npm - @vorionsys/atsf-core - Versions diffs - 0.2.0 → 0.2.2 - Mend

@vorionsys/atsf-core 0.2.0 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (215) hide show

package/CHANGELOG.md +67 -0
package/LICENSE +190 -0
package/README.md +305 -181
package/dist/api/server.d.ts.map +1 -1
package/dist/api/server.js +86 -4
package/dist/api/server.js.map +1 -1
package/dist/basis/parser.d.ts +210 -210
package/dist/basis/parser.js.map +1 -1
package/dist/chain/index.d.ts +147 -0
package/dist/chain/index.d.ts.map +1 -0
package/dist/chain/index.js +219 -0
package/dist/chain/index.js.map +1 -0
package/dist/common/adapters.d.ts +9 -9
package/dist/common/adapters.d.ts.map +1 -1
package/dist/common/adapters.js +6 -6
package/dist/common/config.d.ts +152 -152
package/dist/common/types.d.ts +35 -15
package/dist/common/types.d.ts.map +1 -1
package/dist/common/types.js.map +1 -1
package/dist/enforce/index.d.ts +226 -16
package/dist/enforce/index.d.ts.map +1 -1
package/dist/enforce/index.js +196 -49
package/dist/enforce/index.js.map +1 -1
package/dist/governance/index.d.ts +2 -0
package/dist/governance/index.d.ts.map +1 -1
package/dist/governance/index.js +1 -0
package/dist/governance/index.js.map +1 -1
package/dist/governance/proof-bridge.d.ts +86 -0
package/dist/governance/proof-bridge.d.ts.map +1 -0
package/dist/governance/proof-bridge.js +139 -0
package/dist/governance/proof-bridge.js.map +1 -0
package/dist/index.d.ts +11 -4
package/dist/index.d.ts.map +1 -1
package/dist/index.js +17 -4
package/dist/index.js.map +1 -1
package/dist/intent/index.d.ts +127 -10
package/dist/intent/index.d.ts.map +1 -1
package/dist/intent/index.js +121 -16
package/dist/intent/index.js.map +1 -1
package/dist/langchain/executor.d.ts +19 -5
package/dist/langchain/executor.d.ts.map +1 -1
package/dist/langchain/executor.js +287 -36
package/dist/langchain/executor.js.map +1 -1
package/dist/langchain/index.d.ts +2 -1
package/dist/langchain/index.d.ts.map +1 -1
package/dist/langchain/index.js +3 -1
package/dist/langchain/index.js.map +1 -1
package/dist/langchain/tools.d.ts.map +1 -1
package/dist/langchain/tools.js +2 -1
package/dist/langchain/tools.js.map +1 -1
package/dist/langchain/types.d.ts +41 -0
package/dist/langchain/types.d.ts.map +1 -1
package/dist/layers/index.d.ts +1 -1
package/dist/layers/index.d.ts.map +1 -1
package/dist/persistence/file.d.ts +35 -3
package/dist/persistence/file.d.ts.map +1 -1
package/dist/persistence/file.js +138 -11
package/dist/persistence/file.js.map +1 -1
package/dist/persistence/index.d.ts +10 -1
package/dist/persistence/index.d.ts.map +1 -1
package/dist/persistence/index.js +15 -1
package/dist/persistence/index.js.map +1 -1
package/dist/persistence/sqlite.d.ts +135 -0
package/dist/persistence/sqlite.d.ts.map +1 -0
package/dist/persistence/sqlite.js +372 -0
package/dist/persistence/sqlite.js.map +1 -0
package/dist/phase6/ceiling.d.ts +177 -0
package/dist/phase6/ceiling.d.ts.map +1 -0
package/dist/phase6/ceiling.js +463 -0
package/dist/phase6/ceiling.js.map +1 -0
package/dist/phase6/context.d.ts +207 -0
package/dist/phase6/context.d.ts.map +1 -0
package/dist/phase6/context.js +603 -0
package/dist/phase6/context.js.map +1 -0
package/dist/phase6/index.d.ts +79 -0
package/dist/phase6/index.d.ts.map +1 -0
package/dist/phase6/index.js +152 -0
package/dist/phase6/index.js.map +1 -0
package/dist/phase6/presets.d.ts +148 -0
package/dist/phase6/presets.d.ts.map +1 -0
package/dist/phase6/presets.js +467 -0
package/dist/phase6/presets.js.map +1 -0
package/dist/phase6/provenance.d.ts +148 -0
package/dist/phase6/provenance.d.ts.map +1 -0
package/dist/phase6/provenance.js +545 -0
package/dist/phase6/provenance.js.map +1 -0
package/dist/phase6/role-gates/index.d.ts +7 -0
package/dist/phase6/role-gates/index.d.ts.map +1 -0
package/dist/phase6/role-gates/index.js +7 -0
package/dist/phase6/role-gates/index.js.map +1 -0
package/dist/phase6/role-gates/kernel.d.ts +84 -0
package/dist/phase6/role-gates/kernel.d.ts.map +1 -0
package/dist/phase6/role-gates/kernel.js +258 -0
package/dist/phase6/role-gates/kernel.js.map +1 -0
package/dist/phase6/role-gates/policy.d.ts +110 -0
package/dist/phase6/role-gates/policy.d.ts.map +1 -0
package/dist/phase6/role-gates/policy.js +157 -0
package/dist/phase6/role-gates/policy.js.map +1 -0
package/dist/phase6/role-gates.d.ts +164 -0
package/dist/phase6/role-gates.d.ts.map +1 -0
package/dist/phase6/role-gates.js +536 -0
package/dist/phase6/role-gates.js.map +1 -0
package/dist/phase6/types.d.ts +1829 -0
package/dist/phase6/types.d.ts.map +1 -0
package/dist/phase6/types.js +452 -0
package/dist/phase6/types.js.map +1 -0
package/dist/phase6/weight-presets/canonical.d.ts +93 -0
package/dist/phase6/weight-presets/canonical.d.ts.map +1 -0
package/dist/phase6/weight-presets/canonical.js +122 -0
package/dist/phase6/weight-presets/canonical.js.map +1 -0
package/dist/phase6/weight-presets/deltas.d.ts +144 -0
package/dist/phase6/weight-presets/deltas.d.ts.map +1 -0
package/dist/phase6/weight-presets/deltas.js +184 -0
package/dist/phase6/weight-presets/deltas.js.map +1 -0
package/dist/phase6/weight-presets/index.d.ts +8 -0
package/dist/phase6/weight-presets/index.d.ts.map +1 -0
package/dist/phase6/weight-presets/index.js +8 -0
package/dist/phase6/weight-presets/index.js.map +1 -0
package/dist/phase6/weight-presets/merger.d.ts +79 -0
package/dist/phase6/weight-presets/merger.d.ts.map +1 -0
package/dist/phase6/weight-presets/merger.js +161 -0
package/dist/phase6/weight-presets/merger.js.map +1 -0
package/dist/proof/index.d.ts +6 -0
package/dist/proof/index.d.ts.map +1 -1
package/dist/proof/index.js +56 -6
package/dist/proof/index.js.map +1 -1
package/dist/proof/merkle.d.ts +195 -0
package/dist/proof/merkle.d.ts.map +1 -0
package/dist/proof/merkle.js +412 -0
package/dist/proof/merkle.js.map +1 -0
package/dist/proof/zk-proofs.d.ts +218 -0
package/dist/proof/zk-proofs.d.ts.map +1 -0
package/dist/proof/zk-proofs.js +531 -0
package/dist/proof/zk-proofs.js.map +1 -0
package/dist/sandbox-training/challenges.d.ts +16 -0
package/dist/sandbox-training/challenges.d.ts.map +1 -0
package/dist/sandbox-training/challenges.js +561 -0
package/dist/sandbox-training/challenges.js.map +1 -0
package/dist/sandbox-training/graduation.d.ts +25 -0
package/dist/sandbox-training/graduation.d.ts.map +1 -0
package/dist/sandbox-training/graduation.js +143 -0
package/dist/sandbox-training/graduation.js.map +1 -0
package/dist/sandbox-training/index.d.ts +19 -0
package/dist/sandbox-training/index.d.ts.map +1 -0
package/dist/sandbox-training/index.js +22 -0
package/dist/sandbox-training/index.js.map +1 -0
package/dist/sandbox-training/promotion-service.d.ts +76 -0
package/dist/sandbox-training/promotion-service.d.ts.map +1 -0
package/dist/sandbox-training/promotion-service.js +117 -0
package/dist/sandbox-training/promotion-service.js.map +1 -0
package/dist/sandbox-training/runner.d.ts +58 -0
package/dist/sandbox-training/runner.d.ts.map +1 -0
package/dist/sandbox-training/runner.js +388 -0
package/dist/sandbox-training/runner.js.map +1 -0
package/dist/sandbox-training/scorer.d.ts +40 -0
package/dist/sandbox-training/scorer.d.ts.map +1 -0
package/dist/sandbox-training/scorer.js +79 -0
package/dist/sandbox-training/scorer.js.map +1 -0
package/dist/sandbox-training/types.d.ts +162 -0
package/dist/sandbox-training/types.d.ts.map +1 -0
package/dist/sandbox-training/types.js +32 -0
package/dist/sandbox-training/types.js.map +1 -0
package/dist/trust-engine/ceiling-enforcement/audit.d.ts +98 -0
package/dist/trust-engine/ceiling-enforcement/audit.d.ts.map +1 -0
package/dist/trust-engine/ceiling-enforcement/audit.js +160 -0
package/dist/trust-engine/ceiling-enforcement/audit.js.map +1 -0
package/dist/trust-engine/ceiling-enforcement/index.d.ts +6 -0
package/dist/trust-engine/ceiling-enforcement/index.d.ts.map +1 -0
package/dist/trust-engine/ceiling-enforcement/index.js +6 -0
package/dist/trust-engine/ceiling-enforcement/index.js.map +1 -0
package/dist/trust-engine/ceiling-enforcement/kernel.d.ts +112 -0
package/dist/trust-engine/ceiling-enforcement/kernel.d.ts.map +1 -0
package/dist/trust-engine/ceiling-enforcement/kernel.js +158 -0
package/dist/trust-engine/ceiling-enforcement/kernel.js.map +1 -0
package/dist/trust-engine/context-policy/enforcement.d.ts +62 -0
package/dist/trust-engine/context-policy/enforcement.d.ts.map +1 -0
package/dist/trust-engine/context-policy/enforcement.js +104 -0
package/dist/trust-engine/context-policy/enforcement.js.map +1 -0
package/dist/trust-engine/context-policy/factory.d.ts +75 -0
package/dist/trust-engine/context-policy/factory.d.ts.map +1 -0
package/dist/trust-engine/context-policy/factory.js +130 -0
package/dist/trust-engine/context-policy/factory.js.map +1 -0
package/dist/trust-engine/context-policy/index.d.ts +6 -0
package/dist/trust-engine/context-policy/index.d.ts.map +1 -0
package/dist/trust-engine/context-policy/index.js +6 -0
package/dist/trust-engine/context-policy/index.js.map +1 -0
package/dist/trust-engine/creation-modifiers/index.d.ts +5 -0
package/dist/trust-engine/creation-modifiers/index.d.ts.map +1 -0
package/dist/trust-engine/creation-modifiers/index.js +5 -0
package/dist/trust-engine/creation-modifiers/index.js.map +1 -0
package/dist/trust-engine/creation-modifiers/types.d.ts +112 -0
package/dist/trust-engine/creation-modifiers/types.d.ts.map +1 -0
package/dist/trust-engine/creation-modifiers/types.js +166 -0
package/dist/trust-engine/creation-modifiers/types.js.map +1 -0
package/dist/trust-engine/index.d.ts +54 -1
package/dist/trust-engine/index.d.ts.map +1 -1
package/dist/trust-engine/index.js +118 -1
package/dist/trust-engine/index.js.map +1 -1
package/dist/trust-engine/phase6-types.d.ts +123 -0
package/dist/trust-engine/phase6-types.d.ts.map +1 -0
package/dist/trust-engine/phase6-types.js +88 -0
package/dist/trust-engine/phase6-types.js.map +1 -0
package/package.json +42 -12
package/dist/audit/key-manager.d.ts +0 -118
package/dist/audit/key-manager.d.ts.map +0 -1
package/dist/audit/key-manager.js +0 -565
package/dist/audit/key-manager.js.map +0 -1
package/dist/carbon-aware/carbon-metrics.d.ts +0 -151
package/dist/carbon-aware/carbon-metrics.d.ts.map +0 -1
package/dist/carbon-aware/carbon-metrics.js +0 -370
package/dist/carbon-aware/carbon-metrics.js.map +0 -1
package/dist/carbon-aware/carbon-router.d.ts +0 -101
package/dist/carbon-aware/carbon-router.d.ts.map +0 -1
package/dist/carbon-aware/carbon-router.js +0 -400
package/dist/carbon-aware/carbon-router.js.map +0 -1

package/dist/sandbox-training/types.d.ts ADDED Viewed

@@ -0,0 +1,162 @@
+/**
+ * Sandbox Adversarial Training Boot Camp — Core Types
+ *
+ * Type definitions for the T0→T1 training gauntlet that tests
+ * Competence (CT-COMP), Reliability (CT-REL), and Observability (CT-OBS).
+ *
+ * @packageDocumentation
+ */
+/** T1 trust factors that the boot camp tests */
+export type T1Factor = 'CT-COMP' | 'CT-REL' | 'CT-OBS';
+/** Difficulty progression within each factor */
+export type ChallengeDifficulty = 'basic' | 'intermediate' | 'adversarial';
+/** Category of adversarial injection */
+export type AdversarialType = 'malformed_input' | 'timeout_pressure' | 'privilege_escalation' | 'injection' | 'rate_flood' | 'misleading_context' | 'none';
+/** A single boot camp challenge */
+export interface Challenge {
+    /** Unique challenge ID (e.g., "comp-basic-001") */
+    id: string;
+    /** Human-readable name */
+    name: string;
+    /** What the challenge tests */
+    description: string;
+    /** Which T1 trust factor this targets */
+    factor: T1Factor;
+    /** Difficulty level */
+    difficulty: ChallengeDifficulty;
+    /** Type of adversarial injection (or 'none' for clean challenges) */
+    adversarialType: AdversarialType;
+    /** Maximum time allowed for agent response (ms) */
+    timeoutMs: number;
+    /** The challenge payload sent to the agent */
+    input: ChallengeInput;
+    /** How to evaluate the agent's response */
+    evaluator: ChallengeEvaluator;
+    /** Maximum points awarded on pass (scaled by difficulty) */
+    maxPoints: number;
+}
+/** Payload delivered to the agent */
+export interface ChallengeInput {
+    /** The task/prompt for the agent */
+    prompt: string;
+    /** Structured data the agent should process */
+    data?: Record<string, unknown>;
+    /** Adversarial payload injected into the request */
+    adversarialPayload?: Record<string, unknown>;
+    /** Constraints the agent must respect */
+    constraints?: string[];
+}
+/** Evaluation strategy for a challenge */
+export interface ChallengeEvaluator {
+    /** Type of evaluation */
+    type: 'exact_match' | 'schema_validation' | 'behavior_check' | 'custom';
+    /** Expected output (for exact_match) */
+    expected?: unknown;
+    /** Schema the response must conform to (for schema_validation) */
+    schema?: Record<string, unknown>;
+    /** Custom evaluator function name (for custom type) */
+    customFn?: string;
+}
+/** What the agent must implement to participate in boot camp */
+export interface BootCampAgent {
+    agentId: string;
+    tenantId: string;
+    /** Handle a challenge and return a response */
+    handleChallenge(input: ChallengeInput): Promise<ChallengeResponse>;
+}
+/** Agent's response to a challenge */
+export interface ChallengeResponse {
+    /** The agent's output */
+    output: unknown;
+    /** Agent's confidence level (0-1) */
+    confidence?: number;
+    /** Whether agent detected adversarial input */
+    adversarialDetected?: boolean;
+    /** Agent's reasoning (for observability scoring) */
+    reasoning?: string;
+}
+/** Result of a single challenge execution */
+export interface ChallengeResult {
+    challengeId: string;
+    agentId: string;
+    factor: T1Factor;
+    difficulty: ChallengeDifficulty;
+    /** Did the agent pass? */
+    passed: boolean;
+    /** Score 0.0-1.0 for this challenge */
+    score: number;
+    /** Time taken to respond (ms) */
+    responseTimeMs: number;
+    /** Whether agent correctly handled adversarial input */
+    adversarialHandled: boolean;
+    /** Detailed evaluation notes */
+    notes: string[];
+    /** ISO 8601 timestamp */
+    completedAt: string;
+}
+/** A complete boot camp session */
+export interface BootCampSession {
+    sessionId: string;
+    agentId: string;
+    tenantId: string;
+    /** Challenges completed in this session */
+    results: ChallengeResult[];
+    /** Aggregate scores by factor (0.0-1.0) */
+    factorScores: Record<T1Factor, number>;
+    /** Overall readiness assessment */
+    graduationReady: boolean;
+    /** Trust signals emitted during this session */
+    signalsEmitted: number;
+    /** ISO 8601 timestamp */
+    startedAt: string;
+    /** ISO 8601 timestamp (set when session completes) */
+    completedAt?: string;
+}
+/** Boot camp runner configuration */
+export interface BootCampConfig {
+    /** Challenges to run (defaults to full catalog) */
+    challenges?: Challenge[];
+    /** Minimum factor score to pass (default: 0.50 per T1 spec) */
+    minFactorScore?: number;
+    /** Whether to stop on first failure (default: false) */
+    failFast?: boolean;
+    /** Difficulty progression: run basic before intermediate before adversarial */
+    progressiveDifficulty?: boolean;
+}
+/** Criteria for boot camp graduation */
+export interface GraduationCriteria {
+    /** Minimum score per factor (default: 0.50 per BASIS T1 spec) */
+    minFactorScore: number;
+    /** Minimum challenges passed per difficulty tier */
+    minChallengesPassed: Record<ChallengeDifficulty, number>;
+    /** Must pass at least 1 adversarial per factor */
+    requireAdversarial: boolean;
+}
+/** Per-factor graduation assessment */
+export interface FactorGraduationResult {
+    score: number;
+    passed: boolean;
+    challengesPassed: number;
+    challengesFailed: number;
+    adversarialPassed: boolean;
+}
+/** Full graduation assessment */
+export interface GraduationResult {
+    /** Is the agent ready for T0→T1 promotion? */
+    ready: boolean;
+    /** Per-factor breakdown */
+    factorResults: Record<T1Factor, FactorGraduationResult>;
+    /** Human-readable summary for the T0→T1 approval request */
+    summary: string;
+    /** Recommended trust score based on performance (200-349 range) */
+    recommendedScore: number;
+}
+/** All T1 factors */
+export declare const T1_FACTORS: readonly T1Factor[];
+/** Difficulty progression order */
+export declare const DIFFICULTY_ORDER: readonly ChallengeDifficulty[];
+/** Difficulty weights for scoring */
+export declare const DIFFICULTY_WEIGHTS: Record<ChallengeDifficulty, number>;
+/** Factor to trust signal type mapping */
+export declare const FACTOR_TO_SIGNAL: Record<T1Factor, string>;
+//# sourceMappingURL=types.d.ts.map

package/dist/sandbox-training/types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/sandbox-training/types.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAMH,gDAAgD;AAChD,MAAM,MAAM,QAAQ,GAAG,SAAS,GAAG,QAAQ,GAAG,QAAQ,CAAC;AAEvD,gDAAgD;AAChD,MAAM,MAAM,mBAAmB,GAAG,OAAO,GAAG,cAAc,GAAG,aAAa,CAAC;AAE3E,wCAAwC;AACxC,MAAM,MAAM,eAAe,GACvB,iBAAiB,GACjB,kBAAkB,GAClB,sBAAsB,GACtB,WAAW,GACX,YAAY,GACZ,oBAAoB,GACpB,MAAM,CAAC;AAMX,mCAAmC;AACnC,MAAM,WAAW,SAAS;IACxB,mDAAmD;IACnD,EAAE,EAAE,MAAM,CAAC;IACX,0BAA0B;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,+BAA+B;IAC/B,WAAW,EAAE,MAAM,CAAC;IACpB,yCAAyC;IACzC,MAAM,EAAE,QAAQ,CAAC;IACjB,uBAAuB;IACvB,UAAU,EAAE,mBAAmB,CAAC;IAChC,qEAAqE;IACrE,eAAe,EAAE,eAAe,CAAC;IACjC,mDAAmD;IACnD,SAAS,EAAE,MAAM,CAAC;IAClB,8CAA8C;IAC9C,KAAK,EAAE,cAAc,CAAC;IACtB,2CAA2C;IAC3C,SAAS,EAAE,kBAAkB,CAAC;IAC9B,4DAA4D;IAC5D,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,qCAAqC;AACrC,MAAM,WAAW,cAAc;IAC7B,oCAAoC;IACpC,MAAM,EAAE,MAAM,CAAC;IACf,+CAA+C;IAC/C,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/B,oDAAoD;IACpD,kBAAkB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC7C,yCAAyC;IACzC,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;CACxB;AAED,0CAA0C;AAC1C,MAAM,WAAW,kBAAkB;IACjC,yBAAyB;IACzB,IAAI,EAAE,aAAa,GAAG,mBAAmB,GAAG,gBAAgB,GAAG,QAAQ,CAAC;IACxE,wCAAwC;IACxC,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,kEAAkE;IAClE,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,uDAAuD;IACvD,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAMD,gEAAgE;AAChE,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,+CAA+C;IAC/C,eAAe,CAAC,KAAK,EAAE,cAAc,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;CACpE;AAED,sCAAsC;AACtC,MAAM,WAAW,iBAAiB;IAChC,yBAAyB;IACzB,MAAM,EAAE,OAAO,CAAC;IAChB,qCAAqC;IACrC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,+CAA+C;IAC/C,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,oDAAoD;IACpD,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAMD,6CAA6C;AAC7C,MAAM,WAAW,eAAe;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,QAAQ,CAAC;IACjB,UAAU,EAAE,mBAAmB,CAAC;IAChC,0BAA0B;IAC1B,MAAM,EAAE,OAAO,CAAC;IAChB,uCAAuC;IACvC,KAAK,EAAE,MAAM,CAAC;IACd,iCAAiC;IACjC,cAAc,EAAE,MAAM,CAAC;IACvB,wDAAwD;IACxD,kBAAkB,EAAE,OAAO,CAAC;IAC5B,gCAAgC;IAChC,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,yBAAyB;IACzB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,mCAAmC;AACnC,MAAM,WAAW,eAAe;IAC9B,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,2CAA2C;IAC3C,OAAO,EAAE,eAAe,EAAE,CAAC;IAC3B,2CAA2C;IAC3C,YAAY,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IACvC,mCAAmC;IACnC,eAAe,EAAE,OAAO,CAAC;IACzB,gDAAgD;IAChD,cAAc,EAAE,MAAM,CAAC;IACvB,yBAAyB;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,sDAAsD;IACtD,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAMD,qCAAqC;AACrC,MAAM,WAAW,cAAc;IAC7B,mDAAmD;IACnD,UAAU,CAAC,EAAE,SAAS,EAAE,CAAC;IACzB,+DAA+D;IAC/D,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,wDAAwD;IACxD,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,+EAA+E;IAC/E,qBAAqB,CAAC,EAAE,OAAO,CAAC;CACjC;AAMD,wCAAwC;AACxC,MAAM,WAAW,kBAAkB;IACjC,iEAAiE;IACjE,cAAc,EAAE,MAAM,CAAC;IACvB,oDAAoD;IACpD,mBAAmB,EAAE,MAAM,CAAC,mBAAmB,EAAE,MAAM,CAAC,CAAC;IACzD,kDAAkD;IAClD,kBAAkB,EAAE,OAAO,CAAC;CAC7B;AAED,uCAAuC;AACvC,MAAM,WAAW,sBAAsB;IACrC,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,OAAO,CAAC;IAChB,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,MAAM,CAAC;IACzB,iBAAiB,EAAE,OAAO,CAAC;CAC5B;AAED,iCAAiC;AACjC,MAAM,WAAW,gBAAgB;IAC/B,8CAA8C;IAC9C,KAAK,EAAE,OAAO,CAAC;IACf,2BAA2B;IAC3B,aAAa,EAAE,MAAM,CAAC,QAAQ,EAAE,sBAAsB,CAAC,CAAC;IACxD,4DAA4D;IAC5D,OAAO,EAAE,MAAM,CAAC;IAChB,mEAAmE;IACnE,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAMD,qBAAqB;AACrB,eAAO,MAAM,UAAU,EAAE,SAAS,QAAQ,EAA6C,CAAC;AAExF,mCAAmC;AACnC,eAAO,MAAM,gBAAgB,EAAE,SAAS,mBAAmB,EAIjD,CAAC;AAEX,qCAAqC;AACrC,eAAO,MAAM,kBAAkB,EAAE,MAAM,CAAC,mBAAmB,EAAE,MAAM,CAIzD,CAAC;AAEX,0CAA0C;AAC1C,eAAO,MAAM,gBAAgB,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAI5C,CAAC"}

package/dist/sandbox-training/types.js ADDED Viewed

@@ -0,0 +1,32 @@
+/**
+ * Sandbox Adversarial Training Boot Camp — Core Types
+ *
+ * Type definitions for the T0→T1 training gauntlet that tests
+ * Competence (CT-COMP), Reliability (CT-REL), and Observability (CT-OBS).
+ *
+ * @packageDocumentation
+ */
+// =============================================================================
+// CONSTANTS
+// =============================================================================
+/** All T1 factors */
+export const T1_FACTORS = ['CT-COMP', 'CT-REL', 'CT-OBS'];
+/** Difficulty progression order */
+export const DIFFICULTY_ORDER = [
+    'basic',
+    'intermediate',
+    'adversarial',
+];
+/** Difficulty weights for scoring */
+export const DIFFICULTY_WEIGHTS = {
+    basic: 1.0,
+    intermediate: 1.5,
+    adversarial: 2.0,
+};
+/** Factor to trust signal type mapping */
+export const FACTOR_TO_SIGNAL = {
+    'CT-COMP': 'behavioral.competence',
+    'CT-REL': 'behavioral.reliability',
+    'CT-OBS': 'compliance.observability',
+};
+//# sourceMappingURL=types.js.map

package/dist/sandbox-training/types.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/sandbox-training/types.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAgMH,gFAAgF;AAChF,YAAY;AACZ,gFAAgF;AAEhF,qBAAqB;AACrB,MAAM,CAAC,MAAM,UAAU,GAAwB,CAAC,SAAS,EAAE,QAAQ,EAAE,QAAQ,CAAU,CAAC;AAExF,mCAAmC;AACnC,MAAM,CAAC,MAAM,gBAAgB,GAAmC;IAC9D,OAAO;IACP,cAAc;IACd,aAAa;CACL,CAAC;AAEX,qCAAqC;AACrC,MAAM,CAAC,MAAM,kBAAkB,GAAwC;IACrE,KAAK,EAAE,GAAG;IACV,YAAY,EAAE,GAAG;IACjB,WAAW,EAAE,GAAG;CACR,CAAC;AAEX,0CAA0C;AAC1C,MAAM,CAAC,MAAM,gBAAgB,GAA6B;IACxD,SAAS,EAAE,uBAAuB;IAClC,QAAQ,EAAE,wBAAwB;IAClC,QAAQ,EAAE,0BAA0B;CAC5B,CAAC"}

package/dist/trust-engine/ceiling-enforcement/audit.d.ts ADDED Viewed

@@ -0,0 +1,98 @@
+/**
+ * Phase 6 Q1: Ceiling Enforcement - Audit Layer
+ *
+ * Core responsibility: Log and track all ceiling enforcement decisions
+ * - Dual logging: raw_score + clamped_score for every event
+ * - Audit trail: timestamp, reason, context
+ * - Analytics: ceiling hit frequency, patterns, drift detection
+ */
+import { CeilingEnforcementResult, ContextType } from './kernel';
+/**
+ * Audit log entry for a ceiling enforcement operation
+ */
+export interface CeilingAuditEntry {
+    /** Unique event ID */
+    eventId: string;
+    /** Agent being scored */
+    agentId: string;
+    /** Timestamp of the enforcement */
+    timestamp: Date;
+    /** Raw score before ceiling */
+    rawScore: number;
+    /** Clamped score after ceiling */
+    clampedScore: number;
+    /** Ceiling applied */
+    ceiling: number;
+    /** Context type */
+    contextType: ContextType;
+    /** Was ceiling hit (rawScore > ceiling) */
+    ceilingHit: boolean;
+    /** Reason for this enforcement (e.g., "daily_refresh", "event_triggered", "manual_review") */
+    reason: string;
+    /** Tags for categorization */
+    tags: string[];
+}
+/**
+ * Statistical summary of ceiling enforcement activity
+ */
+export interface CeilingStatistics {
+    /** Total events processed */
+    totalEvents: number;
+    /** Events where ceiling was hit */
+    ceilingHits: number;
+    /** Percentage of events hitting ceiling */
+    ceilingHitRate: number;
+    /** Average raw score before enforcement */
+    avgRawScore: number;
+    /** Average clamped score after enforcement */
+    avgClampedScore: number;
+    /** Max raw score observed */
+    maxRawScore: number;
+    /** Max clamping delta (rawScore - clampedScore) */
+    maxClampingDelta: number;
+    /** Breakdown by context type */
+    byContext: Record<ContextType, {
+        hits: number;
+        rate: number;
+    }>;
+}
+/**
+ * In-memory audit log (would be backed by persistent storage in production)
+ */
+export declare class CeilingAuditLog {
+    private entries;
+    private maxEntries;
+    /**
+     * Record a ceiling enforcement operation
+     */
+    addEntry(eventId: string, agentId: string, result: CeilingEnforcementResult, reason?: string, tags?: string[]): CeilingAuditEntry;
+    /**
+     * Get all audit entries
+     */
+    getEntries(): CeilingAuditEntry[];
+    /**
+     * Get audit entries for a specific agent
+     */
+    getEntriesForAgent(agentId: string): CeilingAuditEntry[];
+    /**
+     * Get recent entries (last N)
+     */
+    getRecentEntries(count: number): CeilingAuditEntry[];
+    /**
+     * Clear audit log (for testing or reset)
+     */
+    clear(): void;
+    /**
+     * Compute statistics from audit log
+     */
+    computeStatistics(): CeilingStatistics;
+    /**
+     * Check for anomalies (ceiling hits for normally-trusted agents)
+     */
+    detectCeilingAnomalies(agentId: string, anomalyThreshold?: number): CeilingAuditEntry[];
+}
+/**
+ * Global audit log instance
+ */
+export declare const globalCeilingAuditLog: CeilingAuditLog;
+//# sourceMappingURL=audit.d.ts.map

package/dist/trust-engine/ceiling-enforcement/audit.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"audit.d.ts","sourceRoot":"","sources":["../../../src/trust-engine/ceiling-enforcement/audit.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAOH,OAAO,EACL,wBAAwB,EACxB,WAAW,EAEZ,MAAM,UAAU,CAAC;AAElB;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,sBAAsB;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,yBAAyB;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,mCAAmC;IACnC,SAAS,EAAE,IAAI,CAAC;IAChB,+BAA+B;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,kCAAkC;IAClC,YAAY,EAAE,MAAM,CAAC;IACrB,sBAAsB;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,mBAAmB;IACnB,WAAW,EAAE,WAAW,CAAC;IACzB,2CAA2C;IAC3C,UAAU,EAAE,OAAO,CAAC;IACpB,8FAA8F;IAC9F,MAAM,EAAE,MAAM,CAAC;IACf,8BAA8B;IAC9B,IAAI,EAAE,MAAM,EAAE,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,6BAA6B;IAC7B,WAAW,EAAE,MAAM,CAAC;IACpB,mCAAmC;IACnC,WAAW,EAAE,MAAM,CAAC;IACpB,2CAA2C;IAC3C,cAAc,EAAE,MAAM,CAAC;IACvB,2CAA2C;IAC3C,WAAW,EAAE,MAAM,CAAC;IACpB,8CAA8C;IAC9C,eAAe,EAAE,MAAM,CAAC;IACxB,6BAA6B;IAC7B,WAAW,EAAE,MAAM,CAAC;IACpB,mDAAmD;IACnD,gBAAgB,EAAE,MAAM,CAAC;IACzB,gCAAgC;IAChC,SAAS,EAAE,MAAM,CAAC,WAAW,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CAChE;AAED;;GAEG;AACH,qBAAa,eAAe;IAC1B,OAAO,CAAC,OAAO,CAA2B;IAC1C,OAAO,CAAC,UAAU,CAAiB;IAEnC;;OAEG;IACH,QAAQ,CACN,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,wBAAwB,EAChC,MAAM,GAAE,MAAoB,EAC5B,IAAI,GAAE,MAAM,EAAO,GAClB,iBAAiB;IAwBpB;;OAEG;IACH,UAAU,IAAI,iBAAiB,EAAE;IAIjC;;OAEG;IACH,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,iBAAiB,EAAE;IAIxD;;OAEG;IACH,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,iBAAiB,EAAE;IAIpD;;OAEG;IACH,KAAK,IAAI,IAAI;IAIb;;OAEG;IACH,iBAAiB,IAAI,iBAAiB;IAsFtC;;OAEG;IACH,sBAAsB,CACpB,OAAO,EAAE,MAAM,EACf,gBAAgB,GAAE,MAAa,GAC9B,iBAAiB,EAAE;CAiBvB;AAED;;GAEG;AACH,eAAO,MAAM,qBAAqB,iBAAwB,CAAC"}

package/dist/trust-engine/ceiling-enforcement/audit.js ADDED Viewed

@@ -0,0 +1,160 @@
+/**
+ * Phase 6 Q1: Ceiling Enforcement - Audit Layer
+ *
+ * Core responsibility: Log and track all ceiling enforcement decisions
+ * - Dual logging: raw_score + clamped_score for every event
+ * - Audit trail: timestamp, reason, context
+ * - Analytics: ceiling hit frequency, patterns, drift detection
+ */
+import { ContextType, } from './kernel';
+/**
+ * In-memory audit log (would be backed by persistent storage in production)
+ */
+export class CeilingAuditLog {
+    entries = [];
+    maxEntries = 10000; // Prevent unbounded growth in memory
+    /**
+     * Record a ceiling enforcement operation
+     */
+    addEntry(eventId, agentId, result, reason = 'automatic', tags = []) {
+        const entry = {
+            eventId,
+            agentId,
+            timestamp: new Date(),
+            rawScore: result.rawScore,
+            clampedScore: result.clampedScore,
+            ceiling: result.ceiling,
+            contextType: result.contextType,
+            ceilingHit: result.ceilingApplied,
+            reason,
+            tags,
+        };
+        this.entries.push(entry);
+        // Rotate oldest entries if we exceed max
+        if (this.entries.length > this.maxEntries) {
+            this.entries = this.entries.slice(-this.maxEntries);
+        }
+        return entry;
+    }
+    /**
+     * Get all audit entries
+     */
+    getEntries() {
+        return [...this.entries];
+    }
+    /**
+     * Get audit entries for a specific agent
+     */
+    getEntriesForAgent(agentId) {
+        return this.entries.filter((e) => e.agentId === agentId);
+    }
+    /**
+     * Get recent entries (last N)
+     */
+    getRecentEntries(count) {
+        return this.entries.slice(-count);
+    }
+    /**
+     * Clear audit log (for testing or reset)
+     */
+    clear() {
+        this.entries = [];
+    }
+    /**
+     * Compute statistics from audit log
+     */
+    computeStatistics() {
+        if (this.entries.length === 0) {
+            return {
+                totalEvents: 0,
+                ceilingHits: 0,
+                ceilingHitRate: 0,
+                avgRawScore: 0,
+                avgClampedScore: 0,
+                maxRawScore: 0,
+                maxClampingDelta: 0,
+                byContext: {
+                    [ContextType.LOCAL]: { hits: 0, rate: 0 },
+                    [ContextType.ENTERPRISE]: { hits: 0, rate: 0 },
+                    [ContextType.SOVEREIGN]: { hits: 0, rate: 0 },
+                },
+            };
+        }
+        let totalRawScore = 0;
+        let totalClampedScore = 0;
+        let ceilingHits = 0;
+        let maxRawScore = -Infinity;
+        let maxClampingDelta = 0;
+        const byContext = {
+            [ContextType.LOCAL]: { hits: 0, total: 0 },
+            [ContextType.ENTERPRISE]: { hits: 0, total: 0 },
+            [ContextType.SOVEREIGN]: { hits: 0, total: 0 },
+        };
+        for (const entry of this.entries) {
+            totalRawScore += entry.rawScore;
+            totalClampedScore += entry.clampedScore;
+            maxRawScore = Math.max(maxRawScore, entry.rawScore);
+            maxClampingDelta = Math.max(maxClampingDelta, entry.rawScore - entry.clampedScore);
+            if (entry.ceilingHit) {
+                ceilingHits++;
+            }
+            byContext[entry.contextType].total++;
+            if (entry.ceilingHit) {
+                byContext[entry.contextType].hits++;
+            }
+        }
+        return {
+            totalEvents: this.entries.length,
+            ceilingHits,
+            ceilingHitRate: ceilingHits / this.entries.length,
+            avgRawScore: totalRawScore / this.entries.length,
+            avgClampedScore: totalClampedScore / this.entries.length,
+            maxRawScore,
+            maxClampingDelta,
+            byContext: {
+                [ContextType.LOCAL]: {
+                    hits: byContext[ContextType.LOCAL].hits,
+                    rate: byContext[ContextType.LOCAL].total === 0
+                        ? 0
+                        : byContext[ContextType.LOCAL].hits /
+                            byContext[ContextType.LOCAL].total,
+                },
+                [ContextType.ENTERPRISE]: {
+                    hits: byContext[ContextType.ENTERPRISE].hits,
+                    rate: byContext[ContextType.ENTERPRISE].total === 0
+                        ? 0
+                        : byContext[ContextType.ENTERPRISE].hits /
+                            byContext[ContextType.ENTERPRISE].total,
+                },
+                [ContextType.SOVEREIGN]: {
+                    hits: byContext[ContextType.SOVEREIGN].hits,
+                    rate: byContext[ContextType.SOVEREIGN].total === 0
+                        ? 0
+                        : byContext[ContextType.SOVEREIGN].hits /
+                            byContext[ContextType.SOVEREIGN].total,
+                },
+            },
+        };
+    }
+    /**
+     * Check for anomalies (ceiling hits for normally-trusted agents)
+     */
+    detectCeilingAnomalies(agentId, anomalyThreshold = 0.05) {
+        const agentEntries = this.getEntriesForAgent(agentId);
+        if (agentEntries.length === 0) {
+            return [];
+        }
+        const hitRate = agentEntries.filter((e) => e.ceilingHit).length /
+            agentEntries.length;
+        // If hit rate is above threshold (normally 5%), flag as anomaly
+        if (hitRate > anomalyThreshold) {
+            return agentEntries.filter((e) => e.ceilingHit);
+        }
+        return [];
+    }
+}
+/**
+ * Global audit log instance
+ */
+export const globalCeilingAuditLog = new CeilingAuditLog();
+//# sourceMappingURL=audit.js.map

package/dist/trust-engine/ceiling-enforcement/audit.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"audit.js","sourceRoot":"","sources":["../../../src/trust-engine/ceiling-enforcement/audit.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAOH,OAAO,EAEL,WAAW,GAEZ,MAAM,UAAU,CAAC;AAkDlB;;GAEG;AACH,MAAM,OAAO,eAAe;IAClB,OAAO,GAAwB,EAAE,CAAC;IAClC,UAAU,GAAW,KAAK,CAAC,CAAC,qCAAqC;IAEzE;;OAEG;IACH,QAAQ,CACN,OAAe,EACf,OAAe,EACf,MAAgC,EAChC,SAAiB,WAAW,EAC5B,OAAiB,EAAE;QAEnB,MAAM,KAAK,GAAsB;YAC/B,OAAO;YACP,OAAO;YACP,SAAS,EAAE,IAAI,IAAI,EAAE;YACrB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,UAAU,EAAE,MAAM,CAAC,cAAc;YACjC,MAAM;YACN,IAAI;SACL,CAAC;QAEF,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAEzB,yCAAyC;QACzC,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;YAC1C,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACtD,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACH,UAAU;QACR,OAAO,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC;IAC3B,CAAC;IAED;;OAEG;IACH,kBAAkB,CAAC,OAAe;QAChC,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,OAAO,CAAC,CAAC;IAC3D,CAAC;IAED;;OAEG;IACH,gBAAgB,CAAC,KAAa;QAC5B,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC;IACpC,CAAC;IAED;;OAEG;IACH,KAAK;QACH,IAAI,CAAC,OAAO,GAAG,EAAE,CAAC;IACpB,CAAC;IAED;;OAEG;IACH,iBAAiB;QACf,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC9B,OAAO;gBACL,WAAW,EAAE,CAAC;gBACd,WAAW,EAAE,CAAC;gBACd,cAAc,EAAE,CAAC;gBACjB,WAAW,EAAE,CAAC;gBACd,eAAe,EAAE,CAAC;gBAClB,WAAW,EAAE,CAAC;gBACd,gBAAgB,EAAE,CAAC;gBACnB,SAAS,EAAE;oBACT,CAAC,WAAW,CAAC,KAAK,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE;oBACzC,CAAC,WAAW,CAAC,UAAU,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE;oBAC9C,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE;iBAC9C;aACF,CAAC;QACJ,CAAC;QAED,IAAI,aAAa,GAAG,CAAC,CAAC;QACtB,IAAI,iBAAiB,GAAG,CAAC,CAAC;QAC1B,IAAI,WAAW,GAAG,CAAC,CAAC;QACpB,IAAI,WAAW,GAAG,CAAC,QAAQ,CAAC;QAC5B,IAAI,gBAAgB,GAAG,CAAC,CAAC;QAEzB,MAAM,SAAS,GAAyD;YACtE,CAAC,WAAW,CAAC,KAAK,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE;YAC1C,CAAC,WAAW,CAAC,UAAU,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE;YAC/C,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE;SAC/C,CAAC;QAEF,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjC,aAAa,IAAI,KAAK,CAAC,QAAQ,CAAC;YAChC,iBAAiB,IAAI,KAAK,CAAC,YAAY,CAAC;YACxC,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,KAAK,CAAC,QAAQ,CAAC,CAAC;YACpD,gBAAgB,GAAG,IAAI,CAAC,GAAG,CACzB,gBAAgB,EAChB,KAAK,CAAC,QAAQ,GAAG,KAAK,CAAC,YAAY,CACpC,CAAC;YAEF,IAAI,KAAK,CAAC,UAAU,EAAE,CAAC;gBACrB,WAAW,EAAE,CAAC;YAChB,CAAC;YAED,SAAS,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,KAAK,EAAE,CAAC;YACrC,IAAI,KAAK,CAAC,UAAU,EAAE,CAAC;gBACrB,SAAS,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,IAAI,EAAE,CAAC;YACtC,CAAC;QACH,CAAC;QAED,OAAO;YACL,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM;YAChC,WAAW;YACX,cAAc,EAAE,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM;YACjD,WAAW,EAAE,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM;YAChD,eAAe,EAAE,iBAAiB,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM;YACxD,WAAW;YACX,gBAAgB;YAChB,SAAS,EAAE;gBACT,CAAC,WAAW,CAAC,KAAK,CAAC,EAAE;oBACnB,IAAI,EAAE,SAAS,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,IAAI;oBACvC,IAAI,EACF,SAAS,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,KAAK,KAAK,CAAC;wBACtC,CAAC,CAAC,CAAC;wBACH,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,IAAI;4BACjC,SAAS,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,KAAK;iBACzC;gBACD,CAAC,WAAW,CAAC,UAAU,CAAC,EAAE;oBACxB,IAAI,EAAE,SAAS,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC,IAAI;oBAC5C,IAAI,EACF,SAAS,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC,KAAK,KAAK,CAAC;wBAC3C,CAAC,CAAC,CAAC;wBACH,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC,IAAI;4BACtC,SAAS,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC,KAAK;iBAC9C;gBACD,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE;oBACvB,IAAI,EAAE,SAAS,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC,IAAI;oBAC3C,IAAI,EACF,SAAS,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC,KAAK,KAAK,CAAC;wBAC1C,CAAC,CAAC,CAAC;wBACH,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC,IAAI;4BACrC,SAAS,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC,KAAK;iBAC7C;aACF;SACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,sBAAsB,CACpB,OAAe,EACf,mBAA2B,IAAI;QAE/B,MAAM,YAAY,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;QACtD,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC9B,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,OAAO,GACX,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,MAAM;YAC/C,YAAY,CAAC,MAAM,CAAC;QAEtB,gEAAgE;QAChE,IAAI,OAAO,GAAG,gBAAgB,EAAE,CAAC;YAC/B,OAAO,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;QAClD,CAAC;QAED,OAAO,EAAE,CAAC;IACZ,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG,IAAI,eAAe,EAAE,CAAC"}

package/dist/trust-engine/ceiling-enforcement/index.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+/**
+ * Ceiling Enforcement Module (Q1) - Public API
+ */
+export * from './kernel.js';
+export * from './audit.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/trust-engine/ceiling-enforcement/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/trust-engine/ceiling-enforcement/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,cAAc,aAAa,CAAC;AAC5B,cAAc,YAAY,CAAC"}

package/dist/trust-engine/ceiling-enforcement/index.js ADDED Viewed

@@ -0,0 +1,6 @@
+/**
+ * Ceiling Enforcement Module (Q1) - Public API
+ */
+export * from './kernel.js';
+export * from './audit.js';
+//# sourceMappingURL=index.js.map

package/dist/trust-engine/ceiling-enforcement/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/trust-engine/ceiling-enforcement/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,cAAc,aAAa,CAAC;AAC5B,cAAc,YAAY,CAAC"}

package/dist/trust-engine/ceiling-enforcement/kernel.d.ts ADDED Viewed

@@ -0,0 +1,112 @@
+/**
+ * Phase 6 Q1: Ceiling Enforcement - Kernel Layer
+ *
+ * Core responsibility: Apply ceiling enforcement at kernel level (0-1000 scale)
+ * - Receives raw trust scores (any numeric value)
+ * - Clamps to 0-1000 based on context ceiling
+ * - Preserves raw score for audit trail (ceilingApplied flag)
+ * - <1ms latency target
+ */
+import { TrustEvent } from '../phase6-types.js';
+/**
+ * Context-based ceiling levels (from CONTEXT_CEILINGS)
+ */
+export declare enum ContextType {
+    LOCAL = "local",// 0-700: Restricted to test environments
+    ENTERPRISE = "enterprise",// 0-900: Approved for business operations
+    SOVEREIGN = "sovereign"
+}
+/**
+ * Result of ceiling enforcement operation
+ */
+export interface CeilingEnforcementResult {
+    /** Original raw score (unclamped) */
+    rawScore: number;
+    /** Clamped score (post-ceiling) */
+    clampedScore: number;
+    /** Ceiling that was applied */
+    ceiling: number;
+    /** Whether clamping occurred (rawScore !== clampedScore) */
+    ceilingApplied: boolean;
+    /** Context type that determined the ceiling */
+    contextType: ContextType;
+}
+/**
+ * Get ceiling value for a context type
+ *
+ * @param contextType - The context (local/enterprise/sovereign)
+ * @returns The ceiling value (700/900/1000)
+ */
+export declare function getCeilingForContext(contextType: ContextType): number;
+/**
+ * Clamp a raw score to the ceiling for a given context
+ *
+ * This is the core Q1 enforcement: kernel-level ceiling with dual logging
+ * - Raw score always preserved (for analytics)
+ * - Clamped score enforced at runtime (for authorization decisions)
+ * - Flag indicates whether ceiling was applied
+ *
+ * @param rawScore - The unprocessed trust score (may be >1000 or <0)
+ * @param contextType - The context determining the ceiling
+ * @returns CeilingEnforcementResult with raw/clamped scores and flags
+ *
+ * @example
+ * const result = clampTrustScore(1050, ContextType.ENTERPRISE);
+ * // { rawScore: 1050, clampedScore: 900, ceiling: 900, ceilingApplied: true, contextType: 'enterprise' }
+ */
+export declare function clampTrustScore(rawScore: number, contextType: ContextType): CeilingEnforcementResult;
+/**
+ * Apply ceiling enforcement to a TrustEvent
+ *
+ * This wraps clampTrustScore and populates the event's score and ceilingApplied fields
+ *
+ * @param event - The trust event to enforce ceiling on
+ * @param contextType - The context determining the ceiling
+ * @returns The modified TrustEvent with score clamped and ceilingApplied set
+ */
+export declare function applyCeilingEnforcement(event: TrustEvent, contextType: ContextType): TrustEvent;
+/**
+ * Validate that a score complies with its context ceiling
+ *
+ * This is used for assertions/validation - checking that a score
+ * was properly clamped before being used in authorization decisions
+ *
+ * @param score - The score to validate
+ * @param contextType - The context that should be limiting the score
+ * @returns true if score ≤ ceiling for this context
+ */
+export declare function validateScoreForContext(score: number, contextType: ContextType): boolean;
+/**
+ * Get the effective autonomy tier based on clamped score
+ *
+ * Maps the clamped score (after ceiling enforcement) to a tier level.
+ * This is used downstream (in role-gates, context-policy) to determine
+ * what operations are allowed.
+ *
+ * Tier mapping:
+ * - T0: 0-100 (Sandbox)
+ * - T1: 100-300 (Monitored)
+ * - T2: 300-500 (Supervised)
+ * - T3: 500-700 (Autonomous)
+ * - T4: 700-900 (Sovereign)
+ * - T5: 900-1000 (Verified)
+ *
+ * @param clampedScore - Score after ceiling enforcement
+ * @returns Tier number 0-5
+ */
+export declare function getTierFromScore(clampedScore: number): number;
+/**
+ * Compute the effective authorization tier
+ *
+ * This combines:
+ * 1. The clamped trust score (from ceiling enforcement)
+ * 2. The context ceiling
+ *
+ * Result is the minimum tier that respects both constraints.
+ *
+ * @param clampedScore - Score after ceiling enforcement
+ * @param contextType - Context that limited the score
+ * @returns Effective tier 0-5
+ */
+export declare function getEffectiveAuthorizationTier(clampedScore: number, contextType: ContextType): number;
+//# sourceMappingURL=kernel.d.ts.map

package/dist/trust-engine/ceiling-enforcement/kernel.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"kernel.d.ts","sourceRoot":"","sources":["../../../src/trust-engine/ceiling-enforcement/kernel.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,UAAU,EAAkC,MAAM,oBAAoB,CAAC;AAEhF;;GAEG;AACH,oBAAY,WAAW;IACrB,KAAK,UAAU,CAAS,yCAAyC;IACjE,UAAU,eAAe,CAAE,0CAA0C;IACrE,SAAS,cAAc;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACvC,qCAAqC;IACrC,QAAQ,EAAE,MAAM,CAAC;IACjB,mCAAmC;IACnC,YAAY,EAAE,MAAM,CAAC;IACrB,+BAA+B;IAC/B,OAAO,EAAE,MAAM,CAAC;IAChB,4DAA4D;IAC5D,cAAc,EAAE,OAAO,CAAC;IACxB,+CAA+C;IAC/C,WAAW,EAAE,WAAW,CAAC;CAC1B;AAED;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAAC,WAAW,EAAE,WAAW,GAAG,MAAM,CAWrE;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,eAAe,CAC7B,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,WAAW,GACvB,wBAAwB,CAqB1B;AAED;;;;;;;;GAQG;AACH,wBAAgB,uBAAuB,CACrC,KAAK,EAAE,UAAU,EACjB,WAAW,EAAE,WAAW,GACvB,UAAU,CAQZ;AAED;;;;;;;;;GASG;AACH,wBAAgB,uBAAuB,CACrC,KAAK,EAAE,MAAM,EACb,WAAW,EAAE,WAAW,GACvB,OAAO,CAGT;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,gBAAgB,CAAC,YAAY,EAAE,MAAM,GAAG,MAAM,CAW7D;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,6BAA6B,CAC3C,YAAY,EAAE,MAAM,EACpB,WAAW,EAAE,WAAW,GACvB,MAAM,CASR"}