chore: add copyright headers, CI tests, and sanitize gitignore

internal/application/resilience/behavioral.go

@@ -1,3 +1,7 @@
+// Copyright 2026 Syntrex Lab. All rights reserved.
+// Use of this source code is governed by an Apache-2.0 license
+// that can be found in the LICENSE file.
+
 package resilience
 
 import (
@@ -10,24 +14,24 @@ import (
 
 // BehaviorProfile captures the runtime behavior of a component.
 type BehaviorProfile struct {
-	Goroutines     int                `json:"goroutines"`
-	HeapAllocMB    float64            `json:"heap_alloc_mb"`
-	HeapObjectsK   float64            `json:"heap_objects_k"`
-	GCPauseMs      float64            `json:"gc_pause_ms"`
-	NumGC          uint32             `json:"num_gc"`
-	FileDescriptors int               `json:"file_descriptors,omitempty"`
-	CustomMetrics  map[string]float64 `json:"custom_metrics,omitempty"`
+	Goroutines      int                `json:"goroutines"`
+	HeapAllocMB     float64            `json:"heap_alloc_mb"`
+	HeapObjectsK    float64            `json:"heap_objects_k"`
+	GCPauseMs       float64            `json:"gc_pause_ms"`
+	NumGC           uint32             `json:"num_gc"`
+	FileDescriptors int                `json:"file_descriptors,omitempty"`
+	CustomMetrics   map[string]float64 `json:"custom_metrics,omitempty"`
 }
 
 // BehavioralAlert is emitted when a behavioral anomaly is detected.
 type BehavioralAlert struct {
-	Component   string  `json:"component"`
-	AnomalyType string  `json:"anomaly_type"` // goroutine_leak, memory_leak, gc_pressure, etc.
-	Metric      string  `json:"metric"`
-	Current     float64 `json:"current"`
-	Baseline    float64 `json:"baseline"`
-	ZScore      float64 `json:"z_score"`
-	Severity    string  `json:"severity"`
+	Component   string    `json:"component"`
+	AnomalyType string    `json:"anomaly_type"` // goroutine_leak, memory_leak, gc_pressure, etc.
+	Metric      string    `json:"metric"`
+	Current     float64   `json:"current"`
+	Baseline    float64   `json:"baseline"`
+	ZScore      float64   `json:"z_score"`
+	Severity    string    `json:"severity"`
 	Timestamp   time.Time `json:"timestamp"`
 }
 
@@ -35,12 +39,12 @@ type BehavioralAlert struct {
 // It profiles the current process and compares against learned baselines.
 // On Linux, eBPF hooks (immune/resilience_hooks.c) extend this to kernel level.
 type BehavioralAnalyzer struct {
-	mu         sync.RWMutex
-	metricsDB  *MetricsDB
-	alertBus   chan BehavioralAlert
-	interval   time.Duration
-	component  string // self component name
-	logger     *slog.Logger
+	mu        sync.RWMutex
+	metricsDB *MetricsDB
+	alertBus  chan BehavioralAlert
+	interval  time.Duration
+	component string // self component name
+	logger    *slog.Logger
 }
 
 // NewBehavioralAnalyzer creates a new behavioral analyzer.
@@ -112,10 +116,10 @@ func (ba *BehavioralAnalyzer) storeMetrics(p BehaviorProfile) {
 // detectAnomalies checks each metric against its baseline via Z-score.
 func (ba *BehavioralAnalyzer) detectAnomalies(p BehaviorProfile) {
 	checks := []struct {
-		metric    string
-		value     float64
+		metric      string
+		value       float64
 		anomalyType string
-		severity  string
+		severity    string
 	}{
 		{"goroutines", float64(p.Goroutines), "goroutine_leak", "WARNING"},
 		{"heap_alloc_mb", p.HeapAllocMB, "memory_leak", "CRITICAL"},

internal/application/resilience/behavioral_test.go

@@ -1,3 +1,7 @@
+// Copyright 2026 Syntrex Lab. All rights reserved.
+// Use of this source code is governed by an Apache-2.0 license
+// that can be found in the LICENSE file.
+
 package resilience
 
 import (

internal/application/resilience/healing_engine.go

@@ -1,3 +1,7 @@
+// Copyright 2026 Syntrex Lab. All rights reserved.
+// Use of this source code is governed by an Apache-2.0 license
+// that can be found in the LICENSE file.
+
 package resilience
 
 import (
@@ -66,10 +70,10 @@ type Action struct {
 
 // TriggerCondition defines when a healing strategy activates.
 type TriggerCondition struct {
-	Metrics             []string      `json:"metrics,omitempty"`
+	Metrics             []string          `json:"metrics,omitempty"`
 	Statuses            []ComponentStatus `json:"statuses,omitempty"`
-	ConsecutiveFailures int           `json:"consecutive_failures"`
-	WithinWindow        time.Duration `json:"within_window"`
+	ConsecutiveFailures int               `json:"consecutive_failures"`
+	WithinWindow        time.Duration     `json:"within_window"`
 }
 
 // RollbackPlan defines what happens if healing fails.
@@ -91,11 +95,11 @@ type HealingStrategy struct {
 
 // Diagnosis is the result of root cause analysis.
 type Diagnosis struct {
-	Component    string   `json:"component"`
-	Metric       string   `json:"metric"`
-	RootCause    string   `json:"root_cause"`
-	Confidence   float64  `json:"confidence"`
-	SuggestedFix string   `json:"suggested_fix"`
+	Component     string        `json:"component"`
+	Metric        string        `json:"metric"`
+	RootCause     string        `json:"root_cause"`
+	Confidence    float64       `json:"confidence"`
+	SuggestedFix  string        `json:"suggested_fix"`
 	RelatedAlerts []HealthAlert `json:"related_alerts,omitempty"`
 }
 
@@ -117,7 +121,7 @@ type HealingOperation struct {
 // ActionLog records the execution of a single action.
 type ActionLog struct {
 	Action    ActionType    `json:"action"`
-	StartedAt time.Time    `json:"started_at"`
+	StartedAt time.Time     `json:"started_at"`
 	Duration  time.Duration `json:"duration"`
 	Success   bool          `json:"success"`
 	Error     string        `json:"error,omitempty"`

internal/application/resilience/healing_engine_test.go

@@ -1,3 +1,7 @@
+// Copyright 2026 Syntrex Lab. All rights reserved.
+// Use of this source code is governed by an Apache-2.0 license
+// that can be found in the LICENSE file.
+
 package resilience
 
 import (

internal/application/resilience/healing_strategies.go

@@ -1,3 +1,7 @@
+// Copyright 2026 Syntrex Lab. All rights reserved.
+// Use of this source code is governed by an Apache-2.0 license
+// that can be found in the LICENSE file.
+
 package resilience
 
 import "time"

internal/application/resilience/health_monitor.go

@@ -1,3 +1,7 @@
+// Copyright 2026 Syntrex Lab. All rights reserved.
+// Use of this source code is governed by an Apache-2.0 license
+// that can be found in the LICENSE file.
+
 package resilience
 
 import (
@@ -63,12 +67,12 @@ type ComponentConfig struct {
 
 // ComponentHealth tracks the health state of a single component.
 type ComponentHealth struct {
-	Name        string            `json:"name"`
-	Status      ComponentStatus   `json:"status"`
+	Name        string             `json:"name"`
+	Status      ComponentStatus    `json:"status"`
 	Metrics     map[string]float64 `json:"metrics"`
-	LastCheck   time.Time         `json:"last_check"`
-	Consecutive int               `json:"consecutive_failures"`
-	Config      ComponentConfig   `json:"-"`
+	LastCheck   time.Time          `json:"last_check"`
+	Consecutive int                `json:"consecutive_failures"`
+	Config      ComponentConfig    `json:"-"`
 }
 
 // HealthAlert represents a detected health anomaly.

internal/application/resilience/health_monitor_test.go

@@ -1,3 +1,7 @@
+// Copyright 2026 Syntrex Lab. All rights reserved.
+// Use of this source code is governed by an Apache-2.0 license
+// that can be found in the LICENSE file.
+
 package resilience
 
 import (

internal/application/resilience/integrity.go

@@ -1,3 +1,7 @@
+// Copyright 2026 Syntrex Lab. All rights reserved.
+// Use of this source code is governed by an Apache-2.0 license
+// that can be found in the LICENSE file.
+
 package resilience
 
 import (
@@ -23,11 +27,11 @@ const (
 
 // IntegrityReport is the full result of an integrity verification.
 type IntegrityReport struct {
-	Overall    IntegrityStatus            `json:"overall"`
-	Timestamp  time.Time                  `json:"timestamp"`
-	Binaries   map[string]BinaryStatus    `json:"binaries,omitempty"`
-	Chain      *ChainStatus               `json:"chain,omitempty"`
-	Configs    map[string]ConfigStatus     `json:"configs,omitempty"`
+	Overall   IntegrityStatus         `json:"overall"`
+	Timestamp time.Time               `json:"timestamp"`
+	Binaries  map[string]BinaryStatus `json:"binaries,omitempty"`
+	Chain     *ChainStatus            `json:"chain,omitempty"`
+	Configs   map[string]ConfigStatus `json:"configs,omitempty"`
 }
 
 // BinaryStatus is the integrity status of a single binary.
@@ -56,13 +60,13 @@ type ConfigStatus struct {
 // IntegrityVerifier performs periodic integrity checks on binaries,
 // decision chain, and config files.
 type IntegrityVerifier struct {
-	mu            sync.RWMutex
-	binaryHashes  map[string]string // path → expected SHA-256
-	configPaths   []string          // config files to verify
-	hmacKey       []byte            // key for config HMAC-SHA256
-	chainPath     string            // path to decision chain log
-	logger        *slog.Logger
-	lastReport    *IntegrityReport
+	mu           sync.RWMutex
+	binaryHashes map[string]string // path → expected SHA-256
+	configPaths  []string          // config files to verify
+	hmacKey      []byte            // key for config HMAC-SHA256
+	chainPath    string            // path to decision chain log
+	logger       *slog.Logger
+	lastReport   *IntegrityReport
 }
 
 // NewIntegrityVerifier creates a new integrity verifier.

internal/application/resilience/metrics_collector.go

@@ -1,3 +1,7 @@
+// Copyright 2026 Syntrex Lab. All rights reserved.
+// Use of this source code is governed by an Apache-2.0 license
+// that can be found in the LICENSE file.
+
 // Package resilience implements the Sentinel Autonomous Resilience Layer (SARL).
 //
 // Five levels of autonomous self-recovery:

internal/application/resilience/preservation.go

@@ -1,3 +1,7 @@
+// Copyright 2026 Syntrex Lab. All rights reserved.
+// Use of this source code is governed by an Apache-2.0 license
+// that can be found in the LICENSE file.
+
 package resilience
 
 import (
@@ -43,13 +47,13 @@ type ModeActionFunc func(mode EmergencyMode, action string, params map[string]in
 
 // PreservationEngine manages emergency modes (safe/lockdown/apoptosis).
 type PreservationEngine struct {
-	mu           sync.RWMutex
-	currentMode  EmergencyMode
-	activation   *ModeActivation
-	history      []PreservationEvent
-	actionFn     ModeActionFunc
-	integrityFn  func() IntegrityReport // pluggable integrity check
-	logger       *slog.Logger
+	mu          sync.RWMutex
+	currentMode EmergencyMode
+	activation  *ModeActivation
+	history     []PreservationEvent
+	actionFn    ModeActionFunc
+	integrityFn func() IntegrityReport // pluggable integrity check
+	logger      *slog.Logger
 }
 
 // NewPreservationEngine creates a new preservation engine.

internal/application/resilience/preservation_test.go

@@ -1,3 +1,7 @@
+// Copyright 2026 Syntrex Lab. All rights reserved.
+// Use of this source code is governed by an Apache-2.0 license
+// that can be found in the LICENSE file.
+
 package resilience
 
 import (

internal/application/resilience/recovery_playbooks.go

@@ -1,3 +1,7 @@
+// Copyright 2026 Syntrex Lab. All rights reserved.
+// Use of this source code is governed by an Apache-2.0 license
+// that can be found in the LICENSE file.
+
 package resilience
 
 import (
@@ -12,58 +16,58 @@ import (
 type PlaybookStatus string
 
 const (
-	PlaybookPending   PlaybookStatus = "PENDING"
-	PlaybookRunning   PlaybookStatus = "RUNNING"
-	PlaybookSucceeded PlaybookStatus = "SUCCEEDED"
-	PlaybookFailed    PlaybookStatus = "FAILED"
+	PlaybookPending    PlaybookStatus = "PENDING"
+	PlaybookRunning    PlaybookStatus = "RUNNING"
+	PlaybookSucceeded  PlaybookStatus = "SUCCEEDED"
+	PlaybookFailed     PlaybookStatus = "FAILED"
 	PlaybookRolledBack PlaybookStatus = "ROLLED_BACK"
 )
 
 // PlaybookStep is a single step in a recovery playbook.
 type PlaybookStep struct {
-	ID          string                 `json:"id"`
-	Name        string                 `json:"name"`
-	Type        string                 `json:"type"` // shell, api, consensus, crypto, systemd, http, prometheus
-	Timeout     time.Duration          `json:"timeout"`
-	Retries     int                    `json:"retries"`
-	Params      map[string]interface{} `json:"params,omitempty"`
-	OnError     string                 `json:"on_error"` // abort, continue, rollback
-	Condition   string                 `json:"condition,omitempty"` // prerequisite condition
+	ID        string                 `json:"id"`
+	Name      string                 `json:"name"`
+	Type      string                 `json:"type"` // shell, api, consensus, crypto, systemd, http, prometheus
+	Timeout   time.Duration          `json:"timeout"`
+	Retries   int                    `json:"retries"`
+	Params    map[string]interface{} `json:"params,omitempty"`
+	OnError   string                 `json:"on_error"`            // abort, continue, rollback
+	Condition string                 `json:"condition,omitempty"` // prerequisite condition
 }
 
 // Playbook defines a complete recovery procedure.
 type Playbook struct {
-	ID              string                 `json:"id"`
-	Name            string                 `json:"name"`
-	Version         string                 `json:"version"`
-	TriggerMetric   string                 `json:"trigger_metric"`
-	TriggerSeverity string                 `json:"trigger_severity"`
-	DiagnosisChecks []PlaybookStep         `json:"diagnosis_checks"`
-	Actions         []PlaybookStep         `json:"actions"`
-	RollbackActions []PlaybookStep         `json:"rollback_actions"`
-	SuccessCriteria []string               `json:"success_criteria"`
+	ID              string         `json:"id"`
+	Name            string         `json:"name"`
+	Version         string         `json:"version"`
+	TriggerMetric   string         `json:"trigger_metric"`
+	TriggerSeverity string         `json:"trigger_severity"`
+	DiagnosisChecks []PlaybookStep `json:"diagnosis_checks"`
+	Actions         []PlaybookStep `json:"actions"`
+	RollbackActions []PlaybookStep `json:"rollback_actions"`
+	SuccessCriteria []string       `json:"success_criteria"`
 }
 
 // PlaybookExecution tracks a single playbook run.
 type PlaybookExecution struct {
-	ID           string         `json:"id"`
-	PlaybookID   string         `json:"playbook_id"`
-	Component    string         `json:"component"`
-	Status       PlaybookStatus `json:"status"`
-	StartedAt    time.Time      `json:"started_at"`
-	CompletedAt  time.Time      `json:"completed_at,omitempty"`
-	StepsRun     []StepResult   `json:"steps_run"`
-	Error        string         `json:"error,omitempty"`
+	ID          string         `json:"id"`
+	PlaybookID  string         `json:"playbook_id"`
+	Component   string         `json:"component"`
+	Status      PlaybookStatus `json:"status"`
+	StartedAt   time.Time      `json:"started_at"`
+	CompletedAt time.Time      `json:"completed_at,omitempty"`
+	StepsRun    []StepResult   `json:"steps_run"`
+	Error       string         `json:"error,omitempty"`
 }
 
 // StepResult records the execution of a single playbook step.
 type StepResult struct {
-	StepID    string        `json:"step_id"`
-	StepName  string        `json:"step_name"`
-	Success   bool          `json:"success"`
-	Duration  time.Duration `json:"duration"`
-	Output    string        `json:"output,omitempty"`
-	Error     string        `json:"error,omitempty"`
+	StepID   string        `json:"step_id"`
+	StepName string        `json:"step_name"`
+	Success  bool          `json:"success"`
+	Duration time.Duration `json:"duration"`
+	Output   string        `json:"output,omitempty"`
+	Error    string        `json:"error,omitempty"`
 }
 
 // PlaybookExecutorFunc runs a single playbook step.

internal/application/resilience/recovery_playbooks_test.go

@@ -1,3 +1,7 @@
+// Copyright 2026 Syntrex Lab. All rights reserved.
+// Use of this source code is governed by an Apache-2.0 license
+// that can be found in the LICENSE file.
+
 package resilience
 
 import (