open-multi-agent-kit 0.78.1 → 0.78.2

package/dist/runtime/contracts/evidence.d.ts

@@ -0,0 +1,87 @@
+/**
+ * Evidence contracts for OMK Weakness Remediation.
+ *
+ * Core interfaces that bridge reasoning traces, runtime decisions,
+ * provider maturity, and release gates into a verifiable evidence model.
+ */
+/** Granularity of a single evidence artifact. */
+export type EvidenceKind = "test" | "diff" | "command" | "screenshot" | "trace" | "metric" | "audit" | "review";
+/** Verdict state of an evidence item. */
+export type EvidenceVerdict = "pass" | "fail" | "partial" | "pending";
+/** A single, auditable piece of evidence. */
+export interface EvidenceItem {
+    readonly id: string;
+    readonly kind: EvidenceKind;
+    readonly source: string;
+    readonly description: string;
+    readonly verdict: EvidenceVerdict;
+    readonly timestamp: string;
+    readonly confidence: number;
+    readonly linkedTraceId?: string;
+    readonly linkedFilePaths: readonly string[];
+    readonly metadata?: Readonly<Record<string, unknown>>;
+}
+/** A curated bundle of evidence items with a collective verdict. */
+export interface ProofBundle {
+    readonly id: string;
+    readonly name: string;
+    readonly items: readonly EvidenceItem[];
+    readonly createdAt: string;
+    readonly verdict: EvidenceVerdict;
+    readonly coveragePercent: number;
+    readonly summary: string;
+}
+/** Maturity tier for a provider or runtime surface. */
+export type MaturityTier = "experimental" | "preview" | "stable" | "deprecated";
+/** Maturity assessment for a provider/runtime. */
+export interface ProviderMaturity {
+    readonly providerId: string;
+    readonly tier: MaturityTier;
+    readonly runCount: number;
+    readonly passRate: number;
+    readonly lastVerifiedAt: string;
+    readonly knownIssues: readonly string[];
+    readonly recommendedBudgetFactor: number;
+}
+/** Normalized record of a runtime routing decision. */
+export interface RuntimeRouterDecision {
+    readonly decisionId: string;
+    readonly turnId: string;
+    readonly timestamp: string;
+    readonly intentCategory: string;
+    readonly selectedRuntimeId: string;
+    readonly candidatesConsidered: readonly string[];
+    readonly confidence: number;
+    readonly fallbackUsed: boolean;
+    readonly latencyMs: number;
+}
+/** Permission level derived from a proof bundle trust score. */
+export type ClaimPermissionLevel = "strong-public-claim" | "qualified-public-claim" | "internal-claim-only" | "no-claim";
+/** Authority class derived from provider maturity score and sub-scores. */
+export type ProviderAuthorityClass = "merge-authority" | "write-authority" | "review-authority" | "read-only-advisory" | "disabled";
+/** Kinds of adapter tests used in provider maturity assessment. */
+export type AdapterTestKind = "auth" | "read" | "write" | "shell" | "mcp" | "merge" | "evidence" | "fallback";
+/** Result of a single adapter test. */
+export interface AdapterTestResult {
+    readonly kind: AdapterTestKind;
+    readonly passed: boolean;
+    readonly score: number;
+    readonly details?: string;
+}
+/** Per-gate check result. */
+export interface GateCheck {
+    readonly gate: string;
+    readonly passed: boolean;
+    readonly message: string;
+    readonly evidenceIds: readonly string[];
+}
+/** Result of a full release gate evaluation. */
+export interface ReleaseGateResult {
+    readonly runId: string;
+    readonly timestamp: string;
+    readonly overallPass: boolean;
+    readonly checks: readonly GateCheck[];
+    readonly requiredGates: readonly string[];
+    readonly optionalGates: readonly string[];
+    readonly summary: string;
+}

package/dist/runtime/contracts/evidence.js

@@ -0,0 +1,7 @@
+/**
+ * Evidence contracts for OMK Weakness Remediation.
+ *
+ * Core interfaces that bridge reasoning traces, runtime decisions,
+ * provider maturity, and release gates into a verifiable evidence model.
+ */
+export {};

package/dist/runtime/contracts/router-v2.d.ts

@@ -0,0 +1,44 @@
+/**
+ * Router v2 contracts — Evidence-Calibrated Runtime Router (Algorithm 6)
+ */
+import type { AgentRuntime } from "../agent-runtime.js";
+export type NodeIntent = "research" | "planning" | "coding" | "debugging" | "refactor" | "review" | "test-generation" | "documentation" | "shell-operation";
+export interface EvidenceHistoryEntry {
+    readonly runtime: string;
+    readonly intent: string;
+    readonly passed: boolean;
+    readonly timestamp: string;
+    readonly nodeId: string;
+}
+export interface RuntimeScoreV2 {
+    readonly runtimeId: string;
+    readonly bayesianEvidenceScore: number;
+    readonly confidence: number;
+    readonly capabilityFit: number;
+    readonly maturityScore: number;
+    readonly latencyScore: number;
+    readonly costScore: number;
+    readonly recentFailurePenalty: number;
+    readonly blastRadiusPenalty: number;
+    readonly composite: number;
+}
+export interface RuntimeRouterDecisionV2 {
+    readonly runtime: AgentRuntime;
+    readonly reason: string;
+    readonly fallbacks: AgentRuntime[];
+    readonly intent: NodeIntent;
+    readonly scores: RuntimeScoreV2[];
+}
+export interface BlastRadiusParams {
+    readonly downstreamNodeCount: number;
+    readonly affectedFileCount: number;
+    readonly hasGlobalSideEffects: boolean;
+}
+export interface RouterV2Options {
+    readonly enableBlastRadius?: boolean;
+    readonly blastRadiusParams?: BlastRadiusParams;
+}
+export interface RouterV2ScoringEngine {
+    score(runtime: AgentRuntime, intent: NodeIntent, history: EvidenceHistoryEntry[]): RuntimeScoreV2;
+    select(candidates: AgentRuntime[], intent: NodeIntent, history: EvidenceHistoryEntry[]): RuntimeRouterDecisionV2;
+}

package/dist/runtime/contracts/router-v2.js

@@ -0,0 +1,4 @@
+/**
+ * Router v2 contracts — Evidence-Calibrated Runtime Router (Algorithm 6)
+ */
+export {};

package/dist/runtime/contracts/weakness-remediation.d.ts

@@ -0,0 +1,67 @@
+/**
+ * Weakness Remediation contracts — shared constants and Phase 5 types.
+ *
+ * - Phase 2 Proof Bundle Trust, Phase 3 Provider Maturity Gate,
+ *   and Phase 1 Public Surface Compression share thresholds here.
+ * - Phase 5 Release Promotion Gate types live here as well.
+ */
+/** Evidence trust threshold for standard claims. */
+export declare const TAU_EVIDENCE = 0.75;
+/** Evidence trust threshold for high-confidence claims. */
+export declare const TAU_EVIDENCE_HIGH = 0.85;
+/** Proof bundle trust threshold. */
+export declare const TAU_PROOF = 0.85;
+/** Stability/maturity threshold for fully-trusted surfaces. */
+export declare const TAU_STABLE = 0.9;
+/** Beta prior α₀ for Bayesian run-count scoring. */
+export declare const BETA_PRIOR_ALPHA0 = 1;
+/** Beta prior β₀ for Bayesian run-count scoring. */
+export declare const BETA_PRIOR_BETA0 = 1;
+/** Default public surface budget K (max items). */
+export declare const SURFACE_BUDGET_K = 8;
+/** Algorithm 8 release gate weights. */
+export declare const RELEASE_GATE_WEIGHTS: {
+    readonly ci: 0.15;
+    readonly build: 0.1;
+    readonly types: 0.1;
+    readonly tests: 0.1;
+    readonly install: 0.1;
+    readonly demo: 0.15;
+    readonly proof: 0.15;
+    readonly maturity: 0.1;
+    readonly docs: 0.1;
+    readonly regression: 0.15;
+};
+export type ReleaseVerdict = "block" | "pre-release" | "stable";
+export interface ReleasePromotionInputs {
+    readonly ci: number;
+    readonly docs: number;
+    readonly proofMedian: number;
+    readonly regressionSeverity: number;
+    readonly freshInstallSmoke: number;
+    /** Backward-compat: old callers may still pass schema. */
+    readonly schema?: number;
+    /** Backward-compat: old callers may still pass providerMinimum. */
+    readonly providerMinimum?: number;
+    /** Backward-compat: old callers may still pass semver. */
+    readonly semver?: number;
+    /** Algorithm 8 — build dimension (0–1). */
+    readonly build?: number;
+    /** Algorithm 8 — type-check dimension (0–1). */
+    readonly types?: number;
+    /** Algorithm 8 — test dimension (0–1). */
+    readonly tests?: number;
+    /** Algorithm 8 — maturity dimension (0–1). Falls back to providerMinimum. */
+    readonly maturity?: number;
+    /** Algorithm 8 — minimal verified demo run gate. Hard block when false/undefined. */
+    readonly demoRun?: boolean;
+}
+export interface ReleasePromotionResult {
+    readonly score: number;
+    readonly verdict: ReleaseVerdict;
+    readonly blocked: boolean;
+    readonly reasons: readonly string[];
+}
+export interface ReleasePromotionGate {
+    evaluate(inputs: ReleasePromotionInputs): ReleasePromotionResult;
+}

package/dist/runtime/contracts/weakness-remediation.js

@@ -0,0 +1,36 @@
+/**
+ * Weakness Remediation contracts — shared constants and Phase 5 types.
+ *
+ * - Phase 2 Proof Bundle Trust, Phase 3 Provider Maturity Gate,
+ *   and Phase 1 Public Surface Compression share thresholds here.
+ * - Phase 5 Release Promotion Gate types live here as well.
+ */
+// ── Shared constants (Phase 1–3) ────────────────────────────────
+/** Evidence trust threshold for standard claims. */
+export const TAU_EVIDENCE = 0.75;
+/** Evidence trust threshold for high-confidence claims. */
+export const TAU_EVIDENCE_HIGH = 0.85;
+/** Proof bundle trust threshold. */
+export const TAU_PROOF = 0.85;
+/** Stability/maturity threshold for fully-trusted surfaces. */
+export const TAU_STABLE = 0.90;
+/** Beta prior α₀ for Bayesian run-count scoring. */
+export const BETA_PRIOR_ALPHA0 = 1;
+/** Beta prior β₀ for Bayesian run-count scoring. */
+export const BETA_PRIOR_BETA0 = 1;
+/** Default public surface budget K (max items). */
+export const SURFACE_BUDGET_K = 8;
+// ── Phase 5 Release Promotion Gate ──────────────────────────────
+/** Algorithm 8 release gate weights. */
+export const RELEASE_GATE_WEIGHTS = {
+    ci: 0.15,
+    build: 0.10,
+    types: 0.10,
+    tests: 0.10,
+    install: 0.10,
+    demo: 0.15,
+    proof: 0.15,
+    maturity: 0.10,
+    docs: 0.10,
+    regression: 0.15,
+};

package/dist/runtime/kimi-api-runtime.js

@@ -4,9 +4,47 @@
  *
  * Calls https://api.moonshot.cn/v1/chat/completions directly.
  */
+import { readFileSync, existsSync } from "node:fs";
+import { resolve } from "node:path";
 import { capsuleToTask } from "./context-broker-converter.js";
 import { buildProviderToolPayload } from "./provider-tool-contracts.js";
 import { repairToolCalls } from "./tool-call-repair.js";
+/**
+ * Detect "Image file: <path>" patterns in the prompt text (inserted by /paste
+ * or Ctrl+V clipboard image) and load the referenced images as base64 data URIs
+ * for multimodal API calls.
+ */
+function extractInlineImageParts(prompt) {
+    const results = [];
+    // Match "Image file: .omk/screenshots/.../screenshot-xxx.png" lines
+    const pattern = /^Image file:\s+(.+\.(?:png|jpg|jpeg|webp|gif))\s*$/gim;
+    let match;
+    while ((match = pattern.exec(prompt)) !== null) {
+        const filePath = match[1].trim();
+        const absPath = resolve(filePath);
+        if (!existsSync(absPath))
+            continue;
+        try {
+            const buf = readFileSync(absPath);
+            if (buf.length === 0 || buf.length > 20 * 1024 * 1024)
+                continue;
+            // Detect mime type from magic bytes
+            let mimeType = "image/png";
+            if (buf[0] === 0xff && buf[1] === 0xd8)
+                mimeType = "image/jpeg";
+            else if (buf[0] === 0x52 && buf[1] === 0x49)
+                mimeType = "image/webp";
+            else if (buf[0] === 0x47 && buf[1] === 0x49)
+                mimeType = "image/gif";
+            const base64 = buf.toString("base64");
+            results.push({ dataUri: `data:${mimeType};base64,${base64}` });
+        }
+        catch {
+            // Skip unreadable files
+        }
+    }
+    return results;
+}
 function mapToolCalls(apiToolCalls, context) {
     const repaired = repairToolCalls({
         declaredCalls: (apiToolCalls ?? []).map((tc) => ({
@@ -155,7 +193,27 @@ export class KimiApiRuntime {
         if (task.context.system) {
             messages.push({ role: "system", content: task.context.system });
         }
-        messages.push({ role: "user", content: task.prompt });
+        // Build multimodal content when attachments are present or when
+        // the prompt contains "Image file: <path>" references (from /paste or
+        // Ctrl+V clipboard image). This makes clipboard-pasted images send as
+        // image_url content parts to OpenAI-compatible multimodal endpoints.
+        const attachments = task.attachments ?? [];
+        const inlineImages = extractInlineImageParts(task.prompt);
+        if (attachments.length > 0 || inlineImages.length > 0) {
+            const parts = [{ type: "text", text: task.prompt }];
+            for (const attachment of attachments) {
+                if (attachment.dataUri) {
+                    parts.push({ type: "image_url", image_url: { url: attachment.dataUri } });
+                }
+            }
+            for (const image of inlineImages) {
+                parts.push({ type: "image_url", image_url: { url: image.dataUri } });
+            }
+            messages.push({ role: "user", content: parts });
+        }
+        else {
+            messages.push({ role: "user", content: task.prompt });
+        }
         const providerTools = task.capabilities.toolCalling
             ? buildProviderToolPayload(task.tools.available)
             : buildProviderToolPayload([]);

package/dist/runtime/proof-bundle-trust.d.ts

@@ -0,0 +1,74 @@
+/**
+ * Proof Bundle Trust Score — Phase 2 of OMK Weakness Remediation.
+ *
+ * Evaluates a curated proof bundle across 8 dimensions and produces
+ * a trust score T_b, a permission level, and a pass/fail verdict
+ * against τ_proof.
+ */
+import type { ClaimPermissionLevel, EvidenceVerdict } from "./contracts/evidence.js";
+/** The 8 scored dimensions of a proof bundle. */
+export interface ProofBundleScores {
+    /** Schema conformance of evidence items [0, 1]. */
+    readonly schema: number;
+    /** Hash integrity / tamper evidence [0, 1]. */
+    readonly hashes: number;
+    /** Command trace coverage and correctness [0, 1]. */
+    readonly commands: number;
+    /** Stdout / stderr capture completeness [0, 1]. */
+    readonly stdout: number;
+    /** Decision record quality and count [0, 1]. */
+    readonly decisions: number;
+    /** Evidence item confidence and verdict strength [0, 1]. */
+    readonly evidence: number;
+    /** Acknowledged limitations documented [0, 1]. */
+    readonly limitations: number;
+    /** Replay reproducibility score [0, 1]. */
+    readonly replay: number;
+}
+/** Result of evaluating a proof bundle. */
+export interface TrustScoreResult {
+    /** Computed trust score T_b ∈ [0, 1]. */
+    readonly score: number;
+    /** Permission level derived from score thresholds. */
+    readonly permissionLevel: ClaimPermissionLevel;
+    /** Whether score meets τ_proof. */
+    readonly passed: boolean;
+    /** Individual dimension contributions. */
+    readonly breakdown: ProofBundleScores;
+}
+/** Engine that evaluates proof bundle trust. */
+export interface ProofBundleTrustEngine {
+    /**
+     * Evaluate a proof bundle from its 8 dimension scores.
+     *
+     * Formula:
+     *   T_b = 0.15·schema + 0.15·hashes + 0.15·commands + 0.10·stdout
+     *       + 0.15·decisions + 0.15·evidence + 0.05·limitations + 0.10·replay
+     */
+    evaluate(scores: ProofBundleScores): TrustScoreResult;
+    /** Derive dimension scores from a raw evidence verdict and coverage. */
+    deriveScores(verdict: EvidenceVerdict, coveragePercent: number, options?: DeriveScoresOptions): ProofBundleScores;
+}
+/** Options for automatic score derivation. */
+export interface DeriveScoresOptions {
+    /** Override schema conformance (default inferred from verdict). */
+    readonly schema?: number;
+    /** Override hash integrity (default 1.0). */
+    readonly hashes?: number;
+    /** Override command trace score (default inferred from coverage). */
+    readonly commands?: number;
+    /** Override stdout completeness (default inferred from coverage). */
+    readonly stdout?: number;
+    /** Override decision record score (default inferred from verdict). */
+    readonly decisions?: number;
+    /** Override evidence strength (default inferred from verdict). */
+    readonly evidence?: number;
+    /** Override limitations documentation (default 0.5). */
+    readonly limitations?: number;
+    /** Override replay score (default inferred from verdict). */
+    readonly replay?: number;
+}
+/**
+ * Create a ProofBundleTrustEngine with default weights and thresholds.
+ */
+export declare function createProofBundleTrustEngine(): ProofBundleTrustEngine;

package/dist/runtime/proof-bundle-trust.js

@@ -0,0 +1,100 @@
+/**
+ * Proof Bundle Trust Score — Phase 2 of OMK Weakness Remediation.
+ *
+ * Evaluates a curated proof bundle across 8 dimensions and produces
+ * a trust score T_b, a permission level, and a pass/fail verdict
+ * against τ_proof.
+ */
+import { TAU_PROOF } from "./contracts/weakness-remediation.js";
+// ── Constants ───────────────────────────────────────────────────
+const WEIGHT_SCHEMA = 0.15;
+const WEIGHT_HASHES = 0.15;
+const WEIGHT_COMMANDS = 0.15;
+const WEIGHT_STDOUT = 0.10;
+const WEIGHT_DECISIONS = 0.15;
+const WEIGHT_EVIDENCE = 0.15;
+const WEIGHT_LIMITATIONS = 0.05;
+const WEIGHT_REPLAY = 0.10;
+const STRONG_PUBLIC_THRESHOLD = 0.90;
+const QUALIFIED_PUBLIC_THRESHOLD = 0.75;
+const INTERNAL_CLAIM_THRESHOLD = 0.60;
+// ── Helpers ─────────────────────────────────────────────────────
+function clamp01(n) {
+    return Math.max(0, Math.min(1, n));
+}
+function permissionLevelFromScore(score) {
+    if (score >= STRONG_PUBLIC_THRESHOLD) {
+        return "strong-public-claim";
+    }
+    if (score >= QUALIFIED_PUBLIC_THRESHOLD) {
+        return "qualified-public-claim";
+    }
+    if (score >= INTERNAL_CLAIM_THRESHOLD) {
+        return "internal-claim-only";
+    }
+    return "no-claim";
+}
+function verdictToBaseScore(verdict) {
+    switch (verdict) {
+        case "pass":
+            return 1.0;
+        case "partial":
+            return 0.65;
+        case "pending":
+            return 0.35;
+        case "fail":
+            return 0.0;
+        default:
+            return 0.0;
+    }
+}
+// ── Engine Factory ──────────────────────────────────────────────
+/**
+ * Create a ProofBundleTrustEngine with default weights and thresholds.
+ */
+export function createProofBundleTrustEngine() {
+    return {
+        evaluate(scores) {
+            const clamped = {
+                schema: clamp01(scores.schema),
+                hashes: clamp01(scores.hashes),
+                commands: clamp01(scores.commands),
+                stdout: clamp01(scores.stdout),
+                decisions: clamp01(scores.decisions),
+                evidence: clamp01(scores.evidence),
+                limitations: clamp01(scores.limitations),
+                replay: clamp01(scores.replay),
+            };
+            const score = WEIGHT_SCHEMA * clamped.schema +
+                WEIGHT_HASHES * clamped.hashes +
+                WEIGHT_COMMANDS * clamped.commands +
+                WEIGHT_STDOUT * clamped.stdout +
+                WEIGHT_DECISIONS * clamped.decisions +
+                WEIGHT_EVIDENCE * clamped.evidence +
+                WEIGHT_LIMITATIONS * clamped.limitations +
+                WEIGHT_REPLAY * clamped.replay;
+            const finalScore = clamp01(score);
+            const permissionLevel = permissionLevelFromScore(finalScore);
+            return Object.freeze({
+                score: finalScore,
+                permissionLevel,
+                passed: finalScore >= TAU_PROOF,
+                breakdown: clamped,
+            });
+        },
+        deriveScores(verdict, coveragePercent, options = {}) {
+            const base = verdictToBaseScore(verdict);
+            const cov = clamp01(coveragePercent / 100);
+            return Object.freeze({
+                schema: clamp01(options.schema ?? base),
+                hashes: clamp01(options.hashes ?? 1.0),
+                commands: clamp01(options.commands ?? cov),
+                stdout: clamp01(options.stdout ?? cov),
+                decisions: clamp01(options.decisions ?? base),
+                evidence: clamp01(options.evidence ?? base),
+                limitations: clamp01(options.limitations ?? 0.5),
+                replay: clamp01(options.replay ?? base),
+            });
+        },
+    };
+}

package/dist/runtime/provider-maturity-gate.d.ts

@@ -0,0 +1,41 @@
+/**
+ * Provider Maturity Gate — Phase 3 of OMK Weakness Remediation.
+ *
+ * Evaluates a provider/runtime across 8 adapter test dimensions and
+ * produces a maturity score M_p, an authority class, and a pass/fail
+ * verdict.
+ */
+import type { AdapterTestKind, AdapterTestResult, ProviderAuthorityClass } from "./contracts/evidence.js";
+/** Maturity evaluation result for a single provider. */
+export interface MaturityResult {
+    /** Computed maturity score M_p ∈ [0, 1]. */
+    readonly score: number;
+    /** Authority class derived from score and sub-score constraints. */
+    readonly authorityClass: ProviderAuthorityClass;
+    /** Whether the provider meets minimum viability. */
+    readonly passed: boolean;
+    /** Sub-scores keyed by adapter test kind. */
+    readonly subScores: Readonly<Record<AdapterTestKind, number>>;
+}
+/** Engine that evaluates provider maturity. */
+export interface ProviderMaturityGate {
+    /**
+     * Evaluate provider maturity from adapter test results.
+     *
+     * Formula:
+     *   M_p = 0.10·s_auth + 0.10·s_read + 0.15·s_write + 0.10·s_shell
+     *       + 0.15·s_mcp + 0.15·s_merge + 0.15·s_evidence + 0.10·s_fallback
+     */
+    evaluate(results: readonly AdapterTestResult[]): MaturityResult;
+    /** Look up a single sub-score by test kind (defaults to 0). */
+    getSubScore(results: readonly AdapterTestResult[], kind: AdapterTestKind): number;
+}
+/**
+ * Create a ProviderMaturityGate with default weights and thresholds.
+ */
+export interface ProviderMaturityTable {
+    lookup(providerId: string): MaturityResult | undefined;
+    register(providerId: string, result: MaturityResult): void;
+}
+export declare function createProviderMaturityTable(): ProviderMaturityTable;
+export declare function createProviderMaturityGate(): ProviderMaturityGate;

package/dist/runtime/provider-maturity-gate.js

@@ -0,0 +1,101 @@
+/**
+ * Provider Maturity Gate — Phase 3 of OMK Weakness Remediation.
+ *
+ * Evaluates a provider/runtime across 8 adapter test dimensions and
+ * produces a maturity score M_p, an authority class, and a pass/fail
+ * verdict.
+ */
+// ── Constants ───────────────────────────────────────────────────
+const WEIGHT_AUTH = 0.10;
+const WEIGHT_READ = 0.10;
+const WEIGHT_WRITE = 0.15;
+const WEIGHT_SHELL = 0.10;
+const WEIGHT_MCP = 0.15;
+const WEIGHT_MERGE = 0.15;
+const WEIGHT_EVIDENCE = 0.15;
+const WEIGHT_FALLBACK = 0.10;
+const MERGE_AUTHORITY_THRESHOLD = 0.90;
+const MERGE_SUBSCORE_THRESHOLD = 0.90;
+const EVIDENCE_SUBSCORE_THRESHOLD_FOR_MERGE = 0.85;
+const WRITE_AUTHORITY_THRESHOLD = 0.80;
+const WRITE_SUBSCORE_THRESHOLD = 0.85;
+const REVIEW_AUTHORITY_THRESHOLD = 0.70;
+const READ_SUBSCORE_THRESHOLD = 0.90;
+const READ_ONLY_ADVISORY_THRESHOLD = 0.55;
+// ── Helpers ─────────────────────────────────────────────────────
+function clamp01(n) {
+    return Math.max(0, Math.min(1, n));
+}
+function computeAuthorityClass(score, subScores) {
+    if (score >= MERGE_AUTHORITY_THRESHOLD &&
+        subScores.merge >= MERGE_SUBSCORE_THRESHOLD &&
+        subScores.evidence >= EVIDENCE_SUBSCORE_THRESHOLD_FOR_MERGE) {
+        return "merge-authority";
+    }
+    if (score >= WRITE_AUTHORITY_THRESHOLD &&
+        subScores.write >= WRITE_SUBSCORE_THRESHOLD) {
+        return "write-authority";
+    }
+    if (score >= REVIEW_AUTHORITY_THRESHOLD &&
+        subScores.read >= READ_SUBSCORE_THRESHOLD) {
+        return "review-authority";
+    }
+    if (score >= READ_ONLY_ADVISORY_THRESHOLD) {
+        return "read-only-advisory";
+    }
+    return "disabled";
+}
+function buildSubScoreMap(results) {
+    const map = {
+        auth: 0,
+        read: 0,
+        write: 0,
+        shell: 0,
+        mcp: 0,
+        merge: 0,
+        evidence: 0,
+        fallback: 0,
+    };
+    for (const r of results) {
+        map[r.kind] = clamp01(r.score);
+    }
+    return map;
+}
+export function createProviderMaturityTable() {
+    const table = new Map();
+    return {
+        lookup(providerId) {
+            return table.get(providerId);
+        },
+        register(providerId, result) {
+            table.set(providerId, result);
+        },
+    };
+}
+export function createProviderMaturityGate() {
+    return {
+        evaluate(results) {
+            const subScores = Object.freeze(buildSubScoreMap(results));
+            const score = WEIGHT_AUTH * subScores.auth +
+                WEIGHT_READ * subScores.read +
+                WEIGHT_WRITE * subScores.write +
+                WEIGHT_SHELL * subScores.shell +
+                WEIGHT_MCP * subScores.mcp +
+                WEIGHT_MERGE * subScores.merge +
+                WEIGHT_EVIDENCE * subScores.evidence +
+                WEIGHT_FALLBACK * subScores.fallback;
+            const finalScore = clamp01(score);
+            const authorityClass = computeAuthorityClass(finalScore, subScores);
+            return Object.freeze({
+                score: finalScore,
+                authorityClass,
+                passed: authorityClass !== "disabled",
+                subScores,
+            });
+        },
+        getSubScore(results, kind) {
+            const found = results.find((r) => r.kind === kind);
+            return found ? clamp01(found.score) : 0;
+        },
+    };
+}