oxe-cc 1.0.0 → 1.3.0

package/lib/runtime/plugins/plugin-abi.d.ts

@@ -24,6 +24,7 @@ export interface ToolProvider {
 }
 export interface WorkspaceProvider extends WorkspaceManager {
     readonly name: string;
+    readonly isolation_level: 'shared' | 'isolated';
     supportsStrategy(strategy: string): boolean;
 }
 export interface VerificationInput {
@@ -67,6 +68,7 @@ export interface ContextProvider {
 export interface OxePlugin {
     readonly name: string;
     readonly version?: string;
+    readonly abi_version?: string;
     toolProviders?: ToolProvider[];
     workspaceProviders?: WorkspaceProvider[];
     verifierProviders?: VerifierProvider[];

package/lib/runtime/plugins/plugin-manifest.d.ts

@@ -0,0 +1,22 @@
+import type { OxePlugin } from './plugin-abi';
+export declare const CURRENT_ABI_VERSION = "1";
+export interface PluginManifest {
+    name: string;
+    version: string;
+    abi_version: string;
+    capabilities: Array<'tool' | 'workspace' | 'verifier' | 'context' | 'hooks'>;
+    tool_action_types?: string[];
+    workspace_strategies?: string[];
+    verifier_check_types?: string[];
+    context_provider_names?: string[];
+    hook_names?: string[];
+}
+export interface PluginValidationResult {
+    valid: boolean;
+    errors: string[];
+    warnings: string[];
+}
+export declare function extractManifest(plugin: OxePlugin): PluginManifest;
+export declare function validatePlugin(plugin: OxePlugin): PluginValidationResult;
+export declare function isAbiCompatible(pluginAbiVersion: string): boolean;
+export declare function sandboxInvoke<T>(fn: () => Promise<T>, timeoutMs?: number): Promise<T>;

package/lib/runtime/plugins/plugin-manifest.js

@@ -0,0 +1,95 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CURRENT_ABI_VERSION = void 0;
+exports.extractManifest = extractManifest;
+exports.validatePlugin = validatePlugin;
+exports.isAbiCompatible = isAbiCompatible;
+exports.sandboxInvoke = sandboxInvoke;
+exports.CURRENT_ABI_VERSION = '1';
+function extractManifest(plugin) {
+    const capabilities = [];
+    if (plugin.toolProviders?.length)
+        capabilities.push('tool');
+    if (plugin.workspaceProviders?.length)
+        capabilities.push('workspace');
+    if (plugin.verifierProviders?.length)
+        capabilities.push('verifier');
+    if (plugin.contextProviders?.length)
+        capabilities.push('context');
+    if (plugin.hooks && Object.keys(plugin.hooks).length > 0)
+        capabilities.push('hooks');
+    return {
+        name: plugin.name,
+        version: plugin.version ?? '0.0.0',
+        abi_version: plugin.abi_version ?? exports.CURRENT_ABI_VERSION,
+        capabilities,
+        tool_action_types: plugin.toolProviders?.flatMap((p) => ['read_code', 'generate_patch', 'run_tests', 'collect_evidence', 'custom'].filter((t) => p.supports(t))) ?? [],
+        workspace_strategies: plugin.workspaceProviders?.map((p) => p.name) ?? [],
+        verifier_check_types: plugin.verifierProviders?.flatMap((p) => ['unit', 'integration', 'smoke', 'policy', 'security', 'custom'].filter((t) => p.supports(t))) ?? [],
+        context_provider_names: plugin.contextProviders?.map((p) => p.name) ?? [],
+        hook_names: plugin.hooks ? Object.keys(plugin.hooks) : [],
+    };
+}
+function validatePlugin(plugin) {
+    const errors = [];
+    const warnings = [];
+    if (!plugin.name || typeof plugin.name !== 'string') {
+        errors.push('Plugin must have a non-empty string name');
+    }
+    if (plugin.version && !/^\d+\.\d+\.\d+/.test(plugin.version)) {
+        warnings.push(`Plugin version "${plugin.version}" does not follow semver`);
+    }
+    const abiVersion = plugin.abi_version ?? exports.CURRENT_ABI_VERSION;
+    if (!isAbiCompatible(abiVersion)) {
+        errors.push(`Plugin ABI "${abiVersion}" is incompatible with runtime ABI "${exports.CURRENT_ABI_VERSION}"`);
+    }
+    if (!plugin.toolProviders?.length &&
+        !plugin.workspaceProviders?.length &&
+        !plugin.verifierProviders?.length &&
+        !plugin.contextProviders?.length &&
+        !plugin.hooks) {
+        warnings.push('Plugin declares no providers or hooks — it has no effect');
+    }
+    // Validate each tool provider
+    for (const tp of plugin.toolProviders ?? []) {
+        if (!tp.name)
+            errors.push('ToolProvider missing name');
+        if (typeof tp.supports !== 'function')
+            errors.push(`ToolProvider "${tp.name}" missing supports() method`);
+        if (typeof tp.invoke !== 'function')
+            errors.push(`ToolProvider "${tp.name}" missing invoke() method`);
+    }
+    // Validate each workspace provider
+    for (const wp of plugin.workspaceProviders ?? []) {
+        if (!wp.name)
+            errors.push('WorkspaceProvider missing name');
+        if (typeof wp.supportsStrategy !== 'function')
+            errors.push(`WorkspaceProvider "${wp.name}" missing supportsStrategy()`);
+        if (typeof wp.allocate !== 'function')
+            errors.push(`WorkspaceProvider "${wp.name}" missing allocate()`);
+    }
+    // Validate each verifier provider
+    for (const vp of plugin.verifierProviders ?? []) {
+        if (!vp.name)
+            errors.push('VerifierProvider missing name');
+        if (typeof vp.supports !== 'function')
+            errors.push(`VerifierProvider "${vp.name}" missing supports()`);
+        if (typeof vp.execute !== 'function')
+            errors.push(`VerifierProvider "${vp.name}" missing execute()`);
+    }
+    return { valid: errors.length === 0, errors, warnings };
+}
+function isAbiCompatible(pluginAbiVersion) {
+    // Major version must match; minor/patch are backwards-compatible
+    const [currMajor] = exports.CURRENT_ABI_VERSION.split('.').map(Number);
+    const [plugMajor] = pluginAbiVersion.split('.').map(Number);
+    return currMajor === plugMajor;
+}
+function sandboxInvoke(fn, timeoutMs = 10000) {
+    return new Promise((resolve, reject) => {
+        const timer = setTimeout(() => {
+            reject(new Error(`Plugin invocation timed out after ${timeoutMs}ms`));
+        }, timeoutMs);
+        fn().then((result) => { clearTimeout(timer); resolve(result); }, (err) => { clearTimeout(timer); reject(err instanceof Error ? err : new Error(String(err))); });
+    });
+}

package/lib/runtime/plugins/plugin-registry.d.ts

@@ -1,6 +1,8 @@
 import type { OxePlugin, ToolProvider, WorkspaceProvider, VerifierProvider, ContextProvider } from './plugin-abi';
+import { type CapabilityMatrix } from './capability-matrix';
 export declare class PluginRegistry {
     private plugins;
+    private loadErrors;
     register(plugin: OxePlugin): void;
     unregister(name: string): void;
     loadFromDirectory(dir: string): string[];
@@ -16,6 +18,50 @@ export declare class PluginRegistry {
         version?: string;
         providers: string[];
     }>;
+    registerProjectCapabilities(projectRoot: string): string[];
+    loadErrorsSnapshot(): string[];
+    clearLoadErrors(): void;
+    snapshot(): Array<{
+        name: string;
+        version?: string;
+        abi_version?: string;
+        toolProviders: Array<{
+            name: string;
+            kind: string;
+            idempotent: boolean;
+        }>;
+        workspaceProviders: Array<{
+            name: string;
+        }>;
+        verifierProviders: Array<{
+            name: string;
+        }>;
+        contextProviders: Array<{
+            name: string;
+        }>;
+    }>;
+    summary(): {
+        total_plugins: number;
+        tool_providers: number;
+        workspace_providers: number;
+        verifier_providers: number;
+        context_providers: number;
+        load_errors: number;
+        pluginsCount: number;
+        toolProviders: number;
+        workspaceProviders: number;
+        verifierProviders: number;
+        contextProviders: number;
+        loadErrors: number;
+        plugins: Array<{
+            name: string;
+            version?: string;
+            providers: string[];
+        }>;
+    };
+    capabilityMatrix(): CapabilityMatrix;
 }
 export declare function globalRegistry(): PluginRegistry;
 export declare function resetGlobalRegistry(): void;
+export declare function registrySummary(registry: PluginRegistry): ReturnType<PluginRegistry['summary']>;
+export declare function resolveCapabilityMatrix(registry: PluginRegistry): CapabilityMatrix;

package/lib/runtime/plugins/plugin-registry.js

@@ -6,16 +6,26 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.PluginRegistry = void 0;
 exports.globalRegistry = globalRegistry;
 exports.resetGlobalRegistry = resetGlobalRegistry;
+exports.registrySummary = registrySummary;
+exports.resolveCapabilityMatrix = resolveCapabilityMatrix;
 const fs_1 = __importDefault(require("fs"));
 const path_1 = __importDefault(require("path"));
+const plugin_manifest_1 = require("./plugin-manifest");
+const capability_matrix_1 = require("./capability-matrix");
+const capability_adapter_1 = require("./capability-adapter");
 class PluginRegistry {
     constructor() {
         this.plugins = [];
+        this.loadErrors = [];
     }
     register(plugin) {
         if (this.plugins.some((p) => p.name === plugin.name)) {
             throw new Error(`Plugin "${plugin.name}" is already registered`);
         }
+        const validation = (0, plugin_manifest_1.validatePlugin)(plugin);
+        if (!validation.valid && validation.errors.length > 0) {
+            throw new Error(`Plugin "${plugin.name}" failed validation: ${validation.errors.join('; ')}`);
+        }
         this.plugins.push(plugin);
     }
     unregister(name) {
@@ -38,8 +48,8 @@ class PluginRegistry {
                     loaded.push(plugin.name);
                 }
             }
-            catch {
-                // skip invalid plugin files
+            catch (error) {
+                this.loadErrors.push(`Plugin ${fullPath} falhou ao carregar: ${error instanceof Error ? error.message : String(error)}`);
             }
         }
         return loaded;
@@ -101,6 +111,72 @@ class PluginRegistry {
             ],
         }));
     }
+    registerProjectCapabilities(projectRoot) {
+        const loaded = [];
+        for (const plugin of (0, capability_adapter_1.loadCapabilityPlugins)(projectRoot)) {
+            try {
+                this.register(plugin);
+                loaded.push(plugin.name);
+            }
+            catch (error) {
+                this.loadErrors.push(`Capability plugin ${plugin.name} falhou ao registrar: ${error instanceof Error ? error.message : String(error)}`);
+            }
+        }
+        return loaded;
+    }
+    loadErrorsSnapshot() {
+        return [...this.loadErrors];
+    }
+    clearLoadErrors() {
+        this.loadErrors = [];
+    }
+    snapshot() {
+        return this.plugins.map((plugin) => ({
+            name: plugin.name,
+            version: plugin.version,
+            abi_version: plugin.abi_version,
+            toolProviders: (plugin.toolProviders ?? []).map((provider) => ({
+                name: provider.name,
+                kind: provider.kind,
+                idempotent: provider.idempotent,
+            })),
+            workspaceProviders: (plugin.workspaceProviders ?? []).map((provider) => ({
+                name: provider.name,
+            })),
+            verifierProviders: (plugin.verifierProviders ?? []).map((provider) => ({
+                name: provider.name,
+            })),
+            contextProviders: (plugin.contextProviders ?? []).map((provider) => ({
+                name: provider.name,
+            })),
+        }));
+    }
+    summary() {
+        const plugins = this.list();
+        const toolProviders = plugins.reduce((sum, plugin) => sum + plugin.providers.filter((provider) => provider.startsWith('tool:')).length, 0);
+        const workspaceProviders = plugins.reduce((sum, plugin) => sum + plugin.providers.filter((provider) => provider.startsWith('workspace:')).length, 0);
+        const verifierProviders = plugins.reduce((sum, plugin) => sum + plugin.providers.filter((provider) => provider.startsWith('verifier:')).length, 0);
+        const contextProviders = plugins.reduce((sum, plugin) => sum + plugin.providers.filter((provider) => provider.startsWith('context:')).length, 0);
+        const loadErrors = this.loadErrors.length;
+        return {
+            total_plugins: plugins.length,
+            tool_providers: toolProviders,
+            workspace_providers: workspaceProviders,
+            verifier_providers: verifierProviders,
+            context_providers: contextProviders,
+            load_errors: loadErrors,
+            pluginsCount: plugins.length,
+            toolProviders,
+            workspaceProviders,
+            verifierProviders,
+            contextProviders,
+            loadErrors,
+            plugins,
+        };
+    }
+    capabilityMatrix() {
+        return (0, capability_matrix_1.buildMatrix)(this);
+    }
 }
 exports.PluginRegistry = PluginRegistry;
 let _globalRegistry = null;
@@ -112,3 +188,9 @@ function globalRegistry() {
 function resetGlobalRegistry() {
     _globalRegistry = null;
 }
+function registrySummary(registry) {
+    return registry.summary();
+}
+function resolveCapabilityMatrix(registry) {
+    return registry.capabilityMatrix();
+}

package/lib/runtime/policy/policy-engine.d.ts

@@ -1,12 +1,27 @@
 export type PolicyAction = 'allow' | 'deny' | 'require_human_gate';
+export type SideEffectClass = 'read_fs' | 'write_fs' | 'spawn_process' | 'network_call' | 'git_mutation' | 'db_change' | 'secret_access' | 'infra_operation';
+export type AutonomyTier = 'L0' | 'L1' | 'L2' | 'L3';
 export interface PolicyWhenClause {
     tool?: string;
     env?: string;
     kind?: string;
+    side_effect_class?: SideEffectClass;
+    autonomy_tier?: AutonomyTier;
 }
 export interface PolicyAssertClause {
     diff_within_scope?: boolean;
 }
+export interface NodePolicyConfig {
+    max_retries: number;
+    mutation_budget?: number;
+    autonomy_tier?: AutonomyTier;
+    allowed_side_effects?: SideEffectClass[];
+}
+export interface EnvironmentGuardrail {
+    protected_paths: string[];
+    protected_branches: string[];
+    require_human_gate_on: SideEffectClass[];
+}
 export interface PolicyRule {
     id: string;
     when: PolicyWhenClause;
@@ -19,22 +34,53 @@ export interface PolicyContext {
     kind?: string;
     mutation_scope?: string[];
     affected_paths?: string[];
+    side_effect_class?: SideEffectClass;
+    autonomy_tier?: AutonomyTier;
+    mutation_count?: number;
+    node_policy?: NodePolicyConfig;
 }
 export interface PolicyDecision {
+    decision_id: string;
     allowed: boolean;
     gate_required: boolean;
     reason: string;
     rule_id: string | null;
+    timestamp: string;
+}
+export interface PersistedPolicyDecision extends PolicyDecision {
+    run_id: string;
+    work_item_id: string | null;
+    action: string;
+    actor: string;
+    override: boolean;
+    rationale: string | null;
+    context: PolicyContext;
 }
 export declare class PolicyEngine {
     private readonly rules;
-    constructor(rules?: PolicyRule[]);
+    private readonly guardrail;
+    constructor(rules?: PolicyRule[], guardrail?: EnvironmentGuardrail);
     evaluate(ctx: PolicyContext): PolicyDecision;
+    private checkGuardrails;
+    private checkAutonomyTier;
+    private checkMutationBudget;
     private matches;
     private checkAssert;
     withRule(rule: PolicyRule): PolicyEngine;
+    withGuardrail(guardrail: EnvironmentGuardrail): PolicyEngine;
+    getGuardrail(): EnvironmentGuardrail;
     static fromConfig(config: {
         policies?: PolicyRule[];
+        guardrail?: EnvironmentGuardrail;
     }): PolicyEngine;
     static fromConfigFile(configPath: string): PolicyEngine;
+    static defaultGuardrail(): EnvironmentGuardrail;
 }
+export declare function savePolicyDecision(projectRoot: string, decision: PersistedPolicyDecision): PersistedPolicyDecision;
+export declare function loadPolicyDecisions(projectRoot: string, runId: string): PersistedPolicyDecision[];
+export declare function summarizePolicyDecisions(decisions: PersistedPolicyDecision[]): {
+    total: number;
+    denied: number;
+    gated: number;
+    overridesWithoutRationale: number;
+};

package/lib/runtime/policy/policy-engine.js

@@ -1,17 +1,53 @@
 "use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.PolicyEngine = void 0;
+exports.savePolicyDecision = savePolicyDecision;
+exports.loadPolicyDecisions = loadPolicyDecisions;
+exports.summarizePolicyDecisions = summarizePolicyDecisions;
+const fs_1 = __importDefault(require("fs"));
+const path_1 = __importDefault(require("path"));
 const ALLOW_ALL = {
+    decision_id: '__default_allow',
     allowed: true,
     gate_required: false,
     reason: 'no matching policy — default allow',
     rule_id: null,
+    timestamp: new Date().toISOString(),
+};
+const DEFAULT_GUARDRAIL = {
+    protected_paths: ['.oxe/config.json', '.env', 'package.json'],
+    protected_branches: ['main', 'master', 'production', 'release'],
+    require_human_gate_on: ['infra_operation', 'db_change', 'secret_access'],
+};
+// Autonomy tier → max side effect class allowed without a gate
+const TIER_SIDE_EFFECT_MAP = {
+    L0: ['read_fs'],
+    L1: ['read_fs', 'write_fs', 'spawn_process'],
+    L2: ['read_fs', 'write_fs', 'spawn_process', 'network_call', 'git_mutation'],
+    L3: ['read_fs', 'write_fs', 'spawn_process', 'network_call', 'git_mutation', 'db_change', 'secret_access', 'infra_operation'],
 };
 class PolicyEngine {
-    constructor(rules = []) {
+    constructor(rules = [], guardrail = DEFAULT_GUARDRAIL) {
         this.rules = rules;
+        this.guardrail = guardrail;
     }
     evaluate(ctx) {
+        // Check autonomy tier first — a denial takes priority over guardrail gates
+        const tierDecision = this.checkAutonomyTier(ctx);
+        if (tierDecision)
+            return tierDecision;
+        // Check environment guardrails (may require gate even when tier permits)
+        const guardrailDecision = this.checkGuardrails(ctx);
+        if (guardrailDecision)
+            return guardrailDecision;
+        // Check mutation budget
+        const budgetDecision = this.checkMutationBudget(ctx);
+        if (budgetDecision)
+            return budgetDecision;
+        // Evaluate rules (first match wins)
         for (const rule of this.rules) {
             if (!this.matches(rule.when, ctx))
                 continue;
@@ -19,23 +55,107 @@ class PolicyEngine {
                 const assertFailed = this.checkAssert(rule.assert, ctx);
                 if (assertFailed) {
                     return {
+                        decision_id: rule.id,
                         allowed: false,
                         gate_required: false,
                         reason: `Assert failed for rule ${rule.id}: ${assertFailed}`,
                         rule_id: rule.id,
+                        timestamp: new Date().toISOString(),
                     };
                 }
             }
             switch (rule.action) {
                 case 'allow':
-                    return { allowed: true, gate_required: false, reason: `Allowed by rule ${rule.id}`, rule_id: rule.id };
+                    return {
+                        decision_id: rule.id,
+                        allowed: true,
+                        gate_required: false,
+                        reason: `Allowed by rule ${rule.id}`,
+                        rule_id: rule.id,
+                        timestamp: new Date().toISOString(),
+                    };
                 case 'deny':
-                    return { allowed: false, gate_required: false, reason: `Denied by rule ${rule.id}`, rule_id: rule.id };
+                    return {
+                        decision_id: rule.id,
+                        allowed: false,
+                        gate_required: false,
+                        reason: `Denied by rule ${rule.id}`,
+                        rule_id: rule.id,
+                        timestamp: new Date().toISOString(),
+                    };
                 case 'require_human_gate':
-                    return { allowed: true, gate_required: true, reason: `Gate required by rule ${rule.id}`, rule_id: rule.id };
+                    return {
+                        decision_id: rule.id,
+                        allowed: true,
+                        gate_required: true,
+                        reason: `Gate required by rule ${rule.id}`,
+                        rule_id: rule.id,
+                        timestamp: new Date().toISOString(),
+                    };
             }
         }
-        return ALLOW_ALL;
+        return { ...ALLOW_ALL, timestamp: new Date().toISOString() };
+    }
+    checkGuardrails(ctx) {
+        // Protected path check
+        const affected = ctx.affected_paths ?? [];
+        for (const p of affected) {
+            if (this.guardrail.protected_paths.some((pp) => p === pp || p.startsWith(pp + '/'))) {
+                return {
+                    decision_id: '__guardrail_path',
+                    allowed: true,
+                    gate_required: true,
+                    reason: `Protected path affected: ${p}`,
+                    rule_id: '__guardrail_path',
+                    timestamp: new Date().toISOString(),
+                };
+            }
+        }
+        // Side effect class requiring gate
+        if (ctx.side_effect_class && this.guardrail.require_human_gate_on.includes(ctx.side_effect_class)) {
+            return {
+                decision_id: '__guardrail_side_effect',
+                allowed: true,
+                gate_required: true,
+                reason: `Side effect class '${ctx.side_effect_class}' requires human gate`,
+                rule_id: '__guardrail_side_effect',
+                timestamp: new Date().toISOString(),
+            };
+        }
+        return null;
+    }
+    checkAutonomyTier(ctx) {
+        if (!ctx.autonomy_tier || !ctx.side_effect_class)
+            return null;
+        const allowed = TIER_SIDE_EFFECT_MAP[ctx.autonomy_tier] ?? [];
+        if (!allowed.includes(ctx.side_effect_class)) {
+            return {
+                decision_id: '__autonomy_tier',
+                allowed: false,
+                gate_required: false,
+                reason: `Autonomy tier ${ctx.autonomy_tier} does not permit side effect '${ctx.side_effect_class}'`,
+                rule_id: '__autonomy_tier',
+                timestamp: new Date().toISOString(),
+            };
+        }
+        return null;
+    }
+    checkMutationBudget(ctx) {
+        const budget = ctx.node_policy?.mutation_budget;
+        if (budget === undefined || budget === null)
+            return null;
+        const count = ctx.mutation_count ?? 0;
+        if (count >= budget) {
+            return {
+                decision_id: '__mutation_budget',
+                allowed: false,
+                gate_required: false,
+                reason: `Mutation budget exhausted: ${count}/${budget}`,
+                rule_id: '__mutation_budget',
+                timestamp: new Date().toISOString(),
+            };
+        }
+        return null;
     }
     matches(when, ctx) {
         if (when.tool && when.tool !== ctx.tool)
@@ -44,6 +164,10 @@ class PolicyEngine {
             return false;
         if (when.kind && when.kind !== ctx.kind)
             return false;
+        if (when.side_effect_class && when.side_effect_class !== ctx.side_effect_class)
+            return false;
+        if (when.autonomy_tier && when.autonomy_tier !== ctx.autonomy_tier)
+            return false;
         return true;
     }
     checkAssert(assert, ctx) {
@@ -51,7 +175,7 @@ class PolicyEngine {
             const scope = ctx.mutation_scope ?? [];
             const affected = ctx.affected_paths ?? [];
             if (scope.length === 0)
-                return null; // no scope declared — pass
+                return null;
             const outsideScope = affected.filter((p) => !scope.some((s) => p.startsWith(s) || s.startsWith(p)));
             if (outsideScope.length > 0) {
                 return `paths outside mutation scope: ${outsideScope.join(', ')}`;
@@ -60,14 +184,19 @@ class PolicyEngine {
         return null;
     }
     withRule(rule) {
-        return new PolicyEngine([...this.rules, rule]);
+        return new PolicyEngine([...this.rules, rule], this.guardrail);
+    }
+    withGuardrail(guardrail) {
+        return new PolicyEngine(this.rules, guardrail);
+    }
+    getGuardrail() {
+        return this.guardrail;
     }
     static fromConfig(config) {
-        return new PolicyEngine(config.policies ?? []);
+        return new PolicyEngine(config.policies ?? [], config.guardrail ?? DEFAULT_GUARDRAIL);
     }
     static fromConfigFile(configPath) {
         try {
-            // Dynamic require to avoid bundling issues
             // eslint-disable-next-line @typescript-eslint/no-var-requires
             const cfg = require(configPath);
             return PolicyEngine.fromConfig(cfg);
@@ -76,5 +205,39 @@ class PolicyEngine {
             return new PolicyEngine();
         }
     }
+    static defaultGuardrail() {
+        return { ...DEFAULT_GUARDRAIL };
+    }
 }
 exports.PolicyEngine = PolicyEngine;
+function policyDecisionPath(projectRoot, runId) {
+    return path_1.default.join(projectRoot, '.oxe', 'runs', runId, 'policy-decisions.json');
+}
+function savePolicyDecision(projectRoot, decision) {
+    const target = policyDecisionPath(projectRoot, decision.run_id);
+    fs_1.default.mkdirSync(path_1.default.dirname(target), { recursive: true });
+    const existing = loadPolicyDecisions(projectRoot, decision.run_id);
+    const next = [...existing.filter((item) => item.decision_id !== decision.decision_id), decision];
+    fs_1.default.writeFileSync(target, JSON.stringify(next, null, 2), 'utf8');
+    return decision;
+}
+function loadPolicyDecisions(projectRoot, runId) {
+    const target = policyDecisionPath(projectRoot, runId);
+    if (!fs_1.default.existsSync(target))
+        return [];
+    try {
+        const raw = JSON.parse(fs_1.default.readFileSync(target, 'utf8'));
+        return Array.isArray(raw) ? raw : [];
+    }
+    catch {
+        return [];
+    }
+}
+function summarizePolicyDecisions(decisions) {
+    return {
+        total: decisions.length,
+        denied: decisions.filter((decision) => !decision.allowed).length,
+        gated: decisions.filter((decision) => decision.gate_required).length,
+        overridesWithoutRationale: decisions.filter((decision) => decision.override && !decision.rationale).length,
+    };
+}

package/lib/runtime/projection/projection-engine.d.ts

@@ -2,10 +2,18 @@ import type { RunState } from '../reducers/run-state-reducer';
 import type { ExecutionGraph } from '../compiler/graph-compiler';
 import type { VerificationResult } from '../models/verification-result';
 import type { CheckResult } from '../verification/verification-compiler';
+import type { VerificationManifest, ResidualRiskLedger } from '../verification/verification-manifest';
 export declare class ProjectionEngine {
     projectPlan(state: RunState, graph: ExecutionGraph): string;
-    projectVerify(state: RunState, results: VerificationResult[], checkResults?: CheckResult[]): string;
+    projectVerify(state: RunState, results: VerificationResult[], checkResults?: CheckResult[], manifest?: VerificationManifest | null, riskLedger?: ResidualRiskLedger | null, evidenceCoverage?: {
+        total_checks: number;
+        checks_with_evidence: number;
+        total_evidence_refs: number;
+        coverage_percent: number;
+    } | null): string;
     projectState(state: RunState): string;
     projectRunSummary(state: RunState): string;
     projectPRSummary(state: RunState, graph: ExecutionGraph): string;
+    projectCommitSummary(state: RunState, graph: ExecutionGraph): string;
+    projectPromotionSummary(state: RunState, graph: ExecutionGraph): string;
 }