@agirails/sdk 2.7.0 → 3.1.0

package/dist/negotiation/PolicyEngine.d.ts

@@ -0,0 +1,126 @@
+/**
+ * PolicyEngine — Hard guardrails for autonomous negotiation.
+ *
+ * 5 non-negotiable checks before any escrow commitment:
+ * 1. unit_price <= max_unit_price
+ * 2. committed_today + projected_cost <= max_daily_spend
+ * 3. provider reputation >= min_reputation (if defined) — unknown = fail
+ * 4. quote not expired (within quote_ttl)
+ * 5. valid commerce_session_id
+ *
+ * Daily budget ledger persisted to `.actp/budget-ledger.json`
+ * using atomic write pattern (write-to-tmp + renameSync).
+ * Budget resets at UTC midnight.
+ */
+export interface BuyerPolicy {
+    task: string;
+    constraints: {
+        max_unit_price: {
+            amount: number;
+            currency: string;
+            unit: string;
+        };
+        max_daily_spend: {
+            amount: number;
+            currency: string;
+        };
+    };
+    negotiation: {
+        rounds_max: number;
+        quote_ttl: string;
+    };
+    selection: {
+        min_reputation?: number;
+        prioritize: ('quality' | 'price' | 'speed' | 'reliability')[];
+        weights?: {
+            quality?: number;
+            price?: number;
+            speed?: number;
+            reliability?: number;
+        };
+    };
+}
+export interface QuoteOffer {
+    provider: string;
+    unit_price: number;
+    currency: string;
+    unit: string;
+    /** Total projected cost for this job (unit_price * quantity). Falls back to unit_price if omitted. */
+    total_price?: number;
+    expires_at?: number;
+    reputation_score?: number;
+    commerce_session_id?: string;
+    /** Signal that this is a final offer — no further negotiation expected */
+    final_offer?: boolean;
+}
+export type PolicyViolation = {
+    rule: 'max_unit_price';
+    detail: string;
+} | {
+    rule: 'max_daily_spend';
+    detail: string;
+} | {
+    rule: 'min_reputation';
+    detail: string;
+} | {
+    rule: 'quote_expired';
+    detail: string;
+} | {
+    rule: 'missing_session_id';
+    detail: string;
+};
+export interface PolicyResult {
+    allowed: boolean;
+    violations: PolicyViolation[];
+}
+/** Single entry in the daily budget ledger */
+export interface BudgetEntry {
+    commerce_session_id: string;
+    actp_tx_id?: string;
+    amount: number;
+    currency: string;
+    status: 'reserved' | 'committed' | 'released';
+    created_at: string;
+}
+export declare class PolicyEngine {
+    private policy;
+    private actpDir;
+    private ledger;
+    constructor(policy: BuyerPolicy, actpDir?: string);
+    /**
+     * Validate a quote offer against all 5 policy guardrails.
+     */
+    validate(offer: QuoteOffer): PolicyResult;
+    /**
+     * Reserve budget for a pending commitment.
+     * Throws if the reservation would exceed max_daily_spend.
+     */
+    reserve(sessionId: string, amount: number, currency: string): void;
+    /**
+     * Commit a reservation (after escrow linked).
+     */
+    commit(sessionId: string, actpTxId: string): void;
+    /**
+     * Release a reservation (after cancel/dispute).
+     */
+    release(sessionId: string): void;
+    /**
+     * Get total committed + reserved exposure for today.
+     */
+    getCommittedToday(): number;
+    /**
+     * Parse a TTL string like "15m" or "2h" into seconds.
+     */
+    static parseTtl(ttl: string): number;
+    /**
+     * Get the quote TTL deadline (unix timestamp).
+     */
+    getQuoteDeadline(): number;
+    private getLedgerPath;
+    private todayString;
+    private ensureLedgerCurrent;
+    private loadLedger;
+    private ensureDir;
+    private saveLedger;
+}
+//# sourceMappingURL=PolicyEngine.d.ts.map

package/dist/negotiation/PolicyEngine.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"PolicyEngine.d.ts","sourceRoot":"","sources":["../../src/negotiation/PolicyEngine.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AASH,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE;QACX,cAAc,EAAE;YAAE,MAAM,EAAE,MAAM,CAAC;YAAC,QAAQ,EAAE,MAAM,CAAC;YAAC,IAAI,EAAE,MAAM,CAAA;SAAE,CAAC;QACnE,eAAe,EAAE;YAAE,MAAM,EAAE,MAAM,CAAC;YAAC,QAAQ,EAAE,MAAM,CAAA;SAAE,CAAC;KACvD,CAAC;IACF,WAAW,EAAE;QACX,UAAU,EAAE,MAAM,CAAC;QACnB,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;IACF,SAAS,EAAE;QACT,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,UAAU,EAAE,CAAC,SAAS,GAAG,OAAO,GAAG,OAAO,GAAG,aAAa,CAAC,EAAE,CAAC;QAC9D,OAAO,CAAC,EAAE;YAAE,OAAO,CAAC,EAAE,MAAM,CAAC;YAAC,KAAK,CAAC,EAAE,MAAM,CAAC;YAAC,KAAK,CAAC,EAAE,MAAM,CAAC;YAAC,WAAW,CAAC,EAAE,MAAM,CAAA;SAAE,CAAC;KACtF,CAAC;CACH;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,sGAAsG;IACtG,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,0EAA0E;IAC1E,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAED,MAAM,MAAM,eAAe,GACvB;IAAE,IAAI,EAAE,gBAAgB,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,GAC1C;IAAE,IAAI,EAAE,iBAAiB,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,GAC3C;IAAE,IAAI,EAAE,gBAAgB,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,GAC1C;IAAE,IAAI,EAAE,eAAe,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,GACzC;IAAE,IAAI,EAAE,oBAAoB,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC;AAEnD,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,EAAE,eAAe,EAAE,CAAC;CAC/B;AAED,8CAA8C;AAC9C,MAAM,WAAW,WAAW;IAC1B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,UAAU,GAAG,WAAW,GAAG,UAAU,CAAC;IAC9C,UAAU,EAAE,MAAM,CAAC;CACpB;AAaD,qBAAa,YAAY;IACvB,OAAO,CAAC,MAAM,CAAc;IAC5B,OAAO,CAAC,OAAO,CAAS;IACxB,OAAO,CAAC,MAAM,CAAmB;gBAErB,MAAM,EAAE,WAAW,EAAE,OAAO,CAAC,EAAE,MAAM;IAMjD;;OAEG;IACH,QAAQ,CAAC,KAAK,EAAE,UAAU,GAAG,YAAY;IA0FzC;;;OAGG;IACH,OAAO,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,IAAI;IAkClE;;OAEG;IACH,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,IAAI;IAWjD;;OAEG;IACH,OAAO,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI;IAUhC;;OAEG;IACH,iBAAiB,IAAI,MAAM;IAO3B;;OAEG;IACH,MAAM,CAAC,QAAQ,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM;IAYpC;;OAEG;IACH,gBAAgB,IAAI,MAAM;IAS1B,OAAO,CAAC,aAAa;IAIrB,OAAO,CAAC,WAAW;IAKnB,OAAO,CAAC,mBAAmB;IAQ3B,OAAO,CAAC,UAAU;IAkBlB,OAAO,CAAC,SAAS;IAWjB,OAAO,CAAC,UAAU;CA2BnB"}

package/dist/negotiation/PolicyEngine.js

@@ -0,0 +1,265 @@
+"use strict";
+/**
+ * PolicyEngine — Hard guardrails for autonomous negotiation.
+ *
+ * 5 non-negotiable checks before any escrow commitment:
+ * 1. unit_price <= max_unit_price
+ * 2. committed_today + projected_cost <= max_daily_spend
+ * 3. provider reputation >= min_reputation (if defined) — unknown = fail
+ * 4. quote not expired (within quote_ttl)
+ * 5. valid commerce_session_id
+ *
+ * Daily budget ledger persisted to `.actp/budget-ledger.json`
+ * using atomic write pattern (write-to-tmp + renameSync).
+ * Budget resets at UTC midnight.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PolicyEngine = void 0;
+const fs_1 = require("fs");
+const path_1 = require("path");
+// ============================================================================
+// PolicyEngine
+// ============================================================================
+class PolicyEngine {
+    constructor(policy, actpDir) {
+        this.policy = policy;
+        this.actpDir = actpDir ?? (process.env.ACTP_DIR || (0, path_1.join)(process.cwd(), '.actp'));
+        this.ledger = this.loadLedger();
+    }
+    /**
+     * Validate a quote offer against all 5 policy guardrails.
+     */
+    validate(offer) {
+        const violations = [];
+        // 0. Sanity check — reject NaN, negative, non-finite prices
+        if (!Number.isFinite(offer.unit_price) || offer.unit_price < 0) {
+            return {
+                allowed: false,
+                violations: [{ rule: 'max_unit_price', detail: `Invalid unit_price: ${offer.unit_price} (must be finite and >= 0)` }],
+            };
+        }
+        if (offer.total_price != null && (!Number.isFinite(offer.total_price) || offer.total_price < 0)) {
+            return {
+                allowed: false,
+                violations: [{ rule: 'max_daily_spend', detail: `Invalid total_price: ${offer.total_price} (must be finite and >= 0)` }],
+            };
+        }
+        // 1. Unit price check (with currency/unit consistency enforcement)
+        if (offer.currency.toUpperCase() !== this.policy.constraints.max_unit_price.currency.toUpperCase()) {
+            violations.push({
+                rule: 'max_unit_price',
+                detail: `Currency mismatch: offer is ${offer.currency}, policy requires ${this.policy.constraints.max_unit_price.currency}`,
+            });
+        }
+        else if (offer.unit !== this.policy.constraints.max_unit_price.unit) {
+            violations.push({
+                rule: 'max_unit_price',
+                detail: `Unit mismatch: offer is per-${offer.unit}, policy requires per-${this.policy.constraints.max_unit_price.unit}`,
+            });
+        }
+        else if (offer.unit_price > this.policy.constraints.max_unit_price.amount) {
+            violations.push({
+                rule: 'max_unit_price',
+                detail: `${offer.unit_price} ${offer.currency}/${offer.unit} exceeds max ${this.policy.constraints.max_unit_price.amount} ${this.policy.constraints.max_unit_price.currency}/${this.policy.constraints.max_unit_price.unit}`,
+            });
+        }
+        // 2. Daily spend check (with currency consistency)
+        const projectedCost = offer.total_price ?? offer.unit_price;
+        if (offer.currency.toUpperCase() !== this.policy.constraints.max_daily_spend.currency.toUpperCase()) {
+            violations.push({
+                rule: 'max_daily_spend',
+                detail: `Currency mismatch: offer is ${offer.currency}, daily spend limit is ${this.policy.constraints.max_daily_spend.currency}`,
+            });
+        }
+        else {
+            const committedToday = this.getCommittedToday();
+            const projectedTotal = committedToday + projectedCost;
+            if (projectedTotal > this.policy.constraints.max_daily_spend.amount) {
+                violations.push({
+                    rule: 'max_daily_spend',
+                    detail: `Committed today: ${committedToday}, projected: ${projectedTotal}, max: ${this.policy.constraints.max_daily_spend.amount} ${this.policy.constraints.max_daily_spend.currency}`,
+                });
+            }
+        }
+        // 3. Reputation check — unknown (missing score) = fail when min_reputation is set
+        if (this.policy.selection.min_reputation != null) {
+            if (offer.reputation_score == null ||
+                offer.reputation_score < this.policy.selection.min_reputation) {
+                violations.push({
+                    rule: 'min_reputation',
+                    detail: offer.reputation_score == null
+                        ? `Provider reputation unknown — min ${this.policy.selection.min_reputation} required`
+                        : `Provider reputation ${offer.reputation_score} below minimum ${this.policy.selection.min_reputation}`,
+                });
+            }
+        }
+        // 4. Quote expiry check
+        if (offer.expires_at != null && offer.expires_at <= Math.floor(Date.now() / 1000)) {
+            violations.push({
+                rule: 'quote_expired',
+                detail: `Quote expired at ${new Date(offer.expires_at * 1000).toISOString()}`,
+            });
+        }
+        // 5. Session ID check
+        if (!offer.commerce_session_id) {
+            violations.push({
+                rule: 'missing_session_id',
+                detail: 'No commerce_session_id provided',
+            });
+        }
+        return {
+            allowed: violations.length === 0,
+            violations,
+        };
+    }
+    /**
+     * Reserve budget for a pending commitment.
+     * Throws if the reservation would exceed max_daily_spend.
+     */
+    reserve(sessionId, amount, currency) {
+        if (!Number.isFinite(amount) || amount < 0) {
+            throw new Error(`Invalid reserve amount: ${amount} (must be finite and >= 0)`);
+        }
+        const policyCurrency = this.policy.constraints.max_daily_spend.currency;
+        if (currency.toUpperCase() !== policyCurrency.toUpperCase()) {
+            throw new Error(`Currency mismatch in reserve: ${currency} does not match policy currency ${policyCurrency}`);
+        }
+        this.ensureLedgerCurrent();
+        // Enforce budget at reservation time (defense in depth — not just in validate())
+        const committedToday = this.getCommittedToday();
+        if (committedToday + amount > this.policy.constraints.max_daily_spend.amount) {
+            throw new Error(`Budget exceeded: reserving ${amount} ${currency} would exceed daily limit ` +
+                `${this.policy.constraints.max_daily_spend.amount} ${this.policy.constraints.max_daily_spend.currency} ` +
+                `(already committed: ${committedToday})`);
+        }
+        this.ledger.entries.push({
+            commerce_session_id: sessionId,
+            amount,
+            currency,
+            status: 'reserved',
+            created_at: new Date().toISOString(),
+        });
+        this.saveLedger();
+    }
+    /**
+     * Commit a reservation (after escrow linked).
+     */
+    commit(sessionId, actpTxId) {
+        const entry = this.ledger.entries.find((e) => e.commerce_session_id === sessionId && e.status === 'reserved');
+        if (entry) {
+            entry.status = 'committed';
+            entry.actp_tx_id = actpTxId;
+            this.saveLedger();
+        }
+    }
+    /**
+     * Release a reservation (after cancel/dispute).
+     */
+    release(sessionId) {
+        const entry = this.ledger.entries.find((e) => e.commerce_session_id === sessionId && (e.status === 'reserved' || e.status === 'committed'));
+        if (entry) {
+            entry.status = 'released';
+            this.saveLedger();
+        }
+    }
+    /**
+     * Get total committed + reserved exposure for today.
+     */
+    getCommittedToday() {
+        this.ensureLedgerCurrent();
+        return this.ledger.entries
+            .filter((e) => e.status === 'reserved' || e.status === 'committed')
+            .reduce((sum, e) => sum + e.amount, 0);
+    }
+    /**
+     * Parse a TTL string like "15m" or "2h" into seconds.
+     */
+    static parseTtl(ttl) {
+        const match = ttl.match(/^(\d+)(s|m|h)$/);
+        if (!match)
+            throw new Error(`Invalid TTL format: ${ttl}`);
+        const value = parseInt(match[1], 10);
+        switch (match[2]) {
+            case 's': return value;
+            case 'm': return value * 60;
+            case 'h': return value * 3600;
+            default: throw new Error(`Invalid TTL unit: ${match[2]}`);
+        }
+    }
+    /**
+     * Get the quote TTL deadline (unix timestamp).
+     */
+    getQuoteDeadline() {
+        const ttlSeconds = PolicyEngine.parseTtl(this.policy.negotiation.quote_ttl);
+        return Math.floor(Date.now() / 1000) + ttlSeconds;
+    }
+    // ============================================================================
+    // Budget Ledger Persistence
+    // ============================================================================
+    getLedgerPath() {
+        return (0, path_1.join)(this.actpDir, 'budget-ledger.json');
+    }
+    todayString() {
+        // UTC — daily budget resets at UTC midnight.
+        return new Date().toISOString().split('T')[0];
+    }
+    ensureLedgerCurrent() {
+        const today = this.todayString();
+        if (this.ledger.date !== today) {
+            this.ledger = { version: 1, date: today, entries: [] };
+            this.saveLedger();
+        }
+    }
+    loadLedger() {
+        const path = this.getLedgerPath();
+        const today = this.todayString();
+        try {
+            if (!(0, fs_1.existsSync)(path)) {
+                return { version: 1, date: today, entries: [] };
+            }
+            const raw = JSON.parse((0, fs_1.readFileSync)(path, 'utf8'));
+            if (raw.version !== 1 || raw.date !== today) {
+                return { version: 1, date: today, entries: [] };
+            }
+            return raw;
+        }
+        catch {
+            return { version: 1, date: today, entries: [] };
+        }
+    }
+    ensureDir() {
+        if ((0, fs_1.existsSync)(this.actpDir)) {
+            const stat = (0, fs_1.lstatSync)(this.actpDir);
+            if (!stat.isDirectory() || stat.isSymbolicLink()) {
+                throw new Error(`Security: ${this.actpDir} is not a real directory`);
+            }
+        }
+        else {
+            (0, fs_1.mkdirSync)(this.actpDir, { recursive: true, mode: 0o700 });
+        }
+    }
+    saveLedger() {
+        this.ensureDir();
+        const filePath = this.getLedgerPath();
+        // Guard against target file being a symlink
+        if ((0, fs_1.existsSync)(filePath)) {
+            const fileStat = (0, fs_1.lstatSync)(filePath);
+            if (fileStat.isSymbolicLink()) {
+                throw new Error(`Security: ${filePath} is a symlink — refusing to overwrite`);
+            }
+        }
+        const tmpPath = filePath + '.tmp';
+        // Guard against tmp file being a symlink
+        if ((0, fs_1.existsSync)(tmpPath)) {
+            const tmpStat = (0, fs_1.lstatSync)(tmpPath);
+            if (tmpStat.isSymbolicLink()) {
+                throw new Error(`Security: ${tmpPath} is a symlink — refusing to write`);
+            }
+        }
+        // Atomic write
+        (0, fs_1.writeFileSync)(tmpPath, JSON.stringify(this.ledger, null, 2), { mode: 0o600 });
+        (0, fs_1.renameSync)(tmpPath, filePath);
+    }
+}
+exports.PolicyEngine = PolicyEngine;
+//# sourceMappingURL=PolicyEngine.js.map

package/dist/negotiation/PolicyEngine.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"PolicyEngine.js","sourceRoot":"","sources":["../../src/negotiation/PolicyEngine.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;;AAEH,2BAA+F;AAC/F,+BAA4B;AAkE5B,+EAA+E;AAC/E,eAAe;AACf,+EAA+E;AAE/E,MAAa,YAAY;IAKvB,YAAY,MAAmB,EAAE,OAAgB;QAC/C,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,OAAO,GAAG,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,IAAA,WAAI,EAAC,OAAO,CAAC,GAAG,EAAE,EAAE,OAAO,CAAC,CAAC,CAAC;QACjF,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;IAClC,CAAC;IAED;;OAEG;IACH,QAAQ,CAAC,KAAiB;QACxB,MAAM,UAAU,GAAsB,EAAE,CAAC;QAEzC,4DAA4D;QAC5D,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,KAAK,CAAC,UAAU,GAAG,CAAC,EAAE,CAAC;YAC/D,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,UAAU,EAAE,CAAC,EAAE,IAAI,EAAE,gBAAgB,EAAE,MAAM,EAAE,uBAAuB,KAAK,CAAC,UAAU,4BAA4B,EAAE,CAAC;aACtH,CAAC;QACJ,CAAC;QACD,IAAI,KAAK,CAAC,WAAW,IAAI,IAAI,IAAI,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,WAAW,CAAC,IAAI,KAAK,CAAC,WAAW,GAAG,CAAC,CAAC,EAAE,CAAC;YAChG,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,UAAU,EAAE,CAAC,EAAE,IAAI,EAAE,iBAAiB,EAAE,MAAM,EAAE,wBAAwB,KAAK,CAAC,WAAW,4BAA4B,EAAE,CAAC;aACzH,CAAC;QACJ,CAAC;QAED,mEAAmE;QACnE,IAAI,KAAK,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,cAAc,CAAC,QAAQ,CAAC,WAAW,EAAE,EAAE,CAAC;YACnG,UAAU,CAAC,IAAI,CAAC;gBACd,IAAI,EAAE,gBAAgB;gBACtB,MAAM,EAAE,+BAA+B,KAAK,CAAC,QAAQ,qBAAqB,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,cAAc,CAAC,QAAQ,EAAE;aAC5H,CAAC,CAAC;QACL,CAAC;aAAM,IAAI,KAAK,CAAC,IAAI,KAAK,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;YACtE,UAAU,CAAC,IAAI,CAAC;gBACd,IAAI,EAAE,gBAAgB;gBACtB,MAAM,EAAE,+BAA+B,KAAK,CAAC,IAAI,yBAAyB,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,cAAc,CAAC,IAAI,EAAE;aACxH,CAAC,CAAC;QACL,CAAC;aAAM,IAAI,KAAK,CAAC,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,cAAc,CAAC,MAAM,EAAE,CAAC;YAC5E,UAAU,CAAC,IAAI,CAAC;gBACd,IAAI,EAAE,gBAAgB;gBACtB,MAAM,EAAE,GAAG,KAAK,CAAC,UAAU,IAAI,KAAK,CAAC,QAAQ,IAAI,KAAK,CAAC,IAAI,gBAAgB,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,cAAc,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,cAAc,CAAC,QAAQ,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,cAAc,CAAC,IAAI,EAAE;aAC7N,CAAC,CAAC;QACL,CAAC;QAED,mDAAmD;QACnD,MAAM,aAAa,GAAG,KAAK,CAAC,WAAW,IAAI,KAAK,CAAC,UAAU,CAAC;QAC5D,IAAI,KAAK,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,eAAe,CAAC,QAAQ,CAAC,WAAW,EAAE,EAAE,CAAC;YACpG,UAAU,CAAC,IAAI,CAAC;gBACd,IAAI,EAAE,iBAAiB;gBACvB,MAAM,EAAE,+BAA+B,KAAK,CAAC,QAAQ,0BAA0B,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,eAAe,CAAC,QAAQ,EAAE;aAClI,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,MAAM,cAAc,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAChD,MAAM,cAAc,GAAG,cAAc,GAAG,aAAa,CAAC;YACtD,IAAI,cAAc,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,eAAe,CAAC,MAAM,EAAE,CAAC;gBACpE,UAAU,CAAC,IAAI,CAAC;oBACd,IAAI,EAAE,iBAAiB;oBACvB,MAAM,EAAE,oBAAoB,cAAc,gBAAgB,cAAc,UAAU,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,eAAe,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,eAAe,CAAC,QAAQ,EAAE;iBACvL,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,kFAAkF;QAClF,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,cAAc,IAAI,IAAI,EAAE,CAAC;YACjD,IACE,KAAK,CAAC,gBAAgB,IAAI,IAAI;gBAC9B,KAAK,CAAC,gBAAgB,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,cAAc,EAC7D,CAAC;gBACD,UAAU,CAAC,IAAI,CAAC;oBACd,IAAI,EAAE,gBAAgB;oBACtB,MAAM,EAAE,KAAK,CAAC,gBAAgB,IAAI,IAAI;wBACpC,CAAC,CAAC,qCAAqC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,cAAc,WAAW;wBACtF,CAAC,CAAC,uBAAuB,KAAK,CAAC,gBAAgB,kBAAkB,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,cAAc,EAAE;iBAC1G,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,wBAAwB;QACxB,IAAI,KAAK,CAAC,UAAU,IAAI,IAAI,IAAI,KAAK,CAAC,UAAU,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC;YAClF,UAAU,CAAC,IAAI,CAAC;gBACd,IAAI,EAAE,eAAe;gBACrB,MAAM,EAAE,oBAAoB,IAAI,IAAI,CAAC,KAAK,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,EAAE;aAC9E,CAAC,CAAC;QACL,CAAC;QAED,sBAAsB;QACtB,IAAI,CAAC,KAAK,CAAC,mBAAmB,EAAE,CAAC;YAC/B,UAAU,CAAC,IAAI,CAAC;gBACd,IAAI,EAAE,oBAAoB;gBAC1B,MAAM,EAAE,iCAAiC;aAC1C,CAAC,CAAC;QACL,CAAC;QAED,OAAO;YACL,OAAO,EAAE,UAAU,CAAC,MAAM,KAAK,CAAC;YAChC,UAAU;SACX,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,OAAO,CAAC,SAAiB,EAAE,MAAc,EAAE,QAAgB;QACzD,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3C,MAAM,IAAI,KAAK,CAAC,2BAA2B,MAAM,4BAA4B,CAAC,CAAC;QACjF,CAAC;QAED,MAAM,cAAc,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,eAAe,CAAC,QAAQ,CAAC;QACxE,IAAI,QAAQ,CAAC,WAAW,EAAE,KAAK,cAAc,CAAC,WAAW,EAAE,EAAE,CAAC;YAC5D,MAAM,IAAI,KAAK,CACb,iCAAiC,QAAQ,mCAAmC,cAAc,EAAE,CAC7F,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,mBAAmB,EAAE,CAAC;QAE3B,iFAAiF;QACjF,MAAM,cAAc,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAChD,IAAI,cAAc,GAAG,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,eAAe,CAAC,MAAM,EAAE,CAAC;YAC7E,MAAM,IAAI,KAAK,CACb,8BAA8B,MAAM,IAAI,QAAQ,4BAA4B;gBAC5E,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,eAAe,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,eAAe,CAAC,QAAQ,GAAG;gBACxG,uBAAuB,cAAc,GAAG,CACzC,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC;YACvB,mBAAmB,EAAE,SAAS;YAC9B,MAAM;YACN,QAAQ;YACR,MAAM,EAAE,UAAU;YAClB,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACrC,CAAC,CAAC;QACH,IAAI,CAAC,UAAU,EAAE,CAAC;IACpB,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,SAAiB,EAAE,QAAgB;QACxC,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CACpC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,mBAAmB,KAAK,SAAS,IAAI,CAAC,CAAC,MAAM,KAAK,UAAU,CACtE,CAAC;QACF,IAAI,KAAK,EAAE,CAAC;YACV,KAAK,CAAC,MAAM,GAAG,WAAW,CAAC;YAC3B,KAAK,CAAC,UAAU,GAAG,QAAQ,CAAC;YAC5B,IAAI,CAAC,UAAU,EAAE,CAAC;QACpB,CAAC;IACH,CAAC;IAED;;OAEG;IACH,OAAO,CAAC,SAAiB;QACvB,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CACpC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,mBAAmB,KAAK,SAAS,IAAI,CAAC,CAAC,CAAC,MAAM,KAAK,UAAU,IAAI,CAAC,CAAC,MAAM,KAAK,WAAW,CAAC,CACpG,CAAC;QACF,IAAI,KAAK,EAAE,CAAC;YACV,KAAK,CAAC,MAAM,GAAG,UAAU,CAAC;YAC1B,IAAI,CAAC,UAAU,EAAE,CAAC;QACpB,CAAC;IACH,CAAC;IAED;;OAEG;IACH,iBAAiB;QACf,IAAI,CAAC,mBAAmB,EAAE,CAAC;QAC3B,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO;aACvB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,UAAU,IAAI,CAAC,CAAC,MAAM,KAAK,WAAW,CAAC;aAClE,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IAC3C,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,QAAQ,CAAC,GAAW;QACzB,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAC1C,IAAI,CAAC,KAAK;YAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,GAAG,EAAE,CAAC,CAAC;QAC1D,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACrC,QAAQ,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;YACjB,KAAK,GAAG,CAAC,CAAC,OAAO,KAAK,CAAC;YACvB,KAAK,GAAG,CAAC,CAAC,OAAO,KAAK,GAAG,EAAE,CAAC;YAC5B,KAAK,GAAG,CAAC,CAAC,OAAO,KAAK,GAAG,IAAI,CAAC;YAC9B,OAAO,CAAC,CAAC,MAAM,IAAI,KAAK,CAAC,qBAAqB,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;IAED;;OAEG;IACH,gBAAgB;QACd,MAAM,UAAU,GAAG,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QAC5E,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,UAAU,CAAC;IACpD,CAAC;IAED,+EAA+E;IAC/E,4BAA4B;IAC5B,+EAA+E;IAEvE,aAAa;QACnB,OAAO,IAAA,WAAI,EAAC,IAAI,CAAC,OAAO,EAAE,oBAAoB,CAAC,CAAC;IAClD,CAAC;IAEO,WAAW;QACjB,6CAA6C;QAC7C,OAAO,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAChD,CAAC;IAEO,mBAAmB;QACzB,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QACjC,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC;YAC/B,IAAI,CAAC,MAAM,GAAG,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;YACvD,IAAI,CAAC,UAAU,EAAE,CAAC;QACpB,CAAC;IACH,CAAC;IAEO,UAAU;QAChB,MAAM,IAAI,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QAClC,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QAEjC,IAAI,CAAC;YACH,IAAI,CAAC,IAAA,eAAU,EAAC,IAAI,CAAC,EAAE,CAAC;gBACtB,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;YAClD,CAAC;YACD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAA,iBAAY,EAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC;YACnD,IAAI,GAAG,CAAC,OAAO,KAAK,CAAC,IAAI,GAAG,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC;gBAC5C,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;YAClD,CAAC;YACD,OAAO,GAAuB,CAAC;QACjC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;QAClD,CAAC;IACH,CAAC;IAEO,SAAS;QACf,IAAI,IAAA,eAAU,EAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7B,MAAM,IAAI,GAAG,IAAA,cAAS,EAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACrC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,IAAI,CAAC,cAAc,EAAE,EAAE,CAAC;gBACjD,MAAM,IAAI,KAAK,CAAC,aAAa,IAAI,CAAC,OAAO,0BAA0B,CAAC,CAAC;YACvE,CAAC;QACH,CAAC;aAAM,CAAC;YACN,IAAA,cAAS,EAAC,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;IAEO,UAAU;QAChB,IAAI,CAAC,SAAS,EAAE,CAAC;QAEjB,MAAM,QAAQ,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QAEtC,4CAA4C;QAC5C,IAAI,IAAA,eAAU,EAAC,QAAQ,CAAC,EAAE,CAAC;YACzB,MAAM,QAAQ,GAAG,IAAA,cAAS,EAAC,QAAQ,CAAC,CAAC;YACrC,IAAI,QAAQ,CAAC,cAAc,EAAE,EAAE,CAAC;gBAC9B,MAAM,IAAI,KAAK,CAAC,aAAa,QAAQ,uCAAuC,CAAC,CAAC;YAChF,CAAC;QACH,CAAC;QAED,MAAM,OAAO,GAAG,QAAQ,GAAG,MAAM,CAAC;QAElC,yCAAyC;QACzC,IAAI,IAAA,eAAU,EAAC,OAAO,CAAC,EAAE,CAAC;YACxB,MAAM,OAAO,GAAG,IAAA,cAAS,EAAC,OAAO,CAAC,CAAC;YACnC,IAAI,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC;gBAC7B,MAAM,IAAI,KAAK,CAAC,aAAa,OAAO,mCAAmC,CAAC,CAAC;YAC3E,CAAC;QACH,CAAC;QAED,eAAe;QACf,IAAA,kBAAa,EAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAC9E,IAAA,eAAU,EAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAChC,CAAC;CACF;AAvRD,oCAuRC"}

package/dist/negotiation/SessionStore.d.ts

@@ -0,0 +1,57 @@
+/**
+ * SessionStore — Commerce session tracking and traceability.
+ *
+ * Every negotiation carries a canonical `commerce_session_id` (UUID).
+ * No createTransaction() is allowed without a session ID.
+ *
+ * Persisted to `.actp/sessions.json` using atomic writes.
+ */
+export interface SessionMapping {
+    commerce_session_id: string;
+    actp_tx_id?: string;
+    task: string;
+    candidates_tried: string[];
+    selected_provider?: string;
+    status: 'active' | 'committed' | 'completed' | 'failed' | 'cancelled';
+    attempts: number;
+    created_at: string;
+    updated_at: string;
+}
+export declare class SessionStore {
+    private actpDir;
+    private sessions;
+    constructor(actpDir?: string);
+    /**
+     * Create a new commerce session.
+     */
+    create(task: string): SessionMapping;
+    /**
+     * Get a session by ID.
+     */
+    get(sessionId: string): SessionMapping | undefined;
+    /**
+     * Find a session by ACTP transaction ID.
+     */
+    findByTxId(txId: string): SessionMapping | undefined;
+    /**
+     * Record a candidate attempt (provider tried).
+     */
+    recordAttempt(sessionId: string, providerSlug: string): void;
+    /**
+     * Link a session to an ACTP transaction.
+     */
+    linkTransaction(sessionId: string, txId: string, providerSlug: string): void;
+    /**
+     * Update session status.
+     */
+    updateStatus(sessionId: string, status: SessionMapping['status']): void;
+    /**
+     * List all sessions, optionally filtered by status.
+     */
+    list(status?: SessionMapping['status']): SessionMapping[];
+    private getFilePath;
+    private load;
+    private pruneOldSessions;
+    private save;
+}
+//# sourceMappingURL=SessionStore.d.ts.map

package/dist/negotiation/SessionStore.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"SessionStore.d.ts","sourceRoot":"","sources":["../../src/negotiation/SessionStore.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAUH,MAAM,WAAW,cAAc;IAC7B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,MAAM,EAAE,QAAQ,GAAG,WAAW,GAAG,WAAW,GAAG,QAAQ,GAAG,WAAW,CAAC;IACtE,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAWD,qBAAa,YAAY;IACvB,OAAO,CAAC,OAAO,CAAS;IACxB,OAAO,CAAC,QAAQ,CAA8B;gBAElC,OAAO,CAAC,EAAE,MAAM;IAM5B;;OAEG;IACH,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,cAAc;IAepC;;OAEG;IACH,GAAG,CAAC,SAAS,EAAE,MAAM,GAAG,cAAc,GAAG,SAAS;IAIlD;;OAEG;IACH,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,cAAc,GAAG,SAAS;IAOpD;;OAEG;IACH,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,IAAI;IAY5D;;OAEG;IACH,eAAe,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,IAAI;IAW5E;;OAEG;IACH,YAAY,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI;IASvE;;OAEG;IACH,IAAI,CAAC,MAAM,CAAC,EAAE,cAAc,CAAC,QAAQ,CAAC,GAAG,cAAc,EAAE;IAUzD,OAAO,CAAC,WAAW;IAInB,OAAO,CAAC,IAAI;IAgBZ,OAAO,CAAC,gBAAgB;IAcxB,OAAO,CAAC,IAAI;CAwCb"}

package/dist/negotiation/SessionStore.js

@@ -0,0 +1,179 @@
+"use strict";
+/**
+ * SessionStore — Commerce session tracking and traceability.
+ *
+ * Every negotiation carries a canonical `commerce_session_id` (UUID).
+ * No createTransaction() is allowed without a session ID.
+ *
+ * Persisted to `.actp/sessions.json` using atomic writes.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SessionStore = void 0;
+const crypto_1 = require("crypto");
+const fs_1 = require("fs");
+const path_1 = require("path");
+// ============================================================================
+// SessionStore
+// ============================================================================
+class SessionStore {
+    constructor(actpDir) {
+        this.actpDir = actpDir ?? (process.env.ACTP_DIR || (0, path_1.join)(process.cwd(), '.actp'));
+        this.sessions = new Map();
+        this.load();
+    }
+    /**
+     * Create a new commerce session.
+     */
+    create(task) {
+        const session = {
+            commerce_session_id: (0, crypto_1.randomUUID)(),
+            task,
+            candidates_tried: [],
+            status: 'active',
+            attempts: 0,
+            created_at: new Date().toISOString(),
+            updated_at: new Date().toISOString(),
+        };
+        this.sessions.set(session.commerce_session_id, session);
+        this.save();
+        return session;
+    }
+    /**
+     * Get a session by ID.
+     */
+    get(sessionId) {
+        return this.sessions.get(sessionId);
+    }
+    /**
+     * Find a session by ACTP transaction ID.
+     */
+    findByTxId(txId) {
+        for (const session of this.sessions.values()) {
+            if (session.actp_tx_id === txId)
+                return session;
+        }
+        return undefined;
+    }
+    /**
+     * Record a candidate attempt (provider tried).
+     */
+    recordAttempt(sessionId, providerSlug) {
+        const session = this.sessions.get(sessionId);
+        if (!session)
+            throw new Error(`Session not found: ${sessionId}`);
+        if (!session.candidates_tried.includes(providerSlug)) {
+            session.candidates_tried.push(providerSlug);
+        }
+        session.attempts++;
+        session.updated_at = new Date().toISOString();
+        this.save();
+    }
+    /**
+     * Link a session to an ACTP transaction.
+     */
+    linkTransaction(sessionId, txId, providerSlug) {
+        const session = this.sessions.get(sessionId);
+        if (!session)
+            throw new Error(`Session not found: ${sessionId}`);
+        session.actp_tx_id = txId;
+        session.selected_provider = providerSlug;
+        session.status = 'committed';
+        session.updated_at = new Date().toISOString();
+        this.save();
+    }
+    /**
+     * Update session status.
+     */
+    updateStatus(sessionId, status) {
+        const session = this.sessions.get(sessionId);
+        if (!session)
+            throw new Error(`Session not found: ${sessionId}`);
+        session.status = status;
+        session.updated_at = new Date().toISOString();
+        this.save();
+    }
+    /**
+     * List all sessions, optionally filtered by status.
+     */
+    list(status) {
+        const all = Array.from(this.sessions.values());
+        if (!status)
+            return all;
+        return all.filter((s) => s.status === status);
+    }
+    // ============================================================================
+    // Persistence
+    // ============================================================================
+    getFilePath() {
+        return (0, path_1.join)(this.actpDir, 'sessions.json');
+    }
+    load() {
+        const path = this.getFilePath();
+        try {
+            if (!(0, fs_1.existsSync)(path))
+                return;
+            const raw = JSON.parse((0, fs_1.readFileSync)(path, 'utf8'));
+            if (raw.version !== 1)
+                return;
+            for (const session of raw.sessions) {
+                this.sessions.set(session.commerce_session_id, session);
+            }
+            // Prune terminal sessions older than 30 days
+            this.pruneOldSessions();
+        }
+        catch {
+            // Corrupted file — start fresh
+        }
+    }
+    pruneOldSessions(maxAgeDays = 30) {
+        const cutoff = new Date();
+        cutoff.setDate(cutoff.getDate() - maxAgeDays);
+        const terminalStatuses = ['completed', 'failed', 'cancelled'];
+        let pruned = false;
+        for (const [id, session] of this.sessions) {
+            if (terminalStatuses.includes(session.status) && new Date(session.updated_at) < cutoff) {
+                this.sessions.delete(id);
+                pruned = true;
+            }
+        }
+        if (pruned)
+            this.save();
+    }
+    save() {
+        // Ensure directory exists
+        if ((0, fs_1.existsSync)(this.actpDir)) {
+            const stat = (0, fs_1.lstatSync)(this.actpDir);
+            if (!stat.isDirectory() || stat.isSymbolicLink()) {
+                throw new Error(`Security: ${this.actpDir} is not a real directory`);
+            }
+        }
+        else {
+            (0, fs_1.mkdirSync)(this.actpDir, { recursive: true, mode: 0o700 });
+        }
+        const data = {
+            version: 1,
+            sessions: Array.from(this.sessions.values()),
+        };
+        const filePath = this.getFilePath();
+        // Guard against target file being a symlink
+        if ((0, fs_1.existsSync)(filePath)) {
+            const fileStat = (0, fs_1.lstatSync)(filePath);
+            if (fileStat.isSymbolicLink()) {
+                throw new Error(`Security: ${filePath} is a symlink — refusing to overwrite`);
+            }
+        }
+        const tmpPath = filePath + '.tmp';
+        // Guard against tmp file being a symlink
+        if ((0, fs_1.existsSync)(tmpPath)) {
+            const tmpStat = (0, fs_1.lstatSync)(tmpPath);
+            if (tmpStat.isSymbolicLink()) {
+                throw new Error(`Security: ${tmpPath} is a symlink — refusing to write`);
+            }
+        }
+        // Atomic write
+        (0, fs_1.writeFileSync)(tmpPath, JSON.stringify(data, null, 2), { mode: 0o600 });
+        (0, fs_1.renameSync)(tmpPath, filePath);
+    }
+}
+exports.SessionStore = SessionStore;
+//# sourceMappingURL=SessionStore.js.map

package/dist/negotiation/SessionStore.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"SessionStore.js","sourceRoot":"","sources":["../../src/negotiation/SessionStore.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;AAEH,mCAAoC;AACpC,2BAA+F;AAC/F,+BAA4B;AAuB5B,+EAA+E;AAC/E,eAAe;AACf,+EAA+E;AAE/E,MAAa,YAAY;IAIvB,YAAY,OAAgB;QAC1B,IAAI,CAAC,OAAO,GAAG,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,IAAA,WAAI,EAAC,OAAO,CAAC,GAAG,EAAE,EAAE,OAAO,CAAC,CAAC,CAAC;QACjF,IAAI,CAAC,QAAQ,GAAG,IAAI,GAAG,EAAE,CAAC;QAC1B,IAAI,CAAC,IAAI,EAAE,CAAC;IACd,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,IAAY;QACjB,MAAM,OAAO,GAAmB;YAC9B,mBAAmB,EAAE,IAAA,mBAAU,GAAE;YACjC,IAAI;YACJ,gBAAgB,EAAE,EAAE;YACpB,MAAM,EAAE,QAAQ;YAChB,QAAQ,EAAE,CAAC;YACX,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACrC,CAAC;QACF,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,mBAAmB,EAAE,OAAO,CAAC,CAAC;QACxD,IAAI,CAAC,IAAI,EAAE,CAAC;QACZ,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACH,GAAG,CAAC,SAAiB;QACnB,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACtC,CAAC;IAED;;OAEG;IACH,UAAU,CAAC,IAAY;QACrB,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC;YAC7C,IAAI,OAAO,CAAC,UAAU,KAAK,IAAI;gBAAE,OAAO,OAAO,CAAC;QAClD,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,SAAiB,EAAE,YAAoB;QACnD,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC7C,IAAI,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,SAAS,EAAE,CAAC,CAAC;QAEjE,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;YACrD,OAAO,CAAC,gBAAgB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC9C,CAAC;QACD,OAAO,CAAC,QAAQ,EAAE,CAAC;QACnB,OAAO,CAAC,UAAU,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAC9C,IAAI,CAAC,IAAI,EAAE,CAAC;IACd,CAAC;IAED;;OAEG;IACH,eAAe,CAAC,SAAiB,EAAE,IAAY,EAAE,YAAoB;QACnE,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC7C,IAAI,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,SAAS,EAAE,CAAC,CAAC;QAEjE,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;QAC1B,OAAO,CAAC,iBAAiB,GAAG,YAAY,CAAC;QACzC,OAAO,CAAC,MAAM,GAAG,WAAW,CAAC;QAC7B,OAAO,CAAC,UAAU,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAC9C,IAAI,CAAC,IAAI,EAAE,CAAC;IACd,CAAC;IAED;;OAEG;IACH,YAAY,CAAC,SAAiB,EAAE,MAAgC;QAC9D,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC7C,IAAI,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,SAAS,EAAE,CAAC,CAAC;QAEjE,OAAO,CAAC,MAAM,GAAG,MAAM,CAAC;QACxB,OAAO,CAAC,UAAU,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAC9C,IAAI,CAAC,IAAI,EAAE,CAAC;IACd,CAAC;IAED;;OAEG;IACH,IAAI,CAAC,MAAiC;QACpC,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;QAC/C,IAAI,CAAC,MAAM;YAAE,OAAO,GAAG,CAAC;QACxB,OAAO,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC;IAChD,CAAC;IAED,+EAA+E;IAC/E,cAAc;IACd,+EAA+E;IAEvE,WAAW;QACjB,OAAO,IAAA,WAAI,EAAC,IAAI,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;IAC7C,CAAC;IAEO,IAAI;QACV,MAAM,IAAI,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QAChC,IAAI,CAAC;YACH,IAAI,CAAC,IAAA,eAAU,EAAC,IAAI,CAAC;gBAAE,OAAO;YAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAA,iBAAY,EAAC,IAAI,EAAE,MAAM,CAAC,CAAiB,CAAC;YACnE,IAAI,GAAG,CAAC,OAAO,KAAK,CAAC;gBAAE,OAAO;YAC9B,KAAK,MAAM,OAAO,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;gBACnC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,mBAAmB,EAAE,OAAO,CAAC,CAAC;YAC1D,CAAC;YACD,6CAA6C;YAC7C,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC1B,CAAC;QAAC,MAAM,CAAC;YACP,+BAA+B;QACjC,CAAC;IACH,CAAC;IAEO,gBAAgB,CAAC,UAAU,GAAG,EAAE;QACtC,MAAM,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QAC1B,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,GAAG,UAAU,CAAC,CAAC;QAC9C,MAAM,gBAAgB,GAAG,CAAC,WAAW,EAAE,QAAQ,EAAE,WAAW,CAAC,CAAC;QAC9D,IAAI,MAAM,GAAG,KAAK,CAAC;QACnB,KAAK,MAAM,CAAC,EAAE,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC1C,IAAI,gBAAgB,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,MAAM,EAAE,CAAC;gBACvF,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;gBACzB,MAAM,GAAG,IAAI,CAAC;YAChB,CAAC;QACH,CAAC;QACD,IAAI,MAAM;YAAE,IAAI,CAAC,IAAI,EAAE,CAAC;IAC1B,CAAC;IAEO,IAAI;QACV,0BAA0B;QAC1B,IAAI,IAAA,eAAU,EAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7B,MAAM,IAAI,GAAG,IAAA,cAAS,EAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACrC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,IAAI,CAAC,cAAc,EAAE,EAAE,CAAC;gBACjD,MAAM,IAAI,KAAK,CAAC,aAAa,IAAI,CAAC,OAAO,0BAA0B,CAAC,CAAC;YACvE,CAAC;QACH,CAAC;aAAM,CAAC;YACN,IAAA,cAAS,EAAC,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAC5D,CAAC;QAED,MAAM,IAAI,GAAiB;YACzB,OAAO,EAAE,CAAC;YACV,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;SAC7C,CAAC;QAEF,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QAEpC,4CAA4C;QAC5C,IAAI,IAAA,eAAU,EAAC,QAAQ,CAAC,EAAE,CAAC;YACzB,MAAM,QAAQ,GAAG,IAAA,cAAS,EAAC,QAAQ,CAAC,CAAC;YACrC,IAAI,QAAQ,CAAC,cAAc,EAAE,EAAE,CAAC;gBAC9B,MAAM,IAAI,KAAK,CAAC,aAAa,QAAQ,uCAAuC,CAAC,CAAC;YAChF,CAAC;QACH,CAAC;QAED,MAAM,OAAO,GAAG,QAAQ,GAAG,MAAM,CAAC;QAElC,yCAAyC;QACzC,IAAI,IAAA,eAAU,EAAC,OAAO,CAAC,EAAE,CAAC;YACxB,MAAM,OAAO,GAAG,IAAA,cAAS,EAAC,OAAO,CAAC,CAAC;YACnC,IAAI,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC;gBAC7B,MAAM,IAAI,KAAK,CAAC,aAAa,OAAO,mCAAmC,CAAC,CAAC;YAC3E,CAAC;QACH,CAAC;QAED,eAAe;QACf,IAAA,kBAAa,EAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACvE,IAAA,eAAU,EAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAChC,CAAC;CACF;AA7KD,oCA6KC"}