npm - @vauban-org/agent-sdk - Versions diffs - 1.0.0 → 1.3.0 - Mend

@vauban-org/agent-sdk 1.0.0 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (513) hide show

package/CONTRACT.md +6918 -742
package/dist/adapters/llm/anthropic-direct.d.ts +1 -0
package/dist/adapters/llm/anthropic-direct.d.ts.map +1 -1
package/dist/adapters/llm/anthropic-direct.js +43 -0
package/dist/adapters/llm/anthropic-direct.js.map +1 -1
package/dist/adapters/llm/cascade.d.ts.map +1 -1
package/dist/adapters/llm/cascade.js +57 -14
package/dist/adapters/llm/cascade.js.map +1 -1
package/dist/adapters/llm/litellm.d.ts +2 -0
package/dist/adapters/llm/litellm.d.ts.map +1 -1
package/dist/adapters/llm/litellm.js +44 -0
package/dist/adapters/llm/litellm.js.map +1 -1
package/dist/compute/difficulty-estimator.d.ts +53 -0
package/dist/compute/difficulty-estimator.d.ts.map +1 -0
package/dist/compute/difficulty-estimator.js +82 -0
package/dist/compute/difficulty-estimator.js.map +1 -0
package/dist/compute/strategies/mixture-of-agents.d.ts +40 -0
package/dist/compute/strategies/mixture-of-agents.d.ts.map +1 -0
package/dist/compute/strategies/mixture-of-agents.js +110 -0
package/dist/compute/strategies/mixture-of-agents.js.map +1 -0
package/dist/compute/strategies/tree-of-thoughts.d.ts +48 -0
package/dist/compute/strategies/tree-of-thoughts.d.ts.map +1 -0
package/dist/compute/strategies/tree-of-thoughts.js +242 -0
package/dist/compute/strategies/tree-of-thoughts.js.map +1 -0
package/dist/compute/strategies/two-phase-orient.d.ts +72 -0
package/dist/compute/strategies/two-phase-orient.d.ts.map +1 -0
package/dist/compute/strategies/two-phase-orient.js +85 -0
package/dist/compute/strategies/two-phase-orient.js.map +1 -0
package/dist/constitution/types.d.ts +10 -10
package/dist/container/protocol.d.ts +134 -0
package/dist/container/protocol.d.ts.map +1 -0
package/dist/container/protocol.js +157 -0
package/dist/container/protocol.js.map +1 -0
package/dist/container/runtime.d.ts +140 -0
package/dist/container/runtime.d.ts.map +1 -0
package/dist/container/runtime.js +256 -0
package/dist/container/runtime.js.map +1 -0
package/dist/events/catalogue.d.ts +46 -46
package/dist/events/schemas/agent.completed.v1.d.ts +4 -4
package/dist/events/schemas/agent.failed.v1.d.ts +2 -2
package/dist/events/schemas/agent.hitl_resolved.v1.d.ts +2 -2
package/dist/events/schemas/agent.started.v1.d.ts +2 -2
package/dist/events/schemas/brain.skill.extracted.v1.d.ts +4 -4
package/dist/events/schemas/cc.cost.anomaly_detected.v1.d.ts +2 -2
package/dist/events/schemas/cc.cost.recorded.v1.d.ts +4 -4
package/dist/events/schemas/citadel.sprint.analyzed.v1.d.ts +6 -6
package/dist/events/schemas/citadel.sprint.closed.v1.d.ts +2 -2
package/dist/events/schemas/forge.inbox.reply_classified.v1.d.ts +6 -6
package/dist/events/schemas/forge.lead.qualified.v1.d.ts +2 -2
package/dist/events/schemas/forge.outreach.sent.v1.d.ts +4 -4
package/dist/events/schemas/incident.detected.v1.d.ts +2 -2
package/dist/events/schemas/vauban.goal.checked.v1.d.ts +2 -2
package/dist/events/schemas/vauban.rebalancing.checked.v1.d.ts +2 -2
package/dist/events/schemas/vauban.tax.checked.v1.d.ts +2 -2
package/dist/events/schemas/vauban.vault.analyzed.v1.d.ts +6 -6
package/dist/identity/agent-persona.d.ts +73 -0
package/dist/identity/agent-persona.d.ts.map +1 -0
package/dist/identity/agent-persona.js +165 -0
package/dist/identity/agent-persona.js.map +1 -0
package/dist/identity/persona-prompt.d.ts +25 -0
package/dist/identity/persona-prompt.d.ts.map +1 -0
package/dist/identity/persona-prompt.js +71 -0
package/dist/identity/persona-prompt.js.map +1 -0
package/dist/identity/persona-schema.d.ts +120 -0
package/dist/identity/persona-schema.d.ts.map +1 -0
package/dist/identity/persona-schema.js +103 -0
package/dist/identity/persona-schema.js.map +1 -0
package/dist/index.d.ts +41 -3
package/dist/index.d.ts.map +1 -1
package/dist/index.js +31 -1
package/dist/index.js.map +1 -1
package/dist/loop/minimal-loop.js +293 -287
package/dist/memory/episodic-rrf.d.ts +114 -0
package/dist/memory/episodic-rrf.d.ts.map +1 -0
package/dist/memory/episodic-rrf.js +148 -0
package/dist/memory/episodic-rrf.js.map +1 -0
package/dist/mesh/attenuation.d.ts +78 -0
package/dist/mesh/attenuation.d.ts.map +1 -0
package/dist/mesh/attenuation.js +141 -0
package/dist/mesh/attenuation.js.map +1 -0
package/dist/mesh/delegate.d.ts +96 -0
package/dist/mesh/delegate.d.ts.map +1 -0
package/dist/mesh/delegate.js +172 -0
package/dist/mesh/delegate.js.map +1 -0
package/dist/mesh/dispatcher.d.ts +119 -0
package/dist/mesh/dispatcher.d.ts.map +1 -0
package/dist/mesh/dispatcher.js +207 -0
package/dist/mesh/dispatcher.js.map +1 -0
package/dist/mesh/index.d.ts +12 -0
package/dist/mesh/index.d.ts.map +1 -0
package/dist/mesh/index.js +11 -0
package/dist/mesh/index.js.map +1 -0
package/dist/mesh/types.d.ts +30 -0
package/dist/mesh/types.d.ts.map +1 -0
package/dist/mesh/types.js +11 -0
package/dist/mesh/types.js.map +1 -0
package/dist/orchestration/ooda/agent.d.ts.map +1 -1
package/dist/orchestration/ooda/agent.js +36 -0
package/dist/orchestration/ooda/agent.js.map +1 -1
package/dist/orchestration/ooda/skills.d.ts +104 -0
package/dist/orchestration/ooda/skills.d.ts.map +1 -1
package/dist/orchestration/ooda/skills.js +106 -0
package/dist/orchestration/ooda/skills.js.map +1 -1
package/dist/orchestration/ooda/types.d.ts +11 -0
package/dist/orchestration/ooda/types.d.ts.map +1 -1
package/dist/ports/bastion-action.contract.test.d.ts +11 -0
package/dist/ports/bastion-action.contract.test.d.ts.map +1 -0
package/dist/ports/bastion-action.contract.test.js +238 -0
package/dist/ports/bastion-action.contract.test.js.map +1 -0
package/dist/ports/bastion-action.d.ts +133 -0
package/dist/ports/bastion-action.d.ts.map +1 -0
package/dist/ports/bastion-action.js +73 -0
package/dist/ports/bastion-action.js.map +1 -0
package/dist/ports/brain.d.ts +31 -0
package/dist/ports/brain.d.ts.map +1 -1
package/dist/ports/brain.js +115 -1
package/dist/ports/brain.js.map +1 -1
package/dist/ports/citadel-action.contract.test.d.ts +11 -0
package/dist/ports/citadel-action.contract.test.d.ts.map +1 -0
package/dist/ports/citadel-action.contract.test.js +317 -0
package/dist/ports/citadel-action.contract.test.js.map +1 -0
package/dist/ports/citadel-action.d.ts +111 -0
package/dist/ports/citadel-action.d.ts.map +1 -0
package/dist/ports/citadel-action.js +62 -0
package/dist/ports/citadel-action.js.map +1 -0
package/dist/ports/compliance-contract.d.ts +123 -0
package/dist/ports/compliance-contract.d.ts.map +1 -0
package/dist/ports/compliance-contract.js +35 -0
package/dist/ports/compliance-contract.js.map +1 -0
package/dist/ports/db.d.ts +38 -0
package/dist/ports/db.d.ts.map +1 -1
package/dist/ports/db.js +88 -1
package/dist/ports/db.js.map +1 -1
package/dist/ports/delegation.contract.test.d.ts +9 -0
package/dist/ports/delegation.contract.test.d.ts.map +1 -0
package/dist/ports/delegation.contract.test.js +337 -0
package/dist/ports/delegation.contract.test.js.map +1 -0
package/dist/ports/delegation.d.ts +134 -0
package/dist/ports/delegation.d.ts.map +1 -0
package/dist/ports/delegation.js +105 -0
package/dist/ports/delegation.js.map +1 -0
package/dist/ports/event-bus.d.ts +29 -0
package/dist/ports/event-bus.d.ts.map +1 -1
package/dist/ports/event-bus.js +106 -1
package/dist/ports/event-bus.js.map +1 -1
package/dist/ports/federation.contract.test.d.ts +9 -0
package/dist/ports/federation.contract.test.d.ts.map +1 -0
package/dist/ports/federation.contract.test.js +279 -0
package/dist/ports/federation.contract.test.js.map +1 -0
package/dist/ports/federation.d.ts +140 -0
package/dist/ports/federation.d.ts.map +1 -0
package/dist/ports/federation.js +57 -0
package/dist/ports/federation.js.map +1 -0
package/dist/ports/index.d.ts +28 -2
package/dist/ports/index.d.ts.map +1 -1
package/dist/ports/index.js +17 -2
package/dist/ports/index.js.map +1 -1
package/dist/ports/llm-provider.d.ts +37 -0
package/dist/ports/llm-provider.d.ts.map +1 -1
package/dist/ports/llm-provider.js +99 -1
package/dist/ports/llm-provider.js.map +1 -1
package/dist/ports/logger.d.ts +27 -0
package/dist/ports/logger.d.ts.map +1 -1
package/dist/ports/logger.js +87 -0
package/dist/ports/logger.js.map +1 -1
package/dist/ports/manifest-registry.contract.test.d.ts +9 -0
package/dist/ports/manifest-registry.contract.test.d.ts.map +1 -0
package/dist/ports/manifest-registry.contract.test.js +246 -0
package/dist/ports/manifest-registry.contract.test.js.map +1 -0
package/dist/ports/manifest-registry.d.ts +116 -0
package/dist/ports/manifest-registry.d.ts.map +1 -0
package/dist/ports/manifest-registry.js +79 -0
package/dist/ports/manifest-registry.js.map +1 -0
package/dist/ports/observability.contract.test.d.ts +12 -0
package/dist/ports/observability.contract.test.d.ts.map +1 -0
package/dist/ports/observability.contract.test.js +260 -0
package/dist/ports/observability.contract.test.js.map +1 -0
package/dist/ports/observability.d.ts +98 -0
package/dist/ports/observability.d.ts.map +1 -0
package/dist/ports/observability.js +59 -0
package/dist/ports/observability.js.map +1 -0
package/dist/ports/outcome.d.ts +26 -0
package/dist/ports/outcome.d.ts.map +1 -1
package/dist/ports/outcome.js +62 -1
package/dist/ports/outcome.js.map +1 -1
package/dist/ports/privacy.contract.test.d.ts +12 -0
package/dist/ports/privacy.contract.test.d.ts.map +1 -0
package/dist/ports/privacy.contract.test.js +325 -0
package/dist/ports/privacy.contract.test.js.map +1 -0
package/dist/ports/privacy.d.ts +132 -0
package/dist/ports/privacy.d.ts.map +1 -0
package/dist/ports/privacy.js +83 -0
package/dist/ports/privacy.js.map +1 -0
package/dist/ports/tenant-context.contract.test.d.ts +14 -0
package/dist/ports/tenant-context.contract.test.d.ts.map +1 -0
package/dist/ports/tenant-context.contract.test.js +352 -0
package/dist/ports/tenant-context.contract.test.js.map +1 -0
package/dist/ports/tenant-context.d.ts +103 -0
package/dist/ports/tenant-context.d.ts.map +1 -0
package/dist/ports/tenant-context.js +48 -0
package/dist/ports/tenant-context.js.map +1 -0
package/dist/ports/vauban-finance-action.contract.test.d.ts +11 -0
package/dist/ports/vauban-finance-action.contract.test.d.ts.map +1 -0
package/dist/ports/vauban-finance-action.contract.test.js +260 -0
package/dist/ports/vauban-finance-action.contract.test.js.map +1 -0
package/dist/ports/vauban-finance-action.d.ts +106 -0
package/dist/ports/vauban-finance-action.d.ts.map +1 -0
package/dist/ports/vauban-finance-action.js +60 -0
package/dist/ports/vauban-finance-action.js.map +1 -0
package/dist/ports/workflow-runtime.d.ts +204 -0
package/dist/ports/workflow-runtime.d.ts.map +1 -0
package/dist/ports/workflow-runtime.js +72 -0
package/dist/ports/workflow-runtime.js.map +1 -0
package/dist/proof/cert-verify.d.ts +80 -0
package/dist/proof/cert-verify.d.ts.map +1 -0
package/dist/proof/cert-verify.js +178 -0
package/dist/proof/cert-verify.js.map +1 -0
package/dist/replay/replay.d.ts.map +1 -1
package/dist/replay/replay.js +5 -1
package/dist/replay/replay.js.map +1 -1
package/dist/retry/index.d.ts +129 -0
package/dist/retry/index.d.ts.map +1 -0
package/dist/retry/index.js +156 -0
package/dist/retry/index.js.map +1 -0
package/dist/retry/presets.d.ts +39 -0
package/dist/retry/presets.d.ts.map +1 -0
package/dist/retry/presets.js +69 -0
package/dist/retry/presets.js.map +1 -0
package/dist/skill-loop/ab-runner.d.ts +67 -0
package/dist/skill-loop/ab-runner.d.ts.map +1 -0
package/dist/skill-loop/ab-runner.js +160 -0
package/dist/skill-loop/ab-runner.js.map +1 -0
package/dist/skill-loop/adoption.d.ts +67 -0
package/dist/skill-loop/adoption.d.ts.map +1 -0
package/dist/skill-loop/adoption.js +126 -0
package/dist/skill-loop/adoption.js.map +1 -0
package/dist/skill-loop/candidate.d.ts +45 -0
package/dist/skill-loop/candidate.d.ts.map +1 -0
package/dist/skill-loop/candidate.js +43 -0
package/dist/skill-loop/candidate.js.map +1 -0
package/dist/skill-loop/evaluator.d.ts +42 -0
package/dist/skill-loop/evaluator.d.ts.map +1 -0
package/dist/skill-loop/evaluator.js +184 -0
package/dist/skill-loop/evaluator.js.map +1 -0
package/dist/skill-loop/index.d.ts +27 -0
package/dist/skill-loop/index.d.ts.map +1 -0
package/dist/skill-loop/index.js +27 -0
package/dist/skill-loop/index.js.map +1 -0
package/dist/skill-loop/reflexion-replay.d.ts +87 -0
package/dist/skill-loop/reflexion-replay.d.ts.map +1 -0
package/dist/skill-loop/reflexion-replay.js +110 -0
package/dist/skill-loop/reflexion-replay.js.map +1 -0
package/dist/skill-loop/sign-off.d.ts +88 -0
package/dist/skill-loop/sign-off.d.ts.map +1 -0
package/dist/skill-loop/sign-off.js +146 -0
package/dist/skill-loop/sign-off.js.map +1 -0
package/dist/skill-loop/value-metric.d.ts +55 -0
package/dist/skill-loop/value-metric.d.ts.map +1 -0
package/dist/skill-loop/value-metric.js +69 -0
package/dist/skill-loop/value-metric.js.map +1 -0
package/dist/skill-loop/versioning.d.ts +36 -0
package/dist/skill-loop/versioning.d.ts.map +1 -0
package/dist/skill-loop/versioning.js +47 -0
package/dist/skill-loop/versioning.js.map +1 -0
package/dist/skill-manifest/anchor.d.ts +91 -0
package/dist/skill-manifest/anchor.d.ts.map +1 -0
package/dist/skill-manifest/anchor.js +331 -0
package/dist/skill-manifest/anchor.js.map +1 -0
package/dist/skill-manifest/builder.d.ts +47 -0
package/dist/skill-manifest/builder.d.ts.map +1 -0
package/dist/skill-manifest/builder.js +93 -0
package/dist/skill-manifest/builder.js.map +1 -0
package/dist/skill-manifest/index.d.ts +13 -0
package/dist/skill-manifest/index.d.ts.map +1 -0
package/dist/skill-manifest/index.js +9 -0
package/dist/skill-manifest/index.js.map +1 -0
package/dist/skill-manifest/types.d.ts +67 -0
package/dist/skill-manifest/types.d.ts.map +1 -0
package/dist/skill-manifest/types.js +16 -0
package/dist/skill-manifest/types.js.map +1 -0
package/dist/skill-manifest/verifier.d.ts +42 -0
package/dist/skill-manifest/verifier.d.ts.map +1 -0
package/dist/skill-manifest/verifier.js +136 -0
package/dist/skill-manifest/verifier.js.map +1 -0
package/dist/skills/_secrets.d.ts +16 -0
package/dist/skills/_secrets.d.ts.map +1 -0
package/dist/skills/_secrets.js +20 -0
package/dist/skills/_secrets.js.map +1 -0
package/dist/skills/alpaca-quote.d.ts +2 -2
package/dist/skills/alpaca-quote.d.ts.map +1 -1
package/dist/skills/alpaca-quote.js +51 -20
package/dist/skills/alpaca-quote.js.map +1 -1
package/dist/skills/brain-query.d.ts +4 -4
package/dist/skills/brain-store.d.ts +6 -6
package/dist/skills/errors.d.ts +15 -0
package/dist/skills/errors.d.ts.map +1 -1
package/dist/skills/errors.js +21 -0
package/dist/skills/errors.js.map +1 -1
package/dist/skills/hitl-request.d.ts +2 -2
package/dist/skills/index.d.ts +3 -1
package/dist/skills/index.d.ts.map +1 -1
package/dist/skills/index.js +4 -1
package/dist/skills/index.js.map +1 -1
package/dist/skills/markdown/loader.d.ts +52 -0
package/dist/skills/markdown/loader.d.ts.map +1 -0
package/dist/skills/markdown/loader.js +93 -0
package/dist/skills/markdown/loader.js.map +1 -0
package/dist/skills/markdown/schema.d.ts +432 -0
package/dist/skills/markdown/schema.d.ts.map +1 -0
package/dist/skills/markdown/schema.js +121 -0
package/dist/skills/markdown/schema.js.map +1 -0
package/dist/skills/poc-md-loader/markdown-loader.d.ts +77 -0
package/dist/skills/poc-md-loader/markdown-loader.d.ts.map +1 -0
package/dist/skills/poc-md-loader/markdown-loader.js +125 -0
package/dist/skills/poc-md-loader/markdown-loader.js.map +1 -0
package/dist/skills/poc-md-loader/runner.d.ts +24 -0
package/dist/skills/poc-md-loader/runner.d.ts.map +1 -0
package/dist/skills/poc-md-loader/runner.js +57 -0
package/dist/skills/poc-md-loader/runner.js.map +1 -0
package/dist/skills/poc-md-loader/vitest.poc.config.d.ts +3 -0
package/dist/skills/poc-md-loader/vitest.poc.config.d.ts.map +1 -0
package/dist/skills/poc-md-loader/vitest.poc.config.js +13 -0
package/dist/skills/poc-md-loader/vitest.poc.config.js.map +1 -0
package/dist/skills/poc-md-loader/web-search/script.d.ts +33 -0
package/dist/skills/poc-md-loader/web-search/script.d.ts.map +1 -0
package/dist/skills/poc-md-loader/web-search/script.js +75 -0
package/dist/skills/poc-md-loader/web-search/script.js.map +1 -0
package/dist/skills/record-outcome.d.ts +4 -4
package/dist/skills/send-email.d.ts +2 -2
package/dist/skills/send-email.d.ts.map +1 -1
package/dist/skills/send-email.js +4 -3
package/dist/skills/send-email.js.map +1 -1
package/dist/skills/slack-notify.d.ts +4 -4
package/dist/skills/slack-notify.d.ts.map +1 -1
package/dist/skills/slack-notify.js +52 -21
package/dist/skills/slack-notify.js.map +1 -1
package/dist/skills/starknet-balance.d.ts +1 -1
package/dist/skills/telegram-notify.d.ts +4 -4
package/dist/skills/telegram-notify.d.ts.map +1 -1
package/dist/skills/telegram-notify.js +48 -19
package/dist/skills/telegram-notify.js.map +1 -1
package/dist/skills/web-search.d.ts +1 -1
package/dist/skills/web-search.d.ts.map +1 -1
package/dist/skills/web-search.js +85 -40
package/dist/skills/web-search.js.map +1 -1
package/dist/telemetry/bus.d.ts +54 -0
package/dist/telemetry/bus.d.ts.map +1 -0
package/dist/telemetry/bus.js +159 -0
package/dist/telemetry/bus.js.map +1 -0
package/dist/telemetry/index.d.ts +35 -0
package/dist/telemetry/index.d.ts.map +1 -0
package/dist/telemetry/index.js +30 -0
package/dist/telemetry/index.js.map +1 -0
package/dist/telemetry/port.d.ts +121 -0
package/dist/telemetry/port.d.ts.map +1 -0
package/dist/telemetry/port.js +48 -0
package/dist/telemetry/port.js.map +1 -0
package/dist/telemetry/sinks/otlp.d.ts +45 -0
package/dist/telemetry/sinks/otlp.d.ts.map +1 -0
package/dist/telemetry/sinks/otlp.js +195 -0
package/dist/telemetry/sinks/otlp.js.map +1 -0
package/dist/telemetry/sinks/sqlite.d.ts +32 -0
package/dist/telemetry/sinks/sqlite.d.ts.map +1 -0
package/dist/telemetry/sinks/sqlite.js +170 -0
package/dist/telemetry/sinks/sqlite.js.map +1 -0
package/dist/telemetry/sinks/stdout.d.ts +22 -0
package/dist/telemetry/sinks/stdout.d.ts.map +1 -0
package/dist/telemetry/sinks/stdout.js +38 -0
package/dist/telemetry/sinks/stdout.js.map +1 -0
package/dist/testing/index.d.ts +3 -0
package/dist/testing/test-brain-port.d.ts +4 -0
package/dist/testing/test-brain-port.d.ts.map +1 -1
package/dist/testing/test-brain-port.js +75 -20
package/dist/testing/test-brain-port.js.map +1 -1
package/dist/testing/test-event-bus.d.ts.map +1 -1
package/dist/testing/test-event-bus.js +89 -36
package/dist/testing/test-event-bus.js.map +1 -1
package/dist/trace/schema.d.ts +1 -1
package/dist/trace/schema.d.ts.map +1 -1
package/dist/trace/schema.js +1 -1
package/dist/trace/schema.js.map +1 -1
package/dist/verify/formal/index.d.ts +44 -0
package/dist/verify/formal/index.d.ts.map +1 -0
package/dist/verify/formal/index.js +98 -0
package/dist/verify/formal/index.js.map +1 -0
package/dist/verify/formal/policy.d.ts +105 -0
package/dist/verify/formal/policy.d.ts.map +1 -0
package/dist/verify/formal/policy.js +159 -0
package/dist/verify/formal/policy.js.map +1 -0
package/dist/verify/formal/result.d.ts +50 -0
package/dist/verify/formal/result.d.ts.map +1 -0
package/dist/verify/formal/result.js +21 -0
package/dist/verify/formal/result.js.map +1 -0
package/dist/verify/formal/solver.d.ts +67 -0
package/dist/verify/formal/solver.d.ts.map +1 -0
package/dist/verify/formal/solver.js +184 -0
package/dist/verify/formal/solver.js.map +1 -0
package/dist/verify/formal/spec-language.d.ts +80 -0
package/dist/verify/formal/spec-language.d.ts.map +1 -0
package/dist/verify/formal/spec-language.js +219 -0
package/dist/verify/formal/spec-language.js.map +1 -0
package/docs/attestation.md +199 -0
package/docs/identity.md +193 -0
package/docs/telemetry/migration.md +155 -0
package/docs/telemetry/overview.md +154 -0
package/docs/telemetry/privacy.md +127 -0
package/docs/telemetry/sinks/cc.md +155 -0
package/docs/telemetry/sinks/otlp.md +146 -0
package/docs/telemetry/sinks/sqlite.md +126 -0
package/docs/telemetry/sinks/stdout.md +82 -0
package/package.json +18 -2
package/src/adapters/llm/anthropic-direct.ts +51 -0
package/src/adapters/llm/cascade.ts +64 -19
package/src/adapters/llm/litellm.ts +49 -0
package/src/compute/difficulty-estimator.ts +111 -0
package/src/compute/strategies/mixture-of-agents.ts +150 -0
package/src/compute/strategies/tree-of-thoughts.ts +293 -0
package/src/compute/strategies/two-phase-orient.ts +147 -0
package/src/container/protocol.ts +243 -0
package/src/container/runtime.ts +424 -0
package/src/db/migrations/026_formal_verify_results.sql +30 -0
package/src/identity/agent-persona.ts +203 -0
package/src/identity/persona-prompt.ts +84 -0
package/src/identity/persona-schema.ts +127 -0
package/src/index.ts +368 -2
package/src/memory/episodic-rrf.ts +224 -0
package/src/mesh/attenuation.ts +190 -0
package/src/mesh/delegate.ts +254 -0
package/src/mesh/dispatcher.ts +301 -0
package/src/mesh/index.ts +39 -0
package/src/mesh/types.ts +31 -0
package/src/orchestration/ooda/agent.ts +50 -0
package/src/orchestration/ooda/skills.ts +177 -0
package/src/orchestration/ooda/types.ts +12 -0
package/src/ports/bastion-action.contract.test.ts +355 -0
package/src/ports/bastion-action.ts +198 -0
package/src/ports/brain.ts +177 -15
package/src/ports/citadel-action.contract.test.ts +430 -0
package/src/ports/citadel-action.ts +174 -0
package/src/ports/compliance-contract.ts +191 -0
package/src/ports/db.ts +98 -0
package/src/ports/delegation.contract.test.ts +428 -0
package/src/ports/delegation.ts +211 -0
package/src/ports/event-bus.ts +133 -0
package/src/ports/federation.contract.test.ts +355 -0
package/src/ports/federation.ts +190 -0
package/src/ports/index.ts +186 -1
package/src/ports/llm-provider.ts +123 -0
package/src/ports/logger.ts +104 -0
package/src/ports/manifest-registry.contract.test.ts +324 -0
package/src/ports/manifest-registry.ts +188 -0
package/src/ports/observability.contract.test.ts +315 -0
package/src/ports/observability.ts +150 -0
package/src/ports/outcome.ts +69 -0
package/src/ports/privacy.contract.test.ts +413 -0
package/src/ports/privacy.ts +207 -0
package/src/ports/tenant-context.contract.test.ts +454 -0
package/src/ports/tenant-context.ts +150 -0
package/src/ports/vauban-finance-action.contract.test.ts +335 -0
package/src/ports/vauban-finance-action.ts +166 -0
package/src/ports/workflow-runtime.ts +327 -0
package/src/proof/cert-verify.ts +249 -0
package/src/replay/replay.ts +11 -8
package/src/retry/index.ts +227 -0
package/src/retry/presets.ts +75 -0
package/src/skill-loop/ab-runner.ts +196 -0
package/src/skill-loop/adoption.ts +188 -0
package/src/skill-loop/candidate.ts +75 -0
package/src/skill-loop/evaluator.ts +238 -0
package/src/skill-loop/index.ts +51 -0
package/src/skill-loop/reflexion-replay.ts +173 -0
package/src/skill-loop/sign-off.ts +247 -0
package/src/skill-loop/value-metric.ts +120 -0
package/src/skill-loop/versioning.ts +75 -0
package/src/skill-manifest/anchor.ts +401 -0
package/src/skill-manifest/builder.ts +129 -0
package/src/skill-manifest/index.ts +18 -0
package/src/skill-manifest/types.ts +72 -0
package/src/skill-manifest/verifier.ts +198 -0
package/src/skills/_secrets.ts +25 -0
package/src/skills/alpaca-quote.ts +68 -23
package/src/skills/errors.ts +30 -2
package/src/skills/index.ts +19 -0
package/src/skills/markdown/loader.ts +129 -0
package/src/skills/markdown/schema.ts +144 -0
package/src/skills/poc-md-loader/e2e-parity.test.ts +237 -0
package/src/skills/poc-md-loader/markdown-loader.ts +161 -0
package/src/skills/poc-md-loader/runner.ts +82 -0
package/src/skills/poc-md-loader/vitest.poc.config.ts +13 -0
package/src/skills/poc-md-loader/web-search/SKILL.md +42 -0
package/src/skills/poc-md-loader/web-search/script.ts +109 -0
package/src/skills/send-email.ts +4 -3
package/src/skills/slack-notify.ts +73 -30
package/src/skills/telegram-notify.ts +70 -24
package/src/skills/web-search.ts +132 -50
package/src/telemetry/bus.test.ts +231 -0
package/src/telemetry/bus.ts +241 -0
package/src/telemetry/index.ts +49 -0
package/src/telemetry/port.ts +160 -0
package/src/telemetry/sinks/otlp.test.ts +146 -0
package/src/telemetry/sinks/otlp.ts +250 -0
package/src/telemetry/sinks/sqlite.test.ts +121 -0
package/src/telemetry/sinks/sqlite.ts +260 -0
package/src/telemetry/sinks/stdout.test.ts +109 -0
package/src/telemetry/sinks/stdout.ts +59 -0
package/src/testing/test-brain-port.ts +98 -24
package/src/testing/test-event-bus.ts +104 -43
package/src/trace/schema.ts +1 -1
package/src/verify/formal/index.ts +154 -0
package/src/verify/formal/policy.ts +253 -0
package/src/verify/formal/result.ts +52 -0
package/src/verify/formal/solver.ts +235 -0
package/src/verify/formal/spec-language.ts +274 -0

package/src/testing/test-event-bus.ts CHANGED Viewed

@@ -13,6 +13,8 @@
  * @public
  */
+import type { Span } from "@opentelemetry/api";
+import { SpanStatusCode, trace } from "@opentelemetry/api";
 import type {
   CloudEvent,
   DomainEvent,
@@ -23,6 +25,8 @@ import { signEvent } from "../auth/sign-event.js";
 import { verifyEvent } from "../auth/verify-event.js";
 import { InMemoryNonceStore } from "../auth/nonce-store.js";
+const TEST_TRACER = trace.getTracer("vauban-agent-sdk.ports.test", "0.1.0");
 type CloudHandler = (event: CloudEvent) => Promise<void>;
 type DomainHandler<T = unknown> = (event: DomainEvent<T>) => Promise<void>;
@@ -59,57 +63,114 @@ export class TestEventBus implements EventBusPort {
   // ─── EventBusPort ──────────────────────────────────────────────────────────
   async publish(event: CloudEvent, stream: string): Promise<void> {
-    if (!event.id) throw new Error("CloudEvent.id is required");
-    if (event.specversion !== "1.0")
-      throw new Error("CloudEvent.specversion must be 1.0");
-    const events = this.streams.get(stream) ?? [];
-    events.push(event);
-    this.streams.set(stream, events);
-    // Track consumed events per stream
-    const consumed = this._consumed.get(stream) ?? [];
-    consumed.push(event);
-    this._consumed.set(stream, consumed);
-    // Dispatch to subscribers
-    const streamSubs = this.subscribers.get(stream);
-    if (streamSubs) {
-      for (const handler of streamSubs.values()) {
-        await handler(event);
+    return TEST_TRACER.startActiveSpan(
+      "event-bus.publish",
+      {
+        attributes: {
+          "event.type": event.type,
+          "event.stream": stream,
+          "event.id": event.id,
+          "vauban.port.name": "event-bus",
+          "vauban.port.impl": "TestEventBus",
+        },
+      },
+      async (span: Span) => {
+        try {
+          if (!event.id) throw new Error("CloudEvent.id is required");
+          if (event.specversion !== "1.0")
+            throw new Error("CloudEvent.specversion must be 1.0");
+          const events = this.streams.get(stream) ?? [];
+          events.push(event);
+          this.streams.set(stream, events);
+          // Track consumed events per stream
+          const consumed = this._consumed.get(stream) ?? [];
+          consumed.push(event);
+          this._consumed.set(stream, consumed);
+          // Dispatch to subscribers
+          const streamSubs = this.subscribers.get(stream);
+          if (streamSubs) {
+            for (const handler of streamSubs.values()) {
+              await handler(event);
+            }
+          }
+          span.setStatus({ code: SpanStatusCode.OK });
+        } catch (err) {
+          const message = err instanceof Error ? err.message : String(err);
+          span.setStatus({ code: SpanStatusCode.ERROR, message });
+          if (err instanceof Error) span.recordException(err);
+          throw err;
+        } finally {
+          span.end();
+        }
       }
-    }
+    );
   }
   async publishWithIdempotency<T>(
     event: Omit<DomainEvent<T>, "signature">,
     key: string
   ): Promise<void> {
-    // Dedup: silently skip if key already processed (producer-side)
-    const isNew = await this.publishIdempotencyStore.setNX(key, 10 * 60 * 1000);
-    if (!isNew) return;
-    // Auto-sign the event
-    const signature = signEvent(
-      event as Omit<DomainEvent, "signature">,
-      this.signingSecret
-    );
-    const signed: DomainEvent<T> = { ...(event as DomainEvent<T>), signature };
-    // Store in domain stream
-    const streamKey = `domain:${event.type}`;
-    const stored = this.domainStreams.get(streamKey) ?? [];
-    const streamId = `${Date.now()}-${stored.length}`;
-    stored.push({ streamId, event: signed as DomainEvent });
-    this.domainStreams.set(streamKey, stored);
-    // Dispatch to domain subscribers
-    const typeSubs = this.domainSubscribers.get(event.type);
-    if (typeSubs) {
-      for (const handler of typeSubs.values()) {
-        await (handler as DomainHandler<T>)(signed);
+    return TEST_TRACER.startActiveSpan(
+      "event-bus.publishWithIdempotency",
+      {
+        attributes: {
+          "event.type": event.type,
+          "event.idempotency_key": key,
+          "vauban.port.name": "event-bus",
+          "vauban.port.impl": "TestEventBus",
+        },
+      },
+      async (span: Span) => {
+        try {
+          // Dedup: silently skip if key already processed (producer-side)
+          const isNew = await this.publishIdempotencyStore.setNX(
+            key,
+            10 * 60 * 1000
+          );
+          if (!isNew) {
+            span.setAttribute("event.dedup.skipped", true);
+            span.setStatus({ code: SpanStatusCode.OK });
+            return;
+          }
+          // Auto-sign the event
+          const signature = signEvent(
+            event as Omit<DomainEvent, "signature">,
+            this.signingSecret
+          );
+          const signed: DomainEvent<T> = {
+            ...(event as DomainEvent<T>),
+            signature,
+          };
+          // Store in domain stream
+          const streamKey = `domain:${event.type}`;
+          const stored = this.domainStreams.get(streamKey) ?? [];
+          const streamId = `${Date.now()}-${stored.length}`;
+          stored.push({ streamId, event: signed as DomainEvent });
+          this.domainStreams.set(streamKey, stored);
+          // Dispatch to domain subscribers
+          const typeSubs = this.domainSubscribers.get(event.type);
+          if (typeSubs) {
+            for (const handler of typeSubs.values()) {
+              await (handler as DomainHandler<T>)(signed);
+            }
+          }
+          span.setStatus({ code: SpanStatusCode.OK });
+        } catch (err) {
+          const message = err instanceof Error ? err.message : String(err);
+          span.setStatus({ code: SpanStatusCode.ERROR, message });
+          if (err instanceof Error) span.recordException(err);
+          throw err;
+        } finally {
+          span.end();
+        }
       }
-    }
+    );
   }
   subscribe(

package/src/trace/schema.ts CHANGED Viewed

@@ -15,7 +15,7 @@
 /** Semver version of this trace schema. Increment MINOR on additive changes,
  *  MAJOR on breaking changes (new required fields or removed fields). */
-export const TRACE_SCHEMA_VERSION = "0.1.0-draft" as const;
+export const TRACE_SCHEMA_VERSION = "1.0.0" as const;
 /** Status of an optional TSA receipt for a Trace. */
 export type ReceiptStatus = "present" | "pending" | "failed";

package/src/verify/formal/index.ts ADDED Viewed

@@ -0,0 +1,154 @@
+/**
+ * src/verify/formal/index.ts
+ *
+ * Sprint-587 — Formal verification entry point.
+ *
+ * Orchestrates : AxiomSpec → SMT-LIB → Z3 subprocess → 4-state result →
+ * (optionally) per-axiom policy decision.
+ *
+ * When `z3` is not in PATH, every spec resolves to UNKNOWN with a uniform
+ * rationale. Callers can then apply their policies — typically resulting in
+ * escalation or log (depending on the axiom and consumer mode).
+ *
+ * @module verify/formal
+ */
+import type { FormalVerifyResult } from "./result.js";
+import {
+  type AxiomPolicy,
+  type ConsumerMode,
+  type PolicyDecision,
+  type VerifyContext,
+  DEFAULT_POLICIES,
+  applyPolicy,
+} from "./policy.js";
+import { type AxiomSpec, compileToSmt } from "./spec-language.js";
+import { checkSmt, isZ3Available } from "./solver.js";
+export {
+  type FormalVerifyResult,
+  type FormalVerifyState,
+  type FormalSolver,
+} from "./result.js";
+export {
+  type AxiomPolicy,
+  type ConsumerMode,
+  type VerifyContext,
+  type PolicyAction,
+  type PolicyDecision,
+  type OnUnknown,
+  type OnUnsafe,
+  DEFAULT_POLICIES,
+  applyPolicy,
+} from "./policy.js";
+export {
+  type AxiomSpec,
+  type Condition,
+  AXIOM_SPECS,
+  compileToSmt,
+} from "./spec-language.js";
+export {
+  type SmtCheckResult,
+  type SolverOptions,
+  checkSmt,
+  isZ3Available,
+} from "./solver.js";
+/**
+ * Bundle returned by {@link formalVerify} : the raw verification result plus
+ * the policy-resolved decision.
+ */
+export interface FormalVerifyDecision {
+  result: FormalVerifyResult;
+  decision: PolicyDecision;
+}
+/**
+ * Verify every supplied AxiomSpec, apply the per-axiom policy, and return
+ * one {@link FormalVerifyDecision} per spec.
+ *
+ * If `z3` is not available on PATH, every result is UNKNOWN with
+ * `solver: "none"`, and the policy layer handles routing.
+ *
+ * @param axiomSpecs       List of specs to verify (typically derived from
+ *                         {@link AXIOM_SPECS}, possibly customised).
+ * @param mode             Consumer mode (strict / permissive / audit_only).
+ * @param context          Calling context (runtime / skill_ingestion).
+ * @param customPolicies   Optional override map keyed by axiom label.
+ */
+export async function formalVerify(
+  axiomSpecs: AxiomSpec[],
+  mode: ConsumerMode,
+  context: VerifyContext,
+  customPolicies?: Partial<Record<string, AxiomPolicy>>
+): Promise<FormalVerifyDecision[]> {
+  const z3Available = await isZ3Available();
+  const out: FormalVerifyDecision[] = [];
+  for (const spec of axiomSpecs) {
+    const policy = customPolicies?.[spec.axiom] ??
+      DEFAULT_POLICIES[
+        spec.axiom
+      ] ?? // Fallback policy for unknown axioms : permissive defaults.
+      {
+        onSafe: "proceed" as const,
+        onUnsafe: "escalate_human" as const,
+        onUnknown: "proceed_with_log" as const,
+        timeout_ms: spec.timeout_ms ?? 5000,
+        skillLoopStrict: true,
+      };
+    const timeout_ms = spec.timeout_ms ?? policy.timeout_ms ?? 5000;
+    let result: FormalVerifyResult;
+    if (!z3Available) {
+      result = {
+        state: "UNKNOWN",
+        axiom: spec.axiom,
+        rationale: "z3 binary not available on PATH",
+        time_ms: 0,
+        solver: "none",
+      };
+    } else {
+      const smt = compileToSmt(spec);
+      const smtRes = await checkSmt(smt, { timeout_ms });
+      if (smtRes.sat === false) {
+        // unsat → no counterexample → property holds → SAFE
+        result = {
+          state: "SAFE",
+          axiom: spec.axiom,
+          rationale: `Z3 proved post-conditions hold for axiom ${spec.axiom}`,
+          time_ms: smtRes.time_ms,
+          solver: "z3",
+        };
+      } else if (smtRes.sat === true) {
+        // sat → counterexample → property violated → UNSAFE
+        result = {
+          state: "UNSAFE",
+          axiom: spec.axiom,
+          rationale: `Z3 found a counterexample for axiom ${spec.axiom}`,
+          counterexample: smtRes.model,
+          time_ms: smtRes.time_ms,
+          solver: "z3",
+        };
+      } else {
+        // null → unknown / timeout / error → UNKNOWN
+        result = {
+          state: "UNKNOWN",
+          axiom: spec.axiom,
+          rationale: smtRes.reason ?? "z3 returned unknown",
+          time_ms: smtRes.time_ms,
+          solver: "z3",
+        };
+      }
+    }
+    const decision = applyPolicy(result, policy as AxiomPolicy, mode, context);
+    out.push({ result, decision });
+  }
+  return out;
+}

package/src/verify/formal/policy.ts ADDED Viewed

@@ -0,0 +1,253 @@
+/**
+ * src/verify/formal/policy.ts
+ *
+ * Sprint-587 — Per-axiom policy + consumer mode resolution.
+ *
+ * The policy layer maps a 4-state {@link FormalVerifyResult} to an action
+ * (proceed / block / escalate / log), parameterised by :
+ *   - the axiom (Robuste, Institutionnel, … — each has different sensitivity)
+ *   - the consumer mode (strict / permissive / audit_only)
+ *   - the calling context (runtime vs skill_ingestion — see Tension Sprint C)
+ *
+ * Tension Sprint C : skill-loop ingestion is ALWAYS strict on UNKNOWN.
+ * Even if the runtime policy says "proceed_with_log" on UNKNOWN for the
+ * Profitable axiom, the skill-ingestion path must refuse to ingest the
+ * skill until UNKNOWN becomes SAFE. This prevents UNKNOWN-tainted skills
+ * from accumulating in the skill library.
+ *
+ * @module verify/formal/policy
+ */
+import type { FormalVerifyResult } from "./result.js";
+/**
+ * Action chosen by the policy resolver.
+ *
+ *   `proceed`        : continue without intervention
+ *   `block`          : refuse the operation outright
+ *   `escalate_human` : pause and request human approval (HITL)
+ *   `log`            : continue but emit an audit-grade log entry
+ */
+export type PolicyAction = "proceed" | "block" | "escalate_human" | "log";
+/**
+ * Strategy for handling UNKNOWN outcomes.
+ *
+ *   `escalate_human`        : refuse to make a unilateral decision
+ *   `proceed_with_log`      : continue and emit a regular log entry
+ *   `proceed_with_audit_log`: continue and emit an audit-grade log entry
+ */
+export type OnUnknown =
+  | "escalate_human"
+  | "proceed_with_log"
+  | "proceed_with_audit_log";
+/**
+ * Strategy for handling UNSAFE outcomes — either hard-block or escalate.
+ */
+export type OnUnsafe = "block" | "escalate_human";
+/**
+ * Policy bundle for one axiom.
+ *
+ * `skillLoopStrict` is ALWAYS true by design : it is exposed as a field so
+ * downstream code can read it but is not configurable (see Tension Sprint C).
+ */
+export interface AxiomPolicy {
+  /** Action on SAFE. Fixed at `"proceed"` — kept explicit for symmetry. */
+  onSafe: "proceed";
+  /** Action on UNSAFE. */
+  onUnsafe: OnUnsafe;
+  /** Action on UNKNOWN. */
+  onUnknown: OnUnknown;
+  /** Solver timeout for this axiom, in milliseconds. */
+  timeout_ms: number;
+  /**
+   * Skill-loop ingestion strict mode — always true. Exposed so callers can
+   * assert the invariant. Do not set to false ; Tension Sprint C invariant.
+   */
+  skillLoopStrict: boolean;
+}
+/**
+ * Default per-axiom policies.
+ *
+ * Rationale :
+ *   Robuste / Institutionnel : hard axioms — UNSAFE blocks, UNKNOWN escalates
+ *   SOTA                     : UNKNOWN allowed with audit log (SOTA evolves)
+ *   AntiFragile / Profitable : softer — UNSAFE escalates, UNKNOWN logs
+ */
+export const DEFAULT_POLICIES: Record<string, AxiomPolicy> = {
+  Robuste: {
+    onSafe: "proceed",
+    onUnsafe: "block",
+    onUnknown: "escalate_human",
+    timeout_ms: 5000,
+    skillLoopStrict: true,
+  },
+  Institutionnel: {
+    onSafe: "proceed",
+    onUnsafe: "block",
+    onUnknown: "escalate_human",
+    timeout_ms: 10_000,
+    skillLoopStrict: true,
+  },
+  SOTA: {
+    onSafe: "proceed",
+    onUnsafe: "escalate_human",
+    onUnknown: "proceed_with_audit_log",
+    timeout_ms: 2000,
+    skillLoopStrict: true,
+  },
+  AntiFragile: {
+    onSafe: "proceed",
+    onUnsafe: "escalate_human",
+    onUnknown: "proceed_with_log",
+    timeout_ms: 1000,
+    skillLoopStrict: true,
+  },
+  Profitable: {
+    onSafe: "proceed",
+    onUnsafe: "escalate_human",
+    onUnknown: "proceed_with_log",
+    timeout_ms: 1000,
+    skillLoopStrict: true,
+  },
+};
+/**
+ * Consumer-level mode for the formal verifier.
+ *
+ *   `strict`     : enforce all policies as declared
+ *   `permissive` : downgrade non-critical UNSAFE to log (Robuste/Institutionnel
+ *                  remain enforced), and treat UNKNOWN as SKIPPED
+ *   `audit_only` : never block ; map every actionable outcome to `log`
+ */
+export type ConsumerMode = "strict" | "permissive" | "audit_only";
+/**
+ * Calling context — distinguishes between live runtime verification and
+ * skill-loop ingestion. The latter has stricter rules on UNKNOWN.
+ */
+export type VerifyContext = "runtime" | "skill_ingestion";
+/**
+ * Resolution outcome of {@link applyPolicy}.
+ */
+export interface PolicyDecision {
+  action: PolicyAction;
+  rationale: string;
+}
+/**
+ * Whether an axiom is in the "hard" set (Robuste, Institutionnel) whose
+ * UNSAFE outcomes are non-negotiable.
+ */
+function isHardAxiom(axiom: string): boolean {
+  return axiom === "Robuste" || axiom === "Institutionnel";
+}
+/**
+ * Apply the policy + mode + context to a single verification result.
+ *
+ * Decision order :
+ *   1. SKIPPED                                        → log
+ *   2. skill_ingestion + UNKNOWN                      → block  (Tension Sprint C)
+ *   3. mode = audit_only                              → log
+ *   4. mode = permissive + UNKNOWN                    → log    (treated as SKIPPED)
+ *   5. mode = permissive + UNSAFE + non-hard axiom    → log
+ *   6. otherwise                                      → policy.on{Safe,Unsafe,Unknown}
+ */
+export function applyPolicy(
+  result: FormalVerifyResult,
+  policy: AxiomPolicy,
+  mode: ConsumerMode,
+  context: VerifyContext
+): PolicyDecision {
+  // 1. SKIPPED → log
+  if (result.state === "SKIPPED") {
+    return {
+      action: "log",
+      rationale: `Axiom ${result.axiom} verification was skipped (${result.rationale})`,
+    };
+  }
+  // 2. Tension Sprint C : skill_ingestion + UNKNOWN → block, always.
+  if (context === "skill_ingestion" && result.state === "UNKNOWN") {
+    return {
+      action: "block",
+      rationale:
+        `Skill ingestion refuses UNKNOWN on axiom ${result.axiom} ` +
+        `(Tension Sprint C : skill-loop is always strict on UNKNOWN)`,
+    };
+  }
+  // 3. audit_only never blocks.
+  if (mode === "audit_only") {
+    return {
+      action: "log",
+      rationale: `audit_only mode : axiom ${result.axiom} = ${result.state}`,
+    };
+  }
+  // SAFE is always proceed.
+  if (result.state === "SAFE") {
+    return {
+      action: "proceed",
+      rationale: `Axiom ${result.axiom} proved SAFE in ${result.time_ms.toFixed(
+        0
+      )}ms`,
+    };
+  }
+  // 4 + 5. Permissive softening.
+  if (mode === "permissive") {
+    if (result.state === "UNKNOWN") {
+      return {
+        action: "log",
+        rationale:
+          `permissive mode : UNKNOWN on axiom ${result.axiom} treated as ` +
+          `non-blocking (${result.rationale})`,
+      };
+    }
+    if (result.state === "UNSAFE" && !isHardAxiom(result.axiom)) {
+      return {
+        action: "log",
+        rationale:
+          `permissive mode : UNSAFE on soft axiom ${result.axiom} downgraded ` +
+          `to log (${result.rationale})`,
+      };
+    }
+    // UNSAFE on hard axiom : fall through to strict policy.
+  }
+  // 6. Strict policy resolution.
+  if (result.state === "UNSAFE") {
+    return {
+      action: policy.onUnsafe,
+      rationale:
+        `UNSAFE on axiom ${result.axiom} : ${policy.onUnsafe} ` +
+        `(counterexample : ${result.counterexample ?? "n/a"})`,
+    };
+  }
+  // result.state === "UNKNOWN" (runtime context only)
+  switch (policy.onUnknown) {
+    case "escalate_human":
+      return {
+        action: "escalate_human",
+        rationale: `UNKNOWN on axiom ${result.axiom} : escalating (${result.rationale})`,
+      };
+    case "proceed_with_audit_log":
+      return {
+        action: "log",
+        rationale: `UNKNOWN on axiom ${result.axiom} : audit-log proceed (${result.rationale})`,
+      };
+    case "proceed_with_log":
+    default:
+      return {
+        action: "log",
+        rationale: `UNKNOWN on axiom ${result.axiom} : log-proceed (${result.rationale})`,
+      };
+  }
+}

package/src/verify/formal/result.ts ADDED Viewed

@@ -0,0 +1,52 @@
+/**
+ * src/verify/formal/result.ts
+ *
+ * Sprint-587 — Z3 formal verification result type.
+ *
+ * 4-state result discipline:
+ *   - SAFE     : Z3 proved the post-conditions hold under pre-conditions
+ *   - UNSAFE   : Z3 found a counterexample (state where pre-conditions hold
+ *                but post-conditions are violated)
+ *   - UNKNOWN  : Z3 returned `unknown` (timeout, undecidable, or solver
+ *                limitation). EXPLICIT — never silently treated as SAFE.
+ *   - SKIPPED  : Verification not run (consumer mode = permissive opt-out,
+ *                or solver binary unavailable when caller chooses to skip)
+ *
+ * The distinction between UNKNOWN and SAFE is the core epistemic discipline
+ * of this module : we never assert proof when none was produced.
+ *
+ * @module verify/formal/result
+ */
+/**
+ * Discriminated state of a formal verification attempt.
+ */
+export type FormalVerifyState = "SAFE" | "UNSAFE" | "UNKNOWN" | "SKIPPED";
+/**
+ * Solver backend identifier — currently only Z3 or `none` (no solver).
+ */
+export type FormalSolver = "z3" | "none";
+/**
+ * Result of running a single axiom spec through the formal verifier.
+ *
+ * `state`           : 4-state outcome (see {@link FormalVerifyState})
+ * `axiom`           : human-readable axiom label (e.g. "Robuste")
+ * `rationale`       : human-readable explanation of the outcome
+ * `witness`         : when SAFE, optional UNSAT-core or proof witness string
+ *                     emitted by the solver (informational only)
+ * `counterexample`  : when UNSAFE, SMT model (variable assignment) that
+ *                     violates the post-conditions
+ * `time_ms`         : wall-clock time spent in the solver, in milliseconds
+ * `solver`          : which backend produced the result
+ */
+export interface FormalVerifyResult {
+  state: FormalVerifyState;
+  axiom: string;
+  rationale: string;
+  witness?: string;
+  counterexample?: string;
+  time_ms: number;
+  solver: FormalSolver;
+}