noormme 1.2.3 → 1.2.5

package/dist/cjs/agentic/ActionJournal.d.ts

@@ -1,5 +1,5 @@
 import type { Kysely } from '../kysely.js';
-import type { AgenticConfig, AgentAction } from '../types/index.js';
+import type { AgentAction, AgenticConfig } from '../types/index.js';
 import type { TelemetryOrchestrator } from './telemetry/TelemetryOrchestrator.js';
 export interface ActionTable {
     id: number | string;
@@ -30,26 +30,26 @@ export declare class ActionJournal {
     /**
      * Log an action (tool call)
      */
-    logAction(sessionId: string | number, toolName: string, args: Record<string, any>, messageId?: string | number): Promise<AgentAction>;
+    logAction(sessionId: string | number, toolName: string, args: Record<string, any>, messageId?: string | number, trxOrDb?: any): Promise<AgentAction>;
     /**
      * Update action with outcome
      */
-    recordOutcome(actionId: string | number, status: AgentAction['status'], outcome: string, durationMs?: number, metadata?: Record<string, any>): Promise<AgentAction>;
+    recordOutcome(actionId: string | number, status: AgentAction['status'], outcome: string, durationMs?: number, metadata?: Record<string, any>, trxOrDb?: any): Promise<AgentAction>;
     /**
      * Get actions for a session with pagination
      */
     getSessionActions(sessionId: string | number, options?: {
         limit?: number;
         cursor?: string | number;
-    }): Promise<AgentAction[]>;
+    }, trxOrDb?: any): Promise<AgentAction[]>;
     /**
      * Get actions by tool name across all sessions.
      */
-    getActionsByTool(toolName: string, limit?: number): Promise<AgentAction[]>;
+    getActionsByTool(toolName: string, limit?: number, trxOrDb?: any): Promise<AgentAction[]>;
     /**
      * Generate a report of tool failures.
      */
-    getFailureReport(): Promise<{
+    getFailureReport(trxOrDb?: any): Promise<{
         toolName: string;
         failureCount: number;
         lastFailure: string;

package/dist/cjs/agentic/ActionJournal.js

@@ -22,8 +22,8 @@ class ActionJournal {
     /**
      * Log an action (tool call)
      */
-    async logAction(sessionId, toolName, args, messageId) {
-        const action = await this.typedDb
+    async logAction(sessionId, toolName, args, messageId, trxOrDb = this.db) {
+        const action = await trxOrDb
             .insertInto(this.actionsTable)
             .values({
             session_id: sessionId,
@@ -45,8 +45,8 @@ class ActionJournal {
     /**
      * Update action with outcome
      */
-    async recordOutcome(actionId, status, outcome, durationMs, metadata) {
-        const action = await this.typedDb
+    async recordOutcome(actionId, status, outcome, durationMs, metadata, trxOrDb = this.db) {
+        const action = await trxOrDb
             .updateTable(this.actionsTable)
             .set({
             status,
@@ -69,9 +69,9 @@ class ActionJournal {
     /**
      * Get actions for a session with pagination
      */
-    async getSessionActions(sessionId, options = {}) {
+    async getSessionActions(sessionId, options = {}, trxOrDb = this.db) {
         const { limit = 100, cursor } = options;
-        let query = this.typedDb
+        let query = trxOrDb
             .selectFrom(this.actionsTable)
             .selectAll()
             .where('session_id', '=', sessionId)
@@ -86,8 +86,8 @@ class ActionJournal {
     /**
      * Get actions by tool name across all sessions.
      */
-    async getActionsByTool(toolName, limit = 50) {
-        const actions = await this.typedDb
+    async getActionsByTool(toolName, limit = 50, trxOrDb = this.db) {
+        const actions = await trxOrDb
             .selectFrom(this.actionsTable)
             .selectAll()
             .where('tool_name', '=', toolName)
@@ -99,10 +99,10 @@ class ActionJournal {
     /**
      * Generate a report of tool failures.
      */
-    async getFailureReport() {
+    async getFailureReport(trxOrDb = this.db) {
         // Audit Phase 19: Sliding window (default 7 days) to prevent OOM/slow scans
         const windowStart = new Date(Date.now() - 7 * 24 * 60 * 60 * 1000);
-        const results = await this.typedDb
+        const results = await trxOrDb
             .selectFrom(this.actionsTable)
             .select([
             'tool_name',

package/dist/cjs/agentic/CapabilityManager.d.ts

@@ -30,24 +30,24 @@ export declare class CapabilityManager {
     /**
      * Register or update a capability (skill)
      */
-    registerCapability(name: string, version: string, description?: string, metadata?: Record<string, any>): Promise<AgentCapability>;
+    registerCapability(name: string, version: string, description?: string, metadata?: Record<string, any>, trxOrDb?: any): Promise<AgentCapability>;
     /**
      * Update reliability based on action outcome using a damped moving average.
      * Manages the lifecycle of emergent skills (sandbox -> verified / blacklisted).
      */
-    reportOutcome(name: string, success: boolean): Promise<void>;
+    reportOutcome(name: string, success: boolean, trxOrDb?: any): Promise<void>;
     /**
      * Get reliability score for a capability.
      */
-    getReliability(name: string): Promise<number>;
+    getReliability(name: string, trxOrDb?: any): Promise<number>;
     /**
      * Get all registered capabilities, optionally filtered by status
      */
-    getCapabilities(status?: AgentCapability['status']): Promise<AgentCapability[]>;
+    getCapabilities(status?: AgentCapability['status'], trxOrDb?: any): Promise<AgentCapability[]>;
     /**
      * Validate if a persona has access to a specific capability (Sandbox Enforcement).
      */
-    validateCapabilityAccess(personaId: string | number, capabilityName: string): Promise<{
+    validateCapabilityAccess(personaId: string | number, capabilityName: string, trxOrDb?: any): Promise<{
         allowed: boolean;
         reason?: string;
     }>;

package/dist/cjs/agentic/CapabilityManager.js

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.CapabilityManager = void 0;
+const db_utils_js_1 = require("./util/db-utils.js");
 /**
  * CapabilityManager tracks the skills (tools) available to an agent
  * and their historical reliability.
@@ -30,8 +31,8 @@ class CapabilityManager {
     /**
      * Register or update a capability (skill)
      */
-    async registerCapability(name, version, description, metadata = {}) {
-        return await this.db.transaction().execute(async (trx) => {
+    async registerCapability(name, version, description, metadata = {}, trxOrDb = this.db) {
+        const runner = async (trx) => {
             const existing = await trx
                 .selectFrom(this.capabilitiesTable)
                 .selectAll()
@@ -74,24 +75,27 @@ class CapabilityManager {
                 .returningAll()
                 .executeTakeFirstOrThrow();
             return this.parseCapability(created);
-        });
+        };
+        if (trxOrDb && trxOrDb !== this.db) {
+            return await runner(trxOrDb);
+        }
+        else {
+            return await this.db.transaction().execute(runner);
+        }
     }
     /**
      * Update reliability based on action outcome using a damped moving average.
      * Manages the lifecycle of emergent skills (sandbox -> verified / blacklisted).
      */
-    async reportOutcome(name, success) {
-        await this.db.transaction().execute(async (trx) => {
-            let query = trx
+    async reportOutcome(name, success, trxOrDb = this.db) {
+        const runner = async (trx) => {
+            const baseQuery = trx
                 .selectFrom(this.capabilitiesTable)
                 .selectAll()
                 .where('name', '=', name)
                 .orderBy('updated_at', 'desc');
-            // PRODUCTION HARDENING: Lock row to prevent RMW race (Skip for SQLite)
-            if (this.db.getExecutor().adapter?.constructor.name !== 'SqliteAdapter') {
-                query = query.forUpdate();
-            }
-            const capability = await query.executeTakeFirst();
+            const capability = await (0, db_utils_js_1.withLock)(baseQuery, trx)
+                .executeTakeFirst();
             if (capability) {
                 const cap = capability;
                 const metadata = typeof cap.metadata === 'string'
@@ -189,13 +193,19 @@ class CapabilityManager {
                     .where('id', '=', cap.id)
                     .execute();
             }
-        });
+        };
+        if (trxOrDb && trxOrDb !== this.db) {
+            await runner(trxOrDb);
+        }
+        else {
+            await this.db.transaction().execute(runner);
+        }
     }
     /**
      * Get reliability score for a capability.
      */
-    async getReliability(name) {
-        const cap = await this.typedDb
+    async getReliability(name, trxOrDb = this.db) {
+        const cap = await trxOrDb
             .selectFrom(this.capabilitiesTable)
             .select('reliability')
             .where('name', '=', name)
@@ -206,8 +216,8 @@ class CapabilityManager {
     /**
      * Get all registered capabilities, optionally filtered by status
      */
-    async getCapabilities(status) {
-        let query = this.typedDb
+    async getCapabilities(status, trxOrDb = this.db) {
+        let query = trxOrDb
             .selectFrom(this.capabilitiesTable)
             .selectAll();
         if (status) {
@@ -223,9 +233,10 @@ class CapabilityManager {
         // Filter to latest/best variants if many versions exist
         const unique = new Map();
         for (const c of list) {
-            const meta = typeof c.metadata === 'string' ? JSON.parse(c.metadata) : (c.metadata || {});
-            if (!unique.has(c.name) || meta.is_alpha) {
-                unique.set(c.name, c);
+            const cap = c;
+            const meta = typeof cap.metadata === 'string' ? JSON.parse(cap.metadata) : (cap.metadata || {});
+            if (!unique.has(cap.name) || meta.is_alpha) {
+                unique.set(cap.name, cap);
             }
         }
         return Array.from(unique.values()).map((c) => this.parseCapability(c));
@@ -233,13 +244,13 @@ class CapabilityManager {
     /**
      * Validate if a persona has access to a specific capability (Sandbox Enforcement).
      */
-    async validateCapabilityAccess(personaId, capabilityName) {
-        const persona = await this.cortex.personas.getPersona(String(personaId)) ||
-            await this.typedDb.selectFrom(this.config.personasTable || 'agent_personas')
+    async validateCapabilityAccess(personaId, capabilityName, trxOrDb = this.db) {
+        const persona = await this.cortex.personas.getPersona(String(personaId), trxOrDb) ||
+            await trxOrDb.selectFrom(this.config.personasTable || 'agent_personas')
                 .selectAll()
                 .where('id', '=', personaId)
                 .executeTakeFirst()
-                .then(p => p ? this.cortex.personas.parsePersona(p) : null);
+                .then((p) => p ? this.cortex.personas.parsePersona(p) : null);
         if (!persona) {
             return { allowed: false, reason: `Persona ${personaId} not found.` };
         }
@@ -251,7 +262,7 @@ class CapabilityManager {
             };
         }
         // Check if capability is blacklisted globally
-        const cap = await this.typedDb
+        const cap = await trxOrDb
             .selectFrom(this.capabilitiesTable)
             .select(['status', 'reliability'])
             .where('name', '=', capabilityName)

package/dist/cjs/agentic/Cortex.js

@@ -133,23 +133,22 @@ class Cortex {
         this.executionLock = true;
         console.log('[Cortex] Initiating Autonomous Soul-Searching Loop v2 (Deep Hardening Pass)...');
         try {
-            // 1. Audit health & Run self-tests
-            await this.#runIsolated('Audit', () => this.governor.performAudit());
-            await this.#runIsolated('Self-Tests', () => this.tests.runAllProbes());
-            // 2. Run background rituals (optimization, compression)
-            await this.#runIsolated('Rituals', () => this.rituals.runPendingRituals());
-            // 3. Learn from actions & Prune dead data
-            await this.#runIsolated('Action Refinement', () => this.refiner.refineActions());
-            await this.#runIsolated('Zombie Pruning', () => this.ablation.pruneZombies());
-            await this.#runIsolated('Ablation Monitoring', () => this.ablation.monitorAblationPerformance());
-            // 4. Mutation & Strategy
+            await this.db.transaction().execute(async (trx) => {
+                // 1. Audit health & Run self-tests
+                await this.#runIsolated('Audit', () => this.governor.performAudit(trx));
+                await this.#runIsolated('Self-Tests', () => this.tests.runAllProbes(trx));
+                // 2. Run background rituals (optimization, compression)
+                await this.#runIsolated('Rituals', () => this.rituals.runPendingRituals(trx));
+                // 3. Learn from actions & Prune dead data
+                await this.#runIsolated('Action Refinement', () => this.refiner.refineActions(trx));
+                await this.#runIsolated('Zombie Pruning', () => this.ablation.pruneZombies(30, trx));
+                await this.#runIsolated('Ablation Monitoring', () => this.ablation.monitorAblationPerformance(trx));
+            });
+            // These are often long-running or have their own internal transaction boundaries
             await this.#runIsolated('Strategy Mutation', () => this.strategy.mutateStrategy());
-            // 5. High-Throughput Evolution Pulse
             await this.#runIsolated('Evolution Pulse', () => this.evolutionRitual.execute());
-            // 6. Broadcast knowledge & skills
             await this.#runIsolated('Knowledge Broadcast', () => this.hive.broadcastKnowledge());
             await this.#runIsolated('Skill Synthesis', () => this.skillSynthesizer.discoverAndSynthesize());
-            // 7. Evolutionary pulse
             await this.#runIsolated('Improvement Cycle', () => this.pilot.runSelfImprovementCycle());
             console.log('[Cortex] Soul-Searching loop completed.');
         }

package/dist/cjs/agentic/EpisodicMemory.js

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.EpisodicMemory = void 0;
+const db_utils_js_1 = require("./util/db-utils.js");
 /**
  * EpisodicMemory groups interactions into semantic chunks (episodes),
  * allowing agents to recall specific scenarios and their outcomes.
@@ -39,11 +40,11 @@ class EpisodicMemory {
      */
     async completeEpisode(episodeId, summary, metadata) {
         return await this.db.transaction().execute(async (trx) => {
-            const existing = await trx
+            const query = trx
                 .selectFrom(this.episodesTable)
                 .selectAll()
-                .where('id', '=', episodeId)
-                .forUpdate() // Audit Phase 12: Atomic completion lock
+                .where('id', '=', episodeId);
+            const existing = await (0, db_utils_js_1.withLock)(query, trx) // Audit Phase 12: Atomic completion lock
                 .executeTakeFirst();
             if (!existing)
                 throw new Error(`Episode with ID ${episodeId} not found`);

package/dist/cjs/agentic/PersonaManager.d.ts

@@ -30,18 +30,18 @@ export declare class PersonaManager {
         capabilities?: string[];
         policies?: string[];
         metadata?: Record<string, any>;
-    }): Promise<AgentPersona>;
+    }, trxOrDb?: any): Promise<AgentPersona>;
     /**
      * Get a persona by name
      */
-    getPersona(name: string): Promise<AgentPersona | null>;
+    getPersona(name: string, trxOrDb?: any): Promise<AgentPersona | null>;
     /**
      * Delete a persona by name
      */
-    deletePersona(name: string): Promise<boolean>;
+    deletePersona(name: string, trxOrDb?: any): Promise<boolean>;
     /**
      * List all personas
      */
-    listPersonas(): Promise<AgentPersona[]>;
+    listPersonas(trxOrDb?: any): Promise<AgentPersona[]>;
     private parsePersona;
 }

package/dist/cjs/agentic/PersonaManager.js

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.PersonaManager = void 0;
+const db_utils_js_1 = require("./util/db-utils.js");
 /**
  * PersonaManager handles persistent agent identities that bridge multiple sessions.
  */
@@ -19,17 +20,14 @@ class PersonaManager {
     /**
      * Create or update a persona
      */
-    async upsertPersona(name, options = {}) {
-        return await this.db.transaction().execute(async (trx) => {
-            let query = trx
+    async upsertPersona(name, options = {}, trxOrDb = this.db) {
+        const runner = async (trx) => {
+            const baseQuery = trx
                 .selectFrom(this.personasTable)
                 .selectAll()
                 .where('name', '=', name);
-            // Audit Phase 13: Atomic identity lock (Skip for SQLite)
-            if (this.db.getExecutor().adapter?.constructor.name !== 'SqliteAdapter') {
-                query = query.forUpdate();
-            }
-            const existing = await query.executeTakeFirst();
+            const existing = await (0, db_utils_js_1.withLock)(baseQuery, trx)
+                .executeTakeFirst();
             const values = {
                 name,
                 role: options.role || null,
@@ -58,13 +56,19 @@ class PersonaManager {
                 .returningAll()
                 .executeTakeFirstOrThrow();
             return this.parsePersona(created);
-        });
+        };
+        if (trxOrDb && trxOrDb !== this.db) {
+            return await runner(trxOrDb);
+        }
+        else {
+            return await this.db.transaction().execute(runner);
+        }
     }
     /**
      * Get a persona by name
      */
-    async getPersona(name) {
-        const persona = await this.typedDb
+    async getPersona(name, trxOrDb = this.db) {
+        const persona = await trxOrDb
             .selectFrom(this.personasTable)
             .selectAll()
             .where('name', '=', name)
@@ -74,8 +78,8 @@ class PersonaManager {
     /**
      * Delete a persona by name
      */
-    async deletePersona(name) {
-        const result = await this.typedDb
+    async deletePersona(name, trxOrDb = this.db) {
+        const result = await trxOrDb
             .deleteFrom(this.personasTable)
             .where('name', '=', name)
             .executeTakeFirst();
@@ -84,8 +88,8 @@ class PersonaManager {
     /**
      * List all personas
      */
-    async listPersonas() {
-        const list = await this.typedDb
+    async listPersonas(trxOrDb = this.db) {
+        const list = await trxOrDb
             .selectFrom(this.personasTable)
             .selectAll()
             .orderBy('name', 'asc')

package/dist/cjs/agentic/PolicyEnforcer.d.ts

@@ -33,30 +33,26 @@ export declare class PolicyEnforcer {
     /**
      * Define or update a policy with robust validation.
      */
-    definePolicy(name: string, type: AgentPolicy['type'], definition: Record<string, any>, isEnabled?: boolean): Promise<AgentPolicy>;
+    definePolicy(name: string, type: AgentPolicy['type'], definition: Record<string, any>, isEnabled?: boolean, trxOrDb?: any): Promise<AgentPolicy>;
     /**
      * Comprehensive policy evaluation against a context value.
      * Supports thresholds, regex patterns, and cumulative budgets.
      */
-    /**
-     * Comprehensive policy evaluation against a context value.
-     * Supports thresholds, regex patterns, and cumulative budgets.
-     */
-    checkPolicy(name: string, value: any, visited?: Set<string>): Promise<{
+    checkPolicy(name: string, value: any, visited?: Set<string>, trxOrDb?: any): Promise<{
         allowed: boolean;
         reason?: string;
     }>;
     /**
      * Evaluate a full context (object) against all applicable policies.
      */
-    evaluateContext(context: Record<string, any>): Promise<{
+    evaluateContext(context: Record<string, any>, trxOrDb?: any): Promise<{
         allowed: boolean;
         violations: string[];
     }>;
     /**
      * Get all active policies.
      */
-    getActivePolicies(): Promise<AgentPolicy[]>;
+    getActivePolicies(trxOrDb?: any): Promise<AgentPolicy[]>;
     private getCumulativeMetric;
     private parsePolicy;
 }

package/dist/cjs/agentic/PolicyEnforcer.js

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.PolicyEnforcer = void 0;
+const db_utils_js_1 = require("./util/db-utils.js");
 /**
  * PolicyEnforcer stores and validates agent autonomous guardrails,
  * such as budgets, safety constraints, and privacy rules.
@@ -23,17 +24,14 @@ class PolicyEnforcer {
     /**
      * Define or update a policy with robust validation.
      */
-    async definePolicy(name, type, definition, isEnabled = true) {
-        return await this.db.transaction().execute(async (trx) => {
-            let query = trx
+    async definePolicy(name, type, definition, isEnabled = true, trxOrDb = this.db) {
+        const runner = async (trx) => {
+            const query = trx
                 .selectFrom(this.policiesTable)
                 .select('id')
                 .where('name', '=', name);
-            // Audit Phase 16: Exclusive lock for provisioning (Skip for SQLite)
-            if (this.db.getExecutor().adapter?.constructor.name !== 'SqliteAdapter') {
-                query = query.forUpdate();
-            }
-            const existing = await query.executeTakeFirst();
+            const existing = await (0, db_utils_js_1.withLock)(query, trx)
+                .executeTakeFirst();
             if (existing) {
                 const updated = await trx
                     .updateTable(this.policiesTable)
@@ -61,17 +59,19 @@ class PolicyEnforcer {
                 .returningAll()
                 .executeTakeFirstOrThrow();
             return this.parsePolicy(created);
-        });
+        };
+        if (trxOrDb && trxOrDb !== this.db) {
+            return await runner(trxOrDb);
+        }
+        else {
+            return await this.db.transaction().execute(runner);
+        }
     }
     /**
      * Comprehensive policy evaluation against a context value.
      * Supports thresholds, regex patterns, and cumulative budgets.
      */
-    /**
-     * Comprehensive policy evaluation against a context value.
-     * Supports thresholds, regex patterns, and cumulative budgets.
-     */
-    async checkPolicy(name, value, visited = new Set()) {
+    async checkPolicy(name, value, visited = new Set(), trxOrDb = this.db) {
         // Audit Pass 6: Re-entrancy / Circular Dependency Detection
         if (visited.has(name)) {
             return {
@@ -80,7 +80,7 @@ class PolicyEnforcer {
             };
         }
         visited.add(name);
-        const policy = await this.typedDb
+        const policy = await trxOrDb
             .selectFrom(this.policiesTable)
             .selectAll()
             .where('name', '=', name)
@@ -111,7 +111,7 @@ class PolicyEnforcer {
             if (def.pattern.length > 500) {
                 return { allowed: false, reason: `Policy '${name}' regex pattern too long (potential ReDoS risk)` };
             }
-            const dangerousPatterns = /(\*|\+)\1|\(\.\*\)\*/;
+            const dangerousPatterns = /(\*|\+)\1|\(\.\*\)\*|\(\[.*\](\*|\+)\)(\*|\+)|\(.*\+\)\+/;
             if (dangerousPatterns.test(def.pattern)) {
                 return { allowed: false, reason: `Policy '${name}' contains potentially dangerous ReDoS pattern` };
             }
@@ -139,7 +139,7 @@ class PolicyEnforcer {
         if (policy.type === 'budget' && def.metricName) {
             const period = def.period || 'daily';
             const limit = def.limit || 0;
-            const total = await this.getCumulativeMetric(def.metricName, period);
+            const total = await this.getCumulativeMetric(def.metricName, period, trxOrDb);
             if (total + (typeof value === 'number' ? value : 0) > limit) {
                 return {
                     allowed: false,
@@ -151,7 +151,7 @@ class PolicyEnforcer {
         // Audit Pass 6: Moved from evaluateContext to checkPolicy for deeper nesting support
         if (def.dependsOn && Array.isArray(def.dependsOn)) {
             for (const depName of def.dependsOn) {
-                const result = await this.checkPolicy(depName, value, new Set(visited));
+                const result = await this.checkPolicy(depName, value, new Set(visited), trxOrDb);
                 if (!result.allowed) {
                     return { allowed: false, reason: `Composite block: ${name} -> ${result.reason}` };
                 }
@@ -162,19 +162,19 @@ class PolicyEnforcer {
     /**
      * Evaluate a full context (object) against all applicable policies.
      */
-    async evaluateContext(context) {
-        const policies = await this.getActivePolicies();
+    async evaluateContext(context, trxOrDb = this.db) {
+        const policies = await this.getActivePolicies(trxOrDb);
         const violations = [];
         for (const policy of policies) {
             // If the context has a key matching the policy name, check it
             if (context[policy.name] !== undefined) {
-                const result = await this.checkPolicy(policy.name, context[policy.name]);
+                const result = await this.checkPolicy(policy.name, context[policy.name], new Set(), trxOrDb);
                 if (!result.allowed)
                     violations.push(result.reason);
             }
             // Check for type-specific global policies (e.g. all privacy policies)
             if (policy.type === 'privacy' && context.content) {
-                const result = await this.checkPolicy(policy.name, context.content);
+                const result = await this.checkPolicy(policy.name, context.content, new Set(), trxOrDb);
                 if (!result.allowed)
                     violations.push(result.reason);
             }
@@ -187,15 +187,15 @@ class PolicyEnforcer {
     /**
      * Get all active policies.
      */
-    async getActivePolicies() {
-        const list = await this.typedDb
+    async getActivePolicies(trxOrDb = this.db) {
+        const list = await trxOrDb
             .selectFrom(this.policiesTable)
             .selectAll()
             .where('is_enabled', '=', true)
             .execute();
         return list.map((p) => this.parsePolicy(p));
     }
-    async getCumulativeMetric(metricName, period) {
+    async getCumulativeMetric(metricName, period, trxOrDb = this.db) {
         const cacheKey = `${metricName}:${period}`;
         const cached = this.metricCache.get(cacheKey);
         const now = new Date();
@@ -217,7 +217,7 @@ class PolicyEnforcer {
         else if (period === 'hourly') {
             cutoff = new Date(now.getTime() - 3600000);
         }
-        const result = await this.typedDb
+        const result = await trxOrDb
             .selectFrom(this.metricsTable)
             .select((eb) => eb.fn.sum('metric_value').as('total'))
             .where('metric_name', '=', metricName)

package/dist/cjs/agentic/ResourceMonitor.js

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.ResourceMonitor = void 0;
+const sql_js_1 = require("../raw-builder/sql.js");
 /**
  * ResourceMonitor tracks token usage and costs across sessions.
  */
@@ -100,7 +101,7 @@ class ResourceMonitor {
             .select([
             'model_name',
             (eb) => eb.fn
-                .sum(eb('input_tokens', '+', 'output_tokens'))
+                .sum((0, sql_js_1.sql) `input_tokens + output_tokens`)
                 .as('totalTokens'),
             (eb) => eb.fn.sum('cost').as('totalCost'),
         ])

package/dist/cjs/agentic/SessionManager.js

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.SessionManager = void 0;
+const db_utils_js_1 = require("./util/db-utils.js");
 /**
  * SessionManager handles the lifecycle of agentic sessions, including
  * message history, goal tracking, and memory persistence.
@@ -134,12 +135,12 @@ class SessionManager {
     async upsertGoal(sessionId, description, options = {}) {
         const { status = 'pending', priority = 0, parentId, metadata } = options;
         return await this.db.transaction().execute(async (trx) => {
-            const existing = await trx
+            const query = trx
                 .selectFrom(this.goalsTable)
                 .selectAll()
                 .where('session_id', '=', sessionId)
-                .where('description', '=', description)
-                .forUpdate() // Audit Phase 13: Atomic goal lock
+                .where('description', '=', description);
+            const existing = await (0, db_utils_js_1.withLock)(query, trx) // Audit Phase 13: Atomic goal lock
                 .executeTakeFirst();
             if (existing) {
                 const updated = await trx
@@ -210,11 +211,11 @@ class SessionManager {
         // We avoid the Read-Modify-Write race condition by letting the DB handle the merge
         // or by using a strict transaction if the DB doesn't support JSON patching natively.
         const updated = await this.db.transaction().execute(async (trx) => {
-            const message = await trx
+            const query = trx
                 .selectFrom(this.messagesTable)
                 .select('metadata')
-                .where('id', '=', messageId)
-                .forUpdate() // Lock the row for the duration of the transaction
+                .where('id', '=', messageId);
+            const message = await (0, db_utils_js_1.withLock)(query, trx) // Lock the row for the duration of the transaction
                 .executeTakeFirstOrThrow();
             const metadata = typeof message.metadata === 'string'
                 ? JSON.parse(message.metadata)