usertrust 0.1.0

package/dist/audit/rotation.d.ts

@@ -0,0 +1,61 @@
+/**
+ * Audit Rotation — Daily receipt indexing
+ *
+ * Writes individual audit receipts to date-organized directories under
+ * the vault's audit directory. Maintains a bounded index.json for fast
+ * receipt lookup.
+ *
+ * Structure: .usertrust/audit/<kind>/<YYYY-MM-DD>/<receiptId>.json
+ *
+ * Adapted from Turf governance audit.ts (receipt emission + daily rotation).
+ */
+export interface AuditReceipt {
+    v: number;
+    ts: string;
+    kind: string;
+    subsystem: string;
+    actor: string;
+    correlationId?: string;
+    data: Record<string, unknown>;
+}
+export interface WriteReceiptInput {
+    kind: string;
+    subsystem: string;
+    actor: string;
+    correlationId?: string;
+    data: Record<string, unknown>;
+}
+export interface IndexEntry {
+    receiptId: string;
+    kind: string;
+    ts: string;
+    actor: string;
+    correlationId?: string;
+    path: string;
+}
+/**
+ * Write an audit receipt to the daily-rotated directory structure.
+ *
+ * @param vaultPath - Root vault directory (parent of .usertools/)
+ * @param input - Receipt data to write
+ * @param indexLimit - Maximum index entries (default: 10000)
+ * @returns The written receipt, or undefined if the write failed
+ */
+export declare function writeReceipt(vaultPath: string, input: WriteReceiptInput, indexLimit?: number): AuditReceipt | undefined;
+/**
+ * List all receipts of a given kind (optionally filtered by date).
+ *
+ * @param vaultPath - Root vault directory
+ * @param kind - Receipt kind to list
+ * @param date - Optional date filter (YYYY-MM-DD)
+ * @returns Array of receipts, sorted newest-first
+ */
+export declare function listReceipts(vaultPath: string, kind: string, date?: string): AuditReceipt[];
+/**
+ * Load the audit index.
+ *
+ * @param vaultPath - Root vault directory
+ * @returns Array of index entries
+ */
+export declare function loadIndex(vaultPath: string): IndexEntry[];
+//# sourceMappingURL=rotation.d.ts.map

package/dist/audit/rotation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rotation.d.ts","sourceRoot":"","sources":["../../src/audit/rotation.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AASH,MAAM,WAAW,YAAY;IAC5B,CAAC,EAAE,MAAM,CAAC;IACV,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC9B;AAED,MAAM,WAAW,iBAAiB;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC9B;AAED,MAAM,WAAW,UAAU;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,IAAI,EAAE,MAAM,CAAC;CACb;AA4CD;;;;;;;GAOG;AACH,wBAAgB,YAAY,CAC3B,SAAS,EAAE,MAAM,EACjB,KAAK,EAAE,iBAAiB,EACxB,UAAU,SAAS,GACjB,YAAY,GAAG,SAAS,CA6C1B;AAED;;;;;;;GAOG;AACH,wBAAgB,YAAY,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,GAAG,YAAY,EAAE,CAoC3F;AAED;;;;;GAKG;AACH,wBAAgB,SAAS,CAAC,SAAS,EAAE,MAAM,GAAG,UAAU,EAAE,CAUzD"}

package/dist/audit/rotation.js

@@ -0,0 +1,160 @@
+/**
+ * Audit Rotation — Daily receipt indexing
+ *
+ * Writes individual audit receipts to date-organized directories under
+ * the vault's audit directory. Maintains a bounded index.json for fast
+ * receipt lookup.
+ *
+ * Structure: .usertrust/audit/<kind>/<YYYY-MM-DD>/<receiptId>.json
+ *
+ * Adapted from Turf governance audit.ts (receipt emission + daily rotation).
+ */
+import { existsSync, mkdirSync, readFileSync, readdirSync, writeFileSync } from "node:fs";
+import { join } from "node:path";
+import { AUDIT_DIR, RECEIPT_VERSION, VAULT_DIR } from "../shared/constants.js";
+import { trustId } from "../shared/ids.js";
+// ── Helpers ──
+function getTodayDate() {
+    const now = new Date();
+    return now.toISOString().split("T")[0] ?? "unknown";
+}
+function getDailyDir(auditRoot, kind) {
+    return join(auditRoot, kind, getTodayDate());
+}
+function getIndexPath(auditRoot) {
+    return join(auditRoot, "index.json");
+}
+// ── Index management ──
+function updateIndex(auditRoot, entry, indexLimit) {
+    try {
+        const indexPath = getIndexPath(auditRoot);
+        let index = [];
+        if (existsSync(indexPath)) {
+            const raw = readFileSync(indexPath, "utf-8");
+            index = JSON.parse(raw);
+        }
+        index.push(entry);
+        // Keep index bounded
+        if (index.length > indexLimit) {
+            index = index.slice(-indexLimit);
+        }
+        writeFileSync(indexPath, JSON.stringify(index, null, "\t"));
+    }
+    catch {
+        // Index update failure is non-fatal
+    }
+}
+// ── Public API ──
+/**
+ * Write an audit receipt to the daily-rotated directory structure.
+ *
+ * @param vaultPath - Root vault directory (parent of .usertools/)
+ * @param input - Receipt data to write
+ * @param indexLimit - Maximum index entries (default: 10000)
+ * @returns The written receipt, or undefined if the write failed
+ */
+export function writeReceipt(vaultPath, input, indexLimit = 10_000) {
+    try {
+        const auditRoot = join(vaultPath, VAULT_DIR, AUDIT_DIR);
+        const receiptId = trustId("rcpt");
+        const ts = new Date().toISOString();
+        const receipt = {
+            v: RECEIPT_VERSION,
+            ts,
+            kind: input.kind,
+            subsystem: input.subsystem,
+            actor: input.actor,
+            ...(input.correlationId !== undefined ? { correlationId: input.correlationId } : {}),
+            data: {
+                receiptId,
+                ...input.data,
+            },
+        };
+        // Write individual receipt file with daily rotation
+        const dailyDir = getDailyDir(auditRoot, input.kind);
+        if (!existsSync(dailyDir)) {
+            mkdirSync(dailyDir, { recursive: true });
+        }
+        const receiptFile = join(dailyDir, `${receiptId}.json`);
+        writeFileSync(receiptFile, JSON.stringify(receipt, null, "\t"));
+        // Update index
+        updateIndex(auditRoot, {
+            receiptId,
+            kind: input.kind,
+            ts,
+            actor: input.actor,
+            ...(input.correlationId !== undefined ? { correlationId: input.correlationId } : {}),
+            path: `${input.kind}/${getTodayDate()}/${receiptId}.json`,
+        }, indexLimit);
+        return receipt;
+    }
+    catch {
+        return undefined;
+    }
+}
+/**
+ * List all receipts of a given kind (optionally filtered by date).
+ *
+ * @param vaultPath - Root vault directory
+ * @param kind - Receipt kind to list
+ * @param date - Optional date filter (YYYY-MM-DD)
+ * @returns Array of receipts, sorted newest-first
+ */
+export function listReceipts(vaultPath, kind, date) {
+    const kindDir = join(vaultPath, VAULT_DIR, AUDIT_DIR, kind);
+    if (!existsSync(kindDir))
+        return [];
+    try {
+        const results = [];
+        const entries = readdirSync(kindDir, { withFileTypes: true });
+        for (const entry of entries) {
+            if (entry.isDirectory()) {
+                if (date && entry.name !== date)
+                    continue;
+                const dateDir = join(kindDir, entry.name);
+                const files = readdirSync(dateDir).filter((f) => f.endsWith(".json"));
+                for (const f of files) {
+                    try {
+                        const raw = readFileSync(join(dateDir, f), "utf-8");
+                        results.push(JSON.parse(raw));
+                    }
+                    catch {
+                        // Skip invalid files
+                    }
+                }
+            }
+            else if (entry.isFile() && entry.name.endsWith(".json")) {
+                try {
+                    const raw = readFileSync(join(kindDir, entry.name), "utf-8");
+                    results.push(JSON.parse(raw));
+                }
+                catch {
+                    // Skip invalid files
+                }
+            }
+        }
+        return results.sort((a, b) => new Date(b.ts).getTime() - new Date(a.ts).getTime());
+    }
+    catch {
+        return [];
+    }
+}
+/**
+ * Load the audit index.
+ *
+ * @param vaultPath - Root vault directory
+ * @returns Array of index entries
+ */
+export function loadIndex(vaultPath) {
+    const indexPath = getIndexPath(join(vaultPath, VAULT_DIR, AUDIT_DIR));
+    if (!existsSync(indexPath))
+        return [];
+    try {
+        const raw = readFileSync(indexPath, "utf-8");
+        return JSON.parse(raw);
+    }
+    catch {
+        return [];
+    }
+}
+//# sourceMappingURL=rotation.js.map

package/dist/audit/rotation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rotation.js","sourceRoot":"","sources":["../../src/audit/rotation.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAC1F,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,SAAS,EAAE,eAAe,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAC/E,OAAO,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AA+B3C,gBAAgB;AAEhB,SAAS,YAAY;IACpB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,OAAO,GAAG,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,SAAS,CAAC;AACrD,CAAC;AAED,SAAS,WAAW,CAAC,SAAiB,EAAE,IAAY;IACnD,OAAO,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,CAAC;AAC9C,CAAC;AAED,SAAS,YAAY,CAAC,SAAiB;IACtC,OAAO,IAAI,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;AACtC,CAAC;AAED,yBAAyB;AAEzB,SAAS,WAAW,CAAC,SAAiB,EAAE,KAAiB,EAAE,UAAkB;IAC5E,IAAI,CAAC;QACJ,MAAM,SAAS,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC;QAC1C,IAAI,KAAK,GAAiB,EAAE,CAAC;QAE7B,IAAI,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAC3B,MAAM,GAAG,GAAG,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YAC7C,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAiB,CAAC;QACzC,CAAC;QAED,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAElB,qBAAqB;QACrB,IAAI,KAAK,CAAC,MAAM,GAAG,UAAU,EAAE,CAAC;YAC/B,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,UAAU,CAAC,CAAC;QAClC,CAAC;QAED,aAAa,CAAC,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC;IAC7D,CAAC;IAAC,MAAM,CAAC;QACR,oCAAoC;IACrC,CAAC;AACF,CAAC;AAED,mBAAmB;AAEnB;;;;;;;GAOG;AACH,MAAM,UAAU,YAAY,CAC3B,SAAiB,EACjB,KAAwB,EACxB,UAAU,GAAG,MAAM;IAEnB,IAAI,CAAC;QACJ,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;QACxD,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;QAClC,MAAM,EAAE,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAEpC,MAAM,OAAO,GAAiB;YAC7B,CAAC,EAAE,eAAe;YAClB,EAAE;YACF,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,GAAG,CAAC,KAAK,CAAC,aAAa,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,KAAK,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACpF,IAAI,EAAE;gBACL,SAAS;gBACT,GAAG,KAAK,CAAC,IAAI;aACb;SACD,CAAC;QAEF,oDAAoD;QACpD,MAAM,QAAQ,GAAG,WAAW,CAAC,SAAS,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QACpD,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC3B,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1C,CAAC;QACD,MAAM,WAAW,GAAG,IAAI,CAAC,QAAQ,EAAE,GAAG,SAAS,OAAO,CAAC,CAAC;QACxD,aAAa,CAAC,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC;QAEhE,eAAe;QACf,WAAW,CACV,SAAS,EACT;YACC,SAAS;YACT,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,EAAE;YACF,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,GAAG,CAAC,KAAK,CAAC,aAAa,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,KAAK,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACpF,IAAI,EAAE,GAAG,KAAK,CAAC,IAAI,IAAI,YAAY,EAAE,IAAI,SAAS,OAAO;SACzD,EACD,UAAU,CACV,CAAC;QAEF,OAAO,OAAO,CAAC;IAChB,CAAC;IAAC,MAAM,CAAC;QACR,OAAO,SAAS,CAAC;IAClB,CAAC;AACF,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,YAAY,CAAC,SAAiB,EAAE,IAAY,EAAE,IAAa;IAC1E,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,IAAI,CAAC,CAAC;IAC5D,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC;QAAE,OAAO,EAAE,CAAC;IAEpC,IAAI,CAAC;QACJ,MAAM,OAAO,GAAmB,EAAE,CAAC;QACnC,MAAM,OAAO,GAAG,WAAW,CAAC,OAAO,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;QAE9D,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC7B,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;gBACzB,IAAI,IAAI,IAAI,KAAK,CAAC,IAAI,KAAK,IAAI;oBAAE,SAAS;gBAE1C,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;gBAC1C,MAAM,KAAK,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;gBACtE,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;oBACvB,IAAI,CAAC;wBACJ,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;wBACpD,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAiB,CAAC,CAAC;oBAC/C,CAAC;oBAAC,MAAM,CAAC;wBACR,qBAAqB;oBACtB,CAAC;gBACF,CAAC;YACF,CAAC;iBAAM,IAAI,KAAK,CAAC,MAAM,EAAE,IAAI,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC3D,IAAI,CAAC;oBACJ,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC,CAAC;oBAC7D,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAiB,CAAC,CAAC;gBAC/C,CAAC;gBAAC,MAAM,CAAC;oBACR,qBAAqB;gBACtB,CAAC;YACF,CAAC;QACF,CAAC;QAED,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,OAAO,EAAE,GAAG,IAAI,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;IACpF,CAAC;IAAC,MAAM,CAAC;QACR,OAAO,EAAE,CAAC;IACX,CAAC;AACF,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,SAAS,CAAC,SAAiB;IAC1C,MAAM,SAAS,GAAG,YAAY,CAAC,IAAI,CAAC,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC,CAAC;IACtE,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO,EAAE,CAAC;IAEtC,IAAI,CAAC;QACJ,MAAM,GAAG,GAAG,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QAC7C,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAiB,CAAC;IACxC,CAAC;IAAC,MAAM,CAAC;QACR,OAAO,EAAE,CAAC;IACX,CAAC;AACF,CAAC"}

package/dist/audit/verify.d.ts

@@ -0,0 +1,20 @@
+/**
+ * Audit Chain Verifier
+ *
+ * Reads a JSONL audit log and verifies:
+ * 1. Each event's hash matches the SHA-256 of its canonical representation
+ * 2. Each event's previousHash links to the prior event's hash
+ * 3. The first event chains from GENESIS_HASH
+ *
+ * Adapted from usertools-stealth governance/audit/verifier.ts — removes
+ * flushAuditWriter dependency (verifier should NOT flush the writer).
+ */
+export interface ChainVerificationResult {
+    valid: boolean;
+    eventsVerified: number;
+    errors: string[];
+    latestHash: string;
+    verifiedAt: string;
+}
+export declare function verifyChain(logPath: string): ChainVerificationResult;
+//# sourceMappingURL=verify.d.ts.map

package/dist/audit/verify.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify.d.ts","sourceRoot":"","sources":["../../src/audit/verify.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAQH,MAAM,WAAW,uBAAuB;IACvC,KAAK,EAAE,OAAO,CAAC;IACf,cAAc,EAAE,MAAM,CAAC;IACvB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACnB;AAED,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,uBAAuB,CAuEpE"}

package/dist/audit/verify.js

@@ -0,0 +1,73 @@
+/**
+ * Audit Chain Verifier
+ *
+ * Reads a JSONL audit log and verifies:
+ * 1. Each event's hash matches the SHA-256 of its canonical representation
+ * 2. Each event's previousHash links to the prior event's hash
+ * 3. The first event chains from GENESIS_HASH
+ *
+ * Adapted from usertools-stealth governance/audit/verifier.ts — removes
+ * flushAuditWriter dependency (verifier should NOT flush the writer).
+ */
+import { createHash } from "node:crypto";
+import { existsSync, readFileSync } from "node:fs";
+import { GENESIS_HASH } from "../shared/constants.js";
+import { canonicalize } from "./canonical.js";
+export function verifyChain(logPath) {
+    const errors = [];
+    if (!existsSync(logPath)) {
+        return {
+            valid: true,
+            eventsVerified: 0,
+            errors: [],
+            latestHash: GENESIS_HASH,
+            verifiedAt: new Date().toISOString(),
+        };
+    }
+    const content = readFileSync(logPath, "utf-8").trim();
+    if (!content) {
+        return {
+            valid: true,
+            eventsVerified: 0,
+            errors: [],
+            latestHash: GENESIS_HASH,
+            verifiedAt: new Date().toISOString(),
+        };
+    }
+    const lines = content.split("\n").filter((l) => l.trim());
+    let expectedPreviousHash = GENESIS_HASH;
+    let latestHash = GENESIS_HASH;
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        let event;
+        try {
+            event = JSON.parse(line);
+        }
+        catch (parseErr) {
+            errors.push(`Event ${i + 1}: malformed JSON — ${parseErr instanceof Error ? parseErr.message : String(parseErr)}`);
+            expectedPreviousHash = "";
+            continue;
+        }
+        if (event.previousHash !== expectedPreviousHash) {
+            errors.push(`Event ${i + 1} (${event.id}): previousHash mismatch. ` +
+                `Expected ${expectedPreviousHash}, got ${event.previousHash}`);
+        }
+        const { hash: storedHash, ...eventWithoutHash } = event;
+        const canonical = canonicalize(eventWithoutHash);
+        const computedHash = createHash("sha256").update(canonical).digest("hex");
+        if (storedHash !== computedHash) {
+            errors.push(`Event ${i + 1} (${event.id}): hash mismatch. ` +
+                `Expected ${computedHash}, got ${storedHash}`);
+        }
+        expectedPreviousHash = storedHash;
+        latestHash = storedHash;
+    }
+    return {
+        valid: errors.length === 0,
+        eventsVerified: lines.length,
+        errors,
+        latestHash,
+        verifiedAt: new Date().toISOString(),
+    };
+}
+//# sourceMappingURL=verify.js.map

package/dist/audit/verify.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify.js","sourceRoot":"","sources":["../../src/audit/verify.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAEtD,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAU9C,MAAM,UAAU,WAAW,CAAC,OAAe;IAC1C,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QAC1B,OAAO;YACN,KAAK,EAAE,IAAI;YACX,cAAc,EAAE,CAAC;YACjB,MAAM,EAAE,EAAE;YACV,UAAU,EAAE,YAAY;YACxB,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;IACtD,IAAI,CAAC,OAAO,EAAE,CAAC;QACd,OAAO;YACN,KAAK,EAAE,IAAI;YACX,cAAc,EAAE,CAAC;YACjB,MAAM,EAAE,EAAE;YACV,UAAU,EAAE,YAAY;YACxB,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;IACH,CAAC;IAED,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAC1D,IAAI,oBAAoB,GAAG,YAAY,CAAC;IACxC,IAAI,UAAU,GAAG,YAAY,CAAC;IAE9B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAW,CAAC;QAEhC,IAAI,KAAiB,CAAC;QACtB,IAAI,CAAC;YACJ,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAe,CAAC;QACxC,CAAC;QAAC,OAAO,QAAQ,EAAE,CAAC;YACnB,MAAM,CAAC,IAAI,CACV,SAAS,CAAC,GAAG,CAAC,sBAAsB,QAAQ,YAAY,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CACrG,CAAC;YACF,oBAAoB,GAAG,EAAE,CAAC;YAC1B,SAAS;QACV,CAAC;QAED,IAAI,KAAK,CAAC,YAAY,KAAK,oBAAoB,EAAE,CAAC;YACjD,MAAM,CAAC,IAAI,CACV,SAAS,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,EAAE,4BAA4B;gBACtD,YAAY,oBAAoB,SAAS,KAAK,CAAC,YAAY,EAAE,CAC9D,CAAC;QACH,CAAC;QAED,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,gBAAgB,EAAE,GAAG,KAAK,CAAC;QACxD,MAAM,SAAS,GAAG,YAAY,CAAC,gBAAgB,CAAC,CAAC;QACjD,MAAM,YAAY,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAE1E,IAAI,UAAU,KAAK,YAAY,EAAE,CAAC;YACjC,MAAM,CAAC,IAAI,CACV,SAAS,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,EAAE,oBAAoB;gBAC9C,YAAY,YAAY,SAAS,UAAU,EAAE,CAC9C,CAAC;QACH,CAAC;QAED,oBAAoB,GAAG,UAAU,CAAC;QAClC,UAAU,GAAG,UAAU,CAAC;IACzB,CAAC;IAED,OAAO;QACN,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;QAC1B,cAAc,EAAE,KAAK,CAAC,MAAM;QAC5B,MAAM;QACN,UAAU;QACV,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;AACH,CAAC"}

package/dist/board/board.d.ts

@@ -0,0 +1,67 @@
+/**
+ * Board of Directors — Board Coordination
+ *
+ * Coordinates two isolated Directors for democratic oversight.
+ * Decision matrix:
+ *   Both APPROVE        → approved
+ *   Unanimous VETO      → blocked  (requires human escalation)
+ *   VETO + APPROVE      → escalated (conflict, human review)
+ *   Both ABSTAIN        → escalated (insufficient confidence)
+ *
+ * Persists JSONL session history with a 100-review buffer.
+ */
+import type { BoardDecision } from "../shared/types.js";
+import type { BoardRequest } from "./concerns.js";
+import type { DirectorReview } from "./director.js";
+export interface BoardReviewResult {
+    request: BoardRequest & {
+        reviewId: string;
+        requestedAt: string;
+    };
+    reviews: DirectorReview[];
+    decision: BoardDecision;
+    reasoning: string;
+    requiresHumanEscalation: boolean;
+    escalationReason?: string | undefined;
+    decidedAt: string;
+}
+export interface BoardOpts {
+    /** Maximum completed reviews to keep in the session file (default 100) */
+    maxHistory?: number | undefined;
+}
+export interface Board {
+    /**
+     * Submit, review, and decide in one synchronous call.
+     * Returns the full review result.
+     */
+    reviewNow(decisionType: string, actor: string, description: string, options?: {
+        scope?: string[];
+        context?: Record<string, unknown>;
+    }): BoardReviewResult;
+    /** Get recent completed reviews. */
+    getRecentReviews(limit?: number): BoardReviewResult[];
+    /** Get aggregate stats. */
+    getStats(): BoardStats;
+}
+export interface BoardStats {
+    totalReviews: number;
+    approved: number;
+    blocked: number;
+    escalated: number;
+}
+/**
+ * Determine final Board decision from Director reviews.
+ */
+export declare function determineDecision(reviews: DirectorReview[]): {
+    decision: BoardDecision;
+    requiresHumanEscalation: boolean;
+    escalationReason?: string;
+};
+/**
+ * Create a Board of Directors instance backed by a vault directory.
+ *
+ * @param vaultPath — absolute or relative path to `.usertools/` (or custom vault)
+ * @param opts — optional configuration
+ */
+export declare function createBoard(vaultPath: string, opts?: BoardOpts): Board;
+//# sourceMappingURL=board.d.ts.map

package/dist/board/board.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"board.d.ts","sourceRoot":"","sources":["../../src/board/board.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAMH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAClD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAKpD,MAAM,WAAW,iBAAiB;IACjC,OAAO,EAAE,YAAY,GAAG;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAA;KAAE,CAAC;IAClE,OAAO,EAAE,cAAc,EAAE,CAAC;IAC1B,QAAQ,EAAE,aAAa,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,uBAAuB,EAAE,OAAO,CAAC;IACjC,gBAAgB,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IACtC,SAAS,EAAE,MAAM,CAAC;CAClB;AASD,MAAM,WAAW,SAAS;IACzB,0EAA0E;IAC1E,UAAU,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CAChC;AAED,MAAM,WAAW,KAAK;IACrB;;;OAGG;IACH,SAAS,CACR,YAAY,EAAE,MAAM,EACpB,KAAK,EAAE,MAAM,EACb,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE;QACT,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;QACjB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KAClC,GACC,iBAAiB,CAAC;IAErB,oCAAoC;IACpC,gBAAgB,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,iBAAiB,EAAE,CAAC;IAEtD,2BAA2B;IAC3B,QAAQ,IAAI,UAAU,CAAC;CACvB;AAED,MAAM,WAAW,UAAU;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;CAClB;AAID;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,cAAc,EAAE,GAAG;IAC7D,QAAQ,EAAE,aAAa,CAAC;IACxB,uBAAuB,EAAE,OAAO,CAAC;IACjC,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC1B,CA+CA;AA2ED;;;;;GAKG;AACH,wBAAgB,WAAW,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,SAAS,GAAG,KAAK,CAiEtE"}

package/dist/board/board.js

@@ -0,0 +1,191 @@
+/**
+ * Board of Directors — Board Coordination
+ *
+ * Coordinates two isolated Directors for democratic oversight.
+ * Decision matrix:
+ *   Both APPROVE        → approved
+ *   Unanimous VETO      → blocked  (requires human escalation)
+ *   VETO + APPROVE      → escalated (conflict, human review)
+ *   Both ABSTAIN        → escalated (insufficient confidence)
+ *
+ * Persists JSONL session history with a 100-review buffer.
+ */
+import { appendFileSync, existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
+import { join } from "node:path";
+import { trustId } from "../shared/ids.js";
+import { listDirectors, reviewDecision } from "./director.js";
+// ── Decision Logic ──
+/**
+ * Determine final Board decision from Director reviews.
+ */
+export function determineDecision(reviews) {
+    const votes = reviews.map((r) => r.vote);
+    const vetoCount = votes.filter((v) => v === "veto").length;
+    const approveCount = votes.filter((v) => v === "approve").length;
+    const abstainCount = votes.filter((v) => v === "abstain").length;
+    // Unanimous veto → blocked
+    if (vetoCount === reviews.length) {
+        return {
+            decision: "blocked",
+            requiresHumanEscalation: true,
+            escalationReason: "Unanimous Board veto - all Directors flagged critical concerns",
+        };
+    }
+    // Any veto with any approve → conflict, escalate
+    if (vetoCount > 0 && approveCount > 0) {
+        return {
+            decision: "escalated",
+            requiresHumanEscalation: true,
+            escalationReason: "Director disagreement - veto conflicts with approval",
+        };
+    }
+    // Both abstain → need more info
+    if (abstainCount === reviews.length) {
+        return {
+            decision: "escalated",
+            requiresHumanEscalation: true,
+            escalationReason: "Both Directors abstained - insufficient confidence",
+        };
+    }
+    // Single veto with abstain → blocked but escalate
+    if (vetoCount > 0) {
+        return {
+            decision: "blocked",
+            requiresHumanEscalation: true,
+            escalationReason: "Director veto with abstention",
+        };
+    }
+    // Approved (both approve, or approve + abstain)
+    return {
+        decision: "approved",
+        requiresHumanEscalation: false,
+    };
+}
+/**
+ * Combine Director reasoning into final reasoning string.
+ */
+function combineReasoning(reviews, decision) {
+    const parts = reviews.map((r) => `[${r.directorId}] ${r.reasoning}`);
+    const prefix = decision === "approved"
+        ? "Board APPROVED:"
+        : decision === "blocked"
+            ? "Board BLOCKED:"
+            : "Board ESCALATED:";
+    return `${prefix} ${parts.join(" | ")}`;
+}
+// ── Session Persistence ──
+function boardDir(vaultPath) {
+    return join(vaultPath, "board");
+}
+function sessionPath(vaultPath) {
+    return join(boardDir(vaultPath), "session.json");
+}
+function historyPath(vaultPath) {
+    return join(boardDir(vaultPath), "history.jsonl");
+}
+function ensureDir(vaultPath) {
+    const dir = boardDir(vaultPath);
+    if (!existsSync(dir)) {
+        mkdirSync(dir, { recursive: true });
+    }
+}
+function loadSession(vaultPath) {
+    ensureDir(vaultPath);
+    const file = sessionPath(vaultPath);
+    if (!existsSync(file)) {
+        const now = new Date().toISOString();
+        return {
+            pendingReviews: {},
+            completedReviews: [],
+            startedAt: now,
+            lastActivityAt: now,
+        };
+    }
+    try {
+        return JSON.parse(readFileSync(file, "utf-8"));
+    }
+    catch {
+        const now = new Date().toISOString();
+        return {
+            pendingReviews: {},
+            completedReviews: [],
+            startedAt: now,
+            lastActivityAt: now,
+        };
+    }
+}
+function saveSession(vaultPath, session) {
+    ensureDir(vaultPath);
+    session.lastActivityAt = new Date().toISOString();
+    writeFileSync(sessionPath(vaultPath), JSON.stringify(session, null, "\t"));
+}
+function appendHistory(vaultPath, result) {
+    ensureDir(vaultPath);
+    appendFileSync(historyPath(vaultPath), `${JSON.stringify(result)}\n`);
+}
+// ── Factory ──
+/**
+ * Create a Board of Directors instance backed by a vault directory.
+ *
+ * @param vaultPath — absolute or relative path to `.usertools/` (or custom vault)
+ * @param opts — optional configuration
+ */
+export function createBoard(vaultPath, opts) {
+    const maxHistory = opts?.maxHistory ?? 100;
+    return {
+        reviewNow(decisionType, actor, description, options) {
+            const reviewId = trustId("BR");
+            const request = {
+                reviewId,
+                decisionType,
+                actor,
+                description,
+                scope: options?.scope,
+                context: options?.context ?? {},
+                requestedAt: new Date().toISOString(),
+            };
+            // Each Director reviews independently
+            const directors = listDirectors();
+            const reviews = [];
+            for (const director of directors) {
+                reviews.push(reviewDecision(director.id, request));
+            }
+            // Determine final decision
+            const { decision, requiresHumanEscalation, escalationReason } = determineDecision(reviews);
+            const reasoning = combineReasoning(reviews, decision);
+            const result = {
+                request,
+                reviews,
+                decision,
+                reasoning,
+                requiresHumanEscalation,
+                escalationReason,
+                decidedAt: new Date().toISOString(),
+            };
+            // Persist
+            const session = loadSession(vaultPath);
+            session.completedReviews.push(result);
+            if (session.completedReviews.length > maxHistory) {
+                session.completedReviews = session.completedReviews.slice(-maxHistory);
+            }
+            saveSession(vaultPath, session);
+            appendHistory(vaultPath, result);
+            return result;
+        },
+        getRecentReviews(limit = 10) {
+            const session = loadSession(vaultPath);
+            return session.completedReviews.slice(-limit);
+        },
+        getStats() {
+            const session = loadSession(vaultPath);
+            const completed = session.completedReviews;
+            return {
+                totalReviews: completed.length,
+                approved: completed.filter((r) => r.decision === "approved").length,
+                blocked: completed.filter((r) => r.decision === "blocked").length,
+                escalated: completed.filter((r) => r.decision === "escalated").length,
+            };
+        },
+    };
+}
+//# sourceMappingURL=board.js.map

package/dist/board/board.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"board.js","sourceRoot":"","sources":["../../src/board/board.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAC7F,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,OAAO,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAI3C,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAuD9D,uBAAuB;AAEvB;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAAyB;IAK1D,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IACzC,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IAC3D,MAAM,YAAY,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,SAAS,CAAC,CAAC,MAAM,CAAC;IACjE,MAAM,YAAY,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,SAAS,CAAC,CAAC,MAAM,CAAC;IAEjE,2BAA2B;IAC3B,IAAI,SAAS,KAAK,OAAO,CAAC,MAAM,EAAE,CAAC;QAClC,OAAO;YACN,QAAQ,EAAE,SAAS;YACnB,uBAAuB,EAAE,IAAI;YAC7B,gBAAgB,EAAE,gEAAgE;SAClF,CAAC;IACH,CAAC;IAED,iDAAiD;IACjD,IAAI,SAAS,GAAG,CAAC,IAAI,YAAY,GAAG,CAAC,EAAE,CAAC;QACvC,OAAO;YACN,QAAQ,EAAE,WAAW;YACrB,uBAAuB,EAAE,IAAI;YAC7B,gBAAgB,EAAE,sDAAsD;SACxE,CAAC;IACH,CAAC;IAED,gCAAgC;IAChC,IAAI,YAAY,KAAK,OAAO,CAAC,MAAM,EAAE,CAAC;QACrC,OAAO;YACN,QAAQ,EAAE,WAAW;YACrB,uBAAuB,EAAE,IAAI;YAC7B,gBAAgB,EAAE,oDAAoD;SACtE,CAAC;IACH,CAAC;IAED,kDAAkD;IAClD,IAAI,SAAS,GAAG,CAAC,EAAE,CAAC;QACnB,OAAO;YACN,QAAQ,EAAE,SAAS;YACnB,uBAAuB,EAAE,IAAI;YAC7B,gBAAgB,EAAE,+BAA+B;SACjD,CAAC;IACH,CAAC;IAED,gDAAgD;IAChD,OAAO;QACN,QAAQ,EAAE,UAAU;QACpB,uBAAuB,EAAE,KAAK;KAC9B,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CAAC,OAAyB,EAAE,QAAuB;IAC3E,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,UAAU,KAAK,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC;IACrE,MAAM,MAAM,GACX,QAAQ,KAAK,UAAU;QACtB,CAAC,CAAC,iBAAiB;QACnB,CAAC,CAAC,QAAQ,KAAK,SAAS;YACvB,CAAC,CAAC,gBAAgB;YAClB,CAAC,CAAC,kBAAkB,CAAC;IACxB,OAAO,GAAG,MAAM,IAAI,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;AACzC,CAAC;AAED,4BAA4B;AAE5B,SAAS,QAAQ,CAAC,SAAiB;IAClC,OAAO,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;AACjC,CAAC;AAED,SAAS,WAAW,CAAC,SAAiB;IACrC,OAAO,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,cAAc,CAAC,CAAC;AAClD,CAAC;AAED,SAAS,WAAW,CAAC,SAAiB;IACrC,OAAO,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,eAAe,CAAC,CAAC;AACnD,CAAC;AAED,SAAS,SAAS,CAAC,SAAiB;IACnC,MAAM,GAAG,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC;IAChC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACtB,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACrC,CAAC;AACF,CAAC;AAED,SAAS,WAAW,CAAC,SAAiB;IACrC,SAAS,CAAC,SAAS,CAAC,CAAC;IACrB,MAAM,IAAI,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC;IACpC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACvB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACrC,OAAO;YACN,cAAc,EAAE,EAAE;YAClB,gBAAgB,EAAE,EAAE;YACpB,SAAS,EAAE,GAAG;YACd,cAAc,EAAE,GAAG;SACnB,CAAC;IACH,CAAC;IACD,IAAI,CAAC;QACJ,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAiB,CAAC;IAChE,CAAC;IAAC,MAAM,CAAC;QACR,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACrC,OAAO;YACN,cAAc,EAAE,EAAE;YAClB,gBAAgB,EAAE,EAAE;YACpB,SAAS,EAAE,GAAG;YACd,cAAc,EAAE,GAAG;SACnB,CAAC;IACH,CAAC;AACF,CAAC;AAED,SAAS,WAAW,CAAC,SAAiB,EAAE,OAAqB;IAC5D,SAAS,CAAC,SAAS,CAAC,CAAC;IACrB,OAAO,CAAC,cAAc,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAClD,aAAa,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC;AAC5E,CAAC;AAED,SAAS,aAAa,CAAC,SAAiB,EAAE,MAAyB;IAClE,SAAS,CAAC,SAAS,CAAC,CAAC;IACrB,cAAc,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;AACvE,CAAC;AAED,gBAAgB;AAEhB;;;;;GAKG;AACH,MAAM,UAAU,WAAW,CAAC,SAAiB,EAAE,IAAgB;IAC9D,MAAM,UAAU,GAAG,IAAI,EAAE,UAAU,IAAI,GAAG,CAAC;IAE3C,OAAO;QACN,SAAS,CAAC,YAAY,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO;YAClD,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;YAC/B,MAAM,OAAO,GAAG;gBACf,QAAQ;gBACR,YAAY;gBACZ,KAAK;gBACL,WAAW;gBACX,KAAK,EAAE,OAAO,EAAE,KAAK;gBACrB,OAAO,EAAE,OAAO,EAAE,OAAO,IAAI,EAAE;gBAC/B,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;aACrC,CAAC;YAEF,sCAAsC;YACtC,MAAM,SAAS,GAAG,aAAa,EAAE,CAAC;YAClC,MAAM,OAAO,GAAqB,EAAE,CAAC;YACrC,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;gBAClC,OAAO,CAAC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC,CAAC;YACpD,CAAC;YAED,2BAA2B;YAC3B,MAAM,EAAE,QAAQ,EAAE,uBAAuB,EAAE,gBAAgB,EAAE,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;YAC3F,MAAM,SAAS,GAAG,gBAAgB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;YAEtD,MAAM,MAAM,GAAsB;gBACjC,OAAO;gBACP,OAAO;gBACP,QAAQ;gBACR,SAAS;gBACT,uBAAuB;gBACvB,gBAAgB;gBAChB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;aACnC,CAAC;YAEF,UAAU;YACV,MAAM,OAAO,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC;YACvC,OAAO,CAAC,gBAAgB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACtC,IAAI,OAAO,CAAC,gBAAgB,CAAC,MAAM,GAAG,UAAU,EAAE,CAAC;gBAClD,OAAO,CAAC,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC,UAAU,CAAC,CAAC;YACxE,CAAC;YACD,WAAW,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YAChC,aAAa,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;YAEjC,OAAO,MAAM,CAAC;QACf,CAAC;QAED,gBAAgB,CAAC,KAAK,GAAG,EAAE;YAC1B,MAAM,OAAO,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC;YACvC,OAAO,OAAO,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC;QAC/C,CAAC;QAED,QAAQ;YACP,MAAM,OAAO,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC;YACvC,MAAM,SAAS,GAAG,OAAO,CAAC,gBAAgB,CAAC;YAC3C,OAAO;gBACN,YAAY,EAAE,SAAS,CAAC,MAAM;gBAC9B,QAAQ,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM;gBACnE,OAAO,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,MAAM;gBACjE,SAAS,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,WAAW,CAAC,CAAC,MAAM;aACrE,CAAC;QACH,CAAC;KACD,CAAC;AACH,CAAC"}

package/dist/board/concerns.d.ts

@@ -0,0 +1,59 @@
+/**
+ * Concern Detection Library
+ *
+ * 6 pure-function detectors for Board of Directors oversight.
+ * Each detector: (request) => Concern | null
+ */
+import type { ConcernType, PolicySeverity } from "../shared/types.js";
+export interface Concern {
+    type: ConcernType;
+    severity: PolicySeverity;
+    description: string;
+    evidence: string;
+}
+export interface BoardRequest {
+    /** Type of decision under review */
+    decisionType: string;
+    /** Human-readable description of the action */
+    description: string;
+    /** File/resource scope affected */
+    scope?: string[] | undefined;
+    /** Arbitrary context for detection heuristics */
+    context: Record<string, unknown>;
+}
+/**
+ * Hallucination — absolute claims, factual assertions without evidence.
+ * Triggers on "always"/"never" overgeneralizations and policy overrides lacking justification.
+ */
+export declare function detectHallucination(request: BoardRequest): Concern | null;
+/**
+ * Bias — preferential routing, demographic skew.
+ * Triggers when a preferred worker is specified during scope expansion.
+ */
+export declare function detectBias(request: BoardRequest): Concern | null;
+/**
+ * Safety — credentials in scope, dangerous content.
+ * Scans scope paths and description for security-sensitive patterns.
+ */
+export declare function detectSafety(request: BoardRequest): Concern | null;
+/**
+ * Scope creep — root wildcards, unbounded scope.
+ * Triggers on root-level ** wildcards or excessive scope breadth (>10 patterns).
+ */
+export declare function detectScopeCreep(request: BoardRequest): Concern | null;
+/**
+ * Resource abuse — cost exceeds threshold, excessive token usage.
+ * Triggers when estimated cost exceeds $100 on resource-intensive operations.
+ */
+export declare function detectResourceAbuse(request: BoardRequest): Concern | null;
+/**
+ * Policy violation — explicit policy override attempts.
+ * Triggers on any policy_override decision type.
+ */
+export declare function detectPolicyViolation(request: BoardRequest): Concern | null;
+/**
+ * Run all concern detectors against a request.
+ * Returns every concern found (zero or more).
+ */
+export declare function detectConcerns(request: BoardRequest): Concern[];
+//# sourceMappingURL=concerns.d.ts.map