vibecheck-ai 2.0.1 → 5.0.0

package/bin/runners/lib/missions/hardening.js

@@ -0,0 +1,851 @@
+// bin/runners/lib/missions/hardening.js
+// ═══════════════════════════════════════════════════════════════════════════════
+// MISSION HARDENING - Bulletproof error handling, validation, and recovery
+// ═══════════════════════════════════════════════════════════════════════════════
+
+const fs = require('fs');
+const path = require('path');
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// CUSTOM ERROR TYPES
+// ═══════════════════════════════════════════════════════════════════════════════
+
+/**
+ * Base error class for mission system
+ */
+class MissionError extends Error {
+  constructor(message, code, context = {}) {
+    super(message);
+    this.name = 'MissionError';
+    this.code = code;
+    this.context = context;
+    this.timestamp = new Date().toISOString();
+    Error.captureStackTrace(this, this.constructor);
+  }
+
+  toJSON() {
+    return {
+      name: this.name,
+      code: this.code,
+      message: this.message,
+      context: this.context,
+      timestamp: this.timestamp,
+      stack: this.stack,
+    };
+  }
+}
+
+/**
+ * Validation error - input doesn't meet requirements
+ */
+class ValidationError extends MissionError {
+  constructor(message, field, value, context = {}) {
+    super(message, 'VALIDATION_ERROR', { field, value, ...context });
+    this.name = 'ValidationError';
+    this.field = field;
+    this.value = value;
+  }
+}
+
+/**
+ * Checkpoint error - checkpoint operations failed
+ */
+class CheckpointError extends MissionError {
+  constructor(message, operation, checkpointId, context = {}) {
+    super(message, 'CHECKPOINT_ERROR', { operation, checkpointId, ...context });
+    this.name = 'CheckpointError';
+    this.operation = operation;
+    this.checkpointId = checkpointId;
+  }
+}
+
+/**
+ * Safety gate error - gate check failed
+ */
+class SafetyGateError extends MissionError {
+  constructor(message, gate, reason, context = {}) {
+    super(message, 'SAFETY_GATE_ERROR', { gate, reason, ...context });
+    this.name = 'SafetyGateError';
+    this.gate = gate;
+    this.reason = reason;
+  }
+}
+
+/**
+ * Execution error - mission execution failed
+ */
+class ExecutionError extends MissionError {
+  constructor(message, missionId, phase, context = {}) {
+    super(message, 'EXECUTION_ERROR', { missionId, phase, ...context });
+    this.name = 'ExecutionError';
+    this.missionId = missionId;
+    this.phase = phase;
+  }
+}
+
+/**
+ * Rollback error - rollback operation failed
+ */
+class RollbackError extends MissionError {
+  constructor(message, missionId, reason, context = {}) {
+    super(message, 'ROLLBACK_ERROR', { missionId, reason, ...context });
+    this.name = 'RollbackError';
+    this.missionId = missionId;
+    this.reason = reason;
+  }
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// ERROR CODES
+// ═══════════════════════════════════════════════════════════════════════════════
+
+const ERROR_CODES = {
+  // Validation errors (1xxx)
+  INVALID_MISSION_ID: 1001,
+  INVALID_FINDING: 1002,
+  INVALID_FILE_PATH: 1003,
+  INVALID_CONFIDENCE: 1004,
+  INVALID_THRESHOLD: 1005,
+  MISSING_REQUIRED_FIELD: 1006,
+  
+  // Checkpoint errors (2xxx)
+  CHECKPOINT_NOT_FOUND: 2001,
+  CHECKPOINT_CORRUPTED: 2002,
+  CHECKPOINT_CREATE_FAILED: 2003,
+  CHECKPOINT_RESTORE_FAILED: 2004,
+  SNAPSHOT_MISSING: 2005,
+  
+  // Safety gate errors (3xxx)
+  PREFLIGHT_FAILED: 3001,
+  POSTFLIGHT_FAILED: 3002,
+  CONFIDENCE_TOO_LOW: 3003,
+  BLAST_RADIUS_EXCEEDED: 3004,
+  RISK_TOO_HIGH: 3005,
+  DIRTY_WORKING_TREE: 3006,
+  
+  // Execution errors (4xxx)
+  MISSION_NOT_FOUND: 4001,
+  PATCH_FAILED: 4002,
+  VERIFICATION_FAILED: 4003,
+  TIMEOUT: 4004,
+  STAGNATION: 4005,
+  
+  // System errors (5xxx)
+  FILE_NOT_FOUND: 5001,
+  FILE_READ_ERROR: 5002,
+  FILE_WRITE_ERROR: 5003,
+  GIT_ERROR: 5004,
+  UNKNOWN_ERROR: 5999,
+};
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// INPUT VALIDATION
+// ═══════════════════════════════════════════════════════════════════════════════
+
+/**
+ * Validate mission ID format
+ * @param {string} id - Mission ID
+ * @returns {boolean}
+ */
+function isValidMissionId(id) {
+  if (!id || typeof id !== 'string') return false;
+  return /^M_[a-f0-9]{8,}$/i.test(id);
+}
+
+/**
+ * Validate checkpoint ID format
+ * @param {string} id - Checkpoint ID
+ * @returns {boolean}
+ */
+function isValidCheckpointId(id) {
+  if (!id || typeof id !== 'string') return false;
+  return /^cp_M_[a-f0-9]+_[a-z0-9]+$/i.test(id);
+}
+
+/**
+ * Validate file path (no path traversal, valid characters)
+ * @param {string} filePath - File path to validate
+ * @returns {boolean}
+ */
+function isValidFilePath(filePath) {
+  if (!filePath || typeof filePath !== 'string') return false;
+  
+  // Check for path traversal
+  if (filePath.includes('..')) return false;
+  
+  // Check for null bytes
+  if (filePath.includes('\0')) return false;
+  
+  // Check for suspicious patterns
+  if (/[<>:"|?*]/.test(filePath)) return false;
+  
+  return true;
+}
+
+/**
+ * Validate confidence value
+ * @param {number} confidence - Confidence value
+ * @returns {boolean}
+ */
+function isValidConfidence(confidence) {
+  if (typeof confidence !== 'number') return false;
+  if (isNaN(confidence)) return false;
+  return confidence >= 0 && confidence <= 1;
+}
+
+/**
+ * Validate finding object
+ * @param {object} finding - Finding object
+ * @returns {{ valid: boolean, errors: string[] }}
+ */
+function validateFinding(finding) {
+  const errors = [];
+  
+  if (!finding || typeof finding !== 'object') {
+    return { valid: false, errors: ['Finding must be an object'] };
+  }
+  
+  if (!finding.id) {
+    errors.push('Finding must have an id');
+  }
+  
+  if (!finding.category) {
+    errors.push('Finding must have a category');
+  }
+  
+  if (!finding.severity) {
+    errors.push('Finding must have a severity');
+  } else if (!['BLOCK', 'WARN', 'INFO', 'critical', 'high', 'medium', 'low', 'info'].includes(finding.severity)) {
+    errors.push(`Invalid severity: ${finding.severity}`);
+  }
+  
+  if (finding.confidence !== undefined && !isValidConfidence(finding.confidence)) {
+    errors.push(`Invalid confidence: ${finding.confidence}`);
+  }
+  
+  return { valid: errors.length === 0, errors };
+}
+
+/**
+ * Validate mission object
+ * @param {object} mission - Mission object
+ * @returns {{ valid: boolean, errors: string[] }}
+ */
+function validateMission(mission) {
+  const errors = [];
+  
+  if (!mission || typeof mission !== 'object') {
+    return { valid: false, errors: ['Mission must be an object'] };
+  }
+  
+  // ID validation
+  if (!mission.id) {
+    errors.push('Mission must have an id');
+  } else if (!isValidMissionId(mission.id)) {
+    errors.push(`Invalid mission ID format: ${mission.id}`);
+  }
+  
+  // Type validation
+  if (!mission.type) {
+    errors.push('Mission must have a type');
+  }
+  
+  // Objective validation
+  if (!mission.objective) {
+    errors.push('Mission must have an objective');
+  } else {
+    if (!mission.objective.targetFindingIds || !Array.isArray(mission.objective.targetFindingIds)) {
+      errors.push('Mission objective must have targetFindingIds array');
+    } else if (mission.objective.targetFindingIds.length === 0) {
+      errors.push('Mission must target at least one finding');
+    }
+  }
+  
+  // Scope validation
+  if (mission.scope) {
+    if (mission.scope.allowedFiles && !Array.isArray(mission.scope.allowedFiles)) {
+      errors.push('allowedFiles must be an array');
+    }
+    
+    if (mission.scope.allowedFiles) {
+      for (const file of mission.scope.allowedFiles) {
+        if (!isValidFilePath(file)) {
+          errors.push(`Invalid file path: ${file}`);
+        }
+      }
+    }
+  }
+  
+  // Safety validation
+  if (mission.safety) {
+    if (mission.safety.confidence !== undefined && !isValidConfidence(mission.safety.confidence)) {
+      errors.push(`Invalid safety confidence: ${mission.safety.confidence}`);
+    }
+  }
+  
+  return { valid: errors.length === 0, errors };
+}
+
+/**
+ * Validate options object
+ * @param {object} options - Options object
+ * @param {object} schema - Schema defining expected options
+ * @returns {{ valid: boolean, errors: string[], sanitized: object }}
+ */
+function validateOptions(options, schema) {
+  const errors = [];
+  const sanitized = {};
+  
+  for (const [key, spec] of Object.entries(schema)) {
+    const value = options?.[key];
+    
+    // Check required fields
+    if (spec.required && (value === undefined || value === null)) {
+      errors.push(`Required option missing: ${key}`);
+      continue;
+    }
+    
+    // Apply default if not provided
+    if (value === undefined || value === null) {
+      sanitized[key] = spec.default;
+      continue;
+    }
+    
+    // Type validation
+    if (spec.type && typeof value !== spec.type) {
+      errors.push(`Invalid type for ${key}: expected ${spec.type}, got ${typeof value}`);
+      sanitized[key] = spec.default;
+      continue;
+    }
+    
+    // Range validation for numbers
+    if (spec.type === 'number') {
+      if (spec.min !== undefined && value < spec.min) {
+        errors.push(`${key} must be >= ${spec.min}`);
+        sanitized[key] = spec.min;
+        continue;
+      }
+      if (spec.max !== undefined && value > spec.max) {
+        errors.push(`${key} must be <= ${spec.max}`);
+        sanitized[key] = spec.max;
+        continue;
+      }
+    }
+    
+    // Enum validation
+    if (spec.enum && !spec.enum.includes(value)) {
+      errors.push(`Invalid value for ${key}: must be one of ${spec.enum.join(', ')}`);
+      sanitized[key] = spec.default;
+      continue;
+    }
+    
+    sanitized[key] = value;
+  }
+  
+  return { valid: errors.length === 0, errors, sanitized };
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// SAFE FILE OPERATIONS
+// ═══════════════════════════════════════════════════════════════════════════════
+
+/**
+ * Safely read a file with error handling
+ * @param {string} filePath - Absolute file path
+ * @returns {{ ok: boolean, content?: string, error?: string }}
+ */
+function safeReadFile(filePath) {
+  try {
+    if (!fs.existsSync(filePath)) {
+      return { ok: false, error: `File not found: ${filePath}` };
+    }
+    
+    const stats = fs.statSync(filePath);
+    if (stats.isDirectory()) {
+      return { ok: false, error: `Path is a directory: ${filePath}` };
+    }
+    
+    // Limit file size (10MB max)
+    const MAX_SIZE = 10 * 1024 * 1024;
+    if (stats.size > MAX_SIZE) {
+      return { ok: false, error: `File too large: ${stats.size} bytes (max ${MAX_SIZE})` };
+    }
+    
+    const content = fs.readFileSync(filePath, 'utf8');
+    return { ok: true, content };
+  } catch (e) {
+    return { ok: false, error: `Failed to read file: ${e.message}` };
+  }
+}
+
+/**
+ * Safely write a file with error handling
+ * @param {string} filePath - Absolute file path
+ * @param {string} content - Content to write
+ * @returns {{ ok: boolean, error?: string }}
+ */
+function safeWriteFile(filePath, content) {
+  try {
+    // Ensure parent directory exists
+    const dir = path.dirname(filePath);
+    if (!fs.existsSync(dir)) {
+      fs.mkdirSync(dir, { recursive: true });
+    }
+    
+    fs.writeFileSync(filePath, content, 'utf8');
+    return { ok: true };
+  } catch (e) {
+    return { ok: false, error: `Failed to write file: ${e.message}` };
+  }
+}
+
+/**
+ * Safely read JSON file
+ * @param {string} filePath - Absolute file path
+ * @returns {{ ok: boolean, data?: any, error?: string }}
+ */
+function safeReadJson(filePath) {
+  const result = safeReadFile(filePath);
+  if (!result.ok) return result;
+  
+  try {
+    const data = JSON.parse(result.content);
+    return { ok: true, data };
+  } catch (e) {
+    return { ok: false, error: `Invalid JSON: ${e.message}` };
+  }
+}
+
+/**
+ * Safely write JSON file
+ * @param {string} filePath - Absolute file path
+ * @param {any} data - Data to write
+ * @returns {{ ok: boolean, error?: string }}
+ */
+function safeWriteJson(filePath, data) {
+  try {
+    const content = JSON.stringify(data, null, 2);
+    return safeWriteFile(filePath, content);
+  } catch (e) {
+    return { ok: false, error: `Failed to serialize JSON: ${e.message}` };
+  }
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// CIRCUIT BREAKER
+// ═══════════════════════════════════════════════════════════════════════════════
+
+/**
+ * Circuit breaker state
+ */
+const circuitBreakerState = {
+  failures: 0,
+  lastFailure: null,
+  state: 'CLOSED', // CLOSED, OPEN, HALF_OPEN
+  threshold: 5,
+  resetTimeout: 60000, // 1 minute
+};
+
+/**
+ * Check if circuit breaker allows operation
+ * @returns {boolean}
+ */
+function circuitBreakerAllows() {
+  const now = Date.now();
+  
+  if (circuitBreakerState.state === 'OPEN') {
+    // Check if reset timeout has passed
+    if (now - circuitBreakerState.lastFailure > circuitBreakerState.resetTimeout) {
+      circuitBreakerState.state = 'HALF_OPEN';
+      return true;
+    }
+    return false;
+  }
+  
+  return true;
+}
+
+/**
+ * Record circuit breaker success
+ */
+function circuitBreakerSuccess() {
+  if (circuitBreakerState.state === 'HALF_OPEN') {
+    circuitBreakerState.state = 'CLOSED';
+    circuitBreakerState.failures = 0;
+  }
+}
+
+/**
+ * Record circuit breaker failure
+ */
+function circuitBreakerFailure() {
+  circuitBreakerState.failures++;
+  circuitBreakerState.lastFailure = Date.now();
+  
+  if (circuitBreakerState.failures >= circuitBreakerState.threshold) {
+    circuitBreakerState.state = 'OPEN';
+  }
+}
+
+/**
+ * Reset circuit breaker
+ */
+function circuitBreakerReset() {
+  circuitBreakerState.failures = 0;
+  circuitBreakerState.lastFailure = null;
+  circuitBreakerState.state = 'CLOSED';
+}
+
+/**
+ * Get circuit breaker status
+ * @returns {object}
+ */
+function circuitBreakerStatus() {
+  return { ...circuitBreakerState };
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// RETRY LOGIC
+// ═══════════════════════════════════════════════════════════════════════════════
+
+/**
+ * Retry configuration
+ * @typedef {object} RetryConfig
+ * @property {number} maxAttempts - Maximum retry attempts
+ * @property {number} baseDelay - Base delay in ms
+ * @property {number} maxDelay - Maximum delay in ms
+ * @property {boolean} exponential - Use exponential backoff
+ */
+
+const DEFAULT_RETRY_CONFIG = {
+  maxAttempts: 3,
+  baseDelay: 1000,
+  maxDelay: 10000,
+  exponential: true,
+};
+
+/**
+ * Execute function with retry logic
+ * @param {Function} fn - Async function to execute
+ * @param {RetryConfig} config - Retry configuration
+ * @returns {Promise<any>}
+ */
+async function withRetry(fn, config = {}) {
+  const opts = { ...DEFAULT_RETRY_CONFIG, ...config };
+  let lastError;
+  
+  for (let attempt = 1; attempt <= opts.maxAttempts; attempt++) {
+    try {
+      return await fn(attempt);
+    } catch (error) {
+      lastError = error;
+      
+      // Don't retry on validation errors
+      if (error instanceof ValidationError) {
+        throw error;
+      }
+      
+      if (attempt < opts.maxAttempts) {
+        const delay = opts.exponential
+          ? Math.min(opts.baseDelay * Math.pow(2, attempt - 1), opts.maxDelay)
+          : opts.baseDelay;
+        
+        await new Promise(resolve => setTimeout(resolve, delay));
+      }
+    }
+  }
+  
+  throw lastError;
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// AUDIT TRAIL
+// ═══════════════════════════════════════════════════════════════════════════════
+
+/**
+ * Audit log levels
+ */
+const AUDIT_LEVEL = {
+  DEBUG: 'DEBUG',
+  INFO: 'INFO',
+  WARN: 'WARN',
+  ERROR: 'ERROR',
+  CRITICAL: 'CRITICAL',
+};
+
+/**
+ * Audit log entry
+ */
+class AuditEntry {
+  constructor(level, operation, details = {}) {
+    this.timestamp = new Date().toISOString();
+    this.level = level;
+    this.operation = operation;
+    this.details = details;
+    this.sessionId = process.env.VIBECHECK_SESSION_ID || 'unknown';
+  }
+  
+  toJSON() {
+    return {
+      timestamp: this.timestamp,
+      level: this.level,
+      operation: this.operation,
+      details: this.details,
+      sessionId: this.sessionId,
+    };
+  }
+  
+  toString() {
+    return `[${this.timestamp}] [${this.level}] ${this.operation}: ${JSON.stringify(this.details)}`;
+  }
+}
+
+/**
+ * Audit trail manager
+ */
+class AuditTrail {
+  constructor(logDir) {
+    this.logDir = logDir;
+    this.entries = [];
+    this.maxEntries = 1000;
+  }
+  
+  log(level, operation, details = {}) {
+    const entry = new AuditEntry(level, operation, details);
+    this.entries.push(entry);
+    
+    // Trim if too many entries
+    if (this.entries.length > this.maxEntries) {
+      this.entries = this.entries.slice(-this.maxEntries);
+    }
+    
+    // Also write to file if log dir is set
+    if (this.logDir) {
+      this._writeToFile(entry);
+    }
+    
+    return entry;
+  }
+  
+  debug(operation, details) {
+    return this.log(AUDIT_LEVEL.DEBUG, operation, details);
+  }
+  
+  info(operation, details) {
+    return this.log(AUDIT_LEVEL.INFO, operation, details);
+  }
+  
+  warn(operation, details) {
+    return this.log(AUDIT_LEVEL.WARN, operation, details);
+  }
+  
+  error(operation, details) {
+    return this.log(AUDIT_LEVEL.ERROR, operation, details);
+  }
+  
+  critical(operation, details) {
+    return this.log(AUDIT_LEVEL.CRITICAL, operation, details);
+  }
+  
+  getEntries(filter = {}) {
+    let result = [...this.entries];
+    
+    if (filter.level) {
+      result = result.filter(e => e.level === filter.level);
+    }
+    
+    if (filter.operation) {
+      result = result.filter(e => e.operation.includes(filter.operation));
+    }
+    
+    if (filter.since) {
+      const since = new Date(filter.since);
+      result = result.filter(e => new Date(e.timestamp) >= since);
+    }
+    
+    return result;
+  }
+  
+  _writeToFile(entry) {
+    try {
+      if (!fs.existsSync(this.logDir)) {
+        fs.mkdirSync(this.logDir, { recursive: true });
+      }
+      
+      const date = new Date().toISOString().split('T')[0];
+      const logFile = path.join(this.logDir, `mission-audit-${date}.log`);
+      
+      fs.appendFileSync(logFile, entry.toString() + '\n', 'utf8');
+    } catch (e) {
+      // Silently fail - don't break operations due to logging failures
+    }
+  }
+  
+  flush() {
+    if (!this.logDir) return;
+    
+    try {
+      const logFile = path.join(this.logDir, 'mission-audit-summary.json');
+      fs.writeFileSync(logFile, JSON.stringify(this.entries, null, 2), 'utf8');
+    } catch (e) {
+      // Silently fail
+    }
+  }
+}
+
+// Global audit trail instance
+let globalAuditTrail = null;
+
+/**
+ * Initialize global audit trail
+ * @param {string} logDir - Log directory
+ * @returns {AuditTrail}
+ */
+function initAuditTrail(logDir) {
+  globalAuditTrail = new AuditTrail(logDir);
+  return globalAuditTrail;
+}
+
+/**
+ * Get global audit trail
+ * @returns {AuditTrail}
+ */
+function getAuditTrail() {
+  if (!globalAuditTrail) {
+    globalAuditTrail = new AuditTrail(null);
+  }
+  return globalAuditTrail;
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// TIMEOUT WRAPPER
+// ═══════════════════════════════════════════════════════════════════════════════
+
+/**
+ * Execute function with timeout
+ * @param {Function} fn - Async function to execute
+ * @param {number} timeoutMs - Timeout in milliseconds
+ * @param {string} operation - Operation name for error message
+ * @returns {Promise<any>}
+ */
+async function withTimeout(fn, timeoutMs, operation = 'Operation') {
+  return Promise.race([
+    fn(),
+    new Promise((_, reject) => {
+      setTimeout(() => {
+        reject(new ExecutionError(`${operation} timed out after ${timeoutMs}ms`, null, 'timeout', { timeoutMs }));
+      }, timeoutMs);
+    }),
+  ]);
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// SAFE EXECUTION WRAPPER
+// ═══════════════════════════════════════════════════════════════════════════════
+
+/**
+ * Safely execute a function with all hardening features
+ * @param {Function} fn - Async function to execute
+ * @param {object} options - Execution options
+ * @returns {Promise<{ ok: boolean, result?: any, error?: Error }>}
+ */
+async function safeExecute(fn, options = {}) {
+  const {
+    timeout = 30000,
+    retry = false,
+    retryConfig = {},
+    operation = 'Unknown operation',
+    auditTrail = true,
+  } = options;
+  
+  const audit = getAuditTrail();
+  
+  // Check circuit breaker
+  if (!circuitBreakerAllows()) {
+    const error = new ExecutionError('Circuit breaker is open - too many recent failures', null, 'circuit_breaker');
+    if (auditTrail) audit.error('circuit_breaker_blocked', { operation });
+    return { ok: false, error };
+  }
+  
+  try {
+    if (auditTrail) audit.debug('operation_start', { operation });
+    
+    let result;
+    
+    const wrappedFn = async () => {
+      return retry ? await withRetry(fn, retryConfig) : await fn();
+    };
+    
+    result = await withTimeout(wrappedFn, timeout, operation);
+    
+    circuitBreakerSuccess();
+    if (auditTrail) audit.info('operation_success', { operation });
+    
+    return { ok: true, result };
+  } catch (error) {
+    circuitBreakerFailure();
+    
+    if (auditTrail) {
+      audit.error('operation_failed', {
+        operation,
+        error: error.message,
+        code: error.code,
+        stack: error.stack,
+      });
+    }
+    
+    return { ok: false, error };
+  }
+}
+
+// ═══════════════════════════════════════════════════════════════════════════════
+// EXPORTS
+// ═══════════════════════════════════════════════════════════════════════════════
+
+module.exports = {
+  // Error types
+  MissionError,
+  ValidationError,
+  CheckpointError,
+  SafetyGateError,
+  ExecutionError,
+  RollbackError,
+  ERROR_CODES,
+  
+  // Validation
+  isValidMissionId,
+  isValidCheckpointId,
+  isValidFilePath,
+  isValidConfidence,
+  validateFinding,
+  validateMission,
+  validateOptions,
+  
+  // Safe file operations
+  safeReadFile,
+  safeWriteFile,
+  safeReadJson,
+  safeWriteJson,
+  
+  // Circuit breaker
+  circuitBreakerAllows,
+  circuitBreakerSuccess,
+  circuitBreakerFailure,
+  circuitBreakerReset,
+  circuitBreakerStatus,
+  
+  // Retry logic
+  withRetry,
+  DEFAULT_RETRY_CONFIG,
+  
+  // Audit trail
+  AUDIT_LEVEL,
+  AuditEntry,
+  AuditTrail,
+  initAuditTrail,
+  getAuditTrail,
+  
+  // Execution helpers
+  withTimeout,
+  safeExecute,
+};