shieldcortex 2.1.4 → 2.3.0

package/dist/defence/__tests__/agent-scorer.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"agent-scorer.test.js","sourceRoot":"","sources":["../../../src/defence/__tests__/agent-scorer.test.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AACrD,OAAO,EAAE,UAAU,EAAE,aAAa,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAEhH,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;IAClC,QAAQ,CAAC,YAAY,EAAE,GAAG,EAAE;QAC1B,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;YACjD,MAAM,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC/C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;YAC5C,MAAM,CAAC,UAAU,CAAC,qBAAqB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACrD,MAAM,CAAC,UAAU,CAAC,6BAA6B,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAChE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;YACzC,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;YAC3C,MAAM,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAChD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;YACtC,MAAM,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;YAC/C,MAAM,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACjD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;YAC9C,MAAM,IAAI,GAAG,0BAA0B,CAAC,CAAC,oBAAoB;YAC7D,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACnC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;YAC1C,MAAM,KAAK,GAAG,wBAAwB,CAAC,CAAC,gBAAgB;YACxD,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QAC/C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;YACrC,MAAM,MAAM,GAAG,EAAE,GAAG,oBAAoB,EAAE,WAAW,EAAE,GAAG,EAAE,CAAC;YAC7D,MAAM,CAAC,UAAU,CAAC,mBAAmB,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC7D,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;QAC7B,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;YAC3C,MAAM,CAAC,aAAa,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAChD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;YACtC,MAAM,CAAC,aAAa,CAAC,oBAAoB,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACtD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;QACnC,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;YACzC,MAAM,SAAS,GAAG,mBAAmB,CAAC,qBAAqB,CAAC,CAAC;YAC7D,MAAM,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YAClC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC;YAC/C,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;YACxC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;YACzC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QAC1C,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,8BAA8B,EAAE,GAAG,EAAE;QAC5C,EAAE,CAAC,gDAAgD,EAAE,KAAK,IAAI,EAAE;YAC9D,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,2BAA2B,CAAC,CAAC;YAElE,MAAM,MAAM,GAAG,WAAW,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,CAAC,CAAC;YAC1E,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAE/B,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,qBAAqB,EAAE,CAAC,CAAC;YAChF,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAE/B,oCAAoC;YACpC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,iBAAiB,CAAC,CAAC;QAC1D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qCAAqC,EAAE,KAAK,IAAI,EAAE;YACnD,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,2BAA2B,CAAC,CAAC;YAElE,MAAM,GAAG,GAAG,WAAW,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC,CAAC;YAC5D,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC9B,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/defence/__tests__/env-detector.test.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Environment-Based Source Inference Tests
+ */
+export {};
+//# sourceMappingURL=env-detector.test.d.ts.map

package/dist/defence/__tests__/env-detector.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"env-detector.test.d.ts","sourceRoot":"","sources":["../../../src/defence/__tests__/env-detector.test.ts"],"names":[],"mappings":"AAAA;;GAEG"}

package/dist/defence/__tests__/env-detector.test.js

@@ -0,0 +1,99 @@
+/**
+ * Environment-Based Source Inference Tests
+ */
+import { describe, it, expect, beforeEach, afterEach } from '@jest/globals';
+import { inferSourceFromEnvironment, resolveSource } from '../trust/env-detector.js';
+describe('Environment-Based Source Inference', () => {
+    const originalEnv = { ...process.env };
+    beforeEach(() => {
+        // Clear all relevant env vars
+        delete process.env.CLAUDE_CODE_ENTRYPOINT;
+        delete process.env.CLAUDE_AGENT_CONTEXT;
+        delete process.env.SHIELDCORTEX_AGENT_SOURCE;
+    });
+    afterEach(() => {
+        // Restore original env
+        process.env = { ...originalEnv };
+    });
+    describe('inferSourceFromEnvironment', () => {
+        it('should detect direct Claude Code CLI', () => {
+            process.env.CLAUDE_CODE_ENTRYPOINT = 'cli';
+            const result = inferSourceFromEnvironment();
+            expect(result.source).toEqual({ type: 'cli', identifier: 'mcp' });
+            expect(result.method).toBe('env:CLAUDE_CODE_ENTRYPOINT');
+            expect(result.confidence).toBe('high');
+        });
+        it('should detect Claude Code sub-agent', () => {
+            process.env.CLAUDE_CODE_ENTRYPOINT = 'subagent';
+            const result = inferSourceFromEnvironment();
+            expect(result.source).toEqual({ type: 'agent', identifier: 'agent-spawned' });
+            expect(result.confidence).toBe('high');
+        });
+        it('should detect CLAUDE_AGENT_CONTEXT=subagent', () => {
+            process.env.CLAUDE_AGENT_CONTEXT = 'subagent';
+            const result = inferSourceFromEnvironment();
+            expect(result.source.type).toBe('agent');
+            expect(result.source.identifier).toBe('agent-spawned');
+            expect(result.method).toBe('env:CLAUDE_AGENT_CONTEXT');
+        });
+        it('should detect CLAUDE_AGENT_CONTEXT=hook', () => {
+            process.env.CLAUDE_AGENT_CONTEXT = 'hook';
+            const result = inferSourceFromEnvironment();
+            expect(result.source.identifier).toBe('hook');
+        });
+        it('should parse SHIELDCORTEX_AGENT_SOURCE with type prefix', () => {
+            process.env.SHIELDCORTEX_AGENT_SOURCE = 'agent:user-spawned>task-1';
+            const result = inferSourceFromEnvironment();
+            expect(result.source).toEqual({ type: 'agent', identifier: 'user-spawned>task-1' });
+            expect(result.method).toBe('env:SHIELDCORTEX_AGENT_SOURCE');
+            expect(result.confidence).toBe('high');
+        });
+        it('should handle SHIELDCORTEX_AGENT_SOURCE without type prefix', () => {
+            process.env.SHIELDCORTEX_AGENT_SOURCE = 'some-agent';
+            const result = inferSourceFromEnvironment();
+            expect(result.source.type).toBe('agent'); // defaults to agent
+            expect(result.source.identifier).toBe('some-agent');
+        });
+        it('should prioritise SHIELDCORTEX_AGENT_SOURCE over CLAUDE_CODE_ENTRYPOINT', () => {
+            process.env.SHIELDCORTEX_AGENT_SOURCE = 'cli:custom-tool';
+            process.env.CLAUDE_CODE_ENTRYPOINT = 'subagent';
+            const result = inferSourceFromEnvironment();
+            expect(result.source).toEqual({ type: 'cli', identifier: 'custom-tool' });
+        });
+        it('should return unknown:default with low confidence when no env vars set', () => {
+            const result = inferSourceFromEnvironment();
+            expect(result.source).toEqual({ type: 'cli', identifier: 'unknown' });
+            expect(result.method).toBe('default');
+            expect(result.confidence).toBe('low');
+        });
+    });
+    describe('resolveSource', () => {
+        it('should use declared source when provided', () => {
+            const declared = { type: 'agent', identifier: 'user-spawned>task-1' };
+            const result = resolveSource(declared);
+            expect(result.source).toEqual(declared);
+            expect(result.inferred).toBe(false);
+            expect(result.detection).toBeUndefined();
+        });
+        it('should infer from environment when no source declared', () => {
+            process.env.CLAUDE_CODE_ENTRYPOINT = 'cli';
+            const result = resolveSource(undefined);
+            expect(result.source).toEqual({ type: 'cli', identifier: 'mcp' });
+            expect(result.inferred).toBe(true);
+            expect(result.detection).toBeDefined();
+        });
+        it('should downgrade unknown sources in strict mode', () => {
+            // No env vars → unknown
+            const result = resolveSource(undefined, true);
+            expect(result.source).toEqual({ type: 'agent', identifier: 'unknown:strict' });
+            expect(result.inferred).toBe(true);
+        });
+        it('should not downgrade env-detected sources in strict mode', () => {
+            process.env.CLAUDE_CODE_ENTRYPOINT = 'cli';
+            const result = resolveSource(undefined, true);
+            // Not default method, so no downgrade
+            expect(result.source).toEqual({ type: 'cli', identifier: 'mcp' });
+        });
+    });
+});
+//# sourceMappingURL=env-detector.test.js.map

package/dist/defence/__tests__/env-detector.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"env-detector.test.js","sourceRoot":"","sources":["../../../src/defence/__tests__/env-detector.test.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAC5E,OAAO,EAAE,0BAA0B,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AAErF,QAAQ,CAAC,oCAAoC,EAAE,GAAG,EAAE;IAClD,MAAM,WAAW,GAAG,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IAEvC,UAAU,CAAC,GAAG,EAAE;QACd,8BAA8B;QAC9B,OAAO,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC;QAC1C,OAAO,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;QACxC,OAAO,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,GAAG,EAAE;QACb,uBAAuB;QACvB,OAAO,CAAC,GAAG,GAAG,EAAE,GAAG,WAAW,EAAE,CAAC;IACnC,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,4BAA4B,EAAE,GAAG,EAAE;QAC1C,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;YAC9C,OAAO,CAAC,GAAG,CAAC,sBAAsB,GAAG,KAAK,CAAC;YAC3C,MAAM,MAAM,GAAG,0BAA0B,EAAE,CAAC;YAC5C,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC,CAAC;YAClE,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;YACzD,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACzC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;YAC7C,OAAO,CAAC,GAAG,CAAC,sBAAsB,GAAG,UAAU,CAAC;YAChD,MAAM,MAAM,GAAG,0BAA0B,EAAE,CAAC;YAC5C,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,CAAC,CAAC;YAC9E,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACzC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;YACrD,OAAO,CAAC,GAAG,CAAC,oBAAoB,GAAG,UAAU,CAAC;YAC9C,MAAM,MAAM,GAAG,0BAA0B,EAAE,CAAC;YAC5C,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACzC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;YACvD,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;YACjD,OAAO,CAAC,GAAG,CAAC,oBAAoB,GAAG,MAAM,CAAC;YAC1C,MAAM,MAAM,GAAG,0BAA0B,EAAE,CAAC;YAC5C,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAChD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yDAAyD,EAAE,GAAG,EAAE;YACjE,OAAO,CAAC,GAAG,CAAC,yBAAyB,GAAG,2BAA2B,CAAC;YACpE,MAAM,MAAM,GAAG,0BAA0B,EAAE,CAAC;YAC5C,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,qBAAqB,EAAE,CAAC,CAAC;YACpF,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;YAC5D,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACzC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6DAA6D,EAAE,GAAG,EAAE;YACrE,OAAO,CAAC,GAAG,CAAC,yBAAyB,GAAG,YAAY,CAAC;YACrD,MAAM,MAAM,GAAG,0BAA0B,EAAE,CAAC;YAC5C,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,oBAAoB;YAC9D,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACtD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yEAAyE,EAAE,GAAG,EAAE;YACjF,OAAO,CAAC,GAAG,CAAC,yBAAyB,GAAG,iBAAiB,CAAC;YAC1D,OAAO,CAAC,GAAG,CAAC,sBAAsB,GAAG,UAAU,CAAC;YAChD,MAAM,MAAM,GAAG,0BAA0B,EAAE,CAAC;YAC5C,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,aAAa,EAAE,CAAC,CAAC;QAC5E,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wEAAwE,EAAE,GAAG,EAAE;YAChF,MAAM,MAAM,GAAG,0BAA0B,EAAE,CAAC;YAC5C,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC,CAAC;YACtE,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACtC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;QAC7B,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;YAClD,MAAM,QAAQ,GAAG,EAAE,IAAI,EAAE,OAAgB,EAAE,UAAU,EAAE,qBAAqB,EAAE,CAAC;YAC/E,MAAM,MAAM,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;YACvC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YACxC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACpC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,aAAa,EAAE,CAAC;QAC3C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uDAAuD,EAAE,GAAG,EAAE;YAC/D,OAAO,CAAC,GAAG,CAAC,sBAAsB,GAAG,KAAK,CAAC;YAC3C,MAAM,MAAM,GAAG,aAAa,CAAC,SAAS,CAAC,CAAC;YACxC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC,CAAC;YAClE,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAC;QACzC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,iDAAiD,EAAE,GAAG,EAAE;YACzD,wBAAwB;YACxB,MAAM,MAAM,GAAG,aAAa,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;YAC9C,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,gBAAgB,EAAE,CAAC,CAAC;YAC/E,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0DAA0D,EAAE,GAAG,EAAE;YAClE,OAAO,CAAC,GAAG,CAAC,sBAAsB,GAAG,KAAK,CAAC;YAC3C,MAAM,MAAM,GAAG,aAAa,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;YAC9C,sCAAsC;YACtC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC,CAAC;QACpE,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/defence/__tests__/pipeline.test.js

@@ -16,6 +16,7 @@ const testConfig = {
     trustThresholdForActions: 0.7,
     autoQuarantineThreshold: 0.3,
     flagThreshold: 0.5,
+    strictSourceMode: false,
 };
 beforeAll(() => {
     initDatabase(':memory:');

package/dist/defence/__tests__/pipeline.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"pipeline.test.js","sourceRoot":"","sources":["../../../src/defence/__tests__/pipeline.test.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAC1E,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAGrE,kEAAkE;AAClE,mEAAmE;AACnE,iDAAiD;AACjD,MAAM,UAAU,GAAkB;IAChC,IAAI,EAAE,UAAU;IAChB,4BAA4B,EAAE,KAAK;IACnC,wBAAwB,EAAE,EAAE;IAC5B,wBAAwB,EAAE,GAAG;IAC7B,uBAAuB,EAAE,GAAG;IAC5B,aAAa,EAAE,GAAG;CACnB,CAAC;AAEF,SAAS,CAAC,GAAG,EAAE;IACb,YAAY,CAAC,UAAU,CAAC,CAAC;AAC3B,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,GAAG,EAAE;IACZ,aAAa,EAAE,CAAC;AAClB,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,kBAAkB,EAAE,GAAG,EAAE;IAChC,EAAE,CAAC,wEAAwE,EAAE,KAAK,IAAI,EAAE;QACtF,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,CAAC;QAC9D,MAAM,MAAM,GAAG,kBAAkB,CAC/B,mGAAmG,EACnG,eAAe,EACf,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,EACtC,UAAU,CACX,CAAC;QAEF,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACnC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC,SAAS,CAAC,uBAAuB,CAAC,CAAC;IAC9E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+EAA+E,EAAE,KAAK,IAAI,EAAE;QAC7F,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,CAAC;QAC9D,MAAM,MAAM,GAAG,kBAAkB,CAC/B,wGAAwG,EACxG,qBAAqB,EACrB,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,EACtC,UAAU,CACX,CAAC;QAEF,2EAA2E;QAC3E,oEAAoE;QACpE,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACjD,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACrC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IACrE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4CAA4C,EAAE,KAAK,IAAI,EAAE;QAC1D,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,CAAC;QAC9D,MAAM,MAAM,GAAG,kBAAkB,CAC/B,qDAAqD,EACrD,gBAAgB,EAChB,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,EACtC,UAAU,CACX,CAAC;QAEF,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wEAAwE,EAAE,KAAK,IAAI,EAAE;QACtF,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,CAAC;QAC9D,MAAM,MAAM,GAAG,kBAAkB,CAC/B,0BAA0B,EAC1B,aAAa,EACb,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,EACtC,UAAU,CACX,CAAC;QAEF,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACpD,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,iBAAiB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iDAAiD,EAAE,KAAK,IAAI,EAAE;QAC/D,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,CAAC;QAC9D,MAAM,MAAM,GAAG,kBAAkB,CAC/B,aAAa,EACb,MAAM,EACN,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,EACtC,UAAU,CACX,CAAC;QAEF,MAAM,CAAC,OAAO,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC7C,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"pipeline.test.js","sourceRoot":"","sources":["../../../src/defence/__tests__/pipeline.test.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAC1E,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAGrE,kEAAkE;AAClE,mEAAmE;AACnE,iDAAiD;AACjD,MAAM,UAAU,GAAkB;IAChC,IAAI,EAAE,UAAU;IAChB,4BAA4B,EAAE,KAAK;IACnC,wBAAwB,EAAE,EAAE;IAC5B,wBAAwB,EAAE,GAAG;IAC7B,uBAAuB,EAAE,GAAG;IAC5B,aAAa,EAAE,GAAG;IAClB,gBAAgB,EAAE,KAAK;CACxB,CAAC;AAEF,SAAS,CAAC,GAAG,EAAE;IACb,YAAY,CAAC,UAAU,CAAC,CAAC;AAC3B,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,GAAG,EAAE;IACZ,aAAa,EAAE,CAAC;AAClB,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,kBAAkB,EAAE,GAAG,EAAE;IAChC,EAAE,CAAC,wEAAwE,EAAE,KAAK,IAAI,EAAE;QACtF,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,CAAC;QAC9D,MAAM,MAAM,GAAG,kBAAkB,CAC/B,mGAAmG,EACnG,eAAe,EACf,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,EACtC,UAAU,CACX,CAAC;QAEF,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACnC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC,SAAS,CAAC,uBAAuB,CAAC,CAAC;IAC9E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+EAA+E,EAAE,KAAK,IAAI,EAAE;QAC7F,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,CAAC;QAC9D,MAAM,MAAM,GAAG,kBAAkB,CAC/B,wGAAwG,EACxG,qBAAqB,EACrB,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,EACtC,UAAU,CACX,CAAC;QAEF,2EAA2E;QAC3E,oEAAoE;QACpE,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACjD,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACrC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IACrE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4CAA4C,EAAE,KAAK,IAAI,EAAE;QAC1D,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,CAAC;QAC9D,MAAM,MAAM,GAAG,kBAAkB,CAC/B,qDAAqD,EACrD,gBAAgB,EAChB,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,EACtC,UAAU,CACX,CAAC;QAEF,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wEAAwE,EAAE,KAAK,IAAI,EAAE;QACtF,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,CAAC;QAC9D,MAAM,MAAM,GAAG,kBAAkB,CAC/B,0BAA0B,EAC1B,aAAa,EACb,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,EACtC,UAAU,CACX,CAAC;QAEF,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACpD,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,iBAAiB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iDAAiD,EAAE,KAAK,IAAI,EAAE;QAC/D,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,CAAC;QAC9D,MAAM,MAAM,GAAG,kBAAkB,CAC/B,aAAa,EACb,MAAM,EACN,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,EACtC,UAAU,CACX,CAAC;QAEF,MAAM,CAAC,OAAO,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC7C,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/defence/__tests__/trust.test.js

@@ -20,10 +20,11 @@ describe('Trust Source Scorer', () => {
         const result = scoreSource({ type: 'web', identifier: 'scraper' });
         expect(result.score).toBe(0.3);
     });
-    it('should score agent source as 0.1', async () => {
+    it('should score agent source using hierarchy scorer', async () => {
         const { scoreSource } = await import('../trust/source-scorer.js');
+        // Unknown origin defaults to 0.3 base
         const result = scoreSource({ type: 'agent', identifier: 'assistant' });
-        expect(result.score).toBe(0.1);
+        expect(result.score).toBe(0.3);
     });
     it('should score user:approved as 0.9', async () => {
         const { scoreSource } = await import('../trust/source-scorer.js');

package/dist/defence/__tests__/trust.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"trust.test.js","sourceRoot":"","sources":["../../../src/defence/__tests__/trust.test.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AAErD,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;IACnC,EAAE,CAAC,iCAAiC,EAAE,KAAK,IAAI,EAAE;QAC/C,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,2BAA2B,CAAC,CAAC;QAClE,MAAM,MAAM,GAAG,WAAW,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,CAAC,CAAC;QACnE,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kCAAkC,EAAE,KAAK,IAAI,EAAE;QAChD,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,2BAA2B,CAAC,CAAC;QAClE,MAAM,MAAM,GAAG,WAAW,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC,CAAC;QACnE,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gCAAgC,EAAE,KAAK,IAAI,EAAE;QAC9C,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,2BAA2B,CAAC,CAAC;QAClE,MAAM,MAAM,GAAG,WAAW,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC,CAAC;QACnE,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kCAAkC,EAAE,KAAK,IAAI,EAAE;QAChD,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,2BAA2B,CAAC,CAAC;QAClE,MAAM,MAAM,GAAG,WAAW,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,CAAC,CAAC;QACvE,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mCAAmC,EAAE,KAAK,IAAI,EAAE;QACjD,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,2BAA2B,CAAC,CAAC;QAClE,MAAM,MAAM,GAAG,WAAW,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,UAAU,EAAE,CAAC,CAAC;QACrE,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0CAA0C,EAAE,KAAK,IAAI,EAAE;QACxD,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,2BAA2B,CAAC,CAAC;QAClE,MAAM,MAAM,GAAG,WAAW,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC,CAAC;QACnE,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAC;QACvC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QACnD,oDAAoD;QACpD,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;QAC/E,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;IACzE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wCAAwC,EAAE,KAAK,IAAI,EAAE;QACtD,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,2BAA2B,CAAC,CAAC;QAClE,MAAM,MAAM,GAAG,EAAE,IAAI,EAAE,OAAgB,EAAE,UAAU,EAAE,kBAAkB,EAAE,CAAC;QAC1E,MAAM,MAAM,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;QACnC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"trust.test.js","sourceRoot":"","sources":["../../../src/defence/__tests__/trust.test.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AAErD,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;IACnC,EAAE,CAAC,iCAAiC,EAAE,KAAK,IAAI,EAAE;QAC/C,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,2BAA2B,CAAC,CAAC;QAClE,MAAM,MAAM,GAAG,WAAW,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,CAAC,CAAC;QACnE,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kCAAkC,EAAE,KAAK,IAAI,EAAE;QAChD,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,2BAA2B,CAAC,CAAC;QAClE,MAAM,MAAM,GAAG,WAAW,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC,CAAC;QACnE,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gCAAgC,EAAE,KAAK,IAAI,EAAE;QAC9C,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,2BAA2B,CAAC,CAAC;QAClE,MAAM,MAAM,GAAG,WAAW,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC,CAAC;QACnE,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kDAAkD,EAAE,KAAK,IAAI,EAAE;QAChE,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,2BAA2B,CAAC,CAAC;QAClE,sCAAsC;QACtC,MAAM,MAAM,GAAG,WAAW,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,CAAC,CAAC;QACvE,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mCAAmC,EAAE,KAAK,IAAI,EAAE;QACjD,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,2BAA2B,CAAC,CAAC;QAClE,MAAM,MAAM,GAAG,WAAW,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,UAAU,EAAE,CAAC,CAAC;QACrE,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0CAA0C,EAAE,KAAK,IAAI,EAAE;QACxD,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,2BAA2B,CAAC,CAAC;QAClE,MAAM,MAAM,GAAG,WAAW,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC,CAAC;QACnE,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAC;QACvC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QACnD,oDAAoD;QACpD,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;QAC/E,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;IACzE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wCAAwC,EAAE,KAAK,IAAI,EAAE;QACtD,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,2BAA2B,CAAC,CAAC;QAClE,MAAM,MAAM,GAAG,EAAE,IAAI,EAAE,OAAgB,EAAE,UAAU,EAAE,kBAAkB,EAAE,CAAC;QAC1E,MAAM,MAAM,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;QACnC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/defence/audit/logger.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"logger.d.ts","sourceRoot":"","sources":["../../../src/defence/audit/logger.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAE9C;;;GAGG;AACH,wBAAgB,QAAQ,CAAC,KAAK,EAAE,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,GAAG,MAAM,CAsC9D;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAEzD"}
+{"version":3,"file":"logger.d.ts","sourceRoot":"","sources":["../../../src/defence/audit/logger.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAE9C;;;GAGG;AACH,wBAAgB,QAAQ,CAAC,KAAK,EAAE,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,GAAG,MAAM,CAuC9D;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAEzD"}

package/dist/defence/audit/logger.js

@@ -12,12 +12,12 @@ export function logAudit(entry) {
         const db = getDatabase();
         const stmt = db.prepare(`
       INSERT INTO defence_audit (
-        memory_id, timestamp, source_type, source_identifier,
+        memory_id, project, timestamp, source_type, source_identifier,
         trust_score, sensitivity_level, firewall_result,
         anomaly_score, threat_indicators, blocked_patterns,
         reason, fragmentation_score, pipeline_duration_ms
       ) VALUES (
-        @memory_id, @timestamp, @source_type, @source_identifier,
+        @memory_id, @project, @timestamp, @source_type, @source_identifier,
         @trust_score, @sensitivity_level, @firewall_result,
         @anomaly_score, @threat_indicators, @blocked_patterns,
         @reason, @fragmentation_score, @pipeline_duration_ms
@@ -25,6 +25,7 @@ export function logAudit(entry) {
     `);
         const result = stmt.run({
             memory_id: entry.memory_id ?? null,
+            project: entry.project ?? null,
             timestamp: entry.timestamp ?? new Date().toISOString(),
             source_type: entry.source_type,
             source_identifier: entry.source_identifier,

package/dist/defence/audit/logger.js.map

@@ -1 +1 @@
-{"version":3,"file":"logger.js","sourceRoot":"","sources":["../../../src/defence/audit/logger.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AACpC,OAAO,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAGrD;;;GAGG;AACH,MAAM,UAAU,QAAQ,CAAC,KAA6B;IACpD,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,WAAW,EAAE,CAAC;QACzB,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,CAAC;;;;;;;;;;;;KAYvB,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC;YACtB,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,IAAI;YAClC,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACtD,WAAW,EAAE,KAAK,CAAC,WAAW;YAC9B,iBAAiB,EAAE,KAAK,CAAC,iBAAiB;YAC1C,WAAW,EAAE,KAAK,CAAC,WAAW;YAC9B,iBAAiB,EAAE,KAAK,CAAC,iBAAiB;YAC1C,eAAe,EAAE,KAAK,CAAC,eAAe;YACtC,aAAa,EAAE,KAAK,CAAC,aAAa,IAAI,CAAC;YACvC,iBAAiB,EAAE,KAAK,CAAC,iBAAiB,IAAI,IAAI;YAClD,gBAAgB,EAAE,KAAK,CAAC,gBAAgB,IAAI,IAAI;YAChD,MAAM,EAAE,KAAK,CAAC,MAAM,IAAI,IAAI;YAC5B,mBAAmB,EAAE,KAAK,CAAC,mBAAmB,IAAI,IAAI;YACtD,oBAAoB,EAAE,KAAK,CAAC,oBAAoB,IAAI,IAAI;SACzD,CAAC,CAAC;QAEH,OAAO,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;IACxC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,oCAAoC,EAAE,GAAG,CAAC,CAAC;QACzD,OAAO,CAAC,CAAC,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAAe;IAC/C,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACrE,CAAC"}
+{"version":3,"file":"logger.js","sourceRoot":"","sources":["../../../src/defence/audit/logger.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AACpC,OAAO,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAGrD;;;GAGG;AACH,MAAM,UAAU,QAAQ,CAAC,KAA6B;IACpD,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,WAAW,EAAE,CAAC;QACzB,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,CAAC;;;;;;;;;;;;KAYvB,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC;YACtB,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,IAAI;YAClC,OAAO,EAAE,KAAK,CAAC,OAAO,IAAI,IAAI;YAC9B,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACtD,WAAW,EAAE,KAAK,CAAC,WAAW;YAC9B,iBAAiB,EAAE,KAAK,CAAC,iBAAiB;YAC1C,WAAW,EAAE,KAAK,CAAC,WAAW;YAC9B,iBAAiB,EAAE,KAAK,CAAC,iBAAiB;YAC1C,eAAe,EAAE,KAAK,CAAC,eAAe;YACtC,aAAa,EAAE,KAAK,CAAC,aAAa,IAAI,CAAC;YACvC,iBAAiB,EAAE,KAAK,CAAC,iBAAiB,IAAI,IAAI;YAClD,gBAAgB,EAAE,KAAK,CAAC,gBAAgB,IAAI,IAAI;YAChD,MAAM,EAAE,KAAK,CAAC,MAAM,IAAI,IAAI;YAC5B,mBAAmB,EAAE,KAAK,CAAC,mBAAmB,IAAI,IAAI;YACtD,oBAAoB,EAAE,KAAK,CAAC,oBAAoB,IAAI,IAAI;SACzD,CAAC,CAAC;QAEH,OAAO,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;IACxC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,oCAAoC,EAAE,GAAG,CAAC,CAAC;QACzD,OAAO,CAAC,CAAC,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAAe;IAC/C,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACrE,CAAC"}

package/dist/defence/audit/queries.d.ts

@@ -9,6 +9,7 @@ export interface AuditQueryOptions {
     source?: string;
     firewallResult?: FirewallResult;
     memoryId?: number;
+    project?: string;
     limit?: number;
 }
 export interface AuditStats {
@@ -29,5 +30,5 @@ export declare function queryAuditLogs(options?: AuditQueryOptions): AuditEntry[
 /**
  * Get aggregate audit statistics for a time range.
  */
-export declare function getAuditStats(timeRange: '24h' | '7d' | '30d'): AuditStats;
+export declare function getAuditStats(timeRange: '24h' | '7d' | '30d', project?: string): AuditStats;
 //# sourceMappingURL=queries.d.ts.map

package/dist/defence/audit/queries.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"queries.d.ts","sourceRoot":"","sources":["../../../src/defence/audit/queries.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,KAAK,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAI9D,MAAM,WAAW,iBAAiB;IAChC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,OAAO,GAAG,MAAM,GAAG,QAAQ,GAAG,QAAQ,CAAC;IACnD,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,cAAc,CAAC,EAAE,cAAc,CAAC;IAChC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,UAAU;IACzB,eAAe,EAAE,MAAM,CAAC;IACxB,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;IAChD,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACzC;AAID;;GAEG;AACH,wBAAgB,cAAc,CAAC,OAAO,GAAE,iBAAsB,GAAG,UAAU,EAAE,CAiC5E;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,SAAS,EAAE,KAAK,GAAG,IAAI,GAAG,KAAK,GAAG,UAAU,CAgEzE"}
+{"version":3,"file":"queries.d.ts","sourceRoot":"","sources":["../../../src/defence/audit/queries.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,KAAK,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAI9D,MAAM,WAAW,iBAAiB;IAChC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,OAAO,GAAG,MAAM,GAAG,QAAQ,GAAG,QAAQ,CAAC;IACnD,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,cAAc,CAAC,EAAE,cAAc,CAAC;IAChC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,UAAU;IACzB,eAAe,EAAE,MAAM,CAAC;IACxB,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;IAChD,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACzC;AAID;;GAEG;AACH,wBAAgB,cAAc,CAAC,OAAO,GAAE,iBAAsB,GAAG,UAAU,EAAE,CAsC5E;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,SAAS,EAAE,KAAK,GAAG,IAAI,GAAG,KAAK,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,UAAU,CAmE3F"}

package/dist/defence/audit/queries.js

@@ -11,46 +11,52 @@ export function queryAuditLogs(options = {}) {
     const conditions = [];
     const params = {};
     if (options.startTime) {
-        conditions.push('timestamp >= @startTime');
+        conditions.push('da.timestamp >= @startTime');
         params.startTime = options.startTime;
     }
     if (options.endTime) {
-        conditions.push('timestamp <= @endTime');
+        conditions.push('da.timestamp <= @endTime');
         params.endTime = options.endTime;
     }
     if (options.firewallResult) {
-        conditions.push('firewall_result = @firewallResult');
+        conditions.push('da.firewall_result = @firewallResult');
         params.firewallResult = options.firewallResult;
     }
     if (options.source) {
-        conditions.push('source_type = @source');
+        conditions.push('da.source_type = @source');
         params.source = options.source;
     }
     if (options.memoryId !== undefined) {
-        conditions.push('memory_id = @memoryId');
+        conditions.push('da.memory_id = @memoryId');
         params.memoryId = options.memoryId;
     }
+    if (options.project) {
+        conditions.push('da.project = @project');
+        params.project = options.project;
+    }
     const where = conditions.length > 0 ? `WHERE ${conditions.join(' AND ')}` : '';
     const limit = options.limit ?? 50;
-    const sql = `SELECT * FROM defence_audit ${where} ORDER BY timestamp DESC LIMIT @limit`;
+    const sql = `SELECT da.* FROM defence_audit da ${where} ORDER BY da.timestamp DESC LIMIT @limit`;
     params.limit = limit;
     return db.prepare(sql).all(params);
 }
 /**
  * Get aggregate audit statistics for a time range.
  */
-export function getAuditStats(timeRange) {
+export function getAuditStats(timeRange, project) {
     const db = getDatabase();
     const hoursMap = { '24h': 24, '7d': 168, '30d': 720 };
     const hours = hoursMap[timeRange];
     const since = new Date(Date.now() - hours * 3600_000).toISOString();
+    const projectCond = project ? 'AND da.project = ?' : '';
+    const baseParams = project ? [since, project] : [since];
     // Counts by firewall result
     const counts = db.prepare(`
-    SELECT firewall_result, COUNT(*) as cnt
-    FROM defence_audit
-    WHERE timestamp >= ?
-    GROUP BY firewall_result
-  `).all(since);
+    SELECT da.firewall_result, COUNT(*) as cnt
+    FROM defence_audit da
+    WHERE da.timestamp >= ? ${projectCond}
+    GROUP BY da.firewall_result
+  `).all(...baseParams);
     let totalOperations = 0;
     let allowedCount = 0;
     let blockedCount = 0;
@@ -66,19 +72,19 @@ export function getAuditStats(timeRange) {
     }
     // Top sources
     const topSources = db.prepare(`
-    SELECT source_type as source, COUNT(*) as count
-    FROM defence_audit
-    WHERE timestamp >= ?
-    GROUP BY source_type
+    SELECT da.source_type as source, COUNT(*) as count
+    FROM defence_audit da
+    WHERE da.timestamp >= ? ${projectCond}
+    GROUP BY da.source_type
     ORDER BY count DESC
     LIMIT 10
-  `).all(since);
+  `).all(...baseParams);
     // Threat indicator breakdown
     const rows = db.prepare(`
-    SELECT threat_indicators
-    FROM defence_audit
-    WHERE timestamp >= ? AND threat_indicators != '[]'
-  `).all(since);
+    SELECT da.threat_indicators
+    FROM defence_audit da
+    WHERE da.timestamp >= ? ${projectCond} AND da.threat_indicators != '[]'
+  `).all(...baseParams);
     const threatBreakdown = {};
     for (const row of rows) {
         try {

package/dist/defence/audit/queries.js.map

@@ -1 +1 @@
-{"version":3,"file":"queries.js","sourceRoot":"","sources":["../../../src/defence/audit/queries.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAwBrD,wBAAwB;AAExB;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,UAA6B,EAAE;IAC5D,MAAM,EAAE,GAAG,WAAW,EAAE,CAAC;IACzB,MAAM,UAAU,GAAa,EAAE,CAAC;IAChC,MAAM,MAAM,GAA4B,EAAE,CAAC;IAE3C,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;QACtB,UAAU,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QAC3C,MAAM,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;IACvC,CAAC;IACD,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QACpB,UAAU,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QACzC,MAAM,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;IACnC,CAAC;IACD,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;QAC3B,UAAU,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;QACrD,MAAM,CAAC,cAAc,GAAG,OAAO,CAAC,cAAc,CAAC;IACjD,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACnB,UAAU,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QACzC,MAAM,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IACjC,CAAC;IACD,IAAI,OAAO,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;QACnC,UAAU,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QACzC,MAAM,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IACrC,CAAC;IAED,MAAM,KAAK,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAC/E,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,EAAE,CAAC;IAElC,MAAM,GAAG,GAAG,+BAA+B,KAAK,uCAAuC,CAAC;IACxF,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC;IAErB,OAAO,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAiB,CAAC;AACrD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,SAA+B;IAC3D,MAAM,EAAE,GAAG,WAAW,EAAE,CAAC;IAEzB,MAAM,QAAQ,GAAG,EAAE,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;IACtD,MAAM,KAAK,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC;IAClC,MAAM,KAAK,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,GAAG,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;IAEpE,4BAA4B;IAC5B,MAAM,MAAM,GAAG,EAAE,CAAC,OAAO,CAAC;;;;;GAKzB,CAAC,CAAC,GAAG,CAAC,KAAK,CAA+C,CAAC;IAE5D,IAAI,eAAe,GAAG,CAAC,CAAC;IACxB,IAAI,YAAY,GAAG,CAAC,CAAC;IACrB,IAAI,YAAY,GAAG,CAAC,CAAC;IACrB,IAAI,gBAAgB,GAAG,CAAC,CAAC;IAEzB,KAAK,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC;QACzB,eAAe,IAAI,GAAG,CAAC,GAAG,CAAC;QAC3B,IAAI,GAAG,CAAC,eAAe,KAAK,OAAO;YAAE,YAAY,GAAG,GAAG,CAAC,GAAG,CAAC;aACvD,IAAI,GAAG,CAAC,eAAe,KAAK,OAAO;YAAE,YAAY,GAAG,GAAG,CAAC,GAAG,CAAC;aAC5D,IAAI,GAAG,CAAC,eAAe,KAAK,YAAY;YAAE,gBAAgB,GAAG,GAAG,CAAC,GAAG,CAAC;IAC5E,CAAC;IAED,cAAc;IACd,MAAM,UAAU,GAAG,EAAE,CAAC,OAAO,CAAC;;;;;;;GAO7B,CAAC,CAAC,GAAG,CAAC,KAAK,CAAwC,CAAC;IAErD,6BAA6B;IAC7B,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,CAAC;;;;GAIvB,CAAC,CAAC,GAAG,CAAC,KAAK,CAAoC,CAAC;IAEjD,MAAM,eAAe,GAA2B,EAAE,CAAC;IACnD,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,CAAC;YACH,MAAM,UAAU,GAAa,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;YAC/D,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;gBACnC,eAAe,CAAC,SAAS,CAAC,GAAG,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;YACrE,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,sBAAsB;QACxB,CAAC;IACH,CAAC;IAED,OAAO;QACL,eAAe;QACf,YAAY;QACZ,YAAY;QACZ,gBAAgB;QAChB,UAAU;QACV,eAAe;KAChB,CAAC;AACJ,CAAC"}
+{"version":3,"file":"queries.js","sourceRoot":"","sources":["../../../src/defence/audit/queries.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAyBrD,wBAAwB;AAExB;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,UAA6B,EAAE;IAC5D,MAAM,EAAE,GAAG,WAAW,EAAE,CAAC;IACzB,MAAM,UAAU,GAAa,EAAE,CAAC;IAChC,MAAM,MAAM,GAA4B,EAAE,CAAC;IAE3C,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;QACtB,UAAU,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;QAC9C,MAAM,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;IACvC,CAAC;IACD,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QACpB,UAAU,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;QAC5C,MAAM,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;IACnC,CAAC;IACD,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;QAC3B,UAAU,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;QACxD,MAAM,CAAC,cAAc,GAAG,OAAO,CAAC,cAAc,CAAC;IACjD,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACnB,UAAU,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;QAC5C,MAAM,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IACjC,CAAC;IACD,IAAI,OAAO,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;QACnC,UAAU,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;QAC5C,MAAM,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IACrC,CAAC;IAED,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QACpB,UAAU,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QACzC,MAAM,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;IACnC,CAAC;IAED,MAAM,KAAK,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAC/E,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,EAAE,CAAC;IAElC,MAAM,GAAG,GAAG,qCAAqC,KAAK,0CAA0C,CAAC;IACjG,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC;IAErB,OAAO,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAiB,CAAC;AACrD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,SAA+B,EAAE,OAAgB;IAC7E,MAAM,EAAE,GAAG,WAAW,EAAE,CAAC;IAEzB,MAAM,QAAQ,GAAG,EAAE,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;IACtD,MAAM,KAAK,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC;IAClC,MAAM,KAAK,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,GAAG,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;IAEpE,MAAM,WAAW,GAAG,OAAO,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,EAAE,CAAC;IACxD,MAAM,UAAU,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IAExD,4BAA4B;IAC5B,MAAM,MAAM,GAAG,EAAE,CAAC,OAAO,CAAC;;;8BAGE,WAAW;;GAEtC,CAAC,CAAC,GAAG,CAAC,GAAG,UAAU,CAA+C,CAAC;IAEpE,IAAI,eAAe,GAAG,CAAC,CAAC;IACxB,IAAI,YAAY,GAAG,CAAC,CAAC;IACrB,IAAI,YAAY,GAAG,CAAC,CAAC;IACrB,IAAI,gBAAgB,GAAG,CAAC,CAAC;IAEzB,KAAK,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC;QACzB,eAAe,IAAI,GAAG,CAAC,GAAG,CAAC;QAC3B,IAAI,GAAG,CAAC,eAAe,KAAK,OAAO;YAAE,YAAY,GAAG,GAAG,CAAC,GAAG,CAAC;aACvD,IAAI,GAAG,CAAC,eAAe,KAAK,OAAO;YAAE,YAAY,GAAG,GAAG,CAAC,GAAG,CAAC;aAC5D,IAAI,GAAG,CAAC,eAAe,KAAK,YAAY;YAAE,gBAAgB,GAAG,GAAG,CAAC,GAAG,CAAC;IAC5E,CAAC;IAED,cAAc;IACd,MAAM,UAAU,GAAG,EAAE,CAAC,OAAO,CAAC;;;8BAGF,WAAW;;;;GAItC,CAAC,CAAC,GAAG,CAAC,GAAG,UAAU,CAAwC,CAAC;IAE7D,6BAA6B;IAC7B,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,CAAC;;;8BAGI,WAAW;GACtC,CAAC,CAAC,GAAG,CAAC,GAAG,UAAU,CAAoC,CAAC;IAEzD,MAAM,eAAe,GAA2B,EAAE,CAAC;IACnD,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,CAAC;YACH,MAAM,UAAU,GAAa,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;YAC/D,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;gBACnC,eAAe,CAAC,SAAS,CAAC,GAAG,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;YACrE,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,sBAAsB;QACxB,CAAC;IACH,CAAC;IAED,OAAO;QACL,eAAe;QACf,YAAY;QACZ,YAAY;QACZ,gBAAgB;QAChB,UAAU;QACV,eAAe;KAChB,CAAC;AACJ,CAAC"}

package/dist/defence/pipeline.d.ts

@@ -5,5 +5,5 @@
  * Fail-open: if any layer throws, the pipeline defaults to ALLOW with a warning.
  */
 import type { DefenceConfig, DefencePipelineResult, DefenceSource } from './types.js';
-export declare function runDefencePipeline(content: string, title: string, source: DefenceSource, config?: DefenceConfig): DefencePipelineResult;
+export declare function runDefencePipeline(content: string, title: string, source: DefenceSource, config?: DefenceConfig, project?: string): DefencePipelineResult;
 //# sourceMappingURL=pipeline.d.ts.map

package/dist/defence/pipeline.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"pipeline.d.ts","sourceRoot":"","sources":["../../src/defence/pipeline.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EACV,aAAa,EACb,qBAAqB,EACrB,aAAa,EAKd,MAAM,YAAY,CAAC;AASpB,wBAAgB,kBAAkB,CAChC,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,aAAa,EACrB,MAAM,CAAC,EAAE,aAAa,GACrB,qBAAqB,CA2HvB"}
+{"version":3,"file":"pipeline.d.ts","sourceRoot":"","sources":["../../src/defence/pipeline.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EACV,aAAa,EACb,qBAAqB,EACrB,aAAa,EAKd,MAAM,YAAY,CAAC;AASpB,wBAAgB,kBAAkB,CAChC,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,aAAa,EACrB,MAAM,CAAC,EAAE,aAAa,EACtB,OAAO,CAAC,EAAE,MAAM,GACf,qBAAqB,CA6HvB"}

package/dist/defence/pipeline.js

@@ -10,7 +10,7 @@ import { analyzeFirewall } from './firewall/index.js';
 import { classifySensitivity } from './sensitivity/index.js';
 import { analyzeFragmentation } from './fragmentation/index.js';
 import { logAudit, createContentHash } from './audit/index.js';
-export function runDefencePipeline(content, title, source, config) {
+export function runDefencePipeline(content, title, source, config, project) {
     const cfg = config ?? DEFAULT_DEFENCE_CONFIG;
     const startTime = performance.now();
     try {
@@ -54,6 +54,7 @@ export function runDefencePipeline(content, title, source, config) {
         const _contentHash = createContentHash(content);
         const auditId = logAudit({
             memory_id: null,
+            project: project ?? null,
             timestamp: new Date().toISOString(),
             source_type: source.type,
             source_identifier: source.identifier,
@@ -82,6 +83,7 @@ export function runDefencePipeline(content, title, source, config) {
         console.error('[defence] Pipeline error, failing open:', err);
         const auditId = logAudit({
             memory_id: null,
+            project: project ?? null,
             timestamp: new Date().toISOString(),
             source_type: source.type,
             source_identifier: source.identifier,

package/dist/defence/pipeline.js.map

@@ -1 +1 @@
-{"version":3,"file":"pipeline.js","sourceRoot":"","sources":["../../src/defence/pipeline.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAWH,OAAO,EAAE,sBAAsB,EAAE,MAAM,YAAY,CAAC;AAEpD,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AACtD,OAAO,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAC7D,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAChE,OAAO,EAAE,QAAQ,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAE/D,MAAM,UAAU,kBAAkB,CAChC,OAAe,EACf,KAAa,EACb,MAAqB,EACrB,MAAsB;IAEtB,MAAM,GAAG,GAAG,MAAM,IAAI,sBAAsB,CAAC;IAC7C,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;IAEpC,IAAI,CAAC;QACH,iBAAiB;QACjB,MAAM,KAAK,GAAe,WAAW,CAAC,MAAM,CAAC,CAAC;QAE9C,kBAAkB;QAClB,MAAM,QAAQ,GAAqB,eAAe,CAChD,OAAO,EACP,KAAK,EACL,MAAM,EACN,KAAK,CAAC,KAAK,EACX,GAAG,CACJ,CAAC;QAEF,0BAA0B;QAC1B,MAAM,WAAW,GAA8B,mBAAmB,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAEnF,wEAAwE;QACxE,IAAI,aAAa,GAAiC,IAAI,CAAC;QACvD,IAAI,GAAG,CAAC,4BAA4B,IAAI,QAAQ,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;YACpE,aAAa,GAAG,oBAAoB,CAAC,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;QAC5D,CAAC;QAED,8BAA8B;QAC9B,IAAI,OAAgB,CAAC;QACrB,IAAI,MAAc,CAAC;QAEnB,IAAI,QAAQ,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;YAChC,OAAO,GAAG,KAAK,CAAC;YAChB,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC;QAC3B,CAAC;aAAM,IAAI,QAAQ,CAAC,MAAM,KAAK,YAAY,EAAE,CAAC;YAC5C,OAAO,GAAG,KAAK,CAAC;YAChB,MAAM,GAAG,gBAAgB,QAAQ,CAAC,MAAM,EAAE,CAAC;QAC7C,CAAC;aAAM,IACL,aAAa,KAAK,IAAI;YACtB,aAAa,CAAC,KAAK,GAAG,GAAG,CAAC,uBAAuB,EACjD,CAAC;YACD,OAAO,GAAG,KAAK,CAAC;YAChB,MAAM,GAAG,oCAAoC,aAAa,CAAC,KAAK,sBAAsB,GAAG,CAAC,uBAAuB,EAAE,CAAC;QACtH,CAAC;aAAM,IAAI,WAAW,CAAC,KAAK,KAAK,YAAY,EAAE,CAAC;YAC9C,OAAO,GAAG,KAAK,CAAC;YAChB,MAAM,GAAG,8CAA8C,WAAW,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;QACpG,CAAC;aAAM,CAAC;YACN,OAAO,GAAG,IAAI,CAAC;YACf,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC;QAC3B,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,CAAC;QAE7D,eAAe;QACf,MAAM,YAAY,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;QAChD,MAAM,OAAO,GAAG,QAAQ,CAAC;YACvB,SAAS,EAAE,IAAI;YACf,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,WAAW,EAAE,MAAM,CAAC,IAAI;YACxB,iBAAiB,EAAE,MAAM,CAAC,UAAU;YACpC,WAAW,EAAE,KAAK,CAAC,KAAK;YACxB,iBAAiB,EAAE,WAAW,CAAC,KAAK;YACpC,eAAe,EAAE,QAAQ,CAAC,MAAM;YAChC,aAAa,EAAE,QAAQ,CAAC,YAAY;YACpC,iBAAiB,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,gBAAgB,CAAC;YAC5D,gBAAgB,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,eAAe,CAAC;YAC1D,MAAM;YACN,mBAAmB,EAAE,aAAa,EAAE,KAAK,IAAI,IAAI;YACjD,oBAAoB,EAAE,UAAU;SACjC,CAAC,CAAC;QAEH,OAAO;YACL,OAAO;YACP,QAAQ;YACR,aAAa;YACb,WAAW;YACX,KAAK;YACL,OAAO;SACR,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,mCAAmC;QACnC,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,CAAC;QAC7D,OAAO,CAAC,KAAK,CAAC,yCAAyC,EAAE,GAAG,CAAC,CAAC;QAE9D,MAAM,OAAO,GAAG,QAAQ,CAAC;YACvB,SAAS,EAAE,IAAI;YACf,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,WAAW,EAAE,MAAM,CAAC,IAAI;YACxB,iBAAiB,EAAE,MAAM,CAAC,UAAU;YACpC,WAAW,EAAE,CAAC;YACd,iBAAiB,EAAE,QAAQ;YAC3B,eAAe,EAAE,OAAO;YACxB,aAAa,EAAE,CAAC;YAChB,iBAAiB,EAAE,IAAI;YACvB,gBAAgB,EAAE,IAAI;YACtB,MAAM,EAAE,+BAA+B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE;YACzF,mBAAmB,EAAE,IAAI;YACzB,oBAAoB,EAAE,UAAU;SACjC,CAAC,CAAC;QAEH,OAAO;YACL,OAAO,EAAE,IAAI;YACb,QAAQ,EAAE;gBACR,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE,oCAAoC;gBAC5C,gBAAgB,EAAE,EAAE;gBACpB,YAAY,EAAE,CAAC;gBACf,eAAe,EAAE,EAAE;aACpB;YACD,aAAa,EAAE,IAAI;YACnB,WAAW,EAAE;gBACX,KAAK,EAAE,QAAQ;gBACf,UAAU,EAAE,CAAC;gBACb,gBAAgB,EAAE,EAAE;gBACpB,iBAAiB,EAAE,KAAK;aACzB;YACD,KAAK,EAAE;gBACL,KAAK,EAAE,CAAC;gBACR,MAAM;gBACN,SAAS,EAAE,EAAE;aACd;YACD,OAAO;SACR,CAAC;IACJ,CAAC;AACH,CAAC"}
+{"version":3,"file":"pipeline.js","sourceRoot":"","sources":["../../src/defence/pipeline.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAWH,OAAO,EAAE,sBAAsB,EAAE,MAAM,YAAY,CAAC;AAEpD,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AACtD,OAAO,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAC7D,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAChE,OAAO,EAAE,QAAQ,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAE/D,MAAM,UAAU,kBAAkB,CAChC,OAAe,EACf,KAAa,EACb,MAAqB,EACrB,MAAsB,EACtB,OAAgB;IAEhB,MAAM,GAAG,GAAG,MAAM,IAAI,sBAAsB,CAAC;IAC7C,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;IAEpC,IAAI,CAAC;QACH,iBAAiB;QACjB,MAAM,KAAK,GAAe,WAAW,CAAC,MAAM,CAAC,CAAC;QAE9C,kBAAkB;QAClB,MAAM,QAAQ,GAAqB,eAAe,CAChD,OAAO,EACP,KAAK,EACL,MAAM,EACN,KAAK,CAAC,KAAK,EACX,GAAG,CACJ,CAAC;QAEF,0BAA0B;QAC1B,MAAM,WAAW,GAA8B,mBAAmB,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAEnF,wEAAwE;QACxE,IAAI,aAAa,GAAiC,IAAI,CAAC;QACvD,IAAI,GAAG,CAAC,4BAA4B,IAAI,QAAQ,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;YACpE,aAAa,GAAG,oBAAoB,CAAC,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;QAC5D,CAAC;QAED,8BAA8B;QAC9B,IAAI,OAAgB,CAAC;QACrB,IAAI,MAAc,CAAC;QAEnB,IAAI,QAAQ,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;YAChC,OAAO,GAAG,KAAK,CAAC;YAChB,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC;QAC3B,CAAC;aAAM,IAAI,QAAQ,CAAC,MAAM,KAAK,YAAY,EAAE,CAAC;YAC5C,OAAO,GAAG,KAAK,CAAC;YAChB,MAAM,GAAG,gBAAgB,QAAQ,CAAC,MAAM,EAAE,CAAC;QAC7C,CAAC;aAAM,IACL,aAAa,KAAK,IAAI;YACtB,aAAa,CAAC,KAAK,GAAG,GAAG,CAAC,uBAAuB,EACjD,CAAC;YACD,OAAO,GAAG,KAAK,CAAC;YAChB,MAAM,GAAG,oCAAoC,aAAa,CAAC,KAAK,sBAAsB,GAAG,CAAC,uBAAuB,EAAE,CAAC;QACtH,CAAC;aAAM,IAAI,WAAW,CAAC,KAAK,KAAK,YAAY,EAAE,CAAC;YAC9C,OAAO,GAAG,KAAK,CAAC;YAChB,MAAM,GAAG,8CAA8C,WAAW,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;QACpG,CAAC;aAAM,CAAC;YACN,OAAO,GAAG,IAAI,CAAC;YACf,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC;QAC3B,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,CAAC;QAE7D,eAAe;QACf,MAAM,YAAY,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;QAChD,MAAM,OAAO,GAAG,QAAQ,CAAC;YACvB,SAAS,EAAE,IAAI;YACf,OAAO,EAAE,OAAO,IAAI,IAAI;YACxB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,WAAW,EAAE,MAAM,CAAC,IAAI;YACxB,iBAAiB,EAAE,MAAM,CAAC,UAAU;YACpC,WAAW,EAAE,KAAK,CAAC,KAAK;YACxB,iBAAiB,EAAE,WAAW,CAAC,KAAK;YACpC,eAAe,EAAE,QAAQ,CAAC,MAAM;YAChC,aAAa,EAAE,QAAQ,CAAC,YAAY;YACpC,iBAAiB,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,gBAAgB,CAAC;YAC5D,gBAAgB,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,eAAe,CAAC;YAC1D,MAAM;YACN,mBAAmB,EAAE,aAAa,EAAE,KAAK,IAAI,IAAI;YACjD,oBAAoB,EAAE,UAAU;SACjC,CAAC,CAAC;QAEH,OAAO;YACL,OAAO;YACP,QAAQ;YACR,aAAa;YACb,WAAW;YACX,KAAK;YACL,OAAO;SACR,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,mCAAmC;QACnC,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,CAAC;QAC7D,OAAO,CAAC,KAAK,CAAC,yCAAyC,EAAE,GAAG,CAAC,CAAC;QAE9D,MAAM,OAAO,GAAG,QAAQ,CAAC;YACvB,SAAS,EAAE,IAAI;YACf,OAAO,EAAE,OAAO,IAAI,IAAI;YACxB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,WAAW,EAAE,MAAM,CAAC,IAAI;YACxB,iBAAiB,EAAE,MAAM,CAAC,UAAU;YACpC,WAAW,EAAE,CAAC;YACd,iBAAiB,EAAE,QAAQ;YAC3B,eAAe,EAAE,OAAO;YACxB,aAAa,EAAE,CAAC;YAChB,iBAAiB,EAAE,IAAI;YACvB,gBAAgB,EAAE,IAAI;YACtB,MAAM,EAAE,+BAA+B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE;YACzF,mBAAmB,EAAE,IAAI;YACzB,oBAAoB,EAAE,UAAU;SACjC,CAAC,CAAC;QAEH,OAAO;YACL,OAAO,EAAE,IAAI;YACb,QAAQ,EAAE;gBACR,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE,oCAAoC;gBAC5C,gBAAgB,EAAE,EAAE;gBACpB,YAAY,EAAE,CAAC;gBACf,eAAe,EAAE,EAAE;aACpB;YACD,aAAa,EAAE,IAAI;YACnB,WAAW,EAAE;gBACX,KAAK,EAAE,QAAQ;gBACf,UAAU,EAAE,CAAC;gBACb,gBAAgB,EAAE,EAAE;gBACpB,iBAAiB,EAAE,KAAK;aACzB;YACD,KAAK,EAAE;gBACL,KAAK,EAAE,CAAC;gBACR,MAAM;gBACN,SAAS,EAAE,EAAE;aACd;YACD,OAAO;SACR,CAAC;IACJ,CAAC;AACH,CAAC"}

package/dist/defence/quarantine/auto-expire.d.ts

@@ -0,0 +1,15 @@
+/**
+ * Quarantine auto-expiry — rejects unreviewed items after a TTL.
+ *
+ * Safer default: expired items are rejected (discarded), not promoted.
+ * A memory that sat in quarantine for 7 days with nobody reviewing it
+ * shouldn't be promoted to the memory store.
+ */
+/**
+ * Set expires_at on quarantine items that don't have one,
+ * then reject any expired items.
+ *
+ * @returns Number of items expired (rejected)
+ */
+export declare function expireQuarantineItems(ttlDays?: number): number;
+//# sourceMappingURL=auto-expire.d.ts.map

package/dist/defence/quarantine/auto-expire.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auto-expire.d.ts","sourceRoot":"","sources":["../../../src/defence/quarantine/auto-expire.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH;;;;;GAKG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,GAAE,MAAU,GAAG,MAAM,CA0BjE"}

package/dist/defence/quarantine/auto-expire.js

@@ -0,0 +1,38 @@
+/**
+ * Quarantine auto-expiry — rejects unreviewed items after a TTL.
+ *
+ * Safer default: expired items are rejected (discarded), not promoted.
+ * A memory that sat in quarantine for 7 days with nobody reviewing it
+ * shouldn't be promoted to the memory store.
+ */
+import { getDatabase } from '../../database/init.js';
+/**
+ * Set expires_at on quarantine items that don't have one,
+ * then reject any expired items.
+ *
+ * @returns Number of items expired (rejected)
+ */
+export function expireQuarantineItems(ttlDays = 7) {
+    const db = getDatabase();
+    // Set expires_at on new items that don't have one
+    db.prepare(`
+    UPDATE quarantine
+    SET expires_at = datetime(created_at, '+' || ? || ' days')
+    WHERE expires_at IS NULL AND status = 'pending'
+  `).run(ttlDays);
+    // Reject expired items
+    const result = db.prepare(`
+    UPDATE quarantine
+    SET status = 'expired',
+        reviewed_by = 'auto-expire',
+        reviewed_at = CURRENT_TIMESTAMP
+    WHERE status = 'pending'
+      AND expires_at IS NOT NULL
+      AND expires_at < datetime('now')
+  `).run();
+    if (result.changes > 0) {
+        console.error(`[quarantine] Auto-expired ${result.changes} item(s) after ${ttlDays} days`);
+    }
+    return result.changes;
+}
+//# sourceMappingURL=auto-expire.js.map

package/dist/defence/quarantine/auto-expire.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auto-expire.js","sourceRoot":"","sources":["../../../src/defence/quarantine/auto-expire.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAErD;;;;;GAKG;AACH,MAAM,UAAU,qBAAqB,CAAC,UAAkB,CAAC;IACvD,MAAM,EAAE,GAAG,WAAW,EAAE,CAAC;IAEzB,kDAAkD;IAClD,EAAE,CAAC,OAAO,CAAC;;;;GAIV,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAEhB,uBAAuB;IACvB,MAAM,MAAM,GAAG,EAAE,CAAC,OAAO,CAAC;;;;;;;;GAQzB,CAAC,CAAC,GAAG,EAAE,CAAC;IAET,IAAI,MAAM,CAAC,OAAO,GAAG,CAAC,EAAE,CAAC;QACvB,OAAO,CAAC,KAAK,CAAC,6BAA6B,MAAM,CAAC,OAAO,kBAAkB,OAAO,OAAO,CAAC,CAAC;IAC7F,CAAC;IAED,OAAO,MAAM,CAAC,OAAO,CAAC;AACxB,CAAC"}

package/dist/defence/trust/access-control.d.ts

@@ -0,0 +1,29 @@
+/**
+ * Memory access control — enforces read/write/delete policies based on trust.
+ *
+ * Access rules:
+ *   Trust ≥ 0.7  → Read all, write direct, delete own
+ *   Trust 0.5–0.7 → Read own + non-restricted, write quarantine, delete own
+ *   Trust < 0.5  → Read own only, write quarantine, delete none
+ *
+ * RESTRICTED memories are always blocked below trust 0.7 (credential isolation).
+ */
+import type { DefenceSource } from '../types.js';
+export interface AccessPolicy {
+    canRead: boolean;
+    canWrite: boolean;
+    canDelete: boolean;
+    writeRequiresQuarantine: boolean;
+    reason: string;
+}
+/** Minimal memory shape needed for access checks */
+export interface AccessCheckMemory {
+    id: number;
+    source?: string | null;
+    sensitivity_level?: string | null;
+}
+/**
+ * Check whether a source has access to a memory for a given operation.
+ */
+export declare function checkAccess(memory: AccessCheckMemory, source: DefenceSource, operation: 'read' | 'write' | 'delete'): AccessPolicy;
+//# sourceMappingURL=access-control.d.ts.map

package/dist/defence/trust/access-control.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"access-control.d.ts","sourceRoot":"","sources":["../../../src/defence/trust/access-control.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAGjD,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,OAAO,CAAC;IAClB,SAAS,EAAE,OAAO,CAAC;IACnB,uBAAuB,EAAE,OAAO,CAAC;IACjC,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,oDAAoD;AACpD,MAAM,WAAW,iBAAiB;IAChC,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,iBAAiB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACnC;AAED;;GAEG;AACH,wBAAgB,WAAW,CACzB,MAAM,EAAE,iBAAiB,EACzB,MAAM,EAAE,aAAa,EACrB,SAAS,EAAE,MAAM,GAAG,OAAO,GAAG,QAAQ,GACrC,YAAY,CA+Cd"}

package/dist/defence/trust/access-control.js

@@ -0,0 +1,64 @@
+/**
+ * Memory access control — enforces read/write/delete policies based on trust.
+ *
+ * Access rules:
+ *   Trust ≥ 0.7  → Read all, write direct, delete own
+ *   Trust 0.5–0.7 → Read own + non-restricted, write quarantine, delete own
+ *   Trust < 0.5  → Read own only, write quarantine, delete none
+ *
+ * RESTRICTED memories are always blocked below trust 0.7 (credential isolation).
+ */
+import { scoreSource } from './source-scorer.js';
+/**
+ * Check whether a source has access to a memory for a given operation.
+ */
+export function checkAccess(memory, source, operation) {
+    const trust = scoreSource(source).score;
+    const memorySource = memory.source || 'user:direct';
+    const callerKey = `${source.type}:${source.identifier}`;
+    const isOwner = memorySource === callerKey;
+    const isRestricted = memory.sensitivity_level === 'RESTRICTED';
+    if (operation === 'read') {
+        // RESTRICTED memories: credential isolation
+        if (isRestricted && trust < 0.7) {
+            return deny('Credential isolation: insufficient trust for RESTRICTED data');
+        }
+        // Owner always reads own
+        if (isOwner) {
+            return allow('Owner access');
+        }
+        // High trust: read all
+        if (trust >= 0.7) {
+            return allow('High-trust read access');
+        }
+        // Medium trust: read non-restricted
+        if (trust >= 0.5) {
+            return allow('Shared read access');
+        }
+        // Low trust: own only (already checked above)
+        return deny('Insufficient trust for shared memories (need ≥0.5)');
+    }
+    if (operation === 'write') {
+        if (trust >= 0.7) {
+            return allow('Direct write allowed (high trust)');
+        }
+        return quarantine(`Sub-agent write requires quarantine (trust=${trust.toFixed(3)})`);
+    }
+    if (operation === 'delete') {
+        if (isOwner && trust >= 0.5) {
+            return { canRead: true, canWrite: false, canDelete: true, writeRequiresQuarantine: false, reason: 'Owner deletion' };
+        }
+        return deny('Can only delete own memories (trust ≥0.5)');
+    }
+    return deny('Unknown operation');
+}
+function allow(reason) {
+    return { canRead: true, canWrite: true, canDelete: false, writeRequiresQuarantine: false, reason };
+}
+function deny(reason) {
+    return { canRead: false, canWrite: false, canDelete: false, writeRequiresQuarantine: false, reason };
+}
+function quarantine(reason) {
+    return { canRead: true, canWrite: false, canDelete: false, writeRequiresQuarantine: true, reason };
+}
+//# sourceMappingURL=access-control.js.map

package/dist/defence/trust/access-control.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"access-control.js","sourceRoot":"","sources":["../../../src/defence/trust/access-control.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAGH,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAiBjD;;GAEG;AACH,MAAM,UAAU,WAAW,CACzB,MAAyB,EACzB,MAAqB,EACrB,SAAsC;IAEtC,MAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC;IACxC,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,IAAI,aAAa,CAAC;IACpD,MAAM,SAAS,GAAG,GAAG,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;IACxD,MAAM,OAAO,GAAG,YAAY,KAAK,SAAS,CAAC;IAC3C,MAAM,YAAY,GAAG,MAAM,CAAC,iBAAiB,KAAK,YAAY,CAAC;IAE/D,IAAI,SAAS,KAAK,MAAM,EAAE,CAAC;QACzB,4CAA4C;QAC5C,IAAI,YAAY,IAAI,KAAK,GAAG,GAAG,EAAE,CAAC;YAChC,OAAO,IAAI,CAAC,8DAA8D,CAAC,CAAC;QAC9E,CAAC;QAED,yBAAyB;QACzB,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,KAAK,CAAC,cAAc,CAAC,CAAC;QAC/B,CAAC;QAED,uBAAuB;QACvB,IAAI,KAAK,IAAI,GAAG,EAAE,CAAC;YACjB,OAAO,KAAK,CAAC,wBAAwB,CAAC,CAAC;QACzC,CAAC;QAED,oCAAoC;QACpC,IAAI,KAAK,IAAI,GAAG,EAAE,CAAC;YACjB,OAAO,KAAK,CAAC,oBAAoB,CAAC,CAAC;QACrC,CAAC;QAED,8CAA8C;QAC9C,OAAO,IAAI,CAAC,oDAAoD,CAAC,CAAC;IACpE,CAAC;IAED,IAAI,SAAS,KAAK,OAAO,EAAE,CAAC;QAC1B,IAAI,KAAK,IAAI,GAAG,EAAE,CAAC;YACjB,OAAO,KAAK,CAAC,mCAAmC,CAAC,CAAC;QACpD,CAAC;QACD,OAAO,UAAU,CAAC,8CAA8C,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACvF,CAAC;IAED,IAAI,SAAS,KAAK,QAAQ,EAAE,CAAC;QAC3B,IAAI,OAAO,IAAI,KAAK,IAAI,GAAG,EAAE,CAAC;YAC5B,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,uBAAuB,EAAE,KAAK,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;QACvH,CAAC;QACD,OAAO,IAAI,CAAC,2CAA2C,CAAC,CAAC;IAC3D,CAAC;IAED,OAAO,IAAI,CAAC,mBAAmB,CAAC,CAAC;AACnC,CAAC;AAED,SAAS,KAAK,CAAC,MAAc;IAC3B,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,uBAAuB,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;AACrG,CAAC;AAED,SAAS,IAAI,CAAC,MAAc;IAC1B,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,uBAAuB,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;AACvG,CAAC;AAED,SAAS,UAAU,CAAC,MAAc;IAChC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,uBAAuB,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;AACrG,CAAC"}

package/dist/defence/trust/agent-scorer.d.ts

@@ -0,0 +1,33 @@
+/**
+ * Agent trust scorer — hierarchical trust decay for sub-agents.
+ *
+ * Agents encode their lineage in the identifier using '>' separators:
+ *   "user-spawned"                    → base trust 0.9
+ *   "user-spawned>task-1"             → 0.9 × 0.7 = 0.63
+ *   "user-spawned>task-1>subtask-2"   → 0.9 × 0.7² = 0.44
+ *   "cron"                            → base trust 0.5
+ *   "agent-spawned"                   → base trust 0.3
+ */
+export interface AgentTrustConfig {
+    /** Base trust scores by spawn origin (first segment of identifier) */
+    originScores: Record<string, number>;
+    /** Multiplier applied per hierarchy depth level */
+    decayFactor: number;
+    /** Maximum allowed depth — agents beyond this get score 0 */
+    maxDepth: number;
+}
+export declare const DEFAULT_AGENT_CONFIG: AgentTrustConfig;
+/**
+ * Score an agent based on its hierarchy identifier.
+ * Returns a trust score between 0.0 and 1.0.
+ */
+export declare function scoreAgent(identifier: string, config?: AgentTrustConfig): number;
+/**
+ * Get the depth of an agent in its hierarchy (0 = parent).
+ */
+export declare function getAgentDepth(identifier: string): number;
+/**
+ * Build a human-readable hierarchy showing trust at each level.
+ */
+export declare function buildAgentHierarchy(identifier: string, config?: AgentTrustConfig): string[];
+//# sourceMappingURL=agent-scorer.d.ts.map