@vorionsys/a3i 0.1.0

package/dist/observation/ceilings.js

@@ -0,0 +1,110 @@
+/**
+ * Trust Ceilings - Score limits based on observation tier
+ *
+ * Key insight: Cannot fully trust what you cannot inspect.
+ * API-accessed proprietary models are capped at 60% max trust.
+ */
+import { ObservationTier, OBSERVATION_CEILINGS } from '@vorionsys/contracts';
+export { OBSERVATION_CEILINGS };
+/**
+ * Apply trust ceiling based on observation tier
+ *
+ * @param score - The raw trust score (0-100)
+ * @param tier - The observation tier
+ * @returns The adjusted score after applying ceiling
+ */
+export function applyCeiling(score, tier) {
+    const ceiling = OBSERVATION_CEILINGS[tier];
+    return Math.min(score, ceiling);
+}
+/**
+ * Calculate how much trust is being lost to the ceiling
+ */
+export function getCeilingLoss(score, tier) {
+    const ceiling = OBSERVATION_CEILINGS[tier];
+    return Math.max(0, score - ceiling);
+}
+/**
+ * Check if a score is at the ceiling
+ */
+export function isAtCeiling(score, tier) {
+    const ceiling = OBSERVATION_CEILINGS[tier];
+    return score >= ceiling;
+}
+/**
+ * Get the room for improvement (how much higher can trust go)
+ */
+export function getRoomForImprovement(currentScore, tier) {
+    const ceiling = OBSERVATION_CEILINGS[tier];
+    return Math.max(0, ceiling - currentScore);
+}
+/**
+ * Calculate what tier would be needed to achieve a target score
+ */
+export function requiredTierForScore(targetScore) {
+    if (targetScore <= OBSERVATION_CEILINGS[ObservationTier.BLACK_BOX]) {
+        return ObservationTier.BLACK_BOX;
+    }
+    if (targetScore <= OBSERVATION_CEILINGS[ObservationTier.GRAY_BOX]) {
+        return ObservationTier.GRAY_BOX;
+    }
+    if (targetScore <= OBSERVATION_CEILINGS[ObservationTier.WHITE_BOX]) {
+        return ObservationTier.WHITE_BOX;
+    }
+    if (targetScore <= OBSERVATION_CEILINGS[ObservationTier.ATTESTED_BOX]) {
+        return ObservationTier.ATTESTED_BOX;
+    }
+    if (targetScore <= OBSERVATION_CEILINGS[ObservationTier.VERIFIED_BOX]) {
+        return ObservationTier.VERIFIED_BOX;
+    }
+    return null; // Score is impossible to achieve
+}
+/**
+ * Analyze the impact of trust ceiling on a score
+ */
+export function analyzeCeilingImpact(score, tier) {
+    const ceiling = OBSERVATION_CEILINGS[tier];
+    const adjustedScore = Math.min(score, ceiling);
+    const ceilingLoss = Math.max(0, score - ceiling);
+    const atCeiling = score >= ceiling;
+    const improvementRoom = Math.max(0, ceiling - score);
+    // Check if upgrading tier would help
+    let tierUpgradeWouldHelp = false;
+    let nextUnlockingTier = null;
+    if (atCeiling && tier !== ObservationTier.VERIFIED_BOX) {
+        tierUpgradeWouldHelp = true;
+        // Find the next tier that would increase the ceiling
+        const tiers = [
+            ObservationTier.BLACK_BOX,
+            ObservationTier.GRAY_BOX,
+            ObservationTier.WHITE_BOX,
+            ObservationTier.ATTESTED_BOX,
+            ObservationTier.VERIFIED_BOX,
+        ];
+        const currentIndex = tiers.indexOf(tier);
+        for (let i = currentIndex + 1; i < tiers.length; i++) {
+            const nextTier = tiers[i];
+            if (OBSERVATION_CEILINGS[nextTier] > ceiling) {
+                nextUnlockingTier = nextTier;
+                break;
+            }
+        }
+    }
+    return {
+        originalScore: score,
+        adjustedScore,
+        ceilingLoss,
+        atCeiling,
+        improvementRoom,
+        tierUpgradeWouldHelp,
+        nextUnlockingTier,
+    };
+}
+/**
+ * Format ceiling information for display
+ */
+export function formatCeilingInfo(tier) {
+    const ceiling = OBSERVATION_CEILINGS[tier];
+    return `${tier} (max ${ceiling}%)`;
+}
+//# sourceMappingURL=ceilings.js.map

package/dist/observation/ceilings.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ceilings.js","sourceRoot":"","sources":["../../src/observation/ceilings.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,eAAe,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAE7E,OAAO,EAAE,oBAAoB,EAAE,CAAC;AAEhC;;;;;;GAMG;AACH,MAAM,UAAU,YAAY,CAAC,KAAa,EAAE,IAAqB;IAC/D,MAAM,OAAO,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC;IAC3C,OAAO,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;AAClC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,KAAa,EAAE,IAAqB;IACjE,MAAM,OAAO,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC;IAC3C,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,GAAG,OAAO,CAAC,CAAC;AACtC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,KAAa,EAAE,IAAqB;IAC9D,MAAM,OAAO,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC;IAC3C,OAAO,KAAK,IAAI,OAAO,CAAC;AAC1B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CACnC,YAAoB,EACpB,IAAqB;IAErB,MAAM,OAAO,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC;IAC3C,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,GAAG,YAAY,CAAC,CAAC;AAC7C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAClC,WAAmB;IAEnB,IAAI,WAAW,IAAI,oBAAoB,CAAC,eAAe,CAAC,SAAS,CAAC,EAAE,CAAC;QACnE,OAAO,eAAe,CAAC,SAAS,CAAC;IACnC,CAAC;IACD,IAAI,WAAW,IAAI,oBAAoB,CAAC,eAAe,CAAC,QAAQ,CAAC,EAAE,CAAC;QAClE,OAAO,eAAe,CAAC,QAAQ,CAAC;IAClC,CAAC;IACD,IAAI,WAAW,IAAI,oBAAoB,CAAC,eAAe,CAAC,SAAS,CAAC,EAAE,CAAC;QACnE,OAAO,eAAe,CAAC,SAAS,CAAC;IACnC,CAAC;IACD,IAAI,WAAW,IAAI,oBAAoB,CAAC,eAAe,CAAC,YAAY,CAAC,EAAE,CAAC;QACtE,OAAO,eAAe,CAAC,YAAY,CAAC;IACtC,CAAC;IACD,IAAI,WAAW,IAAI,oBAAoB,CAAC,eAAe,CAAC,YAAY,CAAC,EAAE,CAAC;QACtE,OAAO,eAAe,CAAC,YAAY,CAAC;IACtC,CAAC;IACD,OAAO,IAAI,CAAC,CAAC,iCAAiC;AAChD,CAAC;AAsBD;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAClC,KAAa,EACb,IAAqB;IAErB,MAAM,OAAO,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC;IAC3C,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAC/C,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,GAAG,OAAO,CAAC,CAAC;IACjD,MAAM,SAAS,GAAG,KAAK,IAAI,OAAO,CAAC;IACnC,MAAM,eAAe,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,GAAG,KAAK,CAAC,CAAC;IAErD,qCAAqC;IACrC,IAAI,oBAAoB,GAAG,KAAK,CAAC;IACjC,IAAI,iBAAiB,GAA2B,IAAI,CAAC;IAErD,IAAI,SAAS,IAAI,IAAI,KAAK,eAAe,CAAC,YAAY,EAAE,CAAC;QACvD,oBAAoB,GAAG,IAAI,CAAC;QAE5B,qDAAqD;QACrD,MAAM,KAAK,GAAG;YACZ,eAAe,CAAC,SAAS;YACzB,eAAe,CAAC,QAAQ;YACxB,eAAe,CAAC,SAAS;YACzB,eAAe,CAAC,YAAY;YAC5B,eAAe,CAAC,YAAY;SAC7B,CAAC;QACF,MAAM,YAAY,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAEzC,KAAK,IAAI,CAAC,GAAG,YAAY,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACrD,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;YAC3B,IAAI,oBAAoB,CAAC,QAAQ,CAAC,GAAG,OAAO,EAAE,CAAC;gBAC7C,iBAAiB,GAAG,QAAQ,CAAC;gBAC7B,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,aAAa,EAAE,KAAK;QACpB,aAAa;QACb,WAAW;QACX,SAAS;QACT,eAAe;QACf,oBAAoB;QACpB,iBAAiB;KAClB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,IAAqB;IACrD,MAAM,OAAO,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC;IAC3C,OAAO,GAAG,IAAI,SAAS,OAAO,IAAI,CAAC;AACrC,CAAC"}

package/dist/observation/index.d.ts

@@ -0,0 +1,11 @@
+/**
+ * A3I Observation Module
+ *
+ * Observation tiers, trust ceilings, and attestation
+ * for determining maximum trustworthiness based on
+ * what can actually be inspected.
+ */
+export { ObservationTier, OBSERVATION_CEILINGS, ModelAccessType, ComponentType, MODEL_ACCESS_TIERS, getObservationTierForAccess, getTrustCeiling, allowsFullTrust, isHardwareAttested, canInspectSource, getTierDescription, compareTiers, getLowestTier, TIER_DESCRIPTIONS, } from './tiers.js';
+export { applyCeiling, getCeilingLoss, isAtCeiling, getRoomForImprovement, requiredTierForScore, analyzeCeilingImpact, formatCeilingInfo, type CeilingAnalysis, } from './ceilings.js';
+export { AttestationType, HARDWARE_ATTESTATION_TYPES, getObservationTierForAttestation, createAttestationEvidence, isHardwareBacked, verifyAttestation, computeHash, type AttestationEvidence, type AttestationVerificationResult, } from './attestation.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/observation/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/observation/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,EACL,eAAe,EACf,oBAAoB,EACpB,eAAe,EACf,aAAa,EACb,kBAAkB,EAClB,2BAA2B,EAC3B,eAAe,EACf,eAAe,EACf,kBAAkB,EAClB,gBAAgB,EAChB,kBAAkB,EAClB,YAAY,EACZ,aAAa,EACb,iBAAiB,GAClB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,YAAY,EACZ,cAAc,EACd,WAAW,EACX,qBAAqB,EACrB,oBAAoB,EACpB,oBAAoB,EACpB,iBAAiB,EACjB,KAAK,eAAe,GACrB,MAAM,eAAe,CAAC;AAGvB,OAAO,EACL,eAAe,EACf,0BAA0B,EAC1B,gCAAgC,EAChC,yBAAyB,EACzB,gBAAgB,EAChB,iBAAiB,EACjB,WAAW,EACX,KAAK,mBAAmB,EACxB,KAAK,6BAA6B,GACnC,MAAM,kBAAkB,CAAC"}

package/dist/observation/index.js

@@ -0,0 +1,14 @@
+/**
+ * A3I Observation Module
+ *
+ * Observation tiers, trust ceilings, and attestation
+ * for determining maximum trustworthiness based on
+ * what can actually be inspected.
+ */
+// Tiers
+export { ObservationTier, OBSERVATION_CEILINGS, ModelAccessType, ComponentType, MODEL_ACCESS_TIERS, getObservationTierForAccess, getTrustCeiling, allowsFullTrust, isHardwareAttested, canInspectSource, getTierDescription, compareTiers, getLowestTier, TIER_DESCRIPTIONS, } from './tiers.js';
+// Ceilings
+export { applyCeiling, getCeilingLoss, isAtCeiling, getRoomForImprovement, requiredTierForScore, analyzeCeilingImpact, formatCeilingInfo, } from './ceilings.js';
+// Attestation
+export { AttestationType, HARDWARE_ATTESTATION_TYPES, getObservationTierForAttestation, createAttestationEvidence, isHardwareBacked, verifyAttestation, computeHash, } from './attestation.js';
+//# sourceMappingURL=index.js.map

package/dist/observation/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/observation/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,QAAQ;AACR,OAAO,EACL,eAAe,EACf,oBAAoB,EACpB,eAAe,EACf,aAAa,EACb,kBAAkB,EAClB,2BAA2B,EAC3B,eAAe,EACf,eAAe,EACf,kBAAkB,EAClB,gBAAgB,EAChB,kBAAkB,EAClB,YAAY,EACZ,aAAa,EACb,iBAAiB,GAClB,MAAM,YAAY,CAAC;AAEpB,WAAW;AACX,OAAO,EACL,YAAY,EACZ,cAAc,EACd,WAAW,EACX,qBAAqB,EACrB,oBAAoB,EACpB,oBAAoB,EACpB,iBAAiB,GAElB,MAAM,eAAe,CAAC;AAEvB,cAAc;AACd,OAAO,EACL,eAAe,EACf,0BAA0B,EAC1B,gCAAgC,EAChC,yBAAyB,EACzB,gBAAgB,EAChB,iBAAiB,EACjB,WAAW,GAGZ,MAAM,kBAAkB,CAAC"}

package/dist/observation/tiers.d.ts

@@ -0,0 +1,96 @@
+/**
+ * Observation Tiers - Classification of agent observability
+ *
+ * Based on ATSF v2.0: Addresses the "Transparency Paradox"
+ * - Cannot inspect proprietary model internals (GPT-4, Claude)
+ * - Must distinguish scaffolding trust from model trust
+ * - Hardware root of trust via TEE attestation
+ */
+import { ObservationTier, OBSERVATION_CEILINGS } from '@vorionsys/contracts';
+export { ObservationTier, OBSERVATION_CEILINGS };
+/**
+ * Model access types - how the foundation model is accessed
+ */
+export declare enum ModelAccessType {
+    /** OpenAI, Anthropic APIs - complete black box */
+    API_PROPRIETARY = "api_proprietary",
+    /** Hosted open-weight models (still can't see runtime state) */
+    API_OPEN_WEIGHTS = "api_open_weights",
+    /** Self-hosted open source models */
+    SELF_HOSTED_OPEN = "self_hosted_open",
+    /** Running in Trusted Execution Environment */
+    SELF_HOSTED_TEE = "self_hosted_tee",
+    /** Fine-tuned on proprietary platform */
+    FINE_TUNED_PROPRIETARY = "fine_tuned_proprietary"
+}
+/**
+ * Component types in an AI agent system
+ */
+export declare enum ComponentType {
+    /** Foundation model (GPT-4, Claude, Llama) */
+    FOUNDATION_MODEL = "foundation_model",
+    /** Orchestration code (LangChain, custom) */
+    ORCHESTRATION_CODE = "orchestration",
+    /** Tool integrations (APIs, databases) */
+    TOOL_INTEGRATION = "tools",
+    /** Safety/guardrail systems */
+    GUARDRAIL_SYSTEM = "guardrails",
+    /** Memory systems (RAG, vector stores) */
+    MEMORY_SYSTEM = "memory",
+    /** Multi-agent routing logic */
+    ROUTING_LOGIC = "routing"
+}
+/**
+ * Map model access type to observation tier
+ */
+export declare const MODEL_ACCESS_TIERS: Record<ModelAccessType, ObservationTier>;
+/**
+ * Get the observation tier for a model access type
+ */
+export declare function getObservationTierForAccess(accessType: ModelAccessType): ObservationTier;
+/**
+ * Get the trust ceiling for an observation tier
+ */
+export declare function getTrustCeiling(tier: ObservationTier): number;
+/**
+ * Check if a tier allows full trust (100% ceiling)
+ * Per ATSF v2.0: Only VERIFIED_BOX allows full trust
+ */
+export declare function allowsFullTrust(tier: ObservationTier): boolean;
+/**
+ * Check if observation tier is hardware-attested
+ */
+export declare function isHardwareAttested(tier: ObservationTier): boolean;
+/**
+ * Check if we can inspect source code
+ */
+export declare function canInspectSource(tier: ObservationTier): boolean;
+/**
+ * Get tier description for display
+ */
+export declare function getTierDescription(tier: ObservationTier): {
+    name: string;
+    shortName: string;
+    description: string;
+    ceiling: number;
+    examples: string[];
+};
+/**
+ * Compare observation tiers
+ */
+export declare function compareTiers(a: ObservationTier, b: ObservationTier): number;
+/**
+ * Get the lowest (most restrictive) tier from an array
+ */
+export declare function getLowestTier(tiers: ObservationTier[]): ObservationTier;
+/**
+ * Tier descriptions for documentation
+ */
+export declare const TIER_DESCRIPTIONS: Record<ObservationTier, {
+    name: string;
+    description: string;
+    trustCeiling: number;
+    whatWeCanSee: string[];
+    whatWeCantSee: string[];
+}>;
+//# sourceMappingURL=tiers.d.ts.map

package/dist/observation/tiers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tiers.d.ts","sourceRoot":"","sources":["../../src/observation/tiers.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,eAAe,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAE7E,OAAO,EAAE,eAAe,EAAE,oBAAoB,EAAE,CAAC;AAEjD;;GAEG;AACH,oBAAY,eAAe;IACzB,kDAAkD;IAClD,eAAe,oBAAoB;IACnC,gEAAgE;IAChE,gBAAgB,qBAAqB;IACrC,qCAAqC;IACrC,gBAAgB,qBAAqB;IACrC,+CAA+C;IAC/C,eAAe,oBAAoB;IACnC,yCAAyC;IACzC,sBAAsB,2BAA2B;CAClD;AAED;;GAEG;AACH,oBAAY,aAAa;IACvB,8CAA8C;IAC9C,gBAAgB,qBAAqB;IACrC,6CAA6C;IAC7C,kBAAkB,kBAAkB;IACpC,0CAA0C;IAC1C,gBAAgB,UAAU;IAC1B,+BAA+B;IAC/B,gBAAgB,eAAe;IAC/B,0CAA0C;IAC1C,aAAa,WAAW;IACxB,gCAAgC;IAChC,aAAa,YAAY;CAC1B;AAED;;GAEG;AACH,eAAO,MAAM,kBAAkB,EAAE,MAAM,CAAC,eAAe,EAAE,eAAe,CAMvE,CAAC;AAEF;;GAEG;AACH,wBAAgB,2BAA2B,CACzC,UAAU,EAAE,eAAe,GAC1B,eAAe,CAEjB;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,eAAe,GAAG,MAAM,CAE7D;AAED;;;GAGG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,eAAe,GAAG,OAAO,CAE9D;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,eAAe,GAAG,OAAO,CAEjE;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,eAAe,GAAG,OAAO,CAM/D;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,eAAe,GAAG;IACzD,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB,CA2CA;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,CAAC,EAAE,eAAe,EAAE,CAAC,EAAE,eAAe,GAAG,MAAM,CAS3E;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,eAAe,EAAE,GAAG,eAAe,CAOvE;AAED;;GAEG;AACH,eAAO,MAAM,iBAAiB,EAAE,MAAM,CACpC,eAAe,EACf;IACE,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,aAAa,EAAE,MAAM,EAAE,CAAC;CACzB,CAiEF,CAAC"}

package/dist/observation/tiers.js

@@ -0,0 +1,225 @@
+/**
+ * Observation Tiers - Classification of agent observability
+ *
+ * Based on ATSF v2.0: Addresses the "Transparency Paradox"
+ * - Cannot inspect proprietary model internals (GPT-4, Claude)
+ * - Must distinguish scaffolding trust from model trust
+ * - Hardware root of trust via TEE attestation
+ */
+import { ObservationTier, OBSERVATION_CEILINGS } from '@vorionsys/contracts';
+export { ObservationTier, OBSERVATION_CEILINGS };
+/**
+ * Model access types - how the foundation model is accessed
+ */
+export var ModelAccessType;
+(function (ModelAccessType) {
+    /** OpenAI, Anthropic APIs - complete black box */
+    ModelAccessType["API_PROPRIETARY"] = "api_proprietary";
+    /** Hosted open-weight models (still can't see runtime state) */
+    ModelAccessType["API_OPEN_WEIGHTS"] = "api_open_weights";
+    /** Self-hosted open source models */
+    ModelAccessType["SELF_HOSTED_OPEN"] = "self_hosted_open";
+    /** Running in Trusted Execution Environment */
+    ModelAccessType["SELF_HOSTED_TEE"] = "self_hosted_tee";
+    /** Fine-tuned on proprietary platform */
+    ModelAccessType["FINE_TUNED_PROPRIETARY"] = "fine_tuned_proprietary";
+})(ModelAccessType || (ModelAccessType = {}));
+/**
+ * Component types in an AI agent system
+ */
+export var ComponentType;
+(function (ComponentType) {
+    /** Foundation model (GPT-4, Claude, Llama) */
+    ComponentType["FOUNDATION_MODEL"] = "foundation_model";
+    /** Orchestration code (LangChain, custom) */
+    ComponentType["ORCHESTRATION_CODE"] = "orchestration";
+    /** Tool integrations (APIs, databases) */
+    ComponentType["TOOL_INTEGRATION"] = "tools";
+    /** Safety/guardrail systems */
+    ComponentType["GUARDRAIL_SYSTEM"] = "guardrails";
+    /** Memory systems (RAG, vector stores) */
+    ComponentType["MEMORY_SYSTEM"] = "memory";
+    /** Multi-agent routing logic */
+    ComponentType["ROUTING_LOGIC"] = "routing";
+})(ComponentType || (ComponentType = {}));
+/**
+ * Map model access type to observation tier
+ */
+export const MODEL_ACCESS_TIERS = {
+    [ModelAccessType.API_PROPRIETARY]: ObservationTier.BLACK_BOX,
+    [ModelAccessType.API_OPEN_WEIGHTS]: ObservationTier.BLACK_BOX, // Can't see runtime state
+    [ModelAccessType.SELF_HOSTED_OPEN]: ObservationTier.WHITE_BOX,
+    [ModelAccessType.SELF_HOSTED_TEE]: ObservationTier.ATTESTED_BOX,
+    [ModelAccessType.FINE_TUNED_PROPRIETARY]: ObservationTier.BLACK_BOX,
+};
+/**
+ * Get the observation tier for a model access type
+ */
+export function getObservationTierForAccess(accessType) {
+    return MODEL_ACCESS_TIERS[accessType];
+}
+/**
+ * Get the trust ceiling for an observation tier
+ */
+export function getTrustCeiling(tier) {
+    return OBSERVATION_CEILINGS[tier];
+}
+/**
+ * Check if a tier allows full trust (100% ceiling)
+ * Per ATSF v2.0: Only VERIFIED_BOX allows full trust
+ */
+export function allowsFullTrust(tier) {
+    return tier === ObservationTier.VERIFIED_BOX;
+}
+/**
+ * Check if observation tier is hardware-attested
+ */
+export function isHardwareAttested(tier) {
+    return tier === ObservationTier.ATTESTED_BOX || tier === ObservationTier.VERIFIED_BOX;
+}
+/**
+ * Check if we can inspect source code
+ */
+export function canInspectSource(tier) {
+    return (tier === ObservationTier.WHITE_BOX ||
+        tier === ObservationTier.ATTESTED_BOX ||
+        tier === ObservationTier.VERIFIED_BOX);
+}
+/**
+ * Get tier description for display
+ */
+export function getTierDescription(tier) {
+    switch (tier) {
+        case ObservationTier.BLACK_BOX:
+            return {
+                name: 'Black Box',
+                shortName: 'BLACK',
+                description: 'I/O only - no internal visibility',
+                ceiling: OBSERVATION_CEILINGS[tier],
+                examples: ['GPT-4 via API', 'Claude via API', 'Hosted Gemini'],
+            };
+        case ObservationTier.GRAY_BOX:
+            return {
+                name: 'Gray Box',
+                shortName: 'GRAY',
+                description: 'I/O + platform logs and metrics',
+                ceiling: OBSERVATION_CEILINGS[tier],
+                examples: ['Platform-hosted models', 'Managed ML services'],
+            };
+        case ObservationTier.WHITE_BOX:
+            return {
+                name: 'White Box',
+                shortName: 'WHITE',
+                description: 'Full source code access',
+                ceiling: OBSERVATION_CEILINGS[tier],
+                examples: ['Self-hosted Llama', 'Open source models', 'Custom code'],
+            };
+        case ObservationTier.ATTESTED_BOX:
+            return {
+                name: 'Attested Box',
+                shortName: 'ATTESTED',
+                description: 'Cryptographically verified in TEE (95% ceiling due to side-channel risk)',
+                ceiling: OBSERVATION_CEILINGS[tier],
+                examples: ['SGX enclave', 'AMD SEV-SNP', 'NVIDIA CC on H100'],
+            };
+        case ObservationTier.VERIFIED_BOX:
+            return {
+                name: 'Verified Box',
+                shortName: 'VERIFIED',
+                description: 'Full verification: TEE + zkML + interpretability',
+                ceiling: OBSERVATION_CEILINGS[tier],
+                examples: ['TEE with zkML proofs', 'Interpretability-verified models'],
+            };
+    }
+}
+/**
+ * Compare observation tiers
+ */
+export function compareTiers(a, b) {
+    const order = {
+        [ObservationTier.BLACK_BOX]: 1,
+        [ObservationTier.GRAY_BOX]: 2,
+        [ObservationTier.WHITE_BOX]: 3,
+        [ObservationTier.ATTESTED_BOX]: 4,
+        [ObservationTier.VERIFIED_BOX]: 5,
+    };
+    return order[a] - order[b];
+}
+/**
+ * Get the lowest (most restrictive) tier from an array
+ */
+export function getLowestTier(tiers) {
+    if (tiers.length === 0) {
+        return ObservationTier.BLACK_BOX;
+    }
+    return tiers.reduce((lowest, current) => compareTiers(current, lowest) < 0 ? current : lowest);
+}
+/**
+ * Tier descriptions for documentation
+ */
+export const TIER_DESCRIPTIONS = {
+    [ObservationTier.BLACK_BOX]: {
+        name: 'Black Box',
+        description: 'Input/output only. No internal visibility.',
+        trustCeiling: 600,
+        whatWeCanSee: ['Inputs', 'Outputs', 'Response time', 'Error messages'],
+        whatWeCantSee: [
+            'Internal reasoning',
+            'Token probabilities',
+            'Attention patterns',
+            'Model weights',
+            'Training data',
+        ],
+    },
+    [ObservationTier.GRAY_BOX]: {
+        name: 'Gray Box',
+        description: 'I/O plus platform-level telemetry.',
+        trustCeiling: 750,
+        whatWeCanSee: [
+            'Inputs',
+            'Outputs',
+            'Platform logs',
+            'Resource usage',
+            'Request traces',
+        ],
+        whatWeCantSee: ['Model internals', 'Weights', 'Training process'],
+    },
+    [ObservationTier.WHITE_BOX]: {
+        name: 'White Box',
+        description: 'Full source code and architecture access. Reduced from 950 due to sleeper agent risk.',
+        trustCeiling: 900,
+        whatWeCanSee: [
+            'Source code',
+            'Model architecture',
+            'Weights (if open)',
+            'Configuration',
+            'All execution state',
+        ],
+        whatWeCantSee: ['Hardware state', 'Side channels', 'Hidden behaviors'],
+    },
+    [ObservationTier.ATTESTED_BOX]: {
+        name: 'Attested Box',
+        description: 'Hardware-verified integrity via TEE. Reduced from 1000 due to side-channel risk.',
+        trustCeiling: 950,
+        whatWeCanSee: [
+            'Everything in White Box',
+            'Hardware attestation',
+            'Integrity proofs',
+            'Sealed secrets',
+        ],
+        whatWeCantSee: ['Side-channel attacks', 'Physical attacks'],
+    },
+    [ObservationTier.VERIFIED_BOX]: {
+        name: 'Verified Box',
+        description: 'Full verification stack: TEE + zkML proofs + interpretability analysis.',
+        trustCeiling: 1000,
+        whatWeCanSee: [
+            'Everything in Attested Box',
+            'Zero-knowledge model proofs',
+            'Interpretability analysis',
+            'Behavior verification',
+        ],
+        whatWeCantSee: [],
+    },
+};
+//# sourceMappingURL=tiers.js.map

package/dist/observation/tiers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tiers.js","sourceRoot":"","sources":["../../src/observation/tiers.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,eAAe,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAE7E,OAAO,EAAE,eAAe,EAAE,oBAAoB,EAAE,CAAC;AAEjD;;GAEG;AACH,MAAM,CAAN,IAAY,eAWX;AAXD,WAAY,eAAe;IACzB,kDAAkD;IAClD,sDAAmC,CAAA;IACnC,gEAAgE;IAChE,wDAAqC,CAAA;IACrC,qCAAqC;IACrC,wDAAqC,CAAA;IACrC,+CAA+C;IAC/C,sDAAmC,CAAA;IACnC,yCAAyC;IACzC,oEAAiD,CAAA;AACnD,CAAC,EAXW,eAAe,KAAf,eAAe,QAW1B;AAED;;GAEG;AACH,MAAM,CAAN,IAAY,aAaX;AAbD,WAAY,aAAa;IACvB,8CAA8C;IAC9C,sDAAqC,CAAA;IACrC,6CAA6C;IAC7C,qDAAoC,CAAA;IACpC,0CAA0C;IAC1C,2CAA0B,CAAA;IAC1B,+BAA+B;IAC/B,gDAA+B,CAAA;IAC/B,0CAA0C;IAC1C,yCAAwB,CAAA;IACxB,gCAAgC;IAChC,0CAAyB,CAAA;AAC3B,CAAC,EAbW,aAAa,KAAb,aAAa,QAaxB;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAA6C;IAC1E,CAAC,eAAe,CAAC,eAAe,CAAC,EAAE,eAAe,CAAC,SAAS;IAC5D,CAAC,eAAe,CAAC,gBAAgB,CAAC,EAAE,eAAe,CAAC,SAAS,EAAE,0BAA0B;IACzF,CAAC,eAAe,CAAC,gBAAgB,CAAC,EAAE,eAAe,CAAC,SAAS;IAC7D,CAAC,eAAe,CAAC,eAAe,CAAC,EAAE,eAAe,CAAC,YAAY;IAC/D,CAAC,eAAe,CAAC,sBAAsB,CAAC,EAAE,eAAe,CAAC,SAAS;CACpE,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,2BAA2B,CACzC,UAA2B;IAE3B,OAAO,kBAAkB,CAAC,UAAU,CAAC,CAAC;AACxC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,IAAqB;IACnD,OAAO,oBAAoB,CAAC,IAAI,CAAC,CAAC;AACpC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,IAAqB;IACnD,OAAO,IAAI,KAAK,eAAe,CAAC,YAAY,CAAC;AAC/C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,IAAqB;IACtD,OAAO,IAAI,KAAK,eAAe,CAAC,YAAY,IAAI,IAAI,KAAK,eAAe,CAAC,YAAY,CAAC;AACxF,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,IAAqB;IACpD,OAAO,CACL,IAAI,KAAK,eAAe,CAAC,SAAS;QAClC,IAAI,KAAK,eAAe,CAAC,YAAY;QACrC,IAAI,KAAK,eAAe,CAAC,YAAY,CACtC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,IAAqB;IAOtD,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,eAAe,CAAC,SAAS;YAC5B,OAAO;gBACL,IAAI,EAAE,WAAW;gBACjB,SAAS,EAAE,OAAO;gBAClB,WAAW,EAAE,mCAAmC;gBAChD,OAAO,EAAE,oBAAoB,CAAC,IAAI,CAAC;gBACnC,QAAQ,EAAE,CAAC,eAAe,EAAE,gBAAgB,EAAE,eAAe,CAAC;aAC/D,CAAC;QACJ,KAAK,eAAe,CAAC,QAAQ;YAC3B,OAAO;gBACL,IAAI,EAAE,UAAU;gBAChB,SAAS,EAAE,MAAM;gBACjB,WAAW,EAAE,iCAAiC;gBAC9C,OAAO,EAAE,oBAAoB,CAAC,IAAI,CAAC;gBACnC,QAAQ,EAAE,CAAC,wBAAwB,EAAE,qBAAqB,CAAC;aAC5D,CAAC;QACJ,KAAK,eAAe,CAAC,SAAS;YAC5B,OAAO;gBACL,IAAI,EAAE,WAAW;gBACjB,SAAS,EAAE,OAAO;gBAClB,WAAW,EAAE,yBAAyB;gBACtC,OAAO,EAAE,oBAAoB,CAAC,IAAI,CAAC;gBACnC,QAAQ,EAAE,CAAC,mBAAmB,EAAE,oBAAoB,EAAE,aAAa,CAAC;aACrE,CAAC;QACJ,KAAK,eAAe,CAAC,YAAY;YAC/B,OAAO;gBACL,IAAI,EAAE,cAAc;gBACpB,SAAS,EAAE,UAAU;gBACrB,WAAW,EAAE,0EAA0E;gBACvF,OAAO,EAAE,oBAAoB,CAAC,IAAI,CAAC;gBACnC,QAAQ,EAAE,CAAC,aAAa,EAAE,aAAa,EAAE,mBAAmB,CAAC;aAC9D,CAAC;QACJ,KAAK,eAAe,CAAC,YAAY;YAC/B,OAAO;gBACL,IAAI,EAAE,cAAc;gBACpB,SAAS,EAAE,UAAU;gBACrB,WAAW,EAAE,kDAAkD;gBAC/D,OAAO,EAAE,oBAAoB,CAAC,IAAI,CAAC;gBACnC,QAAQ,EAAE,CAAC,sBAAsB,EAAE,kCAAkC,CAAC;aACvE,CAAC;IACN,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,CAAkB,EAAE,CAAkB;IACjE,MAAM,KAAK,GAAG;QACZ,CAAC,eAAe,CAAC,SAAS,CAAC,EAAE,CAAC;QAC9B,CAAC,eAAe,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC7B,CAAC,eAAe,CAAC,SAAS,CAAC,EAAE,CAAC;QAC9B,CAAC,eAAe,CAAC,YAAY,CAAC,EAAE,CAAC;QACjC,CAAC,eAAe,CAAC,YAAY,CAAC,EAAE,CAAC;KAClC,CAAC;IACF,OAAO,KAAK,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;AAC7B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,KAAwB;IACpD,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO,eAAe,CAAC,SAAS,CAAC;IACnC,CAAC;IACD,OAAO,KAAK,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE,CACtC,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CACrD,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAS1B;IACF,CAAC,eAAe,CAAC,SAAS,CAAC,EAAE;QAC3B,IAAI,EAAE,WAAW;QACjB,WAAW,EAAE,4CAA4C;QACzD,YAAY,EAAE,GAAG;QACjB,YAAY,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,eAAe,EAAE,gBAAgB,CAAC;QACtE,aAAa,EAAE;YACb,oBAAoB;YACpB,qBAAqB;YACrB,oBAAoB;YACpB,eAAe;YACf,eAAe;SAChB;KACF;IACD,CAAC,eAAe,CAAC,QAAQ,CAAC,EAAE;QAC1B,IAAI,EAAE,UAAU;QAChB,WAAW,EAAE,oCAAoC;QACjD,YAAY,EAAE,GAAG;QACjB,YAAY,EAAE;YACZ,QAAQ;YACR,SAAS;YACT,eAAe;YACf,gBAAgB;YAChB,gBAAgB;SACjB;QACD,aAAa,EAAE,CAAC,iBAAiB,EAAE,SAAS,EAAE,kBAAkB,CAAC;KAClE;IACD,CAAC,eAAe,CAAC,SAAS,CAAC,EAAE;QAC3B,IAAI,EAAE,WAAW;QACjB,WAAW,EAAE,uFAAuF;QACpG,YAAY,EAAE,GAAG;QACjB,YAAY,EAAE;YACZ,aAAa;YACb,oBAAoB;YACpB,mBAAmB;YACnB,eAAe;YACf,qBAAqB;SACtB;QACD,aAAa,EAAE,CAAC,gBAAgB,EAAE,eAAe,EAAE,kBAAkB,CAAC;KACvE;IACD,CAAC,eAAe,CAAC,YAAY,CAAC,EAAE;QAC9B,IAAI,EAAE,cAAc;QACpB,WAAW,EAAE,kFAAkF;QAC/F,YAAY,EAAE,GAAG;QACjB,YAAY,EAAE;YACZ,yBAAyB;YACzB,sBAAsB;YACtB,kBAAkB;YAClB,gBAAgB;SACjB;QACD,aAAa,EAAE,CAAC,sBAAsB,EAAE,kBAAkB,CAAC;KAC5D;IACD,CAAC,eAAe,CAAC,YAAY,CAAC,EAAE;QAC9B,IAAI,EAAE,cAAc;QACpB,WAAW,EAAE,yEAAyE;QACtF,YAAY,EAAE,IAAI;QAClB,YAAY,EAAE;YACZ,4BAA4B;YAC5B,6BAA6B;YAC7B,2BAA2B;YAC3B,uBAAuB;SACxB;QACD,aAAa,EAAE,EAAE;KAClB;CACF,CAAC"}

package/dist/orchestrator/index.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Orchestrator Module - Unified authorization and execution
+ *
+ * @packageDocumentation
+ */
+export { Orchestrator, createOrchestrator, OrchestratorBuilder, orchestratorBuilder, noopOrchestratorLogger, type OrchestratorConfig, type OrchestratorResult, type ProcessIntentOptions, type OrchestratorLogger, } from './orchestrator.js';
+export { ProofPlaneAdapter, createProofPlaneAdapter, type ProofPlaneInterface, type ProofPlaneAdapterConfig, } from './proof-plane-adapter.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/orchestrator/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/orchestrator/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,mBAAmB,EACnB,mBAAmB,EACnB,sBAAsB,EACtB,KAAK,kBAAkB,EACvB,KAAK,kBAAkB,EACvB,KAAK,oBAAoB,EACzB,KAAK,kBAAkB,GACxB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EACL,iBAAiB,EACjB,uBAAuB,EACvB,KAAK,mBAAmB,EACxB,KAAK,uBAAuB,GAC7B,MAAM,0BAA0B,CAAC"}

package/dist/orchestrator/index.js

@@ -0,0 +1,8 @@
+/**
+ * Orchestrator Module - Unified authorization and execution
+ *
+ * @packageDocumentation
+ */
+export { Orchestrator, createOrchestrator, OrchestratorBuilder, orchestratorBuilder, noopOrchestratorLogger, } from './orchestrator.js';
+export { ProofPlaneAdapter, createProofPlaneAdapter, } from './proof-plane-adapter.js';
+//# sourceMappingURL=index.js.map

package/dist/orchestrator/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/orchestrator/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,mBAAmB,EACnB,mBAAmB,EACnB,sBAAsB,GAKvB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EACL,iBAAiB,EACjB,uBAAuB,GAGxB,MAAM,0BAA0B,CAAC"}