npm - @vorionsys/a3i - Versions diffs - 0.1.0 - Mend

@vorionsys/a3i 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (166) hide show

package/LICENSE +190 -0
package/dist/api/handlers.d.ts +231 -0
package/dist/api/handlers.d.ts.map +1 -0
package/dist/api/handlers.js +279 -0
package/dist/api/handlers.js.map +1 -0
package/dist/api/index.d.ts +24 -0
package/dist/api/index.d.ts.map +1 -0
package/dist/api/index.js +27 -0
package/dist/api/index.js.map +1 -0
package/dist/api/middleware.d.ts +106 -0
package/dist/api/middleware.d.ts.map +1 -0
package/dist/api/middleware.js +186 -0
package/dist/api/middleware.js.map +1 -0
package/dist/api/routes.d.ts +41 -0
package/dist/api/routes.d.ts.map +1 -0
package/dist/api/routes.js +91 -0
package/dist/api/routes.js.map +1 -0
package/dist/authorization/constraints.d.ts +75 -0
package/dist/authorization/constraints.d.ts.map +1 -0
package/dist/authorization/constraints.js +302 -0
package/dist/authorization/constraints.js.map +1 -0
package/dist/authorization/decision.d.ts +98 -0
package/dist/authorization/decision.d.ts.map +1 -0
package/dist/authorization/decision.js +202 -0
package/dist/authorization/decision.js.map +1 -0
package/dist/authorization/engine.d.ts +141 -0
package/dist/authorization/engine.d.ts.map +1 -0
package/dist/authorization/engine.js +339 -0
package/dist/authorization/engine.js.map +1 -0
package/dist/authorization/index.d.ts +10 -0
package/dist/authorization/index.d.ts.map +1 -0
package/dist/authorization/index.js +13 -0
package/dist/authorization/index.js.map +1 -0
package/dist/banding/band-calculator.d.ts +137 -0
package/dist/banding/band-calculator.d.ts.map +1 -0
package/dist/banding/band-calculator.js +252 -0
package/dist/banding/band-calculator.js.map +1 -0
package/dist/banding/bands.d.ts +56 -0
package/dist/banding/bands.d.ts.map +1 -0
package/dist/banding/bands.js +200 -0
package/dist/banding/bands.js.map +1 -0
package/dist/banding/hysteresis.d.ts +64 -0
package/dist/banding/hysteresis.d.ts.map +1 -0
package/dist/banding/hysteresis.js +143 -0
package/dist/banding/hysteresis.js.map +1 -0
package/dist/banding/index.d.ts +10 -0
package/dist/banding/index.d.ts.map +1 -0
package/dist/banding/index.js +10 -0
package/dist/banding/index.js.map +1 -0
package/dist/canary/canary-service.d.ts +123 -0
package/dist/canary/canary-service.d.ts.map +1 -0
package/dist/canary/canary-service.js +353 -0
package/dist/canary/canary-service.js.map +1 -0
package/dist/canary/index.d.ts +12 -0
package/dist/canary/index.d.ts.map +1 -0
package/dist/canary/index.js +14 -0
package/dist/canary/index.js.map +1 -0
package/dist/canary/probe-library.d.ts +43 -0
package/dist/canary/probe-library.d.ts.map +1 -0
package/dist/canary/probe-library.js +655 -0
package/dist/canary/probe-library.js.map +1 -0
package/dist/execution/engine.d.ts +120 -0
package/dist/execution/engine.d.ts.map +1 -0
package/dist/execution/engine.js +220 -0
package/dist/execution/engine.js.map +1 -0
package/dist/execution/index.d.ts +7 -0
package/dist/execution/index.d.ts.map +1 -0
package/dist/execution/index.js +7 -0
package/dist/execution/index.js.map +1 -0
package/dist/gate/index.d.ts +12 -0
package/dist/gate/index.d.ts.map +1 -0
package/dist/gate/index.js +14 -0
package/dist/gate/index.js.map +1 -0
package/dist/gate/pre-action-gate.d.ts +87 -0
package/dist/gate/pre-action-gate.d.ts.map +1 -0
package/dist/gate/pre-action-gate.js +286 -0
package/dist/gate/pre-action-gate.js.map +1 -0
package/dist/gate/risk-classifier.d.ts +43 -0
package/dist/gate/risk-classifier.d.ts.map +1 -0
package/dist/gate/risk-classifier.js +157 -0
package/dist/gate/risk-classifier.js.map +1 -0
package/dist/hooks/executor.d.ts +56 -0
package/dist/hooks/executor.d.ts.map +1 -0
package/dist/hooks/executor.js +217 -0
package/dist/hooks/executor.js.map +1 -0
package/dist/hooks/index.d.ts +45 -0
package/dist/hooks/index.d.ts.map +1 -0
package/dist/hooks/index.js +49 -0
package/dist/hooks/index.js.map +1 -0
package/dist/hooks/manager.d.ts +156 -0
package/dist/hooks/manager.d.ts.map +1 -0
package/dist/hooks/manager.js +267 -0
package/dist/hooks/manager.js.map +1 -0
package/dist/hooks/registry.d.ts +130 -0
package/dist/hooks/registry.d.ts.map +1 -0
package/dist/hooks/registry.js +238 -0
package/dist/hooks/registry.js.map +1 -0
package/dist/hooks/types.d.ts +226 -0
package/dist/hooks/types.d.ts.map +1 -0
package/dist/hooks/types.js +41 -0
package/dist/hooks/types.js.map +1 -0
package/dist/index.d.ts +20 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +31 -0
package/dist/index.js.map +1 -0
package/dist/observation/attestation.d.ts +102 -0
package/dist/observation/attestation.d.ts.map +1 -0
package/dist/observation/attestation.js +127 -0
package/dist/observation/attestation.js.map +1 -0
package/dist/observation/ceilings.d.ts +60 -0
package/dist/observation/ceilings.d.ts.map +1 -0
package/dist/observation/ceilings.js +110 -0
package/dist/observation/ceilings.js.map +1 -0
package/dist/observation/index.d.ts +11 -0
package/dist/observation/index.d.ts.map +1 -0
package/dist/observation/index.js +14 -0
package/dist/observation/index.js.map +1 -0
package/dist/observation/tiers.d.ts +96 -0
package/dist/observation/tiers.d.ts.map +1 -0
package/dist/observation/tiers.js +225 -0
package/dist/observation/tiers.js.map +1 -0
package/dist/orchestrator/index.d.ts +8 -0
package/dist/orchestrator/index.d.ts.map +1 -0
package/dist/orchestrator/index.js +8 -0
package/dist/orchestrator/index.js.map +1 -0
package/dist/orchestrator/orchestrator.d.ts +225 -0
package/dist/orchestrator/orchestrator.d.ts.map +1 -0
package/dist/orchestrator/orchestrator.js +302 -0
package/dist/orchestrator/orchestrator.js.map +1 -0
package/dist/orchestrator/proof-plane-adapter.d.ts +80 -0
package/dist/orchestrator/proof-plane-adapter.d.ts.map +1 -0
package/dist/orchestrator/proof-plane-adapter.js +78 -0
package/dist/orchestrator/proof-plane-adapter.js.map +1 -0
package/dist/trust/calculator.d.ts +60 -0
package/dist/trust/calculator.d.ts.map +1 -0
package/dist/trust/calculator.js +163 -0
package/dist/trust/calculator.js.map +1 -0
package/dist/trust/dimensions.d.ts +133 -0
package/dist/trust/dimensions.d.ts.map +1 -0
package/dist/trust/dimensions.js +257 -0
package/dist/trust/dimensions.js.map +1 -0
package/dist/trust/index.d.ts +14 -0
package/dist/trust/index.d.ts.map +1 -0
package/dist/trust/index.js +25 -0
package/dist/trust/index.js.map +1 -0
package/dist/trust/profile-service.d.ts +179 -0
package/dist/trust/profile-service.d.ts.map +1 -0
package/dist/trust/profile-service.js +378 -0
package/dist/trust/profile-service.js.map +1 -0
package/dist/trust/profile-store.d.ts +122 -0
package/dist/trust/profile-store.d.ts.map +1 -0
package/dist/trust/profile-store.js +132 -0
package/dist/trust/profile-store.js.map +1 -0
package/dist/trust/trust-calculator.d.ts +111 -0
package/dist/trust/trust-calculator.d.ts.map +1 -0
package/dist/trust/trust-calculator.js +271 -0
package/dist/trust/trust-calculator.js.map +1 -0
package/dist/trust/trust-dynamics.d.ts +152 -0
package/dist/trust/trust-dynamics.d.ts.map +1 -0
package/dist/trust/trust-dynamics.js +302 -0
package/dist/trust/trust-dynamics.js.map +1 -0
package/dist/trust/weights.d.ts +57 -0
package/dist/trust/weights.d.ts.map +1 -0
package/dist/trust/weights.js +75 -0
package/dist/trust/weights.js.map +1 -0
package/package.json +81 -0

package/dist/execution/engine.d.ts ADDED Viewed

@@ -0,0 +1,120 @@
+/**
+ * Execution Engine - Executes authorized intents with hook integration
+ *
+ * The ExecutionEngine handles the actual execution of authorized intents,
+ * with pre/post execution hooks for extensibility and monitoring.
+ *
+ * Execution flow:
+ * 1. Validate the decision is still valid (not expired)
+ * 2. Execute PRE_EXECUTE hooks (can abort)
+ * 3. Execute the action via the registered executor
+ * 4. Execute POST_EXECUTE hooks on success
+ * 5. Execute EXECUTION_FAILED hooks on failure
+ */
+import type { Intent, Decision, TrustProfile } from '@vorionsys/contracts';
+import { type HookManager } from '../hooks/index.js';
+/**
+ * Executor function type - implements the actual action execution
+ */
+export type ActionExecutor<TParams = unknown, TResult = unknown> = (intent: Intent, decision: Decision, params?: TParams) => Promise<TResult>;
+/**
+ * Execution result
+ */
+export interface ExecutionResult<T = unknown> {
+    /** Whether execution was successful */
+    success: boolean;
+    /** The result of execution (if successful) */
+    result?: T;
+    /** Error (if failed) */
+    error?: Error;
+    /** Execution duration in ms */
+    durationMs: number;
+    /** Whether the operation was aborted by a hook */
+    aborted: boolean;
+    /** Abort reason (if aborted) */
+    abortReason?: string;
+    /** Execution ID for tracing */
+    executionId: string;
+    /** Whether the error is retryable */
+    retryable?: boolean;
+}
+/**
+ * Execution request
+ */
+export interface ExecuteRequest<TParams = unknown> {
+    /** The authorization decision */
+    decision: Decision;
+    /** The original intent */
+    intent: Intent;
+    /** The agent's trust profile */
+    profile: TrustProfile;
+    /** Custom execution parameters */
+    params?: TParams;
+    /** Optional executor override (uses default if not provided) */
+    executor?: ActionExecutor<TParams>;
+}
+/**
+ * Configuration for the execution engine
+ */
+export interface ExecutionEngineConfig {
+    /** Hook manager for extensibility */
+    hookManager?: HookManager;
+    /** Enable hooks (default: true if hookManager provided) */
+    enableHooks?: boolean;
+    /** Default executor for actions */
+    defaultExecutor?: ActionExecutor;
+    /** Default timeout for execution in ms */
+    defaultTimeoutMs?: number;
+    /** Whether to allow execution of expired decisions */
+    allowExpiredDecisions?: boolean;
+}
+/**
+ * ExecutionEngine - Executes authorized intents with hook integration
+ */
+export declare class ExecutionEngine {
+    private readonly hookManager?;
+    private readonly config;
+    private readonly executors;
+    constructor(config?: ExecutionEngineConfig);
+    /**
+     * Default no-op executor
+     */
+    private noopExecutor;
+    /**
+     * Register an executor for a specific action type
+     */
+    registerExecutor(actionType: string, executor: ActionExecutor): void;
+    /**
+     * Unregister an executor
+     */
+    unregisterExecutor(actionType: string): boolean;
+    /**
+     * Execute an authorized intent
+     */
+    execute<TParams = unknown, TResult = unknown>(request: ExecuteRequest<TParams>): Promise<ExecutionResult<TResult>>;
+    /**
+     * Execute action with timeout
+     */
+    private executeWithTimeout;
+    /**
+     * Execute pre-execute hooks
+     */
+    private executePreHooks;
+    /**
+     * Execute post-execute hooks
+     */
+    private executePostHooks;
+    /**
+     * Execute execution-failed hooks
+     */
+    private executeFailedHooks;
+    /**
+     * Get the hook manager
+     */
+    getHookManager(): HookManager | undefined;
+}
+/**
+ * Create an execution engine
+ */
+export declare function createExecutionEngine(config?: ExecutionEngineConfig): ExecutionEngine;
+//# sourceMappingURL=engine.d.ts.map

package/dist/execution/engine.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"engine.d.ts","sourceRoot":"","sources":["../../src/execution/engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAGH,OAAO,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAC3E,OAAO,EACL,KAAK,WAAW,EAEjB,MAAM,mBAAmB,CAAC;AAE3B;;GAEG;AACH,MAAM,MAAM,cAAc,CAAC,OAAO,GAAG,OAAO,EAAE,OAAO,GAAG,OAAO,IAAI,CACjE,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,QAAQ,EAClB,MAAM,CAAC,EAAE,OAAO,KACb,OAAO,CAAC,OAAO,CAAC,CAAC;AAEtB;;GAEG;AACH,MAAM,WAAW,eAAe,CAAC,CAAC,GAAG,OAAO;IAC1C,uCAAuC;IACvC,OAAO,EAAE,OAAO,CAAC;IACjB,8CAA8C;IAC9C,MAAM,CAAC,EAAE,CAAC,CAAC;IACX,wBAAwB;IACxB,KAAK,CAAC,EAAE,KAAK,CAAC;IACd,+BAA+B;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,kDAAkD;IAClD,OAAO,EAAE,OAAO,CAAC;IACjB,gCAAgC;IAChC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,+BAA+B;IAC/B,WAAW,EAAE,MAAM,CAAC;IACpB,qCAAqC;IACrC,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc,CAAC,OAAO,GAAG,OAAO;IAC/C,iCAAiC;IACjC,QAAQ,EAAE,QAAQ,CAAC;IACnB,0BAA0B;IAC1B,MAAM,EAAE,MAAM,CAAC;IACf,gCAAgC;IAChC,OAAO,EAAE,YAAY,CAAC;IACtB,kCAAkC;IAClC,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,gEAAgE;IAChE,QAAQ,CAAC,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC;CACpC;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,qCAAqC;IACrC,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,2DAA2D;IAC3D,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,mCAAmC;IACnC,eAAe,CAAC,EAAE,cAAc,CAAC;IACjC,0CAA0C;IAC1C,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,sDAAsD;IACtD,qBAAqB,CAAC,EAAE,OAAO,CAAC;CACjC;AAuBD;;GAEG;AACH,qBAAa,eAAe;IAC1B,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAc;IAC3C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAuD;IAC9E,OAAO,CAAC,QAAQ,CAAC,SAAS,CAA0C;gBAExD,MAAM,GAAE,qBAA0B;IAU9C;;OAEG;IACH,OAAO,CAAC,YAAY,CAElB;IAEF;;OAEG;IACH,gBAAgB,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,cAAc,GAAG,IAAI;IAIpE;;OAEG;IACH,kBAAkB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO;IAI/C;;OAEG;IACG,OAAO,CAAC,OAAO,GAAG,OAAO,EAAE,OAAO,GAAG,OAAO,EAChD,OAAO,EAAE,cAAc,CAAC,OAAO,CAAC,GAC/B,OAAO,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;IAkHpC;;OAEG;YACW,kBAAkB;IA0BhC;;OAEG;YACW,eAAe;IAgB7B;;OAEG;YACW,gBAAgB;IAgB9B;;OAEG;YACW,kBAAkB;IAkBhC;;OAEG;IACH,cAAc,IAAI,WAAW,GAAG,SAAS;CAG1C;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CACnC,MAAM,CAAC,EAAE,qBAAqB,GAC7B,eAAe,CAEjB"}

package/dist/execution/engine.js ADDED Viewed

@@ -0,0 +1,220 @@
+/**
+ * Execution Engine - Executes authorized intents with hook integration
+ *
+ * The ExecutionEngine handles the actual execution of authorized intents,
+ * with pre/post execution hooks for extensibility and monitoring.
+ *
+ * Execution flow:
+ * 1. Validate the decision is still valid (not expired)
+ * 2. Execute PRE_EXECUTE hooks (can abort)
+ * 3. Execute the action via the registered executor
+ * 4. Execute POST_EXECUTE hooks on success
+ * 5. Execute EXECUTION_FAILED hooks on failure
+ */
+import { v4 as uuidv4 } from 'uuid';
+/**
+ * Determines if an error is retryable
+ */
+function isRetryableError(error) {
+    const message = error.message.toLowerCase();
+    const retryablePatterns = [
+        'timeout',
+        'network',
+        'connection',
+        'temporarily unavailable',
+        'rate limit',
+        'too many requests',
+        'service unavailable',
+        'gateway',
+        'econnreset',
+        'econnrefused',
+        'etimedout',
+    ];
+    return retryablePatterns.some((pattern) => message.includes(pattern));
+}
+/**
+ * ExecutionEngine - Executes authorized intents with hook integration
+ */
+export class ExecutionEngine {
+    hookManager;
+    config;
+    executors = new Map();
+    constructor(config = {}) {
+        this.hookManager = config.hookManager;
+        this.config = {
+            enableHooks: config.enableHooks ?? (config.hookManager !== undefined),
+            defaultExecutor: config.defaultExecutor ?? this.noopExecutor,
+            defaultTimeoutMs: config.defaultTimeoutMs ?? 30000,
+            allowExpiredDecisions: config.allowExpiredDecisions ?? false,
+        };
+    }
+    /**
+     * Default no-op executor
+     */
+    noopExecutor = async () => {
+        return { executed: true };
+    };
+    /**
+     * Register an executor for a specific action type
+     */
+    registerExecutor(actionType, executor) {
+        this.executors.set(actionType, executor);
+    }
+    /**
+     * Unregister an executor
+     */
+    unregisterExecutor(actionType) {
+        return this.executors.delete(actionType);
+    }
+    /**
+     * Execute an authorized intent
+     */
+    async execute(request) {
+        const executionId = uuidv4();
+        const startTime = Date.now();
+        const { decision, intent, profile, params } = request;
+        // Check if decision permits the action
+        if (!decision.permitted) {
+            return {
+                success: false,
+                error: new Error('Decision does not permit execution'),
+                durationMs: Date.now() - startTime,
+                aborted: false,
+                executionId,
+                retryable: false,
+            };
+        }
+        // Check if decision has expired
+        if (!this.config.allowExpiredDecisions && decision.expiresAt < new Date()) {
+            return {
+                success: false,
+                error: new Error('Decision has expired'),
+                durationMs: Date.now() - startTime,
+                aborted: false,
+                executionId,
+                retryable: false,
+            };
+        }
+        // Execute pre-execute hooks
+        if (this.config.enableHooks && this.hookManager) {
+            const preExecuteResult = await this.executePreHooks(executionId, decision, intent, profile, params);
+            if (preExecuteResult.aborted) {
+                return {
+                    success: false,
+                    durationMs: Date.now() - startTime,
+                    aborted: true,
+                    abortReason: preExecuteResult.abortReason,
+                    executionId,
+                    retryable: false,
+                };
+            }
+        }
+        // Get the executor
+        const executor = request.executor ??
+            this.executors.get(intent.actionType) ??
+            this.config.defaultExecutor;
+        // Execute the action
+        try {
+            const result = await this.executeWithTimeout(executor, intent, decision, params);
+            const durationMs = Date.now() - startTime;
+            // Execute post-execute hooks
+            if (this.config.enableHooks && this.hookManager) {
+                await this.executePostHooks(executionId, decision, intent, result, durationMs);
+            }
+            return {
+                success: true,
+                result: result,
+                durationMs,
+                aborted: false,
+                executionId,
+            };
+        }
+        catch (error) {
+            const durationMs = Date.now() - startTime;
+            const err = error instanceof Error ? error : new Error(String(error));
+            const retryable = isRetryableError(err);
+            // Execute execution-failed hooks
+            if (this.config.enableHooks && this.hookManager) {
+                await this.executeFailedHooks(executionId, decision, intent, err, durationMs, retryable);
+            }
+            return {
+                success: false,
+                error: err,
+                durationMs,
+                aborted: false,
+                executionId,
+                retryable,
+            };
+        }
+    }
+    /**
+     * Execute action with timeout
+     */
+    async executeWithTimeout(executor, intent, decision, params) {
+        const timeoutMs = decision.constraints?.maxExecutionTimeMs ?? this.config.defaultTimeoutMs;
+        return new Promise((resolve, reject) => {
+            const timeoutId = setTimeout(() => {
+                reject(new Error(`Execution timeout after ${timeoutMs}ms`));
+            }, timeoutMs);
+            executor(intent, decision, params)
+                .then((result) => {
+                clearTimeout(timeoutId);
+                resolve(result);
+            })
+                .catch((error) => {
+                clearTimeout(timeoutId);
+                reject(error);
+            });
+        });
+    }
+    /**
+     * Execute pre-execute hooks
+     */
+    async executePreHooks(_executionId, decision, intent, profile, params) {
+        return this.hookManager.executePreExecute({
+            correlationId: intent.correlationId,
+            decision,
+            intent,
+            profile,
+            params: params,
+        });
+    }
+    /**
+     * Execute post-execute hooks
+     */
+    async executePostHooks(_executionId, decision, intent, result, durationMs) {
+        return this.hookManager.executePostExecute({
+            correlationId: intent.correlationId,
+            decision,
+            intent,
+            result,
+            durationMs,
+        });
+    }
+    /**
+     * Execute execution-failed hooks
+     */
+    async executeFailedHooks(_executionId, decision, intent, error, durationMs, retryable) {
+        return this.hookManager.executeExecutionFailed({
+            correlationId: intent.correlationId,
+            decision,
+            intent,
+            error,
+            durationMs,
+            retryable,
+        });
+    }
+    /**
+     * Get the hook manager
+     */
+    getHookManager() {
+        return this.hookManager;
+    }
+}
+/**
+ * Create an execution engine
+ */
+export function createExecutionEngine(config) {
+    return new ExecutionEngine(config);
+}
+//# sourceMappingURL=engine.js.map

package/dist/execution/engine.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"engine.js","sourceRoot":"","sources":["../../src/execution/engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,EAAE,IAAI,MAAM,EAAE,MAAM,MAAM,CAAC;AAsEpC;;GAEG;AACH,SAAS,gBAAgB,CAAC,KAAY;IACpC,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;IAC5C,MAAM,iBAAiB,GAAG;QACxB,SAAS;QACT,SAAS;QACT,YAAY;QACZ,yBAAyB;QACzB,YAAY;QACZ,mBAAmB;QACnB,qBAAqB;QACrB,SAAS;QACT,YAAY;QACZ,cAAc;QACd,WAAW;KACZ,CAAC;IACF,OAAO,iBAAiB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;AACxE,CAAC;AAED;;GAEG;AACH,MAAM,OAAO,eAAe;IACT,WAAW,CAAe;IAC1B,MAAM,CAAuD;IAC7D,SAAS,GAAgC,IAAI,GAAG,EAAE,CAAC;IAEpE,YAAY,SAAgC,EAAE;QAC5C,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC;QACtC,IAAI,CAAC,MAAM,GAAG;YACZ,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,SAAS,CAAC;YACrE,eAAe,EAAE,MAAM,CAAC,eAAe,IAAI,IAAI,CAAC,YAAY;YAC5D,gBAAgB,EAAE,MAAM,CAAC,gBAAgB,IAAI,KAAK;YAClD,qBAAqB,EAAE,MAAM,CAAC,qBAAqB,IAAI,KAAK;SAC7D,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,YAAY,GAAmB,KAAK,IAAI,EAAE;QAChD,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAC5B,CAAC,CAAC;IAEF;;OAEG;IACH,gBAAgB,CAAC,UAAkB,EAAE,QAAwB;QAC3D,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;IAC3C,CAAC;IAED;;OAEG;IACH,kBAAkB,CAAC,UAAkB;QACnC,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAC3C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO,CACX,OAAgC;QAEhC,MAAM,WAAW,GAAG,MAAM,EAAE,CAAC;QAC7B,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC7B,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;QAEtD,uCAAuC;QACvC,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC;YACxB,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,IAAI,KAAK,CAAC,oCAAoC,CAAC;gBACtD,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;gBAClC,OAAO,EAAE,KAAK;gBACd,WAAW;gBACX,SAAS,EAAE,KAAK;aACjB,CAAC;QACJ,CAAC;QAED,gCAAgC;QAChC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,qBAAqB,IAAI,QAAQ,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;YAC1E,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,IAAI,KAAK,CAAC,sBAAsB,CAAC;gBACxC,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;gBAClC,OAAO,EAAE,KAAK;gBACd,WAAW;gBACX,SAAS,EAAE,KAAK;aACjB,CAAC;QACJ,CAAC;QAED,4BAA4B;QAC5B,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YAChD,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,eAAe,CACjD,WAAW,EACX,QAAQ,EACR,MAAM,EACN,OAAO,EACP,MAAM,CACP,CAAC;YAEF,IAAI,gBAAgB,CAAC,OAAO,EAAE,CAAC;gBAC7B,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;oBAClC,OAAO,EAAE,IAAI;oBACb,WAAW,EAAE,gBAAgB,CAAC,WAAW;oBACzC,WAAW;oBACX,SAAS,EAAE,KAAK;iBACjB,CAAC;YACJ,CAAC;QACH,CAAC;QAED,mBAAmB;QACnB,MAAM,QAAQ,GACZ,OAAO,CAAC,QAAQ;YAChB,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC;YACrC,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC;QAE9B,qBAAqB;QACrB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAC1C,QAAQ,EACR,MAAM,EACN,QAAQ,EACR,MAAiB,CAClB,CAAC;YAEF,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;YAE1C,6BAA6B;YAC7B,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;gBAChD,MAAM,IAAI,CAAC,gBAAgB,CACzB,WAAW,EACX,QAAQ,EACR,MAAM,EACN,MAAM,EACN,UAAU,CACX,CAAC;YACJ,CAAC;YAED,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,MAAM,EAAE,MAAiB;gBACzB,UAAU;gBACV,OAAO,EAAE,KAAK;gBACd,WAAW;aACZ,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;YAC1C,MAAM,GAAG,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;YACtE,MAAM,SAAS,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;YAExC,iCAAiC;YACjC,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;gBAChD,MAAM,IAAI,CAAC,kBAAkB,CAC3B,WAAW,EACX,QAAQ,EACR,MAAM,EACN,GAAG,EACH,UAAU,EACV,SAAS,CACV,CAAC;YACJ,CAAC;YAED,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,GAAG;gBACV,UAAU;gBACV,OAAO,EAAE,KAAK;gBACd,WAAW;gBACX,SAAS;aACV,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,kBAAkB,CAC9B,QAA0C,EAC1C,MAAc,EACd,QAAkB,EAClB,MAAgB;QAEhB,MAAM,SAAS,GACb,QAAQ,CAAC,WAAW,EAAE,kBAAkB,IAAI,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC;QAE3E,OAAO,IAAI,OAAO,CAAU,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAC9C,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE;gBAChC,MAAM,CAAC,IAAI,KAAK,CAAC,2BAA2B,SAAS,IAAI,CAAC,CAAC,CAAC;YAC9D,CAAC,EAAE,SAAS,CAAC,CAAC;YAEd,QAAQ,CAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC;iBAC/B,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;gBACf,YAAY,CAAC,SAAS,CAAC,CAAC;gBACxB,OAAO,CAAC,MAAM,CAAC,CAAC;YAClB,CAAC,CAAC;iBACD,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;gBACf,YAAY,CAAC,SAAS,CAAC,CAAC;gBACxB,MAAM,CAAC,KAAK,CAAC,CAAC;YAChB,CAAC,CAAC,CAAC;QACP,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,eAAe,CAC3B,YAAoB,EACpB,QAAkB,EAClB,MAAc,EACd,OAAqB,EACrB,MAAgB;QAEhB,OAAO,IAAI,CAAC,WAAY,CAAC,iBAAiB,CAAC;YACzC,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,QAAQ;YACR,MAAM;YACN,OAAO;YACP,MAAM,EAAE,MAAiC;SAC1C,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,gBAAgB,CAC5B,YAAoB,EACpB,QAAkB,EAClB,MAAc,EACd,MAAe,EACf,UAAkB;QAElB,OAAO,IAAI,CAAC,WAAY,CAAC,kBAAkB,CAAC;YAC1C,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,QAAQ;YACR,MAAM;YACN,MAAM;YACN,UAAU;SACX,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,kBAAkB,CAC9B,YAAoB,EACpB,QAAkB,EAClB,MAAc,EACd,KAAY,EACZ,UAAkB,EAClB,SAAkB;QAElB,OAAO,IAAI,CAAC,WAAY,CAAC,sBAAsB,CAAC;YAC9C,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,QAAQ;YACR,MAAM;YACN,KAAK;YACL,UAAU;YACV,SAAS;SACV,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,cAAc;QACZ,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CACnC,MAA8B;IAE9B,OAAO,IAAI,eAAe,CAAC,MAAM,CAAC,CAAC;AACrC,CAAC"}

package/dist/execution/index.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+/**
+ * Execution Module - Action execution with hook integration
+ *
+ * @packageDocumentation
+ */
+export { ExecutionEngine, createExecutionEngine, type ActionExecutor, type ExecutionResult, type ExecuteRequest, type ExecutionEngineConfig, } from './engine.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/execution/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/execution/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACL,eAAe,EACf,qBAAqB,EACrB,KAAK,cAAc,EACnB,KAAK,eAAe,EACpB,KAAK,cAAc,EACnB,KAAK,qBAAqB,GAC3B,MAAM,aAAa,CAAC"}

package/dist/execution/index.js ADDED Viewed

@@ -0,0 +1,7 @@
+/**
+ * Execution Module - Action execution with hook integration
+ *
+ * @packageDocumentation
+ */
+export { ExecutionEngine, createExecutionEngine, } from './engine.js';
+//# sourceMappingURL=index.js.map

package/dist/execution/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/execution/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACL,eAAe,EACf,qBAAqB,GAKtB,MAAM,aAAa,CAAC"}

package/dist/gate/index.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+/**
+ * Pre-Action Gate Module - ATSF v2.0 Capability Gating
+ *
+ * Implements pre-action verification to prevent "Treacherous Turn" attacks.
+ * Low-trust agents cannot request high-risk actions.
+ *
+ * Key principle: Trust must be earned through demonstrated success
+ * on low-risk actions first.
+ */
+export { classifyRisk, getRiskLevel, isReadOnly, involvesTransfer, isDestructive, explainRiskFactors, requiresVerification, requiresHumanApproval, } from './risk-classifier.js';
+export { PreActionGate, createPreActionGate, createMapTrustProvider, type TrustProvider, type GateEventListener, } from './pre-action-gate.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/gate/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/gate/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,UAAU,EACV,gBAAgB,EAChB,aAAa,EACb,kBAAkB,EAClB,oBAAoB,EACpB,qBAAqB,GACtB,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EACL,aAAa,EACb,mBAAmB,EACnB,sBAAsB,EACtB,KAAK,aAAa,EAClB,KAAK,iBAAiB,GACvB,MAAM,sBAAsB,CAAC"}

package/dist/gate/index.js ADDED Viewed

@@ -0,0 +1,14 @@
+/**
+ * Pre-Action Gate Module - ATSF v2.0 Capability Gating
+ *
+ * Implements pre-action verification to prevent "Treacherous Turn" attacks.
+ * Low-trust agents cannot request high-risk actions.
+ *
+ * Key principle: Trust must be earned through demonstrated success
+ * on low-risk actions first.
+ */
+// Risk Classifier
+export { classifyRisk, getRiskLevel, isReadOnly, involvesTransfer, isDestructive, explainRiskFactors, requiresVerification, requiresHumanApproval, } from './risk-classifier.js';
+// Pre-Action Gate
+export { PreActionGate, createPreActionGate, createMapTrustProvider, } from './pre-action-gate.js';
+//# sourceMappingURL=index.js.map

package/dist/gate/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/gate/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,kBAAkB;AAClB,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,UAAU,EACV,gBAAgB,EAChB,aAAa,EACb,kBAAkB,EAClB,oBAAoB,EACpB,qBAAqB,GACtB,MAAM,sBAAsB,CAAC;AAE9B,kBAAkB;AAClB,OAAO,EACL,aAAa,EACb,mBAAmB,EACnB,sBAAsB,GAGvB,MAAM,sBAAsB,CAAC"}

package/dist/gate/pre-action-gate.d.ts ADDED Viewed

@@ -0,0 +1,87 @@
+/**
+ * Pre-Action Verification Gate - ATSF v2.0 Section 4.4
+ *
+ * Key principle: Trust score gates CAPABILITY, not just post-hoc scoring.
+ *
+ * Problem solved: At the moment of a "Treacherous Turn," an agent's trust
+ * is maximal because ATSF v1.x updates trust AFTER action execution.
+ *
+ * Solution: Pre-action gating checks trust BEFORE execution.
+ * Low-trust agents cannot REQUEST high-risk actions.
+ * Trust must be earned through demonstrated success on low-risk actions first.
+ */
+import { type GateVerificationRequest, type GateVerificationResult, type PreActionGateConfig, type GateEvent, RiskLevel } from '@vorionsys/contracts';
+/**
+ * Trust provider interface - abstracts trust score retrieval
+ */
+export interface TrustProvider {
+    getTrustScore(agentId: string): number | Promise<number>;
+}
+/**
+ * Gate event listener
+ */
+export type GateEventListener = (event: GateEvent) => void;
+/**
+ * PreActionGate - Verifies agent trust before allowing action execution
+ */
+export declare class PreActionGate {
+    private readonly config;
+    private readonly trustProvider?;
+    private readonly trustThresholds;
+    private readonly eventListeners;
+    constructor(config?: Partial<PreActionGateConfig>, trustProvider?: TrustProvider);
+    /**
+     * Verify an action before execution
+     *
+     * This is the main entry point. Call this BEFORE allowing an agent
+     * to execute any action.
+     */
+    verify(request: GateVerificationRequest, trustScore?: number): Promise<GateVerificationResult>;
+    /**
+     * Quick check without full verification
+     * Returns true if action would be immediately approved
+     */
+    canProceed(request: GateVerificationRequest, trustScore?: number): Promise<boolean>;
+    /**
+     * Get the trust threshold for a risk level
+     */
+    getThreshold(riskLevel: RiskLevel): number;
+    /**
+     * Get all trust thresholds
+     */
+    getThresholds(): Readonly<Record<RiskLevel, number>>;
+    /**
+     * Check what risk level an agent can handle with their current trust
+     */
+    getMaxRiskLevel(trustScore: number): RiskLevel;
+    /**
+     * Get trust deficit for a specific risk level
+     */
+    getTrustDeficit(currentTrust: number, riskLevel: RiskLevel): number;
+    /**
+     * Add event listener
+     */
+    addEventListener(listener: GateEventListener): void;
+    /**
+     * Remove event listener
+     */
+    removeEventListener(listener: GateEventListener): void;
+    /**
+     * Get current configuration
+     */
+    getConfig(): Readonly<PreActionGateConfig>;
+    private resolveTrustScore;
+    private determineStatus;
+    private getRiskLevelValue;
+    private getEventType;
+    private emitEvent;
+}
+/**
+ * Create a pre-action gate
+ */
+export declare function createPreActionGate(config?: Partial<PreActionGateConfig>, trustProvider?: TrustProvider): PreActionGate;
+/**
+ * Create a simple trust provider from a map
+ */
+export declare function createMapTrustProvider(trustScores: Map<string, number> | Record<string, number>): TrustProvider;
+//# sourceMappingURL=pre-action-gate.d.ts.map

package/dist/gate/pre-action-gate.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"pre-action-gate.d.ts","sourceRoot":"","sources":["../../src/gate/pre-action-gate.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAGH,OAAO,EACL,KAAK,uBAAuB,EAC5B,KAAK,sBAAsB,EAE3B,KAAK,mBAAmB,EACxB,KAAK,SAAS,EACd,SAAS,EAIV,MAAM,sBAAsB,CAAC;AAI9B;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CAC1D;AAED;;GAEG;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,KAAK,EAAE,SAAS,KAAK,IAAI,CAAC;AAE3D;;GAEG;AACH,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAsB;IAC7C,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAgB;IAC/C,OAAO,CAAC,QAAQ,CAAC,eAAe,CAA4B;IAC5D,OAAO,CAAC,QAAQ,CAAC,cAAc,CAA2B;gBAGxD,MAAM,GAAE,OAAO,CAAC,mBAAmB,CAAM,EACzC,aAAa,CAAC,EAAE,aAAa;IAU/B;;;;;OAKG;IACG,MAAM,CACV,OAAO,EAAE,uBAAuB,EAChC,UAAU,CAAC,EAAE,MAAM,GAClB,OAAO,CAAC,sBAAsB,CAAC;IAuDlC;;;OAGG;IACG,UAAU,CACd,OAAO,EAAE,uBAAuB,EAChC,UAAU,CAAC,EAAE,MAAM,GAClB,OAAO,CAAC,OAAO,CAAC;IAQnB;;OAEG;IACH,YAAY,CAAC,SAAS,EAAE,SAAS,GAAG,MAAM;IAI1C;;OAEG;IACH,aAAa,IAAI,QAAQ,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IAIpD;;OAEG;IACH,eAAe,CAAC,UAAU,EAAE,MAAM,GAAG,SAAS;IAgB9C;;OAEG;IACH,eAAe,CAAC,YAAY,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,GAAG,MAAM;IAKnE;;OAEG;IACH,gBAAgB,CAAC,QAAQ,EAAE,iBAAiB,GAAG,IAAI;IAInD;;OAEG;IACH,mBAAmB,CAAC,QAAQ,EAAE,iBAAiB,GAAG,IAAI;IAOtD;;OAEG;IACH,SAAS,IAAI,QAAQ,CAAC,mBAAmB,CAAC;YAM5B,iBAAiB;IAQ/B,OAAO,CAAC,eAAe;IAoGvB,OAAO,CAAC,iBAAiB;IAWzB,OAAO,CAAC,YAAY;IAcpB,OAAO,CAAC,SAAS;CASlB;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,MAAM,CAAC,EAAE,OAAO,CAAC,mBAAmB,CAAC,EACrC,aAAa,CAAC,EAAE,aAAa,GAC5B,aAAa,CAEf;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,WAAW,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GACxD,aAAa,CAUf"}