limen-ai 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +47 -0
- package/LICENSE +190 -0
- package/README.md +546 -0
- package/dist/api/agents/agent_api.d.ts +126 -0
- package/dist/api/agents/agent_api.d.ts.map +1 -0
- package/dist/api/agents/agent_api.js +467 -0
- package/dist/api/agents/agent_api.js.map +1 -0
- package/dist/api/agents/trust_progression.d.ts +78 -0
- package/dist/api/agents/trust_progression.d.ts.map +1 -0
- package/dist/api/agents/trust_progression.js +124 -0
- package/dist/api/agents/trust_progression.js.map +1 -0
- package/dist/api/chat/chat_pipeline.d.ts +91 -0
- package/dist/api/chat/chat_pipeline.d.ts.map +1 -0
- package/dist/api/chat/chat_pipeline.js +630 -0
- package/dist/api/chat/chat_pipeline.js.map +1 -0
- package/dist/api/chat/technique_injector.d.ts +86 -0
- package/dist/api/chat/technique_injector.d.ts.map +1 -0
- package/dist/api/chat/technique_injector.js +125 -0
- package/dist/api/chat/technique_injector.js.map +1 -0
- package/dist/api/data/data_api.d.ts +91 -0
- package/dist/api/data/data_api.d.ts.map +1 -0
- package/dist/api/data/data_api.js +306 -0
- package/dist/api/data/data_api.js.map +1 -0
- package/dist/api/enforcement/cost_tracker.d.ts +105 -0
- package/dist/api/enforcement/cost_tracker.d.ts.map +1 -0
- package/dist/api/enforcement/cost_tracker.js +227 -0
- package/dist/api/enforcement/cost_tracker.js.map +1 -0
- package/dist/api/enforcement/latency_harness.d.ts +94 -0
- package/dist/api/enforcement/latency_harness.d.ts.map +1 -0
- package/dist/api/enforcement/latency_harness.js +120 -0
- package/dist/api/enforcement/latency_harness.js.map +1 -0
- package/dist/api/enforcement/rate_guard.d.ts +52 -0
- package/dist/api/enforcement/rate_guard.d.ts.map +1 -0
- package/dist/api/enforcement/rate_guard.js +79 -0
- package/dist/api/enforcement/rate_guard.js.map +1 -0
- package/dist/api/enforcement/rbac_guard.d.ts +55 -0
- package/dist/api/enforcement/rbac_guard.d.ts.map +1 -0
- package/dist/api/enforcement/rbac_guard.js +77 -0
- package/dist/api/enforcement/rbac_guard.js.map +1 -0
- package/dist/api/errors/limen_error.d.ts +81 -0
- package/dist/api/errors/limen_error.d.ts.map +1 -0
- package/dist/api/errors/limen_error.js +324 -0
- package/dist/api/errors/limen_error.js.map +1 -0
- package/dist/api/facades/claim_facade.d.ts +47 -0
- package/dist/api/facades/claim_facade.d.ts.map +1 -0
- package/dist/api/facades/claim_facade.js +67 -0
- package/dist/api/facades/claim_facade.js.map +1 -0
- package/dist/api/facades/working_memory_facade.d.ts +47 -0
- package/dist/api/facades/working_memory_facade.d.ts.map +1 -0
- package/dist/api/facades/working_memory_facade.js +74 -0
- package/dist/api/facades/working_memory_facade.js.map +1 -0
- package/dist/api/governance/governed_orchestration.d.ts +76 -0
- package/dist/api/governance/governed_orchestration.d.ts.map +1 -0
- package/dist/api/governance/governed_orchestration.js +413 -0
- package/dist/api/governance/governed_orchestration.js.map +1 -0
- package/dist/api/index.d.ts +84 -0
- package/dist/api/index.d.ts.map +1 -0
- package/dist/api/index.js +847 -0
- package/dist/api/index.js.map +1 -0
- package/dist/api/infer/infer_pipeline.d.ts +51 -0
- package/dist/api/infer/infer_pipeline.d.ts.map +1 -0
- package/dist/api/infer/infer_pipeline.js +291 -0
- package/dist/api/infer/infer_pipeline.js.map +1 -0
- package/dist/api/interfaces/api.d.ts +940 -0
- package/dist/api/interfaces/api.d.ts.map +1 -0
- package/dist/api/interfaces/api.js +21 -0
- package/dist/api/interfaces/api.js.map +1 -0
- package/dist/api/knowledge/knowledge_api.d.ts +55 -0
- package/dist/api/knowledge/knowledge_api.d.ts.map +1 -0
- package/dist/api/knowledge/knowledge_api.js +89 -0
- package/dist/api/knowledge/knowledge_api.js.map +1 -0
- package/dist/api/migration/023_agent_persistence.d.ts +32 -0
- package/dist/api/migration/023_agent_persistence.d.ts.map +1 -0
- package/dist/api/migration/023_agent_persistence.js +158 -0
- package/dist/api/migration/023_agent_persistence.js.map +1 -0
- package/dist/api/migration/024_trust_learning.d.ts +36 -0
- package/dist/api/migration/024_trust_learning.d.ts.map +1 -0
- package/dist/api/migration/024_trust_learning.js +194 -0
- package/dist/api/migration/024_trust_learning.js.map +1 -0
- package/dist/api/migration/025_knowledge_graph.d.ts +29 -0
- package/dist/api/migration/025_knowledge_graph.d.ts.map +1 -0
- package/dist/api/migration/025_knowledge_graph.js +97 -0
- package/dist/api/migration/025_knowledge_graph.js.map +1 -0
- package/dist/api/migration/026_replay_pipeline.d.ts +30 -0
- package/dist/api/migration/026_replay_pipeline.d.ts.map +1 -0
- package/dist/api/migration/026_replay_pipeline.js +118 -0
- package/dist/api/migration/026_replay_pipeline.js.map +1 -0
- package/dist/api/missions/mission_api.d.ts +74 -0
- package/dist/api/missions/mission_api.d.ts.map +1 -0
- package/dist/api/missions/mission_api.js +408 -0
- package/dist/api/missions/mission_api.js.map +1 -0
- package/dist/api/observability/health.d.ts +36 -0
- package/dist/api/observability/health.d.ts.map +1 -0
- package/dist/api/observability/health.js +92 -0
- package/dist/api/observability/health.js.map +1 -0
- package/dist/api/observability/metrics.d.ts +95 -0
- package/dist/api/observability/metrics.d.ts.map +1 -0
- package/dist/api/observability/metrics.js +260 -0
- package/dist/api/observability/metrics.js.map +1 -0
- package/dist/api/roles/roles_api.d.ts +45 -0
- package/dist/api/roles/roles_api.d.ts.map +1 -0
- package/dist/api/roles/roles_api.js +77 -0
- package/dist/api/roles/roles_api.js.map +1 -0
- package/dist/api/sessions/session_manager.d.ts +110 -0
- package/dist/api/sessions/session_manager.d.ts.map +1 -0
- package/dist/api/sessions/session_manager.js +278 -0
- package/dist/api/sessions/session_manager.js.map +1 -0
- package/dist/budget/harness/dba_harness.d.ts +36 -0
- package/dist/budget/harness/dba_harness.d.ts.map +1 -0
- package/dist/budget/harness/dba_harness.js +58 -0
- package/dist/budget/harness/dba_harness.js.map +1 -0
- package/dist/budget/impl/dba_impl.d.ts +47 -0
- package/dist/budget/impl/dba_impl.d.ts.map +1 -0
- package/dist/budget/impl/dba_impl.js +402 -0
- package/dist/budget/impl/dba_impl.js.map +1 -0
- package/dist/budget/interfaces/dba_types.d.ts +708 -0
- package/dist/budget/interfaces/dba_types.d.ts.map +1 -0
- package/dist/budget/interfaces/dba_types.js +124 -0
- package/dist/budget/interfaces/dba_types.js.map +1 -0
- package/dist/claims/evidence/capability_scope_validator.d.ts +32 -0
- package/dist/claims/evidence/capability_scope_validator.d.ts.map +1 -0
- package/dist/claims/evidence/capability_scope_validator.js +72 -0
- package/dist/claims/evidence/capability_scope_validator.js.map +1 -0
- package/dist/claims/evidence/evidence_validator.d.ts +35 -0
- package/dist/claims/evidence/evidence_validator.d.ts.map +1 -0
- package/dist/claims/evidence/evidence_validator.js +118 -0
- package/dist/claims/evidence/evidence_validator.js.map +1 -0
- package/dist/claims/harness/claim_harness.d.ts +22 -0
- package/dist/claims/harness/claim_harness.d.ts.map +1 -0
- package/dist/claims/harness/claim_harness.js +26 -0
- package/dist/claims/harness/claim_harness.js.map +1 -0
- package/dist/claims/interfaces/claim_types.d.ts +858 -0
- package/dist/claims/interfaces/claim_types.d.ts.map +1 -0
- package/dist/claims/interfaces/claim_types.js +201 -0
- package/dist/claims/interfaces/claim_types.js.map +1 -0
- package/dist/claims/migration/019_ccp_claims.d.ts +23 -0
- package/dist/claims/migration/019_ccp_claims.d.ts.map +1 -0
- package/dist/claims/migration/019_ccp_claims.js +196 -0
- package/dist/claims/migration/019_ccp_claims.js.map +1 -0
- package/dist/claims/store/claim_stores.d.ts +27 -0
- package/dist/claims/store/claim_stores.d.ts.map +1 -0
- package/dist/claims/store/claim_stores.js +1352 -0
- package/dist/claims/store/claim_stores.js.map +1 -0
- package/dist/context/harness/cgp_harness.d.ts +32 -0
- package/dist/context/harness/cgp_harness.d.ts.map +1 -0
- package/dist/context/harness/cgp_harness.js +295 -0
- package/dist/context/harness/cgp_harness.js.map +1 -0
- package/dist/context/interfaces/cgp_types.d.ts +905 -0
- package/dist/context/interfaces/cgp_types.d.ts.map +1 -0
- package/dist/context/interfaces/cgp_types.js +112 -0
- package/dist/context/interfaces/cgp_types.js.map +1 -0
- package/dist/context/stores/cgp_stores.d.ts +42 -0
- package/dist/context/stores/cgp_stores.d.ts.map +1 -0
- package/dist/context/stores/cgp_stores.js +856 -0
- package/dist/context/stores/cgp_stores.js.map +1 -0
- package/dist/execution/harness/egp_harness.d.ts +43 -0
- package/dist/execution/harness/egp_harness.d.ts.map +1 -0
- package/dist/execution/harness/egp_harness.js +54 -0
- package/dist/execution/harness/egp_harness.js.map +1 -0
- package/dist/execution/interfaces/egp_types.d.ts +1042 -0
- package/dist/execution/interfaces/egp_types.d.ts.map +1 -0
- package/dist/execution/interfaces/egp_types.js +195 -0
- package/dist/execution/interfaces/egp_types.js.map +1 -0
- package/dist/execution/stores/egp_stores.d.ts +29 -0
- package/dist/execution/stores/egp_stores.d.ts.map +1 -0
- package/dist/execution/stores/egp_stores.js +1250 -0
- package/dist/execution/stores/egp_stores.js.map +1 -0
- package/dist/execution/wiring/execution_gate.d.ts +56 -0
- package/dist/execution/wiring/execution_gate.d.ts.map +1 -0
- package/dist/execution/wiring/execution_gate.js +77 -0
- package/dist/execution/wiring/execution_gate.js.map +1 -0
- package/dist/execution/wiring/floor_enforcer.d.ts +68 -0
- package/dist/execution/wiring/floor_enforcer.d.ts.map +1 -0
- package/dist/execution/wiring/floor_enforcer.js +96 -0
- package/dist/execution/wiring/floor_enforcer.js.map +1 -0
- package/dist/execution/wiring/invocation_gate.d.ts +58 -0
- package/dist/execution/wiring/invocation_gate.d.ts.map +1 -0
- package/dist/execution/wiring/invocation_gate.js +69 -0
- package/dist/execution/wiring/invocation_gate.js.map +1 -0
- package/dist/execution/wiring/terminal_release.d.ts +56 -0
- package/dist/execution/wiring/terminal_release.d.ts.map +1 -0
- package/dist/execution/wiring/terminal_release.js +85 -0
- package/dist/execution/wiring/terminal_release.js.map +1 -0
- package/dist/governance/harness/governance_harness.d.ts +54 -0
- package/dist/governance/harness/governance_harness.d.ts.map +1 -0
- package/dist/governance/harness/governance_harness.js +60 -0
- package/dist/governance/harness/governance_harness.js.map +1 -0
- package/dist/governance/migration/012_governance_runs_traces.d.ts +21 -0
- package/dist/governance/migration/012_governance_runs_traces.d.ts.map +1 -0
- package/dist/governance/migration/012_governance_runs_traces.js +115 -0
- package/dist/governance/migration/012_governance_runs_traces.js.map +1 -0
- package/dist/governance/migration/013_governance_contracts.d.ts +18 -0
- package/dist/governance/migration/013_governance_contracts.d.ts.map +1 -0
- package/dist/governance/migration/013_governance_contracts.js +59 -0
- package/dist/governance/migration/013_governance_contracts.js.map +1 -0
- package/dist/governance/migration/014_governance_supervisor.d.ts +16 -0
- package/dist/governance/migration/014_governance_supervisor.d.ts.map +1 -0
- package/dist/governance/migration/014_governance_supervisor.js +75 -0
- package/dist/governance/migration/014_governance_supervisor.js.map +1 -0
- package/dist/governance/migration/015_governance_eval.d.ts +18 -0
- package/dist/governance/migration/015_governance_eval.d.ts.map +1 -0
- package/dist/governance/migration/015_governance_eval.js +65 -0
- package/dist/governance/migration/015_governance_eval.js.map +1 -0
- package/dist/governance/migration/016_governance_capabilities.d.ts +16 -0
- package/dist/governance/migration/016_governance_capabilities.d.ts.map +1 -0
- package/dist/governance/migration/016_governance_capabilities.js +60 -0
- package/dist/governance/migration/016_governance_capabilities.js.map +1 -0
- package/dist/governance/migration/017_governance_handoffs_idempotency.d.ts +20 -0
- package/dist/governance/migration/017_governance_handoffs_idempotency.d.ts.map +1 -0
- package/dist/governance/migration/017_governance_handoffs_idempotency.js +103 -0
- package/dist/governance/migration/017_governance_handoffs_idempotency.js.map +1 -0
- package/dist/governance/migration/018_supervisor_decision_delete_trigger.d.ts +17 -0
- package/dist/governance/migration/018_supervisor_decision_delete_trigger.d.ts.map +1 -0
- package/dist/governance/migration/018_supervisor_decision_delete_trigger.js +37 -0
- package/dist/governance/migration/018_supervisor_decision_delete_trigger.js.map +1 -0
- package/dist/governance/stores/governance_stores.d.ts +78 -0
- package/dist/governance/stores/governance_stores.d.ts.map +1 -0
- package/dist/governance/stores/governance_stores.js +1117 -0
- package/dist/governance/stores/governance_stores.js.map +1 -0
- package/dist/kernel/audit/audit_trail.d.ts +24 -0
- package/dist/kernel/audit/audit_trail.d.ts.map +1 -0
- package/dist/kernel/audit/audit_trail.js +569 -0
- package/dist/kernel/audit/audit_trail.js.map +1 -0
- package/dist/kernel/crypto/crypto_engine.d.ts +49 -0
- package/dist/kernel/crypto/crypto_engine.d.ts.map +1 -0
- package/dist/kernel/crypto/crypto_engine.js +350 -0
- package/dist/kernel/crypto/crypto_engine.js.map +1 -0
- package/dist/kernel/database/database_lifecycle.d.ts +24 -0
- package/dist/kernel/database/database_lifecycle.d.ts.map +1 -0
- package/dist/kernel/database/database_lifecycle.js +404 -0
- package/dist/kernel/database/database_lifecycle.js.map +1 -0
- package/dist/kernel/database/migrations.d.ts +21 -0
- package/dist/kernel/database/migrations.d.ts.map +1 -0
- package/dist/kernel/database/migrations.js +407 -0
- package/dist/kernel/database/migrations.js.map +1 -0
- package/dist/kernel/events/event_bus.d.ts +25 -0
- package/dist/kernel/events/event_bus.d.ts.map +1 -0
- package/dist/kernel/events/event_bus.js +302 -0
- package/dist/kernel/events/event_bus.js.map +1 -0
- package/dist/kernel/events/webhook_delivery.d.ts +90 -0
- package/dist/kernel/events/webhook_delivery.d.ts.map +1 -0
- package/dist/kernel/events/webhook_delivery.js +324 -0
- package/dist/kernel/events/webhook_delivery.js.map +1 -0
- package/dist/kernel/index.d.ts +39 -0
- package/dist/kernel/index.d.ts.map +1 -0
- package/dist/kernel/index.js +263 -0
- package/dist/kernel/index.js.map +1 -0
- package/dist/kernel/interfaces/audit.d.ts +146 -0
- package/dist/kernel/interfaces/audit.d.ts.map +1 -0
- package/dist/kernel/interfaces/audit.js +15 -0
- package/dist/kernel/interfaces/audit.js.map +1 -0
- package/dist/kernel/interfaces/capability_manifest.d.ts +104 -0
- package/dist/kernel/interfaces/capability_manifest.d.ts.map +1 -0
- package/dist/kernel/interfaces/capability_manifest.js +44 -0
- package/dist/kernel/interfaces/capability_manifest.js.map +1 -0
- package/dist/kernel/interfaces/common.d.ts +91 -0
- package/dist/kernel/interfaces/common.d.ts.map +1 -0
- package/dist/kernel/interfaces/common.js +10 -0
- package/dist/kernel/interfaces/common.js.map +1 -0
- package/dist/kernel/interfaces/crypto.d.ts +95 -0
- package/dist/kernel/interfaces/crypto.d.ts.map +1 -0
- package/dist/kernel/interfaces/crypto.js +14 -0
- package/dist/kernel/interfaces/crypto.js.map +1 -0
- package/dist/kernel/interfaces/database.d.ts +157 -0
- package/dist/kernel/interfaces/database.d.ts.map +1 -0
- package/dist/kernel/interfaces/database.js +10 -0
- package/dist/kernel/interfaces/database.js.map +1 -0
- package/dist/kernel/interfaces/eval.d.ts +93 -0
- package/dist/kernel/interfaces/eval.d.ts.map +1 -0
- package/dist/kernel/interfaces/eval.js +17 -0
- package/dist/kernel/interfaces/eval.js.map +1 -0
- package/dist/kernel/interfaces/events.d.ts +73 -0
- package/dist/kernel/interfaces/events.d.ts.map +1 -0
- package/dist/kernel/interfaces/events.js +13 -0
- package/dist/kernel/interfaces/events.js.map +1 -0
- package/dist/kernel/interfaces/governance_ids.d.ts +93 -0
- package/dist/kernel/interfaces/governance_ids.d.ts.map +1 -0
- package/dist/kernel/interfaces/governance_ids.js +18 -0
- package/dist/kernel/interfaces/governance_ids.js.map +1 -0
- package/dist/kernel/interfaces/idempotency.d.ts +143 -0
- package/dist/kernel/interfaces/idempotency.d.ts.map +1 -0
- package/dist/kernel/interfaces/idempotency.js +22 -0
- package/dist/kernel/interfaces/idempotency.js.map +1 -0
- package/dist/kernel/interfaces/index.d.ts +29 -0
- package/dist/kernel/interfaces/index.d.ts.map +1 -0
- package/dist/kernel/interfaces/index.js +9 -0
- package/dist/kernel/interfaces/index.js.map +1 -0
- package/dist/kernel/interfaces/kernel.d.ts +79 -0
- package/dist/kernel/interfaces/kernel.d.ts.map +1 -0
- package/dist/kernel/interfaces/kernel.js +13 -0
- package/dist/kernel/interfaces/kernel.js.map +1 -0
- package/dist/kernel/interfaces/lifecycle.d.ts +115 -0
- package/dist/kernel/interfaces/lifecycle.d.ts.map +1 -0
- package/dist/kernel/interfaces/lifecycle.js +53 -0
- package/dist/kernel/interfaces/lifecycle.js.map +1 -0
- package/dist/kernel/interfaces/mission_contract.d.ts +106 -0
- package/dist/kernel/interfaces/mission_contract.d.ts.map +1 -0
- package/dist/kernel/interfaces/mission_contract.js +20 -0
- package/dist/kernel/interfaces/mission_contract.js.map +1 -0
- package/dist/kernel/interfaces/namespace.d.ts +30 -0
- package/dist/kernel/interfaces/namespace.d.ts.map +1 -0
- package/dist/kernel/interfaces/namespace.js +12 -0
- package/dist/kernel/interfaces/namespace.js.map +1 -0
- package/dist/kernel/interfaces/rate_limiter.d.ts +42 -0
- package/dist/kernel/interfaces/rate_limiter.d.ts.map +1 -0
- package/dist/kernel/interfaces/rate_limiter.js +12 -0
- package/dist/kernel/interfaces/rate_limiter.js.map +1 -0
- package/dist/kernel/interfaces/rbac.d.ts +58 -0
- package/dist/kernel/interfaces/rbac.d.ts.map +1 -0
- package/dist/kernel/interfaces/rbac.js +13 -0
- package/dist/kernel/interfaces/rbac.js.map +1 -0
- package/dist/kernel/interfaces/retention.d.ts +58 -0
- package/dist/kernel/interfaces/retention.d.ts.map +1 -0
- package/dist/kernel/interfaces/retention.js +13 -0
- package/dist/kernel/interfaces/retention.js.map +1 -0
- package/dist/kernel/interfaces/run_identity.d.ts +132 -0
- package/dist/kernel/interfaces/run_identity.d.ts.map +1 -0
- package/dist/kernel/interfaces/run_identity.js +16 -0
- package/dist/kernel/interfaces/run_identity.js.map +1 -0
- package/dist/kernel/interfaces/supervisor.d.ts +175 -0
- package/dist/kernel/interfaces/supervisor.d.ts.map +1 -0
- package/dist/kernel/interfaces/supervisor.js +25 -0
- package/dist/kernel/interfaces/supervisor.js.map +1 -0
- package/dist/kernel/interfaces/tenant.d.ts +34 -0
- package/dist/kernel/interfaces/tenant.d.ts.map +1 -0
- package/dist/kernel/interfaces/tenant.js +12 -0
- package/dist/kernel/interfaces/tenant.js.map +1 -0
- package/dist/kernel/interfaces/time.d.ts +29 -0
- package/dist/kernel/interfaces/time.d.ts.map +1 -0
- package/dist/kernel/interfaces/time.js +13 -0
- package/dist/kernel/interfaces/time.js.map +1 -0
- package/dist/kernel/interfaces/trace.d.ts +264 -0
- package/dist/kernel/interfaces/trace.d.ts.map +1 -0
- package/dist/kernel/interfaces/trace.js +17 -0
- package/dist/kernel/interfaces/trace.js.map +1 -0
- package/dist/kernel/namespace/namespace_enforcer.d.ts +20 -0
- package/dist/kernel/namespace/namespace_enforcer.d.ts.map +1 -0
- package/dist/kernel/namespace/namespace_enforcer.js +91 -0
- package/dist/kernel/namespace/namespace_enforcer.js.map +1 -0
- package/dist/kernel/rate_limiter/rate_limiter.d.ts +23 -0
- package/dist/kernel/rate_limiter/rate_limiter.d.ts.map +1 -0
- package/dist/kernel/rate_limiter/rate_limiter.js +146 -0
- package/dist/kernel/rate_limiter/rate_limiter.js.map +1 -0
- package/dist/kernel/rbac/rbac_engine.d.ts +20 -0
- package/dist/kernel/rbac/rbac_engine.d.ts.map +1 -0
- package/dist/kernel/rbac/rbac_engine.js +257 -0
- package/dist/kernel/rbac/rbac_engine.js.map +1 -0
- package/dist/kernel/retention/retention_scheduler.d.ts +41 -0
- package/dist/kernel/retention/retention_scheduler.d.ts.map +1 -0
- package/dist/kernel/retention/retention_scheduler.js +218 -0
- package/dist/kernel/retention/retention_scheduler.js.map +1 -0
- package/dist/kernel/tenant/tenant_context.d.ts +22 -0
- package/dist/kernel/tenant/tenant_context.d.ts.map +1 -0
- package/dist/kernel/tenant/tenant_context.js +107 -0
- package/dist/kernel/tenant/tenant_context.js.map +1 -0
- package/dist/kernel/tenant/tenant_scope.d.ts +81 -0
- package/dist/kernel/tenant/tenant_scope.d.ts.map +1 -0
- package/dist/kernel/tenant/tenant_scope.js +168 -0
- package/dist/kernel/tenant/tenant_scope.js.map +1 -0
- package/dist/kernel/time/time_provider.d.ts +39 -0
- package/dist/kernel/time/time_provider.d.ts.map +1 -0
- package/dist/kernel/time/time_provider.js +58 -0
- package/dist/kernel/time/time_provider.js.map +1 -0
- package/dist/learning/applicator/technique_applicator.d.ts +41 -0
- package/dist/learning/applicator/technique_applicator.d.ts.map +1 -0
- package/dist/learning/applicator/technique_applicator.js +200 -0
- package/dist/learning/applicator/technique_applicator.js.map +1 -0
- package/dist/learning/cold_start/cold_start_manager.d.ts +35 -0
- package/dist/learning/cold_start/cold_start_manager.d.ts.map +1 -0
- package/dist/learning/cold_start/cold_start_manager.js +146 -0
- package/dist/learning/cold_start/cold_start_manager.js.map +1 -0
- package/dist/learning/cycle/learning_cycle_orchestrator.d.ts +45 -0
- package/dist/learning/cycle/learning_cycle_orchestrator.d.ts.map +1 -0
- package/dist/learning/cycle/learning_cycle_orchestrator.js +165 -0
- package/dist/learning/cycle/learning_cycle_orchestrator.js.map +1 -0
- package/dist/learning/extractor/technique_extractor.d.ts +48 -0
- package/dist/learning/extractor/technique_extractor.d.ts.map +1 -0
- package/dist/learning/extractor/technique_extractor.js +357 -0
- package/dist/learning/extractor/technique_extractor.js.map +1 -0
- package/dist/learning/harness/learning_harness.d.ts +26 -0
- package/dist/learning/harness/learning_harness.d.ts.map +1 -0
- package/dist/learning/harness/learning_harness.js +58 -0
- package/dist/learning/harness/learning_harness.js.map +1 -0
- package/dist/learning/interfaces/index.d.ts +7 -0
- package/dist/learning/interfaces/index.d.ts.map +1 -0
- package/dist/learning/interfaces/index.js +10 -0
- package/dist/learning/interfaces/index.js.map +1 -0
- package/dist/learning/interfaces/learning_types.d.ts +398 -0
- package/dist/learning/interfaces/learning_types.d.ts.map +1 -0
- package/dist/learning/interfaces/learning_types.js +69 -0
- package/dist/learning/interfaces/learning_types.js.map +1 -0
- package/dist/learning/migration/007_learning_techniques.d.ts +23 -0
- package/dist/learning/migration/007_learning_techniques.d.ts.map +1 -0
- package/dist/learning/migration/007_learning_techniques.js +86 -0
- package/dist/learning/migration/007_learning_techniques.js.map +1 -0
- package/dist/learning/migration/008_learning_outcomes.d.ts +23 -0
- package/dist/learning/migration/008_learning_outcomes.d.ts.map +1 -0
- package/dist/learning/migration/008_learning_outcomes.js +79 -0
- package/dist/learning/migration/008_learning_outcomes.js.map +1 -0
- package/dist/learning/migration/009_learning_applications.d.ts +25 -0
- package/dist/learning/migration/009_learning_applications.d.ts.map +1 -0
- package/dist/learning/migration/009_learning_applications.js +82 -0
- package/dist/learning/migration/009_learning_applications.js.map +1 -0
- package/dist/learning/migration/010_learning_quarantine.d.ts +22 -0
- package/dist/learning/migration/010_learning_quarantine.d.ts.map +1 -0
- package/dist/learning/migration/010_learning_quarantine.js +78 -0
- package/dist/learning/migration/010_learning_quarantine.js.map +1 -0
- package/dist/learning/migration/011_learning_transfers.d.ts +22 -0
- package/dist/learning/migration/011_learning_transfers.d.ts.map +1 -0
- package/dist/learning/migration/011_learning_transfers.js +77 -0
- package/dist/learning/migration/011_learning_transfers.js.map +1 -0
- package/dist/learning/quarantine/quarantine_manager.d.ts +34 -0
- package/dist/learning/quarantine/quarantine_manager.d.ts.map +1 -0
- package/dist/learning/quarantine/quarantine_manager.js +200 -0
- package/dist/learning/quarantine/quarantine_manager.js.map +1 -0
- package/dist/learning/retirement/retirement_evaluator.d.ts +35 -0
- package/dist/learning/retirement/retirement_evaluator.d.ts.map +1 -0
- package/dist/learning/retirement/retirement_evaluator.js +131 -0
- package/dist/learning/retirement/retirement_evaluator.js.map +1 -0
- package/dist/learning/specialization/over_specialization_detector.d.ts +32 -0
- package/dist/learning/specialization/over_specialization_detector.d.ts.map +1 -0
- package/dist/learning/specialization/over_specialization_detector.js +105 -0
- package/dist/learning/specialization/over_specialization_detector.js.map +1 -0
- package/dist/learning/store/technique_store.d.ts +22 -0
- package/dist/learning/store/technique_store.d.ts.map +1 -0
- package/dist/learning/store/technique_store.js +369 -0
- package/dist/learning/store/technique_store.js.map +1 -0
- package/dist/learning/tracker/effectiveness_tracker.d.ts +26 -0
- package/dist/learning/tracker/effectiveness_tracker.d.ts.map +1 -0
- package/dist/learning/tracker/effectiveness_tracker.js +158 -0
- package/dist/learning/tracker/effectiveness_tracker.js.map +1 -0
- package/dist/learning/transfer/cross_agent_transfer.d.ts +35 -0
- package/dist/learning/transfer/cross_agent_transfer.d.ts.map +1 -0
- package/dist/learning/transfer/cross_agent_transfer.js +245 -0
- package/dist/learning/transfer/cross_agent_transfer.js.map +1 -0
- package/dist/orchestration/artifacts/artifact_store.d.ts +19 -0
- package/dist/orchestration/artifacts/artifact_store.d.ts.map +1 -0
- package/dist/orchestration/artifacts/artifact_store.js +213 -0
- package/dist/orchestration/artifacts/artifact_store.js.map +1 -0
- package/dist/orchestration/artifacts/cascade_walker.d.ts +39 -0
- package/dist/orchestration/artifacts/cascade_walker.d.ts.map +1 -0
- package/dist/orchestration/artifacts/cascade_walker.js +107 -0
- package/dist/orchestration/artifacts/cascade_walker.js.map +1 -0
- package/dist/orchestration/budget/budget_governance.d.ts +20 -0
- package/dist/orchestration/budget/budget_governance.d.ts.map +1 -0
- package/dist/orchestration/budget/budget_governance.js +182 -0
- package/dist/orchestration/budget/budget_governance.js.map +1 -0
- package/dist/orchestration/checkpoints/checkpoint_coordinator.d.ts +22 -0
- package/dist/orchestration/checkpoints/checkpoint_coordinator.d.ts.map +1 -0
- package/dist/orchestration/checkpoints/checkpoint_coordinator.js +252 -0
- package/dist/orchestration/checkpoints/checkpoint_coordinator.js.map +1 -0
- package/dist/orchestration/checkpoints/drift_engine.d.ts +52 -0
- package/dist/orchestration/checkpoints/drift_engine.d.ts.map +1 -0
- package/dist/orchestration/checkpoints/drift_engine.js +126 -0
- package/dist/orchestration/checkpoints/drift_engine.js.map +1 -0
- package/dist/orchestration/compaction/bounded_cognition.d.ts +22 -0
- package/dist/orchestration/compaction/bounded_cognition.d.ts.map +1 -0
- package/dist/orchestration/compaction/bounded_cognition.js +124 -0
- package/dist/orchestration/compaction/bounded_cognition.js.map +1 -0
- package/dist/orchestration/conversation/conversation_manager.d.ts +25 -0
- package/dist/orchestration/conversation/conversation_manager.d.ts.map +1 -0
- package/dist/orchestration/conversation/conversation_manager.js +260 -0
- package/dist/orchestration/conversation/conversation_manager.js.map +1 -0
- package/dist/orchestration/events/event_propagation.d.ts +20 -0
- package/dist/orchestration/events/event_propagation.d.ts.map +1 -0
- package/dist/orchestration/events/event_propagation.js +160 -0
- package/dist/orchestration/events/event_propagation.js.map +1 -0
- package/dist/orchestration/index.d.ts +28 -0
- package/dist/orchestration/index.d.ts.map +1 -0
- package/dist/orchestration/index.js +147 -0
- package/dist/orchestration/index.js.map +1 -0
- package/dist/orchestration/interfaces/orchestration.d.ts +494 -0
- package/dist/orchestration/interfaces/orchestration.d.ts.map +1 -0
- package/dist/orchestration/interfaces/orchestration.js +64 -0
- package/dist/orchestration/interfaces/orchestration.js.map +1 -0
- package/dist/orchestration/migration/003_orchestration.d.ts +27 -0
- package/dist/orchestration/migration/003_orchestration.d.ts.map +1 -0
- package/dist/orchestration/migration/003_orchestration.js +336 -0
- package/dist/orchestration/migration/003_orchestration.js.map +1 -0
- package/dist/orchestration/migration/004_tenant_isolation.d.ts +22 -0
- package/dist/orchestration/migration/004_tenant_isolation.d.ts.map +1 -0
- package/dist/orchestration/migration/004_tenant_isolation.js +179 -0
- package/dist/orchestration/migration/004_tenant_isolation.js.map +1 -0
- package/dist/orchestration/migration/005_immutability_triggers.d.ts +30 -0
- package/dist/orchestration/migration/005_immutability_triggers.d.ts.map +1 -0
- package/dist/orchestration/migration/005_immutability_triggers.js +93 -0
- package/dist/orchestration/migration/005_immutability_triggers.js.map +1 -0
- package/dist/orchestration/migration/006_audit_tombstone.d.ts +26 -0
- package/dist/orchestration/migration/006_audit_tombstone.d.ts.map +1 -0
- package/dist/orchestration/migration/006_audit_tombstone.js +71 -0
- package/dist/orchestration/migration/006_audit_tombstone.js.map +1 -0
- package/dist/orchestration/missions/mission_recovery.d.ts +60 -0
- package/dist/orchestration/missions/mission_recovery.d.ts.map +1 -0
- package/dist/orchestration/missions/mission_recovery.js +251 -0
- package/dist/orchestration/missions/mission_recovery.js.map +1 -0
- package/dist/orchestration/missions/mission_store.d.ts +16 -0
- package/dist/orchestration/missions/mission_store.d.ts.map +1 -0
- package/dist/orchestration/missions/mission_store.js +280 -0
- package/dist/orchestration/missions/mission_store.js.map +1 -0
- package/dist/orchestration/syscalls/create_artifact.d.ts +13 -0
- package/dist/orchestration/syscalls/create_artifact.d.ts.map +1 -0
- package/dist/orchestration/syscalls/create_artifact.js +23 -0
- package/dist/orchestration/syscalls/create_artifact.js.map +1 -0
- package/dist/orchestration/syscalls/emit_event.d.ts +13 -0
- package/dist/orchestration/syscalls/emit_event.d.ts.map +1 -0
- package/dist/orchestration/syscalls/emit_event.js +13 -0
- package/dist/orchestration/syscalls/emit_event.js.map +1 -0
- package/dist/orchestration/syscalls/propose_mission.d.ts +14 -0
- package/dist/orchestration/syscalls/propose_mission.d.ts.map +1 -0
- package/dist/orchestration/syscalls/propose_mission.js +27 -0
- package/dist/orchestration/syscalls/propose_mission.js.map +1 -0
- package/dist/orchestration/syscalls/propose_task_execution.d.ts +13 -0
- package/dist/orchestration/syscalls/propose_task_execution.d.ts.map +1 -0
- package/dist/orchestration/syscalls/propose_task_execution.js +84 -0
- package/dist/orchestration/syscalls/propose_task_execution.js.map +1 -0
- package/dist/orchestration/syscalls/propose_task_graph.d.ts +13 -0
- package/dist/orchestration/syscalls/propose_task_graph.d.ts.map +1 -0
- package/dist/orchestration/syscalls/propose_task_graph.js +22 -0
- package/dist/orchestration/syscalls/propose_task_graph.js.map +1 -0
- package/dist/orchestration/syscalls/read_artifact.d.ts +14 -0
- package/dist/orchestration/syscalls/read_artifact.d.ts.map +1 -0
- package/dist/orchestration/syscalls/read_artifact.js +31 -0
- package/dist/orchestration/syscalls/read_artifact.js.map +1 -0
- package/dist/orchestration/syscalls/request_budget.d.ts +14 -0
- package/dist/orchestration/syscalls/request_budget.d.ts.map +1 -0
- package/dist/orchestration/syscalls/request_budget.js +46 -0
- package/dist/orchestration/syscalls/request_budget.js.map +1 -0
- package/dist/orchestration/syscalls/request_capability.d.ts +13 -0
- package/dist/orchestration/syscalls/request_capability.d.ts.map +1 -0
- package/dist/orchestration/syscalls/request_capability.js +136 -0
- package/dist/orchestration/syscalls/request_capability.js.map +1 -0
- package/dist/orchestration/syscalls/respond_checkpoint.d.ts +12 -0
- package/dist/orchestration/syscalls/respond_checkpoint.d.ts.map +1 -0
- package/dist/orchestration/syscalls/respond_checkpoint.js +12 -0
- package/dist/orchestration/syscalls/respond_checkpoint.js.map +1 -0
- package/dist/orchestration/syscalls/submit_result.d.ts +15 -0
- package/dist/orchestration/syscalls/submit_result.d.ts.map +1 -0
- package/dist/orchestration/syscalls/submit_result.js +97 -0
- package/dist/orchestration/syscalls/submit_result.js.map +1 -0
- package/dist/orchestration/tasks/task_graph.d.ts +26 -0
- package/dist/orchestration/tasks/task_graph.d.ts.map +1 -0
- package/dist/orchestration/tasks/task_graph.js +204 -0
- package/dist/orchestration/tasks/task_graph.js.map +1 -0
- package/dist/orchestration/tasks/task_store.d.ts +18 -0
- package/dist/orchestration/tasks/task_store.d.ts.map +1 -0
- package/dist/orchestration/tasks/task_store.js +99 -0
- package/dist/orchestration/tasks/task_store.js.map +1 -0
- package/dist/reference-agent/artifact_manager.d.ts +119 -0
- package/dist/reference-agent/artifact_manager.d.ts.map +1 -0
- package/dist/reference-agent/artifact_manager.js +149 -0
- package/dist/reference-agent/artifact_manager.js.map +1 -0
- package/dist/reference-agent/checkpoint_handler.d.ts +186 -0
- package/dist/reference-agent/checkpoint_handler.d.ts.map +1 -0
- package/dist/reference-agent/checkpoint_handler.js +423 -0
- package/dist/reference-agent/checkpoint_handler.js.map +1 -0
- package/dist/reference-agent/index.d.ts +43 -0
- package/dist/reference-agent/index.d.ts.map +1 -0
- package/dist/reference-agent/index.js +53 -0
- package/dist/reference-agent/index.js.map +1 -0
- package/dist/reference-agent/mission_planner.d.ts +163 -0
- package/dist/reference-agent/mission_planner.d.ts.map +1 -0
- package/dist/reference-agent/mission_planner.js +375 -0
- package/dist/reference-agent/mission_planner.js.map +1 -0
- package/dist/reference-agent/reference_agent.d.ts +130 -0
- package/dist/reference-agent/reference_agent.d.ts.map +1 -0
- package/dist/reference-agent/reference_agent.js +360 -0
- package/dist/reference-agent/reference_agent.js.map +1 -0
- package/dist/reference-agent/reference_agent.types.d.ts +199 -0
- package/dist/reference-agent/reference_agent.types.d.ts.map +1 -0
- package/dist/reference-agent/reference_agent.types.js +59 -0
- package/dist/reference-agent/reference_agent.types.js.map +1 -0
- package/dist/reference-agent/result_aggregator.d.ts +107 -0
- package/dist/reference-agent/result_aggregator.d.ts.map +1 -0
- package/dist/reference-agent/result_aggregator.js +219 -0
- package/dist/reference-agent/result_aggregator.js.map +1 -0
- package/dist/reference-agent/system_call_client.d.ts +106 -0
- package/dist/reference-agent/system_call_client.d.ts.map +1 -0
- package/dist/reference-agent/system_call_client.js +231 -0
- package/dist/reference-agent/system_call_client.js.map +1 -0
- package/dist/reference-agent/task_executor.d.ts +108 -0
- package/dist/reference-agent/task_executor.d.ts.map +1 -0
- package/dist/reference-agent/task_executor.js +249 -0
- package/dist/reference-agent/task_executor.js.map +1 -0
- package/dist/substrate/accounting/resource_accounting.d.ts +52 -0
- package/dist/substrate/accounting/resource_accounting.d.ts.map +1 -0
- package/dist/substrate/accounting/resource_accounting.js +200 -0
- package/dist/substrate/accounting/resource_accounting.js.map +1 -0
- package/dist/substrate/adapters/capability_registry.d.ts +28 -0
- package/dist/substrate/adapters/capability_registry.d.ts.map +1 -0
- package/dist/substrate/adapters/capability_registry.js +196 -0
- package/dist/substrate/adapters/capability_registry.js.map +1 -0
- package/dist/substrate/gateway/llm_gateway.d.ts +68 -0
- package/dist/substrate/gateway/llm_gateway.d.ts.map +1 -0
- package/dist/substrate/gateway/llm_gateway.js +442 -0
- package/dist/substrate/gateway/llm_gateway.js.map +1 -0
- package/dist/substrate/heartbeat/heartbeat_monitor.d.ts +40 -0
- package/dist/substrate/heartbeat/heartbeat_monitor.d.ts.map +1 -0
- package/dist/substrate/heartbeat/heartbeat_monitor.js +170 -0
- package/dist/substrate/heartbeat/heartbeat_monitor.js.map +1 -0
- package/dist/substrate/index.d.ts +59 -0
- package/dist/substrate/index.d.ts.map +1 -0
- package/dist/substrate/index.js +143 -0
- package/dist/substrate/index.js.map +1 -0
- package/dist/substrate/interfaces/substrate.d.ts +486 -0
- package/dist/substrate/interfaces/substrate.d.ts.map +1 -0
- package/dist/substrate/interfaces/substrate.js +14 -0
- package/dist/substrate/interfaces/substrate.js.map +1 -0
- package/dist/substrate/migration/002_substrate.d.ts +24 -0
- package/dist/substrate/migration/002_substrate.d.ts.map +1 -0
- package/dist/substrate/migration/002_substrate.js +188 -0
- package/dist/substrate/migration/002_substrate.js.map +1 -0
- package/dist/substrate/migration/022_transport_deliberation.d.ts +31 -0
- package/dist/substrate/migration/022_transport_deliberation.d.ts.map +1 -0
- package/dist/substrate/migration/022_transport_deliberation.js +77 -0
- package/dist/substrate/migration/022_transport_deliberation.js.map +1 -0
- package/dist/substrate/replay/replay_engine.d.ts +65 -0
- package/dist/substrate/replay/replay_engine.d.ts.map +1 -0
- package/dist/substrate/replay/replay_engine.js +316 -0
- package/dist/substrate/replay/replay_engine.js.map +1 -0
- package/dist/substrate/scheduler/task_scheduler.d.ts +38 -0
- package/dist/substrate/scheduler/task_scheduler.d.ts.map +1 -0
- package/dist/substrate/scheduler/task_scheduler.js +486 -0
- package/dist/substrate/scheduler/task_scheduler.js.map +1 -0
- package/dist/substrate/transport/adapters/anthropic_adapter.d.ts +57 -0
- package/dist/substrate/transport/adapters/anthropic_adapter.d.ts.map +1 -0
- package/dist/substrate/transport/adapters/anthropic_adapter.js +455 -0
- package/dist/substrate/transport/adapters/anthropic_adapter.js.map +1 -0
- package/dist/substrate/transport/adapters/gemini_adapter.d.ts +86 -0
- package/dist/substrate/transport/adapters/gemini_adapter.d.ts.map +1 -0
- package/dist/substrate/transport/adapters/gemini_adapter.js +456 -0
- package/dist/substrate/transport/adapters/gemini_adapter.js.map +1 -0
- package/dist/substrate/transport/adapters/groq_adapter.d.ts +50 -0
- package/dist/substrate/transport/adapters/groq_adapter.d.ts.map +1 -0
- package/dist/substrate/transport/adapters/groq_adapter.js +179 -0
- package/dist/substrate/transport/adapters/groq_adapter.js.map +1 -0
- package/dist/substrate/transport/adapters/mistral_adapter.d.ts +50 -0
- package/dist/substrate/transport/adapters/mistral_adapter.d.ts.map +1 -0
- package/dist/substrate/transport/adapters/mistral_adapter.js +179 -0
- package/dist/substrate/transport/adapters/mistral_adapter.js.map +1 -0
- package/dist/substrate/transport/adapters/ollama_adapter.d.ts +66 -0
- package/dist/substrate/transport/adapters/ollama_adapter.d.ts.map +1 -0
- package/dist/substrate/transport/adapters/ollama_adapter.js +347 -0
- package/dist/substrate/transport/adapters/ollama_adapter.js.map +1 -0
- package/dist/substrate/transport/adapters/openai_adapter.d.ts +68 -0
- package/dist/substrate/transport/adapters/openai_adapter.d.ts.map +1 -0
- package/dist/substrate/transport/adapters/openai_adapter.js +439 -0
- package/dist/substrate/transport/adapters/openai_adapter.js.map +1 -0
- package/dist/substrate/transport/adapters/openai_compat.d.ts +64 -0
- package/dist/substrate/transport/adapters/openai_compat.d.ts.map +1 -0
- package/dist/substrate/transport/adapters/openai_compat.js +326 -0
- package/dist/substrate/transport/adapters/openai_compat.js.map +1 -0
- package/dist/substrate/transport/index.d.ts +17 -0
- package/dist/substrate/transport/index.d.ts.map +1 -0
- package/dist/substrate/transport/index.js +25 -0
- package/dist/substrate/transport/index.js.map +1 -0
- package/dist/substrate/transport/stream_parser.d.ts +69 -0
- package/dist/substrate/transport/stream_parser.d.ts.map +1 -0
- package/dist/substrate/transport/stream_parser.js +280 -0
- package/dist/substrate/transport/stream_parser.js.map +1 -0
- package/dist/substrate/transport/transport_engine.d.ts +53 -0
- package/dist/substrate/transport/transport_engine.d.ts.map +1 -0
- package/dist/substrate/transport/transport_engine.js +444 -0
- package/dist/substrate/transport/transport_engine.js.map +1 -0
- package/dist/substrate/transport/transport_types.d.ts +207 -0
- package/dist/substrate/transport/transport_types.d.ts.map +1 -0
- package/dist/substrate/transport/transport_types.js +13 -0
- package/dist/substrate/transport/transport_types.js.map +1 -0
- package/dist/substrate/workers/worker_runtime.d.ts +40 -0
- package/dist/substrate/workers/worker_runtime.d.ts.map +1 -0
- package/dist/substrate/workers/worker_runtime.js +294 -0
- package/dist/substrate/workers/worker_runtime.js.map +1 -0
- package/dist/techniques/harness/tgp_harness.d.ts +39 -0
- package/dist/techniques/harness/tgp_harness.d.ts.map +1 -0
- package/dist/techniques/harness/tgp_harness.js +49 -0
- package/dist/techniques/harness/tgp_harness.js.map +1 -0
- package/dist/techniques/interfaces/tgp_types.d.ts +646 -0
- package/dist/techniques/interfaces/tgp_types.d.ts.map +1 -0
- package/dist/techniques/interfaces/tgp_types.js +160 -0
- package/dist/techniques/interfaces/tgp_types.js.map +1 -0
- package/dist/techniques/migration/020_tgp_governance.d.ts +36 -0
- package/dist/techniques/migration/020_tgp_governance.d.ts.map +1 -0
- package/dist/techniques/migration/020_tgp_governance.js +249 -0
- package/dist/techniques/migration/020_tgp_governance.js.map +1 -0
- package/dist/techniques/store/tgp_stores.d.ts +36 -0
- package/dist/techniques/store/tgp_stores.d.ts.map +1 -0
- package/dist/techniques/store/tgp_stores.js +854 -0
- package/dist/techniques/store/tgp_stores.js.map +1 -0
- package/dist/working-memory/harness/wmp_harness.d.ts +43 -0
- package/dist/working-memory/harness/wmp_harness.d.ts.map +1 -0
- package/dist/working-memory/harness/wmp_harness.js +81 -0
- package/dist/working-memory/harness/wmp_harness.js.map +1 -0
- package/dist/working-memory/interfaces/wmp_types.d.ts +635 -0
- package/dist/working-memory/interfaces/wmp_types.d.ts.map +1 -0
- package/dist/working-memory/interfaces/wmp_types.js +144 -0
- package/dist/working-memory/interfaces/wmp_types.js.map +1 -0
- package/dist/working-memory/migration/021_wmp.d.ts +21 -0
- package/dist/working-memory/migration/021_wmp.d.ts.map +1 -0
- package/dist/working-memory/migration/021_wmp.js +139 -0
- package/dist/working-memory/migration/021_wmp.js.map +1 -0
- package/dist/working-memory/stores/wmp_stores.d.ts +28 -0
- package/dist/working-memory/stores/wmp_stores.d.ts.map +1 -0
- package/dist/working-memory/stores/wmp_stores.js +754 -0
- package/dist/working-memory/stores/wmp_stores.js.map +1 -0
- package/package.json +84 -0
|
@@ -0,0 +1,146 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Audit trail interface types.
|
|
3
|
+
* S ref: I-03, I-06, §3.5, FM-08, T-5
|
|
4
|
+
*
|
|
5
|
+
* Phase: 1 (Kernel)
|
|
6
|
+
* Implements: Append-only, hash-chained audit trail with tamper detection.
|
|
7
|
+
*
|
|
8
|
+
* I-03: Every state mutation and its audit entry in same transaction.
|
|
9
|
+
* I-06: Active database audit entries are append-only. No modify, no delete.
|
|
10
|
+
* Retention = archival to cryptographically sealed file.
|
|
11
|
+
* §3.5: SHA-256 hash chaining. Monotonic sequence numbers. Append-only.
|
|
12
|
+
* FM-08: Defense against audit trail tampering.
|
|
13
|
+
*/
|
|
14
|
+
import type { Result, TenantId, OperationContext } from './common.js';
|
|
15
|
+
import type { DatabaseConnection } from './database.js';
|
|
16
|
+
/**
|
|
17
|
+
* A single audit log entry with hash chain fields.
|
|
18
|
+
* S ref: §3.5 (SHA-256 hash chaining, monotonic sequence numbers)
|
|
19
|
+
*/
|
|
20
|
+
export interface AuditEntry {
|
|
21
|
+
readonly seqNo: number;
|
|
22
|
+
readonly id: string;
|
|
23
|
+
readonly tenantId: TenantId | null;
|
|
24
|
+
readonly timestamp: string;
|
|
25
|
+
readonly actorType: 'system' | 'user' | 'agent' | 'scheduler';
|
|
26
|
+
readonly actorId: string;
|
|
27
|
+
readonly operation: string;
|
|
28
|
+
readonly resourceType: string;
|
|
29
|
+
readonly resourceId: string;
|
|
30
|
+
readonly detail: Record<string, unknown> | null;
|
|
31
|
+
readonly previousHash: string;
|
|
32
|
+
readonly currentHash: string;
|
|
33
|
+
}
|
|
34
|
+
/**
|
|
35
|
+
* Input for creating a new audit entry.
|
|
36
|
+
* S ref: I-03 (who, what, when, why)
|
|
37
|
+
*/
|
|
38
|
+
export interface AuditCreateInput {
|
|
39
|
+
tenantId: TenantId | null;
|
|
40
|
+
actorType: 'system' | 'user' | 'agent' | 'scheduler';
|
|
41
|
+
actorId: string;
|
|
42
|
+
operation: string;
|
|
43
|
+
resourceType: string;
|
|
44
|
+
resourceId: string;
|
|
45
|
+
detail?: Record<string, unknown>;
|
|
46
|
+
}
|
|
47
|
+
/**
|
|
48
|
+
* Filter for querying audit entries.
|
|
49
|
+
* S ref: I-06 (audit query)
|
|
50
|
+
*/
|
|
51
|
+
export interface AuditQueryFilter {
|
|
52
|
+
readonly tenantId?: TenantId;
|
|
53
|
+
readonly actorId?: string;
|
|
54
|
+
readonly operation?: string;
|
|
55
|
+
readonly resourceType?: string;
|
|
56
|
+
readonly resourceId?: string;
|
|
57
|
+
readonly fromTimestamp?: string;
|
|
58
|
+
readonly toTimestamp?: string;
|
|
59
|
+
readonly limit?: number;
|
|
60
|
+
readonly offset?: number;
|
|
61
|
+
}
|
|
62
|
+
/**
|
|
63
|
+
* Result of hash chain integrity verification.
|
|
64
|
+
* S ref: FM-08 (tamper detection), §3.5 (SHA-256 hash chaining)
|
|
65
|
+
*/
|
|
66
|
+
export interface ChainVerification {
|
|
67
|
+
readonly valid: boolean;
|
|
68
|
+
readonly totalEntries: number;
|
|
69
|
+
readonly firstSeqNo: number;
|
|
70
|
+
readonly lastSeqNo: number;
|
|
71
|
+
readonly brokenAt: number | null;
|
|
72
|
+
readonly expectedHash: string | null;
|
|
73
|
+
readonly actualHash: string | null;
|
|
74
|
+
readonly gaps: readonly number[];
|
|
75
|
+
}
|
|
76
|
+
/**
|
|
77
|
+
* Result of archiving audit entries to a sealed file.
|
|
78
|
+
* S ref: I-06 (archival to cryptographically sealed file, not deletion)
|
|
79
|
+
*/
|
|
80
|
+
export interface ArchiveResult {
|
|
81
|
+
readonly segmentId: string;
|
|
82
|
+
readonly archivedEntries: number;
|
|
83
|
+
readonly firstSeqNo: number;
|
|
84
|
+
readonly lastSeqNo: number;
|
|
85
|
+
readonly finalHash: string;
|
|
86
|
+
readonly filePath: string;
|
|
87
|
+
}
|
|
88
|
+
/**
|
|
89
|
+
* Append-only, hash-chained audit trail.
|
|
90
|
+
* S ref: I-03 (atomic mutation + audit), I-06 (immutability),
|
|
91
|
+
* §3.5 (SHA-256 chaining), FM-08 (tamper detection)
|
|
92
|
+
*/
|
|
93
|
+
export interface AuditTrail {
|
|
94
|
+
/**
|
|
95
|
+
* Append entry. MUST be called within same transaction as mutation (I-03).
|
|
96
|
+
* Assigns monotonic sequence number and computes SHA-256 hash chain.
|
|
97
|
+
* S ref: I-03 (atomic audit), §3.5 (hash chaining)
|
|
98
|
+
*/
|
|
99
|
+
append(conn: DatabaseConnection, input: AuditCreateInput): Result<AuditEntry>;
|
|
100
|
+
/**
|
|
101
|
+
* Batch append for observational (non-mutating) audits.
|
|
102
|
+
* Batched for performance -- up to 50 entries or 100ms window.
|
|
103
|
+
* S ref: §3.5 (observational audit batching)
|
|
104
|
+
*/
|
|
105
|
+
appendBatch(conn: DatabaseConnection, inputs: AuditCreateInput[]): Result<AuditEntry[]>;
|
|
106
|
+
/**
|
|
107
|
+
* Query entries. RBAC: requires 'view_audit' permission.
|
|
108
|
+
* S ref: I-13 (authorization on audit read)
|
|
109
|
+
*/
|
|
110
|
+
query(conn: DatabaseConnection, ctx: OperationContext, filter: AuditQueryFilter): Result<AuditEntry[]>;
|
|
111
|
+
/**
|
|
112
|
+
* Verify hash chain integrity.
|
|
113
|
+
* Returns detailed verification result with break location if tampered.
|
|
114
|
+
* S ref: FM-08 (chain verification as runtime health check)
|
|
115
|
+
*/
|
|
116
|
+
verifyChain(conn: DatabaseConnection, tenantId?: TenantId): Result<ChainVerification>;
|
|
117
|
+
/**
|
|
118
|
+
* Archive entries to sealed file.
|
|
119
|
+
* Active DB starts new chain segment linked to archive's final hash.
|
|
120
|
+
* S ref: I-06 (archival, not deletion), §35 (7-year default retention)
|
|
121
|
+
*/
|
|
122
|
+
archive(conn: DatabaseConnection, olderThan: string, outputPath: string): Result<ArchiveResult>;
|
|
123
|
+
/**
|
|
124
|
+
* Get current chain head hash.
|
|
125
|
+
* S ref: §3.5 (hash chaining state)
|
|
126
|
+
*/
|
|
127
|
+
getChainHead(conn: DatabaseConnection, tenantId?: TenantId): Result<string>;
|
|
128
|
+
/**
|
|
129
|
+
* CF-035, GDPR Art. 17: Tombstone audit entries for a tenant.
|
|
130
|
+
* Replaces PII fields (detail, actor_id) with sanitized values
|
|
131
|
+
* while preserving hash chain integrity via cascade re-hash.
|
|
132
|
+
* S ref: I-06 (immutability — controlled exception for GDPR),
|
|
133
|
+
* I-02 (data ownership — right to erasure),
|
|
134
|
+
* DEC-CERT-001 (global chain GDPR condition)
|
|
135
|
+
*/
|
|
136
|
+
tombstone(conn: DatabaseConnection, tenantId: TenantId): Result<TombstoneResult>;
|
|
137
|
+
}
|
|
138
|
+
/**
|
|
139
|
+
* CF-035: Result of a GDPR tombstone operation.
|
|
140
|
+
*/
|
|
141
|
+
export interface TombstoneResult {
|
|
142
|
+
readonly tombstonedEntries: number;
|
|
143
|
+
readonly rehashedEntries: number;
|
|
144
|
+
readonly chainValid: boolean;
|
|
145
|
+
}
|
|
146
|
+
//# sourceMappingURL=audit.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"audit.d.ts","sourceRoot":"","sources":["../../../src/kernel/interfaces/audit.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AACtE,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AAIxD;;;GAGG;AACH,MAAM,WAAW,UAAU;IACzB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,QAAQ,EAAE,QAAQ,GAAG,IAAI,CAAC;IACnC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,EAAE,QAAQ,GAAG,MAAM,GAAG,OAAO,GAAG,WAAW,CAAC;IAC9D,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAChD,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;CAC9B;AAED;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,QAAQ,GAAG,IAAI,CAAC;IAC1B,SAAS,EAAE,QAAQ,GAAG,MAAM,GAAG,OAAO,GAAG,WAAW,CAAC;IACrD,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC;AAED;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,QAAQ,CAAC,EAAE,QAAQ,CAAC;IAC7B,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;CAC1B;AAID;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;IACxB,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,QAAQ,CAAC,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IACrC,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,QAAQ,CAAC,IAAI,EAAE,SAAS,MAAM,EAAE,CAAC;CAClC;AAID;;;GAGG;AACH,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;CAC3B;AAID;;;;GAIG;AACH,MAAM,WAAW,UAAU;IACzB;;;;OAIG;IACH,MAAM,CAAC,IAAI,EAAE,kBAAkB,EAAE,KAAK,EAAE,gBAAgB,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC;IAE9E;;;;OAIG;IACH,WAAW,CAAC,IAAI,EAAE,kBAAkB,EAAE,MAAM,EAAE,gBAAgB,EAAE,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC;IAExF;;;OAGG;IACH,KAAK,CAAC,IAAI,EAAE,kBAAkB,EAAE,GAAG,EAAE,gBAAgB,EAAE,MAAM,EAAE,gBAAgB,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC;IAEvG;;;;OAIG;IACH,WAAW,CAAC,IAAI,EAAE,kBAAkB,EAAE,QAAQ,CAAC,EAAE,QAAQ,GAAG,MAAM,CAAC,iBAAiB,CAAC,CAAC;IAEtF;;;;OAIG;IACH,OAAO,CAAC,IAAI,EAAE,kBAAkB,EAAE,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,MAAM,CAAC,aAAa,CAAC,CAAC;IAEhG;;;OAGG;IACH,YAAY,CAAC,IAAI,EAAE,kBAAkB,EAAE,QAAQ,CAAC,EAAE,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;IAE5E;;;;;;;OAOG;IACH,SAAS,CAAC,IAAI,EAAE,kBAAkB,EAAE,QAAQ,EAAE,QAAQ,GAAG,MAAM,CAAC,eAAe,CAAC,CAAC;CAClF;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;IACnC,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC;CAC9B"}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Audit trail interface types.
|
|
3
|
+
* S ref: I-03, I-06, §3.5, FM-08, T-5
|
|
4
|
+
*
|
|
5
|
+
* Phase: 1 (Kernel)
|
|
6
|
+
* Implements: Append-only, hash-chained audit trail with tamper detection.
|
|
7
|
+
*
|
|
8
|
+
* I-03: Every state mutation and its audit entry in same transaction.
|
|
9
|
+
* I-06: Active database audit entries are append-only. No modify, no delete.
|
|
10
|
+
* Retention = archival to cryptographically sealed file.
|
|
11
|
+
* §3.5: SHA-256 hash chaining. Monotonic sequence numbers. Append-only.
|
|
12
|
+
* FM-08: Defense against audit trail tampering.
|
|
13
|
+
*/
|
|
14
|
+
export {};
|
|
15
|
+
//# sourceMappingURL=audit.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"audit.js","sourceRoot":"","sources":["../../../src/kernel/interfaces/audit.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG"}
|
|
@@ -0,0 +1,104 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Capability Manifest Schema interfaces for Phase 0A governance layer.
|
|
3
|
+
* Truth Model: Deliverable 9 (Capability Manifest Schema), Deliverable 10 (Retry/Replay Safety Matrix)
|
|
4
|
+
*
|
|
5
|
+
* Phase: 0A (Foundation)
|
|
6
|
+
*
|
|
7
|
+
* BC-100: CapabilityManifest carries trust tier.
|
|
8
|
+
* BC-101: 5 ExecutionTrustTier values with defined retry policies.
|
|
9
|
+
* BC-102: secretRequirements carry references only, never plaintext.
|
|
10
|
+
* BC-103: Manifest immutable once registered.
|
|
11
|
+
* BC-104: SideEffectClass classification for operational safety.
|
|
12
|
+
* BC-110: Every system call must be classified in retry/replay matrix.
|
|
13
|
+
* BC-111: Retry classification lookup table.
|
|
14
|
+
* INV-X04: Every entity carries schemaVersion.
|
|
15
|
+
*/
|
|
16
|
+
import type { Result } from './common.js';
|
|
17
|
+
import type { CapabilityManifestId } from './governance_ids.js';
|
|
18
|
+
import type { DatabaseConnection } from './database.js';
|
|
19
|
+
/**
|
|
20
|
+
* BC-101: Execution trust tier classification.
|
|
21
|
+
* Determines retry policy, supervisor requirements, and side-effect constraints.
|
|
22
|
+
*
|
|
23
|
+
* deterministic-local: auto-retry, no constraint
|
|
24
|
+
* sandboxed-local: same-request-ID, verify prior state
|
|
25
|
+
* remote-tenant: no auto-retry, same-ID, verify
|
|
26
|
+
* remote-third-party: no auto-retry, supervisor review for irreversible
|
|
27
|
+
* human-mediated: always supervisor
|
|
28
|
+
*/
|
|
29
|
+
export type ExecutionTrustTier = 'deterministic-local' | 'sandboxed-local' | 'remote-tenant' | 'remote-third-party' | 'human-mediated';
|
|
30
|
+
/**
|
|
31
|
+
* BC-104: Side effect classification for operational safety.
|
|
32
|
+
* Determines retry and replay behavior per capability.
|
|
33
|
+
*/
|
|
34
|
+
export type SideEffectClass = 'none' | 'idempotent' | 'reversible' | 'irreversible';
|
|
35
|
+
/**
|
|
36
|
+
* BC-100, BC-103: CapabilityManifest — immutable capability registration.
|
|
37
|
+
* Once registered, a manifest cannot be modified. New versions create new manifests.
|
|
38
|
+
* BC-102: secretRequirements carry vault key references, never plaintext.
|
|
39
|
+
*/
|
|
40
|
+
export interface CapabilityManifest {
|
|
41
|
+
readonly manifestId: CapabilityManifestId;
|
|
42
|
+
/** Capability type identifier (e.g., 'web_search', 'code_execute') */
|
|
43
|
+
readonly capabilityType: string;
|
|
44
|
+
/** BC-101: Trust tier determining retry/supervisor policy */
|
|
45
|
+
readonly trustTier: ExecutionTrustTier;
|
|
46
|
+
/** BC-104: Side effect classification */
|
|
47
|
+
readonly sideEffectClass: SideEffectClass;
|
|
48
|
+
/**
|
|
49
|
+
* BC-102: Secret requirement references (vault key names, never plaintext).
|
|
50
|
+
* Empty array means no secrets required.
|
|
51
|
+
*/
|
|
52
|
+
readonly secretRequirements: readonly string[];
|
|
53
|
+
/** INV-X04: Governance schema version (Amendment A12) */
|
|
54
|
+
readonly schemaVersion: string;
|
|
55
|
+
readonly createdAt: string;
|
|
56
|
+
}
|
|
57
|
+
/**
|
|
58
|
+
* CapabilityManifest persistence operations.
|
|
59
|
+
* BC-103: No update — manifests are immutable once registered.
|
|
60
|
+
*/
|
|
61
|
+
export interface CapabilityManifestStore {
|
|
62
|
+
register(conn: DatabaseConnection, manifest: CapabilityManifest): Result<CapabilityManifest>;
|
|
63
|
+
get(conn: DatabaseConnection, manifestId: CapabilityManifestId): Result<CapabilityManifest | null>;
|
|
64
|
+
getByType(conn: DatabaseConnection, capabilityType: string): Result<CapabilityManifest | null>;
|
|
65
|
+
}
|
|
66
|
+
/**
|
|
67
|
+
* BC-111: Retry classification per system call.
|
|
68
|
+
* BC-110: Every system call must have an entry.
|
|
69
|
+
* Source: Truth Model Deliverable 10.
|
|
70
|
+
*/
|
|
71
|
+
export interface RetryClassification {
|
|
72
|
+
readonly syscallId: string;
|
|
73
|
+
readonly autoRetryable: boolean;
|
|
74
|
+
readonly sameRequestIdRequired: boolean;
|
|
75
|
+
readonly verifyPriorStateRequired: boolean;
|
|
76
|
+
readonly supervisorReviewRequired: boolean;
|
|
77
|
+
readonly traceReconstructable: boolean;
|
|
78
|
+
readonly forkedRunReexecutable: boolean;
|
|
79
|
+
}
|
|
80
|
+
/**
|
|
81
|
+
* BC-111: Complete retry/replay classification lookup table.
|
|
82
|
+
* 13 system calls classified per Deliverable 10.
|
|
83
|
+
*/
|
|
84
|
+
export declare const RETRY_REPLAY_CLASSIFICATION: readonly RetryClassification[];
|
|
85
|
+
/**
|
|
86
|
+
* BC-120 to BC-126: Retention/redaction classification per data category.
|
|
87
|
+
* Source: Truth Model Deliverable 11.
|
|
88
|
+
*
|
|
89
|
+
* BC-120: Audit trail — permanent, never redacted internally, projection at API boundary.
|
|
90
|
+
* BC-121: Trace events — configurable retention (default 90d), tool I/O redacted by default.
|
|
91
|
+
* BC-122: Resume tokens — hash only stored, excluded from trace payloads.
|
|
92
|
+
* BC-123: WMP thread — pruned on session close.
|
|
93
|
+
* BC-124: WMP active — pruned on mission completion + window.
|
|
94
|
+
* BC-125: Tombstone semantics — record persists, visibility changes, trace/audit intact.
|
|
95
|
+
* BC-126: All Phase 0A data categories are tenant-local.
|
|
96
|
+
*/
|
|
97
|
+
export interface RetentionCategory {
|
|
98
|
+
readonly category: string;
|
|
99
|
+
readonly defaultRetentionDays: number | 'permanent';
|
|
100
|
+
readonly redactionDefault: 'none' | 'tool-io' | 'hash-only';
|
|
101
|
+
readonly tenantLocal: boolean;
|
|
102
|
+
}
|
|
103
|
+
export declare const RETENTION_CATEGORIES: readonly RetentionCategory[];
|
|
104
|
+
//# sourceMappingURL=capability_manifest.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"capability_manifest.d.ts","sourceRoot":"","sources":["../../../src/kernel/interfaces/capability_manifest.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAChE,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AAIxD;;;;;;;;;GASG;AACH,MAAM,MAAM,kBAAkB,GAC1B,qBAAqB,GACrB,iBAAiB,GACjB,eAAe,GACf,oBAAoB,GACpB,gBAAgB,CAAC;AAIrB;;;GAGG;AACH,MAAM,MAAM,eAAe,GACvB,MAAM,GACN,YAAY,GACZ,YAAY,GACZ,cAAc,CAAC;AAInB;;;;GAIG;AACH,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,UAAU,EAAE,oBAAoB,CAAC;IAC1C,sEAAsE;IACtE,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAChC,6DAA6D;IAC7D,QAAQ,CAAC,SAAS,EAAE,kBAAkB,CAAC;IACvC,yCAAyC;IACzC,QAAQ,CAAC,eAAe,EAAE,eAAe,CAAC;IAC1C;;;OAGG;IACH,QAAQ,CAAC,kBAAkB,EAAE,SAAS,MAAM,EAAE,CAAC;IAC/C,yDAAyD;IACzD,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC5B;AAID;;;GAGG;AACH,MAAM,WAAW,uBAAuB;IACtC,QAAQ,CAAC,IAAI,EAAE,kBAAkB,EAAE,QAAQ,EAAE,kBAAkB,GAAG,MAAM,CAAC,kBAAkB,CAAC,CAAC;IAC7F,GAAG,CAAC,IAAI,EAAE,kBAAkB,EAAE,UAAU,EAAE,oBAAoB,GAAG,MAAM,CAAC,kBAAkB,GAAG,IAAI,CAAC,CAAC;IACnG,SAAS,CAAC,IAAI,EAAE,kBAAkB,EAAE,cAAc,EAAE,MAAM,GAAG,MAAM,CAAC,kBAAkB,GAAG,IAAI,CAAC,CAAC;CAChG;AAID;;;;GAIG;AACH,MAAM,WAAW,mBAAmB;IAClC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,aAAa,EAAE,OAAO,CAAC;IAChC,QAAQ,CAAC,qBAAqB,EAAE,OAAO,CAAC;IACxC,QAAQ,CAAC,wBAAwB,EAAE,OAAO,CAAC;IAC3C,QAAQ,CAAC,wBAAwB,EAAE,OAAO,CAAC;IAC3C,QAAQ,CAAC,oBAAoB,EAAE,OAAO,CAAC;IACvC,QAAQ,CAAC,qBAAqB,EAAE,OAAO,CAAC;CACzC;AAED;;;GAGG;AACH,eAAO,MAAM,2BAA2B,EAAE,SAAS,mBAAmB,EAc5D,CAAC;AAIX;;;;;;;;;;;GAWG;AACH,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,oBAAoB,EAAE,MAAM,GAAG,WAAW,CAAC;IACpD,QAAQ,CAAC,gBAAgB,EAAE,MAAM,GAAG,SAAS,GAAG,WAAW,CAAC;IAC5D,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC;CAC/B;AAED,eAAO,MAAM,oBAAoB,EAAE,SAAS,iBAAiB,EAQnD,CAAC"}
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Capability Manifest Schema interfaces for Phase 0A governance layer.
|
|
3
|
+
* Truth Model: Deliverable 9 (Capability Manifest Schema), Deliverable 10 (Retry/Replay Safety Matrix)
|
|
4
|
+
*
|
|
5
|
+
* Phase: 0A (Foundation)
|
|
6
|
+
*
|
|
7
|
+
* BC-100: CapabilityManifest carries trust tier.
|
|
8
|
+
* BC-101: 5 ExecutionTrustTier values with defined retry policies.
|
|
9
|
+
* BC-102: secretRequirements carry references only, never plaintext.
|
|
10
|
+
* BC-103: Manifest immutable once registered.
|
|
11
|
+
* BC-104: SideEffectClass classification for operational safety.
|
|
12
|
+
* BC-110: Every system call must be classified in retry/replay matrix.
|
|
13
|
+
* BC-111: Retry classification lookup table.
|
|
14
|
+
* INV-X04: Every entity carries schemaVersion.
|
|
15
|
+
*/
|
|
16
|
+
/**
|
|
17
|
+
* BC-111: Complete retry/replay classification lookup table.
|
|
18
|
+
* 13 system calls classified per Deliverable 10.
|
|
19
|
+
*/
|
|
20
|
+
export const RETRY_REPLAY_CLASSIFICATION = [
|
|
21
|
+
{ syscallId: 'SC-1', autoRetryable: false, sameRequestIdRequired: true, verifyPriorStateRequired: false, supervisorReviewRequired: false, traceReconstructable: true, forkedRunReexecutable: true },
|
|
22
|
+
{ syscallId: 'SC-2', autoRetryable: false, sameRequestIdRequired: true, verifyPriorStateRequired: false, supervisorReviewRequired: false, traceReconstructable: true, forkedRunReexecutable: true },
|
|
23
|
+
{ syscallId: 'SC-3', autoRetryable: false, sameRequestIdRequired: true, verifyPriorStateRequired: false, supervisorReviewRequired: false, traceReconstructable: true, forkedRunReexecutable: true },
|
|
24
|
+
{ syscallId: 'SC-4', autoRetryable: false, sameRequestIdRequired: true, verifyPriorStateRequired: false, supervisorReviewRequired: false, traceReconstructable: true, forkedRunReexecutable: true },
|
|
25
|
+
{ syscallId: 'SC-5', autoRetryable: true, sameRequestIdRequired: false, verifyPriorStateRequired: false, supervisorReviewRequired: false, traceReconstructable: true, forkedRunReexecutable: true },
|
|
26
|
+
{ syscallId: 'SC-6', autoRetryable: false, sameRequestIdRequired: true, verifyPriorStateRequired: false, supervisorReviewRequired: false, traceReconstructable: true, forkedRunReexecutable: true },
|
|
27
|
+
{ syscallId: 'SC-7', autoRetryable: false, sameRequestIdRequired: true, verifyPriorStateRequired: true, supervisorReviewRequired: false, traceReconstructable: true, forkedRunReexecutable: true },
|
|
28
|
+
{ syscallId: 'SC-8', autoRetryable: false, sameRequestIdRequired: true, verifyPriorStateRequired: true, supervisorReviewRequired: false, traceReconstructable: true, forkedRunReexecutable: true },
|
|
29
|
+
{ syscallId: 'SC-9', autoRetryable: false, sameRequestIdRequired: true, verifyPriorStateRequired: true, supervisorReviewRequired: false, traceReconstructable: true, forkedRunReexecutable: true },
|
|
30
|
+
{ syscallId: 'SC-10', autoRetryable: false, sameRequestIdRequired: true, verifyPriorStateRequired: true, supervisorReviewRequired: false, traceReconstructable: true, forkedRunReexecutable: true },
|
|
31
|
+
{ syscallId: 'SC-14', autoRetryable: false, sameRequestIdRequired: true, verifyPriorStateRequired: false, supervisorReviewRequired: false, traceReconstructable: true, forkedRunReexecutable: true },
|
|
32
|
+
{ syscallId: 'SC-15', autoRetryable: true, sameRequestIdRequired: false, verifyPriorStateRequired: false, supervisorReviewRequired: false, traceReconstructable: true, forkedRunReexecutable: true },
|
|
33
|
+
{ syscallId: 'SC-16', autoRetryable: false, sameRequestIdRequired: true, verifyPriorStateRequired: false, supervisorReviewRequired: false, traceReconstructable: true, forkedRunReexecutable: true },
|
|
34
|
+
];
|
|
35
|
+
export const RETENTION_CATEGORIES = [
|
|
36
|
+
{ category: 'audit_trail', defaultRetentionDays: 'permanent', redactionDefault: 'none', tenantLocal: true },
|
|
37
|
+
{ category: 'trace_events', defaultRetentionDays: 90, redactionDefault: 'tool-io', tenantLocal: true },
|
|
38
|
+
{ category: 'resume_tokens', defaultRetentionDays: 30, redactionDefault: 'hash-only', tenantLocal: true },
|
|
39
|
+
{ category: 'wmp_thread', defaultRetentionDays: 1, redactionDefault: 'none', tenantLocal: true },
|
|
40
|
+
{ category: 'wmp_active', defaultRetentionDays: 7, redactionDefault: 'none', tenantLocal: true },
|
|
41
|
+
{ category: 'supervisor_decisions', defaultRetentionDays: 'permanent', redactionDefault: 'none', tenantLocal: true },
|
|
42
|
+
{ category: 'eval_cases', defaultRetentionDays: 'permanent', redactionDefault: 'none', tenantLocal: true },
|
|
43
|
+
];
|
|
44
|
+
//# sourceMappingURL=capability_manifest.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"capability_manifest.js","sourceRoot":"","sources":["../../../src/kernel/interfaces/capability_manifest.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AA2FH;;;GAGG;AACH,MAAM,CAAC,MAAM,2BAA2B,GAAmC;IACzE,EAAE,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,KAAK,EAAE,qBAAqB,EAAE,IAAI,EAAE,wBAAwB,EAAE,KAAK,EAAE,wBAAwB,EAAE,KAAK,EAAE,oBAAoB,EAAE,IAAI,EAAE,qBAAqB,EAAE,IAAI,EAAE;IACnM,EAAE,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,KAAK,EAAE,qBAAqB,EAAE,IAAI,EAAE,wBAAwB,EAAE,KAAK,EAAE,wBAAwB,EAAE,KAAK,EAAE,oBAAoB,EAAE,IAAI,EAAE,qBAAqB,EAAE,IAAI,EAAE;IACnM,EAAE,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,KAAK,EAAE,qBAAqB,EAAE,IAAI,EAAE,wBAAwB,EAAE,KAAK,EAAE,wBAAwB,EAAE,KAAK,EAAE,oBAAoB,EAAE,IAAI,EAAE,qBAAqB,EAAE,IAAI,EAAE;IACnM,EAAE,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,KAAK,EAAE,qBAAqB,EAAE,IAAI,EAAE,wBAAwB,EAAE,KAAK,EAAE,wBAAwB,EAAE,KAAK,EAAE,oBAAoB,EAAE,IAAI,EAAE,qBAAqB,EAAE,IAAI,EAAE;IACnM,EAAE,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE,qBAAqB,EAAE,KAAK,EAAE,wBAAwB,EAAE,KAAK,EAAE,wBAAwB,EAAE,KAAK,EAAE,oBAAoB,EAAE,IAAI,EAAE,qBAAqB,EAAE,IAAI,EAAE;IACnM,EAAE,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,KAAK,EAAE,qBAAqB,EAAE,IAAI,EAAE,wBAAwB,EAAE,KAAK,EAAE,wBAAwB,EAAE,KAAK,EAAE,oBAAoB,EAAE,IAAI,EAAE,qBAAqB,EAAE,IAAI,EAAE;IACnM,EAAE,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,KAAK,EAAE,qBAAqB,EAAE,IAAI,EAAE,wBAAwB,EAAE,IAAI,EAAE,wBAAwB,EAAE,KAAK,EAAE,oBAAoB,EAAE,IAAI,EAAE,qBAAqB,EAAE,IAAI,EAAE;IAClM,EAAE,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,KAAK,EAAE,qBAAqB,EAAE,IAAI,EAAE,wBAAwB,EAAE,IAAI,EAAE,wBAAwB,EAAE,KAAK,EAAE,oBAAoB,EAAE,IAAI,EAAE,qBAAqB,EAAE,IAAI,EAAE;IAClM,EAAE,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,KAAK,EAAE,qBAAqB,EAAE,IAAI,EAAE,wBAAwB,EAAE,IAAI,EAAE,wBAAwB,EAAE,KAAK,EAAE,oBAAoB,EAAE,IAAI,EAAE,qBAAqB,EAAE,IAAI,EAAE;IAClM,EAAE,SAAS,EAAE,OAAO,EAAE,aAAa,EAAE,KAAK,EAAE,qBAAqB,EAAE,IAAI,EAAE,wBAAwB,EAAE,IAAI,EAAE,wBAAwB,EAAE,KAAK,EAAE,oBAAoB,EAAE,IAAI,EAAE,qBAAqB,EAAE,IAAI,EAAE;IACnM,EAAE,SAAS,EAAE,OAAO,EAAE,aAAa,EAAE,KAAK,EAAE,qBAAqB,EAAE,IAAI,EAAE,wBAAwB,EAAE,KAAK,EAAE,wBAAwB,EAAE,KAAK,EAAE,oBAAoB,EAAE,IAAI,EAAE,qBAAqB,EAAE,IAAI,EAAE;IACpM,EAAE,SAAS,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,qBAAqB,EAAE,KAAK,EAAE,wBAAwB,EAAE,KAAK,EAAE,wBAAwB,EAAE,KAAK,EAAE,oBAAoB,EAAE,IAAI,EAAE,qBAAqB,EAAE,IAAI,EAAE;IACpM,EAAE,SAAS,EAAE,OAAO,EAAE,aAAa,EAAE,KAAK,EAAE,qBAAqB,EAAE,IAAI,EAAE,wBAAwB,EAAE,KAAK,EAAE,wBAAwB,EAAE,KAAK,EAAE,oBAAoB,EAAE,IAAI,EAAE,qBAAqB,EAAE,IAAI,EAAE;CAC5L,CAAC;AAuBX,MAAM,CAAC,MAAM,oBAAoB,GAAiC;IAChE,EAAE,QAAQ,EAAE,aAAa,EAAE,oBAAoB,EAAE,WAAW,EAAE,gBAAgB,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE;IAC3G,EAAE,QAAQ,EAAE,cAAc,EAAE,oBAAoB,EAAE,EAAE,EAAE,gBAAgB,EAAE,SAAS,EAAE,WAAW,EAAE,IAAI,EAAE;IACtG,EAAE,QAAQ,EAAE,eAAe,EAAE,oBAAoB,EAAE,EAAE,EAAE,gBAAgB,EAAE,WAAW,EAAE,WAAW,EAAE,IAAI,EAAE;IACzG,EAAE,QAAQ,EAAE,YAAY,EAAE,oBAAoB,EAAE,CAAC,EAAE,gBAAgB,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE;IAChG,EAAE,QAAQ,EAAE,YAAY,EAAE,oBAAoB,EAAE,CAAC,EAAE,gBAAgB,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE;IAChG,EAAE,QAAQ,EAAE,sBAAsB,EAAE,oBAAoB,EAAE,WAAW,EAAE,gBAAgB,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE;IACpH,EAAE,QAAQ,EAAE,YAAY,EAAE,oBAAoB,EAAE,WAAW,EAAE,gBAAgB,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE;CAClG,CAAC"}
|
|
@@ -0,0 +1,91 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Common types shared across all kernel modules.
|
|
3
|
+
* S ref: S6-S13 (core objects), C-03 (TypeScript strict), C-09 (namespaces)
|
|
4
|
+
*
|
|
5
|
+
* Phase: 1 (Kernel)
|
|
6
|
+
* Implements: §4 I-13 (branded types for RBAC), §4 I-03 (Result<T>),
|
|
7
|
+
* §34 (Permission), FM-10 (tenant isolation via branded types)
|
|
8
|
+
*/
|
|
9
|
+
/** §6: Mission identifier */
|
|
10
|
+
export type TenantId = string & {
|
|
11
|
+
readonly __brand: 'TenantId';
|
|
12
|
+
};
|
|
13
|
+
/** §34: User identifier */
|
|
14
|
+
export type UserId = string & {
|
|
15
|
+
readonly __brand: 'UserId';
|
|
16
|
+
};
|
|
17
|
+
/** §7: Agent identifier */
|
|
18
|
+
export type AgentId = string & {
|
|
19
|
+
readonly __brand: 'AgentId';
|
|
20
|
+
};
|
|
21
|
+
/** §6: Mission identifier */
|
|
22
|
+
export type MissionId = string & {
|
|
23
|
+
readonly __brand: 'MissionId';
|
|
24
|
+
};
|
|
25
|
+
/** §7: Task identifier */
|
|
26
|
+
export type TaskId = string & {
|
|
27
|
+
readonly __brand: 'TaskId';
|
|
28
|
+
};
|
|
29
|
+
/** §10: Event identifier */
|
|
30
|
+
export type EventId = string & {
|
|
31
|
+
readonly __brand: 'EventId';
|
|
32
|
+
};
|
|
33
|
+
/** §8: Artifact identifier */
|
|
34
|
+
export type ArtifactId = string & {
|
|
35
|
+
readonly __brand: 'ArtifactId';
|
|
36
|
+
};
|
|
37
|
+
/** §13: Policy identifier */
|
|
38
|
+
export type PolicyId = string & {
|
|
39
|
+
readonly __brand: 'PolicyId';
|
|
40
|
+
};
|
|
41
|
+
/** §34: Role identifier */
|
|
42
|
+
export type RoleId = string & {
|
|
43
|
+
readonly __brand: 'RoleId';
|
|
44
|
+
};
|
|
45
|
+
/** §26: Session identifier */
|
|
46
|
+
export type SessionId = string & {
|
|
47
|
+
readonly __brand: 'SessionId';
|
|
48
|
+
};
|
|
49
|
+
/** §34: Permission strings per specification §34 + §31.5 */
|
|
50
|
+
export type Permission = 'create_agent' | 'modify_agent' | 'delete_agent' | 'chat' | 'infer' | 'create_mission' | 'view_telemetry' | 'view_audit' | 'manage_providers' | 'manage_budgets' | 'manage_roles' | 'purge_data' | 'approve_response' | 'edit_response' | 'takeover_session' | 'review_batch';
|
|
51
|
+
/**
|
|
52
|
+
* Operation context for identity threading and RBAC enforcement.
|
|
53
|
+
* S ref: I-13 (authorization completeness), FM-10 (tenant isolation)
|
|
54
|
+
*
|
|
55
|
+
* Every public kernel function accepts this as its identity parameter.
|
|
56
|
+
* In single-tenant mode, tenantId is null. For system operations, userId is null.
|
|
57
|
+
*/
|
|
58
|
+
export interface OperationContext {
|
|
59
|
+
readonly tenantId: TenantId | null;
|
|
60
|
+
readonly userId: UserId | null;
|
|
61
|
+
readonly agentId: AgentId | null;
|
|
62
|
+
readonly permissions: ReadonlySet<Permission>;
|
|
63
|
+
readonly sessionId?: SessionId;
|
|
64
|
+
}
|
|
65
|
+
/**
|
|
66
|
+
* Standard kernel error. Machine-readable code + human-readable message + spec ref.
|
|
67
|
+
* S ref: C-10 (error handling), §3.1 (deterministic)
|
|
68
|
+
* BC-081: Optional violations array for structured governance error model.
|
|
69
|
+
*/
|
|
70
|
+
export interface KernelError {
|
|
71
|
+
readonly code: string;
|
|
72
|
+
readonly message: string;
|
|
73
|
+
readonly spec: string;
|
|
74
|
+
/** BC-081: Structured violation records for governance error classification. */
|
|
75
|
+
readonly violations?: readonly import('./governance_ids.js').LimenViolation[];
|
|
76
|
+
}
|
|
77
|
+
/**
|
|
78
|
+
* Discriminated union result type. Every kernel function returns this.
|
|
79
|
+
* Forces callers to handle both success and error paths at compile time.
|
|
80
|
+
* S ref: C-03 (TypeScript strict), §3.1 (deterministic infrastructure)
|
|
81
|
+
*/
|
|
82
|
+
export type Result<T> = {
|
|
83
|
+
readonly ok: true;
|
|
84
|
+
readonly value: T;
|
|
85
|
+
} | {
|
|
86
|
+
readonly ok: false;
|
|
87
|
+
readonly error: KernelError;
|
|
88
|
+
};
|
|
89
|
+
/** Valid table namespace prefixes per C-09 */
|
|
90
|
+
export type NamespacePrefix = 'core_' | 'memory_' | 'agent_' | 'obs_' | 'hitl_' | 'meter_' | 'gov_';
|
|
91
|
+
//# sourceMappingURL=common.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"common.d.ts","sourceRoot":"","sources":["../../../src/kernel/interfaces/common.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAOH,6BAA6B;AAC7B,MAAM,MAAM,QAAQ,GAAG,MAAM,GAAG;IAAE,QAAQ,CAAC,OAAO,EAAE,UAAU,CAAA;CAAE,CAAC;AACjE,2BAA2B;AAC3B,MAAM,MAAM,MAAM,GAAG,MAAM,GAAG;IAAE,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAA;CAAE,CAAC;AAC7D,2BAA2B;AAC3B,MAAM,MAAM,OAAO,GAAG,MAAM,GAAG;IAAE,QAAQ,CAAC,OAAO,EAAE,SAAS,CAAA;CAAE,CAAC;AAC/D,6BAA6B;AAC7B,MAAM,MAAM,SAAS,GAAG,MAAM,GAAG;IAAE,QAAQ,CAAC,OAAO,EAAE,WAAW,CAAA;CAAE,CAAC;AACnE,0BAA0B;AAC1B,MAAM,MAAM,MAAM,GAAG,MAAM,GAAG;IAAE,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAA;CAAE,CAAC;AAC7D,4BAA4B;AAC5B,MAAM,MAAM,OAAO,GAAG,MAAM,GAAG;IAAE,QAAQ,CAAC,OAAO,EAAE,SAAS,CAAA;CAAE,CAAC;AAC/D,8BAA8B;AAC9B,MAAM,MAAM,UAAU,GAAG,MAAM,GAAG;IAAE,QAAQ,CAAC,OAAO,EAAE,YAAY,CAAA;CAAE,CAAC;AACrE,6BAA6B;AAC7B,MAAM,MAAM,QAAQ,GAAG,MAAM,GAAG;IAAE,QAAQ,CAAC,OAAO,EAAE,UAAU,CAAA;CAAE,CAAC;AACjE,2BAA2B;AAC3B,MAAM,MAAM,MAAM,GAAG,MAAM,GAAG;IAAE,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAA;CAAE,CAAC;AAC7D,8BAA8B;AAC9B,MAAM,MAAM,SAAS,GAAG,MAAM,GAAG;IAAE,QAAQ,CAAC,OAAO,EAAE,WAAW,CAAA;CAAE,CAAC;AAOnE,4DAA4D;AAC5D,MAAM,MAAM,UAAU,GAClB,cAAc,GAAG,cAAc,GAAG,cAAc,GAChD,MAAM,GAAG,OAAO,GAChB,gBAAgB,GAChB,gBAAgB,GAAG,YAAY,GAC/B,kBAAkB,GAAG,gBAAgB,GAAG,cAAc,GACtD,YAAY,GACZ,kBAAkB,GAAG,eAAe,GAAG,kBAAkB,GAAG,cAAc,CAAC;AAE/E;;;;;;GAMG;AACH,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,QAAQ,EAAE,QAAQ,GAAG,IAAI,CAAC;IACnC,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,QAAQ,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAAC;IACjC,QAAQ,CAAC,WAAW,EAAE,WAAW,CAAC,UAAU,CAAC,CAAC;IAC9C,QAAQ,CAAC,SAAS,CAAC,EAAE,SAAS,CAAC;CAChC;AAOD;;;;GAIG;AACH,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,gFAAgF;IAChF,QAAQ,CAAC,UAAU,CAAC,EAAE,SAAS,OAAO,qBAAqB,EAAE,cAAc,EAAE,CAAC;CAC/E;AAED;;;;GAIG;AACH,MAAM,MAAM,MAAM,CAAC,CAAC,IAChB;IAAE,QAAQ,CAAC,EAAE,EAAE,IAAI,CAAC;IAAC,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAA;CAAE,GACxC;IAAE,QAAQ,CAAC,EAAE,EAAE,KAAK,CAAC;IAAC,QAAQ,CAAC,KAAK,EAAE,WAAW,CAAA;CAAE,CAAC;AAKxD,8CAA8C;AAC9C,MAAM,MAAM,eAAe,GAAG,OAAO,GAAG,SAAS,GAAG,QAAQ,GAAG,MAAM,GAAG,OAAO,GAAG,QAAQ,GAAG,MAAM,CAAC"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Common types shared across all kernel modules.
|
|
3
|
+
* S ref: S6-S13 (core objects), C-03 (TypeScript strict), C-09 (namespaces)
|
|
4
|
+
*
|
|
5
|
+
* Phase: 1 (Kernel)
|
|
6
|
+
* Implements: §4 I-13 (branded types for RBAC), §4 I-03 (Result<T>),
|
|
7
|
+
* §34 (Permission), FM-10 (tenant isolation via branded types)
|
|
8
|
+
*/
|
|
9
|
+
export {};
|
|
10
|
+
//# sourceMappingURL=common.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"common.js","sourceRoot":"","sources":["../../../src/kernel/interfaces/common.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG"}
|
|
@@ -0,0 +1,95 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Cryptographic primitives interface types.
|
|
3
|
+
* S ref: I-11, FM-10, IP-1
|
|
4
|
+
*
|
|
5
|
+
* Phase: 1 (Kernel)
|
|
6
|
+
* Implements: AES-256-GCM encryption, PBKDF2 key derivation,
|
|
7
|
+
* SHA-256 for audit chain, HMAC-SHA256 for webhook signing.
|
|
8
|
+
*
|
|
9
|
+
* I-11: Encryption at rest. AES-256-GCM default. ML-KEM-512 post-quantum opt-in.
|
|
10
|
+
* IP-1: Webhook signing with HMAC-SHA256.
|
|
11
|
+
* All crypto uses Node.js built-in crypto module (I-01 compliance).
|
|
12
|
+
*/
|
|
13
|
+
import type { Result, OperationContext } from './common.js';
|
|
14
|
+
import type { DatabaseConnection } from './database.js';
|
|
15
|
+
/**
|
|
16
|
+
* Crypto engine configuration.
|
|
17
|
+
* S ref: I-11 (AES-256-GCM default, PBKDF2 iterations)
|
|
18
|
+
*/
|
|
19
|
+
export interface CryptoConfig {
|
|
20
|
+
readonly masterKey: Buffer;
|
|
21
|
+
readonly defaultAlgorithm: 'aes-256-gcm';
|
|
22
|
+
readonly pbkdf2Iterations: number;
|
|
23
|
+
readonly postQuantum: boolean;
|
|
24
|
+
}
|
|
25
|
+
/**
|
|
26
|
+
* Encrypted data envelope with all metadata needed for decryption.
|
|
27
|
+
* S ref: I-11 (AES-256-GCM with IV and auth tag)
|
|
28
|
+
*/
|
|
29
|
+
export interface EncryptedPayload {
|
|
30
|
+
readonly ciphertext: Buffer;
|
|
31
|
+
readonly iv: Buffer;
|
|
32
|
+
readonly authTag: Buffer;
|
|
33
|
+
readonly keyVersion: number;
|
|
34
|
+
readonly algorithm: string;
|
|
35
|
+
}
|
|
36
|
+
/**
|
|
37
|
+
* Low-level cryptographic operations.
|
|
38
|
+
* S ref: I-11 (encryption at rest), §3.5 (SHA-256 for audit chain),
|
|
39
|
+
* IP-6 (HMAC-SHA256 for webhook signing)
|
|
40
|
+
*/
|
|
41
|
+
export interface CryptoEngine {
|
|
42
|
+
/**
|
|
43
|
+
* Derive tenant-specific key via PBKDF2.
|
|
44
|
+
* Key material never written to DB.
|
|
45
|
+
* S ref: I-11 (key derivation, 600000 iterations default)
|
|
46
|
+
*/
|
|
47
|
+
deriveKey(masterKey: Buffer, salt: Buffer, iterations: number): Result<Buffer>;
|
|
48
|
+
/**
|
|
49
|
+
* Encrypt plaintext with AES-256-GCM.
|
|
50
|
+
* S ref: I-11 (AES-256-GCM default encryption)
|
|
51
|
+
*/
|
|
52
|
+
encrypt(plaintext: Buffer, key: Buffer): Result<EncryptedPayload>;
|
|
53
|
+
/**
|
|
54
|
+
* Decrypt ciphertext with AES-256-GCM.
|
|
55
|
+
* S ref: I-11 (decryption with authentication)
|
|
56
|
+
*/
|
|
57
|
+
decrypt(payload: EncryptedPayload, key: Buffer): Result<Buffer>;
|
|
58
|
+
/**
|
|
59
|
+
* SHA-256 hash for audit chain.
|
|
60
|
+
* S ref: §3.5 (SHA-256 hash chaining)
|
|
61
|
+
*/
|
|
62
|
+
sha256(data: string): string;
|
|
63
|
+
/**
|
|
64
|
+
* HMAC-SHA256 for webhook signing.
|
|
65
|
+
* S ref: IP-6 (webhook signing)
|
|
66
|
+
*/
|
|
67
|
+
hmacSha256(data: string, secret: string): string;
|
|
68
|
+
}
|
|
69
|
+
/**
|
|
70
|
+
* Encrypted secret storage (vault).
|
|
71
|
+
* S ref: I-11 (encryption at rest), IP-1 (secure credential storage)
|
|
72
|
+
*/
|
|
73
|
+
export interface VaultOperations {
|
|
74
|
+
/**
|
|
75
|
+
* Store encrypted value in vault.
|
|
76
|
+
* S ref: I-11 (encryption at rest for secrets)
|
|
77
|
+
*/
|
|
78
|
+
store(conn: DatabaseConnection, ctx: OperationContext, keyName: string, plaintext: Buffer): Result<void>;
|
|
79
|
+
/**
|
|
80
|
+
* Retrieve decrypted value from vault.
|
|
81
|
+
* S ref: I-11 (decryption for authorized access)
|
|
82
|
+
*/
|
|
83
|
+
retrieve(conn: DatabaseConnection, ctx: OperationContext, keyName: string): Result<Buffer>;
|
|
84
|
+
/**
|
|
85
|
+
* Delete vault entry.
|
|
86
|
+
* S ref: I-02 (data deletion)
|
|
87
|
+
*/
|
|
88
|
+
remove(conn: DatabaseConnection, ctx: OperationContext, keyName: string): Result<void>;
|
|
89
|
+
/**
|
|
90
|
+
* List vault key names (not values).
|
|
91
|
+
* S ref: I-11 (key inventory without exposing secrets)
|
|
92
|
+
*/
|
|
93
|
+
list(conn: DatabaseConnection, ctx: OperationContext): Result<string[]>;
|
|
94
|
+
}
|
|
95
|
+
//# sourceMappingURL=crypto.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../../../src/kernel/interfaces/crypto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC5D,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AAIxD;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,gBAAgB,EAAE,aAAa,CAAC;IACzC,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC;CAC/B;AAID;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC5B;AAID;;;;GAIG;AACH,MAAM,WAAW,YAAY;IAC3B;;;;OAIG;IACH,SAAS,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;IAE/E;;;OAGG;IACH,OAAO,CAAC,SAAS,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,CAAC,gBAAgB,CAAC,CAAC;IAElE;;;OAGG;IACH,OAAO,CAAC,OAAO,EAAE,gBAAgB,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;IAEhE;;;OAGG;IACH,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAAC;IAE7B;;;OAGG;IACH,UAAU,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC;CAClD;AAID;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B;;;OAGG;IACH,KAAK,CAAC,IAAI,EAAE,kBAAkB,EAAE,GAAG,EAAE,gBAAgB,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;IAEzG;;;OAGG;IACH,QAAQ,CAAC,IAAI,EAAE,kBAAkB,EAAE,GAAG,EAAE,gBAAgB,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;IAE3F;;;OAGG;IACH,MAAM,CAAC,IAAI,EAAE,kBAAkB,EAAE,GAAG,EAAE,gBAAgB,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;IAEvF;;;OAGG;IACH,IAAI,CAAC,IAAI,EAAE,kBAAkB,EAAE,GAAG,EAAE,gBAAgB,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;CACzE"}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Cryptographic primitives interface types.
|
|
3
|
+
* S ref: I-11, FM-10, IP-1
|
|
4
|
+
*
|
|
5
|
+
* Phase: 1 (Kernel)
|
|
6
|
+
* Implements: AES-256-GCM encryption, PBKDF2 key derivation,
|
|
7
|
+
* SHA-256 for audit chain, HMAC-SHA256 for webhook signing.
|
|
8
|
+
*
|
|
9
|
+
* I-11: Encryption at rest. AES-256-GCM default. ML-KEM-512 post-quantum opt-in.
|
|
10
|
+
* IP-1: Webhook signing with HMAC-SHA256.
|
|
11
|
+
* All crypto uses Node.js built-in crypto module (I-01 compliance).
|
|
12
|
+
*/
|
|
13
|
+
export {};
|
|
14
|
+
//# sourceMappingURL=crypto.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"crypto.js","sourceRoot":"","sources":["../../../src/kernel/interfaces/crypto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG"}
|