@vorionsys/atsf-core 0.1.0 → 0.2.1

package/dist/phase6/role-gates/kernel.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"kernel.d.ts","sourceRoot":"","sources":["../../../src/phase6/role-gates/kernel.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH;;;GAGG;AACH,oBAAY,SAAS;IACnB,IAAI,SAAS,CAAE,uCAAuC;IACtD,IAAI,SAAS,CAAE,mCAAmC;IAClD,IAAI,SAAS,CAAE,sCAAsC;IACrD,IAAI,SAAS,CAAE,uCAAuC;IACtD,IAAI,SAAS,CAAE,yCAAyC;IACxD,IAAI,SAAS,CAAE,kCAAkC;IACjD,IAAI,SAAS,CAAE,0CAA0C;IACzD,IAAI,SAAS,CAAE,6CAA6C;IAC5D,IAAI,SAAS;CACd;AAED;;;GAGG;AACH,oBAAY,SAAS;IACnB,EAAE,OAAO,CAAE,gCAAgC;IAC3C,EAAE,OAAO,CAAE,0CAA0C;IACrD,EAAE,OAAO,CAAE,qCAAqC;IAChD,EAAE,OAAO,CAAE,yCAAyC;IACpD,EAAE,OAAO,CAAE,8CAA8C;IACzD,EAAE,OAAO;CACV;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,eAAO,MAAM,gBAAgB,EAAE,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,CAyE1E,CAAC;AAEF;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,SAAS,GAAG,OAAO,CAK7E;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,OAAO,GAAG,IAAI,IAAI,SAAS,CAG5D;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,OAAO,GAAG,IAAI,IAAI,SAAS,CAG5D;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,SAAS,GAAG,SAAS,CA4D5D;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,SAAS,GAAG,SAAS,CAyB5D;AAED;;GAEG;AACH,qBAAa,uBAAwB,SAAQ,KAAK;IAEvC,IAAI,EAAE,SAAS;IACf,IAAI,EAAE,SAAS;gBADf,IAAI,EAAE,SAAS,EACf,IAAI,EAAE,SAAS,EACtB,OAAO,CAAC,EAAE,MAAM;CAKnB"}

package/dist/phase6/role-gates/kernel.js

@@ -0,0 +1,258 @@
+/**
+ * Q3: Role Gates - Kernel Validation Layer
+ * Fast-path role + tier combination validation with matrix lookups
+ *
+ * Architecture:
+ * - Fail-fast kernel validation (<0.5ms)
+ * - Pre-computed matrix for O(1) lookups
+ * - 9 roles (R-L0 to R-L8) × 6 tiers (T0 to T5) = 48 valid combinations
+ */
+/**
+ * Agent role enumeration (9 levels)
+ * Defines hierarchical responsibility and operational scope
+ */
+export var AgentRole;
+(function (AgentRole) {
+    AgentRole["R_L0"] = "R-L0";
+    AgentRole["R_L1"] = "R-L1";
+    AgentRole["R_L2"] = "R-L2";
+    AgentRole["R_L3"] = "R-L3";
+    AgentRole["R_L4"] = "R-L4";
+    AgentRole["R_L5"] = "R-L5";
+    AgentRole["R_L6"] = "R-L6";
+    AgentRole["R_L7"] = "R-L7";
+    AgentRole["R_L8"] = "R-L8";
+})(AgentRole || (AgentRole = {}));
+/**
+ * Trust tier enumeration (6 levels)
+ * Defines operational authorization scope and resource access
+ */
+export var TrustTier;
+(function (TrustTier) {
+    TrustTier["T0"] = "T0";
+    TrustTier["T1"] = "T1";
+    TrustTier["T2"] = "T2";
+    TrustTier["T3"] = "T3";
+    TrustTier["T4"] = "T4";
+    TrustTier["T5"] = "T5";
+})(TrustTier || (TrustTier = {}));
+/**
+ * Role Gate Matrix: Valid role + tier combinations
+ * Rows: Roles (R-L0 to R-L8)
+ * Cols: Tiers (T0 to T5)
+ * Value: true if combination is valid
+ *
+ * Matrix structure:
+ * - R-L0 can reach: T0, T1
+ * - R-L1 can reach: T0, T1, T2
+ * - R-L2 can reach: T0, T1, T2, T3
+ * - R-L3 can reach: T0, T1, T2, T3, T4
+ * - R-L4 can reach: T0, T1, T2, T3, T4
+ * - R-L5 can reach: T0, T1, T2, T3, T4
+ * - R-L6 can reach: T0, T1, T2, T3, T4, T5
+ * - R-L7 can reach: T0, T1, T2, T3, T4, T5
+ * - R-L8 can reach: T0, T1, T2, T3, T4, T5
+ */
+export const ROLE_GATE_MATRIX = {
+    [AgentRole.R_L0]: {
+        [TrustTier.T0]: true,
+        [TrustTier.T1]: true,
+        [TrustTier.T2]: false,
+        [TrustTier.T3]: false,
+        [TrustTier.T4]: false,
+        [TrustTier.T5]: false,
+    },
+    [AgentRole.R_L1]: {
+        [TrustTier.T0]: true,
+        [TrustTier.T1]: true,
+        [TrustTier.T2]: true,
+        [TrustTier.T3]: false,
+        [TrustTier.T4]: false,
+        [TrustTier.T5]: false,
+    },
+    [AgentRole.R_L2]: {
+        [TrustTier.T0]: true,
+        [TrustTier.T1]: true,
+        [TrustTier.T2]: true,
+        [TrustTier.T3]: true,
+        [TrustTier.T4]: false,
+        [TrustTier.T5]: false,
+    },
+    [AgentRole.R_L3]: {
+        [TrustTier.T0]: true,
+        [TrustTier.T1]: true,
+        [TrustTier.T2]: true,
+        [TrustTier.T3]: true,
+        [TrustTier.T4]: true,
+        [TrustTier.T5]: false,
+    },
+    [AgentRole.R_L4]: {
+        [TrustTier.T0]: true,
+        [TrustTier.T1]: true,
+        [TrustTier.T2]: true,
+        [TrustTier.T3]: true,
+        [TrustTier.T4]: true,
+        [TrustTier.T5]: false,
+    },
+    [AgentRole.R_L5]: {
+        [TrustTier.T0]: true,
+        [TrustTier.T1]: true,
+        [TrustTier.T2]: true,
+        [TrustTier.T3]: true,
+        [TrustTier.T4]: true,
+        [TrustTier.T5]: false,
+    },
+    [AgentRole.R_L6]: {
+        [TrustTier.T0]: true,
+        [TrustTier.T1]: true,
+        [TrustTier.T2]: true,
+        [TrustTier.T3]: true,
+        [TrustTier.T4]: true,
+        [TrustTier.T5]: true,
+    },
+    [AgentRole.R_L7]: {
+        [TrustTier.T0]: true,
+        [TrustTier.T1]: true,
+        [TrustTier.T2]: true,
+        [TrustTier.T3]: true,
+        [TrustTier.T4]: true,
+        [TrustTier.T5]: true,
+    },
+    [AgentRole.R_L8]: {
+        [TrustTier.T0]: true,
+        [TrustTier.T1]: true,
+        [TrustTier.T2]: true,
+        [TrustTier.T3]: true,
+        [TrustTier.T4]: true,
+        [TrustTier.T5]: true,
+    },
+};
+/**
+ * Validate role + tier combination
+ * O(1) matrix lookup, fail-fast validation
+ */
+export function validateRoleAndTier(role, tier) {
+    if (!isValidRole(role) || !isValidTier(tier)) {
+        return false;
+    }
+    return ROLE_GATE_MATRIX[role]?.[tier] ?? false;
+}
+/**
+ * Check if value is a valid AgentRole
+ */
+export function isValidRole(role) {
+    if (typeof role !== 'string')
+        return false;
+    return Object.values(AgentRole).includes(role);
+}
+/**
+ * Check if value is a valid TrustTier
+ */
+export function isValidTier(tier) {
+    if (typeof tier !== 'string')
+        return false;
+    return Object.values(TrustTier).includes(tier);
+}
+/**
+ * Get maximum tier reachable for a given role
+ */
+export function getMaxTierForRole(role) {
+    if (!isValidRole(role)) {
+        throw new Error(`Invalid role: ${role}`);
+    }
+    const roleEntry = ROLE_GATE_MATRIX[role];
+    if (!roleEntry) {
+        return TrustTier.T0;
+    }
+    // Debug logging for R-L0
+    const isDebug = role === 'R-L0';
+    if (isDebug) {
+        console.log('getMaxTierForRole debug for R-L0:');
+        console.log('  roleEntry:', roleEntry);
+        console.log('  TrustTier.T1:', TrustTier.T1);
+        console.log('  roleEntry[TrustTier.T1]:', roleEntry[TrustTier.T1]);
+    }
+    // Check tiers from highest to lowest
+    const t5Val = roleEntry[TrustTier.T5];
+    if (t5Val === true) {
+        if (isDebug)
+            console.log('  returning T5');
+        return TrustTier.T5;
+    }
+    const t4Val = roleEntry[TrustTier.T4];
+    if (t4Val === true) {
+        if (isDebug)
+            console.log('  returning T4');
+        return TrustTier.T4;
+    }
+    const t3Val = roleEntry[TrustTier.T3];
+    if (t3Val === true) {
+        if (isDebug)
+            console.log('  returning T3');
+        return TrustTier.T3;
+    }
+    const t2Val = roleEntry[TrustTier.T2];
+    if (t2Val === true) {
+        if (isDebug)
+            console.log('  returning T2');
+        return TrustTier.T2;
+    }
+    const t1Val = roleEntry[TrustTier.T1];
+    if (isDebug)
+        console.log('  t1Val:', t1Val, 't1Val === true:', t1Val === true);
+    if (t1Val === true) {
+        if (isDebug)
+            console.log('  returning T1');
+        return TrustTier.T1;
+    }
+    const t0Val = roleEntry[TrustTier.T0];
+    if (t0Val === true) {
+        if (isDebug)
+            console.log('  returning T0');
+        return TrustTier.T0;
+    }
+    // Fallback
+    if (isDebug)
+        console.log('  returning fallback T0');
+    return TrustTier.T0;
+}
+/**
+ * Get minimum role required for a given tier
+ */
+export function getMinRoleForTier(tier) {
+    if (!isValidTier(tier)) {
+        throw new Error(`Invalid tier: ${tier}`);
+    }
+    const roleOrder = [
+        AgentRole.R_L0,
+        AgentRole.R_L1,
+        AgentRole.R_L2,
+        AgentRole.R_L3,
+        AgentRole.R_L4,
+        AgentRole.R_L5,
+        AgentRole.R_L6,
+        AgentRole.R_L7,
+        AgentRole.R_L8,
+    ];
+    for (const role of roleOrder) {
+        if (ROLE_GATE_MATRIX[role]?.[tier]) {
+            return role;
+        }
+    }
+    // Fallback
+    return AgentRole.R_L0;
+}
+/**
+ * Custom error for role gate validation failures
+ */
+export class RoleGateValidationError extends Error {
+    role;
+    tier;
+    constructor(role, tier, message) {
+        super(message || `Invalid role+tier combination: ${role} + ${tier}`);
+        this.role = role;
+        this.tier = tier;
+        this.name = 'RoleGateValidationError';
+    }
+}
+//# sourceMappingURL=kernel.js.map

package/dist/phase6/role-gates/kernel.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"kernel.js","sourceRoot":"","sources":["../../../src/phase6/role-gates/kernel.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH;;;GAGG;AACH,MAAM,CAAN,IAAY,SAUX;AAVD,WAAY,SAAS;IACnB,0BAAa,CAAA;IACb,0BAAa,CAAA;IACb,0BAAa,CAAA;IACb,0BAAa,CAAA;IACb,0BAAa,CAAA;IACb,0BAAa,CAAA;IACb,0BAAa,CAAA;IACb,0BAAa,CAAA;IACb,0BAAa,CAAA;AACf,CAAC,EAVW,SAAS,KAAT,SAAS,QAUpB;AAED;;;GAGG;AACH,MAAM,CAAN,IAAY,SAOX;AAPD,WAAY,SAAS;IACnB,sBAAS,CAAA;IACT,sBAAS,CAAA;IACT,sBAAS,CAAA;IACT,sBAAS,CAAA;IACT,sBAAS,CAAA;IACT,sBAAS,CAAA;AACX,CAAC,EAPW,SAAS,KAAT,SAAS,QAOpB;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAkD;IAC7E,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QAChB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;QACrB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;QACrB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;QACrB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;KACtB;IACD,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QAChB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;QACrB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;QACrB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;KACtB;IACD,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QAChB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;QACrB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;KACtB;IACD,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QAChB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;KACtB;IACD,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QAChB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;KACtB;IACD,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QAChB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,KAAK;KACtB;IACD,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QAChB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;KACrB;IACD,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QAChB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;KACrB;IACD,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QAChB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;QACpB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI;KACrB;CACF,CAAC;AAEF;;;GAGG;AACH,MAAM,UAAU,mBAAmB,CAAC,IAAe,EAAE,IAAe;IAClE,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC;QAC7C,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,gBAAgB,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC;AACjD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,IAAa;IACvC,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC3C,OAAO,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,IAAiB,CAAC,CAAC;AAC9D,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,IAAa;IACvC,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC3C,OAAO,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,IAAiB,CAAC,CAAC;AAC9D,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,IAAe;IAC/C,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,iBAAiB,IAAI,EAAE,CAAC,CAAC;IAC3C,CAAC;IAED,MAAM,SAAS,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;IACzC,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,SAAS,CAAC,EAAE,CAAC;IACtB,CAAC;IAED,yBAAyB;IACzB,MAAM,OAAO,GAAG,IAAI,KAAK,MAAM,CAAC;IAChC,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,SAAS,CAAC,CAAC;QACvC,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE,SAAS,CAAC,EAAE,CAAC,CAAC;QAC7C,OAAO,CAAC,GAAG,CAAC,4BAA4B,EAAE,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,CAAC;IACrE,CAAC;IAED,qCAAqC;IACrC,MAAM,KAAK,GAAG,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IACtC,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,IAAI,OAAO;YAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAC3C,OAAO,SAAS,CAAC,EAAE,CAAC;IACtB,CAAC;IAED,MAAM,KAAK,GAAG,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IACtC,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,IAAI,OAAO;YAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAC3C,OAAO,SAAS,CAAC,EAAE,CAAC;IACtB,CAAC;IAED,MAAM,KAAK,GAAG,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IACtC,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,IAAI,OAAO;YAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAC3C,OAAO,SAAS,CAAC,EAAE,CAAC;IACtB,CAAC;IAED,MAAM,KAAK,GAAG,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IACtC,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,IAAI,OAAO;YAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAC3C,OAAO,SAAS,CAAC,EAAE,CAAC;IACtB,CAAC;IAED,MAAM,KAAK,GAAG,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IACtC,IAAI,OAAO;QAAE,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,KAAK,EAAE,iBAAiB,EAAE,KAAK,KAAK,IAAI,CAAC,CAAC;IAC/E,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,IAAI,OAAO;YAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAC3C,OAAO,SAAS,CAAC,EAAE,CAAC;IACtB,CAAC;IAED,MAAM,KAAK,GAAG,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IACtC,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,IAAI,OAAO;YAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAC3C,OAAO,SAAS,CAAC,EAAE,CAAC;IACtB,CAAC;IAED,WAAW;IACX,IAAI,OAAO;QAAE,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;IACpD,OAAO,SAAS,CAAC,EAAE,CAAC;AACtB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,IAAe;IAC/C,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,iBAAiB,IAAI,EAAE,CAAC,CAAC;IAC3C,CAAC;IAED,MAAM,SAAS,GAAG;QAChB,SAAS,CAAC,IAAI;QACd,SAAS,CAAC,IAAI;QACd,SAAS,CAAC,IAAI;QACd,SAAS,CAAC,IAAI;QACd,SAAS,CAAC,IAAI;QACd,SAAS,CAAC,IAAI;QACd,SAAS,CAAC,IAAI;QACd,SAAS,CAAC,IAAI;QACd,SAAS,CAAC,IAAI;KACf,CAAC;IAEF,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;QAC7B,IAAI,gBAAgB,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;YACnC,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,WAAW;IACX,OAAO,SAAS,CAAC,IAAI,CAAC;AACxB,CAAC;AAED;;GAEG;AACH,MAAM,OAAO,uBAAwB,SAAQ,KAAK;IAEvC;IACA;IAFT,YACS,IAAe,EACf,IAAe,EACtB,OAAgB;QAEhB,KAAK,CAAC,OAAO,IAAI,kCAAkC,IAAI,MAAM,IAAI,EAAE,CAAC,CAAC;QAJ9D,SAAI,GAAJ,IAAI,CAAW;QACf,SAAI,GAAJ,IAAI,CAAW;QAItB,IAAI,CAAC,IAAI,GAAG,yBAAyB,CAAC;IACxC,CAAC;CACF"}

package/dist/phase6/role-gates/policy.d.ts

@@ -0,0 +1,110 @@
+/**
+ * Q3: Role Gates - BASIS Policy Enforcement Layer
+ * Dynamic policy engine with per-agent exceptions, domain filtering, and audit logging
+ *
+ * Architecture:
+ * - Dynamic policy rules (add/remove at runtime)
+ * - Per-agent exceptions with expiration
+ * - Domain-scoped rule application
+ * - Full audit trail of all evaluations
+ * - Version tracking on policy changes
+ */
+import { AgentRole, TrustTier } from './kernel.js';
+/**
+ * Policy rule definition
+ */
+export interface PolicyRule {
+    role: AgentRole;
+    tier: TrustTier;
+    allowed: boolean;
+    reason: string;
+    domains?: string[];
+}
+/**
+ * Per-agent policy exception
+ */
+export interface PolicyException {
+    agentId: string;
+    role: AgentRole;
+    tier: TrustTier;
+    allowed: boolean;
+    reason: string;
+    approvedBy: string;
+    expiresAt?: Date;
+}
+/**
+ * Policy decision result
+ */
+export interface PolicyDecision {
+    allowed: boolean;
+    reason: string;
+    source: 'exception' | 'rule' | 'default';
+    appliedAt: Date;
+}
+/**
+ * Policy audit log entry
+ */
+export interface PolicyAuditEntry {
+    timestamp: Date;
+    agentId: string;
+    role: AgentRole;
+    tier: TrustTier;
+    domain?: string;
+    decision: PolicyDecision;
+}
+/**
+ * BasisPolicyEngine: Dynamic policy enforcement with exceptions and domain filtering
+ */
+export declare class BasisPolicyEngine {
+    private rules;
+    private exceptions;
+    private auditLog;
+    private policyVersion;
+    private versionCounter;
+    /**
+     * Add a policy rule
+     */
+    addRule(rule: PolicyRule): void;
+    /**
+     * Remove a policy rule
+     */
+    removeRule(role: AgentRole, tier: TrustTier): void;
+    /**
+     * Add an agent-specific exception
+     */
+    addException(exception: PolicyException): void;
+    /**
+     * Remove an agent-specific exception
+     */
+    removeException(agentId: string, role: AgentRole, tier: TrustTier): void;
+    /**
+     * Evaluate policy for an agent
+     * Returns decision based on exceptions -> rules -> default allow
+     */
+    evaluatePolicy(agentId: string, role: AgentRole, tier: TrustTier, domain?: string): PolicyDecision;
+    /**
+     * Get audit log for specific agent
+     */
+    getAgentAuditLog(agentId: string): PolicyAuditEntry[];
+    /**
+     * Get full audit log
+     */
+    getAuditLog(): PolicyAuditEntry[];
+    /**
+     * Get current policy version
+     */
+    getPolicyVersion(): string;
+    /**
+     * Check if exception has expired
+     */
+    private isExpired;
+    /**
+     * Log an audit entry
+     */
+    private logAudit;
+    /**
+     * Increment version for policy tracking
+     */
+    private incrementVersion;
+}
+//# sourceMappingURL=policy.d.ts.map

package/dist/phase6/role-gates/policy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy.d.ts","sourceRoot":"","sources":["../../../src/phase6/role-gates/policy.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAEnD;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,SAAS,CAAC;IAChB,IAAI,EAAE,SAAS,CAAC;IAChB,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,SAAS,CAAC;IAChB,IAAI,EAAE,SAAS,CAAC;IAChB,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,IAAI,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,WAAW,GAAG,MAAM,GAAG,SAAS,CAAC;IACzC,SAAS,EAAE,IAAI,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE,IAAI,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,SAAS,CAAC;IAChB,IAAI,EAAE,SAAS,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,cAAc,CAAC;CAC1B;AAED;;GAEG;AACH,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,KAAK,CAAsC;IACnD,OAAO,CAAC,UAAU,CAA6C;IAC/D,OAAO,CAAC,QAAQ,CAA0B;IAC1C,OAAO,CAAC,aAAa,CAAmB;IACxC,OAAO,CAAC,cAAc,CAAa;IAEnC;;OAEG;IACH,OAAO,CAAC,IAAI,EAAE,UAAU,GAAG,IAAI;IAM/B;;OAEG;IACH,UAAU,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,SAAS,GAAG,IAAI;IAQlD;;OAEG;IACH,YAAY,CAAC,SAAS,EAAE,eAAe,GAAG,IAAI;IAS9C;;OAEG;IACH,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,SAAS,GAAG,IAAI;IAcxE;;;OAGG;IACH,cAAc,CACZ,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,SAAS,EACf,IAAI,EAAE,SAAS,EACf,MAAM,CAAC,EAAE,MAAM,GACd,cAAc;IAoDjB;;OAEG;IACH,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,gBAAgB,EAAE;IAIrD;;OAEG;IACH,WAAW,IAAI,gBAAgB,EAAE;IAIjC;;OAEG;IACH,gBAAgB,IAAI,MAAM;IAI1B;;OAEG;IACH,OAAO,CAAC,SAAS;IAOjB;;OAEG;IACH,OAAO,CAAC,QAAQ;IAIhB;;OAEG;IACH,OAAO,CAAC,gBAAgB;CAKzB"}

package/dist/phase6/role-gates/policy.js

@@ -0,0 +1,157 @@
+/**
+ * Q3: Role Gates - BASIS Policy Enforcement Layer
+ * Dynamic policy engine with per-agent exceptions, domain filtering, and audit logging
+ *
+ * Architecture:
+ * - Dynamic policy rules (add/remove at runtime)
+ * - Per-agent exceptions with expiration
+ * - Domain-scoped rule application
+ * - Full audit trail of all evaluations
+ * - Version tracking on policy changes
+ */
+/**
+ * BasisPolicyEngine: Dynamic policy enforcement with exceptions and domain filtering
+ */
+export class BasisPolicyEngine {
+    rules = new Map();
+    exceptions = new Map();
+    auditLog = [];
+    policyVersion = '1.0.0';
+    versionCounter = 0;
+    /**
+     * Add a policy rule
+     */
+    addRule(rule) {
+        const key = `${rule.role}:${rule.tier}`;
+        this.rules.set(key, rule);
+        this.incrementVersion();
+    }
+    /**
+     * Remove a policy rule
+     */
+    removeRule(role, tier) {
+        const key = `${role}:${tier}`;
+        if (this.rules.has(key)) {
+            this.rules.delete(key);
+            this.incrementVersion();
+        }
+    }
+    /**
+     * Add an agent-specific exception
+     */
+    addException(exception) {
+        const key = exception.agentId;
+        if (!this.exceptions.has(key)) {
+            this.exceptions.set(key, []);
+        }
+        this.exceptions.get(key).push(exception);
+        this.incrementVersion();
+    }
+    /**
+     * Remove an agent-specific exception
+     */
+    removeException(agentId, role, tier) {
+        const key = agentId;
+        const exceptions = this.exceptions.get(key);
+        if (exceptions) {
+            const index = exceptions.findIndex((e) => e.role === role && e.tier === tier);
+            if (index >= 0) {
+                exceptions.splice(index, 1);
+                this.incrementVersion();
+            }
+        }
+    }
+    /**
+     * Evaluate policy for an agent
+     * Returns decision based on exceptions -> rules -> default allow
+     */
+    evaluatePolicy(agentId, role, tier, domain) {
+        const timestamp = new Date();
+        // Check agent-specific exceptions first
+        const agentExceptions = this.exceptions.get(agentId) || [];
+        for (const exception of agentExceptions) {
+            if (exception.role === role &&
+                exception.tier === tier &&
+                !this.isExpired(exception)) {
+                const decision = {
+                    allowed: exception.allowed,
+                    reason: exception.reason,
+                    source: 'exception',
+                    appliedAt: timestamp,
+                };
+                this.logAudit({ timestamp, agentId, role, tier, domain, decision });
+                return decision;
+            }
+        }
+        // Check policy rules
+        const ruleKey = `${role}:${tier}`;
+        const rule = this.rules.get(ruleKey);
+        if (rule) {
+            // Check domain filter if present
+            if (rule.domains && domain && !rule.domains.includes(domain)) {
+                // Domain filter doesn't match, fall through to default
+            }
+            else if (!rule.domains || !domain || rule.domains.includes(domain)) {
+                const decision = {
+                    allowed: rule.allowed,
+                    reason: rule.reason,
+                    source: 'rule',
+                    appliedAt: timestamp,
+                };
+                this.logAudit({ timestamp, agentId, role, tier, domain, decision });
+                return decision;
+            }
+        }
+        // Default: allow
+        const decision = {
+            allowed: true,
+            reason: 'No matching rule or exception (default allow)',
+            source: 'default',
+            appliedAt: timestamp,
+        };
+        this.logAudit({ timestamp, agentId, role, tier, domain, decision });
+        return decision;
+    }
+    /**
+     * Get audit log for specific agent
+     */
+    getAgentAuditLog(agentId) {
+        return this.auditLog.filter((entry) => entry.agentId === agentId);
+    }
+    /**
+     * Get full audit log
+     */
+    getAuditLog() {
+        return [...this.auditLog];
+    }
+    /**
+     * Get current policy version
+     */
+    getPolicyVersion() {
+        return this.policyVersion;
+    }
+    /**
+     * Check if exception has expired
+     */
+    isExpired(exception) {
+        if (!exception.expiresAt) {
+            return false;
+        }
+        return new Date() > exception.expiresAt;
+    }
+    /**
+     * Log an audit entry
+     */
+    logAudit(entry) {
+        this.auditLog.push(entry);
+    }
+    /**
+     * Increment version for policy tracking
+     */
+    incrementVersion() {
+        this.versionCounter++;
+        const [major, minor] = this.policyVersion.split('.').map(Number);
+        this.policyVersion = `${major}.${minor + 1}`;
+    }
+}
+//# sourceMappingURL=policy.js.map

package/dist/phase6/role-gates/policy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy.js","sourceRoot":"","sources":["../../../src/phase6/role-gates/policy.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAkDH;;GAEG;AACH,MAAM,OAAO,iBAAiB;IACpB,KAAK,GAA4B,IAAI,GAAG,EAAE,CAAC;IAC3C,UAAU,GAAmC,IAAI,GAAG,EAAE,CAAC;IACvD,QAAQ,GAAuB,EAAE,CAAC;IAClC,aAAa,GAAW,OAAO,CAAC;IAChC,cAAc,GAAW,CAAC,CAAC;IAEnC;;OAEG;IACH,OAAO,CAAC,IAAgB;QACtB,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACxC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAC1B,IAAI,CAAC,gBAAgB,EAAE,CAAC;IAC1B,CAAC;IAED;;OAEG;IACH,UAAU,CAAC,IAAe,EAAE,IAAe;QACzC,MAAM,GAAG,GAAG,GAAG,IAAI,IAAI,IAAI,EAAE,CAAC;QAC9B,IAAI,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACxB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACvB,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC1B,CAAC;IACH,CAAC;IAED;;OAEG;IACH,YAAY,CAAC,SAA0B;QACrC,MAAM,GAAG,GAAG,SAAS,CAAC,OAAO,CAAC;QAC9B,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YAC9B,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAC/B,CAAC;QACD,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAE,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC1C,IAAI,CAAC,gBAAgB,EAAE,CAAC;IAC1B,CAAC;IAED;;OAEG;IACH,eAAe,CAAC,OAAe,EAAE,IAAe,EAAE,IAAe;QAC/D,MAAM,GAAG,GAAG,OAAO,CAAC;QACpB,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5C,IAAI,UAAU,EAAE,CAAC;YACf,MAAM,KAAK,GAAG,UAAU,CAAC,SAAS,CAChC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,IAAI,CAAC,CAAC,IAAI,KAAK,IAAI,CAC1C,CAAC;YACF,IAAI,KAAK,IAAI,CAAC,EAAE,CAAC;gBACf,UAAU,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;gBAC5B,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAC1B,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,cAAc,CACZ,OAAe,EACf,IAAe,EACf,IAAe,EACf,MAAe;QAEf,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;QAE7B,wCAAwC;QACxC,MAAM,eAAe,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QAC3D,KAAK,MAAM,SAAS,IAAI,eAAe,EAAE,CAAC;YACxC,IACE,SAAS,CAAC,IAAI,KAAK,IAAI;gBACvB,SAAS,CAAC,IAAI,KAAK,IAAI;gBACvB,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,EAC1B,CAAC;gBACD,MAAM,QAAQ,GAAmB;oBAC/B,OAAO,EAAE,SAAS,CAAC,OAAO;oBAC1B,MAAM,EAAE,SAAS,CAAC,MAAM;oBACxB,MAAM,EAAE,WAAW;oBACnB,SAAS,EAAE,SAAS;iBACrB,CAAC;gBACF,IAAI,CAAC,QAAQ,CAAC,EAAE,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC;gBACpE,OAAO,QAAQ,CAAC;YAClB,CAAC;QACH,CAAC;QAED,qBAAqB;QACrB,MAAM,OAAO,GAAG,GAAG,IAAI,IAAI,IAAI,EAAE,CAAC;QAClC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACrC,IAAI,IAAI,EAAE,CAAC;YACT,iCAAiC;YACjC,IAAI,IAAI,CAAC,OAAO,IAAI,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC7D,uDAAuD;YACzD,CAAC;iBAAM,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;gBACrE,MAAM,QAAQ,GAAmB;oBAC/B,OAAO,EAAE,IAAI,CAAC,OAAO;oBACrB,MAAM,EAAE,IAAI,CAAC,MAAM;oBACnB,MAAM,EAAE,MAAM;oBACd,SAAS,EAAE,SAAS;iBACrB,CAAC;gBACF,IAAI,CAAC,QAAQ,CAAC,EAAE,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC;gBACpE,OAAO,QAAQ,CAAC;YAClB,CAAC;QACH,CAAC;QAED,iBAAiB;QACjB,MAAM,QAAQ,GAAmB;YAC/B,OAAO,EAAE,IAAI;YACb,MAAM,EAAE,+CAA+C;YACvD,MAAM,EAAE,SAAS;YACjB,SAAS,EAAE,SAAS;SACrB,CAAC;QACF,IAAI,CAAC,QAAQ,CAAC,EAAE,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC;QACpE,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;OAEG;IACH,gBAAgB,CAAC,OAAe;QAC9B,OAAO,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO,KAAK,OAAO,CAAC,CAAC;IACpE,CAAC;IAED;;OAEG;IACH,WAAW;QACT,OAAO,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC5B,CAAC;IAED;;OAEG;IACH,gBAAgB;QACd,OAAO,IAAI,CAAC,aAAa,CAAC;IAC5B,CAAC;IAED;;OAEG;IACK,SAAS,CAAC,SAA0B;QAC1C,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC;YACzB,OAAO,KAAK,CAAC;QACf,CAAC;QACD,OAAO,IAAI,IAAI,EAAE,GAAG,SAAS,CAAC,SAAS,CAAC;IAC1C,CAAC;IAED;;OAEG;IACK,QAAQ,CAAC,KAAuB;QACtC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC5B,CAAC;IAED;;OAEG;IACK,gBAAgB;QACtB,IAAI,CAAC,cAAc,EAAE,CAAC;QACtB,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACjE,IAAI,CAAC,aAAa,GAAG,GAAG,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;IAC/C,CAAC;CACF"}