid set and does not match
|
|
65
|
+
| "pubkey_unresolvable" // SPKI base64 malformed or not Ed25519
|
|
66
|
+
| "signature_invalid" // Ed25519 verify returns false
|
|
67
|
+
| "malformed_signature"; // signature.value is not valid base64 / wrong length
|
|
68
|
+
|
|
69
|
+
interface CertVerifyOptions {
|
|
70
|
+
expectedPublicKey?: KeyObject; // Node.js KeyObject (bypass embedded SPKI)
|
|
71
|
+
expectedKid?: string; // pin to a specific key ID
|
|
72
|
+
}
|
|
73
|
+
```
|
|
74
|
+
|
|
75
|
+
---
|
|
76
|
+
|
|
77
|
+
## `verifyRunCertificate(cert, opts?)`
|
|
78
|
+
|
|
79
|
+
```typescript
|
|
80
|
+
function verifyRunCertificate(
|
|
81
|
+
cert: SignedRunProofCertificateLike,
|
|
82
|
+
opts?: CertVerifyOptions
|
|
83
|
+
): CertVerifyResult
|
|
84
|
+
```
|
|
85
|
+
|
|
86
|
+
Returns synchronously — all crypto is Node.js built-in `node:crypto`. Never throws on verification failure; only throws when `cert` is not a plain object.
|
|
87
|
+
|
|
88
|
+
`recomputed_cert_hash_felt252` is always returned regardless of outcome — use it to debug `hash_mismatch` failures without a separate call.
|
|
89
|
+
|
|
90
|
+
### Basic verification
|
|
91
|
+
|
|
92
|
+
```typescript
|
|
93
|
+
const result = verifyRunCertificate(cert);
|
|
94
|
+
if (!result.valid) {
|
|
95
|
+
console.error(`Invalid: ${result.reason} — ${result.details}`);
|
|
96
|
+
}
|
|
97
|
+
```
|
|
98
|
+
|
|
99
|
+
### Pin to a known public key (recommended for production)
|
|
100
|
+
|
|
101
|
+
```typescript
|
|
102
|
+
import { publicKeyFromSpkiB64, verifyRunCertificate } from "@vauban-org/agent-sdk/proof/cert-verify";
|
|
103
|
+
|
|
104
|
+
const pubkey = publicKeyFromSpkiB64(process.env["CC_ATTEST_PUBKEY_SPKI_B64"]!);
|
|
105
|
+
|
|
106
|
+
const result = verifyRunCertificate(cert, { expectedPublicKey: pubkey });
|
|
107
|
+
```
|
|
108
|
+
|
|
109
|
+
`publicKeyFromSpkiB64` throws if the base64 is malformed or the key is not Ed25519. Call it once at startup and cache the `KeyObject`.
|
|
110
|
+
|
|
111
|
+
### Pin to a key ID
|
|
112
|
+
|
|
113
|
+
```typescript
|
|
114
|
+
const result = verifyRunCertificate(cert, {
|
|
115
|
+
expectedKid: "cc-attest-2026-05",
|
|
116
|
+
});
|
|
117
|
+
// → reason: "kid_mismatch" if cert was signed with a different key
|
|
118
|
+
```
|
|
119
|
+
|
|
120
|
+
### CI pipeline — exit code gate
|
|
121
|
+
|
|
122
|
+
```typescript
|
|
123
|
+
import { verifyRunCertificate } from "@vauban-org/agent-sdk/proof/cert-verify";
|
|
124
|
+
import { readFileSync } from "node:fs";
|
|
125
|
+
|
|
126
|
+
const cert = JSON.parse(readFileSync("cert.json", "utf-8"));
|
|
127
|
+
const { valid, reason, recomputed_cert_hash_felt252 } = verifyRunCertificate(cert);
|
|
128
|
+
|
|
129
|
+
console.log(`hash: ${recomputed_cert_hash_felt252}`);
|
|
130
|
+
process.exit(valid ? 0 : 1);
|
|
131
|
+
```
|
|
132
|
+
|
|
133
|
+
---
|
|
134
|
+
|
|
135
|
+
## Verification algorithm
|
|
136
|
+
|
|
137
|
+
Implements draft-vauban-skill-attestation-00 §5. Seven sequential checks — the first failure stops the chain:
|
|
138
|
+
|
|
139
|
+
| Step | Check | Failure reason |
|
|
140
|
+
|------|-------|----------------|
|
|
141
|
+
| 1 | `cert.signature` field is present | `missing_signature` |
|
|
142
|
+
| 2 | `signature.alg === "Ed25519"` | `wrong_alg` |
|
|
143
|
+
| 3 | Strip `signature`, JCS-canonicalize (RFC 8785 subset: sorted keys, `-0 → 0`), SHA-256 first 31 bytes → felt252, Poseidon(`[0x1, sha_felt, CERT_MARKER_FELT]`) — compare with `signature.cert_hash_felt252` | `hash_mismatch` |
|
|
144
|
+
| 4 | If `opts.expectedKid` set, compare with `signature.kid` | `kid_mismatch` |
|
|
145
|
+
| 5 | Resolve public key: `opts.expectedPublicKey` if provided, else `publicKeyFromSpkiB64(signature.pubkey_spki_b64)` | `pubkey_unresolvable` |
|
|
146
|
+
| 6 | Decode `signature.value` from base64, assert 64 bytes | `malformed_signature` |
|
|
147
|
+
| 7 | Ed25519 verify: `crypto.verify(null, felt252Bytes(recomputed), pubkey, sigBytes)` | `signature_invalid` |
|
|
148
|
+
|
|
149
|
+
**`CERT_MARKER_FELT`** is the domain separator — UTF-8 `"run_cert"` encoded as a felt252 (right-aligned, zero-padded). It prevents cross-context signature reuse: a signature over a different cert type cannot satisfy the Poseidon preimage.
|
|
150
|
+
|
|
151
|
+
---
|
|
152
|
+
|
|
153
|
+
## `computeCertHashFelt252(cert)`
|
|
154
|
+
|
|
155
|
+
Standalone hash computation — useful for debugging `hash_mismatch` failures.
|
|
156
|
+
|
|
157
|
+
```typescript
|
|
158
|
+
import { computeCertHashFelt252 } from "@vauban-org/agent-sdk/proof/cert-verify";
|
|
159
|
+
|
|
160
|
+
const expected = cert.signature?.cert_hash_felt252;
|
|
161
|
+
const recomputed = computeCertHashFelt252(cert);
|
|
162
|
+
|
|
163
|
+
if (expected !== recomputed) {
|
|
164
|
+
console.error("Hash mismatch:");
|
|
165
|
+
console.error(" embedded :", expected);
|
|
166
|
+
console.error(" recomputed:", recomputed);
|
|
167
|
+
}
|
|
168
|
+
```
|
|
169
|
+
|
|
170
|
+
`computeCertHashFelt252` strips the embedded `signature` field before hashing — calling it on a signed cert and on the pre-signature cert produces the same result.
|
|
171
|
+
|
|
172
|
+
---
|
|
173
|
+
|
|
174
|
+
## Security considerations
|
|
175
|
+
|
|
176
|
+
!!! warning "Treat embedded `pubkey_spki_b64` as a key-discovery hint, not a security guarantee"
|
|
177
|
+
The `pubkey_spki_b64` field in `signature` helps resolve the signing key for display and debugging, but an attacker can substitute it with their own public key and produce a valid self-consistent signature.
|
|
178
|
+
|
|
179
|
+
For production use, always pin to a known public key via `opts.expectedPublicKey` (loaded from a trusted source such as an environment variable, K8s secret, or a JWKS registry keyed on `signature.kid`). Never accept a certificate as authoritative based solely on its embedded public key.
|
|
180
|
+
|
|
181
|
+
---
|
|
182
|
+
|
|
183
|
+
## `preste attest verify` CLI
|
|
184
|
+
|
|
185
|
+
The standalone verifier is the engine behind the CLI command:
|
|
186
|
+
|
|
187
|
+
```bash
|
|
188
|
+
preste attest verify cert.json
|
|
189
|
+
# Exit 0: certificate valid
|
|
190
|
+
# Exit 1: verification failed — reason printed to stderr
|
|
191
|
+
|
|
192
|
+
preste attest verify cert.json --kid cc-attest-2026-05
|
|
193
|
+
# Adds kid pinning
|
|
194
|
+
|
|
195
|
+
preste attest verify cert.json --pubkey "$CC_ATTEST_PUBKEY_SPKI_B64"
|
|
196
|
+
# Pins to an explicit SPKI base64 public key
|
|
197
|
+
```
|
|
198
|
+
|
|
199
|
+
The CLI sets `process.exitCode` to `1` on failure so it composes naturally with `&&` in shell scripts and CI steps.
|
package/docs/identity.md
ADDED
|
@@ -0,0 +1,193 @@
|
|
|
1
|
+
# Agent Identity & Persona
|
|
2
|
+
|
|
3
|
+
**Module:** `@vauban-org/agent-sdk` · **Since:** CC v3.1 sprint-562 (Livrable E, 2026-05-14)
|
|
4
|
+
|
|
5
|
+
An `AgentPersona` is a structured description of how an agent communicates — tone, formality, domain expertise, and response-shape preferences. The persona travels from Brain Tier 3 (semantic storage) through the CC server as a system-prompt prefix, and can be overridden locally via `~/.preste/persona.yaml`.
|
|
6
|
+
|
|
7
|
+
## Quick start
|
|
8
|
+
|
|
9
|
+
```typescript
|
|
10
|
+
import {
|
|
11
|
+
buildPersonaPromptBlock,
|
|
12
|
+
mergePersona,
|
|
13
|
+
DEFAULT_PERSONA,
|
|
14
|
+
validatePersona,
|
|
15
|
+
} from "@vauban-org/agent-sdk";
|
|
16
|
+
import type { AgentPersona } from "@vauban-org/agent-sdk";
|
|
17
|
+
|
|
18
|
+
const persona: AgentPersona = {
|
|
19
|
+
identity: {
|
|
20
|
+
name: "ARCHITECT",
|
|
21
|
+
role: "Senior Cairo/TypeScript engineer",
|
|
22
|
+
tone: "concise",
|
|
23
|
+
formality: "technical",
|
|
24
|
+
language: "en",
|
|
25
|
+
},
|
|
26
|
+
domain_expertise: ["Starknet", "TypeScript", "ZK proofs"],
|
|
27
|
+
communication: {
|
|
28
|
+
acknowledgment_style: "minimal",
|
|
29
|
+
explain_reasoning: "on_error",
|
|
30
|
+
},
|
|
31
|
+
};
|
|
32
|
+
|
|
33
|
+
const systemPrompt =
|
|
34
|
+
"You are an agent in the Vauban ecosystem." +
|
|
35
|
+
buildPersonaPromptBlock(persona);
|
|
36
|
+
```
|
|
37
|
+
|
|
38
|
+
The `buildPersonaPromptBlock` call appends the block only when actionable fields are present — it is safe to concatenate unconditionally.
|
|
39
|
+
|
|
40
|
+
---
|
|
41
|
+
|
|
42
|
+
## `AgentPersona` schema
|
|
43
|
+
|
|
44
|
+
All fields are optional. Zod validation enforces the limits below; `PersonaSchema.parse(input)` throws on violation.
|
|
45
|
+
|
|
46
|
+
```typescript
|
|
47
|
+
interface AgentPersona {
|
|
48
|
+
identity?: {
|
|
49
|
+
name?: string; // max 64 chars
|
|
50
|
+
role?: string; // max 256 chars
|
|
51
|
+
tone?: "concise" | "detailed" | "pedagogical";
|
|
52
|
+
formality?: "casual" | "formal" | "technical";
|
|
53
|
+
language?: string; // BCP 47, e.g. "en", "fr-FR"
|
|
54
|
+
};
|
|
55
|
+
traits?: string[]; // max 16 items, max 64 chars each
|
|
56
|
+
domain_expertise?: string[]; // max 32 items, max 128 chars each
|
|
57
|
+
communication?: {
|
|
58
|
+
max_response_length?: number;
|
|
59
|
+
use_analogies?: boolean;
|
|
60
|
+
explain_reasoning?: "always" | "on_error" | "never";
|
|
61
|
+
acknowledgment_style?: "minimal" | "detailed" | "none";
|
|
62
|
+
};
|
|
63
|
+
}
|
|
64
|
+
```
|
|
65
|
+
|
|
66
|
+
`DEFAULT_PERSONA` is applied before any user-defined value:
|
|
67
|
+
|
|
68
|
+
```typescript
|
|
69
|
+
const DEFAULT_PERSONA: AgentPersona = {
|
|
70
|
+
identity: { tone: "concise", formality: "technical", language: "en" },
|
|
71
|
+
traits: [],
|
|
72
|
+
domain_expertise: [],
|
|
73
|
+
communication: { explain_reasoning: "on_error", acknowledgment_style: "minimal" },
|
|
74
|
+
};
|
|
75
|
+
```
|
|
76
|
+
|
|
77
|
+
---
|
|
78
|
+
|
|
79
|
+
## `buildPersonaPromptBlock(persona)`
|
|
80
|
+
|
|
81
|
+
Converts an `AgentPersona` to a compact system-prompt block bounded by `--- persona ---` / `--- end persona ---` markers.
|
|
82
|
+
|
|
83
|
+
```typescript
|
|
84
|
+
import { buildPersonaPromptBlock } from "@vauban-org/agent-sdk";
|
|
85
|
+
|
|
86
|
+
const block = buildPersonaPromptBlock({
|
|
87
|
+
identity: { name: "SCRIBE", tone: "pedagogical", formality: "formal" },
|
|
88
|
+
domain_expertise: ["technical writing", "API documentation"],
|
|
89
|
+
communication: { explain_reasoning: "always" },
|
|
90
|
+
});
|
|
91
|
+
|
|
92
|
+
// block ===
|
|
93
|
+
// \n--- persona ---
|
|
94
|
+
// You are SCRIBE.
|
|
95
|
+
// Communication style: pedagogical, formal.
|
|
96
|
+
// Domain expertise: technical writing, API documentation.
|
|
97
|
+
// Always explain your reasoning step by step.
|
|
98
|
+
// --- end persona ---
|
|
99
|
+
```
|
|
100
|
+
|
|
101
|
+
**Properties:**
|
|
102
|
+
|
|
103
|
+
- Returns `""` when the persona has no actionable fields — safe for unconditional concatenation.
|
|
104
|
+
- `language` field only emits an instruction when it differs from `"en"`.
|
|
105
|
+
- Empty `traits` / `domain_expertise` arrays produce no output.
|
|
106
|
+
- The leading `\n` ensures correct spacing when appended to an existing system prompt.
|
|
107
|
+
|
|
108
|
+
---
|
|
109
|
+
|
|
110
|
+
## Merge semantics
|
|
111
|
+
|
|
112
|
+
`mergePersona(base, local)` applies `local` on top of `base` field-by-field. Brain Tier 3 is the base; `~/.preste/persona.yaml` is the local override.
|
|
113
|
+
|
|
114
|
+
```typescript
|
|
115
|
+
import { mergePersona, DEFAULT_PERSONA } from "@vauban-org/agent-sdk";
|
|
116
|
+
|
|
117
|
+
const brainPersona: AgentPersona = {
|
|
118
|
+
identity: { name: "BUILDER", tone: "concise" },
|
|
119
|
+
domain_expertise: ["Cairo", "TypeScript"],
|
|
120
|
+
};
|
|
121
|
+
|
|
122
|
+
const localOverride: AgentPersona = {
|
|
123
|
+
identity: { tone: "detailed" }, // overrides tone only
|
|
124
|
+
domain_expertise: ["Rust"], // REPLACES the array entirely
|
|
125
|
+
};
|
|
126
|
+
|
|
127
|
+
const resolved = mergePersona(
|
|
128
|
+
mergePersona(DEFAULT_PERSONA, brainPersona),
|
|
129
|
+
localOverride,
|
|
130
|
+
);
|
|
131
|
+
// resolved.identity.name === "BUILDER" (from brainPersona)
|
|
132
|
+
// resolved.identity.tone === "detailed" (from localOverride)
|
|
133
|
+
// resolved.domain_expertise === ["Rust"] (array replaced, not extended)
|
|
134
|
+
```
|
|
135
|
+
|
|
136
|
+
!!! warning "Array replacement semantics"
|
|
137
|
+
`traits` and `domain_expertise` are **replaced**, not extended. If you want to extend the Brain-stored array, concatenate before calling `mergePersona`:
|
|
138
|
+
```typescript
|
|
139
|
+
const extended = mergePersona(base, {
|
|
140
|
+
...local,
|
|
141
|
+
domain_expertise: [...(base.domain_expertise ?? []), ...(local.domain_expertise ?? [])],
|
|
142
|
+
});
|
|
143
|
+
```
|
|
144
|
+
|
|
145
|
+
---
|
|
146
|
+
|
|
147
|
+
## System-level injection (CC server)
|
|
148
|
+
|
|
149
|
+
Set `CC_AGENT_PERSONA_JSON` on the CC server to inject the persona as a system message prefix for every agent call, without modifying agent code.
|
|
150
|
+
|
|
151
|
+
**Generate the env value:**
|
|
152
|
+
|
|
153
|
+
```bash
|
|
154
|
+
echo '{"identity":{"name":"ARCHITECT","role":"Senior Cairo/TypeScript engineer","tone":"concise","formality":"technical"},"domain_expertise":["Starknet","TypeScript","ZK proofs"],"communication":{"acknowledgment_style":"minimal","explain_reasoning":"on_error"}}' | base64 -w0
|
|
155
|
+
```
|
|
156
|
+
|
|
157
|
+
```bash
|
|
158
|
+
export CC_AGENT_PERSONA_JSON="<base64 output>"
|
|
159
|
+
```
|
|
160
|
+
|
|
161
|
+
The CC server decodes, validates via `PersonaSchema.parse`, and calls `buildPersonaPromptBlock` before prepending to each agent system message.
|
|
162
|
+
|
|
163
|
+
---
|
|
164
|
+
|
|
165
|
+
## CLI persona management
|
|
166
|
+
|
|
167
|
+
The `preste persona` sub-command manages the local `~/.preste/persona.yaml` override file.
|
|
168
|
+
|
|
169
|
+
```bash
|
|
170
|
+
preste persona show # display resolved persona (Brain + local merge)
|
|
171
|
+
preste persona set --name ARCHITECT --role "..." --tone concise --formality technical
|
|
172
|
+
preste persona export persona.yaml # write to YAML file
|
|
173
|
+
preste persona import persona.yaml # load from YAML file (validates schema)
|
|
174
|
+
preste persona reset # delete ~/.preste/persona.yaml (revert to Brain-only)
|
|
175
|
+
```
|
|
176
|
+
|
|
177
|
+
`preste persona show` prints the fully-resolved persona (Brain base + local override + defaults) and the rendered `buildPersonaPromptBlock` output so you can inspect what the model will receive.
|
|
178
|
+
|
|
179
|
+
---
|
|
180
|
+
|
|
181
|
+
## Validation
|
|
182
|
+
|
|
183
|
+
```typescript
|
|
184
|
+
import { validatePersona } from "@vauban-org/agent-sdk";
|
|
185
|
+
|
|
186
|
+
try {
|
|
187
|
+
const persona = validatePersona(untrustedInput);
|
|
188
|
+
} catch (err) {
|
|
189
|
+
// ZodError — inspect err.issues for field-level messages
|
|
190
|
+
}
|
|
191
|
+
```
|
|
192
|
+
|
|
193
|
+
`validatePersona` wraps `PersonaSchema.parse` and throws `ZodError` on invalid input. Call it at ingestion boundaries (e.g., when loading `~/.preste/persona.yaml` or deserializing from Brain).
|
|
@@ -0,0 +1,155 @@
|
|
|
1
|
+
# Migration : 1.2 → 1.3
|
|
2
|
+
|
|
3
|
+
!!! success "Zero breaking changes"
|
|
4
|
+
Existing 1.2.x consumers continue to work unchanged. All new APIs are
|
|
5
|
+
additive.
|
|
6
|
+
|
|
7
|
+
## TL;DR
|
|
8
|
+
|
|
9
|
+
- `AgentRunTracker` still works. Marked deprecated, will be removed in 2.0.
|
|
10
|
+
- New `telemetry` field on `OODAAgentConfig`. Opt-in.
|
|
11
|
+
- 4 new sinks shipped : `stdout`, `sqlite`, `otlp` in core ; `cc` in
|
|
12
|
+
`@vauban-org/cc-telemetry`.
|
|
13
|
+
|
|
14
|
+
## What changed
|
|
15
|
+
|
|
16
|
+
### `AgentRunFinalStatus` adds `"skipped"`
|
|
17
|
+
|
|
18
|
+
Before :
|
|
19
|
+
|
|
20
|
+
```ts
|
|
21
|
+
type AgentRunFinalStatus = "success" | "failed" | "timeout" | "incoherent";
|
|
22
|
+
```
|
|
23
|
+
|
|
24
|
+
After :
|
|
25
|
+
|
|
26
|
+
```ts
|
|
27
|
+
type AgentRunFinalStatus = "success" | "failed" | "skipped" | "timeout" | "incoherent";
|
|
28
|
+
```
|
|
29
|
+
|
|
30
|
+
`"skipped"` distinguishes session_guard / risk_guard / heap_exceeded
|
|
31
|
+
short-circuits from real successes. Existing exhaustive `switch` statements
|
|
32
|
+
on this type will need to add a case (TypeScript will surface it).
|
|
33
|
+
|
|
34
|
+
For the new `TelemetryRunStatus` type (used by the new sinks), see the
|
|
35
|
+
[port.ts source](https://github.com/vauban-org/command-center/blob/main/packages/agent-sdk/src/telemetry/port.ts).
|
|
36
|
+
|
|
37
|
+
### New optional `OODAAgentConfig.telemetry`
|
|
38
|
+
|
|
39
|
+
```ts
|
|
40
|
+
interface OODAAgentConfig {
|
|
41
|
+
// …existing fields…
|
|
42
|
+
readonly telemetry?: TelemetrySink; // NEW, optional
|
|
43
|
+
}
|
|
44
|
+
```
|
|
45
|
+
|
|
46
|
+
When set, the OODA loop auto-emits `start` + `step` + `finish` events.
|
|
47
|
+
When omitted, behavior is identical to 1.2.
|
|
48
|
+
|
|
49
|
+
### Legacy `AgentRunTracker` is deprecated
|
|
50
|
+
|
|
51
|
+
```ts
|
|
52
|
+
import { createAgentRunTracker } from "@vauban-org/agent-sdk"; // deprecated
|
|
53
|
+
|
|
54
|
+
const tracker = createAgentRunTracker(db);
|
|
55
|
+
// Still works, still INSERTs into agent_run. Will be removed in 2.0.
|
|
56
|
+
```
|
|
57
|
+
|
|
58
|
+
Migration target :
|
|
59
|
+
|
|
60
|
+
```ts
|
|
61
|
+
import {
|
|
62
|
+
createTelemetryBus,
|
|
63
|
+
localSqliteTelemetrySink,
|
|
64
|
+
} from "@vauban-org/agent-sdk";
|
|
65
|
+
import { commandCenterTelemetrySink } from "@vauban-org/cc-telemetry";
|
|
66
|
+
|
|
67
|
+
const telemetry = createTelemetryBus({
|
|
68
|
+
sinks: [
|
|
69
|
+
localSqliteTelemetrySink(),
|
|
70
|
+
commandCenterTelemetrySink({ apiKey: process.env.VAUBAN_API_KEY! }),
|
|
71
|
+
],
|
|
72
|
+
});
|
|
73
|
+
|
|
74
|
+
createOODAAgent({
|
|
75
|
+
agentId: "my-agent",
|
|
76
|
+
telemetry,
|
|
77
|
+
// …no more `createAgentRunTracker(db)` needed
|
|
78
|
+
});
|
|
79
|
+
```
|
|
80
|
+
|
|
81
|
+
## Recipes for common migrations
|
|
82
|
+
|
|
83
|
+
### From `AgentRunTracker` to sinks
|
|
84
|
+
|
|
85
|
+
Before :
|
|
86
|
+
|
|
87
|
+
```ts
|
|
88
|
+
const tracker = createAgentRunTracker(db);
|
|
89
|
+
const uuid = await tracker.start({ agentId, agentVersion, runId, model, provider });
|
|
90
|
+
await tracker.recordStep(uuid, { inputTokens, outputTokens, costUsd });
|
|
91
|
+
await tracker.finish(uuid, { status: "success" });
|
|
92
|
+
```
|
|
93
|
+
|
|
94
|
+
After :
|
|
95
|
+
|
|
96
|
+
```ts
|
|
97
|
+
// No imperative calls — the OODA loop handles it.
|
|
98
|
+
createOODAAgent({
|
|
99
|
+
agentId: "my-agent",
|
|
100
|
+
telemetry: localSqliteTelemetrySink(),
|
|
101
|
+
});
|
|
102
|
+
// runCycle() automatically emits start/step/finish.
|
|
103
|
+
```
|
|
104
|
+
|
|
105
|
+
If you ran tracker calls *outside* the OODA loop (e.g. from a custom
|
|
106
|
+
event handler), you can still use it ; the loop's telemetry and the
|
|
107
|
+
custom calls coexist (they write to different tables in v1.3 :
|
|
108
|
+
`agent_run` for legacy tracker, `telemetry_run_step` for SDK sinks).
|
|
109
|
+
|
|
110
|
+
### From `console.log` to stdoutTelemetrySink
|
|
111
|
+
|
|
112
|
+
Before :
|
|
113
|
+
|
|
114
|
+
```ts
|
|
115
|
+
console.log("[my-agent] cycle start", { runId, agentId });
|
|
116
|
+
```
|
|
117
|
+
|
|
118
|
+
After :
|
|
119
|
+
|
|
120
|
+
```ts
|
|
121
|
+
createOODAAgent({
|
|
122
|
+
agentId: "my-agent",
|
|
123
|
+
telemetry: stdoutTelemetrySink(),
|
|
124
|
+
});
|
|
125
|
+
```
|
|
126
|
+
|
|
127
|
+
You get structured JSON automatically, plus the same data lands in any
|
|
128
|
+
other sinks you configure later.
|
|
129
|
+
|
|
130
|
+
## Removed (only in 2.0, not yet)
|
|
131
|
+
|
|
132
|
+
Targeted for removal in **2.0** (no earlier than Q4 2026) :
|
|
133
|
+
|
|
134
|
+
- `createAgentRunTracker(db)`
|
|
135
|
+
- `AgentRunTracker` interface
|
|
136
|
+
- `tracking/agent-run-tracker.ts` module
|
|
137
|
+
- `tracking/cost-tracked-agent-run-tracker.ts` (consumer in CC backend)
|
|
138
|
+
|
|
139
|
+
Until then, both APIs coexist.
|
|
140
|
+
|
|
141
|
+
## Testing the upgrade
|
|
142
|
+
|
|
143
|
+
```bash
|
|
144
|
+
# Pin to old version
|
|
145
|
+
pnpm add @vauban-org/agent-sdk@1.2.0
|
|
146
|
+
|
|
147
|
+
# Pin to new version
|
|
148
|
+
pnpm add @vauban-org/agent-sdk@1.3.0
|
|
149
|
+
|
|
150
|
+
# Run your test suite
|
|
151
|
+
pnpm test
|
|
152
|
+
```
|
|
153
|
+
|
|
154
|
+
You should see 0 failures, 0 new warnings (other than the deprecation
|
|
155
|
+
notice if you still call `createAgentRunTracker`).
|
|
@@ -0,0 +1,154 @@
|
|
|
1
|
+
# Telemetry Overview
|
|
2
|
+
|
|
3
|
+
!!! info "Status — public-experimental"
|
|
4
|
+
Introduced in `@vauban-org/agent-sdk@1.3.0` (ADR-ECO-039). Interface
|
|
5
|
+
stable, additional event fields may be added before 2.0.
|
|
6
|
+
|
|
7
|
+
The agent-sdk exposes a **port-based telemetry pipeline** : agents emit
|
|
8
|
+
lifecycle events (`start` → `step…` → `finish`) and configurable **sinks**
|
|
9
|
+
decide where those events go. Sovereignty is preserved by default — no
|
|
10
|
+
network calls happen unless you explicitly opt in.
|
|
11
|
+
|
|
12
|
+
## Why a port + sinks pattern ?
|
|
13
|
+
|
|
14
|
+
Before v1.3, the SDK had an implicit DB coupling (`AgentRunTracker.start`
|
|
15
|
+
INSERTed directly into a Command Center–specific `agent_run` table). That
|
|
16
|
+
violated three invariants : sovereignty (SDK unusable without the CC DB),
|
|
17
|
+
boundary discipline (SDK knowing CC schema), and standalone-product
|
|
18
|
+
design (CC should be an optional consumer).
|
|
19
|
+
|
|
20
|
+
The port pattern fixes all three. See the design rationale in
|
|
21
|
+
[ADR-ECO-039](https://github.com/vauban-org/vauban-gouvernance/blob/main/governance/decisions/ADR-ECO-039-sdk-telemetry-port.md).
|
|
22
|
+
|
|
23
|
+
## Three usage modes
|
|
24
|
+
|
|
25
|
+
```mermaid
|
|
26
|
+
graph TD
|
|
27
|
+
A[OODA loop runCycle()] -->|TelemetrySink| B[TelemetryBus]
|
|
28
|
+
B --> S1[stdoutTelemetrySink]
|
|
29
|
+
B --> S2[localSqliteTelemetrySink]
|
|
30
|
+
B --> S3[otlpTelemetrySink]
|
|
31
|
+
B --> S4["commandCenterTelemetrySink<br/>(separate npm pkg)"]
|
|
32
|
+
|
|
33
|
+
S1 -.-> O1[stderr / pino-pretty]
|
|
34
|
+
S2 -.-> O2["~/.vauban/runs.db"]
|
|
35
|
+
S3 -.-> O3["Langfuse / Tempo / Jaeger"]
|
|
36
|
+
S4 -.-> O4["command.vauban.tech<br/>or self-hosted CC"]
|
|
37
|
+
```
|
|
38
|
+
|
|
39
|
+
### Mode 1 — Standalone (sovereign default)
|
|
40
|
+
|
|
41
|
+
Zero phone-home. Zero account required. Runs everywhere.
|
|
42
|
+
|
|
43
|
+
```ts
|
|
44
|
+
import {
|
|
45
|
+
createOODAAgent,
|
|
46
|
+
createTelemetryBus,
|
|
47
|
+
stdoutTelemetrySink,
|
|
48
|
+
localSqliteTelemetrySink,
|
|
49
|
+
} from "@vauban-org/agent-sdk";
|
|
50
|
+
|
|
51
|
+
createOODAAgent({
|
|
52
|
+
agentId: "my-agent",
|
|
53
|
+
/* …other config… */
|
|
54
|
+
telemetry: createTelemetryBus({
|
|
55
|
+
sinks: [
|
|
56
|
+
stdoutTelemetrySink(),
|
|
57
|
+
localSqliteTelemetrySink(), // ~/.vauban/runs.db by default
|
|
58
|
+
],
|
|
59
|
+
}),
|
|
60
|
+
});
|
|
61
|
+
```
|
|
62
|
+
|
|
63
|
+
Inspect locally via `sqlite3` or the upcoming `vauban-agent runs list` CLI.
|
|
64
|
+
|
|
65
|
+
### Mode 2 — Free Vauban CC SaaS
|
|
66
|
+
|
|
67
|
+
Adds remote backup + a hosted dashboard at `command.vauban.tech`.
|
|
68
|
+
|
|
69
|
+
```bash
|
|
70
|
+
pnpm add @vauban-org/cc-telemetry
|
|
71
|
+
```
|
|
72
|
+
|
|
73
|
+
```ts
|
|
74
|
+
import {
|
|
75
|
+
createOODAAgent,
|
|
76
|
+
createTelemetryBus,
|
|
77
|
+
localSqliteTelemetrySink,
|
|
78
|
+
} from "@vauban-org/agent-sdk";
|
|
79
|
+
import { commandCenterTelemetrySink } from "@vauban-org/cc-telemetry";
|
|
80
|
+
|
|
81
|
+
createOODAAgent({
|
|
82
|
+
agentId: "my-agent",
|
|
83
|
+
telemetry: createTelemetryBus({
|
|
84
|
+
sinks: [
|
|
85
|
+
localSqliteTelemetrySink(), // sovereign mirror
|
|
86
|
+
commandCenterTelemetrySink({ apiKey: process.env.VAUBAN_API_KEY! }),
|
|
87
|
+
],
|
|
88
|
+
}),
|
|
89
|
+
});
|
|
90
|
+
```
|
|
91
|
+
|
|
92
|
+
Free tier policy : **1 000 runs / month + 7 day retention** (see
|
|
93
|
+
[ADR-ECO-039 §3](https://github.com/vauban-org/vauban-gouvernance/blob/main/governance/decisions/ADR-ECO-039-sdk-telemetry-port.md)).
|
|
94
|
+
Sign up at [`command.vauban.tech`](https://command.vauban.tech).
|
|
95
|
+
|
|
96
|
+
### Mode 3 — Tiered (Team / Pro / Sovereign)
|
|
97
|
+
|
|
98
|
+
Same code as Mode 2. The API key prefix (`vauban_team_*` / `vauban_pro_*` /
|
|
99
|
+
`vauban_sovereign_*`) determines server-side entitlement. Pro tier signs
|
|
100
|
+
each run with a Vauban Claim Algebra attestation ; Sovereign runs in a
|
|
101
|
+
TDX/SEV-SNP enclave with L3 Madara anchoring. See
|
|
102
|
+
[sinks/cc.md](sinks/cc.md#tiers).
|
|
103
|
+
|
|
104
|
+
### Mode 4 — Self-hosted Command Center
|
|
105
|
+
|
|
106
|
+
Compatible with the AGPL CC backend (per [ADR-ECO-014](https://github.com/vauban-org/vauban-gouvernance/blob/main/governance/decisions/ADR-ECO-014-cc-oss-release.md)).
|
|
107
|
+
|
|
108
|
+
```ts
|
|
109
|
+
commandCenterTelemetrySink({
|
|
110
|
+
apiKey: "internal",
|
|
111
|
+
baseUrl: "https://cc.myorg.internal",
|
|
112
|
+
});
|
|
113
|
+
```
|
|
114
|
+
|
|
115
|
+
## Privacy guarantees
|
|
116
|
+
|
|
117
|
+
| # | Guarantee | Enforced by |
|
|
118
|
+
|---|---|---|
|
|
119
|
+
| 1 | Zero phone-home by default | No sinks configured = no network |
|
|
120
|
+
| 2 | Local sink always available | `localSqliteTelemetrySink` ships with SDK |
|
|
121
|
+
| 3 | PII never crosses sinks | `metadata` hashed unless `includePayloads: true` |
|
|
122
|
+
| 4 | Tenant isolation | RLS in CC backend, scoped Bearer keys |
|
|
123
|
+
| 5 | Audit log of active sinks | `vauban-agent telemetry status` (upcoming) |
|
|
124
|
+
| 6 | Sink failures never block agent | TelemetryBus isolates per-sink failures |
|
|
125
|
+
|
|
126
|
+
## Failure modes & guarantees
|
|
127
|
+
|
|
128
|
+
- **One sink crashes** → others continue. The agent loop is never blocked.
|
|
129
|
+
- **Network sink unreachable** → events queue locally up to `maxQueueDepth`
|
|
130
|
+
(default 1000), then drop-oldest with a Prometheus-friendly counter.
|
|
131
|
+
- **OOM / heap exceeded** → no retry storm ; the agent enters `skipped`
|
|
132
|
+
state with a `stopReason: "heap_exceeded:Xmb"` that surfaces in every
|
|
133
|
+
sink.
|
|
134
|
+
- **CC backend down** → SDK auto-retries 5xx with exponential backoff +
|
|
135
|
+
jitter. 4xx (auth, quota) are NOT retried (would only burn quota).
|
|
136
|
+
|
|
137
|
+
## Where it sits relative to Langfuse
|
|
138
|
+
|
|
139
|
+
Both coexist by design ([Brain entry 1b9ab97d](https://command.vauban.tech/brain/1b9ab97d)) :
|
|
140
|
+
|
|
141
|
+
| Layer | What | Tool |
|
|
142
|
+
|---|---|---|
|
|
143
|
+
| Token-level | Per LLM call, latency, tokens, cost | Langfuse self-host |
|
|
144
|
+
| **Run-level** | **Per OODA cycle, status, outcome** | **TelemetryPort (this module)** |
|
|
145
|
+
| Outcome-level | Business value, HITL, proof | CC `outcome` table + L3 anchor |
|
|
146
|
+
|
|
147
|
+
## Next steps
|
|
148
|
+
|
|
149
|
+
- [stdout sink](sinks/stdout.md) — dev visibility
|
|
150
|
+
- [SQLite sink](sinks/sqlite.md) — sovereign local mirror
|
|
151
|
+
- [OTLP sink](sinks/otlp.md) — push to any OpenTelemetry receiver
|
|
152
|
+
- [CC sink](sinks/cc.md) — Vauban Command Center (free → sovereign)
|
|
153
|
+
- [Privacy & spotlighting](privacy.md)
|
|
154
|
+
- [Migration 1.2 → 1.3](migration.md)
|