@agenticprimitives/a2a 0.0.0-alpha.1

package/CLAUDE.md

@@ -0,0 +1,67 @@
+# @agenticprimitives/a2a — Claude guide
+
+## What this is
+Async, delegation-authorized **Agent-to-Agent task transport** (spec 269). Any claimed agent sends any
+other claimed agent an asynchronous task and collects the result by poll / push / stream. Built on the
+`@agenticprimitives/fulfillment` Task substrate; the delegation primitive is the auth.
+
+## The boundary (ADR-0034 — READ FIRST)
+This package is the **transport-agnostic core**: the Task runtime over a `TaskStore` PORT, the
+`SkillHandler` contract + dispatcher, the JSON-RPC handlers, the `A2aWireAdapter` client, the
+delegation-auth gate, and the scoped-grant caveat builders. **No Cloudflare coupling here.** The
+Cloudflare `TaskStoreDO` (DurableObject-backed `TaskStore` + `alarm()`) ships as the `./cloudflare`
+subpath. We DIVERGE from spec 245's `mcp-runtime/a2a` placement on purpose — `mcp-runtime` becomes a
+consumer (the receiving `withDelegation` gate + the a2a→mcp delivery leg), not the owner.
+
+## Wave status
+- **W1 (done):** Task runtime core — `newTaskRecord`, `applyTransition` (fail-closed via
+  `canTaskTransition`), `dispatchTask` (skill dispatch; unknown→rejected; AuthRequired→auth-required;
+  throw→failed), the `TaskStore` port + in-memory impl, the `SkillHandler` contract.
+- **W2 (done):** delegation-auth gate `authorizeA2aMessage` (FR-4: delegate===requester, timestamp
+  window, allowedTargets=this-agent + allowedMethods=skill scoping, on-chain `isRevoked` + ERC-1271
+  injected fail-closed, signed message, single-use message-id) + `buildA2aGrantCaveats` + `hashA2aMessage`.
+- **W3 (done):** `createA2aAgent` (message/send → authorize + persist + return submitted; tasks/get +
+  tasks/cancel with party auth; `processDue` alarm body running `dispatchTask`; agent-card) +
+  `dispatchA2aRpc`/`handleA2aRpcBody` (JSON-RPC 2.0) + `A2aWireAdapter` (over an injected transport) +
+  the `./cloudflare` `createDurableObjectTaskStore` adapter.
+- **W4 (done):** vault body residency (`emitArtifact` writes the body to the assignee vault; only
+  hashes/refs in state) + signed push (`deliverPush`/`verifyPushEnvelope` — assignee signs the terminal
+  envelope, receiver verifies, bounded retry; wired into `processDue`) + `tasks/pushNotificationConfig/set`
+  + SSE framing (`formatSseEvent`/`isStreamEnd`). Poll is `tasks/get` (W3).
+- **W5 (done):** two-agent acceptance harness (`test/harness.test.ts`, AC-1..AC-4 — happy path, the
+  delegation-gate denials at the agent surface, a cross-vault entitlement deposit, the auth-required
+  round-trip via `resubmit`) + the demo-a2a relayer adoption (`apps/demo-a2a/src/a2a-task-do.ts`: a
+  per-agent `A2aTaskDO` running the real runtime over DO storage, ERC-1271 + isRevoked checks bound to
+  Base Sepolia, `alarm()`-driven `processDue`; `/api/a2a` forwards to it — the stub "received" is gone).
+  Added `resubmit` (auth-required → submitted) + `tasks/resubmit` routing this wave.
+
+## Read first
+1. `capability.manifest.json` — boundary.
+2. `../../specs/269-async-delegation-authorized-a2a.md` — the contract + the §9 decisions.
+3. `../../docs/architecture/decisions/0034-a2a-transport-is-its-own-package-with-cloudflare-adapter.md`.
+4. `src/runtime.ts` (lifecycle) → `src/skill-handler.ts` (the plug-in) → `src/task-store.ts` (the port).
+
+## Allowed imports
+`@agenticprimitives/types`, `@agenticprimitives/fulfillment` (Task/Artifact types), `@agenticprimitives/delegation`
+(verify + caveats), `viem`. The `./cloudflare` subpath additionally uses `@cloudflare/workers-types` (dev).
+
+## Forbidden imports
+- `apps/*`
+- `@agenticprimitives/mcp-runtime` / `tool-policy` (they consume us — no back-edges).
+- `@modelcontextprotocol/sdk` (MCP transport is not A2A transport).
+- **No Cloudflare types in the core `src/` (only in `src/cloudflare/`).**
+
+## Security invariants (DO NOT BREAK)
+- Every transition fail-closed via `canTaskTransition`; unknown skill → `rejected`.
+- No task created for an unverifiable grant (W2). `task.permissionGrantRef = hashDelegation(grant)`;
+  on-chain `isRevoked` fails in-flight closed.
+- Message/artifact bodies live in the vault (`VaultRef`) — only hashes/refs in task state (A2A-INV-04).
+- Authorization ≠ identity: the caveats + assignee decide *what*; the token proves *who*. A delegator
+  never reaches another principal's namespace.
+- No long-lived signing key for a claimed agent — KMS/session signer only (ties to spec-235 §10).
+
+## Validate
+```bash
+pnpm --filter @agenticprimitives/a2a typecheck
+pnpm --filter @agenticprimitives/a2a test
+```

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Agentic Trust Labs
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,50 @@
+# @agenticprimitives/a2a
+
+**Agent-to-agent calls gated by the same delegations as everything else.** Agent discovery and identity are being settled right now — ERC-8004 went to mainnet, agent naming services launched, agent cards are becoming the lingua franca of discovery. What none of that settles is authority: when agent A sends agent B a task, what proves A was allowed to ask, for exactly that skill, within exactly those limits? This package answers with the agenticprimitives delegation primitive — the same EIP-712, caveat-constrained, on-chain-revocable grant that authorizes a web session, an MCP tool, and an on-chain spend. One delegation model, everywhere; A2A is not the exception.
+
+Part of [agenticprimitives](../../README.md) — the trust substrate for the agent economy: one canonical Smart Agent identity with custody, delegation, naming, credentials, and audit evidence designed as one system.
+
+Concretely: an async, delegation-authorized **Agent-to-Agent task transport**. Any claimed agent sends any other an asynchronous, delegation-scoped task and collects the result by poll, push, or stream. Built on the `@agenticprimitives/fulfillment` Task substrate; specified in [spec 269](../../specs/269-async-delegation-authorized-a2a.md).
+
+## What ships
+
+All five implementation waves have landed:
+
+- **Task runtime core** — `newTaskRecord`, `applyTransition` (fail-closed via `canTaskTransition`), `dispatchTask`, the `TaskStore` port + an in-memory reference implementation, and the `SkillHandler` contract. Unknown skill → `rejected`, never silently dropped.
+- **Delegation-auth gate** — `authorizeA2aMessage`: delegate === requester, timestamp window, target + skill scoping via caveats, on-chain `isRevoked` + ERC-1271 injected fail-closed, signed message, single-use message-id. Plus `buildA2aGrantCaveats` and `hashA2aMessage`.
+- **Agent surface** — `createA2aAgent` (message/send → authorize + persist; tasks/get + tasks/cancel with party auth; alarm-driven `processDue`; agent card) + JSON-RPC 2.0 handlers (`dispatchA2aRpc` / `handleA2aRpcBody`) + the `A2aWireAdapter` client over an injected transport.
+- **Vault body residency + signed push** — message and artifact bodies live in the assignee's vault; only hashes/refs appear in task state. Terminal results are delivered as signed push envelopes (`deliverPush` / `verifyPushEnvelope`) with bounded retry, or streamed via SSE framing, or polled via `tasks/get`.
+- **Two-agent acceptance harness** — the happy path, delegation-gate denials at the agent surface, a cross-vault entitlement deposit, and the auth-required round-trip via `resubmit`, all exercised in `test/harness.test.ts`.
+
+```ts
+import { newTaskRecord, dispatchTask, buildSkillRegistry, createInMemoryTaskStore } from '@agenticprimitives/a2a';
+```
+
+## Boundary
+
+The core is **transport-agnostic** — no Cloudflare coupling in `src/`. The Durable Object-backed `TaskStore` adapter (`createDurableObjectTaskStore`) ships as the `./cloudflare` subpath. See [ADR-0034](../../docs/architecture/decisions/0034-a2a-transport-is-its-own-package-with-cloudflare-adapter.md). `mcp-runtime` is a consumer of this package, not the owner — no back-edges.
+
+## How it's different
+
+The competing pattern is **A2A protocol SDKs and agent-framework messaging** — transports that move tasks but treat authorization as someone else's problem (a bearer token, a shared secret, an allow-list). Three things this package does that they structurally cannot:
+
+- **No task without a verifiable grant.** A task record is only created when the delegation gate verifies the grant; `task.permissionGrantRef` pins the delegation hash, and an on-chain revocation fails the task in flight, closed.
+- **Authorization is not identity.** The caveats and assignee decide *what* may happen; the signed token proves *who* asked. A delegator never reaches another principal's namespace, and no claimed agent holds a long-lived signing key — KMS/session signers only.
+- **Bodies stay in the vault.** Task state carries hashes and refs; payloads live in the assignee's vault with its own access control. The transport never becomes the data store.
+
+Because the gate is the same delegation primitive used across the substrate, "this agent may invoke that agent's `summarize` skill until Friday, revocable instantly" is one grant — verifiable on chain, auditable end to end.
+
+## Validation
+
+```bash
+pnpm --filter @agenticprimitives/a2a typecheck
+pnpm --filter @agenticprimitives/a2a test
+```
+
+## Status
+
+Testnet/pilot-ready. Production launch is gated on the public checklist in the root [`README.md`](../../README.md#status--honest-version) — including third-party contract audit and governance key rotation. Track every security finding live in [`docs/audits/findings.yaml`](../../docs/audits/findings.yaml). The runtime runs end to end in the demo apps against Base Sepolia (ERC-1271 + `isRevoked` checks bound to chain).
+
+## License
+
+UNLICENSED (internal monorepo, not published).

package/dist/agent.d.ts

@@ -0,0 +1,114 @@
+import type { HandoffPolicy } from '@agenticprimitives/fulfillment';
+import type { Address, Hex } from '@agenticprimitives/types';
+import type { Delegation } from '@agenticprimitives/delegation';
+import type { Task, TaskEvent, A2aMessage, VaultRef } from './types.js';
+import type { TaskStore } from './task-store.js';
+import { type SkillHandler, type VaultClient, type McpClient } from './skill-handler.js';
+import { type OnChainChecks } from './auth.js';
+import type { A2aEnforcers } from './grant.js';
+import { type TerminalSigner, type PushSender } from './push.js';
+export interface A2aAgentConfig {
+    /** This agent's Smart Account — the assignee + the allowedTargets the gate requires. */
+    agentSA: Address;
+    /** Network identifiers used to derive `permissionGrantRef = hashDelegation(...)`. */
+    chainId: number;
+    delegationManager: Address;
+    enforcers: A2aEnforcers;
+    taskStore: TaskStore;
+    checks: OnChainChecks;
+    handlers: SkillHandler[];
+    vault: VaultClient;
+    mcp: McpClient;
+    /** Clock + id generators — injected for determinism in tests. */
+    now?: () => number;
+    newTaskId?: () => Hex;
+    newArtifactId?: () => Hex;
+    /** Hash of an arbitrary body (default keccak256 via the consumer; here a required injection). */
+    hashBody: (data: unknown) => Hex;
+    /** Terminal push delivery (FR-5.2) — both required to enable push; omit to disable. The signer MUST
+     *  be a KMS/session signer for the assignee SA (SR-8). */
+    signTerminal?: TerminalSigner;
+    pushSender?: PushSender;
+    /** FR-3.6 — the policy gating skill-handler hand-offs (`requestHandoff`). Omit ⇒ hand-offs are
+     *  rejected (fail-closed). */
+    handoffPolicy?: HandoffPolicy;
+}
+export type RpcOk<T> = {
+    ok: true;
+    result: T;
+};
+export type RpcErr = {
+    ok: false;
+    code: number;
+    message: string;
+};
+export type RpcResult<T> = RpcOk<T> | RpcErr;
+export interface MessageSendParams {
+    delegation: Delegation;
+    requester: Address;
+    message: A2aMessage;
+    /** The input body (persisted to the assignee's vault → bodyRef; FR-2.2). */
+    input: unknown;
+    pushConfig?: {
+        url: string;
+        token?: string;
+    };
+}
+/** Resubmit an auth-required task with a fresh grant (FR-3.5). Carries a NEW signed message (new
+ *  messageId → no replay) + the input the suspended handler asked for. Only the original sender may. */
+export interface ResubmitParams extends MessageSendParams {
+    taskId: Hex;
+}
+export interface A2aAgent {
+    messageSend(params: MessageSendParams): Promise<RpcResult<{
+        taskId: Hex;
+        state: Task['state'];
+    }>>;
+    /** Resume an auth-required task (auth-required → submitted) with a fresh grant + message (FR-3.5). */
+    resubmit(params: ResubmitParams): Promise<RpcResult<{
+        taskId: Hex;
+        state: Task['state'];
+    }>>;
+    tasksGet(params: {
+        taskId: Hex;
+        caller: Address;
+    }): Promise<RpcResult<Task & {
+        error?: string;
+        artifactRefs: VaultRef[];
+    }>>;
+    tasksCancel(params: {
+        taskId: Hex;
+        caller: Address;
+    }): Promise<RpcResult<{
+        taskId: Hex;
+        state: Task['state'];
+    }>>;
+    /** Register the push webhook for a task (FR-5.2). Party-authed. */
+    pushConfigSet(params: {
+        taskId: Hex;
+        caller: Address;
+        url: string;
+        token?: string;
+    }): Promise<RpcResult<{
+        taskId: Hex;
+        registered: true;
+    }>>;
+    /** The alarm() body — process every due task to a next state. Returns the events to fan out (W4 delivery). */
+    processDue(): Promise<TaskEvent[]>;
+    agentCard(): AgentCard;
+}
+export interface AgentCard {
+    name: string;
+    url: string;
+    version: string;
+    capabilities: {
+        streaming: boolean;
+        pushNotifications: boolean;
+        stateTransitionHistory: boolean;
+    };
+    skills: {
+        id: string;
+    }[];
+}
+export declare function createA2aAgent(config: A2aAgentConfig): A2aAgent;
+//# sourceMappingURL=agent.d.ts.map

package/dist/agent.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"agent.d.ts","sourceRoot":"","sources":["../src/agent.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,gCAAgC,CAAC;AACpE,OAAO,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAChE,OAAO,KAAK,EAAE,IAAI,EAAc,SAAS,EAAE,UAAU,EAAe,QAAQ,EAAc,MAAM,YAAY,CAAC;AAE7G,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAEjD,OAAO,EAAsB,KAAK,YAAY,EAAE,KAAK,WAAW,EAAE,KAAK,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAC7G,OAAO,EAAuB,KAAK,aAAa,EAAE,MAAM,WAAW,CAAC;AACpE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAC/C,OAAO,EAAe,KAAK,cAAc,EAAE,KAAK,UAAU,EAAE,MAAM,WAAW,CAAC;AAE9E,MAAM,WAAW,cAAc;IAC7B,wFAAwF;IACxF,OAAO,EAAE,OAAO,CAAC;IACjB,qFAAqF;IACrF,OAAO,EAAE,MAAM,CAAC;IAChB,iBAAiB,EAAE,OAAO,CAAC;IAC3B,SAAS,EAAE,YAAY,CAAC;IACxB,SAAS,EAAE,SAAS,CAAC;IACrB,MAAM,EAAE,aAAa,CAAC;IACtB,QAAQ,EAAE,YAAY,EAAE,CAAC;IACzB,KAAK,EAAE,WAAW,CAAC;IACnB,GAAG,EAAE,SAAS,CAAC;IACf,iEAAiE;IACjE,GAAG,CAAC,EAAE,MAAM,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,GAAG,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,GAAG,CAAC;IAC1B,iGAAiG;IACjG,QAAQ,EAAE,CAAC,IAAI,EAAE,OAAO,KAAK,GAAG,CAAC;IACjC;8DAC0D;IAC1D,YAAY,CAAC,EAAE,cAAc,CAAC;IAC9B,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB;kCAC8B;IAC9B,aAAa,CAAC,EAAE,aAAa,CAAC;CAC/B;AAED,MAAM,MAAM,KAAK,CAAC,CAAC,IAAI;IAAE,EAAE,EAAE,IAAI,CAAC;IAAC,MAAM,EAAE,CAAC,CAAA;CAAE,CAAC;AAC/C,MAAM,MAAM,MAAM,GAAG;IAAE,EAAE,EAAE,KAAK,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC;AAClE,MAAM,MAAM,SAAS,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC;AAE7C,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,UAAU,CAAC;IACvB,SAAS,EAAE,OAAO,CAAC;IACnB,OAAO,EAAE,UAAU,CAAC;IACpB,4EAA4E;IAC5E,KAAK,EAAE,OAAO,CAAC;IACf,UAAU,CAAC,EAAE;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;CAC9C;AAED;wGACwG;AACxG,MAAM,WAAW,cAAe,SAAQ,iBAAiB;IACvD,MAAM,EAAE,GAAG,CAAC;CACb;AAED,MAAM,WAAW,QAAQ;IACvB,WAAW,CAAC,MAAM,EAAE,iBAAiB,GAAG,OAAO,CAAC,SAAS,CAAC;QAAE,MAAM,EAAE,GAAG,CAAC;QAAC,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,CAAA;KAAE,CAAC,CAAC,CAAC;IAClG,sGAAsG;IACtG,QAAQ,CAAC,MAAM,EAAE,cAAc,GAAG,OAAO,CAAC,SAAS,CAAC;QAAE,MAAM,EAAE,GAAG,CAAC;QAAC,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,CAAA;KAAE,CAAC,CAAC,CAAC;IAC5F,QAAQ,CAAC,MAAM,EAAE;QAAE,MAAM,EAAE,GAAG,CAAC;QAAC,MAAM,EAAE,OAAO,CAAA;KAAE,GAAG,OAAO,CAAC,SAAS,CAAC,IAAI,GAAG;QAAE,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,QAAQ,EAAE,CAAA;KAAE,CAAC,CAAC,CAAC;IAC5H,WAAW,CAAC,MAAM,EAAE;QAAE,MAAM,EAAE,GAAG,CAAC;QAAC,MAAM,EAAE,OAAO,CAAA;KAAE,GAAG,OAAO,CAAC,SAAS,CAAC;QAAE,MAAM,EAAE,GAAG,CAAC;QAAC,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,CAAA;KAAE,CAAC,CAAC,CAAC;IACjH,mEAAmE;IACnE,aAAa,CAAC,MAAM,EAAE;QAAE,MAAM,EAAE,GAAG,CAAC;QAAC,MAAM,EAAE,OAAO,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,SAAS,CAAC;QAAE,MAAM,EAAE,GAAG,CAAC;QAAC,UAAU,EAAE,IAAI,CAAA;KAAE,CAAC,CAAC,CAAC;IAC5I,8GAA8G;IAC9G,UAAU,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC;IACnC,SAAS,IAAI,SAAS,CAAC;CACxB;AAED,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE;QAAE,SAAS,EAAE,OAAO,CAAC;QAAC,iBAAiB,EAAE,OAAO,CAAC;QAAC,sBAAsB,EAAE,OAAO,CAAA;KAAE,CAAC;IAClG,MAAM,EAAE;QAAE,EAAE,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;CAC1B;AAOD,wBAAgB,cAAc,CAAC,MAAM,EAAE,cAAc,GAAG,QAAQ,CAiL/D"}

package/dist/agent.js

@@ -0,0 +1,191 @@
+// The embeddable agent (spec 269 §8) — wires the W1 runtime + the W2 auth gate into the method handlers
+// an agent worker exposes at /api/a2a, plus the alarm() body (`processDue`) and the agent-card. Storage,
+// HTTP, and the DurableObject are the caller's (the JSON-RPC layer + the ./cloudflare adapter); this stays
+// transport-agnostic. message/send NEVER runs the skill inline (FR-2.3) — it persists + returns submitted;
+// processDue does the work.
+import { hashDelegation } from '@agenticprimitives/delegation';
+import { isTerminal } from './types.js';
+import { newTaskRecord, applyTransition, dispatchTask } from './runtime.js';
+import { buildSkillRegistry } from './skill-handler.js';
+import { authorizeA2aMessage } from './auth.js';
+import { deliverPush } from './push.js';
+const RPC_INVALID_REQUEST = -32600;
+const RPC_UNAUTHORIZED = -32001;
+const RPC_NOT_FOUND = -32004;
+const eq = (a, b) => a.toLowerCase() === b.toLowerCase();
+export function createA2aAgent(config) {
+    const registry = buildSkillRegistry(config.handlers);
+    const now = () => (config.now ? config.now() : Date.now());
+    let artCounter = 0;
+    const newArtifactId = () => config.newArtifactId ? config.newArtifactId() : (`0x${(++artCounter).toString(16).padStart(64, '0')}`);
+    return {
+        async messageSend(params) {
+            const auth = await authorizeA2aMessage({
+                delegation: params.delegation,
+                requester: params.requester,
+                message: params.message,
+                thisAgentSA: config.agentSA,
+                skill: params.message.skill,
+                enforcers: config.enforcers,
+                checks: config.checks,
+                store: config.taskStore,
+                now: now(),
+            });
+            if (!auth.ok)
+                return { ok: false, code: RPC_UNAUTHORIZED, message: auth.reason };
+            // FR-2.2 — body integrity + vault residency: the signed bodyHash must match the input; persist the
+            // input to THIS agent's vault namespace; the message keeps only the ref + hash.
+            if (!eq(config.hashBody(params.input), params.message.bodyHash)) {
+                return { ok: false, code: RPC_INVALID_REQUEST, message: 'input does not match signed bodyHash' };
+            }
+            const bodyRef = await config.vault.write({
+                owner: config.agentSA,
+                recordType: `a2a:msg:${params.message.messageId}`,
+                data: params.input,
+            });
+            const message = { ...params.message, bodyRef };
+            const taskId = config.newTaskId ? config.newTaskId() : (`0x${'00'.repeat(31)}01`);
+            const record = newTaskRecord({
+                taskId,
+                principal: auth.principal,
+                assignee: config.agentSA,
+                sender: params.requester,
+                skill: message.skill,
+                delegation: params.delegation,
+                inbound: message,
+                permissionGrantRef: hashDelegation(params.delegation, config.chainId, config.delegationManager),
+                inputHash: message.bodyHash,
+                now: now(),
+            });
+            const withPush = params.pushConfig ? { ...record, pushConfig: params.pushConfig } : record;
+            await config.taskStore.put(withPush); // FR-2.4 — schedule processing (listDue → alarm)
+            return { ok: true, result: { taskId, state: 'submitted' } }; // FR-2.3 — return immediately
+        },
+        async resubmit(params) {
+            const rec = await config.taskStore.get(params.taskId);
+            if (!rec)
+                return { ok: false, code: RPC_NOT_FOUND, message: 'unknown task' };
+            // FR-3.5 — only a task the agent itself parked in auth-required may be resumed, by its sender.
+            if (rec.task.state !== 'auth-required')
+                return { ok: false, code: RPC_INVALID_REQUEST, message: 'task is not awaiting auth' };
+            if (!eq(params.requester, rec.sender))
+                return { ok: false, code: RPC_UNAUTHORIZED, message: 'only the original sender may resubmit' };
+            if (!eq(params.message.skill, rec.skill))
+                return { ok: false, code: RPC_INVALID_REQUEST, message: 'skill mismatch on resubmit' };
+            // Re-run the full auth gate on the fresh grant + new message (single-use messageId → no replay).
+            const auth = await authorizeA2aMessage({
+                delegation: params.delegation, requester: params.requester, message: params.message,
+                thisAgentSA: config.agentSA, skill: rec.skill, enforcers: config.enforcers,
+                checks: config.checks, store: config.taskStore, now: now(),
+            });
+            if (!auth.ok)
+                return { ok: false, code: RPC_UNAUTHORIZED, message: auth.reason };
+            if (!eq(config.hashBody(params.input), params.message.bodyHash)) {
+                return { ok: false, code: RPC_INVALID_REQUEST, message: 'input does not match signed bodyHash' };
+            }
+            const bodyRef = await config.vault.write({
+                owner: config.agentSA, recordType: `a2a:msg:${params.message.messageId}`, data: params.input,
+            });
+            const t = applyTransition(rec, 'submitted', { now: now() });
+            if (!t.ok)
+                return { ok: false, code: RPC_INVALID_REQUEST, message: t.reason };
+            // Replace the grant + append the fresh message (processDue reads the LATEST inbound body).
+            const updated = {
+                ...t.record, delegation: params.delegation,
+                task: { ...t.record.task, inputHash: params.message.bodyHash },
+                inbound: [...t.record.inbound, { ...params.message, bodyRef }],
+            };
+            await config.taskStore.put(updated);
+            return { ok: true, result: { taskId: params.taskId, state: 'submitted' } };
+        },
+        async tasksGet({ taskId, caller }) {
+            const rec = await config.taskStore.get(taskId);
+            if (!rec)
+                return { ok: false, code: RPC_NOT_FOUND, message: 'unknown task' };
+            // Caller must be the sender or the assignee (FR-2 tasks/get auth).
+            if (!eq(caller, rec.sender) && !eq(caller, rec.task.assignee)) {
+                return { ok: false, code: RPC_UNAUTHORIZED, message: 'not a party to this task' };
+            }
+            return { ok: true, result: { ...rec.task, error: rec.error, artifactRefs: rec.artifacts.map((a) => a.bodyRef) } };
+        },
+        async tasksCancel({ taskId, caller }) {
+            const rec = await config.taskStore.get(taskId);
+            if (!rec)
+                return { ok: false, code: RPC_NOT_FOUND, message: 'unknown task' };
+            if (!eq(caller, rec.sender) && !eq(caller, rec.task.assignee)) {
+                return { ok: false, code: RPC_UNAUTHORIZED, message: 'not a party to this task' };
+            }
+            const t = applyTransition(rec, 'canceled', { now: now() });
+            if (!t.ok)
+                return { ok: false, code: RPC_INVALID_REQUEST, message: t.reason };
+            await config.taskStore.put(t.record);
+            return { ok: true, result: { taskId, state: 'canceled' } };
+        },
+        async pushConfigSet({ taskId, caller, url, token }) {
+            const rec = await config.taskStore.get(taskId);
+            if (!rec)
+                return { ok: false, code: RPC_NOT_FOUND, message: 'unknown task' };
+            if (!eq(caller, rec.sender) && !eq(caller, rec.task.assignee)) {
+                return { ok: false, code: RPC_UNAUTHORIZED, message: 'not a party to this task' };
+            }
+            const pushConfig = token ? { url, token } : { url };
+            await config.taskStore.put({ ...rec, pushConfig });
+            return { ok: true, result: { taskId, registered: true } };
+        },
+        async processDue() {
+            const events = [];
+            const due = await config.taskStore.listDue(now());
+            for (const taskId of due) {
+                const rec = await config.taskStore.get(taskId);
+                if (!rec || rec.task.state !== 'submitted')
+                    continue;
+                // Per-task context: read the input from the vault, persist emitted artifact bodies to the
+                // assignee's vault (A2A-INV-04), expose vault/mcp.
+                const captured = [];
+                const makeContext = (r) => ({
+                    input: undefined, // filled below (async read) before dispatch
+                    delegation: r.delegation,
+                    vault: config.vault,
+                    mcp: config.mcp,
+                    emitArtifact: async (a) => {
+                        const artifactId = newArtifactId();
+                        const bodyRef = await config.vault.write({ owner: config.agentSA, recordType: `a2a:artifact:${artifactId}`, data: a.body });
+                        captured.push({
+                            artifactId,
+                            caseId: a.caseId ?? (`0x${'00'.repeat(32)}`),
+                            producer: config.agentSA,
+                            artifactKind: a.artifactKind,
+                            bodyHash: config.hashBody(a.body),
+                            bodyContentType: a.bodyContentType ?? 'application/json',
+                            disclosurePolicy: a.disclosurePolicy ?? 'private',
+                            bodyRef,
+                            createdAt: now(),
+                        });
+                        return artifactId;
+                    },
+                });
+                const input = await config.vault.read(rec.inbound[rec.inbound.length - 1].bodyRef);
+                const ctxBase = makeContext(rec);
+                const { record: processed, events: evs } = await dispatchTask(rec, registry, () => ({ ...ctxBase, input }), now(), config.handoffPolicy ? { handoffPolicy: config.handoffPolicy } : undefined);
+                const merged = { ...processed, artifacts: [...processed.artifacts, ...captured] };
+                await config.taskStore.put(merged);
+                events.push(...evs);
+                // FR-5.2 — on a terminal state, deliver a signed push to the registered webhook (best-effort).
+                if (isTerminal(merged.task.state) && merged.pushConfig && config.pushSender && config.signTerminal) {
+                    await deliverPush(merged, config.signTerminal, config.pushSender, now());
+                }
+            }
+            return events;
+        },
+        agentCard() {
+            return {
+                name: config.agentSA,
+                url: `/api/a2a`,
+                version: '0.1.0',
+                capabilities: { streaming: true, pushNotifications: true, stateTransitionHistory: true },
+                skills: config.handlers.map((h) => ({ id: h.skill })),
+            };
+        },
+    };
+}
+//# sourceMappingURL=agent.js.map

package/dist/agent.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"agent.js","sourceRoot":"","sources":["../src/agent.ts"],"names":[],"mappings":"AAAA,wGAAwG;AACxG,yGAAyG;AACzG,2GAA2G;AAC3G,2GAA2G;AAC3G,4BAA4B;AAC5B,OAAO,EAAE,cAAc,EAAE,MAAM,+BAA+B,CAAC;AAK/D,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAExC,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAC5E,OAAO,EAAE,kBAAkB,EAAuD,MAAM,oBAAoB,CAAC;AAC7G,OAAO,EAAE,mBAAmB,EAAsB,MAAM,WAAW,CAAC;AAEpE,OAAO,EAAE,WAAW,EAAwC,MAAM,WAAW,CAAC;AAqE9E,MAAM,mBAAmB,GAAG,CAAC,KAAK,CAAC;AACnC,MAAM,gBAAgB,GAAG,CAAC,KAAK,CAAC;AAChC,MAAM,aAAa,GAAG,CAAC,KAAK,CAAC;AAC7B,MAAM,EAAE,GAAG,CAAC,CAAS,EAAE,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;AAEzE,MAAM,UAAU,cAAc,CAAC,MAAsB;IACnD,MAAM,QAAQ,GAAG,kBAAkB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACrD,MAAM,GAAG,GAAG,GAAG,EAAE,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;IAC3D,IAAI,UAAU,GAAG,CAAC,CAAC;IACnB,MAAM,aAAa,GAAG,GAAG,EAAE,CACzB,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,UAAU,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,EAAE,EAAE,GAAG,CAAC,EAAE,CAAQ,CAAC;IAEhH,OAAO;QACL,KAAK,CAAC,WAAW,CAAC,MAAM;YACtB,MAAM,IAAI,GAAG,MAAM,mBAAmB,CAAC;gBACrC,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,SAAS,EAAE,MAAM,CAAC,SAAS;gBAC3B,OAAO,EAAE,MAAM,CAAC,OAAO;gBACvB,WAAW,EAAE,MAAM,CAAC,OAAO;gBAC3B,KAAK,EAAE,MAAM,CAAC,OAAO,CAAC,KAAK;gBAC3B,SAAS,EAAE,MAAM,CAAC,SAAS;gBAC3B,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,KAAK,EAAE,MAAM,CAAC,SAAS;gBACvB,GAAG,EAAE,GAAG,EAAE;aACX,CAAC,CAAC;YACH,IAAI,CAAC,IAAI,CAAC,EAAE;gBAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC;YAEjF,mGAAmG;YACnG,gFAAgF;YAChF,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAChE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,mBAAmB,EAAE,OAAO,EAAE,sCAAsC,EAAE,CAAC;YACnG,CAAC;YACD,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC;gBACvC,KAAK,EAAE,MAAM,CAAC,OAAO;gBACrB,UAAU,EAAE,WAAW,MAAM,CAAC,OAAO,CAAC,SAAS,EAAE;gBACjD,IAAI,EAAE,MAAM,CAAC,KAAK;aACnB,CAAC,CAAC;YACH,MAAM,OAAO,GAAe,EAAE,GAAG,MAAM,CAAC,OAAO,EAAE,OAAO,EAAE,CAAC;YAE3D,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAQ,CAAC;YACzF,MAAM,MAAM,GAAG,aAAa,CAAC;gBAC3B,MAAM;gBACN,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,QAAQ,EAAE,MAAM,CAAC,OAAO;gBACxB,MAAM,EAAE,MAAM,CAAC,SAAS;gBACxB,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,OAAO,EAAE,OAAO;gBAChB,kBAAkB,EAAE,cAAc,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,iBAAiB,CAAC;gBAC/F,SAAS,EAAE,OAAO,CAAC,QAAQ;gBAC3B,GAAG,EAAE,GAAG,EAAE;aACX,CAAC,CAAC;YACH,MAAM,QAAQ,GAAe,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,GAAG,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC;YACvG,MAAM,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,iDAAiD;YACvF,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,WAAW,EAAE,EAAE,CAAC,CAAC,8BAA8B;QAC7F,CAAC;QAED,KAAK,CAAC,QAAQ,CAAC,MAAM;YACnB,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YACtD,IAAI,CAAC,GAAG;gBAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,cAAc,EAAE,CAAC;YAC7E,+FAA+F;YAC/F,IAAI,GAAG,CAAC,IAAI,CAAC,KAAK,KAAK,eAAe;gBAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,mBAAmB,EAAE,OAAO,EAAE,2BAA2B,EAAE,CAAC;YAC9H,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC;gBAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,uCAAuC,EAAE,CAAC;YACtI,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,KAAK,CAAC;gBAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,mBAAmB,EAAE,OAAO,EAAE,4BAA4B,EAAE,CAAC;YACjI,iGAAiG;YACjG,MAAM,IAAI,GAAG,MAAM,mBAAmB,CAAC;gBACrC,UAAU,EAAE,MAAM,CAAC,UAAU,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO;gBACnF,WAAW,EAAE,MAAM,CAAC,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS;gBAC1E,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,SAAS,EAAE,GAAG,EAAE,GAAG,EAAE;aAC3D,CAAC,CAAC;YACH,IAAI,CAAC,IAAI,CAAC,EAAE;gBAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC;YACjF,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAChE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,mBAAmB,EAAE,OAAO,EAAE,sCAAsC,EAAE,CAAC;YACnG,CAAC;YACD,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC;gBACvC,KAAK,EAAE,MAAM,CAAC,OAAO,EAAE,UAAU,EAAE,WAAW,MAAM,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,IAAI,EAAE,MAAM,CAAC,KAAK;aAC7F,CAAC,CAAC;YACH,MAAM,CAAC,GAAG,eAAe,CAAC,GAAG,EAAE,WAAW,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;YAC5D,IAAI,CAAC,CAAC,CAAC,EAAE;gBAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,mBAAmB,EAAE,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC;YAC9E,2FAA2F;YAC3F,MAAM,OAAO,GAAe;gBAC1B,GAAG,CAAC,CAAC,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC1C,IAAI,EAAE,EAAE,GAAG,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,SAAS,EAAE,MAAM,CAAC,OAAO,CAAC,QAAQ,EAAE;gBAC9D,OAAO,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,EAAE,EAAE,GAAG,MAAM,CAAC,OAAO,EAAE,OAAO,EAAE,CAAC;aAC/D,CAAC;YACF,MAAM,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACpC,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,EAAE,WAAW,EAAE,EAAE,CAAC;QAC7E,CAAC;QAED,KAAK,CAAC,QAAQ,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE;YAC/B,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAC/C,IAAI,CAAC,GAAG;gBAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,cAAc,EAAE,CAAC;YAC7E,mEAAmE;YACnE,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC9D,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,0BAA0B,EAAE,CAAC;YACpF,CAAC;YACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,GAAG,GAAG,CAAC,IAAI,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,YAAY,EAAE,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;QACpH,CAAC;QAED,KAAK,CAAC,WAAW,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE;YAClC,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAC/C,IAAI,CAAC,GAAG;gBAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,cAAc,EAAE,CAAC;YAC7E,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC9D,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,0BAA0B,EAAE,CAAC;YACpF,CAAC;YACD,MAAM,CAAC,GAAG,eAAe,CAAC,GAAG,EAAE,UAAU,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;YAC3D,IAAI,CAAC,CAAC,CAAC,EAAE;gBAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,mBAAmB,EAAE,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC;YAC9E,MAAM,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YACrC,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE,CAAC;QAC7D,CAAC;QAED,KAAK,CAAC,aAAa,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE;YAChD,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAC/C,IAAI,CAAC,GAAG;gBAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,cAAc,EAAE,CAAC;YAC7E,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC9D,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,0BAA0B,EAAE,CAAC;YACpF,CAAC;YACD,MAAM,UAAU,GAAe,KAAK,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC;YAChE,MAAM,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,GAAG,GAAG,EAAE,UAAU,EAAE,CAAC,CAAC;YACnD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,EAAE,CAAC;QAC5D,CAAC;QAED,KAAK,CAAC,UAAU;YACd,MAAM,MAAM,GAAgB,EAAE,CAAC;YAC/B,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;YAClD,KAAK,MAAM,MAAM,IAAI,GAAG,EAAE,CAAC;gBACzB,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;gBAC/C,IAAI,CAAC,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,KAAK,KAAK,WAAW;oBAAE,SAAS;gBAErD,0FAA0F;gBAC1F,mDAAmD;gBACnD,MAAM,QAAQ,GAAkB,EAAE,CAAC;gBACnC,MAAM,WAAW,GAAG,CAAC,CAAa,EAAE,EAAE,CAAC,CAAC;oBACtC,KAAK,EAAE,SAAoB,EAAE,4CAA4C;oBACzE,UAAU,EAAE,CAAC,CAAC,UAAU;oBACxB,KAAK,EAAE,MAAM,CAAC,KAAK;oBACnB,GAAG,EAAE,MAAM,CAAC,GAAG;oBACf,YAAY,EAAE,KAAK,EAAE,CAA6G,EAAgB,EAAE;wBAClJ,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;wBACnC,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,OAAO,EAAE,UAAU,EAAE,gBAAgB,UAAU,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;wBAC5H,QAAQ,CAAC,IAAI,CAAC;4BACZ,UAAU;4BACV,MAAM,EAAE,CAAC,CAAC,MAAM,IAAI,CAAC,KAAK,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAQ;4BACnD,QAAQ,EAAE,MAAM,CAAC,OAAO;4BACxB,YAAY,EAAE,CAAC,CAAC,YAAY;4BAC5B,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC;4BACjC,eAAe,EAAE,CAAC,CAAC,eAAe,IAAI,kBAAkB;4BACxD,gBAAgB,EAAE,CAAC,CAAC,gBAAgB,IAAI,SAAS;4BACjD,OAAO;4BACP,SAAS,EAAE,GAAG,EAAE;yBACjB,CAAC,CAAC;wBACH,OAAO,UAAU,CAAC;oBACpB,CAAC;iBACF,CAAC,CAAC;gBACH,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAE,CAAC,OAAO,CAAC,CAAC;gBACpF,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;gBACjC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,MAAM,YAAY,CAC3D,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,GAAG,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE,GAAG,EAAE,EACnD,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,MAAM,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,SAAS,CAC3E,CAAC;gBACF,MAAM,MAAM,GAAe,EAAE,GAAG,SAAS,EAAE,SAAS,EAAE,CAAC,GAAG,SAAS,CAAC,SAAS,EAAE,GAAG,QAAQ,CAAC,EAAE,CAAC;gBAC9F,MAAM,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;gBACnC,MAAM,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC;gBAEpB,+FAA+F;gBAC/F,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;oBACnG,MAAM,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,UAAU,EAAE,GAAG,EAAE,CAAC,CAAC;gBAC3E,CAAC;YACH,CAAC;YACD,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,SAAS;YACP,OAAO;gBACL,IAAI,EAAE,MAAM,CAAC,OAAO;gBACpB,GAAG,EAAE,UAAU;gBACf,OAAO,EAAE,OAAO;gBAChB,YAAY,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,iBAAiB,EAAE,IAAI,EAAE,sBAAsB,EAAE,IAAI,EAAE;gBACxF,MAAM,EAAE,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;aACtD,CAAC;QACJ,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/auth.d.ts

@@ -0,0 +1,55 @@
+import { type Address, type Hex } from 'viem';
+import type { Delegation } from '@agenticprimitives/delegation';
+import type { A2aMessage } from './types.js';
+import { type A2aEnforcers } from './grant.js';
+/** Decode the deployed enforcers' term formats (must mirror delegation's encoders byte-for-byte). */
+export declare function decodeTimestampTerms(terms: Hex): {
+    validAfter: bigint;
+    validUntil: bigint;
+};
+export declare function decodeAllowedTargetsTerms(terms: Hex): readonly Address[];
+export declare function decodeAllowedMethodsTerms(terms: Hex): readonly Hex[];
+/** Canonical hash the SENDER signs for an inbound message (A2A-INV-01). Binds id + sender + skill + body. */
+export declare function hashA2aMessage(m: Pick<A2aMessage, 'messageId' | 'sender' | 'skill' | 'bodyHash' | 'createdAt'>): Hex;
+/** On-chain + crypto verdicts injected by the consumer (viem-backed). All fail-closed. */
+export interface OnChainChecks {
+    /** DelegationManager.isRevoked(hashDelegation(d)) — MUST throw or return true to deny. */
+    isRevoked(delegation: Delegation): Promise<boolean>;
+    /** ERC-1271: the delegator SA signed this delegation. */
+    verifyDelegationSignature(delegation: Delegation): Promise<boolean>;
+    /** ERC-1271: the sender SA signed `hashA2aMessage(message)`. */
+    verifyMessageSignature(message: A2aMessage, digest: Hex): Promise<boolean>;
+}
+/** Single-use reservation seam (the TaskStore provides this; FR-4.3). */
+export interface MessageIdReserver {
+    reserveMessageId(messageId: Hex, ttlSec: number): Promise<boolean>;
+}
+export type AuthorizeResult = {
+    ok: true;
+    principal: Address;
+} | {
+    ok: false;
+    reason: string;
+};
+/**
+ * Authorize an inbound A2A message. Returns the principal (delegation.delegator) the sender acts for, or
+ * a rejection reason. Fail-closed throughout; no task is created on `ok: false`. The message-id is
+ * reserved LAST so a rejected message never burns a nonce, while a replay of a valid message hits the
+ * already-reserved id.
+ */
+export declare function authorizeA2aMessage(args: {
+    delegation: Delegation;
+    requester: Address;
+    message: A2aMessage;
+    /** This receiving agent's SA — the grant's allowedTargets MUST name it. */
+    thisAgentSA: Address;
+    /** The requested skill — the grant's allowedMethods MUST name its selector (or `*`). */
+    skill: string;
+    enforcers: A2aEnforcers;
+    checks: OnChainChecks;
+    store: MessageIdReserver;
+    now: number;
+    /** Message-id reservation TTL (seconds). Default 600. */
+    replayTtlSec?: number;
+}): Promise<AuthorizeResult>;
+//# sourceMappingURL=auth.d.ts.map

package/dist/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAQA,OAAO,EAAgE,KAAK,OAAO,EAAE,KAAK,GAAG,EAAE,MAAM,MAAM,CAAC;AAC5G,OAAO,KAAK,EAAE,UAAU,EAAU,MAAM,+BAA+B,CAAC;AACxE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAC7C,OAAO,EAAgC,KAAK,YAAY,EAAE,MAAM,YAAY,CAAC;AAE7E,qGAAqG;AACrG,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,GAAG,GAAG;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAE,CAG3F;AACD,wBAAgB,yBAAyB,CAAC,KAAK,EAAE,GAAG,GAAG,SAAS,OAAO,EAAE,CAGxE;AACD,wBAAgB,yBAAyB,CAAC,KAAK,EAAE,GAAG,GAAG,SAAS,GAAG,EAAE,CAGpE;AAED,6GAA6G;AAC7G,wBAAgB,cAAc,CAAC,CAAC,EAAE,IAAI,CAAC,UAAU,EAAE,WAAW,GAAG,QAAQ,GAAG,OAAO,GAAG,UAAU,GAAG,WAAW,CAAC,GAAG,GAAG,CAOpH;AAED,0FAA0F;AAC1F,MAAM,WAAW,aAAa;IAC5B,0FAA0F;IAC1F,SAAS,CAAC,UAAU,EAAE,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IACpD,yDAAyD;IACzD,yBAAyB,CAAC,UAAU,EAAE,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IACpE,gEAAgE;IAChE,sBAAsB,CAAC,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CAC5E;AAED,yEAAyE;AACzE,MAAM,WAAW,iBAAiB;IAChC,gBAAgB,CAAC,SAAS,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CACpE;AAED,MAAM,MAAM,eAAe,GACvB;IAAE,EAAE,EAAE,IAAI,CAAC;IAAC,SAAS,EAAE,OAAO,CAAA;CAAE,GAChC;IAAE,EAAE,EAAE,KAAK,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC;AAMlC;;;;;GAKG;AACH,wBAAsB,mBAAmB,CAAC,IAAI,EAAE;IAC9C,UAAU,EAAE,UAAU,CAAC;IACvB,SAAS,EAAE,OAAO,CAAC;IACnB,OAAO,EAAE,UAAU,CAAC;IACpB,2EAA2E;IAC3E,WAAW,EAAE,OAAO,CAAC;IACrB,wFAAwF;IACxF,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,YAAY,CAAC;IACxB,MAAM,EAAE,aAAa,CAAC;IACtB,KAAK,EAAE,iBAAiB,CAAC;IACzB,GAAG,EAAE,MAAM,CAAC;IACZ,yDAAyD;IACzD,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,GAAG,OAAO,CAAC,eAAe,CAAC,CA6D3B"}