npm - soloforge - Versions diffs - 1.2.1 → 1.2.3 - Mend

soloforge 1.2.1 → 1.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (185) hide show

package/dist/engine/capability_state_store.d.ts ADDED Viewed

@@ -0,0 +1,50 @@
+/**
+ * 能力状态覆盖存储 — 持久化人工确认的能力状态变更。
+ * P2-8 范围: 显式更新（dry_run + 证据校验 + 人工确认），不自动改状态。
+ * 存储: JSON 文件，原子写入，路径绑定 stateDir。
+ */
+import type { CapabilityState } from "./capability_registry.js";
+import type { EscapeReport } from "./escape_report.js";
+export interface StateOverride {
+    policy_id: string;
+    previous_state: CapabilityState;
+    new_state: CapabilityState;
+    reason: string;
+    evidence_ids: string[];
+    confirmed_by: string;
+    updated_at: string;
+}
+export interface UpdateRequest {
+    policy_id: string;
+    target_state: CapabilityState;
+    reason: string;
+    evidence_ids: string[];
+    confirmed_by: string;
+    dry_run: boolean;
+    confirm: boolean;
+}
+export interface UpdateResult {
+    policy_id: string;
+    capability_id: string | null;
+    previous_state: CapabilityState;
+    new_state: CapabilityState;
+    updated: boolean;
+    dry_run: boolean;
+    validation_errors: string[];
+    evidence_matched: boolean;
+    override: StateOverride | null;
+}
+export declare class CapabilityStateStore {
+    private filePath;
+    private overrides;
+    private loaded;
+    constructor(stateDir: string);
+    private ensureLoaded;
+    private persist;
+    getEffectiveState(policyId: string, defaultState: CapabilityState): CapabilityState;
+    list(): StateOverride[];
+    validate(request: UpdateRequest, currentState: CapabilityState, capabilityId: string | null, escapeReports: EscapeReport[]): UpdateResult;
+    apply(request: UpdateRequest, currentState: CapabilityState, capabilityId: string | null, escapeReports: EscapeReport[]): UpdateResult;
+    clear(): void;
+}
+//# sourceMappingURL=capability_state_store.d.ts.map

package/dist/engine/capability_state_store.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"capability_state_store.d.ts","sourceRoot":"","sources":["../../src/engine/capability_state_store.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAChE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAEvD,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,eAAe,CAAC;IAChC,SAAS,EAAE,eAAe,CAAC;IAC3B,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,eAAe,CAAC;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,YAAY;IAC3B,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,cAAc,EAAE,eAAe,CAAC;IAChC,SAAS,EAAE,eAAe,CAAC;IAC3B,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,OAAO,CAAC;IACjB,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,QAAQ,EAAE,aAAa,GAAG,IAAI,CAAC;CAChC;AASD,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,SAAS,CAAuB;IACxC,OAAO,CAAC,MAAM,CAAS;gBAEX,QAAQ,EAAE,MAAM;IAO5B,OAAO,CAAC,YAAY;IAWpB,OAAO,CAAC,OAAO;IAMf,iBAAiB,CAAC,QAAQ,EAAE,MAAM,EAAE,YAAY,EAAE,eAAe,GAAG,eAAe;IASnF,IAAI,IAAI,aAAa,EAAE;IAKvB,QAAQ,CACN,OAAO,EAAE,aAAa,EACtB,YAAY,EAAE,eAAe,EAC7B,YAAY,EAAE,MAAM,GAAG,IAAI,EAC3B,aAAa,EAAE,YAAY,EAAE,GAC5B,YAAY;IAoEf,KAAK,CAAC,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,GAAG,IAAI,EAAE,aAAa,EAAE,YAAY,EAAE,GAAG,YAAY;IActI,KAAK,IAAI,IAAI;CAKd"}

package/dist/engine/capability_state_store.js ADDED Viewed

@@ -0,0 +1,123 @@
+/**
+ * 能力状态覆盖存储 — 持久化人工确认的能力状态变更。
+ * P2-8 范围: 显式更新（dry_run + 证据校验 + 人工确认），不自动改状态。
+ * 存储: JSON 文件，原子写入，路径绑定 stateDir。
+ */
+import fs from "node:fs";
+import path from "node:path";
+const VALID_TRANSITIONS = {
+    enforced: ["advisory", "removed"],
+    advisory: ["enforced", "experimental", "removed"],
+    experimental: ["advisory", "removed"],
+    removed: ["experimental"],
+};
+export class CapabilityStateStore {
+    filePath;
+    overrides = [];
+    loaded = false;
+    constructor(stateDir) {
+        this.filePath = path.join(stateDir, "capability-state-overrides.json");
+        if (!fs.existsSync(stateDir)) {
+            fs.mkdirSync(stateDir, { recursive: true });
+        }
+    }
+    ensureLoaded() {
+        if (this.loaded)
+            return;
+        this.loaded = true;
+        try {
+            const data = fs.readFileSync(this.filePath, "utf-8");
+            this.overrides = JSON.parse(data);
+        }
+        catch {
+            this.overrides = [];
+        }
+    }
+    persist() {
+        const tmpPath = `${this.filePath}.tmp`;
+        fs.writeFileSync(tmpPath, JSON.stringify(this.overrides, null, 2));
+        fs.renameSync(tmpPath, this.filePath);
+    }
+    getEffectiveState(policyId, defaultState) {
+        this.ensureLoaded();
+        let latest;
+        for (const o of this.overrides) {
+            if (o.policy_id === policyId)
+                latest = o;
+        }
+        return latest ? latest.new_state : defaultState;
+    }
+    list() {
+        this.ensureLoaded();
+        return this.overrides.map((o) => ({ ...o, evidence_ids: [...o.evidence_ids] }));
+    }
+    validate(request, currentState, capabilityId, escapeReports) {
+        const errors = [];
+        if (!capabilityId) {
+            errors.push(`policy_id ${request.policy_id} not found in capability registry`);
+        }
+        if (request.target_state === currentState) {
+            errors.push(`target_state (${request.target_state}) same as current state, no change needed`);
+        }
+        if (capabilityId && request.target_state !== currentState) {
+            const allowed = VALID_TRANSITIONS[currentState];
+            if (!allowed.includes(request.target_state)) {
+                errors.push(`${currentState} → ${request.target_state} is not a valid transition (allowed: ${allowed.join(", ")})`);
+            }
+        }
+        if (request.evidence_ids.length === 0) {
+            errors.push("at least one evidence_id is required");
+        }
+        const matchedEvidence = request.evidence_ids.filter((eid) => escapeReports.some((r) => r.escape_id === eid && r.policy_id === request.policy_id));
+        const unmatchedEvidence = request.evidence_ids.filter((eid) => !matchedEvidence.includes(eid));
+        if (request.evidence_ids.length > 0 && unmatchedEvidence.length > 0) {
+            errors.push(`evidence_ids not found for policy ${request.policy_id}: ${unmatchedEvidence.join(", ")}`);
+        }
+        if (!request.confirm) {
+            errors.push("confirm=true required for state changes; human confirmation mandatory");
+        }
+        if (!request.confirmed_by.trim()) {
+            errors.push("confirmed_by is required");
+        }
+        if (!request.reason.trim()) {
+            errors.push("reason is required");
+        }
+        const evidenceMatched = matchedEvidence.length > 0;
+        const override = {
+            policy_id: request.policy_id,
+            previous_state: currentState,
+            new_state: request.target_state,
+            reason: request.reason,
+            evidence_ids: [...request.evidence_ids],
+            confirmed_by: request.confirmed_by,
+            updated_at: new Date().toISOString(),
+        };
+        return {
+            policy_id: request.policy_id,
+            capability_id: capabilityId,
+            previous_state: currentState,
+            new_state: request.target_state,
+            updated: false,
+            dry_run: request.dry_run,
+            validation_errors: errors,
+            evidence_matched: evidenceMatched,
+            override: errors.length === 0 ? override : null,
+        };
+    }
+    apply(request, currentState, capabilityId, escapeReports) {
+        this.ensureLoaded();
+        const result = this.validate(request, currentState, capabilityId, escapeReports);
+        if (result.validation_errors.length > 0 || request.dry_run || !result.override) {
+            return result;
+        }
+        this.overrides.push(result.override);
+        this.persist();
+        return { ...result, updated: true };
+    }
+    clear() {
+        this.overrides = [];
+        this.loaded = true;
+        this.persist();
+    }
+}
+//# sourceMappingURL=capability_state_store.js.map

package/dist/engine/capability_state_store.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"capability_state_store.js","sourceRoot":"","sources":["../../src/engine/capability_state_store.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAoC7B,MAAM,iBAAiB,GAA+C;IACpE,QAAQ,EAAE,CAAC,UAAU,EAAE,SAAS,CAAC;IACjC,QAAQ,EAAE,CAAC,UAAU,EAAE,cAAc,EAAE,SAAS,CAAC;IACjD,YAAY,EAAE,CAAC,UAAU,EAAE,SAAS,CAAC;IACrC,OAAO,EAAE,CAAC,cAAc,CAAC;CAC1B,CAAC;AAEF,MAAM,OAAO,oBAAoB;IACvB,QAAQ,CAAS;IACjB,SAAS,GAAoB,EAAE,CAAC;IAChC,MAAM,GAAG,KAAK,CAAC;IAEvB,YAAY,QAAgB;QAC1B,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,iCAAiC,CAAC,CAAC;QACvE,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC7B,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAEO,YAAY;QAClB,IAAI,IAAI,CAAC,MAAM;YAAE,OAAO;QACxB,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;QACnB,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YACrD,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAoB,CAAC;QACvD,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,CAAC,SAAS,GAAG,EAAE,CAAC;QACtB,CAAC;IACH,CAAC;IAEO,OAAO;QACb,MAAM,OAAO,GAAG,GAAG,IAAI,CAAC,QAAQ,MAAM,CAAC;QACvC,EAAE,CAAC,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACnE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;IACxC,CAAC;IAED,iBAAiB,CAAC,QAAgB,EAAE,YAA6B;QAC/D,IAAI,CAAC,YAAY,EAAE,CAAC;QACpB,IAAI,MAAiC,CAAC;QACtC,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YAC/B,IAAI,CAAC,CAAC,SAAS,KAAK,QAAQ;gBAAE,MAAM,GAAG,CAAC,CAAC;QAC3C,CAAC;QACD,OAAO,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,YAAY,CAAC;IAClD,CAAC;IAED,IAAI;QACF,IAAI,CAAC,YAAY,EAAE,CAAC;QACpB,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,YAAY,EAAE,CAAC,GAAG,CAAC,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC;IAClF,CAAC;IAED,QAAQ,CACN,OAAsB,EACtB,YAA6B,EAC7B,YAA2B,EAC3B,aAA6B;QAE7B,MAAM,MAAM,GAAa,EAAE,CAAC;QAE5B,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,MAAM,CAAC,IAAI,CAAC,aAAa,OAAO,CAAC,SAAS,mCAAmC,CAAC,CAAC;QACjF,CAAC;QAED,IAAI,OAAO,CAAC,YAAY,KAAK,YAAY,EAAE,CAAC;YAC1C,MAAM,CAAC,IAAI,CAAC,iBAAiB,OAAO,CAAC,YAAY,2CAA2C,CAAC,CAAC;QAChG,CAAC;QAED,IAAI,YAAY,IAAI,OAAO,CAAC,YAAY,KAAK,YAAY,EAAE,CAAC;YAC1D,MAAM,OAAO,GAAG,iBAAiB,CAAC,YAAY,CAAC,CAAC;YAChD,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC;gBAC5C,MAAM,CAAC,IAAI,CAAC,GAAG,YAAY,MAAM,OAAO,CAAC,YAAY,wCAAwC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACtH,CAAC;QACH,CAAC;QAED,IAAI,OAAO,CAAC,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACtC,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;QACtD,CAAC;QAED,MAAM,eAAe,GAAG,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAC1D,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,GAAG,IAAI,CAAC,CAAC,SAAS,KAAK,OAAO,CAAC,SAAS,CAAC,CACpF,CAAC;QACF,MAAM,iBAAiB,GAAG,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,eAAe,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;QAE/F,IAAI,OAAO,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpE,MAAM,CAAC,IAAI,CAAC,qCAAqC,OAAO,CAAC,SAAS,KAAK,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACzG,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;YACrB,MAAM,CAAC,IAAI,CAAC,uEAAuE,CAAC,CAAC;QACvF,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,EAAE,EAAE,CAAC;YACjC,MAAM,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;QAC1C,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC;YAC3B,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;QACpC,CAAC;QAED,MAAM,eAAe,GAAG,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC;QAEnD,MAAM,QAAQ,GAAkB;YAC9B,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,cAAc,EAAE,YAAY;YAC5B,SAAS,EAAE,OAAO,CAAC,YAAY;YAC/B,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,YAAY,EAAE,CAAC,GAAG,OAAO,CAAC,YAAY,CAAC;YACvC,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACrC,CAAC;QAEF,OAAO;YACL,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,aAAa,EAAE,YAAY;YAC3B,cAAc,EAAE,YAAY;YAC5B,SAAS,EAAE,OAAO,CAAC,YAAY;YAC/B,OAAO,EAAE,KAAK;YACd,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,iBAAiB,EAAE,MAAM;YACzB,gBAAgB,EAAE,eAAe;YACjC,QAAQ,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI;SAChD,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,OAAsB,EAAE,YAA6B,EAAE,YAA2B,EAAE,aAA6B;QACrH,IAAI,CAAC,YAAY,EAAE,CAAC;QACpB,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,aAAa,CAAC,CAAC;QAEjF,IAAI,MAAM,CAAC,iBAAiB,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,CAAC,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;YAC/E,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QACrC,IAAI,CAAC,OAAO,EAAE,CAAC;QAEf,OAAO,EAAE,GAAG,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IACtC,CAAC;IAED,KAAK;QACH,IAAI,CAAC,SAAS,GAAG,EAAE,CAAC;QACpB,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;QACnB,IAAI,CAAC,OAAO,EAAE,CAAC;IACjB,CAAC;CACF"}

package/dist/engine/cognitive_anchor.d.ts ADDED Viewed

@@ -0,0 +1,59 @@
+/**
+ * .map.json 认知锚点 — 结构化可追溯压缩。
+ * 备忘录要求: 每个锚点必须有 source_refs, confidence, last_verified_at。
+ * 自动生成的锚点默认 advisory，核心锚点更新需人工确认。
+ */
+export interface CognitiveMapAnchor {
+    /** 锚点 ID */
+    anchor_id: string;
+    /** 所属模块 */
+    module: string;
+    /** 核心契约列表 */
+    core_contracts: string[];
+    /** 已知副作用 */
+    side_effects: string[];
+    /** 不变量 */
+    invariants: string[];
+    /** 决策原因 */
+    decision_reasons: string[];
+    /** 风险标注 */
+    risk_notes: string[];
+    /** 证据引用: 文件/commit/task/diff/命令输出 */
+    source_refs: Array<{
+        type: "file" | "commit" | "task" | "diff" | "command_output" | "audit";
+        ref: string;
+    }>;
+    /** 置信度 */
+    confidence: "high" | "medium" | "low";
+    /** 上次验证时间 */
+    last_verified_at: string;
+    /** 是否过时 */
+    stale_anchor?: boolean;
+}
+export interface MapJsonFile {
+    version: 1;
+    anchors: CognitiveMapAnchor[];
+    generated_at: string;
+}
+/**
+ * 写入 .map.json 文件。
+ */
+export declare function writeMapJson(filePath: string, anchors: CognitiveMapAnchor[]): void;
+/**
+ * 读取 .map.json 文件。文件不存在时返回空锚点列表。
+ */
+export declare function readMapJson(filePath: string): MapJsonFile | null;
+/**
+ * 检查锚点是否过时 — 与当前文件列表比对 source_refs。
+ * 文件不存在的 source_ref 标记 stale_anchor。
+ */
+export declare function checkAnchorStaleness(anchors: CognitiveMapAnchor[], existingFiles: Set<string>): CognitiveMapAnchor[];
+/**
+ * 按相关性筛选锚点 — 根据模块名或文件路径前缀匹配。
+ * 不全量加载，避免污染上下文。
+ */
+export declare function filterRelevantAnchors(anchors: CognitiveMapAnchor[], query: {
+    module?: string;
+    file_path?: string;
+}): CognitiveMapAnchor[];
+//# sourceMappingURL=cognitive_anchor.d.ts.map

package/dist/engine/cognitive_anchor.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"cognitive_anchor.d.ts","sourceRoot":"","sources":["../../src/engine/cognitive_anchor.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAMH,MAAM,WAAW,kBAAkB;IACjC,YAAY;IACZ,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW;IACX,MAAM,EAAE,MAAM,CAAC;IACf,aAAa;IACb,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,YAAY;IACZ,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,UAAU;IACV,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,WAAW;IACX,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,WAAW;IACX,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,qCAAqC;IACrC,WAAW,EAAE,KAAK,CAAC;QACjB,IAAI,EAAE,MAAM,GAAG,QAAQ,GAAG,MAAM,GAAG,MAAM,GAAG,gBAAgB,GAAG,OAAO,CAAC;QACvE,GAAG,EAAE,MAAM,CAAC;KACb,CAAC,CAAC;IACH,UAAU;IACV,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACtC,aAAa;IACb,gBAAgB,EAAE,MAAM,CAAC;IACzB,WAAW;IACX,YAAY,CAAC,EAAE,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,CAAC,CAAC;IACX,OAAO,EAAE,kBAAkB,EAAE,CAAC;IAC9B,YAAY,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,kBAAkB,EAAE,GAAG,IAAI,CAalF;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,WAAW,GAAG,IAAI,CAOhE;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,CAClC,OAAO,EAAE,kBAAkB,EAAE,EAC7B,aAAa,EAAE,GAAG,CAAC,MAAM,CAAC,GACzB,kBAAkB,EAAE,CAYtB;AAED;;;GAGG;AACH,wBAAgB,qBAAqB,CACnC,OAAO,EAAE,kBAAkB,EAAE,EAC7B,KAAK,EAAE;IAAE,MAAM,CAAC,EAAE,MAAM,CAAC;IAAC,SAAS,CAAC,EAAE,MAAM,CAAA;CAAE,GAC7C,kBAAkB,EAAE,CAWtB"}

package/dist/engine/cognitive_anchor.js ADDED Viewed

@@ -0,0 +1,68 @@
+/**
+ * .map.json 认知锚点 — 结构化可追溯压缩。
+ * 备忘录要求: 每个锚点必须有 source_refs, confidence, last_verified_at。
+ * 自动生成的锚点默认 advisory，核心锚点更新需人工确认。
+ */
+import fss from "node:fs";
+import path from "node:path";
+/**
+ * 写入 .map.json 文件。
+ */
+export function writeMapJson(filePath, anchors) {
+    const dir = path.dirname(filePath);
+    fss.mkdirSync(dir, { recursive: true });
+    const data = {
+        version: 1,
+        anchors,
+        generated_at: new Date().toISOString(),
+    };
+    const tmpPath = `${filePath}.tmp`;
+    fss.writeFileSync(tmpPath, JSON.stringify(data, null, 2));
+    fss.renameSync(tmpPath, filePath);
+}
+/**
+ * 读取 .map.json 文件。文件不存在时返回空锚点列表。
+ */
+export function readMapJson(filePath) {
+    if (!fss.existsSync(filePath))
+        return null;
+    try {
+        return JSON.parse(fss.readFileSync(filePath, "utf-8"));
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * 检查锚点是否过时 — 与当前文件列表比对 source_refs。
+ * 文件不存在的 source_ref 标记 stale_anchor。
+ */
+export function checkAnchorStaleness(anchors, existingFiles) {
+    for (const anchor of anchors) {
+        const hasMissing = anchor.source_refs.some((ref) => ref.type === "file" && !existingFiles.has(ref.ref));
+        if (hasMissing) {
+            anchor.stale_anchor = true;
+        }
+        else {
+            anchor.stale_anchor = false;
+        }
+    }
+    return anchors;
+}
+/**
+ * 按相关性筛选锚点 — 根据模块名或文件路径前缀匹配。
+ * 不全量加载，避免污染上下文。
+ */
+export function filterRelevantAnchors(anchors, query) {
+    return anchors.filter((anchor) => {
+        if (query.module && anchor.module === query.module)
+            return true;
+        if (query.file_path) {
+            const matchesRef = anchor.source_refs.some((ref) => ref.type === "file" && (query.file_path.startsWith(ref.ref) || ref.ref.startsWith(query.file_path)));
+            if (matchesRef)
+                return true;
+        }
+        return false;
+    });
+}
+//# sourceMappingURL=cognitive_anchor.js.map

package/dist/engine/cognitive_anchor.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"cognitive_anchor.js","sourceRoot":"","sources":["../../src/engine/cognitive_anchor.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,GAAG,MAAM,SAAS,CAAC;AAC1B,OAAO,IAAI,MAAM,WAAW,CAAC;AAoC7B;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,OAA6B;IAC1E,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IACnC,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAExC,MAAM,IAAI,GAAgB;QACxB,OAAO,EAAE,CAAC;QACV,OAAO;QACP,YAAY,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACvC,CAAC;IAEF,MAAM,OAAO,GAAG,GAAG,QAAQ,MAAM,CAAC;IAClC,GAAG,CAAC,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAC1D,GAAG,CAAC,UAAU,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;AACpC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,QAAgB;IAC1C,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC;QAAE,OAAO,IAAI,CAAC;IAC3C,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAgB,CAAC;IACxE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,oBAAoB,CAClC,OAA6B,EAC7B,aAA0B;IAE1B,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,MAAM,UAAU,GAAG,MAAM,CAAC,WAAW,CAAC,IAAI,CACxC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,KAAK,MAAM,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAC5D,CAAC;QACF,IAAI,UAAU,EAAE,CAAC;YACf,MAAM,CAAC,YAAY,GAAG,IAAI,CAAC;QAC7B,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,YAAY,GAAG,KAAK,CAAC;QAC9B,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CACnC,OAA6B,EAC7B,KAA8C;IAE9C,OAAO,OAAO,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE;QAC/B,IAAI,KAAK,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,KAAK,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QAChE,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;YACpB,MAAM,UAAU,GAAG,MAAM,CAAC,WAAW,CAAC,IAAI,CACxC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,KAAK,MAAM,IAAI,CAAC,KAAK,CAAC,SAAU,CAAC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,CAAC,SAAU,CAAC,CAAC,CAC/G,CAAC;YACF,IAAI,UAAU;gBAAE,OAAO,IAAI,CAAC;QAC9B,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/engine/conflict_gate.d.ts ADDED Viewed

@@ -0,0 +1,36 @@
+/**
+ * 冲突合并门 — 统一 diff ownership CAS 冲突 + scope lease 冲突的 advisory 报告。
+ * CAP-011 实验性: advisory only, 不 hard block。
+ *
+ * 职责:
+ * - preWriteGate: 写前统一检查 CAS + Lease 冲突
+ * - 返回 ConflictGateResult 含所有冲突和建议操作
+ * - human_confirm: 标记人工确认（advisory, 可忽略）
+ */
+import type { DiffOwnershipStore, ConflictReport } from "./diff_ownership_store.js";
+import type { ScopeLeaseStore, LeaseConflict } from "./scope_lease.js";
+export type GateSeverity = "advisory";
+export type RecommendedAction = "proceed" | "confirm_recommended" | "escalate";
+export interface ConflictGateEntry {
+    source: "cas" | "lease";
+    severity: GateSeverity;
+    file_path: string;
+    message: string;
+    detail: ConflictReport | LeaseConflict;
+}
+export interface ConflictGateResult {
+    file_path: string;
+    has_conflict: boolean;
+    entries: ConflictGateEntry[];
+    recommended_action: RecommendedAction;
+    summary: string;
+    confirmed_at: string | null;
+}
+export declare class ConflictGate {
+    private diffOwnership;
+    private scopeLease;
+    constructor(diffOwnership: DiffOwnershipStore, scopeLease: ScopeLeaseStore);
+    preWriteGate(taskId: string, filePath: string): ConflictGateResult;
+    markConfirmed(result: ConflictGateResult): ConflictGateResult;
+}
+//# sourceMappingURL=conflict_gate.d.ts.map

package/dist/engine/conflict_gate.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"conflict_gate.d.ts","sourceRoot":"","sources":["../../src/engine/conflict_gate.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,kBAAkB,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AACpF,OAAO,KAAK,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAEvE,MAAM,MAAM,YAAY,GAAG,UAAU,CAAC;AACtC,MAAM,MAAM,iBAAiB,GAAG,SAAS,GAAG,qBAAqB,GAAG,UAAU,CAAC;AAE/E,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,KAAK,GAAG,OAAO,CAAC;IACxB,QAAQ,EAAE,YAAY,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,cAAc,GAAG,aAAa,CAAC;CACxC;AAED,MAAM,WAAW,kBAAkB;IACjC,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,OAAO,CAAC;IACtB,OAAO,EAAE,iBAAiB,EAAE,CAAC;IAC7B,kBAAkB,EAAE,iBAAiB,CAAC;IACtC,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;CAC7B;AAED,qBAAa,YAAY;IACvB,OAAO,CAAC,aAAa,CAAqB;IAC1C,OAAO,CAAC,UAAU,CAAkB;gBAExB,aAAa,EAAE,kBAAkB,EAAE,UAAU,EAAE,eAAe;IAK1E,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,kBAAkB;IA4ClE,aAAa,CAAC,MAAM,EAAE,kBAAkB,GAAG,kBAAkB;CAM9D"}

package/dist/engine/conflict_gate.js ADDED Viewed

@@ -0,0 +1,73 @@
+/**
+ * 冲突合并门 — 统一 diff ownership CAS 冲突 + scope lease 冲突的 advisory 报告。
+ * CAP-011 实验性: advisory only, 不 hard block。
+ *
+ * 职责:
+ * - preWriteGate: 写前统一检查 CAS + Lease 冲突
+ * - 返回 ConflictGateResult 含所有冲突和建议操作
+ * - human_confirm: 标记人工确认（advisory, 可忽略）
+ */
+export class ConflictGate {
+    diffOwnership;
+    scopeLease;
+    constructor(diffOwnership, scopeLease) {
+        this.diffOwnership = diffOwnership;
+        this.scopeLease = scopeLease;
+    }
+    preWriteGate(taskId, filePath) {
+        const entries = [];
+        // CAS check
+        const { cas, conflict } = this.diffOwnership.preWriteCheck(taskId, filePath);
+        if (conflict) {
+            entries.push({
+                source: "cas",
+                severity: "advisory",
+                file_path: filePath,
+                message: conflict.message,
+                detail: conflict,
+            });
+        }
+        // Lease check
+        const leaseConflict = this.scopeLease.queryLease(taskId, filePath);
+        if (leaseConflict) {
+            entries.push({
+                source: "lease",
+                severity: "advisory",
+                file_path: filePath,
+                message: leaseConflict.message,
+                detail: leaseConflict,
+            });
+        }
+        const hasConflict = entries.length > 0;
+        const recommendedAction = inferRecommendedAction(entries);
+        const summary = hasConflict
+            ? entries.map(e => `[${e.source}] ${e.message}`).join("; ")
+            : "no conflicts";
+        return {
+            file_path: filePath,
+            has_conflict: hasConflict,
+            entries,
+            recommended_action: recommendedAction,
+            summary,
+            confirmed_at: null,
+        };
+    }
+    markConfirmed(result) {
+        return {
+            ...result,
+            confirmed_at: new Date().toISOString(),
+        };
+    }
+}
+function inferRecommendedAction(entries) {
+    if (entries.length === 0)
+        return "proceed";
+    const hasCas = entries.some(e => e.source === "cas");
+    const hasLease = entries.some(e => e.source === "lease");
+    if (hasCas && hasLease)
+        return "escalate";
+    if (hasCas)
+        return "confirm_recommended";
+    return "confirm_recommended";
+}
+//# sourceMappingURL=conflict_gate.js.map

package/dist/engine/conflict_gate.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"conflict_gate.js","sourceRoot":"","sources":["../../src/engine/conflict_gate.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAyBH,MAAM,OAAO,YAAY;IACf,aAAa,CAAqB;IAClC,UAAU,CAAkB;IAEpC,YAAY,aAAiC,EAAE,UAA2B;QACxE,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;QACnC,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;IAC/B,CAAC;IAED,YAAY,CAAC,MAAc,EAAE,QAAgB;QAC3C,MAAM,OAAO,GAAwB,EAAE,CAAC;QAExC,YAAY;QACZ,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAC7E,IAAI,QAAQ,EAAE,CAAC;YACb,OAAO,CAAC,IAAI,CAAC;gBACX,MAAM,EAAE,KAAK;gBACb,QAAQ,EAAE,UAAU;gBACpB,SAAS,EAAE,QAAQ;gBACnB,OAAO,EAAE,QAAQ,CAAC,OAAO;gBACzB,MAAM,EAAE,QAAQ;aACjB,CAAC,CAAC;QACL,CAAC;QAED,cAAc;QACd,MAAM,aAAa,GAAG,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QACnE,IAAI,aAAa,EAAE,CAAC;YAClB,OAAO,CAAC,IAAI,CAAC;gBACX,MAAM,EAAE,OAAO;gBACf,QAAQ,EAAE,UAAU;gBACpB,SAAS,EAAE,QAAQ;gBACnB,OAAO,EAAE,aAAa,CAAC,OAAO;gBAC9B,MAAM,EAAE,aAAa;aACtB,CAAC,CAAC;QACL,CAAC;QAED,MAAM,WAAW,GAAG,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC;QACvC,MAAM,iBAAiB,GAAG,sBAAsB,CAAC,OAAO,CAAC,CAAC;QAE1D,MAAM,OAAO,GAAG,WAAW;YACzB,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;YAC3D,CAAC,CAAC,cAAc,CAAC;QAEnB,OAAO;YACL,SAAS,EAAE,QAAQ;YACnB,YAAY,EAAE,WAAW;YACzB,OAAO;YACP,kBAAkB,EAAE,iBAAiB;YACrC,OAAO;YACP,YAAY,EAAE,IAAI;SACnB,CAAC;IACJ,CAAC;IAED,aAAa,CAAC,MAA0B;QACtC,OAAO;YACL,GAAG,MAAM;YACT,YAAY,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACvC,CAAC;IACJ,CAAC;CACF;AAED,SAAS,sBAAsB,CAAC,OAA4B;IAC1D,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IAC3C,MAAM,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,KAAK,CAAC,CAAC;IACrD,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,OAAO,CAAC,CAAC;IACzD,IAAI,MAAM,IAAI,QAAQ;QAAE,OAAO,UAAU,CAAC;IAC1C,IAAI,MAAM;QAAE,OAAO,qBAAqB,CAAC;IACzC,OAAO,qBAAqB,CAAC;AAC/B,CAAC"}

package/dist/engine/decision_contract.d.ts ADDED Viewed

@@ -0,0 +1,29 @@
+/**
+ * 默认决策输出契约 — advisory 状态。
+ * 校验 sf_expand / sf_review / sf_analyze / sf_explore 的输出是否包含
+ * 备忘录要求的 10 个决策字段。不 hard block，只出 advisory 告警。
+ */
+export declare const DECISION_FIELDS: readonly ["recommended_option", "why_this", "rejected_options", "steelman_alternatives", "attack_recommended_option", "falsification_tests", "execution_plan", "verification_plan", "rollback_plan", "human_confirmation_required"];
+export type DecisionField = (typeof DECISION_FIELDS)[number];
+export interface DecisionContractResult {
+    /** 是否通过契约校验（advisory） */
+    passed: boolean;
+    /** 缺失字段列表 */
+    missing_fields: DecisionField[];
+    /** 当前覆盖率 */
+    coverage: number;
+    /** advisory 消息 */
+    advisory: string;
+    /** 各字段存在状态 */
+    field_status: Array<{
+        field: DecisionField;
+        present: boolean;
+    }>;
+}
+/**
+ * 校验决策输出是否满足契约。
+ * 输入为任意对象，检查其顶层键是否覆盖 DECISION_FIELDS。
+ * advisory: 不 hard block，missing_fields 仅为建议。
+ */
+export declare function validateDecisionOutput(output: Record<string, unknown>): DecisionContractResult;
+//# sourceMappingURL=decision_contract.d.ts.map

package/dist/engine/decision_contract.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"decision_contract.d.ts","sourceRoot":"","sources":["../../src/engine/decision_contract.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,eAAO,MAAM,eAAe,qOAWlB,CAAC;AAEX,MAAM,MAAM,aAAa,GAAG,CAAC,OAAO,eAAe,CAAC,CAAC,MAAM,CAAC,CAAC;AAE7D,MAAM,WAAW,sBAAsB;IACrC,yBAAyB;IACzB,MAAM,EAAE,OAAO,CAAC;IAChB,aAAa;IACb,cAAc,EAAE,aAAa,EAAE,CAAC;IAChC,YAAY;IACZ,QAAQ,EAAE,MAAM,CAAC;IACjB,kBAAkB;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc;IACd,YAAY,EAAE,KAAK,CAAC;QAAE,KAAK,EAAE,aAAa,CAAC;QAAC,OAAO,EAAE,OAAO,CAAA;KAAE,CAAC,CAAC;CACjE;AAED;;;;GAIG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,sBAAsB,CAmB9F"}

package/dist/engine/decision_contract.js ADDED Viewed

@@ -0,0 +1,41 @@
+/**
+ * 默认决策输出契约 — advisory 状态。
+ * 校验 sf_expand / sf_review / sf_analyze / sf_explore 的输出是否包含
+ * 备忘录要求的 10 个决策字段。不 hard block，只出 advisory 告警。
+ */
+export const DECISION_FIELDS = [
+    "recommended_option",
+    "why_this",
+    "rejected_options",
+    "steelman_alternatives",
+    "attack_recommended_option",
+    "falsification_tests",
+    "execution_plan",
+    "verification_plan",
+    "rollback_plan",
+    "human_confirmation_required",
+];
+/**
+ * 校验决策输出是否满足契约。
+ * 输入为任意对象，检查其顶层键是否覆盖 DECISION_FIELDS。
+ * advisory: 不 hard block，missing_fields 仅为建议。
+ */
+export function validateDecisionOutput(output) {
+    const fieldStatus = DECISION_FIELDS.map((field) => ({
+        field,
+        present: field in output && output[field] != null && output[field] !== "",
+    }));
+    const presentCount = fieldStatus.filter((f) => f.present).length;
+    const missing = fieldStatus.filter((f) => !f.present).map((f) => f.field);
+    const coverage = presentCount / DECISION_FIELDS.length;
+    return {
+        passed: missing.length === 0,
+        missing_fields: missing,
+        coverage,
+        advisory: missing.length === 0
+            ? `决策输出契约完整 (${presentCount}/${DECISION_FIELDS.length})`
+            : `advisory: 决策输出缺少 ${missing.length} 个字段 (${missing.join(", ")})`,
+        field_status: fieldStatus,
+    };
+}
+//# sourceMappingURL=decision_contract.js.map

package/dist/engine/decision_contract.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"decision_contract.js","sourceRoot":"","sources":["../../src/engine/decision_contract.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,MAAM,CAAC,MAAM,eAAe,GAAG;IAC7B,oBAAoB;IACpB,UAAU;IACV,kBAAkB;IAClB,uBAAuB;IACvB,2BAA2B;IAC3B,qBAAqB;IACrB,gBAAgB;IAChB,mBAAmB;IACnB,eAAe;IACf,6BAA6B;CACrB,CAAC;AAiBX;;;;GAIG;AACH,MAAM,UAAU,sBAAsB,CAAC,MAA+B;IACpE,MAAM,WAAW,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QAClD,KAAK;QACL,OAAO,EAAE,KAAK,IAAI,MAAM,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,IAAI,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,EAAE;KAC1E,CAAC,CAAC,CAAC;IAEJ,MAAM,YAAY,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC;IACjE,MAAM,OAAO,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IAC1E,MAAM,QAAQ,GAAG,YAAY,GAAG,eAAe,CAAC,MAAM,CAAC;IAEvD,OAAO;QACL,MAAM,EAAE,OAAO,CAAC,MAAM,KAAK,CAAC;QAC5B,cAAc,EAAE,OAAO;QACvB,QAAQ;QACR,QAAQ,EAAE,OAAO,CAAC,MAAM,KAAK,CAAC;YAC5B,CAAC,CAAC,aAAa,YAAY,IAAI,eAAe,CAAC,MAAM,GAAG;YACxD,CAAC,CAAC,oBAAoB,OAAO,CAAC,MAAM,SAAS,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;QACpE,YAAY,EAAE,WAAW;KAC1B,CAAC;AACJ,CAAC"}

package/dist/engine/delivery.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"delivery.d.ts","sourceRoot":"","sources":["../../src/engine/delivery.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,WAAW,EACX,aAAa,EAEb,cAAc,EAEd,cAAc,EACf,MAAM,aAAa,CAAC;AACrB,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,+BAA+B,CAAC;AAC3E,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;~~AAEnD~~;;;;GAIG;AAIH;;;;;;;;;GASG;AACH,MAAM,WAAW,aAAa;IAC5B,WAAW,EAAE,WAAW,CAAC;IACzB,MAAM,EAAE,aAAa,CAAC;IACtB,cAAc,EAAE,qBAAqB,CAAC;IACtC,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,aAAa,CAAC;IACtB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED;;;;;GAKG;AACH,wBAAsB,OAAO,CAAC,KAAK,EAAE,aAAa,GAAG,OAAO,CAAC,cAAc,CAAC,~~CAoJ3E~~;AAcD;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,WAAW,EAAE,WAAW,GAAG,cAAc,CAmB/E"}
1	+ {"version":3,"file":"delivery.d.ts","sourceRoot":"","sources":["../../src/engine/delivery.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,WAAW,EACX,aAAa,EAEb,cAAc,EAEd,cAAc,EACf,MAAM,aAAa,CAAC;AACrB,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,+BAA+B,CAAC;AAC3E,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAKnD;;;;GAIG;AAIH;;;;;;;;;GASG;AACH,MAAM,WAAW,aAAa;IAC5B,WAAW,EAAE,WAAW,CAAC;IACzB,MAAM,EAAE,aAAa,CAAC;IACtB,cAAc,EAAE,qBAAqB,CAAC;IACtC,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,aAAa,CAAC;IACtB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED;;;;;GAKG;AACH,wBAAsB,OAAO,CAAC,KAAK,EAAE,aAAa,GAAG,OAAO,CAAC,cAAc,CAAC,CAwP3E;AAcD;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,WAAW,EAAE,WAAW,GAAG,cAAc,CAmB/E"}

package/dist/engine/delivery.js CHANGED Viewed

@@ -1,4 +1,7 @@
 import YAML from "yaml";
+import { buildDeliveryEvidenceChain } from "./semantic_evidence.js";
+import { classifyCommand, checkSupplyChain } from "./runtime_safety.js";
+import { preDeliveryReview } from "./developer_sovereignty.js";
 /**
  * 执行完整的交付流程：提交代码、推送到远程、生成 PR 命令和变更日志。
  * 流程按顺序执行，每一步失败后记录错误并继续后续步骤。
@@ -28,6 +31,79 @@ export async function deliver(input) {
     // 3. 根据任务信息构建变更日志条目和提交消息
     const entry = generateChangelogEntry(taskContext);
     result.commit_message = formatCommitMessage(entry);
+    // 3.5. R12: 运行安全包 — 命令分级 advisory（不 hard block）
+    const safetyAdvisories = [];
+    // 检查验证命令是否有 destructive 级别
+    const verifyCommands = taskContext.verification?.checks
+        ? [
+            ...taskContext.verification.checks.build,
+            ...taskContext.verification.checks.tests,
+        ]
+        : [];
+    for (const cmd of verifyCommands) {
+        const classified = classifyCommand(cmd.command);
+        if (classified.risk === "destructive") {
+            safetyAdvisories.push(`advisory: destructive verify command detected: ${cmd.command} — ${classified.advisory}`);
+        }
+    }
+    // 检查推送命令风险
+    const pushClassified = classifyCommand(`git push origin ${result.branch}`);
+    if (pushClassified.risk !== "read_only") {
+        safetyAdvisories.push(`advisory: push is ${pushClassified.risk} — ${pushClassified.advisory}`);
+    }
+    // 供应链检查: 依赖变更时调用 checkSupplyChain 检查 lockfile/integrity
+    const changedFiles = taskContext.execution?.changed_files ?? [];
+    const depFiles = changedFiles.filter((f) => f.endsWith("package.json") || f.endsWith("package-lock.json") ||
+        f.endsWith("pnpm-lock.yaml") || f.endsWith("yarn.lock") ||
+        f.endsWith("go.mod") || f.endsWith("go.sum") ||
+        f.endsWith("Cargo.toml") || f.endsWith("Cargo.lock"));
+    if (depFiles.length > 0) {
+        try {
+            // Use filesystem root dir listing for lockfile detection (not git status)
+            const fss = await import("node:fs");
+            const nodePath = await import("node:path");
+            const rootEntries = fss.readdirSync(projectPath);
+            const rootFiles = rootEntries.filter((e) => e.endsWith(".json") || e.endsWith(".yaml") || e.endsWith(".yarn") ||
+                e.endsWith(".lock") || e.endsWith(".sum") || e.endsWith(".toml"));
+            // Read package.json for dependency list if present
+            const fsAsync = await import("node:fs/promises");
+            const deps = [];
+            const pkgPath = nodePath.join(projectPath, "package.json");
+            try {
+                const pkg = JSON.parse(await fsAsync.readFile(pkgPath, "utf-8"));
+                const allDeps = { ...pkg.dependencies, ...pkg.devDependencies };
+                for (const [name, version] of Object.entries(allDeps)) {
+                    deps.push({ name, version: String(version) });
+                }
+            }
+            catch { /* no package.json or parse error */ }
+            if (deps.length > 0) {
+                const scReport = checkSupplyChain(rootFiles, deps);
+                for (const check of scReport.checks) {
+                    if (!check.has_lockfile) {
+                        safetyAdvisories.push(`advisory: ${check.package_name}@${check.version} — no lockfile/integrity`);
+                    }
+                }
+            }
+            else {
+                safetyAdvisories.push("advisory: dependency files changed — recommend running supply chain check (sf_dependency_scan)");
+            }
+        }
+        catch {
+            safetyAdvisories.push("advisory: dependency files changed — supply chain check failed");
+        }
+    }
+    if (safetyAdvisories.length > 0) {
+        result.safety_advisories = safetyAdvisories;
+    }
+    // 3.6. R11: Developer Sovereignty — pre-delivery review（advisory, 不 hard block）
+    try {
+        const review = await preDeliveryReview(taskContext, gitOps, projectPath);
+        result.pre_delivery_review = review;
+    }
+    catch {
+        // review failure is advisory, don't block delivery
+    }
     // 4. 执行 git commit（如果配置允许自动提交）
     if (deliveryConfig.auto_commit) {
         try {
@@ -55,6 +131,11 @@ export async function deliver(input) {
                 }
             }
             result.actions_performed.push("commit");
+            // Update rollback command in pre_delivery_review to point to this commit
+            if (result.pre_delivery_review && result.commit_hash) {
+                result.pre_delivery_review.rollback_command =
+                    `git revert ${result.commit_hash} --no-edit`;
+            }
         }
         catch (e) {
             result.errors.push(`提交失败: ${e instanceof Error ? e.message : String(e)}`);
@@ -134,6 +215,8 @@ export async function deliver(input) {
     // 7. 生成变更日志
     result.changelog = formatChangelog(entry);
     result.actions_performed.push("changelog");
+    // 8. R9: 构建语义交付证据链（advisory, 不 hard block）
+    result.evidence_chain = buildDeliveryEvidenceChain(taskContext) ?? undefined;
     return result;
 }
 // ── Shell 转义辅助函数 ──