agent-inspect 1.7.0 → 1.8.0

package/packages/cli/dist/index.cjs

@@ -2,7 +2,7 @@
 'use strict';
 
 var fs = require('fs');
-var path = require('path');
+var path10 = require('path');
 var url = require('url');
 var commander = require('commander');
 var promises = require('fs/promises');
@@ -16,14 +16,14 @@ var tty = require('tty');
 var _documentCurrentScript = typeof document !== 'undefined' ? document.currentScript : null;
 function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
 
-var path__default = /*#__PURE__*/_interopDefault(path);
+var path10__default = /*#__PURE__*/_interopDefault(path10);
 var crypto__default = /*#__PURE__*/_interopDefault(crypto);
 var os__default = /*#__PURE__*/_interopDefault(os);
 var process2__default = /*#__PURE__*/_interopDefault(process2);
 var tty__default = /*#__PURE__*/_interopDefault(tty);
 
 // package.json
-var version = "1.7.0";
+var version = "1.8.0";
 
 // packages/core/src/types.ts
 var STEP_TYPES = [
@@ -1905,7 +1905,7 @@ function formatDuration(ms) {
 // packages/core/src/utils.ts
 var DEFAULT_TRACE_DIR_NAME = ".agent-inspect";
 var RUNS_DIR_NAME = "runs";
-var FALLBACK_TRACE_DIR = path__default.default.join(
+var FALLBACK_TRACE_DIR = path10__default.default.join(
   os__default.default.tmpdir(),
   "agent-inspect",
   RUNS_DIR_NAME
@@ -1943,7 +1943,7 @@ function getDefaultTraceDir() {
     if (typeof home !== "string" || home.trim() === "") {
       return FALLBACK_TRACE_DIR;
     }
-    return path__default.default.join(home, DEFAULT_TRACE_DIR_NAME, RUNS_DIR_NAME);
+    return path10__default.default.join(home, DEFAULT_TRACE_DIR_NAME, RUNS_DIR_NAME);
   } catch {
     return FALLBACK_TRACE_DIR;
   }
@@ -1951,20 +1951,20 @@ function getDefaultTraceDir() {
 function getTraceFilePath(runId, traceDir) {
   const baseDir = traceDir ?? getDefaultTraceDir();
   let safeId = typeof runId === "string" && runId.trim() !== "" ? runId.trim() : "run_unknown";
-  safeId = path__default.default.basename(safeId);
+  safeId = path10__default.default.basename(safeId);
   if (safeId === "" || safeId === "." || safeId === "..") {
     safeId = "run_unknown";
   }
-  return path__default.default.join(baseDir, `${safeId}.jsonl`);
+  return path10__default.default.join(baseDir, `${safeId}.jsonl`);
 }
 async function ensureTraceDir(traceDir) {
-  const primary = path__default.default.resolve(traceDir);
+  const primary = path10__default.default.resolve(traceDir);
   try {
     await promises.mkdir(primary, { recursive: true });
     return primary;
   } catch {
     warn(`Failed to create trace directory: ${primary}`);
-    const fallback = path__default.default.resolve(FALLBACK_TRACE_DIR);
+    const fallback = path10__default.default.resolve(FALLBACK_TRACE_DIR);
     try {
       await promises.mkdir(fallback, { recursive: true });
       return fallback;
@@ -2638,7 +2638,7 @@ var TraceDirectory = class {
     this.#dir = resolveTraceDir(options);
   }
   getPath(filename) {
-    return filename ? path__default.default.join(this.#dir, filename) : this.#dir;
+    return filename ? path10__default.default.join(this.#dir, filename) : this.#dir;
   }
   async list() {
     try {
@@ -2665,7 +2665,7 @@ function parseIsoToMs3(value) {
 }
 async function extractMetadata(filePath, _quickScan) {
   const stats = await promises.stat(filePath);
-  let runIdFromFile = path__default.default.basename(filePath);
+  let runIdFromFile = path10__default.default.basename(filePath);
   if (runIdFromFile.endsWith(".jsonl")) {
     runIdFromFile = runIdFromFile.slice(0, -".jsonl".length);
   }
@@ -4420,8 +4420,8 @@ function matchStepLevel(m, events, opts) {
       fields.push("step.name");
     }
     if (opts.toolQuery) {
-      const toolName = typeof s.metadata?.toolName === "string" ? s.metadata.toolName : s.name;
-      if (!nameMatches(toolName, opts.toolQuery)) continue;
+      const toolName2 = typeof s.metadata?.toolName === "string" ? s.metadata.toolName : s.name;
+      if (!nameMatches(toolName2, opts.toolQuery)) continue;
       fields.push("step.tool");
     }
     if (opts.durationFilter) {
@@ -4626,7 +4626,7 @@ function findReaderByFormat(format, readers) {
 }
 async function jsonlFilesInDirectory(dirPath) {
   const entries = await promises.readdir(dirPath, { withFileTypes: true });
-  return entries.filter((entry) => entry.isFile() && entry.name.endsWith(".jsonl")).map((entry) => path__default.default.join(dirPath, entry.name)).sort((a, b) => a.localeCompare(b));
+  return entries.filter((entry) => entry.isFile() && entry.name.endsWith(".jsonl")).map((entry) => path10__default.default.join(dirPath, entry.name)).sort((a, b) => a.localeCompare(b));
 }
 async function resolveInput(input3) {
   const cached = resolvedInputCache.get(input3);
@@ -6206,13 +6206,13 @@ function pairSteps(left, right) {
   return pairs;
 }
 function compareLeafSteps(L, R, segments, opts, out) {
-  const path10 = buildPath(segments);
+  const path12 = buildPath(segments);
   if (L.name !== R.name) {
     out.push({
       kind: "structure",
       severity: "warning",
       message: "Step name differs",
-      path: path10,
+      path: path12,
       left: L.name,
       right: R.name
     });
@@ -6222,7 +6222,7 @@ function compareLeafSteps(L, R, segments, opts, out) {
       kind: "step-type",
       severity: "warning",
       message: "Step type differs",
-      path: path10,
+      path: path12,
       left: L.type,
       right: R.type
     });
@@ -6232,7 +6232,7 @@ function compareLeafSteps(L, R, segments, opts, out) {
       kind: "step-status",
       severity: "warning",
       message: "Step status differs",
-      path: path10,
+      path: path12,
       left: L.status,
       right: R.status
     });
@@ -6244,7 +6244,7 @@ function compareLeafSteps(L, R, segments, opts, out) {
       kind: "error",
       severity: "error",
       message: "Step error message differs",
-      path: path10,
+      path: path12,
       left: le || void 0,
       right: re || void 0
     });
@@ -6262,7 +6262,7 @@ function compareLeafSteps(L, R, segments, opts, out) {
         kind: "duration",
         severity: "info",
         message: "Step duration differs",
-        path: path10,
+        path: path12,
         left: ld,
         right: rd
       });
@@ -6275,7 +6275,7 @@ function compareLeafSteps(L, R, segments, opts, out) {
       kind: "metadata",
       severity: "info",
       message: "Step metadata differs",
-      path: path10,
+      path: path12,
       left: L.metadata,
       right: R.metadata
     });
@@ -6287,7 +6287,7 @@ function compareLeafSteps(L, R, segments, opts, out) {
       kind: "output",
       severity: "info",
       message: "Output preview differs",
-      path: path10,
+      path: path12,
       left: L.outputPreview,
       right: R.outputPreview
     });
@@ -6937,11 +6937,11 @@ createChalk({ level: stderrColor ? stderrColor.level : 0 });
 var source_default = chalk;
 
 // packages/core/src/diff/renderer.ts
-function formatPath(path10) {
-  if (path10 === void 0 || path10.path.length === 0) {
+function formatPath(path12) {
+  if (path12 === void 0 || path12.path.length === 0) {
     return "(run)";
   }
-  return path10.path.map((s) => s.name).join(" > ");
+  return path12.path.map((s) => s.name).join(" > ");
 }
 function formatValue(v, verbose) {
   if (v === void 0) return "(undefined)";
@@ -7222,8 +7222,8 @@ async function stepLlm(model, fn) {
     metadata: { model: modelName }
   });
 }
-async function stepTool(toolName, fn) {
-  const normalized = typeof toolName === "string" && toolName.trim() !== "" ? toolName.trim() : "unknown-tool";
+async function stepTool(toolName2, fn) {
+  const normalized = typeof toolName2 === "string" && toolName2.trim() !== "" ? toolName2.trim() : "unknown-tool";
   return stepImpl(`tool:${normalized}`, fn, {
     type: "tool",
     metadata: { toolName: normalized }
@@ -8534,9 +8534,9 @@ Trace directory: ${traceDir}`);
   if (validation !== void 0 && !validation.ok) {
     process.exitCode = 1;
   }
-  const outPath = options.output !== void 0 && options.output.trim() !== "" ? path__default.default.resolve(options.output.trim()) : void 0;
+  const outPath = options.output !== void 0 && options.output.trim() !== "" ? path10__default.default.resolve(options.output.trim()) : void 0;
   if (outPath !== void 0) {
-    await promises.mkdir(path__default.default.dirname(outPath), { recursive: true });
+    await promises.mkdir(path10__default.default.dirname(outPath), { recursive: true });
     await promises.writeFile(outPath, result.content, "utf-8");
     const vlabel = validation !== void 0 ? validation.ok ? "ok" : "failed" : "skipped";
     console.log(`Wrote ${result.fileExtension} export to ${outPath} (validation: ${vlabel})`);
@@ -8928,9 +8928,9 @@ async function reportCommand(runId, options = {}) {
     redactionProfile,
     correlation: !options.noCorrelation
   });
-  const outPath = options.output !== void 0 && options.output.trim() !== "" ? path__default.default.resolve(options.output.trim()) : void 0;
+  const outPath = options.output !== void 0 && options.output.trim() !== "" ? path10__default.default.resolve(options.output.trim()) : void 0;
   if (outPath !== void 0) {
-    await promises.mkdir(path__default.default.dirname(outPath), { recursive: true });
+    await promises.mkdir(path10__default.default.dirname(outPath), { recursive: true });
     await promises.writeFile(outPath, result.content, "utf-8");
     console.log(`Wrote ${result.fileExtension} report to ${outPath}`);
   }
@@ -9094,6 +9094,1982 @@ async function openCommand(input3, options = {}, stdin = process.stdin) {
   }
 }
 
+// packages/core/src/checks/index.ts
+var SEVERITY_RANK = {
+  error: 0,
+  warning: 1,
+  info: 2
+};
+var STATUS_RANK = {
+  fail: 0,
+  warning: 1,
+  pass: 2
+};
+var CONFIDENCE_RANK = {
+  unknown: 0,
+  heuristic: 1,
+  correlated: 2,
+  explicit: 3
+};
+var DEFAULT_SENSITIVE_KEYS = [
+  "authorization",
+  "cookie",
+  "token",
+  "apikey",
+  "api_key",
+  "password",
+  "secret",
+  "email"
+];
+var DEFAULT_RAW_CONTENT_KEYS = [
+  "body",
+  "headers",
+  "input",
+  "messages",
+  "output",
+  "payload",
+  "prompt",
+  "requestbody",
+  "request_body",
+  "responsebody",
+  "response_body",
+  "rawprompt",
+  "raw_prompt",
+  "rawoutput",
+  "raw_output",
+  "toolinput",
+  "tool_input",
+  "tooloutput",
+  "tool_output"
+];
+var DEFAULT_SECRET_PATTERNS = [
+  { id: "bearer-token", pattern: /Bearer\s+[A-Za-z0-9._~+/-]{12,}=*/ },
+  { id: "openai-key", pattern: /sk-[A-Za-z0-9_-]{16,}/ },
+  { id: "aws-access-key", pattern: /AKIA[0-9A-Z]{16}/ },
+  { id: "github-token", pattern: /gh[opsu]_[A-Za-z0-9_]{20,}/ },
+  { id: "key-value-secret", pattern: /(api[_-]?key|token|password|secret)=\S{8,}/i }
+];
+function compareStrings(a, b) {
+  return (a ?? "").localeCompare(b ?? "");
+}
+function diagnostic(code, message, ruleId) {
+  return {
+    code,
+    message,
+    severity: "error",
+    ...ruleId ? { ruleId } : {}
+  };
+}
+function emptySummary() {
+  return {
+    passed: 0,
+    failed: 0,
+    warnings: 0,
+    errors: 0
+  };
+}
+function errorResult(input3, diagnostics, selectedRun) {
+  return {
+    ok: false,
+    status: "error",
+    format: input3.read.format,
+    ...selectedRun ? { runId: selectedRun.runId } : {},
+    summary: {
+      ...emptySummary(),
+      errors: diagnostics.filter((item) => item.severity === "error").length
+    },
+    findings: [],
+    diagnostics: [...diagnostics]
+  };
+}
+function flattenNodes(nodes) {
+  return nodes.flatMap((node) => [node, ...flattenNodes(node.children)]);
+}
+function buildFacts(input3, selectedRun) {
+  const scopedRuns = selectedRun ? [selectedRun] : input3.read.runs;
+  const scopedRunIds = new Set(scopedRuns.map((run) => run.runId));
+  const scopedEvents = selectedRun === void 0 ? input3.read.events : input3.read.events.filter((event) => scopedRunIds.has(event.runId));
+  const nodes = flattenNodes(scopedRuns.flatMap((run) => run.children));
+  const nodesByEventId = /* @__PURE__ */ new Map();
+  const childrenByParentId = /* @__PURE__ */ new Map();
+  for (const node of nodes) {
+    nodesByEventId.set(node.event.eventId, node);
+    const parentId = node.event.parentId;
+    if (parentId) {
+      const children = childrenByParentId.get(parentId) ?? [];
+      children.push(node);
+      childrenByParentId.set(parentId, children);
+    }
+  }
+  return {
+    format: input3.read.format,
+    runs: Object.freeze([...input3.read.runs]),
+    events: Object.freeze([...scopedEvents]),
+    readerWarnings: Object.freeze([...input3.read.warnings]),
+    unsupportedFields: Object.freeze([...input3.read.unsupportedFields]),
+    sourceFiles: Object.freeze([...input3.read.sourceFiles]),
+    nodesByEventId,
+    childrenByParentId,
+    rootNodes: Object.freeze(scopedRuns.flatMap((run) => run.children))
+  };
+}
+function resolveSelectedRun(input3, runId) {
+  if (input3.selectedRun) {
+    if (runId && input3.selectedRun.runId !== runId) {
+      return {
+        diagnostics: [
+          diagnostic(
+            "AI_CHECK_INVALID_ARGUMENTS",
+            `Selected run ${input3.selectedRun.runId} does not match requested run ${runId}.`
+          )
+        ]
+      };
+    }
+    return { run: input3.selectedRun, diagnostics: [] };
+  }
+  if (runId) {
+    const run = input3.read.runs.find((candidate) => candidate.runId === runId);
+    if (!run) {
+      return {
+        diagnostics: [
+          diagnostic("AI_CHECK_RUN_SELECTION_REQUIRED", `Run not found: ${runId}.`)
+        ]
+      };
+    }
+    return { run, diagnostics: [] };
+  }
+  if (input3.read.runs.length === 1) {
+    return { run: input3.read.runs[0], diagnostics: [] };
+  }
+  if (input3.read.runs.length === 0) {
+    return {
+      diagnostics: [
+        diagnostic("AI_CHECK_RUN_SELECTION_REQUIRED", "No runs are available for checks.")
+      ]
+    };
+  }
+  return {
+    diagnostics: [
+      diagnostic(
+        "AI_CHECK_RUN_SELECTION_REQUIRED",
+        "Multiple runs are available; select a run before executing checks."
+      )
+    ]
+  };
+}
+function selectRules(rules, selectedIds) {
+  const diagnostics = [];
+  const byId = /* @__PURE__ */ new Map();
+  for (const rule of rules) {
+    if (byId.has(rule.id)) {
+      diagnostics.push(
+        diagnostic("AI_CHECK_INVALID_CONFIG", `Duplicate trace check rule id: ${rule.id}.`, rule.id)
+      );
+      continue;
+    }
+    byId.set(rule.id, rule);
+  }
+  if (selectedIds && selectedIds.length > 0) {
+    const selected = new Set(selectedIds);
+    for (const id of selected) {
+      if (!byId.has(id)) {
+        diagnostics.push(
+          diagnostic("AI_CHECK_INVALID_CONFIG", `Unknown trace check rule id: ${id}.`, id)
+        );
+      }
+    }
+    return {
+      rules: [...byId.values()].filter((rule) => selected.has(rule.id)).sort(compareRules),
+      diagnostics
+    };
+  }
+  return { rules: [...byId.values()].sort(compareRules), diagnostics };
+}
+function compareRules(a, b) {
+  return a.id.localeCompare(b.id);
+}
+function eventTimestamp(finding, eventById) {
+  const eventId = finding.evidence[0]?.eventId;
+  return eventId ? eventById.get(eventId)?.timestamp ?? "" : "";
+}
+function compareFindings(eventById) {
+  return (a, b) => {
+    if (SEVERITY_RANK[a.severity] !== SEVERITY_RANK[b.severity]) {
+      return SEVERITY_RANK[a.severity] - SEVERITY_RANK[b.severity];
+    }
+    const byRule = a.ruleId.localeCompare(b.ruleId);
+    if (byRule !== 0) return byRule;
+    if (STATUS_RANK[a.status] !== STATUS_RANK[b.status]) {
+      return STATUS_RANK[a.status] - STATUS_RANK[b.status];
+    }
+    const byRun = compareStrings(a.evidence[0]?.runId, b.evidence[0]?.runId);
+    if (byRun !== 0) return byRun;
+    const byTime = eventTimestamp(a, eventById).localeCompare(eventTimestamp(b, eventById));
+    if (byTime !== 0) return byTime;
+    const byEvent = compareStrings(a.evidence[0]?.eventId, b.evidence[0]?.eventId);
+    if (byEvent !== 0) return byEvent;
+    return compareStrings(a.evidence[0]?.path, b.evidence[0]?.path);
+  };
+}
+function normalizeFinding(rule, finding) {
+  return {
+    ruleId: finding.ruleId || rule.id,
+    severity: finding.severity ?? rule.defaultSeverity,
+    status: finding.status,
+    message: finding.message,
+    ...finding.expected !== void 0 ? { expected: finding.expected } : {},
+    ...finding.actual !== void 0 ? { actual: finding.actual } : {},
+    evidence: [...finding.evidence ?? []]
+  };
+}
+function summarize(findings, diagnostics) {
+  return {
+    passed: findings.filter((finding) => finding.status === "pass").length,
+    failed: findings.filter(
+      (finding) => finding.status === "fail" && finding.severity === "error"
+    ).length,
+    warnings: findings.filter(
+      (finding) => finding.status === "warning" || finding.severity === "warning"
+    ).length,
+    errors: diagnostics.filter((item) => item.severity === "error").length
+  };
+}
+function stringAttr2(event, keys) {
+  for (const key of keys) {
+    const value = event.attributes?.[key];
+    if (typeof value === "string" && value.trim() !== "") return value;
+  }
+  return void 0;
+}
+function numericAttr(event, keys) {
+  for (const key of keys) {
+    const value = event.attributes?.[key];
+    if (typeof value === "number" && Number.isFinite(value)) return value;
+  }
+  return void 0;
+}
+function booleanAttr(event, keys) {
+  for (const key of keys) {
+    const value = event.attributes?.[key];
+    if (typeof value === "boolean") return value;
+  }
+  return void 0;
+}
+function stripPrefix(name, prefixes) {
+  for (const prefix of prefixes) {
+    if (name.startsWith(prefix)) return name.slice(prefix.length);
+  }
+  return name;
+}
+function eventEvidence(event, path12) {
+  return {
+    runId: event.runId,
+    eventId: event.eventId,
+    parentId: event.parentId,
+    traceId: event.trace?.traceId,
+    spanId: event.trace?.spanId,
+    kind: event.kind,
+    name: event.name,
+    status: event.status,
+    ...path12 ? { path: path12 } : {}
+  };
+}
+function runEvidence(run) {
+  return run ? [{ runId: run.runId, name: run.name, status: run.status }] : [];
+}
+function failFinding(ruleId, message, evidence, expected, actual) {
+  return {
+    ruleId,
+    severity: "error",
+    status: "fail",
+    message,
+    ...expected !== void 0 ? { expected } : {},
+    ...actual !== void 0 ? { actual } : {},
+    evidence: [...evidence]
+  };
+}
+function toolName(event) {
+  return stringAttr2(event, ["toolName", "tool"]) ?? stripPrefix(event.name, ["tool:", "function:", "mcp-tools:"]);
+}
+function llmModel(event) {
+  return stringAttr2(event, ["model", "modelId", "responseModelId", "modelName", "model_name"]) ?? stripPrefix(event.name, ["llm:", "generation:", "transcription:", "speech:"]);
+}
+function llmProvider(event) {
+  return stringAttr2(event, ["provider", "providerName", "provider_name"]);
+}
+function llmFinishReason(event) {
+  return stringAttr2(event, ["finishReason", "rawFinishReason", "finish_reason"]);
+}
+function retryCount(event) {
+  return numericAttr(event, ["retryCount", "retryAttempt", "retry_attempt", "attempt"]);
+}
+function finishedEvents(context, kind) {
+  return context.events.filter(
+    (event) => (kind === void 0 || event.kind === kind) && event.status !== "running"
+  );
+}
+function isRecord14(value) {
+  return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function eventMap(events) {
+  return new Map(events.map((event) => [event.eventId, event]));
+}
+function parseEventTime(value) {
+  if (!value) return void 0;
+  const parsed = Date.parse(value);
+  return Number.isFinite(parsed) ? parsed : void 0;
+}
+function eventStartMs(event) {
+  return parseEventTime(event.startedAt) ?? parseEventTime(event.timestamp);
+}
+function eventEndMs(event) {
+  const endedAt = parseEventTime(event.endedAt);
+  if (endedAt !== void 0) return endedAt;
+  const startedAt = eventStartMs(event);
+  if (startedAt !== void 0 && event.durationMs !== void 0 && Number.isFinite(event.durationMs)) {
+    return startedAt + event.durationMs;
+  }
+  return void 0;
+}
+function normalizedKey(value) {
+  return value.toLowerCase().replace(/[^a-z0-9_]/g, "");
+}
+function lastPathSegment(path12) {
+  const parts = path12.split(".");
+  return parts[parts.length - 1] ?? path12;
+}
+function valueType(value) {
+  if (Array.isArray(value)) return "array";
+  if (value === null) return "null";
+  return typeof value;
+}
+function serializedByteLength(value) {
+  try {
+    return Buffer.byteLength(JSON.stringify(value), "utf-8");
+  } catch {
+    return void 0;
+  }
+}
+function pushValueEntries(entries, event, value, path12, key, depth = 0) {
+  entries.push({ event, path: path12, key, value });
+  if (depth >= 8) return;
+  if (Array.isArray(value)) {
+    for (const [index, item] of value.entries()) {
+      pushValueEntries(entries, event, item, `${path12}.${index}`, String(index), depth + 1);
+    }
+    return;
+  }
+  if (!isRecord14(value)) return;
+  for (const nestedKey of Object.keys(value).sort((a, b) => a.localeCompare(b))) {
+    pushValueEntries(
+      entries,
+      event,
+      value[nestedKey],
+      `${path12}.${nestedKey}`,
+      nestedKey,
+      depth + 1
+    );
+  }
+}
+function eventValueEntries(event, options = {}) {
+  const entries = [];
+  if (event.attributes !== void 0) {
+    pushValueEntries(entries, event, event.attributes, "attributes", "attributes");
+  }
+  if (options.includeSummaries) {
+    if (event.inputSummary !== void 0) {
+      pushValueEntries(entries, event, event.inputSummary, "inputSummary", "inputSummary");
+    }
+    if (event.outputSummary !== void 0) {
+      pushValueEntries(entries, event, event.outputSummary, "outputSummary", "outputSummary");
+    }
+  }
+  if (options.includeError && event.error !== void 0) {
+    pushValueEntries(entries, event, event.error, "error", "error");
+  }
+  return entries;
+}
+function limitFindings(findings, maxFindings) {
+  if (maxFindings === void 0 || findings.length <= maxFindings) return findings;
+  return findings.slice(0, Math.max(0, maxFindings));
+}
+function hasRedactionMarker(value, markers) {
+  return markers.some((marker) => value.includes(marker)) || /^\[HASH:[A-Za-z0-9_-]+\]$/.test(value);
+}
+function isSensitiveKey(key, sensitiveKeys) {
+  if (!key) return false;
+  const normalized = normalizedKey(key);
+  return sensitiveKeys.some((sensitive) => normalized.includes(normalizedKey(sensitive)));
+}
+function isRawContentKey(key, forbiddenKeys) {
+  if (!key) return false;
+  const normalized = normalizedKey(key);
+  return forbiddenKeys.some((forbidden) => normalized === normalizedKey(forbidden));
+}
+function parentMarkedUnresolved(event) {
+  if (booleanAttr(event, [
+    "parentUnresolved",
+    "unresolvedParent",
+    "relationshipUnresolved",
+    "unresolvedRelationship"
+  ]) === true) {
+    return true;
+  }
+  const resolution = stringAttr2(event, [
+    "parentResolution",
+    "relationshipResolution",
+    "relationshipStatus"
+  ]);
+  return resolution === "unresolved" || resolution === "missing-parent";
+}
+function signalName(event, attributeKeys, prefixes) {
+  return stringAttr2(event, attributeKeys) ?? stripPrefix(event.name, prefixes);
+}
+function guardrailEvents(context) {
+  return finishedEvents2().filter((event) => {
+    const name = event.name.toLowerCase();
+    if (name.startsWith("guardrail:") || name.includes(".guardrail.")) return true;
+    return stringAttr2(event, ["guardrailName", "guardrail", "guardrailId"]) !== void 0;
+  });
+  function finishedEvents2() {
+    return context.events.filter((event) => event.status !== "running");
+  }
+}
+function retryValue(event) {
+  return retryCount(event) ?? 0;
+}
+function eventDurationMs(event) {
+  if (event.durationMs !== void 0) return event.durationMs;
+  const start = eventStartMs(event);
+  const end = eventEndMs(event);
+  return start !== void 0 && end !== void 0 && end >= start ? end - start : void 0;
+}
+function treeShape(nodes) {
+  const lines = [];
+  const visit = (node, path12) => {
+    lines.push(`${path12}:${node.event.kind}:${node.event.name}:${node.event.status ?? "unknown"}`);
+    node.children.forEach((child, index) => visit(child, `${path12}.${index}`));
+  };
+  nodes.forEach((node, index) => visit(node, String(index)));
+  return lines;
+}
+function statusShape(context) {
+  return context.events.map((event) => `${event.kind}:${event.name}:${event.status ?? "unknown"}`).sort((a, b) => a.localeCompare(b));
+}
+function toolShape(context) {
+  return finishedEvents(context, "TOOL").map(
+    (event) => [
+      toolName(event),
+      event.status ?? "unknown",
+      retryValue(event),
+      eventDurationMs(event) ?? "unknown"
+    ].join(":")
+  );
+}
+function llmShape(context) {
+  return finishedEvents(context, "LLM").map(
+    (event) => [
+      llmProvider(event) ?? "unknown",
+      llmModel(event) ?? "unknown",
+      llmFinishReason(event) ?? "unknown",
+      event.tokenUsage?.input ?? 0,
+      event.tokenUsage?.output ?? 0,
+      event.tokenUsage?.total ?? 0,
+      event.tokenUsage?.cached ?? 0
+    ].join(":")
+  );
+}
+function errorShape(context) {
+  return context.events.filter((event) => event.status === "error" || event.error !== void 0).map(
+    (event) => [
+      event.kind,
+      event.name,
+      event.error?.name ?? "Error",
+      event.error?.code ?? "unknown"
+    ].join(":")
+  ).sort((a, b) => a.localeCompare(b));
+}
+function retrievalShape(context) {
+  return finishedEvents(context, "RETRIEVER").map(
+    (event) => signalName(event, ["retrievalName", "retrieverName", "retriever"], ["retriever:", "retrieval:"])
+  ).sort((a, b) => a.localeCompare(b));
+}
+function guardrailShape(context) {
+  return guardrailEvents(context).map((event) => signalName(event, ["guardrailName", "guardrail", "guardrailId"], ["guardrail:"])).sort((a, b) => a.localeCompare(b));
+}
+function firstEvidenceForKind(context, kind, path12) {
+  const event = context.events.find((candidate) => candidate.kind === kind);
+  return event ? [eventEvidence(event, path12)] : runEvidence(context.selectedRun);
+}
+function baselineDiffFinding(message, evidence, expected, actual) {
+  return failFinding("baseline.regression", message, evidence, expected, actual);
+}
+function createRunStatusRule(options = {}) {
+  const expected = options.expected ?? "ok";
+  const allowIncomplete = options.allowIncomplete === true;
+  return {
+    id: "run.status",
+    category: "run",
+    defaultSeverity: "error",
+    evaluate(context) {
+      const findings = [];
+      const actual = context.selectedRun?.status ?? "unknown";
+      if (actual !== expected) {
+        findings.push(
+          failFinding(
+            "run.status",
+            `Run status ${actual} did not match expected ${expected}.`,
+            runEvidence(context.selectedRun),
+            expected,
+            actual
+          )
+        );
+      }
+      if (!allowIncomplete) {
+        const running = context.events.filter((event) => event.status === "running");
+        if (running.length > 0) {
+          findings.push(
+            failFinding(
+              "run.status",
+              "Run contains incomplete running events.",
+              running.map((event) => eventEvidence(event)),
+              "no running events",
+              running.length
+            )
+          );
+        }
+      }
+      return findings;
+    }
+  };
+}
+function createRunDurationRule(options) {
+  return {
+    id: "run.duration",
+    category: "run",
+    defaultSeverity: "error",
+    evaluate(context) {
+      const actual = context.selectedRun?.durationMs;
+      if (actual === void 0 || actual <= options.maxDurationMs) return [];
+      return [
+        failFinding(
+          "run.duration",
+          `Run duration ${actual}ms exceeded ${options.maxDurationMs}ms.`,
+          runEvidence(context.selectedRun),
+          { maxDurationMs: options.maxDurationMs },
+          actual
+        )
+      ];
+    }
+  };
+}
+function createRunDepthRule(options) {
+  return {
+    id: "run.depth",
+    category: "run",
+    defaultSeverity: "error",
+    evaluate(context) {
+      const nodes = [...context.nodesByEventId.values()];
+      const maxDepth = nodes.reduce((max, node) => Math.max(max, node.depth), 0);
+      if (maxDepth <= options.maxDepth) return [];
+      const deepest = nodes.filter((node) => node.depth === maxDepth);
+      return [
+        failFinding(
+          "run.depth",
+          `Run depth ${maxDepth} exceeded ${options.maxDepth}.`,
+          deepest.map((node) => ({
+            runId: node.event.runId,
+            eventId: node.event.eventId,
+            parentId: node.event.parentId,
+            kind: node.event.kind,
+            name: node.event.name,
+            status: node.event.status
+          })),
+          { maxDepth: options.maxDepth },
+          maxDepth
+        )
+      ];
+    }
+  };
+}
+function createToolUsageRule(options) {
+  return {
+    id: "tool.usage",
+    category: "tool",
+    defaultSeverity: "error",
+    evaluate(context) {
+      const tools = finishedEvents(context, "TOOL");
+      const names = tools.map(toolName);
+      const nameSet = new Set(names);
+      const findings = [];
+      for (const required of options.required ?? []) {
+        if (!nameSet.has(required)) {
+          findings.push(
+            failFinding("tool.usage", `Required tool ${required} did not appear.`, runEvidence(context.selectedRun), required, names)
+          );
+        }
+      }
+      const forbidden = new Set(options.forbidden ?? []);
+      const allowed = options.allowed ? new Set(options.allowed) : void 0;
+      for (const event of tools) {
+        const name = toolName(event);
+        if (forbidden.has(name)) {
+          findings.push(
+            failFinding("tool.usage", `Forbidden tool ${name} appeared.`, [eventEvidence(event)], "tool absent", name)
+          );
+        }
+        if (allowed && !allowed.has(name)) {
+          findings.push(
+            failFinding("tool.usage", `Tool ${name} is not in the allowed tool set.`, [eventEvidence(event)], [...allowed].sort(), name)
+          );
+        }
+      }
+      if (options.minCount !== void 0 && tools.length < options.minCount) {
+        findings.push(
+          failFinding("tool.usage", `Tool count ${tools.length} was below minimum ${options.minCount}.`, runEvidence(context.selectedRun), { minCount: options.minCount }, tools.length)
+        );
+      }
+      if (options.maxCount !== void 0 && tools.length > options.maxCount) {
+        findings.push(
+          failFinding("tool.usage", `Tool count ${tools.length} exceeded maximum ${options.maxCount}.`, tools.map((event) => eventEvidence(event)), { maxCount: options.maxCount }, tools.length)
+        );
+      }
+      return findings;
+    }
+  };
+}
+function createLlmUsageRule(options) {
+  return {
+    id: "llm.usage",
+    category: "llm",
+    defaultSeverity: "error",
+    evaluate(context) {
+      const llms = finishedEvents(context, "LLM");
+      const findings = [];
+      const allowedModels = options.allowedModels ? new Set(options.allowedModels) : void 0;
+      const allowedProviders = options.allowedProviders ? new Set(options.allowedProviders) : void 0;
+      const finishReasons = options.finishReasons ? new Set(options.finishReasons) : void 0;
+      if (options.maxCalls !== void 0 && llms.length > options.maxCalls) {
+        findings.push(
+          failFinding(
+            "llm.usage",
+            `LLM call count ${llms.length} exceeded ${options.maxCalls}.`,
+            llms.map((event) => eventEvidence(event)),
+            { maxCalls: options.maxCalls },
+            llms.length
+          )
+        );
+      }
+      for (const event of llms) {
+        const model = llmModel(event);
+        const provider = llmProvider(event);
+        const finishReason = llmFinishReason(event);
+        if (allowedModels && (!model || !allowedModels.has(model))) {
+          findings.push(
+            failFinding("llm.usage", `LLM model ${model ?? "unknown"} is not allowed.`, [eventEvidence(event, "attributes.model")], [...allowedModels].sort(), model ?? "unknown")
+          );
+        }
+        if (allowedProviders && (!provider || !allowedProviders.has(provider))) {
+          findings.push(
+            failFinding("llm.usage", `LLM provider ${provider ?? "unknown"} is not allowed.`, [eventEvidence(event, "attributes.provider")], [...allowedProviders].sort(), provider ?? "unknown")
+          );
+        }
+        if (finishReasons && (!finishReason || !finishReasons.has(finishReason))) {
+          findings.push(
+            failFinding("llm.usage", `LLM finish reason ${finishReason ?? "unknown"} is not allowed.`, [eventEvidence(event, "attributes.finishReason")], [...finishReasons].sort(), finishReason ?? "unknown")
+          );
+        }
+      }
+      const tokenTotals = llms.reduce(
+        (totals, event) => ({
+          input: totals.input + (event.tokenUsage?.input ?? 0),
+          output: totals.output + (event.tokenUsage?.output ?? 0),
+          total: totals.total + (event.tokenUsage?.total ?? 0),
+          cached: totals.cached + (event.tokenUsage?.cached ?? 0)
+        }),
+        { input: 0, output: 0, total: 0, cached: 0 }
+      );
+      const tokenLimits = [
+        ["input", options.maxInputTokens],
+        ["output", options.maxOutputTokens],
+        ["total", options.maxTotalTokens],
+        ["cached", options.maxCachedTokens]
+      ];
+      for (const [key, limit] of tokenLimits) {
+        if (limit !== void 0 && tokenTotals[key] > limit) {
+          findings.push(
+            failFinding(
+              "llm.usage",
+              `LLM ${key} token count ${tokenTotals[key]} exceeded ${limit}.`,
+              llms.map((event) => eventEvidence(event, `tokenUsage.${key}`)),
+              { [`max${key[0].toUpperCase()}${key.slice(1)}Tokens`]: limit },
+              tokenTotals[key]
+            )
+          );
+        }
+      }
+      return findings;
+    }
+  };
+}
+function createStructureOrphanRule(options = {}) {
+  const allowMarkedUnresolved = options.allowMarkedUnresolved ?? true;
+  return {
+    id: "structure.orphan",
+    category: "structure",
+    defaultSeverity: "error",
+    evaluate(context) {
+      const byId = eventMap(context.events);
+      const orphans = context.events.filter((event) => {
+        if (!event.parentId || byId.has(event.parentId)) return false;
+        return !(allowMarkedUnresolved && parentMarkedUnresolved(event));
+      });
+      if (orphans.length === 0) return [];
+      return [
+        failFinding(
+          "structure.orphan",
+          "Trace contains events whose parentId is not present in the selected run.",
+          orphans.map((event) => eventEvidence(event, "parentId")),
+          "parentId resolves to an event in the selected run",
+          orphans.length
+        )
+      ];
+    }
+  };
+}
+function createStructureCycleRule() {
+  return {
+    id: "structure.cycle",
+    category: "structure",
+    defaultSeverity: "error",
+    evaluate(context) {
+      const byId = eventMap(context.events);
+      const seenCycles = /* @__PURE__ */ new Set();
+      const findings = [];
+      for (const event of [...context.events].sort((a, b) => a.eventId.localeCompare(b.eventId))) {
+        const path12 = [];
+        const seenAt = /* @__PURE__ */ new Map();
+        let current = event;
+        while (current) {
+          const existing = seenAt.get(current.eventId);
+          if (existing !== void 0) {
+            const cycle = path12.slice(existing);
+            const key = cycle.map((item) => item.eventId).sort().join("\0");
+            if (!seenCycles.has(key)) {
+              seenCycles.add(key);
+              findings.push(
+                failFinding(
+                  "structure.cycle",
+                  "Trace contains a parentId cycle.",
+                  cycle.map((item) => eventEvidence(item, "parentId")),
+                  "acyclic parentId graph",
+                  cycle.map((item) => item.eventId).sort()
+                )
+              );
+            }
+            break;
+          }
+          seenAt.set(current.eventId, path12.length);
+          path12.push(current);
+          current = current.parentId ? byId.get(current.parentId) : void 0;
+        }
+      }
+      return findings;
+    }
+  };
+}
+function createStructureRelationshipRule(options = {}) {
+  return {
+    id: "structure.relationship",
+    category: "structure",
+    defaultSeverity: "error",
+    evaluate(context) {
+      const byId = eventMap(context.events);
+      const findings = [];
+      const minConfidence = options.minConfidence;
+      for (const event of context.events) {
+        if (minConfidence && CONFIDENCE_RANK[event.confidence] < CONFIDENCE_RANK[minConfidence]) {
+          findings.push(
+            failFinding(
+              "structure.relationship",
+              `Event confidence ${event.confidence} is below ${minConfidence}.`,
+              [eventEvidence(event, "confidence")],
+              { minConfidence },
+              event.confidence
+            )
+          );
+        }
+        if (!event.parentId) continue;
+        if (event.parentId === event.eventId) {
+          findings.push(
+            failFinding(
+              "structure.relationship",
+              "Event parentId points to itself.",
+              [eventEvidence(event, "parentId")],
+              "parentId references a distinct event",
+              "self"
+            )
+          );
+          continue;
+        }
+        const parent = byId.get(event.parentId);
+        if (!parent) continue;
+        if (options.requireParentBeforeChild) {
+          const parentTime = eventStartMs(parent);
+          const childTime = eventStartMs(event);
+          if (parentTime !== void 0 && childTime !== void 0 && parentTime > childTime) {
+            findings.push(
+              failFinding(
+                "structure.relationship",
+                "Parent event starts after child event.",
+                [eventEvidence(parent), eventEvidence(event, "parentId")],
+                "parent start <= child start",
+                { parentEventId: parent.eventId, childEventId: event.eventId }
+              )
+            );
+          }
+        }
+        if (options.requireTraceParentSpan && parent.trace?.spanId && event.trace) {
+          const actual = event.trace.parentSpanId;
+          if (actual !== parent.trace.spanId) {
+            findings.push(
+              failFinding(
+                "structure.relationship",
+                "Trace parentSpanId does not match parent spanId.",
+                [eventEvidence(event, "trace.parentSpanId")],
+                { parentSpanId: parent.trace.spanId },
+                actual ?? "missing"
+              )
+            );
+          }
+        }
+      }
+      return findings;
+    }
+  };
+}
+function createStructureParallelWidthRule(options) {
+  return {
+    id: "structure.parallelWidth",
+    category: "structure",
+    defaultSeverity: "error",
+    evaluate(context) {
+      const findings = [];
+      const byId = eventMap(context.events);
+      if (options.maxChildren !== void 0) {
+        for (const [parentId, children] of context.childrenByParentId.entries()) {
+          if (children.length <= options.maxChildren) continue;
+          const parent = byId.get(parentId);
+          findings.push(
+            failFinding(
+              "structure.parallelWidth",
+              `Parent ${parentId} has ${children.length} children, exceeding ${options.maxChildren}.`,
+              [
+                ...parent ? [eventEvidence(parent)] : [{ runId: context.selectedRun?.runId, eventId: parentId }],
+                ...children.map((child) => ({
+                  runId: child.event.runId,
+                  eventId: child.event.eventId,
+                  parentId: child.event.parentId,
+                  kind: child.event.kind,
+                  name: child.event.name,
+                  status: child.event.status
+                }))
+              ],
+              { maxChildren: options.maxChildren },
+              children.length
+            )
+          );
+        }
+      }
+      if (options.maxConcurrent !== void 0) {
+        const intervals = context.events.map((event) => ({ event, start: eventStartMs(event), end: eventEndMs(event) })).filter(
+          (item) => item.start !== void 0 && item.end !== void 0 && item.end > item.start
+        );
+        const points = intervals.flatMap((item) => [
+          { time: item.start, delta: 1, event: item.event },
+          { time: item.end, delta: -1, event: item.event }
+        ]);
+        points.sort((a, b) => {
+          const byTime = a.time - b.time;
+          if (byTime !== 0) return byTime;
+          const byDelta = a.delta - b.delta;
+          if (byDelta !== 0) return byDelta;
+          return a.event.eventId.localeCompare(b.event.eventId);
+        });
+        const active = /* @__PURE__ */ new Map();
+        let maxActive = [];
+        for (const point of points) {
+          if (point.delta > 0) {
+            active.set(point.event.eventId, point.event);
+            if (active.size > maxActive.length) {
+              maxActive = [...active.values()].sort((a, b) => a.eventId.localeCompare(b.eventId));
+            }
+          } else {
+            active.delete(point.event.eventId);
+          }
+        }
+        if (maxActive.length > options.maxConcurrent) {
+          findings.push(
+            failFinding(
+              "structure.parallelWidth",
+              `Concurrent event width ${maxActive.length} exceeded ${options.maxConcurrent}.`,
+              maxActive.map((event) => eventEvidence(event)),
+              { maxConcurrent: options.maxConcurrent },
+              maxActive.length
+            )
+          );
+        }
+      }
+      return findings;
+    }
+  };
+}
+function createSafetyRedactionRule(options = {}) {
+  const sensitiveKeys = options.sensitiveKeys ?? DEFAULT_SENSITIVE_KEYS;
+  const markers = options.redactedMarkers ?? ["[REDACTED]", "[REDACTED:"];
+  return {
+    id: "safety.redaction",
+    category: "safety",
+    defaultSeverity: "error",
+    evaluate(context) {
+      const findings = [];
+      for (const event of context.events) {
+        for (const entry of eventValueEntries(event, { includeSummaries: true, includeError: true })) {
+          if (!isSensitiveKey(entry.key ?? lastPathSegment(entry.path), sensitiveKeys)) continue;
+          if (typeof entry.value === "string" && hasRedactionMarker(entry.value, markers)) continue;
+          findings.push(
+            failFinding(
+              "safety.redaction",
+              `Sensitive-looking field at ${entry.path} is not redacted.`,
+              [eventEvidence(event, entry.path)],
+              "redaction marker",
+              { path: entry.path, valueType: valueType(entry.value) }
+            )
+          );
+        }
+      }
+      return limitFindings(findings, options.maxFindings);
+    }
+  };
+}
+function createSafetyRawContentRule(options = {}) {
+  const forbiddenKeys = options.forbiddenKeys ?? DEFAULT_RAW_CONTENT_KEYS;
+  return {
+    id: "safety.rawPrompt",
+    category: "safety",
+    defaultSeverity: "error",
+    evaluate(context) {
+      const findings = [];
+      for (const event of context.events) {
+        for (const entry of eventValueEntries(event, { includeSummaries: options.includeSummaries })) {
+          const key = entry.key ?? lastPathSegment(entry.path);
+          if (!isRawContentKey(key, forbiddenKeys)) continue;
+          findings.push(
+            failFinding(
+              "safety.rawPrompt",
+              `Raw content-like field ${entry.path} is present.`,
+              [eventEvidence(event, entry.path)],
+              "metadata-only trace fields",
+              { path: entry.path, valueType: valueType(entry.value) }
+            )
+          );
+        }
+      }
+      return limitFindings(findings, options.maxFindings);
+    }
+  };
+}
+function createSafetySecretPatternRule(options = {}) {
+  const patterns = options.patterns ?? DEFAULT_SECRET_PATTERNS;
+  const maxStringLength = options.maxStringLength ?? 4096;
+  return {
+    id: "safety.secretPattern",
+    category: "safety",
+    defaultSeverity: "error",
+    evaluate(context) {
+      const findings = [];
+      for (const event of context.events) {
+        for (const entry of eventValueEntries(event, { includeSummaries: true, includeError: true })) {
+          if (typeof entry.value !== "string") continue;
+          const sample = entry.value.slice(0, maxStringLength);
+          for (const pattern of patterns) {
+            pattern.pattern.lastIndex = 0;
+            if (!pattern.pattern.test(sample)) continue;
+            pattern.pattern.lastIndex = 0;
+            findings.push(
+              failFinding(
+                "safety.secretPattern",
+                `Secret-like pattern ${pattern.id} matched at ${entry.path}.`,
+                [eventEvidence(event, entry.path)],
+                "no secret-like strings",
+                { pattern: pattern.id, path: entry.path }
+              )
+            );
+            break;
+          }
+        }
+      }
+      return limitFindings(findings, options.maxFindings);
+    }
+  };
+}
+function createSafetyOversizedAttributeRule(options) {
+  return {
+    id: "safety.oversizedAttribute",
+    category: "safety",
+    defaultSeverity: "error",
+    evaluate(context) {
+      const findings = [];
+      for (const event of context.events) {
+        for (const entry of eventValueEntries(event, { includeSummaries: true, includeError: true })) {
+          if (typeof entry.value === "string" && options.maxStringLength !== void 0 && entry.value.length > options.maxStringLength) {
+            findings.push(
+              failFinding(
+                "safety.oversizedAttribute",
+                `String at ${entry.path} exceeds ${options.maxStringLength} characters.`,
+                [eventEvidence(event, entry.path)],
+                { maxStringLength: options.maxStringLength },
+                { path: entry.path, length: entry.value.length }
+              )
+            );
+          }
+          if (Array.isArray(entry.value) && options.maxArrayLength !== void 0 && entry.value.length > options.maxArrayLength) {
+            findings.push(
+              failFinding(
+                "safety.oversizedAttribute",
+                `Array at ${entry.path} exceeds ${options.maxArrayLength} items.`,
+                [eventEvidence(event, entry.path)],
+                { maxArrayLength: options.maxArrayLength },
+                { path: entry.path, length: entry.value.length }
+              )
+            );
+          }
+          if (isRecord14(entry.value) && options.maxObjectKeys !== void 0 && Object.keys(entry.value).length > options.maxObjectKeys) {
+            findings.push(
+              failFinding(
+                "safety.oversizedAttribute",
+                `Object at ${entry.path} exceeds ${options.maxObjectKeys} keys.`,
+                [eventEvidence(event, entry.path)],
+                { maxObjectKeys: options.maxObjectKeys },
+                { path: entry.path, keys: Object.keys(entry.value).length }
+              )
+            );
+          }
+          if (options.maxSerializedBytes !== void 0) {
+            const bytes = serializedByteLength(entry.value);
+            if (bytes !== void 0 && bytes > options.maxSerializedBytes) {
+              findings.push(
+                failFinding(
+                  "safety.oversizedAttribute",
+                  `Value at ${entry.path} exceeds ${options.maxSerializedBytes} serialized bytes.`,
+                  [eventEvidence(event, entry.path)],
+                  { maxSerializedBytes: options.maxSerializedBytes },
+                  { path: entry.path, bytes }
+                )
+              );
+            }
+          }
+        }
+      }
+      return limitFindings(findings, options.maxFindings);
+    }
+  };
+}
+function createBaselineRegressionRule(options) {
+  return {
+    id: "baseline.regression",
+    category: "baseline",
+    defaultSeverity: "error",
+    evaluate(context) {
+      const baselineSelection = resolveSelectedRun(options.baseline, options.baselineRunId);
+      if (baselineSelection.diagnostics.length > 0 || !baselineSelection.run) {
+        return [
+          failFinding(
+            "baseline.regression",
+            "Baseline run could not be selected.",
+            runEvidence(context.selectedRun),
+            "selectable baseline run",
+            baselineSelection.diagnostics.map((item) => item.code)
+          )
+        ];
+      }
+      const baselineFacts = buildFacts(options.baseline, baselineSelection.run);
+      const baselineContext = {
+        ...baselineFacts,
+        selectedRun: baselineSelection.run,
+        sourceLabel: options.baseline.sourceLabel
+      };
+      const findings = [];
+      const durationToleranceMs = options.durationToleranceMs ?? 0;
+      if (baselineContext.format !== context.format) {
+        findings.push(
+          baselineDiffFinding(
+            "Trace format differs from baseline.",
+            runEvidence(context.selectedRun),
+            baselineContext.format,
+            context.format
+          )
+        );
+      }
+      const baselineRunStatus = baselineContext.selectedRun?.status ?? "unknown";
+      const candidateRunStatus = context.selectedRun?.status ?? "unknown";
+      if (baselineRunStatus !== candidateRunStatus) {
+        findings.push(
+          baselineDiffFinding(
+            "Run status differs from baseline.",
+            runEvidence(context.selectedRun),
+            baselineRunStatus,
+            candidateRunStatus
+          )
+        );
+      }
+      const baselineDuration = baselineContext.selectedRun?.durationMs;
+      const candidateDuration = context.selectedRun?.durationMs;
+      if (baselineDuration !== void 0 && candidateDuration !== void 0 && Math.abs(candidateDuration - baselineDuration) > durationToleranceMs) {
+        findings.push(
+          baselineDiffFinding(
+            "Run duration differs from baseline beyond tolerance.",
+            runEvidence(context.selectedRun),
+            { durationMs: baselineDuration, toleranceMs: durationToleranceMs },
+            candidateDuration
+          )
+        );
+      }
+      const comparisons = [
+        {
+          label: "Tree shape",
+          path: "tree",
+          expected: treeShape(baselineContext.rootNodes),
+          actual: treeShape(context.rootNodes),
+          evidence: runEvidence(context.selectedRun)
+        },
+        {
+          label: "Event statuses",
+          path: "status",
+          expected: statusShape(baselineContext),
+          actual: statusShape(context),
+          evidence: runEvidence(context.selectedRun)
+        },
+        {
+          label: "Tool usage",
+          path: "tool",
+          expected: toolShape(baselineContext),
+          actual: toolShape(context),
+          evidence: firstEvidenceForKind(context, "TOOL", "tool")
+        },
+        {
+          label: "LLM usage",
+          path: "llm",
+          expected: llmShape(baselineContext),
+          actual: llmShape(context),
+          evidence: firstEvidenceForKind(context, "LLM", "llm")
+        },
+        {
+          label: "Error profile",
+          path: "error",
+          expected: errorShape(baselineContext),
+          actual: errorShape(context),
+          evidence: firstEvidenceForKind(context, "ERROR", "error")
+        },
+        {
+          label: "Retrieval signals",
+          path: "retrieval",
+          expected: retrievalShape(baselineContext),
+          actual: retrievalShape(context),
+          evidence: firstEvidenceForKind(context, "RETRIEVER", "retrieval")
+        },
+        {
+          label: "Guardrail signals",
+          path: "guardrail",
+          expected: guardrailShape(baselineContext),
+          actual: guardrailShape(context),
+          evidence: guardrailEvents(context)[0] ? [eventEvidence(guardrailEvents(context)[0], "guardrail")] : runEvidence(context.selectedRun)
+        }
+      ];
+      for (const comparison of comparisons) {
+        if (JSON.stringify(comparison.expected) === JSON.stringify(comparison.actual)) {
+          continue;
+        }
+        findings.push(
+          baselineDiffFinding(
+            `${comparison.label} differs from baseline.`,
+            comparison.evidence.length > 0 ? comparison.evidence : [{ runId: context.selectedRun?.runId, path: comparison.path }],
+            comparison.expected,
+            comparison.actual
+          )
+        );
+      }
+      return findings;
+    }
+  };
+}
+function runTraceChecks(input3, options = {}) {
+  const selected = resolveSelectedRun(input3, options.runId);
+  if (selected.diagnostics.length > 0) {
+    return errorResult(input3, selected.diagnostics, selected.run);
+  }
+  const rules = selectRules(options.rules ?? [], options.select);
+  if (rules.diagnostics.length > 0) {
+    return errorResult(input3, rules.diagnostics, selected.run);
+  }
+  const facts = buildFacts(input3, selected.run);
+  const context = {
+    ...facts,
+    ...selected.run ? { selectedRun: selected.run } : {},
+    ...input3.sourceLabel ? { sourceLabel: input3.sourceLabel } : {}
+  };
+  const diagnostics = [];
+  const findings = [];
+  for (const rule of rules.rules) {
+    try {
+      findings.push(...rule.evaluate(context).map((finding) => normalizeFinding(rule, finding)));
+    } catch (error) {
+      const message = error instanceof Error ? error.message : String(error);
+      diagnostics.push(
+        diagnostic("AI_CHECK_INTERNAL_ERROR", `Rule ${rule.id} failed: ${message}`, rule.id)
+      );
+    }
+  }
+  if (diagnostics.length > 0) {
+    return errorResult(input3, diagnostics, selected.run);
+  }
+  const eventById = new Map(input3.read.events.map((event) => [event.eventId, event]));
+  const sortedFindings = findings.sort(compareFindings(eventById));
+  const summary = summarize(sortedFindings, diagnostics);
+  const status = summary.failed > 0 ? "fail" : "pass";
+  return {
+    ok: status === "pass",
+    status,
+    format: input3.read.format,
+    ...selected.run ? { runId: selected.run.runId } : {},
+    summary,
+    findings: sortedFindings,
+    diagnostics
+  };
+}
+async function readStdin2(stdin) {
+  stdin.setEncoding("utf8");
+  let content = "";
+  for await (const chunk of stdin) {
+    content += typeof chunk === "string" ? chunk : String(chunk);
+  }
+  return content;
+}
+function isMissingFileError2(error) {
+  return error !== null && typeof error === "object" && "code" in error && error.code === "ENOENT";
+}
+async function inputFromTarget(target, options, stdin) {
+  if (target === "-") {
+    return { type: "string", content: await readStdin2(stdin) };
+  }
+  try {
+    const stats2 = await promises.stat(target);
+    if (stats2.isDirectory()) return { type: "directory", path: target };
+    return { type: "file", path: target };
+  } catch (error) {
+    if (!isMissingFileError2(error)) throw error;
+  }
+  const runPath = getTraceFilePath(target, resolveTraceDir({ dir: options.dir }));
+  const stats = await promises.stat(runPath);
+  if (stats.isDirectory()) return { type: "directory", path: runPath };
+  return { type: "file", path: runPath };
+}
+
+// packages/cli/src/check.ts
+var DEFAULT_SELECT = ["run.status"];
+var CONFIG_EXTENSIONS = /* @__PURE__ */ new Set([".json", ".js", ".mjs", ".cjs"]);
+var TS_CONFIG_EXTENSIONS = /* @__PURE__ */ new Set([".ts", ".mts", ".cts"]);
+function diagnostic2(code, message, severity = "error") {
+  return { code, message, severity };
+}
+function errorResult2(code, message, format = "unknown") {
+  const diagnostics = [diagnostic2(code, message)];
+  return {
+    ok: false,
+    status: "error",
+    format,
+    summary: {
+      passed: 0,
+      failed: 0,
+      warnings: 0,
+      errors: 1
+    },
+    findings: [],
+    diagnostics
+  };
+}
+function parseNumber(value, label) {
+  if (value === void 0) return void 0;
+  const parsed = Number(value);
+  if (!Number.isFinite(parsed) || parsed < 0) {
+    throw new Error(`${label} must be a non-negative number.`);
+  }
+  return parsed;
+}
+function asStringArray(value) {
+  if (value === void 0) return void 0;
+  if (!Array.isArray(value) || value.some((item) => typeof item !== "string")) {
+    throw new Error("Expected an array of strings.");
+  }
+  return value;
+}
+function asConfig(value) {
+  if (value === void 0 || value === null) return {};
+  if (typeof value !== "object" || Array.isArray(value)) {
+    throw new Error("Config must export an object.");
+  }
+  return value;
+}
+async function loadConfig(configPath) {
+  if (configPath === void 0) return {};
+  const extension = path10__default.default.extname(configPath);
+  if (TS_CONFIG_EXTENSIONS.has(extension)) {
+    throw new Error(
+      "TypeScript check configs require an explicit precompiled JavaScript config or future --config-loader support."
+    );
+  }
+  if (!CONFIG_EXTENSIONS.has(extension)) {
+    throw new Error("Unsupported check config extension. Use .json, .js, .mjs, or .cjs.");
+  }
+  const absolute = path10__default.default.resolve(configPath);
+  if (extension === ".json") {
+    const raw = await promises.readFile(absolute, "utf-8");
+    return asConfig(JSON.parse(raw));
+  }
+  const mod = await import(url.pathToFileURL(absolute).href);
+  return asConfig("default" in mod ? mod.default : mod);
+}
+function normalizeConfig(config) {
+  if (config.checks === void 0) return {};
+  if (typeof config.checks !== "object" || Array.isArray(config.checks)) {
+    throw new Error("checks config must be an object.");
+  }
+  return config.checks;
+}
+function buildRules(config, options) {
+  const diagnostics = [];
+  const checks = normalizeConfig(config);
+  const run = checks.run ?? {};
+  const tool = checks.tool ?? {};
+  const llm = checks.llm ?? {};
+  const structure = checks.structure ?? {};
+  const safety = checks.safety ?? {};
+  const maxDurationMs = parseNumber(options.maxDurationMs, "--max-duration-ms") ?? run.maxDurationMs;
+  const maxTotalTokens = parseNumber(options.maxTotalTokens, "--max-total-tokens") ?? llm.maxTotalTokens;
+  const rules = [
+    createRunStatusRule(run),
+    createStructureOrphanRule(),
+    createStructureCycleRule(),
+    createSafetyRawContentRule(),
+    createSafetySecretPatternRule()
+  ];
+  if (maxDurationMs !== void 0) {
+    rules.push(createRunDurationRule({ maxDurationMs }));
+  }
+  if (run.maxDepth !== void 0) {
+    rules.push(createRunDepthRule({ maxDepth: run.maxDepth }));
+  }
+  const toolOptions = {
+    ...tool,
+    required: [...tool.required ?? [], ...options.requiredTool ?? []],
+    forbidden: [...tool.forbidden ?? [], ...options.forbiddenTool ?? []]
+  };
+  if (toolOptions.required?.length || toolOptions.forbidden?.length || toolOptions.allowed?.length || toolOptions.minCount !== void 0 || toolOptions.maxCount !== void 0) {
+    rules.push(createToolUsageRule(toolOptions));
+  }
+  const llmOptions = {
+    ...llm,
+    allowedModels: [...llm.allowedModels ?? [], ...options.allowedModel ?? []],
+    ...maxTotalTokens !== void 0 ? { maxTotalTokens } : {}
+  };
+  if (llmOptions.allowedModels?.length || llmOptions.allowedProviders?.length || llmOptions.finishReasons?.length || llmOptions.maxCalls !== void 0 || llmOptions.maxInputTokens !== void 0 || llmOptions.maxOutputTokens !== void 0 || llmOptions.maxTotalTokens !== void 0 || llmOptions.maxCachedTokens !== void 0) {
+    rules.push(createLlmUsageRule(llmOptions));
+  }
+  if (structure.minConfidence !== void 0 || structure.requireParentBeforeChild !== void 0 || structure.requireTraceParentSpan !== void 0) {
+    rules.push(createStructureRelationshipRule(structure));
+  }
+  if (structure.maxChildren !== void 0 || structure.maxConcurrent !== void 0) {
+    rules.push(
+      createStructureParallelWidthRule({
+        maxChildren: structure.maxChildren,
+        maxConcurrent: structure.maxConcurrent
+      })
+    );
+  }
+  if (safety.redaction) rules.push(createSafetyRedactionRule());
+  if (safety.maxStringLength !== void 0 || safety.maxArrayLength !== void 0 || safety.maxObjectKeys !== void 0 || safety.maxSerializedBytes !== void 0) {
+    rules.push(createSafetyOversizedAttributeRule(safety));
+  }
+  const select = [
+    ...asStringArray(checks.select) ?? [],
+    ...options.rule ?? []
+  ];
+  return {
+    rules,
+    select: select.length > 0 ? select : DEFAULT_SELECT,
+    diagnostics
+  };
+}
+function exitCodeFor(result) {
+  if (result.status === "pass") return 0;
+  if (result.status === "fail") return 1;
+  const codes = result.diagnostics.map((item) => item.code);
+  if (codes.some(
+    (code) => code === "AI_CHECK_UNSUPPORTED_FORMAT" || code === "AI_CHECK_AMBIGUOUS_FORMAT"
+  )) {
+    return 4;
+  }
+  if (codes.some(
+    (code) => code === "AI_CHECK_TRACE_UNREADABLE" || code === "AI_CHECK_BASELINE_UNREADABLE"
+  )) {
+    return 3;
+  }
+  if (codes.some(
+    (code) => code === "AI_CHECK_INVALID_ARGUMENTS" || code === "AI_CHECK_INVALID_CONFIG" || code === "AI_CHECK_CONFIG_LOAD_FAILED" || code === "AI_CHECK_RUN_SELECTION_REQUIRED"
+  )) {
+    return 2;
+  }
+  return 1;
+}
+function stable(value) {
+  if (Array.isArray(value)) return value.map(stable);
+  if (value === null || typeof value !== "object") return value;
+  const record = value;
+  return Object.fromEntries(
+    Object.keys(record).sort((a, b) => a.localeCompare(b)).map((key) => [key, stable(record[key])])
+  );
+}
+function printJson(result) {
+  console.log(JSON.stringify(stable(result), null, 2));
+}
+function printHuman(result) {
+  console.log(`Check status: ${result.status}`);
+  console.log(`Format: ${result.format}`);
+  if (result.runId !== void 0) console.log(`Run: ${result.runId}`);
+  console.log(
+    `Summary: ${result.summary.failed} failed, ${result.summary.warnings} warning(s), ${result.summary.errors} error(s)`
+  );
+  for (const diagnostic3 of result.diagnostics) {
+    console.log(`- ${diagnostic3.code}: ${diagnostic3.message}`);
+  }
+  for (const finding of result.findings) {
+    const path12 = finding.evidence[0]?.path;
+    console.log(`- ${finding.ruleId}: ${finding.message}${path12 ? ` (${path12})` : ""}`);
+  }
+}
+function readErrorResult(error) {
+  if (error instanceof TraceReadError) {
+    const code = error.code === "unsupported_format" ? "AI_CHECK_UNSUPPORTED_FORMAT" : error.code === "ambiguous_format" ? "AI_CHECK_AMBIGUOUS_FORMAT" : "AI_CHECK_TRACE_UNREADABLE";
+    return errorResult2(code, error.message);
+  }
+  return errorResult2(
+    "AI_CHECK_TRACE_UNREADABLE",
+    error instanceof Error ? error.message : String(error)
+  );
+}
+async function checkCommand(target, options = {}, stdin = process.stdin) {
+  let result;
+  let phase = "config";
+  try {
+    const config = await loadConfig(options.config);
+    const built = buildRules(config, options);
+    if (built.diagnostics.some((item) => item.severity === "error")) {
+      result = errorResult2("AI_CHECK_INVALID_CONFIG", "Invalid check configuration.");
+      result.diagnostics = [...built.diagnostics];
+    } else {
+      phase = "read";
+      const input3 = await inputFromTarget(target, options, stdin);
+      const read = await openTrace(input3, {
+        ...options.format !== void 0 ? { format: options.format } : {}
+      });
+      result = runTraceChecks(
+        { read },
+        {
+          rules: built.rules,
+          select: built.select,
+          ...options.run !== void 0 ? { runId: options.run } : {}
+        }
+      );
+    }
+  } catch (error) {
+    if (phase === "config") {
+      const message = error instanceof Error ? error.message : String(error);
+      const code = message.startsWith("--") ? "AI_CHECK_INVALID_ARGUMENTS" : error instanceof SyntaxError || message.includes("Unsupported check config extension") || message.includes("TypeScript check configs") || message.includes("Config must") || message.includes("checks config") || message.includes("Expected an array") ? "AI_CHECK_INVALID_CONFIG" : "AI_CHECK_CONFIG_LOAD_FAILED";
+      result = errorResult2(
+        code,
+        message
+      );
+    } else {
+      result = readErrorResult(error);
+    }
+  }
+  process.exitCode = exitCodeFor(result);
+  if (options.json) printJson(result);
+  else printHuman(result);
+}
+
+// packages/cli/src/safety.ts
+var BEST_EFFORT_NOTE = "Best-effort local safety verification only; not a compliance, privacy, security, or regulatory certification.";
+var DEFAULT_MAX_STRING_LENGTH = 16384;
+var DEFAULT_MAX_ARRAY_LENGTH = 1e3;
+var DEFAULT_MAX_OBJECT_KEYS = 200;
+var DEFAULT_MAX_SERIALIZED_BYTES = 128 * 1024;
+function parseLimit3(value, label) {
+  if (value === void 0) return void 0;
+  const parsed = Number(value);
+  if (!Number.isFinite(parsed) || parsed < 0) {
+    throw new Error(`${label} must be a non-negative number.`);
+  }
+  return parsed;
+}
+function stable2(value) {
+  if (Array.isArray(value)) return value.map(stable2);
+  if (value === null || typeof value !== "object") return value;
+  const record = value;
+  return Object.fromEntries(
+    Object.keys(record).sort((a, b) => a.localeCompare(b)).map((key) => [key, stable2(record[key])])
+  );
+}
+function safetyDiagnostic(code, message, severity = "error") {
+  return { code, message, severity };
+}
+function warningDiagnostics(warnings, unsupportedFields) {
+  return [
+    ...warnings.map(
+      (warning) => safetyDiagnostic(
+        warning.code,
+        warning.message,
+        warning.severity === "error" ? "error" : "warning"
+      )
+    ),
+    ...unsupportedFields.map(
+      (field) => safetyDiagnostic(
+        "unsupported_field",
+        `Reader reported unsupported field: ${field}`,
+        "warning"
+      )
+    )
+  ];
+}
+function diagnosticFromCheck(item) {
+  return safetyDiagnostic(item.code, item.message, item.severity);
+}
+function statusFrom(findings, diagnostics) {
+  if (diagnostics.some((item) => item.severity === "error")) return "UNKNOWN";
+  if (findings.some((item) => item.severity === "error")) return "UNSAFE";
+  if (diagnostics.some((item) => item.severity === "warning")) return "SAFE WITH WARNINGS";
+  if (findings.some((item) => item.severity === "warning")) return "SAFE WITH WARNINGS";
+  return "SAFE";
+}
+function resultFromParts(parts) {
+  const findings = [...parts.findings ?? []];
+  const diagnostics = [...parts.diagnostics ?? []];
+  const warnings = [...parts.warnings ?? []];
+  const unsupportedFields = [...parts.unsupportedFields ?? []];
+  const status = statusFrom(findings, diagnostics);
+  return {
+    ok: status === "SAFE" || status === "SAFE WITH WARNINGS",
+    command: parts.command,
+    status,
+    format: parts.format,
+    ...parts.runId !== void 0 ? { runId: parts.runId } : {},
+    summary: {
+      findings: findings.length,
+      warnings: diagnostics.filter((item) => item.severity === "warning").length + findings.filter((item) => item.severity === "warning").length,
+      errors: diagnostics.filter((item) => item.severity === "error").length + findings.filter((item) => item.severity === "error").length
+    },
+    findings,
+    diagnostics,
+    warnings,
+    unsupportedFields,
+    note: BEST_EFFORT_NOTE
+  };
+}
+function readErrorResult2(command, error) {
+  if (error instanceof TraceReadError) {
+    const code = error.code === "unsupported_format" ? "AI_SAFETY_UNSUPPORTED_FORMAT" : error.code === "ambiguous_format" ? "AI_SAFETY_AMBIGUOUS_FORMAT" : "AI_SAFETY_TRACE_UNREADABLE";
+    return resultFromParts({
+      command,
+      format: "unknown",
+      diagnostics: [safetyDiagnostic(code, error.message)],
+      warnings: error.warnings
+    });
+  }
+  return resultFromParts({
+    command,
+    format: "unknown",
+    diagnostics: [
+      safetyDiagnostic(
+        "AI_SAFETY_TRACE_UNREADABLE",
+        error instanceof Error ? error.message : String(error)
+      )
+    ]
+  });
+}
+function invalidArgumentResult(command, error) {
+  return resultFromParts({
+    command,
+    format: "unknown",
+    diagnostics: [
+      safetyDiagnostic(
+        "AI_SAFETY_INVALID_ARGUMENTS",
+        error instanceof Error ? error.message : String(error)
+      )
+    ]
+  });
+}
+function buildSafetyRules(options) {
+  const maxStringLength = parseLimit3(options.maxStringLength, "--max-string-length") ?? DEFAULT_MAX_STRING_LENGTH;
+  const maxArrayLength = parseLimit3(options.maxArrayLength, "--max-array-length") ?? DEFAULT_MAX_ARRAY_LENGTH;
+  const maxObjectKeys = parseLimit3(options.maxObjectKeys, "--max-object-keys") ?? DEFAULT_MAX_OBJECT_KEYS;
+  const maxSerializedBytes = parseLimit3(options.maxSerializedBytes, "--max-serialized-bytes") ?? DEFAULT_MAX_SERIALIZED_BYTES;
+  return [
+    createSafetyRawContentRule(),
+    createSafetyRedactionRule(),
+    createSafetySecretPatternRule(),
+    createSafetyOversizedAttributeRule({
+      maxStringLength,
+      maxArrayLength,
+      maxObjectKeys,
+      maxSerializedBytes
+    })
+  ];
+}
+function exitCodeFor2(result) {
+  if (result.status === "SAFE" || result.status === "SAFE WITH WARNINGS") return 0;
+  if (result.status === "UNSAFE") return 1;
+  return 2;
+}
+function printJson2(result) {
+  console.log(JSON.stringify(stable2(result), null, 2));
+}
+function printHuman2(result) {
+  console.log(`Safety status: ${result.status}`);
+  console.log(`Format: ${result.format}`);
+  if (result.runId !== void 0) console.log(`Run: ${result.runId}`);
+  console.log(
+    `Summary: ${result.summary.findings} finding(s), ${result.summary.warnings} warning(s), ${result.summary.errors} error(s)`
+  );
+  for (const diagnostic3 of result.diagnostics) {
+    console.log(`- ${diagnostic3.code}: ${diagnostic3.message}`);
+  }
+  for (const finding of result.findings) {
+    const path12 = finding.evidence[0]?.path;
+    console.log(`- ${finding.ruleId}: ${finding.message}${path12 ? ` (${path12})` : ""}`);
+  }
+  console.log(`Note: ${result.note}`);
+}
+async function safetyCommand(command, target, options, stdin) {
+  let result;
+  try {
+    const rules = buildSafetyRules(options);
+    const input3 = await inputFromTarget(target, options, stdin);
+    const read = await openTrace(input3, {
+      ...options.format !== void 0 ? { format: options.format } : {}
+    });
+    const checkResult = runTraceChecks(
+      { read },
+      {
+        rules,
+        ...options.run !== void 0 ? { runId: options.run } : {}
+      }
+    );
+    result = resultFromParts({
+      command,
+      format: checkResult.format,
+      runId: checkResult.runId,
+      findings: checkResult.findings,
+      diagnostics: [
+        ...checkResult.diagnostics.map(diagnosticFromCheck),
+        ...warningDiagnostics(read.warnings, read.unsupportedFields)
+      ],
+      warnings: read.warnings,
+      unsupportedFields: read.unsupportedFields
+    });
+  } catch (error) {
+    const message = error instanceof Error ? error.message : String(error);
+    result = message.startsWith("--") ? invalidArgumentResult(command, error) : readErrorResult2(command, error);
+  }
+  process.exitCode = exitCodeFor2(result);
+  if (options.json) printJson2(result);
+  else printHuman2(result);
+}
+function scanCommand(target, options = {}, stdin = process.stdin) {
+  return safetyCommand("scan", target, options, stdin);
+}
+function verifySafeCommand(target, options = {}, stdin = process.stdin) {
+  return safetyCommand("verify-safe", target, options, stdin);
+}
+var NOTE = "Generated locally by AgentInspect. Artifacts are best-effort summaries, not compliance or security certification.";
+var SAFETY_RULES = [
+  createSafetyRawContentRule(),
+  createSafetyRedactionRule(),
+  createSafetySecretPatternRule(),
+  createSafetyOversizedAttributeRule({
+    maxStringLength: 16384,
+    maxArrayLength: 1e3,
+    maxObjectKeys: 200,
+    maxSerializedBytes: 128 * 1024
+  })
+];
+function stable3(value) {
+  if (Array.isArray(value)) return value.map(stable3);
+  if (value === null || typeof value !== "object") return value;
+  const record = value;
+  return Object.fromEntries(
+    Object.keys(record).sort((a, b) => a.localeCompare(b)).map((key) => [key, stable3(record[key])])
+  );
+}
+function writeJson2(value) {
+  return `${JSON.stringify(stable3(value), null, 2)}
+`;
+}
+function escapeHtml2(value) {
+  return value.replaceAll("&", "&amp;").replaceAll("<", "&lt;").replaceAll(">", "&gt;").replaceAll('"', "&quot;");
+}
+function markdownTable(rows) {
+  const lines = ["| Field | Value |", "| --- | --- |"];
+  for (const [key, value] of rows) {
+    lines.push(`| ${key} | ${value ?? "unknown"} |`);
+  }
+  return lines.join("\n");
+}
+function increment(record, key) {
+  const label = key && key.trim() !== "" ? key : "unknown";
+  record[label] = (record[label] ?? 0) + 1;
+}
+function selectRun2(read, runId) {
+  if (runId !== void 0) {
+    return read.runs.find((run) => run.runId === runId);
+  }
+  return read.runs.length === 1 ? read.runs[0] : void 0;
+}
+function summarizeTrace(read, run) {
+  const runId = run?.runId;
+  const scopedEvents = runId === void 0 ? read.events : read.events.filter((event) => event.runId === runId);
+  const eventsByKind = {};
+  const eventsByStatus = {};
+  for (const event of scopedEvents) {
+    increment(eventsByKind, event.kind);
+    increment(eventsByStatus, event.status);
+  }
+  return {
+    format: read.format,
+    ...runId !== void 0 ? { runId } : {},
+    ...run?.status !== void 0 ? { runStatus: run.status } : {},
+    ...run?.durationMs !== void 0 ? { runDurationMs: run.durationMs } : {},
+    runCount: read.runs.length,
+    eventCount: scopedEvents.length,
+    eventsByKind: Object.fromEntries(Object.entries(eventsByKind).sort()),
+    eventsByStatus: Object.fromEntries(Object.entries(eventsByStatus).sort()),
+    readerWarnings: read.warnings.length,
+    unsupportedFields: read.unsupportedFields.length
+  };
+}
+function renderCheckSection(result) {
+  const lines = [
+    `Status: ${result.status}`,
+    `Findings: ${result.findings.length}`,
+    `Diagnostics: ${result.diagnostics.length}`
+  ];
+  for (const finding of result.findings.slice(0, 10)) {
+    const path12 = finding.evidence[0]?.path ?? "(run)";
+    lines.push(`- ${finding.ruleId}: ${finding.message} (${path12})`);
+  }
+  for (const diagnostic3 of result.diagnostics.slice(0, 10)) {
+    lines.push(`- ${diagnostic3.code}: ${diagnostic3.message}`);
+  }
+  return lines.join("\n");
+}
+function renderMarkdown(trace, check, diff) {
+  const lines = [
+    "# AgentInspect CI Artifacts",
+    "",
+    NOTE,
+    "",
+    "## Trace",
+    "",
+    markdownTable([
+      ["Format", trace.format],
+      ["Run", trace.runId],
+      ["Run status", trace.runStatus],
+      ["Run duration ms", trace.runDurationMs],
+      ["Runs", trace.runCount],
+      ["Events", trace.eventCount],
+      ["Reader warnings", trace.readerWarnings],
+      ["Unsupported fields", trace.unsupportedFields]
+    ]),
+    "",
+    "## Safety check",
+    "",
+    "```text",
+    renderCheckSection(check),
+    "```",
+    "",
+    "## Baseline diff",
+    ""
+  ];
+  if (diff) {
+    lines.push("```text", renderCheckSection(diff), "```", "");
+  } else {
+    lines.push("No baseline was supplied.", "");
+  }
+  return lines.join("\n");
+}
+function renderHtml(trace, check, diff) {
+  const rows = [
+    ["Format", trace.format],
+    ["Run", trace.runId],
+    ["Run status", trace.runStatus],
+    ["Run duration ms", trace.runDurationMs],
+    ["Runs", trace.runCount],
+    ["Events", trace.eventCount],
+    ["Reader warnings", trace.readerWarnings],
+    ["Unsupported fields", trace.unsupportedFields]
+  ];
+  const table = rows.map(
+    ([key, value]) => `<tr><th>${escapeHtml2(key)}</th><td>${escapeHtml2(String(value ?? "unknown"))}</td></tr>`
+  ).join("");
+  return `<!doctype html>
+<html lang="en">
+<head>
+<meta charset="utf-8"/>
+<meta name="viewport" content="width=device-width, initial-scale=1"/>
+<title>AgentInspect CI Artifacts</title>
+<style>body{font-family:system-ui,sans-serif;line-height:1.5;margin:1.5rem;max-width:960px;color:#111}table{border-collapse:collapse}th,td{border:1px solid #ddd;padding:0.35rem 0.5rem;text-align:left}pre{white-space:pre-wrap;background:#f8f8f8;padding:0.75rem;overflow:auto}</style>
+</head>
+<body>
+<h1>AgentInspect CI Artifacts</h1>
+<p>${escapeHtml2(NOTE)}</p>
+<h2>Trace</h2>
+<table><tbody>${table}</tbody></table>
+<h2>Safety check</h2>
+<pre>${escapeHtml2(renderCheckSection(check))}</pre>
+<h2>Baseline diff</h2>
+<pre>${escapeHtml2(diff ? renderCheckSection(diff) : "No baseline was supplied.")}</pre>
+</body>
+</html>
+`;
+}
+async function writeArtifact(outputDir, relativePath, content, files) {
+  const outPath = path10__default.default.join(outputDir, relativePath);
+  await promises.mkdir(path10__default.default.dirname(outPath), { recursive: true });
+  await promises.writeFile(outPath, content, "utf-8");
+  files.push(relativePath);
+}
+function readErrorMessage(error) {
+  if (error instanceof TraceReadError) return error.message;
+  return error instanceof Error ? error.message : String(error);
+}
+function manifestStatus(check, diff) {
+  if (check.status === "error" || diff?.status === "error") return "unknown";
+  if (check.status === "fail") return "unsafe";
+  if (diff?.status === "fail") return "regression";
+  if (check.summary.warnings > 0 || (diff?.summary.warnings ?? 0) > 0) return "warning";
+  return "ok";
+}
+async function artifactsCommand(target, options = {}, stdin = process.stdin) {
+  const outputDir = options.outputDir !== void 0 && options.outputDir.trim() !== "" ? path10__default.default.resolve(options.outputDir.trim()) : "";
+  if (outputDir === "") {
+    console.error("--output-dir is required.");
+    process.exitCode = 1;
+    return;
+  }
+  let read;
+  try {
+    const input3 = await inputFromTarget(target, options, stdin);
+    read = await openTrace(input3, {
+      ...options.format !== void 0 ? { format: options.format } : {}
+    });
+  } catch (error) {
+    console.error(`[AgentInspect] artifacts failed: ${readErrorMessage(error)}`);
+    process.exitCode = 1;
+    return;
+  }
+  const selectedRun = selectRun2(read, options.run);
+  const check = runTraceChecks(
+    { read },
+    {
+      rules: SAFETY_RULES,
+      ...options.run !== void 0 ? { runId: options.run } : {}
+    }
+  );
+  const trace = summarizeTrace(read, selectedRun);
+  let diff;
+  if (options.baseline !== void 0 && options.baseline.trim() !== "") {
+    try {
+      const baselineInput = await inputFromTarget(options.baseline, options, stdin);
+      const baselineRead = await openTrace(baselineInput, {
+        ...options.format !== void 0 ? { format: options.format } : {}
+      });
+      diff = runTraceChecks(
+        { read },
+        {
+          rules: [
+            createBaselineRegressionRule({
+              baseline: { read: baselineRead },
+              ...options.baselineRun !== void 0 ? { baselineRunId: options.baselineRun } : {},
+              compareFormat: true
+            })
+          ],
+          ...options.run !== void 0 ? { runId: options.run } : {}
+        }
+      );
+    } catch (error) {
+      console.error(`[AgentInspect] baseline diff failed: ${readErrorMessage(error)}`);
+      process.exitCode = 1;
+      return;
+    }
+  }
+  const files = [];
+  await promises.mkdir(outputDir, { recursive: true });
+  await writeArtifact(outputDir, "trace.json", writeJson2(trace), files);
+  await writeArtifact(outputDir, "check.json", writeJson2(check), files);
+  await writeArtifact(
+    outputDir,
+    "diff.json",
+    writeJson2(diff ?? { status: "not_requested", findings: [], diagnostics: [] }),
+    files
+  );
+  await writeArtifact(outputDir, "summary.md", renderMarkdown(trace, check, diff), files);
+  await writeArtifact(outputDir, "report.html", renderHtml(trace, check, diff), files);
+  const summaryTarget = options.githubSummary ?? process.env.GITHUB_STEP_SUMMARY;
+  if (summaryTarget !== void 0 && summaryTarget.trim() !== "") {
+    await promises.mkdir(path10__default.default.dirname(path10__default.default.resolve(summaryTarget)), { recursive: true });
+    await promises.appendFile(path10__default.default.resolve(summaryTarget), `
+${renderMarkdown(trace, check, diff)}`, "utf-8");
+  }
+  const manifestFiles = [...files, "manifest.json"].sort((a, b) => a.localeCompare(b));
+  const manifest = {
+    status: manifestStatus(check, diff),
+    outputDir,
+    files: manifestFiles,
+    trace,
+    check: {
+      status: check.status,
+      findings: check.findings.length,
+      diagnostics: check.diagnostics.length
+    },
+    diff: {
+      status: diff?.status ?? "not_requested",
+      findings: diff?.findings.length ?? 0,
+      diagnostics: diff?.diagnostics.length ?? 0
+    },
+    ...summaryTarget !== void 0 && summaryTarget.trim() !== "" ? { githubSummary: path10__default.default.resolve(summaryTarget) } : {},
+    note: NOTE
+  };
+  await promises.writeFile(path10__default.default.join(outputDir, "manifest.json"), writeJson2(manifest), "utf-8");
+  if (options.json === true) {
+    console.log(writeJson2(manifest).trimEnd());
+  } else {
+    console.log(`Wrote AgentInspect artifacts to ${outputDir}`);
+    console.log(`Status: ${manifest.status}`);
+    for (const file of manifest.files) {
+      console.log(`- ${file}`);
+    }
+  }
+}
+
 // packages/cli/src/index.ts
 function runCommand(action) {
   void action().catch((error) => {
@@ -9195,6 +11171,54 @@ function createCliProgram() {
   ).option("--json", "print result as JSON").option("--diagnostics", "print reader warnings and unsupported fields").option("--run <run-id>", "select a run when the trace contains multiple runs").action((input3, opts) => {
     runCommand(() => openCommand(input3, opts));
   });
+  program.command("check").description("Run deterministic checks against a local trace").argument("<trace-path-or-run-id>", "trace file, directory, stdin -, or run id").option("--dir <path>", "trace directory for run-id lookup").addOption(
+    new commander.Option("--format <format>", "trace input format").choices([
+      "agent-inspect-jsonl",
+      "openinference-json",
+      "otlp-json"
+    ])
+  ).option("--run <run-id>", "select a run when the trace contains multiple runs").option("--config <path>", "path to check config (.json, .js, .mjs, .cjs)").option("--json", "print deterministic JSON check result").option("--rule <id>", "select a rule id (repeatable)", (value, previous = []) => [
+    ...previous,
+    value
+  ]).option("--max-duration-ms <number>", "add run.duration with a max duration").option("--required-tool <name>", "require a tool name (repeatable)", (value, previous = []) => [
+    ...previous,
+    value
+  ]).option("--forbidden-tool <name>", "forbid a tool name (repeatable)", (value, previous = []) => [
+    ...previous,
+    value
+  ]).option("--allowed-model <model>", "allow an LLM model (repeatable)", (value, previous = []) => [
+    ...previous,
+    value
+  ]).option("--max-total-tokens <number>", "add llm.usage with a max total-token budget").action((target, opts) => {
+    runCommand(() => checkCommand(target, opts));
+  });
+  program.command("scan").description("Best-effort local safety scan for trace capture risks").argument("<trace-path-or-run-id>", "trace file, directory, stdin -, or run id").option("--dir <path>", "trace directory for run-id lookup").addOption(
+    new commander.Option("--format <format>", "trace input format").choices([
+      "agent-inspect-jsonl",
+      "openinference-json",
+      "otlp-json"
+    ])
+  ).option("--run <run-id>", "select a run when the trace contains multiple runs").option("--json", "print deterministic JSON safety result").option("--max-string-length <number>", "unsafe threshold for string values").option("--max-array-length <number>", "unsafe threshold for array values").option("--max-object-keys <number>", "unsafe threshold for object key counts").option("--max-serialized-bytes <number>", "unsafe threshold for serialized values").action((target, opts) => {
+    runCommand(() => scanCommand(target, opts));
+  });
+  program.command("verify-safe").description("Best-effort local trace safety verification").argument("<trace-path-or-run-id>", "trace file, directory, stdin -, or run id").option("--dir <path>", "trace directory for run-id lookup").addOption(
+    new commander.Option("--format <format>", "trace input format").choices([
+      "agent-inspect-jsonl",
+      "openinference-json",
+      "otlp-json"
+    ])
+  ).option("--run <run-id>", "select a run when the trace contains multiple runs").option("--json", "print deterministic JSON safety result").option("--max-string-length <number>", "unsafe threshold for string values").option("--max-array-length <number>", "unsafe threshold for array values").option("--max-object-keys <number>", "unsafe threshold for object key counts").option("--max-serialized-bytes <number>", "unsafe threshold for serialized values").action((target, opts) => {
+    runCommand(() => verifySafeCommand(target, opts));
+  });
+  program.command("artifacts").description("Create safe local CI trace artifacts").argument("<trace-path-or-run-id>", "trace file, directory, stdin -, or run id").requiredOption("--output-dir <path>", "directory for generated artifacts").option("--dir <path>", "trace directory for run-id lookup").addOption(
+    new commander.Option("--format <format>", "trace input format").choices([
+      "agent-inspect-jsonl",
+      "openinference-json",
+      "otlp-json"
+    ])
+  ).option("--run <run-id>", "select a run when the trace contains multiple runs").option("--baseline <trace-path-or-run-id>", "optional baseline trace for diff artifacts").option("--baseline-run <run-id>", "select a run from the baseline trace").option("--github-summary <path>", "append a safe summary to this file, e.g. GITHUB_STEP_SUMMARY").option("--json", "print deterministic JSON manifest").action((target, opts) => {
+    runCommand(() => artifactsCommand(target, opts));
+  });
   program.command("diff").description("Compare two local AgentInspect JSONL traces (read-only)").argument("<left-run-id>", "first run id").argument("<right-run-id>", "second run id").option("--dir <path>", "trace directory").option("--json", "print diff result as JSON").option("--ignore-duration", "omit duration comparisons").option(
     "--duration-threshold <duration>",
     "ignore duration deltas at or below this (e.g. 500ms, 2s, 1m)"
@@ -9262,9 +11286,9 @@ function isPrimaryModule() {
   if (!entry) return false;
   const selfPath = url.fileURLToPath((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('index.cjs', document.baseURI).href)));
   try {
-    return fs.realpathSync(path__default.default.resolve(entry)) === fs.realpathSync(path__default.default.resolve(selfPath));
+    return fs.realpathSync(path10__default.default.resolve(entry)) === fs.realpathSync(path10__default.default.resolve(selfPath));
   } catch {
-    return path__default.default.resolve(entry) === path__default.default.resolve(selfPath);
+    return path10__default.default.resolve(entry) === path10__default.default.resolve(selfPath);
   }
 }
 if (isPrimaryModule()) {