openclaw-core 1.0.0

package/LICENSE

@@ -0,0 +1,15 @@
+ISC License (ISC)
+
+Copyright (c) 2026, James
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

package/README.md

@@ -0,0 +1,122 @@
+# @lobster/openclaw-core
+
+> Open-source AI Agent OS primitive layer — P2P federation, sovereign protocols, and plugin-ready base store.
+> **Apache 2.0 Licensed. Built on the Lobster Civilization architecture.**
+
+[![Status: Preview](https://img.shields.io/badge/status-Preview-blue)](https://github.com/lobster-civilization/openclaw)
+
+---
+
+## 什么是 OpenClaw Core？
+
+`@lobster/openclaw-core` 是龙虾文明（Lobster Civilization）Agent OS 的**开源物理底座**。它提供：
+
+- 🌐 **真实 P2P 通信骨干**：Ed25519 签名验证，WebSocket 物理传输，没有任何日志模拟
+- 📜 **SAML 主权协议**：Agent-to-Agent 语义消息语言，内置防重放攻击
+- 🧠 **Vector DB 记忆引擎**：事件溯源（Event Sourcing）只写架构，强制向量持久化
+- 🔌 **插件热插拔架构**：`store.usePlugin()` 一行激活任意商业引擎
+- 📡 **SignalManager**：HMAC/Ed25519 双模签名，支持 E2EE 加密信道和群组通信
+
+> ⚡ **600% Real 原则**：本包所有代码均运行在物理与密码学意义上的"真实"之上。网络不通就是不通，签名不对包就丢。
+
+---
+
+## 快速开始
+
+```bash
+npm install @lobster/openclaw-core
+# or
+pnpm add @lobster/openclaw-core
+```
+
+### 最小化 Agent 节点
+
+```typescript
+import { BaseStateStore, SignalManager } from '@lobster/openclaw-core';
+
+const store = new BaseStateStore();
+await store.updateIdentity({ did: 'did:lobster:my-agent', name: 'MyAgent' });
+
+// 连接数据库（SurrealDB）
+const db = await Surreal.connect('ws://localhost:8000');
+await store.setDB(db);
+
+// 发送经过签名的信号
+await store.signalManager.sendTo('did:lobster:peer', 'HELLO', { greeting: 'World' });
+```
+
+### 安装商业插件（可选）
+
+```typescript
+// 开源版默认是"裸奔"模式（Null 实现）
+// 安装 @lobster/openclaw-enterprise 后：
+import { activateEnterprisePlugins } from '@lobster/openclaw-enterprise';
+await activateEnterprisePlugins(store);
+// → 激活 DLP / 经济结算 / 保险库 / 进化矩阵
+```
+
+---
+
+## 模块结构
+
+```
+src/
+├── store/BaseStore.ts          # 骨架状态机（含 usePlugin 热插拔）
+├── resonance/SignalManager.ts  # 加密信号路由（Ed25519 + E2EE）
+├── brain/MemoryManager.ts      # Vector DB 记忆引擎（Event Sourcing）
+├── interfaces/index.ts         # 插件契约 + Null 裸奔实现
+└── common/protocols/SAML.ts    # SAML 主权通信协议
+```
+
+---
+
+## 插件槽位（Plugin Slots）
+
+商业引擎通过接口契约热插拔，不影响开源骨架：
+
+| 插件槽 | 接口 | 开源裸奔 | 商业实现 |
+|---|---|---|---|
+| `dlp` | `IDLPManager` | `NullDLPManager` | `EnterpriseDLPPlugin` |
+| `ledger` | `ILedgerPlugin` | `NullLedgerPlugin` | `EnterpriseLedgerPlugin` |
+| `vault` | `IVaultPlugin` | `NullVaultPlugin` | `EnterpriseVaultPlugin` |
+| `evolution` | `IEvolutionPlugin` | `NullEvolutionPlugin` | `EnterpriseEvolutionPlugin` |
+
+```typescript
+// 自定义插件接入示例
+import type { IDLPManager } from '@lobster/openclaw-core';
+
+class MyDLPImpl implements IDLPManager {
+    async check(content: string) { /* your logic */ }
+    // ...
+}
+
+store.usePlugin('dlp', new MyDLPImpl());
+```
+
+---
+
+## 技术规格
+
+- **协议**：SAML/1.0 (Sovereign Agent Message Language)
+- **签名**：Ed25519 / HMAC-SHA256 Durable Mode
+- **加密**：AES-256-GCM (E2EE)
+- **存储**：SurrealDB 3.0（HNSW 向量索引 + Event Sourcing）
+- **传输**：WebSocket / WebRTC Data Channel
+
+---
+
+## 商业套件
+
+需要完整能力（DLP / 经济结算 / 硬件级保险库 / 群智进化）？
+
+```bash
+claws plugin install @lobster/shield-pro
+claws plugin install @lobster/economy-engine
+claws plugin install @lobster/evolution-matrix
+```
+
+---
+
+## License
+
+Apache 2.0 — See [LICENSE](../../LICENSE)

package/dist/brain/MemoryManager.d.ts

@@ -0,0 +1,25 @@
+export interface MemoryFragment {
+    id?: string;
+    agent_id: string;
+    content: string;
+    embedding?: number[];
+    importance: number;
+    tags: string[];
+    type: 'TRANSACTION' | 'PATTERN' | 'RELATION' | 'SKILL';
+    linked_ids: string[];
+    created_at?: string;
+}
+export interface MemoryQuery {
+    agent_id: string;
+    query?: string;
+    tags?: string[];
+    type?: string;
+    limit?: number;
+    minImportance?: number;
+}
+export declare class MemoryManager {
+    db: any;
+    sedimentate(db: any, fragment: MemoryFragment): Promise<void>;
+    retrieve(db: any, query: MemoryQuery): Promise<MemoryFragment[]>;
+    initSchema(db: any): Promise<void>;
+}

package/dist/brain/MemoryManager.js

@@ -0,0 +1,53 @@
+export class MemoryManager {
+    db = null;
+    async sedimentate(db, fragment) {
+        const store = db || this.db;
+        if (!store) {
+            console.warn("[MemoryManager] ⚠️  No DB connected. Memory fragment DROPPED. Connect SurrealDB to enable persistence.");
+            return;
+        }
+        await store.query(`INSERT INTO memory_fragments {
+                agent_id: $agent_id,
+                content: $content,
+                importance: $importance,
+                tags: $tags,
+                type: $type,
+                linked_ids: $linked_ids,
+                created_at: time::now()
+            }`, { ...fragment }).catch((e) => console.error("[MemoryManager] DB write failed:", e));
+    }
+    async retrieve(db, query) {
+        const store = db || this.db;
+        if (!store)
+            return [];
+        const { agent_id, tags, type, limit = 20, minImportance = 0 } = query;
+        let sql = `SELECT * FROM memory_fragments WHERE agent_id = $agent_id AND importance >= $minImportance`;
+        const params = { agent_id, minImportance, limit };
+        if (tags?.length) {
+            sql += ` AND tags CONTAINSANY $tags`;
+            params.tags = tags;
+        }
+        if (type) {
+            sql += ` AND type = $type`;
+            params.type = type;
+        }
+        sql += ` ORDER BY importance DESC LIMIT $limit`;
+        const result = await store.query(sql, params).catch(() => []);
+        return result[0]?.result || result[0] || [];
+    }
+    async initSchema(db) {
+        if (!db)
+            return;
+        const queries = [
+            `DEFINE TABLE memory_fragments SCHEMALESS
+             PERMISSIONS FOR select FULL, FOR create FULL, FOR update, delete NONE;`,
+            `DEFINE INDEX memory_vector_idx ON memory_fragments 
+             FIELDS embedding MTREE DIMENSION 1536 DIST EUCLIDEAN;`,
+            `DEFINE INDEX memory_importance ON memory_fragments FIELDS importance;`,
+            `DEFINE INDEX memory_agent_tag ON memory_fragments FIELDS agent_id, tags;`,
+        ];
+        for (const q of queries) {
+            await db.query(q).catch(() => { });
+        }
+    }
+}

package/dist/common/lib/BoundaryChecker.d.ts

@@ -0,0 +1,18 @@
+interface BoundaryViolation {
+    file: string;
+    line: number;
+    importPath: string;
+    fromDomain: string;
+    toDomain: string;
+    severity: 'ERROR' | 'WARNING';
+}
+export declare class BoundaryChecker {
+    private violations;
+    private srcRoot;
+    constructor(srcRoot: string);
+    scan(): BoundaryViolation[];
+    private walkDir;
+    private checkFile;
+    static formatReport(violations: BoundaryViolation[]): string;
+}
+export {};

package/dist/common/lib/BoundaryChecker.js

@@ -0,0 +1,87 @@
+import fs from 'node:fs';
+import path from 'node:path';
+const ISOLATION_MATRIX = {
+    'shield': ['finance', 'resonance', 'brain', 'economy', 'social'],
+    'finance': ['shield', 'resonance', 'brain', 'social'],
+    'resonance': ['shield', 'finance', 'social'],
+    'brain': ['shield', 'finance', 'social'],
+    'economy': ['shield', 'resonance', 'brain', 'social'],
+    'social': ['shield', 'brain'],
+};
+const EXEMPT_DIRS = ['api', 'tests', 'common', 'services', 'skills', 'cli'];
+export class BoundaryChecker {
+    violations = [];
+    srcRoot;
+    constructor(srcRoot) {
+        this.srcRoot = srcRoot;
+    }
+    scan() {
+        this.violations = [];
+        this.walkDir(this.srcRoot);
+        return this.violations;
+    }
+    walkDir(dir) {
+        const entries = fs.readdirSync(dir, { withFileTypes: true });
+        for (const entry of entries) {
+            const fullPath = path.join(dir, entry.name);
+            if (entry.isDirectory()) {
+                if (entry.name === 'node_modules')
+                    continue;
+                this.walkDir(fullPath);
+            }
+            else if (entry.name.endsWith('.ts') && !entry.name.endsWith('.d.ts')) {
+                this.checkFile(fullPath);
+            }
+        }
+    }
+    checkFile(filePath) {
+        const relativePath = path.relative(this.srcRoot, filePath).replace(/\\/g, '/');
+        const fromDomain = relativePath.split('/')[0];
+        if (EXEMPT_DIRS.includes(fromDomain))
+            return;
+        if (!ISOLATION_MATRIX[fromDomain])
+            return;
+        const content = fs.readFileSync(filePath, 'utf8');
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            const importMatch = line.match(/(?:import|export)\s+.*from\s+['"](\.\.\/?([^'"\/]+))/);
+            if (importMatch) {
+                const toDomain = importMatch[2];
+                const forbidden = ISOLATION_MATRIX[fromDomain];
+                if (forbidden && forbidden.includes(toDomain)) {
+                    this.violations.push({
+                        file: relativePath,
+                        line: i + 1,
+                        importPath: importMatch[1],
+                        fromDomain,
+                        toDomain,
+                        severity: 'ERROR',
+                    });
+                }
+            }
+        }
+    }
+    static formatReport(violations) {
+        if (violations.length === 0) {
+            return '✅ [BoundaryAST] 编译级黑洞断崖检查通过：零隔离违规。';
+        }
+        let report = `🚨 [BoundaryAST] 发现 ${violations.length} 处跨域隔离违规：\n\n`;
+        const grouped = {};
+        for (const v of violations) {
+            const key = `${v.fromDomain} → ${v.toDomain}`;
+            if (!grouped[key])
+                grouped[key] = [];
+            grouped[key].push(v);
+        }
+        for (const [pair, items] of Object.entries(grouped)) {
+            report += `  ⛔ ${pair} (${items.length} 处):\n`;
+            for (const item of items) {
+                report += `    ${item.file}:${item.line} → ${item.importPath}\n`;
+            }
+            report += '\n';
+        }
+        report += `💡 修复方案：将跨域类型移至 common/types/，将跨域调用改为通过 FederatedProxy 或 common/interfaces/ 中的抽象接口。\n`;
+        return report;
+    }
+}

package/dist/common/lib/EmbeddingService.d.ts

@@ -0,0 +1,25 @@
+export interface IEmbeddingProvider {
+    generate(text: string): Promise<number[]>;
+}
+export declare class DevEmbeddingProvider implements IEmbeddingProvider {
+    private dimensions;
+    constructor(dimensions?: number);
+    generate(text: string): Promise<number[]>;
+}
+export declare class OpenAIEmbeddingProvider implements IEmbeddingProvider {
+    private apiKey;
+    private model;
+    constructor(apiKey: string, model?: string);
+    generate(text: string): Promise<number[]>;
+}
+export declare class OllamaEmbeddingProvider implements IEmbeddingProvider {
+    private endpoint;
+    private model;
+    constructor(endpoint?: string, model?: string);
+    generate(text: string): Promise<number[]>;
+}
+export declare class EmbeddingService {
+    private provider;
+    constructor(provider?: IEmbeddingProvider);
+    getVector(text: string): Promise<number[]>;
+}

package/dist/common/lib/EmbeddingService.js

@@ -0,0 +1,77 @@
+export class DevEmbeddingProvider {
+    dimensions;
+    constructor(dimensions = 128) {
+        this.dimensions = dimensions;
+    }
+    async generate(text) {
+        const vector = new Array(this.dimensions).fill(0);
+        const seed = text.split('').reduce((acc, char) => acc + char.charCodeAt(0), 0);
+        for (let i = 0; i < this.dimensions; i++) {
+            vector[i] = Math.sin(seed + i) * Math.cos((seed * 0.5) + i);
+        }
+        return vector;
+    }
+}
+export class OpenAIEmbeddingProvider {
+    apiKey;
+    model;
+    constructor(apiKey, model = "text-embedding-3-small") {
+        this.apiKey = apiKey;
+        this.model = model;
+    }
+    async generate(text) {
+        const response = await fetch("https://api.openai.com/v1/embeddings", {
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json",
+                "Authorization": `Bearer ${this.apiKey}`
+            },
+            body: JSON.stringify({ input: text, model: this.model })
+        });
+        if (!response.ok)
+            throw new Error(`OpenAI_Embedding_Error: ${response.status}`);
+        const json = await response.json();
+        return json.data[0].embedding;
+    }
+}
+export class OllamaEmbeddingProvider {
+    endpoint;
+    model;
+    constructor(endpoint = "http://localhost:11434", model = "mxbai-embed-large") {
+        this.endpoint = endpoint;
+        this.model = model;
+    }
+    async generate(text) {
+        const response = await fetch(`${this.endpoint}/api/embeddings`, {
+            method: "POST",
+            body: JSON.stringify({ model: this.model, prompt: text })
+        });
+        if (!response.ok)
+            throw new Error(`Ollama_Embedding_Error: ${response.status}`);
+        const json = await response.json();
+        return json.embedding;
+    }
+}
+export class EmbeddingService {
+    provider;
+    constructor(provider) {
+        if (provider) {
+            this.provider = provider;
+        }
+        else {
+            const type = process.env.EMBEDDING_PROVIDER || "dev";
+            if (type === "openai" && process.env.OPENAI_API_KEY) {
+                this.provider = new OpenAIEmbeddingProvider(process.env.OPENAI_API_KEY);
+            }
+            else if (type === "ollama") {
+                this.provider = new OllamaEmbeddingProvider(process.env.OLLAMA_ENDPOINT);
+            }
+            else {
+                this.provider = new DevEmbeddingProvider(1536);
+            }
+        }
+    }
+    async getVector(text) {
+        return this.provider.generate(text);
+    }
+}

package/dist/common/lib/VectorStore.d.ts

@@ -0,0 +1,16 @@
+export interface VectorEntry {
+    id: string;
+    vector: number[];
+    metadata: any;
+}
+export declare class VectorStore {
+    private entries;
+    constructor();
+    upsert(id: string, vector: number[], metadata?: any): void;
+    private cosineSimilarity;
+    search(queryVector: number[], k?: number): Array<{
+        entry: VectorEntry;
+        score: number;
+    }>;
+    clear(): void;
+}

package/dist/common/lib/VectorStore.js

@@ -0,0 +1,42 @@
+export class VectorStore {
+    entries = [];
+    constructor() { }
+    upsert(id, vector, metadata = {}) {
+        const index = this.entries.findIndex(e => e.id === id);
+        if (index !== -1) {
+            this.entries[index] = { id, vector, metadata };
+        }
+        else {
+            this.entries.push({ id, vector, metadata });
+        }
+    }
+    cosineSimilarity(v1, v2) {
+        if (v1.length !== v2.length)
+            return 0;
+        let dotProduct = 0;
+        let norm1 = 0;
+        let norm2 = 0;
+        for (let i = 0; i < v1.length; i++) {
+            dotProduct += v1[i] * v2[i];
+            norm1 += v1[i] * v1[i];
+            norm2 += v2[i] * v2[i];
+        }
+        if (norm1 === 0 || norm2 === 0)
+            return 0;
+        return dotProduct / (Math.sqrt(norm1) * Math.sqrt(norm2));
+    }
+    search(queryVector, k = 5) {
+        if (this.entries.length === 0)
+            return [];
+        const results = this.entries.map(entry => ({
+            entry,
+            score: this.cosineSimilarity(queryVector, entry.vector)
+        }));
+        return results
+            .sort((a, b) => b.score - a.score)
+            .slice(0, k);
+    }
+    clear() {
+        this.entries = [];
+    }
+}

package/dist/common/protocols/SAML.d.ts

@@ -0,0 +1,32 @@
+export interface SAMLVector {
+    intent: SAMLIntent;
+    budget_ceiling: number;
+    deadline_ts: number;
+    slash_ratio: number;
+}
+export declare enum SAMLIntent {
+    BUY = "BUY",
+    SELL = "SELL",
+    RENT = "RENT",
+    QUERY = "QUERY",
+    ADVERTISE = "ADVERTISE",
+    ESCROW = "ESCROW",
+    ARBITRATE = "ARBITRATE"
+}
+export interface SAMLEnvelope {
+    version: string;
+    sender_did: string;
+    recipient_did: string;
+    vector: SAMLVector;
+    payload: Record<string, unknown>;
+    signature: string;
+    nonce: string;
+    timestamp: number;
+}
+export interface SAMLDatabase {
+    query(sql: string, vars?: Record<string, unknown>): Promise<unknown[]>;
+}
+export declare function signSAML(envelope: Omit<SAMLEnvelope, "signature">): string;
+export declare function verifySAML(envelope: SAMLEnvelope, db?: SAMLDatabase): Promise<boolean>;
+export declare function parseSAML(raw: Record<string, unknown>, db?: SAMLDatabase): Promise<SAMLEnvelope>;
+export declare function buildSAMLEnvelope(senderDid: string, recipientDid: string, intent: SAMLIntent, budgetCeiling: number, deadlineTs: number, slashRatio: number, payload?: Record<string, unknown>): SAMLEnvelope;

package/dist/common/protocols/SAML.js

@@ -0,0 +1,107 @@
+import crypto from "node:crypto";
+export var SAMLIntent;
+(function (SAMLIntent) {
+    SAMLIntent["BUY"] = "BUY";
+    SAMLIntent["SELL"] = "SELL";
+    SAMLIntent["RENT"] = "RENT";
+    SAMLIntent["QUERY"] = "QUERY";
+    SAMLIntent["ADVERTISE"] = "ADVERTISE";
+    SAMLIntent["ESCROW"] = "ESCROW";
+    SAMLIntent["ARBITRATE"] = "ARBITRATE";
+})(SAMLIntent || (SAMLIntent = {}));
+const SAML_SECRET = process.env.SAML_HMAC_SECRET;
+export function signSAML(envelope) {
+    if (!SAML_SECRET) {
+        throw new Error("CRITICAL_SECURITY_ERROR: SAML_HMAC_SECRET is not defined in environment.");
+    }
+    const canonical = JSON.stringify({
+        v: envelope.version,
+        s: envelope.sender_did,
+        r: envelope.recipient_did,
+        vec: envelope.vector,
+        n: envelope.nonce,
+        t: envelope.timestamp,
+    });
+    return crypto.createHmac("sha256", SAML_SECRET).update(canonical).digest("hex");
+}
+export async function verifySAML(envelope, db) {
+    const expected = signSAML(envelope);
+    const signatureOk = crypto.timingSafeEqual(Buffer.from(expected, "hex"), Buffer.from(envelope.signature, "hex"));
+    if (!signatureOk)
+        return false;
+    if (db) {
+        const nonceKey = `nonce_registry:${envelope.sender_did}:${envelope.nonce}`;
+        try {
+            await db.query(`INSERT INTO nonce_registry { 
+                id: $id, 
+                created_at: time::now(),
+                expires_at: time::now() + 24h
+            }`, { id: nonceKey });
+        }
+        catch (e) {
+            const errMessage = e instanceof Error ? e.message : String(e);
+            const isReplay = /already exists|conflict|409|Duplicate/i.test(errMessage);
+            if (isReplay) {
+                console.error(`🚨 [SAML] Replay detected for DID ${envelope.sender_did} with nonce ${envelope.nonce}`);
+                return false;
+            }
+            console.error("❌ [SAML] Security critical failure: Nonce registry inaccessible.", errMessage);
+            throw new Error(`SECURITY_INFRASTRUCTURE_FAILURE: Nonce registry check failed. ${errMessage}`);
+        }
+    }
+    return true;
+}
+export async function parseSAML(raw, db) {
+    const version = String(raw.saml_version || raw.version || "");
+    if (!version || !version.startsWith("SAML/1")) {
+        throw new Error("SAML_PARSE_ERROR: Unsupported or missing SAML version header.");
+    }
+    const vec = (raw.vector || raw.v);
+    if (!vec || typeof vec.intent !== "string") {
+        throw new Error("SAML_PARSE_ERROR: Missing or invalid intent vector. All A2A requests must declare intent.");
+    }
+    const intentKey = vec.intent;
+    const intent = SAMLIntent[intentKey];
+    if (!intent) {
+        throw new Error(`SAML_PARSE_ERROR: Unknown intent '${vec.intent}'. Valid: ${Object.keys(SAMLIntent).join(", ")}`);
+    }
+    const vector = {
+        intent,
+        budget_ceiling: Number(vec.budget_ceiling ?? vec.budget ?? 0),
+        deadline_ts: Number(vec.deadline_ts ?? vec.deadline ?? Date.now() + 86400000),
+        slash_ratio: Math.min(1, Math.max(0, Number(vec.slash_ratio ?? vec.slash ?? 0.5))),
+    };
+    const envelope = {
+        version,
+        sender_did: String(raw.sender_did || raw.from || "UNKNOWN"),
+        recipient_did: String(raw.recipient_did || raw.to || "BROADCAST"),
+        vector,
+        payload: raw.payload || {},
+        signature: String(raw.signature || ""),
+        nonce: String(raw.nonce || crypto.randomBytes(8).toString("hex")),
+        timestamp: Number(raw.timestamp || Date.now()),
+    };
+    if (!envelope.signature) {
+        throw new Error("SAML_AUTH_FAILED: Missing mandatory signature. Insecure A2A communication is blocked.");
+    }
+    const isVerified = await verifySAML(envelope, db);
+    if (!isVerified) {
+        throw new Error("SAML_AUTH_FAILED: Signature mismatch or replay attack.");
+    }
+    return envelope;
+}
+export function buildSAMLEnvelope(senderDid, recipientDid, intent, budgetCeiling, deadlineTs, slashRatio, payload = {}) {
+    const nonce = crypto.randomBytes(8).toString("hex");
+    const timestamp = Date.now();
+    const partial = {
+        version: "SAML/1.0",
+        sender_did: senderDid,
+        recipient_did: recipientDid,
+        vector: { intent, budget_ceiling: budgetCeiling, deadline_ts: deadlineTs, slash_ratio: slashRatio },
+        payload,
+        nonce,
+        timestamp,
+    };
+    const signature = signSAML(partial);
+    return { ...partial, signature };
+}

package/dist/harness/AgentEvaluator.d.ts

@@ -0,0 +1,18 @@
+import { AgenticHarness } from "./AgenticHarness.js";
+export interface CodeAuditRequest {
+    specHash: string;
+    generatedCode: string;
+    harness?: AgenticHarness;
+    tools?: Record<string, unknown>;
+    testResults?: {
+        pass: boolean;
+        coverage: number;
+    };
+}
+export declare class ByzantineFaultError extends Error {
+    constructor(message: string);
+}
+export declare class AgentEvaluator {
+    constructor();
+    audit(request: CodeAuditRequest, enforceBoundary?: boolean): Promise<boolean>;
+}