@atlasent/sdk 1.5.0 → 2.5.0

package/dist/index.cjs

@@ -1,7 +1,9 @@
 "use strict";
+var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __export = (target, all) => {
   for (var name in all)
@@ -15,6 +17,14 @@ var __copyProps = (to, from, except, desc) => {
   }
   return to;
 };
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
 // src/index.ts
@@ -23,22 +33,128 @@ __export(index_exports, {
   AtlaSentClient: () => AtlaSentClient,
   AtlaSentDeniedError: () => AtlaSentDeniedError,
   AtlaSentError: () => AtlaSentError,
+  AtlaSentEscalateError: () => AtlaSentEscalateError,
+  DEFAULT_INCENTIVE_CONFIG: () => DEFAULT_INCENTIVE_CONFIG,
   DEFAULT_RETRY_POLICY: () => DEFAULT_RETRY_POLICY,
+  DEFAULT_RISK_TIER_THRESHOLDS: () => DEFAULT_RISK_TIER_THRESHOLDS,
+  DEPLOYMENT_PRODUCTION_ACTION: () => DEPLOYMENT_PRODUCTION_ACTION,
+  DEPLOY_GATE_CODES: () => DEPLOY_GATE_CODES,
+  FeatureNotEnabledError: () => FeatureNotEnabledError,
+  GovernanceEnforcementError: () => GovernanceEnforcementError,
+  PRODUCTION_DEPLOY_ACTION: () => PRODUCTION_DEPLOY_ACTION,
+  PermitRevoked: () => PermitRevoked,
+  StreamParseError: () => StreamParseError,
+  StreamTimeoutError: () => StreamTimeoutError,
+  V2_BATCH_PATH: () => V2_BATCH_PATH,
+  V2_GRAPHQL_MAX_DEPTH: () => V2_GRAPHQL_MAX_DEPTH,
+  V2_GRAPHQL_PATH: () => V2_GRAPHQL_PATH,
+  V2_MAX_BATCH_ITEMS: () => V2_MAX_BATCH_ITEMS,
+  V2_MAX_BODY_BYTES: () => V2_MAX_BODY_BYTES,
+  V2_STREAM_PATH: () => V2_STREAM_PATH,
+  WebhookVerificationError: () => WebhookVerificationError,
+  assertWebhook: () => assertWebhook,
+  authorizeStream: () => authorizeStream,
+  budgetUtilizationSeverity: () => budgetUtilizationSeverity,
+  buildLiabilityChain: () => buildLiabilityChain,
+  buildLiabilityVisualization: () => buildLiabilityVisualization,
+  buildRiskTimeline: () => buildRiskTimeline,
+  buildSignableContent: () => buildSignableContent,
   canonicalJSON: () => canonicalJSON,
+  canonicalizeForEvidence: () => canonicalizeForEvidence,
+  checkAutonomousBounds: () => checkAutonomousBounds,
+  checkBudgetConstraints: () => checkBudgetConstraints,
+  clampTokenDuration: () => clampTokenDuration,
+  classifyCommand: () => classifyCommand,
+  classifyRiskTier: () => classifyRiskTier,
+  computeApprovalRiskScore: () => computeApprovalRiskScore,
   computeBackoffMs: () => computeBackoffMs,
+  computeEscalatedApprovalCount: () => computeEscalatedApprovalCount,
+  computeExposureScore: () => computeExposureScore,
+  computeGovernanceHealthScore: () => computeGovernanceHealthScore,
+  computeHHI: () => computeHHI,
+  computeLiabilityWeights: () => computeLiabilityWeights,
+  computeOverallRiskScore: () => computeOverallRiskScore,
+  computeOverrideScore: () => computeOverrideScore,
+  computeRemediationUrgency: () => computeRemediationUrgency,
+  computeSignalEngagementRate: () => computeSignalEngagementRate,
   configure: () => configure,
   default: () => index_default,
+  delegationPropagationHadEffect: () => delegationPropagationHadEffect,
+  deployGate: () => deployGate,
+  detectAutonomousAnomaly: () => detectAutonomousAnomaly,
+  detectMisalignedIncentives: () => detectMisalignedIncentives,
+  detectSelfApproval: () => detectSelfApproval,
+  enforceAutonomousBounds: () => enforceAutonomousBounds,
+  enforceBudgetConstraint: () => enforceBudgetConstraint,
+  enforceEconomicGovernance: () => enforceEconomicGovernance,
+  enforceFinancialQuorum: () => enforceFinancialQuorum,
+  evaluateFinancialQuorum: () => evaluateFinancialQuorum,
+  evaluateMany: () => evaluateMany,
+  evidenceRunPasses: () => evidenceRunPasses,
+  findPrimaryLiabilityParties: () => findPrimaryLiabilityParties,
+  formatPolicySyncDiff: () => formatPolicySyncDiff,
+  graphql: () => graphql,
   hasAttemptsLeft: () => hasAttemptsLeft,
+  hhiToConcentrationScore: () => hhiToConcentrationScore,
+  highestSeverityAction: () => highestSeverityAction,
+  hitlRequiredApproverCount: () => hitlRequiredApproverCount,
+  isBudgetExceptionActive: () => isBudgetExceptionActive,
+  isBudgetExceptionTerminal: () => isBudgetExceptionTerminal,
+  isEscalationSlaBreached: () => isEscalationSlaBreached,
+  isFreezeActive: () => isFreezeActive,
+  isImpersonationGrantUsable: () => isImpersonationGrantUsable,
+  isPolicySyncTerminal: () => isPolicySyncTerminal,
+  isRegulatoryEscalationTerminal: () => isRegulatoryEscalationTerminal,
   isRetryable: () => isRetryable,
+  isSandboxDiffPopulated: () => isSandboxDiffPopulated,
+  isSubstantiveSignalResponse: () => isSubstantiveSignalResponse,
+  matchAnomalyRules: () => matchAnomalyRules,
   mergePolicy: () => mergePolicy,
+  nonPassingControls: () => nonPassingControls,
+  normalizeEvaluateRequest: () => normalizeEvaluateRequest,
+  normalizeEvaluateResponse: () => normalizeEvaluateResponse,
+  normalizePermitOutcome: () => normalizePermitOutcome,
   protect: () => protect,
+  requirePermit: () => requirePermit,
+  scoreToRiskTier: () => scoreToRiskTier,
+  serializeSignableContent: () => serializeSignableContent,
   signedBytesFor: () => signedBytesFor,
+  summarizeCrossOrgPermission: () => summarizeCrossOrgPermission,
+  transitionDispute: () => transitionDispute,
+  transitionReversal: () => transitionReversal,
+  validateLiabilityChain: () => validateLiabilityChain,
   verifyAuditBundle: () => verifyAuditBundle,
-  verifyBundle: () => verifyBundle
+  verifyBundle: () => verifyBundle,
+  verifyEvidenceBundleStructure: () => verifyEvidenceBundleStructure,
+  verifyWebhook: () => verifyWebhook,
+  verifyWebhookSignature: () => verifyWebhookSignature,
+  withPermit: () => withPermit,
+  withinAutonomousCeiling: () => withinAutonomousCeiling
 });
 module.exports = __toCommonJS(index_exports);
 
 // src/errors.ts
+var StreamTimeoutError = class extends Error {
+  name = "StreamTimeoutError";
+  /** Timeout that was exceeded, in milliseconds. */
+  timeoutMs;
+  constructor(timeoutMs) {
+    super(`AtlaSent stream timed out after ${timeoutMs}ms with no event`);
+    this.timeoutMs = timeoutMs;
+  }
+};
+var StreamParseError = class extends Error {
+  name = "StreamParseError";
+  /** The raw data string that failed to parse. */
+  rawData;
+  constructor(rawData, cause) {
+    super(`AtlaSent stream received malformed JSON: ${rawData.slice(0, 200)}`);
+    this.rawData = rawData;
+    if (cause !== void 0) {
+      this.cause = cause;
+    }
+  }
+};
 var AtlaSentError = class extends Error {
   // Subclasses override to their own literal (e.g. "AtlaSentDeniedError");
   // keep this assignable rather than pinned to a single literal.
@@ -62,6 +178,18 @@ var AtlaSentError = class extends Error {
     this.retryAfterMs = init.retryAfterMs;
   }
 };
+var KNOWN_PERMIT_OUTCOMES = /* @__PURE__ */ new Set([
+  "permit_consumed",
+  "permit_expired",
+  "permit_revoked",
+  "permit_not_found"
+]);
+function normalizePermitOutcome(raw) {
+  if (raw !== void 0 && KNOWN_PERMIT_OUTCOMES.has(raw)) {
+    return raw;
+  }
+  return void 0;
+}
 var AtlaSentDeniedError = class extends AtlaSentError {
   name = "AtlaSentDeniedError";
   /** Policy decision — `"deny"` today; `"hold"` / `"escalate"` reserved. */
@@ -72,6 +200,12 @@ var AtlaSentDeniedError = class extends AtlaSentError {
   reason;
   /** Hash-chained audit-trail entry associated with the decision. */
   auditHash;
+  /**
+   * Discriminator for permit-side denial reasons. Populated only
+   * when the server reported `verified=false` from `/v1-verify-permit`;
+   * `undefined` for evaluate-time denials. See {@link PermitOutcome}.
+   */
+  outcome;
   constructor(init) {
     const msg = init.reason ? `AtlaSent ${init.decision}: ${init.reason}` : `AtlaSent ${init.decision}`;
     const errInit = { status: 200 };
@@ -81,92 +215,665 @@ var AtlaSentDeniedError = class extends AtlaSentError {
     this.evaluationId = init.evaluationId;
     this.reason = init.reason;
     this.auditHash = init.auditHash;
+    this.outcome = init.outcome;
+  }
+  // ── Outcome discriminators ───────────────────────────────────────
+  // Convenience predicates that mirror the operator runbook's matrix.
+  // Callers can compare `outcome` directly; these are sugar so the
+  // common cases are explicit at the call site.
+  /** `true` when the permit was explicitly revoked (D3 endpoint). */
+  get isRevoked() {
+    return this.outcome === "permit_revoked";
+  }
+  /** `true` when the permit's TTL passed before verification. */
+  get isExpired() {
+    return this.outcome === "permit_expired";
+  }
+  /**
+   * `true` when the permit was already consumed by a prior verify
+   * (v1 single-use replay protection).
+   */
+  get isConsumed() {
+    return this.outcome === "permit_consumed";
+  }
+  /**
+   * `true` when the permit id wasn't recognized server-side
+   * (typo, cross-tenant lookup, or pre-issuance race).
+   */
+  get isNotFound() {
+    return this.outcome === "permit_not_found";
+  }
+};
+var AtlaSentEscalateError = class extends AtlaSentError {
+  name = "AtlaSentEscalateError";
+  /** Always `"escalate"` — discriminates this error from other AtlaSent errors. */
+  decision = "escalate";
+  /** The user whose action triggered the escalation, if available. */
+  userId;
+  constructor(message, opts) {
+    super(message, {
+      ...opts?.requestId !== void 0 ? { requestId: opts.requestId } : {},
+      cause: opts?.cause
+    });
+    this.userId = opts?.userId;
+  }
+};
+var PermitRevoked = class extends AtlaSentError {
+  name = "PermitRevoked";
+  /** The id of the permit that was revoked mid-execution. */
+  permitId;
+  /** The `scope_revocations.id` that triggered the revocation, when available. */
+  revocationId;
+  constructor(permitId, revocationId) {
+    super(
+      revocationId ? `AtlaSent: permit ${permitId} revoked (revocation: ${revocationId}) \u2014 guard heartbeat halted execution` : `AtlaSent: permit ${permitId} revoked \u2014 guard heartbeat halted execution`
+    );
+    this.permitId = permitId;
+    this.revocationId = revocationId;
+  }
+};
+
+// src/types.ts
+var PRODUCTION_DEPLOY_ACTION = "production.deploy";
+var DEPLOYMENT_PRODUCTION_ACTION = "deployment.production";
+var DEPLOY_GATE_CODES = Object.freeze({
+  ALLOW: "ALLOW",
+  DENY_POLICY: "DENY_POLICY",
+  DENY_AUTHORITY: "DENY_AUTHORITY",
+  DENY_ENVIRONMENT: "DENY_ENVIRONMENT",
+  PERMIT_EXPIRED: "PERMIT_EXPIRED",
+  VERIFY_FAILED: "VERIFY_FAILED",
+  ESCALATE_REQUIRED: "ESCALATE_REQUIRED",
+  OVERRIDE_APPROVED: "OVERRIDE_APPROVED"
+});
+
+// src/compat.ts
+function normalizeEvaluateRequest(input) {
+  if ("action" in input && !("action_type" in input)) {
+    console.warn(
+      "[atlasent] Deprecation: action/agent request shape is deprecated. Use action_type/actor_id instead. This compatibility shim will be removed in v3.0.0."
+    );
+    const legacy = input;
+    const normalized = {
+      action_type: legacy.action,
+      actor_id: legacy.agent
+    };
+    if (legacy.context !== void 0) {
+      normalized.context = legacy.context;
+    }
+    return normalized;
+  }
+  return input;
+}
+function normalizeEvaluateResponse(wire) {
+  if (!("decision" in wire) && "permitted" in wire) {
+    const legacy = wire;
+    const normalized = {
+      decision: legacy.permitted ? "allow" : "deny"
+    };
+    if (legacy.decision_id !== void 0) {
+      normalized.permit_token = legacy.decision_id;
+    }
+    if (!legacy.permitted && legacy.reason) {
+      normalized.denial = { reason: legacy.reason };
+    }
+    return normalized;
   }
+  return wire;
+}
+
+// src/retry.ts
+var DEFAULT_RETRY_POLICY = {
+  maxAttempts: 4,
+  baseDelayMs: 2e3,
+  maxDelayMs: 16e3
 };
+var RETRYABLE_CODES = /* @__PURE__ */ new Set([
+  "network",
+  "timeout",
+  "rate_limited",
+  "server_error",
+  "bad_response"
+]);
+function isRetryable(err) {
+  if (!(err instanceof AtlaSentError)) return false;
+  if (err.code === void 0) return false;
+  return RETRYABLE_CODES.has(err.code);
+}
+function computeBackoffMs(attempt, policy = {}, err, random = Math.random) {
+  const merged = mergePolicy(policy);
+  const safeAttempt = Math.max(0, Math.floor(attempt));
+  const exp = Math.min(safeAttempt, 30);
+  const ceiling = Math.min(merged.maxDelayMs, merged.baseDelayMs * 2 ** exp);
+  const jittered = Math.floor(ceiling * clampUnit(random()));
+  const retryAfterMs = err instanceof AtlaSentError && typeof err.retryAfterMs === "number" ? Math.max(0, err.retryAfterMs) : 0;
+  return Math.max(retryAfterMs, jittered);
+}
+function hasAttemptsLeft(attempt, policy = {}) {
+  const merged = mergePolicy(policy);
+  return attempt + 1 < merged.maxAttempts;
+}
+function mergePolicy(policy) {
+  const maxAttempts = Math.max(
+    1,
+    Math.floor(policy.maxAttempts ?? DEFAULT_RETRY_POLICY.maxAttempts)
+  );
+  const baseDelayMs = Math.max(
+    0,
+    policy.baseDelayMs ?? DEFAULT_RETRY_POLICY.baseDelayMs
+  );
+  const maxDelayMs = Math.max(
+    baseDelayMs,
+    policy.maxDelayMs ?? DEFAULT_RETRY_POLICY.maxDelayMs
+  );
+  return { maxAttempts, baseDelayMs, maxDelayMs };
+}
+function clampUnit(n) {
+  if (!Number.isFinite(n)) return 0;
+  if (n < 0) return 0;
+  if (n >= 1) return 0.999999999;
+  return n;
+}
 
 // src/client.ts
 var DEFAULT_BASE_URL = "https://api.atlasent.io";
 var DEFAULT_TIMEOUT_MS = 1e4;
-var SDK_VERSION = "0.1.0";
+var SDK_VERSION = "2.2.0";
+function _buildUserAgent() {
+  const isNode2 = typeof process !== "undefined" && typeof process?.versions?.node === "string";
+  return isNode2 ? `@atlasent/sdk/${SDK_VERSION} node/${process.version}` : `@atlasent/sdk/${SDK_VERSION} browser`;
+}
+var CONTEXT_PROPERTIES_SOFT_CAP = 64;
+function _warnOversizeContext(context) {
+  if (context && Object.keys(context).length > CONTEXT_PROPERTIES_SOFT_CAP) {
+    console.warn(
+      `[atlasent] context has ${Object.keys(context).length} top-level keys (soft cap ${CONTEXT_PROPERTIES_SOFT_CAP}); the server may reject this. Pack richer payloads under a single top-level key.`
+    );
+  }
+}
+function _enforceTls(baseUrl) {
+  const nodeEnvValue = typeof process !== "undefined" && process.env ? process.env.ATLASENT_ALLOW_INSECURE_HTTP : void 0;
+  const allow = nodeEnvValue === "1" || globalThis.ATLASENT_ALLOW_INSECURE_HTTP === "1";
+  if (allow) return baseUrl;
+  let parsed;
+  try {
+    parsed = new URL(baseUrl);
+  } catch {
+    throw new AtlaSentError(`Invalid baseUrl: ${baseUrl}`, {
+      code: "bad_request"
+    });
+  }
+  if (parsed.protocol !== "https:") {
+    throw new AtlaSentError(
+      `AtlaSent baseUrl must use https:// (got ${parsed.protocol}). For local development, set ATLASENT_ALLOW_INSECURE_HTTP=1.`,
+      { code: "bad_request" }
+    );
+  }
+  return baseUrl;
+}
+var API_KEY_PATTERN = /^ask_(?:live|test)_[A-Za-z0-9_-]+$/;
+function _validateApiKey(apiKey) {
+  if (typeof apiKey !== "string" || apiKey.length === 0) {
+    throw new AtlaSentError("apiKey is required", { code: "invalid_api_key" });
+  }
+  if (!API_KEY_PATTERN.test(apiKey)) {
+    const head = apiKey.slice(0, 8);
+    throw new AtlaSentError(
+      `AtlaSent apiKey does not match expected shape \`ask_(live|test)_<entropy>\` (got prefix=${JSON.stringify(head)}). Check for whitespace, quotes, or trailing characters.`,
+      { code: "invalid_api_key" }
+    );
+  }
+  return apiKey;
+}
+var isNode = typeof process !== "undefined" && typeof process.versions?.node === "string";
+var NODE_VERSION = isNode ? process.version : null;
+function deployGateEvidence(input) {
+  const evidence = {};
+  if (input.permitId) evidence.permitId = input.permitId;
+  if (input.permitHash) evidence.permitHash = input.permitHash;
+  if (input.auditHash) evidence.auditHash = input.auditHash;
+  if (input.verifiedAt) evidence.verifiedAt = input.verifiedAt;
+  return evidence;
+}
 var AtlaSentClient = class {
   apiKey;
   baseUrl;
   timeoutMs;
   fetchImpl;
+  userAgent;
+  retryPolicy;
   constructor(options) {
     if (!options.apiKey || typeof options.apiKey !== "string") {
       throw new AtlaSentError("apiKey is required", {
         code: "invalid_api_key"
       });
     }
-    this.apiKey = options.apiKey;
-    this.baseUrl = (options.baseUrl ?? DEFAULT_BASE_URL).replace(/\/+$/, "");
+    if (typeof AbortSignal.timeout !== "function") {
+      throw new AtlaSentError(
+        "@atlasent/sdk requires AbortSignal.timeout, which is not available in this runtime. Minimum supported browsers: Chrome 103+, Firefox 100+, Safari 16+. Upgrade your browser or add an AbortSignal.timeout polyfill.",
+        { code: "network" }
+      );
+    }
+    this.apiKey = _validateApiKey(options.apiKey);
+    this.baseUrl = _enforceTls(options.baseUrl ?? DEFAULT_BASE_URL).replace(
+      /\/+$/,
+      ""
+    );
     this.timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT_MS;
     this.fetchImpl = options.fetch ?? globalThis.fetch.bind(globalThis);
+    this.userAgent = _buildUserAgent();
+    this.retryPolicy = mergePolicy(options.retryPolicy ?? {});
   }
   /**
    * Ask the policy engine whether an agent action is permitted.
    *
-   * A "DENY" is **not** thrown — it is returned in
+   * Accepts either the current v2.0 shape (`action_type` / `actor_id`)
+   * or the legacy v1.x shape (`action` / `agent`). Legacy callers
+   * receive a deprecation warning via `console.warn`; the shim is
+   * handled by {@link normalizeEvaluateRequest} and will be removed
+   * in v3.0.0.
+   *
+   * A "deny" is **not** thrown — it is returned in
    * `response.decision`. Network errors, invalid API key, rate
    * limits, timeouts, and malformed responses throw
    * {@link AtlaSentError}.
    */
   async evaluate(input) {
+    _warnOversizeContext(input.context);
+    const normalized = normalizeEvaluateRequest(
+      input
+    );
     const body = {
-      action: input.action,
-      agent: input.agent,
-      context: input.context ?? {},
-      api_key: this.apiKey
+      action_type: normalized.action_type,
+      actor_id: normalized.actor_id,
+      context: normalized.context ?? {}
     };
-    const { body: wire, rateLimit } = await this.post("/v1-evaluate", body);
-    if (typeof wire.permitted !== "boolean" || typeof wire.decision_id !== "string") {
+    const { body: wire, rateLimit } = await this.post(
+      "/v1-evaluate",
+      body
+    );
+    let decision = typeof wire.decision === "string" ? wire.decision.toLowerCase() : wire.decision;
+    if (decision === void 0 && typeof wire.permitted === "boolean") {
+      decision = wire.permitted ? "allow" : "deny";
+    }
+    const permitToken = wire.permit_token ?? wire.decision_id;
+    if (decision !== "allow" && decision !== "deny" && decision !== "hold" && decision !== "escalate") {
+      throw new AtlaSentError(
+        "Malformed response from /v1-evaluate: missing `decision` (or legacy `permitted`)",
+        { code: "bad_response" }
+      );
+    }
+    if (decision === "allow" && (typeof permitToken !== "string" || permitToken.length === 0)) {
       throw new AtlaSentError(
-        "Malformed response from /v1-evaluate: missing `permitted` or `decision_id`",
+        "Malformed response from /v1-evaluate: decision='allow' but no `permit_token` (or legacy `decision_id`)",
         { code: "bad_response" }
       );
     }
+    const reason = wire.denial?.reason ?? wire.reason ?? "";
+    const permitId = permitToken ?? "";
     return {
-      decision: wire.permitted ? "ALLOW" : "DENY",
-      permitId: wire.decision_id,
-      reason: wire.reason ?? "",
+      decision,
+      decision_canonical: decision,
+      evaluationId: permitId,
+      permitId,
+      // /v1-evaluate does not return a control-plane-shaped Permit body;
+      // callers needing the full record fetch GET /v1/permits/:id.
+      permit: null,
+      permitToken: decision === "allow" ? permitToken ?? null : null,
+      reasons: reason ? [reason] : [],
+      reason,
       auditHash: wire.audit_hash ?? "",
       timestamp: wire.timestamp ?? "",
       rateLimit
     };
   }
+  /**
+   * Pre-flight evaluation that always returns the constraint trace.
+   *
+   * Wraps `POST /v1-evaluate?include=constraint_trace`. Use this from
+   * a workflow's submission step to surface trivial defects (missing
+   * fields, wrong roles, mis-set context) BEFORE pushing the request
+   * onto an approval queue — only requests that would actually pass
+   * make it through to a human reviewer.
+   *
+   * Returns an {@link EvaluatePreflightResponse} carrying the regular
+   * {@link EvaluateResponse} plus the {@link ConstraintTrace}. Unlike
+   * {@link evaluate}, this method does NOT mark a non-allow as a
+   * thrown condition — the whole point is to inspect both the outcome
+   * AND the per-policy trace, so the caller branches on
+   * `result.evaluation.decision` and reads `result.constraintTrace`
+   * to render the failing stages.
+   *
+   * The constraint-trace shape mirrors `ConstraintTraceResponse` in
+   * atlasent-api (`packages/types/src/index.ts`). On older
+   * atlasent-api deployments that omit the trace, `constraintTrace`
+   * is `null` rather than throwing — forward-compatible degradation.
+   *
+   * Performance: one extra round-trip on submission. Latency is
+   * comparable to {@link evaluate}; the response body is fuller
+   * (includes the per-stage trace) so the wire payload is larger.
+   * If the caller does not need the trace, prefer {@link evaluate}.
+   */
+  async evaluatePreflight(input) {
+    _warnOversizeContext(input.context);
+    const body = {
+      action_type: input.action,
+      actor_id: input.agent,
+      context: input.context ?? {}
+    };
+    const query = new URLSearchParams({ include: "constraint_trace" });
+    const { body: wire, rateLimit } = await this.post(
+      "/v1-evaluate",
+      body,
+      query
+    );
+    let decision = typeof wire.decision === "string" ? wire.decision.toLowerCase() : wire.decision;
+    if (decision === void 0 && typeof wire.permitted === "boolean") {
+      decision = wire.permitted ? "allow" : "deny";
+    }
+    if (decision !== "allow" && decision !== "deny" && decision !== "hold" && decision !== "escalate") {
+      throw new AtlaSentError(
+        "Malformed response from /v1-evaluate: missing `decision` (or legacy `permitted`)",
+        { code: "bad_response" }
+      );
+    }
+    const permitToken = wire.permit_token ?? wire.decision_id;
+    const reason = wire.denial?.reason ?? wire.reason ?? "";
+    const permitId = permitToken ?? "";
+    const evaluation = {
+      decision,
+      decision_canonical: decision,
+      evaluationId: permitId,
+      permitId,
+      // /v1-evaluate does not return a control-plane-shaped Permit body;
+      // callers needing the full record fetch GET /v1/permits/:id.
+      permit: null,
+      permitToken: decision === "allow" ? permitToken ?? null : null,
+      reasons: reason ? [reason] : [],
+      reason,
+      auditHash: wire.audit_hash ?? "",
+      timestamp: wire.timestamp ?? "",
+      rateLimit
+    };
+    let constraintTrace = null;
+    if (wire.constraint_trace !== void 0 && wire.constraint_trace !== null && typeof wire.constraint_trace === "object") {
+      constraintTrace = wire.constraint_trace;
+    }
+    return { evaluation, constraintTrace };
+  }
   /**
    * Verify that a previously issued permit is still valid.
    *
+   * @deprecated Use {@link verifyPermitById} — the canonical REST
+   * surface (`POST /v1/permits/{id}/verify`) returns the unified
+   * verification envelope plus the full {@link PermitRecord}, instead
+   * of the legacy `{verified, outcome, permitHash}` shape this method
+   * emits. Will be removed in `@atlasent/sdk@3`.
+   *
    * A `verified: false` response is **not** thrown — inspect the
    * returned object. Only transport / server errors throw.
    */
   async verifyPermit(input) {
+    _warnOversizeContext(input.context);
     const body = {
-      decision_id: input.permitId,
-      action: input.action ?? "",
-      agent: input.agent ?? "",
-      context: input.context ?? {},
-      api_key: this.apiKey
+      permit_token: input.permitId,
+      action_type: input.action ?? "",
+      actor_id: input.agent ?? ""
     };
+    if (input.environment !== void 0) {
+      body.environment = input.environment;
+    }
+    if (input.execution_hash !== void 0) {
+      body.execution_hash = input.execution_hash;
+    }
     const { body: wire, rateLimit } = await this.post(
       "/v1-verify-permit",
       body
     );
-    if (typeof wire.verified !== "boolean") {
+    const valid = typeof wire.valid === "boolean" ? wire.valid : wire.verified;
+    if (typeof valid !== "boolean") {
       throw new AtlaSentError(
-        "Malformed response from /v1-verify-permit: missing `verified`",
+        "Malformed response from /v1-verify-permit: missing `valid` (or legacy `verified`)",
         { code: "bad_response" }
       );
     }
     return {
-      verified: wire.verified,
+      verified: valid,
       outcome: wire.outcome ?? "",
       permitHash: wire.permit_hash ?? "",
       timestamp: wire.timestamp ?? "",
       rateLimit
     };
   }
+  /**
+   * Run the canonical Deploy Gate V1 flow:
+   * evaluate `production.deploy`, verify the issued permit server-side,
+   * and return allow/block plus audit/evidence metadata.
+   *
+   * This helper never treats a signed/offline permit artifact as sufficient
+   * authorization. Execution is allowed only when `POST /v1-evaluate` returns
+   * `decision: "allow"` with a permit AND `POST /v1-verify-permit` returns
+   * `verified: true` / `valid: true`.
+   */
+  async deployGate(input = {}) {
+    const agent = input.agent ?? "ci-deploy-bot";
+    const action = input.action ?? PRODUCTION_DEPLOY_ACTION;
+    const context = input.context ?? {};
+    const evaluation = await this.evaluate({ agent, action, context });
+    if (evaluation.decision !== "allow") {
+      return {
+        allowed: false,
+        evaluation,
+        reason: evaluation.reason || `Deploy Gate blocked by decision=${evaluation.decision}`,
+        evidence: deployGateEvidence({
+          permitId: evaluation.permitId,
+          auditHash: evaluation.auditHash
+        })
+      };
+    }
+    const verification = await this.verifyPermit({
+      permitId: evaluation.permitId,
+      agent,
+      action,
+      context
+    });
+    if (!verification.verified) {
+      return {
+        allowed: false,
+        evaluation,
+        verification,
+        reason: verification.outcome ? `Deploy Gate blocked by permit verification outcome=${verification.outcome}` : "Deploy Gate blocked because permit verification failed",
+        evidence: deployGateEvidence({
+          permitId: evaluation.permitId,
+          permitHash: verification.permitHash,
+          auditHash: evaluation.auditHash,
+          verifiedAt: verification.timestamp
+        })
+      };
+    }
+    return {
+      allowed: true,
+      evaluation,
+      verification,
+      reason: evaluation.reason || "Deploy Gate permit verified",
+      evidence: deployGateEvidence({
+        permitId: evaluation.permitId,
+        permitHash: verification.permitHash,
+        auditHash: evaluation.auditHash,
+        verifiedAt: verification.timestamp
+      })
+    };
+  }
+  /**
+   * Revoke a previously-issued permit so it can no longer pass
+   * {@link verifyPermit}.
+   *
+   * @deprecated Use {@link revokePermitById} — the canonical REST
+   * surface (`POST /v1/permits/{id}/revoke`) returns the full updated
+   * {@link PermitRecord} with `revoked_at`/`revoked_by`/`revoke_reason`
+   * populated, instead of the legacy `{revoked, permitId}` envelope
+   * this method emits. Will be removed in `@atlasent/sdk@3`.
+   *
+   * Use this when an agent's action is cancelled, superseded, or
+   * determined to be unauthorized after the fact. The revocation is
+   * recorded in the audit log with the optional `reason`.
+   *
+   * Throws {@link AtlaSentError} on transport / auth failures.
+   */
+  async revokePermit(input) {
+    const body = {
+      decision_id: input.permitId,
+      reason: input.reason ?? "",
+      api_key: this.apiKey
+    };
+    const { body: wire, rateLimit } = await this.post("/v1-revoke-permit", body);
+    if (typeof wire.revoked !== "boolean" || typeof wire.decision_id !== "string") {
+      throw new AtlaSentError(
+        "Malformed response from /v1-revoke-permit: missing `revoked` or `decision_id`",
+        { code: "bad_response" }
+      );
+    }
+    return {
+      revoked: wire.revoked,
+      permitId: wire.decision_id,
+      revokedAt: wire.revoked_at,
+      auditHash: wire.audit_hash,
+      rateLimit
+    };
+  }
+  /**
+   * Revoke a permit through the canonical REST surface
+   * (`POST /v1/permits/{permitId}/revoke`).
+   *
+   * Returns the full updated {@link PermitRecord} with `status === 'revoked'`
+   * and `revoked_at` / `revoked_by` / `revoke_reason` populated. After
+   * revocation, subsequent verify calls return `410 PERMIT_REVOKED`.
+   *
+   * Idempotent on `409 permit_revoked` for already-revoked permits;
+   * server returns the existing revoked row in that case.
+   *
+   * Throws {@link AtlaSentError} on `404` (permit not in calling org),
+   * `409` (already in a terminal state), `410` (expired before revoke),
+   * or `429` (rate limited).
+   */
+  async revokePermitById(permitId, input = {}) {
+    if (!permitId) {
+      throw new AtlaSentError("permitId is required", { code: "bad_request" });
+    }
+    const body = {};
+    if (input.reason !== void 0) body.reason = input.reason;
+    const { body: wire, rateLimit } = await this.post(
+      `/v1/permits/${encodeURIComponent(permitId)}/revoke`,
+      body
+    );
+    return { permit: wire, rateLimit };
+  }
+  /**
+   * Verify a permit through the canonical REST surface
+   * (`POST /v1/permits/{permitId}/verify`).
+   *
+   * Returns the unified verification envelope (`valid`,
+   * `verification_type: 'permit'`, `reason`, `verified_at`, `evidence`)
+   * plus the full {@link PermitRecord} fields preserved at the top
+   * level. The `valid` field is the contract — pin to it.
+   *
+   * A `valid: false` is **not** thrown when the server returns 200 with
+   * a denial reason (matches the verify-shape unification on the wire);
+   * it is thrown on 4xx (`404` not found, `410` expired/consumed).
+   */
+  async verifyPermitById(permitId) {
+    if (!permitId) {
+      throw new AtlaSentError("permitId is required", { code: "bad_request" });
+    }
+    const { body: wire, rateLimit } = await this.post(`/v1/permits/${encodeURIComponent(permitId)}/verify`, {});
+    const { valid, verification_type, reason, verified_at, evidence, ...row } = wire;
+    return {
+      valid,
+      verification_type,
+      reason,
+      verified_at,
+      evidence,
+      permit: row,
+      rateLimit
+    };
+  }
+  /**
+   * Get a single permit's full lifecycle state.
+   *
+   * Calls `GET /v1/permits/{permitId}` (the canonical REST surface).
+   * Returns `status`, all timestamps, `revoked_at` / `revoked_by` /
+   * `revoke_reason` (when applicable), and the bound `payload_hash`
+   * / `decision_id`.
+   *
+   * Operator-facing introspection — answers "what state is this permit
+   * in, and why?" without reading audit logs.
+   *
+   * Throws {@link AtlaSentError} on `404` (permit not in calling org)
+   * or `410` (expired before retrieval).
+   */
+  async getPermit(permitId) {
+    if (!permitId) {
+      throw new AtlaSentError("permitId is required", { code: "bad_request" });
+    }
+    const { body: wire, rateLimit } = await this.get(
+      `/v1/permits/${encodeURIComponent(permitId)}`
+    );
+    return { permit: wire, rateLimit };
+  }
+  /**
+   * Poll whether a permit is currently valid.
+   *
+   * Calls `GET /v1/permits/{permitId}/valid` — a lightweight read
+   * returning only the status snapshot optimised for guard heartbeat
+   * polling. Guards with `permitRevalidationIntervalMs` set race this
+   * against `tool.execute()` and throw {@link PermitRevoked} when
+   * `status === "revoked"` arrives.
+   *
+   * Throws {@link AtlaSentError} on transport / auth failures.
+   */
+  async checkPermitValid(permitId) {
+    if (!permitId) {
+      throw new AtlaSentError("permitId is required", { code: "bad_request" });
+    }
+    const { body } = await this.get(
+      `/v1/permits/${encodeURIComponent(permitId)}/valid`
+    );
+    return body;
+  }
+  /**
+   * List permits issued to the calling org, most-recently-issued first.
+   *
+   * Calls `GET /v1/permits` (the canonical REST surface). Cursor-paged.
+   * Filters narrow on server side; pagination uses the `created_at`
+   * timestamp opaquely (`nextCursor`).
+   *
+   * Designed for incident review, debugging, and compliance
+   * reconstruction.
+   */
+  async listPermits(input = {}) {
+    const params = new URLSearchParams();
+    if (input.status) params.set("status", input.status);
+    if (input.actorId) params.set("actor_id", input.actorId);
+    if (input.actionType) params.set("action_type", input.actionType);
+    if (input.from) params.set("from", input.from);
+    if (input.to) params.set("to", input.to);
+    if (input.limit !== void 0) params.set("limit", String(input.limit));
+    if (input.cursor) params.set("cursor", input.cursor);
+    const { body: wire, rateLimit } = await this.get("/v1/permits", params);
+    if (!Array.isArray(wire.permits)) {
+      throw new AtlaSentError(
+        "Malformed response from /v1/permits: missing `permits` array",
+        { code: "bad_response" }
+      );
+    }
+    const result = {
+      permits: wire.permits,
+      total: typeof wire.total === "number" ? wire.total : wire.permits.length,
+      rateLimit
+    };
+    if (wire.next_cursor !== void 0) result.nextCursor = wire.next_cursor;
+    return result;
+  }
   /**
    * Self-introspection: ask the server to describe the API key this
    * client was constructed with. Returns the key's ID, organization,
@@ -181,9 +888,7 @@ var AtlaSentClient = class {
    * taxonomy as {@link AtlaSentClient.evaluate}.
    */
   async keySelf() {
-    const { body: wire, rateLimit } = await this.get(
-      "/v1-api-key-self"
-    );
+    const { body: wire, rateLimit } = await this.get("/v1-api-key-self");
     if (typeof wire.key_id !== "string" || typeof wire.organization_id !== "string") {
       throw new AtlaSentError(
         "Malformed response from /v1-api-key-self: missing `key_id` or `organization_id`",
@@ -258,60 +963,756 @@ var AtlaSentClient = class {
     }
     return { ...wire, rateLimit };
   }
-  async post(path, body) {
-    return this.request(path, "POST", body, void 0);
-  }
-  async get(path, query) {
-    return this.request(path, "GET", void 0, query);
-  }
-  async request(path, method, body, query) {
-    const qs = query && Array.from(query).length > 0 ? `?${query.toString()}` : "";
-    const url = `${this.baseUrl}${path}${qs}`;
-    const requestId = globalThis.crypto.randomUUID();
-    const headers = {
-      Accept: "application/json",
-      Authorization: `Bearer ${this.apiKey}`,
-      "User-Agent": `@atlasent/sdk/${SDK_VERSION} node/${process.version}`,
-      "X-Request-ID": requestId
-    };
-    if (method === "POST") headers["Content-Type"] = "application/json";
-    const init = {
-      method,
-      headers,
-      signal: AbortSignal.timeout(this.timeoutMs)
+  /**
+   * Open a streaming evaluation session against `POST /v1-evaluate-stream`.
+   *
+   * Yields {@link StreamDecisionEvent} and {@link StreamProgressEvent} objects
+   * as the server emits them. The iterator ends cleanly when the server sends
+   * `event: done`; it throws {@link AtlaSentError} on transport errors or when
+   * the server sends `event: error`.
+   *
+   * The final {@link StreamDecisionEvent} (isFinal: true) carries a `permitId`
+   * suitable for passing to {@link verifyPermit} after the stream closes.
+   *
+   * Hardening:
+   * - Throws {@link StreamTimeoutError} when no event arrives within
+   *   `opts.timeoutMs` (default 30 s). Pass `0` to disable.
+   * - Retries up to `opts.maxRetries` times (default 3) with 1 s / 2 s / 4 s
+   *   delays on network drop (before a terminal event). Sends `Last-Event-ID`
+   *   on reconnect when the server has emitted event IDs.
+   * - Throws {@link StreamParseError} on partial / malformed JSON rather than
+   *   crashing with a raw `SyntaxError`.
+   * - Closes cleanly on `event: done` or a decision event with `done: true`.
+   *
+   * ```ts
+   * for await (const event of client.protectStream({ agent, action })) {
+   *   if (event.type === "decision" && event.isFinal) {
+   *     await client.verifyPermit({ permitId: event.permitId });
+   *   }
+   * }
+   * ```
+   */
+  async *protectStream(input, opts = {}) {
+    const streamTimeoutMs = opts.timeoutMs ?? 3e4;
+    const maxRetries = opts.maxRetries ?? 3;
+    const body = {
+      action: input.action,
+      agent: input.agent,
+      context: input.context ?? {},
+      api_key: this.apiKey
     };
-    if (method === "POST") init.body = JSON.stringify(body);
-    let response;
-    try {
-      response = await this.fetchImpl(url, init);
-    } catch (err) {
-      throw mapFetchError(err, requestId);
+    const requestId = globalThis.crypto.randomUUID();
+    const url = `${this.baseUrl}/v1-evaluate-stream`;
+    let lastEventId;
+    let retryCount = 0;
+    while (true) {
+      const headers = {
+        Accept: "text/event-stream",
+        "Content-Type": "application/json",
+        Authorization: `Bearer ${this.apiKey}`,
+        "User-Agent": this.userAgent,
+        "X-Request-ID": requestId
+      };
+      if (lastEventId !== void 0) {
+        headers["Last-Event-ID"] = lastEventId;
+      }
+      const connectionTimeoutSignal = AbortSignal.timeout(this.timeoutMs);
+      const signal = opts.signal ? AbortSignal.any([connectionTimeoutSignal, opts.signal]) : connectionTimeoutSignal;
+      let response;
+      try {
+        response = await this.fetchImpl(url, {
+          method: "POST",
+          headers,
+          body: JSON.stringify(body),
+          signal
+        });
+      } catch (err) {
+        const mapped = mapFetchError(err, requestId);
+        if (mapped.code === "network" && retryCount < maxRetries) {
+          retryCount++;
+          await sleep(1e3 * Math.pow(2, retryCount - 1));
+          continue;
+        }
+        throw mapped;
+      }
+      if (!response.ok) {
+        throw await buildHttpError(response, requestId);
+      }
+      if (!response.body) {
+        throw new AtlaSentError("Expected streaming body from AtlaSent API", {
+          code: "bad_response",
+          status: response.status,
+          requestId
+        });
+      }
+      let streamDone = false;
+      let networkDrop = false;
+      try {
+        for await (const event of parseSseStream(
+          response.body,
+          requestId,
+          streamTimeoutMs,
+          (id) => {
+            lastEventId = id;
+          }
+        )) {
+          yield event;
+          if (event.type === "decision" && event.isFinal) {
+            streamDone = true;
+          }
+        }
+        streamDone = true;
+      } catch (err) {
+        if (err instanceof AtlaSentError && err.code === "network") {
+          networkDrop = true;
+        } else {
+          throw err;
+        }
+      }
+      if (streamDone) break;
+      if (networkDrop && retryCount < maxRetries) {
+        retryCount++;
+        await sleep(1e3 * Math.pow(2, retryCount - 1));
+        continue;
+      }
+      if (networkDrop) {
+        throw new AtlaSentError(
+          `AtlaSent stream dropped after ${retryCount} reconnection attempts`,
+          { code: "network", requestId }
+        );
+      }
+      break;
+    }
+  }
+  async post(path, body, query) {
+    return this.request(path, "POST", body, query);
+  }
+  async get(path, query) {
+    return this.request(path, "GET", void 0, query);
+  }
+  async request(path, method, body, query) {
+    const qs = query && Array.from(query).length > 0 ? `?${query.toString()}` : "";
+    const url = `${this.baseUrl}${path}${qs}`;
+    const requestId = globalThis.crypto.randomUUID();
+    const headers = {
+      Accept: "application/json",
+      Authorization: `Bearer ${this.apiKey}`,
+      "User-Agent": this.userAgent,
+      "X-Request-ID": requestId
+    };
+    if (method === "POST") headers["Content-Type"] = "application/json";
+    const bodyStr = method === "POST" ? JSON.stringify(body) : void 0;
+    for (let attempt = 0; ; attempt++) {
+      const init = {
+        method,
+        headers,
+        signal: AbortSignal.timeout(this.timeoutMs)
+      };
+      if (bodyStr !== void 0) init.body = bodyStr;
+      let response;
+      try {
+        response = await this.fetchImpl(url, init);
+      } catch (err) {
+        const mapped = mapFetchError(err, requestId);
+        if (isRetryable(mapped) && hasAttemptsLeft(attempt, this.retryPolicy)) {
+          await sleep(computeBackoffMs(attempt, this.retryPolicy, mapped));
+          continue;
+        }
+        throw mapped;
+      }
+      if (!response.ok) {
+        const httpErr = await buildHttpError(response, requestId);
+        if (isRetryable(httpErr) && hasAttemptsLeft(attempt, this.retryPolicy)) {
+          await sleep(computeBackoffMs(attempt, this.retryPolicy, httpErr));
+          continue;
+        }
+        throw httpErr;
+      }
+      let parsed;
+      try {
+        parsed = await response.json();
+      } catch (err) {
+        const jsonErr = new AtlaSentError(
+          "Invalid JSON response from AtlaSent API",
+          {
+            code: "bad_response",
+            status: response.status,
+            requestId,
+            cause: err
+          }
+        );
+        if (isRetryable(jsonErr) && hasAttemptsLeft(attempt, this.retryPolicy)) {
+          await sleep(computeBackoffMs(attempt, this.retryPolicy, jsonErr));
+          continue;
+        }
+        throw jsonErr;
+      }
+      if (parsed === null || typeof parsed !== "object") {
+        const shapeErr = new AtlaSentError(
+          "Expected a JSON object from AtlaSent API",
+          {
+            code: "bad_response",
+            status: response.status,
+            requestId
+          }
+        );
+        if (isRetryable(shapeErr) && hasAttemptsLeft(attempt, this.retryPolicy)) {
+          await sleep(computeBackoffMs(attempt, this.retryPolicy, shapeErr));
+          continue;
+        }
+        throw shapeErr;
+      }
+      return {
+        body: parsed,
+        rateLimit: parseRateLimitHeaders(response.headers)
+      };
     }
-    if (!response.ok) {
-      throw await buildHttpError(response, requestId);
+  }
+  /**
+   * Open a new HITL escalation. Bridges a `hold` outcome from
+   * `protect()` to the approval queue: an agent that receives a
+   * `hold` decision calls this to enroll the proposed action for
+   * human review. The returned escalation can then be polled with
+   * `getHitlEscalation()` or driven to terminal by
+   * `approveHitlEscalation()` / `rejectHitlEscalation()`.
+   *
+   * Quorum, pool size, fallback decision and routing inherit from
+   * the server-side policy when omitted from `input`.
+   *
+   * Calls `POST /v1/hitl`.
+   */
+  async createHitlEscalation(input) {
+    const { body, rateLimit } = await this.post(
+      "/v1/hitl",
+      input
+    );
+    return { escalation: body, rateLimit };
+  }
+  /**
+   * List HITL escalations for the calling org. Defaults to
+   * `status=pending`; pass `status` to query other queues
+   * (`escalated`, `approved`, `rejected`, `auto_approved`,
+   * `timed_out`).
+   *
+   * Calls `GET /v1/hitl`.
+   */
+  async listHitlEscalations(input = {}) {
+    const params = new URLSearchParams();
+    if (input.status) params.set("status", input.status);
+    if (input.agentId) params.set("agent_id", input.agentId);
+    if (input.assignedToUserId)
+      params.set("assigned_to_user_id", input.assignedToUserId);
+    if (input.limit !== void 0) params.set("limit", String(input.limit));
+    if (input.cursor) params.set("cursor", input.cursor);
+    const { body, rateLimit } = await this.get(
+      "/v1/hitl",
+      params
+    );
+    return { data: body, rateLimit };
+  }
+  /**
+   * Get a HITL escalation. The server payload includes a live
+   * `quorum_progress` snapshot when the escalation is still open.
+   *
+   * Calls `GET /v1/hitl/:id`.
+   */
+  async getHitlEscalation(escalationId) {
+    if (!escalationId) {
+      throw new AtlaSentError("escalationId is required", {
+        code: "bad_request"
+      });
     }
-    let parsed;
-    try {
-      parsed = await response.json();
-    } catch (err) {
-      throw new AtlaSentError("Invalid JSON response from AtlaSent API", {
-        code: "bad_response",
-        status: response.status,
-        requestId,
-        cause: err
+    const { body, rateLimit } = await this.get(
+      `/v1/hitl/${encodeURIComponent(escalationId)}`
+    );
+    return { escalation: body, rateLimit };
+  }
+  /**
+   * List per-approver vote rows for an escalation.
+   * Calls `GET /v1/hitl/:id/approvals`.
+   */
+  async listHitlApprovals(escalationId) {
+    const { body, rateLimit } = await this.get(`/v1/hitl/${encodeURIComponent(escalationId)}/approvals`);
+    return { approvals: body.approvals ?? [], rateLimit };
+  }
+  /**
+   * List the escalation chain hops for an escalation. Each `/escalate`
+   * call appends one row.
+   * Calls `GET /v1/hitl/:id/chain`.
+   */
+  async getHitlChain(escalationId) {
+    const { body, rateLimit } = await this.get(
+      `/v1/hitl/${encodeURIComponent(escalationId)}/chain`
+    );
+    return { chain: body.chain ?? [], rateLimit };
+  }
+  /**
+   * Record an approve vote. Resolves the escalation only once the
+   * server-side quorum count is satisfied; before that the response
+   * carries a refreshed escalation row with the latest
+   * `quorum_progress`.
+   *
+   * Calls `POST /v1/hitl/:id/approve`. The server returns 409
+   * `duplicate_vote` if the same principal has already voted, and
+   * 409 `already_rejected` if a concurrent reject crossed the line.
+   */
+  async approveHitlEscalation(escalationId, input = {}) {
+    const { body, rateLimit } = await this.post(
+      `/v1/hitl/${encodeURIComponent(escalationId)}/approve`,
+      input
+    );
+    return { escalation: body, rateLimit };
+  }
+  /**
+   * Record a reject vote. Reject is short-circuit terminal — a single
+   * reject closes the escalation regardless of how many approves have
+   * accumulated.
+   *
+   * Calls `POST /v1/hitl/:id/reject`.
+   */
+  async rejectHitlEscalation(escalationId, input = {}) {
+    const { body, rateLimit } = await this.post(
+      `/v1/hitl/${encodeURIComponent(escalationId)}/reject`,
+      input
+    );
+    return { escalation: body, rateLimit };
+  }
+  /**
+   * Re-route an open escalation to a higher tier. Bounded by the
+   * escalation's `max_escalation_depth` — the server returns 409
+   * `chain_exhausted` and applies the configured fallback decision
+   * once the ceiling is hit.
+   *
+   * Calls `POST /v1/hitl/:id/escalate`.
+   */
+  async escalateHitlEscalation(escalationId, input) {
+    const { body, rateLimit } = await this.post(
+      `/v1/hitl/${encodeURIComponent(escalationId)}/escalate`,
+      input
+    );
+    return { escalation: body, rateLimit };
+  }
+  /**
+   * Manually apply the escalation's `fallback_decision`. Useful for
+   * admin recovery of a hung escalation when the cron sweeper hasn't
+   * run yet, or to short-circuit a stuck flow during incident
+   * response.
+   *
+   * Calls `POST /v1/hitl/:id/timeout`.
+   */
+  async timeoutHitlEscalation(escalationId) {
+    const { body, rateLimit } = await this.post(
+      `/v1/hitl/${encodeURIComponent(escalationId)}/timeout`,
+      {}
+    );
+    return { escalation: body, rateLimit };
+  }
+  /**
+   * Run a named governance graph traversal query.
+   *
+   * Dispatches to `GET /v1/governance/graph/query?type=<queryType>`.
+   * Each query type returns a different row shape — the return type
+   * narrows automatically based on the literal `queryType` argument.
+   *
+   * `"user_approvals"` requires `params.actor_id` — the server returns
+   * a 400 if it is absent.
+   */
+  async queryGovernanceGraph(queryType, params = {}) {
+    const qs = new URLSearchParams({ type: queryType });
+    if (params.actor_id) qs.set("actor_id", params.actor_id);
+    const { body, rateLimit } = await this.get("/v1/governance/graph/query", qs);
+    return { ...body, rateLimit };
+  }
+  /**
+   * Reconstruct the multi-system execution timeline for a specific incident.
+   *
+   * Calls `GET /v1/governance/timeline/incident/{incidentId}`. Backed
+   * server-side by `reconstruct_incident_chains_v2()`, which fixes the
+   * `executor_id → actor_id` bug that silently produced empty timelines
+   * in the original function.
+   *
+   * Returns full execution rows including the §13.1 columns
+   * (`delegation_chain_id`, `replay_of_execution_id`, `incident_id`,
+   * `policy_version_id`, `bundle_version_id`) alongside the actor
+   * timeline and evidence rows.
+   */
+  async getIncidentTimeline(incidentId) {
+    if (!incidentId) {
+      throw new AtlaSentError("incidentId is required", {
+        code: "bad_request"
       });
     }
-    if (parsed === null || typeof parsed !== "object") {
-      throw new AtlaSentError("Expected a JSON object from AtlaSent API", {
-        code: "bad_response",
-        status: response.status,
-        requestId
+    const { body, rateLimit } = await this.get(`/v1/governance/timeline/incident/${encodeURIComponent(incidentId)}`);
+    return { ...body, rateLimit };
+  }
+  // ── Connector Management ─────────────────────────────────────────────────
+  /**
+   * List connectors registered for the calling org.
+   * Calls `GET /v1/governance/connectors`.
+   */
+  async listConnectors(options = {}) {
+    const params = new URLSearchParams();
+    if (options.cursor) params.set("cursor", options.cursor);
+    if (options.limit !== void 0) params.set("limit", String(options.limit));
+    const { body, rateLimit } = await this.get("/v1/governance/connectors", params);
+    const result = {
+      connectors: body.connectors ?? [],
+      total: body.total,
+      rateLimit
+    };
+    if (body.next_cursor) result.nextCursor = body.next_cursor;
+    return result;
+  }
+  /**
+   * Register and install a new connector for the calling org.
+   * Calls `POST /v1/governance/connectors`.
+   */
+  async installConnector(input) {
+    const { body, rateLimit } = await this.post("/v1/governance/connectors", input);
+    return { connector: body, rateLimit };
+  }
+  /**
+   * Store encrypted credentials for a connector.
+   * Calls `POST /v1/governance/connectors/{id}/authenticate`.
+   */
+  async authenticateConnector(connectorId, input) {
+    if (!connectorId) {
+      throw new AtlaSentError("connectorId is required", {
+        code: "bad_request"
       });
     }
+    const { body, rateLimit } = await this.post(
+      `/v1/governance/connectors/${encodeURIComponent(connectorId)}/authenticate`,
+      input
+    );
     return {
-      body: parsed,
-      rateLimit: parseRateLimitHeaders(response.headers)
+      credential_id: body.credential_id,
+      version: body.version,
+      rateLimit
+    };
+  }
+  /**
+   * Trigger an incremental sync for a connector.
+   * Calls `POST /v1/governance/connectors/{id}/sync`.
+   */
+  async syncConnector(connectorId) {
+    if (!connectorId) {
+      throw new AtlaSentError("connectorId is required", {
+        code: "bad_request"
+      });
+    }
+    const { body, rateLimit } = await this.post(`/v1/governance/connectors/${encodeURIComponent(connectorId)}/sync`, {});
+    return { ...body, rateLimit };
+  }
+  /**
+   * Revoke a connector and all its associated credentials.
+   * Calls `POST /v1/governance/connectors/{id}/revoke`.
+   */
+  async revokeConnector(connectorId, reason) {
+    if (!connectorId) {
+      throw new AtlaSentError("connectorId is required", {
+        code: "bad_request"
+      });
+    }
+    const body = {};
+    if (reason !== void 0) body.reason = reason;
+    const { body: wire, rateLimit } = await this.post(
+      `/v1/governance/connectors/${encodeURIComponent(connectorId)}/revoke`,
+      body
+    );
+    return { ...wire, rateLimit };
+  }
+  /**
+   * Rotate the credentials for a connector.
+   * Calls `POST /v1/governance/connectors/{id}/rotate-credentials`.
+   */
+  async rotateConnectorCredentials(connectorId) {
+    if (!connectorId) {
+      throw new AtlaSentError("connectorId is required", {
+        code: "bad_request"
+      });
+    }
+    const { body, rateLimit } = await this.post(
+      `/v1/governance/connectors/${encodeURIComponent(connectorId)}/rotate-credentials`,
+      {}
+    );
+    return { ...body, rateLimit };
+  }
+  /**
+   * List enforcement policies for the calling org, optionally filtered by connector type.
+   * Calls `GET /v1/governance/enforcement-policies`.
+   */
+  async listEnforcementPolicies(connectorType) {
+    const params = new URLSearchParams();
+    if (connectorType) params.set("connector_type", connectorType);
+    const { body, rateLimit } = await this.get("/v1/governance/enforcement-policies", params);
+    return { policies: body.policies ?? [], total: body.total, rateLimit };
+  }
+  /**
+   * Create or update a connector enforcement policy.
+   * Calls `POST /v1/governance/enforcement-policies`.
+   */
+  async upsertEnforcementPolicy(input) {
+    const { body, rateLimit } = await this.post("/v1/governance/enforcement-policies", input);
+    return { policy: body, rateLimit };
+  }
+  // ── Organizational Risk Graph ─────────────────────────────────────────────
+  /**
+   * Trigger a fresh org-level risk score computation.
+   * Calls `POST /v1/governance/risk/compute`.
+   */
+  async computeOrgRisk(options = {}) {
+    const { body, rateLimit } = await this.post("/v1/governance/risk/compute", options);
+    return { score: body, rateLimit };
+  }
+  /**
+   * Retrieve the most recently computed risk score for the calling org.
+   * Calls `GET /v1/governance/risk/latest`.
+   */
+  async getLatestOrgRisk() {
+    const { body, rateLimit } = await this.get("/v1/governance/risk/latest");
+    return { score: body.score ?? null, rateLimit };
+  }
+  /**
+   * Page through historical org risk scores, most-recent first.
+   * Calls `GET /v1/governance/risk/history`.
+   */
+  async listOrgRiskHistory(options = {}) {
+    const params = new URLSearchParams();
+    if (options.cursor) params.set("cursor", options.cursor);
+    if (options.limit !== void 0) params.set("limit", String(options.limit));
+    const { body, rateLimit } = await this.get("/v1/governance/risk/history", params);
+    const result = {
+      scores: body.scores ?? [],
+      total: body.total,
+      rateLimit
     };
+    if (body.next_cursor) result.nextCursor = body.next_cursor;
+    return result;
+  }
+  // ── Cross-Org Permission Negotiation ──────────────────────────────────────
+  async checkCrossOrgPermission(req) {
+    const { body } = await this.post(
+      "/v1/cross-org/permissions/check",
+      req
+    );
+    return body;
+  }
+  async listCrossOrgPermissionChecks(params) {
+    const qs = new URLSearchParams();
+    if (params?.source_org_id) qs.set("source_org_id", params.source_org_id);
+    if (params?.target_org_id) qs.set("target_org_id", params.target_org_id);
+    if (params?.allowed !== void 0)
+      qs.set("allowed", String(params.allowed));
+    if (params?.limit !== void 0) qs.set("limit", String(params.limit));
+    const { body } = await this.get("/v1/cross-org/permissions/checks", qs);
+    return body.checks ?? [];
+  }
+  // ── Anomaly Response Automation ───────────────────────────────────────────
+  async listAnomalyResponseRules() {
+    const { body } = await this.get(
+      "/v1/anomaly-response/rules"
+    );
+    return body.rules ?? [];
+  }
+  async createAnomalyResponseRule(req) {
+    const { body } = await this.post(
+      "/v1/anomaly-response/rules",
+      req
+    );
+    return body;
+  }
+  async updateAnomalyResponseRule(id, updates) {
+    const { body } = await this.post(
+      `/v1/anomaly-response/rules/${encodeURIComponent(id)}/update`,
+      updates
+    );
+    return body;
+  }
+  async deleteAnomalyResponseRule(id) {
+    await this.post(
+      `/v1/anomaly-response/rules/${encodeURIComponent(id)}/delete`,
+      {}
+    );
+  }
+  async triggerAnomalyResponse(req) {
+    const { body } = await this.post(
+      "/v1/anomaly-response/trigger",
+      req
+    );
+    return body.events ?? [];
+  }
+  async listAnomalyResponseEvents(params) {
+    const qs = new URLSearchParams();
+    if (params?.execution_id) qs.set("execution_id", params.execution_id);
+    if (params?.limit !== void 0) qs.set("limit", String(params.limit));
+    const { body } = await this.get(
+      "/v1/anomaly-response/events",
+      qs
+    );
+    return body.events ?? [];
+  }
+  // ── Budget Exception Workflows ────────────────────────────────────────────
+  async listBudgetExceptions(params) {
+    const qs = new URLSearchParams();
+    if (params?.status) qs.set("status", params.status);
+    if (params?.budget_policy_id)
+      qs.set("budget_policy_id", params.budget_policy_id);
+    if (params?.limit !== void 0) qs.set("limit", String(params.limit));
+    if (params?.offset !== void 0) qs.set("offset", String(params.offset));
+    const { body } = await this.get(
+      "/v1/budget-exceptions",
+      qs
+    );
+    return body.exceptions ?? [];
+  }
+  async getBudgetException(id) {
+    const { body } = await this.get(
+      `/v1/budget-exceptions/${encodeURIComponent(id)}`
+    );
+    return body;
+  }
+  async createBudgetException(req) {
+    const { body } = await this.post(
+      "/v1/budget-exceptions",
+      req
+    );
+    return body;
+  }
+  async approveBudgetException(id, req) {
+    const { body } = await this.post(
+      `/v1/budget-exceptions/${encodeURIComponent(id)}/approve`,
+      req
+    );
+    return body;
+  }
+  async rejectBudgetException(id, review_notes) {
+    const { body } = await this.post(
+      `/v1/budget-exceptions/${encodeURIComponent(id)}/reject`,
+      { review_notes }
+    );
+    return body;
+  }
+  async cancelBudgetException(id) {
+    const { body } = await this.post(
+      `/v1/budget-exceptions/${encodeURIComponent(id)}/cancel`,
+      {}
+    );
+    return body;
+  }
+  // ── Regulatory Escalation Chain ───────────────────────────────────────────
+  async listRegulatoryAuthorityLevels() {
+    const { body } = await this.get(
+      "/v1/regulatory/authority-levels"
+    );
+    return body.levels ?? [];
+  }
+  async createRegulatoryAuthorityLevel(req) {
+    const { body } = await this.post(
+      "/v1/regulatory/authority-levels",
+      req
+    );
+    return body;
+  }
+  async listRegulatoryEscalations(params) {
+    const qs = new URLSearchParams();
+    if (params?.status) qs.set("status", params.status);
+    if (params?.subject_type) qs.set("subject_type", params.subject_type);
+    if (params?.subject_id) qs.set("subject_id", params.subject_id);
+    const { body } = await this.get(
+      "/v1/regulatory/escalations",
+      qs
+    );
+    return body.escalations ?? [];
+  }
+  async createRegulatoryEscalation(req) {
+    const { body } = await this.post(
+      "/v1/regulatory/escalations",
+      req
+    );
+    return body;
+  }
+  async acknowledgeRegulatoryEscalation(id) {
+    const { body } = await this.post(
+      `/v1/regulatory/escalations/${encodeURIComponent(id)}/acknowledge`,
+      {}
+    );
+    return body;
+  }
+  async resolveRegulatoryEscalation(id, resolution, resolution_details) {
+    const { body } = await this.post(
+      `/v1/regulatory/escalations/${encodeURIComponent(id)}/resolve`,
+      { resolution, resolution_details }
+    );
+    return body;
+  }
+  async overrideRegulatoryEscalation(id, reason) {
+    const { body } = await this.post(
+      `/v1/regulatory/escalations/${encodeURIComponent(id)}/override`,
+      { reason }
+    );
+    return body;
+  }
+  // ── Incentive Signal Feedback Loop ────────────────────────────────────────
+  async listSignalActions(signal_id) {
+    const { body } = await this.get(
+      `/v1/governance/signals/${encodeURIComponent(signal_id)}/actions`
+    );
+    return body.actions ?? [];
+  }
+  async recordSignalAction(signal_id, req) {
+    const { body } = await this.post(
+      `/v1/governance/signals/${encodeURIComponent(signal_id)}/actions`,
+      req
+    );
+    return body;
+  }
+  async recordSignalOutcome(signal_id, action_id, req) {
+    const { body } = await this.post(
+      `/v1/governance/signals/${encodeURIComponent(signal_id)}/actions/${encodeURIComponent(action_id)}/outcome`,
+      req
+    );
+    return body;
+  }
+  async getSignalActionSummary() {
+    const { body } = await this.get(
+      "/v1/governance/signals/actions/summary"
+    );
+    return body;
+  }
+  // ── Cross-Org Impersonation ───────────────────────────────────────────────
+  async listImpersonationGrants() {
+    const { body } = await this.get(
+      "/v1/cross-org/impersonation/grants"
+    );
+    return body.grants ?? [];
+  }
+  async createImpersonationGrant(req) {
+    const { body } = await this.post(
+      "/v1/cross-org/impersonation/grants",
+      req
+    );
+    return body;
+  }
+  async revokeImpersonationGrant(id) {
+    await this.post(
+      `/v1/cross-org/impersonation/grants/${encodeURIComponent(id)}/revoke`,
+      {}
+    );
+  }
+  async issueImpersonationToken(grant_id, requested_duration_seconds) {
+    const { body } = await this.post(
+      `/v1/cross-org/impersonation/grants/${encodeURIComponent(grant_id)}/token`,
+      { requested_duration_seconds }
+    );
+    return body;
+  }
+  async validateImpersonationToken(token) {
+    const { body } = await this.post(
+      "/v1/cross-org/impersonation/validate",
+      { token }
+    );
+    return body;
   }
 };
 function parseRateLimitHeaders(headers) {
@@ -457,6 +1858,9 @@ function buildAuditEventsQuery(query) {
   }
   return params;
 }
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
 function parseRetryAfter(raw) {
   if (!raw) return void 0;
   const seconds = Number(raw);
@@ -468,6 +1872,125 @@ function parseRetryAfter(raw) {
   }
   return void 0;
 }
+async function* parseSseStream(body, requestId, timeoutMs, onEventId) {
+  const reader = body.getReader();
+  const decoder = new TextDecoder("utf-8");
+  let buf = "";
+  async function readChunk() {
+    if (timeoutMs <= 0) {
+      return reader.read();
+    }
+    return new Promise((resolve, reject) => {
+      const timer = setTimeout(() => {
+        reject(new StreamTimeoutError(timeoutMs));
+      }, timeoutMs);
+      reader.read().then(
+        (result) => {
+          clearTimeout(timer);
+          resolve(result);
+        },
+        (err) => {
+          clearTimeout(timer);
+          reject(err);
+        }
+      );
+    });
+  }
+  try {
+    for (; ; ) {
+      let done;
+      let value;
+      try {
+        const result = await readChunk();
+        done = result.done;
+        value = result.value;
+      } catch (err) {
+        if (err instanceof StreamTimeoutError) throw err;
+        throw new AtlaSentError(
+          `AtlaSent stream read failed: ${err instanceof Error ? err.message : String(err)}`,
+          { code: "network", requestId, cause: err }
+        );
+      }
+      if (done) break;
+      buf += decoder.decode(value, { stream: true });
+      let boundary;
+      while ((boundary = buf.indexOf("\n\n")) !== -1) {
+        const block = buf.slice(0, boundary);
+        buf = buf.slice(boundary + 2);
+        let eventType = "message";
+        let data = "";
+        let eventId;
+        for (const line of block.split("\n")) {
+          if (line.startsWith("event: ")) eventType = line.slice(7).trim();
+          else if (line.startsWith("data: ")) data = line.slice(6);
+          else if (line.startsWith("id: ")) eventId = line.slice(4).trim();
+          else if (line.startsWith("id:")) eventId = line.slice(3).trim();
+        }
+        if (eventId !== void 0) onEventId(eventId);
+        if (!data) continue;
+        if (eventType === "done") return;
+        let parsed;
+        try {
+          parsed = JSON.parse(data);
+        } catch (err) {
+          throw new StreamParseError(data, err);
+        }
+        if (eventType === "error") {
+          const e = parsed;
+          throw new AtlaSentError(
+            e.message ?? "Stream error from AtlaSent API",
+            {
+              code: e.code ?? "server_error",
+              requestId: e.request_id ?? requestId
+            }
+          );
+        }
+        if (eventType === "decision") {
+          const d = parsed;
+          if (typeof d.permitted !== "boolean" || typeof d.decision_id !== "string") {
+            throw new AtlaSentError(
+              "Malformed decision event from AtlaSent API",
+              {
+                code: "bad_response",
+                requestId
+              }
+            );
+          }
+          const streamDecision = d.permitted ? "allow" : "deny";
+          const isFinal = d.is_final ?? false;
+          yield {
+            type: "decision",
+            decision: streamDecision,
+            decision_canonical: streamDecision,
+            permitId: d.decision_id,
+            reason: d.reason ?? "",
+            auditHash: d.audit_hash ?? "",
+            timestamp: d.timestamp ?? "",
+            isFinal
+          };
+          if (isFinal || d.done === true) return;
+        } else if (eventType === "progress") {
+          const p = parsed;
+          yield {
+            type: "progress",
+            stage: String(p["stage"] ?? ""),
+            ...p
+          };
+          if (p.done === true) return;
+        } else {
+          if (parsed !== null && typeof parsed === "object" && parsed.done === true) {
+            return;
+          }
+        }
+      }
+    }
+    if (buf.trim().length > 0) {
+      throw new StreamParseError(buf);
+    }
+  } finally {
+    reader.releaseLock();
+  }
+}
 
 // src/auditBundle.ts
 var import_promises = require("fs/promises");
@@ -624,9 +2147,13 @@ function configure(options) {
   overrides = { ...overrides, ...options };
   sharedClient = null;
 }
+async function deployGate(request = {}) {
+  return getClient().deployGate(request);
+}
 function getClient() {
   if (sharedClient) return sharedClient;
-  const apiKey = overrides.apiKey ?? process.env.ATLASENT_API_KEY;
+  const envApiKey = typeof process !== "undefined" && process.env ? process.env.ATLASENT_API_KEY : void 0;
+  const apiKey = overrides.apiKey ?? envApiKey;
   if (!apiKey) {
     throw new AtlaSentError(
       "AtlaSent is not configured. Set ATLASENT_API_KEY in the environment, or call atlasent.configure({ apiKey }).",
@@ -635,8 +2162,11 @@ function getClient() {
   }
   const options = { apiKey };
   if (overrides.baseUrl !== void 0) options.baseUrl = overrides.baseUrl;
-  if (overrides.timeoutMs !== void 0) options.timeoutMs = overrides.timeoutMs;
+  if (overrides.timeoutMs !== void 0)
+    options.timeoutMs = overrides.timeoutMs;
   if (overrides.fetch !== void 0) options.fetch = overrides.fetch;
+  if (overrides.retryPolicy !== void 0)
+    options.retryPolicy = overrides.retryPolicy;
   sharedClient = new AtlaSentClient(options);
   return sharedClient;
 }
@@ -645,10 +2175,42 @@ function wireDecisionToDenied(serverDecision) {
   if (lower === "hold" || lower === "escalate") return lower;
   return "deny";
 }
+function sortKeysDeep(val) {
+  if (Array.isArray(val)) return val.map(sortKeysDeep);
+  if (val !== null && typeof val === "object") {
+    return Object.keys(val).sort().reduce((acc, k) => {
+      acc[k] = sortKeysDeep(val[k]);
+      return acc;
+    }, {});
+  }
+  return val;
+}
+async function computeExecutionHash(payload) {
+  const sorted = sortKeysDeep(payload);
+  const canonical = JSON.stringify(sorted);
+  if (typeof globalThis !== "undefined" && globalThis.crypto?.subtle?.digest) {
+    const bytes = new TextEncoder().encode(canonical);
+    const buf = await globalThis.crypto.subtle.digest("SHA-256", bytes);
+    return Array.from(new Uint8Array(buf)).map((b) => b.toString(16).padStart(2, "0")).join("");
+  }
+  try {
+    const { createHash } = await import(
+      /* @vite-ignore */
+      /* webpackIgnore: true */
+      "crypto"
+    );
+    return createHash("sha256").update(canonical, "utf8").digest("hex");
+  } catch {
+    console.warn(
+      "[atlasent] Could not compute execution_hash: neither crypto.subtle nor node:crypto is available in this runtime."
+    );
+    return "";
+  }
+}
 async function protect(request) {
   const client = getClient();
   const evaluation = await client.evaluate(request);
-  if (evaluation.decision !== "ALLOW") {
+  if (evaluation.decision !== "allow") {
     throw new AtlaSentDeniedError({
       decision: wireDecisionToDenied(evaluation.decision),
       evaluationId: evaluation.permitId,
@@ -656,19 +2218,35 @@ async function protect(request) {
       auditHash: evaluation.auditHash
     });
   }
+  const environment = request.context?.environment ?? (() => {
+    console.warn(
+      "[atlasent] environment not set on evaluate request \u2014 defaulting to 'production'. Set context.environment explicitly to suppress."
+    );
+    return "production";
+  })();
+  const evaluatePayload = {
+    action_type: request.action,
+    actor_id: request.agent,
+    context: request.context ?? {}
+  };
+  const execution_hash = await computeExecutionHash(evaluatePayload);
   const verifyRequest = {
     permitId: evaluation.permitId,
     agent: request.agent,
-    action: request.action
+    action: request.action,
+    environment,
+    ...execution_hash ? { execution_hash } : {}
   };
   if (request.context !== void 0) verifyRequest.context = request.context;
   const verification = await client.verifyPermit(verifyRequest);
   if (!verification.verified) {
+    const outcome = normalizePermitOutcome(verification.outcome);
     throw new AtlaSentDeniedError({
       decision: "deny",
       evaluationId: evaluation.permitId,
       reason: `Permit failed verification (${verification.outcome})`,
-      auditHash: evaluation.auditHash
+      auditHash: evaluation.auditHash,
+      ...outcome !== void 0 && { outcome }
     });
   }
   return {
@@ -680,64 +2258,1318 @@ async function protect(request) {
   };
 }
 
-// src/retry.ts
-var DEFAULT_RETRY_POLICY = {
-  maxAttempts: 3,
-  baseDelayMs: 250,
-  maxDelayMs: 7e3
-};
-var RETRYABLE_CODES = /* @__PURE__ */ new Set([
-  "network",
-  "timeout",
-  "rate_limited",
-  "server_error",
-  "bad_response"
-]);
-function isRetryable(err) {
-  if (!(err instanceof AtlaSentError)) return false;
-  if (err.code === void 0) return false;
-  return RETRYABLE_CODES.has(err.code);
+// src/requirePermit.ts
+async function requirePermit(action, execute) {
+  await protect({
+    agent: action.actor_id,
+    action: action.action_type,
+    context: {
+      resource_id: action.resource_id,
+      environment: action.environment,
+      ...action.context
+    }
+  });
+  return execute();
 }
-function computeBackoffMs(attempt, policy = {}, err, random = Math.random) {
-  const merged = mergePolicy(policy);
-  const safeAttempt = Math.max(0, Math.floor(attempt));
-  const exp = Math.min(safeAttempt, 30);
-  const ceiling = Math.min(merged.maxDelayMs, merged.baseDelayMs * 2 ** exp);
-  const jittered = Math.floor(ceiling * clampUnit(random()));
-  const retryAfterMs = err instanceof AtlaSentError && typeof err.retryAfterMs === "number" ? Math.max(0, err.retryAfterMs) : 0;
-  return Math.max(retryAfterMs, jittered);
+var DESTRUCTIVE_PATTERNS = [
+  /rm\s+-rf/,
+  /DROP\s+TABLE/i,
+  /DROP\s+DATABASE/i,
+  /DELETE\s+FROM/i,
+  /TRUNCATE\s+TABLE/i,
+  /railway\s+volume\s+delete/i,
+  /kubectl\s+delete/i,
+  /terraform\s+destroy/i
+];
+function classifyCommand(command) {
+  return DESTRUCTIVE_PATTERNS.some((p) => p.test(command)) ? "destructive.command" : null;
 }
-function hasAttemptsLeft(attempt, policy = {}) {
-  const merged = mergePolicy(policy);
-  return attempt + 1 < merged.maxAttempts;
+
+// src/withPermit.ts
+async function withPermit(request, fn) {
+  const permit = await protect(request);
+  return await fn(permit);
 }
-function mergePolicy(policy) {
-  const maxAttempts = Math.max(
-    1,
-    Math.floor(policy.maxAttempts ?? DEFAULT_RETRY_POLICY.maxAttempts)
+
+// src/hitl.ts
+function hitlRequiredApproverCount(quorum, poolSize) {
+  const n = Number.isFinite(poolSize) && poolSize >= 1 ? Math.floor(poolSize) : 1;
+  switch (quorum) {
+    case "single_approver":
+      return 1;
+    case "simple_majority":
+      return Math.floor(n / 2) + 1;
+    case "two_thirds":
+      return Math.ceil(2 * n / 3);
+    case "unanimous":
+      return n;
+  }
+}
+
+// src/sandboxDiff.ts
+function isSandboxDiffPopulated(r) {
+  return r.total_writes > 0 || r.org_id !== void 0;
+}
+
+// src/delegationPropagation.ts
+function delegationPropagationHadEffect(s) {
+  return s.hitl_reassigned > 0 || s.financial_invalidated > 0 || s.policies_flagged > 0;
+}
+
+// src/financialAction.ts
+var DEFAULT_RISK_TIER_THRESHOLDS = [
+  { tier: "low", lower_bound: 0, upper_bound: 1e3, reference_currency: "USD" },
+  { tier: "medium", lower_bound: 1e3, upper_bound: 5e4, reference_currency: "USD" },
+  { tier: "high", lower_bound: 5e4, upper_bound: 1e6, reference_currency: "USD" },
+  { tier: "critical", lower_bound: 1e6, upper_bound: null, reference_currency: "USD" }
+];
+function classifyRiskTier(value, thresholds = DEFAULT_RISK_TIER_THRESHOLDS) {
+  for (const t of thresholds) {
+    if (value >= t.lower_bound && (t.upper_bound === null || value < t.upper_bound)) {
+      return t.tier;
+    }
+  }
+  return "critical";
+}
+function withinAutonomousCeiling(actionValue, ceiling) {
+  if (ceiling === null) return true;
+  return actionValue <= ceiling;
+}
+
+// src/liabilityAttribution.ts
+var ROLE_WEIGHTS = {
+  authorizer: 0.3,
+  delegator: 0.15,
+  delegate: 0.15,
+  executor: 0.25,
+  approver: 0.05,
+  override_actor: 0.4,
+  supervisor: 0.1,
+  exception_approver: 0.05
+};
+function computeLiabilityWeights(parties, distribution = "role_weighted") {
+  if (parties.length === 0) return [];
+  let raw;
+  if (distribution === "equal") {
+    raw = parties.map(() => 1);
+  } else {
+    raw = parties.map((p) => ROLE_WEIGHTS[p.role] ?? 0.05);
+  }
+  const total = raw.reduce((s, w) => s + w, 0);
+  if (total <= 0) return parties.map(() => 1 / parties.length);
+  return raw.map((w) => w / total);
+}
+function buildLiabilityChain(input, distribution = "role_weighted") {
+  const raw = [];
+  raw.push({ ...input.authorizer, role: "authorizer" });
+  for (const d of input.delegations ?? []) {
+    raw.push({
+      party_id: d.delegator_id,
+      party_label: d.delegator_label,
+      party_type: d.delegator_type,
+      role: "delegator",
+      acted_at: d.acted_at,
+      permit_id: d.permit_id
+    });
+    raw.push({
+      party_id: d.delegate_id,
+      party_label: d.delegate_label,
+      party_type: d.delegate_type,
+      role: "delegate",
+      acted_at: d.acted_at,
+      permit_id: d.permit_id
+    });
+  }
+  for (const a of input.approvers) {
+    raw.push({ ...a, role: "approver" });
+  }
+  for (const s of input.supervisors ?? []) {
+    raw.push({ ...s, role: "supervisor" });
+  }
+  raw.push({ ...input.executor, role: "executor" });
+  if (input.override) {
+    raw.push({
+      party_id: input.override.actor_id,
+      party_label: input.override.actor_label,
+      party_type: input.override.actor_type,
+      role: "override_actor",
+      acted_at: input.override.acted_at,
+      permit_id: input.override.permit_id
+    });
+  }
+  const weights = computeLiabilityWeights(raw, distribution);
+  return raw.map((p, i) => ({ ...p, liability_weight: weights[i] ?? 0 }));
+}
+function findPrimaryLiabilityParties(chain, threshold = 0.2) {
+  return chain.filter((p) => p.liability_weight >= threshold);
+}
+function validateLiabilityChain(chain, hasEmergencyOverride) {
+  const errors = [];
+  if (chain.length === 0) {
+    errors.push("liability chain must have at least one party");
+  }
+  const weightSum = chain.reduce((s, p) => s + p.liability_weight, 0);
+  if (Math.abs(weightSum - 1) > 0.01) {
+    errors.push(`liability weights sum to ${weightSum.toFixed(4)}, expected 1.0`);
+  }
+  const seen = /* @__PURE__ */ new Set();
+  for (const p of chain) {
+    const key = `${p.party_id}:${p.role}`;
+    if (seen.has(key)) errors.push(`duplicate party+role: ${key}`);
+    seen.add(key);
+  }
+  if (hasEmergencyOverride && !chain.some((p) => p.role === "override_actor")) {
+    errors.push("emergency_override is true but no override_actor in chain");
+  }
+  return { valid: errors.length === 0, errors };
+}
+
+// src/economicRisk.ts
+var SCORE_WEIGHTS = {
+  exposure: 0.25,
+  concentration: 0.25,
+  override: 0.2,
+  drift: 0.15,
+  anomaly: 0.15
+};
+function computeOverallRiskScore(subScores) {
+  return Math.min(
+    100,
+    Math.max(
+      0,
+      subScores.exposure * SCORE_WEIGHTS.exposure + subScores.concentration * SCORE_WEIGHTS.concentration + subScores.override * SCORE_WEIGHTS.override + subScores.drift * SCORE_WEIGHTS.drift + subScores.anomaly * SCORE_WEIGHTS.anomaly
+    )
   );
-  const baseDelayMs = Math.max(
-    0,
-    policy.baseDelayMs ?? DEFAULT_RETRY_POLICY.baseDelayMs
+}
+function scoreToRiskTier(score) {
+  if (score <= 25) return "low";
+  if (score <= 55) return "medium";
+  if (score <= 80) return "high";
+  return "critical";
+}
+function computeHHI(shares) {
+  return shares.reduce((acc, s) => acc + s * s, 0);
+}
+function hhiToConcentrationScore(hhi) {
+  return Math.min(100, hhi / 1e4 * 100);
+}
+function computeExposureScore(records, exposureCeilingUSD = 1e7) {
+  const activeStatuses = /* @__PURE__ */ new Set(
+    ["pending_approval", "approved", "executing"]
   );
-  const maxDelayMs = Math.max(
-    baseDelayMs,
-    policy.maxDelayMs ?? DEFAULT_RETRY_POLICY.maxDelayMs
+  const totalExposure = records.filter((r) => activeStatuses.has(r.status)).reduce((acc, r) => acc + r.action_value, 0);
+  return Math.min(100, totalExposure / exposureCeilingUSD * 100);
+}
+function computeOverrideScore(totalExecutions, overriddenExecutions) {
+  if (totalExecutions === 0) return 0;
+  const rate = overriddenExecutions / totalExecutions;
+  return Math.min(100, rate * 1e3);
+}
+function detectSelfApproval(initiatorId, approverIds) {
+  return approverIds.includes(initiatorId);
+}
+function computeApprovalRiskScore(analysis) {
+  return hhiToConcentrationScore(analysis.concentration_hhi);
+}
+
+// src/financialQuorum.ts
+function evaluateFinancialQuorum(input) {
+  const unmet = [];
+  const activeFreeze = input.active_freezes.find((f) => !f.lifted);
+  if (activeFreeze) {
+    return {
+      passed: false,
+      base_quorum_passed: false,
+      amount_threshold_satisfied: false,
+      financial_roles_satisfied: false,
+      regulator_approval_missing: false,
+      blocked_by_freeze: true,
+      base_quorum_proof: null,
+      denial_reason: `action blocked by emergency freeze (${activeFreeze.freeze_id}): ${activeFreeze.reason}`,
+      unmet_requirements: [`emergency_freeze:${activeFreeze.freeze_id}`]
+    };
+  }
+  const baseQuorumPassed = input.base_quorum_proof !== null || input.approval_count >= input.policy.required_count;
+  if (!baseQuorumPassed) {
+    unmet.push(
+      `base quorum requires ${input.policy.required_count} approvals, have ${input.approval_count}`
+    );
+  }
+  let amountThresholdSatisfied = true;
+  for (const threshold of input.policy.amount_thresholds) {
+    if (input.action_value >= threshold.value) {
+      const needed = input.policy.required_count + threshold.additional_approvals;
+      if (input.approval_count < needed) {
+        amountThresholdSatisfied = false;
+        unmet.push(
+          `amount threshold ${threshold.value} ${threshold.currency} requires ${needed} approvals`
+        );
+      }
+      for (const req of threshold.additional_roles) {
+        const present = input.present_roles[req.role] ?? 0;
+        if (present < req.min) {
+          amountThresholdSatisfied = false;
+          unmet.push(`amount threshold requires ${req.min} ${req.role} approver(s), have ${present}`);
+        }
+      }
+      if (threshold.senior_review_required && !(input.present_roles["senior_finance"] ?? 0)) {
+        amountThresholdSatisfied = false;
+        unmet.push("amount threshold requires senior_finance review");
+      }
+    }
+  }
+  let financialRolesSatisfied = true;
+  for (const req of input.policy.financial_role_requirements) {
+    if (req.applies_to_tiers && !req.applies_to_tiers.includes(input.risk_tier)) continue;
+    if (req.applies_above !== void 0 && input.action_value < req.applies_above) continue;
+    const present = input.present_roles[req.role] ?? 0;
+    if (present < req.min) {
+      financialRolesSatisfied = false;
+      unmet.push(`financial role ${req.role} requires ${req.min} approver(s), have ${present}`);
+    }
+  }
+  const regulatorMissing = input.policy.regulator_approval_threshold !== null && input.action_value >= input.policy.regulator_approval_threshold && !input.regulator_approval_present;
+  if (regulatorMissing) {
+    unmet.push("regulator approval required for this action value");
+  }
+  const passed = baseQuorumPassed && amountThresholdSatisfied && financialRolesSatisfied && !regulatorMissing;
+  return {
+    passed,
+    base_quorum_passed: baseQuorumPassed,
+    amount_threshold_satisfied: amountThresholdSatisfied,
+    financial_roles_satisfied: financialRolesSatisfied,
+    regulator_approval_missing: regulatorMissing,
+    blocked_by_freeze: false,
+    base_quorum_proof: input.base_quorum_proof,
+    denial_reason: passed ? null : unmet[0] ?? "financial quorum not satisfied",
+    unmet_requirements: unmet
+  };
+}
+function computeEscalatedApprovalCount(baseCount, actionValue, thresholds) {
+  let additional = 0;
+  for (const t of thresholds) {
+    if (actionValue >= t.value) {
+      additional = Math.max(additional, t.additional_approvals);
+    }
+  }
+  return baseCount + additional;
+}
+
+// src/budgetaryGovernance.ts
+function checkBudgetConstraints(params) {
+  const hardBlocks = [];
+  const softWarnings = [];
+  const limitsChecked = [];
+  const constraintsChecked = [];
+  const nowIso = (params.now ?? /* @__PURE__ */ new Date()).toISOString();
+  for (const limit of params.applicableLimits) {
+    limitsChecked.push(limit.limit_id);
+    if (limit.period_end && nowIso > limit.period_end) {
+      const v = {
+        violation_type: "period_expired",
+        limit_id: limit.limit_id,
+        description: `Budget limit ${limit.limit_id} period expired at ${limit.period_end}`
+      };
+      if (limit.enforcement === "hard") hardBlocks.push(v);
+      else softWarnings.push(v);
+      continue;
+    }
+    const projected = limit.spending.spent_amount + params.actionValue;
+    if (projected > limit.limit_amount) {
+      const v = {
+        violation_type: "limit_exceeded",
+        limit_id: limit.limit_id,
+        description: `Action would exceed ${limit.scope_type} limit (${limit.limit_amount} ${limit.currency})`,
+        overage_amount: projected - limit.limit_amount
+      };
+      if (limit.enforcement === "hard") hardBlocks.push(v);
+      else softWarnings.push(v);
+    }
+  }
+  for (const constraint of params.applicableConstraints) {
+    constraintsChecked.push(constraint.constraint_id);
+    if (constraint.action_type !== "*" && constraint.action_type !== params.actionType) continue;
+    if (!constraint.allow_anonymous_agents && params.isAnonymousAgent) {
+      hardBlocks.push({
+        violation_type: "anonymous_agent_blocked",
+        constraint_id: constraint.constraint_id,
+        description: `Anonymous agents are not permitted to execute ${params.actionType}`
+      });
+    }
+    if (params.actionValue > constraint.max_single_transaction) {
+      hardBlocks.push({
+        violation_type: "single_transaction_exceeds",
+        constraint_id: constraint.constraint_id,
+        description: `Value ${params.actionValue} exceeds single-transaction limit ${constraint.max_single_transaction} ${constraint.currency}`,
+        overage_amount: params.actionValue - constraint.max_single_transaction
+      });
+    }
+    if (constraint.max_daily_aggregate !== null && params.currentDailySpend + params.actionValue > constraint.max_daily_aggregate) {
+      hardBlocks.push({
+        violation_type: "daily_aggregate_exceeds",
+        constraint_id: constraint.constraint_id,
+        description: `Action would exceed daily aggregate limit ${constraint.max_daily_aggregate} ${constraint.currency}`,
+        overage_amount: params.currentDailySpend + params.actionValue - constraint.max_daily_aggregate
+      });
+    }
+    if (constraint.max_monthly_aggregate !== null && params.currentMonthlySpend + params.actionValue > constraint.max_monthly_aggregate) {
+      hardBlocks.push({
+        violation_type: "monthly_aggregate_exceeds",
+        constraint_id: constraint.constraint_id,
+        description: `Action would exceed monthly aggregate limit ${constraint.max_monthly_aggregate} ${constraint.currency}`,
+        overage_amount: params.currentMonthlySpend + params.actionValue - constraint.max_monthly_aggregate
+      });
+    }
+  }
+  return {
+    permitted: hardBlocks.length === 0,
+    hard_blocks: hardBlocks,
+    soft_warnings: softWarnings,
+    limits_checked: limitsChecked,
+    constraints_checked: constraintsChecked
+  };
+}
+function budgetUtilizationSeverity(utilizationPct) {
+  if (utilizationPct >= 100) return "critical";
+  if (utilizationPct >= 80) return "warn";
+  return "normal";
+}
+
+// src/autonomousFinancial.ts
+var RISK_TIER_ORDER = {
+  low: 1,
+  medium: 2,
+  high: 3,
+  critical: 4
+};
+function checkAutonomousBounds(params) {
+  const violations = [];
+  const nowIso = (params.now ?? /* @__PURE__ */ new Date()).toISOString();
+  const boundsActive = params.bounds.active;
+  if (!boundsActive) violations.push("agent execution bounds are inactive");
+  const boundsNotExpired = params.bounds.expires_at === null || params.bounds.expires_at > nowIso;
+  if (!boundsNotExpired) {
+    violations.push(`agent bounds expired at ${params.bounds.expires_at}`);
+  }
+  const actionTypePermitted = params.bounds.permitted_action_types.includes(
+    params.actionType
   );
-  return { maxAttempts, baseDelayMs, maxDelayMs };
+  if (!actionTypePermitted) {
+    violations.push(`action type ${params.actionType} not in agent's permitted set`);
+  }
+  const applicableCeiling = params.bounds.ceilings.find((c) => c.action_type === params.actionType) ?? null;
+  let withinExecutionCeiling = true;
+  if (applicableCeiling !== null) {
+    if (params.actionValue > applicableCeiling.per_execution_max) {
+      withinExecutionCeiling = false;
+      violations.push(
+        `value ${params.actionValue} exceeds per-execution ceiling ${applicableCeiling.per_execution_max} ${applicableCeiling.currency}`
+      );
+    }
+    if (applicableCeiling.max_daily_count !== null) {
+      const todayCount = params.currentDailyCount[params.actionType] ?? 0;
+      if (todayCount >= applicableCeiling.max_daily_count) {
+        withinExecutionCeiling = false;
+        violations.push(
+          `daily count ${todayCount} at or exceeds limit ${applicableCeiling.max_daily_count} for ${params.actionType}`
+        );
+      }
+    }
+  }
+  const withinDailyAggregate = params.currentDailyAggregate + params.actionValue <= params.bounds.daily_aggregate_ceiling;
+  if (!withinDailyAggregate) {
+    violations.push(
+      `daily aggregate ${params.currentDailyAggregate + params.actionValue} would exceed ceiling ${params.bounds.daily_aggregate_ceiling} ${params.bounds.aggregate_currency}`
+    );
+  }
+  const withinRiskTier = RISK_TIER_ORDER[params.riskTier] <= RISK_TIER_ORDER[params.bounds.max_risk_tier];
+  if (!withinRiskTier) {
+    violations.push(
+      `action risk tier ${params.riskTier} exceeds agent max ${params.bounds.max_risk_tier}`
+    );
+  }
+  const permitted = boundsActive && boundsNotExpired && actionTypePermitted && withinExecutionCeiling && withinDailyAggregate && withinRiskTier;
+  return {
+    permitted,
+    action_type_permitted: actionTypePermitted,
+    within_execution_ceiling: withinExecutionCeiling,
+    within_daily_aggregate: withinDailyAggregate,
+    within_risk_tier: withinRiskTier,
+    bounds_active: boundsActive,
+    bounds_not_expired: boundsNotExpired,
+    applicable_ceiling: applicableCeiling,
+    denial_reason: permitted ? null : violations[0] ?? "execution out of bounds",
+    violations
+  };
 }
-function clampUnit(n) {
-  if (!Number.isFinite(n)) return 0;
-  if (n < 0) return 0;
-  if (n >= 1) return 0.999999999;
-  return n;
+function detectAutonomousAnomaly(params) {
+  const zScore = params.historicalStdDev > 0 ? Math.abs(params.actionValue - params.historicalMeanValue) / params.historicalStdDev : 0;
+  if (zScore > 3) {
+    return {
+      anomalyDetected: true,
+      description: `action value ${params.actionValue} is ${zScore.toFixed(1)}\u03C3 from mean (${params.historicalMeanValue})`
+    };
+  }
+  if (params.recentExecutionCount > params.burstThreshold) {
+    return {
+      anomalyDetected: true,
+      description: `execution burst: ${params.recentExecutionCount} in window (threshold: ${params.burstThreshold})`
+    };
+  }
+  if (params.isOffHours && params.actionValue > params.historicalMeanValue * 2) {
+    return {
+      anomalyDetected: true,
+      description: `off-hours execution with above-average value ${params.actionValue}`
+    };
+  }
+  return { anomalyDetected: false, description: null };
+}
+
+// src/incentiveAlignment.ts
+var DEFAULT_INCENTIVE_CONFIG = {
+  max_override_rate: 0.05,
+  min_approval_latency_seconds: 30,
+  max_emergency_bypasses_30d: 3,
+  max_concentration_share: 0.4,
+  max_delegation_depth: 3
+};
+function detectMisalignedIncentives(params) {
+  const config = params.config ?? DEFAULT_INCENTIVE_CONFIG;
+  const signals = [];
+  const now = (params.now ?? /* @__PURE__ */ new Date()).toISOString();
+  let signalIdx = 0;
+  const makeId = () => `signal_${params.partyId}_${signalIdx++}`;
+  const overrideRate = params.totalActions > 0 ? params.overrideCount / params.totalActions : 0;
+  if (overrideRate > config.max_override_rate) {
+    signals.push({
+      signal_id: makeId(),
+      signal_type: "excessive_overrides",
+      party_id: params.partyId,
+      party_label: params.partyLabel,
+      severity: Math.min(100, overrideRate / config.max_override_rate * 50),
+      description: `Override rate ${(overrideRate * 100).toFixed(1)}% exceeds threshold ${(config.max_override_rate * 100).toFixed(1)}%`,
+      evidence: [`override_count:${params.overrideCount}`, `total_actions:${params.totalActions}`],
+      detected_at: now,
+      reviewed: false,
+      reviewed_by: null
+    });
+  }
+  if (params.emergencyBypassCount > config.max_emergency_bypasses_30d) {
+    signals.push({
+      signal_id: makeId(),
+      signal_type: "emergency_bypass_repeat",
+      party_id: params.partyId,
+      party_label: params.partyLabel,
+      severity: Math.min(100, params.emergencyBypassCount / config.max_emergency_bypasses_30d * 60),
+      description: `${params.emergencyBypassCount} emergency bypasses in ${params.windowDays}d (threshold: ${config.max_emergency_bypasses_30d})`,
+      evidence: [`bypass_count:${params.emergencyBypassCount}`],
+      detected_at: now,
+      reviewed: false,
+      reviewed_by: null
+    });
+  }
+  const rushCount = params.approvalLatencies.filter((l) => l < config.min_approval_latency_seconds).length;
+  if (rushCount > 0 && params.approvalLatencies.length > 0) {
+    const minLatency = Math.min(...params.approvalLatencies);
+    const rushRate = rushCount / params.approvalLatencies.length;
+    signals.push({
+      signal_id: makeId(),
+      signal_type: "rushed_approval",
+      party_id: params.partyId,
+      party_label: params.partyLabel,
+      severity: Math.min(100, rushRate * 80),
+      description: `${rushCount} approvals in under ${config.min_approval_latency_seconds}s (min observed: ${minLatency.toFixed(0)}s)`,
+      evidence: [`rushed_count:${rushCount}`, `total_approvals:${params.approvalLatencies.length}`],
+      detected_at: now,
+      reviewed: false,
+      reviewed_by: null
+    });
+  }
+  if (params.approvalShare > config.max_concentration_share) {
+    signals.push({
+      signal_id: makeId(),
+      signal_type: "authority_concentration",
+      party_id: params.partyId,
+      party_label: params.partyLabel,
+      severity: Math.min(100, params.approvalShare / config.max_concentration_share * 50),
+      description: `Party controls ${(params.approvalShare * 100).toFixed(1)}% of approvals (threshold: ${(config.max_concentration_share * 100).toFixed(1)}%)`,
+      evidence: [`approval_share:${params.approvalShare.toFixed(3)}`],
+      detected_at: now,
+      reviewed: false,
+      reviewed_by: null
+    });
+  }
+  if (params.delegationDepthMax > config.max_delegation_depth) {
+    signals.push({
+      signal_id: makeId(),
+      signal_type: "delegation_chain_depth",
+      party_id: params.partyId,
+      party_label: params.partyLabel,
+      severity: Math.min(100, (params.delegationDepthMax - config.max_delegation_depth) / config.max_delegation_depth * 60),
+      description: `Delegation depth ${params.delegationDepthMax} exceeds threshold ${config.max_delegation_depth}`,
+      evidence: [`depth:${params.delegationDepthMax}`],
+      detected_at: now,
+      reviewed: false,
+      reviewed_by: null
+    });
+  }
+  return signals.sort((a, b) => b.severity - a.severity);
+}
+function computeGovernanceHealthScore(signals) {
+  if (signals.length === 0) return 100;
+  const totalPenalty = signals.reduce((acc, s) => acc + s.severity * 0.5, 0);
+  return Math.max(0, 100 - totalPenalty);
+}
+
+// src/economicEvidence.ts
+function canonicalizeForEvidence(value) {
+  if (value === null || value === void 0) return "null";
+  if (typeof value === "number") return Number.isFinite(value) ? String(value) : "null";
+  if (typeof value === "boolean") return value ? "true" : "false";
+  if (typeof value === "string") return JSON.stringify(value);
+  if (Array.isArray(value)) return "[" + value.map(canonicalizeForEvidence).join(",") + "]";
+  if (typeof value === "object") {
+    const obj = value;
+    const keys = Object.keys(obj).sort();
+    return "{" + keys.map((k) => JSON.stringify(k) + ":" + canonicalizeForEvidence(obj[k])).join(",") + "}";
+  }
+  return "null";
+}
+function buildSignableContent(bundle) {
+  return {
+    bundle_id: bundle.bundle_id,
+    org_id: bundle.org_id,
+    purpose: bundle.purpose,
+    execution_id: bundle.execution_record.execution_id,
+    attribution_id: bundle.liability_attribution.attribution_id,
+    liability_chain_hash: bundle.liability_attribution.chain_hash,
+    approval_count: bundle.approval_provenance.length,
+    permit_ids: bundle.approval_provenance.map((a) => a.permit_id),
+    policy_compliant: bundle.policy_compliant,
+    generated_at: bundle.generated_at
+  };
+}
+function serializeSignableContent(content) {
+  return new TextEncoder().encode(canonicalizeForEvidence(content));
+}
+function verifyEvidenceBundleStructure(bundle) {
+  const errors = [];
+  const bundlePermitIds = new Set(bundle.execution_record.permit_ids);
+  const provenancePermitIds = bundle.approval_provenance.map((a) => a.permit_id);
+  const permitIdsMatch = provenancePermitIds.every((id) => bundlePermitIds.has(id));
+  if (!permitIdsMatch) {
+    errors.push("permit IDs in approval provenance do not all appear in execution record");
+  }
+  const contentHashValid = typeof bundle.content_hash === "string" && bundle.content_hash.length === 64;
+  if (!contentHashValid) errors.push("content_hash appears invalid (expected 64-char hex)");
+  const liabilityChainHashMatches = typeof bundle.liability_attribution.chain_hash === "string" && bundle.liability_attribution.chain_hash.length > 0;
+  if (!liabilityChainHashMatches) errors.push("liability_attribution.chain_hash is missing or empty");
+  const signatureValid = bundle.signature !== null && bundle.signature.length > 0;
+  return {
+    valid: errors.length === 0 && contentHashValid,
+    content_hash_valid: contentHashValid,
+    signature_valid: signatureValid,
+    liability_chain_hash_matches: liabilityChainHashMatches,
+    permit_ids_match: permitIdsMatch,
+    reason: errors.length === 0 ? null : errors[0] ?? "bundle integrity check failed"
+  };
+}
+
+// src/disputeReversal.ts
+var VALID_DISPUTE_TRANSITIONS = {
+  open: ["under_review", "withdrawn"],
+  under_review: ["escalated", "resolved_in_favor", "resolved_against", "reversed"],
+  escalated: ["resolved_in_favor", "resolved_against", "reversed"],
+  resolved_in_favor: [],
+  resolved_against: [],
+  reversed: [],
+  withdrawn: []
+};
+function transitionDispute(current, next) {
+  const allowed = VALID_DISPUTE_TRANSITIONS[current];
+  if (!allowed.includes(next)) {
+    return { success: false, new_status: null, error: `invalid dispute transition: ${current} \u2192 ${next}` };
+  }
+  return { success: true, new_status: next, error: null };
+}
+var VALID_REVERSAL_TRANSITIONS = {
+  initiated: ["authorization_pending", "cancelled"],
+  authorization_pending: ["authorized", "cancelled"],
+  authorized: ["executing", "cancelled"],
+  executing: ["completed", "failed"],
+  completed: [],
+  failed: ["initiated"],
+  // Allow retry
+  cancelled: []
+};
+function transitionReversal(current, next) {
+  const allowed = VALID_REVERSAL_TRANSITIONS[current];
+  if (!allowed.includes(next)) {
+    return { success: false, error: `invalid reversal transition: ${current} \u2192 ${next}` };
+  }
+  return { success: true, error: null };
+}
+function isFreezeActive(freeze, now) {
+  if (freeze.lifted) return false;
+  if (freeze.expires_at !== null) {
+    const nowIso = (now ?? /* @__PURE__ */ new Date()).toISOString();
+    if (nowIso >= freeze.expires_at) return false;
+  }
+  return true;
+}
+function computeRemediationUrgency(_openedAt, deadline, now) {
+  if (deadline === null) return "normal";
+  const nowMs = (now ?? /* @__PURE__ */ new Date()).getTime();
+  const deadlineMs = new Date(deadline).getTime();
+  const remaining = deadlineMs - nowMs;
+  if (remaining < 0) return "overdue";
+  if (remaining < 24 * 60 * 60 * 1e3) return "urgent";
+  return "normal";
+}
+
+// src/financialDashboard.ts
+function buildLiabilityVisualization(executionId, orgId, chain) {
+  const nodes = chain.map((p) => ({
+    id: p.party_id,
+    label: p.party_label,
+    party_type: p.party_type,
+    role: p.role,
+    liability_weight: p.liability_weight,
+    acted_at: p.acted_at
+  }));
+  const edges = [];
+  for (let i = 0; i < chain.length - 1; i++) {
+    const from = chain[i];
+    const to = chain[i + 1];
+    let relationship = "authorized";
+    if (from.role === "delegator" && to.role === "delegate") relationship = "delegated_to";
+    else if (from.role === "supervisor") relationship = "supervised";
+    else if (to.role === "approver") relationship = "approved_for";
+    else if (to.role === "override_actor") relationship = "overrode";
+    edges.push({
+      from_id: from.party_id,
+      to_id: to.party_id,
+      relationship,
+      weight: Math.min(from.liability_weight, to.liability_weight)
+    });
+  }
+  return {
+    execution_id: executionId,
+    org_id: orgId,
+    nodes,
+    edges,
+    total_weight: chain.reduce((s, p) => s + p.liability_weight, 0)
+  };
+}
+function buildRiskTimeline(snapshots) {
+  return snapshots.map((s) => {
+    let tier = "low";
+    if (s.riskScore > 80) tier = "critical";
+    else if (s.riskScore > 55) tier = "high";
+    else if (s.riskScore > 25) tier = "medium";
+    return {
+      date: s.date,
+      risk_score: s.riskScore,
+      risk_tier: tier,
+      action_count: s.actionCount,
+      total_value: s.totalValue,
+      override_count: s.overrideCount,
+      anomaly_count: s.anomalyCount
+    };
+  });
+}
+
+// src/governanceEnforcement.ts
+var GovernanceEnforcementError = class extends AtlaSentError {
+  name = "GovernanceEnforcementError";
+  /** Which gate fired (`financial_quorum` / `budget` / `autonomous_bounds`). */
+  gate;
+  /** Stable taxonomy code; maps to a row in `docs/APPROVAL_DENY_REASONS.md`. */
+  denyCode;
+  /** Human-readable explanation. Do NOT branch on this string — branch on `denyCode`. */
+  reason;
+  /** The structured advisory result that produced the denial. */
+  details;
+  constructor(init) {
+    const errInit = { code: "forbidden" };
+    if (init.requestId !== void 0) errInit.requestId = init.requestId;
+    super(`[${init.gate}/${init.denyCode}] ${init.reason}`, errInit);
+    this.gate = init.gate;
+    this.denyCode = init.denyCode;
+    this.reason = init.reason;
+    this.details = init.details;
+  }
+  /** Combined `<gate>/<denyCode>` string used in audit records. */
+  get fullyQualifiedCode() {
+    return `${this.gate}/${this.denyCode}`;
+  }
+};
+function financialQuorumDenyCode(result) {
+  if (result.blocked_by_freeze) return "blocked_by_emergency_freeze";
+  if (!result.base_quorum_passed) return "base_count_unmet";
+  if (!result.amount_threshold_satisfied) return "amount_threshold_unmet";
+  if (!result.financial_roles_satisfied) return "financial_role_unmet";
+  if (result.regulator_approval_missing) return "regulator_approval_missing";
+  return "base_count_unmet";
+}
+function enforceFinancialQuorum(result) {
+  if (result.passed) return;
+  const denyCode = financialQuorumDenyCode(result);
+  throw new GovernanceEnforcementError({
+    gate: "financial_quorum",
+    denyCode,
+    reason: result.denial_reason ?? `financial quorum failed: ${denyCode}`,
+    details: result
+  });
+}
+function enforceBudgetConstraint(result) {
+  if (result.permitted) return;
+  if (result.hard_blocks.length === 0) {
+    throw new GovernanceEnforcementError({
+      gate: "budget",
+      denyCode: "limit_exceeded",
+      reason: "budget enforcement failed without a structured violation",
+      details: result
+    });
+  }
+  const first = result.hard_blocks[0];
+  throw new GovernanceEnforcementError({
+    gate: "budget",
+    denyCode: first.violation_type,
+    reason: first.description,
+    details: result
+  });
+}
+function autonomousBoundsDenyCode(result) {
+  if (!result.bounds_active) return "inactive";
+  if (!result.bounds_not_expired) return "expired";
+  if (!result.action_type_permitted) return "action_type_not_permitted";
+  if (!result.within_execution_ceiling) return "execution_ceiling_exceeded";
+  if (!result.within_daily_aggregate) return "daily_aggregate_exceeded";
+  if (!result.within_risk_tier) return "risk_tier_exceeded";
+  return "inactive";
+}
+function enforceAutonomousBounds(result) {
+  if (result.permitted) return;
+  const denyCode = autonomousBoundsDenyCode(result);
+  throw new GovernanceEnforcementError({
+    gate: "autonomous_bounds",
+    denyCode,
+    reason: result.denial_reason ?? `autonomous execution out of bounds: ${denyCode}`,
+    details: result
+  });
+}
+function enforceEconomicGovernance(params) {
+  if (params.quorum !== void 0) enforceFinancialQuorum(params.quorum);
+  if (params.budget !== void 0) enforceBudgetConstraint(params.budget);
+  if (params.autonomous !== void 0) enforceAutonomousBounds(params.autonomous);
+}
+
+// src/governanceWebhooks.ts
+async function verifyWebhookSignature(payload, signature, secret) {
+  const prefix = "sha256=";
+  if (!signature.startsWith(prefix)) return false;
+  const receivedHex = signature.slice(prefix.length);
+  const encoder = new TextEncoder();
+  const key = await crypto.subtle.importKey(
+    "raw",
+    encoder.encode(secret),
+    { name: "HMAC", hash: "SHA-256" },
+    false,
+    ["sign"]
+  );
+  const sigBuffer = await crypto.subtle.sign("HMAC", key, encoder.encode(payload));
+  const expectedHex = Array.from(new Uint8Array(sigBuffer)).map((b) => b.toString(16).padStart(2, "0")).join("");
+  if (receivedHex.length !== expectedHex.length) return false;
+  let diff = 0;
+  for (let i = 0; i < expectedHex.length; i++) {
+    diff |= receivedHex.charCodeAt(i) ^ expectedHex.charCodeAt(i);
+  }
+  return diff === 0;
+}
+
+// src/complianceEvidence.ts
+function evidenceRunPasses(run) {
+  return (run.controls ?? []).every((c) => c.status !== "finding");
+}
+function nonPassingControls(run) {
+  return (run.controls ?? []).filter((c) => c.status !== "pass").sort((a, b) => {
+    if (a.status === "finding" && b.status !== "finding") return -1;
+    if (b.status === "finding" && a.status !== "finding") return 1;
+    return 0;
+  });
+}
+
+// src/policySync.ts
+function formatPolicySyncDiff(run) {
+  const parts = [];
+  if (run.policies_added > 0) parts.push(`+${run.policies_added} added`);
+  if (run.policies_updated > 0) parts.push(`~${run.policies_updated} updated`);
+  if (run.policies_removed > 0) parts.push(`-${run.policies_removed} removed`);
+  return parts.length > 0 ? parts.join(", ") : "no changes";
+}
+function isPolicySyncTerminal(run) {
+  return run.status === "completed" || run.status === "failed" || run.status === "rejected";
+}
+
+// src/webhook.ts
+var WebhookVerificationError = class extends Error {
+  name = "WebhookVerificationError";
+  constructor(message) {
+    super(message);
+  }
+};
+var _hasWebCrypto = (() => {
+  try {
+    return typeof crypto !== "undefined" && typeof crypto.subtle === "object" && crypto.subtle !== null;
+  } catch {
+    return false;
+  }
+})();
+function _extractHex(signature) {
+  if (typeof signature !== "string") return null;
+  const hex = signature.startsWith("sha256=") ? signature.slice(7) : signature;
+  if (hex.length !== 64) return null;
+  if (!/^[0-9a-f]+$/i.test(hex)) return null;
+  return hex.toLowerCase();
+}
+async function _timingSafeEqual(a, b) {
+  if (a.length !== b.length) return false;
+  if (!_hasWebCrypto) {
+    const { timingSafeEqual, createHmac: _c } = await import("crypto");
+    const aBuf = Buffer.from(a, "hex");
+    const bBuf = Buffer.from(b, "hex");
+    return timingSafeEqual(aBuf, bBuf);
+  }
+  let acc = 0;
+  for (let i = 0; i < a.length; i++) {
+    acc |= a.charCodeAt(i) ^ b.charCodeAt(i);
+  }
+  return acc === 0;
+}
+async function _hmacSha256Hex(payload, secret) {
+  if (_hasWebCrypto) {
+    const enc = new TextEncoder();
+    const key = await crypto.subtle.importKey(
+      "raw",
+      enc.encode(secret),
+      { name: "HMAC", hash: "SHA-256" },
+      false,
+      ["sign"]
+    );
+    const sig = await crypto.subtle.sign("HMAC", key, enc.encode(payload));
+    return Array.from(new Uint8Array(sig)).map((b) => b.toString(16).padStart(2, "0")).join("");
+  }
+  const { createHmac } = await import("crypto");
+  return createHmac("sha256", secret).update(payload).digest("hex");
+}
+async function verifyWebhook(payload, signature, secret) {
+  try {
+    const expectedHex = _extractHex(signature);
+    if (expectedHex === null) return false;
+    const actualHex = await _hmacSha256Hex(payload, secret);
+    return await _timingSafeEqual(actualHex, expectedHex);
+  } catch {
+    return false;
+  }
+}
+async function assertWebhook(payload, signature, secret) {
+  const valid = await verifyWebhook(payload, signature, secret);
+  if (!valid) {
+    throw new WebhookVerificationError(
+      "Webhook signature verification failed: the signature does not match the payload."
+    );
+  }
+}
+
+// src/crossOrgPermission.ts
+function summarizeCrossOrgPermission(result) {
+  if (!result.allowed) return "denied";
+  if (result.conditions.length > 0) return "conditional";
+  return "allowed";
+}
+
+// src/anomalyResponse.ts
+function matchAnomalyRules(rules, anomalyScore) {
+  return rules.filter((r) => r.is_active && anomalyScore >= r.anomaly_score_threshold).sort((a, b) => b.anomaly_score_threshold - a.anomaly_score_threshold);
+}
+function highestSeverityAction(rules) {
+  const ORDER = [
+    "escalate_to_regulator",
+    "rollback_execution",
+    "freeze_agent",
+    "require_hitl",
+    "create_incident",
+    "notify_admin"
+  ];
+  for (const action of ORDER) {
+    if (rules.some((r) => r.action_type === action)) return action;
+  }
+  return null;
+}
+
+// src/budgetExceptions.ts
+function isBudgetExceptionActive(exception, now) {
+  if (exception.status !== "approved") return false;
+  const ts = (now ?? /* @__PURE__ */ new Date()).toISOString();
+  if (exception.effective_from && ts < exception.effective_from) return false;
+  if (exception.effective_until && ts > exception.effective_until) return false;
+  return true;
+}
+function isBudgetExceptionTerminal(status) {
+  return status === "approved" || status === "rejected" || status === "expired" || status === "cancelled";
+}
+
+// src/regulatoryEscalation.ts
+function isRegulatoryEscalationTerminal(status) {
+  return status === "resolved" || status === "overridden";
+}
+function isEscalationSlaBreached(escalation, targetLevel, now) {
+  if (isRegulatoryEscalationTerminal(escalation.status)) return false;
+  const createdMs = new Date(escalation.created_at).getTime();
+  const nowMs = (now ?? /* @__PURE__ */ new Date()).getTime();
+  const elapsedHours = (nowMs - createdMs) / (1e3 * 60 * 60);
+  return elapsedHours > targetLevel.escalation_sla_hours;
+}
+
+// src/incentiveSignalFeedback.ts
+function computeSignalEngagementRate(summary) {
+  if (summary.total_signals === 0) return 0;
+  return summary.acted_on / summary.total_signals;
+}
+function isSubstantiveSignalResponse(actionType) {
+  return actionType === "policy_updated" || actionType === "training_initiated" || actionType === "process_changed" || actionType === "monitoring_increased" || actionType === "escalated";
+}
+
+// src/crossOrgImpersonation.ts
+function isImpersonationGrantUsable(grant, now) {
+  if (!grant.is_active) return false;
+  if (grant.revoked_at) return false;
+  const ts = (now ?? /* @__PURE__ */ new Date()).toISOString();
+  if (grant.expires_at && ts > grant.expires_at) return false;
+  return true;
+}
+function clampTokenDuration(grant, requestedSeconds) {
+  return Math.min(requestedSeconds, grant.max_token_duration_seconds);
+}
+
+// src/v2.ts
+var V2_BATCH_PATH = "/v1/evaluate/batch";
+var V2_STREAM_PATH = "/v1/evaluate/stream";
+var V2_GRAPHQL_PATH = "/v1/graphql";
+var V2_MAX_BATCH_ITEMS = 100;
+var V2_MAX_BODY_BYTES = 1e6;
+var V2_GRAPHQL_MAX_DEPTH = 8;
+var FeatureNotEnabledError = class extends AtlaSentError {
+  name = "FeatureNotEnabledError";
+  /** Which tenant flag is gating the endpoint. */
+  feature;
+  /** The wire path the SDK attempted (for diagnostics). */
+  endpoint;
+  constructor(init) {
+    const message = `AtlaSent V2 feature '${init.feature}' is not enabled for this tenant (POST ${init.endpoint} returned 404). Enable the v2_${init.feature} flag or fall back to the v1 per-item /v1-evaluate loop.`;
+    const errInit = { status: 404, code: "feature_disabled" };
+    if (init.requestId !== void 0) errInit.requestId = init.requestId;
+    super(message, errInit);
+    this.feature = init.feature;
+    this.endpoint = init.endpoint;
+  }
+};
+var UUID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+function assertValidBatchId(batchId) {
+  if (batchId === void 0) return;
+  if (typeof batchId !== "string" || !UUID_RE.test(batchId)) {
+    throw new TypeError(`batchId must be a valid UUID: ${String(batchId)}`);
+  }
+}
+function assertItemsShape(items) {
+  if (!Array.isArray(items) || items.length === 0) {
+    throw new TypeError("items must be a non-empty array");
+  }
+  if (items.length > V2_MAX_BATCH_ITEMS) {
+    throw new TypeError(
+      `items length ${items.length} exceeds maximum of ${V2_MAX_BATCH_ITEMS}`
+    );
+  }
+}
+function assertBodyWithinCap(raw) {
+  const bytes = new TextEncoder().encode(raw).length;
+  if (bytes > V2_MAX_BODY_BYTES) {
+    throw new TypeError(
+      `request body ${bytes} bytes exceeds maximum of ${V2_MAX_BODY_BYTES}`
+    );
+  }
+}
+function commonHeaders(apiKey) {
+  return {
+    "Content-Type": "application/json",
+    Accept: "application/json",
+    Authorization: `Bearer ${apiKey}`
+  };
+}
+function pickFetch(t) {
+  if (t.fetch !== void 0) return t.fetch;
+  if (typeof fetch !== "undefined") return fetch;
+  throw new Error(
+    "v2: no fetch implementation available (set transport.fetch or run on Node \u2265 18)"
+  );
+}
+async function evaluateMany(transport, req) {
+  assertItemsShape(req.items);
+  assertValidBatchId(req.batchId);
+  const body = { items: req.items };
+  if (req.batchId !== void 0) body["batch_id"] = req.batchId;
+  const raw = JSON.stringify(body);
+  assertBodyWithinCap(raw);
+  const url = `${transport.baseUrl}${V2_BATCH_PATH}`;
+  const fetchImpl = pickFetch(transport);
+  const response = await fetchImpl(url, {
+    method: "POST",
+    headers: commonHeaders(transport.apiKey),
+    body: raw
+  });
+  const requestId = response.headers.get("X-Request-ID") ?? void 0;
+  if (response.status === 404) {
+    const init = {
+      feature: "batch",
+      endpoint: V2_BATCH_PATH
+    };
+    if (requestId !== void 0) init.requestId = requestId;
+    throw new FeatureNotEnabledError(init);
+  }
+  if (!response.ok) {
+    throwHttpError(V2_BATCH_PATH, response.status, requestId);
+  }
+  const parsed = await safeJson(response, V2_BATCH_PATH, requestId);
+  return parseBatchResponse(parsed);
+}
+function parseBatchResponse(data) {
+  const root = data ?? {};
+  const rawItems = root["items"] ?? [];
+  const items = rawItems.map((it) => {
+    const out = {
+      index: typeof it["index"] === "number" ? it["index"] : -1
+    };
+    const decision = it["decision"];
+    if (typeof decision === "string") out.decision = decision;
+    const decisionId = it["decision_id"];
+    if (typeof decisionId === "string") out.decisionId = decisionId;
+    const permitToken = it["permit_token"];
+    if (typeof permitToken === "string") out.permitToken = permitToken;
+    const reason = it["reason"];
+    if (typeof reason === "string") out.reason = reason;
+    const errorCode = it["error_code"];
+    if (typeof errorCode === "string") out.errorCode = errorCode;
+    const errorMessage = it["error_message"];
+    if (typeof errorMessage === "string") out.errorMessage = errorMessage;
+    return out;
+  });
+  const batchId = root["batch_id"];
+  return {
+    batchId: typeof batchId === "string" ? batchId : "",
+    items,
+    partial: Boolean(root["partial"])
+  };
+}
+async function authorizeStream(transport, req, handlers = {}) {
+  assertItemsShape(req.items);
+  assertValidBatchId(req.batchId);
+  const body = { items: req.items };
+  if (req.batchId !== void 0) body["batch_id"] = req.batchId;
+  const raw = JSON.stringify(body);
+  assertBodyWithinCap(raw);
+  const url = `${transport.baseUrl}${V2_STREAM_PATH}`;
+  const fetchImpl = pickFetch(transport);
+  const response = await fetchImpl(url, {
+    method: "POST",
+    headers: {
+      ...commonHeaders(transport.apiKey),
+      Accept: "text/event-stream"
+    },
+    body: raw
+  });
+  const requestId = response.headers.get("X-Request-ID") ?? void 0;
+  if (response.status === 404) {
+    const init = {
+      feature: "streaming",
+      endpoint: V2_STREAM_PATH
+    };
+    if (requestId !== void 0) init.requestId = requestId;
+    throw new FeatureNotEnabledError(init);
+  }
+  if (!response.ok) {
+    throwHttpError(V2_STREAM_PATH, response.status, requestId);
+  }
+  if (response.body === null) {
+    throw new AtlaSentError(
+      `POST ${V2_STREAM_PATH} returned no response body`,
+      { code: "bad_response", status: response.status }
+    );
+  }
+  const complete = await consumeSseStream(response.body, handlers);
+  if (complete === null) {
+    throw new AtlaSentError(
+      "authorizeStream: stream closed without a `complete` event",
+      { code: "bad_response" }
+    );
+  }
+  return complete;
+}
+async function consumeSseStream(body, handlers) {
+  const reader = body.getReader();
+  const decoder = new TextDecoder("utf-8");
+  let buffer = "";
+  let eventName = void 0;
+  let complete = null;
+  while (true) {
+    const { value, done } = await reader.read();
+    if (value !== void 0) {
+      buffer += decoder.decode(value, { stream: !done });
+    }
+    if (done) {
+      buffer += decoder.decode();
+    }
+    let nl;
+    while ((nl = buffer.indexOf("\n")) !== -1) {
+      let line = buffer.slice(0, nl);
+      buffer = buffer.slice(nl + 1);
+      if (line.endsWith("\r")) line = line.slice(0, -1);
+      if (line === "") {
+        eventName = void 0;
+        continue;
+      }
+      if (line.startsWith(":")) continue;
+      if (line.startsWith("event:")) {
+        eventName = line.slice("event:".length).trim();
+        continue;
+      }
+      if (!line.startsWith("data:")) continue;
+      const dataText = line.slice("data:".length).trim();
+      let payload;
+      try {
+        payload = JSON.parse(dataText);
+      } catch {
+        continue;
+      }
+      if (typeof payload !== "object" || payload === null || Array.isArray(payload)) {
+        continue;
+      }
+      const p = payload;
+      if (eventName === "decision" && handlers.onDecision !== void 0) {
+        const dIndex = p["index"];
+        const dDecision = p["decision"];
+        const frame = {
+          index: typeof dIndex === "number" ? dIndex : -1,
+          decision: typeof dDecision === "string" ? dDecision : ""
+        };
+        const dId = p["decision_id"];
+        if (typeof dId === "string") frame.decisionId = dId;
+        const pt = p["permit_token"];
+        if (typeof pt === "string") frame.permitToken = pt;
+        const r = p["reason"];
+        if (typeof r === "string") frame.reason = r;
+        handlers.onDecision(frame);
+      } else if (eventName === "error" && handlers.onError !== void 0) {
+        const eIndex = p["index"];
+        const eCode = p["error_code"];
+        const eMsg = p["message"];
+        handlers.onError({
+          index: typeof eIndex === "number" ? eIndex : -1,
+          errorCode: typeof eCode === "string" ? eCode : "",
+          message: typeof eMsg === "string" ? eMsg : ""
+        });
+      } else if (eventName === "complete") {
+        const cBatchId = p["batch_id"];
+        const cCount = p["count"];
+        complete = {
+          batchId: typeof cBatchId === "string" ? cBatchId : "",
+          count: typeof cCount === "number" ? cCount : 0,
+          partial: Boolean(p["partial"])
+        };
+        try {
+          await reader.cancel();
+        } catch {
+        }
+        return complete;
+      }
+    }
+    if (done) break;
+  }
+  return complete;
+}
+async function graphql(transport, req) {
+  if (typeof req.query !== "string" || req.query.trim() === "") {
+    throw new TypeError("query must be a non-empty string");
+  }
+  const body = { query: req.query };
+  if (req.variables !== void 0) body["variables"] = req.variables;
+  if (req.operationName !== void 0)
+    body["operationName"] = req.operationName;
+  const raw = JSON.stringify(body);
+  assertBodyWithinCap(raw);
+  const url = `${transport.baseUrl}${V2_GRAPHQL_PATH}`;
+  const fetchImpl = pickFetch(transport);
+  const response = await fetchImpl(url, {
+    method: "POST",
+    headers: commonHeaders(transport.apiKey),
+    body: raw
+  });
+  const requestId = response.headers.get("X-Request-ID") ?? void 0;
+  if (response.status === 404) {
+    const init = {
+      feature: "graphql",
+      endpoint: V2_GRAPHQL_PATH
+    };
+    if (requestId !== void 0) init.requestId = requestId;
+    throw new FeatureNotEnabledError(init);
+  }
+  if (!response.ok) {
+    throwHttpError(V2_GRAPHQL_PATH, response.status, requestId);
+  }
+  const parsed = await safeJson(response, V2_GRAPHQL_PATH, requestId);
+  const root = parsed ?? {};
+  const out = {
+    data: root["data"] ?? null
+  };
+  const errs = root["errors"];
+  if (Array.isArray(errs) && errs.length > 0) {
+    out.errors = errs;
+  }
+  return out;
+}
+function throwHttpError(path, status, requestId) {
+  const errInit = {
+    status,
+    code: status >= 500 ? "server_error" : "bad_request"
+  };
+  if (requestId !== void 0) errInit.requestId = requestId;
+  throw new AtlaSentError(`POST ${path} returned ${status}`, errInit);
+}
+async function safeJson(response, path, requestId) {
+  try {
+    return await response.json();
+  } catch (cause) {
+    const errInit = {
+      status: response.status,
+      code: "bad_response",
+      cause
+    };
+    if (requestId !== void 0) errInit.requestId = requestId;
+    throw new AtlaSentError(`${path}: malformed JSON response`, errInit);
+  }
 }
 
 // src/index.ts
 var atlasent = {
   protect,
+  withPermit,
+  deployGate,
   configure,
+  requirePermit,
+  classifyCommand,
   verifyBundle,
+  PRODUCTION_DEPLOY_ACTION,
+  DEPLOYMENT_PRODUCTION_ACTION,
   AtlaSentClient,
   AtlaSentError,
   AtlaSentDeniedError
@@ -748,16 +3580,101 @@ var index_default = atlasent;
   AtlaSentClient,
   AtlaSentDeniedError,
   AtlaSentError,
+  AtlaSentEscalateError,
+  DEFAULT_INCENTIVE_CONFIG,
   DEFAULT_RETRY_POLICY,
+  DEFAULT_RISK_TIER_THRESHOLDS,
+  DEPLOYMENT_PRODUCTION_ACTION,
+  DEPLOY_GATE_CODES,
+  FeatureNotEnabledError,
+  GovernanceEnforcementError,
+  PRODUCTION_DEPLOY_ACTION,
+  PermitRevoked,
+  StreamParseError,
+  StreamTimeoutError,
+  V2_BATCH_PATH,
+  V2_GRAPHQL_MAX_DEPTH,
+  V2_GRAPHQL_PATH,
+  V2_MAX_BATCH_ITEMS,
+  V2_MAX_BODY_BYTES,
+  V2_STREAM_PATH,
+  WebhookVerificationError,
+  assertWebhook,
+  authorizeStream,
+  budgetUtilizationSeverity,
+  buildLiabilityChain,
+  buildLiabilityVisualization,
+  buildRiskTimeline,
+  buildSignableContent,
   canonicalJSON,
+  canonicalizeForEvidence,
+  checkAutonomousBounds,
+  checkBudgetConstraints,
+  clampTokenDuration,
+  classifyCommand,
+  classifyRiskTier,
+  computeApprovalRiskScore,
   computeBackoffMs,
+  computeEscalatedApprovalCount,
+  computeExposureScore,
+  computeGovernanceHealthScore,
+  computeHHI,
+  computeLiabilityWeights,
+  computeOverallRiskScore,
+  computeOverrideScore,
+  computeRemediationUrgency,
+  computeSignalEngagementRate,
   configure,
+  delegationPropagationHadEffect,
+  deployGate,
+  detectAutonomousAnomaly,
+  detectMisalignedIncentives,
+  detectSelfApproval,
+  enforceAutonomousBounds,
+  enforceBudgetConstraint,
+  enforceEconomicGovernance,
+  enforceFinancialQuorum,
+  evaluateFinancialQuorum,
+  evaluateMany,
+  evidenceRunPasses,
+  findPrimaryLiabilityParties,
+  formatPolicySyncDiff,
+  graphql,
   hasAttemptsLeft,
+  hhiToConcentrationScore,
+  highestSeverityAction,
+  hitlRequiredApproverCount,
+  isBudgetExceptionActive,
+  isBudgetExceptionTerminal,
+  isEscalationSlaBreached,
+  isFreezeActive,
+  isImpersonationGrantUsable,
+  isPolicySyncTerminal,
+  isRegulatoryEscalationTerminal,
   isRetryable,
+  isSandboxDiffPopulated,
+  isSubstantiveSignalResponse,
+  matchAnomalyRules,
   mergePolicy,
+  nonPassingControls,
+  normalizeEvaluateRequest,
+  normalizeEvaluateResponse,
+  normalizePermitOutcome,
   protect,
+  requirePermit,
+  scoreToRiskTier,
+  serializeSignableContent,
   signedBytesFor,
+  summarizeCrossOrgPermission,
+  transitionDispute,
+  transitionReversal,
+  validateLiabilityChain,
   verifyAuditBundle,
-  verifyBundle
+  verifyBundle,
+  verifyEvidenceBundleStructure,
+  verifyWebhook,
+  verifyWebhookSignature,
+  withPermit,
+  withinAutonomousCeiling
 });
 //# sourceMappingURL=index.cjs.map