@agentproto/governance 0.1.0-alpha.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,167 @@
1
+ import { z } from 'zod';
2
+ export { P as POLICY_THRESHOLD, a as Policy, b as PolicyAppliesTo, c as PolicyCap, d as PolicyEscalation, e as PolicyFrontmatter, f as PolicyThreshold, R as RequiredSigner, p as policyAppliesToSchema, g as policyCapSchema, h as policyDirname, i as policyEscalationSchema, j as policyFrontmatterSchema, k as policyThresholdSchema, r as requiredSignerSchema } from '../policy-YqpSg3Ep.js';
3
+
4
+ /**
5
+ * agentgovernance/v1 — `signature.json` doctype.
6
+ *
7
+ * Universal approval primitive. Every approval — of an agreement, deliverable,
8
+ * invoice, policy override, agent-issued action, etc. — is a signature on an
9
+ * artifact, recorded as a `<artifact-path>/../signatures/<signer>-<isoDate>.signature.json`
10
+ * file alongside the artifact being signed.
11
+ *
12
+ * One file = one signature event. Signatures are append-only; revocation
13
+ * writes a new file (or updates `revokedAt` if same signer re-issues).
14
+ */
15
+ declare const SIGNER_KIND: readonly ["operator", "user", "counterparty", "agent", "external"];
16
+ declare const signerKindSchema: z.ZodEnum<{
17
+ operator: "operator";
18
+ user: "user";
19
+ counterparty: "counterparty";
20
+ agent: "agent";
21
+ external: "external";
22
+ }>;
23
+ type SignerKind = z.infer<typeof signerKindSchema>;
24
+ declare const SIGNING_METHOD: readonly ["typed_name", "agent_confirm", "click_through", "esign_external"];
25
+ declare const signingMethodSchema: z.ZodEnum<{
26
+ typed_name: "typed_name";
27
+ agent_confirm: "agent_confirm";
28
+ click_through: "click_through";
29
+ esign_external: "esign_external";
30
+ }>;
31
+ type SigningMethod = z.infer<typeof signingMethodSchema>;
32
+ declare const evidenceSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
33
+ kind: z.ZodLiteral<"typed_name">;
34
+ signerName: z.ZodString;
35
+ ipAddress: z.ZodString;
36
+ userAgent: z.ZodString;
37
+ nonce: z.ZodString;
38
+ signedUrlToken: z.ZodOptional<z.ZodString>;
39
+ }, z.core.$strip>, z.ZodObject<{
40
+ kind: z.ZodLiteral<"agent_confirm">;
41
+ modelId: z.ZodString;
42
+ promptContextHash: z.ZodString;
43
+ reasoningSummary: z.ZodOptional<z.ZodString>;
44
+ conversationTurnId: z.ZodOptional<z.ZodString>;
45
+ authorizedByPolicy: z.ZodOptional<z.ZodString>;
46
+ }, z.core.$strip>, z.ZodObject<{
47
+ kind: z.ZodLiteral<"click_through">;
48
+ ipAddress: z.ZodString;
49
+ userAgent: z.ZodString;
50
+ signedUrlToken: z.ZodString;
51
+ }, z.core.$strip>, z.ZodObject<{
52
+ kind: z.ZodLiteral<"esign_external">;
53
+ provider: z.ZodString;
54
+ externalRef: z.ZodString;
55
+ signedPdfRef: z.ZodOptional<z.ZodString>;
56
+ }, z.core.$strip>], "kind">;
57
+ type SignatureEvidence = z.infer<typeof evidenceSchema>;
58
+ declare const signatureSchema: z.ZodObject<{
59
+ schema: z.ZodLiteral<"agentgovernance/v1">;
60
+ doctype: z.ZodLiteral<"signature">;
61
+ signer: z.ZodString;
62
+ signerKind: z.ZodEnum<{
63
+ operator: "operator";
64
+ user: "user";
65
+ counterparty: "counterparty";
66
+ agent: "agent";
67
+ external: "external";
68
+ }>;
69
+ signerEmail: z.ZodOptional<z.ZodEmail>;
70
+ artifactPath: z.ZodString;
71
+ documentHash: z.ZodString;
72
+ method: z.ZodEnum<{
73
+ typed_name: "typed_name";
74
+ agent_confirm: "agent_confirm";
75
+ click_through: "click_through";
76
+ esign_external: "esign_external";
77
+ }>;
78
+ evidence: z.ZodDiscriminatedUnion<[z.ZodObject<{
79
+ kind: z.ZodLiteral<"typed_name">;
80
+ signerName: z.ZodString;
81
+ ipAddress: z.ZodString;
82
+ userAgent: z.ZodString;
83
+ nonce: z.ZodString;
84
+ signedUrlToken: z.ZodOptional<z.ZodString>;
85
+ }, z.core.$strip>, z.ZodObject<{
86
+ kind: z.ZodLiteral<"agent_confirm">;
87
+ modelId: z.ZodString;
88
+ promptContextHash: z.ZodString;
89
+ reasoningSummary: z.ZodOptional<z.ZodString>;
90
+ conversationTurnId: z.ZodOptional<z.ZodString>;
91
+ authorizedByPolicy: z.ZodOptional<z.ZodString>;
92
+ }, z.core.$strip>, z.ZodObject<{
93
+ kind: z.ZodLiteral<"click_through">;
94
+ ipAddress: z.ZodString;
95
+ userAgent: z.ZodString;
96
+ signedUrlToken: z.ZodString;
97
+ }, z.core.$strip>, z.ZodObject<{
98
+ kind: z.ZodLiteral<"esign_external">;
99
+ provider: z.ZodString;
100
+ externalRef: z.ZodString;
101
+ signedPdfRef: z.ZodOptional<z.ZodString>;
102
+ }, z.core.$strip>], "kind">;
103
+ signedAt: z.ZodISODateTime;
104
+ revokedAt: z.ZodOptional<z.ZodISODateTime>;
105
+ revokedReason: z.ZodOptional<z.ZodString>;
106
+ metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
107
+ }, z.core.$strip>;
108
+ type Signature = z.infer<typeof signatureSchema>;
109
+ /** Filename helper: `<signer-kind>-<signer-slug>-<isoDate>.signature.json` */
110
+ declare function signatureFilename(signer: string, signedAt: string): string;
111
+
112
+ /**
113
+ * agentgovernance/v1 — audit-log.jsonl line doctype.
114
+ *
115
+ * Each line of `<scope>/audit/audit-log.jsonl` is one audit event, encoded as
116
+ * a single JSON object on one line (no embedded newlines).
117
+ *
118
+ * Scope is whatever folder hosts the log: per-engagement
119
+ * (`engagements/<slug>/audit/audit-log.jsonl`) or per-workspace/guild
120
+ * (`audit/audit-log.jsonl` for cross-engagement events).
121
+ *
122
+ * Hash chain protocol:
123
+ * signature_n = HMAC-SHA256(secret, signature_{n-1} ‖ canonical(row_n))
124
+ *
125
+ * The first line's `prevSignature` is the workspace genesis seed (vault-backed).
126
+ * See `../hash-chain/protocol.md` for the canonical-bytes specification.
127
+ */
128
+ declare const ACTOR_KIND: readonly ["operator", "user", "counterparty", "agent", "system"];
129
+ declare const actorKindSchema: z.ZodEnum<{
130
+ operator: "operator";
131
+ user: "user";
132
+ counterparty: "counterparty";
133
+ agent: "agent";
134
+ system: "system";
135
+ }>;
136
+ type ActorKind = z.infer<typeof actorKindSchema>;
137
+ /** Common entity types. Apps may extend via metadata or contributing entries. */
138
+ declare const KNOWN_ENTITY_TYPES: readonly ["signature", "audit-event", "policy", "approval", "engagement", "agreement", "deliverable", "invoice", "service", "counterparty", "routine", "procedure", "task", "project", "company", "agent"];
139
+ declare const auditEventSchema: z.ZodObject<{
140
+ schema: z.ZodLiteral<"agentgovernance/v1">;
141
+ doctype: z.ZodLiteral<"audit-event">;
142
+ actorKind: z.ZodEnum<{
143
+ operator: "operator";
144
+ user: "user";
145
+ counterparty: "counterparty";
146
+ agent: "agent";
147
+ system: "system";
148
+ }>;
149
+ actorId: z.ZodNullable<z.ZodString>;
150
+ entityType: z.ZodString;
151
+ entityId: z.ZodString;
152
+ action: z.ZodString;
153
+ payload: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
154
+ prevSignature: z.ZodString;
155
+ signature: z.ZodString;
156
+ requestId: z.ZodOptional<z.ZodString>;
157
+ traceId: z.ZodOptional<z.ZodString>;
158
+ ipAddress: z.ZodOptional<z.ZodString>;
159
+ userAgent: z.ZodOptional<z.ZodString>;
160
+ createdAt: z.ZodISODateTime;
161
+ metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
162
+ }, z.core.$strip>;
163
+ type AuditEvent = z.infer<typeof auditEventSchema>;
164
+ /** Convenience: parse a single JSONL line. Returns parsed event or throws. */
165
+ declare function parseAuditLine(line: string): AuditEvent;
166
+
167
+ export { ACTOR_KIND, type ActorKind, type AuditEvent, KNOWN_ENTITY_TYPES, SIGNER_KIND, SIGNING_METHOD, type Signature, type SignatureEvidence, type SignerKind, type SigningMethod, actorKindSchema, auditEventSchema, evidenceSchema, parseAuditLine, signatureFilename, signatureSchema, signerKindSchema, signingMethodSchema };
@@ -0,0 +1,4 @@
1
+ import '../chunk-7GHDRKSD.mjs';
2
+ export { ACTOR_KIND, KNOWN_ENTITY_TYPES, POLICY_THRESHOLD, SIGNER_KIND, SIGNING_METHOD, actorKindSchema, auditEventSchema, evidenceSchema, parseAuditLine, policyAppliesToSchema, policyCapSchema, policyDirname, policyEscalationSchema, policyFrontmatterSchema, policyThresholdSchema, requiredSignerSchema, signatureFilename, signatureSchema, signerKindSchema, signingMethodSchema } from '../chunk-J2DX2WOA.mjs';
3
+ //# sourceMappingURL=index.mjs.map
4
+ //# sourceMappingURL=index.mjs.map
@@ -0,0 +1 @@
1
+ {"version":3,"sources":[],"names":[],"mappings":"","file":"index.mjs"}
@@ -0,0 +1,40 @@
1
+ export { V as VerifyChainOptions, a as VerifyChainResult, v as verifyChain } from '../verify-e_UfVr02.js';
2
+
3
+ /**
4
+ * Canonicalize a row to deterministic UTF-8 bytes.
5
+ *
6
+ * Sorts object keys, drops `undefined` values, and emits whitespace-free JSON.
7
+ */
8
+ declare function canonicalize(value: unknown): Uint8Array;
9
+ /** Internal: canonical JSON string. */
10
+ declare function canonicalJsonString(value: unknown): string;
11
+ interface ChainComputeOptions {
12
+ /** Workspace genesis seed (hex) — used as prev_signature for the first line. */
13
+ genesisSeed: string;
14
+ /** HMAC secret key (utf-8 string or hex). */
15
+ secret: string;
16
+ }
17
+ interface ComputedChainSignature {
18
+ /** Hex-encoded HMAC-SHA256. */
19
+ signature: string;
20
+ /** Hex-encoded prevSignature carried into this row. */
21
+ prevSignature: string;
22
+ }
23
+ /**
24
+ * Compute the chain signature for a row given the previous signature.
25
+ *
26
+ * @param row - The audit-event row (the `signature` field, if present, is excluded from the canonical bytes).
27
+ * @param prevSignature - The previous line's signature (or the workspace genesis seed for the first line). Hex-encoded.
28
+ * @param secret - HMAC secret (passed verbatim as the HMAC key).
29
+ * @returns Hex-encoded SHA-256 HMAC.
30
+ */
31
+ declare function computeChainSignature(row: Record<string, unknown>, prevSignature: string, secret: string): string;
32
+ /**
33
+ * Compute the signature and produce a ready-to-write row with `prevSignature` and `signature` populated.
34
+ */
35
+ declare function chainRow(rowWithoutChainFields: Record<string, unknown>, prevSignature: string, secret: string): Record<string, unknown> & {
36
+ prevSignature: string;
37
+ signature: string;
38
+ };
39
+
40
+ export { type ChainComputeOptions, type ComputedChainSignature, canonicalJsonString, canonicalize, chainRow, computeChainSignature };
@@ -0,0 +1,4 @@
1
+ import '../chunk-5G463T6C.mjs';
2
+ export { canonicalJsonString, canonicalize, chainRow, computeChainSignature, verifyChain } from '../chunk-VWEBMWO2.mjs';
3
+ //# sourceMappingURL=index.mjs.map
4
+ //# sourceMappingURL=index.mjs.map
@@ -0,0 +1 @@
1
+ {"version":3,"sources":[],"names":[],"mappings":"","file":"index.mjs"}
@@ -0,0 +1,31 @@
1
+ export { ACTOR_KIND, ActorKind, AuditEvent, KNOWN_ENTITY_TYPES, SIGNER_KIND, SIGNING_METHOD, Signature, SignatureEvidence, SignerKind, SigningMethod, actorKindSchema, auditEventSchema, evidenceSchema, parseAuditLine, signatureFilename, signatureSchema, signerKindSchema, signingMethodSchema } from './doctypes/index.js';
2
+ export { P as POLICY_THRESHOLD, a as Policy, b as PolicyAppliesTo, c as PolicyCap, d as PolicyEscalation, e as PolicyFrontmatter, f as PolicyThreshold, R as RequiredSigner, p as policyAppliesToSchema, g as policyCapSchema, h as policyDirname, i as policyEscalationSchema, j as policyFrontmatterSchema, k as policyThresholdSchema, r as requiredSignerSchema } from './policy-YqpSg3Ep.js';
3
+ export { ValidationError, ValidationResult, validateAuditEvent, validateAuditLog, validatePolicy, validateSignature, validateSignatureAgainstArtifact } from './validators/index.js';
4
+ export { ChainComputeOptions, ComputedChainSignature, canonicalJsonString, canonicalize, chainRow, computeChainSignature } from './hash-chain/index.js';
5
+ export { V as VerifyChainOptions, a as VerifyChainResult, v as verifyChain } from './verify-e_UfVr02.js';
6
+ import 'zod';
7
+
8
+ /**
9
+ * @agentproto/governance — agentgovernance/v1 spec implementation.
10
+ *
11
+ * Universal contractual approval framework: signatures, audit logs, policies.
12
+ * All doctypes are workspace files; this package is filesystem-first and
13
+ * vendor-neutral (no Mastra, LangChain, Temporal imports).
14
+ *
15
+ * Subpath exports:
16
+ * - "./doctypes" — zod schemas + inferred types for signature, audit-event, policy
17
+ * - "./hash-chain" — canonical row hashing + chain compute/verify
18
+ * - "./validators" — per-doctype validators
19
+ *
20
+ * Reference runtime (audit-chain writer, sign-artifact orchestrator, _index
21
+ * helpers) lives in the sibling package `@agentproto/governance-engine`. Spec
22
+ * stays pure: zero I/O, zero filesystem deps. Consumers needing only types +
23
+ * validators (CI validators, third-party language ports) avoid pulling node:fs.
24
+ *
25
+ * Spec doc: ./AGENTGOVERNANCE.md (canonical)
26
+ * src/spec/agentgovernance-v1.md (source of truth)
27
+ */
28
+ declare const SPEC_NAME: "agentgovernance/v1";
29
+ declare const SPEC_VERSION: "1.0.0-alpha";
30
+
31
+ export { SPEC_NAME, SPEC_VERSION };
package/dist/index.mjs ADDED
@@ -0,0 +1,19 @@
1
+ import './chunk-7GHDRKSD.mjs';
2
+ import './chunk-5G463T6C.mjs';
3
+ export { validateAuditEvent, validateAuditLog, validatePolicy, validateSignature, validateSignatureAgainstArtifact } from './chunk-UVBFLWSG.mjs';
4
+ export { canonicalJsonString, canonicalize, chainRow, computeChainSignature, verifyChain } from './chunk-VWEBMWO2.mjs';
5
+ export { ACTOR_KIND, KNOWN_ENTITY_TYPES, POLICY_THRESHOLD, SIGNER_KIND, SIGNING_METHOD, actorKindSchema, auditEventSchema, evidenceSchema, parseAuditLine, policyAppliesToSchema, policyCapSchema, policyDirname, policyEscalationSchema, policyFrontmatterSchema, policyThresholdSchema, requiredSignerSchema, signatureFilename, signatureSchema, signerKindSchema, signingMethodSchema } from './chunk-J2DX2WOA.mjs';
6
+
7
+ /**
8
+ * @agentproto/governance v0.1.0-alpha
9
+ * agentgovernance/v1 — universal contractual approval framework.
10
+ * Vendor-neutral. Filesystem-first. Third-party verifiable.
11
+ */
12
+
13
+ // src/index.ts
14
+ var SPEC_NAME = "agentgovernance/v1";
15
+ var SPEC_VERSION = "1.0.0-alpha";
16
+
17
+ export { SPEC_NAME, SPEC_VERSION };
18
+ //# sourceMappingURL=index.mjs.map
19
+ //# sourceMappingURL=index.mjs.map
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;AAqBO,IAAM,SAAA,GAAY;AAClB,IAAM,YAAA,GAAe","file":"index.mjs","sourcesContent":["/**\n * @agentproto/governance — agentgovernance/v1 spec implementation.\n *\n * Universal contractual approval framework: signatures, audit logs, policies.\n * All doctypes are workspace files; this package is filesystem-first and\n * vendor-neutral (no Mastra, LangChain, Temporal imports).\n *\n * Subpath exports:\n * - \"./doctypes\" — zod schemas + inferred types for signature, audit-event, policy\n * - \"./hash-chain\" — canonical row hashing + chain compute/verify\n * - \"./validators\" — per-doctype validators\n *\n * Reference runtime (audit-chain writer, sign-artifact orchestrator, _index\n * helpers) lives in the sibling package `@agentproto/governance-engine`. Spec\n * stays pure: zero I/O, zero filesystem deps. Consumers needing only types +\n * validators (CI validators, third-party language ports) avoid pulling node:fs.\n *\n * Spec doc: ./AGENTGOVERNANCE.md (canonical)\n * src/spec/agentgovernance-v1.md (source of truth)\n */\n\nexport const SPEC_NAME = \"agentgovernance/v1\" as const\nexport const SPEC_VERSION = \"1.0.0-alpha\" as const\n\nexport * from \"./spec/doctypes/index.js\"\nexport * from \"./spec/validators/index.js\"\nexport * from \"./spec/hash-chain/index.js\"\n"]}
@@ -0,0 +1,104 @@
1
+ import { b as PolicyAppliesTo, c as PolicyCap, f as PolicyThreshold, R as RequiredSigner, d as PolicyEscalation, e as PolicyFrontmatter } from '../policy-YqpSg3Ep.js';
2
+ import 'zod';
3
+
4
+ /**
5
+ * AIP-7 POLICY.md — `definePolicy` constructor + `policyFromManifest`
6
+ * markdown-authored entry. Built on `@agentproto/define-doctype`.
7
+ *
8
+ * Policies are the AIP-7 doctype that declares "what an autonomous
9
+ * actor may do without further approval, and what threshold of
10
+ * signatures it needs when a cap is exceeded". Authoring path A
11
+ * (`definePolicy({...})`) covers the in-process / TS-authored case;
12
+ * authoring path B (`policyFromManifest(parsed)`) covers the
13
+ * filesystem-authored case where the policy ships as a `POLICY.md`
14
+ * under a workspace's `policies/<slug>/` folder.
15
+ *
16
+ * Both paths land in the same `createDoctype` pipeline as `defineTool`
17
+ * and `defineDriver`: identity is regex-validated, the produced handle
18
+ * is `Object.freeze`-d, errors carry the canonical `definePolicy
19
+ * (AIP-7): …` prefix, and spec-specific invariants run after the
20
+ * shared ones.
21
+ *
22
+ * Departs from the AIP-14/AIP-30 default shape on three axes — which
23
+ * is what makes this a useful test of the meta-factory's flexibility:
24
+ * - identity field is `slug`, not `id`
25
+ * - identity pattern is stricter (no dots, no underscores): `^[a-z0-9][a-z0-9-]*$`
26
+ * - `description` is OPTIONAL on the doctype; the LLM-facing copy
27
+ * lives in `name`. We skip the description length check entirely.
28
+ */
29
+
30
+ declare const POLICY_SLUG_PATTERN: RegExp;
31
+ /**
32
+ * Input to `definePolicy`. Mirrors `PolicyFrontmatter` minus the
33
+ * spec-fixed `schema` and `doctype` fields (which the runtime fills).
34
+ * Every other field is preserved verbatim.
35
+ */
36
+ interface PolicyDefinition {
37
+ slug: string;
38
+ name: string;
39
+ description?: string;
40
+ appliesTo?: readonly PolicyAppliesTo[];
41
+ caps?: readonly PolicyCap[];
42
+ threshold?: PolicyThreshold;
43
+ /** Required when `threshold === "weighted_threshold"`. */
44
+ requiredWeight?: number;
45
+ requiredSignatures?: readonly RequiredSigner[];
46
+ /** ISO-8601 duration. */
47
+ deadline?: string;
48
+ escalation?: PolicyEscalation;
49
+ metadata?: Record<string, unknown>;
50
+ }
51
+ /**
52
+ * The host-registrable handle returned by `definePolicy`. Frozen,
53
+ * with array/object fields shallow-frozen to lock the wire shape.
54
+ */
55
+ interface PolicyHandle {
56
+ readonly schema: "agentgovernance/v1";
57
+ readonly doctype: "policy";
58
+ readonly slug: string;
59
+ readonly name: string;
60
+ readonly description?: string;
61
+ readonly appliesTo: readonly PolicyAppliesTo[];
62
+ readonly caps: readonly PolicyCap[];
63
+ readonly threshold: PolicyThreshold;
64
+ readonly requiredWeight?: number;
65
+ readonly requiredSignatures: readonly RequiredSigner[];
66
+ readonly deadline?: string;
67
+ readonly escalation?: PolicyEscalation;
68
+ readonly metadata: Record<string, unknown>;
69
+ }
70
+ /**
71
+ * AIP-7 reference implementation of `definePolicy`. Goes through
72
+ * `createDoctype` so the cross-AIP invariants (slug pattern check,
73
+ * top-level freeze, `definePolicy (AIP-7): …` error prefix) run
74
+ * uniformly with `defineTool` / `defineDriver`.
75
+ *
76
+ * Spec-specific validation enforced here:
77
+ * - `name` must be 1+ chars (zod-equivalent of `.min(1)`)
78
+ * - `threshold === "weighted_threshold"` requires `requiredWeight`
79
+ * to be set (matches the `.refine()` on the manifest schema).
80
+ */
81
+ declare const definePolicy: (def: PolicyDefinition) => PolicyHandle;
82
+ /**
83
+ * Parsed POLICY.md manifest — frontmatter validated against the
84
+ * AIP-7 zod schema, body kept as-is for downstream consumers.
85
+ */
86
+ interface PolicyManifest {
87
+ frontmatter: PolicyFrontmatter;
88
+ body: string;
89
+ }
90
+ /**
91
+ * Parse a POLICY.md source string. Throws on missing or schema-invalid
92
+ * frontmatter.
93
+ */
94
+ declare function parsePolicyManifest(source: string): PolicyManifest;
95
+ /**
96
+ * Build a {@link PolicyHandle} from a parsed `POLICY.md` manifest.
97
+ * Same single-source-of-truth principle as `toolFromManifest` /
98
+ * `driverFromManifest`: the frontmatter is the source of truth for
99
+ * metadata; the handle ends up in `definePolicy` so AIP-7 invariants
100
+ * (and the meta-factory's shared invariants) run uniformly.
101
+ */
102
+ declare function policyFromManifest(manifest: PolicyManifest): PolicyHandle;
103
+
104
+ export { POLICY_SLUG_PATTERN, type PolicyDefinition, type PolicyHandle, type PolicyManifest, definePolicy, parsePolicyManifest, policyFromManifest };
@@ -0,0 +1,82 @@
1
+ import { policyFrontmatterSchema } from '../chunk-J2DX2WOA.mjs';
2
+ import { createDoctype } from '@agentproto/define-doctype';
3
+ import matter from 'gray-matter';
4
+
5
+ /**
6
+ * @agentproto/governance v0.1.0-alpha
7
+ * agentgovernance/v1 — universal contractual approval framework.
8
+ * Vendor-neutral. Filesystem-first. Third-party verifiable.
9
+ */
10
+ var POLICY_SLUG_PATTERN = /^[a-z0-9][a-z0-9-]*$/;
11
+ var definePolicy = createDoctype({
12
+ aip: 7,
13
+ name: "policy",
14
+ readIdentity: (def) => def.slug,
15
+ idPattern: POLICY_SLUG_PATTERN,
16
+ // POLICY.md treats `description` as optional and uses `name` as the
17
+ // human-readable label. Skip the cross-AIP description check; let
18
+ // spec-7 validate `name` itself in `validate()`.
19
+ readDescription: false,
20
+ validate(def) {
21
+ if (typeof def.name !== "string" || def.name.length === 0) {
22
+ throw new Error(
23
+ `definePolicy (AIP-7): slug='${def.slug}' name must be a non-empty string`
24
+ );
25
+ }
26
+ if (def.threshold === "weighted_threshold" && typeof def.requiredWeight !== "number") {
27
+ throw new Error(
28
+ `definePolicy (AIP-7): slug='${def.slug}' threshold='weighted_threshold' requires requiredWeight to be set`
29
+ );
30
+ }
31
+ },
32
+ build(def) {
33
+ return {
34
+ schema: "agentgovernance/v1",
35
+ doctype: "policy",
36
+ slug: def.slug,
37
+ name: def.name,
38
+ description: def.description,
39
+ appliesTo: Object.freeze([...def.appliesTo ?? []]),
40
+ caps: Object.freeze([...def.caps ?? []]),
41
+ threshold: def.threshold ?? "single",
42
+ requiredWeight: def.requiredWeight,
43
+ requiredSignatures: Object.freeze([...def.requiredSignatures ?? []]),
44
+ deadline: def.deadline,
45
+ escalation: def.escalation,
46
+ metadata: Object.freeze({ ...def.metadata ?? {} })
47
+ };
48
+ }
49
+ });
50
+ function parsePolicyManifest(source) {
51
+ const parsed = matter(source);
52
+ if (Object.keys(parsed.data).length === 0) {
53
+ throw new Error("parsePolicyManifest: missing or empty frontmatter");
54
+ }
55
+ const result = policyFrontmatterSchema.safeParse(parsed.data);
56
+ if (!result.success) {
57
+ throw new Error(
58
+ `parsePolicyManifest: invalid frontmatter \u2014 ${result.error.issues.map((i) => `${i.path.join(".")}: ${i.message}`).join("; ")}`
59
+ );
60
+ }
61
+ return { frontmatter: result.data, body: parsed.content };
62
+ }
63
+ function policyFromManifest(manifest) {
64
+ const fm = manifest.frontmatter;
65
+ return definePolicy({
66
+ slug: fm.slug,
67
+ name: fm.name,
68
+ description: fm.description,
69
+ appliesTo: fm.appliesTo,
70
+ caps: fm.caps,
71
+ threshold: fm.threshold,
72
+ requiredWeight: fm.requiredWeight,
73
+ requiredSignatures: fm.requiredSignatures,
74
+ deadline: fm.deadline,
75
+ escalation: fm.escalation,
76
+ metadata: fm.metadata
77
+ });
78
+ }
79
+
80
+ export { POLICY_SLUG_PATTERN, definePolicy, parsePolicyManifest, policyFromManifest };
81
+ //# sourceMappingURL=index.mjs.map
82
+ //# sourceMappingURL=index.mjs.map
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../../src/policy/index.ts"],"names":[],"mappings":";;;;;;;;;AAsCA,IAAM,mBAAA,GAAsB;AAsDrB,IAAM,eAAe,aAAA,CAA8C;AAAA,EACxE,GAAA,EAAK,CAAA;AAAA,EACL,IAAA,EAAM,QAAA;AAAA,EACN,YAAA,EAAc,CAAC,GAAA,KAAQ,GAAA,CAAI,IAAA;AAAA,EAC3B,SAAA,EAAW,mBAAA;AAAA;AAAA;AAAA;AAAA,EAIX,eAAA,EAAiB,KAAA;AAAA,EACjB,SAAS,GAAA,EAAK;AACZ,IAAA,IAAI,OAAO,GAAA,CAAI,IAAA,KAAS,YAAY,GAAA,CAAI,IAAA,CAAK,WAAW,CAAA,EAAG;AACzD,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,CAAA,4BAAA,EAA+B,IAAI,IAAI,CAAA,iCAAA;AAAA,OACzC;AAAA,IACF;AACA,IAAA,IACE,IAAI,SAAA,KAAc,oBAAA,IAClB,OAAO,GAAA,CAAI,mBAAmB,QAAA,EAC9B;AACA,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,CAAA,4BAAA,EAA+B,IAAI,IAAI,CAAA,kEAAA;AAAA,OACzC;AAAA,IACF;AAAA,EACF,CAAA;AAAA,EACA,MAAM,GAAA,EAAK;AACT,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,oBAAA;AAAA,MACR,OAAA,EAAS,QAAA;AAAA,MACT,MAAM,GAAA,CAAI,IAAA;AAAA,MACV,MAAM,GAAA,CAAI,IAAA;AAAA,MACV,aAAa,GAAA,CAAI,WAAA;AAAA,MACjB,SAAA,EAAW,OAAO,MAAA,CAAO,CAAC,GAAI,GAAA,CAAI,SAAA,IAAa,EAAG,CAAC,CAAA;AAAA,MACnD,IAAA,EAAM,OAAO,MAAA,CAAO,CAAC,GAAI,GAAA,CAAI,IAAA,IAAQ,EAAG,CAAC,CAAA;AAAA,MACzC,SAAA,EAAW,IAAI,SAAA,IAAa,QAAA;AAAA,MAC5B,gBAAgB,GAAA,CAAI,cAAA;AAAA,MACpB,kBAAA,EAAoB,OAAO,MAAA,CAAO,CAAC,GAAI,GAAA,CAAI,kBAAA,IAAsB,EAAG,CAAC,CAAA;AAAA,MACrE,UAAU,GAAA,CAAI,QAAA;AAAA,MACd,YAAY,GAAA,CAAI,UAAA;AAAA,MAChB,QAAA,EAAU,OAAO,MAAA,CAAO,EAAE,GAAI,GAAA,CAAI,QAAA,IAAY,EAAC,EAAI;AAAA,KACrD;AAAA,EACF;AACF,CAAC;AAeM,SAAS,oBAAoB,MAAA,EAAgC;AAClE,EAAA,MAAM,MAAA,GAAS,OAAO,MAAM,CAAA;AAC5B,EAAA,IAAI,OAAO,IAAA,CAAK,MAAA,CAAO,IAAI,CAAA,CAAE,WAAW,CAAA,EAAG;AACzC,IAAA,MAAM,IAAI,MAAM,mDAAmD,CAAA;AAAA,EACrE;AACA,EAAA,MAAM,MAAA,GAAS,uBAAA,CAAwB,SAAA,CAAU,MAAA,CAAO,IAAI,CAAA;AAC5D,EAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,gDAAA,EAA8C,OAAO,KAAA,CAAM,MAAA,CACxD,IAAI,CAAC,CAAA,KAAM,GAAG,CAAA,CAAE,IAAA,CAAK,KAAK,GAAG,CAAC,KAAK,CAAA,CAAE,OAAO,EAAE,CAAA,CAC9C,IAAA,CAAK,IAAI,CAAC,CAAA;AAAA,KACf;AAAA,EACF;AACA,EAAA,OAAO,EAAE,WAAA,EAAa,MAAA,CAAO,IAAA,EAAM,IAAA,EAAM,OAAO,OAAA,EAAQ;AAC1D;AASO,SAAS,mBAAmB,QAAA,EAAwC;AACzE,EAAA,MAAM,KAAK,QAAA,CAAS,WAAA;AACpB,EAAA,OAAO,YAAA,CAAa;AAAA,IAClB,MAAM,EAAA,CAAG,IAAA;AAAA,IACT,MAAM,EAAA,CAAG,IAAA;AAAA,IACT,aAAa,EAAA,CAAG,WAAA;AAAA,IAChB,WAAW,EAAA,CAAG,SAAA;AAAA,IACd,MAAM,EAAA,CAAG,IAAA;AAAA,IACT,WAAW,EAAA,CAAG,SAAA;AAAA,IACd,gBAAgB,EAAA,CAAG,cAAA;AAAA,IACnB,oBAAoB,EAAA,CAAG,kBAAA;AAAA,IACvB,UAAU,EAAA,CAAG,QAAA;AAAA,IACb,YAAY,EAAA,CAAG,UAAA;AAAA,IACf,UAAU,EAAA,CAAG;AAAA,GACd,CAAA;AACH","file":"index.mjs","sourcesContent":["/**\n * AIP-7 POLICY.md — `definePolicy` constructor + `policyFromManifest`\n * markdown-authored entry. Built on `@agentproto/define-doctype`.\n *\n * Policies are the AIP-7 doctype that declares \"what an autonomous\n * actor may do without further approval, and what threshold of\n * signatures it needs when a cap is exceeded\". Authoring path A\n * (`definePolicy({...})`) covers the in-process / TS-authored case;\n * authoring path B (`policyFromManifest(parsed)`) covers the\n * filesystem-authored case where the policy ships as a `POLICY.md`\n * under a workspace's `policies/<slug>/` folder.\n *\n * Both paths land in the same `createDoctype` pipeline as `defineTool`\n * and `defineDriver`: identity is regex-validated, the produced handle\n * is `Object.freeze`-d, errors carry the canonical `definePolicy\n * (AIP-7): …` prefix, and spec-specific invariants run after the\n * shared ones.\n *\n * Departs from the AIP-14/AIP-30 default shape on three axes — which\n * is what makes this a useful test of the meta-factory's flexibility:\n * - identity field is `slug`, not `id`\n * - identity pattern is stricter (no dots, no underscores): `^[a-z0-9][a-z0-9-]*$`\n * - `description` is OPTIONAL on the doctype; the LLM-facing copy\n * lives in `name`. We skip the description length check entirely.\n */\n\nimport { createDoctype } from \"@agentproto/define-doctype\"\nimport matter from \"gray-matter\"\nimport {\n policyFrontmatterSchema,\n type PolicyAppliesTo,\n type PolicyCap,\n type PolicyEscalation,\n type PolicyFrontmatter,\n type PolicyThreshold,\n type RequiredSigner,\n} from \"../spec/doctypes/policy.js\"\n\nconst POLICY_SLUG_PATTERN = /^[a-z0-9][a-z0-9-]*$/\n\n/**\n * Input to `definePolicy`. Mirrors `PolicyFrontmatter` minus the\n * spec-fixed `schema` and `doctype` fields (which the runtime fills).\n * Every other field is preserved verbatim.\n */\nexport interface PolicyDefinition {\n slug: string\n name: string\n description?: string\n appliesTo?: readonly PolicyAppliesTo[]\n caps?: readonly PolicyCap[]\n threshold?: PolicyThreshold\n /** Required when `threshold === \"weighted_threshold\"`. */\n requiredWeight?: number\n requiredSignatures?: readonly RequiredSigner[]\n /** ISO-8601 duration. */\n deadline?: string\n escalation?: PolicyEscalation\n metadata?: Record<string, unknown>\n}\n\n/**\n * The host-registrable handle returned by `definePolicy`. Frozen,\n * with array/object fields shallow-frozen to lock the wire shape.\n */\nexport interface PolicyHandle {\n readonly schema: \"agentgovernance/v1\"\n readonly doctype: \"policy\"\n readonly slug: string\n readonly name: string\n readonly description?: string\n readonly appliesTo: readonly PolicyAppliesTo[]\n readonly caps: readonly PolicyCap[]\n readonly threshold: PolicyThreshold\n readonly requiredWeight?: number\n readonly requiredSignatures: readonly RequiredSigner[]\n readonly deadline?: string\n readonly escalation?: PolicyEscalation\n readonly metadata: Record<string, unknown>\n}\n\n/**\n * AIP-7 reference implementation of `definePolicy`. Goes through\n * `createDoctype` so the cross-AIP invariants (slug pattern check,\n * top-level freeze, `definePolicy (AIP-7): …` error prefix) run\n * uniformly with `defineTool` / `defineDriver`.\n *\n * Spec-specific validation enforced here:\n * - `name` must be 1+ chars (zod-equivalent of `.min(1)`)\n * - `threshold === \"weighted_threshold\"` requires `requiredWeight`\n * to be set (matches the `.refine()` on the manifest schema).\n */\nexport const definePolicy = createDoctype<PolicyDefinition, PolicyHandle>({\n aip: 7,\n name: \"policy\",\n readIdentity: (def) => def.slug,\n idPattern: POLICY_SLUG_PATTERN,\n // POLICY.md treats `description` as optional and uses `name` as the\n // human-readable label. Skip the cross-AIP description check; let\n // spec-7 validate `name` itself in `validate()`.\n readDescription: false,\n validate(def) {\n if (typeof def.name !== \"string\" || def.name.length === 0) {\n throw new Error(\n `definePolicy (AIP-7): slug='${def.slug}' name must be a non-empty string`,\n )\n }\n if (\n def.threshold === \"weighted_threshold\" &&\n typeof def.requiredWeight !== \"number\"\n ) {\n throw new Error(\n `definePolicy (AIP-7): slug='${def.slug}' threshold='weighted_threshold' requires requiredWeight to be set`,\n )\n }\n },\n build(def) {\n return {\n schema: \"agentgovernance/v1\",\n doctype: \"policy\",\n slug: def.slug,\n name: def.name,\n description: def.description,\n appliesTo: Object.freeze([...(def.appliesTo ?? [])]),\n caps: Object.freeze([...(def.caps ?? [])]),\n threshold: def.threshold ?? \"single\",\n requiredWeight: def.requiredWeight,\n requiredSignatures: Object.freeze([...(def.requiredSignatures ?? [])]),\n deadline: def.deadline,\n escalation: def.escalation,\n metadata: Object.freeze({ ...(def.metadata ?? {}) }),\n }\n },\n})\n\n/**\n * Parsed POLICY.md manifest — frontmatter validated against the\n * AIP-7 zod schema, body kept as-is for downstream consumers.\n */\nexport interface PolicyManifest {\n frontmatter: PolicyFrontmatter\n body: string\n}\n\n/**\n * Parse a POLICY.md source string. Throws on missing or schema-invalid\n * frontmatter.\n */\nexport function parsePolicyManifest(source: string): PolicyManifest {\n const parsed = matter(source)\n if (Object.keys(parsed.data).length === 0) {\n throw new Error(\"parsePolicyManifest: missing or empty frontmatter\")\n }\n const result = policyFrontmatterSchema.safeParse(parsed.data)\n if (!result.success) {\n throw new Error(\n `parsePolicyManifest: invalid frontmatter — ${result.error.issues\n .map((i) => `${i.path.join(\".\")}: ${i.message}`)\n .join(\"; \")}`,\n )\n }\n return { frontmatter: result.data, body: parsed.content }\n}\n\n/**\n * Build a {@link PolicyHandle} from a parsed `POLICY.md` manifest.\n * Same single-source-of-truth principle as `toolFromManifest` /\n * `driverFromManifest`: the frontmatter is the source of truth for\n * metadata; the handle ends up in `definePolicy` so AIP-7 invariants\n * (and the meta-factory's shared invariants) run uniformly.\n */\nexport function policyFromManifest(manifest: PolicyManifest): PolicyHandle {\n const fm = manifest.frontmatter\n return definePolicy({\n slug: fm.slug,\n name: fm.name,\n description: fm.description,\n appliesTo: fm.appliesTo,\n caps: fm.caps,\n threshold: fm.threshold,\n requiredWeight: fm.requiredWeight,\n requiredSignatures: fm.requiredSignatures,\n deadline: fm.deadline,\n escalation: fm.escalation,\n metadata: fm.metadata,\n })\n}\n\nexport { POLICY_SLUG_PATTERN }\n"]}
@@ -0,0 +1,146 @@
1
+ import { z } from 'zod';
2
+
3
+ /**
4
+ * agentgovernance/v1 — POLICY.md doctype.
5
+ *
6
+ * Declarative autonomy rule. Frontmatter declares scope (who/what the policy
7
+ * applies to), constraints (caps, thresholds), and what's required when those
8
+ * thresholds are exceeded (signatures, escalation). Body is human-readable
9
+ * narrative + edge cases.
10
+ *
11
+ * File location: `<scope>/policies/<slug>/POLICY.md` (e.g.,
12
+ * `policies/invoice-cap-500eur/POLICY.md`).
13
+ *
14
+ * Example frontmatter:
15
+ *
16
+ * ```yaml
17
+ * schema: agentgovernance/v1
18
+ * doctype: policy
19
+ * slug: invoice-cap-500eur
20
+ * name: Invoice cap 500 EUR
21
+ * appliesTo:
22
+ * - actorKind: operator
23
+ * actionType: agency.issue_invoice
24
+ * caps:
25
+ * - field: amount
26
+ * max: 500
27
+ * currency: EUR
28
+ * threshold: single
29
+ * requiredSignatures:
30
+ * - signer: operator:founder
31
+ * method: typed_name
32
+ * deadline: PT24H
33
+ * escalation:
34
+ * leadTime: PT2H
35
+ * escalateTo: [operator:cofounder]
36
+ * ```
37
+ */
38
+ declare const policyAppliesToSchema: z.ZodObject<{
39
+ actorKind: z.ZodOptional<z.ZodEnum<{
40
+ operator: "operator";
41
+ user: "user";
42
+ counterparty: "counterparty";
43
+ agent: "agent";
44
+ system: "system";
45
+ }>>;
46
+ actorId: z.ZodOptional<z.ZodString>;
47
+ teamId: z.ZodOptional<z.ZodString>;
48
+ actionType: z.ZodOptional<z.ZodString>;
49
+ }, z.core.$strip>;
50
+ type PolicyAppliesTo = z.infer<typeof policyAppliesToSchema>;
51
+ declare const policyCapSchema: z.ZodObject<{
52
+ field: z.ZodString;
53
+ max: z.ZodOptional<z.ZodNumber>;
54
+ min: z.ZodOptional<z.ZodNumber>;
55
+ currency: z.ZodOptional<z.ZodString>;
56
+ }, z.core.$strip>;
57
+ type PolicyCap = z.infer<typeof policyCapSchema>;
58
+ /** How collected signatures are evaluated. */
59
+ declare const POLICY_THRESHOLD: readonly ["auto", "single", "all_of", "any_of", "weighted_threshold"];
60
+ declare const policyThresholdSchema: z.ZodEnum<{
61
+ auto: "auto";
62
+ single: "single";
63
+ all_of: "all_of";
64
+ any_of: "any_of";
65
+ weighted_threshold: "weighted_threshold";
66
+ }>;
67
+ type PolicyThreshold = z.infer<typeof policyThresholdSchema>;
68
+ declare const requiredSignerSchema: z.ZodObject<{
69
+ signer: z.ZodString;
70
+ method: z.ZodEnum<{
71
+ typed_name: "typed_name";
72
+ agent_confirm: "agent_confirm";
73
+ click_through: "click_through";
74
+ esign_external: "esign_external";
75
+ }>;
76
+ weight: z.ZodOptional<z.ZodNumber>;
77
+ }, z.core.$strip>;
78
+ type RequiredSigner = z.infer<typeof requiredSignerSchema>;
79
+ declare const policyEscalationSchema: z.ZodObject<{
80
+ leadTime: z.ZodString;
81
+ escalateTo: z.ZodArray<z.ZodString>;
82
+ }, z.core.$strip>;
83
+ type PolicyEscalation = z.infer<typeof policyEscalationSchema>;
84
+ declare const policyFrontmatterSchema: z.ZodObject<{
85
+ schema: z.ZodLiteral<"agentgovernance/v1">;
86
+ doctype: z.ZodLiteral<"policy">;
87
+ slug: z.ZodString;
88
+ name: z.ZodString;
89
+ description: z.ZodOptional<z.ZodString>;
90
+ appliesTo: z.ZodDefault<z.ZodArray<z.ZodObject<{
91
+ actorKind: z.ZodOptional<z.ZodEnum<{
92
+ operator: "operator";
93
+ user: "user";
94
+ counterparty: "counterparty";
95
+ agent: "agent";
96
+ system: "system";
97
+ }>>;
98
+ actorId: z.ZodOptional<z.ZodString>;
99
+ teamId: z.ZodOptional<z.ZodString>;
100
+ actionType: z.ZodOptional<z.ZodString>;
101
+ }, z.core.$strip>>>;
102
+ caps: z.ZodDefault<z.ZodArray<z.ZodObject<{
103
+ field: z.ZodString;
104
+ max: z.ZodOptional<z.ZodNumber>;
105
+ min: z.ZodOptional<z.ZodNumber>;
106
+ currency: z.ZodOptional<z.ZodString>;
107
+ }, z.core.$strip>>>;
108
+ threshold: z.ZodDefault<z.ZodEnum<{
109
+ auto: "auto";
110
+ single: "single";
111
+ all_of: "all_of";
112
+ any_of: "any_of";
113
+ weighted_threshold: "weighted_threshold";
114
+ }>>;
115
+ requiredWeight: z.ZodOptional<z.ZodNumber>;
116
+ requiredSignatures: z.ZodDefault<z.ZodArray<z.ZodObject<{
117
+ signer: z.ZodString;
118
+ method: z.ZodEnum<{
119
+ typed_name: "typed_name";
120
+ agent_confirm: "agent_confirm";
121
+ click_through: "click_through";
122
+ esign_external: "esign_external";
123
+ }>;
124
+ weight: z.ZodOptional<z.ZodNumber>;
125
+ }, z.core.$strip>>>;
126
+ deadline: z.ZodOptional<z.ZodString>;
127
+ escalation: z.ZodOptional<z.ZodObject<{
128
+ leadTime: z.ZodString;
129
+ escalateTo: z.ZodArray<z.ZodString>;
130
+ }, z.core.$strip>>;
131
+ metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
132
+ }, z.core.$strip>;
133
+ type PolicyFrontmatter = z.infer<typeof policyFrontmatterSchema>;
134
+ /**
135
+ * Parsed POLICY.md = frontmatter + markdown body.
136
+ * The body is informational (humans + agents can read it); it is NOT used by
137
+ * the policy engine for decisions.
138
+ */
139
+ interface Policy {
140
+ frontmatter: PolicyFrontmatter;
141
+ body: string;
142
+ }
143
+ /** Convenience filename helper. */
144
+ declare function policyDirname(slug: string): string;
145
+
146
+ export { POLICY_THRESHOLD as P, type RequiredSigner as R, type Policy as a, type PolicyAppliesTo as b, type PolicyCap as c, type PolicyEscalation as d, type PolicyFrontmatter as e, type PolicyThreshold as f, policyCapSchema as g, policyDirname as h, policyEscalationSchema as i, policyFrontmatterSchema as j, policyThresholdSchema as k, policyAppliesToSchema as p, requiredSignerSchema as r };