@atlasent/sdk 2.5.0 → 2.10.0

package/dist/index.cjs

@@ -34,13 +34,18 @@ __export(index_exports, {
   AtlaSentDeniedError: () => AtlaSentDeniedError,
   AtlaSentError: () => AtlaSentError,
   AtlaSentEscalateError: () => AtlaSentEscalateError,
+  BCCAEClient: () => BCCAEClient,
   DEFAULT_INCENTIVE_CONFIG: () => DEFAULT_INCENTIVE_CONFIG,
+  DEFAULT_REDACTION_RULES: () => DEFAULT_REDACTION_RULES,
   DEFAULT_RETRY_POLICY: () => DEFAULT_RETRY_POLICY,
   DEFAULT_RISK_TIER_THRESHOLDS: () => DEFAULT_RISK_TIER_THRESHOLDS,
   DEPLOYMENT_PRODUCTION_ACTION: () => DEPLOYMENT_PRODUCTION_ACTION,
   DEPLOY_GATE_CODES: () => DEPLOY_GATE_CODES,
+  EscalationDeniedError: () => EscalationDeniedError,
+  EscalationTimeoutError: () => EscalationTimeoutError,
   FeatureNotEnabledError: () => FeatureNotEnabledError,
   GovernanceEnforcementError: () => GovernanceEnforcementError,
+  NOT_APPLICABLE: () => NOT_APPLICABLE,
   PRODUCTION_DEPLOY_ACTION: () => PRODUCTION_DEPLOY_ACTION,
   PermitRevoked: () => PermitRevoked,
   StreamParseError: () => StreamParseError,
@@ -55,6 +60,9 @@ __export(index_exports, {
   assertWebhook: () => assertWebhook,
   authorizeStream: () => authorizeStream,
   budgetUtilizationSeverity: () => budgetUtilizationSeverity,
+  buildActionContext: () => buildActionContext,
+  buildClaimEvidenceLink: () => buildClaimEvidenceLink,
+  buildClaimEvidenceLinkFromActionBundle: () => buildClaimEvidenceLinkFromActionBundle,
   buildLiabilityChain: () => buildLiabilityChain,
   buildLiabilityVisualization: () => buildLiabilityVisualization,
   buildRiskTimeline: () => buildRiskTimeline,
@@ -63,9 +71,11 @@ __export(index_exports, {
   canonicalizeForEvidence: () => canonicalizeForEvidence,
   checkAutonomousBounds: () => checkAutonomousBounds,
   checkBudgetConstraints: () => checkBudgetConstraints,
+  checkIntegrationHealth: () => checkIntegrationHealth,
   clampTokenDuration: () => clampTokenDuration,
   classifyCommand: () => classifyCommand,
   classifyRiskTier: () => classifyRiskTier,
+  classifyToolRisk: () => classifyToolRisk,
   computeApprovalRiskScore: () => computeApprovalRiskScore,
   computeBackoffMs: () => computeBackoffMs,
   computeEscalatedApprovalCount: () => computeEscalatedApprovalCount,
@@ -78,6 +88,10 @@ __export(index_exports, {
   computeRemediationUrgency: () => computeRemediationUrgency,
   computeSignalEngagementRate: () => computeSignalEngagementRate,
   configure: () => configure,
+  configureApprovalRuntime: () => configureApprovalRuntime,
+  configureControlSurface: () => configureControlSurface,
+  configureShadow: () => configureShadow,
+  createEscalation: () => createEscalation,
   default: () => index_default,
   delegationPropagationHadEffect: () => delegationPropagationHadEffect,
   deployGate: () => deployGate,
@@ -92,10 +106,15 @@ __export(index_exports, {
   evaluateMany: () => evaluateMany,
   evidenceRunPasses: () => evidenceRunPasses,
   findPrimaryLiabilityParties: () => findPrimaryLiabilityParties,
+  flattenActionContext: () => flattenActionContext,
   formatPolicySyncDiff: () => formatPolicySyncDiff,
+  generateBccaeNonce: () => generateBccaeNonce,
+  getEnforcementStatus: () => getEnforcementStatus,
+  getOrgSummary: () => getOrgSummary,
   graphql: () => graphql,
   hasAttemptsLeft: () => hasAttemptsLeft,
   hhiToConcentrationScore: () => hhiToConcentrationScore,
+  highestAgentFindingSeverity: () => highestAgentFindingSeverity,
   highestSeverityAction: () => highestSeverityAction,
   hitlRequiredApproverCount: () => hitlRequiredApproverCount,
   isBudgetExceptionActive: () => isBudgetExceptionActive,
@@ -115,6 +134,17 @@ __export(index_exports, {
   normalizeEvaluateResponse: () => normalizeEvaluateResponse,
   normalizePermitOutcome: () => normalizePermitOutcome,
   protect: () => protect,
+  protectCloseAction: () => protectCloseAction,
+  protectDeploy: () => protectDeploy,
+  protectOrEscalate: () => protectOrEscalate,
+  protectPaymentRelease: () => protectPaymentRelease,
+  protectShadow: () => protectShadow,
+  protectToolCall: () => protectToolCall,
+  protectWithEvidence: () => protectWithEvidence,
+  redactContext: () => redactContext,
+  reportProtectedAction: () => reportProtectedAction,
+  reportShadowEvent: () => reportShadowEvent,
+  requestOverride: () => requestOverride,
   requirePermit: () => requirePermit,
   scoreToRiskTier: () => scoreToRiskTier,
   serializeSignableContent: () => serializeSignableContent,
@@ -122,12 +152,15 @@ __export(index_exports, {
   summarizeCrossOrgPermission: () => summarizeCrossOrgPermission,
   transitionDispute: () => transitionDispute,
   transitionReversal: () => transitionReversal,
+  validateActionContext: () => validateActionContext,
   validateLiabilityChain: () => validateLiabilityChain,
   verifyAuditBundle: () => verifyAuditBundle,
   verifyBundle: () => verifyBundle,
+  verifyClaimEvidenceLink: () => verifyClaimEvidenceLink,
   verifyEvidenceBundleStructure: () => verifyEvidenceBundleStructure,
   verifyWebhook: () => verifyWebhook,
   verifyWebhookSignature: () => verifyWebhookSignature,
+  waitForEscalationApproval: () => waitForEscalationApproval,
   withPermit: () => withPermit,
   withinAutonomousCeiling: () => withinAutonomousCeiling
 });
@@ -298,9 +331,8 @@ function normalizeEvaluateRequest(input) {
       action_type: legacy.action,
       actor_id: legacy.agent
     };
-    if (legacy.context !== void 0) {
-      normalized.context = legacy.context;
-    }
+    if (legacy.context !== void 0) normalized.context = legacy.context;
+    if (legacy.explain !== void 0) normalized.explain = legacy.explain;
     return normalized;
   }
   return input;
@@ -488,6 +520,7 @@ var AtlaSentClient = class {
       actor_id: normalized.actor_id,
       context: normalized.context ?? {}
     };
+    if (normalized.explain !== void 0) body.explain = normalized.explain;
     const { body: wire, rateLimit } = await this.post(
       "/v1-evaluate",
       body
@@ -524,9 +557,211 @@ var AtlaSentClient = class {
       reason,
       auditHash: wire.audit_hash ?? "",
       timestamp: wire.timestamp ?? "",
+      rateLimit,
+      ...wire.risk_envelope && {
+        riskEnvelope: {
+          weightedScore: wire.risk_envelope.weighted_score,
+          engineDecision: wire.risk_envelope.engine_decision,
+          envelopeDecision: wire.risk_envelope.envelope_decision,
+          promoted: wire.risk_envelope.promoted,
+          hardBlocks: wire.risk_envelope.hard_blocks ?? [],
+          ...wire.risk_envelope.factors && { factors: wire.risk_envelope.factors }
+        }
+      }
+    };
+  }
+  /**
+   * Batch evaluate — send up to 100 decisions in a single round-trip.
+   *
+   * Wraps `POST /v1-evaluate-batch`. The server evaluates each item
+   * against the active policy bundle and returns results in the same
+   * order as the input. One rate-limit token is consumed for the
+   * whole batch, and one audit-chain entry lists every included
+   * decision id.
+   *
+   * A per-item policy `deny` is **not** thrown — it appears as
+   * `item.decision === "deny"` in the returned items. A whole-batch
+   * network error, 4xx, or 5xx throws {@link AtlaSentError}.
+   *
+   * Requires the `v2_batch` tenant feature flag to be enabled on the
+   * org (returns 404 when off). Requires scope `evaluate:write`.
+   *
+   * @param requests - 1–100 evaluate items.
+   * @param batchId  - Optional caller-supplied UUID for idempotency.
+   *   A retried call with the same `batchId` and identical items
+   *   returns the cached response within 24 h (`replayed: true`).
+   */
+  async evaluateBatch(requests, batchId) {
+    if (!Array.isArray(requests) || requests.length === 0) {
+      throw new AtlaSentError(
+        "evaluateBatch: requests must be a non-empty array",
+        { code: "bad_request" }
+      );
+    }
+    if (requests.length > 100) {
+      throw new AtlaSentError(
+        `evaluateBatch: requests.length ${requests.length} exceeds the 100-item cap`,
+        { code: "bad_request" }
+      );
+    }
+    const wireItems = requests.map((r) => ({
+      action_type: r.action,
+      actor_id: r.agent,
+      context: r.context ?? {}
+    }));
+    const wireBody = { items: wireItems };
+    if (batchId) wireBody.batch_id = batchId;
+    const { body: wire, rateLimit } = await this.post(
+      "/v1-evaluate-batch",
+      wireBody
+    );
+    const items = (wire.items ?? []).map(
+      (item) => {
+        const rawDecision = typeof item.decision === "string" ? item.decision.toLowerCase() : void 0;
+        const decision = rawDecision === "allow" || rawDecision === "deny" || rawDecision === "hold" || rawDecision === "escalate" ? rawDecision : void 0;
+        return {
+          index: item.index,
+          ...decision !== void 0 ? { decision } : {},
+          ...item.decision_id ? { decisionId: item.decision_id } : {},
+          ...item.permit_token != null ? { permitToken: item.permit_token } : {},
+          ...item.reason != null ? { reason: item.reason } : {},
+          ...item.audit_entry_hash ? { auditHash: item.audit_entry_hash } : {},
+          ...item.timestamp ? { timestamp: item.timestamp } : {},
+          ...item.error ? { error: item.error } : {},
+          ...item.message ? { message: item.message } : {}
+        };
+      }
+    );
+    return {
+      batchId: wire.batch_id,
+      items,
+      partial: wire.partial ?? false,
+      ...wire.replayed ? { replayed: wire.replayed } : {},
       rateLimit
     };
   }
+  /**
+   * Subscribe to a live stream of decisions for this org.
+   *
+   * Wraps `GET /v1-decisions-stream`. The server emits one SSE frame
+   * per audit event and sends a heartbeat every 15 s. The session
+   * auto-closes after `maxSeconds` (default 30 min); reconnect with
+   * the last received `event.id` to resume without replaying history.
+   *
+   * ```ts
+   * const controller = new AbortController();
+   * for await (const event of client.subscribeDecisions({ signal: controller.signal })) {
+   *   if (event.type === "heartbeat") continue;
+   *   console.log(event.type, event.decision, event.actorId);
+   *   if (event.type === "session_end") break; // reconnect
+   * }
+   * ```
+   *
+   * Requires scope `audit:read`. Requires the `v2_decisions_stream`
+   * tenant feature flag (returns 404 when off).
+   */
+  async *subscribeDecisions(opts = {}) {
+    const url = new URL(`${this.baseUrl}/v1-decisions-stream`);
+    if (opts.types?.length) url.searchParams.set("types", opts.types.join(","));
+    if (opts.actorId) url.searchParams.set("actor_id", opts.actorId);
+    if (opts.maxSeconds !== void 0) url.searchParams.set("max_seconds", String(opts.maxSeconds));
+    const headers = {
+      Accept: "text/event-stream",
+      Authorization: `Bearer ${this.apiKey}`,
+      "User-Agent": this.userAgent,
+      // ADR-025: declare the wire-protocol version we were built
+      // against. Runtime serves this version's response shape; older
+      // versions outside the compatibility window get 426.
+      "X-AtlaSent-Protocol-Version": "1"
+    };
+    if (opts.lastEventId) headers["Last-Event-ID"] = opts.lastEventId;
+    let response;
+    try {
+      response = await this.fetchImpl(url.toString(), {
+        method: "GET",
+        headers,
+        ...opts.signal ? { signal: opts.signal } : {}
+      });
+    } catch (err) {
+      if (err instanceof Error && err.name === "AbortError") return;
+      throw new AtlaSentError(
+        `Failed to connect to decisions stream: ${err instanceof Error ? err.message : String(err)}`,
+        { code: "network" }
+      );
+    }
+    if (!response.ok) {
+      const code = response.status === 401 ? "invalid_api_key" : "server_error";
+      throw new AtlaSentError(
+        `Decisions stream returned ${response.status}`,
+        { code, status: response.status }
+      );
+    }
+    if (!response.body) {
+      throw new AtlaSentError("Decisions stream response has no body", { code: "bad_response" });
+    }
+    const reader = response.body.getReader();
+    const decoder = new TextDecoder("utf-8");
+    let buf = "";
+    try {
+      while (true) {
+        let chunk;
+        try {
+          chunk = await reader.read();
+        } catch (err) {
+          if (err instanceof Error && err.name === "AbortError") return;
+          throw new AtlaSentError(
+            `Decisions stream read error: ${err instanceof Error ? err.message : String(err)}`,
+            { code: "network" }
+          );
+        }
+        if (chunk.done) break;
+        buf += decoder.decode(chunk.value, { stream: true });
+        const rawBlocks = buf.split("\n\n");
+        buf = rawBlocks.pop() ?? "";
+        for (const block of rawBlocks) {
+          if (!block.trim()) continue;
+          if (block.trimStart().startsWith(":")) {
+            yield { type: "heartbeat" };
+            continue;
+          }
+          let id;
+          let eventType = "audit_event";
+          let dataLine = "";
+          for (const line of block.split("\n")) {
+            if (line.startsWith("id:")) id = line.slice(3).trim();
+            else if (line.startsWith("event:")) eventType = line.slice(6).trim();
+            else if (line.startsWith("data:")) dataLine = line.slice(5).trim();
+          }
+          if (!dataLine) continue;
+          let parsed;
+          try {
+            parsed = JSON.parse(dataLine);
+          } catch {
+            continue;
+          }
+          if (eventType === "session_end") {
+            yield { ...id !== void 0 ? { id } : {}, type: "session_end", payload: parsed };
+            return;
+          }
+          const decision = typeof parsed.decision === "string" ? parsed.decision.toLowerCase() : void 0;
+          yield {
+            ...id !== void 0 ? { id } : {},
+            type: eventType,
+            ...decision ? { decision } : {},
+            ...typeof parsed.actor_id === "string" ? { actorId: parsed.actor_id } : {},
+            ...typeof parsed.resource_type === "string" ? { resourceType: parsed.resource_type } : {},
+            ...typeof parsed.resource_id === "string" ? { resourceId: parsed.resource_id } : {},
+            ...parsed.payload && typeof parsed.payload === "object" ? { payload: parsed.payload } : {},
+            ...typeof parsed.hash === "string" ? { hash: parsed.hash } : {},
+            ...typeof parsed.previous_hash === "string" ? { previousHash: parsed.previous_hash } : {},
+            ...typeof parsed.occurred_at === "string" ? { occurredAt: parsed.occurred_at } : {}
+          };
+        }
+      }
+    } finally {
+      reader.releaseLock();
+    }
+  }
   /**
    * Pre-flight evaluation that always returns the constraint trace.
    *
@@ -593,7 +828,17 @@ var AtlaSentClient = class {
       reason,
       auditHash: wire.audit_hash ?? "",
       timestamp: wire.timestamp ?? "",
-      rateLimit
+      rateLimit,
+      ...wire.risk_envelope && {
+        riskEnvelope: {
+          weightedScore: wire.risk_envelope.weighted_score,
+          engineDecision: wire.risk_envelope.engine_decision,
+          envelopeDecision: wire.risk_envelope.envelope_decision,
+          promoted: wire.risk_envelope.promoted,
+          hardBlocks: wire.risk_envelope.hard_blocks ?? [],
+          ...wire.risk_envelope.factors && { factors: wire.risk_envelope.factors }
+        }
+      }
     };
     let constraintTrace = null;
     if (wire.constraint_trace !== void 0 && wire.constraint_trace !== null && typeof wire.constraint_trace === "object") {
@@ -642,6 +887,7 @@ var AtlaSentClient = class {
       outcome: wire.outcome ?? "",
       permitHash: wire.permit_hash ?? "",
       timestamp: wire.timestamp ?? "",
+      expiresAt: wire.expires_at ?? null,
       rateLimit
     };
   }
@@ -963,6 +1209,151 @@ var AtlaSentClient = class {
     }
     return { ...wire, rateLimit };
   }
+  /**
+   * Re-evaluate a recorded decision against its originally-pinned policy
+   * bundle and engine version, and report whether the result agrees with
+   * what was recorded.
+   *
+   * Wraps `POST /v1-decisions-replay/:id/replay`. **Side-effect-free** — no
+   * audit chain row is written and no permit is issued (per ADR-016).
+   * Useful for compliance review, regression testing of bundle changes,
+   * and post-incident investigation.
+   *
+   * Outcomes encoded in the response:
+   * - `variance: "NONE"` — replay agrees with the original decision.
+   * - `variance: "DECISION_CHANGED"` — same envelope, same bundle, different
+   *   decision. Almost always indicates non-determinism in a rule
+   *   (e.g. wall-clock comparison) and warrants investigation.
+   * - `variance: "ENVELOPE_DRIFT"` — the recorded request envelope no longer
+   *   hashes to the recorded value. The replay short-circuits without
+   *   running the engine; `replay_decision` is absent. Treat as evidence
+   *   of substrate tamper or a recorder bug.
+   *
+   * Server-side 409 responses (replay refused because the engine version
+   * does not accept replay, or because no bundle was pinned) surface as
+   * `AtlaSentError` with `code: "replay_not_eligible"` — callers should
+   * treat them as expected for old / un-pinned decisions, not as bugs.
+   *
+   * Requires the `evaluate:write` API key scope.
+   *
+   * @param decisionId The UUID of the recorded decision to replay.
+   *                   Matches `execution_evaluations.request_id`.
+   *
+   * @example
+   * ```ts
+   * const result = await client.replayDecision("dec_abc123");
+   * if (result.variance === "DECISION_CHANGED") {
+   *   console.warn(
+   *     `Decision ${result.decision_id} changed on replay: ` +
+   *     `${result.original_decision} → ${result.replay_decision}`,
+   *   );
+   * }
+   * ```
+   */
+  async replayDecision(decisionId) {
+    if (typeof decisionId !== "string" || decisionId.length === 0) {
+      throw new AtlaSentError("decisionId is required", {
+        code: "bad_request"
+      });
+    }
+    const path = `/v1-decisions-replay/${encodeURIComponent(decisionId)}/replay`;
+    const { body: wire, rateLimit } = await this.post(
+      path,
+      {}
+    );
+    if (typeof wire.decision_id !== "string" || typeof wire.original_decision !== "string" || typeof wire.engine_version_kind !== "string" || typeof wire.accepts_replay !== "boolean" || typeof wire.variance !== "string" || typeof wire.envelope_verification !== "string" || typeof wire.replayed_at !== "string") {
+      throw new AtlaSentError(
+        "Malformed response from /v1-decisions-replay/:id/replay: missing required fields",
+        { code: "bad_response" }
+      );
+    }
+    return { ...wire, rateLimit };
+  }
+  /**
+   * ADR-015 Phase C — SDK-canonical replay runtime.
+   *
+   * Re-evaluates a recorded decision against its originally-pinned policy
+   * bundle and engine version via `POST /v1/decisions/:id/replay`.
+   * Side-effect-free server-side: no audit chain row is written and no
+   * permit is issued (ADR-016 `mode: "replay"` sentinel).
+   *
+   * Differences from {@link replayDecision} (the 2.7.0 raw-wire surface):
+   *
+   * | | `replayDecision()` | `replay()` |
+   * | --- | --- | --- |
+   * | Path | `/v1-decisions-replay/:id/replay` | `/v1/decisions/:id/replay` |
+   * | Variance | raw wire (`DECISION_CHANGED`) | SDK-canonical (`POLICY_DRIFT`) |
+   * | 409 handling | throws `AtlaSentError` | returns `ENGINE_DRIFT` / `BUNDLE_MISSING` |
+   * | Input shape | `decisionId: string` | `{ evaluationId }` |
+   *
+   * **Never throws on `409 replay_not_eligible`** — instead returns a
+   * `ReplayResponse` with `varianceKind: "ENGINE_DRIFT"` (engine retired
+   * beyond archival window) or `"BUNDLE_MISSING"` (no bundle pinned on
+   * the original evaluation). Callers can always `switch` on
+   * `result.varianceKind` without a try/catch.
+   *
+   * Fix-forward note: this method was originally landed in PR #275 but
+   * dropped from the squash merge. The TS types (`ReplayResponse`,
+   * `ReplayRequest`) and CHANGELOG made it through; the method itself
+   * did not. Restored here to match the Python {@link
+   * AtlaSentClient}.replay() that landed in atlasent-sdk@2.6.0 (Python).
+   */
+  async replay(input) {
+    if (!input || typeof input.evaluationId !== "string" || input.evaluationId.length === 0) {
+      throw new AtlaSentError("evaluationId is required", {
+        code: "bad_request"
+      });
+    }
+    const path = `/v1/decisions/${encodeURIComponent(input.evaluationId)}/replay`;
+    let wire;
+    let rateLimit;
+    try {
+      const result = await this.post(path, {});
+      wire = result.body;
+      rateLimit = result.rateLimit;
+    } catch (err) {
+      if (err instanceof AtlaSentError && err.status === 409) {
+        const msg = (err.message ?? "").toLowerCase();
+        const varianceKind2 = msg.includes("bundle") ? "BUNDLE_MISSING" : "ENGINE_DRIFT";
+        return {
+          decisionId: input.evaluationId,
+          varianceKind: varianceKind2,
+          originalDecision: "deny",
+          acceptsReplay: false,
+          replayedAt: (/* @__PURE__ */ new Date()).toISOString(),
+          rateLimit: null
+        };
+      }
+      throw err;
+    }
+    const VARIANCE_MAP = {
+      NONE: "NONE",
+      DECISION_CHANGED: "POLICY_DRIFT",
+      ENVELOPE_DRIFT: "ENVELOPE_DRIFT",
+      CHAIN_TAMPER: "CHAIN_TAMPER",
+      BUNDLE_MISSING: "BUNDLE_MISSING",
+      ENGINE_DRIFT: "ENGINE_DRIFT"
+    };
+    const rawVariance = typeof wire.variance === "string" ? wire.variance : "";
+    const varianceKind = VARIANCE_MAP[rawVariance] ?? "NONE";
+    const replayDec = typeof wire.replay_decision === "string" ? wire.replay_decision.toLowerCase() : void 0;
+    const originalDec = typeof wire.original_decision === "string" ? wire.original_decision.toLowerCase() : "deny";
+    const response = {
+      decisionId: typeof wire.decision_id === "string" ? wire.decision_id : input.evaluationId,
+      varianceKind,
+      originalDecision: originalDec,
+      acceptsReplay: typeof wire.accepts_replay === "boolean" ? wire.accepts_replay : true,
+      replayedAt: typeof wire.replayed_at === "string" ? wire.replayed_at : (/* @__PURE__ */ new Date()).toISOString(),
+      rateLimit
+    };
+    if (typeof wire.original_deny_code === "string") response.originalDenyCode = wire.original_deny_code;
+    if (replayDec !== void 0) response.replayedDecision = replayDec;
+    if (typeof wire.replay_deny_code === "string") response.replayedDenyCode = wire.replay_deny_code;
+    if (typeof wire.engine_version === "string") response.engineVersion = wire.engine_version;
+    if (typeof wire.engine_version_kind === "string") response.engineVersionKind = wire.engine_version_kind;
+    if (typeof wire.envelope_verification === "string") response.envelopeVerification = wire.envelope_verification;
+    return response;
+  }
   /**
    * Open a streaming evaluation session against `POST /v1-evaluate-stream`.
    *
@@ -1011,6 +1402,8 @@ var AtlaSentClient = class {
         "Content-Type": "application/json",
         Authorization: `Bearer ${this.apiKey}`,
         "User-Agent": this.userAgent,
+        // ADR-025: wire-protocol version declared on every request.
+        "X-AtlaSent-Protocol-Version": "1",
         "X-Request-ID": requestId
       };
       if (lastEventId !== void 0) {
@@ -1098,7 +1491,9 @@ var AtlaSentClient = class {
       Accept: "application/json",
       Authorization: `Bearer ${this.apiKey}`,
       "User-Agent": this.userAgent,
-      "X-Request-ID": requestId
+      "X-Request-ID": requestId,
+      // ADR-025: wire-protocol version declared on every request.
+      "X-AtlaSent-Protocol-Version": "1"
     };
     if (method === "POST") headers["Content-Type"] = "application/json";
     const bodyStr = method === "POST" ? JSON.stringify(body) : void 0;
@@ -1714,6 +2109,69 @@ var AtlaSentClient = class {
     );
     return body;
   }
+  // ── Constrained governance agents (read surface) ──────────────────────────
+  //
+  // Three GETs onto the v1-governance-agents edge function. Doctrine:
+  // findings produced by these endpoints are advisory signal, never
+  // authority. There is no `runGovernanceAgent` method on this client —
+  // invocation belongs in CI (atlasent-action `governance-agents` mode),
+  // not in application code.
+  /**
+   * List the advisory governance-agent registry for the calling org.
+   *
+   * Calls `GET /v1/governance/agents`. The registry is reference data
+   * seeded at runtime-DB migration time; every row has
+   * `authority_class = "advisory"` and `can_authorize = false` —
+   * structural invariants enforced by the schema, not policy.
+   */
+  async listGovernanceAgents() {
+    const { body } = await this.get(
+      "/v1/governance/agents"
+    );
+    return [...body.agents ?? []];
+  }
+  /**
+   * List advisory findings emitted against one governed change.
+   *
+   * Calls `GET /v1/governance/findings?change_id=…[&agent_slug=…]`.
+   * Returns the typed-finding rows in `created_at DESC` order, including
+   * `routed_gate_id` when the finding→gate trigger linked them. Findings
+   * with `can_authorize === false` (always) are advisory; rendering them
+   * never satisfies a gate.
+   */
+  async listGovernanceFindings(query) {
+    if (!query?.change_id) {
+      throw new AtlaSentError("change_id is required", { code: "bad_request" });
+    }
+    const params = new URLSearchParams({ change_id: query.change_id });
+    if (query.agent_slug) params.set("agent_slug", query.agent_slug);
+    const { body } = await this.get(
+      "/v1/governance/findings",
+      params
+    );
+    return [...body.findings ?? []];
+  }
+  /**
+   * List agent run records against one governed change.
+   *
+   * Calls `GET /v1/governance/evaluations?change_id=…[&agent_slug=…]`.
+   * Returns every persisted evaluation, including `failed` / `timeout`
+   * runs and `completed` runs with zero findings — the latter is the
+   * positive signal "the agent ran and found nothing", which the UI
+   * surfaces as `clear`.
+   */
+  async listGovernanceEvaluations(query) {
+    if (!query?.change_id) {
+      throw new AtlaSentError("change_id is required", { code: "bad_request" });
+    }
+    const params = new URLSearchParams({ change_id: query.change_id });
+    if (query.agent_slug) params.set("agent_slug", query.agent_slug);
+    const { body } = await this.get(
+      "/v1/governance/evaluations",
+      params
+    );
+    return [...body.evaluations ?? []];
+  }
 };
 function parseRateLimitHeaders(headers) {
   const rawLimit = headers.get("x-ratelimit-limit");
@@ -2140,6 +2598,174 @@ async function verifyBundle(pathOrBundle, options) {
   return verifyAuditBundle(bundle, keys);
 }
 
+// src/evidenceEngine.ts
+function buildWhyTrace(decision, reasons, trace) {
+  if (!trace) {
+    return {
+      decision,
+      summary: formatSummary(decision, reasons, void 0, void 0),
+      policy_evaluations: [],
+      total_stages_evaluated: 0
+    };
+  }
+  const matchedPolicyId = typeof trace.matching_policy_id === "string" ? trace.matching_policy_id : void 0;
+  let terminalStage;
+  let totalStages = 0;
+  const policyEvaluations = (trace.rules_evaluated ?? []).map((policy) => {
+    const wasDecisive = matchedPolicyId === policy.policy_id;
+    let foundTerminal = false;
+    const stages = (policy.stages ?? []).map(
+      (s, idx) => {
+        totalStages++;
+        const isLast = idx === (policy.stages?.length ?? 1) - 1;
+        const candidateForTerminal = wasDecisive && !foundTerminal && (s.matched || isLast);
+        let impact = "passing";
+        if (candidateForTerminal) {
+          impact = "terminal";
+          foundTerminal = true;
+          terminalStage = {
+            stage: s.stage,
+            ...s.rule !== void 0 ? { rule: s.rule } : {},
+            matched: s.matched,
+            ...s.detail !== void 0 ? { detail: s.detail } : {},
+            impact: "terminal"
+          };
+        } else if (s.matched) {
+          impact = "contributing";
+        }
+        return {
+          stage: s.stage,
+          ...s.rule !== void 0 ? { rule: s.rule } : {},
+          matched: s.matched,
+          ...s.detail !== void 0 ? { detail: s.detail } : {},
+          impact
+        };
+      }
+    );
+    return {
+      policy_id: policy.policy_id,
+      decision: policy.decision,
+      fingerprint: policy.fingerprint,
+      ...policy.risk_score !== void 0 ? { risk_score: policy.risk_score } : {},
+      stages,
+      was_decisive: wasDecisive
+    };
+  });
+  return {
+    decision,
+    summary: formatSummary(decision, reasons, matchedPolicyId, terminalStage),
+    ...matchedPolicyId !== void 0 ? { matched_policy_id: matchedPolicyId } : {},
+    policy_evaluations: policyEvaluations,
+    ...terminalStage !== void 0 ? { terminal_stage: terminalStage } : {},
+    total_stages_evaluated: totalStages
+  };
+}
+function formatSummary(decision, reasons, matchedPolicyId, terminalStage) {
+  const reason0 = reasons.length > 0 ? reasons[0] : void 0;
+  switch (decision) {
+    case "allow":
+      return reason0 ? `Allowed: ${reason0}` : "Allowed: all policy checks passed.";
+    case "deny":
+      if (reason0) return `Denied: ${reason0}`;
+      if (terminalStage?.detail)
+        return `Denied at stage "${terminalStage.stage}": ${terminalStage.detail}`;
+      if (terminalStage)
+        return `Denied at stage "${terminalStage.stage}".`;
+      if (matchedPolicyId)
+        return `Denied by policy ${matchedPolicyId}.`;
+      return "Denied: policy check failed.";
+    case "hold":
+      return reason0 ? `Held for review: ${reason0}` : "Held pending human review.";
+    case "escalate":
+      return reason0 ? `Escalated: ${reason0}` : "Escalated to a human reviewer.";
+  }
+}
+function sortedJSON(val) {
+  if (val === null || val === void 0) return "null";
+  if (typeof val === "number")
+    return Number.isFinite(val) ? String(val) : "null";
+  if (typeof val === "boolean") return val ? "true" : "false";
+  if (typeof val === "string") return JSON.stringify(val);
+  if (Array.isArray(val)) return "[" + val.map(sortedJSON).join(",") + "]";
+  if (typeof val === "object") {
+    const obj = val;
+    return "{" + Object.keys(obj).sort().map((k) => JSON.stringify(k) + ":" + sortedJSON(obj[k])).join(",") + "}";
+  }
+  return "null";
+}
+function hexEncode(bytes) {
+  return Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+async function sha256Hex2(input) {
+  const bytes = new TextEncoder().encode(input);
+  if (typeof globalThis !== "undefined" && globalThis.crypto?.subtle?.digest) {
+    const buf = await globalThis.crypto.subtle.digest("SHA-256", bytes);
+    return hexEncode(new Uint8Array(buf));
+  }
+  try {
+    const { createHash } = await import(
+      /* @vite-ignore */
+      /* webpackIgnore: true */
+      "crypto"
+    );
+    return createHash("sha256").update(input, "utf8").digest("hex");
+  } catch {
+    return "";
+  }
+}
+async function computeContextHash(context) {
+  return sha256Hex2(sortedJSON(context));
+}
+function buildDecisionReceiptPayload(args) {
+  return {
+    receipt_id: args.receipt_id,
+    evaluation_id: args.evaluation_id,
+    org_id: args.org_id,
+    decision: args.decision,
+    action: args.action,
+    actor: args.actor,
+    resource_type: args.resource_type ?? null,
+    resource_id: args.resource_id ?? null,
+    reasons: Array.from(args.reasons),
+    why_summary: args.why_summary,
+    permit_id: args.permit_id ?? null,
+    permit_hash: args.permit_hash ?? null,
+    audit_hash: args.audit_hash,
+    context_hash: args.context_hash,
+    issued_at: args.issued_at,
+    expires_at: args.expires_at ?? null
+  };
+}
+function receiptSigningInput(payload) {
+  return payload.receipt_id + "\n" + payload.issued_at + "\n" + JSON.stringify(payload);
+}
+async function signDecisionReceiptHmac(payload, secret) {
+  const input = receiptSigningInput(payload);
+  const keyBytes = new TextEncoder().encode(secret);
+  const msgBytes = new TextEncoder().encode(input);
+  if (typeof globalThis !== "undefined" && globalThis.crypto?.subtle) {
+    const key = await globalThis.crypto.subtle.importKey(
+      "raw",
+      keyBytes,
+      { name: "HMAC", hash: "SHA-256" },
+      false,
+      ["sign"]
+    );
+    const sig = await globalThis.crypto.subtle.sign("HMAC", key, msgBytes);
+    return hexEncode(new Uint8Array(sig));
+  }
+  try {
+    const { createHmac: createHmac2 } = await import(
+      /* @vite-ignore */
+      /* webpackIgnore: true */
+      "crypto"
+    );
+    return createHmac2("sha256", secret).update(input).digest("hex");
+  } catch {
+    return "";
+  }
+}
+
 // src/protect.ts
 var sharedClient = null;
 var overrides = {};
@@ -2170,6 +2796,7 @@ function getClient() {
   sharedClient = new AtlaSentClient(options);
   return sharedClient;
 }
+var ACTION_TYPE_RE = /^[a-z][a-z0-9_]*(\.[a-z][a-z0-9_]*)+$/;
 function wireDecisionToDenied(serverDecision) {
   const lower = serverDecision.toLowerCase();
   if (lower === "hold" || lower === "escalate") return lower;
@@ -2207,7 +2834,19 @@ async function computeExecutionHash(payload) {
     return "";
   }
 }
+function generateReceiptId() {
+  if (typeof globalThis !== "undefined" && typeof globalThis.crypto?.randomUUID === "function") {
+    return globalThis.crypto.randomUUID();
+  }
+  return `rcpt_${Date.now().toString(36)}_${Math.random().toString(36).slice(2, 10)}`;
+}
 async function protect(request) {
+  if (!ACTION_TYPE_RE.test(request.action)) {
+    throw new AtlaSentError(
+      `action must be in dot-notation format (e.g. "production.deploy"). Got: ${JSON.stringify(request.action)}`,
+      { code: "bad_request" }
+    );
+  }
   const client = getClient();
   const evaluation = await client.evaluate(request);
   if (evaluation.decision !== "allow") {
@@ -2218,12 +2857,71 @@ async function protect(request) {
       auditHash: evaluation.auditHash
     });
   }
-  const environment = request.context?.environment ?? (() => {
-    console.warn(
-      "[atlasent] environment not set on evaluate request \u2014 defaulting to 'production'. Set context.environment explicitly to suppress."
+  const environment = request.context?.environment;
+  if (!environment) {
+    throw new AtlaSentError(
+      'context.environment is required. Pass the environment where this action executes (e.g. "production", "staging").',
+      { code: "bad_request" }
+    );
+  }
+  const evaluatePayload = {
+    action_type: request.action,
+    actor_id: request.agent,
+    context: request.context ?? {}
+  };
+  const execution_hash = await computeExecutionHash(evaluatePayload);
+  const verifyRequest = {
+    permitId: evaluation.permitId,
+    agent: request.agent,
+    action: request.action,
+    environment,
+    ...execution_hash ? { execution_hash } : {}
+  };
+  if (request.context !== void 0) verifyRequest.context = request.context;
+  const verification = await client.verifyPermit(verifyRequest);
+  if (!verification.verified) {
+    const outcome = normalizePermitOutcome(verification.outcome);
+    throw new AtlaSentDeniedError({
+      decision: "deny",
+      evaluationId: evaluation.permitId,
+      reason: `Permit failed verification (${verification.outcome})`,
+      auditHash: evaluation.auditHash,
+      ...outcome !== void 0 && { outcome }
+    });
+  }
+  return {
+    permitId: evaluation.permitId,
+    permitHash: verification.permitHash,
+    auditHash: evaluation.auditHash,
+    reason: evaluation.reason,
+    timestamp: verification.timestamp,
+    permitExpiresAt: verification.expiresAt ?? null
+  };
+}
+async function protectWithEvidence(request, opts = {}) {
+  if (!ACTION_TYPE_RE.test(request.action)) {
+    throw new AtlaSentError(
+      `action must be in dot-notation format (e.g. "production.deploy"). Got: ${JSON.stringify(request.action)}`,
+      { code: "bad_request" }
+    );
+  }
+  const client = getClient();
+  const evaluation = await client.evaluate(request);
+  if (evaluation.decision !== "allow") {
+    throw new AtlaSentDeniedError({
+      decision: wireDecisionToDenied(evaluation.decision),
+      evaluationId: evaluation.permitId,
+      reason: evaluation.reason,
+      auditHash: evaluation.auditHash
+    });
+  }
+  const environment = request.context?.environment;
+  if (!environment) {
+    throw new AtlaSentError(
+      'context.environment is required. Pass the environment where this action executes (e.g. "production", "staging").',
+      { code: "bad_request" }
     );
-    return "production";
-  })();
+  }
   const evaluatePayload = {
     action_type: request.action,
     actor_id: request.agent,
@@ -2249,12 +2947,68 @@ async function protect(request) {
       ...outcome !== void 0 && { outcome }
     });
   }
+  const contextHash = await computeContextHash(request.context ?? {});
+  const whyTrace = buildWhyTrace(
+    "allow",
+    evaluation.reasons,
+    opts.constraintTrace ?? null
+  );
+  const issuedAt = (/* @__PURE__ */ new Date()).toISOString();
+  const receiptId = generateReceiptId();
+  const orgId = evaluation.permit?.orgId ?? "";
+  const payload = buildDecisionReceiptPayload({
+    receipt_id: receiptId,
+    evaluation_id: evaluation.evaluationId,
+    org_id: orgId,
+    decision: "allow",
+    action: request.action,
+    actor: request.agent,
+    resource_type: request.context?.resource_type ?? null,
+    resource_id: request.context?.resource_id ?? null,
+    reasons: evaluation.reasons,
+    why_summary: whyTrace.summary,
+    permit_id: evaluation.permitId,
+    permit_hash: verification.permitHash,
+    audit_hash: evaluation.auditHash,
+    context_hash: contextHash,
+    issued_at: issuedAt
+  });
+  let signature = null;
+  let algorithm = "none";
+  if (opts.signingSecret) {
+    signature = await signDecisionReceiptHmac(payload, opts.signingSecret);
+    algorithm = "hmac-sha256";
+  }
+  const receipt = {
+    receipt_id: receiptId,
+    evaluation_id: evaluation.evaluationId,
+    org_id: orgId,
+    decision: "allow",
+    action: request.action,
+    actor: request.agent,
+    resource_type: request.context?.resource_type ?? null,
+    resource_id: request.context?.resource_id ?? null,
+    reasons: evaluation.reasons,
+    why_trace: opts.constraintTrace !== void 0 ? whyTrace : null,
+    permit_id: evaluation.permitId,
+    permit_hash: verification.permitHash,
+    audit_hash: evaluation.auditHash,
+    context_hash: contextHash,
+    issued_at: issuedAt,
+    expires_at: null,
+    algorithm,
+    signature,
+    signing_key_id: opts.signingKeyId ?? null,
+    payload
+  };
   return {
     permitId: evaluation.permitId,
     permitHash: verification.permitHash,
     auditHash: evaluation.auditHash,
     reason: evaluation.reason,
-    timestamp: verification.timestamp
+    timestamp: verification.timestamp,
+    permitExpiresAt: verification.expiresAt ?? null,
+    receipt
   };
 }
 
@@ -3160,8 +3914,8 @@ async function _hmacSha256Hex(payload, secret) {
     const sig = await crypto.subtle.sign("HMAC", key, enc.encode(payload));
     return Array.from(new Uint8Array(sig)).map((b) => b.toString(16).padStart(2, "0")).join("");
   }
-  const { createHmac } = await import("crypto");
-  return createHmac("sha256", secret).update(payload).digest("hex");
+  const { createHmac: createHmac2 } = await import("crypto");
+  return createHmac2("sha256", secret).update(payload).digest("hex");
 }
 async function verifyWebhook(payload, signature, secret) {
   try {
@@ -3559,6 +4313,1391 @@ async function safeJson(response, path, requestId) {
   }
 }
 
+// src/approvalRuntime.ts
+var _runtimeConfig = {};
+function configureApprovalRuntime(config) {
+  _runtimeConfig = { ..._runtimeConfig, ...config };
+}
+function resolveConfig(overrides2) {
+  const apiKey = overrides2?.apiKey ?? _runtimeConfig.apiKey ?? (typeof process !== "undefined" && process.env ? process.env["ATLASENT_API_KEY"] : void 0);
+  if (!apiKey) {
+    throw new AtlaSentError(
+      "ApprovalRuntime: no API key configured. Set ATLASENT_API_KEY or call configureApprovalRuntime({ apiKey }).",
+      { code: "invalid_api_key" }
+    );
+  }
+  return {
+    apiKey,
+    baseUrl: overrides2?.baseUrl ?? _runtimeConfig.baseUrl ?? "https://api.atlasent.io",
+    requestTimeoutMs: _runtimeConfig.timeoutMs ?? 3e4
+  };
+}
+async function apiPost(path, body, cfg) {
+  const url = `${cfg.baseUrl}${path}`;
+  let resp;
+  try {
+    resp = await fetch(url, {
+      method: "POST",
+      headers: {
+        Accept: "application/json",
+        Authorization: `Bearer ${cfg.apiKey}`,
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify(body),
+      signal: AbortSignal.timeout(cfg.requestTimeoutMs)
+    });
+  } catch (err) {
+    throw new AtlaSentError(
+      `ApprovalRuntime: network error calling ${path}`,
+      { code: "network", cause: err }
+    );
+  }
+  if (!resp.ok) {
+    const text = await resp.text().catch(() => "");
+    const code = resp.status === 401 ? "invalid_api_key" : resp.status === 403 ? "forbidden" : resp.status === 429 ? "rate_limited" : "server_error";
+    throw new AtlaSentError(
+      `ApprovalRuntime: API error ${resp.status} at ${path}: ${text.slice(0, 200)}`,
+      { code, status: resp.status }
+    );
+  }
+  return resp.json();
+}
+async function apiGet(path, cfg) {
+  const url = `${cfg.baseUrl}${path}`;
+  let resp;
+  try {
+    resp = await fetch(url, {
+      method: "GET",
+      headers: {
+        Accept: "application/json",
+        Authorization: `Bearer ${cfg.apiKey}`
+      },
+      signal: AbortSignal.timeout(cfg.requestTimeoutMs)
+    });
+  } catch (err) {
+    throw new AtlaSentError(
+      `ApprovalRuntime: network error calling ${path}`,
+      { code: "network", cause: err }
+    );
+  }
+  if (!resp.ok) {
+    const text = await resp.text().catch(() => "");
+    const code = resp.status === 401 ? "invalid_api_key" : resp.status === 403 ? "forbidden" : resp.status === 429 ? "rate_limited" : "server_error";
+    throw new AtlaSentError(
+      `ApprovalRuntime: API error ${resp.status} at ${path}: ${text.slice(0, 200)}`,
+      { code, status: resp.status }
+    );
+  }
+  return resp.json();
+}
+function sleep2(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+var EscalationDeniedError = class extends Error {
+  name = "EscalationDeniedError";
+  escalationId;
+  outcome;
+  constructor(outcome) {
+    super(
+      `Escalation ${outcome.escalation.id} was rejected` + (outcome.resolutionNote ? `: ${outcome.resolutionNote}` : "")
+    );
+    this.escalationId = outcome.escalation.id;
+    this.outcome = outcome;
+  }
+};
+var EscalationTimeoutError = class extends Error {
+  name = "EscalationTimeoutError";
+  escalationId;
+  outcome;
+  constructor(outcome) {
+    super(
+      `Escalation ${outcome.escalation.id} timed out waiting for approval`
+    );
+    this.escalationId = outcome.escalation.id;
+    this.outcome = outcome;
+  }
+};
+async function createEscalation(opts) {
+  const { apiKey, baseUrl, ...hitlBody } = opts;
+  const cfg = resolveConfig({
+    ...apiKey !== void 0 ? { apiKey } : {},
+    ...baseUrl !== void 0 ? { baseUrl } : {}
+  });
+  const body = {
+    agent_id: hitlBody.agent_id ?? "unknown",
+    escalation_reason: hitlBody.escalation_reason ?? "Policy hold \u2014 awaiting human approval",
+    ...hitlBody
+  };
+  const escalation = await apiPost("/v1/hitl", body, cfg);
+  return {
+    escalationId: escalation.id,
+    createdAt: escalation.created_at,
+    timeoutAt: escalation.timeout_at ?? null,
+    assignedToRole: escalation.assigned_to_role ?? null
+  };
+}
+async function waitForEscalationApproval(opts) {
+  const cfg = resolveConfig({
+    ...opts.apiKey !== void 0 ? { apiKey: opts.apiKey } : {},
+    ...opts.baseUrl !== void 0 ? { baseUrl: opts.baseUrl } : {}
+  });
+  const waitMs = opts.waitMs ?? 6e5;
+  const pollIntervalMs = Math.max(opts.pollIntervalMs ?? 5e3, 1e3);
+  const deadline = Date.now() + waitMs;
+  const toOutcome = (escalation2) => {
+    const terminal = escalation2.status === "approved" || escalation2.status === "rejected" || escalation2.status === "auto_approved" || escalation2.status === "timed_out";
+    if (!terminal) return null;
+    const status = escalation2.status === "approved" || escalation2.status === "auto_approved" ? "approved" : escalation2.status === "timed_out" ? "timed_out" : "rejected";
+    return {
+      status,
+      escalation: escalation2,
+      resolvedBy: escalation2.resolved_by ?? null,
+      resolutionNote: escalation2.resolution_note ?? null,
+      resolvedAt: escalation2.resolved_at ?? null
+    };
+  };
+  while (Date.now() < deadline) {
+    const escalation2 = await apiGet(
+      `/v1/escalations/${opts.escalationId}`,
+      cfg
+    );
+    const outcome2 = toOutcome(escalation2);
+    if (outcome2) return outcome2;
+    const remaining = deadline - Date.now();
+    if (remaining <= 0) break;
+    await sleep2(Math.min(pollIntervalMs, remaining));
+  }
+  const escalation = await apiGet(
+    `/v1/escalations/${opts.escalationId}`,
+    cfg
+  );
+  const outcome = toOutcome(escalation);
+  if (outcome) return outcome;
+  return {
+    status: "timed_out",
+    escalation,
+    resolvedBy: null,
+    resolutionNote: "Client-side wait timeout elapsed",
+    resolvedAt: null
+  };
+}
+async function protectOrEscalate(request, opts = {}) {
+  try {
+    const permit = await protect(request);
+    return {
+      ...permit,
+      escalationId: "",
+      resolvedBy: null,
+      resolutionNote: null,
+      resolvedAt: permit.timestamp,
+      approvalBasis: "direct_policy"
+    };
+  } catch (err) {
+    if (!(err instanceof AtlaSentDeniedError) || err.decision !== "hold" && err.decision !== "escalate") {
+      throw err;
+    }
+  }
+  const proposedAction = opts.proposedAction ?? request.context;
+  const handle = await createEscalation({
+    agent_id: opts.agentId ?? request.agent,
+    escalation_reason: opts.escalationReason ?? `Policy hold for "${request.action}" by "${request.agent}"`,
+    ...proposedAction !== void 0 ? { proposed_action: proposedAction } : {},
+    ...opts.riskScore !== void 0 ? { risk_score: opts.riskScore } : {},
+    ...opts.assignedToRole !== void 0 ? { assigned_to_role: opts.assignedToRole } : {},
+    ...opts.quorumRequired !== void 0 ? { quorum_required: opts.quorumRequired } : {},
+    ...opts.fallbackDecision !== void 0 ? { fallback_decision: opts.fallbackDecision } : {},
+    ...opts.timeoutAt !== void 0 ? { timeout_at: opts.timeoutAt } : {},
+    ...opts.metadata !== void 0 ? { metadata: opts.metadata } : {},
+    ...opts.apiKey !== void 0 ? { apiKey: opts.apiKey } : {},
+    ...opts.baseUrl !== void 0 ? { baseUrl: opts.baseUrl } : {}
+  });
+  opts.onEscalationCreated?.(handle);
+  const outcome = await waitForEscalationApproval({
+    escalationId: handle.escalationId,
+    ...opts.waitMs !== void 0 ? { waitMs: opts.waitMs } : {},
+    ...opts.pollIntervalMs !== void 0 ? { pollIntervalMs: opts.pollIntervalMs } : {},
+    ...opts.apiKey !== void 0 ? { apiKey: opts.apiKey } : {},
+    ...opts.baseUrl !== void 0 ? { baseUrl: opts.baseUrl } : {}
+  });
+  if (outcome.status === "rejected") throw new EscalationDeniedError(outcome);
+  if (outcome.status === "timed_out") throw new EscalationTimeoutError(outcome);
+  return {
+    permitId: `escl_${handle.escalationId}`,
+    permitHash: "",
+    auditHash: outcome.escalation.id,
+    reason: outcome.resolutionNote ?? "Approved by human reviewer",
+    timestamp: outcome.resolvedAt ?? (/* @__PURE__ */ new Date()).toISOString(),
+    permitExpiresAt: null,
+    escalationId: handle.escalationId,
+    resolvedBy: outcome.resolvedBy,
+    resolutionNote: outcome.resolutionNote,
+    resolvedAt: outcome.resolvedAt ?? (/* @__PURE__ */ new Date()).toISOString(),
+    approvalBasis: "human_approval"
+  };
+}
+async function requestOverride(opts) {
+  const cfg = resolveConfig({
+    ...opts.apiKey !== void 0 ? { apiKey: opts.apiKey } : {},
+    ...opts.baseUrl !== void 0 ? { baseUrl: opts.baseUrl } : {}
+  });
+  const body = {
+    reason: opts.reason,
+    evaluationId: opts.evaluationId,
+    ...opts.ttlSeconds !== void 0 && { ttlSeconds: opts.ttlSeconds },
+    ...opts.metadata !== void 0 && { metadata: opts.metadata }
+  };
+  return apiPost("/v1/overrides", body, cfg);
+}
+
+// src/actionContext.ts
+function buildActionContext(input) {
+  const env = typeof input.environment === "string" ? { name: input.environment } : input.environment;
+  const ctx = {
+    actor: input.actor,
+    ...input.resource !== void 0 && { resource: input.resource },
+    ...env !== void 0 && { environment: env },
+    ...input.action_meta !== void 0 && { action_meta: input.action_meta },
+    ...input.history !== void 0 && { history: input.history },
+    ...input.extra ?? {}
+  };
+  if (env?.name !== void 0) ctx.environment_name = env.name;
+  if (input.resource?.type !== void 0)
+    ctx.resource_type = input.resource.type;
+  if (input.resource?.id !== void 0) ctx.resource_id = input.resource.id;
+  return ctx;
+}
+function getNestedValue(obj, path) {
+  return path.split(".").reduce((cur, key) => {
+    if (cur !== null && typeof cur === "object") {
+      return cur[key];
+    }
+    return void 0;
+  }, obj);
+}
+function validateActionContext(ctx, opts = {}) {
+  const errors = [];
+  const warnings = [];
+  const ctxObj = ctx;
+  if (ctx.actor !== void 0) {
+    if (!ctx.actor.id || typeof ctx.actor.id !== "string") {
+      errors.push({
+        field: "actor.id",
+        code: "required",
+        message: "actor.id is required when actor is provided"
+      });
+    }
+  }
+  const hasEnvName = ctx.environment?.name !== void 0 || ctx.environment_name !== void 0;
+  if (!hasEnvName) {
+    warnings.push({
+      field: "environment.name",
+      code: "recommended",
+      message: "environment.name is not set; protect() will default to 'production' with a console warning"
+    });
+  }
+  if (!opts.skipCrossFieldChecks) {
+    const amount = ctx.action_meta?.estimated_amount;
+    if (typeof amount === "number" && amount > 0) {
+      if (!ctx.action_meta?.currency) {
+        errors.push({
+          field: "action_meta.currency",
+          code: "cross_field",
+          message: "action_meta.currency is required when action_meta.estimated_amount > 0"
+        });
+      } else if (!/^[A-Z]{3}$/.test(ctx.action_meta.currency)) {
+        errors.push({
+          field: "action_meta.currency",
+          code: "invalid_value",
+          message: `action_meta.currency '${ctx.action_meta.currency}' is not a valid ISO 4217 code (expected 3 uppercase letters)`
+        });
+      }
+    }
+  }
+  if (ctx.history?.last_action_at !== void 0) {
+    const ts = new Date(ctx.history.last_action_at);
+    if (isNaN(ts.getTime())) {
+      errors.push({
+        field: "history.last_action_at",
+        code: "invalid_type",
+        message: `history.last_action_at '${ctx.history.last_action_at}' is not a valid ISO-8601 timestamp`
+      });
+    }
+  }
+  const knownSensitivities = /* @__PURE__ */ new Set([
+    "public",
+    "internal",
+    "confidential",
+    "restricted"
+  ]);
+  if (ctx.resource?.sensitivity !== void 0 && !knownSensitivities.has(ctx.resource.sensitivity)) {
+    errors.push({
+      field: "resource.sensitivity",
+      code: "invalid_value",
+      message: `resource.sensitivity '${ctx.resource.sensitivity}' is not one of: public, internal, confidential, restricted`
+    });
+  }
+  for (const fieldPath of opts.requiredFields ?? []) {
+    const value = getNestedValue(ctxObj, fieldPath);
+    if (value === void 0 || value === null || value === "") {
+      errors.push({
+        field: fieldPath,
+        code: "required",
+        message: `${fieldPath} is required by the caller's validation rules`
+      });
+    }
+  }
+  return { valid: errors.length === 0, errors, warnings };
+}
+var DEFAULT_REDACTION_RULES = [
+  {
+    field: /password|passwd|passphrase/i,
+    mode: "remove"
+  },
+  {
+    field: /secret|private_key|client_secret|signing_secret/i,
+    mode: "remove"
+  },
+  {
+    field: /api_key|apikey|access_key|access_token/i,
+    mode: "remove"
+  },
+  {
+    field: /\btoken\b|auth_token|bearer/i,
+    mode: "mask"
+  },
+  {
+    field: /\bssn\b|social_security|tax_id|\bsin\b/i,
+    mode: "remove"
+  },
+  {
+    field: /credit_card|card_number|pan\b|cvv|cvc|expiry/i,
+    mode: "remove"
+  },
+  {
+    field: /\bemail\b/i,
+    mode: "mask"
+  },
+  {
+    field: /phone|mobile|cell\b/i,
+    mode: "mask"
+  },
+  {
+    field: /\bip\b|ip_address|remote_addr/i,
+    mode: "mask"
+  },
+  {
+    field: /dob|date_of_birth|birth_date|birthdate/i,
+    mode: "remove"
+  }
+];
+var MASK_PLACEHOLDER = "[REDACTED]";
+function matchesRule(key, rule) {
+  if (typeof rule.field === "string") {
+    return key.toLowerCase() === rule.field.toLowerCase();
+  }
+  return rule.field.test(key);
+}
+function redactValue(value, mode) {
+  if (mode === "remove") return void 0;
+  if (mode === "mask") return MASK_PLACEHOLDER;
+  return "[HASHED]";
+}
+function redactObject(obj, rules, currentPath) {
+  const result = {};
+  for (const [key, value] of Object.entries(obj)) {
+    const fieldPath = currentPath ? `${currentPath}.${key}` : key;
+    const matchingRule = rules.find(
+      (r) => matchesRule(key, r) && (r.path === void 0 || r.path === fieldPath)
+    );
+    if (matchingRule) {
+      const redacted = redactValue(value, matchingRule.mode);
+      if (redacted !== void 0) result[key] = redacted;
+    } else if (Array.isArray(value)) {
+      result[key] = value.map(
+        (item) => item !== null && typeof item === "object" && !Array.isArray(item) ? redactObject(item, rules, fieldPath) : item
+      );
+    } else if (value !== null && typeof value === "object") {
+      result[key] = redactObject(
+        value,
+        rules,
+        fieldPath
+      );
+    } else {
+      result[key] = value;
+    }
+  }
+  return result;
+}
+function redactContext(ctx, rules = DEFAULT_REDACTION_RULES) {
+  return redactObject(
+    ctx,
+    rules,
+    ""
+  );
+}
+function flattenActionContext(ctx) {
+  const flat = {};
+  for (const [key, value] of Object.entries(ctx)) {
+    flat[key] = value;
+  }
+  const envName = ctx.environment?.name ?? ctx.environment_name;
+  if (envName !== void 0) {
+    flat["environment_name"] = envName;
+  }
+  return flat;
+}
+
+// src/shadow.ts
+var _defaultConfig = {};
+function configureShadow(config) {
+  _defaultConfig = { ..._defaultConfig, ...config };
+}
+async function protectShadow(request, opts) {
+  const merged = { ..._defaultConfig, ...opts };
+  const mode = merged.mode ?? "observe";
+  if (mode === "enforce") {
+    const start2 = Date.now();
+    const permit = await protect(request);
+    const outcome = {
+      decision: "permit",
+      permit,
+      error: null,
+      would_have_blocked: false,
+      latencyMs: Date.now() - start2,
+      evaluationId: permit.permitId,
+      request,
+      mode
+    };
+    await _notify(outcome, merged);
+    return outcome;
+  }
+  const start = Date.now();
+  try {
+    const permit = await protect(request);
+    const outcome = {
+      decision: "permit",
+      permit,
+      error: null,
+      would_have_blocked: false,
+      latencyMs: Date.now() - start,
+      evaluationId: permit.permitId,
+      request,
+      mode
+    };
+    await _notify(outcome, merged);
+    if (merged.reportToApi) {
+      void reportShadowEvent(outcome, merged).catch(() => void 0);
+    }
+    return outcome;
+  } catch (err) {
+    if (err instanceof AtlaSentDeniedError) {
+      const outcome = {
+        decision: err.decision,
+        permit: null,
+        error: err,
+        would_have_blocked: true,
+        latencyMs: Date.now() - start,
+        evaluationId: err.evaluationId ?? null,
+        request,
+        mode
+      };
+      if (mode === "warn") {
+        console.warn(
+          `[AtlaSent shadow:warn] Action '${request.action}' would have been blocked (decision=${err.decision}, evaluationId=${err.evaluationId ?? "unknown"})`
+        );
+      }
+      await _notify(outcome, merged);
+      if (merged.reportToApi) {
+        void reportShadowEvent(outcome, merged).catch(() => void 0);
+      }
+      return outcome;
+    }
+    throw err;
+  }
+}
+async function _notify(outcome, config) {
+  if (config.onOutcome) {
+    try {
+      await config.onOutcome(outcome);
+    } catch {
+    }
+  }
+}
+async function reportShadowEvent(outcome, opts) {
+  const apiKey = opts?.apiKey ?? _defaultConfig.apiKey ?? process.env["ATLASENT_API_KEY"] ?? "";
+  const baseUrl = opts?.baseUrl ?? _defaultConfig.baseUrl ?? process.env["ATLASENT_BASE_URL"] ?? "https://api.atlasent.ai";
+  const payload = {
+    action: outcome.request.action,
+    agentId: outcome.request.agent ?? null,
+    decision: outcome.decision,
+    would_have_blocked: outcome.would_have_blocked,
+    latencyMs: outcome.latencyMs,
+    evaluationId: outcome.evaluationId,
+    mode: outcome.mode,
+    ...outcome.error ? { deniedReason: outcome.error.message } : {},
+    timestamp: (/* @__PURE__ */ new Date()).toISOString()
+  };
+  const response = await fetch(`${baseUrl}/v1/shadow-events`, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      Authorization: `Bearer ${apiKey}`
+    },
+    body: JSON.stringify(payload)
+  });
+  if (!response.ok && response.status >= 500) {
+    throw new Error(`Shadow event reporting failed: ${response.status}`);
+  }
+}
+
+// src/controlSurface.ts
+var _config = {};
+function configureControlSurface(config) {
+  _config = { ..._config, ...config };
+}
+function resolveConfig2(opts) {
+  return {
+    apiKey: opts?.apiKey ?? _config.apiKey ?? process.env["ATLASENT_API_KEY"] ?? "",
+    baseUrl: opts?.baseUrl ?? _config.baseUrl ?? process.env["ATLASENT_BASE_URL"] ?? "https://api.atlasent.ai",
+    timeoutMs: opts?.timeoutMs ?? _config.timeoutMs ?? 1e4
+  };
+}
+async function apiGet2(path, config) {
+  const controller = new AbortController();
+  const timer = setTimeout(() => controller.abort(), config.timeoutMs);
+  try {
+    const res = await fetch(`${config.baseUrl}${path}`, {
+      method: "GET",
+      headers: {
+        Authorization: `Bearer ${config.apiKey}`,
+        Accept: "application/json"
+      },
+      signal: controller.signal
+    });
+    if (!res.ok) {
+      throw new Error(`HTTP ${res.status}`);
+    }
+    return res.json();
+  } finally {
+    clearTimeout(timer);
+  }
+}
+async function apiPost2(path, body, config) {
+  const controller = new AbortController();
+  const timer = setTimeout(() => controller.abort(), config.timeoutMs);
+  try {
+    const res = await fetch(`${config.baseUrl}${path}`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: `Bearer ${config.apiKey}`
+      },
+      body: JSON.stringify(body),
+      signal: controller.signal
+    });
+    if (!res.ok) {
+      throw new Error(`HTTP ${res.status}`);
+    }
+    return res.json();
+  } finally {
+    clearTimeout(timer);
+  }
+}
+async function checkIntegrationHealth(opts) {
+  const config = resolveConfig2(opts);
+  const errors = [];
+  let apiReachable = false;
+  let authenticated = false;
+  let latencyMs = null;
+  let apiVersion = null;
+  if (!config.apiKey) {
+    errors.push("ATLASENT_API_KEY is not configured");
+  }
+  const start = Date.now();
+  try {
+    const data = await apiGet2("/v1/health", config);
+    latencyMs = Date.now() - start;
+    apiReachable = true;
+    apiVersion = data.version ?? null;
+    if (data.status === "ok" || data.status === "healthy") {
+      authenticated = true;
+    } else {
+      errors.push(`API health status: ${data.status ?? "unknown"}`);
+    }
+  } catch (err) {
+    latencyMs = Date.now() - start;
+    const message = err instanceof Error ? err.message : String(err);
+    if (message.includes("401") || message.includes("403")) {
+      apiReachable = true;
+      errors.push("API key is invalid or lacks required permissions");
+    } else {
+      errors.push(`API unreachable: ${message}`);
+    }
+  }
+  return {
+    healthy: apiReachable && authenticated && errors.length === 0,
+    apiReachable,
+    authenticated,
+    latencyMs,
+    apiVersion,
+    checkedAt: (/* @__PURE__ */ new Date()).toISOString(),
+    errors
+  };
+}
+async function reportProtectedAction(opts) {
+  const config = resolveConfig2(opts);
+  return apiPost2(
+    "/v1/control-surface/actions",
+    {
+      action_class: opts.actionClass,
+      enforcement_mode: opts.enforcementMode ?? "observe",
+      schema_id: opts.schemaId ?? null,
+      tags: opts.tags ?? []
+    },
+    config
+  );
+}
+async function getEnforcementStatus(opts) {
+  const config = resolveConfig2(opts);
+  return apiGet2(
+    `/v1/control-surface/actions/${encodeURIComponent(opts.actionClass)}/status`,
+    config
+  );
+}
+async function getOrgSummary(opts) {
+  const config = resolveConfig2(opts);
+  return apiGet2("/v1/control-surface/summary", config);
+}
+
+// src/verticals/deployGate.ts
+function resolveEnvActor() {
+  return process.env["GITHUB_ACTOR"] ?? process.env["GITLAB_USER_LOGIN"] ?? process.env["CIRCLE_USERNAME"] ?? process.env["BITBUCKET_STEP_TRIGGERER_UUID"] ?? void 0;
+}
+function resolveEnvSha() {
+  return process.env["GITHUB_SHA"] ?? process.env["CI_COMMIT_SHA"] ?? process.env["CIRCLE_SHA1"] ?? process.env["BITBUCKET_COMMIT"] ?? void 0;
+}
+function resolveEnvWorkflow() {
+  return process.env["GITHUB_WORKFLOW"] ?? process.env["CI_PIPELINE_NAME"] ?? process.env["CIRCLE_WORKFLOW_NAME"] ?? void 0;
+}
+async function protectDeploy(opts) {
+  const actorId = opts.actorId ?? resolveEnvActor() ?? "ci-system";
+  const sha = opts.sha ?? resolveEnvSha();
+  const workflow = opts.workflow ?? resolveEnvWorkflow();
+  const environment = opts.environment ?? "production";
+  const isProduction = environment === "production";
+  const ctx = buildActionContext({
+    actor: {
+      id: actorId,
+      type: "service_account",
+      ...opts.actorLabel !== void 0 ? { label: opts.actorLabel } : {}
+    },
+    resource: {
+      id: opts.service,
+      type: opts.resourceType ?? "service"
+    },
+    environment,
+    action_meta: {
+      risk_level: isProduction ? "critical" : "medium",
+      reversibility: "partial",
+      ...opts.description !== void 0 ? { description: opts.description } : sha !== void 0 ? { description: `Deploy ${sha.slice(0, 8)} to ${environment}` } : {}
+    },
+    extra: {
+      sha,
+      workflow
+    }
+  });
+  const request = {
+    action: "production.deploy",
+    agent: actorId,
+    context: flattenActionContext(ctx)
+  };
+  if (opts.requireApproval || isProduction) {
+    return protectOrEscalate(request, {
+      escalationReason: `Production deployment of ${opts.service} requires human approval`,
+      assignedToRole: opts.assignedToRole ?? "release-manager",
+      waitMs: opts.waitMs ?? 30 * 60 * 1e3,
+      ...opts.onEscalationCreated !== void 0 ? { onEscalationCreated: opts.onEscalationCreated } : {},
+      ...opts.apiKey !== void 0 ? { apiKey: opts.apiKey } : {},
+      ...opts.baseUrl !== void 0 ? { baseUrl: opts.baseUrl } : {}
+    });
+  }
+  return protect(request);
+}
+
+// src/verticals/closeGovernance.ts
+var ACTION_RISK = {
+  "period.close": "critical",
+  "period.reopen": "critical",
+  "reconciliation.lock": "high",
+  "data.export": "high"
+};
+var ACTION_REVERSIBILITY = {
+  "period.close": "partial",
+  "period.reopen": "partial",
+  "reconciliation.lock": "reversible",
+  "data.export": "irreversible"
+};
+async function protectCloseAction(opts) {
+  const ctx = buildActionContext({
+    actor: {
+      id: opts.closedBy,
+      type: "human",
+      trust_level: "medium"
+    },
+    resource: {
+      id: opts.entityId,
+      type: "accounting_entity",
+      sensitivity: opts.dataClassification ?? "confidential",
+      ...opts.entityName !== void 0 ? { name: opts.entityName } : {}
+    },
+    environment: "production",
+    action_meta: {
+      risk_level: ACTION_RISK[opts.action],
+      reversibility: ACTION_REVERSIBILITY[opts.action],
+      description: opts.description ?? `${opts.action} for period ${opts.periodLabel} on entity ${opts.entityId}`
+    },
+    extra: {
+      period_label: opts.periodLabel,
+      close_action: opts.action
+    }
+  });
+  return protectOrEscalate(
+    {
+      action: opts.action,
+      agent: opts.closedBy,
+      context: flattenActionContext(ctx)
+    },
+    {
+      escalationReason: `Accounting ${opts.action} for period '${opts.periodLabel}' requires approval`,
+      assignedToRole: opts.assignedToRole ?? "controller",
+      quorumRequired: opts.requireDualApproval ?? opts.action === "period.close" ? "simple_majority" : "single_approver",
+      waitMs: opts.waitMs ?? 24 * 60 * 60 * 1e3,
+      ...opts.onEscalationCreated !== void 0 ? { onEscalationCreated: opts.onEscalationCreated } : {},
+      ...opts.apiKey !== void 0 ? { apiKey: opts.apiKey } : {},
+      ...opts.baseUrl !== void 0 ? { baseUrl: opts.baseUrl } : {}
+    }
+  );
+}
+
+// src/verticals/paymentRelease.ts
+var ISO_4217 = /^[A-Z]{3}$/;
+async function protectPaymentRelease(opts) {
+  if (!ISO_4217.test(opts.currency)) {
+    throw new TypeError(
+      `Invalid currency code '${opts.currency}': must be a 3-letter ISO 4217 code (e.g. USD, EUR, GBP)`
+    );
+  }
+  if (opts.amount <= 0) {
+    throw new RangeError(`Payment amount must be greater than 0, got ${opts.amount}`);
+  }
+  const escalateThreshold = opts.autoEscalateAbove ?? 1e4;
+  const dualThreshold = opts.requireDualApprovalAbove ?? 1e5;
+  const needsEscalation = opts.amount > escalateThreshold;
+  const needsDual = opts.amount > dualThreshold;
+  const ctx = buildActionContext({
+    actor: {
+      id: opts.authorizedBy,
+      type: "human"
+    },
+    resource: {
+      id: opts.vendorId,
+      type: "vendor",
+      ...opts.vendorName !== void 0 ? { name: opts.vendorName } : {}
+    },
+    environment: "production",
+    action_meta: {
+      risk_level: opts.amount > dualThreshold ? "critical" : opts.amount > escalateThreshold ? "high" : "medium",
+      reversibility: "irreversible",
+      estimated_amount: opts.amount,
+      currency: opts.currency,
+      description: opts.description ?? `Release ${opts.currency} ${opts.amount.toLocaleString()} to ${opts.vendorName ?? opts.vendorId}`
+    },
+    extra: {
+      reference: opts.reference
+    }
+  });
+  const request = {
+    action: "payment.release",
+    agent: opts.authorizedBy,
+    context: flattenActionContext(ctx)
+  };
+  if (needsEscalation) {
+    return protectOrEscalate(request, {
+      escalationReason: `Payment of ${opts.currency} ${opts.amount.toLocaleString()} to ${opts.vendorName ?? opts.vendorId} exceeds auto-approval threshold of ${opts.currency} ${escalateThreshold.toLocaleString()}`,
+      assignedToRole: opts.assignedToRole ?? "finance-approver",
+      quorumRequired: needsDual ? "simple_majority" : "single_approver",
+      waitMs: opts.waitMs ?? 4 * 60 * 60 * 1e3,
+      ...opts.onEscalationCreated !== void 0 ? { onEscalationCreated: opts.onEscalationCreated } : {},
+      ...opts.apiKey !== void 0 ? { apiKey: opts.apiKey } : {},
+      ...opts.baseUrl !== void 0 ? { baseUrl: opts.baseUrl } : {}
+    });
+  }
+  return protect(request);
+}
+
+// src/verticals/agentTools.ts
+var HIGH_RISK_TOOLS = /* @__PURE__ */ new Set([
+  "bash",
+  "shell",
+  "exec",
+  "execute_code",
+  "run_command",
+  "write_file",
+  "delete_file",
+  "overwrite_file",
+  "sql_execute",
+  "db_write",
+  "db_delete",
+  "send_email",
+  "send_message",
+  "post_to_slack",
+  "create_pr",
+  "merge_pr",
+  "push_code",
+  "deploy",
+  "release",
+  "make_payment",
+  "transfer_funds",
+  "create_user",
+  "delete_user",
+  "modify_permissions",
+  "aws_cli",
+  "gcloud",
+  "kubectl"
+]);
+var CRITICAL_TOOLS = /* @__PURE__ */ new Set([
+  "bash",
+  "shell",
+  "exec",
+  "execute_code",
+  "run_command",
+  "delete_file",
+  "db_delete",
+  "make_payment",
+  "transfer_funds",
+  "delete_user",
+  "modify_permissions",
+  "deploy",
+  "release"
+]);
+function classifyToolRisk(toolName) {
+  const normalized = toolName.toLowerCase().replace(/[^a-z0-9_]/g, "_");
+  if (CRITICAL_TOOLS.has(normalized)) return "critical";
+  if (HIGH_RISK_TOOLS.has(normalized)) return "high";
+  if (normalized.includes("write") || normalized.includes("create") || normalized.includes("update")) return "medium";
+  return "low";
+}
+async function protectToolCall(opts) {
+  const inferredRisk = opts.riskLevel ?? classifyToolRisk(opts.toolName);
+  const mode = opts.mode ?? (inferredRisk === "low" ? "enforce" : "escalate");
+  const ctx = buildActionContext({
+    actor: {
+      id: opts.agentId,
+      type: "agent",
+      ...opts.sessionId !== void 0 ? { session_id: opts.sessionId } : {}
+    },
+    resource: {
+      type: "agent_tool",
+      id: opts.toolName
+    },
+    environment: "production",
+    action_meta: {
+      risk_level: inferredRisk,
+      reversibility: inferredRisk === "critical" || inferredRisk === "high" ? "irreversible" : "reversible",
+      description: opts.description ?? `Agent ${opts.agentId} calling tool '${opts.toolName}'`
+    },
+    extra: {
+      tool_args_keys: Object.keys(opts.toolArgs),
+      session_id: opts.sessionId
+    }
+  });
+  const request = {
+    action: `agent_tool.${opts.toolName}`,
+    agent: opts.agentId,
+    context: flattenActionContext(ctx)
+  };
+  if (mode === "observe") {
+    return protectShadow(request, { mode: "observe" });
+  }
+  if (mode === "escalate" || inferredRisk === "critical") {
+    return protectOrEscalate(request, {
+      escalationReason: `Agent '${opts.agentId}' is calling ${inferredRisk}-risk tool '${opts.toolName}'`,
+      assignedToRole: opts.assignedToRole ?? "agent-supervisor",
+      riskScore: inferredRisk === "critical" ? 1 : inferredRisk === "high" ? 0.75 : 0.5,
+      waitMs: opts.waitMs ?? 15 * 60 * 1e3,
+      ...opts.onEscalationCreated !== void 0 ? { onEscalationCreated: opts.onEscalationCreated } : {},
+      ...opts.apiKey !== void 0 ? { apiKey: opts.apiKey } : {},
+      ...opts.baseUrl !== void 0 ? { baseUrl: opts.baseUrl } : {}
+    });
+  }
+  return protect(request);
+}
+
+// src/claimLineage.ts
+var import_node_crypto2 = require("crypto");
+var NOT_APPLICABLE = { notApplicable: true };
+function isNotApplicable(v) {
+  return typeof v === "object" && v !== null && v.notApplicable === true;
+}
+var SDK_VERSION2 = "@atlasent/sdk@1.4.2";
+function canonicalize(value) {
+  if (value === null || value === void 0) return "null";
+  if (typeof value === "number") return Number.isFinite(value) ? String(value) : "null";
+  if (typeof value === "boolean") return value ? "true" : "false";
+  if (typeof value === "string") return JSON.stringify(value);
+  if (Array.isArray(value)) return "[" + value.map(canonicalize).join(",") + "]";
+  if (typeof value === "object") {
+    const obj = value;
+    const keys = Object.keys(obj).sort();
+    return "{" + keys.map((k) => JSON.stringify(k) + ":" + canonicalize(obj[k])).join(",") + "}";
+  }
+  return "null";
+}
+function sha256Hex3(input) {
+  const { createHash } = require("crypto");
+  return createHash("sha256").update(input).digest("hex");
+}
+function hmacSha256Base64url(payload, secret) {
+  return (0, import_node_crypto2.createHmac)("sha256", secret).update(payload).digest("base64url");
+}
+function computeLinkHash(link) {
+  return sha256Hex3(canonicalize(link));
+}
+function slotStatus(input, slot) {
+  if (isNotApplicable(input)) return "not_applicable";
+  if (slot !== null) return "present";
+  return "missing";
+}
+function toDeploySlot(input) {
+  if (input === void 0 || isNotApplicable(input)) return null;
+  return {
+    deploy_id: input.deploy_id,
+    environment: input.environment,
+    sha: input.sha,
+    actor_id: input.actor_id,
+    deployed_at: input.deployed_at,
+    gate_permit_token: input.gate_permit_token
+  };
+}
+function toIntegrationSlot(input) {
+  if (input === void 0 || isNotApplicable(input)) return null;
+  const run = input;
+  return {
+    run_id: run.id,
+    framework: run.framework,
+    period_start: run.period_start,
+    period_end: run.period_end,
+    status: run.status,
+    passing_control_count: (run.controls ?? []).filter((c) => c.status === "pass").length,
+    failing_control_count: (run.controls ?? []).filter((c) => c.status !== "pass").length,
+    run_completed_at: run.created_at
+  };
+}
+function toApprovalSlot(input) {
+  if (input === void 0 || isNotApplicable(input)) return null;
+  if ("escalation" in input) {
+    const chain = input;
+    const approvals = chain.approvals;
+    const lastApproved = approvals.filter((a) => a.decision === "approve").map((a) => a.created_at).sort().at(-1) ?? chain.escalation.created_at;
+    return {
+      approval_id: chain.escalation.id,
+      approval_kind: "hitl_chain",
+      quorum_type: hitlQuorumToSlotQuorum(chain.escalation.quorum_required),
+      approver_count: approvals.filter((a) => a.decision === "approve").length,
+      approver_ids: approvals.filter((a) => a.decision === "approve").map((a) => a.user_id ?? a.actor_label ?? "unknown"),
+      approved_at: lastApproved,
+      artifact_hash: chain.artifact_hash
+    };
+  }
+  const artifact = input;
+  return {
+    approval_id: artifact.approval_id,
+    approval_kind: "approval_artifact",
+    quorum_type: artifact.quorum_type,
+    approver_count: artifact.approver_ids.length,
+    approver_ids: artifact.approver_ids,
+    approved_at: artifact.approved_at,
+    artifact_hash: artifact.artifact_hash
+  };
+}
+function hitlQuorumToSlotQuorum(tier) {
+  switch (tier) {
+    case "single_approver":
+      return "single_approver";
+    case "two_thirds":
+      return "two_thirds";
+    case "unanimous":
+      return "unanimous";
+    default:
+      return "simple_majority";
+  }
+}
+function toRuntimeSlot(receipt, verifiedAtCreation) {
+  return {
+    permit_token: receipt.permit_id ?? receipt.receipt_id,
+    audit_hash: receipt.audit_hash,
+    decision: receipt.decision === "allow" ? "allow" : receipt.decision === "escalate" ? "escalate" : "deny",
+    decision_id: receipt.evaluation_id,
+    evaluated_at: receipt.issued_at,
+    algorithm: receipt.algorithm,
+    signature: receipt.signature,
+    permit_revoked_at: null,
+    verified_at_claim_time: receipt.decision === "allow",
+    verified_at_link_creation: verifiedAtCreation
+  };
+}
+function buildChecklist(runtime, deployStatus, integrationStatus, approvalStatus, delta, lastVerifiedAt, now) {
+  const deltaComputed = delta.status === "computed";
+  const policyDriftClean = deltaComputed ? !delta.policy_drift_detected : null;
+  const schemaDriftClean = !delta.schema_drift_detected;
+  const allPass = runtime.verified_at_claim_time && runtime.verified_at_link_creation && deltaComputed && policyDriftClean === true && schemaDriftClean && deployStatus !== "missing" && integrationStatus !== "missing" && approvalStatus !== "missing";
+  return {
+    runtime_evidence_present: true,
+    verified_at_claim_time: runtime.verified_at_claim_time,
+    verified_at_link_creation: runtime.verified_at_link_creation,
+    deploy_evidence_status: deployStatus,
+    integration_evidence_status: integrationStatus,
+    approval_artifact_status: approvalStatus,
+    delta_computed: deltaComputed,
+    policy_drift_clean: policyDriftClean,
+    schema_drift_clean: schemaDriftClean,
+    all_pass: allPass,
+    last_verified_at: lastVerifiedAt,
+    computed_at: now
+  };
+}
+function buildClaimEvidenceLink(opts) {
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  const linkId = `cel_${(0, import_node_crypto2.randomUUID)().replace(/-/g, "")}`;
+  const orgId = opts.orgId ?? opts.runtimeEvidence.org_id;
+  const schemaVersion = opts.schemaVersion ?? SDK_VERSION2;
+  const deploySlot = toDeploySlot(opts.deployEvidence);
+  const integrationSlot = toIntegrationSlot(opts.integrationEvidence);
+  const approvalSlot = toApprovalSlot(opts.approvalArtifact);
+  const deployStatus = slotStatus(opts.deployEvidence, deploySlot);
+  const integrationStatus = slotStatus(opts.integrationEvidence, integrationSlot);
+  const approvalStatus = slotStatus(opts.approvalArtifact, approvalSlot);
+  const verifiedAtCreation = opts.runtimeEvidence.decision === "allow";
+  const runtime = toRuntimeSlot(opts.runtimeEvidence, verifiedAtCreation);
+  const delta = {
+    status: "pending",
+    computed_at: null,
+    policy_version_at_claim: null,
+    policy_version_current: null,
+    policy_drift_detected: null,
+    schema_version_at_claim: schemaVersion,
+    schema_version_current: schemaVersion,
+    schema_drift_detected: false,
+    drift_details: []
+  };
+  const lastVerifiedAt = verifiedAtCreation ? now : null;
+  const checklist = buildChecklist(
+    runtime,
+    deployStatus,
+    integrationStatus,
+    approvalStatus,
+    delta,
+    lastVerifiedAt,
+    now
+  );
+  const linkAlgorithm = opts.signingSecret ? "hmac-sha256" : "none";
+  const body = {
+    version: "claim_evidence_link.v1",
+    link_id: linkId,
+    claim_id: opts.claimId,
+    org_id: orgId,
+    linked_at: now,
+    updated_at: now,
+    revision: 1,
+    link_algorithm: linkAlgorithm,
+    runtime_evidence: runtime,
+    deploy_evidence: deploySlot,
+    integration_evidence: integrationSlot,
+    approval_artifact: approvalSlot,
+    delta,
+    verification_checklist: checklist
+  };
+  const linkHash = computeLinkHash(body);
+  const linkSignature = opts.signingSecret ? hmacSha256Base64url(linkHash, opts.signingSecret) : null;
+  return { ...body, link_hash: linkHash, link_signature: linkSignature };
+}
+function verifyClaimEvidenceLink(link, opts = {}) {
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  const { link_hash: _lh, link_signature: _ls, ...body } = link;
+  const expectedHash = computeLinkHash(
+    body
+  );
+  const hashValid = expectedHash === link.link_hash;
+  let sigValid = true;
+  if (link.link_algorithm === "hmac-sha256") {
+    if (!opts.signingSecret) {
+      sigValid = false;
+    } else {
+      const expected = hmacSha256Base64url(link.link_hash, opts.signingSecret);
+      sigValid = expected === link.link_signature;
+    }
+  }
+  const runtime = {
+    ...link.runtime_evidence,
+    // If the link hash or signature is invalid, mark creation-time verification as failed
+    verified_at_link_creation: hashValid && sigValid ? link.runtime_evidence.verified_at_link_creation : false
+  };
+  const checklist = buildChecklist(
+    runtime,
+    link.verification_checklist.deploy_evidence_status,
+    link.verification_checklist.integration_evidence_status,
+    link.verification_checklist.approval_artifact_status,
+    link.delta,
+    runtime.verified_at_link_creation ? link.verification_checklist.last_verified_at ?? now : null,
+    now
+  );
+  const updatedBody = {
+    version: link.version,
+    link_id: link.link_id,
+    claim_id: link.claim_id,
+    org_id: link.org_id,
+    linked_at: link.linked_at,
+    updated_at: now,
+    revision: link.revision + 1,
+    link_algorithm: link.link_algorithm,
+    runtime_evidence: runtime,
+    deploy_evidence: link.deploy_evidence,
+    integration_evidence: link.integration_evidence,
+    approval_artifact: link.approval_artifact,
+    delta: link.delta,
+    verification_checklist: checklist
+  };
+  const newHash = computeLinkHash(updatedBody);
+  const newSignature = opts.signingSecret ? hmacSha256Base64url(newHash, opts.signingSecret) : link.link_algorithm === "none" ? null : link.link_signature;
+  const updatedLink = {
+    ...updatedBody,
+    link_hash: newHash,
+    link_signature: newSignature
+  };
+  const failedSlots = [];
+  if (!hashValid) failedSlots.push("link_hash");
+  if (!sigValid) failedSlots.push("link_signature");
+  if (!checklist.verified_at_claim_time) failedSlots.push("verified_at_claim_time");
+  if (!checklist.verified_at_link_creation) failedSlots.push("verified_at_link_creation");
+  if (!checklist.delta_computed) failedSlots.push("delta_computed");
+  if (checklist.policy_drift_clean === false) failedSlots.push("policy_drift_clean");
+  if (!checklist.schema_drift_clean) failedSlots.push("schema_drift_clean");
+  if (checklist.deploy_evidence_status === "missing") failedSlots.push("deploy_evidence_status");
+  if (checklist.integration_evidence_status === "missing") failedSlots.push("integration_evidence_status");
+  if (checklist.approval_artifact_status === "missing") failedSlots.push("approval_artifact_status");
+  const valid = failedSlots.length === 0;
+  if (!valid) {
+    throw new AtlaSentError(
+      `ClaimEvidenceLink verification failed: ${failedSlots.join(", ")}`,
+      { code: "claim_evidence_incomplete" }
+    );
+  }
+  return { link: updatedLink, valid, failedSlots };
+}
+function buildClaimEvidenceLinkFromActionBundle(bundle, opts) {
+  const runtimeEvidence = {
+    receipt_id: bundle.receipt.receipt_id,
+    evaluation_id: bundle.receipt.evaluation_id,
+    org_id: opts.orgId ?? "",
+    decision: bundle.receipt.decision,
+    action: bundle.action,
+    actor: bundle.actor,
+    resource_type: null,
+    resource_id: null,
+    reasons: [],
+    why_trace: null,
+    permit_id: bundle.receipt.permit_id,
+    permit_hash: null,
+    audit_hash: bundle.receipt.audit_hash ?? "",
+    context_hash: "",
+    issued_at: bundle.receipt.issued_at,
+    expires_at: null,
+    algorithm: bundle.receipt.algorithm,
+    signature: bundle.receipt.signature,
+    signing_key_id: null,
+    payload: {
+      receipt_id: bundle.receipt.receipt_id,
+      evaluation_id: bundle.receipt.evaluation_id,
+      org_id: opts.orgId ?? "",
+      decision: bundle.receipt.decision,
+      action: bundle.action,
+      actor: bundle.actor,
+      resource_type: null,
+      resource_id: null,
+      reasons: [],
+      why_summary: "",
+      permit_id: bundle.receipt.permit_id,
+      permit_hash: null,
+      audit_hash: bundle.receipt.audit_hash ?? "",
+      context_hash: "",
+      issued_at: bundle.receipt.issued_at,
+      expires_at: null
+    }
+  };
+  const deployEvidence = opts.deployNotApplicable ? NOT_APPLICABLE : {
+    deploy_id: bundle.bundle_id,
+    environment: bundle.environment,
+    sha: bundle.sha,
+    actor_id: bundle.actor,
+    deployed_at: bundle.generated_at,
+    gate_permit_token: bundle.receipt.permit_id ?? bundle.receipt.receipt_id
+  };
+  return buildClaimEvidenceLink({
+    claimId: opts.claimId,
+    ...opts.orgId !== void 0 ? { orgId: opts.orgId } : {},
+    runtimeEvidence,
+    deployEvidence,
+    ...opts.signingSecret !== void 0 ? { signingSecret: opts.signingSecret } : {},
+    ...opts.schemaVersion !== void 0 ? { schemaVersion: opts.schemaVersion } : {}
+  });
+}
+
+// src/bccae.ts
+var DEFAULT_BASE_URL2 = "https://api.atlasent.io";
+var DEFAULT_TIMEOUT_MS2 = 1e4;
+function enforceTls(raw) {
+  let parsed;
+  try {
+    parsed = new URL(raw);
+  } catch {
+    throw new AtlaSentError(
+      "BCCAEClient baseUrl is not a valid URL",
+      { code: "network" }
+    );
+  }
+  if (parsed.protocol === "http:") {
+    const h = parsed.hostname;
+    if (h !== "localhost" && h !== "127.0.0.1" && h !== "[::1]") {
+      throw new AtlaSentError(
+        "BCCAEClient baseUrl must use https:// for non-local endpoints",
+        { code: "network" }
+      );
+    }
+  }
+  return parsed.origin;
+}
+function generateBccaeNonce() {
+  const bytes = new Uint8Array(32);
+  globalThis.crypto.getRandomValues(bytes);
+  return Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+var BCCAEClient = class {
+  apiKey;
+  baseUrl;
+  timeoutMs;
+  fetchImpl;
+  constructor(options) {
+    if (!options.apiKey || typeof options.apiKey !== "string") {
+      throw new AtlaSentError("BCCAEClient: apiKey is required", {
+        code: "invalid_api_key"
+      });
+    }
+    this.apiKey = options.apiKey;
+    this.baseUrl = enforceTls(options.baseUrl ?? DEFAULT_BASE_URL2);
+    this.timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT_MS2;
+    this.fetchImpl = options.fetch ?? globalThis.fetch.bind(globalThis);
+  }
+  async evaluate(input) {
+    const { body } = await this.post(
+      "/v1/bccae/evaluations",
+      input
+    );
+    return body;
+  }
+  async execute(input) {
+    const { body } = await this.post(
+      "/v1/bccae/execute",
+      input
+    );
+    return body;
+  }
+  async revoke(input) {
+    const { body } = await this.post(
+      "/v1/bccae/revocations",
+      input
+    );
+    return body;
+  }
+  async getEvidence(evidenceId) {
+    if (!evidenceId || typeof evidenceId !== "string") {
+      throw new AtlaSentError("BCCAEClient: evidenceId is required", {
+        code: "bad_request"
+      });
+    }
+    const { body } = await this.get(
+      `/v1/bccae/evidence/${encodeURIComponent(evidenceId)}`
+    );
+    return body;
+  }
+  // ── HTTP primitives ─────────────────────────────────────────────────────────
+  async post(path, body) {
+    return this.request(path, "POST", body);
+  }
+  async get(path) {
+    return this.request(path, "GET", void 0);
+  }
+  async request(path, method, body) {
+    const url = `${this.baseUrl}${path}`;
+    const headers = {
+      Accept: "application/json",
+      Authorization: `Bearer ${this.apiKey}`,
+      "User-Agent": "atlasent-bccae-client/1.0"
+    };
+    if (method === "POST") headers["Content-Type"] = "application/json";
+    let response;
+    try {
+      response = await this.fetchImpl(url, {
+        method,
+        headers,
+        signal: AbortSignal.timeout(this.timeoutMs),
+        ...method === "POST" ? { body: JSON.stringify(body) } : {}
+      });
+    } catch (err) {
+      throw new AtlaSentError(
+        `BCCAEClient: network error on ${method} ${path}: ${err instanceof Error ? err.message : String(err)}`,
+        { code: "network" }
+      );
+    }
+    let responseBody;
+    try {
+      responseBody = await response.json();
+    } catch {
+      throw new AtlaSentError(
+        `BCCAEClient: non-JSON response (status ${response.status}) from ${method} ${path}`,
+        { code: "network" }
+      );
+    }
+    if (!response.ok) {
+      const err = responseBody;
+      const message = typeof err?.message === "string" ? err.message : `BCCAE request failed with status ${response.status}`;
+      const code = response.status === 401 ? "invalid_api_key" : response.status === 403 ? "forbidden" : response.status === 429 ? "rate_limited" : response.status >= 500 ? "server_error" : "network";
+      throw new AtlaSentError(message, { code });
+    }
+    return { body: responseBody };
+  }
+};
+
+// src/governanceAgents.ts
+var SEVERITY_RANK = {
+  info: 1,
+  low: 2,
+  medium: 3,
+  high: 4,
+  blocker: 5
+};
+function highestAgentFindingSeverity(findings) {
+  let best = null;
+  let rank = 0;
+  for (const f of findings) {
+    const r = SEVERITY_RANK[f.severity];
+    if (r > rank) {
+      rank = r;
+      best = f.severity;
+    }
+  }
+  return best;
+}
+
 // src/index.ts
 var atlasent = {
   protect,
@@ -3581,13 +5720,18 @@ var index_default = atlasent;
   AtlaSentDeniedError,
   AtlaSentError,
   AtlaSentEscalateError,
+  BCCAEClient,
   DEFAULT_INCENTIVE_CONFIG,
+  DEFAULT_REDACTION_RULES,
   DEFAULT_RETRY_POLICY,
   DEFAULT_RISK_TIER_THRESHOLDS,
   DEPLOYMENT_PRODUCTION_ACTION,
   DEPLOY_GATE_CODES,
+  EscalationDeniedError,
+  EscalationTimeoutError,
   FeatureNotEnabledError,
   GovernanceEnforcementError,
+  NOT_APPLICABLE,
   PRODUCTION_DEPLOY_ACTION,
   PermitRevoked,
   StreamParseError,
@@ -3602,6 +5746,9 @@ var index_default = atlasent;
   assertWebhook,
   authorizeStream,
   budgetUtilizationSeverity,
+  buildActionContext,
+  buildClaimEvidenceLink,
+  buildClaimEvidenceLinkFromActionBundle,
   buildLiabilityChain,
   buildLiabilityVisualization,
   buildRiskTimeline,
@@ -3610,9 +5757,11 @@ var index_default = atlasent;
   canonicalizeForEvidence,
   checkAutonomousBounds,
   checkBudgetConstraints,
+  checkIntegrationHealth,
   clampTokenDuration,
   classifyCommand,
   classifyRiskTier,
+  classifyToolRisk,
   computeApprovalRiskScore,
   computeBackoffMs,
   computeEscalatedApprovalCount,
@@ -3625,6 +5774,10 @@ var index_default = atlasent;
   computeRemediationUrgency,
   computeSignalEngagementRate,
   configure,
+  configureApprovalRuntime,
+  configureControlSurface,
+  configureShadow,
+  createEscalation,
   delegationPropagationHadEffect,
   deployGate,
   detectAutonomousAnomaly,
@@ -3638,10 +5791,15 @@ var index_default = atlasent;
   evaluateMany,
   evidenceRunPasses,
   findPrimaryLiabilityParties,
+  flattenActionContext,
   formatPolicySyncDiff,
+  generateBccaeNonce,
+  getEnforcementStatus,
+  getOrgSummary,
   graphql,
   hasAttemptsLeft,
   hhiToConcentrationScore,
+  highestAgentFindingSeverity,
   highestSeverityAction,
   hitlRequiredApproverCount,
   isBudgetExceptionActive,
@@ -3661,6 +5819,17 @@ var index_default = atlasent;
   normalizeEvaluateResponse,
   normalizePermitOutcome,
   protect,
+  protectCloseAction,
+  protectDeploy,
+  protectOrEscalate,
+  protectPaymentRelease,
+  protectShadow,
+  protectToolCall,
+  protectWithEvidence,
+  redactContext,
+  reportProtectedAction,
+  reportShadowEvent,
+  requestOverride,
   requirePermit,
   scoreToRiskTier,
   serializeSignableContent,
@@ -3668,12 +5837,15 @@ var index_default = atlasent;
   summarizeCrossOrgPermission,
   transitionDispute,
   transitionReversal,
+  validateActionContext,
   validateLiabilityChain,
   verifyAuditBundle,
   verifyBundle,
+  verifyClaimEvidenceLink,
   verifyEvidenceBundleStructure,
   verifyWebhook,
   verifyWebhookSignature,
+  waitForEscalationApproval,
   withPermit,
   withinAutonomousCeiling
 });