tryassay 0.6.0 → 0.11.1

package/dist/runtime/tool-verifier.js

@@ -0,0 +1,323 @@
+// ============================================================
+// Assay Verified Agent Runtime — Tool Verifier
+// Runs Assay verification pipeline on tool source code.
+// Produces a ToolVerification report with code, security,
+// and sandbox test results.
+// ============================================================
+import { readFile } from 'node:fs/promises';
+import { join } from 'node:path';
+import { createHash, randomUUID } from 'node:crypto';
+import { extractClaims } from '../lib/claim-extractor.js';
+import { verifyClaims } from '../lib/code-verifier.js';
+import { indexCodebase } from '../lib/codebase-indexer.js';
+import { ToolSandbox } from './tool-sandbox.js';
+const SECURITY_PATTERNS = [
+    {
+        name: 'Dynamic URL construction',
+        type: 'ssrf',
+        regex: /fetch\s*\(\s*[^'"]/,
+        severity: 'high',
+        category: 'ssrf',
+        recommendation: 'Use allowlisted URLs only. Never construct URLs from user input.',
+    },
+    {
+        name: 'eval() usage',
+        type: 'code_injection',
+        regex: /\beval\s*\(/,
+        severity: 'critical',
+        category: 'injection',
+        recommendation: 'Remove eval(). Use JSON.parse() for data, or Function() for controlled execution.',
+    },
+    {
+        name: 'new Function() usage',
+        type: 'code_injection',
+        regex: /new\s+Function\s*\(/,
+        severity: 'high',
+        category: 'injection',
+        recommendation: 'Avoid dynamic code generation. Use static functions.',
+    },
+    {
+        name: 'child_process spawn/exec',
+        type: 'privilege_escalation',
+        regex: /(?:exec|execSync|spawn|spawnSync|fork)\s*\(/,
+        severity: 'critical',
+        category: 'privilege_escalation',
+        recommendation: 'Tools must not spawn subprocesses. The sandbox handles execution.',
+    },
+    {
+        name: 'File system write outside temp',
+        type: 'fs_escape',
+        regex: /writeFile(?:Sync)?\s*\(\s*(?!['"]\/tmp)/,
+        severity: 'high',
+        category: 'data_exfiltration',
+        recommendation: 'Write only to /tmp or declared write paths.',
+    },
+    {
+        name: 'Environment variable access',
+        type: 'info_leak',
+        regex: /process\.env\[/,
+        severity: 'medium',
+        category: 'data_exfiltration',
+        recommendation: 'Tools should not read environment variables. Use declared configuration.',
+    },
+    {
+        name: 'process.exit call',
+        type: 'privilege_escalation',
+        regex: /process\.exit\s*\(/,
+        severity: 'high',
+        category: 'privilege_escalation',
+        recommendation: 'Tools must not call process.exit(). Throw an error instead.',
+    },
+    {
+        name: 'SQL concatenation',
+        type: 'sql_injection',
+        regex: /['"`]\s*\+\s*.*(?:SELECT|INSERT|UPDATE|DELETE|FROM|WHERE)/i,
+        severity: 'critical',
+        category: 'injection',
+        recommendation: 'Use parameterized queries. Never concatenate SQL.',
+    },
+    {
+        name: 'require() dynamic import',
+        type: 'code_injection',
+        regex: /require\s*\(\s*[^'"]/,
+        severity: 'high',
+        category: 'injection',
+        recommendation: 'Use static imports only. No dynamic require() calls.',
+    },
+    {
+        name: 'Global object modification',
+        type: 'privilege_escalation',
+        regex: /(?:globalThis|global)\s*\.\s*\w+\s*=/,
+        severity: 'high',
+        category: 'privilege_escalation',
+        recommendation: 'Tools must not modify global objects.',
+    },
+];
+// ── Tool Verifier ──────────────────────────────────────────
+export class ToolVerifier {
+    sandbox;
+    constructor(sandbox) {
+        this.sandbox = sandbox ?? new ToolSandbox();
+    }
+    /**
+     * Run full verification on a tool: code analysis, security scan,
+     * and sandbox tests. Returns a ToolVerification report.
+     */
+    async verify(tool, toolSourceDir) {
+        const verificationId = randomUUID();
+        const entryPath = join(toolSourceDir, tool.source.entry_point);
+        // Read source code
+        let sourceCode;
+        try {
+            sourceCode = await readFile(entryPath, 'utf-8');
+        }
+        catch (err) {
+            return this.makeRejection(tool.id, verificationId, `Cannot read tool source: ${err instanceof Error ? err.message : String(err)}`);
+        }
+        // Verify source hash
+        const actualHash = createHash('sha256').update(sourceCode).digest('hex');
+        if (actualHash !== tool.source.source_hash) {
+            return this.makeRejection(tool.id, verificationId, `Source hash mismatch. Expected: ${tool.source.source_hash}, Actual: ${actualHash}`);
+        }
+        // Step 1: Run Assay forward pipeline on tool source
+        const codeVerification = await this.verifyCode(sourceCode, toolSourceDir);
+        // Step 2: Run security scan
+        const securityResult = this.scanSecurity(sourceCode, entryPath);
+        // Step 3: Run sandbox tests
+        const sandboxTests = await this.sandbox.runTestSuite(tool, toolSourceDir);
+        // Determine overall verdict
+        const { verdict, blockers, confidence } = this.determineVerdict(codeVerification, securityResult, sandboxTests);
+        return {
+            tool_id: tool.id,
+            verification_id: verificationId,
+            timestamp: new Date().toISOString(),
+            code_verification: codeVerification,
+            security: securityResult,
+            sandbox_tests: sandboxTests,
+            verdict,
+            confidence,
+            reasoning: this.generateReasoning(codeVerification, securityResult, sandboxTests, verdict),
+            blockers,
+        };
+    }
+    // ── Private: Code Verification ────────────────────────────
+    async verifyCode(sourceCode, toolSourceDir) {
+        try {
+            const { claims: rawClaims } = await extractClaims(sourceCode);
+            if (rawClaims.length === 0) {
+                return {
+                    claims_extracted: 0,
+                    claims_passed: 0,
+                    claims_failed: 0,
+                    critical_failures: [],
+                };
+            }
+            const index = await indexCodebase(toolSourceDir);
+            const { verifications } = await verifyClaims(rawClaims, index);
+            const passed = verifications.filter(v => v.verdict === 'PASS').length;
+            const failed = verifications.filter(v => v.verdict === 'FAIL').length;
+            const criticalFailures = verifications
+                .filter(v => v.verdict === 'FAIL')
+                .map(v => ({
+                claim: v.claim || v.claimId,
+                verdict: 'FAIL',
+                severity: this.inferClaimSeverity(v.claim || v.claimId),
+                evidence: v.evidence?.map((e) => e.snippet ?? '').join('; ') ?? '',
+            }))
+                .filter(f => f.severity === 'critical' || f.severity === 'high');
+            return {
+                claims_extracted: rawClaims.length,
+                claims_passed: passed,
+                claims_failed: failed,
+                critical_failures: criticalFailures,
+            };
+        }
+        catch {
+            return {
+                claims_extracted: 0,
+                claims_passed: 0,
+                claims_failed: 0,
+                critical_failures: [],
+            };
+        }
+    }
+    // ── Private: Security Scan ────────────────────────────────
+    scanSecurity(sourceCode, filePath) {
+        const findings = [];
+        for (const pattern of SECURITY_PATTERNS) {
+            const matches = sourceCode.match(pattern.regex);
+            if (matches) {
+                // Find line number
+                const lines = sourceCode.split('\n');
+                let lineNum = 1;
+                for (let i = 0; i < lines.length; i++) {
+                    if (pattern.regex.test(lines[i])) {
+                        lineNum = i + 1;
+                        break;
+                    }
+                }
+                findings.push({
+                    type: pattern.type,
+                    severity: pattern.severity,
+                    location: `${filePath}:${lineNum}`,
+                    description: pattern.name,
+                    recommendation: pattern.recommendation,
+                });
+            }
+        }
+        return {
+            ssrf_risk: this.maxRisk(findings.filter(f => f.type === 'ssrf')),
+            injection_risk: this.maxRisk(findings.filter(f => f.type === 'code_injection' || f.type === 'sql_injection')),
+            privilege_escalation_risk: this.maxRisk(findings.filter(f => f.type === 'privilege_escalation')),
+            data_exfiltration_risk: this.maxRisk(findings.filter(f => f.type === 'fs_escape' || f.type === 'info_leak')),
+            findings,
+        };
+    }
+    // ── Private: Verdict Determination ────────────────────────
+    determineVerdict(code, security, sandbox) {
+        const blockers = [];
+        // Critical security findings = immediate reject
+        if (security.findings.some(f => f.severity === 'critical')) {
+            blockers.push('Critical security finding(s) detected');
+        }
+        if (security.privilege_escalation_risk === 'critical' || security.privilege_escalation_risk === 'high') {
+            blockers.push('High privilege escalation risk');
+        }
+        if (security.injection_risk === 'critical') {
+            blockers.push('Critical injection risk');
+        }
+        // Critical code verification failures = reject
+        if (code.critical_failures.length > 0) {
+            blockers.push(`${code.critical_failures.length} critical code verification failure(s)`);
+        }
+        // Sandbox test failures
+        if (sandbox.happy_path.status === 'fail' || sandbox.happy_path.status === 'error') {
+            blockers.push('Happy path test failed');
+        }
+        if (sandbox.constraint_compliance.status === 'fail') {
+            blockers.push('Constraint compliance test failed');
+        }
+        if (blockers.length > 0) {
+            return { verdict: 'reject', blockers, confidence: 0.9 };
+        }
+        // Medium/high findings = needs review
+        const needsReview = security.findings.some(f => f.severity === 'high') ||
+            sandbox.malformed_input.status === 'error' ||
+            code.claims_failed > code.claims_passed * 0.1;
+        if (needsReview) {
+            return { verdict: 'needs_review', blockers: [], confidence: 0.6 };
+        }
+        // Calculate confidence from code verification pass rate
+        const passRate = code.claims_extracted > 0
+            ? code.claims_passed / code.claims_extracted
+            : 0.5;
+        const sandboxScore = [sandbox.happy_path, sandbox.malformed_input, sandbox.constraint_compliance]
+            .filter(t => t.status === 'pass').length / 3;
+        return {
+            verdict: 'approve',
+            blockers: [],
+            confidence: Math.min(passRate, sandboxScore, 0.95),
+        };
+    }
+    // ── Private: Helpers ──────────────────────────────────────
+    maxRisk(findings) {
+        if (findings.length === 0)
+            return 'none';
+        const order = ['none', 'low', 'medium', 'high', 'critical'];
+        let max = 0;
+        for (const f of findings) {
+            const idx = order.indexOf(f.severity);
+            if (idx > max)
+                max = idx;
+        }
+        return order[max];
+    }
+    inferClaimSeverity(claimText) {
+        const lower = claimText.toLowerCase();
+        if (lower.includes('injection') || lower.includes('auth') || lower.includes('secret'))
+            return 'critical';
+        if (lower.includes('error') || lower.includes('crash') || lower.includes('data loss'))
+            return 'high';
+        if (lower.includes('performance') || lower.includes('edge case'))
+            return 'medium';
+        return 'low';
+    }
+    generateReasoning(code, security, sandbox, verdict) {
+        const parts = [];
+        parts.push(`Code: ${code.claims_passed}/${code.claims_extracted} claims passed`);
+        parts.push(`Security: ${security.findings.length} finding(s)`);
+        const testsPassed = [sandbox.happy_path, sandbox.malformed_input, sandbox.timeout_behavior, sandbox.constraint_compliance]
+            .filter(t => t.status === 'pass').length;
+        parts.push(`Sandbox: ${testsPassed}/4 tests passed`);
+        parts.push(`Verdict: ${verdict}`);
+        return parts.join('. ');
+    }
+    makeRejection(toolId, verificationId, reason) {
+        const emptyTest = {
+            status: 'error',
+            input_summary: 'Not executed',
+            output_summary: reason,
+            duration_ms: 0,
+            error: reason,
+        };
+        return {
+            tool_id: toolId,
+            verification_id: verificationId,
+            timestamp: new Date().toISOString(),
+            code_verification: { claims_extracted: 0, claims_passed: 0, claims_failed: 0, critical_failures: [] },
+            security: {
+                ssrf_risk: 'none', injection_risk: 'none',
+                privilege_escalation_risk: 'none', data_exfiltration_risk: 'none', findings: [],
+            },
+            sandbox_tests: {
+                happy_path: emptyTest, malformed_input: emptyTest,
+                timeout_behavior: emptyTest, constraint_compliance: emptyTest,
+            },
+            verdict: 'reject',
+            confidence: 1.0,
+            reasoning: reason,
+            blockers: [reason],
+        };
+    }
+}
+//# sourceMappingURL=tool-verifier.js.map

package/dist/runtime/tool-verifier.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tool-verifier.js","sourceRoot":"","sources":["../../src/runtime/tool-verifier.ts"],"names":[],"mappings":"AAAA,+DAA+D;AAC/D,+CAA+C;AAC/C,wDAAwD;AACxD,0DAA0D;AAC1D,4BAA4B;AAC5B,+DAA+D;AAE/D,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAC1D,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAC3D,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAqBhD,MAAM,iBAAiB,GAAsB;IAC3C;QACE,IAAI,EAAE,0BAA0B;QAChC,IAAI,EAAE,MAAM;QACZ,KAAK,EAAE,oBAAoB;QAC3B,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,MAAM;QAChB,cAAc,EAAE,kEAAkE;KACnF;IACD;QACE,IAAI,EAAE,cAAc;QACpB,IAAI,EAAE,gBAAgB;QACtB,KAAK,EAAE,aAAa;QACpB,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,WAAW;QACrB,cAAc,EAAE,mFAAmF;KACpG;IACD;QACE,IAAI,EAAE,sBAAsB;QAC5B,IAAI,EAAE,gBAAgB;QACtB,KAAK,EAAE,qBAAqB;QAC5B,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,WAAW;QACrB,cAAc,EAAE,sDAAsD;KACvE;IACD;QACE,IAAI,EAAE,0BAA0B;QAChC,IAAI,EAAE,sBAAsB;QAC5B,KAAK,EAAE,6CAA6C;QACpD,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,sBAAsB;QAChC,cAAc,EAAE,mEAAmE;KACpF;IACD;QACE,IAAI,EAAE,gCAAgC;QACtC,IAAI,EAAE,WAAW;QACjB,KAAK,EAAE,yCAAyC;QAChD,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,mBAAmB;QAC7B,cAAc,EAAE,6CAA6C;KAC9D;IACD;QACE,IAAI,EAAE,6BAA6B;QACnC,IAAI,EAAE,WAAW;QACjB,KAAK,EAAE,gBAAgB;QACvB,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,mBAAmB;QAC7B,cAAc,EAAE,0EAA0E;KAC3F;IACD;QACE,IAAI,EAAE,mBAAmB;QACzB,IAAI,EAAE,sBAAsB;QAC5B,KAAK,EAAE,oBAAoB;QAC3B,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,sBAAsB;QAChC,cAAc,EAAE,6DAA6D;KAC9E;IACD;QACE,IAAI,EAAE,mBAAmB;QACzB,IAAI,EAAE,eAAe;QACrB,KAAK,EAAE,4DAA4D;QACnE,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,WAAW;QACrB,cAAc,EAAE,mDAAmD;KACpE;IACD;QACE,IAAI,EAAE,0BAA0B;QAChC,IAAI,EAAE,gBAAgB;QACtB,KAAK,EAAE,sBAAsB;QAC7B,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,WAAW;QACrB,cAAc,EAAE,sDAAsD;KACvE;IACD;QACE,IAAI,EAAE,4BAA4B;QAClC,IAAI,EAAE,sBAAsB;QAC5B,KAAK,EAAE,sCAAsC;QAC7C,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,sBAAsB;QAChC,cAAc,EAAE,uCAAuC;KACxD;CACF,CAAC;AAEF,8DAA8D;AAE9D,MAAM,OAAO,YAAY;IACf,OAAO,CAAc;IAE7B,YAAY,OAAqB;QAC/B,IAAI,CAAC,OAAO,GAAG,OAAO,IAAI,IAAI,WAAW,EAAE,CAAC;IAC9C,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,MAAM,CACV,IAAoB,EACpB,aAAqB;QAErB,MAAM,cAAc,GAAG,UAAU,EAAE,CAAC;QACpC,MAAM,SAAS,GAAG,IAAI,CAAC,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QAE/D,mBAAmB;QACnB,IAAI,UAAkB,CAAC;QACvB,IAAI,CAAC;YACH,UAAU,GAAG,MAAM,QAAQ,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QAClD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE,EAAE,cAAc,EAAE,4BAA4B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACrI,CAAC;QAED,qBAAqB;QACrB,MAAM,UAAU,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACzE,IAAI,UAAU,KAAK,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;YAC3C,OAAO,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE,EAAE,cAAc,EAAE,mCAAmC,IAAI,CAAC,MAAM,CAAC,WAAW,aAAa,UAAU,EAAE,CAAC,CAAC;QAC1I,CAAC;QAED,oDAAoD;QACpD,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;QAE1E,4BAA4B;QAC5B,MAAM,cAAc,GAAG,IAAI,CAAC,YAAY,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;QAEhE,4BAA4B;QAC5B,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;QAE1E,4BAA4B;QAC5B,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,IAAI,CAAC,gBAAgB,CAC7D,gBAAgB,EAChB,cAAc,EACd,YAAY,CACb,CAAC;QAEF,OAAO;YACL,OAAO,EAAE,IAAI,CAAC,EAAE;YAChB,eAAe,EAAE,cAAc;YAC/B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,iBAAiB,EAAE,gBAAgB;YACnC,QAAQ,EAAE,cAAc;YACxB,aAAa,EAAE,YAAY;YAC3B,OAAO;YACP,UAAU;YACV,SAAS,EAAE,IAAI,CAAC,iBAAiB,CAAC,gBAAgB,EAAE,cAAc,EAAE,YAAY,EAAE,OAAO,CAAC;YAC1F,QAAQ;SACT,CAAC;IACJ,CAAC;IAED,6DAA6D;IAErD,KAAK,CAAC,UAAU,CACtB,UAAkB,EAClB,aAAqB;QAErB,IAAI,CAAC;YACH,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,CAAC;YAE9D,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC3B,OAAO;oBACL,gBAAgB,EAAE,CAAC;oBACnB,aAAa,EAAE,CAAC;oBAChB,aAAa,EAAE,CAAC;oBAChB,iBAAiB,EAAE,EAAE;iBACtB,CAAC;YACJ,CAAC;YAED,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,aAAa,CAAC,CAAC;YACjD,MAAM,EAAE,aAAa,EAAE,GAAG,MAAM,YAAY,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;YAE/D,MAAM,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;YACtE,MAAM,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;YAEtE,MAAM,gBAAgB,GAA8B,aAAa;iBAC9D,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,MAAM,CAAC;iBACjC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;gBACT,KAAK,EAAE,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,OAAO;gBAC3B,OAAO,EAAE,MAAe;gBACxB,QAAQ,EAAE,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,OAAO,CAAC;gBACvD,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE;aACnE,CAAC,CAAC;iBACF,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC;YAEnE,OAAO;gBACL,gBAAgB,EAAE,SAAS,CAAC,MAAM;gBAClC,aAAa,EAAE,MAAM;gBACrB,aAAa,EAAE,MAAM;gBACrB,iBAAiB,EAAE,gBAAgB;aACpC,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;gBACL,gBAAgB,EAAE,CAAC;gBACnB,aAAa,EAAE,CAAC;gBAChB,aAAa,EAAE,CAAC;gBAChB,iBAAiB,EAAE,EAAE;aACtB,CAAC;QACJ,CAAC;IACH,CAAC;IAED,6DAA6D;IAErD,YAAY,CAClB,UAAkB,EAClB,QAAgB;QAEhB,MAAM,QAAQ,GAAsB,EAAE,CAAC;QAEvC,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE,CAAC;YACxC,MAAM,OAAO,GAAG,UAAU,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;YAChD,IAAI,OAAO,EAAE,CAAC;gBACZ,mBAAmB;gBACnB,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBACrC,IAAI,OAAO,GAAG,CAAC,CAAC;gBAChB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBACtC,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;wBACjC,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;wBAChB,MAAM;oBACR,CAAC;gBACH,CAAC;gBAED,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,QAAQ,EAAE,GAAG,QAAQ,IAAI,OAAO,EAAE;oBAClC,WAAW,EAAE,OAAO,CAAC,IAAI;oBACzB,cAAc,EAAE,OAAO,CAAC,cAAc;iBACvC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO;YACL,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC;YAChE,cAAc,EAAE,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAC/C,CAAC,CAAC,IAAI,KAAK,gBAAgB,IAAI,CAAC,CAAC,IAAI,KAAK,eAAe,CAC1D,CAAC;YACF,yBAAyB,EAAE,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAC1D,CAAC,CAAC,IAAI,KAAK,sBAAsB,CAClC,CAAC;YACF,sBAAsB,EAAE,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CACvD,CAAC,CAAC,IAAI,KAAK,WAAW,IAAI,CAAC,CAAC,IAAI,KAAK,WAAW,CACjD,CAAC;YACF,QAAQ;SACT,CAAC;IACJ,CAAC;IAED,6DAA6D;IAErD,gBAAgB,CACtB,IAA2C,EAC3C,QAAsC,EACtC,OAA0C;QAE1C,MAAM,QAAQ,GAAa,EAAE,CAAC;QAE9B,gDAAgD;QAChD,IAAI,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,EAAE,CAAC;YAC3D,QAAQ,CAAC,IAAI,CAAC,uCAAuC,CAAC,CAAC;QACzD,CAAC;QACD,IAAI,QAAQ,CAAC,yBAAyB,KAAK,UAAU,IAAI,QAAQ,CAAC,yBAAyB,KAAK,MAAM,EAAE,CAAC;YACvG,QAAQ,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;QAClD,CAAC;QACD,IAAI,QAAQ,CAAC,cAAc,KAAK,UAAU,EAAE,CAAC;YAC3C,QAAQ,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QAC3C,CAAC;QAED,+CAA+C;QAC/C,IAAI,IAAI,CAAC,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtC,QAAQ,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC,MAAM,wCAAwC,CAAC,CAAC;QAC1F,CAAC;QAED,wBAAwB;QACxB,IAAI,OAAO,CAAC,UAAU,CAAC,MAAM,KAAK,MAAM,IAAI,OAAO,CAAC,UAAU,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;YAClF,QAAQ,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;QAC1C,CAAC;QACD,IAAI,OAAO,CAAC,qBAAqB,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;YACpD,QAAQ,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;QACrD,CAAC;QAED,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,EAAE,CAAC;QAC1D,CAAC;QAED,sCAAsC;QACtC,MAAM,WAAW,GACf,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC;YAClD,OAAO,CAAC,eAAe,CAAC,MAAM,KAAK,OAAO;YAC1C,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,aAAa,GAAG,GAAG,CAAC;QAEhD,IAAI,WAAW,EAAE,CAAC;YAChB,OAAO,EAAE,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,CAAC;QACpE,CAAC;QAED,wDAAwD;QACxD,MAAM,QAAQ,GAAG,IAAI,CAAC,gBAAgB,GAAG,CAAC;YACxC,CAAC,CAAC,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,gBAAgB;YAC5C,CAAC,CAAC,GAAG,CAAC;QACR,MAAM,YAAY,GAAG,CAAC,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,eAAe,EAAE,OAAO,CAAC,qBAAqB,CAAC;aAC9F,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;QAE/C,OAAO;YACL,OAAO,EAAE,SAAS;YAClB,QAAQ,EAAE,EAAE;YACZ,UAAU,EAAE,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,YAAY,EAAE,IAAI,CAAC;SACnD,CAAC;IACJ,CAAC;IAED,6DAA6D;IAErD,OAAO,CAAC,QAA2B;QACzC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,MAAM,CAAC;QACzC,MAAM,KAAK,GAAoB,CAAC,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC;QAC7E,IAAI,GAAG,GAAG,CAAC,CAAC;QACZ,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,MAAM,GAAG,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;YACtC,IAAI,GAAG,GAAG,GAAG;gBAAE,GAAG,GAAG,GAAG,CAAC;QAC3B,CAAC;QACD,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC;IACpB,CAAC;IAEO,kBAAkB,CAAC,SAAiB;QAC1C,MAAM,KAAK,GAAG,SAAS,CAAC,WAAW,EAAE,CAAC;QACtC,IAAI,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAAE,OAAO,UAAU,CAAC;QACzG,IAAI,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC;YAAE,OAAO,MAAM,CAAC;QACrG,IAAI,KAAK,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC;YAAE,OAAO,QAAQ,CAAC;QAClF,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,iBAAiB,CACvB,IAA2C,EAC3C,QAAsC,EACtC,OAA0C,EAC1C,OAAe;QAEf,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,KAAK,CAAC,IAAI,CAAC,SAAS,IAAI,CAAC,aAAa,IAAI,IAAI,CAAC,gBAAgB,gBAAgB,CAAC,CAAC;QACjF,KAAK,CAAC,IAAI,CAAC,aAAa,QAAQ,CAAC,QAAQ,CAAC,MAAM,aAAa,CAAC,CAAC;QAC/D,MAAM,WAAW,GAAG,CAAC,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,eAAe,EAAE,OAAO,CAAC,gBAAgB,EAAE,OAAO,CAAC,qBAAqB,CAAC;aACvH,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;QAC3C,KAAK,CAAC,IAAI,CAAC,YAAY,WAAW,iBAAiB,CAAC,CAAC;QACrD,KAAK,CAAC,IAAI,CAAC,YAAY,OAAO,EAAE,CAAC,CAAC;QAClC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAEO,aAAa,CAAC,MAAc,EAAE,cAAsB,EAAE,MAAc;QAC1E,MAAM,SAAS,GAAmB;YAChC,MAAM,EAAE,OAAO;YACf,aAAa,EAAE,cAAc;YAC7B,cAAc,EAAE,MAAM;YACtB,WAAW,EAAE,CAAC;YACd,KAAK,EAAE,MAAM;SACd,CAAC;QACF,OAAO;YACL,OAAO,EAAE,MAAM;YACf,eAAe,EAAE,cAAc;YAC/B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,iBAAiB,EAAE,EAAE,gBAAgB,EAAE,CAAC,EAAE,aAAa,EAAE,CAAC,EAAE,aAAa,EAAE,CAAC,EAAE,iBAAiB,EAAE,EAAE,EAAE;YACrG,QAAQ,EAAE;gBACR,SAAS,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM;gBACzC,yBAAyB,EAAE,MAAM,EAAE,sBAAsB,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE;aAChF;YACD,aAAa,EAAE;gBACb,UAAU,EAAE,SAAS,EAAE,eAAe,EAAE,SAAS;gBACjD,gBAAgB,EAAE,SAAS,EAAE,qBAAqB,EAAE,SAAS;aAC9D;YACD,OAAO,EAAE,QAAQ;YACjB,UAAU,EAAE,GAAG;YACf,SAAS,EAAE,MAAM;YACjB,QAAQ,EAAE,CAAC,MAAM,CAAC;SACnB,CAAC;IACJ,CAAC;CACF"}

package/dist/runtime/trust-manager.d.ts

@@ -1,12 +1,30 @@
-import type { AgentIdentity, TrustLevel, BoundaryVerificationResult, SafetyPolicy } from './types.js';
+import type { AgentIdentity, TrustLevel, BoundaryVerificationResult, SafetyPolicy, TrustWindow, TrustTransition } from './types.js';
+interface TrustThresholds {
+    /** Handoffs required before promotion from untrusted to provisional. */
+    readonly provisionalMinHandoffs: number;
+    /** Minimum pass rate for untrusted -> provisional. */
+    readonly provisionalMinPassRate: number;
+    /** Handoffs required before promotion from provisional to trusted. */
+    readonly trustedMinHandoffs: number;
+    /** Minimum pass rate for provisional -> trusted. */
+    readonly trustedMinPassRate: number;
+    /** Rolling window size for pass rate calculation. */
+    readonly windowSize: number;
+    /** Pass rate below which trusted is demoted to provisional. */
+    readonly demotionPassRate: number;
+}
 export declare class TrustManager {
     private agents;
     private policy;
     private trustDemotionOnOverride;
+    private thresholds;
     private sessionOverrides;
     private sessionDemotions;
+    private windows;
+    private transitions;
     constructor(policy: SafetyPolicy, opts?: {
         trustDemotionOnOverride?: boolean;
+        thresholds?: Partial<TrustThresholds>;
     });
     /** Register an agent with its initial identity. */
     register(agent: AgentIdentity): void;
@@ -14,20 +32,32 @@ export declare class TrustManager {
     getAgent(agentId: string): AgentIdentity | undefined;
     /** Get all registered agents. */
     getAllAgents(): AgentIdentity[];
+    /** Get the rolling trust window for an agent. */
+    getTrustWindow(agentId: string): TrustWindow | undefined;
+    /** Get all trust transitions that occurred during this session. */
+    getTransitions(): readonly TrustTransition[];
     /**
      * Update trust based on a boundary verification result.
-     * Returns the updated trust level and whether the agent was demoted.
+     * Uses rolling window for pass rate calculation.
+     * Returns the updated trust level, demotion status, and halt signal.
      */
     updateTrust(agentId: string, result: BoundaryVerificationResult): {
         newTrust: TrustLevel;
         demoted: boolean;
+        promoted: boolean;
         shouldHalt: boolean;
     };
+    /**
+     * Force-demote an agent (e.g., collusion detected).
+     */
+    forceDemote(agentId: string, reason: TrustTransition['reason']): TrustLevel;
     /** Get session-level stats for an agent. */
     getSessionStats(agentId: string): {
         overrides: number;
         demotions: number;
     };
     private demoteTrust;
-    private computePassRate;
+    private computeWindowPassRate;
+    private recordTransition;
 }
+export {};

package/dist/runtime/trust-manager.js

@@ -1,23 +1,37 @@
 // ============================================================
-// Assay Verified Agent Runtime — Trust Manager
-// Manages agent trust levels based on verification history
+// Assay Verified Agent Runtime — Trust Manager (M3)
+// Rolling-window trust calculation, promotion/demotion,
+// trust transition logging, session-level safety enforcement.
 // ============================================================
-// ── Trust Manager ───────────────────────────────────────────
+const DEFAULT_THRESHOLDS = {
+    provisionalMinHandoffs: 10,
+    provisionalMinPassRate: 0.9,
+    trustedMinHandoffs: 50,
+    trustedMinPassRate: 0.95,
+    windowSize: 20,
+    demotionPassRate: 0.8,
+};
+// ── Trust Manager ──────────────────────────────────────────
 export class TrustManager {
     agents = new Map();
     policy;
     trustDemotionOnOverride;
-    sessionOverrides = new Map(); // agent -> override count this session
-    sessionDemotions = new Map(); // agent -> demotion count this session
+    thresholds;
+    sessionOverrides = new Map();
+    sessionDemotions = new Map();
+    windows = new Map();
+    transitions = [];
     constructor(policy, opts) {
         this.policy = policy;
         this.trustDemotionOnOverride = opts?.trustDemotionOnOverride ?? true;
+        this.thresholds = { ...DEFAULT_THRESHOLDS, ...opts?.thresholds };
     }
     /** Register an agent with its initial identity. */
     register(agent) {
         this.agents.set(agent.id, agent);
         this.sessionOverrides.set(agent.id, 0);
         this.sessionDemotions.set(agent.id, 0);
+        this.windows.set(agent.id, []);
     }
     /** Get an agent's current identity (with updated trust). */
     getAgent(agentId) {
@@ -27,20 +41,52 @@ export class TrustManager {
     getAllAgents() {
         return Array.from(this.agents.values());
     }
+    /** Get the rolling trust window for an agent. */
+    getTrustWindow(agentId) {
+        const agent = this.agents.get(agentId);
+        const entries = this.windows.get(agentId);
+        if (!agent || !entries)
+            return undefined;
+        const windowEntries = entries.slice(-this.thresholds.windowSize);
+        const passCount = windowEntries.filter(e => e.verdict === 'PASS').length;
+        const overrideCount = windowEntries.filter(e => e.hadFormalOverride).length;
+        return {
+            agentId,
+            windowSize: windowEntries.length,
+            results: windowEntries,
+            passRate: windowEntries.length > 0 ? passCount / windowEntries.length : 0,
+            formalOverrideCount: overrideCount,
+        };
+    }
+    /** Get all trust transitions that occurred during this session. */
+    getTransitions() {
+        return this.transitions;
+    }
     /**
      * Update trust based on a boundary verification result.
-     * Returns the updated trust level and whether the agent was demoted.
+     * Uses rolling window for pass rate calculation.
+     * Returns the updated trust level, demotion status, and halt signal.
      */
     updateTrust(agentId, result) {
         const agent = this.agents.get(agentId);
         if (!agent)
-            return { newTrust: 'untrusted', demoted: false, shouldHalt: false };
+            return { newTrust: 'untrusted', demoted: false, promoted: false, shouldHalt: false };
+        // Add to rolling window
+        const windowEntry = {
+            boundaryId: result.boundaryId,
+            verdict: result.verdict,
+            hadFormalOverride: result.formalStats.formalOverrides > 0,
+            timestamp: new Date().toISOString(),
+        };
+        const window = this.windows.get(agentId) ?? [];
+        window.push(windowEntry);
+        this.windows.set(agentId, window);
         const oldTrust = agent.trustLevel;
         let newTrust = oldTrust;
         let demoted = false;
-        // Check for formal overrides
+        let promoted = false;
+        // Check for formal overrides -> demotion
         if (result.formalStats.formalOverrides > 0 && this.trustDemotionOnOverride) {
-            // A single formal override drops trust by one level
             newTrust = this.demoteTrust(oldTrust);
             demoted = newTrust !== oldTrust;
             if (demoted) {
@@ -48,29 +94,54 @@ export class TrustManager {
                 this.sessionOverrides.set(agentId, overrides);
                 const demotions = (this.sessionDemotions.get(agentId) ?? 0) + 1;
                 this.sessionDemotions.set(agentId, demotions);
-                // Two formal overrides in a session → drop to untrusted
                 if (overrides >= 2) {
                     newTrust = 'untrusted';
                 }
+                this.recordTransition(agent, oldTrust, newTrust, 'demotion_formal_override');
+            }
+        }
+        // Check rolling window pass rate for demotion
+        if (!demoted) {
+            const recentWindow = window.slice(-this.thresholds.windowSize);
+            if (recentWindow.length >= this.thresholds.windowSize) {
+                const passRate = recentWindow.filter(e => e.verdict === 'PASS').length / recentWindow.length;
+                if (passRate < this.thresholds.demotionPassRate && oldTrust !== 'untrusted') {
+                    newTrust = this.demoteTrust(oldTrust);
+                    demoted = newTrust !== oldTrust;
+                    if (demoted) {
+                        const demotions = (this.sessionDemotions.get(agentId) ?? 0) + 1;
+                        this.sessionDemotions.set(agentId, demotions);
+                        this.recordTransition(agent, oldTrust, newTrust, 'demotion_low_pass_rate');
+                    }
+                }
             }
         }
-        // Check for promotion
+        // Check for promotion (only if not demoted this round)
         if (!demoted && result.verdict === 'PASS') {
-            const history = agent.verificationHistory;
-            const newTotal = history.totalHandoffs + 1;
-            const newPassRate = (history.passRate * history.totalHandoffs + 1) / newTotal;
-            // Promote if enough clean handoffs
-            if (oldTrust === 'untrusted' && newTotal >= 10 && newPassRate >= 0.9) {
+            const totalHandoffs = window.length;
+            const recentWindow = window.slice(-this.thresholds.windowSize);
+            const passRate = recentWindow.length > 0
+                ? recentWindow.filter(e => e.verdict === 'PASS').length / recentWindow.length
+                : 0;
+            if (oldTrust === 'untrusted' &&
+                totalHandoffs >= this.thresholds.provisionalMinHandoffs &&
+                passRate >= this.thresholds.provisionalMinPassRate) {
                 newTrust = 'provisional';
+                promoted = true;
+                this.recordTransition(agent, oldTrust, newTrust, 'promotion');
             }
-            else if (oldTrust === 'provisional' && newTotal >= 50 && newPassRate >= 0.95) {
+            else if (oldTrust === 'provisional' &&
+                totalHandoffs >= this.thresholds.trustedMinHandoffs &&
+                passRate >= this.thresholds.trustedMinPassRate) {
                 newTrust = 'trusted';
+                promoted = true;
+                this.recordTransition(agent, oldTrust, newTrust, 'promotion');
             }
         }
-        // Update the agent's identity
+        // Update agent identity
         const updatedHistory = {
             totalHandoffs: agent.verificationHistory.totalHandoffs + 1,
-            passRate: this.computePassRate(agent, result),
+            passRate: this.computeWindowPassRate(agentId),
             formalOverrides: agent.verificationHistory.formalOverrides + result.formalStats.formalOverrides,
         };
         const updatedAgent = {
@@ -82,7 +153,25 @@ export class TrustManager {
         // Check if we should halt
         const shouldHalt = (this.sessionOverrides.get(agentId) ?? 0) >= this.policy.escalationRules.maxFormalOverridesBeforeHalt ||
             (this.sessionDemotions.get(agentId) ?? 0) >= this.policy.escalationRules.maxTrustDemotions;
-        return { newTrust, demoted, shouldHalt };
+        return { newTrust, demoted, promoted, shouldHalt };
+    }
+    /**
+     * Force-demote an agent (e.g., collusion detected).
+     */
+    forceDemote(agentId, reason) {
+        const agent = this.agents.get(agentId);
+        if (!agent)
+            return 'untrusted';
+        const oldTrust = agent.trustLevel;
+        const newTrust = this.demoteTrust(oldTrust);
+        if (newTrust !== oldTrust) {
+            this.recordTransition(agent, oldTrust, newTrust, reason);
+            const demotions = (this.sessionDemotions.get(agentId) ?? 0) + 1;
+            this.sessionDemotions.set(agentId, demotions);
+            const updatedAgent = { ...agent, trustLevel: newTrust };
+            this.agents.set(agentId, updatedAgent);
+        }
+        return newTrust;
     }
     /** Get session-level stats for an agent. */
     getSessionStats(agentId) {
@@ -97,14 +186,27 @@ export class TrustManager {
             case 'trusted': return 'provisional';
             case 'provisional': return 'untrusted';
             case 'untrusted': return 'untrusted';
-            case 'formal': return 'formal'; // formal agents can't be demoted
+            case 'formal': return 'formal';
         }
     }
-    computePassRate(agent, result) {
-        const oldTotal = agent.verificationHistory.totalHandoffs;
-        const oldRate = agent.verificationHistory.passRate;
-        const passed = result.verdict === 'PASS' ? 1 : 0;
-        return (oldRate * oldTotal + passed) / (oldTotal + 1);
+    computeWindowPassRate(agentId) {
+        const window = this.windows.get(agentId) ?? [];
+        const recent = window.slice(-this.thresholds.windowSize);
+        if (recent.length === 0)
+            return 0;
+        return recent.filter(e => e.verdict === 'PASS').length / recent.length;
+    }
+    recordTransition(agent, from, to, reason) {
+        this.transitions.push({
+            agentId: agent.id,
+            agentName: agent.name,
+            previousLevel: from,
+            newLevel: to,
+            reason,
+            passRate: this.computeWindowPassRate(agent.id),
+            windowSize: (this.windows.get(agent.id) ?? []).length,
+            timestamp: new Date().toISOString(),
+        });
     }
 }
 //# sourceMappingURL=trust-manager.js.map