noormme 1.2.0 → 1.2.2

package/dist/cjs/migration/data_migrator.js

@@ -26,10 +26,10 @@ async function migrateTableData(sourceDb, targetDb, sourceTable, targetTable, so
                 errors: [],
             };
         }
-        // Keyset pagination optimization: find a numeric primary key
-        const pkColumn = sourceTable.columns.find((c) => c.primaryKey &&
-            (c.type.toLowerCase().includes('int') ||
-                c.type.toLowerCase().includes('serial')))?.name;
+        // Keyset pagination optimization: find a primary key or a unique single-column index
+        const pkColumn = sourceTable.columns.find((c) => c.primaryKey)?.name ||
+            sourceTable.indexes.find((i) => i.unique && i.columns.length === 1)
+                ?.columns[0];
         let lastId = null;
         // Calculate number of batches (approximate)
         const batchCount = Math.ceil(totalRows / options.batchSize);

package/dist/cjs/migration/schema_differ.js

@@ -179,24 +179,46 @@ function compareIndexes(sourceTable, targetTable) {
 }
 function compareConstraints(sourceTable, targetTable) {
     const differences = [];
-    // Simple comparison - just check counts for now
-    if (sourceTable.constraints.length > targetTable.constraints.length) {
-        differences.push({
-            type: 'constraint_added',
-            table: sourceTable.name,
-            details: {
-                message: `${sourceTable.constraints.length - targetTable.constraints.length} constraint(s) need to be added`,
-            },
+    // PRODUCTION HARDENING: Deep Structural Audit
+    const sourceConstraints = sourceTable.constraints || [];
+    const targetConstraints = targetTable.constraints || [];
+    for (const source of sourceConstraints) {
+        const matching = targetConstraints.find((t) => {
+            const typeMatch = t.type === source.type;
+            const exprMatch = t.expression === source.expression;
+            const colsMatch = JSON.stringify(t.columns?.sort()) ===
+                JSON.stringify(source.columns?.sort());
+            return typeMatch && (source.type === 'CHECK' ? exprMatch : colsMatch);
         });
+        if (!matching) {
+            differences.push({
+                type: 'constraint_added',
+                table: sourceTable.name,
+                details: {
+                    source,
+                    message: `Constraint of type ${source.type} ${source.name ? `'${source.name}' ` : ''}needs to be added`,
+                },
+            });
+        }
     }
-    else if (sourceTable.constraints.length < targetTable.constraints.length) {
-        differences.push({
-            type: 'constraint_removed',
-            table: sourceTable.name,
-            details: {
-                message: `${targetTable.constraints.length - sourceTable.constraints.length} constraint(s) exist in target but not in source`,
-            },
+    for (const target of targetConstraints) {
+        const matching = sourceConstraints.find((s) => {
+            const typeMatch = s.type === target.type;
+            const exprMatch = s.expression === target.expression;
+            const colsMatch = JSON.stringify(s.columns?.sort()) ===
+                JSON.stringify(target.columns?.sort());
+            return typeMatch && (target.type === 'CHECK' ? exprMatch : colsMatch);
         });
+        if (!matching) {
+            differences.push({
+                type: 'constraint_removed',
+                table: sourceTable.name,
+                details: {
+                    target,
+                    message: `Constraint of type ${target.type} ${target.name ? `'${target.name}' ` : ''}exists in target but not in source`,
+                },
+            });
+        }
     }
     return differences;
 }

package/dist/cjs/types/index.d.ts

@@ -385,6 +385,18 @@ export interface AgentPersona {
     createdAt: Date;
     updatedAt: Date;
 }
+export interface AgentQuota {
+    id: string | number;
+    targetType: 'persona' | 'swarm' | 'global';
+    targetId: string | null;
+    metric: 'cost' | 'tokens_input' | 'tokens_output' | 'tokens_total';
+    limit: number;
+    period: 'hourly' | 'daily' | 'monthly' | 'infinite';
+    currentUsage: number;
+    metadata?: Record<string, any>;
+    createdAt: Date;
+    updatedAt: Date;
+}
 export interface AgentEpoch {
     id: string | number;
     sessionId: string | number;

package/dist/cjs/util/safe-sql-helpers.js

@@ -150,16 +150,13 @@ function safeCaseStatement(cases, elseResult) {
     if (cases.length === 0) {
         throw new Error('At least one WHEN clause is required');
     }
-    // Note: This function needs to be refactored to not use sql.raw()
-    // For now, we construct the CASE statement carefully
-    const whenClauses = cases
-        .map((c, i) => {
-        // Conditions must be RawBuilder instances to ensure they're safe
-        const conditionSql = c.condition.toOperationNode();
-        return `WHEN ${conditionSql} THEN ${c.result}`;
-    })
-        .join(' ');
-    return sql_js_1.sql.raw(`CASE ${whenClauses} ELSE ${elseResult} END`);
+    // PRODUCTION HARDENING: Balanced Case Construction
+    // We avoid sql.raw() by building the CASE statement recursively or via template fragments
+    let caseBuilder = (0, sql_js_1.sql) `CASE`;
+    for (const c of cases) {
+        caseBuilder = (0, sql_js_1.sql) `${caseBuilder} WHEN ${c.condition} THEN ${sql_js_1.sql.val(c.result)}`;
+    }
+    return (0, sql_js_1.sql) `${caseBuilder} ELSE ${sql_js_1.sql.val(elseResult)} END`;
 }
 /**
  * Example usage and best practices

package/dist/esm/agentic/ActionJournal.d.ts

@@ -36,9 +36,12 @@ export declare class ActionJournal {
      */
     recordOutcome(actionId: string | number, status: AgentAction['status'], outcome: string, durationMs?: number, metadata?: Record<string, any>): Promise<AgentAction>;
     /**
-     * Get actions for a session
+     * Get actions for a session with pagination
      */
-    getSessionActions(sessionId: string | number): Promise<AgentAction[]>;
+    getSessionActions(sessionId: string | number, options?: {
+        limit?: number;
+        cursor?: string | number;
+    }): Promise<AgentAction[]>;
     /**
      * Get actions by tool name across all sessions.
      */

package/dist/esm/agentic/ActionJournal.js

@@ -65,15 +65,20 @@ export class ActionJournal {
         return parsed;
     }
     /**
-     * Get actions for a session
+     * Get actions for a session with pagination
      */
-    async getSessionActions(sessionId) {
-        const actions = await this.typedDb
+    async getSessionActions(sessionId, options = {}) {
+        const { limit = 100, cursor } = options;
+        let query = this.typedDb
             .selectFrom(this.actionsTable)
             .selectAll()
             .where('session_id', '=', sessionId)
-            .orderBy('created_at', 'asc')
-            .execute();
+            .orderBy('id', 'asc') // Audit Phase 9: Stable ordering for cursors
+            .limit(limit);
+        if (cursor) {
+            query = query.where('id', '>', cursor);
+        }
+        const actions = await query.execute();
         return actions.map((a) => this.parseAction(a));
     }
     /**
@@ -93,6 +98,8 @@ export class ActionJournal {
      * Generate a report of tool failures.
      */
     async getFailureReport() {
+        // Audit Phase 19: Sliding window (default 7 days) to prevent OOM/slow scans
+        const windowStart = new Date(Date.now() - 7 * 24 * 60 * 60 * 1000);
         const results = await this.typedDb
             .selectFrom(this.actionsTable)
             .select([
@@ -101,6 +108,7 @@ export class ActionJournal {
             (eb) => eb.fn.max('created_at').as('lastFailure'),
         ])
             .where('status', '=', 'failure')
+            .where('created_at', '>', windowStart)
             .groupBy('tool_name')
             .orderBy((eb) => eb.fn.count('id'), 'desc')
             .execute();

package/dist/esm/agentic/CapabilityManager.d.ts

@@ -44,5 +44,12 @@ export declare class CapabilityManager {
      * Get all registered capabilities, optionally filtered by status
      */
     getCapabilities(status?: AgentCapability['status']): Promise<AgentCapability[]>;
+    /**
+     * Validate if a persona has access to a specific capability (Sandbox Enforcement).
+     */
+    validateCapabilityAccess(personaId: string | number, capabilityName: string): Promise<{
+        allowed: boolean;
+        reason?: string;
+    }>;
     private parseCapability;
 }

package/dist/esm/agentic/CapabilityManager.js

@@ -80,12 +80,16 @@ export class CapabilityManager {
      */
     async reportOutcome(name, success) {
         await this.db.transaction().execute(async (trx) => {
-            const capability = await trx
+            let query = trx
                 .selectFrom(this.capabilitiesTable)
                 .selectAll()
                 .where('name', '=', name)
-                .orderBy('updated_at', 'desc')
-                .executeTakeFirst();
+                .orderBy('updated_at', 'desc');
+            // PRODUCTION HARDENING: Lock row to prevent RMW race (Skip for SQLite)
+            if (this.db.getExecutor().adapter?.constructor.name !== 'SqliteAdapter') {
+                query = query.forUpdate();
+            }
+            const capability = await query.executeTakeFirst();
             if (capability) {
                 const cap = capability;
                 const metadata = typeof cap.metadata === 'string'
@@ -95,11 +99,14 @@ export class CapabilityManager {
                 const successCount = (metadata.successCount || 0) + (success ? 1 : 0);
                 // Damped moving average: weight recent outcomes more but keep history
                 // formula: new = old * (1 - alpha) + current * alpha
-                const alpha = 0.2;
                 const currentReliability = cap.reliability;
+                const alpha = 0.2;
                 const newReliability = success
                     ? Math.min(1.0, currentReliability * (1 - alpha) + alpha)
                     : Math.max(0.0, currentReliability * (1 - alpha));
+                // Sovereign Draft: Anchored Reliability (weighted by total runs)
+                const anchoredReliability = ((metadata.anchored_reliability || 1.0) * totalCount + (success ? 1 : 0)) /
+                    (totalCount + 1);
                 let newStatus = cap.status || 'experimental';
                 // --- Emergent Skill Evolution Optimization ---
                 const successStreak = (metadata.successStreak || 0) + (success ? 1 : 0);
@@ -172,7 +179,8 @@ export class CapabilityManager {
                         failureStreak,
                         performanceBaseline: newBaseline,
                         performanceVariance: newVariance,
-                        lastOutcomeType: success ? 'success' : 'failure', // Categorization point
+                        anchored_reliability: anchoredReliability,
+                        lastOutcomeType: success ? 'success' : 'failure',
                     }),
                     updated_at: new Date(),
                 })
@@ -203,8 +211,77 @@ export class CapabilityManager {
         if (status) {
             query = query.where('status', '=', status);
         }
-        const list = await query.orderBy('name', 'asc').execute();
-        return list.map((c) => this.parseCapability(c));
+        // Sovereign Draft: Prioritize Alpha versions and higher reliability
+        // Audit Phase 19: Hard limit to prevent memory spikes in massive skillsets
+        const list = await query
+            .orderBy('name', 'asc')
+            .orderBy('reliability', 'desc')
+            .limit(1000)
+            .execute();
+        // Filter to latest/best variants if many versions exist
+        const unique = new Map();
+        for (const c of list) {
+            const meta = typeof c.metadata === 'string' ? JSON.parse(c.metadata) : (c.metadata || {});
+            if (!unique.has(c.name) || meta.is_alpha) {
+                unique.set(c.name, c);
+            }
+        }
+        return Array.from(unique.values()).map((c) => this.parseCapability(c));
+    }
+    /**
+     * Validate if a persona has access to a specific capability (Sandbox Enforcement).
+     */
+    async validateCapabilityAccess(personaId, capabilityName) {
+        const persona = await this.cortex.personas.getPersona(String(personaId)) ||
+            await this.typedDb.selectFrom(this.config.personasTable || 'agent_personas')
+                .selectAll()
+                .where('id', '=', personaId)
+                .executeTakeFirst()
+                .then(p => p ? this.cortex.personas.parsePersona(p) : null);
+        if (!persona) {
+            return { allowed: false, reason: `Persona ${personaId} not found.` };
+        }
+        // Check if persona is quarantined
+        if (persona.metadata?.status === 'quarantined') {
+            return {
+                allowed: false,
+                reason: `Persona ${personaId} is currently quarantined due to safety violations.`,
+            };
+        }
+        // Check if capability is blacklisted globally
+        const cap = await this.typedDb
+            .selectFrom(this.capabilitiesTable)
+            .select(['status', 'reliability'])
+            .where('name', '=', capabilityName)
+            .orderBy('reliability', 'desc')
+            .executeTakeFirst();
+        if (cap && cap.status === 'blacklisted') {
+            return {
+                allowed: false,
+                reason: `Capability '${capabilityName}' is globally blacklisted.`,
+            };
+        }
+        // Enforce persona-specific capability list if defined
+        if (persona.capabilities && persona.capabilities.length > 0) {
+            const isAllowed = persona.capabilities.includes(capabilityName) || persona.capabilities.includes('*');
+            if (!isAllowed) {
+                return {
+                    allowed: false,
+                    reason: `Persona '${persona.name}' does not have permission to use capability '${capabilityName}'.`,
+                };
+            }
+        }
+        // Enforce Sandbox limit for experimental skills
+        if (cap && cap.status === 'experimental') {
+            const experimentalCount = (persona.capabilities || []).filter((c) => c.startsWith('experimental_')).length;
+            if (experimentalCount >= (this.evolutionConfig.maxSandboxSkills || 5)) {
+                return {
+                    allowed: false,
+                    reason: `Persona '${persona.name}' has reached the maximum number of experimental sandbox skills.`,
+                };
+            }
+        }
+        return { allowed: true };
     }
     parseCapability(cap) {
         return {

package/dist/esm/agentic/CognitiveRepository.js

@@ -17,12 +17,9 @@ export class CognitiveRepository {
      * Helper to evaluate rules and trigger actions
      */
     async triggerRules(operation, data) {
-        // Check if rules table exists to avoid errors during initialization
-        const rulesTable = this.cortex.config.agentic?.rulesTable ||
-            this.cortex.config.rulesTable ||
-            'agent_rules';
-        const tables = await this.cortex.db.introspection.getTables();
-        if (!tables.some((t) => t.name === rulesTable)) {
+        // Audit Phase 18: Eliminate per-operation introspection.
+        // The Cortex is responsible for ensuring rules are only evaluated if the table exists.
+        if (!this.cortex.rules) {
             return data;
         }
         const result = await this.cortex.rules.evaluateRules(this.table.name, operation, data);

package/dist/esm/agentic/Cortex.d.ts

@@ -31,11 +31,13 @@ import { SelfTestRegistry } from './improvement/SelfTestRegistry.js';
 import { TelemetryOrchestrator } from './telemetry/TelemetryOrchestrator.js';
 import { SkillSynthesizer } from './improvement/SkillSynthesizer.js';
 import { EvolutionRitual } from './improvement/EvolutionRitual.js';
+import { QuotaManager } from './improvement/QuotaManager.js';
 /**
  * Cortex is the unified facade for agentic operations.
  * It coordinates sessions, memory, reflection, and knowledge.
  */
 export declare class Cortex {
+    #private;
     db: Kysely<any>;
     config: NOORMConfig;
     sessions: SessionManager;
@@ -69,11 +71,13 @@ export declare class Cortex {
     telemetry: TelemetryOrchestrator;
     skillSynthesizer: SkillSynthesizer;
     evolutionRitual: EvolutionRitual;
+    quotas: QuotaManager;
     llm: LLMProvider | null;
     llmFast: LLMProvider | null;
     llmPremium: LLMProvider | null;
     agenticConfig: AgenticConfig;
     constructor(db: Kysely<any>, config: NOORMConfig);
+    private executionLock;
     /**
      * The "Soul-Searching" Loop: A top-level orchestration of all self-improvement rituals.
      */

package/dist/esm/agentic/Cortex.js

@@ -30,6 +30,7 @@ import { SelfTestRegistry } from './improvement/SelfTestRegistry.js';
 import { TelemetryOrchestrator } from './telemetry/TelemetryOrchestrator.js';
 import { SkillSynthesizer } from './improvement/SkillSynthesizer.js';
 import { EvolutionRitual } from './improvement/EvolutionRitual.js';
+import { QuotaManager } from './improvement/QuotaManager.js';
 /**
  * Cortex is the unified facade for agentic operations.
  * It coordinates sessions, memory, reflection, and knowledge.
@@ -68,6 +69,7 @@ export class Cortex {
     telemetry;
     skillSynthesizer;
     evolutionRitual;
+    quotas;
     llm;
     llmFast;
     llmPremium;
@@ -115,45 +117,64 @@ export class Cortex {
         this.tests = new SelfTestRegistry(db, this, agenticConfig);
         this.skillSynthesizer = new SkillSynthesizer(db, this, agenticConfig);
         this.evolutionRitual = new EvolutionRitual(db, this, agenticConfig);
+        this.quotas = new QuotaManager(db, this, agenticConfig);
     }
+    executionLock = false;
     /**
      * The "Soul-Searching" Loop: A top-level orchestration of all self-improvement rituals.
      */
     async selfIterate() {
+        if (this.executionLock) {
+            console.warn('[Cortex] Self-iteration already in progress. Skipping pulse.');
+            return;
+        }
+        this.executionLock = true;
         console.log('[Cortex] Initiating Autonomous Soul-Searching Loop v2 (Deep Hardening Pass)...');
         try {
             // 1. Audit health & Run self-tests
-            const audit = await this.governor.performAudit();
-            if (!audit.healthy) {
-                console.warn('[Cortex] Audit issues detected before iteration:', audit.issues);
-            }
-            await this.tests.runAllProbes();
+            await this.#runIsolated('Audit', () => this.governor.performAudit());
+            await this.#runIsolated('Self-Tests', () => this.tests.runAllProbes());
             // 2. Run background rituals (optimization, compression)
-            await this.rituals.runPendingRituals();
+            await this.#runIsolated('Rituals', () => this.rituals.runPendingRituals());
             // 3. Learn from actions & Prune dead data
-            await this.refiner.refineActions();
-            await this.ablation.pruneZombies();
-            // Industrial Hardening: Monitor and recover from bad ablations
-            await this.ablation.monitorAblationPerformance();
+            await this.#runIsolated('Action Refinement', () => this.refiner.refineActions());
+            await this.#runIsolated('Zombie Pruning', () => this.ablation.pruneZombies());
+            await this.#runIsolated('Ablation Monitoring', () => this.ablation.monitorAblationPerformance());
             // 4. Mutation & Strategy
-            await this.strategy.mutateStrategy();
+            await this.#runIsolated('Strategy Mutation', () => this.strategy.mutateStrategy());
             // 5. High-Throughput Evolution Pulse
-            await this.evolutionRitual.execute();
+            await this.#runIsolated('Evolution Pulse', () => this.evolutionRitual.execute());
             // 6. Broadcast knowledge & skills
-            await this.hive.broadcastKnowledge();
-            // 6b. Emergent Skill Synthesis
-            await this.skillSynthesizer.discoverAndSynthesize();
+            await this.#runIsolated('Knowledge Broadcast', () => this.hive.broadcastKnowledge());
+            await this.#runIsolated('Skill Synthesis', () => this.skillSynthesizer.discoverAndSynthesize());
             // 7. Evolutionary pulse
-            await this.pilot.runSelfImprovementCycle();
+            await this.#runIsolated('Improvement Cycle', () => this.pilot.runSelfImprovementCycle());
             console.log('[Cortex] Soul-Searching loop completed.');
         }
         catch (err) {
             console.error('[Cortex] Soul-Searching loop failed:', err);
-            // Telemetry: track failure
             await this.telemetry.track('system', 'error', 'Self-iteration failed', {
                 error: String(err),
             });
         }
+        finally {
+            this.executionLock = false;
+        }
+    }
+    /**
+     * Execute a ritual step in total isolation to prevent global collapse
+     */
+    async #runIsolated(name, ritual) {
+        try {
+            await ritual();
+        }
+        catch (error) {
+            console.error(`[Cortex] Ritual '${name}' failed but pulse continuing:`, error);
+            await this.telemetry.track('system', 'error', `Ritual failure: ${name}`, {
+                ritual: name,
+                error: String(error)
+            });
+        }
     }
     /**
      * Helper to quickly resume a session and fill the context buffer

package/dist/esm/agentic/EpisodicMemory.d.ts

@@ -33,8 +33,12 @@ export declare class EpisodicMemory {
     completeEpisode(episodeId: string | number, summary: string, metadata?: Record<string, any>): Promise<AgentEpisode>;
     /**
      * Get all episodes for a session.
+     * Refactored Phase 12: Paginated retrieval for high-volume sessions.
      */
-    getSessionEpisodes(sessionId: string | number): Promise<AgentEpisode[]>;
+    getSessionEpisodes(sessionId: string | number, options?: {
+        limit?: number;
+        offset?: number;
+    }): Promise<AgentEpisode[]>;
     /**
      * Get recently completed episodes across all sessions.
      */

package/dist/esm/agentic/EpisodicMemory.js

@@ -39,12 +39,15 @@ export class EpisodicMemory {
         return await this.db.transaction().execute(async (trx) => {
             const existing = await trx
                 .selectFrom(this.episodesTable)
-                .select('metadata')
+                .selectAll()
                 .where('id', '=', episodeId)
+                .forUpdate() // Audit Phase 12: Atomic completion lock
                 .executeTakeFirst();
-            const oldMeta = typeof existing?.metadata === 'string'
+            if (!existing)
+                throw new Error(`Episode with ID ${episodeId} not found`);
+            const oldMeta = typeof existing.metadata === 'string'
                 ? JSON.parse(existing.metadata)
-                : existing?.metadata || {};
+                : existing.metadata || {};
             const newMeta = { ...oldMeta, ...metadata };
             const episode = await trx
                 .updateTable(this.episodesTable)
@@ -62,13 +65,17 @@ export class EpisodicMemory {
     }
     /**
      * Get all episodes for a session.
+     * Refactored Phase 12: Paginated retrieval for high-volume sessions.
      */
-    async getSessionEpisodes(sessionId) {
+    async getSessionEpisodes(sessionId, options = {}) {
+        const { limit = 100, offset = 0 } = options;
         const list = await this.typedDb
             .selectFrom(this.episodesTable)
             .selectAll()
             .where('session_id', '=', sessionId)
             .orderBy('start_time', 'desc')
+            .limit(limit)
+            .offset(offset)
             .execute();
         return list.map((e) => this.parseEpisode(e));
     }

package/dist/esm/agentic/PersonaManager.js

@@ -18,39 +18,45 @@ export class PersonaManager {
      * Create or update a persona
      */
     async upsertPersona(name, options = {}) {
-        const existing = await this.typedDb
-            .selectFrom(this.personasTable)
-            .selectAll()
-            .where('name', '=', name)
-            .executeTakeFirst();
-        const values = {
-            name,
-            role: options.role || null,
-            capabilities: options.capabilities
-                ? JSON.stringify(options.capabilities)
-                : null,
-            policies: options.policies ? JSON.stringify(options.policies) : null,
-            metadata: options.metadata ? JSON.stringify(options.metadata) : null,
-            updated_at: new Date(),
-        };
-        if (existing) {
-            const updated = await this.typedDb
-                .updateTable(this.personasTable)
-                .set(values)
-                .where('id', '=', existing.id)
+        return await this.db.transaction().execute(async (trx) => {
+            let query = trx
+                .selectFrom(this.personasTable)
+                .selectAll()
+                .where('name', '=', name);
+            // Audit Phase 13: Atomic identity lock (Skip for SQLite)
+            if (this.db.getExecutor().adapter?.constructor.name !== 'SqliteAdapter') {
+                query = query.forUpdate();
+            }
+            const existing = await query.executeTakeFirst();
+            const values = {
+                name,
+                role: options.role || null,
+                capabilities: options.capabilities
+                    ? JSON.stringify(options.capabilities)
+                    : null,
+                policies: options.policies ? JSON.stringify(options.policies) : null,
+                metadata: options.metadata ? JSON.stringify(options.metadata) : null,
+                updated_at: new Date(),
+            };
+            if (existing) {
+                const updated = await trx
+                    .updateTable(this.personasTable)
+                    .set(values)
+                    .where('id', '=', existing.id)
+                    .returningAll()
+                    .executeTakeFirstOrThrow();
+                return this.parsePersona(updated);
+            }
+            const created = await trx
+                .insertInto(this.personasTable)
+                .values({
+                ...values,
+                created_at: new Date(),
+            })
                 .returningAll()
                 .executeTakeFirstOrThrow();
-            return this.parsePersona(updated);
-        }
-        const created = await this.typedDb
-            .insertInto(this.personasTable)
-            .values({
-            ...values,
-            created_at: new Date(),
-        })
-            .returningAll()
-            .executeTakeFirstOrThrow();
-        return this.parsePersona(created);
+            return this.parsePersona(created);
+        });
     }
     /**
      * Get a persona by name

package/dist/esm/agentic/PolicyEnforcer.d.ts

@@ -27,6 +27,7 @@ export declare class PolicyEnforcer {
     private config;
     private policiesTable;
     private metricsTable;
+    private metricCache;
     constructor(db: Kysely<any>, config?: AgenticConfig);
     private get typedDb();
     /**
@@ -37,7 +38,11 @@ export declare class PolicyEnforcer {
      * Comprehensive policy evaluation against a context value.
      * Supports thresholds, regex patterns, and cumulative budgets.
      */
-    checkPolicy(name: string, value: any): Promise<{
+    /**
+     * Comprehensive policy evaluation against a context value.
+     * Supports thresholds, regex patterns, and cumulative budgets.
+     */
+    checkPolicy(name: string, value: any, visited?: Set<string>): Promise<{
         allowed: boolean;
         reason?: string;
     }>;