@vorionsys/cognigate 1.0.0

package/dist/index.js

@@ -0,0 +1,477 @@
+// src/types.ts
+import { z } from "zod";
+var TrustTier = /* @__PURE__ */ ((TrustTier2) => {
+  TrustTier2[TrustTier2["T0_SANDBOX"] = 0] = "T0_SANDBOX";
+  TrustTier2[TrustTier2["T1_OBSERVED"] = 1] = "T1_OBSERVED";
+  TrustTier2[TrustTier2["T2_PROVISIONAL"] = 2] = "T2_PROVISIONAL";
+  TrustTier2[TrustTier2["T3_VERIFIED"] = 3] = "T3_VERIFIED";
+  TrustTier2[TrustTier2["T4_OPERATIONAL"] = 4] = "T4_OPERATIONAL";
+  TrustTier2[TrustTier2["T5_TRUSTED"] = 5] = "T5_TRUSTED";
+  TrustTier2[TrustTier2["T6_CERTIFIED"] = 6] = "T6_CERTIFIED";
+  TrustTier2[TrustTier2["T7_AUTONOMOUS"] = 7] = "T7_AUTONOMOUS";
+  return TrustTier2;
+})(TrustTier || {});
+var TIER_THRESHOLDS = {
+  [0 /* T0_SANDBOX */]: { min: 0, max: 199, name: "Sandbox" },
+  [1 /* T1_OBSERVED */]: { min: 200, max: 349, name: "Observed" },
+  [2 /* T2_PROVISIONAL */]: { min: 350, max: 499, name: "Provisional" },
+  [3 /* T3_VERIFIED */]: { min: 500, max: 649, name: "Verified" },
+  [4 /* T4_OPERATIONAL */]: { min: 650, max: 799, name: "Operational" },
+  [5 /* T5_TRUSTED */]: { min: 800, max: 875, name: "Trusted" },
+  [6 /* T6_CERTIFIED */]: { min: 876, max: 949, name: "Certified" },
+  [7 /* T7_AUTONOMOUS */]: { min: 950, max: 1e3, name: "Autonomous" }
+};
+var TrustStatusSchema = z.object({
+  entityId: z.string(),
+  trustScore: z.number().min(0).max(1e3),
+  trustTier: z.nativeEnum(TrustTier),
+  tierName: z.string(),
+  capabilities: z.array(z.string()),
+  factorScores: z.record(z.string(), z.number()),
+  lastEvaluated: z.coerce.date(),
+  compliant: z.boolean(),
+  warnings: z.array(z.string())
+});
+var GovernanceResultSchema = z.object({
+  decision: z.enum(["ALLOW", "DENY", "ESCALATE", "DEGRADE"]),
+  trustScore: z.number(),
+  trustTier: z.nativeEnum(TrustTier),
+  grantedCapabilities: z.array(z.string()),
+  deniedCapabilities: z.array(z.string()),
+  reasoning: z.string(),
+  constraints: z.record(z.string(), z.unknown()).optional(),
+  proofId: z.string().optional(),
+  timestamp: z.coerce.date()
+});
+var ProofRecordSchema = z.object({
+  id: z.string(),
+  entityId: z.string(),
+  intentId: z.string(),
+  decision: z.enum(["ALLOW", "DENY", "ESCALATE", "DEGRADE"]),
+  action: z.string(),
+  outcome: z.enum(["SUCCESS", "FAILURE", "PARTIAL", "PENDING"]),
+  trustScoreBefore: z.number(),
+  trustScoreAfter: z.number(),
+  timestamp: z.coerce.date(),
+  hash: z.string(),
+  previousHash: z.string(),
+  metadata: z.record(z.string(), z.unknown()).optional()
+});
+var AgentSchema = z.object({
+  id: z.string(),
+  name: z.string(),
+  description: z.string(),
+  ownerId: z.string(),
+  trustScore: z.number(),
+  trustTier: z.nativeEnum(TrustTier),
+  status: z.enum(["ACTIVE", "PAUSED", "SUSPENDED", "TERMINATED"]),
+  capabilities: z.array(z.string()),
+  executions: z.number(),
+  successRate: z.number(),
+  createdAt: z.coerce.date(),
+  updatedAt: z.coerce.date(),
+  metadata: z.record(z.string(), z.unknown()).optional()
+});
+
+// src/client.ts
+var DEFAULT_BASE_URL = "https://cognigate.dev/v1";
+var DEFAULT_TIMEOUT = 3e4;
+var DEFAULT_RETRIES = 3;
+var CognigateError = class extends Error {
+  constructor(message, code, status, details) {
+    super(message);
+    this.code = code;
+    this.status = status;
+    this.details = details;
+    this.name = "CognigateError";
+  }
+};
+var Cognigate = class {
+  config;
+  agents;
+  trust;
+  governance;
+  proofs;
+  constructor(config) {
+    if (!config.apiKey) {
+      throw new CognigateError("API key is required", "MISSING_API_KEY");
+    }
+    this.config = {
+      apiKey: config.apiKey,
+      baseUrl: config.baseUrl || DEFAULT_BASE_URL,
+      timeout: config.timeout || DEFAULT_TIMEOUT,
+      retries: config.retries || DEFAULT_RETRIES,
+      debug: config.debug || false,
+      webhookSecret: config.webhookSecret
+    };
+    this.agents = new AgentsClient(this);
+    this.trust = new TrustClient(this);
+    this.governance = new GovernanceClient(this);
+    this.proofs = new ProofsClient(this);
+  }
+  /**
+   * Make an authenticated request to the Cognigate API
+   */
+  async request(method, path, body) {
+    const url = `${this.config.baseUrl}${path}`;
+    const headers = {
+      "Authorization": `Bearer ${this.config.apiKey}`,
+      "Content-Type": "application/json",
+      "X-SDK-Version": "1.0.0",
+      "X-SDK-Language": "typescript"
+    };
+    let lastError = null;
+    for (let attempt = 0; attempt < this.config.retries; attempt++) {
+      try {
+        const controller = new AbortController();
+        const timeoutId = setTimeout(() => controller.abort(), this.config.timeout);
+        const response = await fetch(url, {
+          method,
+          headers,
+          body: body ? JSON.stringify(body) : void 0,
+          signal: controller.signal
+        });
+        clearTimeout(timeoutId);
+        if (this.config.debug) {
+          console.log(`[Cognigate] ${method} ${path} -> ${response.status}`);
+        }
+        if (!response.ok) {
+          const errorData = await response.json().catch(() => ({}));
+          throw new CognigateError(
+            errorData.message || `Request failed with status ${response.status}`,
+            errorData.code || "REQUEST_FAILED",
+            response.status,
+            errorData.details
+          );
+        }
+        const data = await response.json();
+        return data;
+      } catch (error) {
+        lastError = error;
+        if (error instanceof CognigateError && error.status && error.status < 500) {
+          throw error;
+        }
+        if (attempt < this.config.retries - 1) {
+          const delay = Math.pow(2, attempt) * 1e3;
+          await new Promise((resolve) => setTimeout(resolve, delay));
+        }
+      }
+    }
+    throw lastError || new CognigateError("Request failed", "UNKNOWN_ERROR");
+  }
+  /**
+   * Check API health
+   */
+  async health() {
+    return this.request("GET", "/health");
+  }
+  /**
+   * Get tier from trust score
+   */
+  static getTierFromScore(score) {
+    if (score >= 950) return 7 /* T7_AUTONOMOUS */;
+    if (score >= 876) return 6 /* T6_CERTIFIED */;
+    if (score >= 800) return 5 /* T5_TRUSTED */;
+    if (score >= 650) return 4 /* T4_OPERATIONAL */;
+    if (score >= 500) return 3 /* T3_VERIFIED */;
+    if (score >= 350) return 2 /* T2_PROVISIONAL */;
+    if (score >= 200) return 1 /* T1_OBSERVED */;
+    return 0 /* T0_SANDBOX */;
+  }
+  /**
+   * Get tier name
+   */
+  static getTierName(tier) {
+    return TIER_THRESHOLDS[tier].name;
+  }
+  /**
+   * Get tier thresholds
+   */
+  static getTierThresholds(tier) {
+    return TIER_THRESHOLDS[tier];
+  }
+};
+var AgentsClient = class {
+  constructor(client) {
+    this.client = client;
+  }
+  /**
+   * List all agents
+   */
+  async list(params) {
+    const query = new URLSearchParams();
+    if (params?.page) query.set("page", params.page.toString());
+    if (params?.pageSize) query.set("pageSize", params.pageSize.toString());
+    if (params?.status) query.set("status", params.status);
+    const queryString = query.toString();
+    const path = `/agents${queryString ? `?${queryString}` : ""}`;
+    return this.client.request("GET", path);
+  }
+  /**
+   * Get a specific agent
+   */
+  async get(agentId) {
+    const response = await this.client.request("GET", `/agents/${agentId}`);
+    return AgentSchema.parse(response);
+  }
+  /**
+   * Create a new agent
+   */
+  async create(data) {
+    const response = await this.client.request("POST", "/agents", data);
+    return AgentSchema.parse(response);
+  }
+  /**
+   * Update an agent
+   */
+  async update(agentId, data) {
+    const response = await this.client.request("PATCH", `/agents/${agentId}`, data);
+    return AgentSchema.parse(response);
+  }
+  /**
+   * Delete an agent
+   */
+  async delete(agentId) {
+    await this.client.request("DELETE", `/agents/${agentId}`);
+  }
+  /**
+   * Pause an agent
+   */
+  async pause(agentId) {
+    return this.update(agentId, { status: "PAUSED" });
+  }
+  /**
+   * Resume an agent
+   */
+  async resume(agentId) {
+    return this.update(agentId, { status: "ACTIVE" });
+  }
+};
+var TrustClient = class {
+  constructor(client) {
+    this.client = client;
+  }
+  /**
+   * Get trust status for an entity
+   */
+  async getStatus(entityId) {
+    const response = await this.client.request("GET", `/trust/${entityId}`);
+    return TrustStatusSchema.parse(response);
+  }
+  /**
+   * Get trust history
+   */
+  async getHistory(entityId, params) {
+    const query = new URLSearchParams();
+    if (params?.from) query.set("from", params.from.toISOString());
+    if (params?.to) query.set("to", params.to.toISOString());
+    if (params?.limit) query.set("limit", params.limit.toString());
+    const queryString = query.toString();
+    const path = `/trust/${entityId}/history${queryString ? `?${queryString}` : ""}`;
+    return this.client.request("GET", path);
+  }
+  /**
+   * Submit an outcome to update trust score
+   */
+  async submitOutcome(entityId, proofId, outcome) {
+    const response = await this.client.request(
+      "POST",
+      `/trust/${entityId}/outcome`,
+      { proofId, ...outcome }
+    );
+    return TrustStatusSchema.parse(response);
+  }
+};
+var GovernanceClient = class {
+  constructor(client) {
+    this.client = client;
+  }
+  /**
+   * Parse user intent into structured format
+   */
+  async parseIntent(entityId, rawInput) {
+    return this.client.request("POST", "/governance/parse", {
+      entityId,
+      rawInput
+    });
+  }
+  /**
+   * Enforce governance rules on an intent
+   */
+  async enforce(intent) {
+    const response = await this.client.request(
+      "POST",
+      "/governance/enforce",
+      intent
+    );
+    return GovernanceResultSchema.parse(response);
+  }
+  /**
+   * Convenience method: parse and enforce in one call
+   */
+  async evaluate(entityId, rawInput) {
+    const parseResult = await this.parseIntent(entityId, rawInput);
+    const result = await this.enforce(parseResult.intent);
+    return {
+      intent: parseResult.intent,
+      result
+    };
+  }
+  /**
+   * Check if an action is allowed without creating a proof record
+   */
+  async canPerform(entityId, action, capabilities) {
+    return this.client.request("POST", "/governance/check", {
+      entityId,
+      action,
+      capabilities
+    });
+  }
+};
+var ProofsClient = class {
+  constructor(client) {
+    this.client = client;
+  }
+  /**
+   * Get a specific proof record
+   */
+  async get(proofId) {
+    const response = await this.client.request("GET", `/proofs/${proofId}`);
+    return ProofRecordSchema.parse(response);
+  }
+  /**
+   * List proof records for an entity
+   */
+  async list(entityId, params) {
+    const query = new URLSearchParams();
+    query.set("entityId", entityId);
+    if (params?.page) query.set("page", params.page.toString());
+    if (params?.pageSize) query.set("pageSize", params.pageSize.toString());
+    if (params?.from) query.set("from", params.from.toISOString());
+    if (params?.to) query.set("to", params.to.toISOString());
+    if (params?.outcome) query.set("outcome", params.outcome);
+    return this.client.request("GET", `/proofs?${query.toString()}`);
+  }
+  /**
+   * Get proof chain statistics
+   */
+  async getStats(entityId) {
+    return this.client.request("GET", `/proofs/stats/${entityId}`);
+  }
+  /**
+   * Verify proof chain integrity
+   */
+  async verify(entityId) {
+    return this.client.request("POST", `/proofs/verify/${entityId}`);
+  }
+};
+
+// src/webhooks.ts
+async function verifyWebhookSignature(payload, signature, secret) {
+  const encoder = new TextEncoder();
+  const data = encoder.encode(payload);
+  const key = await crypto.subtle.importKey(
+    "raw",
+    encoder.encode(secret),
+    { name: "HMAC", hash: "SHA-256" },
+    false,
+    ["sign"]
+  );
+  const signatureBuffer = await crypto.subtle.sign("HMAC", key, data);
+  const expectedSignature = bufferToHex(signatureBuffer);
+  return timingSafeEqual(signature, expectedSignature);
+}
+function parseWebhookPayload(body, signature, secret) {
+  return new Promise(async (resolve, reject) => {
+    const isValid = await verifyWebhookSignature(body, signature, secret);
+    if (!isValid) {
+      reject(new Error("Invalid webhook signature"));
+      return;
+    }
+    try {
+      const event = JSON.parse(body);
+      event.timestamp = new Date(event.timestamp);
+      resolve(event);
+    } catch (error) {
+      reject(new Error("Invalid webhook payload"));
+    }
+  });
+}
+var WebhookRouter = class {
+  handlers = /* @__PURE__ */ new Map();
+  /**
+   * Register a handler for a specific event type
+   */
+  on(type, handler) {
+    const existing = this.handlers.get(type) || [];
+    existing.push(handler);
+    this.handlers.set(type, existing);
+    return this;
+  }
+  /**
+   * Register a handler for all events
+   */
+  onAll(handler) {
+    const existing = this.handlers.get("*") || [];
+    existing.push(handler);
+    this.handlers.set("*", existing);
+    return this;
+  }
+  /**
+   * Handle a webhook event
+   */
+  async handle(event) {
+    const typeHandlers = this.handlers.get(event.type) || [];
+    const allHandlers = this.handlers.get("*") || [];
+    const handlers = [...typeHandlers, ...allHandlers];
+    for (const handler of handlers) {
+      await handler(event);
+    }
+  }
+  /**
+   * Create an Express/Connect compatible middleware
+   */
+  middleware(secret) {
+    return async (req, res, _next) => {
+      try {
+        const signature = req.headers["x-cognigate-signature"];
+        const body = typeof req.body === "string" ? req.body : JSON.stringify(req.body);
+        const event = await parseWebhookPayload(body, signature, secret);
+        await this.handle(event);
+        res.status(200).json({ received: true });
+      } catch (error) {
+        res.status(400).json({ error: error.message });
+      }
+    };
+  }
+};
+function bufferToHex(buffer) {
+  return Array.from(new Uint8Array(buffer)).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+function timingSafeEqual(a, b) {
+  if (a.length !== b.length) {
+    return false;
+  }
+  let result = 0;
+  for (let i = 0; i < a.length; i++) {
+    result |= a.charCodeAt(i) ^ b.charCodeAt(i);
+  }
+  return result === 0;
+}
+
+// src/index.ts
+import { z as z2 } from "zod";
+export {
+  AgentSchema,
+  Cognigate,
+  CognigateError,
+  GovernanceResultSchema,
+  ProofRecordSchema,
+  TIER_THRESHOLDS,
+  TrustStatusSchema,
+  TrustTier,
+  WebhookRouter,
+  parseWebhookPayload,
+  verifyWebhookSignature,
+  z2 as z
+};

package/package.json

@@ -0,0 +1,54 @@
+{
+  "name": "@vorionsys/cognigate",
+  "version": "1.0.0",
+  "description": "TypeScript SDK for the Cognigate AI governance API",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "type": "module",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "require": "./dist/index.cjs"
+    }
+  },
+  "scripts": {
+    "build": "tsup src/index.ts --format esm,cjs --dts",
+    "dev": "tsup src/index.ts --format esm,cjs --dts --watch",
+    "typecheck": "tsc --noEmit",
+    "test": "vitest",
+    "lint": "eslint src --ext .ts"
+  },
+  "keywords": [
+    "ai",
+    "governance",
+    "trust",
+    "agents",
+    "cognigate",
+    "basis",
+    "vorion"
+  ],
+  "author": "Vorion <team@vorion.dev>",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/vorion-dev/vorion.git",
+    "directory": "packages/cognigate"
+  },
+  "homepage": "https://cognigate.dev",
+  "dependencies": {
+    "zod": "^3.24.0"
+  },
+  "devDependencies": {
+    "@types/node": "^22.0.0",
+    "tsup": "^8.0.0",
+    "typescript": "^5.7.0",
+    "vitest": "^2.0.0"
+  },
+  "peerDependencies": {
+    "typescript": ">=5.0.0"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  }
+}

package/src/__tests__/client.test.ts

@@ -0,0 +1,162 @@
+/**
+ * Cognigate SDK Tests
+ */
+
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { Cognigate, CognigateError } from '../client.js';
+import { TrustTier, TIER_THRESHOLDS } from '../types.js';
+
+describe('Cognigate', () => {
+  describe('constructor', () => {
+    it('throws error when API key is missing', () => {
+      expect(() => new Cognigate({ apiKey: '' })).toThrow(CognigateError);
+      expect(() => new Cognigate({ apiKey: '' })).toThrow('API key is required');
+    });
+
+    it('creates client with valid API key', () => {
+      const client = new Cognigate({ apiKey: 'test-key' });
+      expect(client).toBeInstanceOf(Cognigate);
+      expect(client.agents).toBeDefined();
+      expect(client.trust).toBeDefined();
+      expect(client.governance).toBeDefined();
+      expect(client.proofs).toBeDefined();
+    });
+
+    it('uses default config values', () => {
+      const client = new Cognigate({ apiKey: 'test-key' });
+      // Check that sub-clients are properly initialized
+      expect(client.agents).toBeDefined();
+    });
+
+    it('accepts custom config values', () => {
+      const client = new Cognigate({
+        apiKey: 'test-key',
+        baseUrl: 'https://custom.api.com',
+        timeout: 60000,
+        retries: 5,
+        debug: true,
+      });
+      expect(client).toBeInstanceOf(Cognigate);
+    });
+  });
+
+  describe('getTierFromScore', () => {
+    it('returns T0_SANDBOX for scores 0-199', () => {
+      expect(Cognigate.getTierFromScore(0)).toBe(TrustTier.T0_SANDBOX);
+      expect(Cognigate.getTierFromScore(100)).toBe(TrustTier.T0_SANDBOX);
+      expect(Cognigate.getTierFromScore(199)).toBe(TrustTier.T0_SANDBOX);
+    });
+
+    it('returns T1_OBSERVED for scores 200-349', () => {
+      expect(Cognigate.getTierFromScore(200)).toBe(TrustTier.T1_OBSERVED);
+      expect(Cognigate.getTierFromScore(275)).toBe(TrustTier.T1_OBSERVED);
+      expect(Cognigate.getTierFromScore(349)).toBe(TrustTier.T1_OBSERVED);
+    });
+
+    it('returns T2_PROVISIONAL for scores 350-499', () => {
+      expect(Cognigate.getTierFromScore(350)).toBe(TrustTier.T2_PROVISIONAL);
+      expect(Cognigate.getTierFromScore(425)).toBe(TrustTier.T2_PROVISIONAL);
+      expect(Cognigate.getTierFromScore(499)).toBe(TrustTier.T2_PROVISIONAL);
+    });
+
+    it('returns T3_VERIFIED for scores 500-649', () => {
+      expect(Cognigate.getTierFromScore(500)).toBe(TrustTier.T3_VERIFIED);
+      expect(Cognigate.getTierFromScore(575)).toBe(TrustTier.T3_VERIFIED);
+      expect(Cognigate.getTierFromScore(649)).toBe(TrustTier.T3_VERIFIED);
+    });
+
+    it('returns T4_OPERATIONAL for scores 650-799', () => {
+      expect(Cognigate.getTierFromScore(650)).toBe(TrustTier.T4_OPERATIONAL);
+      expect(Cognigate.getTierFromScore(725)).toBe(TrustTier.T4_OPERATIONAL);
+      expect(Cognigate.getTierFromScore(799)).toBe(TrustTier.T4_OPERATIONAL);
+    });
+
+    it('returns T5_TRUSTED for scores 800-875', () => {
+      expect(Cognigate.getTierFromScore(800)).toBe(TrustTier.T5_TRUSTED);
+      expect(Cognigate.getTierFromScore(837)).toBe(TrustTier.T5_TRUSTED);
+      expect(Cognigate.getTierFromScore(875)).toBe(TrustTier.T5_TRUSTED);
+    });
+
+    it('returns T6_CERTIFIED for scores 876-949', () => {
+      expect(Cognigate.getTierFromScore(876)).toBe(TrustTier.T6_CERTIFIED);
+      expect(Cognigate.getTierFromScore(912)).toBe(TrustTier.T6_CERTIFIED);
+      expect(Cognigate.getTierFromScore(949)).toBe(TrustTier.T6_CERTIFIED);
+    });
+
+    it('returns T7_AUTONOMOUS for scores 950-1000', () => {
+      expect(Cognigate.getTierFromScore(950)).toBe(TrustTier.T7_AUTONOMOUS);
+      expect(Cognigate.getTierFromScore(975)).toBe(TrustTier.T7_AUTONOMOUS);
+      expect(Cognigate.getTierFromScore(1000)).toBe(TrustTier.T7_AUTONOMOUS);
+    });
+  });
+
+  describe('getTierName', () => {
+    it('returns correct tier names', () => {
+      expect(Cognigate.getTierName(TrustTier.T0_SANDBOX)).toBe('Sandbox');
+      expect(Cognigate.getTierName(TrustTier.T1_OBSERVED)).toBe('Observed');
+      expect(Cognigate.getTierName(TrustTier.T2_PROVISIONAL)).toBe('Provisional');
+      expect(Cognigate.getTierName(TrustTier.T3_VERIFIED)).toBe('Verified');
+      expect(Cognigate.getTierName(TrustTier.T4_OPERATIONAL)).toBe('Operational');
+      expect(Cognigate.getTierName(TrustTier.T5_TRUSTED)).toBe('Trusted');
+      expect(Cognigate.getTierName(TrustTier.T6_CERTIFIED)).toBe('Certified');
+      expect(Cognigate.getTierName(TrustTier.T7_AUTONOMOUS)).toBe('Autonomous');
+    });
+  });
+
+  describe('getTierThresholds', () => {
+    it('returns correct thresholds', () => {
+      const t4 = Cognigate.getTierThresholds(TrustTier.T4_OPERATIONAL);
+      expect(t4.min).toBe(650);
+      expect(t4.max).toBe(799);
+      expect(t4.name).toBe('Operational');
+    });
+  });
+});
+
+describe('TIER_THRESHOLDS', () => {
+  it('has all 8 tiers defined', () => {
+    expect(Object.keys(TIER_THRESHOLDS)).toHaveLength(8);
+  });
+
+  it('tiers are contiguous (no gaps)', () => {
+    const tiers = [
+      TrustTier.T0_SANDBOX,
+      TrustTier.T1_OBSERVED,
+      TrustTier.T2_PROVISIONAL,
+      TrustTier.T3_VERIFIED,
+      TrustTier.T4_OPERATIONAL,
+      TrustTier.T5_TRUSTED,
+      TrustTier.T6_CERTIFIED,
+      TrustTier.T7_AUTONOMOUS,
+    ];
+
+    for (let i = 0; i < tiers.length - 1; i++) {
+      const current = TIER_THRESHOLDS[tiers[i]];
+      const next = TIER_THRESHOLDS[tiers[i + 1]];
+      expect(current.max + 1).toBe(next.min);
+    }
+  });
+
+  it('covers full 0-1000 range', () => {
+    expect(TIER_THRESHOLDS[TrustTier.T0_SANDBOX].min).toBe(0);
+    expect(TIER_THRESHOLDS[TrustTier.T7_AUTONOMOUS].max).toBe(1000);
+  });
+});
+
+describe('CognigateError', () => {
+  it('creates error with all properties', () => {
+    const error = new CognigateError('Test error', 'TEST_CODE', 400, { foo: 'bar' });
+
+    expect(error.message).toBe('Test error');
+    expect(error.code).toBe('TEST_CODE');
+    expect(error.status).toBe(400);
+    expect(error.details).toEqual({ foo: 'bar' });
+    expect(error.name).toBe('CognigateError');
+  });
+
+  it('is instanceof Error', () => {
+    const error = new CognigateError('Test', 'CODE');
+    expect(error instanceof Error).toBe(true);
+    expect(error instanceof CognigateError).toBe(true);
+  });
+});