Add sovereign-mamba source: Modelfile, kernel Prolog gates, sovereign_crypto Rust, Lean4, corpus policy
0427fad verified | import test from "node:test"; | |
| import assert from "node:assert/strict"; | |
| import { fileURLToPath } from "node:url"; | |
| import { loadTrustDeed } from "../src/trustDeed.js"; | |
| import { checkSyscall } from "../src/policyGate.js"; | |
| import { normalizeModelOutput } from "../src/normalize.js"; | |
| import { resolvePreferredModel } from "../src/ollama.js"; | |
| test("enabled syscall is allowed", () => { | |
| const deed = loadTrustDeed(fileURLToPath(new URL("../trust-deed.json", import.meta.url))); | |
| const decision = checkSyscall(deed, "lean_gate"); | |
| assert.equal(decision.status, "ALLOW"); | |
| assert.equal(decision.requiresReceipt, true); | |
| }); | |
| test("disabled dangerous syscall requires approval", () => { | |
| const deed = loadTrustDeed(fileURLToPath(new URL("../trust-deed.json", import.meta.url))); | |
| const decision = checkSyscall(deed, "bash_exec"); | |
| assert.equal(decision.status, "APPROVAL_REQUIRED"); | |
| }); | |
| test("normalizer extracts syscall tokens and uncertainty", () => { | |
| const normalized = normalizeModelOutput("<|lean_gate|>\nSPEC\n<|receipt_seal|>"); | |
| assert.deepEqual(normalized.syscalls, ["lean_gate", "receipt_seal"]); | |
| assert.equal(normalized.uncertainty, "SPEC"); | |
| }); | |
| test("preferred model resolves to installed snapkitty variant", () => { | |
| const selected = resolvePreferredModel([ | |
| { name: "nemotron-mini:latest", model: "nemotron-mini:latest" }, | |
| { name: "snapkitty-nemotron:latest", model: "snapkitty-nemotron:latest" } | |
| ], undefined, "nemotron"); | |
| assert.equal(selected, "snapkitty-nemotron:latest"); | |
| }); | |