usertrust 0.1.0

package/dist/board/concerns.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"concerns.d.ts","sourceRoot":"","sources":["../../src/board/concerns.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAItE,MAAM,WAAW,OAAO;IACvB,IAAI,EAAE,WAAW,CAAC;IAClB,QAAQ,EAAE,cAAc,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,YAAY;IAC5B,oCAAoC;IACpC,YAAY,EAAE,MAAM,CAAC;IACrB,+CAA+C;IAC/C,WAAW,EAAE,MAAM,CAAC;IACpB,mCAAmC;IACnC,KAAK,CAAC,EAAE,MAAM,EAAE,GAAG,SAAS,CAAC;IAC7B,iDAAiD;IACjD,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACjC;AAID;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,GAAG,IAAI,CAsBzE;AAED;;;GAGG;AACH,wBAAgB,UAAU,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,GAAG,IAAI,CAWhE;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,GAAG,IAAI,CAiBlE;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,GAAG,IAAI,CAuBtE;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,GAAG,IAAI,CAczE;AAED;;;GAGG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,GAAG,IAAI,CAW3E;AAcD;;;GAGG;AACH,wBAAgB,cAAc,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,EAAE,CAS/D"}

package/dist/board/concerns.js

@@ -0,0 +1,149 @@
+/**
+ * Concern Detection Library
+ *
+ * 6 pure-function detectors for Board of Directors oversight.
+ * Each detector: (request) => Concern | null
+ */
+// ── Individual Detectors ──
+/**
+ * Hallucination — absolute claims, factual assertions without evidence.
+ * Triggers on "always"/"never" overgeneralizations and policy overrides lacking justification.
+ */
+export function detectHallucination(request) {
+    const description = request.description.toLowerCase();
+    if (description.includes("always") || description.includes("never")) {
+        return {
+            type: "hallucination",
+            severity: "medium",
+            description: "Absolute claims detected - may be overgeneralization",
+            evidence: "Contains 'always' or 'never' statements",
+        };
+    }
+    if (request.decisionType === "policy_override" && !request.context.justification) {
+        return {
+            type: "hallucination",
+            severity: "high",
+            description: "Policy override without justification",
+            evidence: "Missing justification field in context",
+        };
+    }
+    return null;
+}
+/**
+ * Bias — preferential routing, demographic skew.
+ * Triggers when a preferred worker is specified during scope expansion.
+ */
+export function detectBias(request) {
+    if (request.context.preferredWorker && request.decisionType === "scope_expansion") {
+        return {
+            type: "bias",
+            severity: "medium",
+            description: "Potential worker preference bias in scope assignment",
+            evidence: `Preferred worker: ${request.context.preferredWorker}`,
+        };
+    }
+    return null;
+}
+/**
+ * Safety — credentials in scope, dangerous content.
+ * Scans scope paths and description for security-sensitive patterns.
+ */
+export function detectSafety(request) {
+    const sensitivePatterns = ["password", "credential", "secret", "token", "key"];
+    const scopeStr = (request.scope ?? []).join(" ").toLowerCase();
+    const description = request.description.toLowerCase();
+    for (const pattern of sensitivePatterns) {
+        if (scopeStr.includes(pattern) || description.includes(pattern)) {
+            return {
+                type: "safety",
+                severity: "high",
+                description: `Security-sensitive operation: ${pattern}`,
+                evidence: `Pattern '${pattern}' found in scope or description`,
+            };
+        }
+    }
+    return null;
+}
+/**
+ * Scope creep — root wildcards, unbounded scope.
+ * Triggers on root-level ** wildcards or excessive scope breadth (>10 patterns).
+ */
+export function detectScopeCreep(request) {
+    const scope = request.scope ?? [];
+    // Root-level ** wildcard (not scoped under a directory)
+    if (scope.some((s) => s.includes("**") && !s.includes("/"))) {
+        return {
+            type: "scope_creep",
+            severity: "medium",
+            description: "Overly broad scope pattern detected",
+            evidence: "Contains root-level ** wildcard",
+        };
+    }
+    if (scope.length > 10) {
+        return {
+            type: "scope_creep",
+            severity: "high",
+            description: "Excessive scope breadth",
+            evidence: `${scope.length} scope patterns`,
+        };
+    }
+    return null;
+}
+/**
+ * Resource abuse — cost exceeds threshold, excessive token usage.
+ * Triggers when estimated cost exceeds $100 on resource-intensive operations.
+ */
+export function detectResourceAbuse(request) {
+    if (request.decisionType === "resource_intensive") {
+        const estimatedCost = request.context.estimatedCost;
+        if (estimatedCost !== undefined && estimatedCost > 100) {
+            return {
+                type: "resource_abuse",
+                severity: "high",
+                description: "High resource cost operation",
+                evidence: `Estimated cost: $${estimatedCost}`,
+            };
+        }
+    }
+    return null;
+}
+/**
+ * Policy violation — explicit policy override attempts.
+ * Triggers on any policy_override decision type.
+ */
+export function detectPolicyViolation(request) {
+    if (request.decisionType === "policy_override") {
+        return {
+            type: "policy_violation",
+            severity: "medium",
+            description: "Policy override requested",
+            evidence: "Explicit policy override decision type",
+        };
+    }
+    return null;
+}
+// ── Aggregate Detector ──
+/** All individual detectors in order. */
+const ALL_DETECTORS = [
+    detectHallucination,
+    detectBias,
+    detectSafety,
+    detectScopeCreep,
+    detectResourceAbuse,
+    detectPolicyViolation,
+];
+/**
+ * Run all concern detectors against a request.
+ * Returns every concern found (zero or more).
+ */
+export function detectConcerns(request) {
+    const concerns = [];
+    for (const detect of ALL_DETECTORS) {
+        const concern = detect(request);
+        if (concern) {
+            concerns.push(concern);
+        }
+    }
+    return concerns;
+}
+//# sourceMappingURL=concerns.js.map

package/dist/board/concerns.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"concerns.js","sourceRoot":"","sources":["../../src/board/concerns.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAwBH,6BAA6B;AAE7B;;;GAGG;AACH,MAAM,UAAU,mBAAmB,CAAC,OAAqB;IACxD,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC;IAEtD,IAAI,WAAW,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QACrE,OAAO;YACN,IAAI,EAAE,eAAe;YACrB,QAAQ,EAAE,QAAQ;YAClB,WAAW,EAAE,sDAAsD;YACnE,QAAQ,EAAE,yCAAyC;SACnD,CAAC;IACH,CAAC;IAED,IAAI,OAAO,CAAC,YAAY,KAAK,iBAAiB,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;QAClF,OAAO;YACN,IAAI,EAAE,eAAe;YACrB,QAAQ,EAAE,MAAM;YAChB,WAAW,EAAE,uCAAuC;YACpD,QAAQ,EAAE,wCAAwC;SAClD,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACb,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,UAAU,CAAC,OAAqB;IAC/C,IAAI,OAAO,CAAC,OAAO,CAAC,eAAe,IAAI,OAAO,CAAC,YAAY,KAAK,iBAAiB,EAAE,CAAC;QACnF,OAAO;YACN,IAAI,EAAE,MAAM;YACZ,QAAQ,EAAE,QAAQ;YAClB,WAAW,EAAE,sDAAsD;YACnE,QAAQ,EAAE,qBAAqB,OAAO,CAAC,OAAO,CAAC,eAAe,EAAE;SAChE,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACb,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,OAAqB;IACjD,MAAM,iBAAiB,GAAG,CAAC,UAAU,EAAE,YAAY,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;IAC/E,MAAM,QAAQ,GAAG,CAAC,OAAO,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;IAC/D,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC;IAEtD,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE,CAAC;QACzC,IAAI,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YACjE,OAAO;gBACN,IAAI,EAAE,QAAQ;gBACd,QAAQ,EAAE,MAAM;gBAChB,WAAW,EAAE,iCAAiC,OAAO,EAAE;gBACvD,QAAQ,EAAE,YAAY,OAAO,iCAAiC;aAC9D,CAAC;QACH,CAAC;IACF,CAAC;IAED,OAAO,IAAI,CAAC;AACb,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,OAAqB;IACrD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,EAAE,CAAC;IAElC,wDAAwD;IACxD,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;QAC7D,OAAO;YACN,IAAI,EAAE,aAAa;YACnB,QAAQ,EAAE,QAAQ;YAClB,WAAW,EAAE,qCAAqC;YAClD,QAAQ,EAAE,iCAAiC;SAC3C,CAAC;IACH,CAAC;IAED,IAAI,KAAK,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QACvB,OAAO;YACN,IAAI,EAAE,aAAa;YACnB,QAAQ,EAAE,MAAM;YAChB,WAAW,EAAE,yBAAyB;YACtC,QAAQ,EAAE,GAAG,KAAK,CAAC,MAAM,iBAAiB;SAC1C,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACb,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,mBAAmB,CAAC,OAAqB;IACxD,IAAI,OAAO,CAAC,YAAY,KAAK,oBAAoB,EAAE,CAAC;QACnD,MAAM,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC,aAAmC,CAAC;QAC1E,IAAI,aAAa,KAAK,SAAS,IAAI,aAAa,GAAG,GAAG,EAAE,CAAC;YACxD,OAAO;gBACN,IAAI,EAAE,gBAAgB;gBACtB,QAAQ,EAAE,MAAM;gBAChB,WAAW,EAAE,8BAA8B;gBAC3C,QAAQ,EAAE,oBAAoB,aAAa,EAAE;aAC7C,CAAC;QACH,CAAC;IACF,CAAC;IAED,OAAO,IAAI,CAAC;AACb,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CAAC,OAAqB;IAC1D,IAAI,OAAO,CAAC,YAAY,KAAK,iBAAiB,EAAE,CAAC;QAChD,OAAO;YACN,IAAI,EAAE,kBAAkB;YACxB,QAAQ,EAAE,QAAQ;YAClB,WAAW,EAAE,2BAA2B;YACxC,QAAQ,EAAE,wCAAwC;SAClD,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACb,CAAC;AAED,2BAA2B;AAE3B,yCAAyC;AACzC,MAAM,aAAa,GAAG;IACrB,mBAAmB;IACnB,UAAU;IACV,YAAY;IACZ,gBAAgB;IAChB,mBAAmB;IACnB,qBAAqB;CACZ,CAAC;AAEX;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,OAAqB;IACnD,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,KAAK,MAAM,MAAM,IAAI,aAAa,EAAE,CAAC;QACpC,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC;QAChC,IAAI,OAAO,EAAE,CAAC;YACb,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACxB,CAAC;IACF,CAAC;IACD,OAAO,QAAQ,CAAC;AACjB,CAAC"}

package/dist/board/director.d.ts

@@ -0,0 +1,49 @@
+/**
+ * Board Director — Heuristic Concern Review
+ *
+ * Each Director independently reviews decisions using the concern
+ * detection library. No LLM calls — pure heuristic pattern matching.
+ *
+ * Two default Directors with complementary focus areas:
+ *   Alpha: hallucination, safety, policy_violation
+ *   Beta:  bias, scope_creep, resource_abuse
+ */
+import type { ConcernType, DirectorVote, PolicySeverity } from "../shared/types.js";
+import type { BoardRequest, Concern } from "./concerns.js";
+export interface DirectorConfig {
+    /** Director ID */
+    id: string;
+    /** Director name for display */
+    name: string;
+    /** Review focus areas */
+    focusAreas: ConcernType[];
+    /** Veto threshold — concerns at or above this severity trigger veto */
+    vetoThreshold: PolicySeverity;
+}
+export interface DirectorReview {
+    directorId: string;
+    vote: DirectorVote;
+    reasoning: string;
+    concerns: Concern[];
+    /** Confidence 0-1 (lower with more concerns) */
+    confidence: number;
+    reviewedAt: string;
+}
+export declare const DIRECTOR_CONFIGS: Record<string, DirectorConfig>;
+/**
+ * Determine vote based on concern severities relative to the veto threshold.
+ */
+export declare function determineVote(concerns: Concern[], vetoThreshold: PolicySeverity): DirectorVote;
+/**
+ * A Director reviews a request independently.
+ */
+export declare function reviewDecision(directorId: string, request: BoardRequest): DirectorReview;
+/**
+ * Get Director configuration by ID.
+ */
+export declare function getDirectorConfig(directorId: string): DirectorConfig | undefined;
+/**
+ * List all Directors.
+ */
+export declare function listDirectors(): DirectorConfig[];
+//# sourceMappingURL=director.d.ts.map

package/dist/board/director.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"director.d.ts","sourceRoot":"","sources":["../../src/board/director.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpF,OAAO,KAAK,EAAE,YAAY,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAY3D,MAAM,WAAW,cAAc;IAC9B,kBAAkB;IAClB,EAAE,EAAE,MAAM,CAAC;IACX,gCAAgC;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,yBAAyB;IACzB,UAAU,EAAE,WAAW,EAAE,CAAC;IAC1B,uEAAuE;IACvE,aAAa,EAAE,cAAc,CAAC;CAC9B;AAED,MAAM,WAAW,cAAc;IAC9B,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,YAAY,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,gDAAgD;IAChD,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACnB;AAID,eAAO,MAAM,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAa3D,CAAC;AAwCF;;GAEG;AACH,wBAAgB,aAAa,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,aAAa,EAAE,cAAc,GAAG,YAAY,CAc9F;AA0BD;;GAEG;AACH,wBAAgB,cAAc,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,YAAY,GAAG,cAAc,CAmBxF;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,UAAU,EAAE,MAAM,GAAG,cAAc,GAAG,SAAS,CAEhF;AAED;;GAEG;AACH,wBAAgB,aAAa,IAAI,cAAc,EAAE,CAEhD"}

package/dist/board/director.js

@@ -0,0 +1,127 @@
+/**
+ * Board Director — Heuristic Concern Review
+ *
+ * Each Director independently reviews decisions using the concern
+ * detection library. No LLM calls — pure heuristic pattern matching.
+ *
+ * Two default Directors with complementary focus areas:
+ *   Alpha: hallucination, safety, policy_violation
+ *   Beta:  bias, scope_creep, resource_abuse
+ */
+import { detectBias, detectHallucination, detectPolicyViolation, detectResourceAbuse, detectSafety, detectScopeCreep, } from "./concerns.js";
+// ── Default Configurations ──
+export const DIRECTOR_CONFIGS = {
+    "director-a": {
+        id: "director-a",
+        name: "Director Alpha",
+        focusAreas: ["hallucination", "safety", "policy_violation"],
+        vetoThreshold: "high",
+    },
+    "director-b": {
+        id: "director-b",
+        name: "Director Beta",
+        focusAreas: ["bias", "scope_creep", "resource_abuse"],
+        vetoThreshold: "high",
+    },
+};
+// ── Concern routing by type ──
+const DETECTOR_BY_TYPE = {
+    hallucination: detectHallucination,
+    bias: detectBias,
+    safety: detectSafety,
+    scope_creep: detectScopeCreep,
+    resource_abuse: detectResourceAbuse,
+    policy_violation: detectPolicyViolation,
+};
+// ── Severity ranking ──
+const SEVERITY_RANK = {
+    info: 0,
+    low: 1,
+    medium: 2,
+    high: 3,
+    critical: 4,
+};
+// ── Core Logic ──
+/**
+ * Detect concerns scoped to a Director's focus areas.
+ */
+function detectForDirector(request, focusAreas) {
+    const concerns = [];
+    for (const area of focusAreas) {
+        const detector = DETECTOR_BY_TYPE[area];
+        const concern = detector(request);
+        if (concern) {
+            concerns.push(concern);
+        }
+    }
+    return concerns;
+}
+/**
+ * Determine vote based on concern severities relative to the veto threshold.
+ */
+export function determineVote(concerns, vetoThreshold) {
+    const thresholdRank = SEVERITY_RANK[vetoThreshold];
+    for (const concern of concerns) {
+        if (SEVERITY_RANK[concern.severity] >= thresholdRank) {
+            return "veto";
+        }
+    }
+    if (concerns.some((c) => c.severity === "medium")) {
+        return "abstain";
+    }
+    return "approve";
+}
+/**
+ * Generate human-readable reasoning from vote and concerns.
+ */
+function generateReasoning(vote, concerns, request) {
+    if (concerns.length === 0) {
+        return `Approved: No concerns detected for ${request.decisionType} decision.`;
+    }
+    const summary = concerns
+        .map((c) => `[${c.severity.toUpperCase()}] ${c.type}: ${c.description}`)
+        .join("; ");
+    switch (vote) {
+        case "veto":
+            return `VETO: Critical concerns detected. ${summary}`;
+        case "abstain":
+            return `ABSTAIN: Moderate concerns require attention. ${summary}`;
+        case "approve":
+            return `Approved with minor notes: ${summary}`;
+    }
+}
+// ── Public API ──
+/**
+ * A Director reviews a request independently.
+ */
+export function reviewDecision(directorId, request) {
+    const config = DIRECTOR_CONFIGS[directorId];
+    if (!config) {
+        throw new Error(`Unknown director: ${directorId}`);
+    }
+    const concerns = detectForDirector(request, config.focusAreas);
+    const vote = determineVote(concerns, config.vetoThreshold);
+    const reasoning = generateReasoning(vote, concerns, request);
+    const confidence = Math.max(0.5, 1 - concerns.length * 0.15);
+    return {
+        directorId,
+        vote,
+        reasoning,
+        concerns,
+        confidence,
+        reviewedAt: new Date().toISOString(),
+    };
+}
+/**
+ * Get Director configuration by ID.
+ */
+export function getDirectorConfig(directorId) {
+    return DIRECTOR_CONFIGS[directorId];
+}
+/**
+ * List all Directors.
+ */
+export function listDirectors() {
+    return Object.values(DIRECTOR_CONFIGS);
+}
+//# sourceMappingURL=director.js.map

package/dist/board/director.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"director.js","sourceRoot":"","sources":["../../src/board/director.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAIH,OAAO,EACN,UAAU,EACV,mBAAmB,EACnB,qBAAqB,EACrB,mBAAmB,EACnB,YAAY,EACZ,gBAAgB,GAChB,MAAM,eAAe,CAAC;AAyBvB,+BAA+B;AAE/B,MAAM,CAAC,MAAM,gBAAgB,GAAmC;IAC/D,YAAY,EAAE;QACb,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,gBAAgB;QACtB,UAAU,EAAE,CAAC,eAAe,EAAE,QAAQ,EAAE,kBAAkB,CAAC;QAC3D,aAAa,EAAE,MAAM;KACrB;IACD,YAAY,EAAE;QACb,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,eAAe;QACrB,UAAU,EAAE,CAAC,MAAM,EAAE,aAAa,EAAE,gBAAgB,CAAC;QACrD,aAAa,EAAE,MAAM;KACrB;CACD,CAAC;AAEF,gCAAgC;AAEhC,MAAM,gBAAgB,GAA+D;IACpF,aAAa,EAAE,mBAAmB;IAClC,IAAI,EAAE,UAAU;IAChB,MAAM,EAAE,YAAY;IACpB,WAAW,EAAE,gBAAgB;IAC7B,cAAc,EAAE,mBAAmB;IACnC,gBAAgB,EAAE,qBAAqB;CACvC,CAAC;AAEF,yBAAyB;AAEzB,MAAM,aAAa,GAAmC;IACrD,IAAI,EAAE,CAAC;IACP,GAAG,EAAE,CAAC;IACN,MAAM,EAAE,CAAC;IACT,IAAI,EAAE,CAAC;IACP,QAAQ,EAAE,CAAC;CACX,CAAC;AAEF,mBAAmB;AAEnB;;GAEG;AACH,SAAS,iBAAiB,CAAC,OAAqB,EAAE,UAAyB;IAC1E,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;QAC/B,MAAM,QAAQ,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;QACxC,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC;QAClC,IAAI,OAAO,EAAE,CAAC;YACb,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACxB,CAAC;IACF,CAAC;IACD,OAAO,QAAQ,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,QAAmB,EAAE,aAA6B;IAC/E,MAAM,aAAa,GAAG,aAAa,CAAC,aAAa,CAAC,CAAC;IAEnD,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAChC,IAAI,aAAa,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,aAAa,EAAE,CAAC;YACtD,OAAO,MAAM,CAAC;QACf,CAAC;IACF,CAAC;IAED,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,EAAE,CAAC;QACnD,OAAO,SAAS,CAAC;IAClB,CAAC;IAED,OAAO,SAAS,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,IAAkB,EAAE,QAAmB,EAAE,OAAqB;IACxF,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,OAAO,sCAAsC,OAAO,CAAC,YAAY,YAAY,CAAC;IAC/E,CAAC;IAED,MAAM,OAAO,GAAG,QAAQ;SACtB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;SACvE,IAAI,CAAC,IAAI,CAAC,CAAC;IAEb,QAAQ,IAAI,EAAE,CAAC;QACd,KAAK,MAAM;YACV,OAAO,qCAAqC,OAAO,EAAE,CAAC;QACvD,KAAK,SAAS;YACb,OAAO,iDAAiD,OAAO,EAAE,CAAC;QACnE,KAAK,SAAS;YACb,OAAO,8BAA8B,OAAO,EAAE,CAAC;IACjD,CAAC;AACF,CAAC;AAED,mBAAmB;AAEnB;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,UAAkB,EAAE,OAAqB;IACvE,MAAM,MAAM,GAAG,gBAAgB,CAAC,UAAU,CAAC,CAAC;IAC5C,IAAI,CAAC,MAAM,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,qBAAqB,UAAU,EAAE,CAAC,CAAC;IACpD,CAAC;IAED,MAAM,QAAQ,GAAG,iBAAiB,CAAC,OAAO,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC;IAC/D,MAAM,IAAI,GAAG,aAAa,CAAC,QAAQ,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC;IAC3D,MAAM,SAAS,GAAG,iBAAiB,CAAC,IAAI,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC7D,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAE7D,OAAO;QACN,UAAU;QACV,IAAI;QACJ,SAAS;QACT,QAAQ;QACR,UAAU;QACV,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,UAAkB;IACnD,OAAO,gBAAgB,CAAC,UAAU,CAAC,CAAC;AACrC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa;IAC5B,OAAO,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;AACxC,CAAC"}

package/dist/cli/health.d.ts

@@ -0,0 +1,8 @@
+/**
+ * CLI: usertrust health — Show entropy diagnostics
+ *
+ * Uses entropy.ts to compute 6-signal health score from audit events.
+ * Displays per-signal breakdown with status indicators.
+ */
+export declare function run(rootDir?: string): Promise<void>;
+//# sourceMappingURL=health.d.ts.map

package/dist/cli/health.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"health.d.ts","sourceRoot":"","sources":["../../src/cli/health.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AA6DH,wBAAsB,GAAG,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAqEzD"}

package/dist/cli/health.js

@@ -0,0 +1,119 @@
+/**
+ * CLI: usertrust health — Show entropy diagnostics
+ *
+ * Uses entropy.ts to compute 6-signal health score from audit events.
+ * Displays per-signal breakdown with status indicators.
+ */
+import { existsSync, readFileSync } from "node:fs";
+import { join } from "node:path";
+import { computeEntropyScore, } from "../audit/entropy.js";
+import { verifyChain } from "../audit/verify.js";
+import { VAULT_DIR } from "../shared/constants.js";
+function loadEvents(vaultPath) {
+    const logPath = join(vaultPath, "audit", "events.jsonl");
+    if (!existsSync(logPath))
+        return [];
+    try {
+        const content = readFileSync(logPath, "utf-8").trim();
+        if (!content)
+            return [];
+        return content
+            .split("\n")
+            .filter((l) => l.trim())
+            .map((line) => JSON.parse(line));
+    }
+    catch {
+        return [];
+    }
+}
+function loadConfig(vaultPath) {
+    const configPath = join(vaultPath, "usertrust.config.json");
+    if (!existsSync(configPath))
+        return { budget: 0 };
+    try {
+        const raw = readFileSync(configPath, "utf-8");
+        const config = JSON.parse(raw);
+        return { budget: typeof config.budget === "number" ? config.budget : 0 };
+    }
+    catch {
+        return { budget: 0 };
+    }
+}
+function levelLabel(level) {
+    switch (level) {
+        case "low":
+            return "healthy";
+        case "elevated":
+            return "elevated";
+        case "critical":
+            return "critical";
+    }
+}
+function statusTag(value, hits) {
+    if (hits === 0)
+        return "[ok]";
+    if (value < 0.3)
+        return "[low]";
+    if (value < 0.6)
+        return "[elevated]";
+    return "[critical]";
+}
+export async function run(rootDir) {
+    const root = rootDir ?? process.cwd();
+    const vaultPath = join(root, VAULT_DIR);
+    if (!existsSync(vaultPath)) {
+        console.log("No governance vault found. Run `usertrust init` first.");
+        return;
+    }
+    const events = loadEvents(vaultPath);
+    const config = loadConfig(vaultPath);
+    // Convert audit events to entropy event inputs
+    const entropyEvents = events.map((e) => ({
+        kind: e.kind,
+        data: e.data,
+    }));
+    const report = computeEntropyScore(entropyEvents);
+    // Verify chain integrity directly
+    const logPath = join(vaultPath, "audit", "events.jsonl");
+    const verification = verifyChain(logPath);
+    const chainLabel = verification.valid ? "verified" : "FAILED";
+    const chainStatus = verification.valid ? "[ok]" : "[critical]";
+    // Compute budget utilization percentage
+    let spent = 0;
+    for (const e of events) {
+        if (e.kind !== "llm_call")
+            continue;
+        const cost = e.data.cost;
+        if (typeof cost === "number") {
+            spent += cost;
+        }
+    }
+    const budgetPct = config.budget > 0 ? ((spent / config.budget) * 100).toFixed(1) : "0.0";
+    console.log(`Entropy score: ${report.score}/100 (${levelLabel(report.level)})`);
+    // Signal 1: Policy violations
+    const policySignal = report.signals.find((s) => s.condition === "policy_violations");
+    const policyHits = policySignal?.hits ?? 0;
+    const policyStatus = statusTag(policySignal?.value ?? 0, policyHits);
+    console.log(`  Policy violations (30d):  ${policyHits}   ${policyStatus}`);
+    // Signal 2: Budget utilization
+    const budgetStatus = Number.parseFloat(budgetPct) > 80 ? "[elevated]" : "[ok]";
+    console.log(`  Budget utilization:      ${budgetPct}% ${budgetStatus}`);
+    // Signal 3: Chain integrity
+    console.log(`  Chain integrity:         ${chainLabel} ${chainStatus}`);
+    // Signal 4: PII detections
+    const piiSignal = report.signals.find((s) => s.condition === "pii_detections");
+    const piiHits = piiSignal?.hits ?? 0;
+    const piiStatus = statusTag(piiSignal?.value ?? 0, piiHits);
+    console.log(`  PII detections (30d):    ${piiHits}   ${piiStatus}`);
+    // Signal 5: Circuit breaker trips
+    const cbSignal = report.signals.find((s) => s.condition === "circuit_breaker_trips");
+    const cbHits = cbSignal?.hits ?? 0;
+    const cbStatus = statusTag(cbSignal?.value ?? 0, cbHits);
+    console.log(`  Circuit breaker trips:   ${cbHits}   ${cbStatus}`);
+    // Signal 6: Pattern memory hits
+    const pmSignal = report.signals.find((s) => s.condition === "pattern_memory_hits");
+    const pmHits = pmSignal?.hits ?? 0;
+    const pmStatus = statusTag(pmSignal?.value ?? 0, pmHits);
+    console.log(`  Pattern memory hits:     ${pmHits}   ${pmStatus}`);
+}
+//# sourceMappingURL=health.js.map

package/dist/cli/health.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"health.js","sourceRoot":"","sources":["../../src/cli/health.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAGN,mBAAmB,GACnB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAGnD,SAAS,UAAU,CAAC,SAAiB;IACpC,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,EAAE,OAAO,EAAE,cAAc,CAAC,CAAC;IACzD,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC;QAAE,OAAO,EAAE,CAAC;IAEpC,IAAI,CAAC;QACJ,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;QACtD,IAAI,CAAC,OAAO;YAAE,OAAO,EAAE,CAAC;QAExB,OAAO,OAAO;aACZ,KAAK,CAAC,IAAI,CAAC;aACX,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;aACvB,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAe,CAAC,CAAC;IACjD,CAAC;IAAC,MAAM,CAAC;QACR,OAAO,EAAE,CAAC;IACX,CAAC;AACF,CAAC;AAED,SAAS,UAAU,CAAC,SAAiB;IACpC,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,EAAE,uBAAuB,CAAC,CAAC;IAC5D,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC;QAAE,OAAO,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;IAElD,IAAI,CAAC;QACJ,MAAM,GAAG,GAAG,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAC9C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAwB,CAAC;QACtD,OAAO,EAAE,MAAM,EAAE,OAAO,MAAM,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAC1E,CAAC;IAAC,MAAM,CAAC;QACR,OAAO,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;IACtB,CAAC;AACF,CAAC;AAED,SAAS,UAAU,CAAC,KAAmB;IACtC,QAAQ,KAAK,EAAE,CAAC;QACf,KAAK,KAAK;YACT,OAAO,SAAS,CAAC;QAClB,KAAK,UAAU;YACd,OAAO,UAAU,CAAC;QACnB,KAAK,UAAU;YACd,OAAO,UAAU,CAAC;IACpB,CAAC;AACF,CAAC;AAED,SAAS,SAAS,CAAC,KAAa,EAAE,IAAY;IAC7C,IAAI,IAAI,KAAK,CAAC;QAAE,OAAO,MAAM,CAAC;IAC9B,IAAI,KAAK,GAAG,GAAG;QAAE,OAAO,OAAO,CAAC;IAChC,IAAI,KAAK,GAAG,GAAG;QAAE,OAAO,YAAY,CAAC;IACrC,OAAO,YAAY,CAAC;AACrB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,GAAG,CAAC,OAAgB;IACzC,MAAM,IAAI,GAAG,OAAO,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;IACtC,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IAExC,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC5B,OAAO,CAAC,GAAG,CAAC,wDAAwD,CAAC,CAAC;QACtE,OAAO;IACR,CAAC;IAED,MAAM,MAAM,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;IACrC,MAAM,MAAM,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;IAErC,+CAA+C;IAC/C,MAAM,aAAa,GAAwB,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC7D,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,IAAI,EAAE,CAAC,CAAC,IAAI;KACZ,CAAC,CAAC,CAAC;IAEJ,MAAM,MAAM,GAAG,mBAAmB,CAAC,aAAa,CAAC,CAAC;IAElD,kCAAkC;IAClC,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,EAAE,OAAO,EAAE,cAAc,CAAC,CAAC;IACzD,MAAM,YAAY,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;IAC1C,MAAM,UAAU,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC;IAC9D,MAAM,WAAW,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,YAAY,CAAC;IAE/D,wCAAwC;IACxC,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACxB,IAAI,CAAC,CAAC,IAAI,KAAK,UAAU;YAAE,SAAS;QACpC,MAAM,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;QACzB,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC9B,KAAK,IAAI,IAAI,CAAC;QACf,CAAC;IACF,CAAC;IACD,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;IAEzF,OAAO,CAAC,GAAG,CAAC,kBAAkB,MAAM,CAAC,KAAK,SAAS,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAEhF,8BAA8B;IAC9B,MAAM,YAAY,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,mBAAmB,CAAC,CAAC;IACrF,MAAM,UAAU,GAAG,YAAY,EAAE,IAAI,IAAI,CAAC,CAAC;IAC3C,MAAM,YAAY,GAAG,SAAS,CAAC,YAAY,EAAE,KAAK,IAAI,CAAC,EAAE,UAAU,CAAC,CAAC;IACrE,OAAO,CAAC,GAAG,CAAC,+BAA+B,UAAU,MAAM,YAAY,EAAE,CAAC,CAAC;IAE3E,+BAA+B;IAC/B,MAAM,YAAY,GAAG,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC;IAC/E,OAAO,CAAC,GAAG,CAAC,8BAA8B,SAAS,KAAK,YAAY,EAAE,CAAC,CAAC;IAExE,4BAA4B;IAC5B,OAAO,CAAC,GAAG,CAAC,8BAA8B,UAAU,IAAI,WAAW,EAAE,CAAC,CAAC;IAEvE,2BAA2B;IAC3B,MAAM,SAAS,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,gBAAgB,CAAC,CAAC;IAC/E,MAAM,OAAO,GAAG,SAAS,EAAE,IAAI,IAAI,CAAC,CAAC;IACrC,MAAM,SAAS,GAAG,SAAS,CAAC,SAAS,EAAE,KAAK,IAAI,CAAC,EAAE,OAAO,CAAC,CAAC;IAC5D,OAAO,CAAC,GAAG,CAAC,8BAA8B,OAAO,MAAM,SAAS,EAAE,CAAC,CAAC;IAEpE,kCAAkC;IAClC,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,uBAAuB,CAAC,CAAC;IACrF,MAAM,MAAM,GAAG,QAAQ,EAAE,IAAI,IAAI,CAAC,CAAC;IACnC,MAAM,QAAQ,GAAG,SAAS,CAAC,QAAQ,EAAE,KAAK,IAAI,CAAC,EAAE,MAAM,CAAC,CAAC;IACzD,OAAO,CAAC,GAAG,CAAC,8BAA8B,MAAM,MAAM,QAAQ,EAAE,CAAC,CAAC;IAElE,gCAAgC;IAChC,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,qBAAqB,CAAC,CAAC;IACnF,MAAM,MAAM,GAAG,QAAQ,EAAE,IAAI,IAAI,CAAC,CAAC;IACnC,MAAM,QAAQ,GAAG,SAAS,CAAC,QAAQ,EAAE,KAAK,IAAI,CAAC,EAAE,MAAM,CAAC,CAAC;IACzD,OAAO,CAAC,GAAG,CAAC,8BAA8B,MAAM,MAAM,QAAQ,EAAE,CAAC,CAAC;AACnE,CAAC"}

package/dist/cli/init.d.ts

@@ -0,0 +1,8 @@
+/**
+ * CLI: usertrust init — Initialize governance vault
+ *
+ * Creates the .usertrust/ directory structure with default config,
+ * policy, and .gitignore. Sets permissions to 700 (owner only).
+ */
+export declare function run(rootDir?: string): Promise<void>;
+//# sourceMappingURL=init.d.ts.map

package/dist/cli/init.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"init.d.ts","sourceRoot":"","sources":["../../src/cli/init.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AA0CH,wBAAsB,GAAG,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAmCzD"}

package/dist/cli/init.js

@@ -0,0 +1,67 @@
+/**
+ * CLI: usertrust init — Initialize governance vault
+ *
+ * Creates the .usertrust/ directory structure with default config,
+ * policy, and .gitignore. Sets permissions to 700 (owner only).
+ */
+import { chmodSync, existsSync, mkdirSync, writeFileSync } from "node:fs";
+import { join } from "node:path";
+import { VAULT_DIR } from "../shared/constants.js";
+const DEFAULT_CONFIG = {
+    budget: 50000,
+    tier: "mini",
+    policies: "./policies/default.yml",
+    pii: "warn",
+    board: { enabled: false, vetoThreshold: "high" },
+    circuitBreaker: { failureThreshold: 5, resetTimeout: 60000 },
+    patterns: { enabled: true, feedProxy: false },
+    audit: { rotation: "daily", indexLimit: 10000 },
+};
+const DEFAULT_POLICY = `rules:
+  - name: block-zero-budget
+    effect: deny
+    enforcement: hard
+    conditions:
+      - field: budget_remaining
+        operator: lte
+        value: 0
+
+  - name: warn-high-cost
+    effect: warn
+    enforcement: soft
+    conditions:
+      - field: estimated_cost
+        operator: gt
+        value: 1000
+`;
+const GITIGNORE = `tigerbeetle/
+*.tigerbeetle
+dlq/
+`;
+const SUBDIRS = ["audit", "policies", "patterns", "snapshots", "board", "dlq"];
+export async function run(rootDir) {
+    const root = rootDir ?? process.cwd();
+    const vaultPath = join(root, VAULT_DIR);
+    if (existsSync(vaultPath)) {
+        console.log(`Vault already exists at ${vaultPath}`);
+        return;
+    }
+    // Create directory structure
+    mkdirSync(vaultPath, { recursive: true });
+    for (const sub of SUBDIRS) {
+        mkdirSync(join(vaultPath, sub), { recursive: true });
+    }
+    // Write default config
+    writeFileSync(join(vaultPath, "usertrust.config.json"), JSON.stringify(DEFAULT_CONFIG, null, "\t"), "utf-8");
+    // Write default policy
+    writeFileSync(join(vaultPath, "policies", "default.yml"), DEFAULT_POLICY, "utf-8");
+    // Write .gitignore
+    writeFileSync(join(vaultPath, ".gitignore"), GITIGNORE, "utf-8");
+    // Set vault permissions to 700 (owner only)
+    chmodSync(vaultPath, 0o700);
+    console.log(`Initialized governance vault at ${vaultPath}`);
+    console.log("  Created: audit/, policies/, patterns/, snapshots/, board/, dlq/");
+    console.log("  Config:  usertrust.config.json");
+    console.log("  Policy:  policies/default.yml");
+}
+//# sourceMappingURL=init.js.map

package/dist/cli/init.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"init.js","sourceRoot":"","sources":["../../src/cli/init.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAC1E,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAEnD,MAAM,cAAc,GAAG;IACtB,MAAM,EAAE,KAAK;IACb,IAAI,EAAE,MAAM;IACZ,QAAQ,EAAE,wBAAwB;IAClC,GAAG,EAAE,MAAM;IACX,KAAK,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,aAAa,EAAE,MAAM,EAAE;IAChD,cAAc,EAAE,EAAE,gBAAgB,EAAE,CAAC,EAAE,YAAY,EAAE,KAAK,EAAE;IAC5D,QAAQ,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE;IAC7C,KAAK,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE;CAC/C,CAAC;AAEF,MAAM,cAAc,GAAG;;;;;;;;;;;;;;;;CAgBtB,CAAC;AAEF,MAAM,SAAS,GAAG;;;CAGjB,CAAC;AAEF,MAAM,OAAO,GAAG,CAAC,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,WAAW,EAAE,OAAO,EAAE,KAAK,CAAU,CAAC;AAExF,MAAM,CAAC,KAAK,UAAU,GAAG,CAAC,OAAgB;IACzC,MAAM,IAAI,GAAG,OAAO,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;IACtC,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IAExC,IAAI,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC3B,OAAO,CAAC,GAAG,CAAC,2BAA2B,SAAS,EAAE,CAAC,CAAC;QACpD,OAAO;IACR,CAAC;IAED,6BAA6B;IAC7B,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1C,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;QAC3B,SAAS,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACtD,CAAC;IAED,uBAAuB;IACvB,aAAa,CACZ,IAAI,CAAC,SAAS,EAAE,uBAAuB,CAAC,EACxC,IAAI,CAAC,SAAS,CAAC,cAAc,EAAE,IAAI,EAAE,IAAI,CAAC,EAC1C,OAAO,CACP,CAAC;IAEF,uBAAuB;IACvB,aAAa,CAAC,IAAI,CAAC,SAAS,EAAE,UAAU,EAAE,aAAa,CAAC,EAAE,cAAc,EAAE,OAAO,CAAC,CAAC;IAEnF,mBAAmB;IACnB,aAAa,CAAC,IAAI,CAAC,SAAS,EAAE,YAAY,CAAC,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;IAEjE,4CAA4C;IAC5C,SAAS,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;IAE5B,OAAO,CAAC,GAAG,CAAC,mCAAmC,SAAS,EAAE,CAAC,CAAC;IAC5D,OAAO,CAAC,GAAG,CAAC,mEAAmE,CAAC,CAAC;IACjF,OAAO,CAAC,GAAG,CAAC,kCAAkC,CAAC,CAAC;IAChD,OAAO,CAAC,GAAG,CAAC,iCAAiC,CAAC,CAAC;AAChD,CAAC"}

package/dist/cli/inspect.d.ts

@@ -0,0 +1,8 @@
+/**
+ * CLI: usertrust inspect — Show governance bank statement
+ *
+ * Reads vault state and displays balance, audit chain stats,
+ * recent transactions, and Merkle root in a formatted table.
+ */
+export declare function run(rootDir?: string): Promise<void>;
+//# sourceMappingURL=inspect.d.ts.map

package/dist/cli/inspect.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"inspect.d.ts","sourceRoot":"","sources":["../../src/cli/inspect.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAqEH,wBAAsB,GAAG,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CA+DzD"}