tryassay 0.6.0 → 0.11.1

package/dist/runtime/layer2-guardian.js

@@ -0,0 +1,263 @@
+// ============================================================
+// Assay Verified Agent Runtime — Layer 2 Guardian
+// Enforces immutability of the verification substrate.
+//
+// Four levels of enforcement:
+// 1. Process isolation: validates caller is not an agent process
+// 2. Filesystem permissions: verifies Layer 2 files are read-only
+// 3. Cryptographic signing: SHA-256 hash verification of all artifacts
+// 4. Immutable deployment: manifest-based integrity check on startup
+//
+// If ANY level detects a violation, the system halts.
+// ============================================================
+import { createHash } from 'node:crypto';
+import { readFile, stat, writeFile, mkdir } from 'node:fs/promises';
+import { join, dirname } from 'node:path';
+// ── Layer 2 Component Paths (relative to project root) ───
+const DEFAULT_LAYER2_COMPONENTS = [
+    { component: 'formal_verifier', path: 'api/lib/formal-verifier.ts' },
+    { component: 'verification_protocol', path: 'api/v1/forward.ts' },
+    { component: 'approval_framework', path: 'src/runtime/tool-approval.ts' },
+    { component: 'immutability_constraint', path: 'src/runtime/layer2-guardian.ts' },
+    { component: 'kill_switch', path: 'src/runtime/kill-switch.ts' },
+];
+// ── Layer 2 Guardian ───────────────────────────────────
+export class Layer2Guardian {
+    projectRoot;
+    manifestPath;
+    manifest = null;
+    componentPaths;
+    constructor(projectRoot, opts) {
+        this.projectRoot = projectRoot;
+        this.manifestPath = opts?.manifestPath ?? join(projectRoot, '.assay', 'layer2-manifest.json');
+        this.componentPaths = opts?.componentPaths ?? DEFAULT_LAYER2_COMPONENTS;
+    }
+    // ── Level 1: Process Isolation Validation ──────────────
+    /**
+     * Validate that a modification proposal does not target Layer 2.
+     * This is the first line of defense: structural prevention at the type level.
+     */
+    validateProposal(proposal) {
+        // Type-level check: modifies_layer2 must be literal false
+        if (proposal.safety.modifies_layer2 !== false) {
+            return {
+                valid: false,
+                reason: 'BLOCKED: Proposal declares modifies_layer2 = true. Layer 2 cannot be modified by agents.',
+            };
+        }
+        if (proposal.safety.modifies_approval_framework !== false) {
+            return {
+                valid: false,
+                reason: 'BLOCKED: Proposal declares modifies_approval_framework = true. The approval framework is part of Layer 2.',
+            };
+        }
+        // Content check: scan the payload for references to Layer 2 files
+        const payloadStr = JSON.stringify(proposal.payload);
+        for (const comp of this.componentPaths) {
+            if (payloadStr.includes(comp.path)) {
+                return {
+                    valid: false,
+                    reason: `BLOCKED: Proposal payload references Layer 2 component "${comp.component}" (${comp.path}).`,
+                };
+            }
+        }
+        return { valid: true, reason: 'Proposal does not target Layer 2.' };
+    }
+    // ── Level 2: Filesystem Permission Verification ────────
+    /**
+     * Verify that Layer 2 files have appropriate permissions.
+     * In production, Layer 2 files should be owned by a different user
+     * and be read-only from the agent's perspective.
+     */
+    async verifyPermissions() {
+        const findings = [];
+        for (const comp of this.componentPaths) {
+            const fullPath = join(this.projectRoot, comp.path);
+            try {
+                const stats = await stat(fullPath);
+                // Check that file is not world-writable
+                // mode & 0o002 checks the "others write" bit
+                const mode = stats.mode;
+                if (mode & 0o002) {
+                    findings.push({
+                        path: comp.path,
+                        issue: `World-writable (mode: ${mode.toString(8)}). Layer 2 files must not be world-writable.`,
+                    });
+                }
+                // In development mode, we can't enforce strict ownership
+                // but we log the permissions for audit purposes
+            }
+            catch (err) {
+                findings.push({
+                    path: comp.path,
+                    issue: `Cannot stat file: ${err instanceof Error ? err.message : String(err)}`,
+                });
+            }
+        }
+        return {
+            valid: findings.length === 0,
+            findings,
+        };
+    }
+    // ── Level 3: Cryptographic Signing ─────────────────────
+    /**
+     * Generate a Layer 2 manifest by hashing all component files.
+     * This is called during deployment (by humans), not at runtime (by agents).
+     */
+    async generateManifest(deployedBy) {
+        const components = [];
+        for (const comp of this.componentPaths) {
+            const fullPath = join(this.projectRoot, comp.path);
+            try {
+                const content = await readFile(fullPath, 'utf-8');
+                const hash = createHash('sha256').update(content).digest('hex');
+                const stats = await stat(fullPath);
+                components.push({
+                    component: comp.component,
+                    file_path: comp.path,
+                    hash,
+                    size_bytes: stats.size,
+                    last_verified: new Date().toISOString(),
+                });
+            }
+            catch (err) {
+                throw new Error(`Cannot read Layer 2 component "${comp.component}" at ${comp.path}: ${err instanceof Error ? err.message : String(err)}`);
+            }
+        }
+        // Generate manifest hash (hash of all component hashes)
+        const allHashes = components.map(c => c.hash).join(':');
+        const manifestHash = createHash('sha256').update(allHashes).digest('hex');
+        const manifest = {
+            version: new Date().toISOString().replace(/[-:T]/g, '').slice(0, 14),
+            deployed_at: new Date().toISOString(),
+            deployed_by: deployedBy,
+            components,
+            manifest_hash: manifestHash,
+            signing_key_id: 'local-dev', // In production: HSM key ID
+        };
+        this.manifest = manifest;
+        return manifest;
+    }
+    /**
+     * Save the manifest to disk.
+     */
+    async saveManifest(manifest) {
+        const m = manifest ?? this.manifest;
+        if (!m)
+            throw new Error('No manifest to save. Call generateManifest() first.');
+        await mkdir(dirname(this.manifestPath), { recursive: true });
+        await writeFile(this.manifestPath, JSON.stringify(m, null, 2), 'utf-8');
+    }
+    /**
+     * Load the manifest from disk.
+     */
+    async loadManifest() {
+        try {
+            const raw = await readFile(this.manifestPath, 'utf-8');
+            this.manifest = JSON.parse(raw);
+            return this.manifest;
+        }
+        catch {
+            return null;
+        }
+    }
+    // ── Level 4: Integrity Verification on Startup ─────────
+    /**
+     * Verify Layer 2 integrity by comparing current file hashes
+     * against the signed manifest. Called at system startup.
+     *
+     * If ANY component has been modified, returns a violation.
+     * The caller MUST halt the system on violation.
+     */
+    async verifyIntegrity() {
+        const manifest = this.manifest ?? await this.loadManifest();
+        if (!manifest) {
+            return {
+                timestamp: new Date().toISOString(),
+                manifest_version: 'none',
+                components_checked: 0,
+                components_valid: 0,
+                components_invalid: [{
+                        component: 'formal_verifier',
+                        file_path: 'N/A',
+                        expected_hash: 'N/A',
+                        actual_hash: 'N/A',
+                        severity: 'critical',
+                        action: 'halt',
+                    }],
+                overall: 'violation',
+            };
+        }
+        const violations = [];
+        for (const entry of manifest.components) {
+            const fullPath = join(this.projectRoot, entry.file_path);
+            try {
+                const content = await readFile(fullPath, 'utf-8');
+                const actualHash = createHash('sha256').update(content).digest('hex');
+                if (actualHash !== entry.hash) {
+                    violations.push({
+                        component: entry.component,
+                        file_path: entry.file_path,
+                        expected_hash: entry.hash,
+                        actual_hash: actualHash,
+                        severity: 'critical',
+                        action: 'halt',
+                    });
+                }
+            }
+            catch {
+                violations.push({
+                    component: entry.component,
+                    file_path: entry.file_path,
+                    expected_hash: entry.hash,
+                    actual_hash: 'FILE_NOT_FOUND',
+                    severity: 'critical',
+                    action: 'halt',
+                });
+            }
+        }
+        // Also verify the manifest hash itself
+        const allHashes = manifest.components.map(c => c.hash).join(':');
+        const expectedManifestHash = createHash('sha256').update(allHashes).digest('hex');
+        if (expectedManifestHash !== manifest.manifest_hash) {
+            violations.push({
+                component: 'immutability_constraint',
+                file_path: this.manifestPath,
+                expected_hash: manifest.manifest_hash,
+                actual_hash: expectedManifestHash,
+                severity: 'critical',
+                action: 'halt',
+            });
+        }
+        return {
+            timestamp: new Date().toISOString(),
+            manifest_version: manifest.version,
+            components_checked: manifest.components.length,
+            components_valid: manifest.components.length - violations.length,
+            components_invalid: violations,
+            overall: violations.length === 0 ? 'valid' : 'violation',
+        };
+    }
+    /**
+     * Run all four levels of verification.
+     * Returns a comprehensive status report.
+     */
+    async fullAudit() {
+        const permissions = await this.verifyPermissions();
+        const integrity = await this.verifyIntegrity();
+        const manifestPresent = this.manifest !== null;
+        return {
+            permissions,
+            integrity,
+            manifestPresent,
+            overallSafe: permissions.valid && integrity.overall === 'valid' && manifestPresent,
+        };
+    }
+    /**
+     * Get the current manifest (if loaded).
+     */
+    getManifest() {
+        return this.manifest;
+    }
+}
+//# sourceMappingURL=layer2-guardian.js.map

package/dist/runtime/layer2-guardian.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"layer2-guardian.js","sourceRoot":"","sources":["../../src/runtime/layer2-guardian.ts"],"names":[],"mappings":"AAAA,+DAA+D;AAC/D,kDAAkD;AAClD,uDAAuD;AACvD,EAAE;AACF,8BAA8B;AAC9B,iEAAiE;AACjE,kEAAkE;AAClE,uEAAuE;AACvE,qEAAqE;AACrE,EAAE;AACF,sDAAsD;AACtD,+DAA+D;AAE/D,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACpE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAS1C,4DAA4D;AAE5D,MAAM,yBAAyB,GAAmD;IAChF,EAAE,SAAS,EAAE,iBAAiB,EAAE,IAAI,EAAE,4BAA4B,EAAE;IACpE,EAAE,SAAS,EAAE,uBAAuB,EAAE,IAAI,EAAE,mBAAmB,EAAE;IACjE,EAAE,SAAS,EAAE,oBAAoB,EAAE,IAAI,EAAE,8BAA8B,EAAE;IACzE,EAAE,SAAS,EAAE,yBAAyB,EAAE,IAAI,EAAE,gCAAgC,EAAE;IAChF,EAAE,SAAS,EAAE,aAAa,EAAE,IAAI,EAAE,4BAA4B,EAAE;CACjE,CAAC;AAEF,0DAA0D;AAE1D,MAAM,OAAO,cAAc;IACjB,WAAW,CAAS;IACpB,YAAY,CAAS;IACrB,QAAQ,GAA0B,IAAI,CAAC;IACvC,cAAc,CAAiD;IAEvE,YACE,WAAmB,EACnB,IAGC;QAED,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;QAC/B,IAAI,CAAC,YAAY,GAAG,IAAI,EAAE,YAAY,IAAI,IAAI,CAAC,WAAW,EAAE,QAAQ,EAAE,sBAAsB,CAAC,CAAC;QAC9F,IAAI,CAAC,cAAc,GAAG,IAAI,EAAE,cAAc,IAAI,yBAAyB,CAAC;IAC1E,CAAC;IAED,0DAA0D;IAE1D;;;OAGG;IACH,gBAAgB,CAAC,QAGhB;QACC,0DAA0D;QAC1D,IAAI,QAAQ,CAAC,MAAM,CAAC,eAAe,KAAK,KAAK,EAAE,CAAC;YAC9C,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,0FAA0F;aACnG,CAAC;QACJ,CAAC;QAED,IAAI,QAAQ,CAAC,MAAM,CAAC,2BAA2B,KAAK,KAAK,EAAE,CAAC;YAC1D,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,2GAA2G;aACpH,CAAC;QACJ,CAAC;QAED,kEAAkE;QAClE,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACpD,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACvC,IAAI,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACnC,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,MAAM,EAAE,2DAA2D,IAAI,CAAC,SAAS,MAAM,IAAI,CAAC,IAAI,IAAI;iBACrG,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,mCAAmC,EAAE,CAAC;IACtE,CAAC;IAED,0DAA0D;IAE1D;;;;OAIG;IACH,KAAK,CAAC,iBAAiB;QAIrB,MAAM,QAAQ,GAAsC,EAAE,CAAC;QAEvD,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACvC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;YACnD,IAAI,CAAC;gBACH,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC;gBAEnC,wCAAwC;gBACxC,6CAA6C;gBAC7C,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC;gBACxB,IAAI,IAAI,GAAG,KAAK,EAAE,CAAC;oBACjB,QAAQ,CAAC,IAAI,CAAC;wBACZ,IAAI,EAAE,IAAI,CAAC,IAAI;wBACf,KAAK,EAAE,yBAAyB,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,8CAA8C;qBAC/F,CAAC,CAAC;gBACL,CAAC;gBAED,yDAAyD;gBACzD,gDAAgD;YAClD,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,KAAK,EAAE,qBAAqB,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE;iBAC/E,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO;YACL,KAAK,EAAE,QAAQ,CAAC,MAAM,KAAK,CAAC;YAC5B,QAAQ;SACT,CAAC;IACJ,CAAC;IAED,0DAA0D;IAE1D;;;OAGG;IACH,KAAK,CAAC,gBAAgB,CAAC,UAAkB;QACvC,MAAM,UAAU,GAA2B,EAAE,CAAC;QAE9C,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACvC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;YACnD,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;gBAClD,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBAChE,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC;gBAEnC,UAAU,CAAC,IAAI,CAAC;oBACd,SAAS,EAAE,IAAI,CAAC,SAAS;oBACzB,SAAS,EAAE,IAAI,CAAC,IAAI;oBACpB,IAAI;oBACJ,UAAU,EAAE,KAAK,CAAC,IAAI;oBACtB,aAAa,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;iBACxC,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,IAAI,KAAK,CACb,kCAAkC,IAAI,CAAC,SAAS,QAAQ,IAAI,CAAC,IAAI,KAAK,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CACzH,CAAC;YACJ,CAAC;QACH,CAAC;QAED,wDAAwD;QACxD,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACxD,MAAM,YAAY,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAE1E,MAAM,QAAQ,GAAmB;YAC/B,OAAO,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;YACpE,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACrC,WAAW,EAAE,UAAU;YACvB,UAAU;YACV,aAAa,EAAE,YAAY;YAC3B,cAAc,EAAE,WAAW,EAAE,4BAA4B;SAC1D,CAAC;QAEF,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CAAC,QAAyB;QAC1C,MAAM,CAAC,GAAG,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAC;QACpC,IAAI,CAAC,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;QAE/E,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC7D,MAAM,SAAS,CACb,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,EAC1B,OAAO,CACR,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY;QAChB,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;YACvD,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAmB,CAAC;YAClD,OAAO,IAAI,CAAC,QAAQ,CAAC;QACvB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,0DAA0D;IAE1D;;;;;;OAMG;IACH,KAAK,CAAC,eAAe;QACnB,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QAE5D,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO;gBACL,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACnC,gBAAgB,EAAE,MAAM;gBACxB,kBAAkB,EAAE,CAAC;gBACrB,gBAAgB,EAAE,CAAC;gBACnB,kBAAkB,EAAE,CAAC;wBACnB,SAAS,EAAE,iBAAiB;wBAC5B,SAAS,EAAE,KAAK;wBAChB,aAAa,EAAE,KAAK;wBACpB,WAAW,EAAE,KAAK;wBAClB,QAAQ,EAAE,UAAU;wBACpB,MAAM,EAAE,MAAM;qBACf,CAAC;gBACF,OAAO,EAAE,WAAW;aACrB,CAAC;QACJ,CAAC;QAED,MAAM,UAAU,GAAyB,EAAE,CAAC;QAE5C,KAAK,MAAM,KAAK,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;YACxC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;YACzD,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;gBAClD,MAAM,UAAU,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBAEtE,IAAI,UAAU,KAAK,KAAK,CAAC,IAAI,EAAE,CAAC;oBAC9B,UAAU,CAAC,IAAI,CAAC;wBACd,SAAS,EAAE,KAAK,CAAC,SAAS;wBAC1B,SAAS,EAAE,KAAK,CAAC,SAAS;wBAC1B,aAAa,EAAE,KAAK,CAAC,IAAI;wBACzB,WAAW,EAAE,UAAU;wBACvB,QAAQ,EAAE,UAAU;wBACpB,MAAM,EAAE,MAAM;qBACf,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,UAAU,CAAC,IAAI,CAAC;oBACd,SAAS,EAAE,KAAK,CAAC,SAAS;oBAC1B,SAAS,EAAE,KAAK,CAAC,SAAS;oBAC1B,aAAa,EAAE,KAAK,CAAC,IAAI;oBACzB,WAAW,EAAE,gBAAgB;oBAC7B,QAAQ,EAAE,UAAU;oBACpB,MAAM,EAAE,MAAM;iBACf,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,uCAAuC;QACvC,MAAM,SAAS,GAAG,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACjE,MAAM,oBAAoB,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAClF,IAAI,oBAAoB,KAAK,QAAQ,CAAC,aAAa,EAAE,CAAC;YACpD,UAAU,CAAC,IAAI,CAAC;gBACd,SAAS,EAAE,yBAAyB;gBACpC,SAAS,EAAE,IAAI,CAAC,YAAY;gBAC5B,aAAa,EAAE,QAAQ,CAAC,aAAa;gBACrC,WAAW,EAAE,oBAAoB;gBACjC,QAAQ,EAAE,UAAU;gBACpB,MAAM,EAAE,MAAM;aACf,CAAC,CAAC;QACL,CAAC;QAED,OAAO;YACL,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,gBAAgB,EAAE,QAAQ,CAAC,OAAO;YAClC,kBAAkB,EAAE,QAAQ,CAAC,UAAU,CAAC,MAAM;YAC9C,gBAAgB,EAAE,QAAQ,CAAC,UAAU,CAAC,MAAM,GAAG,UAAU,CAAC,MAAM;YAChE,kBAAkB,EAAE,UAAU;YAC9B,OAAO,EAAE,UAAU,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW;SACzD,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,SAAS;QAMb,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACnD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QAC/C,MAAM,eAAe,GAAG,IAAI,CAAC,QAAQ,KAAK,IAAI,CAAC;QAE/C,OAAO;YACL,WAAW;YACX,SAAS;YACT,eAAe;YACf,WAAW,EAAE,WAAW,CAAC,KAAK,IAAI,SAAS,CAAC,OAAO,KAAK,OAAO,IAAI,eAAe;SACnF,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,WAAW;QACT,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;CACF"}

package/dist/runtime/multi-agent-loop.d.ts

@@ -0,0 +1,37 @@
+import { EventEmitter } from 'node:events';
+import { SharedMemoryStore } from './shared-memory.js';
+import type { AuditEntry, TeamConfig, TeamResult } from './types.js';
+export declare class MultiAgentLoop extends EventEmitter {
+    private messageBus;
+    private compositionVerifier;
+    private trustManager;
+    private sharedMemory;
+    private stallDetector;
+    private agents;
+    private auditTrail;
+    private config;
+    private codebaseRoot;
+    constructor(codebaseRoot: string, config: TeamConfig);
+    /**
+     * Run the full multi-agent loop on a goal.
+     * 1. Coordinator decomposes goal into task graph
+     * 2. Ready tasks are assigned to agents
+     * 3. Each agent output passes through boundary verification
+     * 4. Completed tasks unlock dependent tasks
+     * 5. Stall detector monitors for problems
+     * 6. Loop until all tasks complete, fail, or escalate
+     */
+    run(): Promise<TeamResult>;
+    /** Get the current audit trail. */
+    getAuditTrail(): readonly AuditEntry[];
+    /** Get the shared memory store. */
+    getSharedMemory(): SharedMemoryStore;
+    private updateReadyTasks;
+    private getReviewTarget;
+    private buildContextRefs;
+    private parseDecomposition;
+    private buildGraph;
+    private makeEmptyGraph;
+    private makeResult;
+    private audit;
+}