@agentix-security/express 0.1.0

package/dist/index.cjs

@@ -0,0 +1,414 @@
+'use strict';
+
+var crypto = require('crypto');
+
+// src/index.ts
+
+// ../core/src/policy.ts
+function isValidIntent(intent, validIntents) {
+  if (!intent || typeof intent !== "string") return false;
+  if (validIntents) return validIntents.includes(intent);
+  return /^[a-z][a-z0-9_]{1,63}$/.test(intent);
+}
+function licenseActive(lease, now = Date.now()) {
+  if (!lease) return false;
+  return Date.parse(lease.expires_at) > now;
+}
+function decision(partial) {
+  return {
+    timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+    ...partial
+  };
+}
+function deriveTokenSecret(licenseKey) {
+  return crypto.createHmac("sha256", licenseKey).update("agentix-v1-token-secret").digest("hex");
+}
+function b64url(value) {
+  return Buffer.from(value).toString("base64url");
+}
+function sign(secret, data) {
+  return crypto.createHmac("sha256", secret).update(data).digest("base64url");
+}
+function issueToken(secret, payload) {
+  const header = b64url(JSON.stringify({ alg: "HS256", typ: "AGX" }));
+  const body = b64url(JSON.stringify({ jti: `tok_${crypto.randomUUID()}`, ...payload }));
+  const sig = sign(secret, `${header}.${body}`);
+  return `${header}.${body}.${sig}`;
+}
+function tokenId(raw) {
+  const parts = raw.split(".");
+  if (parts.length !== 3) return null;
+  try {
+    const payload = JSON.parse(Buffer.from(parts[1], "base64url").toString("utf8"));
+    return payload.jti;
+  } catch {
+    return null;
+  }
+}
+
+// ../sdk/src/rate-limit.ts
+var RateLimiter = class {
+  constructor(limit, windowMs) {
+    this.limit = limit;
+    this.windowMs = windowMs;
+  }
+  limit;
+  windowMs;
+  buckets = /* @__PURE__ */ new Map();
+  consume(key) {
+    const now = Date.now();
+    const bucket = this.buckets.get(key);
+    if (!bucket || now - bucket.windowStart > this.windowMs) {
+      this.buckets.set(key, { windowStart: now, count: 1 });
+      return true;
+    }
+    bucket.count += 1;
+    this.buckets.set(key, bucket);
+    return bucket.count <= this.limit;
+  }
+};
+
+// ../sdk/src/engine.ts
+function fingerprint(ip, userAgent, acceptLanguage) {
+  return crypto.createHash("sha256").update([ip, userAgent, acceptLanguage].join("|")).digest("hex");
+}
+async function shipAudit(controlPlaneUrl, adminKey, row) {
+  if (!adminKey) return;
+  try {
+    await fetch(`${controlPlaneUrl.replace(/\/$/, "")}/v1/audit/decisions`, {
+      method: "POST",
+      headers: { authorization: `Bearer ${adminKey}`, "content-type": "application/json" },
+      body: JSON.stringify(row)
+    });
+  } catch {
+  }
+}
+var Engine = class {
+  constructor(opts) {
+    this.opts = opts;
+    this.declareLimiter = new RateLimiter(opts.declareLimit, opts.declareWindowMs);
+  }
+  opts;
+  declareLimiter;
+  async handle(req) {
+    const { method, path } = req;
+    if (method === "GET" && path === "/.well-known/ai-agent.json") {
+      return this.handleDiscovery(req);
+    }
+    if (method === "POST" && path === "/agent/v1/declare_intent") {
+      return this.handleDeclareIntent(req);
+    }
+    return { type: "passthrough" };
+  }
+  handleDiscovery(req) {
+    const lease = this.opts.getLease();
+    const allIntents = this.opts.getRegisteredIntents ? [...this.opts.getRegisteredIntents().keys()] : [];
+    const body = {
+      service: "agentix-intent-sdk",
+      version: "0.2.0",
+      tenant_id: this.opts.tenantId,
+      deployment_id: this.opts.deploymentId,
+      discovery: {
+        well_known: `${req.baseUrl}/.well-known/ai-agent.json`,
+        token_endpoint: `${req.baseUrl}/agent/v1/declare_intent`
+      },
+      license: {
+        active: licenseActive(lease),
+        expires_at: lease?.expires_at ?? null,
+        policy_pack_version: lease?.policy_pack_version ?? null
+      },
+      intents: allIntents
+    };
+    void this.audit(req, "/.well-known/ai-agent.json", 200, {
+      trustMode: "unknown",
+      intentScope: "none",
+      tokenId: null,
+      decisionValue: "allow",
+      decisionReason: "agent_discovery_served",
+      policyId: "agent-discovery"
+    });
+    return {
+      type: "response",
+      status: 200,
+      headers: { "cache-control": "no-store", "content-type": "application/json" },
+      body
+    };
+  }
+  async handleDeclareIntent(req) {
+    const lease = this.opts.getLease();
+    const leaseOk = licenseActive(lease) || this.opts.devMode === true;
+    if (!leaseOk) {
+      void this.audit(req, "/agent/v1/declare_intent", 403, {
+        trustMode: "unmanaged_automation",
+        intentScope: "none",
+        tokenId: null,
+        decisionValue: "deny",
+        decisionReason: "license_expired_agent_endpoint_disabled",
+        policyId: "license-lease"
+      });
+      return { type: "response", status: 403, body: { error: "license_not_active" } };
+    }
+    const fp = this.fingerprint(req);
+    if (!this.declareLimiter.consume(fp)) {
+      void this.audit(req, "/agent/v1/declare_intent", 429, {
+        trustMode: "unmanaged_automation",
+        intentScope: "none",
+        tokenId: null,
+        decisionValue: "throttle",
+        decisionReason: "declare_intent_rate_limited",
+        policyId: "declare-intent-rate-limit"
+      });
+      return { type: "response", status: 429, body: { error: "declare_intent_rate_limited" } };
+    }
+    const registeredIntents = this.opts.getRegisteredIntents ? [...this.opts.getRegisteredIntents().keys()] : [];
+    const body = req.body ?? {};
+    if (!body.intent || !isValidIntent(body.intent, registeredIntents)) {
+      void this.audit(req, "/agent/v1/declare_intent", 400, {
+        trustMode: "unmanaged_automation",
+        intentScope: "none",
+        tokenId: null,
+        decisionValue: "deny",
+        decisionReason: "invalid_intent",
+        policyId: "intent-validation",
+        metadata: { supplied_intent: body.intent ?? null }
+      });
+      return { type: "response", status: 400, body: { error: "invalid_intent" } };
+    }
+    const intent = body.intent;
+    const ttl = intent === "checkout_intent" ? this.opts.checkoutTokenTtlMs : this.opts.tokenTtlMs;
+    const iat = Math.floor(Date.now() / 1e3);
+    const exp = iat + Math.floor(ttl / 1e3);
+    const binding = this.fingerprint(req);
+    const raw = issueToken(this.opts.tokenSecret, { intent, domain: this.opts.domain, binding, iat, exp });
+    const jti = tokenId(raw);
+    void this.audit(req, "/agent/v1/declare_intent", 200, {
+      trustMode: "managed_agent",
+      intentScope: intent,
+      tokenId: jti,
+      decisionValue: "allow",
+      decisionReason: "intent_token_issued",
+      policyId: "intent-token-issuer",
+      metadata: { subject: body.subject ?? null, constraints: body.constraints ?? null }
+    });
+    return {
+      type: "response",
+      status: 200,
+      body: { access_token: raw, token_type: "Bearer", token_id: jti, intent, expires_in: exp - iat }
+    };
+  }
+  fingerprint(req) {
+    return fingerprint(
+      req.ip,
+      req.headers["user-agent"] ?? req.headers["User-Agent"] ?? "unknown",
+      req.headers["accept-language"] ?? req.headers["Accept-Language"] ?? ""
+    );
+  }
+  async audit(req, route, statusCode, input) {
+    const row = decision({
+      tenant_id: this.opts.tenantId,
+      deployment_id: this.opts.deploymentId,
+      domain: this.opts.domain,
+      route,
+      method: req.method,
+      client_fingerprint_hash: this.fingerprint(req),
+      trust_mode: input.trustMode,
+      intent_scope: input.intentScope,
+      token_id: input.tokenId,
+      decision: input.decisionValue,
+      decision_reason: input.decisionReason,
+      policy_id: input.policyId,
+      status_code: statusCode,
+      metadata: input.metadata ?? {}
+    });
+    void shipAudit(this.opts.controlPlaneUrl, this.opts.controlPlaneAdminKey, row);
+  }
+};
+
+// ../sdk/src/index.ts
+var DEFAULT_CONTROL_PLANE = "https://agentix-control-plane.onrender.com";
+var AgentixSDK = class {
+  constructor(config) {
+    this.config = config;
+  }
+  config;
+  lease = null;
+  engine = null;
+  initPromise = null;
+  intentRegistry = /* @__PURE__ */ new Map();
+  // Resolved at init from the server:
+  _tenantId = "";
+  _domain = "";
+  _tokenSecret = "";
+  _deploymentId = "";
+  _proxyUrl = "";
+  async ensureInitialized() {
+    if (!this.initPromise) this.initPromise = this._init();
+    return this.initPromise;
+  }
+  async initialize() {
+    return this.ensureInitialized();
+  }
+  async _init() {
+    const cp = (this.config.controlPlaneUrl ?? DEFAULT_CONTROL_PLANE).replace(/\/$/, "");
+    try {
+      const res = await fetch(`${cp}/v1/deployments/register`, {
+        method: "POST",
+        headers: { "content-type": "application/json" },
+        body: JSON.stringify({
+          license_key: this.config.licenseKey,
+          deployment_id: this.config.deploymentId
+        })
+      });
+      if (res.ok) {
+        const body = await res.json();
+        this._deploymentId = body.deployment_id;
+        this._tenantId = body.tenant_id;
+        this._domain = body.domain;
+        this._tokenSecret = body.token_secret;
+        this._proxyUrl = body.proxy_url;
+      } else {
+        console.warn(`[agentix] Registration failed (${res.status}) \u2014 operating in degraded mode`);
+        this._tokenSecret = deriveTokenSecret(this.config.licenseKey);
+        this._domain = "localhost";
+        this._deploymentId = this.config.deploymentId ?? "unknown";
+        this._proxyUrl = cp;
+      }
+    } catch (err) {
+      console.warn("[agentix] Registration error (control plane unreachable) \u2014 operating in degraded mode:", err.message);
+      this._tokenSecret = deriveTokenSecret(this.config.licenseKey);
+      this._domain = "localhost";
+      this._deploymentId = this.config.deploymentId ?? "unknown";
+      this._proxyUrl = cp;
+    }
+    this.engine = new Engine({
+      tenantId: this._tenantId,
+      deploymentId: this._deploymentId,
+      domain: this._domain,
+      tokenSecret: this._tokenSecret,
+      tokenTtlMs: this.config.tokenTtlMs ?? 15 * 60 * 1e3,
+      checkoutTokenTtlMs: this.config.checkoutTokenTtlMs ?? 5 * 60 * 1e3,
+      declareLimit: this.config.declareLimit ?? 8,
+      declareWindowMs: this.config.declareWindowMs ?? 6e4,
+      controlPlaneUrl: cp,
+      controlPlaneAdminKey: this.config.controlPlaneAdminKey,
+      getLease: () => this.lease,
+      getRegisteredIntents: () => this.intentRegistry,
+      devMode: this.config.devMode
+    });
+  }
+  getEngine() {
+    if (!this.engine) throw new Error("[agentix] SDK not initialized \u2014 await sdk.initialize() first");
+    return this.engine;
+  }
+  registerIntent(intent, mode = "enforce") {
+    this.intentRegistry.set(intent, mode);
+  }
+  getIntentRegistry() {
+    return this.intentRegistry;
+  }
+  getResolvedDomain() {
+    return this._domain;
+  }
+  getResolvedTenantId() {
+    return this._tenantId;
+  }
+  getResolvedTokenSecret() {
+    return this._tokenSecret;
+  }
+  getDeploymentId() {
+    return this._deploymentId;
+  }
+  getProxyUrl() {
+    return this._proxyUrl;
+  }
+  getLease() {
+    return this.lease;
+  }
+};
+
+// src/index.ts
+function normalize(req) {
+  const proto = req.get("x-forwarded-proto") ?? req.protocol ?? "http";
+  const host = req.get("host") ?? req.hostname ?? "localhost";
+  const ip = req.get("x-forwarded-for")?.split(",")[0]?.trim() ?? req.ip ?? req.socket?.remoteAddress ?? "unknown";
+  const headers = {};
+  for (const [key, value] of Object.entries(req.headers)) {
+    if (typeof value === "string") headers[key] = value;
+    else if (Array.isArray(value)) headers[key] = value[0] ?? "";
+  }
+  return { method: req.method, path: req.path, headers, ip, body: req.body, baseUrl: `${proto}://${host}` };
+}
+function bearerToken(req) {
+  const auth = req.get("authorization");
+  if (!auth?.startsWith("Bearer ")) return null;
+  return auth.slice("Bearer ".length).trim();
+}
+function clientFingerprint(req) {
+  const ip = req.get("x-forwarded-for")?.split(",")[0]?.trim() ?? req.ip ?? req.socket?.remoteAddress ?? "unknown";
+  const ua = req.get("user-agent") ?? "unknown";
+  const lang = req.get("accept-language") ?? "";
+  return crypto.createHash("sha256").update([ip, ua, lang].join("|")).digest("hex");
+}
+async function callProxy(proxyUrl, deploymentId, token, fingerprint2, intent, mode) {
+  const controller = new AbortController();
+  const id = setTimeout(() => controller.abort(), 1500);
+  try {
+    const res = await fetch(`${proxyUrl}/v1/enforce`, {
+      method: "POST",
+      headers: { "content-type": "application/json" },
+      body: JSON.stringify({ deployment_id: deploymentId, token, fingerprint: fingerprint2, intent, mode }),
+      signal: controller.signal
+    });
+    clearTimeout(id);
+    if (res.ok) return await res.json();
+    return { decision: "allow", reason: "proxy_error" };
+  } catch {
+    clearTimeout(id);
+    return { decision: "allow", reason: "proxy_unreachable" };
+  }
+}
+function agentixMiddleware(sdk) {
+  return async (req, res, next) => {
+    await sdk.ensureInitialized();
+    const result = await sdk.getEngine().handle(normalize(req));
+    if (result.type === "passthrough") {
+      next();
+      return;
+    }
+    if (result.headers) for (const [k, v] of Object.entries(result.headers)) res.setHeader(k, v);
+    res.status(result.status).json(result.body);
+  };
+}
+function secure(sdk, intent, handler, opts = {}) {
+  const mode = opts.mode ?? "enforce";
+  sdk.registerIntent(intent, mode);
+  return async (req, res, next) => {
+    await sdk.ensureInitialized();
+    const token = bearerToken(req);
+    const fp = clientFingerprint(req);
+    const baseUrl = `${req.get("x-forwarded-proto") ?? req.protocol ?? "http"}://${req.get("host") ?? req.hostname ?? "localhost"}`;
+    if (!token) {
+      res.setHeader("www-authenticate", 'Bearer realm="agentix", error="missing_token"');
+      res.status(401).json({ error: "missing_token", agent_discovery: `${baseUrl}/.well-known/ai-agent.json` });
+      return;
+    }
+    const verdict = await callProxy(sdk.getProxyUrl(), sdk.getDeploymentId(), token, fp, intent, mode);
+    if (verdict.decision === "allow") {
+      handler(req, res, next);
+      return;
+    }
+    const reason = verdict.reason ?? "denied";
+    if (reason === "missing_token" || reason === "invalid_token") {
+      res.setHeader("www-authenticate", `Bearer realm="agentix", error="${reason}"`);
+      res.status(401).json({ error: reason, agent_discovery: `${baseUrl}/.well-known/ai-agent.json` });
+    } else if (reason === "out_of_scope") {
+      res.status(403).json({ error: "out_of_scope", required_intent: verdict.required_intent ?? intent });
+    } else {
+      res.status(401).json({ error: reason });
+    }
+  };
+}
+
+exports.AgentixSDK = AgentixSDK;
+exports.agentixMiddleware = agentixMiddleware;
+exports.secure = secure;

package/dist/index.d.cts

@@ -0,0 +1,112 @@
+import { RequestHandler } from 'express';
+
+interface LicenseLease {
+    tenant_id: string;
+    deployment_id: string;
+    customer_id: string;
+    domains: string[];
+    features: string[];
+    policy_pack_version: string;
+    expires_at: string;
+    issued_at: string;
+    watermark: string;
+    signature: string;
+}
+
+interface AgentixRequest {
+    method: string;
+    path: string;
+    headers: Record<string, string>;
+    ip: string;
+    body: unknown;
+    baseUrl: string;
+}
+type AgentixResult = {
+    type: 'passthrough';
+} | {
+    type: 'response';
+    status: number;
+    headers?: Record<string, string>;
+    body: unknown;
+};
+interface EngineOptions {
+    tenantId: string;
+    deploymentId: string;
+    domain: string;
+    tokenSecret: string;
+    tokenTtlMs: number;
+    checkoutTokenTtlMs: number;
+    declareLimit: number;
+    declareWindowMs: number;
+    controlPlaneUrl: string;
+    controlPlaneAdminKey?: string;
+    getLease: () => LicenseLease | null;
+    getRegisteredIntents?: () => ReadonlyMap<string, 'enforce' | 'shadow'>;
+    devMode?: boolean;
+}
+declare class Engine {
+    private readonly opts;
+    private readonly declareLimiter;
+    constructor(opts: EngineOptions);
+    handle(req: AgentixRequest): Promise<AgentixResult>;
+    private handleDiscovery;
+    private handleDeclareIntent;
+    private fingerprint;
+    private audit;
+}
+
+interface AgentixSDKConfig {
+    licenseKey: string;
+    /** Defaults to https://agentix-control-plane.onrender.com */
+    controlPlaneUrl?: string;
+    deploymentId?: string;
+    /** For local dev only — bypasses license enforcement. */
+    devMode?: boolean;
+    tokenTtlMs?: number;
+    checkoutTokenTtlMs?: number;
+    declareLimit?: number;
+    declareWindowMs?: number;
+    controlPlaneAdminKey?: string;
+}
+
+declare class AgentixSDK {
+    readonly config: AgentixSDKConfig;
+    private lease;
+    private engine;
+    private initPromise;
+    private readonly intentRegistry;
+    private _tenantId;
+    private _domain;
+    private _tokenSecret;
+    private _deploymentId;
+    private _proxyUrl;
+    constructor(config: AgentixSDKConfig);
+    ensureInitialized(): Promise<void>;
+    initialize(): Promise<void>;
+    private _init;
+    getEngine(): Engine;
+    registerIntent(intent: string, mode?: 'enforce' | 'shadow'): void;
+    getIntentRegistry(): ReadonlyMap<string, 'enforce' | 'shadow'>;
+    getResolvedDomain(): string;
+    getResolvedTenantId(): string;
+    getResolvedTokenSecret(): string;
+    getDeploymentId(): string;
+    getProxyUrl(): string;
+    getLease(): LicenseLease | null;
+}
+
+/** Global middleware — handles discovery, token issuance, and route-config enforcement. */
+declare function agentixMiddleware(sdk: AgentixSDK): RequestHandler;
+/**
+ * Per-route annotation — wrap a specific handler with intent enforcement via the Agentix proxy.
+ * Fail-open: if the proxy is unreachable the request passes through (reverts to pre-SDK state).
+ *
+ * @example
+ * app.get('/api/jobs', secure(sdk, 'browse_jobs', handler))
+ * app.post('/api/apply', secure(sdk, 'submit_application', handler, { mode: 'enforce' }))
+ */
+declare function secure(sdk: AgentixSDK, intent: string, handler: RequestHandler, opts?: {
+    mode?: 'enforce' | 'shadow';
+}): RequestHandler;
+
+export { AgentixSDK, type AgentixSDKConfig, agentixMiddleware, secure };

package/dist/index.d.ts

@@ -0,0 +1,112 @@
+import { RequestHandler } from 'express';
+
+interface LicenseLease {
+    tenant_id: string;
+    deployment_id: string;
+    customer_id: string;
+    domains: string[];
+    features: string[];
+    policy_pack_version: string;
+    expires_at: string;
+    issued_at: string;
+    watermark: string;
+    signature: string;
+}
+
+interface AgentixRequest {
+    method: string;
+    path: string;
+    headers: Record<string, string>;
+    ip: string;
+    body: unknown;
+    baseUrl: string;
+}
+type AgentixResult = {
+    type: 'passthrough';
+} | {
+    type: 'response';
+    status: number;
+    headers?: Record<string, string>;
+    body: unknown;
+};
+interface EngineOptions {
+    tenantId: string;
+    deploymentId: string;
+    domain: string;
+    tokenSecret: string;
+    tokenTtlMs: number;
+    checkoutTokenTtlMs: number;
+    declareLimit: number;
+    declareWindowMs: number;
+    controlPlaneUrl: string;
+    controlPlaneAdminKey?: string;
+    getLease: () => LicenseLease | null;
+    getRegisteredIntents?: () => ReadonlyMap<string, 'enforce' | 'shadow'>;
+    devMode?: boolean;
+}
+declare class Engine {
+    private readonly opts;
+    private readonly declareLimiter;
+    constructor(opts: EngineOptions);
+    handle(req: AgentixRequest): Promise<AgentixResult>;
+    private handleDiscovery;
+    private handleDeclareIntent;
+    private fingerprint;
+    private audit;
+}
+
+interface AgentixSDKConfig {
+    licenseKey: string;
+    /** Defaults to https://agentix-control-plane.onrender.com */
+    controlPlaneUrl?: string;
+    deploymentId?: string;
+    /** For local dev only — bypasses license enforcement. */
+    devMode?: boolean;
+    tokenTtlMs?: number;
+    checkoutTokenTtlMs?: number;
+    declareLimit?: number;
+    declareWindowMs?: number;
+    controlPlaneAdminKey?: string;
+}
+
+declare class AgentixSDK {
+    readonly config: AgentixSDKConfig;
+    private lease;
+    private engine;
+    private initPromise;
+    private readonly intentRegistry;
+    private _tenantId;
+    private _domain;
+    private _tokenSecret;
+    private _deploymentId;
+    private _proxyUrl;
+    constructor(config: AgentixSDKConfig);
+    ensureInitialized(): Promise<void>;
+    initialize(): Promise<void>;
+    private _init;
+    getEngine(): Engine;
+    registerIntent(intent: string, mode?: 'enforce' | 'shadow'): void;
+    getIntentRegistry(): ReadonlyMap<string, 'enforce' | 'shadow'>;
+    getResolvedDomain(): string;
+    getResolvedTenantId(): string;
+    getResolvedTokenSecret(): string;
+    getDeploymentId(): string;
+    getProxyUrl(): string;
+    getLease(): LicenseLease | null;
+}
+
+/** Global middleware — handles discovery, token issuance, and route-config enforcement. */
+declare function agentixMiddleware(sdk: AgentixSDK): RequestHandler;
+/**
+ * Per-route annotation — wrap a specific handler with intent enforcement via the Agentix proxy.
+ * Fail-open: if the proxy is unreachable the request passes through (reverts to pre-SDK state).
+ *
+ * @example
+ * app.get('/api/jobs', secure(sdk, 'browse_jobs', handler))
+ * app.post('/api/apply', secure(sdk, 'submit_application', handler, { mode: 'enforce' }))
+ */
+declare function secure(sdk: AgentixSDK, intent: string, handler: RequestHandler, opts?: {
+    mode?: 'enforce' | 'shadow';
+}): RequestHandler;
+
+export { AgentixSDK, type AgentixSDKConfig, agentixMiddleware, secure };

package/dist/index.js

@@ -0,0 +1,410 @@
+import { createHmac, createHash, randomUUID } from 'crypto';
+
+// src/index.ts
+
+// ../core/src/policy.ts
+function isValidIntent(intent, validIntents) {
+  if (!intent || typeof intent !== "string") return false;
+  if (validIntents) return validIntents.includes(intent);
+  return /^[a-z][a-z0-9_]{1,63}$/.test(intent);
+}
+function licenseActive(lease, now = Date.now()) {
+  if (!lease) return false;
+  return Date.parse(lease.expires_at) > now;
+}
+function decision(partial) {
+  return {
+    timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+    ...partial
+  };
+}
+function deriveTokenSecret(licenseKey) {
+  return createHmac("sha256", licenseKey).update("agentix-v1-token-secret").digest("hex");
+}
+function b64url(value) {
+  return Buffer.from(value).toString("base64url");
+}
+function sign(secret, data) {
+  return createHmac("sha256", secret).update(data).digest("base64url");
+}
+function issueToken(secret, payload) {
+  const header = b64url(JSON.stringify({ alg: "HS256", typ: "AGX" }));
+  const body = b64url(JSON.stringify({ jti: `tok_${randomUUID()}`, ...payload }));
+  const sig = sign(secret, `${header}.${body}`);
+  return `${header}.${body}.${sig}`;
+}
+function tokenId(raw) {
+  const parts = raw.split(".");
+  if (parts.length !== 3) return null;
+  try {
+    const payload = JSON.parse(Buffer.from(parts[1], "base64url").toString("utf8"));
+    return payload.jti;
+  } catch {
+    return null;
+  }
+}
+
+// ../sdk/src/rate-limit.ts
+var RateLimiter = class {
+  constructor(limit, windowMs) {
+    this.limit = limit;
+    this.windowMs = windowMs;
+  }
+  limit;
+  windowMs;
+  buckets = /* @__PURE__ */ new Map();
+  consume(key) {
+    const now = Date.now();
+    const bucket = this.buckets.get(key);
+    if (!bucket || now - bucket.windowStart > this.windowMs) {
+      this.buckets.set(key, { windowStart: now, count: 1 });
+      return true;
+    }
+    bucket.count += 1;
+    this.buckets.set(key, bucket);
+    return bucket.count <= this.limit;
+  }
+};
+
+// ../sdk/src/engine.ts
+function fingerprint(ip, userAgent, acceptLanguage) {
+  return createHash("sha256").update([ip, userAgent, acceptLanguage].join("|")).digest("hex");
+}
+async function shipAudit(controlPlaneUrl, adminKey, row) {
+  if (!adminKey) return;
+  try {
+    await fetch(`${controlPlaneUrl.replace(/\/$/, "")}/v1/audit/decisions`, {
+      method: "POST",
+      headers: { authorization: `Bearer ${adminKey}`, "content-type": "application/json" },
+      body: JSON.stringify(row)
+    });
+  } catch {
+  }
+}
+var Engine = class {
+  constructor(opts) {
+    this.opts = opts;
+    this.declareLimiter = new RateLimiter(opts.declareLimit, opts.declareWindowMs);
+  }
+  opts;
+  declareLimiter;
+  async handle(req) {
+    const { method, path } = req;
+    if (method === "GET" && path === "/.well-known/ai-agent.json") {
+      return this.handleDiscovery(req);
+    }
+    if (method === "POST" && path === "/agent/v1/declare_intent") {
+      return this.handleDeclareIntent(req);
+    }
+    return { type: "passthrough" };
+  }
+  handleDiscovery(req) {
+    const lease = this.opts.getLease();
+    const allIntents = this.opts.getRegisteredIntents ? [...this.opts.getRegisteredIntents().keys()] : [];
+    const body = {
+      service: "agentix-intent-sdk",
+      version: "0.2.0",
+      tenant_id: this.opts.tenantId,
+      deployment_id: this.opts.deploymentId,
+      discovery: {
+        well_known: `${req.baseUrl}/.well-known/ai-agent.json`,
+        token_endpoint: `${req.baseUrl}/agent/v1/declare_intent`
+      },
+      license: {
+        active: licenseActive(lease),
+        expires_at: lease?.expires_at ?? null,
+        policy_pack_version: lease?.policy_pack_version ?? null
+      },
+      intents: allIntents
+    };
+    void this.audit(req, "/.well-known/ai-agent.json", 200, {
+      trustMode: "unknown",
+      intentScope: "none",
+      tokenId: null,
+      decisionValue: "allow",
+      decisionReason: "agent_discovery_served",
+      policyId: "agent-discovery"
+    });
+    return {
+      type: "response",
+      status: 200,
+      headers: { "cache-control": "no-store", "content-type": "application/json" },
+      body
+    };
+  }
+  async handleDeclareIntent(req) {
+    const lease = this.opts.getLease();
+    const leaseOk = licenseActive(lease) || this.opts.devMode === true;
+    if (!leaseOk) {
+      void this.audit(req, "/agent/v1/declare_intent", 403, {
+        trustMode: "unmanaged_automation",
+        intentScope: "none",
+        tokenId: null,
+        decisionValue: "deny",
+        decisionReason: "license_expired_agent_endpoint_disabled",
+        policyId: "license-lease"
+      });
+      return { type: "response", status: 403, body: { error: "license_not_active" } };
+    }
+    const fp = this.fingerprint(req);
+    if (!this.declareLimiter.consume(fp)) {
+      void this.audit(req, "/agent/v1/declare_intent", 429, {
+        trustMode: "unmanaged_automation",
+        intentScope: "none",
+        tokenId: null,
+        decisionValue: "throttle",
+        decisionReason: "declare_intent_rate_limited",
+        policyId: "declare-intent-rate-limit"
+      });
+      return { type: "response", status: 429, body: { error: "declare_intent_rate_limited" } };
+    }
+    const registeredIntents = this.opts.getRegisteredIntents ? [...this.opts.getRegisteredIntents().keys()] : [];
+    const body = req.body ?? {};
+    if (!body.intent || !isValidIntent(body.intent, registeredIntents)) {
+      void this.audit(req, "/agent/v1/declare_intent", 400, {
+        trustMode: "unmanaged_automation",
+        intentScope: "none",
+        tokenId: null,
+        decisionValue: "deny",
+        decisionReason: "invalid_intent",
+        policyId: "intent-validation",
+        metadata: { supplied_intent: body.intent ?? null }
+      });
+      return { type: "response", status: 400, body: { error: "invalid_intent" } };
+    }
+    const intent = body.intent;
+    const ttl = intent === "checkout_intent" ? this.opts.checkoutTokenTtlMs : this.opts.tokenTtlMs;
+    const iat = Math.floor(Date.now() / 1e3);
+    const exp = iat + Math.floor(ttl / 1e3);
+    const binding = this.fingerprint(req);
+    const raw = issueToken(this.opts.tokenSecret, { intent, domain: this.opts.domain, binding, iat, exp });
+    const jti = tokenId(raw);
+    void this.audit(req, "/agent/v1/declare_intent", 200, {
+      trustMode: "managed_agent",
+      intentScope: intent,
+      tokenId: jti,
+      decisionValue: "allow",
+      decisionReason: "intent_token_issued",
+      policyId: "intent-token-issuer",
+      metadata: { subject: body.subject ?? null, constraints: body.constraints ?? null }
+    });
+    return {
+      type: "response",
+      status: 200,
+      body: { access_token: raw, token_type: "Bearer", token_id: jti, intent, expires_in: exp - iat }
+    };
+  }
+  fingerprint(req) {
+    return fingerprint(
+      req.ip,
+      req.headers["user-agent"] ?? req.headers["User-Agent"] ?? "unknown",
+      req.headers["accept-language"] ?? req.headers["Accept-Language"] ?? ""
+    );
+  }
+  async audit(req, route, statusCode, input) {
+    const row = decision({
+      tenant_id: this.opts.tenantId,
+      deployment_id: this.opts.deploymentId,
+      domain: this.opts.domain,
+      route,
+      method: req.method,
+      client_fingerprint_hash: this.fingerprint(req),
+      trust_mode: input.trustMode,
+      intent_scope: input.intentScope,
+      token_id: input.tokenId,
+      decision: input.decisionValue,
+      decision_reason: input.decisionReason,
+      policy_id: input.policyId,
+      status_code: statusCode,
+      metadata: input.metadata ?? {}
+    });
+    void shipAudit(this.opts.controlPlaneUrl, this.opts.controlPlaneAdminKey, row);
+  }
+};
+
+// ../sdk/src/index.ts
+var DEFAULT_CONTROL_PLANE = "https://agentix-control-plane.onrender.com";
+var AgentixSDK = class {
+  constructor(config) {
+    this.config = config;
+  }
+  config;
+  lease = null;
+  engine = null;
+  initPromise = null;
+  intentRegistry = /* @__PURE__ */ new Map();
+  // Resolved at init from the server:
+  _tenantId = "";
+  _domain = "";
+  _tokenSecret = "";
+  _deploymentId = "";
+  _proxyUrl = "";
+  async ensureInitialized() {
+    if (!this.initPromise) this.initPromise = this._init();
+    return this.initPromise;
+  }
+  async initialize() {
+    return this.ensureInitialized();
+  }
+  async _init() {
+    const cp = (this.config.controlPlaneUrl ?? DEFAULT_CONTROL_PLANE).replace(/\/$/, "");
+    try {
+      const res = await fetch(`${cp}/v1/deployments/register`, {
+        method: "POST",
+        headers: { "content-type": "application/json" },
+        body: JSON.stringify({
+          license_key: this.config.licenseKey,
+          deployment_id: this.config.deploymentId
+        })
+      });
+      if (res.ok) {
+        const body = await res.json();
+        this._deploymentId = body.deployment_id;
+        this._tenantId = body.tenant_id;
+        this._domain = body.domain;
+        this._tokenSecret = body.token_secret;
+        this._proxyUrl = body.proxy_url;
+      } else {
+        console.warn(`[agentix] Registration failed (${res.status}) \u2014 operating in degraded mode`);
+        this._tokenSecret = deriveTokenSecret(this.config.licenseKey);
+        this._domain = "localhost";
+        this._deploymentId = this.config.deploymentId ?? "unknown";
+        this._proxyUrl = cp;
+      }
+    } catch (err) {
+      console.warn("[agentix] Registration error (control plane unreachable) \u2014 operating in degraded mode:", err.message);
+      this._tokenSecret = deriveTokenSecret(this.config.licenseKey);
+      this._domain = "localhost";
+      this._deploymentId = this.config.deploymentId ?? "unknown";
+      this._proxyUrl = cp;
+    }
+    this.engine = new Engine({
+      tenantId: this._tenantId,
+      deploymentId: this._deploymentId,
+      domain: this._domain,
+      tokenSecret: this._tokenSecret,
+      tokenTtlMs: this.config.tokenTtlMs ?? 15 * 60 * 1e3,
+      checkoutTokenTtlMs: this.config.checkoutTokenTtlMs ?? 5 * 60 * 1e3,
+      declareLimit: this.config.declareLimit ?? 8,
+      declareWindowMs: this.config.declareWindowMs ?? 6e4,
+      controlPlaneUrl: cp,
+      controlPlaneAdminKey: this.config.controlPlaneAdminKey,
+      getLease: () => this.lease,
+      getRegisteredIntents: () => this.intentRegistry,
+      devMode: this.config.devMode
+    });
+  }
+  getEngine() {
+    if (!this.engine) throw new Error("[agentix] SDK not initialized \u2014 await sdk.initialize() first");
+    return this.engine;
+  }
+  registerIntent(intent, mode = "enforce") {
+    this.intentRegistry.set(intent, mode);
+  }
+  getIntentRegistry() {
+    return this.intentRegistry;
+  }
+  getResolvedDomain() {
+    return this._domain;
+  }
+  getResolvedTenantId() {
+    return this._tenantId;
+  }
+  getResolvedTokenSecret() {
+    return this._tokenSecret;
+  }
+  getDeploymentId() {
+    return this._deploymentId;
+  }
+  getProxyUrl() {
+    return this._proxyUrl;
+  }
+  getLease() {
+    return this.lease;
+  }
+};
+
+// src/index.ts
+function normalize(req) {
+  const proto = req.get("x-forwarded-proto") ?? req.protocol ?? "http";
+  const host = req.get("host") ?? req.hostname ?? "localhost";
+  const ip = req.get("x-forwarded-for")?.split(",")[0]?.trim() ?? req.ip ?? req.socket?.remoteAddress ?? "unknown";
+  const headers = {};
+  for (const [key, value] of Object.entries(req.headers)) {
+    if (typeof value === "string") headers[key] = value;
+    else if (Array.isArray(value)) headers[key] = value[0] ?? "";
+  }
+  return { method: req.method, path: req.path, headers, ip, body: req.body, baseUrl: `${proto}://${host}` };
+}
+function bearerToken(req) {
+  const auth = req.get("authorization");
+  if (!auth?.startsWith("Bearer ")) return null;
+  return auth.slice("Bearer ".length).trim();
+}
+function clientFingerprint(req) {
+  const ip = req.get("x-forwarded-for")?.split(",")[0]?.trim() ?? req.ip ?? req.socket?.remoteAddress ?? "unknown";
+  const ua = req.get("user-agent") ?? "unknown";
+  const lang = req.get("accept-language") ?? "";
+  return createHash("sha256").update([ip, ua, lang].join("|")).digest("hex");
+}
+async function callProxy(proxyUrl, deploymentId, token, fingerprint2, intent, mode) {
+  const controller = new AbortController();
+  const id = setTimeout(() => controller.abort(), 1500);
+  try {
+    const res = await fetch(`${proxyUrl}/v1/enforce`, {
+      method: "POST",
+      headers: { "content-type": "application/json" },
+      body: JSON.stringify({ deployment_id: deploymentId, token, fingerprint: fingerprint2, intent, mode }),
+      signal: controller.signal
+    });
+    clearTimeout(id);
+    if (res.ok) return await res.json();
+    return { decision: "allow", reason: "proxy_error" };
+  } catch {
+    clearTimeout(id);
+    return { decision: "allow", reason: "proxy_unreachable" };
+  }
+}
+function agentixMiddleware(sdk) {
+  return async (req, res, next) => {
+    await sdk.ensureInitialized();
+    const result = await sdk.getEngine().handle(normalize(req));
+    if (result.type === "passthrough") {
+      next();
+      return;
+    }
+    if (result.headers) for (const [k, v] of Object.entries(result.headers)) res.setHeader(k, v);
+    res.status(result.status).json(result.body);
+  };
+}
+function secure(sdk, intent, handler, opts = {}) {
+  const mode = opts.mode ?? "enforce";
+  sdk.registerIntent(intent, mode);
+  return async (req, res, next) => {
+    await sdk.ensureInitialized();
+    const token = bearerToken(req);
+    const fp = clientFingerprint(req);
+    const baseUrl = `${req.get("x-forwarded-proto") ?? req.protocol ?? "http"}://${req.get("host") ?? req.hostname ?? "localhost"}`;
+    if (!token) {
+      res.setHeader("www-authenticate", 'Bearer realm="agentix", error="missing_token"');
+      res.status(401).json({ error: "missing_token", agent_discovery: `${baseUrl}/.well-known/ai-agent.json` });
+      return;
+    }
+    const verdict = await callProxy(sdk.getProxyUrl(), sdk.getDeploymentId(), token, fp, intent, mode);
+    if (verdict.decision === "allow") {
+      handler(req, res, next);
+      return;
+    }
+    const reason = verdict.reason ?? "denied";
+    if (reason === "missing_token" || reason === "invalid_token") {
+      res.setHeader("www-authenticate", `Bearer realm="agentix", error="${reason}"`);
+      res.status(401).json({ error: reason, agent_discovery: `${baseUrl}/.well-known/ai-agent.json` });
+    } else if (reason === "out_of_scope") {
+      res.status(403).json({ error: "out_of_scope", required_intent: verdict.required_intent ?? intent });
+    } else {
+      res.status(401).json({ error: reason });
+    }
+  };
+}
+
+export { AgentixSDK, agentixMiddleware, secure };

package/package.json

@@ -0,0 +1,35 @@
+{
+  "name": "@agentix-security/express",
+  "version": "0.1.0",
+  "description": "Agentix Express adapter — AI agent intent-based authorization for Express apps",
+  "type": "module",
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "require": "./dist/index.cjs"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "tsup",
+    "typecheck": "tsc --noEmit"
+  },
+  "peerDependencies": {
+    "express": "^4"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "keywords": ["agentix", "express", "ai", "agents", "authorization", "intent"],
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/agentix-dev/agentix"
+  }
+}