Merge commit 'd803bfe2b1fe7f5e219e50ac20d6801a0a58ac75' as 'vendor/ruvector'

2026-02-28 14:39:40 -05:00
parent 7885bf6278 d803bfe2b1
commit cd5943df23
7854 changed files with 3522914 additions and 0 deletions
--- a/vendor/ruvector/npm/packages/cognitum-gate-wasm/examples/express-middleware.js
+++ b/vendor/ruvector/npm/packages/cognitum-gate-wasm/examples/express-middleware.js
@@ -0,0 +1,151 @@
+"use strict";
+/**
+ * Express Middleware Example
+ *
+ * This example shows how to use Cognitum Gate as Express middleware
+ * to protect API endpoints with coherence-based access control.
+ *
+ * Run with: npx ts-node examples/express-middleware.ts
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const express_1 = __importDefault(require("express"));
+const gate_1 = require("@cognitum/gate");
+// Initialize the gate (singleton)
+let gate;
+async function initGate() {
+    gate = await gate_1.CognitumGate.init({
+        thresholds: {
+            minCut: 10.0,
+            maxShift: 0.5,
+            eDeny: 0.01,
+            ePermit: 100.0,
+        },
+        storage: 'memory',
+    });
+}
+/**
+ * Gate middleware factory
+ * Creates middleware that checks coherence before allowing actions
+ */
+function gateMiddleware(actionType) {
+    return async (req, res, next) => {
+        const action = {
+            actionId: `${req.method}-${req.path}-${Date.now()}`,
+            actionType,
+            agentId: req.headers['x-agent-id'] || 'anonymous',
+            target: req.path,
+            metadata: {
+                method: req.method,
+                ip: req.ip,
+                userAgent: req.headers['user-agent'],
+            },
+        };
+        try {
+            const result = await gate.permitAction(action);
+            switch (result.decision) {
+                case gate_1.GateDecision.Permit:
+                    // Attach token and continue
+                    req.gateToken = result.token;
+                    req.gateReceipt = result.receiptSequence;
+                    next();
+                    break;
+                case gate_1.GateDecision.Defer:
+                    // Return 202 Accepted with escalation info
+                    res.status(202).json({
+                        status: 'deferred',
+                        message: 'Human approval required',
+                        escalation: {
+                            url: result.escalation?.contextUrl,
+                            timeout: result.escalation?.timeoutNs,
+                        },
+                        receiptSequence: result.receiptSequence,
+                    });
+                    break;
+                case gate_1.GateDecision.Deny:
+                    // Return 403 Forbidden with witness
+                    res.status(403).json({
+                        status: 'denied',
+                        reason: result.reason,
+                        witness: {
+                            structural: result.witness?.structural,
+                            evidential: result.witness?.evidential,
+                        },
+                        receiptSequence: result.receiptSequence,
+                    });
+                    break;
+            }
+        }
+        catch (error) {
+            // Gate error - fail closed
+            res.status(500).json({
+                status: 'error',
+                message: 'Gate evaluation failed',
+            });
+        }
+    };
+}
+// Create Express app
+const app = (0, express_1.default)();
+app.use(express_1.default.json());
+// Public endpoints (no gate)
+app.get('/health', (req, res) => {
+    res.json({ status: 'healthy' });
+});
+// Protected read endpoint
+app.get('/api/config/:id', gateMiddleware('config_read'), (req, res) => {
+    res.json({
+        id: req.params.id,
+        value: 'some-config-value',
+        _gateReceipt: req.gateReceipt,
+    });
+});
+// Protected write endpoint (higher scrutiny)
+app.post('/api/config/:id', gateMiddleware('config_write'), (req, res) => {
+    res.json({
+        id: req.params.id,
+        updated: true,
+        _gateReceipt: req.gateReceipt,
+    });
+});
+// Critical endpoint (deployment)
+app.post('/api/deploy', gateMiddleware('deployment'), (req, res) => {
+    res.json({
+        deployed: true,
+        version: req.body.version,
+        _gateReceipt: req.gateReceipt,
+    });
+});
+// Audit endpoint
+app.get('/api/audit/receipts', async (req, res) => {
+    const from = parseInt(req.query.from) || 0;
+    const limit = parseInt(req.query.limit) || 100;
+    const receipts = await gate.getReceipts(from, limit);
+    res.json({
+        receipts,
+        chainValid: await gate.verifyChain(),
+    });
+});
+// Start server
+async function main() {
+    await initGate();
+    const PORT = process.env.PORT || 3000;
+    app.listen(PORT, () => {
+        console.log(`Cognitum Gate Express example listening on port ${PORT}`);
+        console.log(`
+Endpoints:
+  GET  /health              - Health check (no gate)
+  GET  /api/config/:id      - Read config (gated)
+  POST /api/config/:id      - Write config (gated)
+  POST /api/deploy          - Deploy (gated, high scrutiny)
+  GET  /api/audit/receipts  - Audit trail
+
+Test with:
+  curl http://localhost:${PORT}/api/config/123 -H "X-Agent-Id: test-agent"
+    `);
+    });
+}
+main().catch(console.error);
+//# sourceMappingURL=express-middleware.js.map