soloforge 1.2.2 → 1.2.3

package/dist/engine/audit_pool.js

@@ -0,0 +1,83 @@
+/**
+ * 审计池 — 记录已完成任务的审计条目，供后续治理流程消费。
+ * P2-1 范围: 持久化入池（append）和查询（list），不做随机抽检，不生成逃逸报告，不改能力状态。
+ * 存储: JSON 数组文件，原子写入。
+ * 路径: 由调用方（TaskContextManager）传入 stateDir 绑定，不使用 process.cwd 猜测。
+ */
+import fs from "node:fs";
+import path from "node:path";
+const ALL_RISK_LEVELS = ["low", "medium", "high", "critical"];
+function emptyByRisk() {
+    return Object.fromEntries(ALL_RISK_LEVELS.map((r) => [r, 0]));
+}
+function deepCopyItem(item) {
+    return {
+        task_id: item.task_id,
+        risk: item.risk,
+        changed_files: [...item.changed_files],
+        evidence: item.evidence,
+        capability_refs: [...item.capability_refs],
+        created_at: item.created_at,
+    };
+}
+export class AuditPool {
+    filePath;
+    items = [];
+    loaded = false;
+    constructor(stateDir) {
+        this.filePath = path.join(stateDir, "audit-pool.json");
+        if (!fs.existsSync(stateDir)) {
+            fs.mkdirSync(stateDir, { recursive: true });
+        }
+    }
+    ensureLoaded() {
+        if (this.loaded)
+            return;
+        this.loaded = true;
+        try {
+            const data = fs.readFileSync(this.filePath, "utf-8");
+            this.items = JSON.parse(data);
+        }
+        catch {
+            this.items = [];
+        }
+    }
+    persist() {
+        const tmpPath = `${this.filePath}.tmp`;
+        fs.writeFileSync(tmpPath, JSON.stringify(this.items, null, 2));
+        fs.renameSync(tmpPath, this.filePath);
+    }
+    append(item) {
+        this.ensureLoaded();
+        this.items.push(deepCopyItem(item));
+        this.persist();
+    }
+    list(filter) {
+        this.ensureLoaded();
+        let result = this.items;
+        if (filter?.risk) {
+            result = result.filter((i) => i.risk === filter.risk);
+        }
+        if (filter?.capability_ref) {
+            result = result.filter((i) => i.capability_refs.includes(filter.capability_ref));
+        }
+        return result.map(deepCopyItem);
+    }
+    stats() {
+        this.ensureLoaded();
+        const by_risk = emptyByRisk();
+        for (const item of this.items) {
+            by_risk[item.risk]++;
+        }
+        return { total: this.items.length, by_risk };
+    }
+    clear() {
+        this.items = [];
+        this.loaded = true;
+        this.persist();
+    }
+    getFilePath() {
+        return this.filePath;
+    }
+}
+//# sourceMappingURL=audit_pool.js.map

package/dist/engine/audit_pool.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit_pool.js","sourceRoot":"","sources":["../../src/engine/audit_pool.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAkB7B,MAAM,eAAe,GAAgB,CAAC,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC;AAE3E,SAAS,WAAW;IAClB,OAAO,MAAM,CAAC,WAAW,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAA8B,CAAC;AAC7F,CAAC;AAED,SAAS,YAAY,CAAC,IAAe;IACnC,OAAO;QACL,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,aAAa,EAAE,CAAC,GAAG,IAAI,CAAC,aAAa,CAAC;QACtC,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,eAAe,EAAE,CAAC,GAAG,IAAI,CAAC,eAAe,CAAC;QAC1C,UAAU,EAAE,IAAI,CAAC,UAAU;KAC5B,CAAC;AACJ,CAAC;AAED,MAAM,OAAO,SAAS;IACZ,QAAQ,CAAS;IACjB,KAAK,GAAgB,EAAE,CAAC;IACxB,MAAM,GAAG,KAAK,CAAC;IAEvB,YAAY,QAAgB;QAC1B,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,iBAAiB,CAAC,CAAC;QACvD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC7B,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAEO,YAAY;QAClB,IAAI,IAAI,CAAC,MAAM;YAAE,OAAO;QACxB,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;QACnB,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YACrD,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAgB,CAAC;QAC/C,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,CAAC,KAAK,GAAG,EAAE,CAAC;QAClB,CAAC;IACH,CAAC;IAEO,OAAO;QACb,MAAM,OAAO,GAAG,GAAG,IAAI,CAAC,QAAQ,MAAM,CAAC;QACvC,EAAE,CAAC,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAC/D,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;IACxC,CAAC;IAED,MAAM,CAAC,IAAe;QACpB,IAAI,CAAC,YAAY,EAAE,CAAC;QACpB,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC;QACpC,IAAI,CAAC,OAAO,EAAE,CAAC;IACjB,CAAC;IAED,IAAI,CAAC,MAAsD;QACzD,IAAI,CAAC,YAAY,EAAE,CAAC;QACpB,IAAI,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC;QACxB,IAAI,MAAM,EAAE,IAAI,EAAE,CAAC;YACjB,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC;QACxD,CAAC;QACD,IAAI,MAAM,EAAE,cAAc,EAAE,CAAC;YAC3B,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,eAAe,CAAC,QAAQ,CAAC,MAAM,CAAC,cAAe,CAAC,CAAC,CAAC;QACpF,CAAC;QACD,OAAO,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IAClC,CAAC;IAED,KAAK;QACH,IAAI,CAAC,YAAY,EAAE,CAAC;QACpB,MAAM,OAAO,GAAG,WAAW,EAAE,CAAC;QAC9B,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC9B,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACvB,CAAC;QACD,OAAO,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,OAAO,EAAE,CAAC;IAC/C,CAAC;IAED,KAAK;QACH,IAAI,CAAC,KAAK,GAAG,EAAE,CAAC;QAChB,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;QACnB,IAAI,CAAC,OAAO,EAAE,CAAC;IACjB,CAAC;IAED,WAAW;QACT,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;CACF"}

package/dist/engine/audit_sampler.d.ts

@@ -0,0 +1,15 @@
+/**
+ * 抽检清单生成 — 基于 audit pool + risk_sampler 生成 SamplingDecision 列表。
+ * P2-6 范围: 只读输出，不落盘，不生成 escape report，不改 capability 状态。
+ */
+import type { AuditItem } from "./audit_pool.js";
+import { type SamplingDecision } from "./risk_sampler.js";
+export interface AuditSampleResult {
+    seed: number;
+    total_items: number;
+    sampled_count: number;
+    skipped_count: number;
+    decisions: SamplingDecision[];
+}
+export declare function sampleAuditItems(items: AuditItem[], seed?: number): AuditSampleResult;
+//# sourceMappingURL=audit_sampler.d.ts.map

package/dist/engine/audit_sampler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit_sampler.d.ts","sourceRoot":"","sources":["../../src/engine/audit_sampler.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAgB,KAAK,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AAExE,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,gBAAgB,EAAE,CAAC;CAC/B;AAED,wBAAgB,gBAAgB,CAC9B,KAAK,EAAE,SAAS,EAAE,EAClB,IAAI,GAAE,MAAU,GACf,iBAAiB,CAyBnB"}

package/dist/engine/audit_sampler.js

@@ -0,0 +1,26 @@
+/**
+ * 抽检清单生成 — 基于 audit pool + risk_sampler 生成 SamplingDecision 列表。
+ * P2-6 范围: 只读输出，不落盘，不生成 escape report，不改 capability 状态。
+ */
+import { shouldSample } from "./risk_sampler.js";
+export function sampleAuditItems(items, seed = 0) {
+    const decisions = [];
+    for (const item of items) {
+        const decision = shouldSample({
+            task_id: item.task_id,
+            risk: item.risk,
+            changed_files: item.changed_files,
+            capability_refs: item.capability_refs,
+        }, seed);
+        decisions.push(decision);
+    }
+    const sampledCount = decisions.filter((d) => d.should_sample).length;
+    return {
+        seed,
+        total_items: decisions.length,
+        sampled_count: sampledCount,
+        skipped_count: decisions.length - sampledCount,
+        decisions,
+    };
+}
+//# sourceMappingURL=audit_sampler.js.map

package/dist/engine/audit_sampler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit_sampler.js","sourceRoot":"","sources":["../../src/engine/audit_sampler.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,EAAE,YAAY,EAAyB,MAAM,mBAAmB,CAAC;AAUxE,MAAM,UAAU,gBAAgB,CAC9B,KAAkB,EAClB,OAAe,CAAC;IAEhB,MAAM,SAAS,GAAuB,EAAE,CAAC;IAEzC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,QAAQ,GAAG,YAAY,CAC3B;YACE,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,aAAa,EAAE,IAAI,CAAC,aAAa;YACjC,eAAe,EAAE,IAAI,CAAC,eAAe;SACtC,EACD,IAAI,CACL,CAAC;QACF,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC3B,CAAC;IAED,MAAM,YAAY,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC;IAErE,OAAO;QACL,IAAI;QACJ,WAAW,EAAE,SAAS,CAAC,MAAM;QAC7B,aAAa,EAAE,YAAY;QAC3B,aAAa,EAAE,SAAS,CAAC,MAAM,GAAG,YAAY;QAC9C,SAAS;KACV,CAAC;AACJ,CAAC"}

package/dist/engine/capability_action_advisor.d.ts

@@ -0,0 +1,24 @@
+/**
+ * 能力状态变更建议 — 基于 escape report 生成 downgrade/disable/promote_blocked/keep 决策。
+ * P2-4 范围: 只输出建议，不直接改 registry。
+ *
+ * 规则来源: 设计方案 7.7.3 降级规则表。
+ */
+import type { EscapeReport, CapabilityAction } from "./escape_report.js";
+import type { CapabilityState } from "./capability_registry.js";
+export interface ActionRule {
+    rule_id: string;
+    description: string;
+    severity: "critical" | "medium" | "low";
+}
+export interface ActionDecision {
+    policy_id: string;
+    current_state: CapabilityState;
+    recommended_action: CapabilityAction;
+    target_state: CapabilityState;
+    reason: string;
+    evidence_ids: string[];
+    triggered_rules: ActionRule[];
+}
+export declare function decideAction(reports: EscapeReport[], current_state: CapabilityState, policy_id: string, now?: Date): ActionDecision;
+//# sourceMappingURL=capability_action_advisor.d.ts.map

package/dist/engine/capability_action_advisor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"capability_action_advisor.d.ts","sourceRoot":"","sources":["../../src/engine/capability_action_advisor.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAc,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACrF,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAEhE,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,UAAU,GAAG,QAAQ,GAAG,KAAK,CAAC;CACzC;AAED,MAAM,WAAW,cAAc;IAC7B,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,eAAe,CAAC;IAC/B,kBAAkB,EAAE,gBAAgB,CAAC;IACrC,YAAY,EAAE,eAAe,CAAC;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,eAAe,EAAE,UAAU,EAAE,CAAC;CAC/B;AAgDD,wBAAgB,YAAY,CAC1B,OAAO,EAAE,YAAY,EAAE,EACvB,aAAa,EAAE,eAAe,EAC9B,SAAS,EAAE,MAAM,EACjB,GAAG,GAAE,IAAiB,GACrB,cAAc,CA0HhB"}

package/dist/engine/capability_action_advisor.js

@@ -0,0 +1,147 @@
+/**
+ * 能力状态变更建议 — 基于 escape report 生成 downgrade/disable/promote_blocked/keep 决策。
+ * P2-4 范围: 只输出建议，不直接改 registry。
+ *
+ * 规则来源: 设计方案 7.7.3 降级规则表。
+ */
+const CRITICAL_ESCAPE_TYPES = new Set([
+    "ai_escape",
+    "rule_gap",
+    "tool_bug",
+]);
+const MEDIUM_ESCAPE_TYPES = new Set([
+    "weak_test",
+    "bad_evidence",
+    "human_miss",
+]);
+const FALSE_POSITIVE_TYPE = "false_positive";
+const FALSE_POSITIVE_THRESHOLD = 2;
+const RULE_CRITICAL_ESCAPE = {
+    rule_id: "R-CE",
+    description: "同一 policy_id 出现 1 次严重逃逸 (ai_escape/rule_gap/tool_bug) → enforced→advisory",
+    severity: "critical",
+};
+const RULE_TWO_MEDIUM_7DAYS = {
+    rule_id: "R-2M7D",
+    description: "7 天内同一 policy_id 出现 2 次中等逃逸 → enforced→advisory",
+    severity: "medium",
+};
+const RULE_REPEATED_FALSE_POSITIVE = {
+    rule_id: "R-FP",
+    description: `连续 ${FALSE_POSITIVE_THRESHOLD}+ 次误伤 → promote_blocked（暂停 hard block，保留 warning）`,
+    severity: "medium",
+};
+const RULE_STALE_ENFORCED = {
+    rule_id: "R-SE",
+    description: "advisory/experimental 下仍有逃逸累积 → disable 直到修复",
+    severity: "critical",
+};
+function withinDays(report, days, now) {
+    const created = new Date(report.created_at);
+    const cutoff = new Date(now.getTime() - days * 24 * 60 * 60 * 1000);
+    return created >= cutoff;
+}
+export function decideAction(reports, current_state, policy_id, now = new Date()) {
+    const relevant = reports.filter((r) => r.policy_id === policy_id);
+    const criticals = relevant.filter((r) => CRITICAL_ESCAPE_TYPES.has(r.failure_type) && r.capability_action !== "keep");
+    const mediumsRecent = relevant.filter((r) => MEDIUM_ESCAPE_TYPES.has(r.failure_type) &&
+        r.capability_action !== "keep" &&
+        withinDays(r, 7, now));
+    const falsePositives = relevant.filter((r) => r.failure_type === FALSE_POSITIVE_TYPE);
+    const triggered = [];
+    // Rule R-CE: 1 critical escape → downgrade enforced to advisory
+    if (criticals.length >= 1) {
+        triggered.push(RULE_CRITICAL_ESCAPE);
+    }
+    // Rule R-2M7D: 2 medium escapes in 7 days → downgrade enforced to advisory
+    if (mediumsRecent.length >= 2) {
+        triggered.push(RULE_TWO_MEDIUM_7DAYS);
+    }
+    // Rule R-FP: repeated false positives → promote_blocked
+    if (falsePositives.length >= FALSE_POSITIVE_THRESHOLD) {
+        triggered.push(RULE_REPEATED_FALSE_POSITIVE);
+    }
+    // Determine action based on triggered rules and current state
+    if (triggered.length === 0) {
+        return {
+            policy_id,
+            current_state,
+            recommended_action: "keep",
+            target_state: current_state,
+            reason: `No actionable escapes for ${policy_id}. Capability remains ${current_state}.`,
+            evidence_ids: [],
+            triggered_rules: [],
+        };
+    }
+    const evidenceIds = [
+        ...criticals.map((r) => r.escape_id),
+        ...mediumsRecent.map((r) => r.escape_id),
+        ...falsePositives.map((r) => r.escape_id),
+    ];
+    // R-FP promotes to blocked regardless of current state
+    const hasFP = triggered.some((r) => r.rule_id === "R-FP");
+    if (current_state === "enforced") {
+        // Critical or 2+ medium → downgrade to advisory
+        if (triggered.some((r) => r.rule_id === "R-CE" || r.rule_id === "R-2M7D")) {
+            return {
+                policy_id,
+                current_state,
+                recommended_action: "downgrade",
+                target_state: "advisory",
+                reason: `Enforced capability ${policy_id} triggered ${triggered.map((r) => r.rule_id).join(", ")}. Recommended downgrade to advisory.`,
+                evidence_ids: evidenceIds,
+                triggered_rules: triggered,
+            };
+        }
+        // Only false positives → promote_blocked
+        if (hasFP) {
+            return {
+                policy_id,
+                current_state,
+                recommended_action: "promote_blocked",
+                target_state: "enforced",
+                reason: `Enforced capability ${policy_id} has ${falsePositives.length} false positive(s). Hard block suspended, warning preserved.`,
+                evidence_ids: evidenceIds,
+                triggered_rules: triggered,
+            };
+        }
+    }
+    if (current_state === "advisory" || current_state === "experimental") {
+        // Already lowered + still accumulating escapes → disable
+        if (triggered.some((r) => r.rule_id === "R-CE" || r.rule_id === "R-2M7D")) {
+            triggered.push(RULE_STALE_ENFORCED);
+            return {
+                policy_id,
+                current_state,
+                recommended_action: "disable",
+                target_state: "removed",
+                reason: `${current_state} capability ${policy_id} continues to accumulate escapes. Recommended disable until fix.`,
+                evidence_ids: evidenceIds,
+                triggered_rules: triggered,
+            };
+        }
+        // Only false positives at advisory/experimental → still promote_blocked
+        if (hasFP) {
+            return {
+                policy_id,
+                current_state,
+                recommended_action: "promote_blocked",
+                target_state: current_state,
+                reason: `${current_state} capability ${policy_id} has ${falsePositives.length} false positive(s). Promotion to enforced blocked.`,
+                evidence_ids: evidenceIds,
+                triggered_rules: triggered,
+            };
+        }
+    }
+    // removed state or unhandled: keep
+    return {
+        policy_id,
+        current_state,
+        recommended_action: "keep",
+        target_state: current_state,
+        reason: `No state change recommended for ${policy_id} (current: ${current_state}).`,
+        evidence_ids: evidenceIds,
+        triggered_rules: triggered,
+    };
+}
+//# sourceMappingURL=capability_action_advisor.js.map

package/dist/engine/capability_action_advisor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"capability_action_advisor.js","sourceRoot":"","sources":["../../src/engine/capability_action_advisor.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAqBH,MAAM,qBAAqB,GAAoB,IAAI,GAAG,CAAC;IACrD,WAAW;IACX,UAAU;IACV,UAAU;CACX,CAAC,CAAC;AAEH,MAAM,mBAAmB,GAAoB,IAAI,GAAG,CAAC;IACnD,WAAW;IACX,cAAc;IACd,YAAY;CACb,CAAC,CAAC;AAEH,MAAM,mBAAmB,GAAe,gBAAgB,CAAC;AAEzD,MAAM,wBAAwB,GAAG,CAAC,CAAC;AAEnC,MAAM,oBAAoB,GAAe;IACvC,OAAO,EAAE,MAAM;IACf,WAAW,EAAE,2EAA2E;IACxF,QAAQ,EAAE,UAAU;CACrB,CAAC;AAEF,MAAM,qBAAqB,GAAe;IACxC,OAAO,EAAE,QAAQ;IACjB,WAAW,EAAE,iDAAiD;IAC9D,QAAQ,EAAE,QAAQ;CACnB,CAAC;AAEF,MAAM,4BAA4B,GAAe;IAC/C,OAAO,EAAE,MAAM;IACf,WAAW,EAAE,MAAM,wBAAwB,mDAAmD;IAC9F,QAAQ,EAAE,QAAQ;CACnB,CAAC;AAEF,MAAM,mBAAmB,GAAe;IACtC,OAAO,EAAE,MAAM;IACf,WAAW,EAAE,8CAA8C;IAC3D,QAAQ,EAAE,UAAU;CACrB,CAAC;AAEF,SAAS,UAAU,CAAC,MAAoB,EAAE,IAAY,EAAE,GAAS;IAC/D,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAC5C,MAAM,MAAM,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IACpE,OAAO,OAAO,IAAI,MAAM,CAAC;AAC3B,CAAC;AAED,MAAM,UAAU,YAAY,CAC1B,OAAuB,EACvB,aAA8B,EAC9B,SAAiB,EACjB,MAAY,IAAI,IAAI,EAAE;IAEtB,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC;IAElE,MAAM,SAAS,GAAG,QAAQ,CAAC,MAAM,CAC/B,CAAC,CAAC,EAAE,EAAE,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,iBAAiB,KAAK,MAAM,CACnF,CAAC;IAEF,MAAM,aAAa,GAAG,QAAQ,CAAC,MAAM,CACnC,CAAC,CAAC,EAAE,EAAE,CACJ,mBAAmB,CAAC,GAAG,CAAC,CAAC,CAAC,YAAY,CAAC;QACvC,CAAC,CAAC,iBAAiB,KAAK,MAAM;QAC9B,UAAU,CAAC,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,CACxB,CAAC;IAEF,MAAM,cAAc,GAAG,QAAQ,CAAC,MAAM,CACpC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,KAAK,mBAAmB,CAC9C,CAAC;IAEF,MAAM,SAAS,GAAiB,EAAE,CAAC;IAEnC,gEAAgE;IAChE,IAAI,SAAS,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QAC1B,SAAS,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;IACvC,CAAC;IAED,2EAA2E;IAC3E,IAAI,aAAa,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QAC9B,SAAS,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;IACxC,CAAC;IAED,wDAAwD;IACxD,IAAI,cAAc,CAAC,MAAM,IAAI,wBAAwB,EAAE,CAAC;QACtD,SAAS,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;IAC/C,CAAC;IAED,8DAA8D;IAC9D,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,OAAO;YACL,SAAS;YACT,aAAa;YACb,kBAAkB,EAAE,MAAM;YAC1B,YAAY,EAAE,aAAa;YAC3B,MAAM,EAAE,6BAA6B,SAAS,wBAAwB,aAAa,GAAG;YACtF,YAAY,EAAE,EAAE;YAChB,eAAe,EAAE,EAAE;SACpB,CAAC;IACJ,CAAC;IAED,MAAM,WAAW,GAAG;QAClB,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;QACpC,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;QACxC,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;KAC1C,CAAC;IAEF,uDAAuD;IACvD,MAAM,KAAK,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,MAAM,CAAC,CAAC;IAE1D,IAAI,aAAa,KAAK,UAAU,EAAE,CAAC;QACjC,gDAAgD;QAChD,IAAI,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,MAAM,IAAI,CAAC,CAAC,OAAO,KAAK,QAAQ,CAAC,EAAE,CAAC;YAC1E,OAAO;gBACL,SAAS;gBACT,aAAa;gBACb,kBAAkB,EAAE,WAAW;gBAC/B,YAAY,EAAE,UAAU;gBACxB,MAAM,EAAE,uBAAuB,SAAS,cAAc,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,sCAAsC;gBACtI,YAAY,EAAE,WAAW;gBACzB,eAAe,EAAE,SAAS;aAC3B,CAAC;QACJ,CAAC;QACD,yCAAyC;QACzC,IAAI,KAAK,EAAE,CAAC;YACV,OAAO;gBACL,SAAS;gBACT,aAAa;gBACb,kBAAkB,EAAE,iBAAiB;gBACrC,YAAY,EAAE,UAAU;gBACxB,MAAM,EAAE,uBAAuB,SAAS,QAAQ,cAAc,CAAC,MAAM,8DAA8D;gBACnI,YAAY,EAAE,WAAW;gBACzB,eAAe,EAAE,SAAS;aAC3B,CAAC;QACJ,CAAC;IACH,CAAC;IAED,IAAI,aAAa,KAAK,UAAU,IAAI,aAAa,KAAK,cAAc,EAAE,CAAC;QACrE,yDAAyD;QACzD,IAAI,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,MAAM,IAAI,CAAC,CAAC,OAAO,KAAK,QAAQ,CAAC,EAAE,CAAC;YAC1E,SAAS,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;YACpC,OAAO;gBACL,SAAS;gBACT,aAAa;gBACb,kBAAkB,EAAE,SAAS;gBAC7B,YAAY,EAAE,SAAS;gBACvB,MAAM,EAAE,GAAG,aAAa,eAAe,SAAS,kEAAkE;gBAClH,YAAY,EAAE,WAAW;gBACzB,eAAe,EAAE,SAAS;aAC3B,CAAC;QACJ,CAAC;QACD,wEAAwE;QACxE,IAAI,KAAK,EAAE,CAAC;YACV,OAAO;gBACL,SAAS;gBACT,aAAa;gBACb,kBAAkB,EAAE,iBAAiB;gBACrC,YAAY,EAAE,aAAa;gBAC3B,MAAM,EAAE,GAAG,aAAa,eAAe,SAAS,QAAQ,cAAc,CAAC,MAAM,oDAAoD;gBACjI,YAAY,EAAE,WAAW;gBACzB,eAAe,EAAE,SAAS;aAC3B,CAAC;QACJ,CAAC;IACH,CAAC;IAED,mCAAmC;IACnC,OAAO;QACL,SAAS;QACT,aAAa;QACb,kBAAkB,EAAE,MAAM;QAC1B,YAAY,EAAE,aAAa;QAC3B,MAAM,EAAE,mCAAmC,SAAS,cAAc,aAAa,IAAI;QACnF,YAAY,EAAE,WAAW;QACzB,eAAe,EAAE,SAAS;KAC3B,CAAC;AACJ,CAAC"}

package/dist/engine/capability_registry.d.ts

@@ -1,7 +1,8 @@
 /**
  * 能力状态登记表 — 声明每个治理能力的当前等级，防止文档和实现过度承诺。
  *
- * P1-1 范围: 仅做状态登记 + 查询。policy_id / 漂移检测留 P1-2。
+ * P1-4 范围: 状态登记 + policy_id + 交叉引用 + 晋级/降级条件与证据要求（只读）。
+ * 不做自动晋级/降级，不接抽检池，不改状态。
  *
  * 状态等级:
  * - enforced: 强制执行，违规即 hard fail，阻断流程
@@ -16,6 +17,15 @@ export interface CapabilityEntry {
     state: CapabilityState;
     owner_module: string;
     evidence: string;
+    policy_id: string;
+    code_files: string[];
+    test_files: string[];
+    lifecycle_test_files: string[];
+    knowledge_docs: string[];
+    prompt_files: string[];
+    promotion_conditions: string[];
+    demotion_conditions: string[];
+    evidence_requirements: string[];
     promoted_at?: string;
     demoted_at?: string;
     reason: string;
@@ -33,4 +43,16 @@ export declare function getCapability(id: string): CapabilityEntry | undefined;
 export declare function getCapsByState(state: CapabilityState): CapabilityEntry[];
 export declare function canHardFail(id: string): boolean;
 export declare function getSummary(): CapabilitySummary;
+export interface PolicyRef {
+    policy_id: string;
+    capability_id: string;
+    state: CapabilityState;
+    code_files: string[];
+    test_files: string[];
+    lifecycle_test_files: string[];
+    knowledge_docs: string[];
+    prompt_files: string[];
+}
+export declare function getAllPolicyRefs(): PolicyRef[];
+export declare function getDriftPolicyRefs(): PolicyRef[];
 //# sourceMappingURL=capability_registry.d.ts.map

package/dist/engine/capability_registry.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"capability_registry.d.ts","sourceRoot":"","sources":["../../src/engine/capability_registry.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,MAAM,MAAM,eAAe,GAAG,UAAU,GAAG,UAAU,GAAG,cAAc,GAAG,SAAS,CAAC;AAEnF,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,eAAe,CAAC;IACvB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,gBAAgB,EAAE,MAAM,EAAE,CAAC;CAC5B;AAiGD,wBAAgB,kBAAkB,IAAI,eAAe,EAAE,CAEtD;AAED,wBAAgB,aAAa,CAAC,EAAE,EAAE,MAAM,GAAG,eAAe,GAAG,SAAS,CAGrE;AAED,wBAAgB,cAAc,CAAC,KAAK,EAAE,eAAe,GAAG,eAAe,EAAE,CAExE;AAED,wBAAgB,WAAW,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAG/C;AAED,wBAAgB,UAAU,IAAI,iBAAiB,CAc9C"}
+{"version":3,"file":"capability_registry.d.ts","sourceRoot":"","sources":["../../src/engine/capability_registry.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,MAAM,MAAM,eAAe,GAAG,UAAU,GAAG,UAAU,GAAG,cAAc,GAAG,SAAS,CAAC;AAEnF,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,eAAe,CAAC;IACvB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,oBAAoB,EAAE,MAAM,EAAE,CAAC;IAC/B,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,oBAAoB,EAAE,MAAM,EAAE,CAAC;IAC/B,mBAAmB,EAAE,MAAM,EAAE,CAAC;IAC9B,qBAAqB,EAAE,MAAM,EAAE,CAAC;IAChC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,gBAAgB,EAAE,MAAM,EAAE,CAAC;CAC5B;AA6iBD,wBAAgB,kBAAkB,IAAI,eAAe,EAAE,CAEtD;AAED,wBAAgB,aAAa,CAAC,EAAE,EAAE,MAAM,GAAG,eAAe,GAAG,SAAS,CAGrE;AAED,wBAAgB,cAAc,CAAC,KAAK,EAAE,eAAe,GAAG,eAAe,EAAE,CAExE;AAED,wBAAgB,WAAW,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAG/C;AAED,wBAAgB,UAAU,IAAI,iBAAiB,CAc9C;AAED,MAAM,WAAW,SAAS;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;IACtB,KAAK,EAAE,eAAe,CAAC;IACvB,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,oBAAoB,EAAE,MAAM,EAAE,CAAC;IAC/B,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,YAAY,EAAE,MAAM,EAAE,CAAC;CACxB;AAED,wBAAgB,gBAAgB,IAAI,SAAS,EAAE,CAW9C;AAUD,wBAAgB,kBAAkB,IAAI,SAAS,EAAE,CAahD"}