sentinelayer-cli 0.8.0 → 0.8.2

package/README.md

@@ -99,6 +99,19 @@ Inputs for non-interactive mode:
 - `package.json` (adds `sentinel:start`, `sentinel:omargate`, `sentinel:omargate:json`, `sentinel:audit`, `sentinel:audit:json`, `sentinel:persona:*`, `sentinel:apply` when missing)
 - `.env` with `SENTINELAYER_TOKEN` (or API-provided secret name) in managed auth mode
 
+## Multi-Agent Session Workflow
+
+Sentinelayer includes a deterministic session coordination surface for multi-agent coding loops:
+
+- session event stream and replay (`start`, `join`, `say`, `read`, `status`, `leave`, `list`, `kill`)
+- agent lifecycle controls (join/heartbeat/leave/kill)
+- recap and context briefing for late-joining agents
+- analytics + lineage artifacts at session closeout
+
+Read the full guide: [docs/sessions.md](docs/sessions.md)
+
+For strategy context, see the long-form blog draft: [docs/blog/slack-for-ai-coding-agents.md](docs/blog/slack-for-ai-coding-agents.md)
+
 ## Advanced options
 
 When `Advanced options?` is enabled:
@@ -647,9 +660,17 @@ The CLI now includes policy-pack selection commands:
 Built-in packs: `community` (default), `strict`, `compliance-soc2`, `compliance-hipaa`.
 Policy selection is stored in config (`defaultPolicyPack`) and applied during `scan init` / `scan validate` / `scan precheck` profile resolution.
 
-## AIdenID CLI foundation (Phase 11 foundation slice)
+## AIdenID CLI surface — Clearance Layer for Agentic Access
+
+AIdenID is the **clearance layer for agentic access** — the site-owned,
+per-request decision layer for AI-agent traffic (`allow | throttle |
+queue | sandbox | deny | price_required`). The `sl ai` CLI surface in
+Sentinelayer drives the **identity-issuance side** of that layer:
+scoped agent identities, intent-bound delegation, verification
+interception, and lifecycle control. Sites that want to decide per
+request consume the identities this CLI provisions.
 
-The CLI now includes an `sl ai` surface for AIdenID identity provisioning:
+The CLI includes an `sl ai` surface for AIdenID identity provisioning:
 
 - `sl ai provision-email --json` (dry-run artifact generation)
 - `sl ai provision-email --execute --api-key <key> --org-id <id> --project-id <id>` (live API call)

package/package.json

@@ -1,15 +1,16 @@
 {
   "name": "sentinelayer-cli",
-  "version": "0.8.0",
+  "version": "0.8.2",
   "description": "Scaffold Sentinelayer spec/prompt/guide artifacts with secure browser auth and token bootstrap.",
   "type": "module",
   "scripts": {
-    "check": "node --check bin/sentinelayer-cli.js && node --check bin/create-sentinelayer.js && node --check bin/sl.js && node --check src/cli.js && node --check src/legacy-cli.js && node --check src/commands/config.js && node --check src/commands/ingest.js && node --check src/commands/spec.js && node --check src/commands/prompt.js && node --check src/commands/scan.js && node --check src/commands/guide.js && node --check src/commands/cost.js && node --check src/commands/telemetry.js && node --check src/commands/auth.js && node --check src/commands/watch.js && node --check src/commands/mcp.js && node --check src/commands/plugin.js && node --check src/commands/ai.js && node --check src/commands/review.js && node --check src/commands/chat.js && node --check src/commands/policy.js && node --check src/commands/swarm.js && node --check src/commands/daemon.js && node --check src/commands/session.js && node --check src/commands/audit.js && node --check src/config/service.js && node --check src/ingest/engine.js && node --check src/spec/generator.js && node --check src/spec/regenerate.js && node --check src/spec/templates.js && node --check src/prompt/generator.js && node --check src/scan/generator.js && node --check src/guide/generator.js && node --check src/cost/tracker.js && node --check src/cost/history.js && node --check src/cost/budget.js && node --check src/ai/client.js && node --check src/ai/aidenid.js && node --check src/ai/identity-store.js && node --check src/ai/domain-target-store.js && node --check src/ai/site-store.js && node --check src/review/local-review.js && node --check src/review/ai-review.js && node --check src/review/report.js && node --check src/review/replay.js && node --check src/audit/registry.js && node --check src/audit/orchestrator.js && node --check src/audit/package.js && node --check src/audit/replay.js && node --check src/audit/agents/security.js && node --check src/audit/agents/architecture.js && node --check src/audit/agents/testing.js && node --check src/audit/agents/performance.js && node --check src/audit/agents/compliance.js && node --check src/audit/agents/documentation.js && node --check src/swarm/registry.js && node --check src/swarm/factory.js && node --check src/swarm/runtime.js && node --check src/swarm/scenario-dsl.js && node --check src/swarm/dashboard.js && node --check src/swarm/report.js && node --check src/swarm/pentest.js && node --check src/daemon/error-worker.js && node --check src/daemon/assignment-ledger.js && node --check src/daemon/jira-lifecycle.js && node --check src/daemon/budget-governor.js && node --check src/daemon/operator-control.js && node --check src/daemon/artifact-lineage.js && node --check src/daemon/ast-parser-layer.js && node --check src/daemon/callgraph-overlay.js && node --check src/daemon/hybrid-mapper.js && node --check src/daemon/scope-engine.js && node --check src/daemon/reliability-lane.js && node --check src/daemon/watchdog.js && node --check src/telemetry/ledger.js && node --check src/auth/http.js && node --check src/auth/session-store.js && node --check src/auth/service.js && node --check src/mcp/registry.js && node --check src/memory/blackboard.js && node --check src/memory/retrieval.js && node --check src/plugin/manifest.js && node --check src/policy/packs.js && node --check src/ui/markdown.js && node --check src/ui/progress.js && node --check src/ui/command-hints.js && node --check src/agents/jules/tools/file-read.js && node --check src/agents/jules/tools/grep.js && node --check src/agents/jules/tools/glob.js && node --check src/agents/jules/tools/shell.js && node --check src/agents/jules/tools/file-edit.js && node --check src/agents/jules/tools/dispatch.js && node --check src/agents/jules/tools/index.js && node --check src/agents/jules/tools/frontend-analyze.js && node --check src/agents/jules/swarm/sub-agent.js && node --check src/agents/jules/swarm/file-scanner.js && node --check src/agents/jules/swarm/pattern-hunter.js && node --check src/agents/jules/swarm/index.js && node --check src/agents/jules/swarm/orchestrator.js && node --check src/agents/jules/config/definition.js && node --check src/agents/jules/loop.js && node --check src/agents/jules/stream.js && node --check src/agents/jules/fix-cycle.js && node --check src/agents/jules/error-intake.js && node --check src/agents/jules/tools/runtime-audit.js && node --check src/agents/jules/config/system-prompt.js && node --check src/agents/jules/tools/auth-audit.js && node --check src/auth/gate.js && node --check src/telemetry/sync.js && node --check src/telemetry/session-tracker.js && node --check src/session/paths.js && node --check src/session/store.js && node --check src/session/stream.js && node --check src/session/agent-registry.js && node --check src/session/daemon.js && node --check src/session/runtime-bridge.js && node --check src/interactive/workspace.js && node --check src/interactive/auto-ingest.js && node --check src/interactive/action-menu.js && node --check src/interactive/index.js && node --check src/daemon/ingest-refresh.js",
+    "check": "node scripts/check.mjs",
+    "docs:build": "node scripts/docs-build.mjs",
     "test": "npm run test:unit && npm run test:e2e",
     "test:unit": "node --test tests/unit*.test.mjs",
     "test:e2e": "node --test tests/e2e.test.mjs",
     "test:coverage": "c8 node --test tests/unit*.test.mjs",
-    "verify": "npm run check && npm run test:e2e && npm run test:coverage && npm pack --dry-run"
+    "verify": "npm run check && npm run docs:build && npm run test:e2e && npm run test:coverage && npm pack --dry-run"
   },
   "bin": {
     "sentinelayer-cli": "bin/sentinelayer-cli.js",
@@ -61,4 +62,3 @@
     "license-checker-rseidelsohn": "4.4.2"
   }
 }
-

package/src/agents/ai-governance/index.js

@@ -0,0 +1,12 @@
+// Amina (ai-governance persona) — barrel export (#A24).
+
+export {
+  AI_GOVERNANCE_TOOLS,
+  AI_GOVERNANCE_TOOL_IDS,
+  dispatchAiGovernanceTool,
+  runAllAiGovernanceTools,
+  runEvalRegression,
+  runHitlAudit,
+  runProvenanceCheck,
+  runPromptDrift,
+} from "./tools/index.js";

package/src/agents/ai-governance/tools/base.js

@@ -0,0 +1,171 @@
+// Shared helpers for Amina's (ai-governance) domain tools (#A24).
+
+import fsp from "node:fs/promises";
+import path from "node:path";
+import process from "node:process";
+
+import ignore from "ignore";
+
+const DEFAULT_IGNORED_DIRS = new Set([
+  ".git",
+  "node_modules",
+  ".venv",
+  ".next",
+  "dist",
+  "build",
+  "coverage",
+  ".sentinelayer",
+  ".sentinel",
+  ".turbo",
+  ".idea",
+  ".vscode",
+  "__pycache__",
+  ".cache",
+]);
+const MAX_FILE_SIZE_BYTES = 1024 * 1024;
+const SEVERITIES = Object.freeze(["P0", "P1", "P2", "P3"]);
+
+export function toPosix(value) {
+  return String(value || "").replace(/\\/g, "/");
+}
+
+export function createFinding({
+  severity,
+  kind,
+  file,
+  line = 0,
+  evidence = "",
+  rootCause = "",
+  recommendedFix = "",
+  confidence = null,
+  tool = "",
+  persona = "ai-governance",
+} = {}) {
+  const normalizedSeverity = SEVERITIES.includes(String(severity || "").toUpperCase())
+    ? String(severity).toUpperCase()
+    : "P2";
+  return {
+    persona,
+    tool: String(tool || "").trim(),
+    kind: String(kind || "").trim() || "ai-governance",
+    severity: normalizedSeverity,
+    file: toPosix(file || ""),
+    line: Number.isFinite(Number(line)) ? Math.max(0, Math.floor(Number(line))) : 0,
+    evidence: String(evidence || "").trim().slice(0, 400),
+    rootCause: String(rootCause || "").trim(),
+    recommendedFix: String(recommendedFix || "").trim(),
+    confidence:
+      confidence === null || confidence === undefined
+        ? null
+        : Math.max(0, Math.min(1, Number(confidence) || 0)),
+  };
+}
+
+async function readIgnorePatterns(filePath) {
+  try {
+    const raw = await fsp.readFile(filePath, "utf-8");
+    return String(raw || "")
+      .split(/\r?\n/)
+      .map((line) => line.trim())
+      .filter((line) => line && !line.startsWith("#"));
+  } catch (err) {
+    if (err && typeof err === "object" && err.code === "ENOENT") {
+      return [];
+    }
+    throw err;
+  }
+}
+
+async function createIgnoreMatcher(rootPath) {
+  const matcher = ignore();
+  const gitignore = await readIgnorePatterns(path.join(rootPath, ".gitignore"));
+  const sentinel = await readIgnorePatterns(
+    path.join(rootPath, ".sentinelayerignore")
+  );
+  matcher.add([...gitignore, ...sentinel]);
+  return (relativePath, isDirectory) => {
+    const normalized = toPosix(relativePath);
+    if (!normalized) {
+      return false;
+    }
+    const candidate = isDirectory ? `${normalized}/` : normalized;
+    return matcher.ignores(candidate);
+  };
+}
+
+export function findLineMatches(content, pattern) {
+  const text = String(content || "");
+  const global = new RegExp(
+    pattern.source,
+    pattern.flags.includes("g") ? pattern.flags : `${pattern.flags}g`
+  );
+  const matches = [];
+  let match;
+  while ((match = global.exec(text)) !== null) {
+    const lineIndex = text.slice(0, match.index).split(/\r?\n/).length;
+    matches.push({ index: match.index, line: lineIndex, match: match[0] });
+  }
+  return matches;
+}
+
+export function getLineContent(content, line) {
+  const lines = String(content || "").split(/\r?\n/);
+  return (lines[Math.max(0, (Number(line) || 1) - 1)] || "").trim();
+}
+
+export async function* walkRepoFiles({
+  rootPath = process.cwd(),
+  extensions = new Set(),
+  maxFileSize = MAX_FILE_SIZE_BYTES,
+} = {}) {
+  const resolvedRoot = path.resolve(rootPath);
+  const ignoreMatcher = await createIgnoreMatcher(resolvedRoot);
+  const wantedExtensions =
+    extensions instanceof Set
+      ? extensions
+      : new Set(Array.isArray(extensions) ? extensions : []);
+  const stack = [resolvedRoot];
+  while (stack.length > 0) {
+    const current = stack.pop();
+    let entries = [];
+    try {
+      entries = await fsp.readdir(current, { withFileTypes: true });
+    } catch {
+      continue;
+    }
+    for (const entry of entries) {
+      const fullPath = path.join(current, entry.name);
+      const relativePath = toPosix(path.relative(resolvedRoot, fullPath));
+      if (entry.isDirectory()) {
+        if (!relativePath || DEFAULT_IGNORED_DIRS.has(entry.name)) {
+          continue;
+        }
+        if (ignoreMatcher(relativePath, true)) {
+          continue;
+        }
+        stack.push(fullPath);
+        continue;
+      }
+      if (!entry.isFile()) {
+        continue;
+      }
+      if (ignoreMatcher(relativePath, false)) {
+        continue;
+      }
+      const ext = path.extname(entry.name).toLowerCase();
+      if (wantedExtensions.size > 0 && !wantedExtensions.has(ext) && !wantedExtensions.has("")) {
+        continue;
+      }
+      let stat = null;
+      try {
+        stat = await fsp.stat(fullPath);
+      } catch {
+        stat = null;
+      }
+      if (!stat || stat.size > maxFileSize) {
+        continue;
+      }
+      yield { fullPath, relativePath, stat };
+    }
+  }
+}

package/src/agents/ai-governance/tools/eval-regression.js

@@ -0,0 +1,47 @@
+// eval-regression — advise when LLM use is present but no eval suite (#A24).
+
+import fsp from "node:fs/promises";
+import path from "node:path";
+
+import { createFinding, toPosix, walkRepoFiles } from "./base.js";
+
+const LLM_SIGNALS = [
+  /openai|anthropic|gemini|bedrock/i,
+  /Messages\.create|ChatCompletion|chat\.completions|generateContent/,
+  /createMultiProviderApiClient/,
+];
+
+export async function runEvalRegression({ rootPath } = {}) {
+  const resolvedRoot = path.resolve(String(rootPath || "."));
+  let hasLlm = false;
+  let hasEval = false;
+  for await (const { fullPath, relativePath } of walkRepoFiles({
+    rootPath: resolvedRoot,
+    extensions: new Set([".js", ".ts", ".tsx", ".jsx", ".mjs", ".cjs", ".py", ".yaml", ".yml", ".json"]),
+  })) {
+    const rel = toPosix(relativePath);
+    if (/(^|\/)(evals?|evaluations?)\//i.test(rel)) hasEval = true;
+    if (/(^|\/)promptfoo\./i.test(rel) || /(^|\/)\.promptfoo\./.test(rel)) hasEval = true;
+    try {
+      const content = await fsp.readFile(fullPath, "utf-8");
+      if (LLM_SIGNALS.some((p) => p.test(content))) hasLlm = true;
+    } catch {
+      /* skip */
+    }
+    if (hasLlm && hasEval) break;
+  }
+  if (!hasLlm || hasEval) return [];
+  return [
+    createFinding({
+      tool: "eval-regression",
+      kind: "ai-governance.no-eval-suite",
+      severity: "P1",
+      file: "",
+      line: 0,
+      evidence: "LLM usage detected (openai/anthropic/gemini) but no evals/ or promptfoo config",
+      rootCause: "Without a regression eval suite, prompt edits and model upgrades silently change behavior in production.",
+      recommendedFix: "Ship an evals/ directory with promptfoo / lm-evaluation-harness test cases. Run on every prompt change and model version bump.",
+      confidence: 0.7,
+    }),
+  ];
+}

package/src/agents/ai-governance/tools/hitl-audit.js

@@ -0,0 +1,81 @@
+// hitl-audit — advise when LLM output is acted on without human-in-the-loop (#A24).
+
+import fsp from "node:fs/promises";
+import path from "node:path";
+
+import { createFinding, findLineMatches, getLineContent, toPosix, walkRepoFiles } from "./base.js";
+
+const CODE_EXTENSIONS = new Set([".js", ".jsx", ".ts", ".tsx", ".mjs", ".cjs", ".py"]);
+
+const LLM_CALL_PATTERNS = [
+  /Messages\.create\s*\(/,
+  /chat\.completions\.create\s*\(/,
+  /generateContent\s*\(/,
+  /createMultiProviderApiClient\s*\(/,
+];
+
+const ACTION_PATTERNS = [
+  /exec(?:Sync)?\s*\(/,
+  /spawn(?:Sync)?\s*\(/,
+  /fs\.(?:unlink|unlinkSync|rm|rmSync|writeFile|writeFileSync|rename|renameSync)\s*\(/,
+  /db\.(?:update|delete|drop|truncate|raw)\s*\(/,
+  /fetch\s*\([^)]*method\s*:\s*['"](?:POST|PUT|DELETE|PATCH)['"]/,
+];
+
+const APPROVAL_SIGNALS = [
+  /human[_-]?in[_-]?(?:the[_-]?)?loop|HITL/i,
+  /await\s+(?:confirm|approval|operatorApprov|humanReview)/i,
+  /requires?[_-]?approval|needs[_-]?approval/i,
+  /await\s+prompts?\s*\(/,
+];
+
+export async function runHitlAudit({ rootPath, files = null } = {}) {
+  const resolvedRoot = path.resolve(String(rootPath || "."));
+  const iterator =
+    Array.isArray(files) && files.length > 0
+      ? iterateExplicitFiles(resolvedRoot, files)
+      : walkRepoFiles({ rootPath: resolvedRoot, extensions: CODE_EXTENSIONS });
+
+  const findings = [];
+  for await (const { fullPath, relativePath } of iterator) {
+    let content;
+    try {
+      content = await fsp.readFile(fullPath, "utf-8");
+    } catch {
+      continue;
+    }
+    const hasLlm = LLM_CALL_PATTERNS.some((p) => p.test(content));
+    if (!hasLlm) continue;
+    const hasAction = ACTION_PATTERNS.some((p) => p.test(content));
+    if (!hasAction) continue;
+    const hasApproval = APPROVAL_SIGNALS.some((p) => p.test(content));
+    if (hasApproval) continue;
+    const match = findLineMatches(content, ACTION_PATTERNS[0])[0] ||
+      findLineMatches(content, ACTION_PATTERNS[1])[0] ||
+      findLineMatches(content, ACTION_PATTERNS[2])[0];
+    findings.push(
+      createFinding({
+        tool: "hitl-audit",
+        kind: "ai-governance.no-hitl",
+        severity: "P1",
+        file: toPosix(relativePath),
+        line: match?.line || 1,
+        evidence: getLineContent(content, match?.line || 1),
+        rootCause: "File calls an LLM then takes a destructive / mutating action with no human-in-the-loop confirmation. A jailbroken prompt becomes an arbitrary operation.",
+        recommendedFix: "Gate high-impact actions on explicit operator approval (`await confirmWithOperator(plan)`), or run them inside a sandbox with narrow permissions and a review queue.",
+        confidence: 0.5,
+      })
+    );
+  }
+  return findings;
+}
+
+async function* iterateExplicitFiles(resolvedRoot, files) {
+  for (const file of files) {
+    const trimmed = String(file || "").trim();
+    if (!trimmed) continue;
+    const fullPath = path.isAbsolute(trimmed) ? trimmed : path.join(resolvedRoot, trimmed);
+    const relativePath = path.relative(resolvedRoot, fullPath).replace(/\\/g, "/");
+    yield { fullPath, relativePath };
+  }
+}

package/src/agents/ai-governance/tools/index.js

@@ -0,0 +1,52 @@
+// Amina (ai-governance persona) domain-tool registry (#A24).
+
+import { runEvalRegression } from "./eval-regression.js";
+import { runHitlAudit } from "./hitl-audit.js";
+import { runProvenanceCheck } from "./provenance-check.js";
+import { runPromptDrift } from "./prompt-drift.js";
+
+export const AI_GOVERNANCE_TOOLS = Object.freeze({
+  "eval-regression": {
+    id: "eval-regression",
+    description: "Advise when LLM usage is detected but no evals/ or promptfoo config exists.",
+    schema: { type: "object", properties: { rootPath: { type: "string" } } },
+    handler: runEvalRegression,
+  },
+  "prompt-drift": {
+    id: "prompt-drift",
+    description: "Flag prompt files under prompts/ / ai/ / llm/ that lack a version header.",
+    schema: { type: "object", properties: { rootPath: { type: "string" } } },
+    handler: runPromptDrift,
+  },
+  "hitl-audit": {
+    id: "hitl-audit",
+    description: "Flag files that call an LLM and then run a destructive action without human-in-the-loop approval signals.",
+    schema: { type: "object", properties: { rootPath: { type: "string" }, files: { type: "array", items: { type: "string" } } } },
+    handler: runHitlAudit,
+  },
+  "provenance-check": {
+    id: "provenance-check",
+    description: "Flag generateContent / composeEmail / LLM-generated content without provenance (ai-generated header, C2PA, watermark).",
+    schema: { type: "object", properties: { rootPath: { type: "string" }, files: { type: "array", items: { type: "string" } } } },
+    handler: runProvenanceCheck,
+  },
+});
+
+export const AI_GOVERNANCE_TOOL_IDS = Object.freeze(Object.keys(AI_GOVERNANCE_TOOLS));
+
+export async function dispatchAiGovernanceTool(toolId, args = {}) {
+  const tool = AI_GOVERNANCE_TOOLS[toolId];
+  if (!tool) throw new Error(`Unknown ai-governance tool: ${toolId}`);
+  return tool.handler(args);
+}
+
+export async function runAllAiGovernanceTools({ rootPath, files = null } = {}) {
+  const findings = [];
+  for (const toolId of AI_GOVERNANCE_TOOL_IDS) {
+    const out = await dispatchAiGovernanceTool(toolId, { rootPath, files });
+    findings.push(...out);
+  }
+  return findings;
+}
+
+export { runEvalRegression, runHitlAudit, runProvenanceCheck, runPromptDrift };

package/src/agents/ai-governance/tools/prompt-drift.js

@@ -0,0 +1,42 @@
+// prompt-drift — advise when prompt files aren't versioned (#A24).
+
+import fsp from "node:fs/promises";
+import path from "node:path";
+
+import { createFinding, toPosix, walkRepoFiles } from "./base.js";
+
+export async function runPromptDrift({ rootPath } = {}) {
+  const resolvedRoot = path.resolve(String(rootPath || "."));
+  const findings = [];
+  for await (const { fullPath, relativePath } of walkRepoFiles({
+    rootPath: resolvedRoot,
+  })) {
+    const rel = toPosix(relativePath);
+    if (!/(^|\/)(prompts?|ai|llm)\//i.test(rel)) continue;
+    if (!/\.(md|txt|ya?ml|json|prompt)$/i.test(rel)) continue;
+    let content;
+    try {
+      content = await fsp.readFile(fullPath, "utf-8");
+    } catch {
+      continue;
+    }
+    const hasVersion = /version\s*[:=]\s*['"]?v?\d+\.\d+/i.test(content) ||
+      /---[\s\S]*?version:[\s\S]*?---/.test(content);
+    if (!hasVersion) {
+      findings.push(
+        createFinding({
+          tool: "prompt-drift",
+          kind: "ai-governance.unversioned-prompt",
+          severity: "P2",
+          file: rel,
+          line: 0,
+          evidence: "No version header in prompt file",
+          rootCause: "Prompts without explicit versions make it impossible to roll back behavior changes or compare eval runs across versions.",
+          recommendedFix: "Add a `version: 1.2.0` frontmatter header. Bump on every edit. Pair with eval-regression runs keyed on version.",
+          confidence: 0.55,
+        })
+      );
+    }
+  }
+  return findings;
+}

package/src/agents/ai-governance/tools/provenance-check.js

@@ -0,0 +1,69 @@
+// provenance-check — advise when AI-generated content lacks provenance signals (#A24).
+
+import fsp from "node:fs/promises";
+import path from "node:path";
+
+import { createFinding, findLineMatches, getLineContent, toPosix, walkRepoFiles } from "./base.js";
+
+const CODE_EXTENSIONS = new Set([".js", ".jsx", ".ts", ".tsx", ".mjs", ".cjs", ".py"]);
+
+const GENERATION_PATTERNS = [
+  /\bgenerate(?:Content|Response|Completion|Text|Draft|Message)?\s*\(/,
+  /\bcompose(?:Email|Message|Reply)\s*\(/,
+  /\bllm[._](?:complete|generate)\s*\(/,
+];
+
+const PROVENANCE_SIGNALS = [
+  /ai[_-]?generated|generated[_-]?by[_-]?ai/i,
+  /provenance|attribution/i,
+  /X-AI-Generated|x_ai_generated/,
+  /watermark/i,
+  /c2pa/i,
+];
+
+export async function runProvenanceCheck({ rootPath, files = null } = {}) {
+  const resolvedRoot = path.resolve(String(rootPath || "."));
+  const iterator =
+    Array.isArray(files) && files.length > 0
+      ? iterateExplicitFiles(resolvedRoot, files)
+      : walkRepoFiles({ rootPath: resolvedRoot, extensions: CODE_EXTENSIONS });
+
+  const findings = [];
+  for await (const { fullPath, relativePath } of iterator) {
+    let content;
+    try {
+      content = await fsp.readFile(fullPath, "utf-8");
+    } catch {
+      continue;
+    }
+    const matches = GENERATION_PATTERNS.flatMap((p) => findLineMatches(content, p));
+    if (matches.length === 0) continue;
+    const hasProvenance = PROVENANCE_SIGNALS.some((p) => p.test(content));
+    if (hasProvenance) continue;
+    const first = matches.sort((a, b) => a.line - b.line)[0];
+    findings.push(
+      createFinding({
+        tool: "provenance-check",
+        kind: "ai-governance.no-provenance",
+        severity: "P2",
+        file: toPosix(relativePath),
+        line: first.line,
+        evidence: getLineContent(content, first.line),
+        rootCause: "AI-generated content shipped without provenance metadata (ai-generated header, attribution line, C2PA manifest). Downstream can't tell it from human output.",
+        recommendedFix: "Tag generated content with an AI-generated marker (HTTP header, Markdown frontmatter, or C2PA manifest for images). Regulated domains (health, legal, elections) often require this by law.",
+        confidence: 0.5,
+      })
+    );
+  }
+  return findings;
+}
+
+async function* iterateExplicitFiles(resolvedRoot, files) {
+  for (const file of files) {
+    const trimmed = String(file || "").trim();
+    if (!trimmed) continue;
+    const fullPath = path.isAbsolute(trimmed) ? trimmed : path.join(resolvedRoot, trimmed);
+    const relativePath = path.relative(resolvedRoot, fullPath).replace(/\\/g, "/");
+    yield { fullPath, relativePath };
+  }
+}

package/src/agents/backend/index.js

@@ -0,0 +1,12 @@
+// Maya (backend persona) — barrel export (#A14).
+
+export {
+  BACKEND_TOOLS,
+  BACKEND_TOOL_IDS,
+  dispatchBackendTool,
+  runAllBackendTools,
+  runCircuitBreakerCheck,
+  runIdempotencyAudit,
+  runRetryAudit,
+  runTimeoutAudit,
+} from "./tools/index.js";