usertrust 0.1.0

package/dist/cli/inspect.js

@@ -0,0 +1,114 @@
+/**
+ * CLI: usertrust inspect — Show governance bank statement
+ *
+ * Reads vault state and displays balance, audit chain stats,
+ * recent transactions, and Merkle root in a formatted table.
+ */
+import { existsSync, readFileSync } from "node:fs";
+import { join } from "node:path";
+import { buildMerkleTree } from "../audit/merkle.js";
+import { verifyChain } from "../audit/verify.js";
+import { VAULT_DIR } from "../shared/constants.js";
+function loadConfig(vaultPath) {
+    const configPath = join(vaultPath, "usertrust.config.json");
+    if (!existsSync(configPath)) {
+        return { budget: 0 };
+    }
+    try {
+        const raw = readFileSync(configPath, "utf-8");
+        const config = JSON.parse(raw);
+        return { budget: typeof config.budget === "number" ? config.budget : 0 };
+    }
+    catch {
+        return { budget: 0 };
+    }
+}
+function loadEvents(vaultPath) {
+    const logPath = join(vaultPath, "audit", "events.jsonl");
+    if (!existsSync(logPath))
+        return [];
+    try {
+        const content = readFileSync(logPath, "utf-8").trim();
+        if (!content)
+            return [];
+        return content
+            .split("\n")
+            .filter((l) => l.trim())
+            .map((line) => JSON.parse(line));
+    }
+    catch {
+        return [];
+    }
+}
+function computeSpent(events) {
+    let spent = 0;
+    for (const e of events) {
+        if (e.kind !== "llm_call")
+            continue;
+        const cost = e.data.cost;
+        if (typeof cost === "number") {
+            spent += cost;
+        }
+    }
+    return spent;
+}
+function formatTime(timestamp) {
+    try {
+        const d = new Date(timestamp);
+        return d.toTimeString().slice(0, 8);
+    }
+    catch {
+        return "??:??:??";
+    }
+}
+function padRight(s, len) {
+    return s.length >= len ? s.slice(0, len) : s + " ".repeat(len - s.length);
+}
+function padLeft(s, len) {
+    return s.length >= len ? s.slice(0, len) : " ".repeat(len - s.length) + s;
+}
+export async function run(rootDir) {
+    const root = rootDir ?? process.cwd();
+    const vaultPath = join(root, VAULT_DIR);
+    if (!existsSync(vaultPath)) {
+        console.log("No governance vault found. Run `usertrust init` first.");
+        return;
+    }
+    const config = loadConfig(vaultPath);
+    const events = loadEvents(vaultPath);
+    const spent = computeSpent(events);
+    const remaining = config.budget - spent;
+    const pct = config.budget > 0 ? ((remaining / config.budget) * 100).toFixed(1) : "0.0";
+    // Verify chain
+    const logPath = join(vaultPath, "audit", "events.jsonl");
+    const verification = verifyChain(logPath);
+    // Build Merkle tree from event hashes
+    const eventHashes = events.map((e) => e.hash);
+    const { root: merkleRoot } = buildMerkleTree(eventHashes);
+    const integrityLabel = verification.valid ? "SHA-256 verified" : "INTEGRITY FAILURE";
+    // Header
+    console.log("+--------------------------------------------------------------+");
+    console.log(`|  * usertrust governance vault${" ".repeat(32)}|`);
+    console.log(`${`|  Budget: ${remaining.toLocaleString()} / ${config.budget.toLocaleString()} UT remaining (${pct}%)`.padEnd(63)}|`);
+    console.log(`${`|  Chain: ${verification.eventsVerified} events | Integrity: ${integrityLabel}`.padEnd(63)}|`);
+    if (merkleRoot) {
+        console.log(`${`|  Merkle root: ${merkleRoot.slice(0, 16)}...`.padEnd(63)}|`);
+    }
+    console.log("+----------+--------------+--------+---------------------------+");
+    console.log("| Time     | Model        | Cost   | Receipt                   |");
+    console.log("+----------+--------------+--------+---------------------------+");
+    // Show last 10 transactions
+    const recent = events.slice(-10).reverse();
+    for (const e of recent) {
+        const time = formatTime(e.timestamp);
+        const model = typeof e.data.model === "string" ? e.data.model : "unknown";
+        const cost = typeof e.data.cost === "number" ? `${e.data.cost} UT` : "—";
+        const receipt = typeof e.data.transferId === "string" ? e.data.transferId : e.id.slice(0, 20);
+        console.log(`| ${padRight(time, 8)} | ${padRight(model, 12)} | ${padLeft(cost, 6)} | ${padRight(receipt, 25)} |`);
+    }
+    if (recent.length === 0) {
+        console.log(`| ${padRight("No transactions recorded", 58)} |`);
+    }
+    console.log("+----------+--------------+--------+---------------------------+");
+}
+//# sourceMappingURL=inspect.js.map

package/dist/cli/inspect.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"inspect.js","sourceRoot":"","sources":["../../src/cli/inspect.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAGnD,SAAS,UAAU,CAAC,SAAiB;IACpC,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,EAAE,uBAAuB,CAAC,CAAC;IAC5D,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC7B,OAAO,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;IACtB,CAAC;IACD,IAAI,CAAC;QACJ,MAAM,GAAG,GAAG,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAC9C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAwB,CAAC;QACtD,OAAO,EAAE,MAAM,EAAE,OAAO,MAAM,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAC1E,CAAC;IAAC,MAAM,CAAC;QACR,OAAO,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;IACtB,CAAC;AACF,CAAC;AAED,SAAS,UAAU,CAAC,SAAiB;IACpC,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,EAAE,OAAO,EAAE,cAAc,CAAC,CAAC;IACzD,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC;QAAE,OAAO,EAAE,CAAC;IAEpC,IAAI,CAAC;QACJ,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;QACtD,IAAI,CAAC,OAAO;YAAE,OAAO,EAAE,CAAC;QAExB,OAAO,OAAO;aACZ,KAAK,CAAC,IAAI,CAAC;aACX,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;aACvB,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAe,CAAC,CAAC;IACjD,CAAC;IAAC,MAAM,CAAC;QACR,OAAO,EAAE,CAAC;IACX,CAAC;AACF,CAAC;AAED,SAAS,YAAY,CAAC,MAAoB;IACzC,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACxB,IAAI,CAAC,CAAC,IAAI,KAAK,UAAU;YAAE,SAAS;QACpC,MAAM,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;QACzB,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC9B,KAAK,IAAI,IAAI,CAAC;QACf,CAAC;IACF,CAAC;IACD,OAAO,KAAK,CAAC;AACd,CAAC;AAED,SAAS,UAAU,CAAC,SAAiB;IACpC,IAAI,CAAC;QACJ,MAAM,CAAC,GAAG,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC;QAC9B,OAAO,CAAC,CAAC,YAAY,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACrC,CAAC;IAAC,MAAM,CAAC;QACR,OAAO,UAAU,CAAC;IACnB,CAAC;AACF,CAAC;AAED,SAAS,QAAQ,CAAC,CAAS,EAAE,GAAW;IACvC,OAAO,CAAC,CAAC,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC;AAC3E,CAAC;AAED,SAAS,OAAO,CAAC,CAAS,EAAE,GAAW;IACtC,OAAO,CAAC,CAAC,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;AAC3E,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,GAAG,CAAC,OAAgB;IACzC,MAAM,IAAI,GAAG,OAAO,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;IACtC,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IAExC,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC5B,OAAO,CAAC,GAAG,CAAC,wDAAwD,CAAC,CAAC;QACtE,OAAO;IACR,CAAC;IAED,MAAM,MAAM,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;IACrC,MAAM,MAAM,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;IACrC,MAAM,KAAK,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;IACnC,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,GAAG,KAAK,CAAC;IACxC,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;IAEvF,eAAe;IACf,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,EAAE,OAAO,EAAE,cAAc,CAAC,CAAC;IACzD,MAAM,YAAY,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;IAE1C,sCAAsC;IACtC,MAAM,WAAW,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IAC9C,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,eAAe,CAAC,WAAW,CAAC,CAAC;IAE1D,MAAM,cAAc,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,mBAAmB,CAAC;IAErF,SAAS;IACT,OAAO,CAAC,GAAG,CAAC,kEAAkE,CAAC,CAAC;IAChF,OAAO,CAAC,GAAG,CAAC,kCAAkC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC;IACjE,OAAO,CAAC,GAAG,CACV,GAAG,cAAc,SAAS,CAAC,cAAc,EAAE,MAAM,MAAM,CAAC,MAAM,CAAC,cAAc,EAAE,kBAAkB,GAAG,IAAI,CAAC,MAAM,CAC9G,EAAE,CACF,GAAG,CACJ,CAAC;IACF,OAAO,CAAC,GAAG,CACV,GAAG,aAAa,YAAY,CAAC,cAAc,wBAAwB,cAAc,EAAE,CAAC,MAAM,CACzF,EAAE,CACF,GAAG,CACJ,CAAC;IACF,IAAI,UAAU,EAAE,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,GAAG,mBAAmB,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC;IAC/E,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,kEAAkE,CAAC,CAAC;IAChF,OAAO,CAAC,GAAG,CAAC,kEAAkE,CAAC,CAAC;IAChF,OAAO,CAAC,GAAG,CAAC,kEAAkE,CAAC,CAAC;IAEhF,4BAA4B;IAC5B,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC;IAC3C,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACxB,MAAM,IAAI,GAAG,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QACrC,MAAM,KAAK,GAAG,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;QAC1E,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC;QACzE,MAAM,OAAO,GAAG,OAAO,CAAC,CAAC,IAAI,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAE9F,OAAO,CAAC,GAAG,CACV,KAAK,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,QAAQ,CAAC,OAAO,EAAE,EAAE,CAAC,IAAI,CACpG,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,GAAG,CAAC,KAAK,QAAQ,CAAC,0BAA0B,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC;IAChE,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,kEAAkE,CAAC,CAAC;AACjF,CAAC"}

package/dist/cli/main.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=main.d.ts.map

package/dist/cli/main.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"main.d.ts","sourceRoot":"","sources":["../../src/cli/main.ts"],"names":[],"mappings":""}

package/dist/cli/main.js

@@ -0,0 +1,35 @@
+#!/usr/bin/env node
+const command = process.argv[2];
+switch (command) {
+    case "init":
+        await import("./init.js").then((m) => m.run());
+        break;
+    case "inspect":
+        await import("./inspect.js").then((m) => m.run());
+        break;
+    case "health":
+        await import("./health.js").then((m) => m.run());
+        break;
+    case "verify":
+        await import("./verify.js").then((m) => m.run());
+        break;
+    case "snapshot":
+        await import("./snapshot.js").then((m) => m.run());
+        break;
+    case "tb":
+        await import("./tb.js").then((m) => m.run());
+        break;
+    default:
+        console.log(`Usage: usertrust <command>
+
+Commands:
+  init       Initialize governance vault
+  inspect    Show governance bank statement
+  health     Show entropy diagnostics
+  verify     Verify audit chain integrity
+  snapshot   Create/restore vault snapshots
+  tb         Manage TigerBeetle process`);
+        break;
+}
+export {};
+//# sourceMappingURL=main.js.map

package/dist/cli/main.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"main.js","sourceRoot":"","sources":["../../src/cli/main.ts"],"names":[],"mappings":";AAEA,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAEhC,QAAQ,OAAO,EAAE,CAAC;IACjB,KAAK,MAAM;QACV,MAAM,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;QAC/C,MAAM;IACP,KAAK,SAAS;QACb,MAAM,MAAM,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;QAClD,MAAM;IACP,KAAK,QAAQ;QACZ,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;QACjD,MAAM;IACP,KAAK,QAAQ;QACZ,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;QACjD,MAAM;IACP,KAAK,UAAU;QACd,MAAM,MAAM,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;QACnD,MAAM;IACP,KAAK,IAAI;QACR,MAAM,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;QAC7C,MAAM;IACP;QACC,OAAO,CAAC,GAAG,CAAC;;;;;;;;wCAQ0B,CAAC,CAAC;QACxC,MAAM;AACR,CAAC"}

package/dist/cli/snapshot.d.ts

@@ -0,0 +1,10 @@
+/**
+ * CLI: usertrust snapshot — Create/restore/list vault snapshots
+ *
+ * Wraps checkpoint.ts for snapshot management:
+ *   usertrust snapshot create <name>
+ *   usertrust snapshot restore <name>
+ *   usertrust snapshot list
+ */
+export declare function run(rootDir?: string): Promise<void>;
+//# sourceMappingURL=snapshot.d.ts.map

package/dist/cli/snapshot.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"snapshot.d.ts","sourceRoot":"","sources":["../../src/cli/snapshot.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAOH,wBAAsB,GAAG,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAqDzD"}

package/dist/cli/snapshot.js

@@ -0,0 +1,61 @@
+/**
+ * CLI: usertrust snapshot — Create/restore/list vault snapshots
+ *
+ * Wraps checkpoint.ts for snapshot management:
+ *   usertrust snapshot create <name>
+ *   usertrust snapshot restore <name>
+ *   usertrust snapshot list
+ */
+import { existsSync } from "node:fs";
+import { join } from "node:path";
+import { VAULT_DIR } from "../shared/constants.js";
+import { createSnapshot, listSnapshots, restoreSnapshot } from "../snapshot/checkpoint.js";
+export async function run(rootDir) {
+    const root = rootDir ?? process.cwd();
+    const vaultPath = join(root, VAULT_DIR);
+    if (!existsSync(vaultPath)) {
+        console.log("No governance vault found. Run `usertrust init` first.");
+        return;
+    }
+    const subcommand = rootDir !== undefined ? process.argv[3] : process.argv[3];
+    const name = process.argv[4];
+    switch (subcommand) {
+        case "create": {
+            if (!name) {
+                console.log("Usage: usertrust snapshot create <name>");
+                return;
+            }
+            const meta = await createSnapshot(vaultPath, name);
+            console.log(`Snapshot created: ${meta.name}`);
+            console.log(`  Files: ${meta.files.length}`);
+            console.log(`  Size: ${meta.size} bytes`);
+            console.log(`  Timestamp: ${meta.timestamp}`);
+            break;
+        }
+        case "restore": {
+            if (!name) {
+                console.log("Usage: usertrust snapshot restore <name>");
+                return;
+            }
+            await restoreSnapshot(vaultPath, name);
+            console.log(`Snapshot restored: ${name}`);
+            break;
+        }
+        case "list": {
+            const snapshots = await listSnapshots(vaultPath);
+            if (snapshots.length === 0) {
+                console.log("No snapshots found.");
+                return;
+            }
+            console.log("Snapshots:");
+            for (const s of snapshots) {
+                console.log(`  ${s.name}  (${s.files.length} files, ${s.size} bytes, ${s.timestamp})`);
+            }
+            break;
+        }
+        default:
+            console.log("Usage: usertrust snapshot <create|restore|list> [name]");
+            break;
+    }
+}
+//# sourceMappingURL=snapshot.js.map

package/dist/cli/snapshot.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"snapshot.js","sourceRoot":"","sources":["../../src/cli/snapshot.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AACnD,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAE3F,MAAM,CAAC,KAAK,UAAU,GAAG,CAAC,OAAgB;IACzC,MAAM,IAAI,GAAG,OAAO,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;IACtC,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IAExC,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC5B,OAAO,CAAC,GAAG,CAAC,wDAAwD,CAAC,CAAC;QACtE,OAAO;IACR,CAAC;IAED,MAAM,UAAU,GAAG,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC7E,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAE7B,QAAQ,UAAU,EAAE,CAAC;QACpB,KAAK,QAAQ,CAAC,CAAC,CAAC;YACf,IAAI,CAAC,IAAI,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,yCAAyC,CAAC,CAAC;gBACvD,OAAO;YACR,CAAC;YACD,MAAM,IAAI,GAAG,MAAM,cAAc,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;YACnD,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;YAC9C,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;YAC7C,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,CAAC,IAAI,QAAQ,CAAC,CAAC;YAC1C,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC;YAC9C,MAAM;QACP,CAAC;QAED,KAAK,SAAS,CAAC,CAAC,CAAC;YAChB,IAAI,CAAC,IAAI,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;gBACxD,OAAO;YACR,CAAC;YACD,MAAM,eAAe,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;YACvC,OAAO,CAAC,GAAG,CAAC,sBAAsB,IAAI,EAAE,CAAC,CAAC;YAC1C,MAAM;QACP,CAAC;QAED,KAAK,MAAM,CAAC,CAAC,CAAC;YACb,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,SAAS,CAAC,CAAC;YACjD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC5B,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;gBACnC,OAAO;YACR,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;YAC1B,KAAK,MAAM,CAAC,IAAI,SAAS,EAAE,CAAC;gBAC3B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC,KAAK,CAAC,MAAM,WAAW,CAAC,CAAC,IAAI,WAAW,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC;YACxF,CAAC;YACD,MAAM;QACP,CAAC;QAED;YACC,OAAO,CAAC,GAAG,CAAC,wDAAwD,CAAC,CAAC;YACtE,MAAM;IACR,CAAC;AACF,CAAC"}

package/dist/cli/tb.d.ts

@@ -0,0 +1,8 @@
+/**
+ * CLI: usertrust tb — TigerBeetle process management (stubs)
+ *
+ * v1 stubs: prints helpful setup messages. Future versions will
+ * manage the embedded TigerBeetle process lifecycle.
+ */
+export declare function run(): Promise<void>;
+//# sourceMappingURL=tb.d.ts.map

package/dist/cli/tb.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tb.d.ts","sourceRoot":"","sources":["../../src/cli/tb.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,wBAAsB,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC,CAwCzC"}

package/dist/cli/tb.js

@@ -0,0 +1,43 @@
+/**
+ * CLI: usertrust tb — TigerBeetle process management (stubs)
+ *
+ * v1 stubs: prints helpful setup messages. Future versions will
+ * manage the embedded TigerBeetle process lifecycle.
+ */
+export async function run() {
+    const subcommand = process.argv[3];
+    switch (subcommand) {
+        case "start":
+            console.log("TigerBeetle start — not yet implemented.");
+            console.log("To run TigerBeetle manually:");
+            console.log("  tigerbeetle start --addresses=3000 --cache-grid=256MiB ./data/0_0.tigerbeetle");
+            break;
+        case "stop":
+            console.log("TigerBeetle stop — not yet implemented.");
+            console.log("To stop TigerBeetle manually:");
+            console.log("  kill $(pgrep tigerbeetle)");
+            break;
+        case "status": {
+            let isRunning = false;
+            try {
+                const { execSync } = await import("node:child_process");
+                const result = execSync("pgrep tigerbeetle", { encoding: "utf-8" }).trim();
+                isRunning = result.length > 0;
+            }
+            catch {
+                isRunning = false;
+            }
+            if (isRunning) {
+                console.log("TigerBeetle: running");
+            }
+            else {
+                console.log("TigerBeetle: not running");
+            }
+            break;
+        }
+        default:
+            console.log("Usage: usertrust tb <start|stop|status>");
+            break;
+    }
+}
+//# sourceMappingURL=tb.js.map

package/dist/cli/tb.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tb.js","sourceRoot":"","sources":["../../src/cli/tb.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,MAAM,CAAC,KAAK,UAAU,GAAG;IACxB,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAEnC,QAAQ,UAAU,EAAE,CAAC;QACpB,KAAK,OAAO;YACX,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;YACxD,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;YAC5C,OAAO,CAAC,GAAG,CACV,iFAAiF,CACjF,CAAC;YACF,MAAM;QAEP,KAAK,MAAM;YACV,OAAO,CAAC,GAAG,CAAC,yCAAyC,CAAC,CAAC;YACvD,OAAO,CAAC,GAAG,CAAC,+BAA+B,CAAC,CAAC;YAC7C,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAC;YAC3C,MAAM;QAEP,KAAK,QAAQ,CAAC,CAAC,CAAC;YACf,IAAI,SAAS,GAAG,KAAK,CAAC;YACtB,IAAI,CAAC;gBACJ,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAC;gBACxD,MAAM,MAAM,GAAG,QAAQ,CAAC,mBAAmB,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;gBAC3E,SAAS,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC;YAC/B,CAAC;YAAC,MAAM,CAAC;gBACR,SAAS,GAAG,KAAK,CAAC;YACnB,CAAC;YAED,IAAI,SAAS,EAAE,CAAC;gBACf,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;YACrC,CAAC;iBAAM,CAAC;gBACP,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;YACzC,CAAC;YACD,MAAM;QACP,CAAC;QAED;YACC,OAAO,CAAC,GAAG,CAAC,yCAAyC,CAAC,CAAC;YACvD,MAAM;IACR,CAAC;AACF,CAAC"}

package/dist/cli/verify.d.ts

@@ -0,0 +1,7 @@
+/**
+ * CLI: usertrust verify — Verify audit chain integrity
+ *
+ * Calls verifyChain() on the local vault's audit log and displays the result.
+ */
+export declare function run(rootDir?: string): Promise<void>;
+//# sourceMappingURL=verify.d.ts.map

package/dist/cli/verify.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify.d.ts","sourceRoot":"","sources":["../../src/cli/verify.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAOH,wBAAsB,GAAG,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAwBzD"}

package/dist/cli/verify.js

@@ -0,0 +1,32 @@
+/**
+ * CLI: usertrust verify — Verify audit chain integrity
+ *
+ * Calls verifyChain() on the local vault's audit log and displays the result.
+ */
+import { existsSync } from "node:fs";
+import { join } from "node:path";
+import { verifyChain } from "../audit/verify.js";
+import { VAULT_DIR } from "../shared/constants.js";
+export async function run(rootDir) {
+    const root = rootDir ?? process.cwd();
+    const vaultPath = join(root, VAULT_DIR);
+    if (!existsSync(vaultPath)) {
+        console.log("No governance vault found. Run `usertrust init` first.");
+        return;
+    }
+    const logPath = join(vaultPath, "audit", "events.jsonl");
+    const result = verifyChain(logPath);
+    if (result.valid) {
+        console.log(`Chain verified: ${result.eventsVerified} events, all hashes valid.`);
+        console.log(`Latest hash: ${result.latestHash}`);
+    }
+    else {
+        console.log(`Chain verification FAILED: ${result.errors.length} error(s) found.`);
+        console.log(`Events checked: ${result.eventsVerified}`);
+        for (const err of result.errors) {
+            console.log(`  - ${err}`);
+        }
+    }
+    console.log(`Verified at: ${result.verifiedAt}`);
+}
+//# sourceMappingURL=verify.js.map

package/dist/cli/verify.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify.js","sourceRoot":"","sources":["../../src/cli/verify.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAEnD,MAAM,CAAC,KAAK,UAAU,GAAG,CAAC,OAAgB;IACzC,MAAM,IAAI,GAAG,OAAO,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;IACtC,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IAExC,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC5B,OAAO,CAAC,GAAG,CAAC,wDAAwD,CAAC,CAAC;QACtE,OAAO;IACR,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,EAAE,OAAO,EAAE,cAAc,CAAC,CAAC;IACzD,MAAM,MAAM,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;IAEpC,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QAClB,OAAO,CAAC,GAAG,CAAC,mBAAmB,MAAM,CAAC,cAAc,4BAA4B,CAAC,CAAC;QAClF,OAAO,CAAC,GAAG,CAAC,gBAAgB,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC;IAClD,CAAC;SAAM,CAAC;QACP,OAAO,CAAC,GAAG,CAAC,8BAA8B,MAAM,CAAC,MAAM,CAAC,MAAM,kBAAkB,CAAC,CAAC;QAClF,OAAO,CAAC,GAAG,CAAC,mBAAmB,MAAM,CAAC,cAAc,EAAE,CAAC,CAAC;QACxD,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YACjC,OAAO,CAAC,GAAG,CAAC,OAAO,GAAG,EAAE,CAAC,CAAC;QAC3B,CAAC;IACF,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,gBAAgB,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC;AAClD,CAAC"}

package/dist/config.d.ts

@@ -0,0 +1,12 @@
+import type { TrustConfig } from "./shared/types.js";
+/**
+ * Load trust config from `.usertrust/usertrust.config.json`, merged with
+ * optional runtime overrides. Returns a validated TrustConfig.
+ *
+ * @param overrides - Optional partial config to merge on top of file values
+ * @param vaultBase - Base directory containing the `.usertrust` vault (default: cwd)
+ */
+export declare function loadConfig(overrides?: Partial<TrustConfig>, vaultBase?: string): Promise<TrustConfig>;
+/** Identity function for TypeScript config intellisense. */
+export declare function defineConfig(config: TrustConfig): TrustConfig;
+//# sourceMappingURL=config.d.ts.map

package/dist/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAErD;;;;;;GAMG;AACH,wBAAsB,UAAU,CAC/B,SAAS,CAAC,EAAE,OAAO,CAAC,WAAW,CAAC,EAChC,SAAS,CAAC,EAAE,MAAM,GAChB,OAAO,CAAC,WAAW,CAAC,CAgBtB;AAED,4DAA4D;AAC5D,wBAAgB,YAAY,CAAC,MAAM,EAAE,WAAW,GAAG,WAAW,CAE7D"}

package/dist/config.js

@@ -0,0 +1,34 @@
+import { existsSync } from "node:fs";
+import { readFile } from "node:fs/promises";
+import { join } from "node:path";
+import { VAULT_DIR } from "./shared/constants.js";
+import { TrustConfigSchema } from "./shared/types.js";
+/**
+ * Load trust config from `.usertrust/usertrust.config.json`, merged with
+ * optional runtime overrides. Returns a validated TrustConfig.
+ *
+ * @param overrides - Optional partial config to merge on top of file values
+ * @param vaultBase - Base directory containing the `.usertrust` vault (default: cwd)
+ */
+export async function loadConfig(overrides, vaultBase) {
+    const base = vaultBase ?? process.cwd();
+    const configPath = join(base, VAULT_DIR, "usertrust.config.json");
+    let raw = {};
+    if (existsSync(configPath)) {
+        raw = JSON.parse(await readFile(configPath, "utf-8"));
+    }
+    const merged = { ...raw };
+    if (overrides) {
+        for (const [key, val] of Object.entries(overrides)) {
+            if (val !== undefined) {
+                merged[key] = val;
+            }
+        }
+    }
+    return TrustConfigSchema.parse(merged);
+}
+/** Identity function for TypeScript config intellisense. */
+export function defineConfig(config) {
+    return TrustConfigSchema.parse(config);
+}
+//# sourceMappingURL=config.js.map

package/dist/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAClD,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAGtD;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAC/B,SAAgC,EAChC,SAAkB;IAElB,MAAM,IAAI,GAAG,SAAS,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;IACxC,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,uBAAuB,CAAC,CAAC;IAClE,IAAI,GAAG,GAA4B,EAAE,CAAC;IACtC,IAAI,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC5B,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC,CAA4B,CAAC;IAClF,CAAC;IACD,MAAM,MAAM,GAAG,EAAE,GAAG,GAAG,EAAE,CAAC;IAC1B,IAAI,SAAS,EAAE,CAAC;QACf,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;YACpD,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;gBACtB,MAAkC,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;YAChD,CAAC;QACF,CAAC;IACF,CAAC;IACD,OAAO,iBAAiB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;AACxC,CAAC;AAED,4DAA4D;AAC5D,MAAM,UAAU,YAAY,CAAC,MAAmB;IAC/C,OAAO,iBAAiB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;AACxC,CAAC"}

package/dist/detect.d.ts

@@ -0,0 +1,18 @@
+/**
+ * LLM Client Detection — duck typing for Anthropic, OpenAI, and Google SDKs.
+ *
+ * Uses structural checks (duck typing) to identify which SDK a client object
+ * belongs to, without requiring the SDK packages as dependencies.
+ */
+import type { LLMClientKind } from "./shared/types.js";
+/**
+ * Detect which LLM SDK a client belongs to by inspecting its shape.
+ *
+ * - Anthropic: `client.messages.create()`
+ * - OpenAI:    `client.chat.completions.create()`
+ * - Google:    `client.models.generateContent()`
+ *
+ * @throws {Error} if the client does not match any known SDK shape
+ */
+export declare function detectClientKind(client: unknown): LLMClientKind;
+//# sourceMappingURL=detect.d.ts.map

package/dist/detect.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"detect.d.ts","sourceRoot":"","sources":["../src/detect.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAEvD;;;;;;;;GAQG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,OAAO,GAAG,aAAa,CAyC/D"}

package/dist/detect.js

@@ -0,0 +1,49 @@
+/**
+ * LLM Client Detection — duck typing for Anthropic, OpenAI, and Google SDKs.
+ *
+ * Uses structural checks (duck typing) to identify which SDK a client object
+ * belongs to, without requiring the SDK packages as dependencies.
+ */
+/**
+ * Detect which LLM SDK a client belongs to by inspecting its shape.
+ *
+ * - Anthropic: `client.messages.create()`
+ * - OpenAI:    `client.chat.completions.create()`
+ * - Google:    `client.models.generateContent()`
+ *
+ * @throws {Error} if the client does not match any known SDK shape
+ */
+export function detectClientKind(client) {
+    if (client != null &&
+        typeof client === "object" &&
+        "messages" in client &&
+        client.messages != null &&
+        typeof client.messages === "object" &&
+        "create" in client.messages &&
+        typeof client.messages.create === "function") {
+        return "anthropic";
+    }
+    if (client != null &&
+        typeof client === "object" &&
+        "chat" in client &&
+        client.chat != null &&
+        typeof client.chat === "object" &&
+        "completions" in client.chat &&
+        client.chat.completions != null &&
+        typeof client.chat.completions === "object" &&
+        "create" in client.chat.completions &&
+        typeof client.chat.completions.create === "function") {
+        return "openai";
+    }
+    if (client != null &&
+        typeof client === "object" &&
+        "models" in client &&
+        client.models != null &&
+        typeof client.models === "object" &&
+        "generateContent" in client.models &&
+        typeof client.models.generateContent === "function") {
+        return "google";
+    }
+    throw new Error("Unsupported LLM client: could not detect Anthropic, OpenAI, or Google SDK");
+}
+//# sourceMappingURL=detect.js.map

package/dist/detect.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"detect.js","sourceRoot":"","sources":["../src/detect.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH;;;;;;;;GAQG;AACH,MAAM,UAAU,gBAAgB,CAAC,MAAe;IAC/C,IACC,MAAM,IAAI,IAAI;QACd,OAAO,MAAM,KAAK,QAAQ;QAC1B,UAAU,IAAI,MAAM;QACpB,MAAM,CAAC,QAAQ,IAAI,IAAI;QACvB,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ;QACnC,QAAQ,IAAI,MAAM,CAAC,QAAQ;QAC3B,OAAO,MAAM,CAAC,QAAQ,CAAC,MAAM,KAAK,UAAU,EAC3C,CAAC;QACF,OAAO,WAAW,CAAC;IACpB,CAAC;IAED,IACC,MAAM,IAAI,IAAI;QACd,OAAO,MAAM,KAAK,QAAQ;QAC1B,MAAM,IAAI,MAAM;QAChB,MAAM,CAAC,IAAI,IAAI,IAAI;QACnB,OAAO,MAAM,CAAC,IAAI,KAAK,QAAQ;QAC/B,aAAa,IAAI,MAAM,CAAC,IAAI;QAC5B,MAAM,CAAC,IAAI,CAAC,WAAW,IAAI,IAAI;QAC/B,OAAO,MAAM,CAAC,IAAI,CAAC,WAAW,KAAK,QAAQ;QAC3C,QAAQ,IAAI,MAAM,CAAC,IAAI,CAAC,WAAW;QACnC,OAAO,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,KAAK,UAAU,EACnD,CAAC;QACF,OAAO,QAAQ,CAAC;IACjB,CAAC;IAED,IACC,MAAM,IAAI,IAAI;QACd,OAAO,MAAM,KAAK,QAAQ;QAC1B,QAAQ,IAAI,MAAM;QAClB,MAAM,CAAC,MAAM,IAAI,IAAI;QACrB,OAAO,MAAM,CAAC,MAAM,KAAK,QAAQ;QACjC,iBAAiB,IAAI,MAAM,CAAC,MAAM;QAClC,OAAO,MAAM,CAAC,MAAM,CAAC,eAAe,KAAK,UAAU,EAClD,CAAC;QACF,OAAO,QAAQ,CAAC;IACjB,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,2EAA2E,CAAC,CAAC;AAC9F,CAAC"}

package/dist/govern.d.ts

@@ -0,0 +1,75 @@
+/**
+ * trust() — Two-Phase Lifecycle Wrapper
+ *
+ * The convergence point of the usertrust SDK. Wires together:
+ *   - LLM client detection (duck typing)
+ *   - TigerBeetle ledger (PENDING → POST/VOID)
+ *   - SHA-256 hash-chained audit trail
+ *   - Policy gate (12-operator rule engine)
+ *   - PII detection
+ *   - Circuit breaker (per-provider)
+ *   - Pattern memory (prompt hashing)
+ *   - Proxy mode (remote governance)
+ *
+ * Failure modes (Spec Section 15):
+ *   15.1 — LLM succeeds, POST fails → settled: false, settlement_ambiguous audit
+ *   15.2 — LLM fails (retryable) → void pending hold, propagate error
+ *   15.3 — Audit write fails after POST → auditDegraded flag, still return response
+ *   15.4 — TigerBeetle unreachable → LedgerUnavailableError, do NOT forward
+ *
+ * Usage:
+ * ```ts
+ * const client = await trust(new Anthropic(), { dryRun: true, budget: 50_000 });
+ * const { response, governance } = await client.messages.create({ ... });
+ * await client.destroy();
+ * ```
+ */
+import { type AuditWriter } from "./audit/chain.js";
+export interface TrustOpts {
+    /** Path to usertrust.config.json. Defaults to `.usertrust/usertrust.config.json`. */
+    configPath?: string;
+    /** Remote proxy URL. When set, receipts include a verify URL. */
+    proxy?: string;
+    /** API key for the proxy. */
+    key?: string;
+    /** Token budget override. */
+    budget?: number;
+    /** Tier override. */
+    tier?: string;
+    /**
+     * Dry-run mode — skips TigerBeetle, audit-chain-only.
+     * Also enabled by USERTRUST_DRY_RUN=true env var.
+     */
+    dryRun?: boolean;
+    /** Vault directory override (default: cwd). */
+    vaultBase?: string;
+    /**
+     * Inject a mock/test engine. When set, used instead of TigerBeetle.
+     * Primarily for testing failure modes.
+     * @internal
+     */
+    _engine?: TrustEngine | null;
+    /**
+     * Inject a mock/test audit writer. When set, used instead of real audit.
+     * @internal
+     */
+    _audit?: AuditWriter;
+}
+/** Minimal engine interface for two-phase spend lifecycle. */
+export interface TrustEngine {
+    spendPending(params: {
+        transferId: string;
+        amount: number;
+    }): Promise<{
+        transferId: string;
+    }>;
+    postPendingSpend(transferId: string): Promise<void>;
+    voidPendingSpend(transferId: string): Promise<void>;
+    destroy?(): void;
+}
+/** The governed client: original client shape + `destroy()`. */
+export type GovernedClient<T> = T & {
+    destroy(): Promise<void>;
+};
+export declare function trust<T>(client: T, opts?: TrustOpts): Promise<GovernedClient<T>>;
+//# sourceMappingURL=govern.d.ts.map

package/dist/govern.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"govern.d.ts","sourceRoot":"","sources":["../src/govern.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAMH,OAAO,EAAE,KAAK,WAAW,EAAqB,MAAM,kBAAkB,CAAC;AAyBvE,MAAM,WAAW,SAAS;IACzB,qFAAqF;IACrF,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,iEAAiE;IACjE,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,6BAA6B;IAC7B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,6BAA6B;IAC7B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,qBAAqB;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd;;;OAGG;IACH,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,+CAA+C;IAC/C,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;;;OAIG;IACH,OAAO,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IAC7B;;;OAGG;IACH,MAAM,CAAC,EAAE,WAAW,CAAC;CACrB;AAED,8DAA8D;AAC9D,MAAM,WAAW,WAAW;IAC3B,YAAY,CAAC,MAAM,EAAE;QACpB,UAAU,EAAE,MAAM,CAAC;QACnB,MAAM,EAAE,MAAM,CAAC;KACf,GAAG,OAAO,CAAC;QAAE,UAAU,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACpC,gBAAgB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACpD,gBAAgB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACpD,OAAO,CAAC,IAAI,IAAI,CAAC;CACjB;AAED,gEAAgE;AAChE,MAAM,MAAM,cAAc,CAAC,CAAC,IAAI,CAAC,GAAG;IAAE,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC,CAAA;CAAE,CAAC;AAIjE,wBAAsB,KAAK,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,IAAI,CAAC,EAAE,SAAS,GAAG,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAyctF"}