@aporthq/aport-agent-guardrails 1.0.8

package/external/aport-spec/oap/vc/context-oap-v1.jsonld

@@ -0,0 +1,137 @@
+{
+  "@context": {
+    "oap": "https://github.com/aporthq/aport-spec/oap/v1#",
+    "vc": "https://www.w3.org/2018/credentials/v1",
+    "passport": {
+      "@id": "oap:passport",
+      "@type": "@id"
+    },
+    "decision": {
+      "@id": "oap:decision",
+      "@type": "@id"
+    },
+    "passport_id": {
+      "@id": "oap:passportId",
+      "@type": "xsd:string"
+    },
+    "kind": {
+      "@id": "oap:kind",
+      "@type": "xsd:string"
+    },
+    "spec_version": {
+      "@id": "oap:specVersion",
+      "@type": "xsd:string"
+    },
+    "parent_agent_id": {
+      "@id": "oap:parentAgentId",
+      "@type": "xsd:string"
+    },
+    "owner_id": {
+      "@id": "oap:ownerId",
+      "@type": "xsd:string"
+    },
+    "owner_type": {
+      "@id": "oap:ownerType",
+      "@type": "xsd:string"
+    },
+    "assurance_level": {
+      "@id": "oap:assuranceLevel",
+      "@type": "xsd:string"
+    },
+    "status": {
+      "@id": "oap:status",
+      "@type": "xsd:string"
+    },
+    "capabilities": {
+      "@id": "oap:capabilities",
+      "@type": "xsd:string",
+      "@container": "@list"
+    },
+    "limits": {
+      "@id": "oap:limits",
+      "@type": "oap:Limits"
+    },
+    "regions": {
+      "@id": "oap:regions",
+      "@type": "xsd:string",
+      "@container": "@list"
+    },
+    "metadata": {
+      "@id": "oap:metadata",
+      "@type": "oap:Metadata"
+    },
+    "created_at": {
+      "@id": "oap:createdAt",
+      "@type": "xsd:dateTime"
+    },
+    "updated_at": {
+      "@id": "oap:updatedAt",
+      "@type": "xsd:dateTime"
+    },
+    "version": {
+      "@id": "oap:version",
+      "@type": "xsd:string"
+    },
+    "decision_id": {
+      "@id": "oap:decisionId",
+      "@type": "xsd:string"
+    },
+    "policy_id": {
+      "@id": "oap:policyId",
+      "@type": "xsd:string"
+    },
+    "allow": {
+      "@id": "oap:allow",
+      "@type": "xsd:boolean"
+    },
+    "reasons": {
+      "@id": "oap:reasons",
+      "@type": "oap:Reason",
+      "@container": "@list"
+    },
+    "expires_in": {
+      "@id": "oap:expiresIn",
+      "@type": "xsd:integer"
+    },
+    "passport_digest": {
+      "@id": "oap:passportDigest",
+      "@type": "xsd:string"
+    },
+    "signature": {
+      "@id": "oap:signature",
+      "@type": "xsd:string"
+    },
+    "kid": {
+      "@id": "oap:kid",
+      "@type": "xsd:string"
+    },
+    "decision_token": {
+      "@id": "oap:decisionToken",
+      "@type": "xsd:string"
+    },
+    "agent_id": {
+      "@id": "oap:agentId",
+      "@type": "xsd:string"
+    },
+    "remaining_daily_cap": {
+      "@id": "oap:remainingDailyCap",
+      "@type": "oap:DailyCap"
+    },
+    "code": {
+      "@id": "oap:code",
+      "@type": "xsd:string"
+    },
+    "message": {
+      "@id": "oap:message",
+      "@type": "xsd:string"
+    },
+    "expires_at": {
+      "@id": "oap:expiresAt",
+      "@type": "xsd:dateTime"
+    },
+    "never_expires": {
+      "@id": "oap:neverExpires",
+      "@type": "xsd:boolean"
+    }
+  }
+}

package/external/aport-spec/oap/vc/examples/oap-decision-vc.json

@@ -0,0 +1,37 @@
+{
+  "@context": [
+    "https://www.w3.org/2018/credentials/v1",
+    "https://raw.githubusercontent.com/aporthq/aport-spec/refs/heads/main/oap/vc/context-oap-v1.jsonld"
+  ],
+  "type": ["VerifiableCredential", "OAPDecisionReceipt"],
+  "credentialSubject": {
+    "decision_id": "550e8400-e29b-41d4-a716-446655440002",
+    "policy_id": "finance.payment.refund.v1",
+    "agent_id": "550e8400-e29b-41d4-a716-446655440000",
+    "owner_id": "org_12345678",
+    "assurance_level": "L2",
+    "allow": true,
+    "reasons": [
+      {
+        "code": "oap.allowed",
+        "message": "Transaction within limits and policy requirements"
+      }
+    ],
+    "created_at": "2024-01-15T10:30:00Z",
+    "expires_in": 3600,
+    "passport_digest": "sha256:abcd1234efgh5678ijkl9012mnop3456qrst7890uvwx1234yzab5678cdef",
+    "signature": "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9...",
+    "kid": "oap:registry:key-2025-01",
+    "decision_token": "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9..."
+  },
+  "issuer": "https://aport.io",
+  "issuanceDate": "2024-01-15T10:30:00Z",
+  "expirationDate": "2024-01-15T11:30:00Z",
+  "proof": {
+    "type": "Ed25519Signature2020",
+    "created": "2024-01-15T10:30:00Z",
+    "verificationMethod": "https://aport.io/.well-known/oap/keys.json#ap_registry_ed25519_2024",
+    "proofPurpose": "assertionMethod",
+    "jws": "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJjcmVkZW50aWFsU3ViamVjdCI6eyJkZWNpc2lvbl9pZCI6IjU1MGU4NDAwLWUyOWItNDFkNC1hNzE2LTQ0NjY1NTQ0MDAwMiIsInBvbGljeV9pZCI6InBheW1lbnRzLnJlZnVuZC52MSIsInBhc3Nwb3J0X2lkIjoiNTUwZTg0MDAtZTI5Yi00MWQ0LWE3MTYtNDQ2NjU1NDQwMDAwIiwib3duZXJfaWQiOiJvcmdfMTIzNDU2NzgiLCJhc3N1cmFuY2VfbGV2ZWwiOiJMMiIsImFsbG93Ijp0cnVlLCJyZWFzb25zIjpbeyJjb2RlIjoib2FwLmFsbG93ZWQiLCJtZXNzYWdlIjoiVHJhbnNhY3Rpb24gd2l0aGluIGxpbWl0cyBhbmQgcG9saWN5IHJlcXVpcmVtZW50cyJ9XSwiaXNzdWVkX2F0IjoiMjAyNC0wMS0xNVQxMDozMDowMFoiLCJleHBpcmVzX2F0IjoiMjAyNC0wMS0xNVQxMTozMDowMFoiLCJwYXNzcG9ydF9kaWdlc3QiOiJzaGEyNTY6YWJjZDEyMzRlZmdoNTY3OGlqa2w5MDEybW5vcDM0NTZxcnN0Nzg5MHV2d3gxMjM0eXphYjU2NzhjZGVmIn0sImlzc3VlciI6Imh0dHBzOi8vYXBpLmFwb3J0LmRldiIsImlzc3VhbmNlRGF0ZSI6IjIwMjQtMDEtMTVUMTA6MzA6MDBaIiwiZXhwaXJhdGlvbkRhdGUiOiIyMDI0LTAxLTE1VDExOjMwOjAwWiJ9.signature"
+  }
+}

package/external/aport-spec/oap/vc/examples/oap-passport-vc.json

@@ -0,0 +1,68 @@
+{
+  "@context": [
+    "https://www.w3.org/2018/credentials/v1",
+    "https://raw.githubusercontent.com/aporthq/aport-spec/refs/heads/main/oap/vc/context-oap-v1.jsonld"
+  ],
+  "type": ["VerifiableCredential", "OAPPassportCredential"],
+  "credentialSubject": {
+    "agent_id": "550e8400-e29b-41d4-a716-446655440000",
+    "kind": "template",
+    "spec_version": "oap/1.0",
+    "owner_id": "org_12345678",
+    "owner_type": "org",
+    "assurance_level": "L2",
+    "status": "active",
+    "capabilities": [
+      "finance.payment.refund",
+      "data.export",
+      "repo.release.publish"
+    ],
+    "limits": {
+      "finance.payment.refund": {
+        "currency_limits": {
+          "USD": {
+            "max_per_tx": 5000,
+            "daily_cap": 50000
+          },
+          "EUR": {
+            "max_per_tx": 4500,
+            "daily_cap": 45000
+          }
+        },
+        "reason_codes": ["customer_request", "defective_product", "fraud"],
+        "idempotency_required": true
+      },
+      "data.export": {
+        "max_rows": 100000,
+        "allow_pii": false,
+        "allowed_collections": ["users", "orders", "products"]
+      },
+      "repo.release.publish": {
+        "allowed_branches": ["main", "develop"],
+        "max_releases_per_day": 10,
+        "require_signed_artifacts": true
+      }
+    },
+    "regions": ["US", "CA", "EU"],
+    "metadata": {
+      "name": "Customer Support AI",
+      "description": "AI agent for customer support operations",
+      "version": "1.0.0",
+      "contact": "support@example.com",
+      "homepage": "https://example.com/ai/support"
+    },
+    "created_at": "2024-01-01T00:00:00Z",
+    "updated_at": "2024-01-15T10:30:00Z",
+    "version": "1.0.0"
+  },
+  "issuer": "https://aport.io",
+  "issuanceDate": "2024-01-01T00:00:00Z",
+  "expirationDate": "2025-01-01T00:00:00Z",
+  "proof": {
+    "type": "Ed25519Signature2020",
+    "created": "2024-01-01T00:00:00Z",
+    "verificationMethod": "https://aport.io/.well-known/oap/keys.json#ap_registry_ed25519_2024",
+    "proofPurpose": "assertionMethod",
+    "jws": "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJjcmVkZW50aWFsU3ViamVjdCI6eyJwYXNzcG9ydF9pZCI6IjU1MGU4NDAwLWUyOWItNDFkNC1hNzE2LTQ0NjY1NTQ0MDAwMCIsImtpbmQiOiJ0ZW1wbGF0ZSIsInNwZWNfdmVyc2lvbiI6Im9hcC8xLjAiLCJvd25lcl9pZCI6Im9yZ18xMjM0NTY3OCIsIm93bmVyX3R5cGUiOiJvcmciLCJhc3N1cmFuY2VfbGV2ZWwiOiJMMiIsInN0YXR1cyI6ImFjdGl2ZSIsImNhcGFiaWxpdGllcyI6WyJwYXltZW50cy5yZWZ1bmQiLCJkYXRhLmV4cG9ydCIsInJlcG8ucmVsZWFzZS5wdWJsaXNoIl0sImxpbWl0cyI6eyJwYXltZW50cy5yZWZ1bmQiOnsiY3VycmVuY3lfbGltaXRzIjp7IlVTRCI6eyJtYXhfcGVyX3R4Ijo1MDAwLCJkYWlseV9jYXAiOjUwMDAwfSwiRVVSIjp7Im1heF9wZXJfdHgiOjQ1MDAsImRhaWx5X2NhcCI6NDUwMDB9fSwicmVhc29uX2NvZGVzIjpbImN1c3RvbWVyX3JlcXVlc3QiLCJkZWZlY3RpdmVfcHJvZHVjdCIsImZyYXVkIl0sImlkZW1wb3RlbmN5X3JlcXVpcmVkIjp0cnVlfSwiZGF0YS5leHBvcnQiOnsibWF4X3Jvd3MiOjEwMDAwMCwiYWxsb3dfcGlpIjpmYWxzZSwiYWxsb3dlZF9jb2xsZWN0aW9ucyI6WyJ1c2VycyIsIm9yZGVycyIsInByb2R1Y3RzIl19LCJyZXBvLnJlbGVhc2UucHVibGlzaCI6eyJhbGxvd2VkX2JyYW5jaGVzIjpbIm1haW4iLCJkZXZlbG9wIl0sIm1heF9yZWxlYXNlc19wZXJfZGF5IjoxMCwicmVxdWlyZV9zaWduZWRfYXJ0aWZhY3RzIjp0cnVlfX0sInJlZ2lvbnMiOlsiVVMiLCJDQSIsIkVVIl0sIm1ldGFkYXRhIjp7Im5hbWUiOiJDdXN0b21lciBTdXBwb3J0IEFJIiwiZGVzY3JpcHRpb24iOiJBSSBhZ2VudCBmb3IgY3VzdG9tZXIgc3VwcG9ydCBvcGVyYXRpb25zIiwidmVyc2lvbiI6IjEuMC4wIiwiY29udGFjdCI6InN1cHBvcnRAZXhhbXBsZS5jb20iLCJob21lcGFnZSI6Imh0dHBzOi8vZXhhbXBsZS5jb20vYWkvc3VwcG9ydCJ9LCJjcmVhdGVkX2F0IjoiMjAyNC0wMS0wMVQwMDowMDowMFoiLCJ1cGRhdGVkX2F0IjoiMjAyNC0wMS0xNVQxMDozMDowMFoiLCJ2ZXJzaW9uIjoxfX0sImlzc3VlciI6Imh0dHBzOi8vYXBpLmFwb3J0LmRldiIsImlzc3VhbmNlRGF0ZSI6IjIwMjQtMDEtMDFUMDA6MDA6MDBaIiwiZXhwaXJhdGlvbkRhdGUiOiIyMDI1LTAxLTAxVDAwOjAwOjAwWiJ9.signature"
+  }
+}

package/external/aport-spec/oap/vc/tools/INTEGRATION.md

@@ -0,0 +1,375 @@
+# OAP VC Integration Guide
+
+This guide shows how to integrate OAP VC conversion tools into your application using the tools directly from the repository.
+
+## ⚡ Quick Start (5 minutes)
+
+```bash
+# 1. Get the tools
+git clone https://github.com/aporthq/oap-spec.git
+cd oap-spec/spec/oap/vc/tools
+
+# 2. Install and build
+npm install
+npm run build
+
+# 3. Generate a registry key
+node dist/cli.js generate-key --output registry-key.json
+
+# 4. Convert your OAP passport to VC
+node dist/cli.js export --type passport --input your-passport.json --output your-passport.vc.json --key registry-key.json
+
+# 5. Convert VC back to OAP
+node dist/cli.js import --type passport --input your-passport.vc.json --output your-passport-back.json
+```
+
+That's it! You now have working OAP ↔ VC conversion tools.
+
+## 📖 Try the Examples
+
+```bash
+# Run the working examples
+node examples/passport-to-vc.js
+node examples/decision-to-vc.js
+node examples/vc-to-passport.js
+node examples/vc-to-decision.js
+
+# Or run the test suite
+node test-simple.js
+```
+
+## 🚀 Full Integration Guide
+
+### 1. Get the Tools
+
+```bash
+# Clone or download the OAP specification repository
+git clone https://github.com/aporthq/oap-spec.git
+cd oap-spec/spec/oap/vc/tools
+
+# Install dependencies
+npm install
+
+# Build the TypeScript code
+npm run build
+```
+
+### 2. Basic Usage
+
+#### Option A: Use as CLI Tool
+
+```bash
+# Export OAP Passport to VC
+node dist/cli.js export --type passport --input passport.json --output passport.vc.json --key registry-key.json
+
+# Export with verbose output (shows converted data)
+node dist/cli.js export --type passport --input passport.json --output passport.vc.json --key registry-key.json --verbose
+
+# Import VC to OAP Passport
+node dist/cli.js import --type passport --input passport.vc.json --output passport.json
+
+# Import with verbose output (shows converted data)
+node dist/cli.js import --type passport --input passport.vc.json --output passport.json --verbose
+
+# Validate OAP objects or VCs
+node dist/cli.js validate --type passport --input passport.json
+node dist/cli.js validate --type vc --input passport.vc.json
+
+# Generate a registry key
+node dist/cli.js generate-key --output my-registry-key.json
+```
+
+#### Option B: Use as SDK
+
+```javascript
+// Import the conversion functions directly
+import { 
+  exportPassportToVC, 
+  exportDecisionToVC, 
+  importVCToPassport, 
+  importVCToDecision 
+} from './dist/index.js';
+
+// Your OAP passport
+const passport = {
+  agent_id: '550e8400-e29b-41d4-a716-446655440000',
+  kind: 'template',
+  spec_version: 'oap/1.0',
+  // ... other fields
+};
+
+// Your registry key
+const registryKey = {
+  issuer: 'https://aport.io',
+  kid: 'key-2025-01',
+  publicKey: 'your-ed25519-public-key',
+  privateKey: 'your-ed25519-private-key'
+};
+
+// Convert to VC
+const vc = exportPassportToVC(passport, registryKey);
+
+// Convert back to OAP
+const importedPassport = importVCToPassport(vc);
+```
+
+## 🔧 Integration Patterns
+
+### Pattern 1: OAP → VC → Storage
+
+```javascript
+// Import the tools
+import { exportPassportToVC, importVCToPassport } from './dist/index.js';
+
+// Convert OAP passport to VC for storage in VC wallet
+const vc = exportPassportToVC(passport, registryKey);
+
+// Store in VC wallet
+await vcWallet.store(vc);
+
+// Later: retrieve and convert back
+const storedVC = await vcWallet.retrieve(vcId);
+const passport = importVCToPassport(storedVC);
+```
+
+### Pattern 2: VC → OAP → Processing
+
+```javascript
+// Import the tools
+import { importVCToPassport, exportDecisionToVC } from './dist/index.js';
+
+// Receive VC from external system
+const vc = await receiveVCFromExternalSystem();
+
+// Convert to OAP for processing
+const passport = importVCToPassport(vc);
+
+// Process using OAP logic
+const decision = await processOAPPassport(passport);
+
+// Convert decision back to VC
+const decisionVC = exportDecisionToVC(decision, registryKey);
+
+// Send back to external system
+await sendVCToExternalSystem(decisionVC);
+```
+
+### Pattern 3: Hybrid OAP/VC System
+
+```javascript
+// Import the tools
+import { exportPassportToVC } from './dist/index.js';
+
+// Store both formats for maximum compatibility
+const passport = await createOAPPassport(data);
+const vc = exportPassportToVC(passport, registryKey);
+
+// Store in both systems
+await oapDatabase.store(passport);
+await vcWallet.store(vc);
+
+// Use appropriate format based on context
+if (needsVCCapabilities) {
+  return vc;
+} else {
+  return passport;
+}
+```
+
+## 🛠️ CLI Integration
+
+### Batch Conversion
+
+```bash
+#!/bin/bash
+# Convert all OAP passports to VCs
+
+# Make sure you're in the tools directory
+cd spec/oap/vc/tools
+
+# Build the tools first
+npm run build
+
+# Convert all passports
+for passport in passports/*.json; do
+  filename=$(basename "$passport" .json)
+  node dist/cli.js export --type passport --input "$passport" --output "vcs/${filename}.vc.json" --key registry-key.json
+done
+```
+
+### Validation Pipeline
+
+```bash
+#!/bin/bash
+# Validate all VCs before processing
+
+# Make sure you're in the tools directory
+cd spec/oap/vc/tools
+
+# Build the tools first
+npm run build
+
+# Validate all VCs
+for vc in vcs/*.vc.json; do
+  if ! node dist/cli.js validate --type vc --input "$vc"; then
+    echo "Invalid VC: $vc"
+    exit 1
+  fi
+done
+```
+
+## 🔒 Security Integration
+
+### Key Management
+
+```javascript
+// Import the tools
+import { exportPassportToVC, importVCToPassport } from './dist/index.js';
+
+// Load registry key securely
+const registryKey = await loadRegistryKeyFromSecureStore();
+
+// Rotate keys periodically
+const newKey = await generateNewRegistryKey();
+await updateRegistryKey(newKey);
+```
+
+### Signature Verification
+
+```javascript
+// Import the tools
+import { importVCToPassport } from './dist/index.js';
+
+// Always verify signatures when importing
+const vc = await receiveVCFromExternalSystem();
+
+try {
+  const passport = importVCToPassport(vc);
+  // Signature verified automatically
+  console.log('VC signature is valid');
+} catch (error) {
+  console.error('Invalid VC signature:', error.message);
+}
+```
+
+## 🌐 VC Ecosystem Integration
+
+### VC Wallet Integration
+
+```javascript
+// Import the tools
+import { exportPassportToVC } from './dist/index.js';
+
+// Store OAP as VC in wallet
+const vc = exportPassportToVC(passport, registryKey);
+await wallet.store(vc);
+
+// Present VC to verifier
+const presentation = await wallet.createPresentation([vc]);
+await verifier.verify(presentation);
+```
+
+### DID Integration
+
+```javascript
+// Import the tools
+import { exportPassportToVC } from './dist/index.js';
+
+// Use with DID documents
+const did = 'did:example:123456789';
+const vc = exportPassportToVC(passport, { ...registryKey, issuer: did });
+```
+
+## 📊 Monitoring and Logging
+
+```javascript
+// Import the tools
+import { exportPassportToVC } from './dist/index.js';
+
+// Log conversion events
+function convertWithLogging(passport, registryKey) {
+  console.log('Converting passport to VC:', passport.agent_id);
+  
+  try {
+    const vc = exportPassportToVC(passport, registryKey);
+    console.log('Conversion successful:', vc.id);
+    return vc;
+  } catch (error) {
+    console.error('Conversion failed:', error.message);
+    throw error;
+  }
+}
+```
+
+## 🧪 Testing Integration
+
+```javascript
+// Import the tools
+import { exportPassportToVC, importVCToPassport } from './dist/index.js';
+
+// Test conversion functions
+describe('OAP VC Conversion', () => {
+  test('should convert passport to VC and back', () => {
+    const vc = exportPassportToVC(samplePassport, sampleRegistryKey);
+    const importedPassport = importVCToPassport(vc);
+    
+    expect(importedPassport.agent_id).toBe(samplePassport.agent_id);
+    expect(importedPassport.kind).toBe(samplePassport.kind);
+  });
+});
+```
+
+## 🚀 Deployment
+
+### Docker Integration
+
+```dockerfile
+FROM node:18-alpine
+
+WORKDIR /app
+
+# Copy the OAP VC tools
+COPY spec/oap/vc/tools/package*.json ./
+RUN npm install
+
+COPY spec/oap/vc/tools/ ./
+RUN npm run build
+
+# Use the CLI tool
+CMD ["node", "dist/cli.js", "--help"]
+```
+
+### CI/CD Pipeline
+
+```yaml
+name: OAP VC Conversion
+on: [push, pull_request]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+        with:
+          node-version: '18'
+      - name: Install dependencies
+        run: |
+          cd spec/oap/vc/tools
+          npm install
+      - name: Build tools
+        run: |
+          cd spec/oap/vc/tools
+          npm run build
+      - name: Test tools
+        run: |
+          cd spec/oap/vc/tools
+          npm test
+```
+
+## 📚 Additional Resources
+
+- [W3C Verifiable Credentials Data Model v2.0](https://www.w3.org/TR/vc-data-model-2.0/)
+- [OAP Specification](../oap-spec.md)
+- [VC Mapping Documentation](../vc-mapping.md)
+- [Examples Directory](./examples/)