authority-layer 0.1.0

package/dist/AuthorityLayer.d.ts

@@ -0,0 +1,70 @@
+import type { AuthorityConfig } from "./types";
+export declare class AuthorityLayer {
+    private readonly mode;
+    private readonly budgetGuard?;
+    private readonly loopGuard?;
+    private readonly toolThrottle?;
+    private readonly chain;
+    constructor(config: AuthorityConfig);
+    /**
+     * Convert a guard's PendingHalt into a logged HaltResult, then either
+     * throw an EnforcementHalt (strict) or emit a console warning (warn/stub).
+     */
+    private enforce;
+    /**
+     * Wrap an agent run with enforcement.
+     *
+     * - Resets per-run counters (loop guard).
+     * - Logs run.start and run.complete events to the chain.
+     * - Re-throws EnforcementHalt cleanly; logs unexpected errors to the chain
+     *   before re-throwing so they appear in the audit log.
+     *
+     * @example
+     * await authority.wrap(async () => {
+     *   const result = await authority.tool("openai.chat", () => openai.chat(...));
+     *   authority.recordSpend(result.usage.cost);
+     * });
+     */
+    wrap(fn: () => Promise<void>): Promise<void>;
+    /**
+     * Wrap a single tool call with loop guard and throttle enforcement.
+     *
+     * This is the sole mechanism for calling external tools within wrap().
+     * Both guards are checked before the tool function executes — the tool
+     * function is never called if a limit has already been breached.
+     *
+     * @param name   Human-readable tool name, logged to the event chain.
+     * @param fn     Async function that performs the actual tool call.
+     * @returns      The resolved return value of fn().
+     *
+     * @example
+     * const data = await authority.tool("stripe.charge", () =>
+     *   stripe.charges.create({ amount: 100, currency: "usd" })
+     * );
+     */
+    tool<T>(name: string, fn: () => Promise<T>): Promise<T>;
+    /**
+     * Report token or API spend in USD.
+     *
+     * Call this after each model or billable API call. AuthorityLayer does not
+     * intercept pricing automatically — different providers expose cost
+     * differently, so the host is responsible for calculating the USD amount.
+     *
+     * @example
+     * const response = await openai.chat.completions.create({ ... });
+     * const costUSD = response.usage.total_tokens * PRICE_PER_TOKEN;
+     * authority.recordSpend(costUSD);
+     */
+    recordSpend(amountUSD: number): void;
+    /**
+     * Return a read-only copy of the enforcement event chain.
+     * Useful for inspecting what happened during a run or persisting to disk.
+     */
+    getChain(): readonly import("./types").EnforcementEvent[];
+    /**
+     * Verify the integrity of the in-memory event chain.
+     * Returns false if any event has been tampered with.
+     */
+    verifyChain(): boolean;
+}
+//# sourceMappingURL=AuthorityLayer.d.ts.map

package/dist/AuthorityLayer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthorityLayer.d.ts","sourceRoot":"","sources":["../src/AuthorityLayer.ts"],"names":[],"mappings":"AA2BA,OAAO,KAAK,EAAE,eAAe,EAA4C,MAAM,SAAS,CAAC;AAOzF,qBAAa,cAAc;IACvB,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAkB;IACvC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAc;IAC3C,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAY;IACvC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAe;IAC7C,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAY;gBAEtB,MAAM,EAAE,eAAe;IAiBnC;;;OAGG;IACH,OAAO,CAAC,OAAO;IAgCf;;;;;;;;;;;;;OAaG;IACG,IAAI,CAAC,EAAE,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC;IAuBlD;;;;;;;;;;;;;;;OAeG;IACG,IAAI,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC;IAgB7D;;;;;;;;;;;OAWG;IACH,WAAW,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI;IAOpC;;;OAGG;IACH,QAAQ;IAIR;;;OAGG;IACH,WAAW,IAAI,OAAO;CAGzB"}

package/dist/AuthorityLayer.js

@@ -0,0 +1,175 @@
+"use strict";
+// ─────────────────────────────────────────────────────────────────────────────
+// AuthorityLayer — Main Enforcement Class
+//
+// This is the single public surface of the SDK. Instantiate once, pass config,
+// then route all agent execution through wrap() and all tool calls through
+// tool(). recordSpend() is the only other public method — it exists because
+// token pricing is framework-specific and must be reported explicitly.
+//
+// Design decisions:
+//
+//   1. Guards are instantiated only when their config section is present.
+//      Omitting a config key disables that primitive entirely — no silent
+//      defaults that appear inactive but still run.
+//
+//   2. tool() is the single composable hook for all external tool calls.
+//      It bundles loop guard + throttle in one call, keeping adoption simple
+//      and preventing the misuse that separate checkLoop() / checkThrottle()
+//      methods would invite (forgetting to call one, calling them twice, etc.).
+//
+//   3. EnforcementHalt is a typed error, not a raw throw. Its .enforcement
+//      property carries the full structured HaltResult so callers never need
+//      to parse error messages.
+//
+//   4. mode: "warn" is stubbed in V1. The config option is accepted and stored
+//      so existing configs won't break when warn mode is implemented.
+// ─────────────────────────────────────────────────────────────────────────────
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthorityLayer = void 0;
+const budgetGuard_1 = require("./enforcement/budgetGuard");
+const loopGuard_1 = require("./enforcement/loopGuard");
+const toolThrottle_1 = require("./enforcement/toolThrottle");
+const hashChain_1 = require("./integrity/hashChain");
+const EnforcementHalt_1 = require("./EnforcementHalt");
+class AuthorityLayer {
+    constructor(config) {
+        this.mode = config.mode ?? "strict";
+        this.chain = new hashChain_1.HashChain();
+        if (config.budget) {
+            this.budgetGuard = new budgetGuard_1.BudgetGuard(config.budget);
+        }
+        if (config.loopGuard) {
+            this.loopGuard = new loopGuard_1.LoopGuard(config.loopGuard);
+        }
+        if (config.toolThrottle) {
+            this.toolThrottle = new toolThrottle_1.ToolThrottle(config.toolThrottle);
+        }
+    }
+    // ── Private helpers ─────────────────────────────────────────────────────────
+    /**
+     * Convert a guard's PendingHalt into a logged HaltResult, then either
+     * throw an EnforcementHalt (strict) or emit a console warning (warn/stub).
+     */
+    enforce(result, context) {
+        if (result.status !== "halted")
+            return;
+        const event = this.chain.append("enforcement.halt", {
+            reason: result.reason,
+            limit: result.limit,
+            spent: result.spent,
+            ...context,
+        });
+        const haltResult = {
+            status: "halted",
+            reason: result.reason,
+            limit: result.limit,
+            spent: result.spent,
+            event_id: event.event_id,
+        };
+        if (this.mode === "strict") {
+            throw new EnforcementHalt_1.EnforcementHalt(haltResult);
+        }
+        else {
+            // V1 stub: warn mode is accepted in config but not yet implemented.
+            // In a future release this will emit a structured warning and continue.
+            console.warn("[AuthorityLayer] WARN (warn mode stub):", haltResult);
+        }
+    }
+    // ── Public API ──────────────────────────────────────────────────────────────
+    /**
+     * Wrap an agent run with enforcement.
+     *
+     * - Resets per-run counters (loop guard).
+     * - Logs run.start and run.complete events to the chain.
+     * - Re-throws EnforcementHalt cleanly; logs unexpected errors to the chain
+     *   before re-throwing so they appear in the audit log.
+     *
+     * @example
+     * await authority.wrap(async () => {
+     *   const result = await authority.tool("openai.chat", () => openai.chat(...));
+     *   authority.recordSpend(result.usage.cost);
+     * });
+     */
+    async wrap(fn) {
+        // Per-run reset
+        this.loopGuard?.reset();
+        this.chain.append("run.start", { timestamp: new Date().toISOString() });
+        try {
+            await fn();
+            this.chain.append("run.complete", { timestamp: new Date().toISOString() });
+        }
+        catch (err) {
+            if (err instanceof EnforcementHalt_1.EnforcementHalt) {
+                // Already logged by enforce() — just propagate.
+                throw err;
+            }
+            // Unexpected error — log it to the chain for auditability, then rethrow.
+            this.chain.append("run.error", {
+                message: err instanceof Error ? err.message : String(err),
+            });
+            throw err;
+        }
+    }
+    /**
+     * Wrap a single tool call with loop guard and throttle enforcement.
+     *
+     * This is the sole mechanism for calling external tools within wrap().
+     * Both guards are checked before the tool function executes — the tool
+     * function is never called if a limit has already been breached.
+     *
+     * @param name   Human-readable tool name, logged to the event chain.
+     * @param fn     Async function that performs the actual tool call.
+     * @returns      The resolved return value of fn().
+     *
+     * @example
+     * const data = await authority.tool("stripe.charge", () =>
+     *   stripe.charges.create({ amount: 100, currency: "usd" })
+     * );
+     */
+    async tool(name, fn) {
+        const ctx = { tool: name };
+        if (this.loopGuard) {
+            this.enforce(this.loopGuard.tick(), ctx);
+        }
+        if (this.toolThrottle) {
+            this.enforce(this.toolThrottle.tick(), ctx);
+        }
+        this.chain.append("tool.call", { name });
+        return fn();
+    }
+    /**
+     * Report token or API spend in USD.
+     *
+     * Call this after each model or billable API call. AuthorityLayer does not
+     * intercept pricing automatically — different providers expose cost
+     * differently, so the host is responsible for calculating the USD amount.
+     *
+     * @example
+     * const response = await openai.chat.completions.create({ ... });
+     * const costUSD = response.usage.total_tokens * PRICE_PER_TOKEN;
+     * authority.recordSpend(costUSD);
+     */
+    recordSpend(amountUSD) {
+        if (!this.budgetGuard)
+            return;
+        this.enforce(this.budgetGuard.record(amountUSD));
+    }
+    // ── Audit / integrity ───────────────────────────────────────────────────────
+    /**
+     * Return a read-only copy of the enforcement event chain.
+     * Useful for inspecting what happened during a run or persisting to disk.
+     */
+    getChain() {
+        return this.chain.getChain();
+    }
+    /**
+     * Verify the integrity of the in-memory event chain.
+     * Returns false if any event has been tampered with.
+     */
+    verifyChain() {
+        return this.chain.verify();
+    }
+}
+exports.AuthorityLayer = AuthorityLayer;
+//# sourceMappingURL=AuthorityLayer.js.map

package/dist/AuthorityLayer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthorityLayer.js","sourceRoot":"","sources":["../src/AuthorityLayer.ts"],"names":[],"mappings":";AAAA,gFAAgF;AAChF,0CAA0C;AAC1C,EAAE;AACF,+EAA+E;AAC/E,2EAA2E;AAC3E,4EAA4E;AAC5E,uEAAuE;AACvE,EAAE;AACF,oBAAoB;AACpB,EAAE;AACF,0EAA0E;AAC1E,0EAA0E;AAC1E,oDAAoD;AACpD,EAAE;AACF,yEAAyE;AACzE,6EAA6E;AAC7E,6EAA6E;AAC7E,gFAAgF;AAChF,EAAE;AACF,2EAA2E;AAC3E,6EAA6E;AAC7E,gCAAgC;AAChC,EAAE;AACF,+EAA+E;AAC/E,sEAAsE;AACtE,gFAAgF;;;AAGhF,2DAAwD;AACxD,uDAAoD;AACpD,6DAA0D;AAC1D,qDAAkD;AAClD,uDAAoD;AAEpD,MAAa,cAAc;IAOvB,YAAY,MAAuB;QAC/B,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,IAAI,QAAQ,CAAC;QACpC,IAAI,CAAC,KAAK,GAAG,IAAI,qBAAS,EAAE,CAAC;QAE7B,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAChB,IAAI,CAAC,WAAW,GAAG,IAAI,yBAAW,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QACtD,CAAC;QACD,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;YACnB,IAAI,CAAC,SAAS,GAAG,IAAI,qBAAS,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACrD,CAAC;QACD,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;YACtB,IAAI,CAAC,YAAY,GAAG,IAAI,2BAAY,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;QAC9D,CAAC;IACL,CAAC;IAED,+EAA+E;IAE/E;;;OAGG;IACK,OAAO,CACX,MAAmB,EACnB,OAAiC;QAEjC,IAAI,MAAM,CAAC,MAAM,KAAK,QAAQ;YAAE,OAAO;QAEvC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,kBAAkB,EAAE;YAChD,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,GAAG,OAAO;SACb,CAAC,CAAC;QAEH,MAAM,UAAU,GAAe;YAC3B,MAAM,EAAE,QAAQ;YAChB,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,QAAQ,EAAE,KAAK,CAAC,QAAQ;SAC3B,CAAC;QAEF,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACzB,MAAM,IAAI,iCAAe,CAAC,UAAU,CAAC,CAAC;QAC1C,CAAC;aAAM,CAAC;YACJ,oEAAoE;YACpE,wEAAwE;YACxE,OAAO,CAAC,IAAI,CAAC,yCAAyC,EAAE,UAAU,CAAC,CAAC;QACxE,CAAC;IACL,CAAC;IAED,+EAA+E;IAE/E;;;;;;;;;;;;;OAaG;IACH,KAAK,CAAC,IAAI,CAAC,EAAuB;QAC9B,gBAAgB;QAChB,IAAI,CAAC,SAAS,EAAE,KAAK,EAAE,CAAC;QAExB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;QAExE,IAAI,CAAC;YACD,MAAM,EAAE,EAAE,CAAC;YACX,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,cAAc,EAAE,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;QAC/E,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,IAAI,GAAG,YAAY,iCAAe,EAAE,CAAC;gBACjC,gDAAgD;gBAChD,MAAM,GAAG,CAAC;YACd,CAAC;YAED,yEAAyE;YACzE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,WAAW,EAAE;gBAC3B,OAAO,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;aAC5D,CAAC,CAAC;YACH,MAAM,GAAG,CAAC;QACd,CAAC;IACL,CAAC;IAED;;;;;;;;;;;;;;;OAeG;IACH,KAAK,CAAC,IAAI,CAAI,IAAY,EAAE,EAAoB;QAC5C,MAAM,GAAG,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;QAE3B,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACjB,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,EAAE,GAAG,CAAC,CAAC;QAC7C,CAAC;QAED,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACpB,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,EAAE,GAAG,CAAC,CAAC;QAChD,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,WAAW,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;QAEzC,OAAO,EAAE,EAAE,CAAC;IAChB,CAAC;IAED;;;;;;;;;;;OAWG;IACH,WAAW,CAAC,SAAiB;QACzB,IAAI,CAAC,IAAI,CAAC,WAAW;YAAE,OAAO;QAC9B,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;IACrD,CAAC;IAED,+EAA+E;IAE/E;;;OAGG;IACH,QAAQ;QACJ,OAAO,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;IACjC,CAAC;IAED;;;OAGG;IACH,WAAW;QACP,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;IAC/B,CAAC;CACJ;AAnKD,wCAmKC"}

package/dist/EnforcementHalt.d.ts

@@ -0,0 +1,10 @@
+import type { HaltResult } from "./types";
+export declare class EnforcementHalt extends Error {
+    /**
+     * The full, structured enforcement result.
+     * This is the canonical way to inspect why execution was halted.
+     */
+    readonly enforcement: HaltResult;
+    constructor(result: HaltResult);
+}
+//# sourceMappingURL=EnforcementHalt.d.ts.map

package/dist/EnforcementHalt.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"EnforcementHalt.d.ts","sourceRoot":"","sources":["../src/EnforcementHalt.ts"],"names":[],"mappings":"AAoBA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAE1C,qBAAa,eAAgB,SAAQ,KAAK;IACtC;;;OAGG;IACH,QAAQ,CAAC,WAAW,EAAE,UAAU,CAAC;gBAErB,MAAM,EAAE,UAAU;CAWjC"}

package/dist/EnforcementHalt.js

@@ -0,0 +1,34 @@
+"use strict";
+// ─────────────────────────────────────────────────────────────────────────────
+// EnforcementHalt — Typed Enforcement Error
+//
+// Thrown by AuthorityLayer in strict mode when a guard limit is breached.
+//
+// IMPORTANT: always access halt details via the `.enforcement` property,
+// not by parsing the error message. The structured object is stable API;
+// the message string is not.
+//
+// @example
+// try {
+//   await authority.wrap(async () => { ... });
+// } catch (err) {
+//   if (err instanceof EnforcementHalt) {
+//     console.log(err.enforcement);
+//     // { status: "halted", reason: "budget_exceeded", limit: 50, spent: 52.14, event_id: "evt_..." }
+//   }
+// }
+// ─────────────────────────────────────────────────────────────────────────────
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EnforcementHalt = void 0;
+class EnforcementHalt extends Error {
+    constructor(result) {
+        super(`[AuthorityLayer] Execution halted — ${result.reason} ` +
+            `(limit: ${result.limit}, spent: ${result.spent}, event: ${result.event_id})`);
+        this.name = "EnforcementHalt";
+        this.enforcement = result;
+        // Restore prototype chain for instanceof checks across transpilation targets
+        Object.setPrototypeOf(this, EnforcementHalt.prototype);
+    }
+}
+exports.EnforcementHalt = EnforcementHalt;
+//# sourceMappingURL=EnforcementHalt.js.map

package/dist/EnforcementHalt.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"EnforcementHalt.js","sourceRoot":"","sources":["../src/EnforcementHalt.ts"],"names":[],"mappings":";AAAA,gFAAgF;AAChF,4CAA4C;AAC5C,EAAE;AACF,0EAA0E;AAC1E,EAAE;AACF,yEAAyE;AACzE,yEAAyE;AACzE,6BAA6B;AAC7B,EAAE;AACF,WAAW;AACX,QAAQ;AACR,+CAA+C;AAC/C,kBAAkB;AAClB,0CAA0C;AAC1C,oCAAoC;AACpC,uGAAuG;AACvG,MAAM;AACN,IAAI;AACJ,gFAAgF;;;AAIhF,MAAa,eAAgB,SAAQ,KAAK;IAOtC,YAAY,MAAkB;QAC1B,KAAK,CACD,uCAAuC,MAAM,CAAC,MAAM,GAAG;YACvD,WAAW,MAAM,CAAC,KAAK,YAAY,MAAM,CAAC,KAAK,YAAY,MAAM,CAAC,QAAQ,GAAG,CAChF,CAAC;QACF,IAAI,CAAC,IAAI,GAAG,iBAAiB,CAAC;QAC9B,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC;QAE1B,6EAA6E;QAC7E,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,eAAe,CAAC,SAAS,CAAC,CAAC;IAC3D,CAAC;CACJ;AAlBD,0CAkBC"}

package/dist/doctor.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=doctor.d.ts.map

package/dist/doctor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"doctor.d.ts","sourceRoot":"","sources":["../src/doctor.ts"],"names":[],"mappings":""}

package/dist/doctor.js

@@ -0,0 +1,81 @@
+#!/usr/bin/env node
+"use strict";
+// ─────────────────────────────────────────────────────────────────────────────
+// authority-layer doctor
+//
+// Runs a series of guardrail checks and prints results to stdout.
+// Exit 0 = all checks pass. Exit 1 = one or more checks failed.
+//
+// Usage:
+//   npx authority-layer doctor
+//   authority-layer doctor   (if installed globally)
+// ─────────────────────────────────────────────────────────────────────────────
+Object.defineProperty(exports, "__esModule", { value: true });
+const crypto_1 = require("crypto");
+const RESET = "\x1b[0m";
+const GREEN = "\x1b[1;32m";
+const RED = "\x1b[1;31m";
+const YELLOW = "\x1b[1;33m";
+const BOLD = "\x1b[1m";
+const results = [];
+function check(name, ok, note) {
+    results.push({ name, ok, note });
+}
+// ── Guardrail checks ──────────────────────────────────────────────────────────
+// 1. Node version
+const [major] = process.versions.node.split(".").map(Number);
+check("Node.js version >= 18", major >= 18, `found ${process.versions.node}`);
+// 2. crypto module (required by hash chain)
+try {
+    (0, crypto_1.createHash)("sha256").update("test").digest("hex");
+    check("crypto module (sha256)", true);
+}
+catch {
+    check("crypto module (sha256)", false, "built-in crypto unavailable");
+}
+// 3. No AUTHORITY_LAYER_DISABLE env flag set
+const disabled = process.env["AUTHORITY_LAYER_DISABLE"] === "1";
+check("AUTHORITY_LAYER_DISABLE not set", !disabled, disabled ? "enforcement is currently disabled via env" : undefined);
+// 4. Offline capable — confirm no network is required for import
+try {
+    // Dynamic require — avoids top-level import that would run before checks
+    // eslint-disable-next-line @typescript-eslint/no-require-imports
+    require("./index");
+    check("core module loads offline", true);
+}
+catch (err) {
+    check("core module loads offline", false, String(err));
+}
+// 5. Sanity: AuthorityLayer instantiates with a minimal config
+try {
+    // eslint-disable-next-line @typescript-eslint/no-require-imports
+    const { AuthorityLayer } = require("./index");
+    const a = new AuthorityLayer({ budget: { dailyUSD: 1 } });
+    const chain = a.getChain();
+    check("AuthorityLayer instantiates", true, `chain length: ${chain.length}`);
+}
+catch (err) {
+    check("AuthorityLayer instantiates", false, String(err));
+}
+// ── Output ────────────────────────────────────────────────────────────────────
+const pkg = require("../package.json");
+console.log(`\n${BOLD}AuthorityLayer Doctor${RESET}  ${YELLOW}${pkg.name}@${pkg.version}${RESET}\n`);
+let failed = 0;
+for (const r of results) {
+    const icon = r.ok ? `${GREEN}✔${RESET}` : `${RED}✘${RESET}`;
+    const status = r.ok ? `${GREEN}pass${RESET}` : `${RED}FAIL${RESET}`;
+    const note = r.note ? `  ${YELLOW}(${r.note})${RESET}` : "";
+    console.log(`  ${icon}  ${r.name.padEnd(38)} ${status}${note}`);
+    if (!r.ok)
+        failed++;
+}
+console.log();
+if (failed === 0) {
+    console.log(`${GREEN}All checks passed.${RESET} AuthorityLayer is ready.\n`);
+    process.exit(0);
+}
+else {
+    console.log(`${RED}${failed} check(s) failed.${RESET} Review the output above.\n`);
+    process.exit(1);
+}
+//# sourceMappingURL=doctor.js.map

package/dist/doctor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"doctor.js","sourceRoot":"","sources":["../src/doctor.ts"],"names":[],"mappings":";;AACA,gFAAgF;AAChF,yBAAyB;AACzB,EAAE;AACF,kEAAkE;AAClE,gEAAgE;AAChE,EAAE;AACF,SAAS;AACT,+BAA+B;AAC/B,qDAAqD;AACrD,gFAAgF;;AAEhF,mCAAoC;AAEpC,MAAM,KAAK,GAAG,SAAS,CAAC;AACxB,MAAM,KAAK,GAAG,YAAY,CAAC;AAC3B,MAAM,GAAG,GAAG,YAAY,CAAC;AACzB,MAAM,MAAM,GAAG,YAAY,CAAC;AAC5B,MAAM,IAAI,GAAG,SAAS,CAAC;AAQvB,MAAM,OAAO,GAAkB,EAAE,CAAC;AAElC,SAAS,KAAK,CAAC,IAAY,EAAE,EAAW,EAAE,IAAa;IACnD,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;AACrC,CAAC;AAED,iFAAiF;AAEjF,kBAAkB;AAClB,MAAM,CAAC,KAAK,CAAC,GAAG,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;AAC7D,KAAK,CACD,uBAAuB,EACvB,KAAK,IAAI,EAAE,EACX,SAAS,OAAO,CAAC,QAAQ,CAAC,IAAI,EAAE,CACnC,CAAC;AAEF,4CAA4C;AAC5C,IAAI,CAAC;IACD,IAAA,mBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAClD,KAAK,CAAC,wBAAwB,EAAE,IAAI,CAAC,CAAC;AAC1C,CAAC;AAAC,MAAM,CAAC;IACL,KAAK,CAAC,wBAAwB,EAAE,KAAK,EAAE,6BAA6B,CAAC,CAAC;AAC1E,CAAC;AAED,6CAA6C;AAC7C,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,KAAK,GAAG,CAAC;AAChE,KAAK,CACD,iCAAiC,EACjC,CAAC,QAAQ,EACT,QAAQ,CAAC,CAAC,CAAC,2CAA2C,CAAC,CAAC,CAAC,SAAS,CACrE,CAAC;AAEF,iEAAiE;AACjE,IAAI,CAAC;IACD,yEAAyE;IACzE,iEAAiE;IACjE,OAAO,CAAC,SAAS,CAAC,CAAC;IACnB,KAAK,CAAC,2BAA2B,EAAE,IAAI,CAAC,CAAC;AAC7C,CAAC;AAAC,OAAO,GAAG,EAAE,CAAC;IACX,KAAK,CAAC,2BAA2B,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED,+DAA+D;AAC/D,IAAI,CAAC;IACD,iEAAiE;IACjE,MAAM,EAAE,cAAc,EAAE,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;IAC9C,MAAM,CAAC,GAAG,IAAI,cAAc,CAAC,EAAE,MAAM,EAAE,EAAE,QAAQ,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;IAC1D,MAAM,KAAK,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC;IAC3B,KAAK,CAAC,6BAA6B,EAAE,IAAI,EAAE,iBAAiB,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;AAChF,CAAC;AAAC,OAAO,GAAG,EAAE,CAAC;IACX,KAAK,CAAC,6BAA6B,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;AAC7D,CAAC;AAED,iFAAiF;AAEjF,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAsC,CAAC;AAE5E,OAAO,CAAC,GAAG,CAAC,KAAK,IAAI,wBAAwB,KAAK,KAAK,MAAM,GAAG,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,OAAO,GAAG,KAAK,IAAI,CAAC,CAAC;AAErG,IAAI,MAAM,GAAG,CAAC,CAAC;AAEf,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;IACtB,MAAM,IAAI,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,IAAI,KAAK,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG,IAAI,KAAK,EAAE,CAAC;IAC5D,MAAM,MAAM,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG,OAAO,KAAK,EAAE,CAAC;IACpE,MAAM,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,MAAM,IAAI,CAAC,CAAC,IAAI,IAAI,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAC5D,OAAO,CAAC,GAAG,CAAC,KAAK,IAAI,KAAK,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,MAAM,GAAG,IAAI,EAAE,CAAC,CAAC;IAChE,IAAI,CAAC,CAAC,CAAC,EAAE;QAAE,MAAM,EAAE,CAAC;AACxB,CAAC;AAED,OAAO,CAAC,GAAG,EAAE,CAAC;AAEd,IAAI,MAAM,KAAK,CAAC,EAAE,CAAC;IACf,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,qBAAqB,KAAK,6BAA6B,CAAC,CAAC;IAC7E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACpB,CAAC;KAAM,CAAC;IACJ,OAAO,CAAC,GAAG,CAAC,GAAG,GAAG,GAAG,MAAM,oBAAoB,KAAK,6BAA6B,CAAC,CAAC;IACnF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACpB,CAAC"}

package/dist/enforcement/budgetGuard.d.ts

@@ -0,0 +1,14 @@
+import type { BudgetConfig, GuardResult } from "../types";
+export declare class BudgetGuard {
+    private spent;
+    private readonly limit;
+    constructor(config: BudgetConfig);
+    /**
+     * Record additional spend and check against the hard limit.
+     * Returns a PendingHalt if the cumulative spend now exceeds the limit.
+     */
+    record(amountUSD: number): GuardResult;
+    getSpent(): number;
+    getLimit(): number;
+}
+//# sourceMappingURL=budgetGuard.d.ts.map

package/dist/enforcement/budgetGuard.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"budgetGuard.d.ts","sourceRoot":"","sources":["../../src/enforcement/budgetGuard.ts"],"names":[],"mappings":"AAWA,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAE1D,qBAAa,WAAW;IACpB,OAAO,CAAC,KAAK,CAAK;IAClB,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAS;gBAEnB,MAAM,EAAE,YAAY;IAIhC;;;OAGG;IACH,MAAM,CAAC,SAAS,EAAE,MAAM,GAAG,WAAW;IAetC,QAAQ,IAAI,MAAM;IAIlB,QAAQ,IAAI,MAAM;CAGrB"}

package/dist/enforcement/budgetGuard.js

@@ -0,0 +1,43 @@
+"use strict";
+// ─────────────────────────────────────────────────────────────────────────────
+// BudgetGuard — Hard USD Spend Cap
+//
+// Tracks cumulative USD spend across a run and halts execution when it
+// exceeds the configured dailyUSD limit.
+//
+// Spend is reported explicitly by the host via AuthorityLayer.recordSpend().
+// This keeps the core framework-agnostic — different model providers expose
+// pricing differently, so the host is responsible for conversion.
+// ─────────────────────────────────────────────────────────────────────────────
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BudgetGuard = void 0;
+class BudgetGuard {
+    constructor(config) {
+        this.spent = 0;
+        this.limit = config.dailyUSD;
+    }
+    /**
+     * Record additional spend and check against the hard limit.
+     * Returns a PendingHalt if the cumulative spend now exceeds the limit.
+     */
+    record(amountUSD) {
+        this.spent += amountUSD;
+        if (this.spent > this.limit) {
+            return {
+                status: "halted",
+                reason: "budget_exceeded",
+                limit: this.limit,
+                spent: this.spent,
+            };
+        }
+        return { status: "ok" };
+    }
+    getSpent() {
+        return this.spent;
+    }
+    getLimit() {
+        return this.limit;
+    }
+}
+exports.BudgetGuard = BudgetGuard;
+//# sourceMappingURL=budgetGuard.js.map

package/dist/enforcement/budgetGuard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"budgetGuard.js","sourceRoot":"","sources":["../../src/enforcement/budgetGuard.ts"],"names":[],"mappings":";AAAA,gFAAgF;AAChF,mCAAmC;AACnC,EAAE;AACF,uEAAuE;AACvE,yCAAyC;AACzC,EAAE;AACF,6EAA6E;AAC7E,4EAA4E;AAC5E,kEAAkE;AAClE,gFAAgF;;;AAIhF,MAAa,WAAW;IAIpB,YAAY,MAAoB;QAHxB,UAAK,GAAG,CAAC,CAAC;QAId,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC;IACjC,CAAC;IAED;;;OAGG;IACH,MAAM,CAAC,SAAiB;QACpB,IAAI,CAAC,KAAK,IAAI,SAAS,CAAC;QAExB,IAAI,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,EAAE,CAAC;YAC1B,OAAO;gBACH,MAAM,EAAE,QAAQ;gBAChB,MAAM,EAAE,iBAAiB;gBACzB,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,KAAK,EAAE,IAAI,CAAC,KAAK;aACpB,CAAC;QACN,CAAC;QAED,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;IAC5B,CAAC;IAED,QAAQ;QACJ,OAAO,IAAI,CAAC,KAAK,CAAC;IACtB,CAAC;IAED,QAAQ;QACJ,OAAO,IAAI,CAAC,KAAK,CAAC;IACtB,CAAC;CACJ;AAlCD,kCAkCC"}

package/dist/enforcement/loopGuard.d.ts

@@ -0,0 +1,17 @@
+import type { LoopGuardConfig, GuardResult } from "../types";
+export declare class LoopGuard {
+    private count;
+    private readonly limit;
+    constructor(config: LoopGuardConfig);
+    /**
+     * Reset the call counter. Called by AuthorityLayer at the start of wrap().
+     */
+    reset(): void;
+    /**
+     * Increment the counter and check against the per-run limit.
+     * Returns a PendingHalt once the count exceeds the limit.
+     */
+    tick(): GuardResult;
+    getCount(): number;
+}
+//# sourceMappingURL=loopGuard.d.ts.map

package/dist/enforcement/loopGuard.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"loopGuard.d.ts","sourceRoot":"","sources":["../../src/enforcement/loopGuard.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAE7D,qBAAa,SAAS;IAClB,OAAO,CAAC,KAAK,CAAK;IAClB,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAS;gBAEnB,MAAM,EAAE,eAAe;IAInC;;OAEG;IACH,KAAK,IAAI,IAAI;IAIb;;;OAGG;IACH,IAAI,IAAI,WAAW;IAenB,QAAQ,IAAI,MAAM;CAGrB"}

package/dist/enforcement/loopGuard.js

@@ -0,0 +1,43 @@
+"use strict";
+// ─────────────────────────────────────────────────────────────────────────────
+// LoopGuard — Per-Run Tool Call Limiter
+//
+// Prevents infinite tool loops within a single agent run by counting every
+// call routed through authority.tool(). The counter resets at the start of
+// each wrap() invocation, so limits apply per-run, not globally.
+// ─────────────────────────────────────────────────────────────────────────────
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LoopGuard = void 0;
+class LoopGuard {
+    constructor(config) {
+        this.count = 0;
+        this.limit = config.maxToolCallsPerRun;
+    }
+    /**
+     * Reset the call counter. Called by AuthorityLayer at the start of wrap().
+     */
+    reset() {
+        this.count = 0;
+    }
+    /**
+     * Increment the counter and check against the per-run limit.
+     * Returns a PendingHalt once the count exceeds the limit.
+     */
+    tick() {
+        this.count += 1;
+        if (this.count > this.limit) {
+            return {
+                status: "halted",
+                reason: "loop_limit_exceeded",
+                limit: this.limit,
+                spent: this.count,
+            };
+        }
+        return { status: "ok" };
+    }
+    getCount() {
+        return this.count;
+    }
+}
+exports.LoopGuard = LoopGuard;
+//# sourceMappingURL=loopGuard.js.map

package/dist/enforcement/loopGuard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"loopGuard.js","sourceRoot":"","sources":["../../src/enforcement/loopGuard.ts"],"names":[],"mappings":";AAAA,gFAAgF;AAChF,wCAAwC;AACxC,EAAE;AACF,2EAA2E;AAC3E,2EAA2E;AAC3E,iEAAiE;AACjE,gFAAgF;;;AAIhF,MAAa,SAAS;IAIlB,YAAY,MAAuB;QAH3B,UAAK,GAAG,CAAC,CAAC;QAId,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,kBAAkB,CAAC;IAC3C,CAAC;IAED;;OAEG;IACH,KAAK;QACD,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC;IACnB,CAAC;IAED;;;OAGG;IACH,IAAI;QACA,IAAI,CAAC,KAAK,IAAI,CAAC,CAAC;QAEhB,IAAI,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,EAAE,CAAC;YAC1B,OAAO;gBACH,MAAM,EAAE,QAAQ;gBAChB,MAAM,EAAE,qBAAqB;gBAC7B,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,KAAK,EAAE,IAAI,CAAC,KAAK;aACpB,CAAC;QACN,CAAC;QAED,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;IAC5B,CAAC;IAED,QAAQ;QACJ,OAAO,IAAI,CAAC,KAAK,CAAC;IACtB,CAAC;CACJ;AArCD,8BAqCC"}

package/dist/enforcement/toolThrottle.d.ts

@@ -0,0 +1,20 @@
+import type { ToolThrottleConfig, GuardResult } from "../types";
+export declare class ToolThrottle {
+    /**
+     * Stores the timestamp (ms since epoch) of each tool call inside the
+     * current sliding window. Entries older than WINDOW_MS are pruned on
+     * every tick so the array never grows unbounded.
+     */
+    private callTimestamps;
+    private readonly limit;
+    constructor(config: ToolThrottleConfig);
+    /**
+     * Record a tool call and check the rate against the configured limit.
+     * Returns a PendingHalt if the call count in the last 60 seconds exceeds
+     * maxCallsPerMinute.
+     */
+    tick(): GuardResult;
+    /** Returns the number of calls recorded in the current window (for diagnostics). */
+    getWindowCount(): number;
+}
+//# sourceMappingURL=toolThrottle.d.ts.map

package/dist/enforcement/toolThrottle.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"toolThrottle.d.ts","sourceRoot":"","sources":["../../src/enforcement/toolThrottle.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAE,kBAAkB,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAIhE,qBAAa,YAAY;IACrB;;;;OAIG;IACH,OAAO,CAAC,cAAc,CAAgB;IACtC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAS;gBAEnB,MAAM,EAAE,kBAAkB;IAItC;;;;OAIG;IACH,IAAI,IAAI,WAAW;IAuBnB,oFAAoF;IACpF,cAAc,IAAI,MAAM;CAI3B"}

package/dist/enforcement/toolThrottle.js

@@ -0,0 +1,50 @@
+"use strict";
+// ─────────────────────────────────────────────────────────────────────────────
+// ToolThrottle — Sliding-Window Rate Limiter
+//
+// Caps the number of tool calls within any 60-second window using a sliding
+// timestamp array. Unlike a fixed-bucket approach, this never resets abruptly
+// mid-window — it always reflects the true call density in the last minute.
+// ─────────────────────────────────────────────────────────────────────────────
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ToolThrottle = void 0;
+const WINDOW_MS = 60000; // 1-minute sliding window
+class ToolThrottle {
+    constructor(config) {
+        /**
+         * Stores the timestamp (ms since epoch) of each tool call inside the
+         * current sliding window. Entries older than WINDOW_MS are pruned on
+         * every tick so the array never grows unbounded.
+         */
+        this.callTimestamps = [];
+        this.limit = config.maxCallsPerMinute;
+    }
+    /**
+     * Record a tool call and check the rate against the configured limit.
+     * Returns a PendingHalt if the call count in the last 60 seconds exceeds
+     * maxCallsPerMinute.
+     */
+    tick() {
+        const now = Date.now();
+        // Evict calls that have slid out of the window
+        this.callTimestamps = this.callTimestamps.filter((t) => now - t < WINDOW_MS);
+        this.callTimestamps.push(now);
+        const callsInWindow = this.callTimestamps.length;
+        if (callsInWindow > this.limit) {
+            return {
+                status: "halted",
+                reason: "tool_throttle_exceeded",
+                limit: this.limit,
+                spent: callsInWindow,
+            };
+        }
+        return { status: "ok" };
+    }
+    /** Returns the number of calls recorded in the current window (for diagnostics). */
+    getWindowCount() {
+        const now = Date.now();
+        return this.callTimestamps.filter((t) => now - t < WINDOW_MS).length;
+    }
+}
+exports.ToolThrottle = ToolThrottle;
+//# sourceMappingURL=toolThrottle.js.map

package/dist/enforcement/toolThrottle.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"toolThrottle.js","sourceRoot":"","sources":["../../src/enforcement/toolThrottle.ts"],"names":[],"mappings":";AAAA,gFAAgF;AAChF,6CAA6C;AAC7C,EAAE;AACF,4EAA4E;AAC5E,8EAA8E;AAC9E,4EAA4E;AAC5E,gFAAgF;;;AAIhF,MAAM,SAAS,GAAG,KAAM,CAAC,CAAC,0BAA0B;AAEpD,MAAa,YAAY;IASrB,YAAY,MAA0B;QARtC;;;;WAIG;QACK,mBAAc,GAAa,EAAE,CAAC;QAIlC,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,iBAAiB,CAAC;IAC1C,CAAC;IAED;;;;OAIG;IACH,IAAI;QACA,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAEvB,+CAA+C;QAC/C,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,cAAc,CAAC,MAAM,CAC5C,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,GAAG,SAAS,CAC7B,CAAC;QAEF,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC9B,MAAM,aAAa,GAAG,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC;QAEjD,IAAI,aAAa,GAAG,IAAI,CAAC,KAAK,EAAE,CAAC;YAC7B,OAAO;gBACH,MAAM,EAAE,QAAQ;gBAChB,MAAM,EAAE,wBAAwB;gBAChC,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,KAAK,EAAE,aAAa;aACvB,CAAC;QACN,CAAC;QAED,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;IAC5B,CAAC;IAED,oFAAoF;IACpF,cAAc;QACV,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,OAAO,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,GAAG,SAAS,CAAC,CAAC,MAAM,CAAC;IACzE,CAAC;CACJ;AA9CD,oCA8CC"}

package/dist/index.d.ts

@@ -0,0 +1,4 @@
+export { AuthorityLayer } from "./AuthorityLayer";
+export { EnforcementHalt } from "./EnforcementHalt";
+export type { AuthorityConfig, BudgetConfig, LoopGuardConfig, ToolThrottleConfig, EnforcementMode, HaltResult, HaltReason, PassResult, GuardResult, EnforcementEvent, } from "./types";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAEpD,YAAY,EACR,eAAe,EACf,YAAY,EACZ,eAAe,EACf,kBAAkB,EAClB,eAAe,EACf,UAAU,EACV,UAAU,EACV,UAAU,EACV,WAAW,EACX,gBAAgB,GACnB,MAAM,SAAS,CAAC"}

package/dist/index.js

@@ -0,0 +1,10 @@
+"use strict";
+// Public surface of the authority-layer package.
+// Import from here, not from internal module paths.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EnforcementHalt = exports.AuthorityLayer = void 0;
+var AuthorityLayer_1 = require("./AuthorityLayer");
+Object.defineProperty(exports, "AuthorityLayer", { enumerable: true, get: function () { return AuthorityLayer_1.AuthorityLayer; } });
+var EnforcementHalt_1 = require("./EnforcementHalt");
+Object.defineProperty(exports, "EnforcementHalt", { enumerable: true, get: function () { return EnforcementHalt_1.EnforcementHalt; } });
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA,iDAAiD;AACjD,oDAAoD;;;AAEpD,mDAAkD;AAAzC,gHAAA,cAAc,OAAA;AACvB,qDAAoD;AAA3C,kHAAA,eAAe,OAAA"}

package/dist/integrity/hashChain.d.ts

@@ -0,0 +1,27 @@
+import type { EnforcementEvent } from "../types";
+export declare class HashChain {
+    private readonly chain;
+    private previousHash;
+    /**
+     * Append a new event to the chain.
+     *
+     * The hash covers the serialized event fields (event_id, type, timestamp,
+     * data) concatenated with the previous event's hash. This means you cannot
+     * alter any event — or its position in the chain — without invalidating all
+     * subsequent hashes.
+     */
+    append(type: string, data: Record<string, unknown>): EnforcementEvent;
+    /**
+     * Return an immutable copy of the full event chain.
+     */
+    getChain(): ReadonlyArray<EnforcementEvent>;
+    /**
+     * Verify the integrity of the entire chain locally.
+     *
+     * Re-derives each event's hash from its fields and previousHash, then
+     * compares against the stored hash. Returns false if any event has been
+     * tampered with or if the linkage is broken.
+     */
+    verify(): boolean;
+}
+//# sourceMappingURL=hashChain.d.ts.map

package/dist/integrity/hashChain.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hashChain.d.ts","sourceRoot":"","sources":["../../src/integrity/hashChain.ts"],"names":[],"mappings":"AAYA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAKjD,qBAAa,SAAS;IAClB,OAAO,CAAC,QAAQ,CAAC,KAAK,CAA0B;IAChD,OAAO,CAAC,YAAY,CAAwB;IAE5C;;;;;;;OAOG;IACH,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,gBAAgB;IAyBrE;;OAEG;IACH,QAAQ,IAAI,aAAa,CAAC,gBAAgB,CAAC;IAI3C;;;;;;OAMG;IACH,MAAM,IAAI,OAAO;CA4BpB"}

package/dist/integrity/hashChain.js

@@ -0,0 +1,87 @@
+"use strict";
+// ─────────────────────────────────────────────────────────────────────────────
+// HashChain — Tamper-Evident Enforcement Event Log
+//
+// Stores enforcement events in memory as a hash-linked chain. Each event
+// includes a SHA-256 hash chained to the previous event's hash, making it
+// detectable if any event is retroactively altered or removed.
+//
+// V1: in-memory only. No disk persistence or cloud anchoring.
+// Future: optional disk flush and independent cloud anchor.
+// ─────────────────────────────────────────────────────────────────────────────
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.HashChain = void 0;
+const crypto_1 = require("crypto");
+/** Sentinel value used as the previousHash for the first event in the chain. */
+const GENESIS_HASH = "genesis";
+class HashChain {
+    constructor() {
+        this.chain = [];
+        this.previousHash = GENESIS_HASH;
+    }
+    /**
+     * Append a new event to the chain.
+     *
+     * The hash covers the serialized event fields (event_id, type, timestamp,
+     * data) concatenated with the previous event's hash. This means you cannot
+     * alter any event — or its position in the chain — without invalidating all
+     * subsequent hashes.
+     */
+    append(type, data) {
+        const event_id = `evt_${(0, crypto_1.randomBytes)(8).toString("hex")}`;
+        const timestamp = new Date().toISOString();
+        // Hash covers content + chain position (previousHash)
+        const payload = JSON.stringify({ event_id, type, timestamp, data });
+        const hash = (0, crypto_1.createHash)("sha256")
+            .update(payload + this.previousHash)
+            .digest("hex");
+        const event = {
+            event_id,
+            type,
+            timestamp,
+            data,
+            hash,
+            previousHash: this.previousHash,
+        };
+        this.chain.push(event);
+        this.previousHash = hash;
+        return event;
+    }
+    /**
+     * Return an immutable copy of the full event chain.
+     */
+    getChain() {
+        return Object.freeze([...this.chain]);
+    }
+    /**
+     * Verify the integrity of the entire chain locally.
+     *
+     * Re-derives each event's hash from its fields and previousHash, then
+     * compares against the stored hash. Returns false if any event has been
+     * tampered with or if the linkage is broken.
+     */
+    verify() {
+        let prev = GENESIS_HASH;
+        for (const event of this.chain) {
+            if (event.previousHash !== prev) {
+                return false;
+            }
+            const payload = JSON.stringify({
+                event_id: event.event_id,
+                type: event.type,
+                timestamp: event.timestamp,
+                data: event.data,
+            });
+            const expected = (0, crypto_1.createHash)("sha256")
+                .update(payload + prev)
+                .digest("hex");
+            if (expected !== event.hash) {
+                return false;
+            }
+            prev = event.hash;
+        }
+        return true;
+    }
+}
+exports.HashChain = HashChain;
+//# sourceMappingURL=hashChain.js.map

package/dist/integrity/hashChain.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hashChain.js","sourceRoot":"","sources":["../../src/integrity/hashChain.ts"],"names":[],"mappings":";AAAA,gFAAgF;AAChF,mDAAmD;AACnD,EAAE;AACF,yEAAyE;AACzE,0EAA0E;AAC1E,+DAA+D;AAC/D,EAAE;AACF,8DAA8D;AAC9D,4DAA4D;AAC5D,gFAAgF;;;AAEhF,mCAAiD;AAGjD,gFAAgF;AAChF,MAAM,YAAY,GAAG,SAAS,CAAC;AAE/B,MAAa,SAAS;IAAtB;QACqB,UAAK,GAAuB,EAAE,CAAC;QACxC,iBAAY,GAAW,YAAY,CAAC;IA6EhD,CAAC;IA3EG;;;;;;;OAOG;IACH,MAAM,CAAC,IAAY,EAAE,IAA6B;QAC9C,MAAM,QAAQ,GAAG,OAAO,IAAA,oBAAW,EAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QACzD,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAE3C,sDAAsD;QACtD,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACpE,MAAM,IAAI,GAAG,IAAA,mBAAU,EAAC,QAAQ,CAAC;aAC5B,MAAM,CAAC,OAAO,GAAG,IAAI,CAAC,YAAY,CAAC;aACnC,MAAM,CAAC,KAAK,CAAC,CAAC;QAEnB,MAAM,KAAK,GAAqB;YAC5B,QAAQ;YACR,IAAI;YACJ,SAAS;YACT,IAAI;YACJ,IAAI;YACJ,YAAY,EAAE,IAAI,CAAC,YAAY;SAClC,CAAC;QAEF,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACvB,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;QAEzB,OAAO,KAAK,CAAC;IACjB,CAAC;IAED;;OAEG;IACH,QAAQ;QACJ,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;IAC1C,CAAC;IAED;;;;;;OAMG;IACH,MAAM;QACF,IAAI,IAAI,GAAG,YAAY,CAAC;QAExB,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC7B,IAAI,KAAK,CAAC,YAAY,KAAK,IAAI,EAAE,CAAC;gBAC9B,OAAO,KAAK,CAAC;YACjB,CAAC;YAED,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC;gBAC3B,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,SAAS,EAAE,KAAK,CAAC,SAAS;gBAC1B,IAAI,EAAE,KAAK,CAAC,IAAI;aACnB,CAAC,CAAC;YAEH,MAAM,QAAQ,GAAG,IAAA,mBAAU,EAAC,QAAQ,CAAC;iBAChC,MAAM,CAAC,OAAO,GAAG,IAAI,CAAC;iBACtB,MAAM,CAAC,KAAK,CAAC,CAAC;YAEnB,IAAI,QAAQ,KAAK,KAAK,CAAC,IAAI,EAAE,CAAC;gBAC1B,OAAO,KAAK,CAAC;YACjB,CAAC;YAED,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC;QACtB,CAAC;QAED,OAAO,IAAI,CAAC;IAChB,CAAC;CACJ;AA/ED,8BA+EC"}

package/dist/types.d.ts

@@ -0,0 +1,79 @@
+/**
+ * Enforcement mode.
+ *   "strict" — limits halt execution immediately (default, V1 implemented)
+ *   "warn"   — limits emit a warning but allow continuation (V1 stubbed)
+ */
+export type EnforcementMode = "strict" | "warn";
+export interface BudgetConfig {
+    /** Hard daily spend cap in USD. Execution halts if cumulative spend exceeds this. */
+    dailyUSD: number;
+}
+export interface LoopGuardConfig {
+    /** Maximum number of tool calls allowed per wrap() invocation. */
+    maxToolCallsPerRun: number;
+}
+export interface ToolThrottleConfig {
+    /** Maximum number of tool calls allowed within any 60-second sliding window. */
+    maxCallsPerMinute: number;
+}
+export interface AuthorityConfig {
+    /**
+     * Enforcement mode. Defaults to "strict".
+     * In V1, only "strict" is fully implemented. "warn" is stubbed.
+     */
+    mode?: EnforcementMode;
+    /** Enable hard USD budget cap. Omit to disable. */
+    budget?: BudgetConfig;
+    /** Enable loop/call-count guard per run. Omit to disable. */
+    loopGuard?: LoopGuardConfig;
+    /** Enable tool call rate throttle. Omit to disable. */
+    toolThrottle?: ToolThrottleConfig;
+}
+export type HaltReason = "budget_exceeded" | "loop_limit_exceeded" | "tool_throttle_exceeded";
+/**
+ * Internal guard result before the event chain assigns an event_id.
+ * Guards return this; AuthorityLayer promotes it to HaltResult after logging.
+ */
+export interface PendingHalt {
+    status: "halted";
+    reason: HaltReason;
+    /** The configured limit that was breached. */
+    limit: number;
+    /** The value that exceeded the limit (spend, call count, etc.). */
+    spent: number;
+}
+/**
+ * The public enforcement halt object. Returned on the EnforcementHalt error
+ * and also accessible via .enforcement on that error instance.
+ *
+ * Always prefer accessing this via `error.enforcement` rather than parsing
+ * the error message string.
+ */
+export interface HaltResult extends PendingHalt {
+    /** Unique event ID assigned by the hash-linked event chain. */
+    event_id: string;
+}
+export interface PassResult {
+    status: "ok";
+}
+/** Union returned by all guard check methods. */
+export type GuardResult = PendingHalt | PassResult;
+/**
+ * A single entry in the enforcement event chain.
+ * Each event is hash-linked to its predecessor, forming a tamper-evident log.
+ */
+export interface EnforcementEvent {
+    /** Unique identifier (evt_<random hex>). */
+    event_id: string;
+    /** Semantic event type, e.g. "enforcement.halt", "tool.call", "run.start". */
+    type: string;
+    /** ISO-8601 timestamp of the event. */
+    timestamp: string;
+    /** Arbitrary structured data for this event. */
+    data: Record<string, unknown>;
+    /** SHA-256 of (serialized event fields + previousHash). */
+    hash: string;
+    /** Hash of the preceding event ("genesis" for the first event). */
+    previousHash: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAOA;;;;GAIG;AACH,MAAM,MAAM,eAAe,GAAG,QAAQ,GAAG,MAAM,CAAC;AAIhD,MAAM,WAAW,YAAY;IAC3B,qFAAqF;IACrF,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,eAAe;IAC9B,kEAAkE;IAClE,kBAAkB,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,kBAAkB;IACjC,gFAAgF;IAChF,iBAAiB,EAAE,MAAM,CAAC;CAC3B;AAID,MAAM,WAAW,eAAe;IAC9B;;;OAGG;IACH,IAAI,CAAC,EAAE,eAAe,CAAC;IAEvB,mDAAmD;IACnD,MAAM,CAAC,EAAE,YAAY,CAAC;IAEtB,6DAA6D;IAC7D,SAAS,CAAC,EAAE,eAAe,CAAC;IAE5B,uDAAuD;IACvD,YAAY,CAAC,EAAE,kBAAkB,CAAC;CACnC;AAID,MAAM,MAAM,UAAU,GAClB,iBAAiB,GACjB,qBAAqB,GACrB,wBAAwB,CAAC;AAE7B;;;GAGG;AACH,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,QAAQ,CAAC;IACjB,MAAM,EAAE,UAAU,CAAC;IACnB,8CAA8C;IAC9C,KAAK,EAAE,MAAM,CAAC;IACd,mEAAmE;IACnE,KAAK,EAAE,MAAM,CAAC;CACf;AAED;;;;;;GAMG;AACH,MAAM,WAAW,UAAW,SAAQ,WAAW;IAC7C,+DAA+D;IAC/D,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,IAAI,CAAC;CACd;AAED,iDAAiD;AACjD,MAAM,MAAM,WAAW,GAAG,WAAW,GAAG,UAAU,CAAC;AAInD;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,4CAA4C;IAC5C,QAAQ,EAAE,MAAM,CAAC;IACjB,8EAA8E;IAC9E,IAAI,EAAE,MAAM,CAAC;IACb,uCAAuC;IACvC,SAAS,EAAE,MAAM,CAAC;IAClB,gDAAgD;IAChD,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC9B,2DAA2D;IAC3D,IAAI,EAAE,MAAM,CAAC;IACb,mEAAmE;IACnE,YAAY,EAAE,MAAM,CAAC;CACtB"}

package/dist/types.js

@@ -0,0 +1,9 @@
+"use strict";
+// ─────────────────────────────────────────────────────────────────────────────
+// AuthorityLayer — Shared Types
+//
+// All interfaces used across enforcement primitives and the core class live
+// here. Keeping them in one file makes cross-module consistency easy to audit.
+// ─────────────────────────────────────────────────────────────────────────────
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":";AAAA,gFAAgF;AAChF,gCAAgC;AAChC,EAAE;AACF,4EAA4E;AAC5E,+EAA+E;AAC/E,gFAAgF"}

package/package.json

@@ -0,0 +1,46 @@
+{
+  "name": "authority-layer",
+  "version": "0.1.0",
+  "description": "Hard execution and budget limits for autonomous agents — enforced locally.",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "files": [
+    "dist"
+  ],
+  "bin": {
+    "authority-layer": "dist/doctor.js"
+  },
+  "scripts": {
+    "build": "tsc -p tsconfig.json",
+    "dev": "tsc -p tsconfig.json --watch",
+    "typecheck": "tsc -p tsconfig.json --noEmit",
+    "validate": "tsc -p tsconfig.json && node dist/index.js",
+    "example": "node ../../examples/run.js",
+    "doctor": "node dist/doctor.js",
+    "prepublishOnly": "npm run build && npm run typecheck"
+  },
+  "keywords": [
+    "ai",
+    "agents",
+    "guardrails",
+    "runtime",
+    "budget",
+    "limits"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/032383justin/authority-layer"
+  },
+  "homepage": "https://github.com/032383justin/authority-layer",
+  "bugs": {
+    "url": "https://github.com/032383justin/authority-layer/issues"
+  },
+  "license": "MIT",
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "devDependencies": {
+    "typescript": "^5.4.0",
+    "@types/node": "^20.0.0"
+  }
+}