npm - erosolar-cli - Versions diffs - 1.7.21 → 1.7.23 - Mend

erosolar-cli 1.7.21 → 1.7.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/dist/core/responseVerifier.d.ts +98 -5
package/dist/core/responseVerifier.d.ts.map +1 -1
package/dist/core/responseVerifier.js +609 -232
package/dist/core/responseVerifier.js.map +1 -1
package/dist/shell/interactiveShell.d.ts +7 -2
package/dist/shell/interactiveShell.d.ts.map +1 -1
package/dist/shell/interactiveShell.js +41 -15
package/dist/shell/interactiveShell.js.map +1 -1
package/package.json +1 -1

package/dist/core/responseVerifier.js CHANGED Viewed

@@ -764,57 +764,12 @@ export function generateVerificationTest(claim) {
     }
 }
 /**
- * Verify all claims in an assistant response
+ * Verify all claims in an assistant response using LLM-based semantic analysis.
+ * Requires a VerificationContext with an llmVerifier function.
+ * All claim extraction and verification is done via LLM.
  */
-export async function verifyResponse(response, responseId) {
-    const claims = extractClaims(response);
-    const results = [];
-    for (const claim of claims) {
-        const test = generateVerificationTest(claim);
-        try {
-            const result = await test();
-            results.push(result);
-        }
-        catch (err) {
-            results.push({
-                claim,
-                verified: false,
-                confidence: 'low',
-                evidence: 'Verification test failed to execute',
-                error: err instanceof Error ? err.message : 'Unknown error',
-                timestamp: new Date().toISOString()
-            });
-        }
-    }
-    const verified = results.filter(r => r.verified).length;
-    const failed = results.filter(r => !r.verified && r.confidence === 'high').length;
-    const inconclusive = results.filter(r => !r.verified && r.confidence !== 'high').length;
-    let overallVerdict;
-    if (failed > 0) {
-        overallVerdict = 'contradicted';
-    }
-    else if (verified === claims.length && claims.length > 0) {
-        overallVerdict = 'verified';
-    }
-    else if (verified > 0) {
-        overallVerdict = 'partially_verified';
-    }
-    else {
-        overallVerdict = 'unverified';
-    }
-    return {
-        responseId: responseId || `response-${Date.now()}`,
-        timestamp: new Date().toISOString(),
-        claims,
-        results,
-        summary: {
-            total: claims.length,
-            verified,
-            failed,
-            inconclusive
-        },
-        overallVerdict
-    };
+export async function verifyResponse(response, context, responseId) {
+    return verifyResponseComprehensive(response, context, responseId);
 }
 /**
  * Format a verification report for display
@@ -854,10 +809,11 @@ export function formatVerificationReport(report) {
     return lines.join('\n');
 }
 /**
- * Quick verification - returns true if response claims are valid
+ * Quick verification - returns true if response claims are valid.
+ * Requires a VerificationContext with llmVerifier for LLM-based semantic analysis.
  */
-export async function quickVerify(response) {
-    const report = await verifyResponse(response);
+export async function quickVerify(response, context) {
+    const report = await verifyResponse(response, context);
     return report.overallVerdict === 'verified' || report.overallVerdict === 'partially_verified';
 }
 /**
@@ -1120,203 +1076,59 @@ export function generateExtendedVerificationTest(claim, context) {
         case 'error_fixed':
         case 'feature_implemented':
         case 'refactor_complete':
-            // These require semantic verification - use LLM if available
+            // These require semantic verification - LLM is required
             return async () => {
-                if (context.llmVerifier) {
-                    return verifyClaimWithLLM(claim, context);
-                }
-                // Fall back to checking if related files were modified
-                const relatedPath = claim.params.path;
-                if (relatedPath) {
-                    try {
-                        const resolvedPath = path.isAbsolute(relatedPath)
-                            ? relatedPath
-                            : path.resolve(context.workingDirectory, relatedPath);
-                        const stats = await fs.stat(resolvedPath);
-                        const recentlyModified = (Date.now() - stats.mtimeMs) < 10 * 60 * 1000;
-                        return {
-                            ...baseResult,
-                            verified: recentlyModified,
-                            confidence: 'low',
-                            evidence: recentlyModified
-                                ? `Related file ${relatedPath} was recently modified`
-                                : `Related file ${relatedPath} exists but wasn't recently modified`
-                        };
-                    }
-                    catch {
-                        return {
-                            ...baseResult,
-                            verified: false,
-                            confidence: 'low',
-                            evidence: 'Could not verify - no LLM available and related file not found'
-                        };
-                    }
+                if (!context.llmVerifier) {
+                    return {
+                        ...baseResult,
+                        verified: false,
+                        confidence: 'low',
+                        evidence: 'Semantic verification requires LLM verifier'
+                    };
                 }
-                return {
-                    ...baseResult,
-                    verified: false,
-                    confidence: 'low',
-                    evidence: 'Semantic verification required but no LLM verifier available'
-                };
+                return verifyClaimWithLLM(claim, context);
             };
         case 'data_transformed':
-            return async () => {
-                // Check if we have before/after state to compare
-                if (context.previousState && context.currentState) {
-                    const inputKey = claim.params.input;
-                    const outputKey = claim.params.output;
-                    if (inputKey && outputKey) {
-                        const inputExists = context.previousState[inputKey] !== undefined;
-                        const outputExists = context.currentState[outputKey] !== undefined;
-                        return {
-                            ...baseResult,
-                            verified: inputExists && outputExists,
-                            confidence: inputExists && outputExists ? 'medium' : 'low',
-                            evidence: `Input "${inputKey}" ${inputExists ? 'found' : 'missing'}, Output "${outputKey}" ${outputExists ? 'found' : 'missing'}`
-                        };
-                    }
-                }
-                // Fall back to LLM verification
-                if (context.llmVerifier) {
-                    return verifyClaimWithLLM(claim, context);
-                }
-                return {
-                    ...baseResult,
-                    verified: false,
-                    confidence: 'low',
-                    evidence: 'Cannot verify data transformation without state comparison or LLM'
-                };
-            };
         case 'database_updated':
-            return async () => {
-                // Can't directly verify database changes without connection info
-                // Check if there's a command we can run
-                const checkCommand = claim.params.checkCommand;
-                if (checkCommand) {
-                    try {
-                        const { stdout } = await execAsync(checkCommand, {
-                            timeout: 10000,
-                            cwd: context.workingDirectory
-                        });
-                        return {
-                            ...baseResult,
-                            verified: true,
-                            confidence: 'medium',
-                            evidence: `Check command output: ${stdout.slice(0, 200)}`
-                        };
-                    }
-                    catch (err) {
-                        return {
-                            ...baseResult,
-                            verified: false,
-                            confidence: 'medium',
-                            evidence: 'Database check command failed',
-                            error: err instanceof Error ? err.message : 'Unknown error'
-                        };
-                    }
-                }
-                // Fall back to LLM
-                if (context.llmVerifier) {
-                    return verifyClaimWithLLM(claim, context);
-                }
-                return {
-                    ...baseResult,
-                    verified: false,
-                    confidence: 'low',
-                    evidence: 'Cannot verify database changes without check command or LLM'
-                };
-            };
         case 'permission_granted':
-            return async () => {
-                const targetPath = claim.params.path;
-                const expectedMode = claim.params.mode;
-                if (targetPath) {
-                    try {
-                        const resolvedPath = path.isAbsolute(targetPath)
-                            ? targetPath
-                            : path.resolve(context.workingDirectory, targetPath);
-                        const stats = await fs.stat(resolvedPath);
-                        const mode = (stats.mode & 0o777).toString(8);
-                        if (expectedMode) {
-                            const matches = mode === expectedMode;
-                            return {
-                                ...baseResult,
-                                verified: matches,
-                                confidence: 'high',
-                                evidence: matches
-                                    ? `File has expected permissions: ${mode}`
-                                    : `Expected mode ${expectedMode}, got ${mode}`
-                            };
-                        }
-                        return {
-                            ...baseResult,
-                            verified: true,
-                            confidence: 'medium',
-                            evidence: `File permissions: ${mode}`
-                        };
-                    }
-                    catch (err) {
-                        return {
-                            ...baseResult,
-                            verified: false,
-                            confidence: 'high',
-                            evidence: 'Could not check file permissions',
-                            error: err instanceof Error ? err.message : 'Unknown error'
-                        };
-                    }
-                }
-                // Fall back to LLM
-                if (context.llmVerifier) {
-                    return verifyClaimWithLLM(claim, context);
-                }
-                return {
-                    ...baseResult,
-                    verified: false,
-                    confidence: 'low',
-                    evidence: 'Cannot verify permission without file path or LLM'
-                };
-            };
         case 'generic':
         default:
-            // For generic claims, always try LLM verification first
+            // All these claim types require LLM verification
             return async () => {
-                if (context.llmVerifier) {
-                    return verifyClaimWithLLM(claim, context);
+                if (!context.llmVerifier) {
+                    return {
+                        ...baseResult,
+                        verified: false,
+                        confidence: 'low',
+                        evidence: `${claim.type} verification requires LLM verifier`
+                    };
                 }
-                return {
-                    ...baseResult,
-                    verified: false,
-                    confidence: 'low',
-                    evidence: 'Generic claim requires LLM verification which is not available'
-                };
+                return verifyClaimWithLLM(claim, context);
             };
     }
 }
 /**
- * Comprehensive verification using both runtime and LLM-based strategies
+ * Comprehensive verification using LLM-based semantic analysis.
+ * Requires an LLM verifier - all claims are verified through LLM semantic analysis.
  */
 export async function verifyResponseComprehensive(response, context, responseId) {
-    // First extract claims using LLM if available, otherwise pattern matching
-    const claims = context.llmVerifier
-        ? await extractClaimsWithLLM(response, context.llmVerifier)
-        : extractClaims(response);
+    if (!context.llmVerifier) {
+        return {
+            responseId: responseId || `response-${Date.now()}`,
+            timestamp: new Date().toISOString(),
+            claims: [],
+            results: [],
+            summary: { total: 0, verified: 0, failed: 0, inconclusive: 0 },
+            overallVerdict: 'unverified'
+        };
+    }
+    // Extract ALL claims using LLM (required)
+    const claims = await extractClaimsWithLLM(response, context.llmVerifier);
     const results = [];
     for (const claim of claims) {
-        // Check if this is a standard claim type that can be runtime-verified
-        const standardTypes = [
-            'file_created', 'file_modified', 'file_deleted', 'code_compiles',
-            'tests_pass', 'git_committed', 'package_published', 'command_executed',
-            'dependency_installed', 'service_running', 'url_accessible', 'content_contains'
-        ];
-        let test;
-        if (standardTypes.includes(claim.type)) {
-            test = generateVerificationTest(claim);
-        }
-        else {
-            test = generateExtendedVerificationTest(claim, context);
-        }
+        // ALL claims are verified via LLM semantic analysis
         try {
-            const result = await test();
+            const result = await verifyClaimWithLLM(claim, context);
             results.push(result);
         }
         catch (err) {
@@ -1324,7 +1136,7 @@ export async function verifyResponseComprehensive(response, context, responseId)
                 claim,
                 verified: false,
                 confidence: 'low',
-                evidence: 'Verification test failed to execute',
+                evidence: 'LLM verification failed',
                 error: err instanceof Error ? err.message : 'Unknown error',
                 timestamp: new Date().toISOString()
             });
@@ -1396,4 +1208,569 @@ export function getVerificationStrategy(claim) {
             return 'llm';
     }
 }
+/**
+ * Prompt for LLM to generate verification code
+ */
+const VERIFICATION_CODE_GENERATION_PROMPT = `You are a verification code generator. Given a claim that an AI assistant made, generate code to verify if the claim is TRUE.
+CLAIM TO VERIFY:
+Type: {CLAIM_TYPE}
+Description: {CLAIM_DESCRIPTION}
+Evidence: {CLAIM_EVIDENCE}
+Parameters: {CLAIM_PARAMS}
+WORKING DIRECTORY: {WORKING_DIR}
+Generate a verification test. Choose the most appropriate approach:
+1. SHELL COMMAND - For file operations, git, npm, system checks
+2. JAVASCRIPT - For complex logic, API calls, JSON parsing
+3. API - For HTTP endpoints, external services
+IMPORTANT RULES:
+- Code must be READ-ONLY and NON-DESTRUCTIVE (no writes, no deletes, no modifications)
+- Code must complete quickly (under 10 seconds)
+- Code must output a clear result that can be parsed
+- For shell: output should be parseable (exit code 0 = verified, non-zero = failed)
+- For JavaScript: must export/return { verified: boolean, evidence: string }
+- Do NOT use interactive commands
+- Do NOT access sensitive data or credentials
+Respond with JSON:
+{
+  "testType": "shell" | "javascript" | "api",
+  "code": "the verification code",
+  "description": "what this test does",
+  "expectedOutcome": "what success looks like",
+  "safeToRun": true | false,
+  "safetyReason": "why it's safe/unsafe"
+}
+Only output valid JSON, nothing else.`;
+/**
+ * Generate verification code using LLM
+ */
+export async function generateVerificationCode(claim, context) {
+    if (!context.llmVerifier) {
+        return null;
+    }
+    try {
+        const prompt = VERIFICATION_CODE_GENERATION_PROMPT
+            .replace('{CLAIM_TYPE}', claim.type)
+            .replace('{CLAIM_DESCRIPTION}', claim.description)
+            .replace('{CLAIM_EVIDENCE}', claim.evidence)
+            .replace('{CLAIM_PARAMS}', JSON.stringify(claim.params, null, 2))
+            .replace('{WORKING_DIR}', context.workingDirectory);
+        const result = await context.llmVerifier(prompt);
+        // Parse the JSON response
+        const jsonMatch = result.match(/\{[\s\S]*\}/);
+        if (!jsonMatch) {
+            return null;
+        }
+        const parsed = JSON.parse(jsonMatch[0]);
+        return {
+            claim,
+            testType: parsed.testType,
+            code: parsed.code,
+            description: parsed.description,
+            expectedOutcome: parsed.expectedOutcome,
+            safetyCheck: parsed.safeToRun
+        };
+    }
+    catch (err) {
+        console.error('Failed to generate verification code:', err);
+        return null;
+    }
+}
+/**
+ * Safety patterns to block dangerous code
+ */
+const DANGEROUS_PATTERNS = [
+    /\brm\s+-rf?\b/i, // rm commands
+    /\brmdir\b/i, // rmdir
+    /\bdd\s+if=/i, // dd (disk destroyer)
+    /\bmkfs\b/i, // format filesystem
+    /\b>\s*\/dev\//i, // write to devices
+    /\bchmod\s+777\b/i, // dangerous permissions
+    /\bsudo\b/i, // sudo commands
+    /\bcurl.*\|\s*sh\b/i, // pipe to shell
+    /\bwget.*\|\s*sh\b/i, // pipe to shell
+    /\beval\s*\(/i, // eval in JS
+    /new\s+Function\s*\(/i, // Function constructor
+    /child_process/i, // subprocess in JS (unless we control it)
+    /\bexec\s*\(/i, // exec calls
+    /\bspawn\s*\(/i, // spawn calls
+    /writeFile/i, // file writes
+    /appendFile/i, // file appends
+    /unlink\s*\(/i, // file deletion
+    /rmSync/i, // sync deletion
+    /fs\.rm/i, // fs remove
+    /DROP\s+TABLE/i, // SQL injection
+    /DELETE\s+FROM/i, // SQL deletion
+    /TRUNCATE/i, // SQL truncate
+    /;\s*--/, // SQL comment injection
+    /process\.exit/i, // process exit
+    /require\s*\(\s*['"]child/i, // require child_process
+];
+/**
+ * Validate that generated code is safe to execute
+ */
+export function validateGeneratedCode(test) {
+    // First check the LLM's own safety assessment
+    if (!test.safetyCheck) {
+        return { safe: false, reason: 'LLM marked code as unsafe' };
+    }
+    // Check against dangerous patterns
+    for (const pattern of DANGEROUS_PATTERNS) {
+        if (pattern.test(test.code)) {
+            return {
+                safe: false,
+                reason: `Dangerous pattern detected: ${pattern.source}`
+            };
+        }
+    }
+    // Additional checks for shell commands
+    if (test.testType === 'shell') {
+        // Only allow specific safe commands
+        const safeShellPrefixes = [
+            'ls', 'cat', 'head', 'tail', 'grep', 'find', 'stat', 'file',
+            'test', 'echo', 'pwd', 'wc', 'diff', 'cmp',
+            'git log', 'git status', 'git show', 'git diff', 'git branch',
+            'npm view', 'npm list', 'npm ls',
+            'node -e', 'node --eval',
+            'curl -s', 'curl --silent', 'wget -q',
+            'jq', 'python -c', 'python3 -c',
+            'lsof', 'netstat', 'ss', 'ps',
+            'which', 'type', 'command -v',
+        ];
+        const trimmedCode = test.code.trim().toLowerCase();
+        const startsWithSafe = safeShellPrefixes.some(prefix => trimmedCode.startsWith(prefix.toLowerCase()));
+        if (!startsWithSafe) {
+            // Check if it's a simple test/check command
+            if (!trimmedCode.startsWith('[') && !trimmedCode.startsWith('if ')) {
+                return {
+                    safe: false,
+                    reason: 'Shell command does not start with a known safe prefix'
+                };
+            }
+        }
+    }
+    // For JavaScript, ensure it's a simple expression
+    if (test.testType === 'javascript') {
+        // Check code length - very long code is suspicious
+        if (test.code.length > 2000) {
+            return { safe: false, reason: 'JavaScript code too long' };
+        }
+    }
+    return { safe: true, reason: 'All safety checks passed' };
+}
+/**
+ * Execute a generated verification test
+ */
+export async function executeGeneratedTest(test, context) {
+    const baseResult = {
+        claim: test.claim,
+        timestamp: new Date().toISOString()
+    };
+    // Validate safety first
+    const safetyResult = validateGeneratedCode(test);
+    if (!safetyResult.safe) {
+        return {
+            ...baseResult,
+            verified: false,
+            confidence: 'low',
+            evidence: `Generated test blocked: ${safetyResult.reason}`,
+            error: 'Safety validation failed'
+        };
+    }
+    try {
+        switch (test.testType) {
+            case 'shell': {
+                const { stdout, stderr } = await execAsync(test.code, {
+                    cwd: context.workingDirectory,
+                    timeout: 10000, // 10 second timeout
+                    maxBuffer: 1024 * 1024 // 1MB max output
+                });
+                const output = (stdout + stderr).trim();
+                // Shell convention: exit 0 = success
+                return {
+                    ...baseResult,
+                    verified: true,
+                    confidence: 'high',
+                    evidence: `Test passed. Output: ${output.slice(0, 500)}`
+                };
+            }
+            case 'javascript': {
+                // Execute JavaScript in a sandboxed way using node -e
+                const wrappedCode = `
+          const result = (async () => {
+            ${test.code}
+          })();
+          result.then(r => console.log(JSON.stringify(r))).catch(e => {
+            console.log(JSON.stringify({ verified: false, evidence: e.message }));
+          });
+        `;
+                const { stdout } = await execAsync(`node -e ${JSON.stringify(wrappedCode)}`, {
+                    cwd: context.workingDirectory,
+                    timeout: 10000
+                });
+                try {
+                    const result = JSON.parse(stdout.trim());
+                    return {
+                        ...baseResult,
+                        verified: result.verified,
+                        confidence: 'high',
+                        evidence: result.evidence
+                    };
+                }
+                catch {
+                    return {
+                        ...baseResult,
+                        verified: false,
+                        confidence: 'medium',
+                        evidence: `JavaScript output: ${stdout.slice(0, 500)}`
+                    };
+                }
+            }
+            case 'api': {
+                // For API tests, use curl
+                const { stdout } = await execAsync(test.code, {
+                    cwd: context.workingDirectory,
+                    timeout: 15000
+                });
+                // Try to parse as JSON result
+                try {
+                    const result = JSON.parse(stdout.trim());
+                    return {
+                        ...baseResult,
+                        verified: Boolean(result.verified ?? result.success ?? result.ok),
+                        confidence: 'high',
+                        evidence: `API response: ${JSON.stringify(result).slice(0, 500)}`
+                    };
+                }
+                catch {
+                    // Non-JSON response - check for success indicators
+                    const isSuccess = stdout.includes('200') || stdout.includes('success') || stdout.includes('ok');
+                    return {
+                        ...baseResult,
+                        verified: isSuccess,
+                        confidence: 'medium',
+                        evidence: `API output: ${stdout.slice(0, 500)}`
+                    };
+                }
+            }
+            default:
+                return {
+                    ...baseResult,
+                    verified: false,
+                    confidence: 'low',
+                    evidence: `Unknown test type: ${test.testType}`
+                };
+        }
+    }
+    catch (err) {
+        // Command failed (non-zero exit) = verification failed
+        return {
+            ...baseResult,
+            verified: false,
+            confidence: 'high',
+            evidence: `Test failed: ${err instanceof Error ? err.message : 'Unknown error'}`,
+            error: err instanceof Error ? err.message : 'Unknown error'
+        };
+    }
+}
+/**
+ * Verify a claim using LLM-generated runtime test
+ */
+export async function verifyWithGeneratedTest(claim, context) {
+    const baseResult = {
+        claim,
+        timestamp: new Date().toISOString()
+    };
+    // Generate verification code
+    const test = await generateVerificationCode(claim, context);
+    if (!test) {
+        return {
+            ...baseResult,
+            verified: false,
+            confidence: 'low',
+            evidence: 'Failed to generate verification test'
+        };
+    }
+    // Execute the generated test
+    return executeGeneratedTest(test, context);
+}
+/**
+ * Full verification using LLM-generated tests
+ * This is the most powerful verification method - LLM decides HOW to verify each claim
+ */
+export async function verifyResponseWithGeneratedTests(response, context, responseId) {
+    // Extract claims using LLM
+    const claims = context.llmVerifier
+        ? await extractClaimsWithLLM(response, context.llmVerifier)
+        : extractClaims(response);
+    const results = [];
+    for (const claim of claims) {
+        // For each claim, generate and run a custom verification test
+        const result = await verifyWithGeneratedTest(claim, context);
+        results.push(result);
+    }
+    const verified = results.filter(r => r.verified).length;
+    const failed = results.filter(r => !r.verified && r.confidence === 'high').length;
+    const inconclusive = results.filter(r => !r.verified && r.confidence !== 'high').length;
+    let overallVerdict;
+    if (failed > 0) {
+        overallVerdict = 'contradicted';
+    }
+    else if (verified === claims.length && claims.length > 0) {
+        overallVerdict = 'verified';
+    }
+    else if (verified > 0) {
+        overallVerdict = 'partially_verified';
+    }
+    else {
+        overallVerdict = 'unverified';
+    }
+    return {
+        responseId: responseId || `response-${Date.now()}`,
+        timestamp: new Date().toISOString(),
+        claims,
+        results,
+        summary: {
+            total: claims.length,
+            verified,
+            failed,
+            inconclusive
+        },
+        overallVerdict
+    };
+}
+/**
+ * Hybrid verification - uses generated tests when available, falls back to predefined tests
+ */
+export async function verifyResponseHybrid(response, context, responseId) {
+    const claims = context.llmVerifier
+        ? await extractClaimsWithLLM(response, context.llmVerifier)
+        : extractClaims(response);
+    const results = [];
+    for (const claim of claims) {
+        let result;
+        // Try LLM-generated test first if LLM is available
+        if (context.llmVerifier) {
+            const generatedTest = await generateVerificationCode(claim, context);
+            if (generatedTest) {
+                const safety = validateGeneratedCode(generatedTest);
+                if (safety.safe) {
+                    // Use generated test
+                    result = await executeGeneratedTest(generatedTest, context);
+                    results.push(result);
+                    continue;
+                }
+            }
+        }
+        // Fall back to predefined verification
+        const standardTypes = [
+            'file_created', 'file_modified', 'file_deleted', 'code_compiles',
+            'tests_pass', 'git_committed', 'package_published', 'command_executed',
+            'dependency_installed', 'service_running', 'url_accessible', 'content_contains'
+        ];
+        let test;
+        if (standardTypes.includes(claim.type)) {
+            test = generateVerificationTest(claim);
+        }
+        else {
+            test = generateExtendedVerificationTest(claim, context);
+        }
+        try {
+            result = await test();
+        }
+        catch (err) {
+            result = {
+                claim,
+                verified: false,
+                confidence: 'low',
+                evidence: 'Verification failed',
+                error: err instanceof Error ? err.message : 'Unknown error',
+                timestamp: new Date().toISOString()
+            };
+        }
+        results.push(result);
+    }
+    const verified = results.filter(r => r.verified).length;
+    const failed = results.filter(r => !r.verified && r.confidence === 'high').length;
+    const inconclusive = results.filter(r => !r.verified && r.confidence !== 'high').length;
+    let overallVerdict;
+    if (failed > 0) {
+        overallVerdict = 'contradicted';
+    }
+    else if (verified === claims.length && claims.length > 0) {
+        overallVerdict = 'verified';
+    }
+    else if (verified > 0) {
+        overallVerdict = 'partially_verified';
+    }
+    else {
+        overallVerdict = 'unverified';
+    }
+    return {
+        responseId: responseId || `response-${Date.now()}`,
+        timestamp: new Date().toISOString(),
+        claims,
+        results,
+        summary: {
+            total: claims.length,
+            verified,
+            failed,
+            inconclusive
+        },
+        overallVerdict
+    };
+}
+const UNIVERSAL_EXTRACT = `Extract ALL verifiable claims from this AI response. Include explicit claims, implicit claims, state changes, results, assertions.
+RESPONSE:
+---
+{RESPONSE}
+---
+CONTEXT: {CONTEXT}
+DIR: {WORKING_DIR}
+Return JSON array: [{"id":"c1","statement":"claim","category":"file_op|code|state|data|behavior|fact|other","verifiable":true/false,"verificationApproach":"how","priority":"critical|high|medium|low","context":{}}]
+Output ONLY valid JSON.`;
+const UNIVERSAL_GEN = `Generate verification code for: {STATEMENT}
+Category: {CATEGORY} | Approach: {APPROACH} | Context: {CONTEXT} | Dir: {WORKING_DIR} | Platform: {PLATFORM}
+Use shell/javascript/python. READ-ONLY only.
+Return JSON: {"steps":[{"type":"shell|javascript|python","code":"code","desc":"what"}],"success":"success criteria","failure":"failure criteria","confPass":0-100,"confFail":0-100,"safe":{"ok":true/false,"why":"reason"}}
+Output ONLY valid JSON.`;
+const UNIVERSAL_ASSESS = `Assess: RESPONSE:{RESPONSE} CLAIMS:{CLAIMS} RESULTS:{RESULTS}
+Return JSON: {"trust":0-100,"summary":"text","concerns":[]}
+Output ONLY valid JSON.`;
+const UNSAFE = [/\brm\s/i, /rmdir/i, /sudo/i, /chmod\s*7/i, /eval\s*\(/i, /exec\s*\(/i, /child_process/i, /os\.system/i, /subprocess/i, /curl.*\|.*sh/i, /DROP\s+TABLE/i, /DELETE\s+FROM/i, /kill/i];
+export function validateUniversalCode(c) {
+    for (const p of UNSAFE)
+        if (p.test(c))
+            return { safe: false, reason: p.source };
+    return c.length > 5000 ? { safe: false, reason: 'too long' } : { safe: true, reason: 'ok' };
+}
+async function runUniversalStep(s, cwd) {
+    const v = validateUniversalCode(s.code);
+    if (!v.safe)
+        return { ok: false, out: v.reason };
+    try {
+        if (s.type === 'shell') {
+            const { stdout, stderr } = await execAsync(s.code, { cwd, timeout: 30000, maxBuffer: 5 * 1024 * 1024 });
+            return { ok: true, out: stdout + stderr };
+        }
+        if (s.type === 'javascript') {
+            const w = `(async()=>{try{const fs=require('fs').promises;const r=await(async()=>{${s.code}})();console.log(JSON.stringify({ok:1,r}))}catch(e){console.log(JSON.stringify({ok:0,e:e.message}))}})()`;
+            const { stdout } = await execAsync(`node -e ${JSON.stringify(w)}`, { cwd, timeout: 30000 });
+            return { ok: true, out: stdout };
+        }
+        if (s.type === 'python') {
+            const { stdout, stderr } = await execAsync(`python3 -c ${JSON.stringify(s.code)}`, { cwd, timeout: 30000 });
+            return { ok: true, out: stdout + stderr };
+        }
+        return { ok: false, out: 'unknown type' };
+    }
+    catch (e) {
+        return { ok: false, out: e instanceof Error ? e.message : 'err' };
+    }
+}
+export async function extractUniversalClaims(r, ctx) {
+    if (!ctx.llmVerifier)
+        return extractClaims(r).map((c, i) => ({ id: `c${i}`, statement: c.description, category: c.type, verifiable: true, verificationApproach: 'runtime', priority: 'medium', context: c.params }));
+    try {
+        const p = UNIVERSAL_EXTRACT.replace('{RESPONSE}', r.slice(0, 8000)).replace('{CONTEXT}', ctx.conversationHistory?.slice(-3).join('\n') || '').replace('{WORKING_DIR}', ctx.workingDirectory);
+        const res = await ctx.llmVerifier(p);
+        const m = res.match(/\[[\s\S]*\]/);
+        if (m)
+            return JSON.parse(m[0]);
+    }
+    catch { /* fall through */ }
+    return extractClaims(r).map((c, i) => ({ id: `c${i}`, statement: c.description, category: c.type, verifiable: true, verificationApproach: 'runtime', priority: 'medium', context: c.params }));
+}
+export async function verifyUniversalClaim(claim, ctx) {
+    const base = { claim, timestamp: new Date().toISOString() };
+    if (!claim.verifiable)
+        return { ...base, verified: false, confidence: 0, method: 'skip', evidence: 'Not verifiable', reasoning: 'Cannot verify' };
+    if (!ctx.llmVerifier)
+        return { ...base, verified: false, confidence: 0, method: 'skip', evidence: 'No LLM', reasoning: 'Needs LLM' };
+    try {
+        const p = UNIVERSAL_GEN.replace('{STATEMENT}', claim.statement).replace('{CATEGORY}', claim.category).replace('{APPROACH}', claim.verificationApproach).replace('{CONTEXT}', JSON.stringify(claim.context)).replace('{WORKING_DIR}', ctx.workingDirectory).replace('{PLATFORM}', process.platform);
+        const res = await ctx.llmVerifier(p);
+        const m = res.match(/\{[\s\S]*\}/);
+        if (!m)
+            throw new Error('bad');
+        const plan = JSON.parse(m[0]);
+        if (!plan.safe.ok)
+            return { ...base, verified: false, confidence: 0, method: 'blocked', evidence: plan.safe.why, reasoning: 'Unsafe' };
+        let allOk = true, out = '', code = '';
+        for (const s of plan.steps) {
+            code += s.code + '\n';
+            const r = await runUniversalStep(s, ctx.workingDirectory);
+            out += r.out + '\n';
+            if (!r.ok)
+                allOk = false;
+        }
+        return { ...base, verified: allOk, confidence: allOk ? plan.confPass : plan.confFail, method: plan.steps.map(s => s.type).join('+'), evidence: allOk ? plan.success : plan.failure, reasoning: allOk ? 'All passed' : 'Some failed', executedCode: code, rawOutput: out.slice(0, 2000) };
+    }
+    catch (e) {
+        return { ...base, verified: false, confidence: 10, method: 'error', evidence: 'Failed', reasoning: e instanceof Error ? e.message : 'err' };
+    }
+}
+export async function verifyResponseUniversal(response, ctx, id) {
+    const claims = await extractUniversalClaims(response, ctx);
+    const results = [];
+    for (const c of claims)
+        results.push(c.verifiable || c.priority === 'critical' || c.priority === 'high' ? await verifyUniversalClaim(c, ctx) : { claim: c, verified: false, confidence: 0, method: 'skip', evidence: 'Low priority', reasoning: 'Skipped', timestamp: new Date().toISOString() });
+    const vClaims = claims.filter(c => c.verifiable).length;
+    const verified = results.filter(r => r.verified).length;
+    const failed = results.filter(r => !r.verified && r.confidence > 50).length;
+    const inconclusive = results.filter(r => !r.verified && r.confidence <= 50 && r.method !== 'skip').length;
+    const avgConf = results.length ? results.reduce((s, r) => s + r.confidence, 0) / results.length : 0;
+    let assessment = '', trust = 0;
+    if (ctx.llmVerifier)
+        try {
+            const p = UNIVERSAL_ASSESS.replace('{RESPONSE}', response.slice(0, 4000)).replace('{CLAIMS}', JSON.stringify(claims.slice(0, 15))).replace('{RESULTS}', JSON.stringify(results.slice(0, 15)));
+            const r = await ctx.llmVerifier(p);
+            const m = r.match(/\{[\s\S]*\}/);
+            if (m) {
+                const a = JSON.parse(m[0]);
+                trust = a.trust;
+                assessment = a.summary + (a.concerns?.length ? ` Concerns: ${a.concerns.join('; ')}` : '');
+            }
+        }
+        catch {
+            trust = Math.round(avgConf * verified / Math.max(vClaims, 1));
+            assessment = `${verified}/${vClaims} verified`;
+        }
+    else {
+        trust = Math.round(avgConf * verified / Math.max(vClaims, 1));
+        assessment = `${verified}/${vClaims} verified`;
+    }
+    return { responseId: id || `u-${Date.now()}`, originalResponse: response, timestamp: new Date().toISOString(), claims, results, summary: { totalClaims: claims.length, verifiableClaims: vClaims, verified, failed, inconclusive, averageConfidence: Math.round(avgConf) }, overallAssessment: assessment, trustScore: trust };
+}
+export async function quickUniversalVerify(r, ctx) {
+    const claims = await extractUniversalClaims(r, ctx);
+    const crit = claims.filter(c => c.verifiable && (c.priority === 'critical' || c.priority === 'high')).slice(0, 5);
+    if (!crit.length)
+        return { trustScore: 50, summary: 'No critical claims' };
+    let v = 0;
+    for (const c of crit)
+        if ((await verifyUniversalClaim(c, ctx)).verified)
+            v++;
+    return { trustScore: Math.round(v / crit.length * 100), summary: `${v}/${crit.length} critical verified` };
+}
+export function formatUniversalReport(r) {
+    const bar = '█'.repeat(Math.round(r.trustScore / 10)) + '░'.repeat(10 - Math.round(r.trustScore / 10));
+    const icon = r.trustScore >= 80 ? '✅' : r.trustScore >= 50 ? '⚠️' : '❌';
+    let out = `╔════════════════════════════════════════════════════════════╗\n║           UNIVERSAL VERIFICATION REPORT                    ║\n╚════════════════════════════════════════════════════════════╝\n\n`;
+    out += `Trust: ${icon} ${r.trustScore}/100 [${bar}]\n${r.overallAssessment}\n\nClaims: ${r.summary.totalClaims} | ✅ ${r.summary.verified} | ❌ ${r.summary.failed} | ❓ ${r.summary.inconclusive}\n\n`;
+    for (const x of r.results.slice(0, 8))
+        out += `${x.verified ? '✅' : x.confidence > 50 ? '❌' : '❓'} [${x.confidence}%] ${x.claim.statement.slice(0, 55)}...\n`;
+    if (r.results.length > 8)
+        out += `... +${r.results.length - 8} more\n`;
+    return out;
+}
 //# sourceMappingURL=responseVerifier.js.map