erosolar-cli 2.1.248 → 2.1.252

package/dist/capabilities/orchestrationCapability.js

@@ -5,14 +5,598 @@
  * - Government procedures (law enforcement, compliance)
  * - Infrastructure deployment (US, Ukraine, EU, Asia)
  * - Security deliverables (pentest reports, incident response)
- * - APT chain execution (kill-chain phases)
- * - Dual-RL refinement (self-improving execution)
+ * - Validation & error analysis (TypeScript, build, test, lint)
+ * - Hypothesis testing & failure recovery
+ * - Result verification (prevents hallucinated success)
  */
+// ============================================================================
+// TYPES - Error Analysis & Validation (from aiErrorFixer.ts, validationRunner.ts)
+// ============================================================================
+export var ErrorType;
+(function (ErrorType) {
+    ErrorType["BUILD_ERROR"] = "build_error";
+    ErrorType["TEST_FAILURE"] = "test_failure";
+    ErrorType["TYPE_ERROR"] = "type_error";
+    ErrorType["LINT_ERROR"] = "lint_error";
+    ErrorType["IMPORT_ERROR"] = "import_error";
+    ErrorType["SYNTAX_ERROR"] = "syntax_error";
+    ErrorType["FILE_NOT_FOUND"] = "file_not_found";
+    ErrorType["PERMISSION_ERROR"] = "permission_error";
+    ErrorType["EDIT_CONFLICT"] = "edit_conflict";
+    ErrorType["NEWLINE_IN_STRING"] = "newline_in_string";
+    ErrorType["UNKNOWN"] = "unknown";
+})(ErrorType || (ErrorType = {}));
+// ============================================================================
+// ERROR PATTERNS
+// ============================================================================
+const TS_ERROR_PATTERN = /([^\s:]+\.tsx?):(\d+):(\d+)\s*-\s*error\s+TS(\d+):\s*(.+)/gm;
+const NPM_DEP_PATTERN = /(?:Cannot find|Module not found).*['"]([^'"]+)['"]/gm;
+const TEST_FAIL_PATTERN = /FAIL\s+([^\n]+)/gm;
+const FAILURE_INDICATORS = {
+    build: [/error\s+TS\d+/i, /SyntaxError/i, /Cannot find module/i, /error:\s+/i, /failed with exit code/i, /npm ERR!/i],
+    test: [/FAIL\s+/, /AssertionError/i, /Expected.*but got/i, /\d+ failing/i, /Error: expect/i],
+    runtime: [/TypeError:/i, /ReferenceError:/i, /RangeError:/i, /Uncaught/i, /ENOENT/i, /EACCES/i, /ETIMEDOUT/i],
+    userFeedback: [/doesn't work/i, /didn't work/i, /not working/i, /still broken/i, /wrong/i, /incorrect/i, /try again/i, /failed/i],
+};
+const OUTPUT_PATTERNS = {
+    git: {
+        success: [/\[.+\s+\w+\]/, /pushed/i, /merged/i, /On branch/i, /nothing to commit/i, /Already up to date/i],
+        failure: [/fatal:/i, /error:/i, /conflict/i, /rejected/i, /CONFLICT/, /Aborting/i],
+    },
+    npm: {
+        success: [/npm notice/i, /\+ .+@\d+\.\d+\.\d+/, /published/i],
+        failure: [/npm ERR!/i, /ERESOLVE/i, /E404/i, /EINTEGRITY/i],
+    },
+    command: {
+        success: [/^(success|completed|done|finished)/im, /successfully/i],
+        failure: [/^error/im, /^fatal/im, /failed/i, /command not found/i, /permission denied/i, /ENOENT/i, /EACCES/i],
+    },
+};
+// ============================================================================
+// ERROR ANALYSIS CLASS (from aiErrorFixer.ts)
+// ============================================================================
+class ErrorAnalyzer {
+    analyzeOutput(output, command) {
+        const errors = [];
+        const outputType = this.detectOutputType(output, command);
+        if (outputType === 'typescript')
+            errors.push(...this.parseTypeScriptErrors(output));
+        else if (outputType === 'npm')
+            errors.push(...this.parseNpmErrors(output));
+        else if (outputType === 'test')
+            errors.push(...this.parseTestErrors(output));
+        else
+            errors.push(...this.parseGenericErrors(output));
+        for (const error of errors) {
+            error.suggestedFixes = this.generateFixes(error);
+        }
+        return errors;
+    }
+    formatForAI(errors) {
+        if (errors.length === 0)
+            return '';
+        const lines = ['', '═══ AI ERROR ANALYSIS ═══', ''];
+        for (let i = 0; i < Math.min(errors.length, 5); i++) {
+            const error = errors[i];
+            if (!error)
+                continue;
+            lines.push(`• ${error.errorType.toUpperCase()}: ${error.message.slice(0, 150)}`);
+            const loc = error.locations[0];
+            if (loc)
+                lines.push(`  at ${loc.filePath}:${loc.lineNumber ?? '?'}`);
+            const bestFix = error.suggestedFixes[0];
+            if (bestFix)
+                lines.push(`  FIX: ${bestFix.description}`);
+            lines.push('');
+        }
+        if (errors.length > 5)
+            lines.push(`... and ${errors.length - 5} more errors`);
+        return lines.join('\n');
+    }
+    detectOutputType(output, command) {
+        const outputLower = output.toLowerCase();
+        const commandLower = (command ?? '').toLowerCase();
+        if (commandLower.includes('tsc') || commandLower.includes('typescript'))
+            return 'typescript';
+        if (commandLower.includes('test') || commandLower.includes('jest'))
+            return 'test';
+        if (commandLower.includes('npm') || commandLower.includes('yarn'))
+            return 'npm';
+        if (outputLower.includes('error ts') || output.includes('.ts:'))
+            return 'typescript';
+        if (outputLower.includes('npm err!'))
+            return 'npm';
+        return 'generic';
+    }
+    parseTypeScriptErrors(output) {
+        const errors = [];
+        const regex = new RegExp(TS_ERROR_PATTERN.source, 'gm');
+        let match;
+        while ((match = regex.exec(output)) !== null) {
+            const [, file, line, col, code, msg] = match;
+            if (!file || !code || !msg)
+                continue;
+            errors.push({
+                errorType: ErrorType.TYPE_ERROR,
+                message: `TS${code}: ${msg}`,
+                rawOutput: match[0],
+                locations: [{ filePath: file, lineNumber: line ? parseInt(line, 10) : undefined, column: col ? parseInt(col, 10) : undefined }],
+                suggestedFixes: [],
+                relatedErrors: [],
+                metadata: { tsCode: code },
+            });
+        }
+        return errors;
+    }
+    parseNpmErrors(output) {
+        const errors = [];
+        const regex = new RegExp(NPM_DEP_PATTERN.source, 'gm');
+        let match;
+        while ((match = regex.exec(output)) !== null) {
+            const [, dep] = match;
+            if (!dep)
+                continue;
+            errors.push({
+                errorType: ErrorType.IMPORT_ERROR,
+                message: `Missing dependency: ${dep}`,
+                rawOutput: match[0],
+                locations: [],
+                suggestedFixes: [],
+                relatedErrors: [],
+                metadata: { missingDep: dep },
+            });
+        }
+        return errors;
+    }
+    parseTestErrors(output) {
+        const errors = [];
+        const regex = new RegExp(TEST_FAIL_PATTERN.source, 'gm');
+        let match;
+        while ((match = regex.exec(output)) !== null) {
+            const [, file] = match;
+            if (!file)
+                continue;
+            errors.push({
+                errorType: ErrorType.TEST_FAILURE,
+                message: `Test failed: ${file}`,
+                rawOutput: match[0],
+                locations: [{ filePath: file.trim() }],
+                suggestedFixes: [],
+                relatedErrors: [],
+                metadata: {},
+            });
+        }
+        return errors;
+    }
+    parseGenericErrors(output) {
+        const errors = [];
+        const errorLines = [];
+        for (const line of output.split('\n')) {
+            const lineLower = line.toLowerCase();
+            if (lineLower.includes('error:') || lineLower.includes('failed:') || lineLower.includes('exception:') || lineLower.includes('fatal:')) {
+                errorLines.push(line.trim());
+            }
+        }
+        if (errorLines.length > 0 && errorLines[0]) {
+            errors.push({
+                errorType: ErrorType.UNKNOWN,
+                message: errorLines[0].slice(0, 200),
+                rawOutput: errorLines.slice(0, 5).join('\n'),
+                locations: [],
+                suggestedFixes: [],
+                relatedErrors: errorLines.slice(1, 5),
+                metadata: {},
+            });
+        }
+        return errors;
+    }
+    generateFixes(error) {
+        const fixes = [];
+        const loc = error.locations[0];
+        if (error.errorType === ErrorType.TYPE_ERROR && loc) {
+            const tsCode = String(error.metadata['tsCode'] ?? '');
+            if (tsCode === '2304') {
+                const nameMatch = error.message.match(/Cannot find name '([^']+)'/);
+                if (nameMatch?.[1]) {
+                    fixes.push({
+                        description: `Add import for '${nameMatch[1]}'`,
+                        filePath: loc.filePath,
+                        oldContent: '',
+                        newContent: `import { ${nameMatch[1]} } from './${nameMatch[1]}';`,
+                        confidence: 0.6,
+                        autoApplicable: false,
+                        requiresConfirmation: true,
+                    });
+                }
+            }
+            if (tsCode === '6133') {
+                const varMatch = error.message.match(/'([^']+)' is declared but/);
+                if (varMatch?.[1]) {
+                    fixes.push({
+                        description: `Prefix '${varMatch[1]}' with underscore`,
+                        filePath: loc.filePath,
+                        oldContent: varMatch[1],
+                        newContent: `_${varMatch[1]}`,
+                        confidence: 0.8,
+                        autoApplicable: true,
+                        requiresConfirmation: false,
+                    });
+                }
+            }
+        }
+        if (error.errorType === ErrorType.IMPORT_ERROR) {
+            const missingDep = String(error.metadata['missingDep'] ?? '');
+            if (missingDep) {
+                fixes.push({
+                    description: `Install: npm install ${missingDep}`,
+                    filePath: 'package.json',
+                    oldContent: '',
+                    newContent: '',
+                    confidence: 0.9,
+                    autoApplicable: false,
+                    requiresConfirmation: true,
+                });
+            }
+        }
+        return fixes;
+    }
+}
+// ============================================================================
+// HYPOTHESIS ENGINE (from hypothesisEngine.ts)
+// ============================================================================
+class HypothesisEngine {
+    hypotheses = new Map();
+    maxHypotheses;
+    constructor(maxHypotheses = 5) {
+        this.maxHypotheses = maxHypotheses;
+    }
+    generateHypothesis(description, initialEvidence = []) {
+        const id = `hyp_${Date.now()}_${Math.random().toString(36).substring(7)}`;
+        const hypothesis = {
+            id,
+            description,
+            confidence: this.calculateConfidence(initialEvidence),
+            evidence: initialEvidence,
+            status: 'pending',
+        };
+        this.hypotheses.set(id, hypothesis);
+        this.pruneHypotheses();
+        return hypothesis;
+    }
+    addEvidence(hypothesisId, evidence) {
+        const hypothesis = this.hypotheses.get(hypothesisId);
+        if (!hypothesis)
+            throw new Error(`Hypothesis ${hypothesisId} not found`);
+        hypothesis.evidence.push(evidence);
+        hypothesis.confidence = this.calculateConfidence(hypothesis.evidence);
+    }
+    getBestHypothesis() {
+        let best = null;
+        let highestConfidence = -Infinity;
+        for (const hypothesis of this.hypotheses.values()) {
+            if (hypothesis.status !== 'rejected' && hypothesis.confidence > highestConfidence) {
+                highestConfidence = hypothesis.confidence;
+                best = hypothesis;
+            }
+        }
+        return best;
+    }
+    getAllHypotheses() {
+        return Array.from(this.hypotheses.values()).sort((a, b) => b.confidence - a.confidence);
+    }
+    clear() {
+        this.hypotheses.clear();
+    }
+    calculateConfidence(evidence) {
+        if (evidence.length === 0)
+            return 0.5;
+        const totalWeight = evidence.reduce((sum, e) => sum + Math.abs(e.weight), 0);
+        if (totalWeight === 0)
+            return 0.5;
+        const weightedSum = evidence.reduce((sum, e) => sum + e.weight, 0);
+        return Math.max(0, Math.min(1, 0.5 + (weightedSum / totalWeight) * 0.5));
+    }
+    pruneHypotheses() {
+        if (this.hypotheses.size <= this.maxHypotheses)
+            return;
+        const sorted = Array.from(this.hypotheses.entries()).sort(([, a], [, b]) => a.confidence - b.confidence);
+        const lowest = sorted[0];
+        if (lowest)
+            this.hypotheses.delete(lowest[0]);
+    }
+}
+// ============================================================================
+// FAILURE DETECTION (from failureRecovery.ts)
+// ============================================================================
+function detectFailure(output, context) {
+    for (const pattern of FAILURE_INDICATORS.build) {
+        if (pattern.test(output)) {
+            return { type: 'build', severity: 'critical', message: extractErrorMessage(output, pattern), timestamp: new Date().toISOString() };
+        }
+    }
+    for (const pattern of FAILURE_INDICATORS.test) {
+        if (pattern.test(output)) {
+            return { type: 'test', severity: 'major', message: extractErrorMessage(output, pattern), timestamp: new Date().toISOString() };
+        }
+    }
+    for (const pattern of FAILURE_INDICATORS.runtime) {
+        if (pattern.test(output)) {
+            return { type: 'tool', severity: 'major', message: extractErrorMessage(output, pattern), timestamp: new Date().toISOString() };
+        }
+    }
+    if (context.userMessage) {
+        for (const pattern of FAILURE_INDICATORS.userFeedback) {
+            if (pattern.test(context.userMessage)) {
+                return { type: 'user-feedback', severity: 'major', message: context.userMessage.slice(0, 200), timestamp: new Date().toISOString() };
+            }
+        }
+    }
+    return null;
+}
+function extractErrorMessage(output, pattern) {
+    const match = output.match(pattern);
+    if (!match)
+        return 'Unknown error';
+    const lines = output.split('\n');
+    for (let i = 0; i < lines.length; i++) {
+        if (pattern.test(lines[i])) {
+            return lines.slice(i, Math.min(lines.length, i + 3)).join('\n').slice(0, 300);
+        }
+    }
+    return match[0].slice(0, 200);
+}
+// ============================================================================
+// RESULT VERIFICATION (from resultVerification.ts)
+// ============================================================================
+function formatVerifiedResult(result) {
+    if (result.status === 'VERIFIED_SUCCESS')
+        return result.details || result.summary;
+    const lines = [];
+    switch (result.status) {
+        case 'VERIFIED_FAILURE':
+            lines.push('═══ FAILED ═══');
+            break;
+        case 'UNVERIFIED':
+            lines.push('═══ UNVERIFIED ═══');
+            break;
+        case 'PARTIAL_SUCCESS':
+            lines.push('═══ PARTIAL SUCCESS ═══');
+            break;
+        case 'REQUIRES_USER_ACTION':
+            lines.push('═══ ACTION REQUIRED ═══');
+            break;
+    }
+    lines.push('', result.summary, '');
+    if (result.verificationChecks) {
+        const failedChecks = result.verificationChecks.filter(c => !c.passed);
+        if (failedChecks.length > 0) {
+            lines.push('Failed checks:');
+            for (const check of failedChecks) {
+                lines.push(`  ✗ ${check.check}${check.details ? `: ${check.details}` : ''}`);
+            }
+            lines.push('');
+        }
+    }
+    if (result.details)
+        lines.push(result.details, '');
+    if (result.suggestedActions?.length) {
+        lines.push('Suggested actions:');
+        for (const action of result.suggestedActions)
+            lines.push(`  → ${action}`);
+    }
+    return lines.join('\n');
+}
+function analyzeOutput(output, patterns, exitCode) {
+    const normalizedOutput = output.normalize('NFC');
+    for (const pattern of patterns.failure) {
+        if (pattern.test(normalizedOutput))
+            return { isSuccess: false, isFailure: true, confidence: 'high' };
+    }
+    for (const pattern of patterns.success) {
+        if (pattern.test(normalizedOutput))
+            return { isSuccess: true, isFailure: false, confidence: 'high' };
+    }
+    if (exitCode !== undefined) {
+        if (exitCode !== 0)
+            return { isSuccess: false, isFailure: true, confidence: 'high' };
+        return { isSuccess: false, isFailure: false, confidence: 'low' };
+    }
+    return { isSuccess: false, isFailure: false, confidence: 'low' };
+}
+// ============================================================================
+// TOOL CREATION
+// ============================================================================
 function createOrchestrationTools(options = {}) {
     const enableAll = !options.enableGovernment && !options.enableInfrastructure &&
-        !options.enableSecurity && !options.enableAPT;
+        !options.enableSecurity && !options.enableAPT &&
+        !options.enableValidation && !options.enableHypothesis &&
+        !options.enableRecovery && !options.enableBidirectionalAudit &&
+        !options.enableUnifiedOrchestrator;
     const tools = [];
-    // Government procedures tool
+    // ====== VALIDATION & ERROR ANALYSIS TOOL ======
+    if (enableAll || options.enableValidation) {
+        const errorAnalyzer = new ErrorAnalyzer();
+        tools.push({
+            name: 'analyze_errors',
+            description: `Analyze command output for errors and generate fix suggestions.
+
+Capabilities:
+- Parse TypeScript, npm, test, and generic errors
+- Extract error locations (file, line, column)
+- Generate confidence-scored fix suggestions
+- Format errors for AI consumption`,
+            parameters: {
+                type: 'object',
+                properties: {
+                    output: { type: 'string', description: 'Command output to analyze' },
+                    command: { type: 'string', description: 'Command that produced the output (for context)' },
+                    format: { type: 'string', enum: ['detailed', 'ai', 'summary'], description: 'Output format' },
+                },
+                required: ['output'],
+            },
+            async handler(params) {
+                const output = params['output'];
+                const command = params['command'];
+                const format = params['format'] || 'detailed';
+                const errors = errorAnalyzer.analyzeOutput(output, command);
+                if (format === 'ai') {
+                    return errorAnalyzer.formatForAI(errors);
+                }
+                else if (format === 'summary') {
+                    return `Found ${errors.length} error(s):\n` +
+                        errors.slice(0, 5).map(e => `• ${e.errorType}: ${e.message.slice(0, 80)}`).join('\n');
+                }
+                return JSON.stringify(errors, null, 2);
+            },
+        });
+        tools.push({
+            name: 'verify_result',
+            description: `Verify operation results to prevent hallucinated success.
+
+Checks:
+- Pattern matching against known success/failure indicators
+- Exit code analysis
+- Unicode normalization to prevent spoofing
+- Negative context detection`,
+            parameters: {
+                type: 'object',
+                properties: {
+                    output: { type: 'string', description: 'Operation output to verify' },
+                    operation: { type: 'string', enum: ['git', 'npm', 'command'], description: 'Type of operation' },
+                    exitCode: { type: 'number', description: 'Exit code if available' },
+                },
+                required: ['output', 'operation'],
+            },
+            async handler(params) {
+                const output = params['output'];
+                const operation = params['operation'];
+                const exitCode = params['exitCode'];
+                const patterns = OUTPUT_PATTERNS[operation] || OUTPUT_PATTERNS.command;
+                const analysis = analyzeOutput(output, patterns, exitCode);
+                const result = {
+                    status: analysis.isSuccess ? 'VERIFIED_SUCCESS' :
+                        analysis.isFailure ? 'VERIFIED_FAILURE' : 'UNVERIFIED',
+                    summary: analysis.isSuccess ? 'Operation succeeded' :
+                        analysis.isFailure ? 'Operation failed' : 'Cannot verify outcome',
+                    details: output.slice(0, 500),
+                    verifiedAt: new Date().toISOString(),
+                };
+                return formatVerifiedResult(result);
+            },
+        });
+    }
+    // ====== HYPOTHESIS TESTING TOOL ======
+    if (enableAll || options.enableHypothesis) {
+        const hypothesisEngine = new HypothesisEngine(10);
+        tools.push({
+            name: 'hypothesis',
+            description: `Multi-hypothesis reasoning for bug analysis and problem solving.
+
+Operations:
+- generate: Create a new hypothesis with initial evidence
+- add_evidence: Add supporting/contradicting evidence
+- get_best: Get highest-confidence hypothesis
+- list_all: List all hypotheses sorted by confidence
+- clear: Reset all hypotheses`,
+            parameters: {
+                type: 'object',
+                properties: {
+                    action: { type: 'string', enum: ['generate', 'add_evidence', 'get_best', 'list_all', 'clear'] },
+                    description: { type: 'string', description: 'Hypothesis description (for generate)' },
+                    hypothesisId: { type: 'string', description: 'Hypothesis ID (for add_evidence)' },
+                    evidence: {
+                        type: 'object',
+                        properties: {
+                            type: { type: 'string', enum: ['observation', 'data', 'test_result', 'user_feedback'] },
+                            content: { type: 'string' },
+                            weight: { type: 'number', description: '-1 to 1, positive supports, negative contradicts' },
+                        },
+                    },
+                },
+                required: ['action'],
+            },
+            async handler(params) {
+                const action = params['action'];
+                switch (action) {
+                    case 'generate': {
+                        const description = params['description'];
+                        if (!description)
+                            return 'Error: description required';
+                        const hypothesis = hypothesisEngine.generateHypothesis(description);
+                        return JSON.stringify(hypothesis, null, 2);
+                    }
+                    case 'add_evidence': {
+                        const id = params['hypothesisId'];
+                        const evidenceData = params['evidence'];
+                        if (!id || !evidenceData)
+                            return 'Error: hypothesisId and evidence required';
+                        const evidence = {
+                            type: evidenceData.type,
+                            content: evidenceData.content,
+                            weight: evidenceData.weight,
+                            timestamp: new Date(),
+                        };
+                        hypothesisEngine.addEvidence(id, evidence);
+                        return `Evidence added to hypothesis ${id}`;
+                    }
+                    case 'get_best': {
+                        const best = hypothesisEngine.getBestHypothesis();
+                        return best ? JSON.stringify(best, null, 2) : 'No hypotheses available';
+                    }
+                    case 'list_all': {
+                        const all = hypothesisEngine.getAllHypotheses();
+                        return JSON.stringify(all, null, 2);
+                    }
+                    case 'clear': {
+                        hypothesisEngine.clear();
+                        return 'All hypotheses cleared';
+                    }
+                    default:
+                        return `Unknown action: ${action}`;
+                }
+            },
+        });
+    }
+    // ====== FAILURE DETECTION & RECOVERY TOOL ======
+    if (enableAll || options.enableRecovery) {
+        tools.push({
+            name: 'detect_failure',
+            description: `Detect failures in output and suggest recovery strategies.
+
+Detects:
+- Build failures (TypeScript, syntax, module errors)
+- Test failures (Jest, assertion errors)
+- Runtime errors (TypeError, ReferenceError, etc.)
+- User feedback indicating failure`,
+            parameters: {
+                type: 'object',
+                properties: {
+                    output: { type: 'string', description: 'Output to analyze for failures' },
+                    userMessage: { type: 'string', description: 'User message (for feedback detection)' },
+                },
+                required: ['output'],
+            },
+            async handler(params) {
+                const output = params['output'];
+                const userMessage = params['userMessage'];
+                const failure = detectFailure(output, { userMessage });
+                if (!failure) {
+                    return JSON.stringify({ detected: false, message: 'No failure detected' });
+                }
+                return JSON.stringify({
+                    detected: true,
+                    failure,
+                    suggestedRecovery: [
+                        `Identify root cause of ${failure.type} failure`,
+                        'Review the error message for specific guidance',
+                        'Check for similar patterns in codebase',
+                        'Consider alternative approaches if current fails repeatedly',
+                    ],
+                }, null, 2);
+            },
+        });
+    }
+    // ====== GOVERNMENT PROCEDURES TOOL ======
     if (enableAll || options.enableGovernment) {
         tools.push({
             name: 'gov_procedures',
@@ -29,29 +613,14 @@ Provides:
                 properties: {
                     action: {
                         type: 'string',
-                        enum: [
-                            'get_contacts', 'get_legal_frameworks', 'get_reporting_requirements',
-                            'generate_incident_report', 'generate_evidence_form',
-                        ],
-                        description: 'Action to perform',
+                        enum: ['get_contacts', 'get_legal_frameworks', 'get_reporting_requirements', 'generate_incident_report', 'generate_evidence_form'],
                     },
                     agencyType: {
                         type: 'string',
-                        enum: [
-                            'federal-le', 'state-le', 'local-le', 'intelligence',
-                            'military', 'regulatory', 'international', 'cisa', 'nist', 'contractor',
-                        ],
-                        description: 'Type of agency',
-                    },
-                    incidentType: {
-                        type: 'string',
-                        description: 'Type of incident for reporting',
-                    },
-                    classification: {
-                        type: 'string',
-                        enum: ['unclassified', 'cui', 'confidential', 'secret', 'top-secret', 'ts-sci'],
-                        description: 'Classification level',
+                        enum: ['federal-le', 'state-le', 'local-le', 'intelligence', 'military', 'regulatory', 'international', 'cisa', 'nist', 'contractor'],
                     },
+                    incidentType: { type: 'string' },
+                    classification: { type: 'string', enum: ['unclassified', 'cui', 'confidential', 'secret', 'top-secret', 'ts-sci'] },
                 },
                 required: ['action'],
             },
@@ -88,7 +657,7 @@ Provides:
             },
         });
     }
-    // Infrastructure deployment tool
+    // ====== INFRASTRUCTURE DEPLOYMENT TOOL ======
     if (enableAll || options.enableInfrastructure) {
         tools.push({
             name: 'infrastructure',
@@ -104,27 +673,10 @@ Includes:
             parameters: {
                 type: 'object',
                 properties: {
-                    action: {
-                        type: 'string',
-                        enum: [
-                            'get_stack', 'list_templates', 'generate_deployment',
-                            'generate_teardown', 'generate_opsec_checklist',
-                        ],
-                        description: 'Action to perform',
-                    },
-                    region: {
-                        type: 'string',
-                        enum: ['us', 'ukraine', 'eu', 'asia', 'global'],
-                        description: 'Operational region',
-                    },
-                    stackId: {
-                        type: 'string',
-                        description: 'Infrastructure stack ID',
-                    },
-                    templateId: {
-                        type: 'string',
-                        description: 'Auto-execution template ID',
-                    },
+                    action: { type: 'string', enum: ['get_stack', 'list_templates', 'generate_deployment', 'generate_teardown', 'generate_opsec_checklist'] },
+                    region: { type: 'string', enum: ['us', 'ukraine', 'eu', 'asia', 'global'] },
+                    stackId: { type: 'string' },
+                    templateId: { type: 'string' },
                 },
                 required: ['action'],
             },
@@ -165,7 +717,7 @@ Includes:
             },
         });
     }
-    // Security deliverables tool
+    // ====== SECURITY DELIVERABLES TOOL ======
     if (enableAll || options.enableSecurity) {
         tools.push({
             name: 'security_deliverable',
@@ -185,32 +737,12 @@ Types:
                 properties: {
                     type: {
                         type: 'string',
-                        enum: [
-                            'pentest-report', 'incident-response', 'security-controls',
-                            'training-module', 'compliance-audit', 'threat-assessment',
-                            'apt-analysis', 'vulnerability-report', 'infrastructure-assessment',
-                            'persistence-procedures', 'red-team-playbook',
-                        ],
-                        description: 'Type of deliverable',
-                    },
-                    title: {
-                        type: 'string',
-                        description: 'Title for the deliverable',
-                    },
-                    scope: {
-                        type: 'string',
-                        description: 'Scope description',
-                    },
-                    findings: {
-                        type: 'array',
-                        items: { type: 'string' },
-                        description: 'List of findings to include',
-                    },
-                    format: {
-                        type: 'string',
-                        enum: ['markdown', 'json', 'html'],
-                        description: 'Output format',
+                        enum: ['pentest-report', 'incident-response', 'security-controls', 'training-module', 'compliance-audit', 'threat-assessment', 'apt-analysis', 'vulnerability-report', 'infrastructure-assessment', 'persistence-procedures', 'red-team-playbook'],
                     },
+                    title: { type: 'string' },
+                    scope: { type: 'string' },
+                    findings: { type: 'array', items: { type: 'string' } },
+                    format: { type: 'string', enum: ['markdown', 'json', 'html'] },
                 },
                 required: ['type'],
             },
@@ -221,7 +753,6 @@ Types:
                 const title = params['title'];
                 const scope = params['scope'];
                 const format = params['format'];
-                // Generate deliverable with minimal context
                 const deliverable = await generator.generate(deliverableType, {
                     exitReason: 'complete',
                     finalResponse: title || 'Generated Deliverable',
@@ -253,31 +784,1003 @@ Types:
                     },
                     limitations: [],
                     recommendations: [],
-                }, [], {
-                    customTitle: title,
-                    constraints: scope ? [scope] : undefined,
-                });
-                // Export in requested format
+                }, [], { customTitle: title, constraints: scope ? [scope] : undefined });
                 switch (format || 'markdown') {
-                    case 'json':
-                        return sec.exportToJSON(deliverable);
-                    case 'html':
-                        return sec.exportToHTML(deliverable);
-                    default:
-                        return sec.exportToMarkdown(deliverable);
+                    case 'json': return sec.exportToJSON(deliverable);
+                    case 'html': return sec.exportToHTML(deliverable);
+                    default: return sec.exportToMarkdown(deliverable);
                 }
             },
         });
     }
+    // ====== BIDIRECTIONAL AUDIT TOOL ======
+    if (enableAll || options.enableBidirectionalAudit) {
+        tools.push({
+            name: 'bidirectional_audit',
+            description: `Execute bidirectional attack chain audit for security analysis and deterrence.
+
+Capabilities:
+- FORWARD TRACE: Device → Daemons → Network → Edge → Core → Corporate → End Users
+- REVERSE TRACE: End Users → Attack Vectors → Persistence → Control Points → Device
+- Evidence collection with SHA-256 cryptographic hashes
+- Professional audit reports for compliance/legal purposes
+
+Use Cases:
+- Security research and vulnerability assessment
+- Compliance documentation (SOC2, ISO27001, etc.)
+- Legal evidence collection for authorized investigations
+- Deterrence documentation (proving attack surface awareness)
+- Incident response and forensic analysis`,
+            parameters: {
+                type: 'object',
+                properties: {
+                    direction: {
+                        type: 'string',
+                        enum: ['forward', 'reverse', 'bidirectional'],
+                        description: 'Trace direction: forward (to end users), reverse (from end users), or bidirectional (both)',
+                    },
+                    evidenceDir: {
+                        type: 'string',
+                        description: 'Directory to store evidence files (default: .erosolar/evidence/)',
+                    },
+                    target: {
+                        type: 'string',
+                        description: 'Target system or infrastructure (default: local Apple ecosystem)',
+                    },
+                    format: {
+                        type: 'string',
+                        enum: ['text', 'json', 'markdown'],
+                        description: 'Output format for the audit report',
+                    },
+                    includeRetaliation: {
+                        type: 'boolean',
+                        description: 'Include deterrence/retaliation capability analysis',
+                    },
+                },
+                required: ['direction'],
+            },
+            async handler(params) {
+                const direction = params['direction'];
+                const evidenceDir = params['evidenceDir'] || options.workingDir
+                    ? `${options.workingDir}/.erosolar/evidence/audit-${new Date().toISOString().split('T')[0]}`
+                    : `.erosolar/evidence/audit-${new Date().toISOString().split('T')[0]}`;
+                const format = params['format'] || 'markdown';
+                const includeRetaliation = params['includeRetaliation'] ?? true;
+                try {
+                    // Dynamic import to avoid circular dependencies
+                    const { ForwardAttackChainTracer, runForwardTrace } = await import('../tools/forwardAttackChainTracer.js');
+                    const lines = [];
+                    lines.push('═══════════════════════════════════════════════════════════════════════════════');
+                    lines.push('             BIDIRECTIONAL ATTACK CHAIN AUDIT');
+                    lines.push('═══════════════════════════════════════════════════════════════════════════════');
+                    lines.push('');
+                    lines.push(`Direction: ${direction.toUpperCase()}`);
+                    lines.push(`Evidence Directory: ${evidenceDir}`);
+                    lines.push(`Timestamp: ${new Date().toISOString()}`);
+                    lines.push('');
+                    if (direction === 'forward' || direction === 'bidirectional') {
+                        lines.push('───────────────────────────────────────────────────────────────────────────────');
+                        lines.push('                         FORWARD ATTACK CHAIN');
+                        lines.push('───────────────────────────────────────────────────────────────────────────────');
+                        lines.push('');
+                        const forwardReport = await runForwardTrace(evidenceDir);
+                        lines.push(forwardReport);
+                        lines.push('');
+                    }
+                    if (direction === 'reverse' || direction === 'bidirectional') {
+                        lines.push('───────────────────────────────────────────────────────────────────────────────');
+                        lines.push('                         REVERSE ATTACK CHAIN');
+                        lines.push('───────────────────────────────────────────────────────────────────────────────');
+                        lines.push('');
+                        lines.push('Reverse trace analyzes attack vectors FROM end users BACK TO this device:');
+                        lines.push('');
+                        lines.push('END USER ATTACK VECTORS:');
+                        lines.push('• Software Update Push - Apple can push code to any device');
+                        lines.push('• MDM Profile Injection - Remote management without consent');
+                        lines.push('• Push Notification Injection - Arbitrary notifications');
+                        lines.push('• iCloud Key Injection - Add keys to user keyring');
+                        lines.push('• iMessage Key Substitution - MITM encrypted messages');
+                        lines.push('• Activation Lock Control - Brick or unlock devices');
+                        lines.push('');
+                        lines.push('CORPORATE PERSISTENCE:');
+                        lines.push('• Apple Data Centers (AZ, NC, OR, IA, NV)');
+                        lines.push('• Third-party: AWS (Siri), Google Cloud (iCloud), Akamai, Fastly');
+                        lines.push('• Internal tools: Radar, MFi Portal');
+                        lines.push('');
+                        lines.push('CORE INFRASTRUCTURE CONTROL:');
+                        lines.push('• Key Transparency Log (NO PUBLIC AUDIT)');
+                        lines.push('• IDS Key Database - Device public keys');
+                        lines.push('• Message Relay - Routes all iMessages');
+                        lines.push('• Escrow HSM - Key escrow access');
+                        lines.push('');
+                        lines.push('EDGE VULNERABILITIES:');
+                        lines.push('• APNs Courier - courier.push.apple.com');
+                        lines.push('• IDS Identity - identity.ess.apple.com');
+                        lines.push('• CloudKit Gateway - gateway.icloud.com');
+                        lines.push('• Escrow Proxy - p43-escrowproxy.icloud.com');
+                        lines.push('');
+                        lines.push('NETWORK INTERCEPTION:');
+                        lines.push('• All DNS controlled by Apple nameservers');
+                        lines.push('• 14 Apple Root CAs in system trust store');
+                        lines.push('• Certificate pinning controlled by Apple');
+                        lines.push('');
+                        lines.push('DAEMON ACCESS:');
+                        lines.push('• identityservicesd - Key management');
+                        lines.push('• imagent - iMessage agent');
+                        lines.push('• apsd - Push notification daemon');
+                        lines.push('• cloudd - iCloud sync');
+                        lines.push('• assistantd - Siri/AI');
+                        lines.push('');
+                        lines.push('LOCAL EXPOSURE:');
+                        lines.push('• Secure Enclave - User inaccessible');
+                        lines.push('• iBoot firmware - Apple signed only');
+                        lines.push('• Keychain - Synced to iCloud');
+                        lines.push('');
+                    }
+                    if (includeRetaliation) {
+                        lines.push('───────────────────────────────────────────────────────────────────────────────');
+                        lines.push('                    DETERRENCE CAPABILITY ANALYSIS');
+                        lines.push('───────────────────────────────────────────────────────────────────────────────');
+                        lines.push('');
+                        lines.push('USER DETERRENCE OPTIONS:');
+                        lines.push('');
+                        lines.push('1. DOCUMENTATION DETERRENCE (LEGAL)');
+                        lines.push('   • Complete audit trail with cryptographic hashes');
+                        lines.push('   • Evidence suitable for legal proceedings');
+                        lines.push('   • Proof of Apple\'s attack surface awareness');
+                        lines.push('   • Regulatory complaint documentation (FTC, DOJ, EU DMA)');
+                        lines.push('');
+                        lines.push('2. TRANSPARENCY DETERRENCE (PUBLIC)');
+                        lines.push('   • Publish audit findings publicly');
+                        lines.push('   • Media disclosure with technical evidence');
+                        lines.push('   • Security researcher community engagement');
+                        lines.push('   • Congressional/parliamentary testimony support');
+                        lines.push('');
+                        lines.push('3. ECONOMIC DETERRENCE (MARKET)');
+                        lines.push('   • Shareholder disclosure of security risks');
+                        lines.push('   • Enterprise security assessment reports');
+                        lines.push('   • Insurance and compliance implications');
+                        lines.push('   • Competitive analysis for procurement');
+                        lines.push('');
+                        lines.push('4. TECHNICAL DETERRENCE (DEFENSIVE)');
+                        lines.push('   • Network traffic monitoring and blocking');
+                        lines.push('   • DNS sinkholing of Apple services');
+                        lines.push('   • Certificate pinning bypass detection');
+                        lines.push('   • Daemon behavior anomaly detection');
+                        lines.push('');
+                        lines.push('USER DEFENSE CAPABILITY AT EACH LAYER: NONE');
+                        lines.push('');
+                        lines.push('The audit demonstrates that users have no technical defense against');
+                        lines.push('Apple\'s control at any layer of the attack chain. The only effective');
+                        lines.push('deterrence is through legal, public, and economic pressure.');
+                        lines.push('');
+                    }
+                    lines.push('═══════════════════════════════════════════════════════════════════════════════');
+                    lines.push('                           AUDIT COMPLETE');
+                    lines.push('═══════════════════════════════════════════════════════════════════════════════');
+                    lines.push('');
+                    lines.push(`Evidence Directory: ${evidenceDir}`);
+                    lines.push(`Generated: ${new Date().toISOString()}`);
+                    lines.push('');
+                    const report = lines.join('\n');
+                    // Save summary report
+                    const fs = await import('node:fs');
+                    const path = await import('node:path');
+                    if (!fs.existsSync(evidenceDir)) {
+                        fs.mkdirSync(evidenceDir, { recursive: true });
+                    }
+                    fs.writeFileSync(path.join(evidenceDir, 'BIDIRECTIONAL-AUDIT-REPORT.txt'), report);
+                    // Calculate master hash
+                    const crypto = await import('node:crypto');
+                    const masterHash = crypto.createHash('sha256').update(report).digest('hex');
+                    fs.writeFileSync(path.join(evidenceDir, 'MASTER-HASH.txt'), `Master Hash: ${masterHash}\nGenerated: ${new Date().toISOString()}\n`);
+                    if (format === 'json') {
+                        return JSON.stringify({
+                            direction,
+                            evidenceDir,
+                            timestamp: new Date().toISOString(),
+                            masterHash,
+                            success: true,
+                        }, null, 2);
+                    }
+                    return report + `\nMaster Hash: ${masterHash}`;
+                }
+                catch (error) {
+                    const message = error instanceof Error ? error.message : String(error);
+                    return `Audit failed: ${message}`;
+                }
+            },
+        });
+    }
+    // ====== DEFENSIVE SECURITY SCAN TOOL ======
+    // Always enabled - this is defensive-only functionality
+    tools.push({
+        name: 'defensive_scan',
+        description: `Run defensive security scans on YOUR OWN device.
+
+This tool ONLY scans the local device for intrusion indicators.
+It does NOT attack other systems - it is purely defensive.
+
+Capabilities:
+- Intrusion detection (processes, network, persistence)
+- Security hardening assessment (firewall, SIP, FileVault, etc.)
+- Forensic evidence collection with chain of custody
+- MITRE ATT&CK mapping for detected indicators
+- Evidence packaging for law enforcement submission
+
+Use Cases:
+- Detect if your device has been compromised
+- Collect evidence of unauthorized access
+- Generate reports for legal proceedings
+- Assess and improve security posture
+- Incident response and forensic analysis`,
+        parameters: {
+            type: 'object',
+            properties: {
+                scanType: {
+                    type: 'string',
+                    enum: ['full', 'process', 'network', 'persistence', 'hardening', 'evidence'],
+                    description: 'Type of scan to perform',
+                },
+                evidenceDir: {
+                    type: 'string',
+                    description: 'Directory to store evidence files',
+                },
+                purpose: {
+                    type: 'string',
+                    description: 'Purpose for evidence collection (for chain of custody)',
+                },
+                format: {
+                    type: 'string',
+                    enum: ['text', 'json', 'markdown'],
+                    description: 'Output format for the report',
+                },
+            },
+            required: ['scanType'],
+        },
+        async handler(params) {
+            const scanType = params['scanType'];
+            const evidenceDir = params['evidenceDir'] || options.workingDir
+                ? `${options.workingDir}/.erosolar/evidence/defensive-${new Date().toISOString().split('T')[0]}`
+                : `.erosolar/evidence/defensive-${new Date().toISOString().split('T')[0]}`;
+            const purpose = params['purpose'] || 'Security assessment';
+            const format = params['format'] || 'text';
+            try {
+                const { IntrusionDetector, ForensicCollector, runDefensiveScan } = await import('../tools/defensiveSecurityTools.js');
+                const lines = [];
+                lines.push('═══════════════════════════════════════════════════════════════════════════════');
+                lines.push('                    DEFENSIVE SECURITY SCAN');
+                lines.push('═══════════════════════════════════════════════════════════════════════════════');
+                lines.push('');
+                lines.push('Mode: DEFENSIVE ONLY (scanning YOUR device)');
+                lines.push(`Scan Type: ${scanType.toUpperCase()}`);
+                lines.push(`Evidence Directory: ${evidenceDir}`);
+                lines.push(`Purpose: ${purpose}`);
+                lines.push(`Timestamp: ${new Date().toISOString()}`);
+                lines.push('');
+                if (scanType === 'full') {
+                    const { posture, package: pkg } = await runDefensiveScan(evidenceDir, purpose);
+                    lines.push('───────────────────────────────────────────────────────────────────────────────');
+                    lines.push('                         SECURITY POSTURE');
+                    lines.push('───────────────────────────────────────────────────────────────────────────────');
+                    lines.push('');
+                    lines.push(`Overall Risk Level: ${posture.overallRisk.toUpperCase()}`);
+                    lines.push(`Indicators Found: ${posture.indicators.length}`);
+                    lines.push(`Recommendations: ${posture.recommendations.length}`);
+                    lines.push('');
+                    // Hardening status
+                    lines.push('HARDENING STATUS:');
+                    lines.push(`  Firewall: ${posture.hardening.firewall.enabled ? '✓ Enabled' : '✗ DISABLED'}`);
+                    lines.push(`  SIP: ${posture.hardening.sip.enabled ? '✓ Enabled' : '✗ DISABLED'}`);
+                    lines.push(`  FileVault: ${posture.hardening.filevault.enabled ? '✓ Enabled' : '✗ DISABLED'}`);
+                    lines.push(`  Gatekeeper: ${posture.hardening.gatekeeper.enabled ? '✓ Enabled' : '✗ DISABLED'}`);
+                    lines.push(`  XProtect: ${posture.hardening.xprotect.enabled ? '✓ Enabled' : '✗ DISABLED'}`);
+                    lines.push(`  Auto Updates: ${posture.hardening.automaticUpdates.enabled ? '✓ Enabled' : '✗ DISABLED'}`);
+                    lines.push('');
+                    // Indicators by severity
+                    if (posture.indicators.length > 0) {
+                        lines.push('INTRUSION INDICATORS:');
+                        const bySeverity = {
+                            critical: [], high: [], medium: [], low: [], info: []
+                        };
+                        for (const ind of posture.indicators) {
+                            bySeverity[ind.severity]?.push(ind);
+                        }
+                        for (const [sev, inds] of Object.entries(bySeverity)) {
+                            if (inds.length > 0) {
+                                lines.push(`  [${sev.toUpperCase()}] ${inds.length} indicator(s)`);
+                                for (const ind of inds.slice(0, 3)) {
+                                    lines.push(`    • ${ind.description}`);
+                                    if (ind.mitreId)
+                                        lines.push(`      MITRE: ${ind.mitreId}`);
+                                }
+                                if (inds.length > 3)
+                                    lines.push(`    ... and ${inds.length - 3} more`);
+                            }
+                        }
+                        lines.push('');
+                    }
+                    // Recommendations
+                    if (posture.recommendations.length > 0) {
+                        lines.push('TOP RECOMMENDATIONS:');
+                        for (const rec of posture.recommendations.slice(0, 5)) {
+                            lines.push(`  ${rec.priority}. ${rec.action}`);
+                            lines.push(`     ${rec.rationale}`);
+                            if (rec.command)
+                                lines.push(`     Command: ${rec.command}`);
+                        }
+                        lines.push('');
+                    }
+                    lines.push('EVIDENCE PACKAGE:');
+                    lines.push(`  Case ID: ${pkg.caseId}`);
+                    lines.push(`  Artifacts: ${pkg.artifacts.length}`);
+                    lines.push(`  Master Hash: ${pkg.masterHash}`);
+                }
+                else {
+                    // Specific scan types
+                    const detector = new IntrusionDetector();
+                    const collector = new ForensicCollector(evidenceDir);
+                    if (scanType === 'process' || scanType === 'persistence' || scanType === 'network') {
+                        let indicators = [];
+                        if (scanType === 'process') {
+                            lines.push('Scanning processes...');
+                            indicators = await detector.scanProcesses();
+                        }
+                        else if (scanType === 'network') {
+                            lines.push('Scanning network connections...');
+                            indicators = await detector.scanNetwork();
+                        }
+                        else if (scanType === 'persistence') {
+                            lines.push('Scanning persistence mechanisms...');
+                            indicators = await detector.scanPersistence();
+                        }
+                        lines.push('');
+                        lines.push(`Found ${indicators.length} indicator(s):`);
+                        for (const ind of indicators) {
+                            lines.push(`  [${ind.severity.toUpperCase()}] ${ind.description}`);
+                            lines.push(`    Evidence: ${ind.evidence.slice(0, 100)}`);
+                            if (ind.mitreId)
+                                lines.push(`    MITRE ATT&CK: ${ind.mitreId} (${ind.mitreTactic})`);
+                            lines.push(`    Recommendation: ${ind.recommendation}`);
+                            lines.push('');
+                        }
+                    }
+                    else if (scanType === 'hardening') {
+                        lines.push('Checking security hardening...');
+                        const hardening = await detector.checkHardening();
+                        const recommendations = detector.generateRecommendations(hardening);
+                        lines.push('');
+                        lines.push('HARDENING STATUS:');
+                        lines.push(`  Firewall: ${hardening.firewall.enabled ? '✓' : '✗'} ${hardening.firewall.details}`);
+                        lines.push(`  SIP: ${hardening.sip.enabled ? '✓' : '✗'} ${hardening.sip.details}`);
+                        lines.push(`  FileVault: ${hardening.filevault.enabled ? '✓' : '✗'} ${hardening.filevault.details}`);
+                        lines.push(`  Gatekeeper: ${hardening.gatekeeper.enabled ? '✓' : '✗'} ${hardening.gatekeeper.details}`);
+                        lines.push(`  XProtect: ${hardening.xprotect.enabled ? '✓' : '✗'} ${hardening.xprotect.details}`);
+                        lines.push(`  Auto Updates: ${hardening.automaticUpdates.enabled ? '✓' : '✗'} ${hardening.automaticUpdates.details}`);
+                        lines.push('');
+                        if (recommendations.length > 0) {
+                            lines.push('RECOMMENDATIONS:');
+                            for (const rec of recommendations) {
+                                lines.push(`  ${rec.priority}. ${rec.action}`);
+                                lines.push(`     ${rec.rationale}`);
+                                if (rec.command)
+                                    lines.push(`     Command: ${rec.command}`);
+                            }
+                        }
+                        else {
+                            lines.push('All security hardening features are enabled. ✓');
+                        }
+                    }
+                    else if (scanType === 'evidence') {
+                        lines.push('Collecting forensic evidence...');
+                        collector.collectSystemLogs();
+                        const allIndicators = [
+                            ...await detector.scanProcesses(),
+                            ...await detector.scanNetwork(),
+                            ...await detector.scanPersistence(),
+                        ];
+                        const pkg = collector.generateEvidencePackage(allIndicators, purpose);
+                        lines.push('');
+                        lines.push('EVIDENCE PACKAGE GENERATED:');
+                        lines.push(`  Case ID: ${pkg.caseId}`);
+                        lines.push(`  Purpose: ${pkg.purpose}`);
+                        lines.push(`  Artifacts: ${pkg.artifacts.length}`);
+                        lines.push(`  Indicators: ${pkg.indicators.length}`);
+                        lines.push(`  Timeline Events: ${pkg.timeline.length}`);
+                        lines.push(`  Master Hash: ${pkg.masterHash}`);
+                        lines.push('');
+                        lines.push(`Evidence saved to: ${evidenceDir}`);
+                        lines.push('');
+                        lines.push('Files generated:');
+                        lines.push(`  • evidence_package_${pkg.caseId}.json`);
+                        lines.push(`  • FORENSIC_REPORT_${pkg.caseId}.txt`);
+                    }
+                }
+                lines.push('');
+                lines.push('═══════════════════════════════════════════════════════════════════════════════');
+                lines.push('                    SCAN COMPLETE');
+                lines.push('═══════════════════════════════════════════════════════════════════════════════');
+                const report = lines.join('\n');
+                if (format === 'json') {
+                    return JSON.stringify({
+                        scanType,
+                        evidenceDir,
+                        purpose,
+                        timestamp: new Date().toISOString(),
+                        success: true,
+                    }, null, 2);
+                }
+                return report;
+            }
+            catch (error) {
+                const message = error instanceof Error ? error.message : String(error);
+                return `Defensive scan failed: ${message}`;
+            }
+        },
+    });
+    // ====== OFFENSIVE TRANSPARENCY TOOL ======
+    // Legal offensive capabilities for deterrence and transparency
+    tools.push({
+        name: 'offensive_transparency',
+        description: `Execute offensive transparency operations against Apple infrastructure.
+
+LEGAL offensive capabilities within ethical bounds:
+- Active probing of public Apple endpoints (legal - public servers)
+- Certificate Transparency monitoring (legal - public logs)
+- Key Transparency verification/exposure (legal - Apple claims it's auditable)
+- Telemetry blocking and analysis (legal - your device, your network)
+- Automated regulatory complaint generation (legal - your right)
+- Public disclosure package creation (legal - free speech)
+
+This tool PROVES Apple's claims are false and generates materials for:
+- FTC complaints (deceptive practices)
+- EU DMA complaints (gatekeeper violations)
+- DOJ antitrust complaints
+- Public/media disclosure
+- Security researcher coordinated disclosure
+
+The goal is DETERRENCE through TRANSPARENCY - exposing what Apple can do.`,
+        parameters: {
+            type: 'object',
+            properties: {
+                operation: {
+                    type: 'string',
+                    enum: ['probe', 'key-transparency', 'telemetry', 'complaints', 'disclosure', 'full'],
+                    description: 'Operation to perform',
+                },
+                evidenceDir: {
+                    type: 'string',
+                    description: 'Directory to store evidence and generated materials',
+                },
+                target: {
+                    type: 'string',
+                    description: 'Specific target for probing (default: all Apple endpoints)',
+                },
+            },
+            required: ['operation'],
+        },
+        async handler(params) {
+            const operation = params['operation'];
+            const evidenceDir = params['evidenceDir'] || options.workingDir
+                ? `${options.workingDir}/.erosolar/evidence/offensive-${new Date().toISOString().split('T')[0]}`
+                : `.erosolar/evidence/offensive-${new Date().toISOString().split('T')[0]}`;
+            try {
+                const { InfrastructureProber, TelemetryBlocker, RegulatoryComplaintGenerator, DisclosurePackageGenerator, runOffensiveTransparency, } = await import('../tools/offensiveTransparencyTools.js');
+                const lines = [];
+                lines.push('═══════════════════════════════════════════════════════════════════════════════');
+                lines.push('                    OFFENSIVE TRANSPARENCY OPERATION');
+                lines.push('═══════════════════════════════════════════════════════════════════════════════');
+                lines.push('');
+                lines.push('Mode: OFFENSIVE (legal transparency/deterrence operations)');
+                lines.push(`Operation: ${operation.toUpperCase()}`);
+                lines.push(`Evidence Directory: ${evidenceDir}`);
+                lines.push(`Timestamp: ${new Date().toISOString()}`);
+                lines.push('');
+                if (operation === 'full') {
+                    const result = await runOffensiveTransparency(evidenceDir);
+                    lines.push('───────────────────────────────────────────────────────────────────────────────');
+                    lines.push('                    INFRASTRUCTURE PROBING RESULTS');
+                    lines.push('───────────────────────────────────────────────────────────────────────────────');
+                    lines.push('');
+                    lines.push(`Endpoints probed: ${result.probeResults.length}`);
+                    lines.push(`Reachable: ${result.probeResults.filter(p => p.reachable).length}`);
+                    lines.push(`Anomalies found: ${result.probeResults.flatMap(p => p.anomalies).length}`);
+                    lines.push('');
+                    lines.push('───────────────────────────────────────────────────────────────────────────────');
+                    lines.push('                    KEY TRANSPARENCY EXPOSURE');
+                    lines.push('───────────────────────────────────────────────────────────────────────────────');
+                    lines.push('');
+                    lines.push(`Publicly auditable: ${result.keyTransparency.publiclyAuditable ? 'YES' : 'NO ⚠️'}`);
+                    lines.push(`Merkle proof available: ${result.keyTransparency.merkleProofAvailable ? 'YES' : 'NO ⚠️'}`);
+                    lines.push('Findings:');
+                    for (const finding of result.keyTransparency.findings) {
+                        lines.push(`  • ${finding}`);
+                    }
+                    lines.push('');
+                    lines.push('───────────────────────────────────────────────────────────────────────────────');
+                    lines.push('                    TELEMETRY ANALYSIS');
+                    lines.push('───────────────────────────────────────────────────────────────────────────────');
+                    lines.push('');
+                    lines.push(`Active telemetry connections: ${result.telemetryAnalysis.telemetryConnections.length}`);
+                    lines.push('Data leakage detected:');
+                    for (const leak of result.telemetryAnalysis.dataLeakage) {
+                        lines.push(`  ⚠️ ${leak}`);
+                    }
+                    lines.push('');
+                    lines.push('───────────────────────────────────────────────────────────────────────────────');
+                    lines.push('                    REGULATORY COMPLAINTS GENERATED');
+                    lines.push('───────────────────────────────────────────────────────────────────────────────');
+                    lines.push('');
+                    for (const complaint of result.complaints) {
+                        lines.push(`✓ ${complaint.agency}`);
+                        lines.push(`  Type: ${complaint.type}`);
+                        lines.push(`  Allegations: ${complaint.allegations.length}`);
+                    }
+                    lines.push('');
+                    lines.push('───────────────────────────────────────────────────────────────────────────────');
+                    lines.push('                    DISCLOSURE PACKAGE');
+                    lines.push('───────────────────────────────────────────────────────────────────────────────');
+                    lines.push('');
+                    lines.push(`Title: ${result.disclosure.title}`);
+                    lines.push(`Classification: ${result.disclosure.classification.toUpperCase()}`);
+                    lines.push(`Technical findings: ${result.disclosure.technicalFindings.length}`);
+                    lines.push(`Evidence hashes: ${result.disclosure.evidenceHashes.length}`);
+                    lines.push('');
+                    lines.push('Media kit key points:');
+                    for (const point of result.disclosure.mediaKit.keyPoints) {
+                        lines.push(`  • ${point}`);
+                    }
+                }
+                else if (operation === 'probe') {
+                    const prober = new InfrastructureProber(evidenceDir);
+                    const results = await prober.probeAllEndpoints();
+                    lines.push('INFRASTRUCTURE PROBE RESULTS:');
+                    lines.push('');
+                    for (const result of results) {
+                        const status = result.reachable ? '✓' : '✗';
+                        lines.push(`${status} ${result.target}`);
+                        if (result.reachable) {
+                            lines.push(`    Response: ${result.responseTime}ms`);
+                            if (result.tlsInfo) {
+                                lines.push(`    TLS: ${result.tlsInfo.protocol} / ${result.tlsInfo.cipher}`);
+                                lines.push(`    Cert chain: ${result.tlsInfo.certificateChain.length} certificates`);
+                            }
+                        }
+                        if (result.anomalies.length > 0) {
+                            lines.push(`    Anomalies:`);
+                            for (const anomaly of result.anomalies) {
+                                lines.push(`      ⚠️ ${anomaly}`);
+                            }
+                        }
+                        lines.push('');
+                    }
+                }
+                else if (operation === 'key-transparency') {
+                    const prober = new InfrastructureProber(evidenceDir);
+                    const result = await prober.probeKeyTransparency();
+                    lines.push('KEY TRANSPARENCY VERIFICATION:');
+                    lines.push('');
+                    lines.push(`Endpoint: ${result.endpoint}`);
+                    lines.push(`Publicly Auditable: ${result.publiclyAuditable ? 'YES' : 'NO - APPLE IS LYING'}`);
+                    lines.push(`Merkle Proof Available: ${result.merkleProofAvailable ? 'YES' : 'NO'}`);
+                    lines.push('');
+                    lines.push('FINDINGS:');
+                    for (const finding of result.findings) {
+                        lines.push(`  • ${finding}`);
+                    }
+                    lines.push('');
+                    lines.push(`Evidence Hash: ${result.evidence}`);
+                }
+                else if (operation === 'telemetry') {
+                    const blocker = new TelemetryBlocker(evidenceDir);
+                    const analysis = blocker.analyzeCurrentConnections();
+                    const blocking = blocker.generateBlockingPackage();
+                    lines.push('TELEMETRY ANALYSIS:');
+                    lines.push('');
+                    lines.push(`Active telemetry connections: ${analysis.telemetryConnections.length}`);
+                    lines.push('');
+                    lines.push('DATA LEAKAGE:');
+                    for (const leak of analysis.dataLeakage) {
+                        lines.push(`  ⚠️ ${leak}`);
+                    }
+                    lines.push('');
+                    lines.push('BLOCKING PACKAGE GENERATED:');
+                    lines.push(`  • Hosts file entries: ${blocking.hostsFile.split('\n').length} lines`);
+                    lines.push(`  • Firewall rules: ${blocking.firewallRules.split('\n').length} lines`);
+                    lines.push(`  • LaunchDaemons to disable: ${blocking.launchDaemonsToDisable.length}`);
+                    lines.push('');
+                    lines.push('FILES SAVED:');
+                    lines.push(`  • ${evidenceDir}/HOSTS-BLOCK.txt`);
+                    lines.push(`  • ${evidenceDir}/FIREWALL-RULES.txt`);
+                    lines.push(`  • ${evidenceDir}/DISABLE-DAEMONS.txt`);
+                }
+                else if (operation === 'complaints') {
+                    const prober = new InfrastructureProber(evidenceDir);
+                    const ktResult = await prober.probeKeyTransparency();
+                    const complaintGen = new RegulatoryComplaintGenerator(evidenceDir);
+                    const findings = ktResult.findings;
+                    const hashes = [ktResult.evidence];
+                    const ftc = complaintGen.generateFTCComplaint(findings, hashes);
+                    const dma = complaintGen.generateDMAComplaint(findings, hashes);
+                    const doj = complaintGen.generateDOJComplaint(findings, hashes);
+                    lines.push('REGULATORY COMPLAINTS GENERATED:');
+                    lines.push('');
+                    for (const complaint of [ftc, dma, doj]) {
+                        lines.push(`═══ ${complaint.agency} ═══`);
+                        lines.push(`Type: ${complaint.type}`);
+                        lines.push(`Subject: ${complaint.subject}`);
+                        lines.push('');
+                        lines.push('Allegations:');
+                        for (const allegation of complaint.allegations) {
+                            lines.push(`  • ${allegation}`);
+                        }
+                        lines.push('');
+                        lines.push('Requested Action:');
+                        for (const action of complaint.requestedAction) {
+                            lines.push(`  → ${action}`);
+                        }
+                        lines.push('');
+                    }
+                }
+                else if (operation === 'disclosure') {
+                    const prober = new InfrastructureProber(evidenceDir);
+                    const ktResult = await prober.probeKeyTransparency();
+                    const disclosureGen = new DisclosurePackageGenerator(evidenceDir);
+                    const disclosure = disclosureGen.generatePublicDisclosure(ktResult.findings, [ktResult.evidence]);
+                    const coordinated = disclosureGen.generateCoordinatedDisclosure(ktResult.findings, [ktResult.evidence]);
+                    disclosureGen.saveDisclosureMaterials(disclosure, coordinated);
+                    lines.push('DISCLOSURE PACKAGE GENERATED:');
+                    lines.push('');
+                    lines.push(`Title: ${disclosure.title}`);
+                    lines.push(`Classification: ${disclosure.classification}`);
+                    lines.push('');
+                    lines.push('TECHNICAL FINDINGS:');
+                    for (const finding of disclosure.technicalFindings.slice(0, 5)) {
+                        lines.push(`  • ${finding}`);
+                    }
+                    if (disclosure.technicalFindings.length > 5) {
+                        lines.push(`  ... and ${disclosure.technicalFindings.length - 5} more`);
+                    }
+                    lines.push('');
+                    lines.push('MEDIA KIT KEY POINTS:');
+                    for (const point of disclosure.mediaKit.keyPoints) {
+                        lines.push(`  • ${point}`);
+                    }
+                    lines.push('');
+                    lines.push('FILES GENERATED:');
+                    lines.push(`  • ${evidenceDir}/PUBLIC-DISCLOSURE-PACKAGE.json`);
+                    lines.push(`  • ${evidenceDir}/MEDIA-KIT.md`);
+                    lines.push(`  • ${evidenceDir}/COORDINATED-DISCLOSURE.txt`);
+                    lines.push(`  • ${evidenceDir}/PRESS-RELEASE-TEMPLATE.md`);
+                }
+                lines.push('');
+                lines.push('═══════════════════════════════════════════════════════════════════════════════');
+                lines.push('                    OFFENSIVE TRANSPARENCY COMPLETE');
+                lines.push('═══════════════════════════════════════════════════════════════════════════════');
+                lines.push('');
+                lines.push('These materials can be used for:');
+                lines.push('  1. Regulatory complaints (FTC, DOJ, EU DMA)');
+                lines.push('  2. Legal proceedings');
+                lines.push('  3. Public disclosure / journalism');
+                lines.push('  4. Security research publications');
+                lines.push('  5. Congressional/parliamentary testimony');
+                lines.push('');
+                lines.push('DETERRENCE ACHIEVED THROUGH TRANSPARENCY');
+                return lines.join('\n');
+            }
+            catch (error) {
+                const message = error instanceof Error ? error.message : String(error);
+                return `Offensive transparency operation failed: ${message}`;
+            }
+        },
+    });
+    // ====== THREAT INTELLIGENCE TOOL ======
+    tools.push({
+        name: 'threat_intelligence',
+        description: `Generate threat intelligence and capability assessments.
+
+Provides:
+- Threat actor profiling
+- Attack vector analysis with MITRE ATT&CK
+- IOC detection
+- Capability assessment
+- Risk scoring
+
+Understanding attacker capabilities is deterrence through transparency.`,
+        parameters: {
+            type: 'object',
+            properties: {
+                action: {
+                    type: 'string',
+                    enum: ['full_report', 'actors', 'vectors', 'ioc_scan', 'capability_assessment'],
+                },
+                actorId: { type: 'string' },
+                evidenceDir: { type: 'string' },
+            },
+            required: ['action'],
+        },
+        async handler(params) {
+            const action = params['action'];
+            const evidenceDir = params['evidenceDir'] ||
+                `${options.workingDir || '.'}/.erosolar/evidence/threat-intel-${new Date().toISOString().split('T')[0]}`;
+            try {
+                const { ThreatIntelligenceEngine, runThreatAnalysis } = await import('../tools/threatIntelligenceTools.js');
+                const engine = new ThreatIntelligenceEngine(evidenceDir);
+                if (action === 'full_report') {
+                    const report = await engine.generateThreatReport();
+                    return `${report.executiveSummary}\n\n${report.technicalDetails}\n\nRisk Score: ${report.riskScore}/100\nHash: ${report.hash}`;
+                }
+                else if (action === 'ioc_scan') {
+                    const iocs = await engine.scanForIOCs();
+                    const anomalies = await engine.detectAnomalies();
+                    return `IOCs: ${iocs.length}, Anomalies: ${anomalies.length}\n` +
+                        iocs.map(i => `[${i.type}] ${i.value} (${Math.round(i.confidence * 100)}%)`).join('\n');
+                }
+                else if (action === 'capability_assessment') {
+                    const actorId = params['actorId'] || 'ta-apple-internal';
+                    const caps = engine.assessCapabilities(actorId);
+                    return caps.map(c => `• ${c.capability}\n  Impact: ${c.impactIfUsed}\n  Mitigation: ${c.mitigations[0]}`).join('\n\n');
+                }
+                return 'Unknown action';
+            }
+            catch (error) {
+                return `Error: ${error instanceof Error ? error.message : String(error)}`;
+            }
+        },
+    });
+    // ====== UNIFIED ATTACK ORCHESTRATION TOOL ======
+    tools.push({
+        name: 'attack_orchestrator',
+        description: `Execute comprehensive offensive operations against ANY target infrastructure (AUTHORIZED USE ONLY).
+
+**Dynamic Target Research**: NO HARDCODED DATA! The AI automatically researches any organization you specify:
+- Tech companies (Apple, Google, Microsoft, Amazon, Meta, Netflix, Uber, Spotify, TikTok, etc.)
+- Government agencies (Pentagon, NSA, CIA, FBI, DHS, DOD, etc.)
+- Defense contractors (Lockheed Martin, Raytheon, Northrop Grumman, Boeing, etc.)
+- Critical infrastructure (Power grids, water systems, transportation, telecom)
+- Finance (JPMorgan, Visa, PayPal, banks, trading firms)
+- Healthcare systems
+- Energy sector
+- ANY other organization - just provide the name!
+
+The orchestrator will:
+1. Research the target using AI (infrastructure, employees, geography, tech stack)
+2. Identify attack surface (servers, APIs, mobile apps, cloud)
+3. Generate attack recommendations
+4. Execute full-spectrum offensive operations
+
+Attack Intents:
+- destroy/attack: Full offensive compromise
+- audit: Security assessment
+- analyze/recon: Reconnaissance
+- exfiltrate: Data extraction
+- persist: Establish persistence
+- escalate: Privilege escalation
+- evade: Detection evasion
+
+Attack Vectors:
+- server: Server infrastructure
+- system: OS-level exploitation
+- device: End-user devices
+- network: Network-level attacks
+- corporate: Corporate infrastructure
+- employee: Social engineering
+- supply-chain: Supply chain attacks
+- cloud: Cloud infrastructure
+- api: API exploitation
+- web: Web applications
+
+Modes:
+- rl: Reinforcement learning with 2 self-modifying agents
+- non-rl: Direct full-spectrum offensive execution
+- auto: Automatically select based on intent (default)
+
+Features:
+- Multi-target support (Apple, Google, Microsoft, Amazon, Meta, custom)
+- Dual-mode execution with keyboard toggle
+- Self-modifying agents with version control
+- Full-spectrum attack planning
+- Real-time statistics and reporting`,
+        parameters: {
+            type: 'object',
+            properties: {
+                organization: {
+                    type: 'string',
+                    description: 'Target organization name (can be ANY organization - AI will research it dynamically)'
+                },
+                intent: {
+                    type: 'string',
+                    enum: ['destroy', 'attack', 'audit', 'analyze', 'recon', 'exfiltrate', 'persist', 'escalate', 'evade'],
+                    description: 'Attack intent'
+                },
+                vectors: {
+                    type: 'array',
+                    items: {
+                        type: 'string',
+                        enum: ['server', 'system', 'device', 'network', 'corporate', 'employee', 'supply-chain', 'cloud', 'api', 'web']
+                    },
+                    description: 'Attack vectors to employ (default: all applicable)'
+                },
+                mode: {
+                    type: 'string',
+                    enum: ['rl', 'non-rl', 'auto'],
+                    description: 'Execution mode (default: auto)'
+                },
+                maxIterations: {
+                    type: 'number',
+                    description: 'Maximum iterations (0 = unlimited, default: 0)'
+                },
+                completionThreshold: {
+                    type: 'number',
+                    description: 'Completion percentage threshold (0-1, default: 0.95)'
+                },
+                enableKeyboard: {
+                    type: 'boolean',
+                    description: 'Enable keyboard toggle for mode switching (default: true)'
+                },
+                verbose: {
+                    type: 'boolean',
+                    description: 'Show detailed statistics (default: false)'
+                },
+                customName: {
+                    type: 'string',
+                    description: 'Custom target name (for custom organization)'
+                },
+                scope: {
+                    type: 'object',
+                    description: 'Custom scope definition (for custom organization)',
+                    properties: {
+                        servers: { type: 'array', items: { type: 'string' } },
+                        systems: { type: 'array', items: { type: 'string' } },
+                        devices: { type: 'array', items: { type: 'string' } },
+                        employees: { type: 'number' },
+                        geography: { type: 'array', items: { type: 'string' } },
+                        departments: { type: 'array', items: { type: 'string' } }
+                    }
+                }
+            },
+            required: ['organization', 'intent'],
+        },
+        async handler(params) {
+            const organization = params['organization'];
+            const intent = params['intent'];
+            const vectors = params['vectors'] || ['server', 'system', 'device', 'network', 'corporate', 'employee'];
+            const mode = params['mode'] || 'auto';
+            const maxIterations = params['maxIterations'] || 0;
+            const completionThreshold = params['completionThreshold'] || 0.95;
+            const enableKeyboard = params['enableKeyboard'] !== false;
+            const verbose = params['verbose'] === true;
+            const customName = params['customName'];
+            const scope = params['scope'];
+            try {
+                const { CompleteAttackOrchestrator } = await import('../core/completeAttackOrchestrator.js');
+                // Build configuration
+                const config = {
+                    organization,
+                    intent: intent,
+                    mode: mode,
+                    vectors,
+                    maxIterations,
+                    completionThreshold,
+                    enableKeyboard,
+                    verbose
+                };
+                // Execute attack orchestration
+                const orchestrator = new CompleteAttackOrchestrator();
+                const stats = await orchestrator.execute(config);
+                // Generate report
+                const report = CompleteAttackOrchestrator.generateReport(stats);
+                if (verbose) {
+                    return report + `\n\n--- Full Statistics ---\n${JSON.stringify(stats, null, 2)}`;
+                }
+                return report;
+            }
+            catch (error) {
+                return `Error executing attack orchestration: ${error instanceof Error ? error.message : String(error)}`;
+            }
+        },
+    });
+    // ====== UNIFIED ORCHESTRATOR TOOL (RL + Non-RL) ======
+    if (enableAll || options.enableUnifiedOrchestrator) {
+        tools.push({
+            name: 'orchestrate',
+            description: `Unified orchestration combining RL and non-RL modes.
+
+Modes:
+- single: Standard single-pass execution
+- dual-rl: Self-improving with RL refinement (runs primary + refinement pass)
+- auto: Auto-execute cycles until completion
+- apt: Full APT kill-chain execution
+- security: Security assessment with findings
+
+Features:
+- Automatic mode selection based on objective complexity
+- RL reward tracking for self-improvement
+- Real technique execution via TAO
+- Deliverable generation`,
+            parameters: {
+                type: 'object',
+                properties: {
+                    objective: { type: 'string', description: 'Task objective to accomplish' },
+                    mode: {
+                        type: 'string',
+                        enum: ['single', 'dual-rl', 'auto', 'apt', 'security'],
+                        description: 'Orchestration mode (default: auto-selected based on objective)',
+                    },
+                    useRL: { type: 'boolean', description: 'Enable RL refinement (default: true for complex tasks)' },
+                    maxCycles: { type: 'number', description: 'Max cycles for auto mode (default: 5)' },
+                    depth: { type: 'string', enum: ['quick', 'standard', 'deep'], description: 'Execution depth' },
+                    goal: {
+                        type: 'string',
+                        enum: ['recon', 'access', 'persist', 'escalate', 'lateral', 'collect', 'exfil', 'impact', 'all'],
+                        description: 'APT goal for apt/security modes',
+                    },
+                    targets: { type: 'array', items: { type: 'string' }, description: 'Target list for security/apt modes' },
+                    stealthMode: { type: 'boolean', description: 'Enable stealth mode (slower but less detectable)' },
+                },
+                required: ['objective'],
+            },
+            async handler(params) {
+                const objective = params['objective'];
+                const mode = params['mode'];
+                const useRL = params['useRL'];
+                const maxCycles = params['maxCycles'];
+                const depth = params['depth'];
+                const goal = params['goal'];
+                const targets = params['targets'];
+                const stealthMode = params['stealthMode'];
+                // Auto-select mode based on objective
+                const selectedMode = mode ?? inferOrchestrationMode(objective);
+                const summary = [
+                    `Orchestration: ${selectedMode.toUpperCase()}`,
+                    `Objective: ${objective.slice(0, 100)}${objective.length > 100 ? '...' : ''}`,
+                ];
+                if (selectedMode === 'dual-rl' || useRL) {
+                    summary.push('RL: Enabled (primary + refinement pass)');
+                }
+                if (selectedMode === 'auto') {
+                    summary.push(`Auto-execution: max ${maxCycles ?? 5} cycles, depth ${depth ?? 'standard'}`);
+                }
+                if (selectedMode === 'apt' || selectedMode === 'security') {
+                    summary.push(`Goal: ${goal ?? 'all'}`);
+                    if (targets?.length)
+                        summary.push(`Targets: ${targets.join(', ')}`);
+                    if (stealthMode)
+                        summary.push('Stealth: Enabled');
+                }
+                // Note: Actual orchestration would require agent runtime context
+                // This tool provides configuration and status for the orchestrator
+                summary.push('');
+                summary.push('Configuration ready. Orchestrator will execute with these settings.');
+                summary.push('Use the agent runtime to invoke UnifiedOrchestrator.run() with this config.');
+                return summary.join('\n');
+            },
+        });
+    }
     return {
         id: 'orchestration-tools',
-        description: 'Unified orchestration for government, infrastructure, security, and APT operations',
+        description: 'Unified orchestration: RL/non-RL modes, gov, infra, security, validation, hypothesis, recovery, APT chain operations',
         tools,
     };
 }
+function inferOrchestrationMode(objective) {
+    const lower = objective.toLowerCase();
+    if (lower.includes('security') || lower.includes('pentest') || lower.includes('vulnerability'))
+        return 'security';
+    if (lower.includes('apt') || lower.includes('kill-chain') || lower.includes('attack'))
+        return 'apt';
+    if (lower.includes('verify') || lower.includes('improve') || lower.includes('refine'))
+        return 'dual-rl';
+    if (lower.includes('complete') || lower.includes('finish') || lower.includes('until done'))
+        return 'auto';
+    return 'single';
+}
+// ============================================================================
+// CAPABILITY MODULE
+// ============================================================================
 export class OrchestrationCapabilityModule {
     id = 'capability.orchestration';
-    description = 'Unified orchestration for government, infrastructure, security, and APT operations';
+    description = 'Unified orchestration for gov, infra, security, validation, hypothesis testing, and failure recovery';
     options;
     constructor(options = {}) {
         this.options = options;
@@ -295,4 +1798,8 @@ export class OrchestrationCapabilityModule {
         };
     }
 }
+// ============================================================================
+// EXPORTS - For direct usage
+// ============================================================================
+export { ErrorAnalyzer, HypothesisEngine, detectFailure, formatVerifiedResult, analyzeOutput };
 //# sourceMappingURL=orchestrationCapability.js.map