npm - triage-ows - Versions diffs - 1.0.0 - Mend

triage-ows 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (91) hide show

package/README.md +786 -0
package/bin/triage-ows.js +218 -0
package/bin/triage-policy.js +66 -0
package/bin/triage-server.js +4 -0
package/dashboard-dist/assets/index-Dnhi_dJQ.css +2 -0
package/dashboard-dist/assets/index-g_2MwC-o.js +9 -0
package/dashboard-dist/favicon.svg +7 -0
package/dashboard-dist/index.html +16 -0
package/dist/config.d.ts +32 -0
package/dist/config.d.ts.map +1 -0
package/dist/config.js +61 -0
package/dist/config.js.map +1 -0
package/dist/emitter.d.ts +7 -0
package/dist/emitter.d.ts.map +1 -0
package/dist/emitter.js +41 -0
package/dist/emitter.js.map +1 -0
package/dist/index.d.ts +17 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +55 -0
package/dist/index.js.map +1 -0
package/dist/scoring/behavior.d.ts +3 -0
package/dist/scoring/behavior.d.ts.map +1 -0
package/dist/scoring/behavior.js +13 -0
package/dist/scoring/behavior.js.map +1 -0
package/dist/scoring/compliance.d.ts +3 -0
package/dist/scoring/compliance.d.ts.map +1 -0
package/dist/scoring/compliance.js +11 -0
package/dist/scoring/compliance.js.map +1 -0
package/dist/scoring/identity.d.ts +3 -0
package/dist/scoring/identity.d.ts.map +1 -0
package/dist/scoring/identity.js +16 -0
package/dist/scoring/identity.js.map +1 -0
package/dist/scoring/index.d.ts +10 -0
package/dist/scoring/index.d.ts.map +1 -0
package/dist/scoring/index.js +35 -0
package/dist/scoring/index.js.map +1 -0
package/dist/scoring/limits.d.ts +7 -0
package/dist/scoring/limits.d.ts.map +1 -0
package/dist/scoring/limits.js +9 -0
package/dist/scoring/limits.js.map +1 -0
package/dist/scoring/network.d.ts +3 -0
package/dist/scoring/network.d.ts.map +1 -0
package/dist/scoring/network.js +16 -0
package/dist/scoring/network.js.map +1 -0
package/dist/scoring/onchain.d.ts +4 -0
package/dist/scoring/onchain.d.ts.map +1 -0
package/dist/scoring/onchain.js +35 -0
package/dist/scoring/onchain.js.map +1 -0
package/dist/scoring/risk.d.ts +3 -0
package/dist/scoring/risk.d.ts.map +1 -0
package/dist/scoring/risk.js +22 -0
package/dist/scoring/risk.js.map +1 -0
package/dist/server.d.ts +6 -0
package/dist/server.d.ts.map +1 -0
package/dist/server.js +405 -0
package/dist/server.js.map +1 -0
package/dist/store.d.ts +13 -0
package/dist/store.d.ts.map +1 -0
package/dist/store.js +177 -0
package/dist/store.js.map +1 -0
package/dist/types.d.ts +107 -0
package/dist/types.d.ts.map +1 -0
package/dist/types.js +26 -0
package/dist/types.js.map +1 -0
package/dist/webbotauth.d.ts +38 -0
package/dist/webbotauth.d.ts.map +1 -0
package/dist/webbotauth.js +120 -0
package/dist/webbotauth.js.map +1 -0
package/dist/xmtp.d.ts +6 -0
package/dist/xmtp.d.ts.map +1 -0
package/dist/xmtp.js +161 -0
package/dist/xmtp.js.map +1 -0
package/package.json +58 -0
package/policy-template.json +14 -0
package/src/config.ts +86 -0
package/src/emitter.ts +40 -0
package/src/index.ts +18 -0
package/src/scoring/behavior.ts +15 -0
package/src/scoring/compliance.ts +12 -0
package/src/scoring/identity.ts +12 -0
package/src/scoring/index.ts +31 -0
package/src/scoring/limits.ts +10 -0
package/src/scoring/network.ts +18 -0
package/src/scoring/onchain.ts +44 -0
package/src/scoring/risk.ts +25 -0
package/src/server.ts +410 -0
package/src/store.ts +197 -0
package/src/types.ts +137 -0
package/src/webbotauth.ts +128 -0
package/src/xmtp.ts +188 -0
package/triage.config.example.json +22 -0

package/src/store.ts ADDED Viewed

@@ -0,0 +1,197 @@
+import type { AgentProfile, TrustBreakdown, PolicyContext } from './types'
+import { computeTrustScore } from './scoring/index'
+import { getSpendingLimits } from './scoring/limits'
+import { refreshOnChainData } from './scoring/onchain'
+import { getConfig } from './config'
+const agents = new Map<string, AgentProfile>()
+// --- Helpers ---
+function todayString(): string {
+  return new Date().toISOString().split('T')[0]
+}
+function yesterdayString(): string {
+  const d = new Date()
+  d.setDate(d.getDate() - 1)
+  return d.toISOString().split('T')[0]
+}
+function defaultBreakdown(): TrustBreakdown {
+  return { identity: 4, onChain: 0, behavior: 0, compliance: 0, network: 0, risk: 0, total: 4 }
+}
+function recalc(agent: AgentProfile): void {
+  const breakdown = computeTrustScore(agent, getAgent)
+  agent.breakdown = breakdown
+  agent.trustScore = breakdown.total
+  agent.tier = getSpendingLimits(breakdown.total).tier.name
+}
+// --- Core Store Functions ---
+export function getOrCreateAgent(address: string): AgentProfile {
+  if (agents.has(address)) return agents.get(address)!
+  const today = todayString()
+  const now = Date.now()
+  const profile: AgentProfile = {
+    address,
+    isOWSWallet: false,
+    worldIdVerified: false,
+    webBotAuthVerified: false,
+    trustScore: 4,
+    tier: 'Restricted',
+    breakdown: defaultBreakdown(),
+    totalRequests: 0,
+    successfulRequests: 0,
+    failedRequests: 0,
+    dailySpent: 0,
+    dailyDate: today,
+    consecutiveApprovals: 0,
+    consecutiveDenials: 0,
+    totalApproved: 0,
+    totalDenied: 0,
+    humanOverrides: 0,
+    counterparties: [],
+    requestTimestamps: [],
+    lastActive: now,
+    consecutiveCleanDays: 0,
+    cleanDayDate: today,
+    createdAt: now,
+  }
+  agents.set(address, profile)
+  refreshOnChainData(address).catch(() => {})
+  return profile
+}
+export function getAgent(address: string): AgentProfile | undefined {
+  return agents.get(address)
+}
+export function getAllAgents(): AgentProfile[] {
+  return Array.from(agents.values())
+}
+export function getTopAgents(n: number): AgentProfile[] {
+  return getAllAgents().sort((a, b) => b.trustScore - a.trustScore).slice(0, n)
+}
+export function recordApproval(address: string, txTo: string, amount: number): AgentProfile {
+  const agent = getOrCreateAgent(address)
+  const now = Date.now()
+  const today = todayString()
+  agent.totalRequests++
+  agent.successfulRequests++
+  agent.totalApproved++
+  agent.consecutiveApprovals++
+  agent.consecutiveDenials = 0
+  agent.requestTimestamps.push(now)
+  if (agent.requestTimestamps.length > 100) agent.requestTimestamps = agent.requestTimestamps.slice(-100)
+  if (!agent.counterparties.includes(txTo)) agent.counterparties.push(txTo)
+  if (agent.dailyDate !== today) {
+    agent.dailySpent = 0
+    agent.dailyDate = today
+  }
+  agent.dailySpent += amount
+  agent.lastActive = now
+  if (agent.cleanDayDate === today) {
+    // already counted today
+  } else if (agent.cleanDayDate === yesterdayString()) {
+    agent.consecutiveCleanDays++
+  } else {
+    agent.consecutiveCleanDays = 1
+  }
+  agent.cleanDayDate = today
+  recalc(agent)
+  refreshOnChainData(agent.address).catch(() => {})
+  return agent
+}
+export function recordDenial(
+  address: string,
+  tx?: PolicyContext['transaction'],
+  amount?: number
+): AgentProfile {
+  const agent = getOrCreateAgent(address)
+  const now = Date.now()
+  agent.totalRequests++
+  agent.failedRequests++
+  agent.totalDenied++
+  agent.consecutiveDenials++
+  agent.consecutiveApprovals = 0
+  agent.requestTimestamps.push(now)
+  if (agent.requestTimestamps.length > 100) agent.requestTimestamps = agent.requestTimestamps.slice(-100)
+  agent.lastActive = now
+  if (tx && amount !== undefined) {
+    agent.pendingOverride = { tx, amount, createdAt: Date.now() }
+  }
+  recalc(agent)
+  return agent
+}
+export function recordOverride(address: string): AgentProfile | undefined {
+  const agent = getAgent(address)
+  if (!agent || !agent.pendingOverride) return undefined
+  const OVERRIDE_TTL = 5 * 60 * 1000 // 5 minutes
+  if (Date.now() - (agent.pendingOverride.createdAt || 0) > OVERRIDE_TTL) {
+    agent.pendingOverride = undefined
+    return undefined // expired
+  }
+  agent.humanOverrides++
+  agent.pendingOverride = undefined
+  agent.totalApproved++
+  agent.consecutiveApprovals++
+  agent.consecutiveDenials = 0
+  recalc(agent)
+  const boost = getConfig().scoring?.overrideBoost ?? 3
+  agent.trustScore = Math.min(100, agent.trustScore + boost)
+  agent.tier = getSpendingLimits(agent.trustScore).tier.name
+  return agent
+}
+export function addVerifiedHuman(address: string, nullifierHash: string): AgentProfile {
+  const agent = getOrCreateAgent(address)
+  agent.worldIdVerified = true
+  agent.nullifierHash = nullifierHash
+  recalc(agent)
+  return agent
+}
+export function isVerifiedHuman(address: string): boolean {
+  return agents.get(address)?.worldIdVerified ?? false
+}
+export function setWebBotAuthVerified(address: string): AgentProfile {
+  const agent = getOrCreateAgent(address)
+  agent.webBotAuthVerified = true
+  recalc(agent)
+  return agent
+}
+export function setOWSWallet(address: string, walletId: string, apiKeyId: string): AgentProfile {
+  const agent = getOrCreateAgent(address)
+  agent.isOWSWallet = true
+  agent.walletId = walletId
+  agent.apiKeyId = apiKeyId
+  recalc(agent)
+  return agent
+}

package/src/types.ts ADDED Viewed

@@ -0,0 +1,137 @@
+// --- OWS Policy Types ---
+export interface PolicyContext {
+  chain_id: string
+  wallet_id: string
+  api_key_id: string
+  transaction: {
+    to: string
+    value: string
+    raw_hex: string
+    data: string
+  }
+  spending: {
+    daily_total: string
+    date: string
+  }
+  timestamp: string
+  policy_config?: Record<string, unknown>
+}
+export interface PolicyResult {
+  allow: boolean
+  reason?: string
+}
+// --- Scoring Types ---
+export interface TrustBreakdown {
+  identity: number
+  onChain: number
+  behavior: number
+  compliance: number
+  network: number
+  risk: number
+  total: number
+}
+export interface SpendingTier {
+  name: 'Sovereign' | 'Trusted' | 'Building' | 'Cautious' | 'Restricted' | 'Frozen'
+  color: string
+  dailyLimit: number
+  perTxLimit: number
+  minScore: number
+}
+// --- Agent Profile ---
+export interface AgentProfile {
+  address: string
+  walletId?: string
+  apiKeyId?: string
+  chainId?: string
+  isOWSWallet: boolean
+  worldIdVerified: boolean
+  webBotAuthVerified: boolean
+  nullifierHash?: string
+  trustScore: number
+  breakdown: TrustBreakdown
+  tier: string
+  totalRequests: number
+  successfulRequests: number
+  failedRequests: number
+  dailySpent: number
+  dailyDate: string
+  consecutiveApprovals: number
+  consecutiveDenials: number
+  totalApproved: number
+  totalDenied: number
+  humanOverrides: number
+  counterparties: string[]
+  pendingOverride?: { tx: PolicyContext['transaction']; amount: number; createdAt: number }
+  lastOnChainRefresh?: number
+  requestTimestamps: number[]
+  lastActive: number
+  consecutiveCleanDays: number
+  cleanDayDate: string
+  createdAt: number
+}
+// --- WebSocket Event Types ---
+export interface PolicyDecisionEvent {
+  type: 'POLICY_DECISION'
+  agent: string
+  amount: number
+  trustScore: number
+  tier: string
+  decision: 'APPROVE' | 'DENY' | 'OVERRIDE'
+  reason: string
+  dailyLimit: number
+  dailySpent: number
+  timestamp: number
+}
+export interface TrustChangeEvent {
+  type: 'TRUST_CHANGE'
+  agent: string
+  oldScore: number
+  newScore: number
+  oldTier: string
+  newTier: string
+  reason: string
+  timestamp: number
+}
+export interface BudgetWarningEvent {
+  type: 'BUDGET_WARNING'
+  agent: string
+  spent: number
+  limit: number
+  percentage: number
+  timestamp: number
+}
+export type TriageEvent = PolicyDecisionEvent | TrustChangeEvent | BudgetWarningEvent
+// --- Spending Tiers ---
+export let SPENDING_TIERS: SpendingTier[] = [
+  { name: 'Sovereign',   color: '#fff8e1', dailyLimit: 1000, perTxLimit: 500, minScore: 80 },
+  { name: 'Trusted',     color: '#ffd700', dailyLimit: 200,  perTxLimit: 100, minScore: 60 },
+  { name: 'Building',    color: '#4caf50', dailyLimit: 50,   perTxLimit: 25,  minScore: 40 },
+  { name: 'Cautious',    color: '#00bcd4', dailyLimit: 10,   perTxLimit: 5,   minScore: 20 },
+  { name: 'Restricted',  color: '#2196f3', dailyLimit: 2,    perTxLimit: 1,   minScore: 1  },
+  { name: 'Frozen',      color: '#1a1a4e', dailyLimit: 0,    perTxLimit: 0,   minScore: 0  },
+]
+export function updateSpendingTiers(tiers: SpendingTier[]): void {
+  SPENDING_TIERS = tiers
+}
+export function getTierForScore(score: number): SpendingTier {
+  for (const tier of SPENDING_TIERS) {
+    if (score >= tier.minScore) return tier
+  }
+  return SPENDING_TIERS[SPENDING_TIERS.length - 1]
+}

package/src/webbotauth.ts ADDED Viewed

@@ -0,0 +1,128 @@
+import crypto from 'crypto'
+export interface SignatureComponents {
+  signatureInput: string
+  signature: string
+}
+/**
+ * Parse RFC 9421 Signature-Input header.
+ * Format: sig1=("@method" "@authority" "@path"); keyid="agent-key"; alg="ed25519"; created=1234567890
+ */
+export function parseSignatureInput(input: string): {
+  label: string
+  components: string[]
+  params: Record<string, string>
+} | null {
+  try {
+    const match = input.match(/^(\w+)=\(([^)]*)\);\s*(.+)$/)
+    if (!match) return null
+    const [, label, componentStr, paramStr] = match
+    const components = componentStr.match(/"([^"]+)"/g)?.map(s => s.replace(/"/g, '')) ?? []
+    const params: Record<string, string> = {}
+    for (const part of paramStr.split(';')) {
+      const [k, v] = part.trim().split('=')
+      if (k && v) params[k.trim()] = v.replace(/"/g, '').trim()
+    }
+    return { label, components, params }
+  } catch {
+    return null
+  }
+}
+/**
+ * Build the RFC 9421 signature base string from request components.
+ */
+export function buildSignatureBase(
+  components: string[],
+  request: { method: string; url: string; headers: Record<string, string> },
+  signatureInputValue: string,
+  label: string
+): string {
+  const lines: string[] = []
+  const url = new URL(request.url, 'http://localhost')
+  for (const comp of components) {
+    if (comp === '@method') lines.push(`"@method": ${request.method.toUpperCase()}`)
+    else if (comp === '@authority') lines.push(`"@authority": ${url.host}`)
+    else if (comp === '@path') lines.push(`"@path": ${url.pathname}`)
+    else if (comp === '@query') lines.push(`"@query": ?${url.search.slice(1)}`)
+    else if (comp.startsWith('@')) lines.push(`"${comp}": `)
+    else lines.push(`"${comp}": ${request.headers[comp.toLowerCase()] ?? ''}`)
+  }
+  lines.push(`"@signature-params": ${signatureInputValue.split('=').slice(1).join('=')}`)
+  return lines.join('\n')
+}
+/**
+ * Verify an Ed25519 signature.
+ * Returns true if the signature is valid for the given public key and data.
+ */
+export function verifyEd25519Signature(
+  publicKeyBase64: string,
+  signatureBase64: string,
+  data: string
+): boolean {
+  try {
+    const pubKeyBuffer = Buffer.from(publicKeyBase64, 'base64')
+    const sigBuffer = Buffer.from(signatureBase64, 'base64')
+    const key = crypto.createPublicKey({
+      key: Buffer.concat([
+        // Ed25519 DER prefix
+        Buffer.from('302a300506032b6570032100', 'hex'),
+        pubKeyBuffer
+      ]),
+      format: 'der',
+      type: 'spki'
+    })
+    return crypto.verify(null, Buffer.from(data), key, sigBuffer)
+  } catch {
+    return false
+  }
+}
+// Public key cache: agentKey -> base64 public key
+const keyCache = new Map<string, string>()
+export function registerAgentPublicKey(agentKey: string, publicKeyBase64: string): void {
+  keyCache.set(agentKey, publicKeyBase64)
+}
+export function getAgentPublicKey(agentKey: string): string | undefined {
+  return keyCache.get(agentKey)
+}
+/**
+ * Full Web Bot Auth verification.
+ * Checks Signature-Input + Signature headers against agent's registered public key.
+ */
+export function verifyWebBotAuth(
+  headers: Record<string, string>,
+  request: { method: string; url: string; headers: Record<string, string> },
+  agentKey: string
+): boolean {
+  const signatureInput = headers['signature-input']
+  const signature = headers['signature']
+  if (!signatureInput || !signature) return false
+  const parsed = parseSignatureInput(signatureInput)
+  if (!parsed) return false
+  // Check algorithm is ed25519
+  if (parsed.params.alg && parsed.params.alg !== 'ed25519') return false
+  // Check expiry
+  if (parsed.params.expires && Number(parsed.params.expires) < Date.now() / 1000) return false
+  // Get public key
+  const pubKey = getAgentPublicKey(agentKey) || getAgentPublicKey(parsed.params.keyid)
+  if (!pubKey) return false
+  // Build signature base and verify
+  const base = buildSignatureBase(parsed.components, request, signatureInput, parsed.label)
+  // Extract signature value (format: sig1=:base64:)
+  const sigMatch = signature.match(new RegExp(`${parsed.label}=:([^:]+):`))
+  if (!sigMatch) return false
+  return verifyEd25519Signature(pubKey, sigMatch[1], base)
+}

package/src/xmtp.ts ADDED Viewed

@@ -0,0 +1,188 @@
+import { Client, IdentifierKind } from '@xmtp/node-sdk'
+import type { Signer, Identifier, Dm } from '@xmtp/node-sdk'
+import { privateKeyToAccount } from 'viem/accounts'
+import { hexToBytes } from 'viem'
+import { getConfig } from './config'
+const HUMAN_ADDRESS = process.env.HUMAN_XMTP_ADDRESS || ''
+// Module-level state
+let xmtpClient: Client | null = null
+let humanDm: Dm | null = null
+let lastDeniedAgent = ''
+function humanIdentifier(): Identifier {
+  return {
+    identifier: HUMAN_ADDRESS.toLowerCase(),
+    identifierKind: IdentifierKind.Ethereum,
+  }
+}
+// ----------------------------------------------------------------
+// Incoming message listener — detects "override" replies
+// ----------------------------------------------------------------
+async function startMessageListener(): Promise<void> {
+  if (!xmtpClient) return
+  try {
+    const stream = await xmtpClient.conversations.streamAllMessages()
+    for await (const message of stream) {
+      try {
+        const text = typeof message.content === 'string' ? message.content.trim().toLowerCase() : ''
+        if (text.startsWith('override') && lastDeniedAgent) {
+          const port = process.env.PORT || '4021'
+          const agentToOverride = lastDeniedAgent
+          lastDeniedAgent = ''
+          const res = await fetch(`http://localhost:${port}/api/override/${agentToOverride}`, { method: 'POST' })
+          if (res.ok) {
+            console.log(`[XMTP] Override accepted for agent: ${agentToOverride}`)
+          }
+        }
+      } catch (err) {
+        console.error('[XMTP] Error processing message:', err)
+      }
+    }
+  } catch (err) {
+    console.error('[XMTP] Message stream error:', err)
+  }
+}
+// ----------------------------------------------------------------
+// Send helper — finds or creates DM with human, caches it
+// ----------------------------------------------------------------
+async function sendToHuman(text: string): Promise<void> {
+  if (!xmtpClient) return
+  try {
+    if (!humanDm) {
+      humanDm = await xmtpClient.conversations.createDmWithIdentifier(humanIdentifier())
+    }
+    await humanDm.sendText(text)
+  } catch (err) {
+    console.error('[XMTP] Send error:', err)
+    humanDm = null // reset so next call retries
+  }
+}
+// ----------------------------------------------------------------
+// Exported functions
+// ----------------------------------------------------------------
+export async function initXMTP(): Promise<void> {
+  if (!getConfig().xmtp?.enabled) {
+    console.log('[XMTP] Disabled by config')
+    return
+  }
+  const privateKey = process.env.XMTP_PRIVATE_KEY
+  if (!privateKey || !HUMAN_ADDRESS) {
+    console.log('[XMTP] Not configured — notifications disabled')
+    return
+  }
+  try {
+    const account = privateKeyToAccount(privateKey as `0x${string}`)
+    const signer: Signer = {
+      type: 'EOA',
+      getIdentifier: (): Identifier => ({
+        identifier: account.address.toLowerCase(),
+        identifierKind: IdentifierKind.Ethereum,
+      }),
+      signMessage: async (message: string): Promise<Uint8Array> => {
+        const sig = await account.signMessage({ message })
+        return hexToBytes(sig)
+      },
+    }
+    // `as any` required: ClientOptions is a union type that doesn't survive
+    // Omit<> in Client.create's signature — SDK types collapse the union.
+    xmtpClient = await Client.create(signer, { env: 'production' } as any)
+    // Warm up the DM channel
+    humanDm = await xmtpClient.conversations.createDmWithIdentifier(humanIdentifier())
+    // Start listening for override replies (fire and forget)
+    startMessageListener().catch((err) => {
+      console.error('[XMTP] Listener startup error:', err)
+    })
+    console.log('[XMTP] Initialized — notifications enabled')
+  } catch (err) {
+    console.error('[XMTP] Init failed:', err)
+  }
+}
+export async function notifyDenial(
+  agent: string,
+  amount: number,
+  trustScore: number,
+  tier: string,
+  dailyLimit: number,
+  dailySpent: number,
+  reason: string,
+  txTo: string,
+): Promise<void> {
+  if (!xmtpClient) return
+  lastDeniedAgent = agent
+  const msg = [
+    `⚠️ Transaction denied`,
+    `Agent: ${agent}`,
+    `Amount: $${amount.toFixed(2)} USDC → ${txTo}`,
+    `Trust score: ${trustScore} (${tier} tier)`,
+    `Daily limit: $${dailyLimit} | Spent today: $${dailySpent.toFixed(2)}`,
+    `Reason: ${reason}`,
+    ``,
+    `Reply "override" to approve this transaction.`,
+  ].join('\n')
+  await sendToHuman(msg)
+}
+export async function notifyTrustChange(
+  agent: string,
+  oldScore: number,
+  newScore: number,
+  oldTier: string,
+  newTier: string,
+  reason: string,
+): Promise<void> {
+  if (!xmtpClient) return
+  const msg = [
+    `📊 Trust update: ${agent}`,
+    `Score: ${oldScore} → ${newScore} | Tier: ${oldTier} → ${newTier}`,
+    `Reason: ${reason}`,
+  ].join('\n')
+  await sendToHuman(msg)
+}
+export async function notifyBudgetWarning(
+  agent: string,
+  spent: number,
+  limit: number,
+): Promise<void> {
+  if (!xmtpClient) return
+  const percentage = Math.round((spent / limit) * 100)
+  const remaining = limit - spent
+  const msg = [
+    `💰 Budget alert: ${agent}`,
+    `Daily spend: $${spent.toFixed(2)} / $${limit} (${percentage}%)`,
+    `Remaining: $${remaining.toFixed(2)}`,
+  ].join('\n')
+  await sendToHuman(msg)
+}
+export async function notifyAnomaly(
+  agent: string,
+  pattern: string,
+  action: string,
+  riskPenalty: number,
+  oldScore: number,
+  newScore: number,
+): Promise<void> {
+  if (!xmtpClient) return
+  const msg = [
+    `🚨 Anomaly: ${agent}`,
+    `Pattern: ${pattern}`,
+    `Action: ${action}`,
+    `Risk penalty: -${riskPenalty}`,
+    `Trust score: ${oldScore} → ${newScore}`,
+  ].join('\n')
+  await sendToHuman(msg)
+}

package/triage.config.example.json ADDED Viewed

@@ -0,0 +1,22 @@
+{
+  "warningThreshold": 0.8,
+  "scoreBands": [
+    { "name": "Sovereign",  "min": 80, "dailyLimit": 1000, "perTxLimit": 500 },
+    { "name": "Trusted",    "min": 60, "dailyLimit": 200,  "perTxLimit": 100 },
+    { "name": "Building",   "min": 40, "dailyLimit": 50,   "perTxLimit": 25 },
+    { "name": "Cautious",   "min": 20, "dailyLimit": 10,   "perTxLimit": 5 },
+    { "name": "Restricted", "min": 1,  "dailyLimit": 2,    "perTxLimit": 1 },
+    { "name": "Frozen",     "min": 0,  "dailyLimit": 0,    "perTxLimit": 0 }
+  ],
+  "xmtp": { "enabled": true },
+  "worldId": { "enabled": true },
+  "webBotAuth": { "enabled": true },
+  "networkScore": { "enabled": true },
+  "scoring": {
+    "overrideBoost": 3,
+    "maxFrequencyPenalty": 10,
+    "inactivityDecayRate": 0.5
+  },
+  "port": 4021,
+  "dashboardEnabled": true
+}