npm - osuite - Versions diffs - 2.9.0 → 2.9.1 - Mend

osuite 2.9.0 → 2.9.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/README.md +122 -62
package/cli.js +367 -79
package/index.cjs +29 -139
package/legacy/index-v1.cjs +2 -90
package/legacy/osuite-v1-runtime.js +7 -0
package/legacy/osuite-v1.js +1 -1
package/osuite.js +505 -10
package/package.json +3 -9
package/reviewSurface.js +131 -0
package/LICENSE +0 -21
package/dashclaw.js +0 -988
package/legacy/dashclaw-v1.js +0 -2888

package/dashclaw.js DELETED Viewed

@@ -1,988 +0,0 @@
-/**
- * DashClaw SDK v2 (Stable Runtime API)
- * Focused governance runtime client for AI agents.
- */
-class ApprovalDeniedError extends Error {
-  constructor(message, decision) {
-    super(message);
-    this.name = 'ApprovalDeniedError';
-    this.decision = decision;
-  }
-}
-class GuardBlockedError extends Error {
-  constructor(decision) {
-    super(decision.reason || 'Action blocked by policy');
-    this.name = 'GuardBlockedError';
-    this.decision = decision;
-  }
-}
-const PCAA_CHECKPOINTS = [
-  {
-    id: 'pre_action_admissibility',
-    title: 'Pre-action admissibility',
-    summary: 'Evaluate whether the proposed action is allowed, simulated first, blocked, or approval-gated before side effects happen.',
-    sdkMethod: 'guard',
-  },
-  {
-    id: 'action_open',
-    title: 'Action open',
-    summary: 'Create the portable action record that becomes the trust object for replay, scoring, and proof.',
-    sdkMethod: 'createAction',
-  },
-  {
-    id: 'assumption_capture',
-    title: 'Assumption capture',
-    summary: 'Record what the runtime believed or depended on so operators can replay the reasoning boundary later.',
-    sdkMethod: 'recordAssumption',
-  },
-  {
-    id: 'approval_checkpoint',
-    title: 'Approval checkpoint',
-    summary: 'Pause, wait, or externally hold execution when policy requires a human checkpoint.',
-    sdkMethod: 'waitForApproval',
-  },
-  {
-    id: 'outcome_closure',
-    title: 'Outcome closure',
-    summary: 'Write the final result, evidence, and status so the action certificate closes cleanly.',
-    sdkMethod: 'updateOutcome',
-  },
-];
-function toPercent(numerator, denominator) {
-  if (!denominator || denominator <= 0) return 0;
-  return Math.max(0, Math.min(100, Math.round((numerator / denominator) * 100)));
-}
-function resolveRouteDecision({ action = null, proofBundle = null } = {}) {
-  return (
-    proofBundle?.route_decision
-    || proofBundle?.action_certificate?.route_decision
-    || action?.policy_snapshot?.effective_decision
-    || null
-  );
-}
-function resolveOutcomeStatus(status) {
-  const normalized = String(status || '').toLowerCase();
-  if (['completed', 'failed', 'blocked', 'cancelled', 'denied'].includes(normalized)) return 'complete';
-  if (['running', 'pending', 'pending_approval'].includes(normalized)) return 'pending';
-  return 'inactive';
-}
-function buildPcaaCheckpointStates({ action = null, trace = null, proofBundle = null } = {}) {
-  const routeDecision = resolveRouteDecision({ action, proofBundle });
-  const assumptionCount = Number(
-    trace?.trace?.assumptions?.total
-    ?? trace?.assumptions?.total
-    ?? (Array.isArray(trace?.assumptions) ? trace.assumptions.length : 0),
-  );
-  const approvalTriggered = ['require_approval', 'require_dual_approval', 'simulate_first', 'warn', 'block']
-    .includes(String(routeDecision || '').toLowerCase())
-    || String(action?.status || '').toLowerCase() === 'pending_approval';
-  const approvalComplete = Boolean(
-    action?.approved_by
-    || action?.approved_at
-    || (Array.isArray(proofBundle?.approvals) && proofBundle.approvals.length > 0),
-  );
-  const outcomeStatus = resolveOutcomeStatus(action?.status);
-  return PCAA_CHECKPOINTS.map((checkpoint) => {
-    if (checkpoint.id === 'pre_action_admissibility') {
-      return {
-        ...checkpoint,
-        status: routeDecision ? 'complete' : 'inactive',
-        value: routeDecision || 'not evaluated',
-      };
-    }
-    if (checkpoint.id === 'action_open') {
-      return {
-        ...checkpoint,
-        status: action?.action_id ? 'complete' : 'inactive',
-        value: action?.action_id || '--',
-      };
-    }
-    if (checkpoint.id === 'assumption_capture') {
-      return {
-        ...checkpoint,
-        status: assumptionCount > 0 ? 'complete' : 'inactive',
-        value: assumptionCount > 0 ? `${assumptionCount} recorded` : 'none recorded',
-      };
-    }
-    if (checkpoint.id === 'approval_checkpoint') {
-      return {
-        ...checkpoint,
-        status: approvalComplete ? 'complete' : approvalTriggered ? 'active' : 'inactive',
-        value: approvalComplete ? 'approved' : approvalTriggered ? (routeDecision || 'active') : 'not required',
-      };
-    }
-    return {
-      ...checkpoint,
-      status: outcomeStatus,
-      value: action?.status || '--',
-    };
-  });
-}
-class DashClaw {
-  /**
-   * @param {Object} options
-   * @param {string} options.baseUrl - DashClaw base URL
-   * @param {string} options.apiKey - API key for authentication
-   * @param {string} options.agentId - Unique identifier for this agent
-   */
-  constructor({ baseUrl, apiKey, agentId, agentKeyId = null, provenanceVersion = 'dc-prov-v1' }) {
-    if (!baseUrl) throw new Error('baseUrl is required');
-    if (!apiKey) throw new Error('apiKey is required');
-    if (!agentId) throw new Error('agentId is required');
-    this.baseUrl = baseUrl.replace(/\/$/, '');
-    this.apiKey = apiKey;
-    this.agentId = agentId;
-    this.agentKeyId = agentKeyId;
-    this.provenanceVersion = provenanceVersion;
-  }
-  _withProvenance(payload = {}) {
-    const body = { ...payload };
-    const signature = body.agentSignature || body.agent_signature || body._signature || null;
-    delete body.agentSignature;
-    delete body.agent_signature;
-    if (signature) {
-      body._signature = signature;
-    }
-    if (body.agent_key_id === undefined && this.agentKeyId) {
-      body.agent_key_id = this.agentKeyId;
-    }
-    if (body.provenance_version === undefined && this.provenanceVersion) {
-      body.provenance_version = this.provenanceVersion;
-    }
-    return body;
-  }
-  async _request(path, method = 'GET', body = null, params = null, options = {}) {
-    let url = `${this.baseUrl}${path}`;
-    if (params) {
-      const qs = new URLSearchParams(params).toString();
-      if (qs) url += `?${qs}`;
-    }
-    const headers = {
-      'Content-Type': 'application/json',
-      'x-api-key': this.apiKey
-    };
-    const res = await fetch(url, {
-      method,
-      headers,
-      body: body ? JSON.stringify(body) : undefined
-    });
-    let data = {};
-    if (typeof res.text === 'function') {
-      const text = await res.text();
-      data = text ? JSON.parse(text) : {};
-    } else if (typeof res.json === 'function') {
-      data = await res.json();
-    }
-    const allowedStatuses = new Set(options.allowStatuses || []);
-    if (!res.ok && !allowedStatuses.has(res.status)) {
-      if (res.status === 403 && data.decision && data.decision.decision === 'block') {
-        throw new GuardBlockedError(data.decision);
-      }
-      // Prioritize reason (from governance blocks) over generic error field
-      const errorMessage = data.reason || data.error || `Request failed with status ${res.status}`;
-      const err = new Error(errorMessage);
-      err.status = res.status;
-      err.details = data.details;
-      err.decision = data;
-      throw err;
-    }
-    return data;
-  }
-  /**
-   * POST /api/guard — "Can I do X?"
-   * @param {Object} context
-   * @returns {Promise<{decision: 'allow'|'block'|'require_approval', action_id: string, reason: string, signals: string[]}>}
-   */
-  async guard(context) {
-    return this._request('/api/guard', 'POST', this._withProvenance({
-      ...context,
-      agent_id: context.agent_id || this.agentId,
-    }));
-  }
-  /**
-   * POST /api/actions — "I am attempting X."
-   */
-  async createAction(action) {
-    return this._request('/api/actions', 'POST', this._withProvenance({
-      ...action,
-      agent_id: this.agentId,
-    }));
-  }
-  /**
-   * PATCH /api/actions/:id — "X finished with result Y."
-   */
-  async updateOutcome(actionId, outcome) {
-    return this._request(`/api/actions/${actionId}`, 'PATCH', {
-      ...outcome,
-      timestamp_end: outcome.timestamp_end || new Date().toISOString()
-    });
-  }
-  /**
-   * GET /api/actions/:id — Fetch a single action by ID.
-   */
-  async getAction(actionId) {
-    return this._request(`/api/actions/${actionId}`, 'GET');
-  }
-  /**
-   * GET /api/actions/:id/trace — Fetch replay trace, assumptions, loops, and root-cause indicators.
-   */
-  async getActionTrace(actionId) {
-    return this._request(`/api/actions/${actionId}/trace`, 'GET');
-  }
-  /**
-   * GET /api/actions?status=pending_approval — List actions awaiting approval.
-   */
-  async getPendingApprovals(limit = 20, offset = 0) {
-    return this._request('/api/actions', 'GET', null, {
-      status: 'pending_approval',
-      limit,
-      offset,
-    });
-  }
-  /**
-   * POST /api/actions/:id/approve — Approve or deny an action.
-   * @param {string} actionId
-   * @param {'allow'|'deny'} decision
-   * @param {string} [reasoning]
-   */
-  async approveAction(actionId, decision, reasoning) {
-    const body = { decision };
-    if (reasoning) body.reasoning = reasoning;
-    return this._request(`/api/approvals/${actionId}`, 'POST', body);
-  }
-  /**
-   * POST /api/assumptions — "I believe Z is true while doing X."
-   */
-  async recordAssumption(assumption) {
-    return this._request('/api/assumptions', 'POST', assumption);
-  }
-  /**
-   * GET /api/actions/:id — Polling helper for human approval.
-   */
-  async waitForApproval(actionId, { timeout = 300000, interval = 5000 } = {}) {
-    const startTime = Date.now();
-    let wasPending = false;
-    let printedBlock = false;
-    while (Date.now() - startTime < timeout) {
-      const { action } = await this._request(`/api/actions/${actionId}`, 'GET');
-      // Print structured approval block on first fetch
-      if (!printedBlock) {
-        printedBlock = true;
-        try {
-          const actionType = action.action_type || 'unknown';
-          const riskScore = action.risk_score != null ? String(action.risk_score) : '-';
-          const goal = action.declared_goal || '-';
-          const agent = action.agent_id || this.agentId;
-          const replayUrl = `${this.baseUrl}/replay/${actionId}`;
-          const lines = [
-            '\u2554\u2550\u2550 DashClaw Approval Required \u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557',
-            `  Action ID:   ${actionId}`,
-            `  Agent:       ${agent}`,
-            `  Action:      ${actionType}`,
-            '  Policy:      require_approval',
-            `  Risk Score:  ${riskScore}`,
-            `  Goal:        ${goal}`,
-            '',
-            `  Replay:      ${replayUrl}`,
-            '',
-            '  Waiting for approval... (Ctrl+C to abort)',
-            '\u255a\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255d',
-          ];
-          process.stdout.write('\n' + lines.join('\n') + '\n\n');
-        } catch (_) {
-          // Rendering failure must not prevent the wait from proceeding
-        }
-      }
-      if (action.status === 'pending_approval') {
-        wasPending = true;
-      }
-      // Explicitly unblocked by approval metadata.
-      // API key / CLI approvals may not have a human user id, so approved_at is
-      // also treated as authoritative approval evidence.
-      if (action.approved_by || action.approved_at) return action;
-      // Denial cases
-      if (action.status === 'failed' || action.status === 'cancelled') {
-        throw new ApprovalDeniedError(action.error_message || 'Operator denied the action.', action.status);
-      }
-      // Requirement 4: If an action leaves pending_approval without approval metadata, throw an error.
-      // This prevents "auto-approval" bugs where status is changed by non-approval paths.
-      if (wasPending && action.status !== 'pending_approval') {
-        throw new Error(`Action ${actionId} left pending_approval state without explicit approval metadata (Status: ${action.status})`);
-      }
-      // If allowed directly (never intercepted), return immediately
-      if (!wasPending && action.status === 'running') {
-        return { action };
-      }
-      await new Promise(r => setTimeout(r, interval));
-    }
-    throw new Error(`Timed out waiting for approval of action ${actionId}`);
-  }
-  /**
-   * Subscribe to real-time SSE events from the OSuite server.
-   * Uses fetch-based SSE parsing for Node 18+ compatibility.
-   */
-  events({ reconnect = true, maxRetries = Infinity, retryInterval = 3000 } = {}) {
-    const url = `${this.baseUrl}/api/stream`;
-    const handlers = new Map();
-    let closed = false;
-    let controller = null;
-    let lastEventId = null;
-    let retryCount = 0;
-    const emit = (eventType, data) => {
-      const callbacks = handlers.get(eventType) || [];
-      for (const callback of callbacks) {
-        try {
-          callback(data);
-        } catch {
-          // Event handlers are intentionally isolated from stream health
-        }
-      }
-    };
-    const connect = async () => {
-      controller = new AbortController();
-      const headers = { 'x-api-key': this.apiKey };
-      if (lastEventId) headers['last-event-id'] = lastEventId;
-      const res = await fetch(url, {
-        headers,
-        signal: controller.signal,
-      });
-      if (!res.ok) {
-        throw new Error(`SSE connection failed: ${res.status} ${res.statusText}`);
-      }
-      retryCount = 0;
-      const reader = res.body.getReader();
-      const decoder = new TextDecoder();
-      let buffer = '';
-      let currentEvent = null;
-      let currentData = '';
-      while (!closed) {
-        const { done, value } = await reader.read();
-        if (done) break;
-        buffer += decoder.decode(value, { stream: true });
-        const lines = buffer.split('\n');
-        buffer = lines.pop() || '';
-        for (const line of lines) {
-          if (line.startsWith('id: ')) {
-            lastEventId = line.slice(4).trim();
-          } else if (line.startsWith('event: ')) {
-            currentEvent = line.slice(7).trim();
-          } else if (line.startsWith('data: ')) {
-            currentData += line.slice(6);
-          } else if (line.startsWith(':')) {
-            continue;
-          } else if (line === '' && currentEvent) {
-            if (currentData) {
-              try {
-                emit(currentEvent, JSON.parse(currentData));
-              } catch {
-                // Ignore malformed frames to keep the stream alive
-              }
-            }
-            currentEvent = null;
-            currentData = '';
-          } else if (line === '') {
-            currentEvent = null;
-            currentData = '';
-          }
-        }
-      }
-    };
-    const connectLoop = async () => {
-      while (!closed) {
-        try {
-          await connect();
-        } catch (error) {
-          if (closed) return;
-          emit('error', error);
-        }
-        if (closed) return;
-        if (!reconnect || retryCount >= maxRetries) {
-          emit('error', new Error('SSE stream ended'));
-          return;
-        }
-        retryCount += 1;
-        emit('reconnecting', { attempt: retryCount, maxRetries });
-        await new Promise((resolve) => setTimeout(resolve, retryInterval));
-      }
-    };
-    const connectionPromise = connectLoop();
-    const handle = {
-      on(eventType, callback) {
-        if (!handlers.has(eventType)) handlers.set(eventType, []);
-        handlers.get(eventType).push(callback);
-        return handle;
-      },
-      close() {
-        closed = true;
-        if (controller) controller.abort();
-      },
-      _promise: connectionPromise,
-    };
-    return handle;
-  }
-  /**
-   * POST /api/agents/heartbeat
-   */
-  async heartbeat(status = 'online', metadata = null) {
-    return this._request('/api/agents/heartbeat', 'POST', {
-      agent_id: this.agentId,
-      status,
-      metadata
-    });
-  }
-  /**
-   * POST /api/agents/connections
-   */
-  async reportConnections(connections) {
-    return this._request('/api/agents/connections', 'POST', {
-      agent_id: this.agentId,
-      connections
-    });
-  }
-  /**
-   * POST /api/actions/loops
-   */
-  async registerOpenLoop(actionId, loopType, description, metadata = null) {
-    return this._request('/api/actions/loops', 'POST', {
-      action_id: actionId,
-      loop_type: loopType,
-      description,
-      metadata
-    });
-  }
-  /**
-   * PATCH /api/actions/loops/:id
-   */
-  async resolveOpenLoop(loopId, status, resolution = null) {
-    return this._request(`/api/actions/loops/${loopId}`, 'PATCH', {
-      status,
-      resolution
-    });
-  }
-  /**
-   * GET /api/actions/signals
-   */
-  async getSignals() {
-    return this._request('/api/actions/signals');
-  }
-  /**
-   * GET /api/governance/proof — Fetch operator-facing or bundle-form governance proof.
-   */
-  async getGovernanceProof({ actionId = null, format = null } = {}) {
-    return this._request('/api/governance/proof', 'GET', null, {
-      ...(actionId ? { action_id: actionId } : {}),
-      ...(format ? { format } : {}),
-    });
-  }
-  /**
-   * GET /api/governance/proof?format=bundle — Fetch machine-readable PCAA / proof bundle output.
-   */
-  async getGovernanceProofBundle({ actionId = null } = {}) {
-    return this.getGovernanceProof({ actionId, format: 'bundle' });
-  }
-  /**
-   * POST /api/governance/proof/verify — Verify one action attestation and proof bundle.
-   */
-  async verifyGovernanceProof(actionId, { throwOnInvalid = false } = {}) {
-    return this._request(
-      '/api/governance/proof/verify',
-      'POST',
-      { action_id: actionId },
-      null,
-      throwOnInvalid ? {} : { allowStatuses: [422] },
-    );
-  }
-  /**
-   * GET /api/compliance/evidence — Fetch live evidence aggregates for PCAA / compliance.
-   */
-  async getComplianceEvidence({ window = '30d' } = {}) {
-    return this._request('/api/compliance/evidence', 'GET', null, { window });
-  }
-  /**
-   * GET /api/proof/export — Fetch a portable proof export by action or bundle id.
-   */
-  async exportProof({ actionId = null, bundleId = null } = {}) {
-    if (!actionId && !bundleId) {
-      throw new Error('actionId or bundleId is required');
-    }
-    return this._request('/api/proof/export', 'GET', null, {
-      ...(actionId ? { action_id: actionId } : {}),
-      ...(bundleId ? { bundle_id: bundleId } : {}),
-    });
-  }
-  /**
-   * Build the same PCAA health summary used by the workspace banner.
-   */
-  async getPcaaHealth({ window = '30d', agentId = null } = {}) {
-    const [actionsStats, complianceEvidence] = await Promise.all([
-      this._request('/api/actions/stats', 'GET', null, {
-        ...(agentId ? { agent_id: agentId } : {}),
-      }),
-      this.getComplianceEvidence({ window }),
-    ]);
-    const evidence = complianceEvidence?.evidence || {};
-    const totalActions = Number(actionsStats?.total || 0);
-    const recordedActions = Number(evidence.action_records_total || 0);
-    const approvals = Number(evidence.approval_requests || actionsStats?.approval || 0);
-    const proofBundles = Number(evidence.proof_bundles_total || 0);
-    const completeBundles = Number(evidence.complete_proof_bundles || 0);
-    return {
-      totalActions,
-      recordedActions,
-      approvals,
-      proofBundles,
-      completeBundles,
-      checkpointCoverage: toPercent(recordedActions, totalActions || recordedActions || 1),
-      approvalRate: toPercent(approvals, totalActions || approvals || 1),
-      evidenceCompletion: toPercent(completeBundles, proofBundles || completeBundles || 1),
-      window,
-      generatedAt: complianceEvidence?.generated_at || new Date().toISOString(),
-    };
-  }
-  /**
-   * Fetch one action's PCAA view: action, trace, proof bundle, export bundle, and derived checkpoints.
-   */
-  async getPcaaAction(actionId) {
-    const [actionPayload, trace, proofBundle, proofExport] = await Promise.all([
-      this.getAction(actionId),
-      this.getActionTrace(actionId),
-      this.getGovernanceProofBundle({ actionId }),
-      this.exportProof({ actionId }).catch((error) => {
-        if (error?.status === 404) return null;
-        throw error;
-      }),
-    ]);
-    const action = actionPayload?.action || actionPayload || null;
-    return {
-      action,
-      trace,
-      proofBundle,
-      proofExport,
-      checkpoints: buildPcaaCheckpointStates({ action, trace, proofBundle }),
-    };
-  }
-  /**
-   * GET /api/learning/analytics/velocity
-   */
-  async getLearningVelocity(lookbackDays = 30) {
-    return this._request('/api/learning/analytics/velocity', 'GET', null, {
-      agent_id: this.agentId,
-      lookback_days: lookbackDays
-    });
-  }
-  /**
-   * GET /api/learning/analytics/curves
-   */
-  async getLearningCurves(lookbackDays = 60) {
-    return this._request('/api/learning/analytics/curves', 'GET', null, {
-      agent_id: this.agentId,
-      lookback_days: lookbackDays
-    });
-  }
-  /**
-   * GET /api/learning/lessons — Fetch consolidated lessons from scored outcomes.
-   */
-  async getLessons({ actionType, limit } = {}) {
-    return this._request('/api/learning/lessons', 'GET', null, {
-      agent_id: this.agentId,
-      ...(actionType && { action_type: actionType }),
-      ...(limit && { limit }),
-    });
-  }
-  /**
-   * POST /api/prompts/render
-   */
-  async renderPrompt({ template_id, version_id, variables, record = false }) {
-    return this._request('/api/prompts/render', 'POST', {
-      template_id,
-      version_id,
-      variables,
-      agent_id: this.agentId,
-      record
-    });
-  }
-  /**
-   * POST /api/evaluations/scorers
-   */
-  async createScorer(name, scorer_type, config = null, description = null) {
-    return this._request('/api/evaluations/scorers', 'POST', {
-      name,
-      scorer_type,
-      config,
-      description
-    });
-  }
-  /**
-   * POST /api/scoring/profiles
-   */
-  async createScoringProfile(profile) {
-    return this._request('/api/scoring/profiles', 'POST', profile);
-  }
-  /**
-   * GET /api/scoring/profiles
-   */
-  async listScoringProfiles(filters = {}) {
-    return this._request('/api/scoring/profiles', 'GET', null, filters);
-  }
-  /**
-   * GET /api/scoring/profiles/:id
-   */
-  async getScoringProfile(profileId) {
-    return this._request(`/api/scoring/profiles/${profileId}`, 'GET');
-  }
-  /**
-   * PATCH /api/scoring/profiles/:id
-   */
-  async updateScoringProfile(profileId, updates) {
-    return this._request(`/api/scoring/profiles/${profileId}`, 'PATCH', updates);
-  }
-  /**
-   * DELETE /api/scoring/profiles/:id
-   */
-  async deleteScoringProfile(profileId) {
-    return this._request(`/api/scoring/profiles/${profileId}`, 'DELETE');
-  }
-  /**
-   * POST /api/scoring/profiles/:id/dimensions
-   */
-  async addScoringDimension(profileId, dimension) {
-    return this._request(`/api/scoring/profiles/${profileId}/dimensions`, 'POST', dimension);
-  }
-  /**
-   * PATCH /api/scoring/profiles/:id/dimensions/:dimId
-   */
-  async updateScoringDimension(profileId, dimensionId, updates) {
-    return this._request(`/api/scoring/profiles/${profileId}/dimensions/${dimensionId}`, 'PATCH', updates);
-  }
-  /**
-   * DELETE /api/scoring/profiles/:id/dimensions/:dimId
-   */
-  async deleteScoringDimension(profileId, dimensionId) {
-    return this._request(`/api/scoring/profiles/${profileId}/dimensions/${dimensionId}`, 'DELETE');
-  }
-  /**
-   * POST /api/scoring/score — score a single action against a profile
-   */
-  async scoreWithProfile(profileId, action) {
-    return this._request('/api/scoring/score', 'POST', { profile_id: profileId, action });
-  }
-  /**
-   * POST /api/scoring/score — batch score multiple actions against a profile
-   */
-  async batchScoreWithProfile(profileId, actions) {
-    return this._request('/api/scoring/score', 'POST', { profile_id: profileId, actions });
-  }
-  /**
-   * GET /api/scoring/score — list stored profile scores
-   */
-  async getProfileScores(filters = {}) {
-    return this._request('/api/scoring/score', 'GET', null, filters);
-  }
-  /**
-   * GET /api/scoring/score?view=stats — aggregate stats for a profile
-   */
-  async getProfileScoreStats(profileId) {
-    return this._request('/api/scoring/score', 'GET', null, { profile_id: profileId, view: 'stats' });
-  }
-  /**
-   * POST /api/scoring/risk-templates
-   */
-  async createRiskTemplate(template) {
-    return this._request('/api/scoring/risk-templates', 'POST', template);
-  }
-  /**
-   * GET /api/scoring/risk-templates
-   */
-  async listRiskTemplates(filters = {}) {
-    return this._request('/api/scoring/risk-templates', 'GET', null, filters);
-  }
-  /**
-   * PATCH /api/scoring/risk-templates/:id
-   */
-  async updateRiskTemplate(templateId, updates) {
-    return this._request(`/api/scoring/risk-templates/${templateId}`, 'PATCH', updates);
-  }
-  /**
-   * DELETE /api/scoring/risk-templates/:id
-   */
-  async deleteRiskTemplate(templateId) {
-    return this._request(`/api/scoring/risk-templates/${templateId}`, 'DELETE');
-  }
-  /**
-   * POST /api/scoring/calibrate — analyze historical data and suggest dimension thresholds
-   */
-  async autoCalibrate(options = {}) {
-    return this._request('/api/scoring/calibrate', 'POST', options);
-  }
-  // ---------------------------------------------------------------------------
-  // Agent Messaging
-  // ---------------------------------------------------------------------------
-  /**
-   * POST /api/messages — Send a message to another agent or the dashboard.
-   */
-  async sendMessage({ to, type, subject, body, threadId, urgent, actionId }) {
-    return this._request('/api/messages', 'POST', {
-      from_agent_id: this.agentId,
-      to_agent_id: to,
-      message_type: type,
-      subject,
-      body,
-      thread_id: threadId,
-      urgent,
-      action_id: actionId,
-    });
-  }
-  /**
-   * Create a scoped action context that auto-tags messages and assumptions
-   * with the given action_id.
-   * @param {string} actionId - The action_id to attach to all operations
-   * @returns {{ sendMessage, recordAssumption, updateOutcome }}
-   */
-  actionContext(actionId) {
-    return {
-      sendMessage: ({ to, type, subject, body, threadId, urgent }) => {
-        return this.sendMessage({ to, type, subject, body, threadId, urgent, actionId });
-      },
-      recordAssumption: (assumption) => {
-        return this.recordAssumption({ ...assumption, action_id: actionId });
-      },
-      updateOutcome: (outcome) => {
-        return this.updateOutcome(actionId, outcome);
-      },
-    };
-  }
-  /**
-   * GET /api/messages — Fetch this agent's inbox.
-   */
-  async getInbox({ type, unread, limit } = {}) {
-    return this._request('/api/messages', 'GET', null, {
-      agent_id: this.agentId,
-      direction: 'inbox',
-      ...(type && { type }),
-      ...(unread != null && { unread }),
-      ...(limit && { limit }),
-    });
-  }
-  // ---------------------------------------------------------------------------
-  // Session Handoffs
-  // ---------------------------------------------------------------------------
-  /**
-   * POST /api/handoffs — Create a session handoff record.
-   */
-  async createHandoff(handoff) {
-    return this._request('/api/handoffs', 'POST', {
-      agent_id: this.agentId,
-      ...handoff,
-    });
-  }
-  /**
-   * GET /api/handoffs — Fetch the most recent handoff for this agent.
-   */
-  async getLatestHandoff() {
-    return this._request('/api/handoffs', 'GET', null, {
-      agent_id: this.agentId,
-      latest: 'true',
-    });
-  }
-  // ---------------------------------------------------------------------------
-  // Security Scanning
-  // ---------------------------------------------------------------------------
-  /**
-   * POST /api/security/prompt-injection — Scan text for prompt injection attacks.
-   */
-  async scanPromptInjection(text, { source } = {}) {
-    return this._request('/api/security/prompt-injection', 'POST', {
-      text,
-      source,
-      agent_id: this.agentId,
-    });
-  }
-  // ---------------------------------------------------------------------------
-  // User Feedback
-  // ---------------------------------------------------------------------------
-  /**
-   * POST /api/feedback — Submit user feedback linked to an action.
-   */
-  async submitFeedback({ action_id, rating, comment, category, tags, metadata }) {
-    return this._request('/api/feedback', 'POST', {
-      action_id,
-      agent_id: this.agentId,
-      rating,
-      comment,
-      category,
-      tags,
-      metadata,
-    });
-  }
-  // ---------------------------------------------------------------------------
-  // Context Threads
-  // ---------------------------------------------------------------------------
-  /**
-   * POST /api/context/threads — Create a reasoning context thread.
-   */
-  async createThread(thread) {
-    return this._request('/api/context/threads', 'POST', {
-      agent_id: this.agentId,
-      ...thread,
-    });
-  }
-  /**
-   * POST /api/context/threads/:id/entries — Append a reasoning step.
-   */
-  async addThreadEntry(threadId, content, entryType) {
-    return this._request(`/api/context/threads/${threadId}/entries`, 'POST', {
-      content,
-      entry_type: entryType,
-    });
-  }
-  /**
-   * PATCH /api/context/threads/:id — Close a reasoning thread.
-   */
-  async closeThread(threadId, summary) {
-    return this._request(`/api/context/threads/${threadId}`, 'PATCH', {
-      status: 'closed',
-      ...(summary ? { summary } : {}),
-    });
-  }
-  // ---------------------------------------------------------------------------
-  // Bulk Sync
-  // ---------------------------------------------------------------------------
-  /**
-   * POST /api/sync — Bulk state sync for periodic updates or bootstrap.
-   */
-  async syncState(state) {
-    return this._request('/api/sync', 'POST', {
-      agent_id: this.agentId,
-      ...state,
-    });
-  }
-}
-const OSuite = DashClaw;
-const Osuite = DashClaw;
-export default OSuite;
-export {
-  DashClaw,
-  OSuite,
-  Osuite,
-  ApprovalDeniedError,
-  GuardBlockedError,
-  PCAA_CHECKPOINTS,
-  buildPcaaCheckpointStates,
-};