@agentguard-run/spend 0.1.0

package/LICENSE

@@ -0,0 +1,63 @@
+AgentGuard(TM) Spend SDK — Alpha License
+Copyright (c) 2026 Dunecrest Ventures Inc.
+
+1. SCOPE.
+This software, including all files under packages/agentguard-spend/src/, is
+licensed for internal evaluation use only by the recipient identified in a
+separate written agreement with Dunecrest Ventures Inc. ("Licensor").
+Production use, redistribution, sublicensing, public hosting, and republication
+require a separate commercial agreement with Licensor.
+
+2. NO PATENT LICENSE GRANTED.
+Nothing in this License grants, expressly or by implication, any patent license
+to any patent, patent application, or other intellectual property right of
+Licensor. All patent rights are expressly reserved. The patent applications
+identified in Section 7 are not licensed by this License.
+
+3. SEPARATE GRANT FOR DEMONSTRATION ASSETS.
+The following assets, and ONLY these assets, are released under the Apache
+License, Version 2.0, the text of which is reproduced or available at
+https://www.apache.org/licenses/LICENSE-2.0:
+
+  - The test vectors under packages/agentguard-spend/test-vectors/
+  - The documentation examples under packages/agentguard-spend/examples/
+  - The contents of packages/agentguard-spend/README.md
+
+The source code under packages/agentguard-spend/src/ is NOT included in this
+Apache License 2.0 grant. The TypeScript type definitions, policy engine,
+decision log, store implementation, cost table, and wrapper code under src/
+are licensed only under the alpha evaluation terms of Section 1 above.
+
+4. WARRANTY DISCLAIMER.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT. IN NO EVENT SHALL
+DUNECREST VENTURES INC. BE LIABLE FOR ANY CLAIM, DAMAGES, OR OTHER LIABILITY
+ARISING FROM, OUT OF, OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
+
+5. SUCCESSORS AND ASSIGNS.
+This License binds and benefits the parties' respective successors and assigns.
+In the event of an asset sale, merger, change of control, or other transfer of
+the Licensor's rights in this software, all rights and obligations under this
+License inure to the benefit of and are binding upon Licensor's successor or
+assignee. Outstanding evaluation grants survive change-of-control, but the
+successor or assignee may, upon thirty (30) days' written notice, terminate
+ongoing evaluation grants in favor of a commercial-license requirement.
+
+6. TERMINATION.
+Licensor may terminate this License with thirty (30) days' written notice for
+any reason or no reason. Upon termination, Licensee shall cease all use of the
+software under src/ and shall destroy all copies in Licensee's possession.
+
+7. PATENT NOTICE (35 U.S.C. § 287).
+Protected by U.S. patent-pending technology (Application Numbers 63/983,615;
+63/983,621; 63/983,843; 63/984,626; and an additional application filed in
+May 2026, application number to be added upon receipt of filing acknowledgment).
+Additional patents pending.
+
+AgentGuard(TM) is a trademark of Dunecrest Ventures Inc. (USPTO Serial No.
+99462472, pending). MerchantGuard(TM) is a trademark of Dunecrest Ventures
+Inc. (USPTO Serial No. 99051215, pending).
+
+For commercial licensing: licensing@merchantguard.ai

package/PATENTS.md

@@ -0,0 +1,16 @@
+# Patent Notice
+
+This package is part of the AgentGuard cryptographic trust portfolio.
+
+Protected by U.S. patent-pending technology:
+
+- Application No. 63/983,615 (filed February 2026)
+- Application No. 63/983,621 (filed February 2026)
+- Application No. 63/983,843 (filed February 2026)
+- Application No. 63/984,626 (filed February 2026)
+- Application No. 64/071,781 (filed May 2026)
+
+All rights reserved. Dunecrest Ventures Inc.
+
+For licensing, OEM integration, or strategic partnership inquiries:
+invest@agentguard.run

package/README.md

@@ -0,0 +1,80 @@
+# @agentguard-run/spend
+
+**Local-runtime spend caps and capability-gated model routing for AI agents.**
+
+Every policy decision runs inside your process. Prompts, provider API keys, and signing keys never leave your runtime. Each enforcement decision produces a signed, hash-chained receipt suitable for audit and compliance review.
+
+## Why no proxy
+
+Every funded competitor in AI spend governance (Portkey, Helicone, LiteLLM, Cloudflare AI Gateway, Vercel AI Gateway) proxies your traffic. That means your prompts and provider keys flow through their infrastructure. AgentGuard Spend never sees any of that. The policy runs in your process. The signed log lives in your storage.
+
+The procurement consequence: your security review covers this SDK like any other library, not like a vendor that handles your data.
+
+## Status
+
+Private preview. Designed for enterprise, OEM, and platform integration.
+
+For evaluation access, OEM licensing, or strategic partnership inquiries:
+**invest@agentguard.run**
+
+## Architecture
+
+```
+Your code
+  |
+  v
+withSpendGuard(openai, { policy, scope })
+  ├── estimate tokens
+  ├── evaluatePolicy()  ──► SpendStore (your storage)
+  ├── signDecision() with Ed25519
+  ├── append to DecisionLog (your storage)
+  └── pass-through / downgrade / block
+  |
+  v
+Provider (OpenAI / Anthropic / Bedrock)
+```
+
+No part of this picture sends data to AgentGuard infrastructure.
+
+## Quick start
+
+```bash
+npm install @agentguard-run/spend
+```
+
+```ts
+import OpenAI from 'openai';
+import { withSpendGuard } from '@agentguard-run/spend';
+
+const openai = new OpenAI();
+
+const guarded = withSpendGuard(openai, {
+  policy: {
+    id: 'my-policy',
+    version: 1,
+    mode: 'enforce',
+    caps: {
+      perCall: { limitCents: 50 },
+      daily:   { limitCents: 500 },
+    },
+  },
+  scope: { tenantId: 'acme', userId: 'u_123' },
+});
+
+// Drop-in replacement — same API as openai.chat.completions.create
+const completion = await guarded.chat.completions.create({
+  model: 'gpt-4o',
+  messages: [{ role: 'user', content: 'Hello' }],
+});
+```
+
+If the policy blocks the call, an `AgentGuardBlockedError` is thrown with the full signed decision attached.
+
+## Patent notice
+
+See [PATENTS.md](./PATENTS.md). Protected by 5 U.S. patent-pending applications filed February and May 2026.
+
+## Links
+
+- [agentguard.run](https://agentguard.run)
+- Contact: invest@agentguard.run

package/dist/cost-table.d.ts

@@ -0,0 +1,53 @@
+/**
+ * AgentGuard(TM) Spend — Per-model cost table
+ *
+ * Costs are USD cents per 1,000 tokens (integer math).
+ * Values reflect publicly-listed pricing as of May 2026 and are intentionally
+ * conservative (rounded UP) so spend caps fire early rather than late.
+ *
+ * Customers can override this table via setCostOverride() when enterprise
+ * contracts have negotiated rates that differ from public list pricing.
+ *
+ * Licensed under the alpha evaluation license; see LICENSE in the package
+ * root. Patent notice: Protected by U.S. patent-pending technology
+ * (App. Nos. 63/983,615; 63/983,621; 63/983,843; 63/984,626;
+ * and an additional application filed May 2026).
+ */
+import type { Provider } from './types';
+export interface ModelCost {
+    /** Cents per 1,000 input tokens */
+    inputCentsPerKtok: number;
+    /** Cents per 1,000 output tokens */
+    outputCentsPerKtok: number;
+}
+/**
+ * Override the cost for a specific model. Used when the customer has negotiated
+ * enterprise rates that differ from list pricing.
+ */
+export declare function setCostOverride(model: string, cost: ModelCost): void;
+/**
+ * Clear all cost overrides. Mainly for testing.
+ */
+export declare function clearCostOverrides(): void;
+/**
+ * Look up the cost for a model. Returns null if the model is unknown AND no
+ * override has been registered. Callers should treat unknown models defensively
+ * (e.g., by registering an override or by rejecting the call).
+ */
+export declare function getModelCost(model: string): ModelCost | null;
+/**
+ * Compute the cents this call would cost given input + output token counts.
+ * Returns null if the model is unknown (caller must decide how to handle).
+ *
+ * Formula:  cents = ceil( (cents_per_ktok * tokens) / 1000 )
+ *
+ * Rounds UP so caps fire conservatively (a call that would cost 19.4c
+ * counts as 20c against the budget).
+ */
+export declare function computeCallCents(model: string, inputTokens: number, outputTokens: number): number | null;
+/**
+ * Infer the Provider enum from a model name. Used when callers do not pass
+ * provider explicitly. Returns 'unknown' if no pattern matches.
+ */
+export declare function inferProvider(model: string): Provider;
+//# sourceMappingURL=cost-table.d.ts.map

package/dist/cost-table.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cost-table.d.ts","sourceRoot":"","sources":["../src/cost-table.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAExC,MAAM,WAAW,SAAS;IACxB,mCAAmC;IACnC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,oCAAoC;IACpC,kBAAkB,EAAE,MAAM,CAAC;CAC5B;AAmCD;;;GAGG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,GAAG,IAAI,CAEpE;AAED;;GAEG;AACH,wBAAgB,kBAAkB,IAAI,IAAI,CAEzC;AAED;;;;GAIG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,CAG5D;AAED;;;;;;;;GAQG;AACH,wBAAgB,gBAAgB,CAC9B,KAAK,EAAE,MAAM,EACb,WAAW,EAAE,MAAM,EACnB,YAAY,EAAE,MAAM,GACnB,MAAM,GAAG,IAAI,CAOf;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,QAAQ,CAOrD"}

package/dist/cost-table.js

@@ -0,0 +1,108 @@
+"use strict";
+/**
+ * AgentGuard(TM) Spend — Per-model cost table
+ *
+ * Costs are USD cents per 1,000 tokens (integer math).
+ * Values reflect publicly-listed pricing as of May 2026 and are intentionally
+ * conservative (rounded UP) so spend caps fire early rather than late.
+ *
+ * Customers can override this table via setCostOverride() when enterprise
+ * contracts have negotiated rates that differ from public list pricing.
+ *
+ * Licensed under the alpha evaluation license; see LICENSE in the package
+ * root. Patent notice: Protected by U.S. patent-pending technology
+ * (App. Nos. 63/983,615; 63/983,621; 63/983,843; 63/984,626;
+ * and an additional application filed May 2026).
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.setCostOverride = setCostOverride;
+exports.clearCostOverrides = clearCostOverrides;
+exports.getModelCost = getModelCost;
+exports.computeCallCents = computeCallCents;
+exports.inferProvider = inferProvider;
+/**
+ * Default cost table. Values are list-price ceilings as of May 2026.
+ * Update via setCostOverride() for negotiated enterprise rates.
+ */
+const DEFAULT_COSTS = {
+    // OpenAI
+    'gpt-5': { inputCentsPerKtok: 0.5, outputCentsPerKtok: 1.5 },
+    'gpt-5-mini': { inputCentsPerKtok: 0.05, outputCentsPerKtok: 0.2 },
+    'gpt-4o': { inputCentsPerKtok: 0.25, outputCentsPerKtok: 1.0 },
+    'gpt-4o-mini': { inputCentsPerKtok: 0.015, outputCentsPerKtok: 0.06 },
+    // Anthropic
+    'claude-opus-4-7': { inputCentsPerKtok: 2.0, outputCentsPerKtok: 10.0 },
+    'claude-opus-4-6': { inputCentsPerKtok: 1.5, outputCentsPerKtok: 7.5 },
+    'claude-sonnet-4-6': { inputCentsPerKtok: 0.3, outputCentsPerKtok: 1.5 },
+    'claude-sonnet-4-5': { inputCentsPerKtok: 0.3, outputCentsPerKtok: 1.5 },
+    'claude-haiku-4-5': { inputCentsPerKtok: 0.1, outputCentsPerKtok: 0.5 },
+    // Google Gemini
+    'gemini-3.1-pro-preview': { inputCentsPerKtok: 0.2, outputCentsPerKtok: 1.0 },
+    'gemini-3-flash-preview': { inputCentsPerKtok: 0.02, outputCentsPerKtok: 0.1 },
+    'gemini-3-pro-image-preview': { inputCentsPerKtok: 0.4, outputCentsPerKtok: 2.0 },
+    // AWS Bedrock - common models (rates vary by region; these are us-east-1 ceilings)
+    'anthropic.claude-opus-4-v1:0': { inputCentsPerKtok: 1.5, outputCentsPerKtok: 7.5 },
+    'anthropic.claude-sonnet-4-v1:0': { inputCentsPerKtok: 0.3, outputCentsPerKtok: 1.5 },
+    'amazon.nova-pro-v1:0': { inputCentsPerKtok: 0.08, outputCentsPerKtok: 0.32 },
+    'amazon.nova-lite-v1:0': { inputCentsPerKtok: 0.006, outputCentsPerKtok: 0.024 },
+};
+/** Runtime override storage. Keyed by exact model name. */
+const overrides = new Map();
+/**
+ * Override the cost for a specific model. Used when the customer has negotiated
+ * enterprise rates that differ from list pricing.
+ */
+function setCostOverride(model, cost) {
+    overrides.set(model, cost);
+}
+/**
+ * Clear all cost overrides. Mainly for testing.
+ */
+function clearCostOverrides() {
+    overrides.clear();
+}
+/**
+ * Look up the cost for a model. Returns null if the model is unknown AND no
+ * override has been registered. Callers should treat unknown models defensively
+ * (e.g., by registering an override or by rejecting the call).
+ */
+function getModelCost(model) {
+    if (overrides.has(model))
+        return overrides.get(model) ?? null;
+    return DEFAULT_COSTS[model] ?? null;
+}
+/**
+ * Compute the cents this call would cost given input + output token counts.
+ * Returns null if the model is unknown (caller must decide how to handle).
+ *
+ * Formula:  cents = ceil( (cents_per_ktok * tokens) / 1000 )
+ *
+ * Rounds UP so caps fire conservatively (a call that would cost 19.4c
+ * counts as 20c against the budget).
+ */
+function computeCallCents(model, inputTokens, outputTokens) {
+    const cost = getModelCost(model);
+    if (!cost)
+        return null;
+    const inputCents = Math.ceil((cost.inputCentsPerKtok * inputTokens) / 1000);
+    const outputCents = Math.ceil((cost.outputCentsPerKtok * outputTokens) / 1000);
+    return inputCents + outputCents;
+}
+/**
+ * Infer the Provider enum from a model name. Used when callers do not pass
+ * provider explicitly. Returns 'unknown' if no pattern matches.
+ */
+function inferProvider(model) {
+    if (model.startsWith('gpt-') || model.startsWith('o1') || model.startsWith('o3'))
+        return 'openai';
+    if (model.startsWith('claude-'))
+        return 'anthropic';
+    if (model.startsWith('gemini-'))
+        return 'gemini';
+    if (model.includes('claude-') && model.includes('-v'))
+        return 'bedrock';
+    if (model.startsWith('amazon.') || model.startsWith('anthropic.') || model.startsWith('meta.'))
+        return 'bedrock';
+    return 'unknown';
+}
+//# sourceMappingURL=cost-table.js.map

package/dist/cost-table.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cost-table.js","sourceRoot":"","sources":["../src/cost-table.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;GAcG;;AAgDH,0CAEC;AAKD,gDAEC;AAOD,oCAGC;AAWD,4CAWC;AAMD,sCAOC;AA3FD;;;GAGG;AACH,MAAM,aAAa,GAA8B;IAC/C,SAAS;IACT,OAAO,EAAY,EAAE,iBAAiB,EAAE,GAAG,EAAG,kBAAkB,EAAE,GAAG,EAAG;IACxE,YAAY,EAAO,EAAE,iBAAiB,EAAE,IAAI,EAAE,kBAAkB,EAAE,GAAG,EAAG;IACxE,QAAQ,EAAW,EAAE,iBAAiB,EAAE,IAAI,EAAE,kBAAkB,EAAE,GAAG,EAAG;IACxE,aAAa,EAAM,EAAE,iBAAiB,EAAE,KAAK,EAAE,kBAAkB,EAAE,IAAI,EAAE;IAEzE,YAAY;IACZ,iBAAiB,EAAQ,EAAE,iBAAiB,EAAE,GAAG,EAAG,kBAAkB,EAAE,IAAI,EAAE;IAC9E,iBAAiB,EAAQ,EAAE,iBAAiB,EAAE,GAAG,EAAG,kBAAkB,EAAE,GAAG,EAAG;IAC9E,mBAAmB,EAAM,EAAE,iBAAiB,EAAE,GAAG,EAAG,kBAAkB,EAAE,GAAG,EAAG;IAC9E,mBAAmB,EAAM,EAAE,iBAAiB,EAAE,GAAG,EAAG,kBAAkB,EAAE,GAAG,EAAG;IAC9E,kBAAkB,EAAO,EAAE,iBAAiB,EAAE,GAAG,EAAG,kBAAkB,EAAE,GAAG,EAAG;IAE9E,gBAAgB;IAChB,wBAAwB,EAAI,EAAE,iBAAiB,EAAE,GAAG,EAAG,kBAAkB,EAAE,GAAG,EAAG;IACjF,wBAAwB,EAAI,EAAE,iBAAiB,EAAE,IAAI,EAAE,kBAAkB,EAAE,GAAG,EAAG;IACjF,4BAA4B,EAAE,EAAE,iBAAiB,EAAE,GAAG,EAAE,kBAAkB,EAAE,GAAG,EAAE;IAEjF,mFAAmF;IACnF,8BAA8B,EAAI,EAAE,iBAAiB,EAAE,GAAG,EAAG,kBAAkB,EAAE,GAAG,EAAG;IACvF,gCAAgC,EAAE,EAAE,iBAAiB,EAAE,GAAG,EAAG,kBAAkB,EAAE,GAAG,EAAG;IACvF,sBAAsB,EAAY,EAAE,iBAAiB,EAAE,IAAI,EAAE,kBAAkB,EAAE,IAAI,EAAE;IACvF,uBAAuB,EAAW,EAAE,iBAAiB,EAAE,KAAK,EAAE,kBAAkB,EAAE,KAAK,EAAE;CAC1F,CAAC;AAEF,2DAA2D;AAC3D,MAAM,SAAS,GAAG,IAAI,GAAG,EAAqB,CAAC;AAE/C;;;GAGG;AACH,SAAgB,eAAe,CAAC,KAAa,EAAE,IAAe;IAC5D,SAAS,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;AAC7B,CAAC;AAED;;GAEG;AACH,SAAgB,kBAAkB;IAChC,SAAS,CAAC,KAAK,EAAE,CAAC;AACpB,CAAC;AAED;;;;GAIG;AACH,SAAgB,YAAY,CAAC,KAAa;IACxC,IAAI,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC;IAC9D,OAAO,aAAa,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC;AACtC,CAAC;AAED;;;;;;;;GAQG;AACH,SAAgB,gBAAgB,CAC9B,KAAa,EACb,WAAmB,EACnB,YAAoB;IAEpB,MAAM,IAAI,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;IACjC,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IAEvB,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,iBAAiB,GAAG,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC;IAC5E,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,kBAAkB,GAAG,YAAY,CAAC,GAAG,IAAI,CAAC,CAAC;IAC/E,OAAO,UAAU,GAAG,WAAW,CAAC;AAClC,CAAC;AAED;;;GAGG;AACH,SAAgB,aAAa,CAAC,KAAa;IACzC,IAAI,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,QAAQ,CAAC;IAClG,IAAI,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO,WAAW,CAAC;IACpD,IAAI,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO,QAAQ,CAAC;IACjD,IAAI,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC;QAAE,OAAO,SAAS,CAAC;IACxE,IAAI,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,KAAK,CAAC,UAAU,CAAC,YAAY,CAAC,IAAI,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC;QAAE,OAAO,SAAS,CAAC;IACjH,OAAO,SAAS,CAAC;AACnB,CAAC"}

package/dist/decision-log.d.ts

@@ -0,0 +1,98 @@
+/**
+ * AgentGuard(TM) Spend — Signed hash-chained decision log
+ *
+ * Each policy decision is appended to a tamper-evident log:
+ *   entry_n.previousHash = SHA-256(canonical_json(entry_{n-1} minus signature))
+ *   entry_n.entryHash    = SHA-256(canonical_json(entry_n minus signature))
+ *   entry_n.signature    = Ed25519(privateKey, entryHash)
+ *
+ * The log lives entirely in the customer runtime. The signing key never leaves
+ * the customer environment. Public verification is performed by anyone with
+ * the corresponding public key.
+ *
+ * The log structure (sequence number, previousHash binding, canonical-JSON
+ * serialization, Ed25519 signature) is the subject of a U.S. provisional
+ * patent application filed by the applicant in May 2026 (application number
+ * pending). The log is also designed to interoperate with the DAG Trust
+ * Attestation Token framework of Patent D §7.3 (App. No. 63/984,626) when
+ * deployed in composition; such composition is not required for the
+ * spend-governance functions implemented in this package.
+ *
+ * Patent notice: Protected by U.S. patent-pending technology
+ * (App. Nos. 63/983,615; 63/983,621; 63/983,843; 63/984,626;
+ * and an additional application filed May 2026).
+ */
+import type { SignedDecisionLogEntry, SpendDecision, DecisionLogStore } from './types';
+/** All-zero hex string used as the previousHash of the genesis entry. */
+export declare const GENESIS_PREVIOUS_HASH: string;
+/**
+ * Deterministic JSON serialization. Object keys are sorted, no trailing
+ * whitespace, no NaN / Infinity. Required for stable hashing across runtimes.
+ */
+export declare function canonicalJson(value: unknown): string;
+/** SHA-256 of a string, returned as lowercase hex. */
+export declare function sha256Hex(input: string): string;
+/**
+ * Compute the entryHash for a decision and the previous hash.
+ * This is the value that gets signed.
+ */
+export declare function computeEntryHash(args: {
+    sequence: number;
+    decision: SpendDecision;
+    previousHash: string;
+}): string;
+/**
+ * Compute the public key fingerprint: first 8 bytes of SHA-256(pubkey), hex.
+ * Used for short identification of which key signed an entry.
+ */
+export declare function computeSignerFingerprint(publicKey: Uint8Array): string;
+/**
+ * Sign a decision and produce a SignedDecisionLogEntry.
+ *
+ * The privateKey is a 32-byte Ed25519 secret seed. It MUST be generated and
+ * stored by the customer; AgentGuard Spend never sees or transmits it.
+ */
+export declare function signDecision(args: {
+    sequence: number;
+    decision: SpendDecision;
+    previousHash: string;
+    privateKey: Uint8Array;
+    publicKey: Uint8Array;
+}): Promise<SignedDecisionLogEntry>;
+/**
+ * Verify a single entry's signature and hash. Returns true iff the entryHash
+ * recomputes correctly AND the signature is valid for the given public key.
+ *
+ * Does NOT verify chain linkage (that's verifyChain's job).
+ */
+export declare function verifyEntry(entry: SignedDecisionLogEntry, publicKey: Uint8Array): Promise<boolean>;
+/**
+ * Verify an entire chain of decision log entries.
+ *
+ * Returns:
+ *   { ok: true } if every entry is valid AND each entry's previousHash matches
+ *     the prior entry's entryHash, AND the genesis entry has GENESIS_PREVIOUS_HASH,
+ *     AND sequences are strictly increasing starting at 0.
+ *   { ok: false, sequence, reason } on the first detected fault.
+ */
+export declare function verifyChain(entries: SignedDecisionLogEntry[], publicKey: Uint8Array): Promise<{
+    ok: true;
+} | {
+    ok: false;
+    sequence: number;
+    reason: string;
+}>;
+/**
+ * In-memory decision log store. Useful for tests, examples, and short-lived
+ * shadow deployments. Production callers will typically supply their own
+ * implementation that writes to a database table or append-only file.
+ */
+export declare class InMemoryDecisionLogStore implements DecisionLogStore {
+    private entries;
+    append(entry: SignedDecisionLogEntry): Promise<void>;
+    getLatest(): Promise<SignedDecisionLogEntry | null>;
+    read(fromSequence: number, limit: number): Promise<SignedDecisionLogEntry[]>;
+    /** Returns a defensive copy of all entries. Mainly for testing. */
+    snapshot(): SignedDecisionLogEntry[];
+}
+//# sourceMappingURL=decision-log.d.ts.map

package/dist/decision-log.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"decision-log.d.ts","sourceRoot":"","sources":["../src/decision-log.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAIH,OAAO,KAAK,EACV,sBAAsB,EACtB,aAAa,EACb,gBAAgB,EACjB,MAAM,SAAS,CAAC;AAKjB,yEAAyE;AACzE,eAAO,MAAM,qBAAqB,QAAiB,CAAC;AAEpD;;;GAGG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,CAcpD;AAED,sDAAsD;AACtD,wBAAgB,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAE/C;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE;IACrC,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,aAAa,CAAC;IACxB,YAAY,EAAE,MAAM,CAAC;CACtB,GAAG,MAAM,CAOT;AAED;;;GAGG;AACH,wBAAgB,wBAAwB,CAAC,SAAS,EAAE,UAAU,GAAG,MAAM,CAGtE;AAED;;;;;GAKG;AACH,wBAAsB,YAAY,CAAC,IAAI,EAAE;IACvC,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,aAAa,CAAC;IACxB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,UAAU,CAAC;IACvB,SAAS,EAAE,UAAU,CAAC;CACvB,GAAG,OAAO,CAAC,sBAAsB,CAAC,CAgBlC;AAED;;;;;GAKG;AACH,wBAAsB,WAAW,CAC/B,KAAK,EAAE,sBAAsB,EAC7B,SAAS,EAAE,UAAU,GACpB,OAAO,CAAC,OAAO,CAAC,CAalB;AAED;;;;;;;;GAQG;AACH,wBAAsB,WAAW,CAC/B,OAAO,EAAE,sBAAsB,EAAE,EACjC,SAAS,EAAE,UAAU,GACpB,OAAO,CAAC;IAAE,EAAE,EAAE,IAAI,CAAA;CAAE,GAAG;IAAE,EAAE,EAAE,KAAK,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC,CAoCzE;AAED;;;;GAIG;AACH,qBAAa,wBAAyB,YAAW,gBAAgB;IAC/D,OAAO,CAAC,OAAO,CAAgC;IAEzC,MAAM,CAAC,KAAK,EAAE,sBAAsB,GAAG,OAAO,CAAC,IAAI,CAAC;IAIpD,SAAS,IAAI,OAAO,CAAC,sBAAsB,GAAG,IAAI,CAAC;IAKnD,IAAI,CAAC,YAAY,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,sBAAsB,EAAE,CAAC;IAMlF,mEAAmE;IACnE,QAAQ,IAAI,sBAAsB,EAAE;CAGrC"}

package/dist/decision-log.js

@@ -0,0 +1,233 @@
+"use strict";
+/**
+ * AgentGuard(TM) Spend — Signed hash-chained decision log
+ *
+ * Each policy decision is appended to a tamper-evident log:
+ *   entry_n.previousHash = SHA-256(canonical_json(entry_{n-1} minus signature))
+ *   entry_n.entryHash    = SHA-256(canonical_json(entry_n minus signature))
+ *   entry_n.signature    = Ed25519(privateKey, entryHash)
+ *
+ * The log lives entirely in the customer runtime. The signing key never leaves
+ * the customer environment. Public verification is performed by anyone with
+ * the corresponding public key.
+ *
+ * The log structure (sequence number, previousHash binding, canonical-JSON
+ * serialization, Ed25519 signature) is the subject of a U.S. provisional
+ * patent application filed by the applicant in May 2026 (application number
+ * pending). The log is also designed to interoperate with the DAG Trust
+ * Attestation Token framework of Patent D §7.3 (App. No. 63/984,626) when
+ * deployed in composition; such composition is not required for the
+ * spend-governance functions implemented in this package.
+ *
+ * Patent notice: Protected by U.S. patent-pending technology
+ * (App. Nos. 63/983,615; 63/983,621; 63/983,843; 63/984,626;
+ * and an additional application filed May 2026).
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.InMemoryDecisionLogStore = exports.GENESIS_PREVIOUS_HASH = void 0;
+exports.canonicalJson = canonicalJson;
+exports.sha256Hex = sha256Hex;
+exports.computeEntryHash = computeEntryHash;
+exports.computeSignerFingerprint = computeSignerFingerprint;
+exports.signDecision = signDecision;
+exports.verifyEntry = verifyEntry;
+exports.verifyChain = verifyChain;
+const crypto_1 = require("crypto");
+const ed = __importStar(require("@noble/ed25519"));
+// @noble/ed25519 v2.3+ has sha512Async wired internally. The signAsync /
+// verifyAsync code paths used below do not require any module-level setup.
+/** All-zero hex string used as the previousHash of the genesis entry. */
+exports.GENESIS_PREVIOUS_HASH = '0'.repeat(64);
+/**
+ * Deterministic JSON serialization. Object keys are sorted, no trailing
+ * whitespace, no NaN / Infinity. Required for stable hashing across runtimes.
+ */
+function canonicalJson(value) {
+    if (value === null || typeof value !== 'object') {
+        if (typeof value === 'number' && !Number.isFinite(value)) {
+            throw new Error('canonicalJson: non-finite numbers are not permitted');
+        }
+        return JSON.stringify(value);
+    }
+    if (Array.isArray(value)) {
+        return '[' + value.map(canonicalJson).join(',') + ']';
+    }
+    const obj = value;
+    const keys = Object.keys(obj).sort();
+    const parts = keys.map((k) => JSON.stringify(k) + ':' + canonicalJson(obj[k]));
+    return '{' + parts.join(',') + '}';
+}
+/** SHA-256 of a string, returned as lowercase hex. */
+function sha256Hex(input) {
+    return (0, crypto_1.createHash)('sha256').update(input, 'utf8').digest('hex');
+}
+/**
+ * Compute the entryHash for a decision and the previous hash.
+ * This is the value that gets signed.
+ */
+function computeEntryHash(args) {
+    const payload = canonicalJson({
+        sequence: args.sequence,
+        decision: args.decision,
+        previousHash: args.previousHash,
+    });
+    return sha256Hex(payload);
+}
+/**
+ * Compute the public key fingerprint: first 8 bytes of SHA-256(pubkey), hex.
+ * Used for short identification of which key signed an entry.
+ */
+function computeSignerFingerprint(publicKey) {
+    const hash = (0, crypto_1.createHash)('sha256').update(publicKey).digest('hex');
+    return hash.slice(0, 16);
+}
+/**
+ * Sign a decision and produce a SignedDecisionLogEntry.
+ *
+ * The privateKey is a 32-byte Ed25519 secret seed. It MUST be generated and
+ * stored by the customer; AgentGuard Spend never sees or transmits it.
+ */
+async function signDecision(args) {
+    const entryHash = computeEntryHash({
+        sequence: args.sequence,
+        decision: args.decision,
+        previousHash: args.previousHash,
+    });
+    const sigBytes = await ed.signAsync(entryHash, args.privateKey);
+    const signature = Buffer.from(sigBytes).toString('hex');
+    return {
+        sequence: args.sequence,
+        decision: args.decision,
+        previousHash: args.previousHash,
+        entryHash,
+        signature,
+        signerFingerprint: computeSignerFingerprint(args.publicKey),
+    };
+}
+/**
+ * Verify a single entry's signature and hash. Returns true iff the entryHash
+ * recomputes correctly AND the signature is valid for the given public key.
+ *
+ * Does NOT verify chain linkage (that's verifyChain's job).
+ */
+async function verifyEntry(entry, publicKey) {
+    const expectedHash = computeEntryHash({
+        sequence: entry.sequence,
+        decision: entry.decision,
+        previousHash: entry.previousHash,
+    });
+    if (expectedHash !== entry.entryHash)
+        return false;
+    const sigBytes = Buffer.from(entry.signature, 'hex');
+    try {
+        return await ed.verifyAsync(sigBytes, entry.entryHash, publicKey);
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Verify an entire chain of decision log entries.
+ *
+ * Returns:
+ *   { ok: true } if every entry is valid AND each entry's previousHash matches
+ *     the prior entry's entryHash, AND the genesis entry has GENESIS_PREVIOUS_HASH,
+ *     AND sequences are strictly increasing starting at 0.
+ *   { ok: false, sequence, reason } on the first detected fault.
+ */
+async function verifyChain(entries, publicKey) {
+    if (entries.length === 0)
+        return { ok: true };
+    for (let i = 0; i < entries.length; i++) {
+        const entry = entries[i];
+        if (!entry) {
+            return { ok: false, sequence: i, reason: 'Missing entry at index ' + i };
+        }
+        const expectedSeq = i === 0 ? entries[0].sequence : (entries[i - 1].sequence + 1);
+        if (entry.sequence !== expectedSeq) {
+            return {
+                ok: false,
+                sequence: entry.sequence,
+                reason: `Sequence gap: expected ${expectedSeq}, got ${entry.sequence}`,
+            };
+        }
+        const expectedPrev = i === 0 ? exports.GENESIS_PREVIOUS_HASH : entries[i - 1].entryHash;
+        if (entry.previousHash !== expectedPrev) {
+            return {
+                ok: false,
+                sequence: entry.sequence,
+                reason: `previousHash mismatch at sequence ${entry.sequence}: expected ${expectedPrev}, got ${entry.previousHash}`,
+            };
+        }
+        const ok = await verifyEntry(entry, publicKey);
+        if (!ok) {
+            return {
+                ok: false,
+                sequence: entry.sequence,
+                reason: `Signature or hash invalid at sequence ${entry.sequence}`,
+            };
+        }
+    }
+    return { ok: true };
+}
+/**
+ * In-memory decision log store. Useful for tests, examples, and short-lived
+ * shadow deployments. Production callers will typically supply their own
+ * implementation that writes to a database table or append-only file.
+ */
+class InMemoryDecisionLogStore {
+    entries = [];
+    async append(entry) {
+        this.entries.push(entry);
+    }
+    async getLatest() {
+        if (this.entries.length === 0)
+            return null;
+        return this.entries[this.entries.length - 1] ?? null;
+    }
+    async read(fromSequence, limit) {
+        const start = this.entries.findIndex((e) => e.sequence >= fromSequence);
+        if (start === -1)
+            return [];
+        return this.entries.slice(start, start + limit);
+    }
+    /** Returns a defensive copy of all entries. Mainly for testing. */
+    snapshot() {
+        return [...this.entries];
+    }
+}
+exports.InMemoryDecisionLogStore = InMemoryDecisionLogStore;
+//# sourceMappingURL=decision-log.js.map