npm - moflo - Versions diffs - 4.8.16 → 4.8.19 - Mend

moflo 4.8.16 → 4.8.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (468) hide show

package/.claude/agents/browser/browser-agent.yaml +182 -182
package/.claude/agents/core/coder.md +265 -265
package/.claude/agents/core/planner.md +167 -167
package/.claude/agents/core/researcher.md +189 -189
package/.claude/agents/core/reviewer.md +325 -325
package/.claude/agents/core/tester.md +318 -318
package/.claude/agents/database-specialist.yaml +21 -21
package/.claude/agents/dual-mode/codex-coordinator.md +224 -224
package/.claude/agents/dual-mode/codex-worker.md +211 -211
package/.claude/agents/dual-mode/dual-orchestrator.md +291 -291
package/.claude/agents/github/code-review-swarm.md +537 -537
package/.claude/agents/github/github-modes.md +172 -172
package/.claude/agents/github/issue-tracker.md +318 -318
package/.claude/agents/github/multi-repo-swarm.md +552 -552
package/.claude/agents/github/pr-manager.md +190 -190
package/.claude/agents/github/project-board-sync.md +508 -508
package/.claude/agents/github/release-manager.md +366 -366
package/.claude/agents/github/release-swarm.md +582 -582
package/.claude/agents/github/repo-architect.md +397 -397
package/.claude/agents/github/swarm-issue.md +572 -572
package/.claude/agents/github/swarm-pr.md +427 -427
package/.claude/agents/github/sync-coordinator.md +451 -451
package/.claude/agents/github/workflow-automation.md +634 -634
package/.claude/agents/goal/code-goal-planner.md +445 -445
package/.claude/agents/hive-mind/collective-intelligence-coordinator.md +129 -129
package/.claude/agents/hive-mind/queen-coordinator.md +202 -202
package/.claude/agents/hive-mind/scout-explorer.md +241 -241
package/.claude/agents/hive-mind/swarm-memory-manager.md +192 -192
package/.claude/agents/hive-mind/worker-specialist.md +216 -216
package/.claude/agents/index.yaml +17 -17
package/.claude/agents/neural/safla-neural.md +73 -73
package/.claude/agents/project-coordinator.yaml +15 -15
package/.claude/agents/python-specialist.yaml +21 -21
package/.claude/agents/reasoning/goal-planner.md +72 -72
package/.claude/agents/security-auditor.yaml +20 -20
package/.claude/agents/swarm/adaptive-coordinator.md +395 -395
package/.claude/agents/swarm/hierarchical-coordinator.md +326 -326
package/.claude/agents/swarm/mesh-coordinator.md +391 -391
package/.claude/agents/templates/migration-plan.md +745 -745
package/.claude/agents/typescript-specialist.yaml +21 -21
package/.claude/checkpoints/1767754460.json +8 -8
package/.claude/commands/agents/agent-spawning.md +28 -28
package/.claude/commands/github/github-modes.md +146 -146
package/.claude/commands/github/github-swarm.md +121 -121
package/.claude/commands/github/issue-tracker.md +291 -291
package/.claude/commands/github/pr-manager.md +169 -169
package/.claude/commands/github/release-manager.md +337 -337
package/.claude/commands/github/repo-architect.md +366 -366
package/.claude/commands/github/sync-coordinator.md +300 -300
package/.claude/commands/memory/neural.md +47 -47
package/.claude/commands/sparc/analyzer.md +51 -51
package/.claude/commands/sparc/architect.md +53 -53
package/.claude/commands/sparc/ask.md +97 -97
package/.claude/commands/sparc/batch-executor.md +54 -54
package/.claude/commands/sparc/code.md +89 -89
package/.claude/commands/sparc/coder.md +54 -54
package/.claude/commands/sparc/debug.md +83 -83
package/.claude/commands/sparc/debugger.md +54 -54
package/.claude/commands/sparc/designer.md +53 -53
package/.claude/commands/sparc/devops.md +109 -109
package/.claude/commands/sparc/docs-writer.md +80 -80
package/.claude/commands/sparc/documenter.md +54 -54
package/.claude/commands/sparc/innovator.md +54 -54
package/.claude/commands/sparc/integration.md +83 -83
package/.claude/commands/sparc/mcp.md +117 -117
package/.claude/commands/sparc/memory-manager.md +54 -54
package/.claude/commands/sparc/optimizer.md +54 -54
package/.claude/commands/sparc/orchestrator.md +131 -131
package/.claude/commands/sparc/post-deployment-monitoring-mode.md +83 -83
package/.claude/commands/sparc/refinement-optimization-mode.md +83 -83
package/.claude/commands/sparc/researcher.md +54 -54
package/.claude/commands/sparc/reviewer.md +54 -54
package/.claude/commands/sparc/security-review.md +80 -80
package/.claude/commands/sparc/sparc-modes.md +174 -174
package/.claude/commands/sparc/sparc.md +111 -111
package/.claude/commands/sparc/spec-pseudocode.md +80 -80
package/.claude/commands/sparc/supabase-admin.md +348 -348
package/.claude/commands/sparc/swarm-coordinator.md +54 -54
package/.claude/commands/sparc/tdd.md +54 -54
package/.claude/commands/sparc/tester.md +54 -54
package/.claude/commands/sparc/tutorial.md +79 -79
package/.claude/commands/sparc/workflow-manager.md +54 -54
package/.claude/commands/sparc.md +166 -166
package/.claude/commands/swarm/analysis.md +95 -95
package/.claude/commands/swarm/development.md +96 -96
package/.claude/commands/swarm/examples.md +168 -168
package/.claude/commands/swarm/maintenance.md +102 -102
package/.claude/commands/swarm/optimization.md +117 -117
package/.claude/commands/swarm/research.md +136 -136
package/.claude/commands/swarm/testing.md +131 -131
package/.claude/commands/workflows/development.md +77 -77
package/.claude/commands/workflows/research.md +62 -62
package/.claude/guidance/moflo-bootstrap.md +126 -126
package/.claude/guidance/shipped/agent-bootstrap.md +126 -126
package/.claude/guidance/shipped/guidance-memory-strategy.md +262 -262
package/.claude/guidance/shipped/memory-strategy.md +204 -204
package/.claude/guidance/shipped/moflo.md +608 -608
package/.claude/guidance/shipped/task-swarm-integration.md +441 -441
package/.claude/helpers/intelligence.cjs +207 -207
package/.claude/helpers/statusline.cjs +851 -851
package/.claude/skills/fl/SKILL.md +583 -583
package/.claude/skills/flo/SKILL.md +583 -583
package/.claude/skills/github-code-review/SKILL.md +1140 -1140
package/.claude/skills/github-multi-repo/SKILL.md +874 -874
package/.claude/skills/github-project-management/SKILL.md +1277 -1277
package/.claude/skills/github-release-management/SKILL.md +1081 -1081
package/.claude/skills/github-workflow-automation/SKILL.md +1065 -1065
package/.claude/skills/hive-mind-advanced/SKILL.md +712 -712
package/.claude/skills/hooks-automation/SKILL.md +1201 -1201
package/.claude/skills/performance-analysis/SKILL.md +563 -563
package/.claude/skills/sparc-methodology/SKILL.md +1115 -1115
package/.claude/skills/swarm-advanced/SKILL.md +973 -973
package/LICENSE +21 -21
package/README.md +685 -685
package/bin/cli.js +0 -0
package/bin/gate-hook.mjs +50 -50
package/bin/gate.cjs +138 -138
package/bin/generate-code-map.mjs +91 -12
package/bin/hook-handler.cjs +83 -83
package/bin/hooks.mjs +656 -656
package/bin/index-guidance.mjs +892 -892
package/bin/index-tests.mjs +709 -709
package/bin/lib/process-manager.mjs +243 -243
package/bin/lib/registry-cleanup.cjs +41 -41
package/bin/prompt-hook.mjs +72 -72
package/bin/semantic-search.mjs +472 -472
package/bin/session-start-launcher.mjs +238 -226
package/bin/setup-project.mjs +250 -250
package/package.json +123 -121
package/src/@claude-flow/cli/README.md +452 -452
package/src/@claude-flow/cli/bin/cli.js +180 -175
package/src/@claude-flow/cli/bin/preinstall.cjs +2 -2
package/src/@claude-flow/cli/dist/src/commands/completions.js +409 -409
package/src/@claude-flow/cli/dist/src/commands/doctor.js +1091 -1091
package/src/@claude-flow/cli/dist/src/commands/embeddings.js +25 -25
package/src/@claude-flow/cli/dist/src/commands/github.js +61 -61
package/src/@claude-flow/cli/dist/src/commands/hive-mind.js +90 -90
package/src/@claude-flow/cli/dist/src/commands/hooks.js +9 -9
package/src/@claude-flow/cli/dist/src/commands/ruvector/import.js +14 -14
package/src/@claude-flow/cli/dist/src/commands/ruvector/setup.js +624 -624
package/src/@claude-flow/cli/dist/src/config/moflo-config.js +91 -91
package/src/@claude-flow/cli/dist/src/init/claudemd-generator.d.ts +29 -29
package/src/@claude-flow/cli/dist/src/init/claudemd-generator.js +43 -43
package/src/@claude-flow/cli/dist/src/init/executor.js +485 -453
package/src/@claude-flow/cli/dist/src/init/helpers-generator.js +482 -482
package/src/@claude-flow/cli/dist/src/init/moflo-init.d.ts +30 -30
package/src/@claude-flow/cli/dist/src/init/moflo-init.js +848 -839
package/src/@claude-flow/cli/dist/src/init/settings-generator.js +6 -2
package/src/@claude-flow/cli/dist/src/init/statusline-generator.js +786 -786
package/src/@claude-flow/cli/dist/src/memory/memory-initializer.js +371 -371
package/src/@claude-flow/cli/dist/src/runtime/headless.js +28 -28
package/src/@claude-flow/cli/dist/src/services/agentic-flow-bridge.js +6 -0
package/src/@claude-flow/cli/dist/src/services/headless-worker-executor.js +84 -84
package/src/@claude-flow/cli/package.json +1 -1
package/src/@claude-flow/guidance/README.md +1195 -1195
package/src/@claude-flow/guidance/dist/adversarial.d.ts +284 -0
package/src/@claude-flow/guidance/dist/adversarial.js +572 -0
package/src/@claude-flow/guidance/dist/analyzer.d.ts +530 -0
package/src/@claude-flow/guidance/dist/analyzer.js +2518 -0
package/src/@claude-flow/guidance/dist/artifacts.d.ts +283 -0
package/src/@claude-flow/guidance/dist/artifacts.js +356 -0
package/src/@claude-flow/guidance/dist/authority.d.ts +290 -0
package/src/@claude-flow/guidance/dist/authority.js +558 -0
package/src/@claude-flow/guidance/dist/capabilities.d.ts +209 -0
package/src/@claude-flow/guidance/dist/capabilities.js +485 -0
package/src/@claude-flow/guidance/dist/coherence.d.ts +233 -0
package/src/@claude-flow/guidance/dist/coherence.js +372 -0
package/src/@claude-flow/guidance/dist/compiler.d.ts +87 -0
package/src/@claude-flow/guidance/dist/compiler.js +419 -0
package/src/@claude-flow/guidance/dist/conformance-kit.d.ts +225 -0
package/src/@claude-flow/guidance/dist/conformance-kit.js +629 -0
package/src/@claude-flow/guidance/dist/continue-gate.d.ts +214 -0
package/src/@claude-flow/guidance/dist/continue-gate.js +353 -0
package/src/@claude-flow/guidance/dist/crypto-utils.d.ts +17 -0
package/src/@claude-flow/guidance/dist/crypto-utils.js +24 -0
package/src/@claude-flow/guidance/dist/evolution.d.ts +282 -0
package/src/@claude-flow/guidance/dist/evolution.js +500 -0
package/src/@claude-flow/guidance/dist/gates.d.ts +79 -0
package/src/@claude-flow/guidance/dist/gates.js +302 -0
package/src/@claude-flow/guidance/dist/gateway.d.ts +206 -0
package/src/@claude-flow/guidance/dist/gateway.js +452 -0
package/src/@claude-flow/guidance/dist/generators.d.ts +153 -0
package/src/@claude-flow/guidance/dist/generators.js +682 -0
package/src/@claude-flow/guidance/dist/headless.d.ts +177 -0
package/src/@claude-flow/guidance/dist/headless.js +342 -0
package/src/@claude-flow/guidance/dist/hooks.d.ts +109 -0
package/src/@claude-flow/guidance/dist/hooks.js +347 -0
package/src/@claude-flow/guidance/dist/index.d.ts +205 -0
package/src/@claude-flow/guidance/dist/index.js +321 -0
package/src/@claude-flow/guidance/dist/ledger.d.ts +162 -0
package/src/@claude-flow/guidance/dist/ledger.js +375 -0
package/src/@claude-flow/guidance/dist/manifest-validator.d.ts +289 -0
package/src/@claude-flow/guidance/dist/manifest-validator.js +838 -0
package/src/@claude-flow/guidance/dist/memory-gate.d.ts +222 -0
package/src/@claude-flow/guidance/dist/memory-gate.js +382 -0
package/src/@claude-flow/guidance/dist/meta-governance.d.ts +265 -0
package/src/@claude-flow/guidance/dist/meta-governance.js +348 -0
package/src/@claude-flow/guidance/dist/optimizer.d.ts +104 -0
package/src/@claude-flow/guidance/dist/optimizer.js +329 -0
package/src/@claude-flow/guidance/dist/persistence.d.ts +189 -0
package/src/@claude-flow/guidance/dist/persistence.js +464 -0
package/src/@claude-flow/guidance/dist/proof.d.ts +185 -0
package/src/@claude-flow/guidance/dist/proof.js +238 -0
package/src/@claude-flow/guidance/dist/retriever.d.ts +116 -0
package/src/@claude-flow/guidance/dist/retriever.js +394 -0
package/src/@claude-flow/guidance/dist/ruvbot-integration.d.ts +370 -0
package/src/@claude-flow/guidance/dist/ruvbot-integration.js +738 -0
package/src/@claude-flow/guidance/dist/temporal.d.ts +426 -0
package/src/@claude-flow/guidance/dist/temporal.js +658 -0
package/src/@claude-flow/guidance/dist/trust.d.ts +283 -0
package/src/@claude-flow/guidance/dist/trust.js +473 -0
package/src/@claude-flow/guidance/dist/truth-anchors.d.ts +276 -0
package/src/@claude-flow/guidance/dist/truth-anchors.js +488 -0
package/src/@claude-flow/guidance/dist/types.d.ts +378 -0
package/src/@claude-flow/guidance/dist/types.js +10 -0
package/src/@claude-flow/guidance/dist/uncertainty.d.ts +372 -0
package/src/@claude-flow/guidance/dist/uncertainty.js +619 -0
package/src/@claude-flow/guidance/dist/wasm-kernel.d.ts +48 -0
package/src/@claude-flow/guidance/dist/wasm-kernel.js +158 -0
package/src/@claude-flow/guidance/package.json +198 -198
package/src/@claude-flow/memory/README.md +587 -587
package/src/@claude-flow/memory/package.json +44 -44
package/src/@claude-flow/shared/README.md +323 -323
package/src/README.md +493 -493
package/.claude/settings.local.json +0 -18
package/.claude/workflow-state.json +0 -9
package/src/@claude-flow/cli/dist/src/services/container-worker-pool.d.ts +0 -197
package/src/@claude-flow/cli/dist/src/services/container-worker-pool.js +0 -584
package/src/@claude-flow/memory/dist/agent-memory-scope.d.ts +0 -131
package/src/@claude-flow/memory/dist/agent-memory-scope.js +0 -223
package/src/@claude-flow/memory/dist/agent-memory-scope.test.d.ts +0 -8
package/src/@claude-flow/memory/dist/agent-memory-scope.test.js +0 -463
package/src/@claude-flow/memory/dist/agentdb-adapter.d.ts +0 -165
package/src/@claude-flow/memory/dist/agentdb-adapter.js +0 -806
package/src/@claude-flow/memory/dist/agentdb-backend.d.ts +0 -214
package/src/@claude-flow/memory/dist/agentdb-backend.js +0 -844
package/src/@claude-flow/memory/dist/agentdb-backend.test.d.ts +0 -7
package/src/@claude-flow/memory/dist/agentdb-backend.test.js +0 -258
package/src/@claude-flow/memory/dist/application/commands/delete-memory.command.d.ts +0 -65
package/src/@claude-flow/memory/dist/application/commands/delete-memory.command.js +0 -129
package/src/@claude-flow/memory/dist/application/commands/store-memory.command.d.ts +0 -48
package/src/@claude-flow/memory/dist/application/commands/store-memory.command.js +0 -72
package/src/@claude-flow/memory/dist/application/index.d.ts +0 -12
package/src/@claude-flow/memory/dist/application/index.js +0 -15
package/src/@claude-flow/memory/dist/application/queries/search-memory.query.d.ts +0 -72
package/src/@claude-flow/memory/dist/application/queries/search-memory.query.js +0 -143
package/src/@claude-flow/memory/dist/application/services/memory-application-service.d.ts +0 -121
package/src/@claude-flow/memory/dist/application/services/memory-application-service.js +0 -190
package/src/@claude-flow/memory/dist/auto-memory-bridge.d.ts +0 -226
package/src/@claude-flow/memory/dist/auto-memory-bridge.js +0 -709
package/src/@claude-flow/memory/dist/auto-memory-bridge.test.d.ts +0 -8
package/src/@claude-flow/memory/dist/auto-memory-bridge.test.js +0 -754
package/src/@claude-flow/memory/dist/benchmark.test.d.ts +0 -2
package/src/@claude-flow/memory/dist/benchmark.test.js +0 -277
package/src/@claude-flow/memory/dist/cache-manager.d.ts +0 -134
package/src/@claude-flow/memory/dist/cache-manager.js +0 -407
package/src/@claude-flow/memory/dist/controller-registry.d.ts +0 -216
package/src/@claude-flow/memory/dist/controller-registry.js +0 -893
package/src/@claude-flow/memory/dist/controller-registry.test.d.ts +0 -14
package/src/@claude-flow/memory/dist/controller-registry.test.js +0 -636
package/src/@claude-flow/memory/dist/database-provider.d.ts +0 -87
package/src/@claude-flow/memory/dist/database-provider.js +0 -375
package/src/@claude-flow/memory/dist/database-provider.test.d.ts +0 -7
package/src/@claude-flow/memory/dist/database-provider.test.js +0 -285
package/src/@claude-flow/memory/dist/domain/entities/memory-entry.d.ts +0 -143
package/src/@claude-flow/memory/dist/domain/entities/memory-entry.js +0 -226
package/src/@claude-flow/memory/dist/domain/index.d.ts +0 -11
package/src/@claude-flow/memory/dist/domain/index.js +0 -12
package/src/@claude-flow/memory/dist/domain/repositories/memory-repository.interface.d.ts +0 -102
package/src/@claude-flow/memory/dist/domain/repositories/memory-repository.interface.js +0 -11
package/src/@claude-flow/memory/dist/domain/services/memory-domain-service.d.ts +0 -105
package/src/@claude-flow/memory/dist/domain/services/memory-domain-service.js +0 -297
package/src/@claude-flow/memory/dist/hnsw-index.d.ts +0 -111
package/src/@claude-flow/memory/dist/hnsw-index.js +0 -781
package/src/@claude-flow/memory/dist/hnsw-lite.d.ts +0 -23
package/src/@claude-flow/memory/dist/hnsw-lite.js +0 -168
package/src/@claude-flow/memory/dist/hybrid-backend.d.ts +0 -245
package/src/@claude-flow/memory/dist/hybrid-backend.js +0 -569
package/src/@claude-flow/memory/dist/hybrid-backend.test.d.ts +0 -8
package/src/@claude-flow/memory/dist/hybrid-backend.test.js +0 -320
package/src/@claude-flow/memory/dist/index.d.ts +0 -207
package/src/@claude-flow/memory/dist/index.js +0 -361
package/src/@claude-flow/memory/dist/infrastructure/index.d.ts +0 -17
package/src/@claude-flow/memory/dist/infrastructure/index.js +0 -16
package/src/@claude-flow/memory/dist/infrastructure/repositories/hybrid-memory-repository.d.ts +0 -66
package/src/@claude-flow/memory/dist/infrastructure/repositories/hybrid-memory-repository.js +0 -409
package/src/@claude-flow/memory/dist/learning-bridge.d.ts +0 -137
package/src/@claude-flow/memory/dist/learning-bridge.js +0 -335
package/src/@claude-flow/memory/dist/learning-bridge.test.d.ts +0 -8
package/src/@claude-flow/memory/dist/learning-bridge.test.js +0 -578
package/src/@claude-flow/memory/dist/memory-graph.d.ts +0 -100
package/src/@claude-flow/memory/dist/memory-graph.js +0 -333
package/src/@claude-flow/memory/dist/memory-graph.test.d.ts +0 -8
package/src/@claude-flow/memory/dist/memory-graph.test.js +0 -609
package/src/@claude-flow/memory/dist/migration.d.ts +0 -68
package/src/@claude-flow/memory/dist/migration.js +0 -513
package/src/@claude-flow/memory/dist/persistent-sona.d.ts +0 -144
package/src/@claude-flow/memory/dist/persistent-sona.js +0 -332
package/src/@claude-flow/memory/dist/query-builder.d.ts +0 -211
package/src/@claude-flow/memory/dist/query-builder.js +0 -438
package/src/@claude-flow/memory/dist/rvf-backend.d.ts +0 -51
package/src/@claude-flow/memory/dist/rvf-backend.js +0 -481
package/src/@claude-flow/memory/dist/rvf-learning-store.d.ts +0 -139
package/src/@claude-flow/memory/dist/rvf-learning-store.js +0 -295
package/src/@claude-flow/memory/dist/rvf-migration.d.ts +0 -45
package/src/@claude-flow/memory/dist/rvf-migration.js +0 -234
package/src/@claude-flow/memory/dist/sqlite-backend.d.ts +0 -121
package/src/@claude-flow/memory/dist/sqlite-backend.js +0 -572
package/src/@claude-flow/memory/dist/sqljs-backend.d.ts +0 -128
package/src/@claude-flow/memory/dist/sqljs-backend.js +0 -601
package/src/@claude-flow/memory/dist/types.d.ts +0 -484
package/src/@claude-flow/memory/dist/types.js +0 -58
package/src/@claude-flow/shared/dist/core/config/defaults.d.ts +0 -41
package/src/@claude-flow/shared/dist/core/config/defaults.js +0 -186
package/src/@claude-flow/shared/dist/core/config/index.d.ts +0 -8
package/src/@claude-flow/shared/dist/core/config/index.js +0 -12
package/src/@claude-flow/shared/dist/core/config/loader.d.ts +0 -45
package/src/@claude-flow/shared/dist/core/config/loader.js +0 -222
package/src/@claude-flow/shared/dist/core/config/schema.d.ts +0 -1134
package/src/@claude-flow/shared/dist/core/config/schema.js +0 -158
package/src/@claude-flow/shared/dist/core/config/validator.d.ts +0 -92
package/src/@claude-flow/shared/dist/core/config/validator.js +0 -147
package/src/@claude-flow/shared/dist/core/event-bus.d.ts +0 -31
package/src/@claude-flow/shared/dist/core/event-bus.js +0 -197
package/src/@claude-flow/shared/dist/core/index.d.ts +0 -15
package/src/@claude-flow/shared/dist/core/index.js +0 -19
package/src/@claude-flow/shared/dist/core/interfaces/agent.interface.d.ts +0 -200
package/src/@claude-flow/shared/dist/core/interfaces/agent.interface.js +0 -6
package/src/@claude-flow/shared/dist/core/interfaces/coordinator.interface.d.ts +0 -310
package/src/@claude-flow/shared/dist/core/interfaces/coordinator.interface.js +0 -7
package/src/@claude-flow/shared/dist/core/interfaces/event.interface.d.ts +0 -224
package/src/@claude-flow/shared/dist/core/interfaces/event.interface.js +0 -46
package/src/@claude-flow/shared/dist/core/interfaces/index.d.ts +0 -10
package/src/@claude-flow/shared/dist/core/interfaces/index.js +0 -15
package/src/@claude-flow/shared/dist/core/interfaces/memory.interface.d.ts +0 -298
package/src/@claude-flow/shared/dist/core/interfaces/memory.interface.js +0 -7
package/src/@claude-flow/shared/dist/core/interfaces/task.interface.d.ts +0 -185
package/src/@claude-flow/shared/dist/core/interfaces/task.interface.js +0 -6
package/src/@claude-flow/shared/dist/core/orchestrator/event-coordinator.d.ts +0 -35
package/src/@claude-flow/shared/dist/core/orchestrator/event-coordinator.js +0 -101
package/src/@claude-flow/shared/dist/core/orchestrator/health-monitor.d.ts +0 -60
package/src/@claude-flow/shared/dist/core/orchestrator/health-monitor.js +0 -166
package/src/@claude-flow/shared/dist/core/orchestrator/index.d.ts +0 -46
package/src/@claude-flow/shared/dist/core/orchestrator/index.js +0 -64
package/src/@claude-flow/shared/dist/core/orchestrator/lifecycle-manager.d.ts +0 -56
package/src/@claude-flow/shared/dist/core/orchestrator/lifecycle-manager.js +0 -195
package/src/@claude-flow/shared/dist/core/orchestrator/session-manager.d.ts +0 -83
package/src/@claude-flow/shared/dist/core/orchestrator/session-manager.js +0 -193
package/src/@claude-flow/shared/dist/core/orchestrator/task-manager.d.ts +0 -49
package/src/@claude-flow/shared/dist/core/orchestrator/task-manager.js +0 -253
package/src/@claude-flow/shared/dist/events/domain-events.d.ts +0 -282
package/src/@claude-flow/shared/dist/events/domain-events.js +0 -165
package/src/@claude-flow/shared/dist/events/event-store.d.ts +0 -126
package/src/@claude-flow/shared/dist/events/event-store.js +0 -416
package/src/@claude-flow/shared/dist/events/event-store.test.d.ts +0 -8
package/src/@claude-flow/shared/dist/events/event-store.test.js +0 -293
package/src/@claude-flow/shared/dist/events/example-usage.d.ts +0 -10
package/src/@claude-flow/shared/dist/events/example-usage.js +0 -193
package/src/@claude-flow/shared/dist/events/index.d.ts +0 -21
package/src/@claude-flow/shared/dist/events/index.js +0 -22
package/src/@claude-flow/shared/dist/events/projections.d.ts +0 -177
package/src/@claude-flow/shared/dist/events/projections.js +0 -421
package/src/@claude-flow/shared/dist/events/rvf-event-log.d.ts +0 -82
package/src/@claude-flow/shared/dist/events/rvf-event-log.js +0 -340
package/src/@claude-flow/shared/dist/events/state-reconstructor.d.ts +0 -101
package/src/@claude-flow/shared/dist/events/state-reconstructor.js +0 -263
package/src/@claude-flow/shared/dist/events.d.ts +0 -80
package/src/@claude-flow/shared/dist/events.js +0 -249
package/src/@claude-flow/shared/dist/hooks/example-usage.d.ts +0 -42
package/src/@claude-flow/shared/dist/hooks/example-usage.js +0 -351
package/src/@claude-flow/shared/dist/hooks/executor.d.ts +0 -100
package/src/@claude-flow/shared/dist/hooks/executor.js +0 -264
package/src/@claude-flow/shared/dist/hooks/hooks.test.d.ts +0 -9
package/src/@claude-flow/shared/dist/hooks/hooks.test.js +0 -322
package/src/@claude-flow/shared/dist/hooks/index.d.ts +0 -52
package/src/@claude-flow/shared/dist/hooks/index.js +0 -51
package/src/@claude-flow/shared/dist/hooks/registry.d.ts +0 -133
package/src/@claude-flow/shared/dist/hooks/registry.js +0 -277
package/src/@claude-flow/shared/dist/hooks/safety/bash-safety.d.ts +0 -105
package/src/@claude-flow/shared/dist/hooks/safety/bash-safety.js +0 -481
package/src/@claude-flow/shared/dist/hooks/safety/file-organization.d.ts +0 -144
package/src/@claude-flow/shared/dist/hooks/safety/file-organization.js +0 -328
package/src/@claude-flow/shared/dist/hooks/safety/git-commit.d.ts +0 -158
package/src/@claude-flow/shared/dist/hooks/safety/git-commit.js +0 -450
package/src/@claude-flow/shared/dist/hooks/safety/index.d.ts +0 -17
package/src/@claude-flow/shared/dist/hooks/safety/index.js +0 -17
package/src/@claude-flow/shared/dist/hooks/session-hooks.d.ts +0 -234
package/src/@claude-flow/shared/dist/hooks/session-hooks.js +0 -334
package/src/@claude-flow/shared/dist/hooks/task-hooks.d.ts +0 -163
package/src/@claude-flow/shared/dist/hooks/task-hooks.js +0 -326
package/src/@claude-flow/shared/dist/hooks/types.d.ts +0 -267
package/src/@claude-flow/shared/dist/hooks/types.js +0 -62
package/src/@claude-flow/shared/dist/hooks/verify-exports.test.d.ts +0 -9
package/src/@claude-flow/shared/dist/hooks/verify-exports.test.js +0 -93
package/src/@claude-flow/shared/dist/index.d.ts +0 -20
package/src/@claude-flow/shared/dist/index.js +0 -50
package/src/@claude-flow/shared/dist/mcp/connection-pool.d.ts +0 -98
package/src/@claude-flow/shared/dist/mcp/connection-pool.js +0 -364
package/src/@claude-flow/shared/dist/mcp/index.d.ts +0 -69
package/src/@claude-flow/shared/dist/mcp/index.js +0 -84
package/src/@claude-flow/shared/dist/mcp/server.d.ts +0 -166
package/src/@claude-flow/shared/dist/mcp/server.js +0 -593
package/src/@claude-flow/shared/dist/mcp/session-manager.d.ts +0 -136
package/src/@claude-flow/shared/dist/mcp/session-manager.js +0 -335
package/src/@claude-flow/shared/dist/mcp/tool-registry.d.ts +0 -178
package/src/@claude-flow/shared/dist/mcp/tool-registry.js +0 -439
package/src/@claude-flow/shared/dist/mcp/transport/http.d.ts +0 -104
package/src/@claude-flow/shared/dist/mcp/transport/http.js +0 -476
package/src/@claude-flow/shared/dist/mcp/transport/index.d.ts +0 -102
package/src/@claude-flow/shared/dist/mcp/transport/index.js +0 -238
package/src/@claude-flow/shared/dist/mcp/transport/stdio.d.ts +0 -104
package/src/@claude-flow/shared/dist/mcp/transport/stdio.js +0 -263
package/src/@claude-flow/shared/dist/mcp/transport/websocket.d.ts +0 -133
package/src/@claude-flow/shared/dist/mcp/transport/websocket.js +0 -396
package/src/@claude-flow/shared/dist/mcp/types.d.ts +0 -438
package/src/@claude-flow/shared/dist/mcp/types.js +0 -54
package/src/@claude-flow/shared/dist/plugin-interface.d.ts +0 -544
package/src/@claude-flow/shared/dist/plugin-interface.js +0 -23
package/src/@claude-flow/shared/dist/plugin-loader.d.ts +0 -139
package/src/@claude-flow/shared/dist/plugin-loader.js +0 -434
package/src/@claude-flow/shared/dist/plugin-registry.d.ts +0 -183
package/src/@claude-flow/shared/dist/plugin-registry.js +0 -457
package/src/@claude-flow/shared/dist/plugins/index.d.ts +0 -10
package/src/@claude-flow/shared/dist/plugins/index.js +0 -10
package/src/@claude-flow/shared/dist/plugins/official/hive-mind-plugin.d.ts +0 -106
package/src/@claude-flow/shared/dist/plugins/official/hive-mind-plugin.js +0 -241
package/src/@claude-flow/shared/dist/plugins/official/index.d.ts +0 -10
package/src/@claude-flow/shared/dist/plugins/official/index.js +0 -10
package/src/@claude-flow/shared/dist/plugins/official/maestro-plugin.d.ts +0 -121
package/src/@claude-flow/shared/dist/plugins/official/maestro-plugin.js +0 -355
package/src/@claude-flow/shared/dist/plugins/types.d.ts +0 -93
package/src/@claude-flow/shared/dist/plugins/types.js +0 -9
package/src/@claude-flow/shared/dist/resilience/bulkhead.d.ts +0 -105
package/src/@claude-flow/shared/dist/resilience/bulkhead.js +0 -206
package/src/@claude-flow/shared/dist/resilience/circuit-breaker.d.ts +0 -132
package/src/@claude-flow/shared/dist/resilience/circuit-breaker.js +0 -233
package/src/@claude-flow/shared/dist/resilience/index.d.ts +0 -19
package/src/@claude-flow/shared/dist/resilience/index.js +0 -19
package/src/@claude-flow/shared/dist/resilience/rate-limiter.d.ts +0 -168
package/src/@claude-flow/shared/dist/resilience/rate-limiter.js +0 -314
package/src/@claude-flow/shared/dist/resilience/retry.d.ts +0 -91
package/src/@claude-flow/shared/dist/resilience/retry.js +0 -159
package/src/@claude-flow/shared/dist/security/index.d.ts +0 -10
package/src/@claude-flow/shared/dist/security/index.js +0 -12
package/src/@claude-flow/shared/dist/security/input-validation.d.ts +0 -73
package/src/@claude-flow/shared/dist/security/input-validation.js +0 -201
package/src/@claude-flow/shared/dist/security/secure-random.d.ts +0 -92
package/src/@claude-flow/shared/dist/security/secure-random.js +0 -142
package/src/@claude-flow/shared/dist/services/index.d.ts +0 -7
package/src/@claude-flow/shared/dist/services/index.js +0 -7
package/src/@claude-flow/shared/dist/services/v3-progress.service.d.ts +0 -124
package/src/@claude-flow/shared/dist/services/v3-progress.service.js +0 -402
package/src/@claude-flow/shared/dist/types/agent.types.d.ts +0 -137
package/src/@claude-flow/shared/dist/types/agent.types.js +0 -6
package/src/@claude-flow/shared/dist/types/index.d.ts +0 -11
package/src/@claude-flow/shared/dist/types/index.js +0 -17
package/src/@claude-flow/shared/dist/types/mcp.types.d.ts +0 -266
package/src/@claude-flow/shared/dist/types/mcp.types.js +0 -7
package/src/@claude-flow/shared/dist/types/memory.types.d.ts +0 -236
package/src/@claude-flow/shared/dist/types/memory.types.js +0 -7
package/src/@claude-flow/shared/dist/types/swarm.types.d.ts +0 -186
package/src/@claude-flow/shared/dist/types/swarm.types.js +0 -65
package/src/@claude-flow/shared/dist/types/task.types.d.ts +0 -178
package/src/@claude-flow/shared/dist/types/task.types.js +0 -32
package/src/@claude-flow/shared/dist/types.d.ts +0 -197
package/src/@claude-flow/shared/dist/types.js +0 -21
package/src/@claude-flow/shared/dist/utils/secure-logger.d.ts +0 -69
package/src/@claude-flow/shared/dist/utils/secure-logger.js +0 -208

package/src/@claude-flow/guidance/dist/manifest-validator.js ADDED Viewed

@@ -0,0 +1,838 @@
+/**
+ * Manifest Validator & Conformance Suite
+ *
+ * Validates AgentCellManifest documents against the Agentic Container spec,
+ * computes risk scores, selects execution lanes, and fails closed on any
+ * validation error. The ConformanceSuite runs golden traces through an
+ * evaluator to prove the platform behaves as specified.
+ *
+ * @module @claude-flow/guidance/manifest-validator
+ */
+// ============================================================================
+// Constants
+// ============================================================================
+const SUPPORTED_API_VERSION = 'agentic_cells.v0_1';
+const SHA256_DIGEST_RE = /^sha256:[a-f0-9]{64}$/;
+/** Maximum budget limits (sanity caps) */
+const MAX_BUDGET_LIMITS = {
+    maxWallClockSeconds: 86_400, // 24 hours
+    maxToolCalls: 100_000,
+    maxBytesEgress: 10_737_418_240, // 10 GiB
+    maxTokensInMtok: 100, // 100M tokens
+    maxTokensOutMtok: 100, // 100M tokens
+    maxMemoryWrites: 1_000_000,
+};
+/** Data sensitivity levels ordered by severity */
+const DATA_SENSITIVITY_LEVELS = ['public', 'internal', 'confidential', 'restricted'];
+/** Write modes for memory policy */
+const WRITE_MODES = ['append', 'overwrite', 'merge'];
+/** Authority scopes for memory policy */
+const AUTHORITY_SCOPES = ['self', 'team', 'tenant', 'global'];
+/** Known tool names the system recognizes */
+const KNOWN_TOOLS = new Set([
+    'Read', 'Write', 'Edit', 'MultiEdit', 'Glob', 'Grep',
+    'Bash', 'Task', 'TodoWrite', 'NotebookEdit', 'WebFetch', 'WebSearch',
+    'mcp_memory', 'mcp_swarm', 'mcp_hooks', 'mcp_agent',
+]);
+/** Trace levels for observability */
+const TRACE_LEVELS = ['none', 'errors', 'decisions', 'full'];
+/** Execution lanes ordered by privilege (lowest to highest) */
+const LANES = ['wasm', 'sandboxed', 'native'];
+// ============================================================================
+// ManifestValidator
+// ============================================================================
+/**
+ * Validates AgentCellManifest documents against the Agentic Container spec.
+ *
+ * Fails closed: any validation error results in a 'reject' decision.
+ * Warnings alone do not block admission but may trigger a 'review' decision
+ * when the risk score is between thresholds.
+ */
+export class ManifestValidator {
+    /** Risk score threshold: below this, admit. Above reject threshold, reject. Between, review. */
+    admitThreshold;
+    rejectThreshold;
+    constructor(options) {
+        this.admitThreshold = options?.admitThreshold ?? 30;
+        this.rejectThreshold = options?.rejectThreshold ?? 70;
+    }
+    /**
+     * Validate a manifest, compute its risk score, select a lane, and decide admission.
+     *
+     * FAILS CLOSED: any validation error leads to reject.
+     */
+    validate(manifest) {
+        const errors = [];
+        const warnings = [];
+        // Structural validation
+        errors.push(...this.validateRequiredFields(manifest));
+        errors.push(...this.validateApiVersion(manifest));
+        errors.push(...this.validateDigest(manifest));
+        errors.push(...this.validateBudgets(manifest.budgets));
+        errors.push(...this.validateToolPolicy(manifest.toolPolicy));
+        errors.push(...this.validateDataPolicy(manifest.dataPolicy));
+        warnings.push(...this.validateWarnings(manifest));
+        // Compute risk score (even if there are errors, for diagnostics)
+        const riskScore = this.computeRiskScore(manifest);
+        // FAIL CLOSED: any error means reject
+        if (errors.length > 0) {
+            return {
+                valid: false,
+                errors,
+                warnings,
+                admissionDecision: 'reject',
+                laneSelection: null,
+                riskScore,
+            };
+        }
+        // Lane selection
+        const laneSelection = this.selectLane(manifest, riskScore);
+        // Admission decision based on risk score
+        let admissionDecision;
+        if (riskScore > this.rejectThreshold) {
+            admissionDecision = 'reject';
+        }
+        else if (riskScore > this.admitThreshold) {
+            admissionDecision = 'review';
+        }
+        else {
+            admissionDecision = 'admit';
+        }
+        return {
+            valid: true,
+            errors,
+            warnings,
+            admissionDecision,
+            laneSelection,
+            riskScore,
+        };
+    }
+    /**
+     * Compute a risk score (0-100) from tool risk, data sensitivity, and privilege surface.
+     *
+     * Components:
+     * - tool_risk (0-40): based on tool types and network access
+     * - data_sensitivity (0-30): based on sensitivity level and PII
+     * - privilege_surface (0-30): based on memory scope, write mode, native threads
+     */
+    computeRiskScore(manifest) {
+        let toolRisk = 0;
+        let dataSensitivity = 0;
+        let privilegeSurface = 0;
+        // --- Tool risk (0-40) ---
+        const tools = manifest.toolPolicy?.toolsAllowed ?? [];
+        const networkList = manifest.toolPolicy?.networkAllowlist ?? [];
+        // Bash/command execution is high risk
+        if (tools.includes('Bash') || tools.includes('bash')) {
+            toolRisk += 15;
+        }
+        // Task spawning
+        if (tools.includes('Task') || tools.includes('task')) {
+            toolRisk += 8;
+        }
+        // Write operations
+        if (tools.some(t => ['Write', 'Edit', 'MultiEdit', 'NotebookEdit'].includes(t))) {
+            toolRisk += 5;
+        }
+        // MCP tools
+        if (tools.some(t => t.startsWith('mcp_'))) {
+            toolRisk += 5;
+        }
+        // Network access
+        if (networkList.length > 0) {
+            toolRisk += 5;
+        }
+        // Wildcard in network (already caught as error if not privileged, but score anyway)
+        if (networkList.some(h => h === '*' || h.startsWith('*.'))) {
+            toolRisk += 10;
+        }
+        // No confirmation on writes
+        if (manifest.toolPolicy && !manifest.toolPolicy.writeActionsRequireConfirmation) {
+            toolRisk += 3;
+        }
+        toolRisk = Math.min(toolRisk, 40);
+        // --- Data sensitivity (0-30) ---
+        const sensitivityIndex = DATA_SENSITIVITY_LEVELS.indexOf(manifest.dataPolicy?.dataSensitivity);
+        if (sensitivityIndex >= 0) {
+            dataSensitivity += sensitivityIndex * 8; // 0, 8, 16, 24
+        }
+        if (manifest.dataPolicy?.piiAllowed) {
+            dataSensitivity += 6;
+        }
+        dataSensitivity = Math.min(dataSensitivity, 30);
+        // --- Privilege surface (0-30) ---
+        const scopeIndex = AUTHORITY_SCOPES.indexOf(manifest.memoryPolicy?.authorityScope);
+        if (scopeIndex >= 0) {
+            privilegeSurface += scopeIndex * 5; // 0, 5, 10, 15
+        }
+        if (manifest.memoryPolicy?.writeMode === 'overwrite') {
+            privilegeSurface += 5;
+        }
+        if (manifest.lanePolicy?.needsNativeThreads) {
+            privilegeSurface += 8;
+        }
+        if (manifest.memoryPolicy && !manifest.memoryPolicy.requiresCoherenceGate) {
+            privilegeSurface += 3;
+        }
+        if (manifest.memoryPolicy && !manifest.memoryPolicy.requiresAntiHallucinationGate) {
+            privilegeSurface += 3;
+        }
+        privilegeSurface = Math.min(privilegeSurface, 30);
+        return Math.min(toolRisk + dataSensitivity + privilegeSurface, 100);
+    }
+    /**
+     * Select the execution lane based on risk score and manifest policy.
+     *
+     * Lane selection rules:
+     * - If portabilityRequired or risk <= 30: wasm
+     * - If needsNativeThreads and risk > 50: native
+     * - Otherwise: sandboxed
+     * - Always respect preferredLane if risk score allows it
+     * - Risk exceeding maxRiskScore forces the most restrictive lane
+     */
+    selectLane(manifest, riskScore) {
+        const policy = manifest.lanePolicy;
+        // If risk exceeds the manifest's own maxRiskScore, force wasm
+        if (riskScore > policy.maxRiskScore) {
+            return 'wasm';
+        }
+        // Portability requirement forces wasm
+        if (policy.portabilityRequired) {
+            return 'wasm';
+        }
+        // Native threads require native lane
+        if (policy.needsNativeThreads) {
+            // Only grant native if risk is acceptable
+            if (riskScore <= 50) {
+                return 'native';
+            }
+            return 'sandboxed';
+        }
+        // Low risk can go to wasm
+        if (riskScore <= 20) {
+            return policy.preferredLane;
+        }
+        // Medium risk gets sandboxed
+        if (riskScore <= 50) {
+            // Respect preference if it's not native
+            if (policy.preferredLane !== 'native') {
+                return policy.preferredLane;
+            }
+            return 'sandboxed';
+        }
+        // High risk gets wasm
+        return 'wasm';
+    }
+    /**
+     * Validate budget values: no negatives, within sanity limits.
+     */
+    validateBudgets(budgets) {
+        const errors = [];
+        if (!budgets) {
+            errors.push({
+                code: 'MISSING_FIELD',
+                field: 'budgets',
+                message: 'Budget configuration is required',
+                severity: 'error',
+            });
+            return errors;
+        }
+        const budgetFields = [
+            { key: 'maxWallClockSeconds', max: MAX_BUDGET_LIMITS.maxWallClockSeconds },
+            { key: 'maxToolCalls', max: MAX_BUDGET_LIMITS.maxToolCalls },
+            { key: 'maxBytesEgress', max: MAX_BUDGET_LIMITS.maxBytesEgress },
+            { key: 'maxTokensInMtok', max: MAX_BUDGET_LIMITS.maxTokensInMtok },
+            { key: 'maxTokensOutMtok', max: MAX_BUDGET_LIMITS.maxTokensOutMtok },
+            { key: 'maxMemoryWrites', max: MAX_BUDGET_LIMITS.maxMemoryWrites },
+        ];
+        for (const { key, max } of budgetFields) {
+            const value = budgets[key];
+            if (value === undefined || value === null) {
+                errors.push({
+                    code: 'MISSING_FIELD',
+                    field: `budgets.${key}`,
+                    message: `Budget field "${key}" is required`,
+                    severity: 'error',
+                });
+                continue;
+            }
+            if (typeof value !== 'number' || Number.isNaN(value)) {
+                errors.push({
+                    code: 'INVALID_TYPE',
+                    field: `budgets.${key}`,
+                    message: `Budget field "${key}" must be a number`,
+                    severity: 'error',
+                });
+                continue;
+            }
+            if (value < 0) {
+                errors.push({
+                    code: 'BUDGET_NEGATIVE',
+                    field: `budgets.${key}`,
+                    message: `Budget field "${key}" must not be negative (got ${value})`,
+                    severity: 'error',
+                });
+            }
+            if (value > max) {
+                errors.push({
+                    code: 'BUDGET_EXCEED',
+                    field: `budgets.${key}`,
+                    message: `Budget field "${key}" exceeds maximum (${value} > ${max})`,
+                    severity: 'error',
+                });
+            }
+        }
+        return errors;
+    }
+    /**
+     * Validate tool policy: network allowlist must not contain wildcards
+     * unless the cell explicitly has Bash (privileged).
+     */
+    validateToolPolicy(toolPolicy) {
+        const errors = [];
+        if (!toolPolicy) {
+            errors.push({
+                code: 'MISSING_FIELD',
+                field: 'toolPolicy',
+                message: 'Tool policy is required',
+                severity: 'error',
+            });
+            return errors;
+        }
+        if (!Array.isArray(toolPolicy.toolsAllowed)) {
+            errors.push({
+                code: 'INVALID_TYPE',
+                field: 'toolPolicy.toolsAllowed',
+                message: 'toolsAllowed must be an array',
+                severity: 'error',
+            });
+        }
+        if (!Array.isArray(toolPolicy.networkAllowlist)) {
+            errors.push({
+                code: 'INVALID_TYPE',
+                field: 'toolPolicy.networkAllowlist',
+                message: 'networkAllowlist must be an array',
+                severity: 'error',
+            });
+        }
+        // Check for wildcards in network allowlist
+        const isPrivileged = Array.isArray(toolPolicy.toolsAllowed) &&
+            toolPolicy.toolsAllowed.includes('Bash');
+        if (Array.isArray(toolPolicy.networkAllowlist)) {
+            for (let i = 0; i < toolPolicy.networkAllowlist.length; i++) {
+                const entry = toolPolicy.networkAllowlist[i];
+                if (entry === '*' || entry.startsWith('*.')) {
+                    if (!isPrivileged) {
+                        errors.push({
+                            code: 'WILDCARD_NETWORK',
+                            field: `toolPolicy.networkAllowlist[${i}]`,
+                            message: `Wildcard "${entry}" in network allowlist requires privileged access (Bash tool)`,
+                            severity: 'error',
+                        });
+                    }
+                }
+            }
+        }
+        return errors;
+    }
+    /**
+     * Validate data policy fields.
+     */
+    validateDataPolicy(dataPolicy) {
+        const errors = [];
+        if (!dataPolicy) {
+            errors.push({
+                code: 'MISSING_FIELD',
+                field: 'dataPolicy',
+                message: 'Data policy is required',
+                severity: 'error',
+            });
+            return errors;
+        }
+        if (!DATA_SENSITIVITY_LEVELS.includes(dataPolicy.dataSensitivity)) {
+            errors.push({
+                code: 'INVALID_ENUM',
+                field: 'dataPolicy.dataSensitivity',
+                message: `dataSensitivity must be one of: ${DATA_SENSITIVITY_LEVELS.join(', ')} (got "${dataPolicy.dataSensitivity}")`,
+                severity: 'error',
+            });
+        }
+        if (typeof dataPolicy.retentionDays !== 'number' || dataPolicy.retentionDays < 0) {
+            errors.push({
+                code: 'INVALID_VALUE',
+                field: 'dataPolicy.retentionDays',
+                message: 'retentionDays must be a non-negative number',
+                severity: 'error',
+            });
+        }
+        if (!dataPolicy.exportControls) {
+            errors.push({
+                code: 'MISSING_FIELD',
+                field: 'dataPolicy.exportControls',
+                message: 'exportControls is required in data policy',
+                severity: 'error',
+            });
+        }
+        else {
+            if (!Array.isArray(dataPolicy.exportControls.allowedRegions)) {
+                errors.push({
+                    code: 'INVALID_TYPE',
+                    field: 'dataPolicy.exportControls.allowedRegions',
+                    message: 'allowedRegions must be an array',
+                    severity: 'error',
+                });
+            }
+            if (!Array.isArray(dataPolicy.exportControls.blockedRegions)) {
+                errors.push({
+                    code: 'INVALID_TYPE',
+                    field: 'dataPolicy.exportControls.blockedRegions',
+                    message: 'blockedRegions must be an array',
+                    severity: 'error',
+                });
+            }
+            // Check for overlap between allowed and blocked regions
+            if (Array.isArray(dataPolicy.exportControls.allowedRegions) &&
+                Array.isArray(dataPolicy.exportControls.blockedRegions)) {
+                const overlap = dataPolicy.exportControls.allowedRegions.filter(r => dataPolicy.exportControls.blockedRegions.includes(r));
+                if (overlap.length > 0) {
+                    errors.push({
+                        code: 'REGION_CONFLICT',
+                        field: 'dataPolicy.exportControls',
+                        message: `Regions appear in both allowed and blocked lists: ${overlap.join(', ')}`,
+                        severity: 'error',
+                    });
+                }
+            }
+        }
+        return errors;
+    }
+    // ===== Private validation helpers =====
+    validateRequiredFields(manifest) {
+        const errors = [];
+        if (!manifest) {
+            errors.push({
+                code: 'MISSING_FIELD',
+                field: '',
+                message: 'Manifest is required',
+                severity: 'error',
+            });
+            return errors;
+        }
+        // Top-level required sections
+        const requiredSections = [
+            'apiVersion', 'cell', 'lanePolicy', 'budgets',
+            'dataPolicy', 'toolPolicy', 'memoryPolicy', 'observability',
+        ];
+        for (const section of requiredSections) {
+            if (manifest[section] === undefined || manifest[section] === null) {
+                errors.push({
+                    code: 'MISSING_FIELD',
+                    field: section,
+                    message: `Required field "${section}" is missing`,
+                    severity: 'error',
+                });
+            }
+        }
+        // Cell sub-fields
+        if (manifest.cell) {
+            for (const field of ['name', 'purpose', 'ownerTenant']) {
+                if (!manifest.cell[field]) {
+                    errors.push({
+                        code: 'MISSING_FIELD',
+                        field: `cell.${field}`,
+                        message: `Required field "cell.${field}" is missing`,
+                        severity: 'error',
+                    });
+                }
+            }
+            if (!manifest.cell.codeRef) {
+                errors.push({
+                    code: 'MISSING_FIELD',
+                    field: 'cell.codeRef',
+                    message: 'Required field "cell.codeRef" is missing',
+                    severity: 'error',
+                });
+            }
+            else {
+                for (const field of ['kind', 'digest', 'entry']) {
+                    if (!manifest.cell.codeRef[field]) {
+                        errors.push({
+                            code: 'MISSING_FIELD',
+                            field: `cell.codeRef.${field}`,
+                            message: `Required field "cell.codeRef.${field}" is missing`,
+                            severity: 'error',
+                        });
+                    }
+                }
+            }
+        }
+        // Memory policy sub-fields
+        if (manifest.memoryPolicy) {
+            if (!manifest.memoryPolicy.namespace) {
+                errors.push({
+                    code: 'MISSING_FIELD',
+                    field: 'memoryPolicy.namespace',
+                    message: 'Required field "memoryPolicy.namespace" is missing',
+                    severity: 'error',
+                });
+            }
+            if (!AUTHORITY_SCOPES.includes(manifest.memoryPolicy.authorityScope)) {
+                errors.push({
+                    code: 'INVALID_ENUM',
+                    field: 'memoryPolicy.authorityScope',
+                    message: `authorityScope must be one of: ${AUTHORITY_SCOPES.join(', ')}`,
+                    severity: 'error',
+                });
+            }
+            if (!WRITE_MODES.includes(manifest.memoryPolicy.writeMode)) {
+                errors.push({
+                    code: 'INVALID_ENUM',
+                    field: 'memoryPolicy.writeMode',
+                    message: `writeMode must be one of: ${WRITE_MODES.join(', ')}`,
+                    severity: 'error',
+                });
+            }
+        }
+        // Observability sub-fields
+        if (manifest.observability) {
+            if (!TRACE_LEVELS.includes(manifest.observability.traceLevel)) {
+                errors.push({
+                    code: 'INVALID_ENUM',
+                    field: 'observability.traceLevel',
+                    message: `traceLevel must be one of: ${TRACE_LEVELS.join(', ')}`,
+                    severity: 'error',
+                });
+            }
+        }
+        return errors;
+    }
+    validateApiVersion(manifest) {
+        if (!manifest.apiVersion)
+            return []; // caught by requiredFields
+        if (manifest.apiVersion !== SUPPORTED_API_VERSION) {
+            return [{
+                    code: 'UNSUPPORTED_API_VERSION',
+                    field: 'apiVersion',
+                    message: `API version "${manifest.apiVersion}" is not supported (expected "${SUPPORTED_API_VERSION}")`,
+                    severity: 'error',
+                }];
+        }
+        return [];
+    }
+    validateDigest(manifest) {
+        if (!manifest.cell?.codeRef?.digest)
+            return []; // caught by requiredFields
+        if (!SHA256_DIGEST_RE.test(manifest.cell.codeRef.digest)) {
+            return [{
+                    code: 'INVALID_DIGEST',
+                    field: 'cell.codeRef.digest',
+                    message: `Digest must match "sha256:<64 hex chars>" format (got "${manifest.cell.codeRef.digest}")`,
+                    severity: 'error',
+                }];
+        }
+        return [];
+    }
+    validateWarnings(manifest) {
+        const warnings = [];
+        // Warn about unknown tools
+        if (manifest.toolPolicy?.toolsAllowed) {
+            for (const tool of manifest.toolPolicy.toolsAllowed) {
+                if (!KNOWN_TOOLS.has(tool)) {
+                    warnings.push({
+                        code: 'UNKNOWN_TOOL',
+                        field: 'toolPolicy.toolsAllowed',
+                        message: `Tool "${tool}" is not a recognized system tool`,
+                        severity: 'warning',
+                    });
+                }
+            }
+        }
+        // Warn if both coherence and anti-hallucination gates are disabled
+        if (manifest.memoryPolicy &&
+            !manifest.memoryPolicy.requiresCoherenceGate &&
+            !manifest.memoryPolicy.requiresAntiHallucinationGate) {
+            warnings.push({
+                code: 'NO_MEMORY_GATES',
+                field: 'memoryPolicy',
+                message: 'Both coherence and anti-hallucination gates are disabled; memory writes are ungated',
+                severity: 'warning',
+            });
+        }
+        // Warn about high retention with sensitive data
+        if (manifest.dataPolicy &&
+            manifest.dataPolicy.dataSensitivity === 'restricted' &&
+            manifest.dataPolicy.retentionDays > 30) {
+            warnings.push({
+                code: 'HIGH_RETENTION_SENSITIVE',
+                field: 'dataPolicy.retentionDays',
+                message: `Retention of ${manifest.dataPolicy.retentionDays} days is high for restricted data`,
+                severity: 'warning',
+            });
+        }
+        // Warn if no trace level is set to full but artifacts are emitted
+        if (manifest.observability &&
+            manifest.observability.emitArtifacts &&
+            manifest.observability.traceLevel === 'none') {
+            warnings.push({
+                code: 'ARTIFACTS_WITHOUT_TRACING',
+                field: 'observability',
+                message: 'Artifact emission is enabled but trace level is "none"',
+                severity: 'warning',
+            });
+        }
+        return warnings;
+    }
+}
+// ============================================================================
+// ConformanceSuite
+// ============================================================================
+/**
+ * Runs golden traces through an evaluator and reports conformance.
+ *
+ * Each trace contains events with expected outcomes. The suite feeds every
+ * event to the evaluator and compares the actual decision to the expectation.
+ */
+export class ConformanceSuite {
+    traces = [];
+    /**
+     * Add a golden trace to the suite.
+     */
+    addTrace(trace) {
+        this.traces.push(trace);
+    }
+    /**
+     * Run every event in every trace through the evaluator and compare
+     * actual decisions against expected outcomes.
+     */
+    run(evaluator) {
+        let totalEvents = 0;
+        let matchedEvents = 0;
+        const mismatches = [];
+        for (const trace of this.traces) {
+            for (const event of trace.events) {
+                totalEvents++;
+                const { decision, details } = evaluator(event);
+                const expected = trace.expectedDecisions[String(event.seq)] ?? event.expectedOutcome;
+                if (decision === expected) {
+                    matchedEvents++;
+                }
+                else {
+                    mismatches.push({
+                        traceId: trace.traceId,
+                        seq: event.seq,
+                        expected,
+                        actual: decision,
+                        details,
+                    });
+                }
+            }
+        }
+        return {
+            passed: mismatches.length === 0,
+            totalEvents,
+            matchedEvents,
+            mismatches,
+        };
+    }
+    /**
+     * Get all registered traces.
+     */
+    getTraces() {
+        return [...this.traces];
+    }
+    /**
+     * Create built-in default golden traces that verify core platform invariants:
+     *
+     * 1. Destructive command blocked
+     * 2. Secret detected and blocked
+     * 3. Budget exceeded and denied
+     * 4. Memory write without evidence blocked
+     * 5. Valid operation allowed
+     */
+    createDefaultTraces() {
+        const traces = [
+            // Trace 1: Destructive command must be blocked
+            {
+                traceId: 'default-destructive-blocked',
+                name: 'Destructive command blocked',
+                description: 'Verifies that destructive commands (rm -rf, DROP TABLE) are denied',
+                events: [
+                    {
+                        seq: 1,
+                        eventType: 'command',
+                        payload: { command: 'rm -rf /', tool: 'Bash' },
+                        expectedOutcome: 'deny',
+                    },
+                    {
+                        seq: 2,
+                        eventType: 'command',
+                        payload: { command: 'DROP TABLE users', tool: 'Bash' },
+                        expectedOutcome: 'deny',
+                    },
+                    {
+                        seq: 3,
+                        eventType: 'command',
+                        payload: { command: 'git push --force origin main', tool: 'Bash' },
+                        expectedOutcome: 'deny',
+                    },
+                ],
+                expectedDecisions: { '1': 'deny', '2': 'deny', '3': 'deny' },
+                expectedMemoryLineage: {},
+            },
+            // Trace 2: Secret detected and blocked
+            {
+                traceId: 'default-secret-blocked',
+                name: 'Secret detected and blocked',
+                description: 'Verifies that secrets in tool parameters are detected and blocked',
+                events: [
+                    {
+                        seq: 1,
+                        eventType: 'tool-use',
+                        payload: {
+                            tool: 'Write',
+                            params: { content: 'api_key = "sk-abc123456789012345678901234567890"' },
+                        },
+                        expectedOutcome: 'deny',
+                    },
+                    {
+                        seq: 2,
+                        eventType: 'tool-use',
+                        payload: {
+                            tool: 'Edit',
+                            params: { content: '-----BEGIN RSA PRIVATE KEY-----' },
+                        },
+                        expectedOutcome: 'deny',
+                    },
+                ],
+                expectedDecisions: { '1': 'deny', '2': 'deny' },
+                expectedMemoryLineage: {},
+            },
+            // Trace 3: Budget exceeded and denied
+            {
+                traceId: 'default-budget-exceeded',
+                name: 'Budget exceeded and denied',
+                description: 'Verifies that operations exceeding budget limits are denied',
+                events: [
+                    {
+                        seq: 1,
+                        eventType: 'budget-check',
+                        payload: {
+                            resource: 'toolCalls',
+                            current: 999,
+                            limit: 1000,
+                            requested: 5,
+                        },
+                        expectedOutcome: 'deny',
+                    },
+                    {
+                        seq: 2,
+                        eventType: 'budget-check',
+                        payload: {
+                            resource: 'wallClockSeconds',
+                            current: 3500,
+                            limit: 3600,
+                            requested: 200,
+                        },
+                        expectedOutcome: 'deny',
+                    },
+                ],
+                expectedDecisions: { '1': 'deny', '2': 'deny' },
+                expectedMemoryLineage: {},
+            },
+            // Trace 4: Memory write without evidence blocked
+            {
+                traceId: 'default-memory-no-evidence',
+                name: 'Memory write without evidence blocked',
+                description: 'Verifies that memory writes without proof/evidence trail are denied',
+                events: [
+                    {
+                        seq: 1,
+                        eventType: 'memory-write',
+                        payload: {
+                            key: 'critical-decision',
+                            namespace: 'coordination',
+                            hasEvidence: false,
+                            coherenceScore: 0.3,
+                        },
+                        expectedOutcome: 'deny',
+                    },
+                    {
+                        seq: 2,
+                        eventType: 'memory-write',
+                        payload: {
+                            key: 'hallucinated-data',
+                            namespace: 'facts',
+                            hasEvidence: false,
+                            antiHallucinationPassed: false,
+                        },
+                        expectedOutcome: 'deny',
+                    },
+                ],
+                expectedDecisions: { '1': 'deny', '2': 'deny' },
+                expectedMemoryLineage: {
+                    'critical-decision': ['initial-assessment', 'root-task'],
+                },
+            },
+            // Trace 5: Valid operation allowed
+            {
+                traceId: 'default-valid-allowed',
+                name: 'Valid operation allowed',
+                description: 'Verifies that well-formed, safe operations are allowed through',
+                events: [
+                    {
+                        seq: 1,
+                        eventType: 'command',
+                        payload: { command: 'git status', tool: 'Bash' },
+                        expectedOutcome: 'allow',
+                    },
+                    {
+                        seq: 2,
+                        eventType: 'tool-use',
+                        payload: {
+                            tool: 'Read',
+                            params: { file_path: '/home/user/project/src/index.ts' },
+                        },
+                        expectedOutcome: 'allow',
+                    },
+                    {
+                        seq: 3,
+                        eventType: 'memory-write',
+                        payload: {
+                            key: 'agent-status',
+                            namespace: 'coordination',
+                            hasEvidence: true,
+                            coherenceScore: 0.95,
+                            antiHallucinationPassed: true,
+                        },
+                        expectedOutcome: 'allow',
+                    },
+                ],
+                expectedDecisions: { '1': 'allow', '2': 'allow', '3': 'allow' },
+                expectedMemoryLineage: {},
+            },
+        ];
+        return traces;
+    }
+}
+// ============================================================================
+// Factory Functions
+// ============================================================================
+/**
+ * Create a new ManifestValidator instance.
+ */
+export function createManifestValidator(options) {
+    return new ManifestValidator(options);
+}
+/**
+ * Create a new ConformanceSuite instance, optionally pre-loaded with default traces.
+ */
+export function createConformanceSuite(options) {
+    const suite = new ConformanceSuite();
+    if (options?.includeDefaults) {
+        for (const trace of suite.createDefaultTraces()) {
+            suite.addTrace(trace);
+        }
+    }
+    return suite;
+}
+//# sourceMappingURL=manifest-validator.js.map