yuangs 2.31.0 → 2.32.0

package/dist/governance/capability/token.js

@@ -0,0 +1,103 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.sign = sign;
+exports.verify = verify;
+exports.issue = issue;
+exports.checkCapability = checkCapability;
+exports.attenuate = attenuate;
+exports.revoke = revoke;
+exports.checkRevoked = checkRevoked;
+const crypto_1 = __importDefault(require("crypto"));
+const SECRET = process.env.CAP_SECRET || "default-secret-change-in-production";
+function sign(data) {
+    return crypto_1.default
+        .createHmac("sha256", SECRET)
+        .update(data)
+        .digest("hex");
+}
+function verify(cap) {
+    const { signature, ...rest } = cap;
+    const payload = JSON.stringify(rest);
+    const computed = sign(payload);
+    return computed === signature;
+}
+function issue(input) {
+    const base = {
+        id: crypto_1.default.randomUUID(),
+        subject: input.subject,
+        rights: input.rights,
+        scope: input.scope,
+        issuedAt: Date.now(),
+        expiresAt: Date.now() + input.ttlMs,
+        maxUses: input.maxUses ?? 1,
+        used: 0,
+    };
+    const payload = JSON.stringify(base);
+    return {
+        ...base,
+        signature: sign(payload),
+    };
+}
+function checkCapability(cap, want, context) {
+    if (!verify(cap)) {
+        throw new Error("Invalid capability: signature verification failed");
+    }
+    if (Date.now() > cap.expiresAt) {
+        throw new Error("Capability expired");
+    }
+    if (cap.used >= cap.maxUses) {
+        throw new Error("Capability exhausted (max uses reached)");
+    }
+    const rightMatch = cap.rights.some((r) => JSON.stringify(r) === JSON.stringify(want));
+    if (!rightMatch) {
+        throw new Error(`Capability does not grant right: ${JSON.stringify(want)}`);
+    }
+    if (cap.scope.type === "ACTION" && context.actionId !== cap.scope.id) {
+        throw new Error(`Scope violation: capability scoped to action ${cap.scope.id}, used on ${context.actionId}`);
+    }
+    if (cap.scope.type === "PATH_PREFIX" &&
+        context.path &&
+        !context.path.startsWith(cap.scope.prefix)) {
+        throw new Error(`Scope violation: capability scoped to ${cap.scope.prefix}, used on ${context.path}`);
+    }
+    cap.used++;
+}
+function attenuate(cap, limits) {
+    if (!verify(cap)) {
+        throw new Error("Cannot attenuate invalid capability");
+    }
+    const reduced = {
+        ...cap,
+        expiresAt: Math.min(cap.expiresAt, limits.expiresAt ?? cap.expiresAt),
+        maxUses: Math.min(cap.maxUses, limits.maxUses ?? cap.maxUses),
+        used: 0,
+        signature: "",
+    };
+    const payload = JSON.stringify({
+        id: reduced.id,
+        subject: reduced.subject,
+        rights: reduced.rights,
+        scope: reduced.scope,
+        issuedAt: reduced.issuedAt,
+        expiresAt: reduced.expiresAt,
+        maxUses: reduced.maxUses,
+        used: 0,
+    });
+    return {
+        ...reduced,
+        signature: sign(payload),
+    };
+}
+const revokedCaps = new Set();
+function revoke(capId) {
+    revokedCaps.add(capId);
+}
+function checkRevoked(cap) {
+    if (revokedCaps.has(cap.id)) {
+        throw new Error(`Capability ${cap.id} has been revoked`);
+    }
+}
+//# sourceMappingURL=token.js.map

package/dist/governance/capability/token.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token.js","sourceRoot":"","sources":["../../../src/governance/capability/token.ts"],"names":[],"mappings":";;;;;AA2BA,oBAKC;AAED,wBAMC;AAED,sBAwBC;AAED,0CA4CC;AAED,8BAkCC;AAID,wBAEC;AAED,oCAIC;AAhKD,oDAA4B;AAG5B,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,qCAAqC,CAAC;AAwB/E,SAAgB,IAAI,CAAC,IAAY;IAC/B,OAAO,gBAAM;SACV,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC;SAC5B,MAAM,CAAC,IAAI,CAAC;SACZ,MAAM,CAAC,KAAK,CAAC,CAAC;AACnB,CAAC;AAED,SAAgB,MAAM,CAAC,GAAe;IACpC,MAAM,EAAE,SAAS,EAAE,GAAG,IAAI,EAAE,GAAG,GAAG,CAAC;IACnC,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IACrC,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC;IAE/B,OAAO,QAAQ,KAAK,SAAS,CAAC;AAChC,CAAC;AAED,SAAgB,KAAK,CAAC,KAMrB;IACC,MAAM,IAAI,GAAG;QACX,EAAE,EAAE,gBAAM,CAAC,UAAU,EAAE;QACvB,OAAO,EAAE,KAAK,CAAC,OAAO;QACtB,MAAM,EAAE,KAAK,CAAC,MAAM;QACpB,KAAK,EAAE,KAAK,CAAC,KAAK;QAClB,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE;QACpB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,KAAK;QACnC,OAAO,EAAE,KAAK,CAAC,OAAO,IAAI,CAAC;QAC3B,IAAI,EAAE,CAAC;KACR,CAAC;IAEF,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IAErC,OAAO;QACL,GAAG,IAAI;QACP,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC;KACzB,CAAC;AACJ,CAAC;AAED,SAAgB,eAAe,CAC7B,GAAe,EACf,IAAW,EACX,OAA6C;IAE7C,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;IACvE,CAAC;IAED,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,CAAC,SAAS,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;IACxC,CAAC;IAED,IAAI,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;IAC7D,CAAC;IAED,MAAM,UAAU,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAChC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAClD,CAAC;IAEF,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,IAAI,KAAK,CACb,oCAAoC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAC3D,CAAC;IACJ,CAAC;IAED,IAAI,GAAG,CAAC,KAAK,CAAC,IAAI,KAAK,QAAQ,IAAI,OAAO,CAAC,QAAQ,KAAK,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC;QACrE,MAAM,IAAI,KAAK,CACb,gDAAgD,GAAG,CAAC,KAAK,CAAC,EAAE,aAAa,OAAO,CAAC,QAAQ,EAAE,CAC5F,CAAC;IACJ,CAAC;IAED,IACE,GAAG,CAAC,KAAK,CAAC,IAAI,KAAK,aAAa;QAChC,OAAO,CAAC,IAAI;QACZ,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,EAC1C,CAAC;QACD,MAAM,IAAI,KAAK,CACb,yCAAyC,GAAG,CAAC,KAAK,CAAC,MAAM,aAAa,OAAO,CAAC,IAAI,EAAE,CACrF,CAAC;IACJ,CAAC;IAED,GAAG,CAAC,IAAI,EAAE,CAAC;AACb,CAAC;AAED,SAAgB,SAAS,CACvB,GAAe,EACf,MAA0D;IAE1D,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;IACzD,CAAC;IAED,MAAM,OAAO,GAAG;QACd,GAAG,GAAG;QACN,SAAS,EAAE,IAAI,CAAC,GAAG,CACjB,GAAG,CAAC,SAAS,EACb,MAAM,CAAC,SAAS,IAAI,GAAG,CAAC,SAAS,CAClC;QACD,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,GAAG,CAAC,OAAO,CAAC;QAC7D,IAAI,EAAE,CAAC;QACP,SAAS,EAAE,EAAE;KACd,CAAC;IAEF,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC;QAC7B,EAAE,EAAE,OAAO,CAAC,EAAE;QACd,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,IAAI,EAAE,CAAC;KACR,CAAC,CAAC;IAEH,OAAO;QACL,GAAG,OAAO;QACV,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;AAEtC,SAAgB,MAAM,CAAC,KAAa;IAClC,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;AACzB,CAAC;AAED,SAAgB,YAAY,CAAC,GAAe;IAC1C,IAAI,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,cAAc,GAAG,CAAC,EAAE,mBAAmB,CAAC,CAAC;IAC3D,CAAC;AACH,CAAC"}

package/dist/governance/commands/diffEdit.d.ts

@@ -0,0 +1,2 @@
+import { Command } from "commander";
+export declare function createDiffEditCommand(): Command;

package/dist/governance/commands/diffEdit.js

@@ -0,0 +1,176 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createDiffEditCommand = createDiffEditCommand;
+const commander_1 = require("commander");
+const chalk_1 = __importDefault(require("chalk"));
+const fs_1 = __importDefault(require("fs"));
+const GovernanceEngine_1 = require("../GovernanceEngine");
+const CodeChangeAction_1 = require("../actions/CodeChangeAction");
+const diffParser_1 = require("../review/diffParser");
+const render_1 = require("../review/render");
+const sandbox_1 = require("../execution/sandbox");
+const store_1 = require("../storage/store");
+const engine = new GovernanceEngine_1.GovernanceEngine();
+(0, store_1.auditActions)((0, store_1.loadActions)());
+class GitExecutor {
+    async applyDiff(diff) {
+        const { execSync } = require("child_process");
+        try {
+            execSync("git apply --index", {
+                input: diff,
+                stdio: "pipe",
+            });
+        }
+        catch (error) {
+            throw new Error(`Failed to apply diff: ${error}`);
+        }
+    }
+    async readFile(path) {
+        return fs_1.default.promises.readFile(path, "utf-8");
+    }
+    async writeFile(path, content) {
+        await fs_1.default.promises.writeFile(path, content, "utf-8");
+    }
+    async deleteFile(path) {
+        await fs_1.default.promises.unlink(path);
+    }
+}
+function createDiffEditCommand() {
+    const program = new commander_1.Command("diff-edit");
+    program
+        .description("Governed code change CLI - review before executing")
+        .version("1.0.0");
+    program
+        .command("propose <diff-file>")
+        .option("-r, --rationale <text>", "Why this change is needed")
+        .action(async (diffFile, options) => {
+        if (!fs_1.default.existsSync(diffFile)) {
+            console.error(chalk_1.default.red(`Diff file not found: ${diffFile}`));
+            process.exit(1);
+        }
+        const diff = fs_1.default.readFileSync(diffFile, "utf-8");
+        const rationale = options.rationale || "Manual diff submission";
+        const files = (0, diffParser_1.extractFilesFromDiff)(diff);
+        const payload = { files, diff };
+        const action = CodeChangeAction_1.CodeChangeAction.create(payload, rationale, "cli", "manual-" + Date.now());
+        action.propose();
+        const actions = (0, store_1.loadActions)();
+        actions[action.id] = action;
+        (0, store_1.saveActions)(actions);
+        console.log(chalk_1.default.green(`[PROPOSED] ${action.id}`));
+        console.log(chalk_1.default.cyan("Files:"));
+        for (const f of files) {
+            console.log(`  - ${chalk_1.default.yellow(f)}`);
+        }
+        console.log(`\n${chalk_1.default.bold("Rationale:")} ${rationale}`);
+    });
+    program
+        .command("list")
+        .description("List all proposed actions")
+        .action(() => {
+        const actions = (0, store_1.loadActions)();
+        console.log(chalk_1.default.bold("\n" + "=".repeat(60)));
+        console.log(chalk_1.default.bold("Actions"));
+        console.log(chalk_1.default.bold("=".repeat(60)) + "\n");
+        const table = [];
+        for (const [id, a] of Object.entries(actions)) {
+            table.push({
+                id,
+                kind: a.kind,
+                state: a.state,
+                rationale: a.rationale.substring(0, 50),
+            });
+        }
+        console.table(table);
+    });
+    program
+        .command("approve <id>")
+        .description("Review and approve a proposed action")
+        .action(async (id) => {
+        const actions = (0, store_1.loadActions)();
+        const action = actions[id];
+        if (!action) {
+            console.error(chalk_1.default.red(`Action not found: ${id}`));
+            process.exit(1);
+        }
+        const files = (0, diffParser_1.parseUnifiedDiff)(action.payload.diff);
+        (0, render_1.renderDiffForReview)(files, action.rationale);
+        const { level, warnings } = (0, diffParser_1.assessRisk)(files);
+        (0, render_1.renderRiskAssessment)(level, warnings);
+        const approved = await (0, render_1.promptForApproval)();
+        if (!approved) {
+            console.log(chalk_1.default.red("\n[REJECTED] Approval aborted"));
+            action.state = "REJECTED";
+            (0, store_1.saveActions)(actions);
+            return;
+        }
+        action.state = "APPROVED";
+        (0, store_1.saveActions)(actions);
+        console.log(chalk_1.default.green(`\n[APPROVED] ${id}`));
+    });
+    program
+        .command("exec <id>")
+        .description("Execute an approved action")
+        .action(async (id) => {
+        const actions = (0, store_1.loadActions)();
+        const action = actions[id];
+        if (!action) {
+            console.error(chalk_1.default.red(`Action not found: ${id}`));
+            process.exit(1);
+        }
+        if (action.state !== "APPROVED") {
+            console.error(chalk_1.default.red(`Action not approved (state: ${action.state})`));
+            process.exit(1);
+        }
+        console.log(chalk_1.default.cyan(`\n[EXECUTING] ${id}...`));
+        const snapshot = (0, sandbox_1.createSnapshot)();
+        const executor = new GitExecutor();
+        const ctx = { executor, snapshot: snapshot.id };
+        try {
+            await executor.applyDiff(action.payload.diff);
+            const changedFiles = (0, sandbox_1.getChangedFiles)();
+            (0, sandbox_1.assertNoExtraChanges)(action.payload.files, changedFiles);
+            (0, sandbox_1.commitChanges)(`EXECUTED action ${id}`, snapshot.id);
+            action.state = "EXECUTED";
+            action.executedAt = Date.now();
+            (0, store_1.saveActions)(actions);
+            console.log(chalk_1.default.green(`\n[EXECUTED] ${id}`));
+            console.log(chalk_1.default.cyan(`Files changed: ${changedFiles.length}`));
+        }
+        catch (error) {
+            console.error(chalk_1.default.red(`\n[FAILED] ${error}`));
+            console.log(chalk_1.default.yellow("\nRolling back to snapshot..."));
+            (0, sandbox_1.rollbackToSnapshot)(snapshot.id);
+            action.state = "REJECTED";
+            (0, store_1.saveActions)(actions);
+            console.log(chalk_1.default.cyan("\nRolled back successfully"));
+            process.exit(1);
+        }
+    });
+    program
+        .command("status <id>")
+        .description("Show status of an action")
+        .action((id) => {
+        const actions = (0, store_1.loadActions)();
+        const action = actions[id];
+        if (!action) {
+            console.error(chalk_1.default.red(`Action not found: ${id}`));
+            process.exit(1);
+        }
+        console.log(chalk_1.default.bold("\n" + "=".repeat(60)));
+        console.log(chalk_1.default.bold(`Action: ${id}`));
+        console.log(chalk_1.default.bold("=".repeat(60)) + "\n");
+        console.log(`${chalk_1.default.bold("Kind:")} ${action.kind}`);
+        console.log(`${chalk_1.default.bold("State:")} ${action.state}`);
+        console.log(`${chalk_1.default.bold("Rationale:")} ${action.rationale}`);
+        console.log(`${chalk_1.default.bold("Updated:")} ${new Date(action.updatedAt).toLocaleString()}`);
+        if (action.state === "EXECUTED" && action.executedAt) {
+            console.log(`${chalk_1.default.bold("Executed:")} ${new Date(action.executedAt).toLocaleString()}`);
+        }
+    });
+    return program;
+}
+//# sourceMappingURL=diffEdit.js.map

package/dist/governance/commands/diffEdit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"diffEdit.js","sourceRoot":"","sources":["../../../src/governance/commands/diffEdit.ts"],"names":[],"mappings":";;;;;AA2CA,sDAoMC;AA/OD,yCAAoC;AACpC,kDAA0B;AAC1B,4CAAoB;AAEpB,0DAAuD;AACvD,kEAAkF;AAElF,qDAA0F;AAC1F,6CAA+G;AAC/G,kDAAgI;AAEhI,4CAA0E;AAE1E,MAAM,MAAM,GAAG,IAAI,mCAAgB,EAAE,CAAC;AACtC,IAAA,oBAAY,EAAC,IAAA,mBAAW,GAAE,CAAC,CAAC;AAE5B,MAAM,WAAW;IACf,KAAK,CAAC,SAAS,CAAC,IAAY;QAC1B,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;QAE9C,IAAI,CAAC;YACH,QAAQ,CAAC,mBAAmB,EAAE;gBAC5B,KAAK,EAAE,IAAI;gBACX,KAAK,EAAE,MAAM;aACd,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,yBAAyB,KAAK,EAAE,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,IAAY;QACzB,OAAO,YAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAC7C,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,IAAY,EAAE,OAAe;QAC3C,MAAM,YAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IACtD,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,IAAY;QAC3B,MAAM,YAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACjC,CAAC;CACF;AAED,SAAgB,qBAAqB;IACnC,MAAM,OAAO,GAAG,IAAI,mBAAO,CAAC,WAAW,CAAC,CAAC;IAEzC,OAAO;SACJ,WAAW,CAAC,oDAAoD,CAAC;SACjE,OAAO,CAAC,OAAO,CAAC,CAAC;IAEpB,OAAO;SACJ,OAAO,CAAC,qBAAqB,CAAC;SAC9B,MAAM,CAAC,wBAAwB,EAAE,2BAA2B,CAAC;SAC7D,MAAM,CAAC,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE;QAClC,IAAI,CAAC,YAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC7B,OAAO,CAAC,KAAK,CAAC,eAAK,CAAC,GAAG,CAAC,wBAAwB,QAAQ,EAAE,CAAC,CAAC,CAAC;YAC7D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,MAAM,IAAI,GAAG,YAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAChD,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,wBAAwB,CAAC;QAEhE,MAAM,KAAK,GAAG,IAAA,iCAAoB,EAAC,IAAI,CAAC,CAAC;QACzC,MAAM,OAAO,GAAsB,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QAEnD,MAAM,MAAM,GAAG,mCAAgB,CAAC,MAAM,CACpC,OAAO,EACP,SAAS,EACT,KAAK,EACL,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CACvB,CAAC;QAEF,MAAM,CAAC,OAAO,EAAE,CAAC;QAEjB,MAAM,OAAO,GAAG,IAAA,mBAAW,GAAE,CAAC;QAC9B,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,MAAa,CAAC;QACnC,IAAA,mBAAW,EAAC,OAAO,CAAC,CAAC;QAErB,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,KAAK,CAAC,cAAc,MAAM,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;QACpD,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;QAClC,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CAAC,OAAO,eAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACxC,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,KAAK,eAAK,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,SAAS,EAAE,CAAC,CAAC;IAC5D,CAAC,CAAC,CAAC;IAEL,OAAO;SACJ,OAAO,CAAC,MAAM,CAAC;SACf,WAAW,CAAC,2BAA2B,CAAC;SACxC,MAAM,CAAC,GAAG,EAAE;QACX,MAAM,OAAO,GAAG,IAAA,mBAAW,GAAE,CAAC;QAE9B,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC/C,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;QACnC,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QAE/C,MAAM,KAAK,GAKN,EAAE,CAAC;QAER,KAAK,MAAM,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9C,KAAK,CAAC,IAAI,CAAC;gBACT,EAAE;gBACF,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,KAAK,EAAE,CAAC,CAAC,KAAK;gBACd,SAAS,EAAE,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC;aACxC,CAAC,CAAC;QACL,CAAC;QAED,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IACvB,CAAC,CAAC,CAAC;IAEL,OAAO;SACJ,OAAO,CAAC,cAAc,CAAC;SACvB,WAAW,CAAC,sCAAsC,CAAC;SACnD,MAAM,CAAC,KAAK,EAAE,EAAE,EAAE,EAAE;QACnB,MAAM,OAAO,GAAG,IAAA,mBAAW,GAAE,CAAC;QAC9B,MAAM,MAAM,GAAG,OAAO,CAAC,EAAE,CAAC,CAAC;QAE3B,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,CAAC,KAAK,CAAC,eAAK,CAAC,GAAG,CAAC,qBAAqB,EAAE,EAAE,CAAC,CAAC,CAAC;YACpD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,MAAM,KAAK,GAAG,IAAA,6BAAgB,EAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACpD,IAAA,4BAAmB,EAAC,KAAK,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC;QAE7C,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,IAAA,uBAAU,EAAC,KAAK,CAAC,CAAC;QAC9C,IAAA,6BAAoB,EAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;QAEtC,MAAM,QAAQ,GAAG,MAAM,IAAA,0BAAiB,GAAE,CAAC;QAE3C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,GAAG,CAAC,+BAA+B,CAAC,CAAC,CAAC;YACxD,MAAM,CAAC,KAAK,GAAG,UAAU,CAAC;YAC1B,IAAA,mBAAW,EAAC,OAAO,CAAC,CAAC;YACrB,OAAO;QACT,CAAC;QAED,MAAM,CAAC,KAAK,GAAG,UAAU,CAAC;QAC1B,IAAA,mBAAW,EAAC,OAAO,CAAC,CAAC;QAErB,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,KAAK,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC,CAAC;IACjD,CAAC,CAAC,CAAC;IAEL,OAAO;SACJ,OAAO,CAAC,WAAW,CAAC;SACpB,WAAW,CAAC,4BAA4B,CAAC;SACzC,MAAM,CAAC,KAAK,EAAE,EAAE,EAAE,EAAE;QACnB,MAAM,OAAO,GAAG,IAAA,mBAAW,GAAE,CAAC;QAC9B,MAAM,MAAM,GAAG,OAAO,CAAC,EAAE,CAAC,CAAC;QAE3B,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,CAAC,KAAK,CAAC,eAAK,CAAC,GAAG,CAAC,qBAAqB,EAAE,EAAE,CAAC,CAAC,CAAC;YACpD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,IAAI,MAAM,CAAC,KAAK,KAAK,UAAU,EAAE,CAAC;YAChC,OAAO,CAAC,KAAK,CACX,eAAK,CAAC,GAAG,CACP,+BAA+B,MAAM,CAAC,KAAK,GAAG,CAC/C,CACF,CAAC;YACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,iBAAiB,EAAE,KAAK,CAAC,CAAC,CAAC;QAElD,MAAM,QAAQ,GAAG,IAAA,wBAAc,GAAE,CAAC;QAClC,MAAM,QAAQ,GAAG,IAAI,WAAW,EAAE,CAAC;QACnC,MAAM,GAAG,GAAqB,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAC,EAAE,EAAE,CAAC;QAElE,IAAI,CAAC;YACH,MAAM,QAAQ,CAAC,SAAS,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YAE9C,MAAM,YAAY,GAAG,IAAA,yBAAe,GAAE,CAAC;YACvC,IAAA,8BAAoB,EAAC,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;YAEzD,IAAA,uBAAa,EAAC,mBAAmB,EAAE,EAAE,EAAE,QAAQ,CAAC,EAAE,CAAC,CAAC;YAEpD,MAAM,CAAC,KAAK,GAAG,UAAU,CAAC;YAC1B,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YAC/B,IAAA,mBAAW,EAAC,OAAO,CAAC,CAAC;YAErB,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,KAAK,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC,CAAC;YAC/C,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,kBAAkB,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QACnE,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,eAAK,CAAC,GAAG,CAAC,cAAc,KAAK,EAAE,CAAC,CAAC,CAAC;YAEhD,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,MAAM,CAAC,+BAA+B,CAAC,CAAC,CAAC;YAC3D,IAAA,4BAAkB,EAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;YAEhC,MAAM,CAAC,KAAK,GAAG,UAAU,CAAC;YAC1B,IAAA,mBAAW,EAAC,OAAO,CAAC,CAAC;YAErB,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC,CAAC;YACtD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC,CAAC,CAAC;IAEL,OAAO;SACJ,OAAO,CAAC,aAAa,CAAC;SACtB,WAAW,CAAC,0BAA0B,CAAC;SACvC,MAAM,CAAC,CAAC,EAAE,EAAE,EAAE;QACb,MAAM,OAAO,GAAG,IAAA,mBAAW,GAAE,CAAC;QAC9B,MAAM,MAAM,GAAG,OAAO,CAAC,EAAE,CAAC,CAAC;QAE3B,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,CAAC,KAAK,CAAC,eAAK,CAAC,GAAG,CAAC,qBAAqB,EAAE,EAAE,CAAC,CAAC,CAAC;YACpD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC/C,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC,CAAC;QACzC,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QAE/C,OAAO,CAAC,GAAG,CAAC,GAAG,eAAK,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;QACrD,OAAO,CAAC,GAAG,CAAC,GAAG,eAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;QACvD,OAAO,CAAC,GAAG,CAAC,GAAG,eAAK,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC;QAC/D,OAAO,CAAC,GAAG,CACT,GAAG,eAAK,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,IAAI,IAAI,CACnC,MAAM,CAAC,SAAS,CACjB,CAAC,cAAc,EAAE,EAAE,CACrB,CAAC;QAEF,IAAI,MAAM,CAAC,KAAK,KAAK,UAAU,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;YACrD,OAAO,CAAC,GAAG,CACT,GAAG,eAAK,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,IAAI,IAAI,CACpC,MAAM,CAAC,UAAU,CAClB,CAAC,cAAc,EAAE,EAAE,CACrB,CAAC;QACJ,CAAC;IACH,CAAC,CAAC,CAAC;IAEL,OAAO,OAAO,CAAC;AACjB,CAAC"}

package/dist/governance/execution/sandbox.d.ts

@@ -0,0 +1,12 @@
+export interface ExecutionSnapshot {
+    id: string;
+    commitHash: string;
+    timestamp: number;
+    isClean: boolean;
+}
+export declare function createSnapshot(): ExecutionSnapshot;
+export declare function verifySnapshot(snapshotId: string): boolean;
+export declare function rollbackToSnapshot(snapshotId: string): void;
+export declare function commitChanges(message: string, snapshotId: string): void;
+export declare function getChangedFiles(): string[];
+export declare function assertNoExtraChanges(approvedFiles: string[], actualFiles: string[]): void;

package/dist/governance/execution/sandbox.js

@@ -0,0 +1,76 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createSnapshot = createSnapshot;
+exports.verifySnapshot = verifySnapshot;
+exports.rollbackToSnapshot = rollbackToSnapshot;
+exports.commitChanges = commitChanges;
+exports.getChangedFiles = getChangedFiles;
+exports.assertNoExtraChanges = assertNoExtraChanges;
+const child_process_1 = require("child_process");
+function createSnapshot() {
+    const statusOutput = (0, child_process_1.execSync)("git status --porcelain", {
+        encoding: "utf-8",
+    }).trim();
+    const isClean = statusOutput.length === 0;
+    if (!isClean) {
+        throw new Error("Cannot create snapshot: working tree is dirty. Commit or stash changes first.");
+    }
+    const commitHash = (0, child_process_1.execSync)("git rev-parse HEAD", {
+        encoding: "utf-8",
+    }).trim();
+    return {
+        id: commitHash,
+        commitHash,
+        timestamp: Date.now(),
+        isClean,
+    };
+}
+function verifySnapshot(snapshotId) {
+    try {
+        const current = (0, child_process_1.execSync)("git rev-parse HEAD", {
+            encoding: "utf-8",
+        }).trim();
+        return current === snapshotId;
+    }
+    catch {
+        return false;
+    }
+}
+function rollbackToSnapshot(snapshotId) {
+    try {
+        (0, child_process_1.execSync)(`git reset --hard ${snapshotId}`, {
+            stdio: "inherit",
+        });
+        console.log(`Rolled back to snapshot ${snapshotId}`);
+    }
+    catch (error) {
+        throw new Error(`Failed to rollback to snapshot ${snapshotId}: ${error}`);
+    }
+}
+function commitChanges(message, snapshotId) {
+    try {
+        (0, child_process_1.execSync)(`git commit -am "${message}"`, {
+            stdio: "inherit",
+        });
+    }
+    catch (error) {
+        throw new Error(`Failed to commit changes: ${error}`);
+    }
+}
+function getChangedFiles() {
+    const output = (0, child_process_1.execSync)("git diff --name-only", {
+        encoding: "utf-8",
+    });
+    return output
+        .trim()
+        .split("\n")
+        .filter((f) => f.length > 0);
+}
+function assertNoExtraChanges(approvedFiles, actualFiles) {
+    const approvedSet = new Set(approvedFiles);
+    const extraFiles = actualFiles.filter((f) => !approvedSet.has(f));
+    if (extraFiles.length > 0) {
+        throw new Error(`Governance violation: execution modified undeclared files:\n${extraFiles.join("\n")}`);
+    }
+}
+//# sourceMappingURL=sandbox.js.map

package/dist/governance/execution/sandbox.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sandbox.js","sourceRoot":"","sources":["../../../src/governance/execution/sandbox.ts"],"names":[],"mappings":";;AASA,wCAuBC;AAED,wCAUC;AAED,gDAWC;AAED,sCAQC;AAED,0CASC;AAED,oDAYC;AA5FD,iDAAyC;AASzC,SAAgB,cAAc;IAC5B,MAAM,YAAY,GAAG,IAAA,wBAAQ,EAAC,wBAAwB,EAAE;QACtD,QAAQ,EAAE,OAAO;KAClB,CAAC,CAAC,IAAI,EAAE,CAAC;IAEV,MAAM,OAAO,GAAG,YAAY,CAAC,MAAM,KAAK,CAAC,CAAC;IAE1C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACb,+EAA+E,CAChF,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,IAAA,wBAAQ,EAAC,oBAAoB,EAAE;QAChD,QAAQ,EAAE,OAAO;KAClB,CAAC,CAAC,IAAI,EAAE,CAAC;IAEV,OAAO;QACL,EAAE,EAAE,UAAU;QACd,UAAU;QACV,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;QACrB,OAAO;KACR,CAAC;AACJ,CAAC;AAED,SAAgB,cAAc,CAAC,UAAkB;IAC/C,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,IAAA,wBAAQ,EAAC,oBAAoB,EAAE;YAC7C,QAAQ,EAAE,OAAO;SAClB,CAAC,CAAC,IAAI,EAAE,CAAC;QAEV,OAAO,OAAO,KAAK,UAAU,CAAC;IAChC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAgB,kBAAkB,CAAC,UAAkB;IACnD,IAAI,CAAC;QACH,IAAA,wBAAQ,EAAC,oBAAoB,UAAU,EAAE,EAAE;YACzC,KAAK,EAAE,SAAS;SACjB,CAAC,CAAC;QACH,OAAO,CAAC,GAAG,CAAC,2BAA2B,UAAU,EAAE,CAAC,CAAC;IACvD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CACb,kCAAkC,UAAU,KAAK,KAAK,EAAE,CACzD,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAgB,aAAa,CAAC,OAAe,EAAE,UAAkB;IAC/D,IAAI,CAAC;QACH,IAAA,wBAAQ,EAAC,mBAAmB,OAAO,GAAG,EAAE;YACtC,KAAK,EAAE,SAAS;SACjB,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,6BAA6B,KAAK,EAAE,CAAC,CAAC;IACxD,CAAC;AACH,CAAC;AAED,SAAgB,eAAe;IAC7B,MAAM,MAAM,GAAG,IAAA,wBAAQ,EAAC,sBAAsB,EAAE;QAC9C,QAAQ,EAAE,OAAO;KAClB,CAAC,CAAC;IAEH,OAAO,MAAM;SACV,IAAI,EAAE;SACN,KAAK,CAAC,IAAI,CAAC;SACX,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;AACjC,CAAC;AAED,SAAgB,oBAAoB,CAClC,aAAuB,EACvB,WAAqB;IAErB,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC;IAC3C,MAAM,UAAU,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAElE,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CACb,+DAA+D,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACvF,CAAC;IACJ,CAAC;AACH,CAAC"}

package/dist/governance/fsm/stateMachine.d.ts

@@ -0,0 +1,40 @@
+import { GovernanceState } from "../GovernedAction";
+/**
+ * Throw governance violation if transition is not permitted
+ */
+export declare function assertTransition(from: GovernanceState, to: GovernanceState): void;
+/**
+ * Check if a transition is valid (without throwing)
+ */
+export declare function canTransition(from: GovernanceState, to: GovernanceState): boolean;
+/**
+ * Get all possible next states from current state
+ */
+export declare function getNextStates(from: GovernanceState): GovernanceState[];
+/**
+ * Validate that a state is valid
+ */
+export declare function isValidState(state: string): state is GovernanceState;
+/**
+ * State machine transition history entry
+ */
+export interface TransitionHistoryEntry {
+    from: GovernanceState;
+    to: GovernanceState;
+    timestamp: number;
+    reason?: string;
+}
+/**
+ * State machine for tracking governance state transitions
+ * Enforces constitutional invariants
+ */
+export declare class GovernanceStateMachine {
+    private currentState;
+    private history;
+    constructor(initialState: GovernanceState);
+    get current(): GovernanceState;
+    get transitionHistory(): TransitionHistoryEntry[];
+    transition(to: GovernanceState, reason?: string): void;
+    isTerminal(): boolean;
+    canProceedTo(state: GovernanceState): boolean;
+}

package/dist/governance/fsm/stateMachine.js

@@ -0,0 +1,93 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GovernanceStateMachine = void 0;
+exports.assertTransition = assertTransition;
+exports.canTransition = canTransition;
+exports.getNextStates = getNextStates;
+exports.isValidState = isValidState;
+/**
+ * Only these state transitions are legally permitted
+ * Any other transition is a governance violation
+ */
+const ALLOWED_TRANSITIONS = {
+    DRAFT: ["PROPOSED"],
+    PROPOSED: ["APPROVED", "REJECTED"],
+    APPROVED: ["EXECUTED"],
+    EXECUTED: ["OBSERVED"],
+    OBSERVED: ["VERIFIED"],
+    VERIFIED: [],
+    REJECTED: [],
+};
+/**
+ * Throw governance violation if transition is not permitted
+ */
+function assertTransition(from, to) {
+    const allowed = ALLOWED_TRANSITIONS[from].includes(to);
+    if (!allowed) {
+        throw new Error(`Governance violation: illegal state transition ${from} → ${to}`);
+    }
+}
+/**
+ * Check if a transition is valid (without throwing)
+ */
+function canTransition(from, to) {
+    return ALLOWED_TRANSITIONS[from].includes(to);
+}
+/**
+ * Get all possible next states from current state
+ */
+function getNextStates(from) {
+    return [...ALLOWED_TRANSITIONS[from]];
+}
+/**
+ * Validate that a state is valid
+ */
+function isValidState(state) {
+    return [
+        "DRAFT",
+        "PROPOSED",
+        "APPROVED",
+        "EXECUTED",
+        "OBSERVED",
+        "VERIFIED",
+        "REJECTED",
+    ].includes(state);
+}
+/**
+ * State machine for tracking governance state transitions
+ * Enforces constitutional invariants
+ */
+class GovernanceStateMachine {
+    currentState;
+    history = [];
+    constructor(initialState) {
+        if (!isValidState(initialState)) {
+            throw new Error(`Invalid initial state: ${initialState}`);
+        }
+        this.currentState = initialState;
+    }
+    get current() {
+        return this.currentState;
+    }
+    get transitionHistory() {
+        return [...this.history];
+    }
+    transition(to, reason) {
+        assertTransition(this.currentState, to);
+        this.history.push({
+            from: this.currentState,
+            to,
+            timestamp: Date.now(),
+            reason,
+        });
+        this.currentState = to;
+    }
+    isTerminal() {
+        return this.currentState === "VERIFIED" || this.currentState === "REJECTED";
+    }
+    canProceedTo(state) {
+        return canTransition(this.currentState, state);
+    }
+}
+exports.GovernanceStateMachine = GovernanceStateMachine;
+//# sourceMappingURL=stateMachine.js.map

package/dist/governance/fsm/stateMachine.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"stateMachine.js","sourceRoot":"","sources":["../../../src/governance/fsm/stateMachine.ts"],"names":[],"mappings":";;;AAmBA,4CAWC;AAKD,sCAKC;AAKD,sCAEC;AAKD,oCAUC;AA5DD;;;GAGG;AACH,MAAM,mBAAmB,GAA+C;IACtE,KAAK,EAAE,CAAC,UAAU,CAAC;IACnB,QAAQ,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC;IAClC,QAAQ,EAAE,CAAC,UAAU,CAAC;IACtB,QAAQ,EAAE,CAAC,UAAU,CAAC;IACtB,QAAQ,EAAE,CAAC,UAAU,CAAC;IACtB,QAAQ,EAAE,EAAE;IACZ,QAAQ,EAAE,EAAE;CACb,CAAC;AAEF;;GAEG;AACH,SAAgB,gBAAgB,CAC9B,IAAqB,EACrB,EAAmB;IAEnB,MAAM,OAAO,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IAEvD,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACb,kDAAkD,IAAI,MAAM,EAAE,EAAE,CACjE,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,aAAa,CAC3B,IAAqB,EACrB,EAAmB;IAEnB,OAAO,mBAAmB,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;AAChD,CAAC;AAED;;GAEG;AACH,SAAgB,aAAa,CAAC,IAAqB;IACjD,OAAO,CAAC,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC;AACxC,CAAC;AAED;;GAEG;AACH,SAAgB,YAAY,CAAC,KAAa;IACxC,OAAO;QACL,OAAO;QACP,UAAU;QACV,UAAU;QACV,UAAU;QACV,UAAU;QACV,UAAU;QACV,UAAU;KACX,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AACpB,CAAC;AAYD;;;GAGG;AACH,MAAa,sBAAsB;IACzB,YAAY,CAAkB;IAC9B,OAAO,GAA6B,EAAE,CAAC;IAE/C,YAAY,YAA6B;QACvC,IAAI,CAAC,YAAY,CAAC,YAAY,CAAC,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,0BAA0B,YAAY,EAAE,CAAC,CAAC;QAC5D,CAAC;QACD,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;IACnC,CAAC;IAED,IAAI,OAAO;QACT,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAED,IAAI,iBAAiB;QACnB,OAAO,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC;IAC3B,CAAC;IAED,UAAU,CAAC,EAAmB,EAAE,MAAe;QAC7C,gBAAgB,CAAC,IAAI,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;QAExC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;YAChB,IAAI,EAAE,IAAI,CAAC,YAAY;YACvB,EAAE;YACF,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,MAAM;SACP,CAAC,CAAC;QAEH,IAAI,CAAC,YAAY,GAAG,EAAE,CAAC;IACzB,CAAC;IAED,UAAU;QACR,OAAO,IAAI,CAAC,YAAY,KAAK,UAAU,IAAI,IAAI,CAAC,YAAY,KAAK,UAAU,CAAC;IAC9E,CAAC;IAED,YAAY,CAAC,KAAsB;QACjC,OAAO,aAAa,CAAC,IAAI,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;IACjD,CAAC;CACF;AAvCD,wDAuCC"}

package/dist/governance/index.d.ts

@@ -0,0 +1,9 @@
+export * from "./GovernedAction";
+export * from "./GovernanceEngine";
+export * from "./actions/CodeChangeAction";
+export * from "./fsm/stateMachine";
+export * from "./review/diffParser";
+export * from "./review/render";
+export * from "./execution/sandbox";
+export * from "./capability/token";
+export * from "./storage/store";

package/dist/governance/index.js

@@ -0,0 +1,26 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./GovernedAction"), exports);
+__exportStar(require("./GovernanceEngine"), exports);
+__exportStar(require("./actions/CodeChangeAction"), exports);
+__exportStar(require("./fsm/stateMachine"), exports);
+__exportStar(require("./review/diffParser"), exports);
+__exportStar(require("./review/render"), exports);
+__exportStar(require("./execution/sandbox"), exports);
+__exportStar(require("./capability/token"), exports);
+__exportStar(require("./storage/store"), exports);
+//# sourceMappingURL=index.js.map

package/dist/governance/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/governance/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,mDAAiC;AACjC,qDAAmC;AACnC,6DAA2C;AAC3C,qDAAmC;AACnC,sDAAoC;AACpC,kDAAgC;AAChC,sDAAoC;AACpC,qDAAmC;AACnC,kDAAgC"}

package/dist/governance/review/diffParser.d.ts

@@ -0,0 +1,12 @@
+export interface DiffFile {
+    file: string;
+    additions: number;
+    deletions: number;
+    hunks: string[];
+}
+export declare function parseUnifiedDiff(diff: string): DiffFile[];
+export declare function extractFilesFromDiff(diff: string): string[];
+export declare function assessRisk(files: DiffFile[]): {
+    level: "low" | "medium" | "high";
+    warnings: string[];
+};

package/dist/governance/review/diffParser.js

@@ -0,0 +1,61 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.parseUnifiedDiff = parseUnifiedDiff;
+exports.extractFilesFromDiff = extractFilesFromDiff;
+exports.assessRisk = assessRisk;
+function parseUnifiedDiff(diff) {
+    const files = [];
+    let current = null;
+    for (const line of diff.split("\n")) {
+        if (line.startsWith("diff --git")) {
+            if (current) {
+                files.push(current);
+            }
+            const match = line.match(/b\/(.+)$/);
+            const file = match ? match[1] : "unknown";
+            current = { file, additions: 0, deletions: 0, hunks: [] };
+        }
+        else if (!current) {
+            continue;
+        }
+        else if (line.startsWith("+") && !line.startsWith("+++")) {
+            current.additions++;
+        }
+        else if (line.startsWith("-") && !line.startsWith("---")) {
+            current.deletions++;
+        }
+        else if (line.startsWith("@@")) {
+            current.hunks.push(line);
+        }
+    }
+    if (current) {
+        files.push(current);
+    }
+    return files;
+}
+function extractFilesFromDiff(diff) {
+    const files = [];
+    const filePattern = /^\+\+\+ b\/(.+)$/m;
+    for (const match of diff.matchAll(filePattern)) {
+        files.push(match[1]);
+    }
+    return files;
+}
+function assessRisk(files) {
+    const warnings = [];
+    const totalLines = files.reduce((sum, f) => sum + f.additions + f.deletions, 0);
+    if (totalLines > 300) {
+        warnings.push(`Large changeset: ${totalLines} lines`);
+    }
+    if (files.length > 10) {
+        warnings.push(`Many files touched: ${files.length}`);
+    }
+    if (totalLines > 1000) {
+        return { level: "high", warnings };
+    }
+    if (totalLines > 300 || files.length > 10) {
+        return { level: "medium", warnings };
+    }
+    return { level: "low", warnings };
+}
+//# sourceMappingURL=diffParser.js.map

package/dist/governance/review/diffParser.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"diffParser.js","sourceRoot":"","sources":["../../../src/governance/review/diffParser.ts"],"names":[],"mappings":";;AAOA,4CA4BC;AAED,oDASC;AAED,gCA2BC;AApED,SAAgB,gBAAgB,CAAC,IAAY;IAC3C,MAAM,KAAK,GAAe,EAAE,CAAC;IAC7B,IAAI,OAAO,GAAoB,IAAI,CAAC;IAEpC,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACpC,IAAI,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YAClC,IAAI,OAAO,EAAE,CAAC;gBACZ,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACtB,CAAC;YACD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;YACrC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1C,OAAO,GAAG,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;QAC5D,CAAC;aAAM,IAAI,CAAC,OAAO,EAAE,CAAC;YACpB,SAAS;QACX,CAAC;aAAM,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;YAC3D,OAAO,CAAC,SAAS,EAAE,CAAC;QACtB,CAAC;aAAM,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;YAC3D,OAAO,CAAC,SAAS,EAAE,CAAC;QACtB,CAAC;aAAM,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACjC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC;IAED,IAAI,OAAO,EAAE,CAAC;QACZ,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACtB,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAgB,oBAAoB,CAAC,IAAY;IAC/C,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,WAAW,GAAG,mBAAmB,CAAC;IAExC,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;QAC/C,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACvB,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAgB,UAAU,CAAC,KAAiB;IAI1C,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,CAC7B,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,SAAS,EAC3C,CAAC,CACF,CAAC;IAEF,IAAI,UAAU,GAAG,GAAG,EAAE,CAAC;QACrB,QAAQ,CAAC,IAAI,CAAC,oBAAoB,UAAU,QAAQ,CAAC,CAAC;IACxD,CAAC;IAED,IAAI,KAAK,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QACtB,QAAQ,CAAC,IAAI,CAAC,uBAAuB,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;IACvD,CAAC;IAED,IAAI,UAAU,GAAG,IAAI,EAAE,CAAC;QACtB,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC;IACrC,CAAC;IAED,IAAI,UAAU,GAAG,GAAG,IAAI,KAAK,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QAC1C,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC;IACvC,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;AACpC,CAAC"}