cognitive-kit 1.0.0-alpha.1

package/dist/memory/providers/InMemoryProvider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"InMemoryProvider.js","sourceRoot":"","sources":["../../../src/memory/providers/InMemoryProvider.ts"],"names":[],"mappings":"AAGA,MAAM,OAAO,gBAAgB;IAClB,IAAI,GAAG,WAAW,CAAC;IACpB,IAAI,GAAG,IAAI,GAAG,EAAwB,CAAC;IACvC,OAAO,GAAG,CAAC,CAAC;IAEpB,KAAK,CAAC,OAAO,KAAmB,CAAC;IAEjC,KAAK,CAAC,UAAU;QACd,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;IACpB,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,MAA8C;QACxD,MAAM,KAAK,GAAiB;YAC1B,GAAG,MAAM;YACT,EAAE,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE;YAC3B,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;SACtB,CAAC;QACF,MAAM,GAAG,GAAG,GAAG,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,GAAG,EAAE,CAAC;QAChD,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAC1B,OAAO,KAAK,CAAC;IACf,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,KAAkB;QAC7B,IAAI,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;QAE7C,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;YACpB,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;QACjE,CAAC;QACD,IAAI,KAAK,CAAC,GAAG,EAAE,CAAC;YACd,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,KAAK,CAAC,GAAG,CAAC,CAAC;QACrD,CAAC;QACD,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;YACjB,MAAM,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;YACzC,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAC3B,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,CACtD,CAAC;QACJ,CAAC;QAED,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,SAAS,CAAC,CAAC;QAElD,IAAI,KAAK,CAAC,MAAM;YAAE,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACxD,IAAI,KAAK,CAAC,KAAK;YAAE,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;QAEzD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,SAAiB,EAAE,GAAW;QACzC,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,SAAS,IAAI,GAAG,EAAE,CAAC,CAAC;IACjD,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,SAAkB;QAC5B,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;YAClB,OAAO;QACT,CAAC;QACD,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YAC/B,IAAI,CAAC,CAAC,SAAS,KAAK,SAAS;gBAAE,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;CACF"}

package/dist/memory/providers/SQLiteProvider.d.ts

@@ -0,0 +1,17 @@
+import type { MemoryProvider } from '../../types.js';
+import type { MemoryRecord, MemoryQuery } from '../../types.js';
+export declare class SQLiteProvider implements MemoryProvider {
+    readonly name = "sqlite";
+    private db;
+    private dbPath;
+    private initPromise;
+    constructor(path?: string);
+    connect(): Promise<void>;
+    private init;
+    disconnect(): Promise<void>;
+    store(record: Omit<MemoryRecord, 'id' | 'timestamp'>): Promise<MemoryRecord>;
+    recall(query: MemoryQuery): Promise<MemoryRecord[]>;
+    delete(namespace: string, key: string): Promise<boolean>;
+    clear(namespace?: string): Promise<void>;
+    private ensureConnected;
+}

package/dist/memory/providers/SQLiteProvider.js

@@ -0,0 +1,129 @@
+let sqlJsInit = null;
+export class SQLiteProvider {
+    name = 'sqlite';
+    db = null;
+    dbPath;
+    initPromise = null;
+    constructor(path) {
+        this.dbPath = path || ':memory:';
+    }
+    async connect() {
+        if (this.initPromise)
+            return this.initPromise;
+        this.initPromise = this.init();
+        return this.initPromise;
+    }
+    async init() {
+        if (!sqlJsInit) {
+            const mod = await import('sql.js');
+            sqlJsInit = mod.default || mod;
+        }
+        const SQL = await sqlJsInit();
+        if (this.dbPath === ':memory:') {
+            this.db = new SQL.Database();
+        }
+        else {
+            const fs = await import('node:fs');
+            try {
+                const buffer = fs.readFileSync(this.dbPath);
+                this.db = new SQL.Database(buffer);
+            }
+            catch {
+                this.db = new SQL.Database();
+            }
+        }
+        this.db.run(`
+      CREATE TABLE IF NOT EXISTS memory (
+        id TEXT PRIMARY KEY,
+        namespace TEXT NOT NULL,
+        key TEXT NOT NULL,
+        value TEXT NOT NULL,
+        timestamp INTEGER NOT NULL,
+        metadata TEXT
+      )
+    `);
+        this.db.run('CREATE INDEX IF NOT EXISTS idx_memory_namespace ON memory(namespace)');
+        this.db.run('CREATE INDEX IF NOT EXISTS idx_memory_key ON memory(key)');
+        this.db.run('CREATE INDEX IF NOT EXISTS idx_memory_timestamp ON memory(timestamp DESC)');
+    }
+    async disconnect() {
+        if (this.db && this.dbPath !== ':memory:') {
+            const data = this.db.export();
+            const fs = await import('node:fs');
+            fs.writeFileSync(this.dbPath, Buffer.from(data));
+        }
+        this.db?.close();
+        this.db = null;
+        this.initPromise = null;
+    }
+    async store(record) {
+        this.ensureConnected();
+        const id = `mem-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
+        const timestamp = Date.now();
+        this.db.run(`INSERT OR REPLACE INTO memory (id, namespace, key, value, timestamp, metadata)
+       VALUES (?, ?, ?, ?, ?, ?)`, [id, record.namespace, record.key, JSON.stringify(record.value), timestamp,
+            record.metadata ? JSON.stringify(record.metadata) : null]);
+        return { ...record, id, timestamp };
+    }
+    async recall(query) {
+        this.ensureConnected();
+        let sql = 'SELECT * FROM memory WHERE 1=1';
+        const params = [];
+        if (query.namespace) {
+            sql += ' AND namespace = ?';
+            params.push(query.namespace);
+        }
+        if (query.key) {
+            sql += ' AND key = ?';
+            params.push(query.key);
+        }
+        if (query.search) {
+            sql += ' AND value LIKE ?';
+            params.push(`%${query.search}%`);
+        }
+        sql += ' ORDER BY timestamp DESC';
+        if (query.limit) {
+            sql += ' LIMIT ?';
+            params.push(query.limit);
+        }
+        if (query.offset) {
+            sql += ' OFFSET ?';
+            params.push(query.offset);
+        }
+        const stmt = this.db.prepare(sql);
+        if (params.length > 0)
+            stmt.bind(params);
+        const rows = [];
+        while (stmt.step()) {
+            rows.push(stmt.getAsObject());
+        }
+        stmt.free();
+        return rows.map((r) => ({
+            id: r.id,
+            namespace: r.namespace,
+            key: r.key,
+            value: JSON.parse(r.value),
+            timestamp: r.timestamp,
+            metadata: r.metadata ? JSON.parse(r.metadata) : undefined,
+        }));
+    }
+    async delete(namespace, key) {
+        this.ensureConnected();
+        this.db.run('DELETE FROM memory WHERE namespace = ? AND key = ?', [namespace, key]);
+        return true;
+    }
+    async clear(namespace) {
+        this.ensureConnected();
+        if (namespace) {
+            this.db.run('DELETE FROM memory WHERE namespace = ?', [namespace]);
+        }
+        else {
+            this.db.run('DELETE FROM memory');
+        }
+    }
+    ensureConnected() {
+        if (!this.db)
+            throw new Error('SQLiteProvider not connected. Call connect() first.');
+    }
+}
+//# sourceMappingURL=SQLiteProvider.js.map

package/dist/memory/providers/SQLiteProvider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"SQLiteProvider.js","sourceRoot":"","sources":["../../../src/memory/providers/SQLiteProvider.ts"],"names":[],"mappings":"AAGA,IAAI,SAAS,GAAQ,IAAI,CAAC;AAE1B,MAAM,OAAO,cAAc;IAChB,IAAI,GAAG,QAAQ,CAAC;IACjB,EAAE,GAAQ,IAAI,CAAC;IACf,MAAM,CAAS;IACf,WAAW,GAAyB,IAAI,CAAC;IAEjD,YAAY,IAAa;QACvB,IAAI,CAAC,MAAM,GAAG,IAAI,IAAI,UAAU,CAAC;IACnC,CAAC;IAED,KAAK,CAAC,OAAO;QACX,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO,IAAI,CAAC,WAAW,CAAC;QAC9C,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC/B,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;IAEO,KAAK,CAAC,IAAI;QAChB,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAC;YACnC,SAAS,GAAG,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC;QACjC,CAAC;QACD,MAAM,GAAG,GAAG,MAAM,SAAS,EAAE,CAAC;QAE9B,IAAI,IAAI,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;YAC/B,IAAI,CAAC,EAAE,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;QAC/B,CAAC;aAAM,CAAC;YACN,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,CAAC;YACnC,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBAC5C,IAAI,CAAC,EAAE,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YACrC,CAAC;YAAC,MAAM,CAAC;gBACP,IAAI,CAAC,EAAE,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;YAC/B,CAAC;QACH,CAAC;QAED,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC;;;;;;;;;KASX,CAAC,CAAC;QACH,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,sEAAsE,CAAC,CAAC;QACpF,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,0DAA0D,CAAC,CAAC;QACxE,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,2EAA2E,CAAC,CAAC;IAC3F,CAAC;IAED,KAAK,CAAC,UAAU;QACd,IAAI,IAAI,CAAC,EAAE,IAAI,IAAI,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;YAC1C,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;YAC9B,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,CAAC;YACnC,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QACnD,CAAC;QACD,IAAI,CAAC,EAAE,EAAE,KAAK,EAAE,CAAC;QACjB,IAAI,CAAC,EAAE,GAAG,IAAI,CAAC;QACf,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;IAC1B,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,MAA8C;QACxD,IAAI,CAAC,eAAe,EAAE,CAAC;QACvB,MAAM,EAAE,GAAG,OAAO,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;QACzE,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC7B,IAAI,CAAC,EAAE,CAAC,GAAG,CACT;iCAC2B,EAC3B,CAAC,EAAE,EAAE,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,SAAS;YACzE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAC3D,CAAC;QACF,OAAO,EAAE,GAAG,MAAM,EAAE,EAAE,EAAE,SAAS,EAAE,CAAC;IACtC,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,KAAkB;QAC7B,IAAI,CAAC,eAAe,EAAE,CAAC;QACvB,IAAI,GAAG,GAAG,gCAAgC,CAAC;QAC3C,MAAM,MAAM,GAAU,EAAE,CAAC;QAEzB,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;YACpB,GAAG,IAAI,oBAAoB,CAAC;YAC5B,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QAC/B,CAAC;QACD,IAAI,KAAK,CAAC,GAAG,EAAE,CAAC;YACd,GAAG,IAAI,cAAc,CAAC;YACtB,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACzB,CAAC;QACD,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;YACjB,GAAG,IAAI,mBAAmB,CAAC;YAC3B,MAAM,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC;QACnC,CAAC;QAED,GAAG,IAAI,0BAA0B,CAAC;QAElC,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;YAChB,GAAG,IAAI,UAAU,CAAC;YAClB,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAC3B,CAAC;QACD,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;YACjB,GAAG,IAAI,WAAW,CAAC;YACnB,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC5B,CAAC;QAED,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAClC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC;YAAE,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACzC,MAAM,IAAI,GAAU,EAAE,CAAC;QACvB,OAAO,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC;YACnB,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;QAChC,CAAC;QACD,IAAI,CAAC,IAAI,EAAE,CAAC;QAEZ,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC;YAC3B,EAAE,EAAE,CAAC,CAAC,EAAE;YACR,SAAS,EAAE,CAAC,CAAC,SAAS;YACtB,GAAG,EAAE,CAAC,CAAC,GAAG;YACV,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC;YAC1B,SAAS,EAAE,CAAC,CAAC,SAAS;YACtB,QAAQ,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS;SAC1D,CAAC,CAAC,CAAC;IACN,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,SAAiB,EAAE,GAAW;QACzC,IAAI,CAAC,eAAe,EAAE,CAAC;QACvB,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,oDAAoD,EAAE,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC,CAAC;QACpF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,SAAkB;QAC5B,IAAI,CAAC,eAAe,EAAE,CAAC;QACvB,IAAI,SAAS,EAAE,CAAC;YACd,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,wCAAwC,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC;QACrE,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;QACpC,CAAC;IACH,CAAC;IAEO,eAAe;QACrB,IAAI,CAAC,IAAI,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;IACvF,CAAC;CACF"}

package/dist/security/GuardianGate.d.ts

@@ -0,0 +1,24 @@
+import type { ToolRegistry } from '../mcp/ToolRegistry.js';
+import type { ToolResult, ToolContext } from '../types.js';
+import { SovereigntyManager } from './SovereigntyManager.js';
+import { SynapticFirewall } from './SynapticFirewall.js';
+import { StateGuardian } from './StateGuardian.js';
+export interface GuardianConfig {
+    enableFirewall?: boolean;
+    enableSovereignty?: boolean;
+    enableStateGuardian?: boolean;
+    requiredSovereignty?: number;
+    riskThreshold?: 'low' | 'medium' | 'high';
+}
+export declare class GuardianGate {
+    private sovManager;
+    private firewall_;
+    private stateGuardian_;
+    private toolRegistry;
+    private config;
+    constructor(toolRegistry: ToolRegistry, sovereignty: SovereigntyManager, config?: GuardianConfig);
+    executeTool(toolId: string, params: Record<string, unknown>, context: ToolContext): Promise<ToolResult>;
+    get sovereigntyManager(): SovereigntyManager;
+    get firewall(): SynapticFirewall;
+    get stateGuardian(): StateGuardian;
+}

package/dist/security/GuardianGate.js

@@ -0,0 +1,105 @@
+import { SynapticFirewall } from './SynapticFirewall.js';
+import { StateGuardian } from './StateGuardian.js';
+export class GuardianGate {
+    sovManager;
+    firewall_;
+    stateGuardian_;
+    toolRegistry;
+    config;
+    constructor(toolRegistry, sovereignty, config) {
+        this.toolRegistry = toolRegistry;
+        this.sovManager = sovereignty;
+        this.firewall_ = new SynapticFirewall();
+        this.stateGuardian_ = new StateGuardian();
+        this.config = {
+            enableFirewall: config?.enableFirewall ?? true,
+            enableSovereignty: config?.enableSovereignty ?? true,
+            enableStateGuardian: config?.enableStateGuardian ?? true,
+            requiredSovereignty: config?.requiredSovereignty ?? 0.1,
+            riskThreshold: config?.riskThreshold ?? 'medium',
+        };
+    }
+    async executeTool(toolId, params, context) {
+        const startTime = Date.now();
+        const op = this.sovManager.createOperation(context.identity, `execute:${toolId}`, toolId);
+        // 1. State check
+        if (this.config.enableStateGuardian && this.stateGuardian_.isFrozen) {
+            this.sovManager.rejectOperation(op.operationId, `System frozen: ${this.stateGuardian_.freezeMessage}`);
+            return {
+                success: false,
+                data: null,
+                error: `GUARDIAN: System is frozen — ${this.stateGuardian_.freezeMessage}`,
+                metadata: { guardian: 'frozen', operationId: op.operationId },
+            };
+        }
+        // 2. Sovereignty check
+        if (this.config.enableSovereignty) {
+            const tool = this.toolRegistry.get(toolId);
+            const requiredSov = tool?.sovereignty ?? this.config.requiredSovereignty;
+            if (!this.sovManager.validateSovereignty(context.identity, requiredSov)) {
+                this.sovManager.rejectOperation(op.operationId, `Insufficient sovereignty: ${context.identity.sovereignty} < ${requiredSov}`);
+                this.stateGuardian_.recordSovereigntyViolation(context.identity.actorId, toolId);
+                return {
+                    success: false,
+                    data: null,
+                    error: `GUARDIAN: Sovereignty violation — required ${requiredSov}, caller has ${context.identity.sovereignty}`,
+                    metadata: { guardian: 'sovereignty-blocked', operationId: op.operationId },
+                };
+            }
+        }
+        // 3. Firewall check
+        if (this.config.enableFirewall) {
+            const inspection = this.firewall_.inspectParams(params, toolId);
+            if (!inspection.passed) {
+                this.sovManager.rejectOperation(op.operationId, `Firewall blocked: ${inspection.blocks.map(b => b.id).join(', ')}`);
+                for (const block of inspection.blocks) {
+                    this.stateGuardian_.recordFirewallBlock(block.id, toolId);
+                }
+                return {
+                    success: false,
+                    data: null,
+                    error: `GUARDIAN: Firewall blocked — ${inspection.blocks.map(b => `${b.name} (${b.description})`).join('; ')}`,
+                    metadata: {
+                        guardian: 'firewall-blocked',
+                        blocks: inspection.blocks.map(b => b.id),
+                        flags: inspection.flags.map(f => f.id),
+                        operationId: op.operationId,
+                    },
+                };
+            }
+        }
+        // 4. Execute tool
+        const toolResult = await this.toolRegistry.execute(toolId, params, {
+            ...context,
+            identity: this.sovManager.delegate(context.identity, 0.1, op.operationId),
+        });
+        const elapsedMs = Date.now() - startTime;
+        // 5. Record
+        if (toolResult.success) {
+            this.sovManager.approveOperation(op.operationId);
+        }
+        else {
+            this.sovManager.rejectOperation(op.operationId, toolResult.error);
+        }
+        if (this.config.enableStateGuardian) {
+            this.stateGuardian_.recordToolCall(toolId, toolResult.success, elapsedMs);
+        }
+        return {
+            ...toolResult,
+            metadata: {
+                ...toolResult.metadata,
+                guardian: {
+                    operationId: op.operationId,
+                    seal: op.seal,
+                    sovereigntyChain: op.sovereigntyChain.length,
+                    elapsedMs,
+                },
+                sovereignty: context.identity.sovereignty,
+            },
+        };
+    }
+    get sovereigntyManager() { return this.sovManager; }
+    get firewall() { return this.firewall_; }
+    get stateGuardian() { return this.stateGuardian_; }
+}
+//# sourceMappingURL=GuardianGate.js.map

package/dist/security/GuardianGate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"GuardianGate.js","sourceRoot":"","sources":["../../src/security/GuardianGate.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AACzD,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAUnD,MAAM,OAAO,YAAY;IACf,UAAU,CAAqB;IAC/B,SAAS,CAAmB;IAC5B,cAAc,CAAgB;IAC9B,YAAY,CAAe;IAC3B,MAAM,CAA2B;IAEzC,YAAY,YAA0B,EAAE,WAA+B,EAAE,MAAuB;QAC9F,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;QACjC,IAAI,CAAC,UAAU,GAAG,WAAW,CAAC;QAC9B,IAAI,CAAC,SAAS,GAAG,IAAI,gBAAgB,EAAE,CAAC;QACxC,IAAI,CAAC,cAAc,GAAG,IAAI,aAAa,EAAE,CAAC;QAC1C,IAAI,CAAC,MAAM,GAAG;YACZ,cAAc,EAAE,MAAM,EAAE,cAAc,IAAI,IAAI;YAC9C,iBAAiB,EAAE,MAAM,EAAE,iBAAiB,IAAI,IAAI;YACpD,mBAAmB,EAAE,MAAM,EAAE,mBAAmB,IAAI,IAAI;YACxD,mBAAmB,EAAE,MAAM,EAAE,mBAAmB,IAAI,GAAG;YACvD,aAAa,EAAE,MAAM,EAAE,aAAa,IAAI,QAAQ;SACjD,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,WAAW,CACf,MAAc,EACd,MAA+B,EAC/B,OAAoB;QAEpB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAE7B,MAAM,EAAE,GAAG,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,OAAO,CAAC,QAAQ,EAAE,WAAW,MAAM,EAAE,EAAE,MAAM,CAAC,CAAC;QAE1F,iBAAiB;QACjB,IAAI,IAAI,CAAC,MAAM,CAAC,mBAAmB,IAAI,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,CAAC;YACpE,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC,WAAW,EAAE,kBAAkB,IAAI,CAAC,cAAc,CAAC,aAAa,EAAE,CAAC,CAAC;YACvG,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,IAAI,EAAE,IAAI;gBACV,KAAK,EAAE,gCAAgC,IAAI,CAAC,cAAc,CAAC,aAAa,EAAE;gBAC1E,QAAQ,EAAE,EAAE,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE,EAAE,CAAC,WAAW,EAAE;aAC9D,CAAC;QACJ,CAAC;QAED,uBAAuB;QACvB,IAAI,IAAI,CAAC,MAAM,CAAC,iBAAiB,EAAE,CAAC;YAClC,MAAM,IAAI,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,WAAW,GAAG,IAAI,EAAE,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,mBAAmB,CAAC;YACzE,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,mBAAmB,CAAC,OAAO,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,CAAC;gBACxE,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC,WAAW,EAAE,6BAA6B,OAAO,CAAC,QAAQ,CAAC,WAAW,MAAM,WAAW,EAAE,CAAC,CAAC;gBAC9H,IAAI,CAAC,cAAc,CAAC,0BAA0B,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;gBACjF,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,IAAI,EAAE,IAAI;oBACV,KAAK,EAAE,8CAA8C,WAAW,gBAAgB,OAAO,CAAC,QAAQ,CAAC,WAAW,EAAE;oBAC9G,QAAQ,EAAE,EAAE,QAAQ,EAAE,qBAAqB,EAAE,WAAW,EAAE,EAAE,CAAC,WAAW,EAAE;iBAC3E,CAAC;YACJ,CAAC;QACH,CAAC;QAED,oBAAoB;QACpB,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC;YAC/B,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YAChE,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC;gBACvB,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC,WAAW,EAAE,qBAAqB,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBACpH,KAAK,MAAM,KAAK,IAAI,UAAU,CAAC,MAAM,EAAE,CAAC;oBACtC,IAAI,CAAC,cAAc,CAAC,mBAAmB,CAAC,KAAK,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;gBAC5D,CAAC;gBACD,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,IAAI,EAAE,IAAI;oBACV,KAAK,EAAE,gCAAgC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,WAAW,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;oBAC9G,QAAQ,EAAE;wBACR,QAAQ,EAAE,kBAAkB;wBAC5B,MAAM,EAAE,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;wBACxC,KAAK,EAAE,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;wBACtC,WAAW,EAAE,EAAE,CAAC,WAAW;qBAC5B;iBACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,kBAAkB;QAClB,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE;YACjE,GAAG,OAAO;YACV,QAAQ,EAAE,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,CAAC,WAAW,CAAC;SAC1E,CAAC,CAAC;QAEH,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;QAEzC,YAAY;QACZ,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;YACvB,IAAI,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC,WAAW,CAAC,CAAC;QACnD,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC,WAAW,EAAE,UAAU,CAAC,KAAK,CAAC,CAAC;QACpE,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,mBAAmB,EAAE,CAAC;YACpC,IAAI,CAAC,cAAc,CAAC,cAAc,CAAC,MAAM,EAAE,UAAU,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;QAC5E,CAAC;QAED,OAAO;YACL,GAAG,UAAU;YACb,QAAQ,EAAE;gBACR,GAAG,UAAU,CAAC,QAAQ;gBACtB,QAAQ,EAAE;oBACR,WAAW,EAAE,EAAE,CAAC,WAAW;oBAC3B,IAAI,EAAE,EAAE,CAAC,IAAI;oBACb,gBAAgB,EAAE,EAAE,CAAC,gBAAgB,CAAC,MAAM;oBAC5C,SAAS;iBACV;gBACD,WAAW,EAAE,OAAO,CAAC,QAAQ,CAAC,WAAW;aAC1C;SACF,CAAC;IACJ,CAAC;IAED,IAAI,kBAAkB,KAAyB,OAAO,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;IACxE,IAAI,QAAQ,KAAuB,OAAO,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;IAC3D,IAAI,aAAa,KAAoB,OAAO,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC;CACnE"}

package/dist/security/SovereigntyManager.d.ts

@@ -0,0 +1,46 @@
+import type { IdentityClaims, SovereigntyConfig } from '../types.js';
+export interface SovereigntyRecord {
+    operationId: string;
+    timestamp: number;
+    actor: IdentityClaims;
+    action: string;
+    resource: string;
+    parentOperation?: string;
+    sovereigntyChain: SovereigntyLink[];
+    seal: string;
+    status: 'pending' | 'approved' | 'rejected' | 'escalated';
+}
+export interface SovereigntyLink {
+    actorId: string;
+    actorType: string;
+    sovereignty: number;
+    action: string;
+    timestamp: number;
+}
+export declare class SovereigntyManager {
+    private hostConfig;
+    private records;
+    private frozen;
+    constructor(config: SovereigntyConfig);
+    get hostId(): string;
+    get hostName(): string;
+    createOperation(actor: IdentityClaims, action: string, resource: string, parentOp?: string): SovereigntyRecord;
+    approveOperation(operationId: string): void;
+    rejectOperation(operationId: string, reason?: string): void;
+    validateSovereignty(actor: IdentityClaims, requiredSovereignty: number): boolean;
+    delegate(from: IdentityClaims, toSovereignty: number, operationId: string): IdentityClaims;
+    verifyChain(operationId: string): {
+        valid: boolean;
+        chainLength: number;
+        lastSeal: string;
+    };
+    getOperationHistory(resource?: string, limit?: number): SovereigntyRecord[];
+    freeze(): void;
+    unfreeze(): void;
+    get isFrozen(): boolean;
+    get totalOperations(): number;
+    freezeReason(): string | null;
+    private makeLink;
+    private generateSeal;
+    private log;
+}

package/dist/security/SovereigntyManager.js

@@ -0,0 +1,111 @@
+export class SovereigntyManager {
+    hostConfig;
+    records = [];
+    frozen = false;
+    constructor(config) {
+        this.hostConfig = config;
+    }
+    get hostId() { return this.hostConfig.hostId; }
+    get hostName() { return this.hostConfig.hostName; }
+    createOperation(actor, action, resource, parentOp) {
+        const operationId = `op-${Date.now()}-${Math.random().toString(36).slice(2, 6)}`;
+        const chain = parentOp
+            ? [...(this.records.find(r => r.operationId === parentOp)?.sovereigntyChain ?? []), this.makeLink(actor, action)]
+            : [this.makeLink(actor, action)];
+        const record = {
+            operationId,
+            timestamp: Date.now(),
+            actor,
+            action,
+            resource,
+            parentOperation: parentOp,
+            sovereigntyChain: chain,
+            seal: this.generateSeal(chain),
+            status: 'pending',
+        };
+        this.records.push(record);
+        if (this.records.length > 1000)
+            this.records.shift();
+        return record;
+    }
+    approveOperation(operationId) {
+        const r = this.records.find(r => r.operationId === operationId);
+        if (r)
+            r.status = 'approved';
+    }
+    rejectOperation(operationId, reason) {
+        const r = this.records.find(r => r.operationId === operationId);
+        if (r) {
+            r.status = 'rejected';
+            this.log(`${reason ?? 'Rejected by sovereignty policy'}`);
+        }
+    }
+    validateSovereignty(actor, requiredSovereignty) {
+        if (this.frozen)
+            return false;
+        if (actor.actorType === 'host')
+            return true;
+        return actor.sovereignty >= requiredSovereignty;
+    }
+    delegate(from, toSovereignty, operationId) {
+        const delegatedSovereignty = Math.min(from.sovereignty * 0.8, toSovereignty);
+        const record = this.records.find(r => r.operationId === operationId);
+        if (record) {
+            record.sovereigntyChain.push(this.makeLink(from, `delegate:${delegatedSovereignty.toFixed(2)}`));
+            record.seal = this.generateSeal(record.sovereigntyChain);
+        }
+        return {
+            actorId: `${from.actorId}-delegate`,
+            actorType: from.actorType,
+            sovereignty: delegatedSovereignty,
+            permissions: from.permissions,
+        };
+    }
+    verifyChain(operationId) {
+        const record = this.records.find(r => r.operationId === operationId);
+        if (!record)
+            return { valid: false, chainLength: 0, lastSeal: '' };
+        const expectedSeal = this.generateSeal(record.sovereigntyChain);
+        const valid = expectedSeal === record.seal;
+        return { valid, chainLength: record.sovereigntyChain.length, lastSeal: record.seal };
+    }
+    getOperationHistory(resource, limit = 20) {
+        let result = this.records;
+        if (resource)
+            result = result.filter(r => r.resource === resource);
+        return result.slice(-limit).reverse();
+    }
+    freeze() {
+        this.frozen = true;
+        this.log('SYSTEM FROZEN — all operations blocked');
+    }
+    unfreeze() {
+        this.frozen = false;
+        this.log('SYSTEM UNFROZEN — operations resumed');
+    }
+    get isFrozen() { return this.frozen; }
+    get totalOperations() { return this.records.length; }
+    freezeReason() {
+        return this.frozen ? `Frozen at ${new Date(this.records[this.records.length - 1]?.timestamp).toISOString()}` : null;
+    }
+    makeLink(actor, action) {
+        return {
+            actorId: actor.actorId,
+            actorType: actor.actorType,
+            sovereignty: actor.sovereignty,
+            action,
+            timestamp: Date.now(),
+        };
+    }
+    generateSeal(chain) {
+        const raw = chain.map(l => `${l.actorId}:${l.sovereignty}:${l.action}`).join('|');
+        let hash = 0;
+        for (let i = 0; i < raw.length; i++)
+            hash = ((hash << 5) - hash) + raw.charCodeAt(i) | 0;
+        return `sov:${Math.abs(hash).toString(16).padStart(12, '0')}:${chain.length}`;
+    }
+    log(msg) {
+        console.error(`[sovereignty] ${msg}`);
+    }
+}
+//# sourceMappingURL=SovereigntyManager.js.map

package/dist/security/SovereigntyManager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"SovereigntyManager.js","sourceRoot":"","sources":["../../src/security/SovereigntyManager.ts"],"names":[],"mappings":"AAsBA,MAAM,OAAO,kBAAkB;IACrB,UAAU,CAAoB;IAC9B,OAAO,GAAwB,EAAE,CAAC;IAClC,MAAM,GAAG,KAAK,CAAC;IAEvB,YAAY,MAAyB;QACnC,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC;IAC3B,CAAC;IAED,IAAI,MAAM,KAAa,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;IACvD,IAAI,QAAQ,KAAa,OAAO,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC;IAE3D,eAAe,CACb,KAAqB,EACrB,MAAc,EACd,QAAgB,EAChB,QAAiB;QAEjB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;QACjF,MAAM,KAAK,GAAsB,QAAQ;YACvC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,KAAK,QAAQ,CAAC,EAAE,gBAAgB,IAAI,EAAE,CAAC,EAAE,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;YACjH,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC;QAEnC,MAAM,MAAM,GAAsB;YAChC,WAAW;YACX,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,KAAK;YACL,MAAM;YACN,QAAQ;YACR,eAAe,EAAE,QAAQ;YACzB,gBAAgB,EAAE,KAAK;YACvB,IAAI,EAAE,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC;YAC9B,MAAM,EAAE,SAAS;SAClB,CAAC;QAEF,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC1B,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,GAAG,IAAI;YAAE,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACrD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,gBAAgB,CAAC,WAAmB;QAClC,MAAM,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,KAAK,WAAW,CAAC,CAAC;QAChE,IAAI,CAAC;YAAE,CAAC,CAAC,MAAM,GAAG,UAAU,CAAC;IAC/B,CAAC;IAED,eAAe,CAAC,WAAmB,EAAE,MAAe;QAClD,MAAM,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,KAAK,WAAW,CAAC,CAAC;QAChE,IAAI,CAAC,EAAE,CAAC;YACN,CAAC,CAAC,MAAM,GAAG,UAAU,CAAC;YACtB,IAAI,CAAC,GAAG,CAAC,GAAG,MAAM,IAAI,gCAAgC,EAAE,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;IAED,mBAAmB,CAAC,KAAqB,EAAE,mBAA2B;QACpE,IAAI,IAAI,CAAC,MAAM;YAAE,OAAO,KAAK,CAAC;QAC9B,IAAI,KAAK,CAAC,SAAS,KAAK,MAAM;YAAE,OAAO,IAAI,CAAC;QAC5C,OAAO,KAAK,CAAC,WAAW,IAAI,mBAAmB,CAAC;IAClD,CAAC;IAED,QAAQ,CAAC,IAAoB,EAAE,aAAqB,EAAE,WAAmB;QACvE,MAAM,oBAAoB,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,GAAG,GAAG,EAAE,aAAa,CAAC,CAAC;QAC7E,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,KAAK,WAAW,CAAC,CAAC;QACrE,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,YAAY,oBAAoB,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YACjG,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;QAC3D,CAAC;QACD,OAAO;YACL,OAAO,EAAE,GAAG,IAAI,CAAC,OAAO,WAAW;YACnC,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,WAAW,EAAE,oBAAoB;YACjC,WAAW,EAAE,IAAI,CAAC,WAAW;SAC9B,CAAC;IACJ,CAAC;IAED,WAAW,CAAC,WAAmB;QAC7B,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,KAAK,WAAW,CAAC,CAAC;QACrE,IAAI,CAAC,MAAM;YAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;QACnE,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;QAChE,MAAM,KAAK,GAAG,YAAY,KAAK,MAAM,CAAC,IAAI,CAAC;QAC3C,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,MAAM,CAAC,gBAAgB,CAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC;IACvF,CAAC;IAED,mBAAmB,CAAC,QAAiB,EAAE,KAAK,GAAG,EAAE;QAC/C,IAAI,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC;QAC1B,IAAI,QAAQ;YAAE,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;QACnE,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC;IACxC,CAAC;IAED,MAAM;QACJ,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;QACnB,IAAI,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;IACrD,CAAC;IAED,QAAQ;QACN,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;QACpB,IAAI,CAAC,GAAG,CAAC,sCAAsC,CAAC,CAAC;IACnD,CAAC;IAED,IAAI,QAAQ,KAAc,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;IAE/C,IAAI,eAAe,KAAa,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;IAE7D,YAAY;QACV,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,aAAa,IAAI,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;IACtH,CAAC;IAEO,QAAQ,CAAC,KAAqB,EAAE,MAAc;QACpD,OAAO;YACL,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,WAAW,EAAE,KAAK,CAAC,WAAW;YAC9B,MAAM;YACN,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;SACtB,CAAC;IACJ,CAAC;IAEO,YAAY,CAAC,KAAwB;QAC3C,MAAM,GAAG,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAClF,IAAI,IAAI,GAAG,CAAC,CAAC;QACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE;YAAE,IAAI,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACzF,OAAO,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,EAAE,EAAE,GAAG,CAAC,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;IAChF,CAAC;IAEO,GAAG,CAAC,GAAW;QACrB,OAAO,CAAC,KAAK,CAAC,iBAAiB,GAAG,EAAE,CAAC,CAAC;IACxC,CAAC;CACF"}

package/dist/security/StateGuardian.d.ts

@@ -0,0 +1,40 @@
+export interface SystemMetrics {
+    totalToolCalls: number;
+    failedCalls: number;
+    errorRate: number;
+    sovereigntyViolations: number;
+    firewallBlocks: number;
+    avgResponseMs: number;
+    activeAgents: number;
+    memoryUsage: number;
+    uptimeMs: number;
+}
+type GuardianEventType = 'high-error-rate' | 'sovereignty-violation' | 'firewall-breach' | 'memory-pressure' | 'tool-failure' | 'anomaly-detected';
+interface GuardianEvent {
+    type: GuardianEventType;
+    timestamp: number;
+    severity: 'info' | 'warning' | 'critical';
+    message: string;
+    data?: Record<string, unknown>;
+}
+export declare class StateGuardian {
+    private events;
+    private toolCallHistory;
+    private startTime;
+    private activeAgentCount;
+    private frozen;
+    private freezeReason;
+    recordToolCall(toolId: string, success: boolean, elapsedMs: number): void;
+    setMemoryPressure(usagePercent: number): void;
+    recordSovereigntyViolation(actorId: string, resource: string): void;
+    recordFirewallBlock(ruleId: string, toolId: string): void;
+    freeze(reason: string): void;
+    unfreeze(): void;
+    get isFrozen(): boolean;
+    get freezeMessage(): string | null;
+    setActiveAgentCount(count: number): void;
+    getMetrics(): SystemMetrics;
+    getRecentEvents(count?: number): GuardianEvent[];
+    private emit;
+}
+export {};

package/dist/security/StateGuardian.js

@@ -0,0 +1,76 @@
+export class StateGuardian {
+    events = [];
+    toolCallHistory = [];
+    startTime = Date.now();
+    activeAgentCount = 0;
+    frozen = false;
+    freezeReason = null;
+    recordToolCall(toolId, success, elapsedMs) {
+        this.toolCallHistory.push({ toolId, success, elapsedMs, timestamp: Date.now() });
+        if (this.toolCallHistory.length > 500)
+            this.toolCallHistory.shift();
+        if (!success) {
+            this.emit('tool-failure', `Tool ${toolId} failed (${elapsedMs}ms)`, 'warning', { toolId, elapsedMs });
+        }
+        const recentCalls = this.toolCallHistory.slice(-50);
+        const failCount = recentCalls.filter(c => !c.success).length;
+        if (recentCalls.length >= 10 && failCount / recentCalls.length > 0.5) {
+            this.emit('high-error-rate', `Error rate ${(failCount / recentCalls.length * 100).toFixed(0)}% in last ${recentCalls.length} calls`, 'critical', { failCount, totalCalls: recentCalls.length });
+        }
+    }
+    setMemoryPressure(usagePercent) {
+        if (usagePercent > 90) {
+            this.emit('memory-pressure', `Memory at ${usagePercent.toFixed(0)}%`, 'critical', { usagePercent });
+        }
+    }
+    recordSovereigntyViolation(actorId, resource) {
+        this.emit('sovereignty-violation', `Sovereignty violation by ${actorId} on ${resource}`, 'warning', { actorId, resource });
+    }
+    recordFirewallBlock(ruleId, toolId) {
+        this.emit('firewall-breach', `Firewall rule ${ruleId} blocked on ${toolId}`, 'warning', { ruleId, toolId });
+    }
+    freeze(reason) {
+        this.frozen = true;
+        this.freezeReason = reason;
+        this.emit('anomaly-detected', `FREEZE: ${reason}`, 'critical', { reason });
+    }
+    unfreeze() {
+        this.frozen = false;
+        this.freezeReason = null;
+    }
+    get isFrozen() { return this.frozen; }
+    get freezeMessage() { return this.freezeReason; }
+    setActiveAgentCount(count) {
+        this.activeAgentCount = count;
+    }
+    getMetrics() {
+        const total = this.toolCallHistory.length;
+        const failed = this.toolCallHistory.filter(c => !c.success).length;
+        const recentCalls = this.toolCallHistory.slice(-20);
+        const avgMs = recentCalls.length > 0
+            ? Math.round(recentCalls.reduce((s, c) => s + c.elapsedMs, 0) / recentCalls.length)
+            : 0;
+        return {
+            totalToolCalls: total,
+            failedCalls: failed,
+            errorRate: total > 0 ? parseFloat((failed / total).toFixed(3)) : 0,
+            sovereigntyViolations: this.events.filter(e => e.type === 'sovereignty-violation').length,
+            firewallBlocks: this.events.filter(e => e.type === 'firewall-breach').length,
+            avgResponseMs: avgMs,
+            activeAgents: this.activeAgentCount,
+            memoryUsage: process.memoryUsage?.()?.heapUsed ? Math.round(process.memoryUsage().heapUsed / 1024 / 1024) : 0,
+            uptimeMs: Date.now() - this.startTime,
+        };
+    }
+    getRecentEvents(count = 20) {
+        return this.events.slice(-count).reverse();
+    }
+    emit(type, message, severity, data) {
+        this.events.push({ type, timestamp: Date.now(), severity, message, data });
+        if (this.events.length > 200)
+            this.events.shift();
+        const prefix = severity === 'critical' ? 'CRIT' : severity === 'warning' ? 'WARN' : 'INFO';
+        console.error(`[guardian][${prefix}] ${message}`);
+    }
+}
+//# sourceMappingURL=StateGuardian.js.map

package/dist/security/StateGuardian.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"StateGuardian.js","sourceRoot":"","sources":["../../src/security/StateGuardian.ts"],"names":[],"mappings":"AAsBA,MAAM,OAAO,aAAa;IAChB,MAAM,GAAoB,EAAE,CAAC;IAC7B,eAAe,GAAsF,EAAE,CAAC;IACxG,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,gBAAgB,GAAG,CAAC,CAAC;IACrB,MAAM,GAAG,KAAK,CAAC;IACf,YAAY,GAAkB,IAAI,CAAC;IAE3C,cAAc,CAAC,MAAc,EAAE,OAAgB,EAAE,SAAiB;QAChE,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACjF,IAAI,IAAI,CAAC,eAAe,CAAC,MAAM,GAAG,GAAG;YAAE,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,CAAC;QAEpE,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,QAAQ,MAAM,YAAY,SAAS,KAAK,EAAE,SAAS,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;QACxG,CAAC;QAED,MAAM,WAAW,GAAG,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;QACpD,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC;QAC7D,IAAI,WAAW,CAAC,MAAM,IAAI,EAAE,IAAI,SAAS,GAAG,WAAW,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;YACrE,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,cAAc,CAAC,SAAS,GAAG,WAAW,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,aAAa,WAAW,CAAC,MAAM,QAAQ,EAAE,UAAU,EAAE,EAAE,SAAS,EAAE,UAAU,EAAE,WAAW,CAAC,MAAM,EAAE,CAAC,CAAC;QAClM,CAAC;IACH,CAAC;IAED,iBAAiB,CAAC,YAAoB;QACpC,IAAI,YAAY,GAAG,EAAE,EAAE,CAAC;YACtB,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,aAAa,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,UAAU,EAAE,EAAE,YAAY,EAAE,CAAC,CAAC;QACtG,CAAC;IACH,CAAC;IAED,0BAA0B,CAAC,OAAe,EAAE,QAAgB;QAC1D,IAAI,CAAC,IAAI,CAAC,uBAAuB,EAAE,4BAA4B,OAAO,OAAO,QAAQ,EAAE,EAAE,SAAS,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC;IAC7H,CAAC;IAED,mBAAmB,CAAC,MAAc,EAAE,MAAc;QAChD,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,iBAAiB,MAAM,eAAe,MAAM,EAAE,EAAE,SAAS,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IAC9G,CAAC;IAED,MAAM,CAAC,MAAc;QACnB,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;QACnB,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,WAAW,MAAM,EAAE,EAAE,UAAU,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;IAC7E,CAAC;IAED,QAAQ;QACN,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;QACpB,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;IAC3B,CAAC;IAED,IAAI,QAAQ,KAAc,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;IAC/C,IAAI,aAAa,KAAoB,OAAO,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;IAEhE,mBAAmB,CAAC,KAAa;QAC/B,IAAI,CAAC,gBAAgB,GAAG,KAAK,CAAC;IAChC,CAAC;IAED,UAAU;QACR,MAAM,KAAK,GAAG,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC;QAC1C,MAAM,MAAM,GAAG,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC;QACnE,MAAM,WAAW,GAAG,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;QACpD,MAAM,KAAK,GAAG,WAAW,CAAC,MAAM,GAAG,CAAC;YAClC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC;YACnF,CAAC,CAAC,CAAC,CAAC;QAEN,OAAO;YACL,cAAc,EAAE,KAAK;YACrB,WAAW,EAAE,MAAM;YACnB,SAAS,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,MAAM,GAAG,KAAK,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAClE,qBAAqB,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,uBAAuB,CAAC,CAAC,MAAM;YACzF,cAAc,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,iBAAiB,CAAC,CAAC,MAAM;YAC5E,aAAa,EAAE,KAAK;YACpB,YAAY,EAAE,IAAI,CAAC,gBAAgB;YACnC,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,EAAE,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,QAAQ,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;YAC7G,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS;SACtC,CAAC;IACJ,CAAC;IAED,eAAe,CAAC,KAAK,GAAG,EAAE;QACxB,OAAO,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC;IAC7C,CAAC;IAEO,IAAI,CAAC,IAAuB,EAAE,OAAe,EAAE,QAAmC,EAAE,IAA8B;QACxH,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QAC3E,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,GAAG;YAAE,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QAClD,MAAM,MAAM,GAAG,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC;QAC3F,OAAO,CAAC,KAAK,CAAC,cAAc,MAAM,KAAK,OAAO,EAAE,CAAC,CAAC;IACpD,CAAC;CACF"}

package/dist/security/SynapticFirewall.d.ts

@@ -0,0 +1,38 @@
+interface FirewallRule {
+    id: string;
+    name: string;
+    pattern: RegExp;
+    severity: 'block' | 'flag' | 'log';
+    category: string;
+    description: string;
+}
+export declare class SynapticFirewall {
+    private rules;
+    private blockedCount;
+    private flaggedCount;
+    private recentHits;
+    addRule(rule: FirewallRule): void;
+    inspect(input: string, context?: string): {
+        passed: boolean;
+        blocks: FirewallRule[];
+        flags: FirewallRule[];
+    };
+    inspectParams(params: Record<string, unknown>, toolId: string): {
+        passed: boolean;
+        blocks: FirewallRule[];
+        flags: FirewallRule[];
+    };
+    getStats(): {
+        blockedCount: number;
+        flaggedCount: number;
+        totalHits: number;
+        rulesActive: number;
+    };
+    getRecentHits(count?: number): Array<{
+        rule: string;
+        input: string;
+        timestamp: number;
+    }>;
+    clearStats(): void;
+}
+export {};