limen-ai 2.0.1 → 4.0.0

package/CHANGELOG.md

@@ -5,6 +5,56 @@ All notable changes to Limen are documented in this file.
 Format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 Versioning follows [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [4.0.0] - 2026-04-29 (COGNITION)
+
+### Summary
+Cognitive substrate release. Limen stops being a store agents query and becomes the fabric agents think with. Context compilation, dependency-aware knowledge, task-aware preparation, coordination backend, semantic output primitives, telemetry, and A2A governance.
+
+### Added
+- **Phase 1: Vitals & Dense Output** — `cognitive.health({ maxAge })` cached health checks, `cognitive.delta({ since })` lightweight change detection, `outputMode: 'ai-dense' | 'human-readable'` token-optimized formatting
+- **Phase 2: Context Compiler** — `cognitive.compile({ domain, predicates, format, maxTokens })` produces reasoning-ready compiled context from claims. Three formats: raw, structured, reasoning-ready with DECIDED/CORRECTION/OBSERVED labels. Token budget enforcement with truncation
+- **Phase 3: Living Knowledge** — Dependency triggers (`reviewNeeded` flag on claims whose evidence sources are retracted). Filtered event subscriptions with predicate/subject pattern matching. `claim:dependency-invalidated` and `claim:related` events
+- **Phase 4: Semantic Primitives** — 7 `output.*` predicate schemas (assertion, judgment, evidence, action, question, alert, narrative). Zod validation. `output.assert()` and `output.query()` convenience API
+- **Phase 5: Task-Aware Preparation** — `cognitive.prepareForTask({ agentRole, project, taskDescription, maxTokens })` returns sections (decisions, corrections, constraints, findings) with keyword-driven predicate selection
+- **Phase 6: Coordination Backend** — `createLimenBackend(limen)` adapter for Symphonic Swarm cluster mode. Session management, decision coordination, domain locking with TTL
+- **Phase 7: Telemetry & A2A Governance** — 3 telemetry schemas (cost, vital, audit) with `telemetry.record()` and `telemetry.query()`. A2A governance block, capability boundary, data classification, and proactive rule schemas with full CRUD API
+
+### Changed
+- Version bump from 3.0.0 to 4.0.0
+
+## [3.0.0] - 2026-04-28 (WIRE)
+
+### Summary
+Complete wiring remediation and production readiness release. Every spec promise verified end-to-end. Every "auto" feature runs automatically. Every security feature enforces.
+
+### Added
+- **Phase 1: Core Wiring** — Decay computation in convenience `recall()` (effectiveConfidence at query time). Automated retention scheduler (background timer, configurable interval). Replay engine integration (mission state snapshots on lifecycle transitions). Auto-connection suggestions (debounced, fires on claim assertion).
+- **Phase 2: Security Enforcement** — Consent enforcement on claim assertion (fail-closed, configurable). Classification-filtered retrieval on query AND search paths (trust-level mapped clearance). Key rotation (atomic re-encryption of vault entries).
+- **Phase 3: MCP Tool Completion** — 11 new MCP tools: `limen_consolidate`, `limen_importance`, `limen_narrative`, `limen_verify`, `limen_suggest_connections`, `limen_replay_verify`, `limen_governance_erasure`, `limen_governance_audit_export`, `limen_consent_register`, `limen_consent_check`, `limen_maintenance_retention`. 11 matching CLI commands. Total: 36 MCP tools.
+- **Phase 4: DX/UX** — README overhaul (Node>=22 banner, ESM note, CLI section, MCP for Claude section, What's New in v3). Examples README with runner instructions.
+- **Phase 5: Proof Pack** — Security model expanded from 8 to 11 mechanisms. Readiness doc refreshed for v3.0.0.
+- **Phase 6: OAT** — 8 operational acceptance scenarios verifying every spec promise end-to-end.
+- `limen.maintenance.runRetention()`, `getRetentionPolicies()`, `updateRetentionPolicy()` — manual retention API
+- `limen.replay.verify(missionId)`, `replay.getSnapshots(missionId)` — mission determinism verification
+- `limen.security.rotateKey(newMasterKey)` — atomic key rotation
+- `maintenance.retentionEnabled`, `maintenance.retentionIntervalMs` config options
+- `security.consent.required`, `security.consent.scope` config options
+- `cognitive.autoSuggestConnections` config option
+
+### Fixed
+- **Dispute recomputation** — `disputed` flag now correctly recomputes to `false` after contradicting claim is retracted (3 sites: queryClaims, searchClaims, vectorHydrateDisputed)
+- **Classification filter bypass** — search path now filters by classification level (was query-only)
+- **Consent fail-open** — consent enforcement now fail-closed when registry unavailable
+- **Replay SQLITE_BUSY** — replay snapshots use orchestrationConn instead of separate connection
+- **Stale worktree/stryker pollution** — cleaned phantom test failures from stale temp directories
+
+### Changed
+- Removed all AI attribution from source code, tests, and documentation
+- `vitest.config.ts` added at root to prevent phantom failures from node:test files
+- Permission gateway updated with maintenance, replay, security namespace registrations
+
+---
+
 ## [2.0.0] - 2026-04-03 (THINK)
 
 ### Added

package/README.md

@@ -16,16 +16,32 @@
 
 Cognitive infrastructure for AI agents — beliefs that decay, governance that enforces, knowledge that heals itself.
 
+> **Requires Node.js >= 22.** ESM-only package (`"type": "module"`).
+
 ```
 npm install limen-ai
 ```
 
+Run with: `npx tsx yourscript.ts`
+
 Optional, for semantic/vector search:
 
 ```
 npm install sqlite-vec
 ```
 
+## What's New in v3.0.0
+
+- **Decay in recall** — `effectiveConfidence` now decays on every read (was only in search)
+- **Automated retention** — background scheduler cleans expired data automatically
+- **Replay verification** — mission determinism verified via state snapshots
+- **Auto-connection** — relationship suggestions fire automatically on claim assertion
+- **Consent enforcement** — claim assertion blocked without active consent (when configured)
+- **Classification filtering** — claims filtered by clearance level at query and search time
+- **Key rotation** — atomic re-encryption of all vault entries with new master key
+- **11 new MCP tools** — 36 total tools, full CLI parity
+- **Dispute fix** — `disputed` flag correctly recomputes after contradicting claim retracted
+
 ## Quick Start
 
 ```typescript
@@ -198,7 +214,11 @@ Limen applies security controls before data reaches storage.
 
 **Injection Defense.** Claim content is sanitized against prompt injection patterns. SQL injection via FTS5 queries is neutralized. Subject/predicate formats are validated against URI patterns.
 
-**Consent Tracking.** CRUD for data subject consent records. Consent status (active, revoked, expired) is computed on read with expiry checks. All mutations produce audit trail entries.
+**Consent Enforcement.** CRUD for data subject consent records with enforcement on claim assertion. When `security.consent.required` is true, claims about entities are blocked without active consent. Consent status (active, revoked, expired) is computed on read. All mutations produce audit trail entries.
+
+**Classification Filtering.** Claims are classified at assertion time (unrestricted, internal, confidential, restricted, critical). Query and search results are filtered by the requesting agent's clearance level, derived from trust progression (untrusted=0, probationary=1, trusted=2, admin=4).
+
+**Key Rotation.** Atomic re-encryption of all vault entries with a new master key. Transactional — partial failure rolls back completely. Audit trail records every rotation event.
 
 **Poisoning Defense.** The `maxAutoConfidence` ceiling (default 0.7) prevents any programmatic source from laundering high-confidence claims. Only human-verified claims via `evidence_path` grounding can exceed the ceiling.
 
@@ -300,12 +320,56 @@ All fields optional. `createLimen()` with no arguments runs in zero-config mode.
 | `selfHealing.maxCascadeDepth` | `number` | `5` | Maximum cascade recursion depth |
 | `vector.provider` | `EmbeddingProvider` | `undefined` | Embedding function for semantic search |
 | `vector.dimensions` | `number` | `undefined` | Embedding vector dimensions |
-| `requireRbac` | `boolean` | `false` | Enforce RBAC on all operations |
+| `requireRbac` | `boolean` | `false` | Enforce RBAC + classification filtering |
+| `security.consent.required` | `boolean` | `false` | Enforce consent check on claim assertion |
+| `maintenance.retentionEnabled` | `boolean` | `true` | Automatic retention scheduling |
+| `maintenance.retentionIntervalMs` | `number` | `86400000` | Retention check interval (24h default) |
+| `cognitive.autoSuggestConnections` | `boolean` | `true` | Auto-suggest connections on claim assertion |
 | `defaultTimeoutMs` | `number` | `60000` | Chat/infer timeout (ms) |
 | `rateLimiting.apiCallsPerMinute` | `number` | `100` | API rate limit |
 | `failoverPolicy` | `'degrade' \| 'allow-overdraft' \| 'block'` | `'degrade'` | Provider failure behavior |
 | `logger` | `(event) => void` | No-op | Structured logging callback |
 
+## Command Line
+
+Limen includes a full CLI with JSON output for every operation.
+
+```bash
+npm install -g limen-cli
+
+limen init                          # initialize database
+limen remember --subject entity:user:alice --predicate preference.food --value "loves Thai"
+limen recall --subject entity:user:alice
+limen search --query "Thai food"
+limen forget --claimId <id> --reason incorrect
+limen health                        # knowledge health report
+limen consolidate                   # merge, archive, resolve
+limen importance --claimId <id>     # 5-factor importance score
+limen maintenance-retention         # run retention manually
+```
+
+All 36 MCP tools have CLI equivalents. Run `limen --help` for the full list.
+
+## Limen for Claude (MCP)
+
+Add to `~/.claude/mcp.json`:
+
+```json
+{
+  "mcpServers": {
+    "limen": {
+      "command": "npx",
+      "args": ["-y", "limen-mcp"],
+      "env": {
+        "LIMEN_DATA_DIR": "/path/to/your/data"
+      }
+    }
+  }
+}
+```
+
+36 tools available: `limen_remember`, `limen_recall`, `limen_search`, `limen_forget`, `limen_connect`, `limen_reflect`, `limen_consolidate`, `limen_importance`, `limen_narrative`, `limen_verify`, `limen_suggest_connections`, `limen_replay_verify`, `limen_consent_register`, `limen_consent_check`, `limen_maintenance_retention`, `limen_governance_erasure`, `limen_governance_audit_export`, and more.
+
 ## Architecture
 
 ```
@@ -321,7 +385,7 @@ Kernel            SQLite (WAL), audit trail, RBAC, crypto, events
 
 Layers depend downward only. The kernel knows nothing about AI. The API composes everything into a single frozen `Limen` object via `Object.freeze`.
 
-4,000+ tests. 134+ invariants across 3 tiers. 16 system calls. 1 production dependency (`better-sqlite3`). Every state mutation is audited in a hash-chained, append-only trail. RBAC on every operation. AES-256-GCM encryption at rest.
+4,000+ tests. 134+ invariants across 3 tiers. 16 system calls. 36 MCP tools. 1 production dependency (`better-sqlite3`). Every state mutation is audited in a hash-chained, append-only trail. RBAC on every operation. AES-256-GCM encryption at rest. Consent enforcement. Classification-filtered retrieval. Automated retention scheduling.
 
 ## Trust Surface
 

package/dist/api/a2a-governance/a2a_governance_api.d.ts

@@ -0,0 +1,73 @@
+/**
+ * FR-002: A2A Governance API — Convenience namespace for inter-agent governance.
+ *
+ * Provides `a2aGovernance.setGovernanceBlock()`, `a2aGovernance.getGovernanceBlock()`,
+ * `a2aGovernance.registerProactiveRule()`, and `a2aGovernance.listProactiveRules()`
+ * methods that sit on the Limen API object.
+ *
+ * Architecture: This is the "store" layer in the three-file pattern.
+ * Governance types are defined in coordination/a2a_governance.ts (contract).
+ * This file implements the convenience API (implementation).
+ *
+ * Governance boundary (I-17): Only imports ClaimApi, never ClaimSystem/ClaimStore.
+ *
+ * Spec ref: v4.0.0 Phase 7 FR-002
+ * QAL: 3 (Governance integrity. Failure = unauthorized inter-agent actions.)
+ */
+import type { Result } from '../../kernel/interfaces/index.js';
+import type { MissionId, TaskId } from '../../kernel/interfaces/index.js';
+import type { TimeProvider } from '../../kernel/interfaces/time.js';
+import type { ClaimApi } from '../interfaces/api.js';
+import type { TenantScopedConnection } from '../../kernel/tenant/tenant_scope.js';
+import type { BeliefView } from '../convenience/convenience_types.js';
+import type { GovernanceBlock } from '../../coordination/a2a_governance.js';
+/**
+ * The a2aGovernance namespace on the Limen API object.
+ */
+export interface A2AGovernanceApi {
+    /**
+     * Set the A2A governance block (singleton).
+     * Validates against the GovernanceBlock schema and stores as a claim.
+     * Setting a new block supersedes the previous one.
+     *
+     * @param block - The governance block object
+     */
+    setGovernanceBlock(block: object): Result<void>;
+    /**
+     * Get the current A2A governance block.
+     * Returns null if no governance block has been set.
+     */
+    getGovernanceBlock(): Result<GovernanceBlock | null>;
+    /**
+     * Register a proactive rule for inter-agent automation.
+     * Validates against the ProactiveRule schema and stores as a claim.
+     *
+     * @param rule - The proactive rule object
+     */
+    registerProactiveRule(rule: object): Result<{
+        claimId: string;
+    }>;
+    /**
+     * List proactive rules, optionally filtered by status.
+     *
+     * @param status - Filter by status ('active' | 'suspended' | 'retired'). Omit for all.
+     */
+    listProactiveRules(status?: string): Result<readonly BeliefView[]>;
+}
+export interface A2AGovernanceApiDeps {
+    readonly claims: ClaimApi;
+    readonly getConnection: () => TenantScopedConnection;
+    readonly time: TimeProvider;
+    readonly missionId: MissionId;
+    readonly taskId: TaskId | null;
+    readonly maxAutoConfidence: number;
+}
+/**
+ * Create the A2A governance API namespace.
+ *
+ * Returns an object with setGovernanceBlock, getGovernanceBlock,
+ * registerProactiveRule, and listProactiveRules methods.
+ * NOT frozen here — the permission gateway wraps methods before deepFreeze.
+ */
+export declare function createA2AGovernanceApi(deps: A2AGovernanceApiDeps): A2AGovernanceApi;
+//# sourceMappingURL=a2a_governance_api.d.ts.map

package/dist/api/a2a-governance/a2a_governance_api.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"a2a_governance_api.d.ts","sourceRoot":"","sources":["../../../src/api/a2a-governance/a2a_governance_api.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,kCAAkC,CAAC;AAC/D,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,kCAAkC,CAAC;AAC1E,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AACpE,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,qCAAqC,CAAC;AAClF,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,qCAAqC,CAAC;AAMtE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,sCAAsC,CAAC;AA6B5E;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B;;;;;;OAMG;IACH,kBAAkB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;IAEhD;;;OAGG;IACH,kBAAkB,IAAI,MAAM,CAAC,eAAe,GAAG,IAAI,CAAC,CAAC;IAErD;;;;;OAKG;IACH,qBAAqB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAAC;QAAE,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAEjE;;;;OAIG;IACH,kBAAkB,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC,SAAS,UAAU,EAAE,CAAC,CAAC;CACpE;AAMD,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC;IAC1B,QAAQ,CAAC,aAAa,EAAE,MAAM,sBAAsB,CAAC;IACrD,QAAQ,CAAC,IAAI,EAAE,YAAY,CAAC;IAC5B,QAAQ,CAAC,SAAS,EAAE,SAAS,CAAC;IAC9B,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;CACpC;AAMD;;;;;;GAMG;AACH,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,oBAAoB,GAAG,gBAAgB,CA4KnF"}

package/dist/api/a2a-governance/a2a_governance_api.js

@@ -0,0 +1,195 @@
+/**
+ * FR-002: A2A Governance API — Convenience namespace for inter-agent governance.
+ *
+ * Provides `a2aGovernance.setGovernanceBlock()`, `a2aGovernance.getGovernanceBlock()`,
+ * `a2aGovernance.registerProactiveRule()`, and `a2aGovernance.listProactiveRules()`
+ * methods that sit on the Limen API object.
+ *
+ * Architecture: This is the "store" layer in the three-file pattern.
+ * Governance types are defined in coordination/a2a_governance.ts (contract).
+ * This file implements the convenience API (implementation).
+ *
+ * Governance boundary (I-17): Only imports ClaimApi, never ClaimSystem/ClaimStore.
+ *
+ * Spec ref: v4.0.0 Phase 7 FR-002
+ * QAL: 3 (Governance integrity. Failure = unauthorized inter-agent actions.)
+ */
+import { validateGovernanceBlock, validateProactiveRule, } from '../../coordination/a2a_governance.js';
+// ── Result Helpers ──
+function ok(value) {
+    return { ok: true, value };
+}
+function err(code, message) {
+    return { ok: false, error: { code, message, spec: 'FR-002' } };
+}
+// ============================================================================
+// Constants
+// ============================================================================
+/** Well-known subject URN for the singleton governance block claim. */
+const GOVERNANCE_BLOCK_SUBJECT = 'entity:governance:a2a-block';
+/** Predicate for governance block claims. */
+const GOVERNANCE_BLOCK_PREDICATE = 'a2a.governance_block';
+/** Predicate for proactive rule claims. */
+const PROACTIVE_RULE_PREDICATE = 'a2a.proactive_rule';
+// ============================================================================
+// Factory
+// ============================================================================
+/**
+ * Create the A2A governance API namespace.
+ *
+ * Returns an object with setGovernanceBlock, getGovernanceBlock,
+ * registerProactiveRule, and listProactiveRules methods.
+ * NOT frozen here — the permission gateway wraps methods before deepFreeze.
+ */
+export function createA2AGovernanceApi(deps) {
+    const { claims, time, missionId, taskId, maxAutoConfidence } = deps;
+    function setGovernanceBlock(block) {
+        // 1. Validate against schema
+        const validation = validateGovernanceBlock(block);
+        if (!validation.ok) {
+            return validation;
+        }
+        // 2. Serialize to JSON string for claim storage
+        const jsonValue = JSON.stringify(block);
+        // 3. Assert via ClaimApi — uses well-known subject for singleton pattern
+        const result = claims.assertClaim({
+            subject: GOVERNANCE_BLOCK_SUBJECT,
+            predicate: GOVERNANCE_BLOCK_PREDICATE,
+            object: { type: 'json', value: jsonValue },
+            confidence: maxAutoConfidence,
+            validAt: time.nowISO(),
+            missionId,
+            taskId,
+            groundingMode: 'runtime_witness',
+            evidenceRefs: [],
+            runtimeWitness: {
+                witnessType: 'governance_block_set',
+                witnessedValues: { action: 'set' },
+                witnessTimestamp: time.nowISO(),
+            },
+        });
+        if (!result.ok) {
+            return result;
+        }
+        return ok(undefined);
+    }
+    function getGovernanceBlock() {
+        // Query for the governance block claim by well-known subject+predicate
+        const result = claims.queryClaims({
+            subject: GOVERNANCE_BLOCK_SUBJECT,
+            predicate: GOVERNANCE_BLOCK_PREDICATE,
+            limit: 1,
+            status: 'active',
+        });
+        if (!result.ok) {
+            return result;
+        }
+        if (result.value.claims.length === 0) {
+            return ok(null);
+        }
+        // Parse the stored JSON back to a GovernanceBlock
+        const claim = result.value.claims[0];
+        const rawValue = typeof claim.claim.object.value === 'string'
+            ? claim.claim.object.value
+            : JSON.stringify(claim.claim.object.value);
+        try {
+            const parsed = JSON.parse(rawValue);
+            return ok(parsed);
+        }
+        catch {
+            return err('INVALID_GOVERNANCE_BLOCK', 'Stored governance block is not valid JSON');
+        }
+    }
+    function registerProactiveRule(rule) {
+        // 1. Validate against schema
+        const validation = validateProactiveRule(rule);
+        if (!validation.ok) {
+            return validation;
+        }
+        // 2. Serialize to JSON string for claim storage
+        const jsonValue = JSON.stringify(rule);
+        // 3. Build subject URN using the rule's id
+        const ruleObj = rule;
+        const subject = `entity:proactive-rule:${ruleObj.id}`;
+        // 4. Assert via ClaimApi
+        const result = claims.assertClaim({
+            subject,
+            predicate: PROACTIVE_RULE_PREDICATE,
+            object: { type: 'json', value: jsonValue },
+            confidence: maxAutoConfidence,
+            validAt: time.nowISO(),
+            missionId,
+            taskId,
+            groundingMode: 'runtime_witness',
+            evidenceRefs: [],
+            runtimeWitness: {
+                witnessType: 'proactive_rule_register',
+                witnessedValues: { ruleId: ruleObj.id },
+                witnessTimestamp: time.nowISO(),
+            },
+        });
+        if (!result.ok) {
+            return result;
+        }
+        return ok({ claimId: result.value.claim.id });
+    }
+    function listProactiveRules(status) {
+        // Validate status if provided
+        const validStatuses = ['active', 'suspended', 'retired'];
+        if (status !== undefined && !validStatuses.includes(status)) {
+            return err('INVALID_PROACTIVE_RULE', `Invalid status: "${status}". Valid values: ${validStatuses.join(', ')}`);
+        }
+        // Query claims via ClaimApi
+        const result = claims.queryClaims({
+            predicate: PROACTIVE_RULE_PREDICATE,
+            subject: null,
+            limit: 100,
+            status: 'active',
+        });
+        if (!result.ok) {
+            return result;
+        }
+        // Transform to BeliefView
+        let beliefs = result.value.claims.map(item => ({
+            claimId: item.claim.id,
+            subject: item.claim.subject,
+            predicate: item.claim.predicate,
+            value: typeof item.claim.object.value === 'string'
+                ? item.claim.object.value
+                : JSON.stringify(item.claim.object.value),
+            confidence: item.claim.confidence,
+            validAt: item.claim.validAt,
+            createdAt: item.claim.createdAt,
+            effectiveConfidence: item.effectiveConfidence,
+            freshness: item.freshness,
+            stability: item.claim.stability,
+            lastAccessedAt: item.claim.lastAccessedAt,
+            accessCount: item.claim.accessCount,
+            reasoning: item.claim.reasoning,
+            superseded: item.superseded,
+            disputed: item.disputed,
+            reviewNeeded: item.reviewNeeded,
+        }));
+        // Filter by rule status if provided
+        if (status !== undefined) {
+            beliefs = beliefs.filter(b => {
+                try {
+                    const parsed = JSON.parse(b.value);
+                    return parsed.status === status;
+                }
+                catch {
+                    return false;
+                }
+            });
+        }
+        return ok(beliefs);
+    }
+    // NOT frozen here — permission gateway wraps methods before deepFreeze.
+    return {
+        setGovernanceBlock,
+        getGovernanceBlock,
+        registerProactiveRule,
+        listProactiveRules,
+    };
+}
+//# sourceMappingURL=a2a_governance_api.js.map

package/dist/api/a2a-governance/a2a_governance_api.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"a2a_governance_api.js","sourceRoot":"","sources":["../../../src/api/a2a-governance/a2a_governance_api.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AASH,OAAO,EACL,uBAAuB,EACvB,qBAAqB,GACtB,MAAM,sCAAsC,CAAC;AAG9C,uBAAuB;AAEvB,SAAS,EAAE,CAAI,KAAQ;IACrB,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;AAC7B,CAAC;AAED,SAAS,GAAG,CAAI,IAAY,EAAE,OAAe;IAC3C,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC;AACjE,CAAC;AAED,+EAA+E;AAC/E,YAAY;AACZ,+EAA+E;AAE/E,uEAAuE;AACvE,MAAM,wBAAwB,GAAG,6BAA6B,CAAC;AAE/D,6CAA6C;AAC7C,MAAM,0BAA0B,GAAG,sBAAsB,CAAC;AAE1D,2CAA2C;AAC3C,MAAM,wBAAwB,GAAG,oBAAoB,CAAC;AAsDtD,+EAA+E;AAC/E,UAAU;AACV,+EAA+E;AAE/E;;;;;;GAMG;AACH,MAAM,UAAU,sBAAsB,CAAC,IAA0B;IAC/D,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,iBAAiB,EAAE,GAAG,IAAI,CAAC;IAEpE,SAAS,kBAAkB,CAAC,KAAa;QACvC,6BAA6B;QAC7B,MAAM,UAAU,GAAG,uBAAuB,CAAC,KAAK,CAAC,CAAC;QAClD,IAAI,CAAC,UAAU,CAAC,EAAE,EAAE,CAAC;YACnB,OAAO,UAAU,CAAC;QACpB,CAAC;QAED,gDAAgD;QAChD,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAExC,yEAAyE;QACzE,MAAM,MAAM,GAAG,MAAM,CAAC,WAAW,CAAC;YAChC,OAAO,EAAE,wBAAwB;YACjC,SAAS,EAAE,0BAA0B;YACrC,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE;YAC1C,UAAU,EAAE,iBAAiB;YAC7B,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE;YACtB,SAAS;YACT,MAAM;YACN,aAAa,EAAE,iBAAiB;YAChC,YAAY,EAAE,EAAE;YAChB,cAAc,EAAE;gBACd,WAAW,EAAE,sBAAsB;gBACnC,eAAe,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE;gBAClC,gBAAgB,EAAE,IAAI,CAAC,MAAM,EAAE;aAChC;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;YACf,OAAO,MAAsB,CAAC;QAChC,CAAC;QAED,OAAO,EAAE,CAAC,SAAS,CAAC,CAAC;IACvB,CAAC;IAED,SAAS,kBAAkB;QACzB,uEAAuE;QACvE,MAAM,MAAM,GAAG,MAAM,CAAC,WAAW,CAAC;YAChC,OAAO,EAAE,wBAAwB;YACjC,SAAS,EAAE,0BAA0B;YACrC,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,QAAQ;SACjB,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;YACf,OAAO,MAAwC,CAAC;QAClD,CAAC;QAED,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACrC,OAAO,EAAE,CAAC,IAAI,CAAC,CAAC;QAClB,CAAC;QAED,kDAAkD;QAClD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAE,CAAC;QACtC,MAAM,QAAQ,GAAG,OAAO,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,KAAK,QAAQ;YAC3D,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK;YAC1B,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAE7C,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAoB,CAAC;YACvD,OAAO,EAAE,CAAC,MAAM,CAAC,CAAC;QACpB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,GAAG,CAAC,0BAA0B,EAAE,2CAA2C,CAAC,CAAC;QACtF,CAAC;IACH,CAAC;IAED,SAAS,qBAAqB,CAAC,IAAY;QACzC,6BAA6B;QAC7B,MAAM,UAAU,GAAG,qBAAqB,CAAC,IAAI,CAAC,CAAC;QAC/C,IAAI,CAAC,UAAU,CAAC,EAAE,EAAE,CAAC;YACnB,OAAO,UAAyC,CAAC;QACnD,CAAC;QAED,gDAAgD;QAChD,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QAEvC,2CAA2C;QAC3C,MAAM,OAAO,GAAG,IAAsB,CAAC;QACvC,MAAM,OAAO,GAAG,yBAAyB,OAAO,CAAC,EAAE,EAAE,CAAC;QAEtD,yBAAyB;QACzB,MAAM,MAAM,GAAG,MAAM,CAAC,WAAW,CAAC;YAChC,OAAO;YACP,SAAS,EAAE,wBAAwB;YACnC,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE;YAC1C,UAAU,EAAE,iBAAiB;YAC7B,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE;YACtB,SAAS;YACT,MAAM;YACN,aAAa,EAAE,iBAAiB;YAChC,YAAY,EAAE,EAAE;YAChB,cAAc,EAAE;gBACd,WAAW,EAAE,yBAAyB;gBACtC,eAAe,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,EAAE;gBACvC,gBAAgB,EAAE,IAAI,CAAC,MAAM,EAAE;aAChC;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;YACf,OAAO,MAAqC,CAAC;QAC/C,CAAC;QAED,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;IAChD,CAAC;IAED,SAAS,kBAAkB,CAAC,MAAe;QACzC,8BAA8B;QAC9B,MAAM,aAAa,GAAG,CAAC,QAAQ,EAAE,WAAW,EAAE,SAAS,CAAC,CAAC;QACzD,IAAI,MAAM,KAAK,SAAS,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC5D,OAAO,GAAG,CAAC,wBAAwB,EACjC,oBAAoB,MAAM,oBAAoB,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC9E,CAAC;QAED,4BAA4B;QAC5B,MAAM,MAAM,GAAG,MAAM,CAAC,WAAW,CAAC;YAChC,SAAS,EAAE,wBAAwB;YACnC,OAAO,EAAE,IAAI;YACb,KAAK,EAAE,GAAG;YACV,MAAM,EAAE,QAAQ;SACjB,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;YACf,OAAO,MAAuC,CAAC;QACjD,CAAC;QAED,0BAA0B;QAC1B,IAAI,OAAO,GAAiB,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC3D,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,EAAE;YACtB,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO;YAC3B,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,SAAS;YAC/B,KAAK,EAAE,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,KAAK,QAAQ;gBAChD,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK;gBACzB,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC;YAC3C,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,UAAU;YACjC,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO;YAC3B,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,SAAS;YAC/B,mBAAmB,EAAE,IAAI,CAAC,mBAAmB;YAC7C,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,SAAS;YAC/B,cAAc,EAAE,IAAI,CAAC,KAAK,CAAC,cAAc;YACzC,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,WAAW;YACnC,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,SAAS;YAC/B,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,YAAY,EAAE,IAAI,CAAC,YAAY;SAChC,CAAC,CAAC,CAAC;QAEJ,oCAAoC;QACpC,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE;gBAC3B,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAwB,CAAC;oBAC1D,OAAO,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC;gBAClC,CAAC;gBAAC,MAAM,CAAC;oBACP,OAAO,KAAK,CAAC;gBACf,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC;QAED,OAAO,EAAE,CAAC,OAAgC,CAAC,CAAC;IAC9C,CAAC;IAED,wEAAwE;IACxE,OAAO;QACL,kBAAkB;QAClB,kBAAkB;QAClB,qBAAqB;QACrB,kBAAkB;KACnB,CAAC;AACJ,CAAC"}

package/dist/api/agents/trust_progression.d.ts

@@ -75,4 +75,24 @@ export type ViolationSeverity = 'low' | 'medium' | 'high' | 'critical';
  *   any on untrusted → null (already at lowest)
  */
 export declare function getDemotionTarget(currentLevel: TrustLevel, severity: ViolationSeverity): TrustLevel | null;
+/**
+ * Map trust levels to classification clearance levels.
+ * Clearance values align with CLASSIFICATION_LEVEL_ORDER in governance_types.ts:
+ *   unrestricted=0, internal=1, confidential=2, restricted=3, critical=4
+ *
+ * untrusted    -> 0 (unrestricted only)
+ * probationary -> 1 (internal and below)
+ * trusted      -> 2 (confidential and below)
+ * admin        -> 4 (all levels including critical)
+ *
+ * This mapping enforces principle of least privilege:
+ * agents must earn trust before accessing sensitive data.
+ */
+export declare const TRUST_TO_CLEARANCE: Readonly<Record<TrustLevel, number>>;
+/**
+ * Get the clearance level for a given trust level.
+ * Returns the maximum classification level the agent can access.
+ * Returns 4 (all) for undefined/null trust (backward compat single-user mode).
+ */
+export declare function getClearanceForTrust(trustLevel: TrustLevel | null | undefined): number;
 //# sourceMappingURL=trust_progression.d.ts.map

package/dist/api/agents/trust_progression.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"trust_progression.d.ts","sourceRoot":"","sources":["../../../src/api/agents/trust_progression.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,kCAAkC,CAAC;AAIhE,MAAM,MAAM,UAAU,GAAG,WAAW,GAAG,cAAc,GAAG,SAAS,GAAG,OAAO,CAAC;AAgB5E;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,UAAU,GAAG,UAAU,GAAG,IAAI,CAExE;AAED;;;;;;;;;GASG;AACH,wBAAgB,iBAAiB,CAC/B,SAAS,EAAE,UAAU,EACrB,WAAW,EAAE,UAAU,EACvB,SAAS,EAAE,QAAQ,GAAG,OAAO,GAC5B;IAAE,KAAK,EAAE,IAAI,CAAA;CAAE,GAAG;IAAE,KAAK,EAAE,KAAK,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CA4BpD;AAED;;;;;;;GAOG;AACH,wBAAgB,kBAAkB,CAChC,UAAU,EAAE,OAAO,GAAG,IAAI,GAAG,SAAS,EACtC,aAAa,EAAE,OAAO,GAAG,MAAM,GAC9B;IAAE,OAAO,EAAE,IAAI,CAAA;CAAE,GAAG;IAAE,OAAO,EAAE,KAAK,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAQxD;AAID;;GAEG;AACH,MAAM,MAAM,iBAAiB,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AAEvE;;;;;;;;;;GAUG;AACH,wBAAgB,iBAAiB,CAC/B,YAAY,EAAE,UAAU,EACxB,QAAQ,EAAE,iBAAiB,GAC1B,UAAU,GAAG,IAAI,CAmBnB"}
+{"version":3,"file":"trust_progression.d.ts","sourceRoot":"","sources":["../../../src/api/agents/trust_progression.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,kCAAkC,CAAC;AAIhE,MAAM,MAAM,UAAU,GAAG,WAAW,GAAG,cAAc,GAAG,SAAS,GAAG,OAAO,CAAC;AAgB5E;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,UAAU,GAAG,UAAU,GAAG,IAAI,CAExE;AAED;;;;;;;;;GASG;AACH,wBAAgB,iBAAiB,CAC/B,SAAS,EAAE,UAAU,EACrB,WAAW,EAAE,UAAU,EACvB,SAAS,EAAE,QAAQ,GAAG,OAAO,GAC5B;IAAE,KAAK,EAAE,IAAI,CAAA;CAAE,GAAG;IAAE,KAAK,EAAE,KAAK,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CA4BpD;AAED;;;;;;;GAOG;AACH,wBAAgB,kBAAkB,CAChC,UAAU,EAAE,OAAO,GAAG,IAAI,GAAG,SAAS,EACtC,aAAa,EAAE,OAAO,GAAG,MAAM,GAC9B;IAAE,OAAO,EAAE,IAAI,CAAA;CAAE,GAAG;IAAE,OAAO,EAAE,KAAK,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAQxD;AAID;;GAEG;AACH,MAAM,MAAM,iBAAiB,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AAEvE;;;;;;;;;;GAUG;AACH,wBAAgB,iBAAiB,CAC/B,YAAY,EAAE,UAAU,EACxB,QAAQ,EAAE,iBAAiB,GAC1B,UAAU,GAAG,IAAI,CAmBnB;AAID;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,kBAAkB,EAAE,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,CAKnE,CAAC;AAEF;;;;GAIG;AACH,wBAAgB,oBAAoB,CAAC,UAAU,EAAE,UAAU,GAAG,IAAI,GAAG,SAAS,GAAG,MAAM,CAGtF"}

package/dist/api/agents/trust_progression.js

@@ -121,4 +121,34 @@ export function getDemotionTarget(currentLevel, severity) {
     };
     return demotionMap[currentLevel];
 }
+// ─── v3.0.0 EG-03: Trust-to-Clearance Mapping ───
+/**
+ * Map trust levels to classification clearance levels.
+ * Clearance values align with CLASSIFICATION_LEVEL_ORDER in governance_types.ts:
+ *   unrestricted=0, internal=1, confidential=2, restricted=3, critical=4
+ *
+ * untrusted    -> 0 (unrestricted only)
+ * probationary -> 1 (internal and below)
+ * trusted      -> 2 (confidential and below)
+ * admin        -> 4 (all levels including critical)
+ *
+ * This mapping enforces principle of least privilege:
+ * agents must earn trust before accessing sensitive data.
+ */
+export const TRUST_TO_CLEARANCE = {
+    untrusted: 0,
+    probationary: 1,
+    trusted: 2,
+    admin: 4,
+};
+/**
+ * Get the clearance level for a given trust level.
+ * Returns the maximum classification level the agent can access.
+ * Returns 4 (all) for undefined/null trust (backward compat single-user mode).
+ */
+export function getClearanceForTrust(trustLevel) {
+    if (trustLevel === null || trustLevel === undefined)
+        return 4; // full access
+    return TRUST_TO_CLEARANCE[trustLevel] ?? 4;
+}
 //# sourceMappingURL=trust_progression.js.map

package/dist/api/agents/trust_progression.js.map

@@ -1 +1 @@
-{"version":3,"file":"trust_progression.js","sourceRoot":"","sources":["../../../src/api/agents/trust_progression.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAQH,wCAAwC;AAExC;;;;GAIG;AACH,MAAM,UAAU,GAA0C;IACxD,SAAS,EAAE,cAAc;IACzB,YAAY,EAAE,SAAS;IACvB,OAAO,EAAE,OAAO;IAChB,KAAK,EAAE,IAAI,EAAE,sCAAsC;CACpD,CAAC;AAEF;;;GAGG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAAmB;IACnD,OAAO,UAAU,CAAC,OAAO,CAAC,CAAC;AAC7B,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,iBAAiB,CAC/B,SAAqB,EACrB,WAAuB,EACvB,SAA6B;IAE7B,gCAAgC;IAChC,IAAI,SAAS,KAAK,WAAW,EAAE,CAAC;QAC9B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,2BAA2B,SAAS,IAAI,EAAE,CAAC;IAC5E,CAAC;IAED,2CAA2C;IAC3C,MAAM,QAAQ,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;IACvC,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;QACtB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,0CAA0C,EAAE,CAAC;IAC9E,CAAC;IAED,IAAI,WAAW,KAAK,QAAQ,EAAE,CAAC;QAC7B,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,+BAA+B,SAAS,QAAQ,WAAW,uBAAuB,QAAQ,yBAAyB;SAC5H,CAAC;IACJ,CAAC;IAED,6BAA6B;IAC7B,IAAI,WAAW,KAAK,OAAO,IAAI,SAAS,KAAK,OAAO,EAAE,CAAC;QACrD,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,0CAA0C,SAAS,uCAAuC;SACnG,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;AACzB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,kBAAkB,CAChC,UAAsC,EACtC,aAA+B;IAE/B,IAAI,UAAU,IAAI,UAAU,KAAK,aAAa,EAAE,CAAC;QAC/C,OAAO;YACL,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,2DAA2D;SACpE,CAAC;IACJ,CAAC;IACD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AAC3B,CAAC;AASD;;;;;;;;;;GAUG;AACH,MAAM,UAAU,iBAAiB,CAC/B,YAAwB,EACxB,QAA2B;IAE3B,iDAAiD;IACjD,IAAI,YAAY,KAAK,WAAW,EAAE,CAAC;QACjC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,wEAAwE;IACxE,IAAI,QAAQ,KAAK,UAAU,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;QACnD,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,sCAAsC;IACtC,MAAM,WAAW,GAAyD;QACxE,KAAK,EAAE,SAAS;QAChB,OAAO,EAAE,cAAc;QACvB,YAAY,EAAE,WAAW;KAC1B,CAAC;IAEF,OAAO,WAAW,CAAC,YAAY,CAAC,CAAC;AACnC,CAAC"}
+{"version":3,"file":"trust_progression.js","sourceRoot":"","sources":["../../../src/api/agents/trust_progression.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAQH,wCAAwC;AAExC;;;;GAIG;AACH,MAAM,UAAU,GAA0C;IACxD,SAAS,EAAE,cAAc;IACzB,YAAY,EAAE,SAAS;IACvB,OAAO,EAAE,OAAO;IAChB,KAAK,EAAE,IAAI,EAAE,sCAAsC;CACpD,CAAC;AAEF;;;GAGG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAAmB;IACnD,OAAO,UAAU,CAAC,OAAO,CAAC,CAAC;AAC7B,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,iBAAiB,CAC/B,SAAqB,EACrB,WAAuB,EACvB,SAA6B;IAE7B,gCAAgC;IAChC,IAAI,SAAS,KAAK,WAAW,EAAE,CAAC;QAC9B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,2BAA2B,SAAS,IAAI,EAAE,CAAC;IAC5E,CAAC;IAED,2CAA2C;IAC3C,MAAM,QAAQ,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;IACvC,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;QACtB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,0CAA0C,EAAE,CAAC;IAC9E,CAAC;IAED,IAAI,WAAW,KAAK,QAAQ,EAAE,CAAC;QAC7B,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,+BAA+B,SAAS,QAAQ,WAAW,uBAAuB,QAAQ,yBAAyB;SAC5H,CAAC;IACJ,CAAC;IAED,6BAA6B;IAC7B,IAAI,WAAW,KAAK,OAAO,IAAI,SAAS,KAAK,OAAO,EAAE,CAAC;QACrD,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,0CAA0C,SAAS,uCAAuC;SACnG,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;AACzB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,kBAAkB,CAChC,UAAsC,EACtC,aAA+B;IAE/B,IAAI,UAAU,IAAI,UAAU,KAAK,aAAa,EAAE,CAAC;QAC/C,OAAO;YACL,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,2DAA2D;SACpE,CAAC;IACJ,CAAC;IACD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AAC3B,CAAC;AASD;;;;;;;;;;GAUG;AACH,MAAM,UAAU,iBAAiB,CAC/B,YAAwB,EACxB,QAA2B;IAE3B,iDAAiD;IACjD,IAAI,YAAY,KAAK,WAAW,EAAE,CAAC;QACjC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,wEAAwE;IACxE,IAAI,QAAQ,KAAK,UAAU,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;QACnD,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,sCAAsC;IACtC,MAAM,WAAW,GAAyD;QACxE,KAAK,EAAE,SAAS;QAChB,OAAO,EAAE,cAAc;QACvB,YAAY,EAAE,WAAW;KAC1B,CAAC;IAEF,OAAO,WAAW,CAAC,YAAY,CAAC,CAAC;AACnC,CAAC;AAED,mDAAmD;AAEnD;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAyC;IACtE,SAAS,EAAE,CAAC;IACZ,YAAY,EAAE,CAAC;IACf,OAAO,EAAE,CAAC;IACV,KAAK,EAAE,CAAC;CACT,CAAC;AAEF;;;;GAIG;AACH,MAAM,UAAU,oBAAoB,CAAC,UAAyC;IAC5E,IAAI,UAAU,KAAK,IAAI,IAAI,UAAU,KAAK,SAAS;QAAE,OAAO,CAAC,CAAC,CAAC,cAAc;IAC7E,OAAO,kBAAkB,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;AAC7C,CAAC"}

package/dist/api/cognitive/cognitive_api.d.ts

@@ -27,14 +27,21 @@ import type { RetractClaimHandler, RelateClaimsHandler } from '../../claims/inte
 import type { VectorStore } from '../../vector/vector_store.js';
 import type { EmbeddingProvider } from '../../vector/vector_types.js';
 import type { ConsolidationOptions, ConsolidationResult, ImportanceScore, ImportanceWeights, NarrativeSnapshot, VerificationResult, VerificationProvider, ConnectionSuggestion, SelfHealingConfig } from '../../cognitive/cognitive_types.js';
+import type { CompileOptions, CompiledContext } from '../../cognitive/context_compiler.js';
+import type { PrepareForTaskOptions, PreparedContext } from '../../cognitive/task_preparation.js';
 import { type CognitiveHealthReport, type CognitiveHealthConfig } from '../../cognitive/health.js';
+import type { DeltaOptions, DeltaResult } from '../../cognitive/cognitive_types.js';
 /**
  * Phase 5 + Phase 12: Cognitive API namespace interface.
  * Exposed as `limen.cognitive` on the Limen public API.
  */
 export interface CognitiveNamespace {
-    /** Phase 5 §5.3: Compute cognitive health report. Synchronous. */
+    /** Phase 5 §5.3 + FR-003: Compute cognitive health report. Synchronous. Supports maxAge caching. */
     health(config?: CognitiveHealthConfig): Result<CognitiveHealthReport>;
+    /** FR-003: Query claim changes since a timestamp. */
+    delta(options: DeltaOptions): Result<DeltaResult>;
+    /** FR-003: Invalidate cached health result. Called internally on mutations. */
+    invalidateHealthCache(): void;
     /** Phase 12 §12.6: Run consolidation (merge + archive + suggest resolution). */
     consolidate(options?: ConsolidationOptions): Result<ConsolidationResult>;
     /** Phase 12 §12.7: Verify a claim via external provider. ONLY async method. */
@@ -49,6 +56,10 @@ export interface CognitiveNamespace {
     acceptSuggestion(suggestionId: string): Result<void>;
     /** Phase 12: Reject a pending connection suggestion. */
     rejectSuggestion(suggestionId: string): Result<void>;
+    /** FR-006: Compile claims from a domain into reasoning-ready context. */
+    compile(options: CompileOptions): Result<CompiledContext>;
+    /** FR-008: Prepare task-aware context for an agent based on role and task description. */
+    prepareForTask(options: PrepareForTaskOptions): Result<PreparedContext>;
 }
 /**
  * Dependencies for creating the CognitiveNamespace.

package/dist/api/cognitive/cognitive_api.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"cognitive_api.d.ts","sourceRoot":"","sources":["../../../src/api/cognitive/cognitive_api.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAa,MAAM,kCAAkC,CAAC;AAC1E,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,kCAAkC,CAAC;AACjE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AAC1E,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,qCAAqC,CAAC;AAClF,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AACpE,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACxE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AACpE,OAAO,KAAK,EAAE,mBAAmB,EAAE,mBAAmB,EAAW,MAAM,wCAAwC,CAAC;AAChH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AACtE,OAAO,KAAK,EACV,oBAAoB,EAAE,mBAAmB,EACzC,eAAe,EAAE,iBAAiB,EAClC,iBAAiB,EACjB,kBAAkB,EAAE,oBAAoB,EACxC,oBAAoB,EACpB,iBAAiB,EAClB,MAAM,oCAAoC,CAAC;AAC5C,OAAO,EAEL,KAAK,qBAAqB,EAC1B,KAAK,qBAAqB,EAC3B,MAAM,2BAA2B,CAAC;AAQnC;;;GAGG;AACH,MAAM,WAAW,kBAAkB;IACjC,kEAAkE;IAClE,MAAM,CAAC,MAAM,CAAC,EAAE,qBAAqB,GAAG,MAAM,CAAC,qBAAqB,CAAC,CAAC;IAEtE,gFAAgF;IAChF,WAAW,CAAC,OAAO,CAAC,EAAE,oBAAoB,GAAG,MAAM,CAAC,mBAAmB,CAAC,CAAC;IAEzE,+EAA+E;IAC/E,MAAM,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC,CAAC;IAE7D,4EAA4E;IAC5E,SAAS,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,GAAG,MAAM,CAAC,iBAAiB,CAAC,CAAC;IAEhE,4DAA4D;IAC5D,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,iBAAiB,GAAG,MAAM,CAAC,eAAe,CAAC,CAAC;IAElF,gFAAgF;IAChF,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,oBAAoB,EAAE,CAAC,CAAC,CAAC;IAE7E,mFAAmF;IACnF,gBAAgB,CAAC,YAAY,EAAE,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;IAErD,wDAAwD;IACxD,gBAAgB,CAAC,YAAY,EAAE,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;CACtD;AAED;;;GAGG;AACH,MAAM,WAAW,sBAAsB;IACrC,QAAQ,CAAC,aAAa,EAAE,MAAM,sBAAsB,CAAC;IACrD,QAAQ,CAAC,UAAU,EAAE,MAAM,gBAAgB,CAAC;IAC5C,QAAQ,CAAC,WAAW,EAAE,MAAM,QAAQ,GAAG,IAAI,CAAC;IAC5C,QAAQ,CAAC,IAAI,EAAE,YAAY,CAAC;IAC5B,QAAQ,CAAC,mBAAmB,CAAC,EAAE,mBAAmB,GAAG,SAAS,CAAC;IAC/D,QAAQ,CAAC,eAAe,CAAC,EAAE,eAAe,GAAG,SAAS,CAAC;IAEvD,QAAQ,CAAC,YAAY,CAAC,EAAE,mBAAmB,GAAG,SAAS,CAAC;IACxD,QAAQ,CAAC,YAAY,CAAC,EAAE,mBAAmB,GAAG,SAAS,CAAC;IACxD,QAAQ,CAAC,WAAW,CAAC,EAAE,WAAW,GAAG,IAAI,GAAG,SAAS,CAAC;IACtD,QAAQ,CAAC,iBAAiB,CAAC,EAAE,iBAAiB,GAAG,IAAI,GAAG,SAAS,CAAC;IAClE,QAAQ,CAAC,oBAAoB,CAAC,EAAE,oBAAoB,GAAG,IAAI,GAAG,SAAS,CAAC;IACxE,QAAQ,CAAC,iBAAiB,CAAC,EAAE,iBAAiB,GAAG,SAAS,CAAC;IAC3D,QAAQ,CAAC,iBAAiB,CAAC,EAAE,iBAAiB,GAAG,SAAS,CAAC;CAC5D;AAcD;;;GAGG;AACH,wBAAgB,wBAAwB,CAAC,IAAI,EAAE,sBAAsB,GAAG,kBAAkB,CAuPzF"}
+{"version":3,"file":"cognitive_api.d.ts","sourceRoot":"","sources":["../../../src/api/cognitive/cognitive_api.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAa,MAAM,kCAAkC,CAAC;AAC1E,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,kCAAkC,CAAC;AACjE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AAC1E,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,qCAAqC,CAAC;AAClF,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AACpE,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACxE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AACpE,OAAO,KAAK,EAAE,mBAAmB,EAAE,mBAAmB,EAAW,MAAM,wCAAwC,CAAC;AAChH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AACtE,OAAO,KAAK,EACV,oBAAoB,EAAE,mBAAmB,EACzC,eAAe,EAAE,iBAAiB,EAClC,iBAAiB,EACjB,kBAAkB,EAAE,oBAAoB,EACxC,oBAAoB,EACpB,iBAAiB,EAClB,MAAM,oCAAoC,CAAC;AAC5C,OAAO,KAAK,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,qCAAqC,CAAC;AAE3F,OAAO,KAAK,EAAE,qBAAqB,EAAE,eAAe,EAAE,MAAM,qCAAqC,CAAC;AAElG,OAAO,EAIL,KAAK,qBAAqB,EAC1B,KAAK,qBAAqB,EAC3B,MAAM,2BAA2B,CAAC;AACnC,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,oCAAoC,CAAC;AAQpF;;;GAGG;AACH,MAAM,WAAW,kBAAkB;IACjC,oGAAoG;IACpG,MAAM,CAAC,MAAM,CAAC,EAAE,qBAAqB,GAAG,MAAM,CAAC,qBAAqB,CAAC,CAAC;IAEtE,qDAAqD;IACrD,KAAK,CAAC,OAAO,EAAE,YAAY,GAAG,MAAM,CAAC,WAAW,CAAC,CAAC;IAElD,+EAA+E;IAC/E,qBAAqB,IAAI,IAAI,CAAC;IAE9B,gFAAgF;IAChF,WAAW,CAAC,OAAO,CAAC,EAAE,oBAAoB,GAAG,MAAM,CAAC,mBAAmB,CAAC,CAAC;IAEzE,+EAA+E;IAC/E,MAAM,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC,CAAC;IAE7D,4EAA4E;IAC5E,SAAS,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,GAAG,MAAM,CAAC,iBAAiB,CAAC,CAAC;IAEhE,4DAA4D;IAC5D,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,iBAAiB,GAAG,MAAM,CAAC,eAAe,CAAC,CAAC;IAElF,gFAAgF;IAChF,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,oBAAoB,EAAE,CAAC,CAAC,CAAC;IAE7E,mFAAmF;IACnF,gBAAgB,CAAC,YAAY,EAAE,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;IAErD,wDAAwD;IACxD,gBAAgB,CAAC,YAAY,EAAE,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;IAErD,yEAAyE;IACzE,OAAO,CAAC,OAAO,EAAE,cAAc,GAAG,MAAM,CAAC,eAAe,CAAC,CAAC;IAE1D,0FAA0F;IAC1F,cAAc,CAAC,OAAO,EAAE,qBAAqB,GAAG,MAAM,CAAC,eAAe,CAAC,CAAC;CACzE;AAED;;;GAGG;AACH,MAAM,WAAW,sBAAsB;IACrC,QAAQ,CAAC,aAAa,EAAE,MAAM,sBAAsB,CAAC;IACrD,QAAQ,CAAC,UAAU,EAAE,MAAM,gBAAgB,CAAC;IAC5C,QAAQ,CAAC,WAAW,EAAE,MAAM,QAAQ,GAAG,IAAI,CAAC;IAC5C,QAAQ,CAAC,IAAI,EAAE,YAAY,CAAC;IAC5B,QAAQ,CAAC,mBAAmB,CAAC,EAAE,mBAAmB,GAAG,SAAS,CAAC;IAC/D,QAAQ,CAAC,eAAe,CAAC,EAAE,eAAe,GAAG,SAAS,CAAC;IAEvD,QAAQ,CAAC,YAAY,CAAC,EAAE,mBAAmB,GAAG,SAAS,CAAC;IACxD,QAAQ,CAAC,YAAY,CAAC,EAAE,mBAAmB,GAAG,SAAS,CAAC;IACxD,QAAQ,CAAC,WAAW,CAAC,EAAE,WAAW,GAAG,IAAI,GAAG,SAAS,CAAC;IACtD,QAAQ,CAAC,iBAAiB,CAAC,EAAE,iBAAiB,GAAG,IAAI,GAAG,SAAS,CAAC;IAClE,QAAQ,CAAC,oBAAoB,CAAC,EAAE,oBAAoB,GAAG,IAAI,GAAG,SAAS,CAAC;IACxE,QAAQ,CAAC,iBAAiB,CAAC,EAAE,iBAAiB,GAAG,SAAS,CAAC;IAC3D,QAAQ,CAAC,iBAAiB,CAAC,EAAE,iBAAiB,GAAG,SAAS,CAAC;CAC5D;AAcD;;;GAGG;AACH,wBAAgB,wBAAwB,CAAC,IAAI,EAAE,sBAAsB,GAAG,kBAAkB,CAkUzF"}