@atlasent/sdk 2.5.0 → 2.10.0

package/dist/{protect-DiRVfVLq.d.ts → protect-C0t0fP1y.d.ts}

@@ -45,7 +45,7 @@ declare class StreamParseError extends Error {
     constructor(rawData: string, cause?: unknown);
 }
 /** Discriminator for {@link AtlaSentError.code}. */
-type AtlaSentErrorCode = "invalid_api_key" | "forbidden" | "rate_limited" | "timeout" | "network" | "bad_response" | "bad_request" | "server_error" | "feature_disabled";
+type AtlaSentErrorCode = "invalid_api_key" | "forbidden" | "rate_limited" | "timeout" | "network" | "bad_response" | "bad_request" | "server_error" | "feature_disabled" | "claim_evidence_incomplete";
 /** Initialization options for {@link AtlaSentError}. */
 interface AtlaSentErrorInit {
     status?: number;
@@ -686,6 +686,40 @@ interface DeployGateResponse {
     /** Best-effort audit/evidence metadata available to the SDK. */
     evidence: DeployGateEvidence;
 }
+/**
+ * Frozen BVS snapshot wire shape (BI4).
+ * Carried in {@link EvaluateRequest}.context.bvsSnapshot when
+ * the `behavior_conditioning` flag is enabled for the tenant.
+ * Produced by behavior-insights GET /api/patterns/snapshot/:userId
+ * and attached via `@atlasent/behavior` attachToEvaluate().
+ */
+interface BvsSnapshot {
+    user_id: string;
+    /** Factor model output — keyed by BVS factor slug, value is score 0-1. */
+    factors: Record<string, number>;
+    /** Aggregate confidence score (0-1). Decays on a 60-day half-life. */
+    confidence: number;
+    /** True when the aggregate is fresh-and-thin (too few events to trust). */
+    confidence_low: boolean;
+    /** ISO-8601 timestamp of the compute run that produced this snapshot. */
+    computed_at: string;
+}
+/**
+ * Consent-class projection (BI5) — the privacy-safe aggregate shape that
+ * third-party apps (LedgersMe, hiCoach, echobloom) receive when reading a
+ * user's behavioral summary. Counts and timestamps only; no raw free-text.
+ * Produced by behavior-insights `/api/patterns/summary/:userId` and fetched
+ * via `@atlasent/behavior` getStateSummary(). The SDK enforces
+ * {@link https://github.com/AtlaSent-Systems-Inc/atlasent-sdk | assertNoRawText}
+ * client-side before returning this shape to callers.
+ */
+interface ConsentClassProjection {
+    user_id: string;
+    window_start: string;
+    window_end: string;
+    event_count: number;
+    category_counts: Partial<Record<string, number>>;
+}
 /** Input to {@link AtlaSentClient.evaluate}. */
 interface EvaluateRequest {
     /** Identifier of the calling agent (e.g. "clinical-data-agent"). */
@@ -694,6 +728,12 @@ interface EvaluateRequest {
     action: string;
     /** Arbitrary policy context (user, environment, resource IDs). */
     context?: Record<string, unknown>;
+    /**
+     * When `true`, the server populates `riskEnvelope.factors` with a
+     * per-factor breakdown of the weighted risk score. Omit (or `false`)
+     * to keep response payloads small.
+     */
+    explain?: boolean;
 }
 /**
  * Slim permit object embedded in {@link EvaluateResponse} when the decision
@@ -793,6 +833,43 @@ interface EvaluateResponse {
      * `X-RateLimit-*` headers. `null` when the server didn't emit them.
      */
     rateLimit: RateLimitState | null;
+    /**
+     * Risk envelope summary from the policy engine. Present on all responses
+     * from engine version wire-v1@1.0.0+. Provides the weighted risk score,
+     * the pre/post-promotion decisions, and (when evaluate was called with
+     * `explain: true`) a per-factor breakdown.
+     *
+     * The envelope can only raise severity — it structurally cannot soften
+     * a deny to allow. When `promoted` is true the live `decision` was
+     * upgraded from `engineDecision` to `envelopeDecision`.
+     */
+    riskEnvelope?: EvaluateRiskEnvelope;
+}
+/** Per-factor contribution in a {@link EvaluateRiskEnvelope}. */
+interface EvaluateRiskEnvelopeFactor {
+    /** Factor identifier, e.g. `"ACTION_SENSITIVITY"`. */
+    factor: string;
+    /** Factor score in [0, 1]. Higher = more risk. */
+    value: number;
+    /** Configured weight for this factor. */
+    weight: number;
+    /** Human-readable explanation for the score. */
+    reason: string;
+}
+/** Risk envelope summary returned in a top-level {@link EvaluateResponse}. */
+interface EvaluateRiskEnvelope {
+    /** Weighted risk score in [0, 1]. Score ≥ 0.70 triggers a hold. */
+    weightedScore: number;
+    /** Policy engine decision before envelope promotion. */
+    engineDecision: Decision;
+    /** Decision resolved by the risk envelope. */
+    envelopeDecision: Decision;
+    /** `true` when the envelope raised the decision's severity (most-restrictive-wins). */
+    promoted: boolean;
+    /** Deny codes that unconditionally block regardless of score. */
+    hardBlocks: string[];
+    /** Per-factor breakdown. Present only when `explain: true` was passed. */
+    factors?: EvaluateRiskEnvelopeFactor[];
 }
 /** Input to {@link AtlaSentClient.verifyPermit}. */
 interface VerifyPermitRequest {
@@ -838,6 +915,11 @@ interface VerifyPermitResponse {
     permitHash: string;
     /** ISO 8601 timestamp of the verification. */
     timestamp: string;
+    /**
+     * ISO-8601 expiration timestamp of the permit. `null` on pre-rollout
+     * server versions that do not yet surface this field.
+     */
+    expiresAt: string | null;
     /**
      * Per-key rate-limit state for this request's response, parsed from
      * `X-RateLimit-*` headers. `null` when the server didn't emit them.
@@ -1265,6 +1347,307 @@ interface StreamProgressEvent {
 }
 /** Union of all events yielded by {@link AtlaSentClient.protectStream}. */
 type StreamEvent = StreamDecisionEvent | StreamProgressEvent;
+/**
+ * A single item in a {@link AtlaSentClient.evaluateBatch} call.
+ * Same shape as {@link EvaluateRequest}.
+ */
+interface BatchEvalItem {
+    /** Identifier of the calling agent. */
+    agent: string;
+    /** The action being authorized. */
+    action: string;
+    /** Arbitrary policy context. */
+    context?: Record<string, unknown>;
+}
+/**
+ * Per-item result in an {@link EvaluateBatchResponse}.
+ *
+ * Success items carry `decision`, `decisionId`, `permitToken`, `auditHash`,
+ * and `timestamp`. Error items (when the per-item RPC layer failed) carry
+ * only `index`, `error`, and optionally `message`.
+ */
+interface EvaluateBatchResultItem {
+    /** 0-based position matching the input order. */
+    index: number;
+    /**
+     * Policy decision for this item. Present on success items.
+     * `"allow"`, `"deny"`, `"hold"`, or `"escalate"`.
+     */
+    decision?: DecisionCanonical;
+    /** Server-assigned permit / decision identifier. */
+    decisionId?: string;
+    /** Opaque permit token (allow decisions only). Pass to verifyPermit(). */
+    permitToken?: string | null;
+    /** Machine-readable denial / hold reason. */
+    reason?: string;
+    /** Hash-chained audit-trail entry. */
+    auditHash?: string;
+    /** ISO-8601 decision timestamp. */
+    timestamp?: string;
+    /** Error code when the item itself failed at the RPC layer. */
+    error?: string;
+    /** Human-readable detail when `error` is set. */
+    message?: string;
+}
+/**
+ * Response from {@link AtlaSentClient.evaluateBatch}.
+ *
+ * - `items` is in the same order as the input `requests` array.
+ * - `partial: true` means at least one item errored at the RPC layer
+ *   (not a policy deny — those are surfaced via `decision: "deny"` on
+ *   the item). Check `item.error` on items without a `decision`.
+ * - `replayed: true` means the response was served from the idempotency
+ *   cache (a prior call with the same `batchId` completed within 24 h).
+ */
+interface BatchEvalResponse {
+    /** Server-assigned (or caller-supplied) batch identifier. */
+    batchId: string;
+    /** Per-item results, in input order. */
+    items: EvaluateBatchResultItem[];
+    /** `true` when at least one item failed at the RPC layer. */
+    partial: boolean;
+    /** `true` when served from the idempotency cache. */
+    replayed?: boolean;
+    /** Rate-limit state from the batch response headers. */
+    rateLimit: RateLimitState | null;
+}
+/**
+ * Options for {@link AtlaSentClient.subscribeDecisions}.
+ */
+interface SubscribeDecisionsOptions {
+    /**
+     * Filter to specific event types (e.g. `["evaluate.allow", "evaluate.deny"]`).
+     * Omit to receive all types.
+     */
+    types?: string[];
+    /** Filter to a specific actor ID. */
+    actorId?: string;
+    /**
+     * Resume from a prior event. Pass the `id` of the last received event.
+     * The server replays everything after that sequence position, then
+     * transitions to live polling.
+     */
+    lastEventId?: string;
+    /**
+     * Maximum session duration in seconds. The server emits `session_end`
+     * and closes after this window; the caller should reconnect with the
+     * last received `lastEventId`. Defaults to 1800 (30 min), max 3600 (1 h).
+     */
+    maxSeconds?: number;
+    /** Abort signal to cancel the stream. */
+    signal?: AbortSignal;
+}
+/**
+ * A single event from {@link AtlaSentClient.subscribeDecisions}.
+ *
+ * The `type` field maps to the audit-event type emitted by the server
+ * (e.g. `"evaluate.allow"`, `"evaluate.deny"`, `"permit.verified"`).
+ * `"heartbeat"` is a synthetic type emitted by the SDK — not a server
+ * event — indicating the server sent a keepalive ping.
+ * `"session_end"` signals the server-side max-seconds limit was reached;
+ * reconnect with `lastEventId` to continue.
+ */
+interface DecisionStreamEvent {
+    /** Stable server-assigned ID. Pass as `lastEventId` to resume. */
+    id?: string;
+    /**
+     * Audit-event type, e.g. `"evaluate.allow"`, `"evaluate.deny"`,
+     * `"evaluate.hold"`, `"permit.verified"`, `"permit.revoked"`,
+     * `"heartbeat"`, `"session_end"`.
+     */
+    type: string;
+    decision?: DecisionCanonical;
+    actorId?: string;
+    resourceType?: string;
+    resourceId?: string;
+    payload?: Record<string, unknown>;
+    hash?: string;
+    previousHash?: string;
+    occurredAt?: string;
+}
+
+/**
+ * Evidence Engine — per-decision proof artifacts, "why" traces, and
+ * compliance-ready bundles.
+ *
+ * Turn every AtlaSent decision into tamper-evident proof that buyers
+ * can hand to auditors, compliance teams, and regulators.
+ *
+ * Primary entry points:
+ *
+ * 1. `buildWhyTrace(decision, reasons, constraintTrace)` — converts
+ *    the ConstraintTrace from `?include=constraint_trace` into a
+ *    structured human/machine-readable "why allowed / why denied" trace.
+ *
+ * 2. `buildDecisionReceiptPayload(args)` — assembles the canonical
+ *    signable payload for a per-decision receipt.
+ *
+ * 3. `signDecisionReceiptHmac(payload, secret)` — HMAC-SHA256 sign.
+ *
+ * 4. `verifyDecisionReceiptHmac(receipt, secret)` — offline verify.
+ *
+ * 5. `computeBundleHash(bundle)` — SHA-256 of an ActionEvidenceBundle.
+ *
+ * 6. `soc2ControlCoverageForDecision(opts)` — map a decision to SOC 2
+ *    control coverage.
+ *
+ * The {@link DecisionReceipt} is the category-defining artifact: a
+ * self-contained, signed, human-readable proof that a specific action
+ * was (or was not) authorized at a specific moment. Every enforcement
+ * adapter produces one; every compliance bundle includes one.
+ */
+
+/**
+ * One evaluated stage within a policy, in the order the engine ran it.
+ */
+interface WhyStage {
+    /** Engine stage name (e.g. `"role_check"`, `"context"`). */
+    stage: string;
+    /** Rule identifier, if the stage is rule-bound. */
+    rule?: string;
+    /** Whether this stage's predicate fired / matched. */
+    matched: boolean;
+    /** Non-obvious detail from the engine. */
+    detail?: string;
+    /**
+     * Impact classification:
+     * - `"terminal"` — this stage caused the outer decision.
+     * - `"contributing"` — matched but was not the decisive stage.
+     * - `"passing"` — did not match; execution continued.
+     */
+    impact: "terminal" | "contributing" | "passing";
+}
+/** Per-policy evaluation block within a WhyTrace. */
+interface WhyPolicyEvaluation {
+    policy_id: string;
+    /** Policy-level decision. */
+    decision: string;
+    /** Engine-side fingerprint of the policy bundle row. */
+    fingerprint: string;
+    /** Optional risk score from a `risk` rule clause. */
+    risk_score?: number;
+    /** Stages evaluated for this policy, in order. */
+    stages: WhyStage[];
+    /** `true` iff this policy's decision drove the outer envelope decision. */
+    was_decisive: boolean;
+}
+/**
+ * Structured "why allowed / why denied" trace.
+ *
+ * Produced by `buildWhyTrace()` from the `ConstraintTrace` returned
+ * by `/v1-evaluate?include=constraint_trace`. Suitable for:
+ *
+ * - UI display ("Why was this denied?")
+ * - Email / Slack notifications
+ * - Compliance-bundle human-readable section
+ * - Machine-readable policy audit by external verifiers
+ *
+ * `summary` is a one-sentence plain-English explanation.
+ */
+interface WhyTrace {
+    decision: DecisionCanonical;
+    /** One-sentence human-readable explanation. */
+    summary: string;
+    /** Policy whose decision drove the outer result. Absent on clean allow. */
+    matched_policy_id?: string;
+    /** Per-policy evaluation blocks in evaluation order. */
+    policy_evaluations: WhyPolicyEvaluation[];
+    /**
+     * The single stage that caused the terminal outcome, extracted for
+     * quick access. `undefined` on a clean allow (no blocking stage).
+     */
+    terminal_stage?: WhyStage;
+    /** Total stages evaluated across all policies. */
+    total_stages_evaluated: number;
+}
+/** Signing algorithm tag on a {@link DecisionReceipt}. */
+type DecisionReceiptAlgorithm = "hmac-sha256" | "ed25519" | "none";
+/**
+ * The canonical signed payload of a {@link DecisionReceipt}.
+ *
+ * Field order is load-bearing: HMAC and chain verifiers stringify
+ * this object and must reproduce byte-identical output. Never reorder
+ * the fields; add new optional fields at the end only.
+ */
+interface DecisionReceiptPayload {
+    receipt_id: string;
+    evaluation_id: string;
+    org_id: string;
+    decision: DecisionCanonical;
+    action: string;
+    actor: string;
+    resource_type: string | null;
+    resource_id: string | null;
+    reasons: string[];
+    /** One-sentence human-readable summary from the WhyTrace. */
+    why_summary: string;
+    /** Permit ID when the decision was `"allow"`. */
+    permit_id: string | null;
+    /** Permit verification hash when the decision was `"allow"`. */
+    permit_hash: string | null;
+    /** Hash-chained audit-trail entry from the evaluate response. */
+    audit_hash: string;
+    /** SHA-256 hex of canonical JSON of the evaluate context. */
+    context_hash: string;
+    /** ISO-8601 when this receipt was issued. */
+    issued_at: string;
+    /** ISO-8601 TTL, or `null` for non-expiring receipts. */
+    expires_at: string | null;
+}
+/**
+ * A signed, tamper-evident record of a single AtlaSent authorization
+ * decision. Self-contained: contains everything an auditor needs to
+ * verify the decision without querying the API.
+ *
+ * **Signature semantics (HMAC-SHA256):**
+ *
+ *   `HMAC-SHA256(secret,
+ *     receipt_id + "\\n" + issued_at + "\\n" + JSON.stringify(payload))`
+ *
+ * When `algorithm === "ed25519"`, `signature` is hex-encoded Ed25519
+ * over the same input string encoded as UTF-8.
+ *
+ * Offline verification: `verifyDecisionReceiptHmac(receipt, secret)`.
+ *
+ * Callers MUST reject receipts where `algorithm === "none"` in any
+ * context requiring tamper-evidence.
+ */
+interface DecisionReceipt {
+    receipt_id: string;
+    evaluation_id: string;
+    org_id: string;
+    decision: DecisionCanonical;
+    action: string;
+    actor: string;
+    resource_type: string | null;
+    resource_id: string | null;
+    reasons: string[];
+    /**
+     * Full structured "why" trace. `null` when the evaluation was
+     * performed without `?include=constraint_trace`.
+     */
+    why_trace: WhyTrace | null;
+    permit_id: string | null;
+    permit_hash: string | null;
+    audit_hash: string;
+    /** SHA-256 hex of canonical JSON of the evaluate context. */
+    context_hash: string;
+    issued_at: string;
+    expires_at: string | null;
+    algorithm: DecisionReceiptAlgorithm;
+    /**
+     * Hex (HMAC-SHA256 or Ed25519) signature, or `null` when
+     * `algorithm === "none"`.
+     */
+    signature: string | null;
+    /** Registry key ID that signed, when `algorithm !== "none"`. */
+    signing_key_id: string | null;
+    /**
+     * Full payload that was signed. Pass to `verifyDecisionReceiptHmac`
+     * or reconstruct independently for external verification.
+     */
+    payload: DecisionReceiptPayload;
+}
 
 /** Input to {@link protect}. Same shape as `EvaluateRequest`. */
 interface ProtectRequest {
@@ -1287,6 +1670,8 @@ interface Permit {
     reason: string;
     /** ISO 8601 timestamp of the verification. */
     timestamp: string;
+    /** ISO-8601 expiration timestamp of the permit. null on pre-rollout servers. */
+    permitExpiresAt: string | null;
 }
 /** Configuration for the process-wide singleton used by {@link protect}. */
 interface ConfigureOptions {
@@ -1325,5 +1710,67 @@ declare function deployGate(request?: DeployGateRequest): Promise<DeployGateResp
  *   or server error. Same fail-closed contract: do not proceed.
  */
 declare function protect(request: ProtectRequest): Promise<Permit>;
+/**
+ * A verified {@link Permit} with an embedded signed {@link DecisionReceipt}.
+ *
+ * Returned by {@link protectWithEvidence}. Store `receipt` alongside
+ * your action record (deploy logs, payment records, close workflows)
+ * to give auditors a self-contained proof of authorization.
+ */
+interface PermitWithEvidence extends Permit {
+    /** Signed per-decision receipt. `algorithm: "none"` when no signing secret was supplied. */
+    receipt: DecisionReceipt;
+}
+/** Options for {@link protectWithEvidence}. */
+interface ProtectWithEvidenceOptions {
+    /**
+     * HMAC-SHA256 signing secret. When provided, the receipt is signed
+     * and can be verified offline with `verifyDecisionReceiptHmac`.
+     * Recommend `process.env.ATLASENT_RECEIPT_SIGNING_SECRET`.
+     */
+    signingSecret?: string;
+    /**
+     * Registry key ID recorded on the receipt, paired with `signingSecret`.
+     * Used for key rotation: store the ID alongside the receipt so
+     * verifiers know which key to use.
+     */
+    signingKeyId?: string;
+    /**
+     * If you have already called `client.evaluatePreflight()` for this
+     * request, pass `constraintTrace` here to populate
+     * `receipt.why_trace` with the full stage-by-stage "why" trace.
+     * When omitted, `why_trace` is `null` on the receipt.
+     */
+    constraintTrace?: ConstraintTrace | null;
+}
+/**
+ * Authorize an action end-to-end and mint a signed {@link DecisionReceipt}.
+ *
+ * Same fail-closed contract as {@link protect} — throws
+ * {@link AtlaSentDeniedError} on deny, {@link AtlaSentError} on
+ * transport failure. The action MUST NOT proceed if this throws.
+ *
+ * On allow, returns the verified `Permit` plus a signed `DecisionReceipt`
+ * that captures:
+ * - The evaluation ID and decision
+ * - Human-readable reasons
+ * - Permit ID and hash
+ * - Audit-trail hash (hash-chain link)
+ * - SHA-256 of the evaluate context (tamper-evidence for the inputs)
+ * - Optional "why" trace (pass `constraintTrace` from `evaluatePreflight`)
+ *
+ * ```ts
+ * const { permit, receipt } = await protectWithEvidence(
+ *   { agent: "deploy-bot", action: "production.deploy", context },
+ *   {
+ *     signingSecret: process.env.ATLASENT_RECEIPT_SIGNING_SECRET,
+ *     signingKeyId: "key-v1",
+ *   },
+ * );
+ * // Store alongside the deployment record.
+ * await db.deployments.create({ commitSha, permit, receipt });
+ * ```
+ */
+declare function protectWithEvidence(request: ProtectRequest, opts?: ProtectWithEvidenceOptions): Promise<PermitWithEvidence>;
 
-export { type DeployGateDenyCode as $, AtlaSentDeniedError as A, type AtlaSentErrorInit as B, AtlaSentEscalateError as C, type DeployGateRequest as D, type EvaluateRequest as E, type AtlaSentEscalateErrorInit as F, type GetPermitResponse as G, type AuditDecision as H, type AuditEvent as I, type AuditEventsPage as J, type AuditExport as K, type ListPermitsRequest as L, type AuditExportSignatureStatus as M, type ConfigureOptions as N, type ConstraintTrace as O, type Permit as P, type ConstraintTracePolicy as Q, type RateLimitState as R, type StreamOptions as S, type ConstraintTraceStage as T, DEFAULT_RETRY_POLICY as U, type VerifyPermitRequest as V, DEPLOYMENT_PRODUCTION_ACTION as W, DEPLOY_GATE_CODES as X, type Decision as Y, type DecisionCanonical as Z, type DeployGateContext as _, AtlaSentError as a, type DeployGateEvidence as a0, type DeployOverrideClaim as a1, type DeployPermitClaim as a2, type EvaluateResponsePermit as a3, PRODUCTION_DEPLOY_ACTION as a4, type PermitOutcome as a5, type PermitRecord as a6, PermitRevoked as a7, type PermitStatus as a8, type RetryPolicy as a9, type StreamDecisionEvent as aa, StreamParseError as ab, type StreamProgressEvent as ac, StreamTimeoutError as ad, computeBackoffMs as ae, hasAttemptsLeft as af, isRetryable as ag, mergePolicy as ah, normalizePermitOutcome as ai, type ProtectRequest as b, type AtlaSentClientOptions as c, type EvaluateResponse as d, type EvaluatePreflightResponse as e, type VerifyPermitResponse as f, type DeployGateResponse as g, type RevokePermitRequest as h, type RevokePermitResponse as i, type RevokePermitByIdInput as j, type RevokePermitByIdResponse as k, type VerifyPermitByIdResponse as l, type PermitValidResponse as m, type ListPermitsResponse as n, type ApiKeySelfResponse as o, type AuditEventsQuery as p, type AuditEventsResult as q, type AuditExportRequest as r, type AuditExportResult as s, type StreamEvent as t, protect as u, deployGate as v, configure as w, type AtlaSentDecision as x, type AtlaSentDeniedErrorInit as y, type AtlaSentErrorCode as z };
+export { type ConstraintTrace as $, AtlaSentDeniedError as A, type BatchEvalItem as B, protect as C, type DecisionCanonical as D, type EvaluateRequest as E, deployGate as F, type GetPermitResponse as G, configure as H, type AtlaSentDecision as I, type AtlaSentDeniedErrorInit as J, type AtlaSentErrorCode as K, type ListPermitsRequest as L, type AtlaSentErrorInit as M, AtlaSentEscalateError as N, type AtlaSentEscalateErrorInit as O, type Permit as P, type AuditDecision as Q, type RateLimitState as R, type SubscribeDecisionsOptions as S, type AuditEvent as T, type AuditEventsPage as U, type VerifyPermitRequest as V, type AuditExport as W, type AuditExportSignatureStatus as X, type BvsSnapshot as Y, type ConfigureOptions as Z, type ConsentClassProjection as _, AtlaSentError as a, type ConstraintTracePolicy as a0, type ConstraintTraceStage as a1, DEFAULT_RETRY_POLICY as a2, DEPLOYMENT_PRODUCTION_ACTION as a3, DEPLOY_GATE_CODES as a4, type Decision as a5, type DeployGateContext as a6, type DeployGateDenyCode as a7, type DeployGateEvidence as a8, type DeployOverrideClaim as a9, type DeployPermitClaim as aa, type EvaluateBatchResultItem as ab, type EvaluateResponsePermit as ac, type EvaluateRiskEnvelope as ad, type EvaluateRiskEnvelopeFactor as ae, PRODUCTION_DEPLOY_ACTION as af, type PermitOutcome as ag, type PermitRecord as ah, PermitRevoked as ai, type PermitStatus as aj, type PermitWithEvidence as ak, type ProtectWithEvidenceOptions as al, type RetryPolicy as am, type StreamDecisionEvent as an, StreamParseError as ao, type StreamProgressEvent as ap, StreamTimeoutError as aq, computeBackoffMs as ar, hasAttemptsLeft as as, isRetryable as at, mergePolicy as au, normalizePermitOutcome as av, protectWithEvidence as aw, type ProtectRequest as b, type AtlaSentClientOptions as c, type EvaluateResponse as d, type BatchEvalResponse as e, type DecisionStreamEvent as f, type EvaluatePreflightResponse as g, type VerifyPermitResponse as h, type DeployGateRequest as i, type DeployGateResponse as j, type RevokePermitRequest as k, type RevokePermitResponse as l, type RevokePermitByIdInput as m, type RevokePermitByIdResponse as n, type VerifyPermitByIdResponse as o, type PermitValidResponse as p, type ListPermitsResponse as q, type ApiKeySelfResponse as r, type AuditEventsQuery as s, type AuditEventsResult as t, type AuditExportRequest as u, type AuditExportResult as v, type StreamOptions as w, type StreamEvent as x, type DecisionReceipt as y, type DecisionReceiptAlgorithm as z };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@atlasent/sdk",
-  "version": "2.5.0",
+  "version": "2.10.0",
   "description": "TypeScript SDK for the AtlaSent authorization API",
   "license": "Apache-2.0",
   "type": "module",
@@ -101,6 +101,7 @@
   "devDependencies": {
     "@size-limit/esbuild": "^12.1.0",
     "@size-limit/file": "^12.1.0",
+    "@types/express": "^5.0.6",
     "@types/jsdom": "^28.0.1",
     "@types/node": "^25.6.0",
     "@vitest/coverage-v8": "^4.1.5",
@@ -113,9 +114,13 @@
     "vitest": "^4.1.5"
   },
   "peerDependencies": {
+    "express": "^4.0.0 || ^5.0.0",
     "hono": "^4.0.0"
   },
   "peerDependenciesMeta": {
+    "express": {
+      "optional": true
+    },
     "hono": {
       "optional": true
     }