usertrust 0.1.0

package/dist/resilience/scope.js

@@ -0,0 +1,244 @@
+/**
+ * Scope Locking — minimatch-based overlap detection & lease management
+ *
+ * Prevents conflicts between parallel workers by tracking scope-based leases.
+ * Each lease locks a set of glob patterns; overlapping patterns from different
+ * actors are rejected.
+ *
+ * Store path: `.usertools/leases.json`
+ */
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
+import { join } from "node:path";
+import { minimatch } from "minimatch";
+import { VAULT_DIR } from "../shared/constants.js";
+// ---------------------------------------------------------------------------
+// Path Resolution
+// ---------------------------------------------------------------------------
+let storeDir = join(process.cwd(), VAULT_DIR);
+/**
+ * Set the store directory path (for testing).
+ */
+export function setStoreDir(dir) {
+    storeDir = dir;
+}
+/**
+ * Get the current store directory.
+ */
+export function getStoreDir() {
+    return storeDir;
+}
+function getLeasesPath() {
+    return join(storeDir, "leases.json");
+}
+function ensureStoreDir() {
+    if (!existsSync(storeDir)) {
+        mkdirSync(storeDir, { recursive: true });
+    }
+}
+// ---------------------------------------------------------------------------
+// File Operations
+// ---------------------------------------------------------------------------
+function readLeases() {
+    ensureStoreDir();
+    const path = getLeasesPath();
+    if (!existsSync(path)) {
+        return {};
+    }
+    try {
+        const data = readFileSync(path, "utf-8");
+        return JSON.parse(data);
+    }
+    catch {
+        return {};
+    }
+}
+function writeLeases(store) {
+    ensureStoreDir();
+    writeFileSync(getLeasesPath(), JSON.stringify(store, null, "\t"));
+}
+// ---------------------------------------------------------------------------
+// ID Generation
+// ---------------------------------------------------------------------------
+function generateLeaseId() {
+    const hex = Math.random().toString(16).substring(2, 10);
+    return `ls_${hex}`;
+}
+// ---------------------------------------------------------------------------
+// Scope Overlap
+// ---------------------------------------------------------------------------
+/**
+ * Check if two scope patterns overlap.
+ *
+ * Two patterns overlap when:
+ * 1. Either literally matches the other via minimatch, OR
+ * 2. They share a common base prefix (e.g. `src/**` and `src/foo/**`)
+ */
+export function scopesOverlap(scopeA, scopeB) {
+    for (const patternA of scopeA) {
+        for (const patternB of scopeB) {
+            // Check if either pattern matches the other
+            if (minimatch(patternA, patternB) || minimatch(patternB, patternA)) {
+                return true;
+            }
+            // Check for common prefix overlap (e.g., "src/**" and "src/foo/**")
+            const baseA = patternA.replace(/\*.*$/, "");
+            const baseB = patternB.replace(/\*.*$/, "");
+            if (baseA.startsWith(baseB) || baseB.startsWith(baseA)) {
+                return true;
+            }
+        }
+    }
+    return false;
+}
+/**
+ * Check if a file matches any of the scope patterns.
+ */
+export function fileMatchesScope(file, scope) {
+    for (const pattern of scope) {
+        if (minimatch(file, pattern)) {
+            return true;
+        }
+    }
+    return false;
+}
+// ---------------------------------------------------------------------------
+// ScopeManager
+// ---------------------------------------------------------------------------
+/**
+ * Scope-based lease manager.
+ *
+ * Provides `acquireLease`, `releaseLease`, `findConflicts`, and `expireStale`
+ * for coordinating parallel workers operating on overlapping file scopes.
+ */
+export class ScopeManager {
+    clock;
+    constructor(clock) {
+        this.clock = clock ?? Date.now;
+    }
+    /**
+     * Acquire a lease for the given scope.
+     * Throws if scope overlaps with another actor's active lease.
+     */
+    acquireLease(options) {
+        const store = readLeases();
+        const ttlMin = options.ttlMin ?? 60;
+        // Expire stale leases first
+        this.expireStaleInStore(store);
+        // Check for scope overlap with other actors' active leases
+        const conflicts = this.findConflictsInStore(store, options.scope, options.actor);
+        if (conflicts.length > 0) {
+            const first = conflicts[0];
+            throw new Error(`Scope overlap with lease ${first.lease.lease_id} ` +
+                `(actor: ${first.lease.actor}, ` +
+                `scope: ${first.lease.scope.join(", ")})`);
+        }
+        const now = new Date(this.clock()).toISOString();
+        const expiresAt = new Date(this.clock() + ttlMin * 60_000).toISOString();
+        const leaseId = generateLeaseId();
+        const lease = {
+            lease_id: leaseId,
+            actor: options.actor,
+            scope: options.scope,
+            intent: options.intent,
+            issued_at: now,
+            expires_at: expiresAt,
+            status: "active",
+        };
+        store[leaseId] = lease;
+        writeLeases(store);
+        return lease;
+    }
+    /**
+     * Renew an existing lease, extending its TTL.
+     */
+    renewLease(leaseId, ttlMin = 60) {
+        const store = readLeases();
+        const lease = store[leaseId];
+        if (!lease) {
+            throw new Error(`Lease ${leaseId} not found`);
+        }
+        if (lease.status !== "active") {
+            throw new Error(`Lease ${leaseId} is ${lease.status}, cannot renew`);
+        }
+        lease.expires_at = new Date(this.clock() + ttlMin * 60_000).toISOString();
+        lease.last_renewed_at = new Date(this.clock()).toISOString();
+        writeLeases(store);
+        return lease;
+    }
+    /**
+     * Release a lease, marking it as released.
+     */
+    releaseLease(leaseId) {
+        const store = readLeases();
+        const lease = store[leaseId];
+        if (!lease) {
+            throw new Error(`Lease ${leaseId} not found`);
+        }
+        lease.status = "released";
+        writeLeases(store);
+        return lease;
+    }
+    /**
+     * Find conflicts for a proposed scope against active leases.
+     */
+    findConflicts(scope, excludeActor) {
+        const store = readLeases();
+        this.expireStaleInStore(store);
+        return this.findConflictsInStore(store, scope, excludeActor);
+    }
+    /**
+     * Expire stale leases and persist the result.
+     * Returns the number of leases expired.
+     */
+    expireStale() {
+        const store = readLeases();
+        const count = this.expireStaleInStore(store);
+        if (count > 0) {
+            writeLeases(store);
+        }
+        return count;
+    }
+    /**
+     * Get all active leases.
+     */
+    getActiveLeases() {
+        const store = readLeases();
+        return Object.values(store).filter((l) => l.status === "active");
+    }
+    /**
+     * Get a lease by ID.
+     */
+    getLease(leaseId) {
+        const store = readLeases();
+        return store[leaseId];
+    }
+    // ── Private helpers ──
+    findConflictsInStore(store, scope, excludeActor) {
+        const conflicts = [];
+        for (const lease of Object.values(store)) {
+            if (lease.status !== "active")
+                continue;
+            if (excludeActor && lease.actor === excludeActor)
+                continue;
+            if (scopesOverlap(scope, lease.scope)) {
+                conflicts.push({
+                    lease,
+                    overlappingPatterns: lease.scope,
+                });
+            }
+        }
+        return conflicts;
+    }
+    expireStaleInStore(store) {
+        const now = new Date(this.clock());
+        let count = 0;
+        for (const lease of Object.values(store)) {
+            if (lease.status === "active" && new Date(lease.expires_at) < now) {
+                lease.status = "expired";
+                count++;
+            }
+        }
+        return count;
+    }
+}
+//# sourceMappingURL=scope.js.map

package/dist/resilience/scope.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scope.js","sourceRoot":"","sources":["../../src/resilience/scope.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAC7E,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAoCnD,8EAA8E;AAC9E,kBAAkB;AAClB,8EAA8E;AAE9E,IAAI,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,SAAS,CAAC,CAAC;AAE9C;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,GAAW;IACtC,QAAQ,GAAG,GAAG,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW;IAC1B,OAAO,QAAQ,CAAC;AACjB,CAAC;AAED,SAAS,aAAa;IACrB,OAAO,IAAI,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;AACtC,CAAC;AAED,SAAS,cAAc;IACtB,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC3B,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1C,CAAC;AACF,CAAC;AAED,8EAA8E;AAC9E,kBAAkB;AAClB,8EAA8E;AAE9E,SAAS,UAAU;IAClB,cAAc,EAAE,CAAC;IACjB,MAAM,IAAI,GAAG,aAAa,EAAE,CAAC;IAC7B,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACvB,OAAO,EAAE,CAAC;IACX,CAAC;IACD,IAAI,CAAC;QACJ,MAAM,IAAI,GAAG,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QACzC,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAe,CAAC;IACvC,CAAC;IAAC,MAAM,CAAC;QACR,OAAO,EAAE,CAAC;IACX,CAAC;AACF,CAAC;AAED,SAAS,WAAW,CAAC,KAAiB;IACrC,cAAc,EAAE,CAAC;IACjB,aAAa,CAAC,aAAa,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC;AACnE,CAAC;AAED,8EAA8E;AAC9E,gBAAgB;AAChB,8EAA8E;AAE9E,SAAS,eAAe;IACvB,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACxD,OAAO,MAAM,GAAG,EAAE,CAAC;AACpB,CAAC;AAED,8EAA8E;AAC9E,gBAAgB;AAChB,8EAA8E;AAE9E;;;;;;GAMG;AACH,MAAM,UAAU,aAAa,CAAC,MAAgB,EAAE,MAAgB;IAC/D,KAAK,MAAM,QAAQ,IAAI,MAAM,EAAE,CAAC;QAC/B,KAAK,MAAM,QAAQ,IAAI,MAAM,EAAE,CAAC;YAC/B,4CAA4C;YAC5C,IAAI,SAAS,CAAC,QAAQ,EAAE,QAAQ,CAAC,IAAI,SAAS,CAAC,QAAQ,EAAE,QAAQ,CAAC,EAAE,CAAC;gBACpE,OAAO,IAAI,CAAC;YACb,CAAC;YACD,oEAAoE;YACpE,MAAM,KAAK,GAAG,QAAQ,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;YAC5C,MAAM,KAAK,GAAG,QAAQ,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;YAC5C,IAAI,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;gBACxD,OAAO,IAAI,CAAC;YACb,CAAC;QACF,CAAC;IACF,CAAC;IACD,OAAO,KAAK,CAAC;AACd,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,IAAY,EAAE,KAAe;IAC7D,KAAK,MAAM,OAAO,IAAI,KAAK,EAAE,CAAC;QAC7B,IAAI,SAAS,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;YAC9B,OAAO,IAAI,CAAC;QACb,CAAC;IACF,CAAC;IACD,OAAO,KAAK,CAAC;AACd,CAAC;AAED,8EAA8E;AAC9E,eAAe;AACf,8EAA8E;AAE9E;;;;;GAKG;AACH,MAAM,OAAO,YAAY;IACP,KAAK,CAAe;IAErC,YAAY,KAAoB;QAC/B,IAAI,CAAC,KAAK,GAAG,KAAK,IAAI,IAAI,CAAC,GAAG,CAAC;IAChC,CAAC;IAED;;;OAGG;IACH,YAAY,CAAC,OAA4B;QACxC,MAAM,KAAK,GAAG,UAAU,EAAE,CAAC;QAC3B,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,EAAE,CAAC;QAEpC,4BAA4B;QAC5B,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC;QAE/B,2DAA2D;QAC3D,MAAM,SAAS,GAAG,IAAI,CAAC,oBAAoB,CAAC,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;QACjF,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1B,MAAM,KAAK,GAAG,SAAS,CAAC,CAAC,CAAkB,CAAC;YAC5C,MAAM,IAAI,KAAK,CACd,4BAA4B,KAAK,CAAC,KAAK,CAAC,QAAQ,GAAG;gBAClD,WAAW,KAAK,CAAC,KAAK,CAAC,KAAK,IAAI;gBAChC,UAAU,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAC1C,CAAC;QACH,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;QACjD,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,GAAG,MAAM,GAAG,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC;QACzE,MAAM,OAAO,GAAG,eAAe,EAAE,CAAC;QAElC,MAAM,KAAK,GAAU;YACpB,QAAQ,EAAE,OAAO;YACjB,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,SAAS,EAAE,GAAG;YACd,UAAU,EAAE,SAAS;YACrB,MAAM,EAAE,QAAQ;SAChB,CAAC;QAEF,KAAK,CAAC,OAAO,CAAC,GAAG,KAAK,CAAC;QACvB,WAAW,CAAC,KAAK,CAAC,CAAC;QAEnB,OAAO,KAAK,CAAC;IACd,CAAC;IAED;;OAEG;IACH,UAAU,CAAC,OAAe,EAAE,MAAM,GAAG,EAAE;QACtC,MAAM,KAAK,GAAG,UAAU,EAAE,CAAC;QAC3B,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QAE7B,IAAI,CAAC,KAAK,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,SAAS,OAAO,YAAY,CAAC,CAAC;QAC/C,CAAC;QACD,IAAI,KAAK,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,SAAS,OAAO,OAAO,KAAK,CAAC,MAAM,gBAAgB,CAAC,CAAC;QACtE,CAAC;QAED,KAAK,CAAC,UAAU,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,GAAG,MAAM,GAAG,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC;QAC1E,KAAK,CAAC,eAAe,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;QAC7D,WAAW,CAAC,KAAK,CAAC,CAAC;QAEnB,OAAO,KAAK,CAAC;IACd,CAAC;IAED;;OAEG;IACH,YAAY,CAAC,OAAe;QAC3B,MAAM,KAAK,GAAG,UAAU,EAAE,CAAC;QAC3B,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QAE7B,IAAI,CAAC,KAAK,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,SAAS,OAAO,YAAY,CAAC,CAAC;QAC/C,CAAC;QAED,KAAK,CAAC,MAAM,GAAG,UAAU,CAAC;QAC1B,WAAW,CAAC,KAAK,CAAC,CAAC;QAEnB,OAAO,KAAK,CAAC;IACd,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,KAAe,EAAE,YAAqB;QACnD,MAAM,KAAK,GAAG,UAAU,EAAE,CAAC;QAC3B,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC;QAC/B,OAAO,IAAI,CAAC,oBAAoB,CAAC,KAAK,EAAE,KAAK,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC;IAED;;;OAGG;IACH,WAAW;QACV,MAAM,KAAK,GAAG,UAAU,EAAE,CAAC;QAC3B,MAAM,KAAK,GAAG,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC;QAC7C,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;YACf,WAAW,CAAC,KAAK,CAAC,CAAC;QACpB,CAAC;QACD,OAAO,KAAK,CAAC;IACd,CAAC;IAED;;OAEG;IACH,eAAe;QACd,MAAM,KAAK,GAAG,UAAU,EAAE,CAAC;QAC3B,OAAO,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC;IAClE,CAAC;IAED;;OAEG;IACH,QAAQ,CAAC,OAAe;QACvB,MAAM,KAAK,GAAG,UAAU,EAAE,CAAC;QAC3B,OAAO,KAAK,CAAC,OAAO,CAAC,CAAC;IACvB,CAAC;IAED,wBAAwB;IAEhB,oBAAoB,CAC3B,KAAiB,EACjB,KAAe,EACf,YAAqB;QAErB,MAAM,SAAS,GAAoB,EAAE,CAAC;QAEtC,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YAC1C,IAAI,KAAK,CAAC,MAAM,KAAK,QAAQ;gBAAE,SAAS;YACxC,IAAI,YAAY,IAAI,KAAK,CAAC,KAAK,KAAK,YAAY;gBAAE,SAAS;YAE3D,IAAI,aAAa,CAAC,KAAK,EAAE,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;gBACvC,SAAS,CAAC,IAAI,CAAC;oBACd,KAAK;oBACL,mBAAmB,EAAE,KAAK,CAAC,KAAK;iBAChC,CAAC,CAAC;YACJ,CAAC;QACF,CAAC;QAED,OAAO,SAAS,CAAC;IAClB,CAAC;IAEO,kBAAkB,CAAC,KAAiB;QAC3C,MAAM,GAAG,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;QACnC,IAAI,KAAK,GAAG,CAAC,CAAC;QAEd,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YAC1C,IAAI,KAAK,CAAC,MAAM,KAAK,QAAQ,IAAI,IAAI,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,GAAG,EAAE,CAAC;gBACnE,KAAK,CAAC,MAAM,GAAG,SAAS,CAAC;gBACzB,KAAK,EAAE,CAAC;YACT,CAAC;QACF,CAAC;QAED,OAAO,KAAK,CAAC;IACd,CAAC;CACD"}

package/dist/shared/constants.d.ts

@@ -0,0 +1,7 @@
+export declare const GENESIS_HASH = "0000000000000000000000000000000000000000000000000000000000000000";
+export declare const VAULT_DIR = ".usertrust";
+export declare const AUDIT_DIR = "audit";
+export declare const RECEIPT_VERSION = 3;
+export declare const DEFAULT_HOLD_TTL_MS: number;
+export declare const DEFAULT_BUDGET = 50000;
+//# sourceMappingURL=constants.d.ts.map

package/dist/shared/constants.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/shared/constants.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,YAAY,qEAAqE,CAAC;AAC/F,eAAO,MAAM,SAAS,eAAe,CAAC;AACtC,eAAO,MAAM,SAAS,UAAU,CAAC;AACjC,eAAO,MAAM,eAAe,IAAI,CAAC;AACjC,eAAO,MAAM,mBAAmB,QAAgB,CAAC;AACjD,eAAO,MAAM,cAAc,QAAS,CAAC"}

package/dist/shared/constants.js

@@ -0,0 +1,7 @@
+export const GENESIS_HASH = "0000000000000000000000000000000000000000000000000000000000000000";
+export const VAULT_DIR = ".usertrust";
+export const AUDIT_DIR = "audit";
+export const RECEIPT_VERSION = 3;
+export const DEFAULT_HOLD_TTL_MS = 5 * 60 * 1000; // 5 minutes
+export const DEFAULT_BUDGET = 50_000;
+//# sourceMappingURL=constants.js.map

package/dist/shared/constants.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.js","sourceRoot":"","sources":["../../src/shared/constants.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,YAAY,GAAG,kEAAkE,CAAC;AAC/F,MAAM,CAAC,MAAM,SAAS,GAAG,YAAY,CAAC;AACtC,MAAM,CAAC,MAAM,SAAS,GAAG,OAAO,CAAC;AACjC,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,CAAC;AACjC,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,YAAY;AAC9D,MAAM,CAAC,MAAM,cAAc,GAAG,MAAM,CAAC"}

package/dist/shared/errors.d.ts

@@ -0,0 +1,31 @@
+export declare class InsufficientBalanceError extends Error {
+    readonly userId: string;
+    readonly required: number;
+    readonly available: number;
+    constructor(userId: string, required: number, available: number);
+}
+export declare class PolicyDeniedError extends Error {
+    readonly reason: string;
+    constructor(reason: string);
+}
+export declare class AccountNotFoundError extends Error {
+    readonly userId: string;
+    constructor(userId: string);
+}
+export declare class IdempotencyConflictError extends Error {
+    readonly key: string;
+    constructor(key: string);
+}
+export declare class LedgerUnavailableError extends Error {
+    readonly cause_message: string;
+    constructor(reason: string);
+}
+export declare class AuditDegradedError extends Error {
+    readonly cause_message: string;
+    constructor(reason: string);
+}
+export declare class VaultNotInitializedError extends Error {
+    readonly path: string;
+    constructor(path: string);
+}
+//# sourceMappingURL=errors.d.ts.map

package/dist/shared/errors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../src/shared/errors.ts"],"names":[],"mappings":"AAAA,qBAAa,wBAAyB,SAAQ,KAAK;IAClD,SAAgB,MAAM,EAAE,MAAM,CAAC;IAC/B,SAAgB,QAAQ,EAAE,MAAM,CAAC;IACjC,SAAgB,SAAS,EAAE,MAAM,CAAC;gBAEtB,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM;CAO/D;AAED,qBAAa,iBAAkB,SAAQ,KAAK;IAC3C,SAAgB,MAAM,EAAE,MAAM,CAAC;gBAEnB,MAAM,EAAE,MAAM;CAK1B;AAED,qBAAa,oBAAqB,SAAQ,KAAK;IAC9C,SAAgB,MAAM,EAAE,MAAM,CAAC;gBAEnB,MAAM,EAAE,MAAM;CAK1B;AAED,qBAAa,wBAAyB,SAAQ,KAAK;IAClD,SAAgB,GAAG,EAAE,MAAM,CAAC;gBAEhB,GAAG,EAAE,MAAM;CAKvB;AAED,qBAAa,sBAAuB,SAAQ,KAAK;IAChD,SAAgB,aAAa,EAAE,MAAM,CAAC;gBAE1B,MAAM,EAAE,MAAM;CAK1B;AAED,qBAAa,kBAAmB,SAAQ,KAAK;IAC5C,SAAgB,aAAa,EAAE,MAAM,CAAC;gBAE1B,MAAM,EAAE,MAAM;CAK1B;AAED,qBAAa,wBAAyB,SAAQ,KAAK;IAClD,SAAgB,IAAI,EAAE,MAAM,CAAC;gBAEjB,IAAI,EAAE,MAAM;CAKxB"}

package/dist/shared/errors.js

@@ -0,0 +1,61 @@
+export class InsufficientBalanceError extends Error {
+    userId;
+    required;
+    available;
+    constructor(userId, required, available) {
+        super(`Insufficient balance for user ${userId}: need ${required}, have ${available}`);
+        this.name = "InsufficientBalanceError";
+        this.userId = userId;
+        this.required = required;
+        this.available = available;
+    }
+}
+export class PolicyDeniedError extends Error {
+    reason;
+    constructor(reason) {
+        super(`Policy denied: ${reason}`);
+        this.name = "PolicyDeniedError";
+        this.reason = reason;
+    }
+}
+export class AccountNotFoundError extends Error {
+    userId;
+    constructor(userId) {
+        super(`Account not found for user: ${userId}`);
+        this.name = "AccountNotFoundError";
+        this.userId = userId;
+    }
+}
+export class IdempotencyConflictError extends Error {
+    key;
+    constructor(key) {
+        super(`Idempotency conflict for key: ${key}`);
+        this.name = "IdempotencyConflictError";
+        this.key = key;
+    }
+}
+export class LedgerUnavailableError extends Error {
+    cause_message;
+    constructor(reason) {
+        super(`Ledger unavailable: ${reason}`);
+        this.name = "LedgerUnavailableError";
+        this.cause_message = reason;
+    }
+}
+export class AuditDegradedError extends Error {
+    cause_message;
+    constructor(reason) {
+        super(`Audit degraded: ${reason}`);
+        this.name = "AuditDegradedError";
+        this.cause_message = reason;
+    }
+}
+export class VaultNotInitializedError extends Error {
+    path;
+    constructor(path) {
+        super(`Vault not initialized at: ${path}`);
+        this.name = "VaultNotInitializedError";
+        this.path = path;
+    }
+}
+//# sourceMappingURL=errors.js.map

package/dist/shared/errors.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.js","sourceRoot":"","sources":["../../src/shared/errors.ts"],"names":[],"mappings":"AAAA,MAAM,OAAO,wBAAyB,SAAQ,KAAK;IAClC,MAAM,CAAS;IACf,QAAQ,CAAS;IACjB,SAAS,CAAS;IAElC,YAAY,MAAc,EAAE,QAAgB,EAAE,SAAiB;QAC9D,KAAK,CAAC,iCAAiC,MAAM,UAAU,QAAQ,UAAU,SAAS,EAAE,CAAC,CAAC;QACtF,IAAI,CAAC,IAAI,GAAG,0BAA0B,CAAC;QACvC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;IAC5B,CAAC;CACD;AAED,MAAM,OAAO,iBAAkB,SAAQ,KAAK;IAC3B,MAAM,CAAS;IAE/B,YAAY,MAAc;QACzB,KAAK,CAAC,kBAAkB,MAAM,EAAE,CAAC,CAAC;QAClC,IAAI,CAAC,IAAI,GAAG,mBAAmB,CAAC;QAChC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACtB,CAAC;CACD;AAED,MAAM,OAAO,oBAAqB,SAAQ,KAAK;IAC9B,MAAM,CAAS;IAE/B,YAAY,MAAc;QACzB,KAAK,CAAC,+BAA+B,MAAM,EAAE,CAAC,CAAC;QAC/C,IAAI,CAAC,IAAI,GAAG,sBAAsB,CAAC;QACnC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACtB,CAAC;CACD;AAED,MAAM,OAAO,wBAAyB,SAAQ,KAAK;IAClC,GAAG,CAAS;IAE5B,YAAY,GAAW;QACtB,KAAK,CAAC,iCAAiC,GAAG,EAAE,CAAC,CAAC;QAC9C,IAAI,CAAC,IAAI,GAAG,0BAA0B,CAAC;QACvC,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;IAChB,CAAC;CACD;AAED,MAAM,OAAO,sBAAuB,SAAQ,KAAK;IAChC,aAAa,CAAS;IAEtC,YAAY,MAAc;QACzB,KAAK,CAAC,uBAAuB,MAAM,EAAE,CAAC,CAAC;QACvC,IAAI,CAAC,IAAI,GAAG,wBAAwB,CAAC;QACrC,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC;IAC7B,CAAC;CACD;AAED,MAAM,OAAO,kBAAmB,SAAQ,KAAK;IAC5B,aAAa,CAAS;IAEtC,YAAY,MAAc;QACzB,KAAK,CAAC,mBAAmB,MAAM,EAAE,CAAC,CAAC;QACnC,IAAI,CAAC,IAAI,GAAG,oBAAoB,CAAC;QACjC,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC;IAC7B,CAAC;CACD;AAED,MAAM,OAAO,wBAAyB,SAAQ,KAAK;IAClC,IAAI,CAAS;IAE7B,YAAY,IAAY;QACvB,KAAK,CAAC,6BAA6B,IAAI,EAAE,CAAC,CAAC;QAC3C,IAAI,CAAC,IAAI,GAAG,0BAA0B,CAAC;QACvC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IAClB,CAAC;CACD"}

package/dist/shared/ids.d.ts

@@ -0,0 +1,7 @@
+/** Generate a u128 bigint ID for TigerBeetle (time-based + random) */
+export declare function tbId(): bigint;
+/** Generate a string ID for trust records */
+export declare function trustId(prefix: string): string;
+/** FNV-1a 32-bit hash */
+export declare function fnv1a32(str: string): number;
+//# sourceMappingURL=ids.d.ts.map

package/dist/shared/ids.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ids.d.ts","sourceRoot":"","sources":["../../src/shared/ids.ts"],"names":[],"mappings":"AAEA,sEAAsE;AACtE,wBAAgB,IAAI,IAAI,MAAM,CAc7B;AAED,6CAA6C;AAC7C,wBAAgB,OAAO,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAE9C;AAED,yBAAyB;AACzB,wBAAgB,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAO3C"}

package/dist/shared/ids.js

@@ -0,0 +1,31 @@
+import { randomBytes } from "node:crypto";
+/** Generate a u128 bigint ID for TigerBeetle (time-based + random) */
+export function tbId() {
+    const buf = randomBytes(16);
+    const now = BigInt(Date.now());
+    buf[0] = Number((now >> 40n) & 0xffn);
+    buf[1] = Number((now >> 32n) & 0xffn);
+    buf[2] = Number((now >> 24n) & 0xffn);
+    buf[3] = Number((now >> 16n) & 0xffn);
+    buf[4] = Number((now >> 8n) & 0xffn);
+    buf[5] = Number(now & 0xffn);
+    let id = 0n;
+    for (let i = 0; i < 16; i++) {
+        id = (id << 8n) | BigInt(buf[i]);
+    }
+    return id;
+}
+/** Generate a string ID for trust records */
+export function trustId(prefix) {
+    return `${prefix}_${Date.now().toString(36)}_${randomBytes(4).toString("hex")}`;
+}
+/** FNV-1a 32-bit hash */
+export function fnv1a32(str) {
+    let hash = 0x811c9dc5;
+    for (let i = 0; i < str.length; i++) {
+        hash ^= str.charCodeAt(i);
+        hash = Math.imul(hash, 0x01000193);
+    }
+    return hash >>> 0;
+}
+//# sourceMappingURL=ids.js.map

package/dist/shared/ids.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ids.js","sourceRoot":"","sources":["../../src/shared/ids.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE1C,sEAAsE;AACtE,MAAM,UAAU,IAAI;IACnB,MAAM,GAAG,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;IAC5B,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;IAC/B,GAAG,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,GAAG,IAAI,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC;IACtC,GAAG,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,GAAG,IAAI,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC;IACtC,GAAG,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,GAAG,IAAI,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC;IACtC,GAAG,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,GAAG,IAAI,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC;IACtC,GAAG,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,GAAG,IAAI,EAAE,CAAC,GAAG,KAAK,CAAC,CAAC;IACrC,GAAG,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,GAAG,GAAG,KAAK,CAAC,CAAC;IAC7B,IAAI,EAAE,GAAG,EAAE,CAAC;IACZ,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;QAC7B,EAAE,GAAG,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAW,CAAC,CAAC;IAC5C,CAAC;IACD,OAAO,EAAE,CAAC;AACX,CAAC;AAED,6CAA6C;AAC7C,MAAM,UAAU,OAAO,CAAC,MAAc;IACrC,OAAO,GAAG,MAAM,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,IAAI,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;AACjF,CAAC;AAED,yBAAyB;AACzB,MAAM,UAAU,OAAO,CAAC,GAAW;IAClC,IAAI,IAAI,GAAG,UAAU,CAAC;IACtB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,IAAI,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QAC1B,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;IACpC,CAAC;IACD,OAAO,IAAI,KAAK,CAAC,CAAC;AACnB,CAAC"}

package/dist/shared/types.d.ts

@@ -0,0 +1,162 @@
+import { z } from "zod";
+export interface GovernanceReceipt {
+    transferId: string;
+    cost: number;
+    budgetRemaining: number;
+    auditHash: string;
+    chainPath: string;
+    receiptUrl: string | null;
+    settled: boolean;
+    model: string;
+    provider: string;
+    timestamp: string;
+    /** Present and true when the audit chain write failed (failure mode 15.3). */
+    auditDegraded?: boolean;
+}
+export interface GovernedResponse<T> {
+    response: T;
+    governance: GovernanceReceipt;
+}
+export declare const TrustConfigSchema: z.ZodObject<{
+    budget: z.ZodNumber;
+    tier: z.ZodDefault<z.ZodEnum<["free", "mini", "pro", "mega", "ultra"]>>;
+    proxy: z.ZodOptional<z.ZodString>;
+    key: z.ZodOptional<z.ZodString>;
+    policies: z.ZodDefault<z.ZodString>;
+    pii: z.ZodDefault<z.ZodEnum<["redact", "warn", "block", "off"]>>;
+    board: z.ZodDefault<z.ZodObject<{
+        enabled: z.ZodDefault<z.ZodBoolean>;
+        vetoThreshold: z.ZodDefault<z.ZodEnum<["low", "medium", "high", "critical"]>>;
+    }, "strip", z.ZodTypeAny, {
+        enabled: boolean;
+        vetoThreshold: "low" | "medium" | "high" | "critical";
+    }, {
+        enabled?: boolean | undefined;
+        vetoThreshold?: "low" | "medium" | "high" | "critical" | undefined;
+    }>>;
+    circuitBreaker: z.ZodDefault<z.ZodObject<{
+        failureThreshold: z.ZodDefault<z.ZodNumber>;
+        resetTimeout: z.ZodDefault<z.ZodNumber>;
+    }, "strip", z.ZodTypeAny, {
+        failureThreshold: number;
+        resetTimeout: number;
+    }, {
+        failureThreshold?: number | undefined;
+        resetTimeout?: number | undefined;
+    }>>;
+    patterns: z.ZodDefault<z.ZodObject<{
+        enabled: z.ZodDefault<z.ZodBoolean>;
+        feedProxy: z.ZodDefault<z.ZodBoolean>;
+    }, "strip", z.ZodTypeAny, {
+        enabled: boolean;
+        feedProxy: boolean;
+    }, {
+        enabled?: boolean | undefined;
+        feedProxy?: boolean | undefined;
+    }>>;
+    audit: z.ZodDefault<z.ZodObject<{
+        rotation: z.ZodDefault<z.ZodEnum<["daily", "weekly", "none"]>>;
+        indexLimit: z.ZodDefault<z.ZodNumber>;
+    }, "strip", z.ZodTypeAny, {
+        rotation: "daily" | "weekly" | "none";
+        indexLimit: number;
+    }, {
+        rotation?: "daily" | "weekly" | "none" | undefined;
+        indexLimit?: number | undefined;
+    }>>;
+    tigerbeetle: z.ZodDefault<z.ZodObject<{
+        addresses: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
+        clusterId: z.ZodDefault<z.ZodNumber>;
+    }, "strip", z.ZodTypeAny, {
+        addresses: string[];
+        clusterId: number;
+    }, {
+        addresses?: string[] | undefined;
+        clusterId?: number | undefined;
+    }>>;
+}, "strip", z.ZodTypeAny, {
+    audit: {
+        rotation: "daily" | "weekly" | "none";
+        indexLimit: number;
+    };
+    budget: number;
+    tier: "free" | "mini" | "pro" | "mega" | "ultra";
+    policies: string;
+    pii: "redact" | "warn" | "block" | "off";
+    board: {
+        enabled: boolean;
+        vetoThreshold: "low" | "medium" | "high" | "critical";
+    };
+    circuitBreaker: {
+        failureThreshold: number;
+        resetTimeout: number;
+    };
+    patterns: {
+        enabled: boolean;
+        feedProxy: boolean;
+    };
+    tigerbeetle: {
+        addresses: string[];
+        clusterId: number;
+    };
+    proxy?: string | undefined;
+    key?: string | undefined;
+}, {
+    budget: number;
+    audit?: {
+        rotation?: "daily" | "weekly" | "none" | undefined;
+        indexLimit?: number | undefined;
+    } | undefined;
+    tier?: "free" | "mini" | "pro" | "mega" | "ultra" | undefined;
+    proxy?: string | undefined;
+    key?: string | undefined;
+    policies?: string | undefined;
+    pii?: "redact" | "warn" | "block" | "off" | undefined;
+    board?: {
+        enabled?: boolean | undefined;
+        vetoThreshold?: "low" | "medium" | "high" | "critical" | undefined;
+    } | undefined;
+    circuitBreaker?: {
+        failureThreshold?: number | undefined;
+        resetTimeout?: number | undefined;
+    } | undefined;
+    patterns?: {
+        enabled?: boolean | undefined;
+        feedProxy?: boolean | undefined;
+    } | undefined;
+    tigerbeetle?: {
+        addresses?: string[] | undefined;
+        clusterId?: number | undefined;
+    } | undefined;
+}>;
+export type TrustConfig = z.infer<typeof TrustConfigSchema>;
+export type PolicyEffect = "deny" | "warn";
+export type PolicyEnforcement = "hard" | "soft";
+export type PolicySeverity = "critical" | "high" | "medium" | "low" | "info";
+export interface PolicyRule {
+    name: string;
+    effect: PolicyEffect;
+    enforcement: PolicyEnforcement;
+    severity?: PolicySeverity;
+    conditions: FieldCondition[];
+}
+export type FieldOperator = "exists" | "not_exists" | "eq" | "neq" | "gt" | "gte" | "lt" | "lte" | "in" | "not_in" | "contains" | "regex";
+export interface FieldCondition {
+    field: string;
+    operator: FieldOperator;
+    value?: unknown;
+}
+export interface AuditEvent {
+    id: string;
+    timestamp: string;
+    previousHash: string;
+    hash: string;
+    kind: string;
+    actor: string;
+    data: Record<string, unknown>;
+}
+export type BoardDecision = "approved" | "blocked" | "escalated";
+export type ConcernType = "hallucination" | "bias" | "safety" | "scope_creep" | "resource_abuse" | "policy_violation";
+export type DirectorVote = "approve" | "veto" | "abstain";
+export type LLMClientKind = "anthropic" | "openai" | "google";
+//# sourceMappingURL=types.d.ts.map

package/dist/shared/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/shared/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,MAAM,WAAW,iBAAiB;IACjC,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,eAAe,EAAE,MAAM,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,8EAA8E;IAC9E,aAAa,CAAC,EAAE,OAAO,CAAC;CACxB;AAGD,MAAM,WAAW,gBAAgB,CAAC,CAAC;IAClC,QAAQ,EAAE,CAAC,CAAC;IACZ,UAAU,EAAE,iBAAiB,CAAC;CAC9B;AAGD,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAqC5B,CAAC;AAEH,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAG5D,MAAM,MAAM,YAAY,GAAG,MAAM,GAAG,MAAM,CAAC;AAC3C,MAAM,MAAM,iBAAiB,GAAG,MAAM,GAAG,MAAM,CAAC;AAChD,MAAM,MAAM,cAAc,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;AAE7E,MAAM,WAAW,UAAU;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,YAAY,CAAC;IACrB,WAAW,EAAE,iBAAiB,CAAC;IAC/B,QAAQ,CAAC,EAAE,cAAc,CAAC;IAC1B,UAAU,EAAE,cAAc,EAAE,CAAC;CAC7B;AAED,MAAM,MAAM,aAAa,GACtB,QAAQ,GACR,YAAY,GACZ,IAAI,GACJ,KAAK,GACL,IAAI,GACJ,KAAK,GACL,IAAI,GACJ,KAAK,GACL,IAAI,GACJ,QAAQ,GACR,UAAU,GACV,OAAO,CAAC;AAEX,MAAM,WAAW,cAAc;IAC9B,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,aAAa,CAAC;IACxB,KAAK,CAAC,EAAE,OAAO,CAAC;CAChB;AAGD,MAAM,WAAW,UAAU;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC9B;AAGD,MAAM,MAAM,aAAa,GAAG,UAAU,GAAG,SAAS,GAAG,WAAW,CAAC;AACjE,MAAM,MAAM,WAAW,GACpB,eAAe,GACf,MAAM,GACN,QAAQ,GACR,aAAa,GACb,gBAAgB,GAChB,kBAAkB,CAAC;AACtB,MAAM,MAAM,YAAY,GAAG,SAAS,GAAG,MAAM,GAAG,SAAS,CAAC;AAG1D,MAAM,MAAM,aAAa,GAAG,WAAW,GAAG,QAAQ,GAAG,QAAQ,CAAC"}

package/dist/shared/types.js

@@ -0,0 +1,41 @@
+import { z } from "zod";
+// ── Config schema ──
+export const TrustConfigSchema = z.object({
+    budget: z.number().int().positive(),
+    tier: z.enum(["free", "mini", "pro", "mega", "ultra"]).default("mini"),
+    proxy: z.string().url().optional(),
+    key: z.string().optional(),
+    policies: z.string().default("./policies/default.yml"),
+    pii: z.enum(["redact", "warn", "block", "off"]).default("warn"),
+    board: z
+        .object({
+        enabled: z.boolean().default(false),
+        vetoThreshold: z.enum(["low", "medium", "high", "critical"]).default("high"),
+    })
+        .default({}),
+    circuitBreaker: z
+        .object({
+        failureThreshold: z.number().int().default(5),
+        resetTimeout: z.number().int().default(60_000),
+    })
+        .default({}),
+    patterns: z
+        .object({
+        enabled: z.boolean().default(true),
+        feedProxy: z.boolean().default(false),
+    })
+        .default({}),
+    audit: z
+        .object({
+        rotation: z.enum(["daily", "weekly", "none"]).default("daily"),
+        indexLimit: z.number().int().default(10_000),
+    })
+        .default({}),
+    tigerbeetle: z
+        .object({
+        addresses: z.array(z.string()).default(["127.0.0.1:3001"]),
+        clusterId: z.number().int().nonnegative().default(0),
+    })
+        .default({}),
+});
+//# sourceMappingURL=types.js.map

package/dist/shared/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/shared/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAwBxB,sBAAsB;AACtB,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IACzC,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IACnC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;IACtE,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAClC,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,wBAAwB,CAAC;IACtD,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;IAC/D,KAAK,EAAE,CAAC;SACN,MAAM,CAAC;QACP,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;QACnC,aAAa,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;KAC5E,CAAC;SACD,OAAO,CAAC,EAAE,CAAC;IACb,cAAc,EAAE,CAAC;SACf,MAAM,CAAC;QACP,gBAAgB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;QAC7C,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC;KAC9C,CAAC;SACD,OAAO,CAAC,EAAE,CAAC;IACb,QAAQ,EAAE,CAAC;SACT,MAAM,CAAC;QACP,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;QAClC,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;KACrC,CAAC;SACD,OAAO,CAAC,EAAE,CAAC;IACb,KAAK,EAAE,CAAC;SACN,MAAM,CAAC;QACP,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC;QAC9D,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC;KAC5C,CAAC;SACD,OAAO,CAAC,EAAE,CAAC;IACb,WAAW,EAAE,CAAC;SACZ,MAAM,CAAC;QACP,SAAS,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,gBAAgB,CAAC,CAAC;QAC1D,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;KACpD,CAAC;SACD,OAAO,CAAC,EAAE,CAAC;CACb,CAAC,CAAC"}