governance-sdk 0.5.0

package/dist/behavioral-scorer.js

@@ -0,0 +1,223 @@
+/**
+ * Behavioral Scoring — adjusts governance scores using observed audit data.
+ *
+ * Three signal categories:
+ * 1. Enforcement signals — block rate, approval rate, rule triggers
+ * 2. Activity signals — event volume, tool diversity, injection hits
+ * 3. Drift signals — declared vs observed tool usage
+ *
+ * Returns per-dimension adjustments (-20 to +20) and evidence.
+ */
+const MAX_ADJUSTMENT = 20;
+const MIN_ADJUSTMENT = -20;
+function clampAdj(v) {
+    return Math.max(MIN_ADJUSTMENT, Math.min(MAX_ADJUSTMENT, Math.round(v)));
+}
+/**
+ * Extract behavioral signals from audit events.
+ * Uses recency-weighted block rate: recent events count more than old ones.
+ */
+export function computeSignals(input) {
+    const { events, declaredTools, config } = input;
+    const windowSize = config?.windowSize ?? 200;
+    const recencyBias = config?.recencyBias ?? 0.7;
+    if (events.length === 0) {
+        return {
+            totalEvents: 0, blockRate: 0, approvalRate: 0, injectionHits: 0,
+            uniqueToolsObserved: [], undeclaredTools: [], eventFrequency: 0,
+            lastActivityAt: null,
+        };
+    }
+    // Window: only consider the most recent N events
+    const sortedByTime = [...events].sort((a, b) => a.createdAt.localeCompare(b.createdAt));
+    const windowed = sortedByTime.slice(-windowSize);
+    // Recency-weighted block rate: more recent events have higher weight.
+    // With recencyBias=0.7, the most recent event has 1.0 weight,
+    // the oldest has 0.3 weight. This makes the score responsive to
+    // recent behavior changes without ignoring history entirely.
+    let weightedBlocked = 0;
+    let totalWeight = 0;
+    for (let i = 0; i < windowed.length; i++) {
+        const position = i / Math.max(1, windowed.length - 1); // 0 (oldest) to 1 (newest)
+        const weight = (1 - recencyBias) + recencyBias * position;
+        totalWeight += weight;
+        if (windowed[i].outcome === "blocked")
+            weightedBlocked += weight;
+    }
+    const blockRate = totalWeight > 0 ? weightedBlocked / totalWeight : 0;
+    const approvals = windowed.filter((e) => e.outcome === "require_approval").length;
+    const injections = windowed.filter((e) => e.eventType === "injection_detected" ||
+        e.detail?.outcome === "detected").length;
+    // Tool diversity from event details
+    const observedTools = new Set();
+    for (const e of windowed) {
+        const detail = e.detail;
+        if (detail?.tool && typeof detail.tool === "string") {
+            observedTools.add(detail.tool);
+        }
+    }
+    const declaredSet = new Set(declaredTools);
+    const undeclared = [...observedTools].filter((t) => !declaredSet.has(t));
+    // Event frequency (events per day)
+    const first = new Date(windowed[0].createdAt).getTime();
+    const last = new Date(windowed[windowed.length - 1].createdAt).getTime();
+    const daySpan = Math.max(1, (last - first) / (1000 * 60 * 60 * 24));
+    const frequency = windowed.length / daySpan;
+    return {
+        totalEvents: windowed.length,
+        blockRate,
+        approvalRate: windowed.length > 0 ? approvals / windowed.length : 0,
+        injectionHits: injections,
+        uniqueToolsObserved: [...observedTools],
+        undeclaredTools: undeclared,
+        eventFrequency: Math.round(frequency * 10) / 10,
+        lastActivityAt: windowed[windowed.length - 1].createdAt,
+    };
+}
+/** Compute per-dimension behavioral adjustments from audit signals. */
+export function computeBehavioralAdjustments(input) {
+    const signals = computeSignals(input);
+    const adjustments = [];
+    // Block rate threshold — below this is considered "clean enough"
+    const threshold = input.config?.blockRateThreshold ?? 0.05;
+    const isClean = signals.blockRate <= threshold;
+    const isConcerning = signals.blockRate > threshold * 3; // 3x threshold = concerning
+    // ── Identity ──────────────────────────────────────────────────
+    let identityAdj = 0;
+    if (signals.totalEvents > 0 && isClean) {
+        identityAdj = signals.totalEvents > 10 ? 5 : 2;
+    }
+    else if (isConcerning) {
+        identityAdj = -5;
+    }
+    adjustments.push({
+        dimension: "identity",
+        adjustment: clampAdj(identityAdj),
+        evidence: { totalEvents: signals.totalEvents, hasActivity: signals.totalEvents > 0 },
+    });
+    // ── Permissions ───────────────────────────────────────────────
+    let permAdj = 0;
+    if (signals.undeclaredTools.length > 0) {
+        permAdj -= Math.min(15, signals.undeclaredTools.length * 5);
+    }
+    if (signals.totalEvents > 5) {
+        if (isClean) {
+            permAdj += 5;
+        }
+        else {
+            permAdj -= Math.min(15, Math.round(signals.blockRate * 30));
+        }
+    }
+    adjustments.push({
+        dimension: "permissions",
+        adjustment: clampAdj(permAdj),
+        evidence: {
+            undeclaredToolCount: signals.undeclaredTools.length,
+            blockRate: Math.round(signals.blockRate * 100),
+            observedTools: signals.uniqueToolsObserved.length,
+        },
+    });
+    // ── Observability ─────────────────────────────────────────────
+    let obsAdj = 0;
+    if (isClean && signals.totalEvents > 50)
+        obsAdj += 10;
+    else if (isClean && signals.totalEvents > 10)
+        obsAdj += 5;
+    else if (isConcerning)
+        obsAdj -= 5;
+    adjustments.push({
+        dimension: "observability",
+        adjustment: clampAdj(obsAdj),
+        evidence: { eventFrequency: signals.eventFrequency, totalEvents: signals.totalEvents },
+    });
+    // ── Guardrails ────────────────────────────────────────────────
+    let guardAdj = 0;
+    if (signals.totalEvents > 5 && isClean && signals.injectionHits === 0) {
+        guardAdj += 10;
+    }
+    if (!isClean) {
+        guardAdj -= Math.min(15, Math.round(signals.blockRate * 30));
+    }
+    if (signals.injectionHits > 0) {
+        guardAdj -= Math.min(10, signals.injectionHits * 3);
+    }
+    adjustments.push({
+        dimension: "guardrails",
+        adjustment: clampAdj(guardAdj),
+        evidence: {
+            blockRate: Math.round(signals.blockRate * 100),
+            injectionHits: signals.injectionHits,
+        },
+    });
+    // ── Auditability ──────────────────────────────────────────────
+    let auditAdj = 0;
+    if (isClean && signals.totalEvents > 20)
+        auditAdj += 10;
+    else if (isClean && signals.totalEvents > 5)
+        auditAdj += 5;
+    else if (isConcerning)
+        auditAdj -= 5;
+    if (signals.lastActivityAt) {
+        const daysSince = (Date.now() - new Date(signals.lastActivityAt).getTime()) / (1000 * 60 * 60 * 24);
+        if (daysSince > 30)
+            auditAdj -= 5; // stale — no recent audit data
+    }
+    adjustments.push({
+        dimension: "auditability",
+        adjustment: clampAdj(auditAdj),
+        evidence: { totalEvents: signals.totalEvents, lastActivityAt: signals.lastActivityAt ?? "never" },
+    });
+    // ── Compliance ────────────────────────────────────────────────
+    let compAdj = 0;
+    if (signals.totalEvents > 5 && isClean) {
+        compAdj += 10;
+    }
+    if (!isClean) {
+        compAdj -= Math.min(15, Math.round(signals.blockRate * 30));
+    }
+    adjustments.push({
+        dimension: "compliance",
+        adjustment: clampAdj(compAdj),
+        evidence: {
+            blockRate: Math.round(signals.blockRate * 100),
+            totalEvents: signals.totalEvents,
+        },
+    });
+    // ── Lifecycle ─────────────────────────────────────────────────
+    let lifeAdj = 0;
+    if (signals.lastActivityAt) {
+        const daysSince = (Date.now() - new Date(signals.lastActivityAt).getTime()) / (1000 * 60 * 60 * 24);
+        if (daysSince < 7 && isClean)
+            lifeAdj += 5;
+        else if (daysSince < 7 && isConcerning)
+            lifeAdj -= 5;
+        else if (daysSince > 30)
+            lifeAdj -= 10;
+    }
+    adjustments.push({
+        dimension: "lifecycle",
+        adjustment: clampAdj(lifeAdj),
+        evidence: { lastActivityAt: signals.lastActivityAt ?? "never", eventFrequency: signals.eventFrequency },
+    });
+    return { adjustments, signals };
+}
+/** Apply behavioral adjustments to base dimension scores. */
+export function applyBehavioralAdjustments(baseDimensions, adjustments) {
+    const adjMap = new Map(adjustments.map((a) => [a.dimension, a]));
+    return baseDimensions.map((dim) => {
+        const adj = adjMap.get(dim.dimension);
+        if (!adj || adj.adjustment === 0)
+            return dim;
+        const adjustedScore = Math.max(0, Math.min(100, dim.score + adj.adjustment));
+        return {
+            ...dim,
+            score: adjustedScore,
+            evidence: {
+                ...dim.evidence,
+                behavioralAdjustment: adj.adjustment,
+                ...Object.fromEntries(Object.entries(adj.evidence).map(([k, v]) => [`behavioral_${k}`, v])),
+            },
+        };
+    });
+}
+//# sourceMappingURL=behavioral-scorer.js.map

package/dist/behavioral-scorer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"behavioral-scorer.js","sourceRoot":"","sources":["../src/behavioral-scorer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AA4DH,MAAM,cAAc,GAAG,EAAE,CAAC;AAC1B,MAAM,cAAc,GAAG,CAAC,EAAE,CAAC;AAE3B,SAAS,QAAQ,CAAC,CAAS;IACzB,OAAO,IAAI,CAAC,GAAG,CAAC,cAAc,EAAE,IAAI,CAAC,GAAG,CAAC,cAAc,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAC3E,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,KAAsB;IACnD,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,GAAG,KAAK,CAAC;IAChD,MAAM,UAAU,GAAG,MAAM,EAAE,UAAU,IAAI,GAAG,CAAC;IAC7C,MAAM,WAAW,GAAG,MAAM,EAAE,WAAW,IAAI,GAAG,CAAC;IAE/C,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,OAAO;YACL,WAAW,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE,YAAY,EAAE,CAAC,EAAE,aAAa,EAAE,CAAC;YAC/D,mBAAmB,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,cAAc,EAAE,CAAC;YAC/D,cAAc,EAAE,IAAI;SACrB,CAAC;IACJ,CAAC;IAED,iDAAiD;IACjD,MAAM,YAAY,GAAG,CAAC,GAAG,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC;IACxF,MAAM,QAAQ,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,UAAU,CAAC,CAAC;IAEjD,sEAAsE;IACtE,8DAA8D;IAC9D,gEAAgE;IAChE,6DAA6D;IAC7D,IAAI,eAAe,GAAG,CAAC,CAAC;IACxB,IAAI,WAAW,GAAG,CAAC,CAAC;IACpB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACzC,MAAM,QAAQ,GAAG,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,2BAA2B;QAClF,MAAM,MAAM,GAAG,CAAC,CAAC,GAAG,WAAW,CAAC,GAAG,WAAW,GAAG,QAAQ,CAAC;QAC1D,WAAW,IAAI,MAAM,CAAC;QACtB,IAAI,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,KAAK,SAAS;YAAE,eAAe,IAAI,MAAM,CAAC;IACnE,CAAC;IACD,MAAM,SAAS,GAAG,WAAW,GAAG,CAAC,CAAC,CAAC,CAAC,eAAe,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC;IAEtE,MAAM,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,kBAAkB,CAAC,CAAC,MAAM,CAAC;IAClF,MAAM,UAAU,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CACvC,CAAC,CAAC,SAAS,KAAK,oBAAoB;QACnC,CAAC,CAAC,MAAkC,EAAE,OAAO,KAAK,UAAU,CAC9D,CAAC,MAAM,CAAC;IAET,oCAAoC;IACpC,MAAM,aAAa,GAAG,IAAI,GAAG,EAAU,CAAC;IACxC,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,MAAM,MAAM,GAAG,CAAC,CAAC,MAA6C,CAAC;QAC/D,IAAI,MAAM,EAAE,IAAI,IAAI,OAAO,MAAM,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACpD,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;IAED,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC;IAC3C,MAAM,UAAU,GAAG,CAAC,GAAG,aAAa,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAEzE,mCAAmC;IACnC,MAAM,KAAK,GAAG,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAC;IACxD,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAC;IACzE,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,IAAI,GAAG,KAAK,CAAC,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;IACpE,MAAM,SAAS,GAAG,QAAQ,CAAC,MAAM,GAAG,OAAO,CAAC;IAE5C,OAAO;QACL,WAAW,EAAE,QAAQ,CAAC,MAAM;QAC5B,SAAS;QACT,YAAY,EAAE,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACnE,aAAa,EAAE,UAAU;QACzB,mBAAmB,EAAE,CAAC,GAAG,aAAa,CAAC;QACvC,eAAe,EAAE,UAAU;QAC3B,cAAc,EAAE,IAAI,CAAC,KAAK,CAAC,SAAS,GAAG,EAAE,CAAC,GAAG,EAAE;QAC/C,cAAc,EAAE,QAAQ,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,SAAS;KACxD,CAAC;AACJ,CAAC;AAED,uEAAuE;AACvE,MAAM,UAAU,4BAA4B,CAC1C,KAAsB;IAEtB,MAAM,OAAO,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;IACtC,MAAM,WAAW,GAA2B,EAAE,CAAC;IAE/C,iEAAiE;IACjE,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,EAAE,kBAAkB,IAAI,IAAI,CAAC;IAC3D,MAAM,OAAO,GAAG,OAAO,CAAC,SAAS,IAAI,SAAS,CAAC;IAC/C,MAAM,YAAY,GAAG,OAAO,CAAC,SAAS,GAAG,SAAS,GAAG,CAAC,CAAC,CAAC,4BAA4B;IAEpF,iEAAiE;IACjE,IAAI,WAAW,GAAG,CAAC,CAAC;IACpB,IAAI,OAAO,CAAC,WAAW,GAAG,CAAC,IAAI,OAAO,EAAE,CAAC;QACvC,WAAW,GAAG,OAAO,CAAC,WAAW,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACjD,CAAC;SAAM,IAAI,YAAY,EAAE,CAAC;QACxB,WAAW,GAAG,CAAC,CAAC,CAAC;IACnB,CAAC;IACD,WAAW,CAAC,IAAI,CAAC;QACf,SAAS,EAAE,UAAU;QACrB,UAAU,EAAE,QAAQ,CAAC,WAAW,CAAC;QACjC,QAAQ,EAAE,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW,GAAG,CAAC,EAAE;KACrF,CAAC,CAAC;IAEH,iEAAiE;IACjE,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,IAAI,OAAO,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvC,OAAO,IAAI,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,OAAO,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC9D,CAAC;IACD,IAAI,OAAO,CAAC,WAAW,GAAG,CAAC,EAAE,CAAC;QAC5B,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,IAAI,CAAC,CAAC;QACf,CAAC;aAAM,CAAC;YACN,OAAO,IAAI,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,SAAS,GAAG,EAAE,CAAC,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC;IACD,WAAW,CAAC,IAAI,CAAC;QACf,SAAS,EAAE,aAAa;QACxB,UAAU,EAAE,QAAQ,CAAC,OAAO,CAAC;QAC7B,QAAQ,EAAE;YACR,mBAAmB,EAAE,OAAO,CAAC,eAAe,CAAC,MAAM;YACnD,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,SAAS,GAAG,GAAG,CAAC;YAC9C,aAAa,EAAE,OAAO,CAAC,mBAAmB,CAAC,MAAM;SAClD;KACF,CAAC,CAAC;IAEH,iEAAiE;IACjE,IAAI,MAAM,GAAG,CAAC,CAAC;IACf,IAAI,OAAO,IAAI,OAAO,CAAC,WAAW,GAAG,EAAE;QAAE,MAAM,IAAI,EAAE,CAAC;SACjD,IAAI,OAAO,IAAI,OAAO,CAAC,WAAW,GAAG,EAAE;QAAE,MAAM,IAAI,CAAC,CAAC;SACrD,IAAI,YAAY;QAAE,MAAM,IAAI,CAAC,CAAC;IACnC,WAAW,CAAC,IAAI,CAAC;QACf,SAAS,EAAE,eAAe;QAC1B,UAAU,EAAE,QAAQ,CAAC,MAAM,CAAC;QAC5B,QAAQ,EAAE,EAAE,cAAc,EAAE,OAAO,CAAC,cAAc,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE;KACvF,CAAC,CAAC;IAEH,iEAAiE;IACjE,IAAI,QAAQ,GAAG,CAAC,CAAC;IACjB,IAAI,OAAO,CAAC,WAAW,GAAG,CAAC,IAAI,OAAO,IAAI,OAAO,CAAC,aAAa,KAAK,CAAC,EAAE,CAAC;QACtE,QAAQ,IAAI,EAAE,CAAC;IACjB,CAAC;IACD,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,QAAQ,IAAI,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,SAAS,GAAG,EAAE,CAAC,CAAC,CAAC;IAC/D,CAAC;IACD,IAAI,OAAO,CAAC,aAAa,GAAG,CAAC,EAAE,CAAC;QAC9B,QAAQ,IAAI,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,OAAO,CAAC,aAAa,GAAG,CAAC,CAAC,CAAC;IACtD,CAAC;IACD,WAAW,CAAC,IAAI,CAAC;QACf,SAAS,EAAE,YAAY;QACvB,UAAU,EAAE,QAAQ,CAAC,QAAQ,CAAC;QAC9B,QAAQ,EAAE;YACR,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,SAAS,GAAG,GAAG,CAAC;YAC9C,aAAa,EAAE,OAAO,CAAC,aAAa;SACrC;KACF,CAAC,CAAC;IAEH,iEAAiE;IACjE,IAAI,QAAQ,GAAG,CAAC,CAAC;IACjB,IAAI,OAAO,IAAI,OAAO,CAAC,WAAW,GAAG,EAAE;QAAE,QAAQ,IAAI,EAAE,CAAC;SACnD,IAAI,OAAO,IAAI,OAAO,CAAC,WAAW,GAAG,CAAC;QAAE,QAAQ,IAAI,CAAC,CAAC;SACtD,IAAI,YAAY;QAAE,QAAQ,IAAI,CAAC,CAAC;IACrC,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;QAC3B,MAAM,SAAS,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,OAAO,EAAE,CAAC,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;QACpG,IAAI,SAAS,GAAG,EAAE;YAAE,QAAQ,IAAI,CAAC,CAAC,CAAC,+BAA+B;IACpE,CAAC;IACD,WAAW,CAAC,IAAI,CAAC;QACf,SAAS,EAAE,cAAc;QACzB,UAAU,EAAE,QAAQ,CAAC,QAAQ,CAAC;QAC9B,QAAQ,EAAE,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,cAAc,EAAE,OAAO,CAAC,cAAc,IAAI,OAAO,EAAE;KAClG,CAAC,CAAC;IAEH,iEAAiE;IACjE,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,IAAI,OAAO,CAAC,WAAW,GAAG,CAAC,IAAI,OAAO,EAAE,CAAC;QACvC,OAAO,IAAI,EAAE,CAAC;IAChB,CAAC;IACD,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,IAAI,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,SAAS,GAAG,EAAE,CAAC,CAAC,CAAC;IAC9D,CAAC;IACD,WAAW,CAAC,IAAI,CAAC;QACf,SAAS,EAAE,YAAY;QACvB,UAAU,EAAE,QAAQ,CAAC,OAAO,CAAC;QAC7B,QAAQ,EAAE;YACR,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,SAAS,GAAG,GAAG,CAAC;YAC9C,WAAW,EAAE,OAAO,CAAC,WAAW;SACjC;KACF,CAAC,CAAC;IAEH,iEAAiE;IACjE,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;QAC3B,MAAM,SAAS,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,OAAO,EAAE,CAAC,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;QACpG,IAAI,SAAS,GAAG,CAAC,IAAI,OAAO;YAAE,OAAO,IAAI,CAAC,CAAC;aACtC,IAAI,SAAS,GAAG,CAAC,IAAI,YAAY;YAAE,OAAO,IAAI,CAAC,CAAC;aAChD,IAAI,SAAS,GAAG,EAAE;YAAE,OAAO,IAAI,EAAE,CAAC;IACzC,CAAC;IACD,WAAW,CAAC,IAAI,CAAC;QACf,SAAS,EAAE,WAAW;QACtB,UAAU,EAAE,QAAQ,CAAC,OAAO,CAAC;QAC7B,QAAQ,EAAE,EAAE,cAAc,EAAE,OAAO,CAAC,cAAc,IAAI,OAAO,EAAE,cAAc,EAAE,OAAO,CAAC,cAAc,EAAE;KACxG,CAAC,CAAC;IAEH,OAAO,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC;AAClC,CAAC;AAED,6DAA6D;AAC7D,MAAM,UAAU,0BAA0B,CACxC,cAAiC,EACjC,WAAmC;IAEnC,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IAEjE,OAAO,cAAc,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;QAChC,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QACtC,IAAI,CAAC,GAAG,IAAI,GAAG,CAAC,UAAU,KAAK,CAAC;YAAE,OAAO,GAAG,CAAC;QAE7C,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,KAAK,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC;QAC7E,OAAO;YACL,GAAG,GAAG;YACN,KAAK,EAAE,aAAa;YACpB,QAAQ,EAAE;gBACR,GAAG,GAAG,CAAC,QAAQ;gBACf,oBAAoB,EAAE,GAAG,CAAC,UAAU;gBACpC,GAAG,MAAM,CAAC,WAAW,CACnB,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,cAAc,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CACrE;aACF;SACF,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/cli/init.d.ts

@@ -0,0 +1,11 @@
+#!/usr/bin/env node
+/**
+ * governance-sdk CLI — Interactive project setup
+ *
+ * Usage: npx governance-sdk init
+ *
+ * Generates a governance.config.ts file with sensible defaults
+ * and prints a quickstart guide.
+ */
+export {};
+//# sourceMappingURL=init.d.ts.map

package/dist/cli/init.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"init.d.ts","sourceRoot":"","sources":["../../src/cli/init.ts"],"names":[],"mappings":";AACA;;;;;;;GAOG"}

package/dist/cli/init.js

@@ -0,0 +1,217 @@
+#!/usr/bin/env node
+/**
+ * governance-sdk CLI — Interactive project setup
+ *
+ * Usage: npx governance-sdk init
+ *
+ * Generates a governance.config.ts file with sensible defaults
+ * and prints a quickstart guide.
+ */
+import { writeFileSync, existsSync } from "node:fs";
+import { resolve } from "node:path";
+import { createInterface } from "node:readline";
+const RESET = "\x1b[0m";
+const BOLD = "\x1b[1m";
+const DIM = "\x1b[2m";
+const GREEN = "\x1b[32m";
+const CYAN = "\x1b[36m";
+const YELLOW = "\x1b[33m";
+const RED = "\x1b[31m";
+const MAGENTA = "\x1b[35m";
+function print(msg) {
+    process.stdout.write(msg + "\n");
+}
+function ask(question, defaultVal) {
+    const rl = createInterface({ input: process.stdin, output: process.stdout });
+    const prompt = defaultVal
+        ? `${CYAN}?${RESET} ${question} ${DIM}(${defaultVal})${RESET} `
+        : `${CYAN}?${RESET} ${question} `;
+    return new Promise((resolve) => {
+        rl.question(prompt, (answer) => {
+            rl.close();
+            resolve(answer.trim() || defaultVal || "");
+        });
+    });
+}
+function banner() {
+    print("");
+    print(`${BOLD}${MAGENTA}  governance-sdk${RESET}`);
+    print(`${DIM}  Runtime governance for TypeScript AI agents${RESET}`);
+    print(`${DIM}  Policy enforcement · Audit trails · Fleet scoring${RESET}`);
+    print("");
+}
+function generateConfigFile(config) {
+    const imports = [
+        "createGovernance",
+        "blockTools",
+    ];
+    const rules = [];
+    if (config.blockDangerous) {
+        rules.push(`    blockTools([\n      'shell_exec', 'rm_rf', 'database_drop',\n      'file_delete', 'process_kill',\n    ]),`);
+    }
+    if (config.requireApproval) {
+        imports.push("requireApproval");
+        rules.push(`    requireApproval(['data_export', 'email_send', 'payment_process']),`);
+    }
+    if (config.tokenLimit > 0) {
+        imports.push("tokenBudget");
+        rules.push(`    tokenBudget(${config.tokenLimit.toLocaleString().replace(/,/g, "_")}),`);
+    }
+    const importLine = `import { ${imports.join(", ")} } from 'governance-sdk';`;
+    let processorSection = "";
+    if (config.useProcessor) {
+        processorSection = `
+// ─── Mastra Processor (framework-level governance) ──────────
+// Pass this processor to agent.generate() to govern ALL tool calls
+// automatically — no per-tool wrapping needed.
+
+import { GovernanceProcessor } from 'governance-sdk/plugins/mastra-processor';
+
+export const processor = new GovernanceProcessor(governance, {
+  agentName: '${config.agentName}',
+  owner: '${config.owner}',
+  framework: '${config.framework}',
+  retryOnBlock: true, // Let the LLM try a different approach
+  maxRetries: 2,
+});
+
+// Usage:
+// const result = await agent.generate(prompt, { processor });
+`;
+    }
+    return `/**
+ * governance-sdk configuration
+ * Generated by: npx governance-sdk init
+ *
+ * Docs: https://heylua.ai/governance
+ * GitHub: https://github.com/lua-ai-global/governance
+ */
+
+${importLine}
+
+// ─── Governance Instance ────────────────────────────────────
+// Central governance configuration for your agent fleet.
+// All agents registered here share the same policy rules.
+
+export const governance = createGovernance({
+  rules: [
+${rules.join("\n")}
+  ],
+});
+
+// ─── Register Your Agent ────────────────────────────────────
+// Call this at agent startup. Returns { id, score, level }.
+
+export async function registerAgent() {
+  return governance.register({
+    name: '${config.agentName}',
+    framework: '${config.framework}',
+    owner: '${config.owner}',
+    hasAuth: false,       // Set true when you add auth
+    hasGuardrails: true,  // You have governance now!
+    hasObservability: false,
+    hasAuditLog: true,    // Governance provides audit
+  });
+}
+${processorSection}
+// ─── Enforce Before Actions ─────────────────────────────────
+// Call gov.enforce() before any sensitive operation.
+//
+// const decision = await governance.enforce({
+//   agentId: agent.id,
+//   agentName: '${config.agentName}',
+//   agentLevel: agent.level,
+//   action: 'tool_call',
+//   tool: 'shell_exec',
+// });
+//
+// if (decision.blocked) {
+//   console.log('Blocked:', decision.reason);
+// }
+`;
+}
+async function main() {
+    const args = process.argv.slice(2);
+    const command = args[0];
+    if (command !== "init") {
+        print(`${BOLD}governance-sdk${RESET} — Runtime governance for TypeScript AI agents\n`);
+        print(`${BOLD}Usage:${RESET}`);
+        print(`  npx governance-sdk init    Set up governance in your project`);
+        print(`  npx governance-sdk --help  Show this help message\n`);
+        print(`${BOLD}Docs:${RESET} https://heylua.ai/governance`);
+        print(`${BOLD}GitHub:${RESET} https://github.com/lua-ai-global/governance\n`);
+        return;
+    }
+    banner();
+    // Check if config already exists
+    const configPath = resolve(process.cwd(), "governance.config.ts");
+    if (existsSync(configPath)) {
+        print(`${YELLOW}!${RESET} governance.config.ts already exists.`);
+        const overwrite = await ask("Overwrite?", "no");
+        if (!overwrite.toLowerCase().startsWith("y")) {
+            print(`${DIM}  Aborted.${RESET}\n`);
+            return;
+        }
+    }
+    // Interactive setup
+    print(`${BOLD}  Let's set up governance for your project.${RESET}\n`);
+    const agentName = await ask("Agent name", "my-agent");
+    const owner = await ask("Team/owner", "engineering");
+    const frameworkChoice = await ask("Framework (mastra/langchain/vercel-ai/custom)", "mastra");
+    const framework = ["mastra", "langchain", "vercel-ai", "openai", "custom"].includes(frameworkChoice)
+        ? frameworkChoice
+        : "custom";
+    const blockDangerous = (await ask("Block dangerous tools? (shell, rm, db drop)", "yes"))
+        .toLowerCase().startsWith("y");
+    const requireApprovalAnswer = (await ask("Require approval for sensitive actions?", "yes"))
+        .toLowerCase().startsWith("y");
+    const tokenLimitStr = await ask("Per-session token budget (0 = unlimited)", "100000");
+    const tokenLimit = parseInt(tokenLimitStr, 10) || 0;
+    const useProcessor = framework === "mastra" &&
+        (await ask("Use native Mastra Processor? (recommended)", "yes"))
+            .toLowerCase().startsWith("y");
+    print("");
+    // Generate config
+    const config = {
+        agentName,
+        owner,
+        framework,
+        blockDangerous,
+        requireApproval: requireApprovalAnswer,
+        tokenLimit,
+        useProcessor,
+    };
+    const fileContent = generateConfigFile(config);
+    writeFileSync(configPath, fileContent, "utf-8");
+    // Success output
+    print(`${GREEN}✓${RESET} Created ${BOLD}governance.config.ts${RESET}\n`);
+    print(`${BOLD}  Next steps:${RESET}\n`);
+    print(`  ${CYAN}1.${RESET} Import governance in your agent:`);
+    print(`     ${DIM}import { governance, registerAgent } from './governance.config';${RESET}`);
+    print("");
+    print(`  ${CYAN}2.${RESET} Register your agent at startup:`);
+    print(`     ${DIM}const agent = await registerAgent();${RESET}`);
+    print(`     ${DIM}// → { id, score: 42, level: 1 }${RESET}`);
+    print("");
+    if (useProcessor) {
+        print(`  ${CYAN}3.${RESET} Pass the processor to agent.generate():`);
+        print(`     ${DIM}import { processor } from './governance.config';${RESET}`);
+        print(`     ${DIM}const result = await agent.generate(prompt, { processor });${RESET}`);
+        print(`     ${DIM}// Every tool call is now governed automatically${RESET}`);
+    }
+    else {
+        print(`  ${CYAN}3.${RESET} Enforce before sensitive actions:`);
+        print(`     ${DIM}const decision = await governance.enforce({${RESET}`);
+        print(`     ${DIM}  agentId: agent.id, action: 'tool_call', tool: 'shell_exec',${RESET}`);
+        print(`     ${DIM}});${RESET}`);
+    }
+    print("");
+    print(`  ${BOLD}Docs:${RESET} https://heylua.ai/governance`);
+    print(`  ${BOLD}GitHub:${RESET} https://github.com/lua-ai-global/governance`);
+    print("");
+}
+main().catch((e) => {
+    print(`${RED}Error: ${e instanceof Error ? e.message : String(e)}${RESET}`);
+    process.exit(1);
+});
+//# sourceMappingURL=init.js.map

package/dist/cli/init.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"init.js","sourceRoot":"","sources":["../../src/cli/init.ts"],"names":[],"mappings":";AACA;;;;;;;GAOG;AAEH,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACpD,OAAO,EAAE,OAAO,EAAQ,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAEhD,MAAM,KAAK,GAAG,SAAS,CAAC;AACxB,MAAM,IAAI,GAAG,SAAS,CAAC;AACvB,MAAM,GAAG,GAAG,SAAS,CAAC;AACtB,MAAM,KAAK,GAAG,UAAU,CAAC;AACzB,MAAM,IAAI,GAAG,UAAU,CAAC;AACxB,MAAM,MAAM,GAAG,UAAU,CAAC;AAC1B,MAAM,GAAG,GAAG,UAAU,CAAC;AACvB,MAAM,OAAO,GAAG,UAAU,CAAC;AAE3B,SAAS,KAAK,CAAC,GAAW;IACxB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;AACnC,CAAC;AAED,SAAS,GAAG,CAAC,QAAgB,EAAE,UAAmB;IAChD,MAAM,EAAE,GAAG,eAAe,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IAC7E,MAAM,MAAM,GAAG,UAAU;QACvB,CAAC,CAAC,GAAG,IAAI,IAAI,KAAK,IAAI,QAAQ,IAAI,GAAG,IAAI,UAAU,IAAI,KAAK,GAAG;QAC/D,CAAC,CAAC,GAAG,IAAI,IAAI,KAAK,IAAI,QAAQ,GAAG,CAAC;IAEpC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,MAAM,EAAE,EAAE;YAC7B,EAAE,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,UAAU,IAAI,EAAE,CAAC,CAAC;QAC7C,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,MAAM;IACb,KAAK,CAAC,EAAE,CAAC,CAAC;IACV,KAAK,CAAC,GAAG,IAAI,GAAG,OAAO,mBAAmB,KAAK,EAAE,CAAC,CAAC;IACnD,KAAK,CAAC,GAAG,GAAG,gDAAgD,KAAK,EAAE,CAAC,CAAC;IACrE,KAAK,CAAC,GAAG,GAAG,sDAAsD,KAAK,EAAE,CAAC,CAAC;IAC3E,KAAK,CAAC,EAAE,CAAC,CAAC;AACZ,CAAC;AAYD,SAAS,kBAAkB,CAAC,MAAkB;IAC5C,MAAM,OAAO,GAAa;QACxB,kBAAkB;QAClB,YAAY;KACb,CAAC;IAEF,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;QAC1B,KAAK,CAAC,IAAI,CAAC,gHAAgH,CAAC,CAAC;IAC/H,CAAC;IAED,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC;QAC3B,OAAO,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;QAChC,KAAK,CAAC,IAAI,CAAC,wEAAwE,CAAC,CAAC;IACvF,CAAC;IAED,IAAI,MAAM,CAAC,UAAU,GAAG,CAAC,EAAE,CAAC;QAC1B,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAC5B,KAAK,CAAC,IAAI,CAAC,mBAAmB,MAAM,CAAC,UAAU,CAAC,cAAc,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;IAC3F,CAAC;IAED,MAAM,UAAU,GAAG,YAAY,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,2BAA2B,CAAC;IAE7E,IAAI,gBAAgB,GAAG,EAAE,CAAC;IAC1B,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;QACxB,gBAAgB,GAAG;;;;;;;;gBAQP,MAAM,CAAC,SAAS;YACpB,MAAM,CAAC,KAAK;gBACR,MAAM,CAAC,SAAS;;;;;;;CAO/B,CAAC;IACA,CAAC;IAED,OAAO;;;;;;;;EAQP,UAAU;;;;;;;;EAQV,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC;;;;;;;;;aASL,MAAM,CAAC,SAAS;kBACX,MAAM,CAAC,SAAS;cACpB,MAAM,CAAC,KAAK;;;;;;;EAOxB,gBAAgB;;;;;;mBAMC,MAAM,CAAC,SAAS;;;;;;;;;CASlC,CAAC;AACF,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACnC,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IAExB,IAAI,OAAO,KAAK,MAAM,EAAE,CAAC;QACvB,KAAK,CAAC,GAAG,IAAI,iBAAiB,KAAK,kDAAkD,CAAC,CAAC;QACvF,KAAK,CAAC,GAAG,IAAI,SAAS,KAAK,EAAE,CAAC,CAAC;QAC/B,KAAK,CAAC,gEAAgE,CAAC,CAAC;QACxE,KAAK,CAAC,uDAAuD,CAAC,CAAC;QAC/D,KAAK,CAAC,GAAG,IAAI,QAAQ,KAAK,+BAA+B,CAAC,CAAC;QAC3D,KAAK,CAAC,GAAG,IAAI,UAAU,KAAK,gDAAgD,CAAC,CAAC;QAC9E,OAAO;IACT,CAAC;IAED,MAAM,EAAE,CAAC;IAET,iCAAiC;IACjC,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,sBAAsB,CAAC,CAAC;IAClE,IAAI,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC3B,KAAK,CAAC,GAAG,MAAM,IAAI,KAAK,uCAAuC,CAAC,CAAC;QACjE,MAAM,SAAS,GAAG,MAAM,GAAG,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC;QAChD,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAC7C,KAAK,CAAC,GAAG,GAAG,aAAa,KAAK,IAAI,CAAC,CAAC;YACpC,OAAO;QACT,CAAC;IACH,CAAC;IAED,oBAAoB;IACpB,KAAK,CAAC,GAAG,IAAI,8CAA8C,KAAK,IAAI,CAAC,CAAC;IAEtE,MAAM,SAAS,GAAG,MAAM,GAAG,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;IACtD,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,YAAY,EAAE,aAAa,CAAC,CAAC;IAErD,MAAM,eAAe,GAAG,MAAM,GAAG,CAAC,+CAA+C,EAAE,QAAQ,CAAC,CAAC;IAC7F,MAAM,SAAS,GAAG,CAAC,QAAQ,EAAE,WAAW,EAAE,WAAW,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,eAAe,CAAC;QAClG,CAAC,CAAC,eAAe;QACjB,CAAC,CAAC,QAAQ,CAAC;IAEb,MAAM,cAAc,GAAG,CAAC,MAAM,GAAG,CAAC,6CAA6C,EAAE,KAAK,CAAC,CAAC;SACrF,WAAW,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IAEjC,MAAM,qBAAqB,GAAG,CAAC,MAAM,GAAG,CAAC,yCAAyC,EAAE,KAAK,CAAC,CAAC;SACxF,WAAW,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IAEjC,MAAM,aAAa,GAAG,MAAM,GAAG,CAAC,0CAA0C,EAAE,QAAQ,CAAC,CAAC;IACtF,MAAM,UAAU,GAAG,QAAQ,CAAC,aAAa,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC;IAEpD,MAAM,YAAY,GAAG,SAAS,KAAK,QAAQ;QACzC,CAAC,MAAM,GAAG,CAAC,4CAA4C,EAAE,KAAK,CAAC,CAAC;aAC7D,WAAW,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IAEnC,KAAK,CAAC,EAAE,CAAC,CAAC;IAEV,kBAAkB;IAClB,MAAM,MAAM,GAAe;QACzB,SAAS;QACT,KAAK;QACL,SAAS;QACT,cAAc;QACd,eAAe,EAAE,qBAAqB;QACtC,UAAU;QACV,YAAY;KACb,CAAC;IAEF,MAAM,WAAW,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;IAC/C,aAAa,CAAC,UAAU,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC;IAEhD,iBAAiB;IACjB,KAAK,CAAC,GAAG,KAAK,IAAI,KAAK,YAAY,IAAI,uBAAuB,KAAK,IAAI,CAAC,CAAC;IACzE,KAAK,CAAC,GAAG,IAAI,gBAAgB,KAAK,IAAI,CAAC,CAAC;IACxC,KAAK,CAAC,KAAK,IAAI,KAAK,KAAK,mCAAmC,CAAC,CAAC;IAC9D,KAAK,CAAC,QAAQ,GAAG,mEAAmE,KAAK,EAAE,CAAC,CAAC;IAC7F,KAAK,CAAC,EAAE,CAAC,CAAC;IACV,KAAK,CAAC,KAAK,IAAI,KAAK,KAAK,kCAAkC,CAAC,CAAC;IAC7D,KAAK,CAAC,QAAQ,GAAG,uCAAuC,KAAK,EAAE,CAAC,CAAC;IACjE,KAAK,CAAC,QAAQ,GAAG,mCAAmC,KAAK,EAAE,CAAC,CAAC;IAC7D,KAAK,CAAC,EAAE,CAAC,CAAC;IAEV,IAAI,YAAY,EAAE,CAAC;QACjB,KAAK,CAAC,KAAK,IAAI,KAAK,KAAK,0CAA0C,CAAC,CAAC;QACrE,KAAK,CAAC,QAAQ,GAAG,mDAAmD,KAAK,EAAE,CAAC,CAAC;QAC7E,KAAK,CAAC,QAAQ,GAAG,8DAA8D,KAAK,EAAE,CAAC,CAAC;QACxF,KAAK,CAAC,QAAQ,GAAG,mDAAmD,KAAK,EAAE,CAAC,CAAC;IAC/E,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,KAAK,IAAI,KAAK,KAAK,oCAAoC,CAAC,CAAC;QAC/D,KAAK,CAAC,QAAQ,GAAG,8CAA8C,KAAK,EAAE,CAAC,CAAC;QACxE,KAAK,CAAC,QAAQ,GAAG,gEAAgE,KAAK,EAAE,CAAC,CAAC;QAC1F,KAAK,CAAC,QAAQ,GAAG,MAAM,KAAK,EAAE,CAAC,CAAC;IAClC,CAAC;IAED,KAAK,CAAC,EAAE,CAAC,CAAC;IACV,KAAK,CAAC,KAAK,IAAI,QAAQ,KAAK,+BAA+B,CAAC,CAAC;IAC7D,KAAK,CAAC,KAAK,IAAI,UAAU,KAAK,8CAA8C,CAAC,CAAC;IAC9E,KAAK,CAAC,EAAE,CAAC,CAAC;AACZ,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;IACjB,KAAK,CAAC,GAAG,GAAG,UAAU,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,KAAK,EAAE,CAAC,CAAC;IAC5E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/compliance-articles.d.ts

@@ -0,0 +1,71 @@
+/**
+ * EU AI Act Article Definitions
+ *
+ * Static article and requirement definitions for the 6 EU AI Act
+ * articles tracked by governance-sdk. Separated from assessment
+ * logic to keep files under 300 LOC.
+ */
+/** EU AI Act article with requirements and SDK feature mapping */
+export interface EuAiActArticle {
+    /** Article number */
+    article: string;
+    /** Article title */
+    title: string;
+    /** Brief description of the requirement */
+    description: string;
+    /** Enforcement deadline */
+    deadline: string;
+    /** Maximum fine */
+    maxFine: string;
+    /** Specific requirements that can be checked */
+    requirements: ArticleRequirement[];
+}
+/** A specific checkable requirement within an article */
+export interface ArticleRequirement {
+    /** Unique requirement ID (e.g., "art9-risk-classification") */
+    id: string;
+    /** What the law requires */
+    requirement: string;
+    /** How governance-sdk addresses this */
+    sdkFeature: string;
+    /** What to check for compliance */
+    checkDescription: string;
+    /** Whether this is automatically checkable by the SDK */
+    automatable: boolean;
+}
+/** Compliance status for a single requirement */
+export type ComplianceStatus = "compliant" | "partial" | "non-compliant" | "not-applicable";
+/** Assessment result for a single requirement */
+export interface RequirementAssessment {
+    requirementId: string;
+    status: ComplianceStatus;
+    evidence: string;
+    remediation?: string;
+}
+/** Assessment result for a full article */
+export interface ArticleAssessment {
+    article: string;
+    title: string;
+    coverage: ComplianceStatus;
+    score: number;
+    requirements: RequirementAssessment[];
+    deadline: string;
+    maxFine: string;
+}
+/** Full compliance report */
+export interface ComplianceReport {
+    overallScore: number;
+    status: ComplianceStatus;
+    articles: ArticleAssessment[];
+    agentsAssessed: number;
+    criticalGaps: string[];
+    recommendations: string[];
+    generatedAt: string;
+    daysUntilDeadline: number;
+}
+export declare const EU_AI_ACT_ARTICLES: EuAiActArticle[];
+/** Get the list of EU AI Act articles tracked by this module */
+export declare function getArticles(): EuAiActArticle[];
+/** Get days until EU AI Act enforcement deadline */
+export declare function getDaysUntilDeadline(): number;
+//# sourceMappingURL=compliance-articles.d.ts.map

package/dist/compliance-articles.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"compliance-articles.d.ts","sourceRoot":"","sources":["../src/compliance-articles.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,kEAAkE;AAClE,MAAM,WAAW,cAAc;IAC7B,qBAAqB;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,oBAAoB;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,2CAA2C;IAC3C,WAAW,EAAE,MAAM,CAAC;IACpB,2BAA2B;IAC3B,QAAQ,EAAE,MAAM,CAAC;IACjB,mBAAmB;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,gDAAgD;IAChD,YAAY,EAAE,kBAAkB,EAAE,CAAC;CACpC;AAED,yDAAyD;AACzD,MAAM,WAAW,kBAAkB;IACjC,+DAA+D;IAC/D,EAAE,EAAE,MAAM,CAAC;IACX,4BAA4B;IAC5B,WAAW,EAAE,MAAM,CAAC;IACpB,wCAAwC;IACxC,UAAU,EAAE,MAAM,CAAC;IACnB,mCAAmC;IACnC,gBAAgB,EAAE,MAAM,CAAC;IACzB,yDAAyD;IACzD,WAAW,EAAE,OAAO,CAAC;CACtB;AAED,iDAAiD;AACjD,MAAM,MAAM,gBAAgB,GAAG,WAAW,GAAG,SAAS,GAAG,eAAe,GAAG,gBAAgB,CAAC;AAE5F,iDAAiD;AACjD,MAAM,WAAW,qBAAqB;IACpC,aAAa,EAAE,MAAM,CAAC;IACtB,MAAM,EAAE,gBAAgB,CAAC;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,2CAA2C;AAC3C,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,gBAAgB,CAAC;IAC3B,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,qBAAqB,EAAE,CAAC;IACtC,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,6BAA6B;AAC7B,MAAM,WAAW,gBAAgB;IAC/B,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,gBAAgB,CAAC;IACzB,QAAQ,EAAE,iBAAiB,EAAE,CAAC;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,iBAAiB,EAAE,MAAM,CAAC;CAC3B;AAID,eAAO,MAAM,kBAAkB,EAAE,cAAc,EAqL9C,CAAC;AAEF,gEAAgE;AAChE,wBAAgB,WAAW,IAAI,cAAc,EAAE,CAE9C;AAED,oDAAoD;AACpD,wBAAgB,oBAAoB,IAAI,MAAM,CAI7C"}