@agentguard-run/spend 0.4.4 → 0.6.0

package/dist/workflow/types.d.ts

@@ -0,0 +1,79 @@
+import type { ProvenanceBlock } from '../receipts/schema';
+export type WorkflowState = 'active' | 'paused' | 'cancelled' | 'completed' | 'budget_capped' | 'duration_capped';
+export type ReviewerVerdict = 'approve' | 'block' | 'revise' | null;
+export interface WorkflowConfig {
+    name: string;
+    budget_cap_usd: number;
+    duration_cap_hours: number;
+    checkpoint_every_outcomes?: number;
+    parent_outcomes?: string[];
+    resume_if_exists?: boolean;
+    metadata?: Record<string, string | number | boolean>;
+    user_id?: string;
+    api_base_url?: string;
+    license_key?: string;
+    post_json?: (url: string, body: unknown, headers: Record<string, string>) => Promise<unknown>;
+    get_json?: (url: string, headers: Record<string, string>) => Promise<unknown>;
+}
+export interface ReviewerCascadeEvidence {
+    triggered: boolean;
+    drafter_model: string | null;
+    reviewer_model: string | null;
+    drafter_output_hash: string | null;
+    reviewer_verdict: ReviewerVerdict;
+    reviewer_reasoning_hash: string | null;
+    review_started_at: string | null;
+    review_completed_at: string | null;
+}
+export interface ReceiptV2 {
+    receipt_id: string;
+    schema_version: 2;
+    outcome_name: string;
+    user_id: string;
+    cost_usd: number;
+    signed_at: string;
+    signature: string;
+    public_key_fingerprint: string;
+    workflow_id: string | null;
+    parent_receipt_id: string | null;
+    chain_validation_hash: string | null;
+    workflow_checkpoint_idx: number | null;
+    workflow_total_spend_usd_to_date: number | null;
+    is_checkpoint: boolean;
+    checkpoint_label: string | null;
+    reviewer_cascade: ReviewerCascadeEvidence | null;
+    receipt_type?: 'outcome' | 'checkpoint' | 'cancel' | 'cap_hit' | 'completed';
+    cancelled_reason?: string | null;
+}
+export interface CheckpointReceipt extends ReceiptV2 {
+    is_checkpoint: true;
+}
+export interface WorkflowStatus {
+    workflow_id: string;
+    state: WorkflowState;
+    total_spend_usd: number;
+    budget_cap_usd: number;
+    budget_remaining_usd: number;
+    budget_pct_used: number;
+    outcome_count: number;
+    last_receipt_id: string | null;
+    last_checkpoint_id: string | null;
+    last_chain_hash: string | null;
+    duration_elapsed_ms: number;
+    duration_cap_ms: number;
+    duration_remaining_ms: number;
+}
+export interface ValidationResult {
+    ok: true;
+}
+export interface ValidationFailure {
+    ok: false;
+    broken_at: number;
+    reason: 'signature_invalid' | 'chain_hash_mismatch' | 'parent_reference_mismatch';
+}
+export type ChainValidationResult = ValidationResult | ValidationFailure;
+export interface ReceiptV3 extends Omit<ReceiptV2, 'schema_version'> {
+    schema_version: 3;
+    provenance: ProvenanceBlock;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/workflow/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/workflow/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAC1D,MAAM,MAAM,aAAa,GACrB,QAAQ,GACR,QAAQ,GACR,WAAW,GACX,WAAW,GACX,eAAe,GACf,iBAAiB,CAAC;AAEtB,MAAM,MAAM,eAAe,GAAG,SAAS,GAAG,OAAO,GAAG,QAAQ,GAAG,IAAI,CAAC;AAEpE,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,cAAc,EAAE,MAAM,CAAC;IACvB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,yBAAyB,CAAC,EAAE,MAAM,CAAC;IACnC,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,CAAC;IACrD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;IAC9F,QAAQ,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;CAC/E;AAED,MAAM,WAAW,uBAAuB;IACtC,SAAS,EAAE,OAAO,CAAC;IACnB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,mBAAmB,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,gBAAgB,EAAE,eAAe,CAAC;IAClC,uBAAuB,EAAE,MAAM,GAAG,IAAI,CAAC;IACvC,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,mBAAmB,EAAE,MAAM,GAAG,IAAI,CAAC;CACpC;AAED,MAAM,WAAW,SAAS;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,EAAE,CAAC,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,qBAAqB,EAAE,MAAM,GAAG,IAAI,CAAC;IACrC,uBAAuB,EAAE,MAAM,GAAG,IAAI,CAAC;IACvC,gCAAgC,EAAE,MAAM,GAAG,IAAI,CAAC;IAChD,aAAa,EAAE,OAAO,CAAC;IACvB,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC,gBAAgB,EAAE,uBAAuB,GAAG,IAAI,CAAC;IACjD,YAAY,CAAC,EAAE,SAAS,GAAG,YAAY,GAAG,QAAQ,GAAG,SAAS,GAAG,WAAW,CAAC;IAC7E,gBAAgB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAClC;AAED,MAAM,WAAW,iBAAkB,SAAQ,SAAS;IAClD,aAAa,EAAE,IAAI,CAAC;CACrB;AAED,MAAM,WAAW,cAAc;IAC7B,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,aAAa,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;IACxB,cAAc,EAAE,MAAM,CAAC;IACvB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,eAAe,EAAE,MAAM,CAAC;IACxB,aAAa,EAAE,MAAM,CAAC;IACtB,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,kBAAkB,EAAE,MAAM,GAAG,IAAI,CAAC;IAClC,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,eAAe,EAAE,MAAM,CAAC;IACxB,qBAAqB,EAAE,MAAM,CAAC;CAC/B;AAED,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAE,IAAI,CAAC;CACV;AAED,MAAM,WAAW,iBAAiB;IAChC,EAAE,EAAE,KAAK,CAAC;IACV,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,mBAAmB,GAAG,qBAAqB,GAAG,2BAA2B,CAAC;CACnF;AAED,MAAM,MAAM,qBAAqB,GAAG,gBAAgB,GAAG,iBAAiB,CAAC;AAGzE,MAAM,WAAW,SAAU,SAAQ,IAAI,CAAC,SAAS,EAAE,gBAAgB,CAAC;IAClE,cAAc,EAAE,CAAC,CAAC;IAClB,UAAU,EAAE,eAAe,CAAC;CAC7B"}

package/dist/workflow/types.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.js.map

package/dist/workflow/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/workflow/types.ts"],"names":[],"mappings":""}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agentguard-run/spend",
-  "version": "0.4.4",
+  "version": "0.6.0",
   "description": "All terminology and labels used in AgentGuard materials are descriptive of software functionality only, not legal definitions or guarantees of compliance. Terms like receipt, audit log, evidence, audit trail, and attestation refer solely to cryptographically-signed records produced by the software. Full functional-use disclaimer in README.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -44,6 +44,11 @@
       "types": "./dist/advisor/conversation.d.ts",
       "require": "./dist/advisor/conversation.js",
       "default": "./dist/advisor/conversation.js"
+    },
+    "./workflow": {
+      "types": "./dist/workflow/index.d.ts",
+      "require": "./dist/workflow/index.js",
+      "default": "./dist/workflow/index.js"
     }
   },
   "bin": {
@@ -65,7 +70,11 @@
     "src/cli/wizard.ts",
     "src/bindings",
     "src/advisor",
-    "src/cli/advisor.ts"
+    "src/cli/advisor.ts",
+    "src/workflow",
+    "src/receipts",
+    "src/middleware",
+    "src/posture"
   ],
   "scripts": {
     "build": "tsc",
@@ -103,7 +112,8 @@
     "url": "https://agentguard.run/contact"
   },
   "dependencies": {
-    "@noble/ed25519": ">=2.3.0 <4.0.0"
+    "@noble/ed25519": "^3.1.0",
+    "@noble/hashes": "^2.2.0"
   },
   "peerDependencies": {
     "@anthropic-ai/sdk": ">=0.30.0",

package/src/middleware/provenance.ts

@@ -0,0 +1,31 @@
+import type { ProvenanceBlock } from '../receipts/schema';
+import {
+  inferCompliance,
+  inferHosting,
+  inferModelIdentity,
+  inferProviderRoute,
+  type ProviderRegistryConfig,
+  type ProviderRegistryRequest,
+} from './provider-registry';
+
+export interface AgentRequest extends ProviderRegistryRequest {
+  headers?: Record<string, string | undefined>;
+}
+
+export interface AgentGuardContext {
+  config?: ProviderRegistryConfig;
+  now?: () => Date;
+}
+
+export function captureProvenance(req: AgentRequest, ctx: AgentGuardContext = {}): ProvenanceBlock {
+  const route = inferProviderRoute({ ...req, providerRoute: ctx.config?.providerRoute ?? req.providerRoute });
+  const model = inferModelIdentity(String(req.model || 'unknown'), route);
+  const hosting = inferHosting(route, ctx.config);
+  const compliance = inferCompliance(route, model, ctx.config);
+  return {
+    model_identity: model,
+    hosting,
+    compliance,
+    captured_at: (ctx.now ? ctx.now() : new Date()).toISOString(),
+  };
+}

package/src/middleware/provider-registry.ts

@@ -0,0 +1,289 @@
+import type {
+  ComplianceProvenance,
+  HostingProvenance,
+  JurisdictionCountry,
+  ModelIdentity,
+  ProvenanceProvider,
+  WeightsOriginCountry,
+} from '../receipts/schema';
+
+export interface ProviderRouteInfo {
+  provider: ProvenanceProvider;
+  weights_origin_country: WeightsOriginCountry;
+  available_jurisdictions: string[];
+  baa_path: string | null;
+  hipaa_eligible: boolean;
+  zdr_available: boolean;
+  default_retention_days: number | null;
+  foreign_origin?: boolean;
+}
+
+export interface ProviderRegistryRequest {
+  url?: string;
+  provider?: string;
+  providerRoute?: string;
+  model?: string;
+}
+
+export interface ProviderRegistryConfig {
+  providerRoute?: string;
+  jurisdictionCountry?: JurisdictionCountry;
+  jurisdictionRegion?: string;
+  baaInForce?: boolean;
+  baaVendor?: string | null;
+  dataRetentionDays?: number | null;
+  dataResidencyAttested?: boolean;
+  foreignOriginConsentReceiptId?: string | null;
+}
+
+export const PROVIDER_REGISTRY: Record<string, ProviderRouteInfo> = {
+  'anthropic-direct': {
+    provider: 'anthropic',
+    weights_origin_country: 'US',
+    available_jurisdictions: ['US'],
+    baa_path: 'Anthropic Enterprise Messages API with BAA eligible routing',
+    hipaa_eligible: true,
+    zdr_available: true,
+    default_retention_days: 0,
+  },
+  'aws-bedrock': {
+    provider: 'anthropic',
+    weights_origin_country: 'US',
+    available_jurisdictions: ['us-east-1', 'us-east-2', 'us-west-2', 'eu-west-1', 'eu-central-1', 'ap-northeast-1'],
+    baa_path: 'AWS BAA for Bedrock HIPAA eligible services',
+    hipaa_eligible: true,
+    zdr_available: true,
+    default_retention_days: 0,
+  },
+  'azure-openai': {
+    provider: 'openai',
+    weights_origin_country: 'US',
+    available_jurisdictions: ['eastus', 'westus', 'westeurope', 'francecentral', 'switzerlandnorth'],
+    baa_path: 'Microsoft Product Terms DPA',
+    hipaa_eligible: true,
+    zdr_available: true,
+    default_retention_days: 0,
+  },
+  'openai-direct': {
+    provider: 'openai',
+    weights_origin_country: 'US',
+    available_jurisdictions: ['US'],
+    baa_path: 'OpenAI Enterprise BAA with eligible API configuration',
+    hipaa_eligible: true,
+    zdr_available: true,
+    default_retention_days: 30,
+  },
+  'vertex-ai': {
+    provider: 'google',
+    weights_origin_country: 'US',
+    available_jurisdictions: ['us-central1', 'us-east4', 'europe-west4', 'europe-west1', 'asia-northeast1'],
+    baa_path: 'Google Cloud BAA',
+    hipaa_eligible: true,
+    zdr_available: true,
+    default_retention_days: 0,
+  },
+  fireworks: {
+    provider: 'fireworks',
+    weights_origin_country: 'unknown',
+    available_jurisdictions: ['US'],
+    baa_path: null,
+    hipaa_eligible: false,
+    zdr_available: false,
+    default_retention_days: 30,
+  },
+  baseten: {
+    provider: 'baseten',
+    weights_origin_country: 'unknown',
+    available_jurisdictions: ['US'],
+    baa_path: null,
+    hipaa_eligible: false,
+    zdr_available: false,
+    default_retention_days: 30,
+  },
+  together: {
+    provider: 'together',
+    weights_origin_country: 'unknown',
+    available_jurisdictions: ['US'],
+    baa_path: null,
+    hipaa_eligible: false,
+    zdr_available: false,
+    default_retention_days: 30,
+  },
+  'moonshot-direct': {
+    provider: 'moonshot',
+    weights_origin_country: 'CN',
+    available_jurisdictions: ['CN'],
+    baa_path: null,
+    hipaa_eligible: false,
+    zdr_available: false,
+    default_retention_days: 30,
+    foreign_origin: true,
+  },
+  'deepseek-direct': {
+    provider: 'deepseek',
+    weights_origin_country: 'CN',
+    available_jurisdictions: ['CN'],
+    baa_path: null,
+    hipaa_eligible: false,
+    zdr_available: false,
+    default_retention_days: 30,
+    foreign_origin: true,
+  },
+  'alibaba-direct': {
+    provider: 'alibaba',
+    weights_origin_country: 'CN',
+    available_jurisdictions: ['CN'],
+    baa_path: null,
+    hipaa_eligible: false,
+    zdr_available: false,
+    default_retention_days: 30,
+    foreign_origin: true,
+  },
+  'kimi-k2-on-baseten': {
+    provider: 'baseten',
+    weights_origin_country: 'CN',
+    available_jurisdictions: ['US'],
+    baa_path: null,
+    hipaa_eligible: false,
+    zdr_available: false,
+    default_retention_days: 30,
+    foreign_origin: true,
+  },
+  'deepseek-on-together': {
+    provider: 'together',
+    weights_origin_country: 'CN',
+    available_jurisdictions: ['US'],
+    baa_path: null,
+    hipaa_eligible: false,
+    zdr_available: false,
+    default_retention_days: 30,
+    foreign_origin: true,
+  },
+  'qwen-on-together': {
+    provider: 'together',
+    weights_origin_country: 'CN',
+    available_jurisdictions: ['US'],
+    baa_path: null,
+    hipaa_eligible: false,
+    zdr_available: false,
+    default_retention_days: 30,
+    foreign_origin: true,
+  },
+  'self-hosted': {
+    provider: 'self_hosted',
+    weights_origin_country: 'unknown',
+    available_jurisdictions: ['self-hosted'],
+    baa_path: null,
+    hipaa_eligible: false,
+    zdr_available: true,
+    default_retention_days: 0,
+  },
+};
+
+const FOREIGN_ORIGIN_PATTERNS = [/kimi/i, /deepseek/i, /qwen/i, /yi[-_ ]/i, /baichuan/i, /glm/i, /moonshot/i];
+
+export function isForeignOriginModel(model: string): boolean {
+  return FOREIGN_ORIGIN_PATTERNS.some((pattern) => pattern.test(model));
+}
+
+export function inferProviderRoute(req: ProviderRegistryRequest): string {
+  const model = String(req.model || '').toLowerCase();
+  const url = String(req.url || '').toLowerCase();
+  if ((req.providerRoute === 'baseten' || url.includes('baseten')) && /kimi/.test(model)) return 'kimi-k2-on-baseten';
+  if ((req.providerRoute === 'together' || url.includes('together')) && /deepseek/.test(model)) return 'deepseek-on-together';
+  if ((req.providerRoute === 'together' || url.includes('together')) && /qwen/.test(model)) return 'qwen-on-together';
+  if (req.providerRoute && PROVIDER_REGISTRY[req.providerRoute]) return req.providerRoute;
+  if (url.includes('bedrock') || req.provider === 'bedrock') return 'aws-bedrock';
+  if (url.includes('anthropic') || req.provider === 'anthropic') return 'anthropic-direct';
+  if (url.includes('azure') || url.includes('openai.azure')) return 'azure-openai';
+  if (url.includes('aiplatform.googleapis') || url.includes('vertex')) return 'vertex-ai';
+  if (url.includes('fireworks') || req.providerRoute === 'fireworks') return 'fireworks';
+  if (url.includes('baseten') || req.providerRoute === 'baseten') return 'baseten';
+  if (url.includes('together') || req.providerRoute === 'together') return 'together';
+  if (url.includes('moonshot') || /kimi/.test(model)) return 'moonshot-direct';
+  if (url.includes('deepseek') || /deepseek/.test(model)) return 'deepseek-direct';
+  if (url.includes('dashscope') || url.includes('alibaba') || /qwen/.test(model)) return 'alibaba-direct';
+  if (req.provider === 'openai') return 'openai-direct';
+  if (req.provider === 'gemini') return 'vertex-ai';
+  return 'self-hosted';
+}
+
+export function inferModelIdentity(model: string, route: string): ModelIdentity {
+  const info = PROVIDER_REGISTRY[route] ?? PROVIDER_REGISTRY['self-hosted'];
+  const modelId = model || 'unknown';
+  return {
+    provider: modelProvider(modelId, info.provider),
+    model_id: modelId,
+    model_version: modelVersion(modelId),
+    model_family: modelFamily(modelId),
+    weights_origin_country: isForeignOriginModel(modelId) || info.foreign_origin ? 'CN' : info.weights_origin_country,
+  };
+}
+
+export function inferHosting(route: string, config: ProviderRegistryConfig = {}): HostingProvenance {
+  const info = PROVIDER_REGISTRY[route] ?? PROVIDER_REGISTRY['self-hosted'];
+  const region = config.jurisdictionRegion || info.available_jurisdictions[0] || 'unknown';
+  return {
+    provider_route: route,
+    jurisdiction_country: config.jurisdictionCountry || countryFromRegion(region),
+    jurisdiction_region: region,
+  };
+}
+
+export function inferCompliance(route: string, model: ModelIdentity, config: ProviderRegistryConfig = {}): ComplianceProvenance {
+  const info = PROVIDER_REGISTRY[route] ?? PROVIDER_REGISTRY['self-hosted'];
+  const retention = config.dataRetentionDays !== undefined ? config.dataRetentionDays : info.default_retention_days;
+  return {
+    baa_in_force: config.baaInForce ?? false,
+    baa_vendor: config.baaVendor ?? info.baa_path,
+    hipaa_eligible: info.hipaa_eligible,
+    data_retention_days: retention,
+    data_residency_attested: config.dataResidencyAttested ?? false,
+    foreign_origin_weight_flag: model.weights_origin_country === 'CN' || info.foreign_origin === true,
+    foreign_origin_consent_receipt_id: config.foreignOriginConsentReceiptId ?? null,
+  };
+}
+
+function modelProvider(model: string, fallback: ProvenanceProvider): ProvenanceProvider {
+  const lower = model.toLowerCase();
+  if (lower.includes('claude')) return 'anthropic';
+  if (lower.includes('gpt') || lower.includes('openai')) return 'openai';
+  if (lower.includes('gemini')) return 'google';
+  if (lower.includes('mistral')) return 'mistral';
+  if (lower.includes('llama')) return 'meta';
+  if (lower.includes('command')) return 'cohere';
+  if (lower.includes('deepseek')) return 'deepseek';
+  if (lower.includes('kimi') || lower.includes('moonshot')) return 'moonshot';
+  if (lower.includes('qwen') || lower.includes('yi') || lower.includes('baichuan') || lower.includes('glm')) return 'alibaba';
+  return fallback;
+}
+
+function modelVersion(model: string): string {
+  const match = model.match(/(?:^|[-_])(20\d{6}|\d{8})(?:$|[-_])/);
+  return match?.[1] ?? 'unknown';
+}
+
+function modelFamily(model: string): string {
+  const lower = model.toLowerCase();
+  if (lower.includes('claude')) return 'claude';
+  if (lower.includes('gpt')) return 'gpt';
+  if (lower.includes('gemini')) return 'gemini';
+  if (lower.includes('llama-4') || lower.includes('llama4')) return 'llama-4';
+  if (lower.includes('mistral')) return 'mistral';
+  if (lower.includes('kimi')) return 'kimi';
+  if (lower.includes('deepseek')) return 'deepseek';
+  if (lower.includes('qwen')) return 'qwen';
+  return lower.split(/[/:_]/).pop()?.split('-').slice(0, 2).join('-') || 'unknown';
+}
+
+function countryFromRegion(region: string): JurisdictionCountry {
+  const lower = region.toLowerCase();
+  if (lower.startsWith('us') || lower.includes('eastus') || lower.includes('westus')) return 'US';
+  if (lower.startsWith('eu') || lower.includes('europe') || lower.includes('france') || lower.includes('switzerland')) return 'EU';
+  if (lower.startsWith('uk')) return 'UK';
+  if (lower.startsWith('ca')) return 'CA';
+  if (lower.startsWith('cn')) return 'CN';
+  if (lower.startsWith('ap-northeast') || lower.includes('tokyo') || lower.includes('japan')) return 'JP';
+  if (lower.startsWith('ap-southeast-2') || lower.includes('australia')) return 'AU';
+  return 'unknown';
+}

package/src/posture/enforce.ts

@@ -0,0 +1,87 @@
+import * as http from 'http';
+import * as https from 'https';
+import type { ProvenanceBlock } from '../receipts/schema';
+
+export type GovernancePosture = 'velocity' | 'standard' | 'compliance';
+
+export interface ComplianceEnforcementConfig {
+  posture?: GovernancePosture;
+  foreignOriginConsentReceiptId?: string | null;
+  consentEndpointBaseUrl?: string;
+  consentGetJson?: (url: string) => Promise<unknown>;
+}
+
+export class AgentGuardComplianceError extends Error {
+  code = 'AGENTGUARD_COMPLIANCE_BLOCK';
+  constructor(message: string) {
+    super(message);
+    this.name = 'AgentGuardComplianceError';
+  }
+}
+
+export class AgentGuardConsentRequiredError extends Error {
+  code = 'AGENTGUARD_CONSENT_REQUIRED';
+  constructor(message: string) {
+    super(message);
+    this.name = 'AgentGuardConsentRequiredError';
+  }
+}
+
+const DEFAULT_CONSENT_BASE_URL = 'https://agentguard.run';
+
+export async function enforceCompliance(
+  provenance: ProvenanceBlock,
+  config: ComplianceEnforcementConfig = {},
+): Promise<void> {
+  if (!provenance.compliance.foreign_origin_weight_flag) return;
+  const posture = config.posture ?? 'standard';
+  if (posture === 'compliance') {
+    throw new AgentGuardComplianceError(
+      'Foreign origin weights are blocked in compliance posture. Set posture to standard and provide foreign_origin_consent_receipt_id to use this model.',
+    );
+  }
+  if (posture !== 'standard') return;
+  const consentId = config.foreignOriginConsentReceiptId || provenance.compliance.foreign_origin_consent_receipt_id;
+  if (!consentId) {
+    throw new AgentGuardConsentRequiredError(
+      'This call uses foreign origin weights. Generate a consent receipt at https://agentguard.run/dashboard/consent/foreign-origin-weights before using this model.',
+    );
+  }
+  const verified = await verifyConsentReceipt(consentId, config);
+  if (!verified) {
+    throw new AgentGuardConsentRequiredError(`Foreign origin consent receipt ${consentId} is invalid or expired.`);
+  }
+}
+
+export async function verifyConsentReceipt(
+  consentId: string,
+  config: ComplianceEnforcementConfig = {},
+): Promise<boolean> {
+  if (!/^ag_consent_[A-Za-z0-9_-]+$/.test(consentId)) return false;
+  const base = (config.consentEndpointBaseUrl || DEFAULT_CONSENT_BASE_URL).replace(/\/$/, '');
+  const raw = await (config.consentGetJson ?? getJson)(`${base}/api/consent/verify/${encodeURIComponent(consentId)}`);
+  return Boolean(raw && typeof raw === 'object' && (raw as { valid?: unknown }).valid === true);
+}
+
+function getJson(url: string): Promise<unknown> {
+  if (url.startsWith('mock://')) return Promise.resolve({ valid: true });
+  return new Promise((resolve, reject) => {
+    const parsed = new URL(url);
+    const client = parsed.protocol === 'http:' ? http : https;
+    const req = client.request(
+      { method: 'GET', hostname: parsed.hostname, port: parsed.port, path: parsed.pathname + parsed.search, timeout: 5000 },
+      (res) => {
+        const chunks: Buffer[] = [];
+        res.on('data', (chunk: Buffer) => chunks.push(chunk));
+        res.on('end', () => {
+          const text = Buffer.concat(chunks).toString('utf8');
+          if ((res.statusCode ?? 0) >= 400) return reject(new Error(`consent endpoint failed: ${res.statusCode}`));
+          try { resolve(text ? JSON.parse(text) : {}); } catch { resolve({}); }
+        });
+      },
+    );
+    req.on('error', reject);
+    req.on('timeout', () => req.destroy(new Error('consent endpoint timed out')));
+    req.end();
+  });
+}

package/src/receipts/schema.ts

@@ -0,0 +1,81 @@
+import type { ReceiptV2 } from '../workflow/types';
+
+export type ProvenanceProvider =
+  | 'anthropic'
+  | 'openai'
+  | 'google'
+  | 'mistral'
+  | 'meta'
+  | 'cohere'
+  | 'fireworks'
+  | 'baseten'
+  | 'together'
+  | 'deepseek'
+  | 'moonshot'
+  | 'alibaba'
+  | 'self_hosted'
+  | 'unknown';
+
+export type WeightsOriginCountry = 'US' | 'EU' | 'UK' | 'CA' | 'CN' | 'unknown';
+export type JurisdictionCountry = 'US' | 'EU' | 'UK' | 'CA' | 'CN' | 'AU' | 'JP' | 'unknown';
+
+export interface ModelIdentity {
+  provider: ProvenanceProvider;
+  model_id: string;
+  model_version: string;
+  model_family: string;
+  weights_origin_country: WeightsOriginCountry;
+}
+
+export interface HostingProvenance {
+  provider_route: string;
+  jurisdiction_country: JurisdictionCountry;
+  jurisdiction_region: string;
+}
+
+export interface ComplianceProvenance {
+  baa_in_force: boolean;
+  baa_vendor: string | null;
+  hipaa_eligible: boolean;
+  data_retention_days: number | null;
+  data_residency_attested: boolean;
+  foreign_origin_weight_flag: boolean;
+  foreign_origin_consent_receipt_id: string | null;
+}
+
+export interface ProvenanceBlock {
+  model_identity: ModelIdentity;
+  hosting: HostingProvenance;
+  compliance: ComplianceProvenance;
+  captured_at: string;
+}
+
+export interface ReceiptV1 {
+  receipt_id: string;
+  schema_version?: 1;
+  signature?: string;
+  [key: string]: unknown;
+}
+
+export type ReceiptV3 = Omit<ReceiptV2, 'schema_version'> & {
+  schema_version: 3;
+  provenance: ProvenanceBlock;
+};
+
+export type AnyReceipt = ReceiptV1 | ReceiptV2 | ReceiptV3;
+
+export function receiptSchemaVersion(receipt: unknown): 1 | 2 | 3 {
+  if (!receipt || typeof receipt !== 'object') throw new Error('Receipt must be an object');
+  const raw = (receipt as { schema_version?: unknown }).schema_version;
+  if (raw === undefined || raw === 1) return 1;
+  if (raw === 2 || raw === 3) return raw;
+  throw new Error(`Unsupported receipt schema_version: ${String(raw)}`);
+}
+
+export function isReceiptV3(receipt: unknown): receipt is ReceiptV3 {
+  return receiptSchemaVersion(receipt) === 3 && Boolean((receipt as { provenance?: unknown }).provenance);
+}
+
+export function assertReceiptV3(receipt: unknown): asserts receipt is ReceiptV3 {
+  if (!isReceiptV3(receipt)) throw new Error('Receipt schema v3 requires a provenance block');
+}

package/src/workflow/chain-validator.ts

@@ -0,0 +1,35 @@
+import { canonicalJSONStringify, sha256, verifyReceipt } from './receipt';
+import type { ChainValidationResult, ReceiptV2 } from './types';
+
+export async function validateReceiptChain(receipts: ReceiptV2[]): Promise<ChainValidationResult> {
+  if (receipts.length === 0) return { ok: true };
+
+  for (let i = 0; i < receipts.length; i++) {
+    if (!verifyReceipt(receipts[i]!)) {
+      return { ok: false, broken_at: i, reason: 'signature_invalid' };
+    }
+    if (i === 0) continue;
+    const prev = receipts[i - 1]!;
+    const curr = receipts[i]!;
+    const expectedHash = await computeChainHash(prev);
+    if (curr.chain_validation_hash !== expectedHash) {
+      return { ok: false, broken_at: i, reason: 'chain_hash_mismatch' };
+    }
+    if (curr.parent_receipt_id !== prev.receipt_id) {
+      return { ok: false, broken_at: i, reason: 'parent_reference_mismatch' };
+    }
+  }
+
+  return { ok: true };
+}
+
+export async function computeChainHash(receipt: ReceiptV2): Promise<string> {
+  const canonical = canonicalJSONStringify({
+    receipt_id: receipt.receipt_id,
+    workflow_id: receipt.workflow_id,
+    cost_usd: receipt.cost_usd,
+    signed_at: receipt.signed_at,
+    signature: receipt.signature,
+  });
+  return sha256(canonical);
+}