hackmyagent 0.16.5 → 0.16.7

package/dist/arp/intelligence/behavioral-risk.js

@@ -0,0 +1,429 @@
+"use strict";
+/**
+ * Behavioral risk signal channel (AIComply P1, coordinator hot path).
+ *
+ * The `IntelligenceCoordinator` needs a way to ask the behavioral twin
+ * (`NanoMindL1` in `nanomind-l1.ts`) "how anomalous does this event look
+ * against the agent's behavioral baseline?" without importing the twin
+ * directly into the comply path. Direct coupling would re-introduce the
+ * layering break that the L0-comply gate was added to prevent: the twin
+ * would sit inline with the crypto verifier, and a bug in the twin would
+ * cascade into every classified event.
+ *
+ * The solution here is an IPC contract. The coordinator holds a
+ * `BehavioralRiskSource` that abstracts transport. Two implementations
+ * ship in this module:
+ *
+ *   - `InProcessBehavioralRiskSource` wraps any object that exposes
+ *     `scoreARPEvent(event)`. This is the single-process fast path: no
+ *     serialization, no socket, just a direct call guarded by a try/catch.
+ *     `NanoMindL1` satisfies the interface via its readonly scoreARPEvent
+ *     method, but tests can inject any stub.
+ *
+ *   - `UnixSocketBehavioralRiskSource` speaks newline-delimited JSON over
+ *     a unix domain socket (or a Windows named pipe via node `net`). This
+ *     is the cross-process variant, used when the twin runs in its own
+ *     daemon to isolate a crashy baseline from the enforcement path.
+ *
+ * Every caller-visible method is bounded:
+ *
+ *   - `getBehavioralRiskSignal(event, timeoutMs)` enforces a deadline on
+ *     every call. The unix socket transport destroys the socket on timeout
+ *     and resolves to `{status: 'unavailable', code: 'TIMEOUT'}`; the
+ *     in-process source has no IO but still wraps the call in a bounded
+ *     try/catch so a throwing twin cannot take down the coordinator.
+ *
+ *   - A five-failure circuit breaker opens the unix socket transport for
+ *     30 seconds on repeated unavailable outcomes. A wedged IPC source
+ *     therefore cannot cascade-block the coordinator indefinitely: after
+ *     the breaker opens, calls resolve instantly with a cached error until
+ *     cooldown expires.
+ *
+ * Parse-to-deny (CR-001) is honored on every path: the public surface
+ * never throws. Every error branch resolves to a typed
+ * `{status: 'unavailable', code, reason}` so the coordinator can route on
+ * the code without string scraping. What "deny" means when the twin is
+ * unavailable is the coordinator's policy, not this module's: the
+ * coordinator records the unavailable signal on `event.data.behavioralRisk`
+ * for downstream audit and leaves severity untouched. An IPC outage is
+ * not evidence of threat, and raising severity on every event during twin
+ * startup would be a regression; security-paranoid deployments can layer
+ * a stricter policy on top of the recorded signal.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UnixSocketBehavioralRiskSource = exports.InProcessBehavioralRiskSource = exports.BEHAVIORAL_RISK_WIRE_VERSION = exports.CIRCUIT_BREAKER_COOLDOWN_MS = exports.CIRCUIT_BREAKER_THRESHOLD = exports.DEFAULT_BEHAVIORAL_RISK_TIMEOUT_MS = void 0;
+exports.defaultBehavioralRiskSocketPath = defaultBehavioralRiskSocketPath;
+const net = __importStar(require("net"));
+const os = __importStar(require("os"));
+const path = __importStar(require("path"));
+/**
+ * Default timeout for a single risk signal request. Chosen to keep the
+ * comply hot path well under a frame budget even under transport jitter.
+ * The in-process source ignores this; the unix socket source enforces it.
+ */
+exports.DEFAULT_BEHAVIORAL_RISK_TIMEOUT_MS = 25;
+/**
+ * Number of consecutive unavailable outcomes that open the circuit
+ * breaker on the unix socket source. A wedged twin daemon will hit this
+ * after five calls and stop consuming coordinator time.
+ */
+exports.CIRCUIT_BREAKER_THRESHOLD = 5;
+/**
+ * Cooldown before the circuit breaker allows a single probe call to try
+ * the transport again. 30 seconds is long enough to absorb transient
+ * restarts without burning too many coordinator cycles on probes.
+ */
+exports.CIRCUIT_BREAKER_COOLDOWN_MS = 30000;
+/**
+ * IPC wire format version. Clients and servers both advertise `version: 1`
+ * in every message; mismatched versions are treated as PARSE_ERROR rather
+ * than silently accepted, so a future protocol change cannot be downgraded.
+ */
+exports.BEHAVIORAL_RISK_WIRE_VERSION = 1;
+/**
+ * Resolve the platform-appropriate default socket path for the behavioral
+ * risk server. Unix-like systems get a socket under
+ * `~/.opena2a/arp/behavioral-risk-<agentId>.sock`; Windows gets a named
+ * pipe in the `\\.\pipe\opena2a-arp-behavioral-risk-<agentId>` namespace.
+ * Callers are free to override this.
+ */
+function defaultBehavioralRiskSocketPath(agentId) {
+    const safe = agentId.replace(/[^a-zA-Z0-9_-]/g, '_');
+    if (process.platform === 'win32') {
+        return `\\\\.\\pipe\\opena2a-arp-behavioral-risk-${safe}`;
+    }
+    return path.join(os.homedir(), '.opena2a', 'arp', `behavioral-risk-${safe}.sock`);
+}
+/**
+ * In-process risk source. Wraps a handle that implements
+ * `scoreARPEvent`. Intended for single-process deployments where the
+ * twin and the coordinator live in the same Node process. Synchronous by
+ * construction, so the timeout is only a safety net against a
+ * misbehaving twin that throws.
+ *
+ * Decoupling rationale: the coordinator holds this as a
+ * `BehavioralRiskSource`, not as a `NanoMindL1`. The comply path has no
+ * knowledge of twin internals and a bug in the twin surfaces as an
+ * `unavailable` result, not a cascade failure.
+ */
+class InProcessBehavioralRiskSource {
+    constructor(twin, sourceName = 'nanomind-l1-inproc') {
+        this.twin = twin;
+        this.sourceName = sourceName;
+    }
+    async getBehavioralRiskSignal(event, _timeoutMs) {
+        // Synchronous call wrapped in try/catch. The twin's scoreARPEvent is
+        // contract-bound to return null on not-ready; we map that to the
+        // NOT_READY code so the coordinator can tell apart "no baseline" from
+        // a runtime error.
+        try {
+            const result = this.twin.scoreARPEvent(event);
+            if (result === null) {
+                return {
+                    status: 'unavailable',
+                    code: 'NOT_READY',
+                    reason: 'behavioral twin baseline is not yet trained',
+                };
+            }
+            return {
+                status: 'ok',
+                signal: {
+                    score: result.score,
+                    action: result.action,
+                    reason: result.reason,
+                    source: this.sourceName,
+                    computedAtMs: Date.now(),
+                },
+            };
+        }
+        catch (err) {
+            // A throwing twin is a twin bug, not a threat signal. Surface it as
+            // INTERNAL_ERROR; the coordinator's unavailable policy handles the
+            // rest.
+            return {
+                status: 'unavailable',
+                code: 'INTERNAL_ERROR',
+                reason: `scoreARPEvent threw: ${err.message ?? String(err)}`,
+            };
+        }
+    }
+    async close() {
+        // No transport resources to release.
+    }
+}
+exports.InProcessBehavioralRiskSource = InProcessBehavioralRiskSource;
+/**
+ * Unix-socket (or Windows named pipe) risk source. Opens a fresh
+ * connection per request. Rationale: per-request connections keep the
+ * transport state machine trivial (no pooling, no reconnection dance) and
+ * the request cost is dominated by the twin's scoring latency, not the
+ * connect itself. If perf measurement later shows connect-per-request is
+ * a bottleneck, a pooled variant can be added without changing the
+ * public BehavioralRiskSource interface.
+ *
+ * Circuit breaker semantics:
+ *   - After `CIRCUIT_BREAKER_THRESHOLD` consecutive unavailable outcomes,
+ *     the breaker opens and subsequent calls fast-fail with
+ *     `CIRCUIT_OPEN` without touching the socket.
+ *   - After `CIRCUIT_BREAKER_COOLDOWN_MS`, the breaker half-opens: the
+ *     next call is allowed through. A successful call resets the failure
+ *     counter and closes the breaker. A failed probe leaves the breaker
+ *     open and restarts the cooldown.
+ */
+class UnixSocketBehavioralRiskSource {
+    constructor(socketPath, options = {}) {
+        this.consecutiveFailures = 0;
+        this.circuitOpen = false;
+        this.circuitOpenedAtMs = 0;
+        this.socketPath = socketPath;
+        this.sourceName = options.sourceName ?? 'nanomind-l1-ipc';
+        this.now = options.now ?? Date.now;
+    }
+    async getBehavioralRiskSignal(event, timeoutMs) {
+        // Fast path: breaker open. Check cooldown. If still open, fast-fail.
+        // Otherwise allow a single probe through.
+        if (this.circuitOpen) {
+            const elapsed = this.now() - this.circuitOpenedAtMs;
+            if (elapsed < exports.CIRCUIT_BREAKER_COOLDOWN_MS) {
+                return {
+                    status: 'unavailable',
+                    code: 'CIRCUIT_OPEN',
+                    reason: `circuit breaker open, ${exports.CIRCUIT_BREAKER_COOLDOWN_MS - elapsed} ms remaining`,
+                };
+            }
+            // Half-open: let the next call through. The breaker stays flagged
+            // open until the call actually resolves; on success we close it.
+        }
+        const result = await this.roundTrip(event, timeoutMs);
+        this.recordOutcome(result);
+        return result;
+    }
+    roundTrip(event, timeoutMs) {
+        return new Promise((resolve) => {
+            let settled = false;
+            let socket = null;
+            const chunks = [];
+            const settle = (r) => {
+                if (settled)
+                    return;
+                settled = true;
+                clearTimeout(timer);
+                if (socket && !socket.destroyed) {
+                    socket.destroy();
+                }
+                resolve(r);
+            };
+            const timer = setTimeout(() => {
+                settle({
+                    status: 'unavailable',
+                    code: 'TIMEOUT',
+                    reason: `behavioral risk ipc exceeded ${timeoutMs} ms deadline`,
+                });
+            }, timeoutMs);
+            if (typeof timer.unref === 'function')
+                timer.unref();
+            try {
+                socket = net.createConnection(this.socketPath);
+            }
+            catch (err) {
+                settle({
+                    status: 'unavailable',
+                    code: 'TRANSPORT_ERROR',
+                    reason: `failed to initiate connection: ${err.message}`,
+                });
+                return;
+            }
+            socket.on('connect', () => {
+                const request = JSON.stringify({
+                    kind: 'risk_signal_request',
+                    version: exports.BEHAVIORAL_RISK_WIRE_VERSION,
+                    event,
+                }) + '\n';
+                try {
+                    socket.write(request);
+                }
+                catch (err) {
+                    settle({
+                        status: 'unavailable',
+                        code: 'TRANSPORT_ERROR',
+                        reason: `failed to write request: ${err.message}`,
+                    });
+                }
+            });
+            socket.on('data', (chunk) => {
+                chunks.push(chunk);
+                const buf = Buffer.concat(chunks).toString('utf8');
+                const nl = buf.indexOf('\n');
+                if (nl < 0)
+                    return;
+                const line = buf.slice(0, nl);
+                settle(this.parseResponse(line));
+            });
+            socket.on('error', (err) => {
+                settle({
+                    status: 'unavailable',
+                    code: 'TRANSPORT_ERROR',
+                    reason: `socket error: ${err.message}`,
+                });
+            });
+            socket.on('close', () => {
+                settle({
+                    status: 'unavailable',
+                    code: 'TRANSPORT_ERROR',
+                    reason: 'socket closed before response received',
+                });
+            });
+        });
+    }
+    parseResponse(line) {
+        let msg;
+        try {
+            msg = JSON.parse(line);
+        }
+        catch (err) {
+            return {
+                status: 'unavailable',
+                code: 'PARSE_ERROR',
+                reason: `invalid json response: ${err.message}`,
+            };
+        }
+        if (msg === null || typeof msg !== 'object') {
+            return {
+                status: 'unavailable',
+                code: 'PARSE_ERROR',
+                reason: 'response body is not an object',
+            };
+        }
+        const obj = msg;
+        if (obj.version !== exports.BEHAVIORAL_RISK_WIRE_VERSION) {
+            return {
+                status: 'unavailable',
+                code: 'PARSE_ERROR',
+                reason: `unsupported wire version: ${JSON.stringify(obj.version)}`,
+            };
+        }
+        if (obj.kind === 'risk_signal_error') {
+            const code = isUnavailableCode(obj.code) ? obj.code : 'TRANSPORT_ERROR';
+            const reason = typeof obj.reason === 'string' ? obj.reason : 'server reported error';
+            return { status: 'unavailable', code, reason };
+        }
+        if (obj.kind !== 'risk_signal_response') {
+            return {
+                status: 'unavailable',
+                code: 'PARSE_ERROR',
+                reason: `unexpected message kind: ${JSON.stringify(obj.kind)}`,
+            };
+        }
+        if (typeof obj.score !== 'number' ||
+            !Number.isFinite(obj.score) ||
+            obj.score < 0 ||
+            obj.score > 1) {
+            return {
+                status: 'unavailable',
+                code: 'PARSE_ERROR',
+                reason: `score must be a finite number in [0,1], got ${JSON.stringify(obj.score)}`,
+            };
+        }
+        if (!isRiskAction(obj.action)) {
+            return {
+                status: 'unavailable',
+                code: 'PARSE_ERROR',
+                reason: `action must be one of allow|alert|throttle|suspend|kill, got ${JSON.stringify(obj.action)}`,
+            };
+        }
+        return {
+            status: 'ok',
+            signal: {
+                score: obj.score,
+                action: obj.action,
+                reason: typeof obj.reason === 'string' ? obj.reason : '',
+                source: typeof obj.source === 'string' && obj.source.length > 0
+                    ? obj.source
+                    : this.sourceName,
+                computedAtMs: typeof obj.computedAtMs === 'number' && Number.isFinite(obj.computedAtMs)
+                    ? obj.computedAtMs
+                    : this.now(),
+            },
+        };
+    }
+    recordOutcome(result) {
+        if (result.status === 'ok') {
+            this.consecutiveFailures = 0;
+            this.circuitOpen = false;
+            return;
+        }
+        // CIRCUIT_OPEN outcomes do not increment the failure counter; they
+        // are already a symptom of the breaker being open. Counting them
+        // would extend the cooldown indefinitely every time a caller probed
+        // while the breaker is still cooling.
+        if (result.code === 'CIRCUIT_OPEN')
+            return;
+        this.consecutiveFailures++;
+        if (this.consecutiveFailures >= exports.CIRCUIT_BREAKER_THRESHOLD) {
+            this.circuitOpen = true;
+            this.circuitOpenedAtMs = this.now();
+        }
+    }
+    /**
+     * Test-only accessor for the current breaker state. Exposed so tests
+     * can assert breaker opens at the threshold and closes on a successful
+     * probe without scraping internals through reflection.
+     */
+    _getBreakerStateForTest() {
+        return {
+            open: this.circuitOpen,
+            failures: this.consecutiveFailures,
+            openedAtMs: this.circuitOpenedAtMs,
+        };
+    }
+    async close() {
+        // No pooled resources.
+    }
+}
+exports.UnixSocketBehavioralRiskSource = UnixSocketBehavioralRiskSource;
+function isUnavailableCode(v) {
+    return (v === 'NOT_READY' ||
+        v === 'TIMEOUT' ||
+        v === 'TRANSPORT_ERROR' ||
+        v === 'PARSE_ERROR' ||
+        v === 'CIRCUIT_OPEN' ||
+        v === 'DISABLED' ||
+        v === 'INTERNAL_ERROR');
+}
+function isRiskAction(v) {
+    return v === 'allow' || v === 'alert' || v === 'throttle' || v === 'suspend' || v === 'kill';
+}
+//# sourceMappingURL=behavioral-risk.js.map

package/dist/arp/intelligence/behavioral-risk.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"behavioral-risk.js","sourceRoot":"","sources":["../../../src/arp/intelligence/behavioral-risk.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkDG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAsHH,0EAMC;AA1HD,yCAA2B;AAC3B,uCAAyB;AACzB,2CAA6B;AA+E7B;;;;GAIG;AACU,QAAA,kCAAkC,GAAG,EAAE,CAAC;AAErD;;;;GAIG;AACU,QAAA,yBAAyB,GAAG,CAAC,CAAC;AAE3C;;;;GAIG;AACU,QAAA,2BAA2B,GAAG,KAAM,CAAC;AAElD;;;;GAIG;AACU,QAAA,4BAA4B,GAAG,CAAC,CAAC;AAE9C;;;;;;GAMG;AACH,SAAgB,+BAA+B,CAAC,OAAe;IAC7D,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,iBAAiB,EAAE,GAAG,CAAC,CAAC;IACrD,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QACjC,OAAO,4CAA4C,IAAI,EAAE,CAAC;IAC5D,CAAC;IACD,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,UAAU,EAAE,KAAK,EAAE,mBAAmB,IAAI,OAAO,CAAC,CAAC;AACpF,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAa,6BAA6B;IAIxC,YAAY,IAA6B,EAAE,UAAU,GAAG,oBAAoB;QAC1E,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;IAC/B,CAAC;IAED,KAAK,CAAC,uBAAuB,CAC3B,KAAe,EACf,UAAkB;QAElB,qEAAqE;QACrE,iEAAiE;QACjE,sEAAsE;QACtE,mBAAmB;QACnB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;YAC9C,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;gBACpB,OAAO;oBACL,MAAM,EAAE,aAAa;oBACrB,IAAI,EAAE,WAAW;oBACjB,MAAM,EAAE,6CAA6C;iBACtD,CAAC;YACJ,CAAC;YACD,OAAO;gBACL,MAAM,EAAE,IAAI;gBACZ,MAAM,EAAE;oBACN,KAAK,EAAE,MAAM,CAAC,KAAK;oBACnB,MAAM,EAAE,MAAM,CAAC,MAAM;oBACrB,MAAM,EAAE,MAAM,CAAC,MAAM;oBACrB,MAAM,EAAE,IAAI,CAAC,UAAU;oBACvB,YAAY,EAAE,IAAI,CAAC,GAAG,EAAE;iBACzB;aACF,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,oEAAoE;YACpE,mEAAmE;YACnE,QAAQ;YACR,OAAO;gBACL,MAAM,EAAE,aAAa;gBACrB,IAAI,EAAE,gBAAgB;gBACtB,MAAM,EAAE,wBAAyB,GAAa,CAAC,OAAO,IAAI,MAAM,CAAC,GAAG,CAAC,EAAE;aACxE,CAAC;QACJ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,KAAK;QACT,qCAAqC;IACvC,CAAC;CACF;AAnDD,sEAmDC;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAa,8BAA8B;IAQzC,YACE,UAAkB,EAClB,UAAuD,EAAE;QANnD,wBAAmB,GAAG,CAAC,CAAC;QACxB,gBAAW,GAAG,KAAK,CAAC;QACpB,sBAAiB,GAAG,CAAC,CAAC;QAM5B,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,iBAAiB,CAAC;QAC1D,IAAI,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC;IACrC,CAAC;IAED,KAAK,CAAC,uBAAuB,CAC3B,KAAe,EACf,SAAiB;QAEjB,qEAAqE;QACrE,0CAA0C;QAC1C,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACrB,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,iBAAiB,CAAC;YACpD,IAAI,OAAO,GAAG,mCAA2B,EAAE,CAAC;gBAC1C,OAAO;oBACL,MAAM,EAAE,aAAa;oBACrB,IAAI,EAAE,cAAc;oBACpB,MAAM,EAAE,yBAAyB,mCAA2B,GAAG,OAAO,eAAe;iBACtF,CAAC;YACJ,CAAC;YACD,kEAAkE;YAClE,iEAAiE;QACnE,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;QACtD,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;QAC3B,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,SAAS,CACf,KAAe,EACf,SAAiB;QAEjB,OAAO,IAAI,OAAO,CAAuB,CAAC,OAAO,EAAE,EAAE;YACnD,IAAI,OAAO,GAAG,KAAK,CAAC;YACpB,IAAI,MAAM,GAAsB,IAAI,CAAC;YACrC,MAAM,MAAM,GAAa,EAAE,CAAC;YAE5B,MAAM,MAAM,GAAG,CAAC,CAAuB,EAAE,EAAE;gBACzC,IAAI,OAAO;oBAAE,OAAO;gBACpB,OAAO,GAAG,IAAI,CAAC;gBACf,YAAY,CAAC,KAAK,CAAC,CAAC;gBACpB,IAAI,MAAM,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;oBAChC,MAAM,CAAC,OAAO,EAAE,CAAC;gBACnB,CAAC;gBACD,OAAO,CAAC,CAAC,CAAC,CAAC;YACb,CAAC,CAAC;YAEF,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;gBAC5B,MAAM,CAAC;oBACL,MAAM,EAAE,aAAa;oBACrB,IAAI,EAAE,SAAS;oBACf,MAAM,EAAE,gCAAgC,SAAS,cAAc;iBAChE,CAAC,CAAC;YACL,CAAC,EAAE,SAAS,CAAC,CAAC;YACd,IAAI,OAAO,KAAK,CAAC,KAAK,KAAK,UAAU;gBAAE,KAAK,CAAC,KAAK,EAAE,CAAC;YAErD,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,CAAC,gBAAgB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACjD,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,CAAC;oBACL,MAAM,EAAE,aAAa;oBACrB,IAAI,EAAE,iBAAiB;oBACvB,MAAM,EAAE,kCAAmC,GAAa,CAAC,OAAO,EAAE;iBACnE,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,MAAM,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE;gBACxB,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC;oBAC7B,IAAI,EAAE,qBAAqB;oBAC3B,OAAO,EAAE,oCAA4B;oBACrC,KAAK;iBACN,CAAC,GAAG,IAAI,CAAC;gBACV,IAAI,CAAC;oBACH,MAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBACzB,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,MAAM,CAAC;wBACL,MAAM,EAAE,aAAa;wBACrB,IAAI,EAAE,iBAAiB;wBACvB,MAAM,EAAE,4BAA6B,GAAa,CAAC,OAAO,EAAE;qBAC7D,CAAC,CAAC;gBACL,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;gBAClC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBACnB,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;gBACnD,MAAM,EAAE,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;gBAC7B,IAAI,EAAE,GAAG,CAAC;oBAAE,OAAO;gBACnB,MAAM,IAAI,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBAC9B,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;YACnC,CAAC,CAAC,CAAC;YAEH,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAU,EAAE,EAAE;gBAChC,MAAM,CAAC;oBACL,MAAM,EAAE,aAAa;oBACrB,IAAI,EAAE,iBAAiB;oBACvB,MAAM,EAAE,iBAAiB,GAAG,CAAC,OAAO,EAAE;iBACvC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;YAEH,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;gBACtB,MAAM,CAAC;oBACL,MAAM,EAAE,aAAa;oBACrB,IAAI,EAAE,iBAAiB;oBACvB,MAAM,EAAE,wCAAwC;iBACjD,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,aAAa,CAAC,IAAY;QAChC,IAAI,GAAY,CAAC;QACjB,IAAI,CAAC;YACH,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACzB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO;gBACL,MAAM,EAAE,aAAa;gBACrB,IAAI,EAAE,aAAa;gBACnB,MAAM,EAAE,0BAA2B,GAAa,CAAC,OAAO,EAAE;aAC3D,CAAC;QACJ,CAAC;QACD,IAAI,GAAG,KAAK,IAAI,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5C,OAAO;gBACL,MAAM,EAAE,aAAa;gBACrB,IAAI,EAAE,aAAa;gBACnB,MAAM,EAAE,gCAAgC;aACzC,CAAC;QACJ,CAAC;QACD,MAAM,GAAG,GAAG,GAA8B,CAAC;QAC3C,IAAI,GAAG,CAAC,OAAO,KAAK,oCAA4B,EAAE,CAAC;YACjD,OAAO;gBACL,MAAM,EAAE,aAAa;gBACrB,IAAI,EAAE,aAAa;gBACnB,MAAM,EAAE,6BAA6B,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE;aACnE,CAAC;QACJ,CAAC;QACD,IAAI,GAAG,CAAC,IAAI,KAAK,mBAAmB,EAAE,CAAC;YACrC,MAAM,IAAI,GAAG,iBAAiB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,iBAAiB,CAAC;YACxE,MAAM,MAAM,GAAG,OAAO,GAAG,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,uBAAuB,CAAC;YACrF,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;QACjD,CAAC;QACD,IAAI,GAAG,CAAC,IAAI,KAAK,sBAAsB,EAAE,CAAC;YACxC,OAAO;gBACL,MAAM,EAAE,aAAa;gBACrB,IAAI,EAAE,aAAa;gBACnB,MAAM,EAAE,4BAA4B,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE;aAC/D,CAAC;QACJ,CAAC;QACD,IACE,OAAO,GAAG,CAAC,KAAK,KAAK,QAAQ;YAC7B,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC;YAC3B,GAAG,CAAC,KAAK,GAAG,CAAC;YACb,GAAG,CAAC,KAAK,GAAG,CAAC,EACb,CAAC;YACD,OAAO;gBACL,MAAM,EAAE,aAAa;gBACrB,IAAI,EAAE,aAAa;gBACnB,MAAM,EAAE,+CAA+C,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE;aACnF,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YAC9B,OAAO;gBACL,MAAM,EAAE,aAAa;gBACrB,IAAI,EAAE,aAAa;gBACnB,MAAM,EAAE,gEAAgE,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE;aACrG,CAAC;QACJ,CAAC;QACD,OAAO;YACL,MAAM,EAAE,IAAI;YACZ,MAAM,EAAE;gBACN,KAAK,EAAE,GAAG,CAAC,KAAK;gBAChB,MAAM,EAAE,GAAG,CAAC,MAAM;gBAClB,MAAM,EAAE,OAAO,GAAG,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE;gBACxD,MAAM,EACJ,OAAO,GAAG,CAAC,MAAM,KAAK,QAAQ,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC;oBACrD,CAAC,CAAC,GAAG,CAAC,MAAM;oBACZ,CAAC,CAAC,IAAI,CAAC,UAAU;gBACrB,YAAY,EACV,OAAO,GAAG,CAAC,YAAY,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,YAAY,CAAC;oBACvE,CAAC,CAAC,GAAG,CAAC,YAAY;oBAClB,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE;aACjB;SACF,CAAC;IACJ,CAAC;IAEO,aAAa,CAAC,MAA4B;QAChD,IAAI,MAAM,CAAC,MAAM,KAAK,IAAI,EAAE,CAAC;YAC3B,IAAI,CAAC,mBAAmB,GAAG,CAAC,CAAC;YAC7B,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC;YACzB,OAAO;QACT,CAAC;QACD,mEAAmE;QACnE,iEAAiE;QACjE,oEAAoE;QACpE,sCAAsC;QACtC,IAAI,MAAM,CAAC,IAAI,KAAK,cAAc;YAAE,OAAO;QAC3C,IAAI,CAAC,mBAAmB,EAAE,CAAC;QAC3B,IAAI,IAAI,CAAC,mBAAmB,IAAI,iCAAyB,EAAE,CAAC;YAC1D,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;YACxB,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACtC,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,uBAAuB;QACrB,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,WAAW;YACtB,QAAQ,EAAE,IAAI,CAAC,mBAAmB;YAClC,UAAU,EAAE,IAAI,CAAC,iBAAiB;SACnC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,KAAK;QACT,uBAAuB;IACzB,CAAC;CACF;AAzOD,wEAyOC;AAED,SAAS,iBAAiB,CAAC,CAAU;IACnC,OAAO,CACL,CAAC,KAAK,WAAW;QACjB,CAAC,KAAK,SAAS;QACf,CAAC,KAAK,iBAAiB;QACvB,CAAC,KAAK,aAAa;QACnB,CAAC,KAAK,cAAc;QACpB,CAAC,KAAK,UAAU;QAChB,CAAC,KAAK,gBAAgB,CACvB,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,CAAU;IAC9B,OAAO,CAAC,KAAK,OAAO,IAAI,CAAC,KAAK,OAAO,IAAI,CAAC,KAAK,UAAU,IAAI,CAAC,KAAK,SAAS,IAAI,CAAC,KAAK,MAAM,CAAC;AAC/F,CAAC"}

package/dist/arp/intelligence/coordinator.d.ts

@@ -1,4 +1,46 @@
-import type { ARPEvent, ARPConfig, LLMAssessment } from '../types';
+import type { ARPEvent, ARPConfig, CapabilityManifest, ComplyOnViolation, LLMAssessment } from '../types';
+import { type BehavioralRiskSource, type BehavioralRiskUnavailableCode } from './behavioral-risk';
+import type { GuardAnomalySource } from './guard-anomaly';
+/**
+ * Reason the comply gate denied a classified event. `prohibited` means the
+ * class is on the explicit deny list; `unknown` means the class is not on
+ * the allow list and parse-to-deny applies (per CR-001).
+ */
+export type ComplyDenyReason = 'prohibited' | 'unknown';
+/**
+ * Record written to `event.data.behavioralRisk` by the coordinator after
+ * it queries the behavioral twin. The ok branch carries the fused score
+ * and the band the coordinator used; the unavailable branch carries a
+ * code so downstream audit can tell a healthy 0.0 from an IPC outage.
+ *
+ * The coordinator's unavailable policy is record-and-ignore: an IPC
+ * failure is not evidence of threat, so severity is not mutated. A
+ * deployment that wants a stricter policy can layer it on top by
+ * reading `event.data.behavioralRisk` after analyze() returns.
+ */
+export type BehavioralRiskRecord = {
+    status: 'ok';
+    score: number;
+    action: 'allow' | 'alert' | 'throttle' | 'suspend' | 'kill';
+    source: string;
+    band: 'low' | 'elevated' | 'high' | 'critical';
+} | {
+    status: 'unavailable';
+    code: BehavioralRiskUnavailableCode;
+};
+/**
+ * Structured record of a comply gate decision. Written to `event.data.comply`
+ * so downstream enforcement can route on the reason without re-checking the
+ * manifest, and so tests can assert the outcome without scraping logs.
+ */
+export interface ComplyDecision {
+    /** Classification label the gate evaluated. */
+    classification: string;
+    /** Reason for the deny: `prohibited` or `unknown` (parse-to-deny). */
+    reason: ComplyDenyReason;
+    /** Action routed from the manifest's `comply.on_violation` field. */
+    action: ComplyOnViolation;
+}
 /**
  * The 3-Layer Intelligence Coordinator.
  *
@@ -16,7 +58,56 @@ export declare class IntelligenceCoordinator {
     private adapter;
     private batchQueue;
     private batchTimer?;
-    constructor(arpConfig: ARPConfig, dataDir: string);
+    /**
+     * Capability manifest used to enforce the `comply` envelope on classified
+     * events. Optional: when null the comply gate is inert and the coordinator
+     * runs the L0/L1/L2 stack unchanged.
+     */
+    private manifest;
+    /**
+     * Optional behavioral risk source. When set, `analyze()` fuses the
+     * signal returned by the source with the classification decision after
+     * the comply gate and before L1 statistical. When null, the coordinator
+     * runs the L0/L1/L2 stack unchanged. See `behavioral-risk.ts` for the
+     * IPC contract and the two shipping implementations.
+     */
+    private behavioralRiskSource;
+    /**
+     * Optional guard anomaly (classification drift) detector. When set,
+     * `analyze()` records every classified event's label before the
+     * comply gate runs, so drift observations include denied attempts.
+     * Drift state is written to `event.data.guardAnomaly` in every
+     * branch (baseline-pending, normal, drift); only the drift branch
+     * raises severity. See `guard-anomaly.ts` for the bounded memory
+     * contract and the chi-square drift model.
+     */
+    private guardAnomaly;
+    constructor(arpConfig: ARPConfig, dataDir: string, manifest?: CapabilityManifest | null, behavioralRiskSource?: BehavioralRiskSource | null, guardAnomaly?: GuardAnomalySource | null);
+    /**
+     * Replace or clear the capability manifest used for the comply gate.
+     * Exposed so the hosting runtime (e.g. the ARP proxy) can reload the
+     * manifest without tearing down the coordinator.
+     */
+    setCapabilityManifest(manifest: CapabilityManifest | null): void;
+    /** The currently installed manifest, or null if none is set. */
+    getCapabilityManifest(): CapabilityManifest | null;
+    /**
+     * Replace or clear the behavioral risk source. Exposed so a hosting
+     * runtime can swap from an in-process source to a unix socket source
+     * (or vice versa) without tearing down the coordinator.
+     */
+    setBehavioralRiskSource(source: BehavioralRiskSource | null): void;
+    /** The currently installed behavioral risk source, or null. */
+    getBehavioralRiskSource(): BehavioralRiskSource | null;
+    /**
+     * Replace or clear the guard anomaly detector. Exposed so a
+     * hosting runtime can hot-swap the drift model (for example to
+     * install a refreshed baseline from the Registry) without tearing
+     * down the coordinator.
+     */
+    setGuardAnomaly(guardAnomaly: GuardAnomalySource | null): void;
+    /** The currently installed guard anomaly detector, or null. */
+    getGuardAnomaly(): GuardAnomalySource | null;
     /**
      * Analyze an event through the 3-layer stack.
      * Mutates the event's category, severity, and classifiedBy fields.

package/dist/arp/intelligence/coordinator.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"coordinator.d.ts","sourceRoot":"","sources":["../../../src/arp/intelligence/coordinator.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,QAAQ,EACR,SAAS,EAGT,aAAa,EAEd,MAAM,UAAU,CAAC;AAOlB;;;;;;;;GAQG;AACH,qBAAa,uBAAuB;IAClC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAqB;IAC5C,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAS;IACtC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAmB;IAC1C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAkB;IAC1C,OAAO,CAAC,OAAO,CAA2B;IAC1C,OAAO,CAAC,UAAU,CAAkB;IACpC,OAAO,CAAC,UAAU,CAAC,CAAgC;gBAEvC,SAAS,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM;IAuBjD;;;;OAIG;IACG,OAAO,CAAC,KAAK,EAAE,QAAQ,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IA8B7D,wBAAwB;IACxB,eAAe;;;;;;;;;IAIf,qDAAqD;IAC/C,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAW3B,OAAO,CAAC,kBAAkB;YAsBZ,aAAa;IAiC3B,OAAO,CAAC,aAAa;YAkBP,UAAU;CAezB"}
+{"version":3,"file":"coordinator.d.ts","sourceRoot":"","sources":["../../../src/arp/intelligence/coordinator.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,QAAQ,EACR,SAAS,EACT,kBAAkB,EAClB,iBAAiB,EAGjB,aAAa,EAGd,MAAM,UAAU,CAAC;AAIlB,OAAO,EAGL,KAAK,oBAAoB,EACzB,KAAK,6BAA6B,EACnC,MAAM,mBAAmB,CAAC;AAC3B,OAAO,KAAK,EAAE,kBAAkB,EAAsB,MAAM,iBAAiB,CAAC;AAI9E;;;;GAIG;AACH,MAAM,MAAM,gBAAgB,GAAG,YAAY,GAAG,SAAS,CAAC;AAExD;;;;;;;;;;GAUG;AACH,MAAM,MAAM,oBAAoB,GAC5B;IACE,MAAM,EAAE,IAAI,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,OAAO,GAAG,OAAO,GAAG,UAAU,GAAG,SAAS,GAAG,MAAM,CAAC;IAC5D,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,KAAK,GAAG,UAAU,GAAG,MAAM,GAAG,UAAU,CAAC;CAChD,GACD;IACE,MAAM,EAAE,aAAa,CAAC;IACtB,IAAI,EAAE,6BAA6B,CAAC;CACrC,CAAC;AAEN;;;;GAIG;AACH,MAAM,WAAW,cAAc;IAC7B,+CAA+C;IAC/C,cAAc,EAAE,MAAM,CAAC;IACvB,sEAAsE;IACtE,MAAM,EAAE,gBAAgB,CAAC;IACzB,qEAAqE;IACrE,MAAM,EAAE,iBAAiB,CAAC;CAC3B;AAED;;;;;;;;GAQG;AACH,qBAAa,uBAAuB;IAClC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAqB;IAC5C,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAS;IACtC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAmB;IAC1C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAkB;IAC1C,OAAO,CAAC,OAAO,CAA2B;IAC1C,OAAO,CAAC,UAAU,CAAkB;IACpC,OAAO,CAAC,UAAU,CAAC,CAAgC;IACnD;;;;OAIG;IACH,OAAO,CAAC,QAAQ,CAA4B;IAC5C;;;;;;OAMG;IACH,OAAO,CAAC,oBAAoB,CAA8B;IAC1D;;;;;;;;OAQG;IACH,OAAO,CAAC,YAAY,CAA4B;gBAG9C,SAAS,EAAE,SAAS,EACpB,OAAO,EAAE,MAAM,EACf,QAAQ,GAAE,kBAAkB,GAAG,IAAW,EAC1C,oBAAoB,GAAE,oBAAoB,GAAG,IAAW,EACxD,YAAY,GAAE,kBAAkB,GAAG,IAAW;IA2BhD;;;;OAIG;IACH,qBAAqB,CAAC,QAAQ,EAAE,kBAAkB,GAAG,IAAI,GAAG,IAAI;IAIhE,gEAAgE;IAChE,qBAAqB,IAAI,kBAAkB,GAAG,IAAI;IAIlD;;;;OAIG;IACH,uBAAuB,CAAC,MAAM,EAAE,oBAAoB,GAAG,IAAI,GAAG,IAAI;IAIlE,+DAA+D;IAC/D,uBAAuB,IAAI,oBAAoB,GAAG,IAAI;IAItD;;;;;OAKG;IACH,eAAe,CAAC,YAAY,EAAE,kBAAkB,GAAG,IAAI,GAAG,IAAI;IAI9D,+DAA+D;IAC/D,eAAe,IAAI,kBAAkB,GAAG,IAAI;IAI5C;;;;OAIG;IACG,OAAO,CAAC,KAAK,EAAE,QAAQ,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IAkE7D,wBAAwB;IACxB,eAAe;;;;;;;;;IAIf,qDAAqD;IAC/C,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAW3B,OAAO,CAAC,kBAAkB;YAsBZ,aAAa;IAiC3B,OAAO,CAAC,aAAa;YAkBP,UAAU;CAezB"}