@xnetjs/abuse 0.0.1

package/dist/adapters-k10HxbtE.d.ts

@@ -0,0 +1,190 @@
+/**
+ * @xnetjs/abuse - Shared abuse decision types.
+ */
+type AbuseSurface = 'transport' | 'remoteMutation' | 'commentThread' | 'messageInbox' | 'searchIndex' | 'feed' | 'crawl' | 'localApi';
+type PolicyScope = 'user' | 'workspace' | 'community' | 'hub' | 'appView' | 'protocol';
+type AbuseAdmission = 'accept' | 'reject' | 'quarantine';
+type AbuseVisibility = 'show' | 'warn' | 'blur' | 'hide';
+type AbuseReach = 'normal' | 'demote' | 'exclude';
+type AbuseResource = 'normal' | 'throttle' | 'block-peer' | 'require-budget';
+type AbuseSeverity = 'low' | 'medium' | 'high' | 'critical';
+type AbuseReviewQueue = 'safety' | 'quality' | 'appeal' | 'operator';
+type AbuseReasonCode = 'accepted' | 'blocked-by-policy' | 'budget-required' | 'failed-admission' | 'first-contact' | 'invalid-doc-binding' | 'invalid-freshness' | 'invalid-hash' | 'invalid-signature' | 'low-confidence-quality-signal' | 'over-rate-limit' | 'over-size-limit' | 'peer-score-block' | 'peer-score-throttle' | 'quality-risk' | 'trusted-abuse-label' | 'trusted-warning-label' | 'unauthorized' | 'unsigned-update' | 'user-override';
+type AbuseLabel = {
+    value: string;
+    sourceDID?: string;
+    sourceWeight: number;
+    confidence: number;
+    expiresAt?: number;
+    evidenceRefs?: readonly string[];
+};
+type AbuseCryptoFacts = {
+    hashValid: boolean;
+    signatureValid: boolean;
+    authorized: boolean;
+    freshnessValid: boolean;
+    docBindingValid: boolean;
+};
+type AbuseResourceFacts = {
+    overSizeLimit: boolean;
+    overRateLimit: boolean;
+    estimatedCost: number;
+    budgetRemaining: number | null;
+};
+type AbuseActorFacts = {
+    did?: string;
+    peerId?: string;
+    firstContact: boolean;
+    peerScore: number;
+    localBlocked: boolean;
+    workspaceBlocked: boolean;
+    hubBlocked: boolean;
+};
+type AbuseQualitySignals = {
+    duplicateScore: number;
+    slopScore: number;
+    citationCoverage: number;
+    provenanceScore: number;
+};
+type AbusePolicyFacts = {
+    peerScoreBlockThreshold: number;
+    peerScoreThrottleThreshold: number;
+    abuseLabelHideThreshold: number;
+    abuseLabelWarnThreshold: number;
+    qualityReviewThreshold: number;
+    qualityWarnThreshold: number;
+    quarantineFirstContact: boolean;
+};
+type AbuseDecisionOverride = Partial<Pick<AbuseDecision, 'visibility' | 'reach' | 'notify' | 'includeInCounters' | 'includeInSearch'>> & {
+    reason?: string;
+};
+type AbuseFacts = {
+    surface: AbuseSurface;
+    crypto?: Partial<AbuseCryptoFacts>;
+    resource?: Partial<AbuseResourceFacts>;
+    actor?: Partial<AbuseActorFacts>;
+    labels?: readonly AbuseLabel[];
+    quality?: Partial<AbuseQualitySignals>;
+    policy?: Partial<AbusePolicyFacts>;
+    override?: AbuseDecisionOverride;
+    now?: number;
+};
+type NormalizedAbuseFacts = {
+    surface: AbuseSurface;
+    crypto: AbuseCryptoFacts;
+    resource: AbuseResourceFacts;
+    actor: AbuseActorFacts;
+    labels: readonly AbuseLabel[];
+    quality: AbuseQualitySignals;
+    policy: AbusePolicyFacts;
+    override?: AbuseDecisionOverride;
+    now: number;
+};
+type PendingLabel = {
+    value: string;
+    confidence: number;
+    reason: AbuseReasonCode;
+    evidenceRefs: readonly string[];
+};
+type PendingSecurityEvent = {
+    eventName: string;
+    severity: AbuseSeverity;
+    reason: AbuseReasonCode;
+};
+type AbuseReviewDecision = {
+    required: false;
+} | {
+    required: true;
+    queue: AbuseReviewQueue;
+    priority: number;
+};
+type AbuseDecision = {
+    admission: AbuseAdmission;
+    visibility: AbuseVisibility;
+    reach: AbuseReach;
+    resource: AbuseResource;
+    notify: boolean;
+    includeInCounters: boolean;
+    includeInSearch: boolean;
+    review: AbuseReviewDecision;
+    reasons: readonly AbuseReasonCode[];
+    evidenceRefs: readonly string[];
+    labelsToEmit: readonly PendingLabel[];
+    telemetry: readonly PendingSecurityEvent[];
+};
+type DecisionExplanationReason = {
+    code: AbuseReasonCode;
+    severity: AbuseSeverity;
+    message: string;
+};
+type DecisionExplanation = {
+    summary: string;
+    reasons: readonly DecisionExplanationReason[];
+};
+
+/**
+ * Privacy-preserving telemetry helpers for abuse decisions.
+ */
+
+type AbusePeerScoreBucket = 'unknown' | '<=10' | '11-30' | '31-50' | '51-80' | '81-100' | '>100';
+type AbuseTelemetryReporter = {
+    reportSecurityEvent(eventName: string, severity: AbuseSeverity, details?: Record<string, unknown>): unknown;
+    reportUsage?(metricName: string, value: number): unknown;
+};
+type RemoteMutationRejectionTelemetry = {
+    eventName: string;
+    severity: AbuseSeverity;
+    details: {
+        actionTaken: 'remote_mutation_rejected';
+        surface: AbuseSurface;
+        primaryReason: AbuseReasonCode;
+        reasons: readonly AbuseReasonCode[];
+        peerHash: string;
+        peerScoreBucket: AbusePeerScoreBucket;
+        resourceAction: AbuseDecision['resource'];
+        shouldThrottle: boolean;
+    };
+};
+type RemoteMutationRejectionTelemetryInput = {
+    facts: AbuseFacts;
+    decision: AbuseDecision;
+    eventName?: string;
+    peerHashSalt?: string;
+};
+declare function bucketAbusePeerScore(score: number | null | undefined): AbusePeerScoreBucket;
+declare function hashAbusePeerIdentifier(peerId: string | null | undefined, salt?: string): string;
+declare function createRemoteMutationRejectionTelemetry(input: RemoteMutationRejectionTelemetryInput): RemoteMutationRejectionTelemetry | null;
+declare function reportRemoteMutationRejection(telemetry: AbuseTelemetryReporter | undefined, input: RemoteMutationRejectionTelemetryInput): boolean;
+
+/**
+ * Adapter helpers for wiring local package events into abuse decisions.
+ */
+
+type AbuseFactAdapter<TInput> = (input: TInput) => AbuseFacts;
+type AbuseDecisionFunction = (facts: AbuseFacts) => AbuseDecision;
+type AbuseAdapterResult = {
+    facts: AbuseFacts;
+    decision: AbuseDecision;
+};
+declare function createAbuseFactAdapter<TInput>(adapter: AbuseFactAdapter<TInput>): AbuseFactAdapter<TInput>;
+declare function decideWithAdapter<TInput>(input: TInput, adapter: AbuseFactAdapter<TInput>, decide?: AbuseDecisionFunction): AbuseAdapterResult;
+declare function createAbuseDecisionAdapter<TInput>(adapter: AbuseFactAdapter<TInput>, decide?: AbuseDecisionFunction): (input: TInput) => AbuseAdapterResult;
+type RemoteAdmissionResult = AbuseAdapterResult & {
+    accepted: boolean;
+    shouldMutate: boolean;
+    shouldRelay: boolean;
+    shouldThrottle: boolean;
+};
+type RemoteAdmissionPipeline<TInput> = {
+    evaluate(input: TInput): RemoteAdmissionResult;
+};
+type RemoteAdmissionPipelineOptions<TInput> = {
+    adapt: AbuseFactAdapter<TInput>;
+    decide?: AbuseDecisionFunction;
+    telemetry?: AbuseTelemetryReporter;
+    telemetryEventName?: string;
+    telemetryPeerHashSalt?: string;
+};
+declare function createRemoteAdmissionPipeline<TInput>(options: RemoteAdmissionPipelineOptions<TInput>): RemoteAdmissionPipeline<TInput>;
+
+export { type AbuseLabel as A, type AbuseResource as B, type AbuseResourceFacts as C, type DecisionExplanation as D, type AbuseReviewDecision as E, type AbuseReviewQueue as F, type AbuseSeverity as G, type AbuseSurface as H, type AbuseVisibility as I, type PendingLabel as J, type PendingSecurityEvent as K, type NormalizedAbuseFacts as N, type PolicyScope as P, type RemoteAdmissionPipeline as R, type AbuseFacts as a, type AbuseDecision as b, type AbuseReasonCode as c, type DecisionExplanationReason as d, createAbuseDecisionAdapter as e, createAbuseFactAdapter as f, createRemoteAdmissionPipeline as g, decideWithAdapter as h, bucketAbusePeerScore as i, createRemoteMutationRejectionTelemetry as j, hashAbusePeerIdentifier as k, type AbuseAdapterResult as l, type AbuseDecisionFunction as m, type AbuseFactAdapter as n, type RemoteAdmissionPipelineOptions as o, type RemoteAdmissionResult as p, type AbusePeerScoreBucket as q, reportRemoteMutationRejection as r, type AbuseTelemetryReporter as s, type RemoteMutationRejectionTelemetry as t, type RemoteMutationRejectionTelemetryInput as u, type AbuseActorFacts as v, type AbuseAdmission as w, type AbuseCryptoFacts as x, type AbuseDecisionOverride as y, type AbuseQualitySignals as z };

package/dist/adapters.d.ts

@@ -0,0 +1 @@
+export { t as AbuseAdapterResult, u as AbuseDecisionFunction, v as AbuseFactAdapter, R as RemoteAdmissionPipeline, w as RemoteAdmissionPipelineOptions, x as RemoteAdmissionResult, l as createAbuseDecisionAdapter, m as createAbuseFactAdapter, n as createRemoteAdmissionPipeline, o as decideWithAdapter } from './adapters-CBfkKocx.js';

package/dist/adapters.js

@@ -0,0 +1,12 @@
+import {
+  createAbuseDecisionAdapter,
+  createAbuseFactAdapter,
+  createRemoteAdmissionPipeline,
+  decideWithAdapter
+} from "./chunk-O3JDSAJP.js";
+export {
+  createAbuseDecisionAdapter,
+  createAbuseFactAdapter,
+  createRemoteAdmissionPipeline,
+  decideWithAdapter
+};

package/dist/chunk-4FW6LHWU.js

@@ -0,0 +1,495 @@
+// src/decision.ts
+var DEFAULT_CRYPTO = {
+  hashValid: true,
+  signatureValid: true,
+  authorized: true,
+  freshnessValid: true,
+  docBindingValid: true
+};
+var DEFAULT_RESOURCE = {
+  overSizeLimit: false,
+  overRateLimit: false,
+  estimatedCost: 0,
+  budgetRemaining: null
+};
+var DEFAULT_ACTOR = {
+  firstContact: false,
+  peerScore: 100,
+  localBlocked: false,
+  workspaceBlocked: false,
+  hubBlocked: false,
+  appViewBlocked: false
+};
+var DEFAULT_QUALITY = {
+  duplicateScore: 0,
+  slopScore: 0,
+  citationCoverage: 1,
+  provenanceScore: 1
+};
+var DEFAULT_POLICY = {
+  peerScoreBlockThreshold: 10,
+  peerScoreThrottleThreshold: 30,
+  abuseLabelHideThreshold: 1.5,
+  abuseLabelWarnThreshold: 0.5,
+  qualityReviewThreshold: 0.65,
+  qualityWarnThreshold: 0.35,
+  quarantineFirstContact: true
+};
+var ABUSE_LABELS = ["malware", "scam", "spam", "impersonation", "harassment"];
+var WARNING_LABELS = ["inaccurate", "slop", "unsupported", "stale", "synthetic"];
+function normalizeAbuseFacts(facts) {
+  return {
+    surface: facts.surface,
+    crypto: { ...DEFAULT_CRYPTO, ...facts.crypto },
+    resource: { ...DEFAULT_RESOURCE, ...facts.resource },
+    actor: { ...DEFAULT_ACTOR, ...facts.actor },
+    labels: facts.labels ?? [],
+    quality: { ...DEFAULT_QUALITY, ...facts.quality },
+    policy: { ...DEFAULT_POLICY, ...facts.policy },
+    override: facts.override,
+    now: facts.now ?? Date.now()
+  };
+}
+function decideTransport(facts = {}) {
+  return decideAbuse({ ...facts, surface: "transport" });
+}
+function decideRemoteMutation(facts = {}) {
+  return decideAbuse({ ...facts, surface: "remoteMutation" });
+}
+function decidePublicInteraction(facts = {}) {
+  return decideAbuse({ ...facts, surface: facts.surface ?? "commentThread" });
+}
+function decideReach(facts = {}) {
+  return decideAbuse({ ...facts, surface: facts.surface ?? "searchIndex" });
+}
+function decideAbuse(input) {
+  const facts = normalizeAbuseFacts(input);
+  const hardDecision = decideHardAdmission(facts);
+  if (hardDecision) {
+    return hardDecision;
+  }
+  const labelDecision = decideByLabels(facts);
+  if (labelDecision) {
+    return applySafeOverride(labelDecision, facts);
+  }
+  const resourceDecision = decideByResource(facts);
+  if (resourceDecision) {
+    return applySafeOverride(resourceDecision, facts);
+  }
+  const firstContactDecision = decideByFirstContact(facts);
+  if (firstContactDecision) {
+    return applySafeOverride(firstContactDecision, facts);
+  }
+  const qualityDecision = decideByQuality(facts);
+  if (qualityDecision) {
+    return applySafeOverride(qualityDecision, facts);
+  }
+  return applySafeOverride(
+    createDecision({
+      reasons: ["accepted"]
+    }),
+    facts
+  );
+}
+function decideHardAdmission(facts) {
+  if (facts.resource.overSizeLimit) {
+    return createDecision({
+      admission: "reject",
+      visibility: "hide",
+      reach: "exclude",
+      notify: false,
+      includeInCounters: false,
+      includeInSearch: false,
+      reasons: ["over-size-limit"],
+      telemetry: [securityEvent("xnet.security.invalid_data", "high", "over-size-limit")]
+    });
+  }
+  const invalidCryptoReasons = getInvalidCryptoReasons(facts);
+  if (invalidCryptoReasons.length > 0) {
+    return createDecision({
+      admission: "reject",
+      visibility: "hide",
+      reach: "exclude",
+      resource: facts.actor.peerScore <= facts.policy.peerScoreBlockThreshold ? "block-peer" : "normal",
+      reasons: ["failed-admission", ...invalidCryptoReasons],
+      telemetry: invalidCryptoReasons.map(
+        (reason) => securityEvent(
+          reason === "invalid-signature" ? "xnet.security.invalid_signature" : "xnet.security.invalid_data",
+          "high",
+          reason
+        )
+      )
+    });
+  }
+  const policyBlockEvidenceRefs = getPolicyBlockEvidenceRefs(facts);
+  if (policyBlockEvidenceRefs.length > 0) {
+    return createDecision({
+      admission: isMutationSurface(facts) ? "reject" : "accept",
+      visibility: "hide",
+      reach: "exclude",
+      notify: false,
+      includeInCounters: false,
+      includeInSearch: false,
+      reasons: ["blocked-by-policy"],
+      evidenceRefs: policyBlockEvidenceRefs
+    });
+  }
+  if (facts.actor.peerScore <= facts.policy.peerScoreBlockThreshold) {
+    return createDecision({
+      admission: isMutationSurface(facts) ? "reject" : "quarantine",
+      visibility: "hide",
+      reach: "exclude",
+      resource: "block-peer",
+      notify: false,
+      includeInCounters: false,
+      includeInSearch: false,
+      reasons: ["peer-score-block"],
+      telemetry: [securityEvent("xnet.security.peer_blocked", "high", "peer-score-block")]
+    });
+  }
+  return null;
+}
+function decideByLabels(facts) {
+  const abuseScore = weightedLabelScore(facts, ABUSE_LABELS);
+  if (abuseScore >= facts.policy.abuseLabelHideThreshold) {
+    return createDecision({
+      admission: isMutationSurface(facts) ? "reject" : "accept",
+      visibility: "hide",
+      reach: "exclude",
+      notify: false,
+      includeInCounters: false,
+      includeInSearch: false,
+      review: review("safety", 80),
+      reasons: ["trusted-abuse-label"]
+    });
+  }
+  const warningScore = weightedLabelScore(facts, WARNING_LABELS);
+  if (abuseScore >= facts.policy.abuseLabelWarnThreshold || warningScore >= facts.policy.abuseLabelWarnThreshold) {
+    return createDecision({
+      visibility: "warn",
+      reach: "demote",
+      includeInCounters: abuseScore === 0,
+      includeInSearch: false,
+      reasons: ["trusted-warning-label"]
+    });
+  }
+  return null;
+}
+function decideByResource(facts) {
+  if (facts.resource.overRateLimit) {
+    return createDecision({
+      admission: isMutationSurface(facts) ? "reject" : "quarantine",
+      visibility: "warn",
+      reach: "demote",
+      resource: "throttle",
+      notify: false,
+      includeInCounters: false,
+      includeInSearch: false,
+      reasons: ["over-rate-limit"],
+      telemetry: [securityEvent("xnet.security.rate_limit_exceeded", "medium", "over-rate-limit")]
+    });
+  }
+  if (facts.resource.budgetRemaining !== null && facts.resource.estimatedCost > facts.resource.budgetRemaining) {
+    return createDecision({
+      admission: "quarantine",
+      visibility: "warn",
+      reach: "exclude",
+      resource: "require-budget",
+      notify: false,
+      includeInCounters: false,
+      includeInSearch: false,
+      review: review("operator", 60),
+      reasons: ["budget-required"]
+    });
+  }
+  if (facts.actor.peerScore <= facts.policy.peerScoreThrottleThreshold) {
+    return createDecision({
+      admission: isMutationSurface(facts) ? "reject" : "quarantine",
+      visibility: "warn",
+      reach: "demote",
+      resource: "throttle",
+      notify: false,
+      includeInCounters: false,
+      includeInSearch: false,
+      reasons: ["peer-score-throttle"]
+    });
+  }
+  return null;
+}
+function decideByFirstContact(facts) {
+  if (!facts.policy.quarantineFirstContact || !facts.actor.firstContact) {
+    return null;
+  }
+  if (facts.surface !== "commentThread" && facts.surface !== "messageInbox") {
+    return null;
+  }
+  return createDecision({
+    admission: "quarantine",
+    visibility: "warn",
+    reach: "demote",
+    notify: false,
+    includeInCounters: false,
+    includeInSearch: false,
+    review: review("safety", 50),
+    reasons: ["first-contact"]
+  });
+}
+function decideByQuality(facts) {
+  const score = qualityRiskScore(facts);
+  if (score >= facts.policy.qualityReviewThreshold) {
+    return createDecision({
+      admission: facts.surface === "remoteMutation" ? "accept" : "quarantine",
+      visibility: "warn",
+      reach: "demote",
+      includeInCounters: false,
+      includeInSearch: false,
+      review: review("quality", Math.round(score * 100)),
+      reasons: ["quality-risk"]
+    });
+  }
+  if (score >= facts.policy.qualityWarnThreshold) {
+    return createDecision({
+      visibility: "warn",
+      reach: "demote",
+      includeInSearch: false,
+      reasons: ["low-confidence-quality-signal"]
+    });
+  }
+  return null;
+}
+function activeLabels(facts) {
+  return facts.labels.filter(
+    (label) => label.expiresAt === void 0 || label.expiresAt > facts.now
+  );
+}
+function weightedLabelScore(facts, values) {
+  return activeLabels(facts).filter((label) => values.includes(label.value)).reduce((score, label) => score + label.confidence * label.sourceWeight, 0);
+}
+function qualityRiskScore(facts) {
+  return clamp01(
+    facts.quality.slopScore * 0.4 + facts.quality.duplicateScore * 0.25 + (1 - facts.quality.citationCoverage) * 0.2 + (1 - facts.quality.provenanceScore) * 0.15
+  );
+}
+function getInvalidCryptoReasons(facts) {
+  return [
+    facts.crypto.hashValid ? null : "invalid-hash",
+    facts.crypto.signatureValid ? null : "invalid-signature",
+    facts.crypto.freshnessValid ? null : "invalid-freshness",
+    facts.crypto.docBindingValid ? null : "invalid-doc-binding",
+    facts.crypto.authorized ? null : "unauthorized"
+  ].filter((reason) => reason !== null);
+}
+function getPolicyBlockEvidenceRefs(facts) {
+  return [
+    facts.actor.localBlocked ? "policy-scope:user" : null,
+    facts.actor.workspaceBlocked ? "policy-scope:workspace" : null,
+    facts.actor.hubBlocked ? "policy-scope:hub" : null,
+    facts.actor.appViewBlocked ? "policy-scope:appView" : null
+  ].filter((scope) => scope !== null);
+}
+function isMutationSurface(facts) {
+  return facts.surface === "remoteMutation" || facts.surface === "localApi";
+}
+function applySafeOverride(decision, facts) {
+  if (!facts.override || decision.admission === "reject") {
+    return decision;
+  }
+  return {
+    ...decision,
+    visibility: facts.override.visibility ?? decision.visibility,
+    reach: facts.override.reach ?? decision.reach,
+    notify: facts.override.notify ?? decision.notify,
+    includeInCounters: facts.override.includeInCounters ?? decision.includeInCounters,
+    includeInSearch: facts.override.includeInSearch ?? decision.includeInSearch,
+    reasons: appendReason(decision.reasons, "user-override"),
+    evidenceRefs: facts.override.reason ? [...decision.evidenceRefs, facts.override.reason] : decision.evidenceRefs
+  };
+}
+function createDecision(input) {
+  return {
+    admission: input.admission ?? "accept",
+    visibility: input.visibility ?? "show",
+    reach: input.reach ?? "normal",
+    resource: input.resource ?? "normal",
+    notify: input.notify ?? true,
+    includeInCounters: input.includeInCounters ?? true,
+    includeInSearch: input.includeInSearch ?? true,
+    review: input.review ?? { required: false },
+    reasons: dedupeReasons(input.reasons),
+    evidenceRefs: input.evidenceRefs ?? [],
+    labelsToEmit: input.labelsToEmit ?? [],
+    telemetry: input.telemetry ?? []
+  };
+}
+function review(queue, priority) {
+  return { required: true, queue, priority };
+}
+function securityEvent(eventName, severity, reason) {
+  return { eventName, severity, reason };
+}
+function appendReason(reasons, reason) {
+  return dedupeReasons([...reasons, reason]);
+}
+function dedupeReasons(reasons) {
+  return [...new Set(reasons)];
+}
+function clamp01(value) {
+  return Math.min(1, Math.max(0, value));
+}
+function shouldThrottle(decision) {
+  return decision.resource === "throttle" || decision.resource === "block-peer";
+}
+function isVisible(decision) {
+  return decision.visibility === "show" || decision.visibility === "warn" || decision.visibility === "blur";
+}
+function isRejected(decision) {
+  return decision.admission === "reject";
+}
+
+// src/telemetry.ts
+import { hashBase64 } from "@xnetjs/crypto";
+var DEFAULT_REMOTE_MUTATION_REJECTION_EVENT = "xnet.security.remote_mutation_rejected";
+var DEFAULT_PEER_HASH_SALT = "xnet.abuse.telemetry.peer.v1";
+var SEVERITY_RANK = {
+  low: 0,
+  medium: 1,
+  high: 2,
+  critical: 3
+};
+function bucketAbusePeerScore(score) {
+  if (typeof score !== "number" || !Number.isFinite(score)) return "unknown";
+  if (score <= 10) return "<=10";
+  if (score <= 30) return "11-30";
+  if (score <= 50) return "31-50";
+  if (score <= 80) return "51-80";
+  if (score <= 100) return "81-100";
+  return ">100";
+}
+function hashAbusePeerIdentifier(peerId, salt = DEFAULT_PEER_HASH_SALT) {
+  const normalized = peerId?.trim();
+  if (!normalized) return "unknown";
+  const input = new TextEncoder().encode(`${salt}:${normalized}`);
+  return `p_${hashBase64(input, "blake3").slice(0, 16)}`;
+}
+function createRemoteMutationRejectionTelemetry(input) {
+  if (input.decision.admission !== "reject") return null;
+  const facts = normalizeAbuseFacts(input.facts);
+  const reasons = input.decision.reasons.filter(
+    (reason) => reason !== "accepted"
+  );
+  const primaryReason = reasons[0] ?? "failed-admission";
+  const peerIdentity = facts.actor.peerId ?? facts.actor.did;
+  return {
+    eventName: input.eventName ?? DEFAULT_REMOTE_MUTATION_REJECTION_EVENT,
+    severity: rejectionSeverity(input.decision),
+    details: {
+      actionTaken: "remote_mutation_rejected",
+      surface: facts.surface,
+      primaryReason,
+      reasons,
+      peerHash: hashAbusePeerIdentifier(peerIdentity, input.peerHashSalt),
+      peerScoreBucket: bucketAbusePeerScore(facts.actor.peerScore),
+      resourceAction: input.decision.resource,
+      shouldThrottle: shouldThrottle(input.decision)
+    }
+  };
+}
+function reportRemoteMutationRejection(telemetry, input) {
+  if (!telemetry) return false;
+  const event = createRemoteMutationRejectionTelemetry(input);
+  if (!event) return false;
+  telemetry.reportSecurityEvent(event.eventName, event.severity, event.details);
+  telemetry.reportUsage?.("xnet.security.remote_mutation_rejections", 1);
+  return true;
+}
+function rejectionSeverity(decision) {
+  const explicit = decision.telemetry.map((event) => event.severity);
+  if (explicit.length > 0) {
+    return explicit.reduce(
+      (highest, severity) => SEVERITY_RANK[severity] > SEVERITY_RANK[highest] ? severity : highest
+    );
+  }
+  if (decision.reasons.some(
+    (reason) => [
+      "blocked-by-policy",
+      "invalid-doc-binding",
+      "invalid-signature",
+      "peer-score-block",
+      "unsigned-update",
+      "unauthorized"
+    ].includes(reason)
+  )) {
+    return "high";
+  }
+  if (decision.reasons.some(
+    (reason) => ["over-rate-limit", "over-size-limit", "peer-score-throttle"].includes(reason)
+  )) {
+    return "medium";
+  }
+  return "low";
+}
+
+// src/adapters.ts
+function createAbuseFactAdapter(adapter) {
+  return adapter;
+}
+function decideWithAdapter(input, adapter, decide = decideAbuse) {
+  const facts = adapter(input);
+  return {
+    facts,
+    decision: decide(facts)
+  };
+}
+function createAbuseDecisionAdapter(adapter, decide = decideAbuse) {
+  return (input) => decideWithAdapter(input, adapter, decide);
+}
+function createRemoteAdmissionPipeline(options) {
+  const decide = options.decide ?? decideRemoteMutation;
+  return {
+    evaluate(input) {
+      const result = decideWithAdapter(input, options.adapt, decide);
+      const accepted = result.decision.admission === "accept";
+      const rejected = isRejected(result.decision);
+      const shouldMutate = !rejected;
+      const throttle = shouldThrottle(result.decision);
+      if (rejected) {
+        reportRemoteMutationRejection(options.telemetry, {
+          facts: result.facts,
+          decision: result.decision,
+          eventName: options.telemetryEventName,
+          peerHashSalt: options.telemetryPeerHashSalt
+        });
+      }
+      return {
+        ...result,
+        accepted,
+        shouldMutate,
+        shouldRelay: accepted && result.decision.reach !== "exclude",
+        shouldThrottle: throttle
+      };
+    }
+  };
+}
+
+export {
+  normalizeAbuseFacts,
+  decideTransport,
+  decideRemoteMutation,
+  decidePublicInteraction,
+  decideReach,
+  decideAbuse,
+  activeLabels,
+  weightedLabelScore,
+  qualityRiskScore,
+  shouldThrottle,
+  isVisible,
+  isRejected,
+  bucketAbusePeerScore,
+  hashAbusePeerIdentifier,
+  createRemoteMutationRejectionTelemetry,
+  reportRemoteMutationRejection,
+  createAbuseFactAdapter,
+  decideWithAdapter,
+  createAbuseDecisionAdapter,
+  createRemoteAdmissionPipeline
+};