@arvo-tools/agentic 1.1.0 → 1.2.0

package/dist/SimplePermissionManager/index.js

@@ -0,0 +1,256 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __generator = (this && this.__generator) || function (thisArg, body) {
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype);
+    return g.next = verb(0), g["throw"] = verb(1), g["return"] = verb(2), typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    function verb(n) { return function (v) { return step([n, v]); }; }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while (g && (g = 0, op[0] && (_ = 0)), _) try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [op[0] & 2, t.value];
+            switch (op[0]) {
+                case 0: case 1: t = op; break;
+                case 4: _.label++; return { value: op[1], done: false };
+                case 5: _.label++; y = op[1]; op = [0]; continue;
+                case 7: op = _.ops.pop(); _.trys.pop(); continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
+                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
+                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
+                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop(); continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
+        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
+    }
+};
+var __values = (this && this.__values) || function(o) {
+    var s = typeof Symbol === "function" && Symbol.iterator, m = s && o[s], i = 0;
+    if (m) return m.call(o);
+    if (o && typeof o.length === "number") return {
+        next: function () {
+            if (o && i >= o.length) o = void 0;
+            return { value: o && o[i++], done: !o };
+        }
+    };
+    throw new TypeError(s ? "Object is not iterable." : "Symbol.iterator is not defined.");
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SimplePermissionManager = void 0;
+var openinference_semantic_conventions_1 = require("@arizeai/openinference-semantic-conventions");
+var arvo_core_1 = require("arvo-core");
+var contract_1 = require("./contract");
+/**
+ * Simple in-memory permission manager for development and testing.
+ *
+ * Stores permissions in a Map keyed by `${source.name}:${source.subject}`,
+ * providing workflow-scoped authorization that persists only for the lifetime
+ * of the process.
+ *
+ * @example
+ * ```typescript
+ * const agent = createArvoAgent({
+ *   permissionManager: new SimplePermissionManager(),
+ *   handler: {
+ *     '1.0.0': {
+ *       permissionPolicy: async ({ services }) => [
+ *         services.deleteUser.name
+ *       ],
+ *       // ... other config
+ *     }
+ *   }
+ * });
+ * ```
+ */
+var SimplePermissionManager = /** @class */ (function () {
+    function SimplePermissionManager(config) {
+        this.contract = contract_1.simplePermissionContract.version('1.0.0');
+        this.permissions = new Map();
+        this.domains = config.domains;
+    }
+    SimplePermissionManager.prototype.getKey = function (source) {
+        return "".concat(source.name, ":").concat(source.subject);
+    };
+    SimplePermissionManager.prototype.get = function (source, 
+    // biome-ignore lint/suspicious/noExplicitAny: Needs to be general
+    tools, config) {
+        return __awaiter(this, void 0, void 0, function () {
+            var _a;
+            var _this = this;
+            return __generator(this, function (_b) {
+                switch (_b.label) {
+                    case 0: return [4 /*yield*/, arvo_core_1.ArvoOpenTelemetry.getInstance().startActiveSpan({
+                            name: 'Permission.Check',
+                            disableSpanManagement: true,
+                            context: {
+                                inheritFrom: 'TRACE_HEADERS',
+                                traceHeaders: config.otelInfo.headers,
+                            },
+                            spanOptions: {
+                                attributes: (_a = {},
+                                    _a[openinference_semantic_conventions_1.SemanticConventions.OPENINFERENCE_SPAN_KIND] = openinference_semantic_conventions_1.OpenInferenceSpanKind.GUARDRAIL,
+                                    _a),
+                            },
+                            fn: function (span) { return __awaiter(_this, void 0, void 0, function () {
+                                var key, granted_1, result;
+                                var _a;
+                                return __generator(this, function (_b) {
+                                    try {
+                                        key = this.getKey(source);
+                                        granted_1 = (_a = this.permissions.get(key)) !== null && _a !== void 0 ? _a : {};
+                                        result = Object.fromEntries(tools.map(function (tool) { var _a; return [tool.name, (_a = granted_1[tool.name]) !== null && _a !== void 0 ? _a : false]; }));
+                                        span.setAttribute('tool.permission.map', JSON.stringify(result));
+                                        return [2 /*return*/, result];
+                                    }
+                                    catch (error) {
+                                        (0, arvo_core_1.exceptionToSpan)(error, span);
+                                        throw error;
+                                    }
+                                    finally {
+                                        span.end();
+                                    }
+                                    return [2 /*return*/];
+                                });
+                            }); },
+                        })];
+                    case 1: return [2 /*return*/, _b.sent()];
+                }
+            });
+        });
+    };
+    SimplePermissionManager.prototype.set = function (source, event, config) {
+        return __awaiter(this, void 0, void 0, function () {
+            var _a;
+            var _this = this;
+            return __generator(this, function (_b) {
+                switch (_b.label) {
+                    case 0: return [4 /*yield*/, arvo_core_1.ArvoOpenTelemetry.getInstance().startActiveSpan({
+                            name: 'Permission.Update',
+                            disableSpanManagement: true,
+                            context: {
+                                inheritFrom: 'TRACE_HEADERS',
+                                traceHeaders: config.otelInfo.headers,
+                            },
+                            spanOptions: {
+                                attributes: (_a = {},
+                                    _a[openinference_semantic_conventions_1.SemanticConventions.OPENINFERENCE_SPAN_KIND] = openinference_semantic_conventions_1.OpenInferenceSpanKind.GUARDRAIL,
+                                    _a),
+                            },
+                            fn: function (span) { return __awaiter(_this, void 0, void 0, function () {
+                                var key, granted, _a, _b, toolName, _c, _d, toolName;
+                                var e_1, _e, e_2, _f;
+                                var _g;
+                                return __generator(this, function (_h) {
+                                    try {
+                                        key = this.getKey(source);
+                                        granted = (_g = this.permissions.get(key)) !== null && _g !== void 0 ? _g : {};
+                                        try {
+                                            for (_a = __values(event.data.granted), _b = _a.next(); !_b.done; _b = _a.next()) {
+                                                toolName = _b.value;
+                                                granted[toolName] = true;
+                                            }
+                                        }
+                                        catch (e_1_1) { e_1 = { error: e_1_1 }; }
+                                        finally {
+                                            try {
+                                                if (_b && !_b.done && (_e = _a.return)) _e.call(_a);
+                                            }
+                                            finally { if (e_1) throw e_1.error; }
+                                        }
+                                        try {
+                                            for (_c = __values(event.data.denied), _d = _c.next(); !_d.done; _d = _c.next()) {
+                                                toolName = _d.value;
+                                                granted[toolName] = false;
+                                            }
+                                        }
+                                        catch (e_2_1) { e_2 = { error: e_2_1 }; }
+                                        finally {
+                                            try {
+                                                if (_d && !_d.done && (_f = _c.return)) _f.call(_c);
+                                            }
+                                            finally { if (e_2) throw e_2.error; }
+                                        }
+                                        this.permissions.set(key, granted);
+                                        span.setAttribute('tool.permission.map', JSON.stringify(granted));
+                                    }
+                                    catch (error) {
+                                        (0, arvo_core_1.exceptionToSpan)(error, span);
+                                        throw error;
+                                    }
+                                    finally {
+                                        span.end();
+                                    }
+                                    return [2 /*return*/];
+                                });
+                            }); },
+                        })];
+                    case 1: return [2 /*return*/, _b.sent()];
+                }
+            });
+        });
+    };
+    SimplePermissionManager.prototype.requestBuilder = function (source, 
+    // biome-ignore lint/suspicious/noExplicitAny: Needs to be general
+    tools, config) {
+        return __awaiter(this, void 0, void 0, function () {
+            var _a;
+            var _this = this;
+            return __generator(this, function (_b) {
+                switch (_b.label) {
+                    case 0: return [4 /*yield*/, arvo_core_1.ArvoOpenTelemetry.getInstance().startActiveSpan({
+                            name: 'Permission.Request',
+                            disableSpanManagement: true,
+                            context: {
+                                inheritFrom: 'TRACE_HEADERS',
+                                traceHeaders: config.otelInfo.headers,
+                            },
+                            spanOptions: {
+                                attributes: (_a = {},
+                                    _a[openinference_semantic_conventions_1.SemanticConventions.OPENINFERENCE_SPAN_KIND] = openinference_semantic_conventions_1.OpenInferenceSpanKind.GUARDRAIL,
+                                    _a),
+                            },
+                            fn: function (span) { return __awaiter(_this, void 0, void 0, function () {
+                                var request;
+                                return __generator(this, function (_a) {
+                                    try {
+                                        request = {
+                                            agentId: source.name,
+                                            reason: "Agent ".concat(source.name, " is requesting permission to execute following tools"),
+                                            requestedTools: tools.map(function (t) { return t.name; }),
+                                        };
+                                        span.setAttribute('tool.permission.request', JSON.stringify(request));
+                                        return [2 /*return*/, request];
+                                    }
+                                    catch (error) {
+                                        (0, arvo_core_1.exceptionToSpan)(error, span);
+                                        throw error;
+                                    }
+                                    finally {
+                                        span.end();
+                                    }
+                                    return [2 /*return*/];
+                                });
+                            }); },
+                        })];
+                    case 1: return [2 /*return*/, _b.sent()];
+                }
+            });
+        });
+    };
+    SimplePermissionManager.CONTRACT = contract_1.simplePermissionContract;
+    SimplePermissionManager.VERSIONED_CONTRACT = contract_1.simplePermissionContract.version('1.0.0');
+    return SimplePermissionManager;
+}());
+exports.SimplePermissionManager = SimplePermissionManager;
+//# sourceMappingURL=index.js.map

package/dist/SimplePermissionManager/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/SimplePermissionManager/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,kGAGqD;AACrD,uCAA2F;AAO3F,uCAAsD;AAEtD;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH;IASE,iCAAY,MAAiD;QAJ7C,aAAQ,GAAG,mCAAwB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAE7D,gBAAW,GAAG,IAAI,GAAG,EAAmC,CAAC;QAG/D,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;IAChC,CAAC;IAEO,wCAAM,GAAd,UAAe,MAAgC;QAC7C,OAAO,UAAG,MAAM,CAAC,IAAI,cAAI,MAAM,CAAC,OAAO,CAAE,CAAC;IAC5C,CAAC;IAEK,qCAAG,GAAT,UACE,MAAgC;IAChC,kEAAkE;IAClE,KAAiC,EACjC,MAAkC;;;;;;4BAE3B,qBAAM,6BAAiB,CAAC,WAAW,EAAE,CAAC,eAAe,CAAC;4BAC3D,IAAI,EAAE,kBAAkB;4BACxB,qBAAqB,EAAE,IAAI;4BAC3B,OAAO,EAAE;gCACP,WAAW,EAAE,eAAe;gCAC5B,YAAY,EAAE,MAAM,CAAC,QAAQ,CAAC,OAAO;6BACtC;4BACD,WAAW,EAAE;gCACX,UAAU;oCACR,GAAC,wDAAgC,CAAC,uBAAuB,IACvD,0DAAqB,CAAC,SAAS;uCAClC;6BACF;4BACD,EAAE,EAAE,UAAO,IAAI;;;;oCACb,IAAI,CAAC;wCACG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;wCAC1B,YAAU,MAAA,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,mCAAI,EAAE,CAAC;wCAC1C,MAAM,GAAG,MAAM,CAAC,WAAW,CAC/B,KAAK,CAAC,GAAG,CAAC,UAAC,IAAI,YAAK,OAAA,CAAC,IAAI,CAAC,IAAI,EAAE,MAAA,SAAO,CAAC,IAAI,CAAC,IAAI,CAAC,mCAAI,KAAK,CAAC,CAAA,EAAA,CAAC,CAC9D,CAAC;wCACF,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;wCACjE,sBAAO,MAAM,EAAC;oCAChB,CAAC;oCAAC,OAAO,KAAK,EAAE,CAAC;wCACf,IAAA,2BAAe,EAAC,KAAc,EAAE,IAAI,CAAC,CAAC;wCACtC,MAAM,KAAK,CAAC;oCACd,CAAC;4CAAS,CAAC;wCACT,IAAI,CAAC,GAAG,EAAE,CAAC;oCACb,CAAC;;;iCACF;yBACF,CAAC,EAAA;4BA7BF,sBAAO,SA6BL,EAAC;;;;KACJ;IAEK,qCAAG,GAAT,UACE,MAAgC,EAChC,KAAwD,EACxD,MAAkC;;;;;;4BAE3B,qBAAM,6BAAiB,CAAC,WAAW,EAAE,CAAC,eAAe,CAAC;4BAC3D,IAAI,EAAE,mBAAmB;4BACzB,qBAAqB,EAAE,IAAI;4BAC3B,OAAO,EAAE;gCACP,WAAW,EAAE,eAAe;gCAC5B,YAAY,EAAE,MAAM,CAAC,QAAQ,CAAC,OAAO;6BACtC;4BACD,WAAW,EAAE;gCACX,UAAU;oCACR,GAAC,wDAAgC,CAAC,uBAAuB,IACvD,0DAAqB,CAAC,SAAS;uCAClC;6BACF;4BACD,EAAE,EAAE,UAAO,IAAI;;;;;oCACb,IAAI,CAAC;wCACG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;wCAC1B,OAAO,GAAG,MAAA,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,mCAAI,EAAE,CAAC;;4CAChD,KAAuB,KAAA,SAAA,KAAK,CAAC,IAAI,CAAC,OAAO,CAAA,4CAAE,CAAC;gDAAjC,QAAQ;gDACjB,OAAO,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC;4CAC3B,CAAC;;;;;;;;;;4CACD,KAAuB,KAAA,SAAA,KAAK,CAAC,IAAI,CAAC,MAAM,CAAA,4CAAE,CAAC;gDAAhC,QAAQ;gDACjB,OAAO,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC;4CAC5B,CAAC;;;;;;;;;wCACD,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;wCACnC,IAAI,CAAC,YAAY,CAAC,qBAAqB,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;oCACpE,CAAC;oCAAC,OAAO,KAAK,EAAE,CAAC;wCACf,IAAA,2BAAe,EAAC,KAAc,EAAE,IAAI,CAAC,CAAC;wCACtC,MAAM,KAAK,CAAC;oCACd,CAAC;4CAAS,CAAC;wCACT,IAAI,CAAC,GAAG,EAAE,CAAC;oCACb,CAAC;;;iCACF;yBACF,CAAC,EAAA;4BAhCF,sBAAO,SAgCL,EAAC;;;;KACJ;IAEK,gDAAc,GAApB,UACE,MAAgC;IAChC,kEAAkE;IAClE,KAAiC,EACjC,MAAkC;;;;;;4BAM3B,qBAAM,6BAAiB,CAAC,WAAW,EAAE,CAAC,eAAe,CAAC;4BAC3D,IAAI,EAAE,oBAAoB;4BAC1B,qBAAqB,EAAE,IAAI;4BAC3B,OAAO,EAAE;gCACP,WAAW,EAAE,eAAe;gCAC5B,YAAY,EAAE,MAAM,CAAC,QAAQ,CAAC,OAAO;6BACtC;4BACD,WAAW,EAAE;gCACX,UAAU;oCACR,GAAC,wDAAgC,CAAC,uBAAuB,IACvD,0DAAqB,CAAC,SAAS;uCAClC;6BACF;4BACD,EAAE,EAAE,UAAO,IAAI;;;oCACb,IAAI,CAAC;wCACG,OAAO,GAAG;4CACd,OAAO,EAAE,MAAM,CAAC,IAAI;4CACpB,MAAM,EAAE,gBAAS,MAAM,CAAC,IAAI,yDAAsD;4CAClF,cAAc,EAAE,KAAK,CAAC,GAAG,CAAC,UAAC,CAAC,IAAK,OAAA,CAAC,CAAC,IAAI,EAAN,CAAM,CAAC;yCACzC,CAAC;wCACF,IAAI,CAAC,YAAY,CAAC,yBAAyB,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;wCACtE,sBAAO,OAAO,EAAC;oCACjB,CAAC;oCAAC,OAAO,KAAK,EAAE,CAAC;wCACf,IAAA,2BAAe,EAAC,KAAc,EAAE,IAAI,CAAC,CAAC;wCACtC,MAAM,KAAK,CAAC;oCACd,CAAC;4CAAS,CAAC;wCACT,IAAI,CAAC,GAAG,EAAE,CAAC;oCACb,CAAC;;;iCACF;yBACF,CAAC,EAAA;4BA7BF,sBAAO,SA6BL,EAAC;;;;KACJ;IApIe,gCAAQ,GAAG,mCAAwB,AAA3B,CAA4B;IACpC,0CAAkB,GAAG,mCAAwB,CAAC,OAAO,CAAC,OAAO,CAAC,AAA5C,CAA6C;IAoIjF,8BAAC;CAAA,AAxID,IAwIC;AAxIY,0DAAuB"}

package/dist/index.d.ts

@@ -13,5 +13,6 @@ export { openaiLLMIntegration } from './Integrations/openai';
 export { DEFAULT_TOOL_LIMIT_PROMPT } from './Integrations/prompts';
 export type { AgentLLMIntegration, AgentLLMIntegrationOutput, AgentLLMIntegrationParam, } from './Integrations/types';
 export type { IMCPClient } from './interfaces.mcp';
+export { SimplePermissionManager } from './SimplePermissionManager';
 export type { NonEmptyArray, OtelInfoType, PromiseAble } from './types';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AACtD,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EACL,uBAAuB,EACvB,yBAAyB,EACzB,kBAAkB,EAClB,sBAAsB,EACtB,0BAA0B,EAC1B,4BAA4B,GAC7B,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,sBAAsB,EAAE,MAAM,uBAAuB,CAAC;AAC/D,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC3D,YAAY,EACV,mBAAmB,EACnB,eAAe,EACf,iBAAiB,EACjB,YAAY,EACZ,mBAAmB,EACnB,kBAAkB,EAClB,oBAAoB,EACpB,gBAAgB,EAChB,oBAAoB,EACpB,mBAAmB,EACnB,sBAAsB,EACtB,eAAe,EACf,2BAA2B,EAC3B,oBAAoB,GACrB,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,yBAAyB,EACzB,kCAAkC,EAClC,kCAAkC,EAClC,+BAA+B,EAC/B,YAAY,GACb,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC9C,YAAY,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAC3D,OAAO,EAAE,uBAAuB,EAAE,MAAM,0BAA0B,CAAC;AACnE,OAAO,EAAE,SAAS,EAAE,MAAM,0BAA0B,CAAC;AACrD,OAAO,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;AAC7D,OAAO,EAAE,yBAAyB,EAAE,MAAM,wBAAwB,CAAC;AACnE,YAAY,EACV,mBAAmB,EACnB,yBAAyB,EACzB,wBAAwB,GACzB,MAAM,sBAAsB,CAAC;AAC9B,YAAY,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AACnD,YAAY,EAAE,aAAa,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AACtD,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EACL,uBAAuB,EACvB,yBAAyB,EACzB,kBAAkB,EAClB,sBAAsB,EACtB,0BAA0B,EAC1B,4BAA4B,GAC7B,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,sBAAsB,EAAE,MAAM,uBAAuB,CAAC;AAC/D,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC3D,YAAY,EACV,mBAAmB,EACnB,eAAe,EACf,iBAAiB,EACjB,YAAY,EACZ,mBAAmB,EACnB,kBAAkB,EAClB,oBAAoB,EACpB,gBAAgB,EAChB,oBAAoB,EACpB,mBAAmB,EACnB,sBAAsB,EACtB,eAAe,EACf,2BAA2B,EAC3B,oBAAoB,GACrB,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,yBAAyB,EACzB,kCAAkC,EAClC,kCAAkC,EAClC,+BAA+B,EAC/B,YAAY,GACb,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC9C,YAAY,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAC3D,OAAO,EAAE,uBAAuB,EAAE,MAAM,0BAA0B,CAAC;AACnE,OAAO,EAAE,SAAS,EAAE,MAAM,0BAA0B,CAAC;AACrD,OAAO,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;AAC7D,OAAO,EAAE,yBAAyB,EAAE,MAAM,wBAAwB,CAAC;AACnE,YAAY,EACV,mBAAmB,EACnB,yBAAyB,EACzB,wBAAwB,GACzB,MAAM,sBAAsB,CAAC;AAC9B,YAAY,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAE,uBAAuB,EAAE,MAAM,2BAA2B,CAAC;AACpE,YAAY,EAAE,aAAa,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC"}

package/dist/index.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.DEFAULT_TOOL_LIMIT_PROMPT = exports.openaiLLMIntegration = exports.MCPClient = exports.anthropicLLMIntegration = exports.createAgentTool = exports.tryParseJson = exports.setOpenInferenceUsageOutputAttr = exports.setOpenInferenceToolCallOutputAttr = exports.setOpenInferenceResponseOutputAttr = exports.setOpenInferenceInputAttr = exports.AgentStreamEventSchema = exports.AgentToolResultContentSchema = exports.AgentToolCallContentSchema = exports.AgentTextContentSchema = exports.AgentMessageSchema = exports.AgentMessageContentSchema = exports.AgentMediaContentSchema = exports.AgentDefaults = exports.createArvoAgent = void 0;
+exports.SimplePermissionManager = exports.DEFAULT_TOOL_LIMIT_PROMPT = exports.openaiLLMIntegration = exports.MCPClient = exports.anthropicLLMIntegration = exports.createAgentTool = exports.tryParseJson = exports.setOpenInferenceUsageOutputAttr = exports.setOpenInferenceToolCallOutputAttr = exports.setOpenInferenceResponseOutputAttr = exports.setOpenInferenceInputAttr = exports.AgentStreamEventSchema = exports.AgentToolResultContentSchema = exports.AgentToolCallContentSchema = exports.AgentTextContentSchema = exports.AgentMessageSchema = exports.AgentMessageContentSchema = exports.AgentMediaContentSchema = exports.AgentDefaults = exports.createArvoAgent = void 0;
 var Agent_1 = require("./Agent");
 Object.defineProperty(exports, "createArvoAgent", { enumerable: true, get: function () { return Agent_1.createArvoAgent; } });
 var AgentDefaults_1 = require("./Agent/AgentDefaults");
@@ -30,4 +30,6 @@ var openai_1 = require("./Integrations/openai");
 Object.defineProperty(exports, "openaiLLMIntegration", { enumerable: true, get: function () { return openai_1.openaiLLMIntegration; } });
 var prompts_1 = require("./Integrations/prompts");
 Object.defineProperty(exports, "DEFAULT_TOOL_LIMIT_PROMPT", { enumerable: true, get: function () { return prompts_1.DEFAULT_TOOL_LIMIT_PROMPT; } });
+var SimplePermissionManager_1 = require("./SimplePermissionManager");
+Object.defineProperty(exports, "SimplePermissionManager", { enumerable: true, get: function () { return SimplePermissionManager_1.SimplePermissionManager; } });
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAAA,iCAAsD;AAAjC,wGAAA,eAAe,OAAA;AACpC,uDAAsD;AAA7C,8GAAA,aAAa,OAAA;AACtB,yCAOwB;AANtB,iHAAA,uBAAuB,OAAA;AACvB,mHAAA,yBAAyB,OAAA;AACzB,4GAAA,kBAAkB,OAAA;AAClB,gHAAA,sBAAsB,OAAA;AACtB,oHAAA,0BAA0B,OAAA;AAC1B,sHAAA,4BAA4B,OAAA;AAE9B,gDAA+D;AAAtD,gHAAA,sBAAsB,OAAA;AAkB/B,uCAMuB;AALrB,kHAAA,yBAAyB,OAAA;AACzB,2HAAA,kCAAkC,OAAA;AAClC,2HAAA,kCAAkC,OAAA;AAClC,wHAAA,+BAA+B,OAAA;AAC/B,qGAAA,YAAY,OAAA;AAEd,yCAA8C;AAArC,4GAAA,eAAe,OAAA;AAExB,sDAAmE;AAA1D,oHAAA,uBAAuB,OAAA;AAChC,sDAAqD;AAA5C,sGAAA,SAAS,OAAA;AAClB,gDAA6D;AAApD,8GAAA,oBAAoB,OAAA;AAC7B,kDAAmE;AAA1D,oHAAA,yBAAyB,OAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAAA,iCAAsD;AAAjC,wGAAA,eAAe,OAAA;AACpC,uDAAsD;AAA7C,8GAAA,aAAa,OAAA;AACtB,yCAOwB;AANtB,iHAAA,uBAAuB,OAAA;AACvB,mHAAA,yBAAyB,OAAA;AACzB,4GAAA,kBAAkB,OAAA;AAClB,gHAAA,sBAAsB,OAAA;AACtB,oHAAA,0BAA0B,OAAA;AAC1B,sHAAA,4BAA4B,OAAA;AAE9B,gDAA+D;AAAtD,gHAAA,sBAAsB,OAAA;AAkB/B,uCAMuB;AALrB,kHAAA,yBAAyB,OAAA;AACzB,2HAAA,kCAAkC,OAAA;AAClC,2HAAA,kCAAkC,OAAA;AAClC,wHAAA,+BAA+B,OAAA;AAC/B,qGAAA,YAAY,OAAA;AAEd,yCAA8C;AAArC,4GAAA,eAAe,OAAA;AAExB,sDAAmE;AAA1D,oHAAA,uBAAuB,OAAA;AAChC,sDAAqD;AAA5C,sGAAA,SAAS,OAAA;AAClB,gDAA6D;AAApD,8GAAA,oBAAoB,OAAA;AAC7B,kDAAmE;AAA1D,oHAAA,yBAAyB,OAAA;AAOlC,qEAAoE;AAA3D,kIAAA,uBAAuB,OAAA"}

package/dist/interfaces.permission.manager.d.ts

@@ -0,0 +1,191 @@
+import type { InferVersionedArvoContract, SimpleArvoContract, VersionedArvoContract } from 'arvo-core';
+import type { SimpleArvoContractEmitType } from 'arvo-core/dist/ArvoContract/SimpleArvoContract/types';
+import type { AgentToolDefinition } from './Agent/types';
+import type { AgentInternalTool } from './AgentTool/types';
+import type { NonEmptyArray, OtelInfoType, PromiseAble } from './types';
+/**
+ * Contextual information identifying the agent and workflow requesting permission.
+ *
+ * Enables scoped authorization decisions where the same tool might be permitted
+ * for one agent/workflow/tenant combination but denied for another.
+ */
+export type PermissionManagerContext = {
+    /**
+     * The agent's identifier from the ArvoResumable handler source.
+     * Used to scope permissions by agent type (e.g., 'support.agent', 'billing.agent').
+     */
+    name: string;
+    /**
+     * The workflow execution identifier from the originating event's subject field.
+     * Enables workflow-specific permissions where authorization applies only to
+     * a particular execution context rather than globally.
+     */
+    subject: string;
+    /**
+     * Access control context inherited from the triggering event.
+     * Typically contains tenant, user, or role information informing permission
+     * decisions (e.g., 'tenant:acme:admin', 'user:123:readonly').
+     */
+    accesscontrol: string | null;
+};
+/**
+ * Deterministic authorization layer for agent tool execution control.
+ *
+ * Provides policy-driven tool access control operating independently of LLM reasoning,
+ * ensuring security-critical decisions cannot be bypassed through prompt injection,
+ * jailbreaking, or other adversarial manipulation of the language model.
+ *
+ * @remarks
+ * **Authorization Flow:**
+ *
+ * When an agent requests tools requiring permission:
+ * 1. Agent calls `get()` to check current authorizations
+ * 2. Blocked tools trigger `requestBuilder()` to create permission request payload
+ * 3. Agent emits permission request event and suspends execution
+ * 4. External authorizer (human, policy engine, IAM) processes request
+ * 5. Authorization response arrives, agent calls `set()` to update permissions
+ * 6. Agent resumes, LLM retries tool calls with updated authorizations
+ *
+ * **Implementation Considerations:**
+ *
+ * Permission managers should be fast on the read path (hot path during tool execution)
+ * and can be slower on the write path (triggered only when authorization changes).
+ *
+ * @example
+ * ```typescript
+ * const permissionContract = createSimpleArvoContract({
+ *   uri: '#/permissions/tool-access',
+ *   type: 'permission.tool.access',
+ *   domain: 'human.interaction',
+ *   versions: {
+ *     '1.0.0': {
+ *       accepts: z.object({
+ *         agentId: z.string(),
+ *         requestedTools: z.array(z.string()),
+ *         reason: z.string(),
+ *         workflowContext: z.string(),
+ *       }),
+ *       emits: z.object({
+ *         granted: z.array(z.string()),
+ *         denied: z.array(z.string()),
+ *         expiresAt: z.string().datetime().optional(),
+ *       }),
+ *     },
+ *   },
+ * });
+ *
+ * class ToolPermissionManager implements IPermissionManager<typeof permissionContract> {
+ *   public readonly contract = permissionContract.version('1.0.0');
+ *   // public readonly domains = ['human.interaction'];
+ *   public readonly domains = [ArvoDomain.FROM_EVENT_CONTRACT];
+ *   // Both domains are the same
+ *
+ *   private permissions = new Map<string, Set<string>>();
+ *
+ *   private getKey(source: PermissionManagerContext): string {
+ *     return `${source.name}:${source.subject}`;
+ *   }
+ *
+ *   async get(source, tools) {
+ *     const key = this.getKey(source);
+ *     const granted = this.permissions.get(key) ?? new Set();
+ *     return Object.fromEntries(
+ *       tools.map(tool => [tool.name, granted.has(tool.name)])
+ *     );
+ *   }
+ *
+ *   async set(source, event) {
+ *     const key = this.getKey(source);
+ *     const granted = this.permissions.get(key) ?? new Set();
+ *     for (const tool of event.data.granted) {
+ *       granted.add(tool);
+ *     }
+ *     this.permissions.set(key, granted);
+ *   }
+ *
+ *   async requestBuilder(source, tools) {
+ *     return {
+ *       agentId: source.name,
+ *       requestedTools: tools.map(t => t.name),
+ *       reason: `Agent requires permission: ${tools.map(t => t.name).join(', ')}`,
+ *       workflowContext: source.subject,
+ *     };
+ *   }
+ * }
+ *
+ * const agent = createArvoAgent({
+ *   permissionManager: new ToolPermissionManager(),
+ *   handler: {
+ *     '1.0.0': {
+ *       permissionPolicy: async ({ services }) => [
+ *         services.deleteUser.name,
+ *         services.processRefund.name
+ *       ],
+ *       // ... context and output builders
+ *     }
+ *   }
+ * });
+ * ```
+ */
+export interface IPermissionManager<T extends VersionedArvoContract<SimpleArvoContract<any, any, any>, any> = VersionedArvoContract<SimpleArvoContract<any, any, any>, any>> {
+    /**
+     * Versioned contract defining permission request/response event schemas.
+     *
+     * Follows standard Arvo contract patterns enabling versioning, validation,
+     * and routing like any service contract in the event fabric.
+     */
+    contract: T;
+    /**
+     * Event delivery channel routing hints for permission requests.
+     *
+     * When specified, permission request events are routed to these domains
+     * (e.g., `['human.interaction']` for human approval workflows).
+     * `null` routes to the default system broker.
+     */
+    domains: NonEmptyArray<string> | null;
+    /**
+     * Updates internal permission state with authorization response.
+     *
+     * Called when the agent receives a permission response event. Extract
+     * granted/denied permissions from the event and update internal storage
+     * scoped to the provided context.
+     *
+     * @param source - Context identifying the agent and workflow for scoped storage
+     * @param event - Authorization response matching contract's success emission schema
+     */
+    set(source: PermissionManagerContext, event: InferVersionedArvoContract<T>['emits'][SimpleArvoContractEmitType<T['metadata']['rootType']>], config: {
+        otelInfo: OtelInfoType;
+    }): PromiseAble<void>;
+    /**
+     * Checks current authorization status for requested tools.
+     *
+     * Called in the hot path before tool execution. Should be optimized for
+     * performance for production.
+     *
+     * @param source - Context identifying the agent and workflow for permission lookup
+     * @param tools - Tool definitions to check (uses agent-oriented names from `tool.name`)
+     *
+     * @returns Map of tool names to authorization status where `true` permits execution
+     *          and `false` blocks execution requiring authorization
+     */
+    get(source: PermissionManagerContext, tools: AgentToolDefinition<VersionedArvoContract<any, any> | AgentInternalTool | null>[], config: {
+        otelInfo: OtelInfoType;
+    }): PromiseAble<Record<string, boolean>>;
+    /**
+     * Constructs permission request event payload for blocked tools.
+     *
+     * Called when tools fail authorization checks. Build a payload conforming to
+     * the contract's `accepts` schema, providing sufficient context for external
+     * authorizers (humans, policy engines, IAM services) to make informed decisions.
+     *
+     * @param source - Context identifying the agent and workflow for the request
+     * @param tools - Tool definitions requiring permission (failed `get()` check)
+     *
+     * @returns Event payload matching contract's accepts schema. Use agent-oriented
+     *          tool names from `tools[i].name` for consistency with permission checks.
+     */
+    requestBuilder(source: PermissionManagerContext, tools: AgentToolDefinition<VersionedArvoContract<any, any> | AgentInternalTool | null>[], config: {
+        otelInfo: OtelInfoType;
+    }): PromiseAble<InferVersionedArvoContract<T>['accepts']['data']>;
+}
+//# sourceMappingURL=interfaces.permission.manager.d.ts.map

package/dist/interfaces.permission.manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"interfaces.permission.manager.d.ts","sourceRoot":"","sources":["../src/interfaces.permission.manager.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,0BAA0B,EAC1B,kBAAkB,EAClB,qBAAqB,EACtB,MAAM,WAAW,CAAC;AACnB,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,sDAAsD,CAAC;AACvG,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AACzD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAC3D,OAAO,KAAK,EAAE,aAAa,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAExE;;;;;GAKG;AACH,MAAM,MAAM,wBAAwB,GAAG;IACrC;;;OAGG;IACH,IAAI,EAAE,MAAM,CAAC;IAEb;;;;OAIG;IACH,OAAO,EAAE,MAAM,CAAC;IAEhB;;;;OAIG;IACH,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;CAC9B,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkGG;AACH,MAAM,WAAW,kBAAkB,CAEjC,CAAC,SAAS,qBAAqB,CAAC,kBAAkB,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,EAAE,GAAG,CAAC,GAAG,qBAAqB,CAE7F,kBAAkB,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,EAEjC,GAAG,CACJ;IAED;;;;;OAKG;IACH,QAAQ,EAAE,CAAC,CAAC;IAEZ;;;;;;OAMG;IACH,OAAO,EAAE,aAAa,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC;IAEtC;;;;;;;;;OASG;IACH,GAAG,CACD,MAAM,EAAE,wBAAwB,EAChC,KAAK,EAAE,0BAA0B,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,0BAA0B,CACtE,CAAC,CAAC,UAAU,CAAC,CAAC,UAAU,CAAC,CAC1B,CAAC,EACF,MAAM,EAAE;QAAE,QAAQ,EAAE,YAAY,CAAA;KAAE,GACjC,WAAW,CAAC,IAAI,CAAC,CAAC;IAErB;;;;;;;;;;;OAWG;IACH,GAAG,CACD,MAAM,EAAE,wBAAwB,EAChC,KAAK,EAAE,mBAAmB,CAExB,qBAAqB,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,iBAAiB,GAAG,IAAI,CAC3D,EAAE,EACH,MAAM,EAAE;QAAE,QAAQ,EAAE,YAAY,CAAA;KAAE,GACjC,WAAW,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IAExC;;;;;;;;;;;;OAYG;IACH,cAAc,CACZ,MAAM,EAAE,wBAAwB,EAChC,KAAK,EAAE,mBAAmB,CAExB,qBAAqB,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,iBAAiB,GAAG,IAAI,CAC3D,EAAE,EACH,MAAM,EAAE;QAAE,QAAQ,EAAE,YAAY,CAAA;KAAE,GACjC,WAAW,CAAC,0BAA0B,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;CAClE"}

package/dist/interfaces.permission.manager.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=interfaces.permission.manager.js.map

package/dist/interfaces.permission.manager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"interfaces.permission.manager.js","sourceRoot":"","sources":["../src/interfaces.permission.manager.ts"],"names":[],"mappings":""}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@arvo-tools/agentic",
-  "version": "1.1.0",
+  "version": "1.2.0",
   "description": "Agentic toolset for building applications using arvo-core and arvo-event-handler",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -27,7 +27,6 @@
   "dependencies": {
     "@anthropic-ai/sdk": "^0.71.0",
     "@arizeai/openinference-semantic-conventions": "^2.1.2",
-    "@azure/openai": "^2.0.0",
     "@modelcontextprotocol/sdk": "^1.22.0",
     "@opentelemetry/api": "1.9.0",
     "arvo-core": "^3.0.19",