@atlasent/sdk 2.5.0 → 2.12.0

package/dist/hono.js

@@ -47,7 +47,8 @@ var KNOWN_PERMIT_OUTCOMES = /* @__PURE__ */ new Set([
   "permit_consumed",
   "permit_expired",
   "permit_revoked",
-  "permit_not_found"
+  "permit_not_found",
+  "permit_signing_key_revoked"
 ]);
 function normalizePermitOutcome(raw) {
   if (raw !== void 0 && KNOWN_PERMIT_OUTCOMES.has(raw)) {
@@ -108,8 +109,198 @@ var AtlaSentDeniedError = class extends AtlaSentError {
   get isNotFound() {
     return this.outcome === "permit_not_found";
   }
+  /**
+   * `true` when the permit's signing key KID appears in the
+   * trust-root revocation list (ADR-005 D3 R2/R3 key rotation).
+   */
+  get isSigningKeyRevoked() {
+    return this.outcome === "permit_signing_key_revoked";
+  }
+};
+var BundleVerificationError = class extends AtlaSentError {
+  name = "BundleVerificationError";
+  reason;
+  snapshotValidUntil;
+  snapshotFetchedAt;
+  snapshotSource;
+  kid;
+  constructor(init) {
+    super(`AtlaSent audit bundle verification failed: ${init.reason}`);
+    this.reason = init.reason;
+    this.snapshotValidUntil = init.snapshotValidUntil;
+    this.snapshotFetchedAt = init.snapshotFetchedAt;
+    this.snapshotSource = init.snapshotSource;
+    this.kid = init.kid;
+  }
 };
 
+// src/trustRoot.ts
+import { readFileSync } from "fs";
+import { fileURLToPath } from "url";
+import { resolve, dirname } from "path";
+var REFRESH_INTERVAL_MS_DEFAULT = 4 * 60 * 60 * 1e3;
+var REFRESH_INTERVAL_MS_FLOOR = 5 * 60 * 1e3;
+var KEYS_BASE_URL = "https://keys.atlasent.io/.well-known";
+var _halfLifeWarningEmitted = false;
+var _expiredWarningEmitted = false;
+var TrustRootManager = class {
+  _snapshot;
+  _refreshTimer = null;
+  _opts;
+  constructor(initialSnapshot, opts = {}) {
+    this._snapshot = initialSnapshot;
+    const intervalMs = Math.max(
+      opts.refreshIntervalMs ?? REFRESH_INTERVAL_MS_DEFAULT,
+      REFRESH_INTERVAL_MS_FLOOR
+    );
+    this._opts = {
+      refreshBaseUrl: opts.refreshBaseUrl ?? KEYS_BASE_URL,
+      refreshIntervalMs: intervalMs,
+      disableRefresh: opts.disableRefresh ?? false,
+      fetch: opts.fetch ?? (typeof globalThis !== "undefined" && globalThis.fetch ? globalThis.fetch.bind(globalThis) : ((_url) => Promise.reject(new Error("fetch not available"))))
+    };
+    if (!this._opts.disableRefresh) {
+      this._scheduleRefresh();
+    }
+  }
+  getSnapshot() {
+    return this._snapshot;
+  }
+  /**
+   * Check whether the snapshot is expired, emit one-time warnings at
+   * half-life and expiry.  Returns "ok" | "half_life" | "expired".
+   *
+   * Emits console.warn once per process at half-life (ADR-005 D3).
+   * Emits console.warn once per process on expiry.
+   */
+  checkExpiry() {
+    const snap = this._snapshot;
+    const now = Date.now();
+    const issuedAt = new Date(snap.issued_at).getTime();
+    const validUntil = new Date(snap.valid_until).getTime();
+    if (now > validUntil) {
+      if (!_expiredWarningEmitted) {
+        _expiredWarningEmitted = true;
+        const daysAgo = Math.floor((now - validUntil) / (24 * 60 * 60 * 1e3));
+        console.warn(
+          `[atlasent] Trust snapshot expired ${daysAgo} day(s) ago (valid_until: ${snap.valid_until}). Update to a newer SDK build or enable allowExpiredSnapshot.`
+        );
+      }
+      return "expired";
+    }
+    const window = validUntil - issuedAt;
+    const halfLife = issuedAt + window / 2;
+    if (now > halfLife) {
+      if (!_halfLifeWarningEmitted) {
+        _halfLifeWarningEmitted = true;
+        const daysLeft = Math.floor((validUntil - now) / (24 * 60 * 60 * 1e3));
+        console.warn(
+          `[atlasent] Trust snapshot at half-life: expires in ${daysLeft} day(s) (valid_until: ${snap.valid_until}). Plan an SDK update.`
+        );
+      }
+      return "half_life";
+    }
+    return "ok";
+  }
+  /** Look up a key entry by kid. Returns undefined if not found. */
+  lookupKey(kid) {
+    return this._snapshot.keys.find((k) => k.kid === kid);
+  }
+  /** Returns true if the kid appears in revoked_keys. */
+  isRevoked(kid) {
+    return this._snapshot.revoked_keys.some((r) => r.kid === kid);
+  }
+  /** Replace the snapshot (e.g. after a successful refresh). */
+  replaceSnapshot(next) {
+    this._snapshot = next;
+  }
+  stopRefresh() {
+    if (this._refreshTimer !== null) {
+      clearInterval(this._refreshTimer);
+      this._refreshTimer = null;
+    }
+  }
+  _scheduleRefresh() {
+    this._refreshTimer = setInterval(() => {
+      void this._doRefresh();
+    }, this._opts.refreshIntervalMs);
+    if (this._refreshTimer && typeof this._refreshTimer === "object" && "unref" in this._refreshTimer) {
+      this._refreshTimer.unref();
+    }
+  }
+  async _doRefresh() {
+    try {
+      const base = this._opts.refreshBaseUrl.replace(/\/$/, "");
+      const [keysRes, revocRes] = await Promise.all([
+        this._opts.fetch(`${base}/atlasent-verifier-keys.json`),
+        this._opts.fetch(`${base}/atlasent-revocations.json`)
+      ]);
+      const indexRes = await this._opts.fetch(`${base}/atlasent-trust-root.json`);
+      if (!keysRes.ok || !revocRes.ok || !indexRes.ok) return;
+      const [keys, revoc, index] = await Promise.all([
+        keysRes.json(),
+        revocRes.json(),
+        indexRes.json()
+      ]);
+      if (!index.valid_until || !Array.isArray(keys.keys)) return;
+      this._snapshot = {
+        valid_until: index.valid_until,
+        issued_at: index.issued_at ?? this._snapshot.issued_at,
+        keys: keys.keys,
+        revoked_keys: revoc.revoked_keys ?? [],
+        revoked_identities: revoc.revoked_identities ?? []
+      };
+    } catch {
+    }
+  }
+};
+function _loadVendorSnapshot() {
+  try {
+    let packageRoot;
+    try {
+      const thisFile = fileURLToPath(import.meta.url);
+      packageRoot = resolve(dirname(thisFile), "..", "..");
+    } catch {
+      packageRoot = resolve(__dirname, "..", "..");
+    }
+    const vendorDir = resolve(packageRoot, "vendor", "trust-root");
+    const index = JSON.parse(
+      readFileSync(resolve(vendorDir, "atlasent-trust-root.json"), "utf8")
+    );
+    const verifierKeys = JSON.parse(
+      readFileSync(resolve(vendorDir, "atlasent-verifier-keys.json"), "utf8")
+    );
+    const revocations = JSON.parse(
+      readFileSync(resolve(vendorDir, "atlasent-revocations.json"), "utf8")
+    );
+    return {
+      valid_until: index.valid_until,
+      issued_at: index.issued_at,
+      keys: verifierKeys.keys ?? [],
+      revoked_keys: revocations.revoked_keys ?? [],
+      revoked_identities: revocations.revoked_identities ?? []
+    };
+  } catch {
+    return {
+      valid_until: "2099-01-01T00:00:00Z",
+      issued_at: "2026-05-26T00:00:00Z",
+      keys: [],
+      revoked_keys: [],
+      revoked_identities: []
+    };
+  }
+}
+var _globalManager = null;
+function getGlobalTrustRootManager(opts) {
+  if (!_globalManager) {
+    _globalManager = new TrustRootManager(
+      _loadVendorSnapshot(),
+      opts ?? { disableRefresh: false }
+    );
+  }
+  return _globalManager;
+}
+
 // src/types.ts
 var PRODUCTION_DEPLOY_ACTION = "production.deploy";
 var DEPLOY_GATE_CODES = Object.freeze({
@@ -134,9 +325,14 @@ function normalizeEvaluateRequest(input) {
       action_type: legacy.action,
       actor_id: legacy.agent
     };
-    if (legacy.context !== void 0) {
-      normalized.context = legacy.context;
-    }
+    if (legacy.context !== void 0) normalized.context = legacy.context;
+    const l = legacy;
+    if (l.explain !== void 0) normalized.explain = l.explain;
+    if (l.environment !== void 0) normalized.environment = l.environment;
+    if (l.resource !== void 0) normalized.resource = l.resource;
+    if (l.current_state !== void 0) normalized.current_state = l.current_state;
+    if (l.proposed_state !== void 0) normalized.proposed_state = l.proposed_state;
+    if (l.execution_binding !== void 0) normalized.execution_binding = l.execution_binding;
     return normalized;
   }
   return input;
@@ -144,9 +340,9 @@ function normalizeEvaluateRequest(input) {
 
 // src/retry.ts
 var DEFAULT_RETRY_POLICY = {
-  maxAttempts: 4,
-  baseDelayMs: 2e3,
-  maxDelayMs: 16e3
+  maxAttempts: 3,
+  baseDelayMs: 250,
+  maxDelayMs: 1e4
 };
 var RETRYABLE_CODES = /* @__PURE__ */ new Set([
   "network",
@@ -195,10 +391,371 @@ function clampUnit(n) {
   return n;
 }
 
+// src/scim.ts
+var SCIM_USER_SCHEMA = "urn:ietf:params:scim:schemas:core:2.0:User";
+var SCIM_GROUP_SCHEMA = "urn:ietf:params:scim:schemas:core:2.0:Group";
+function scimUsersPath(orgId) {
+  return `/scim/v2/${encodeURIComponent(orgId)}/Users`;
+}
+function scimGroupsPath(orgId) {
+  return `/scim/v2/${encodeURIComponent(orgId)}/Groups`;
+}
+function buildScimQuery(filter, startIndex, count) {
+  const params = new URLSearchParams();
+  if (filter !== void 0) params.set("filter", filter);
+  if (startIndex !== void 0) params.set("startIndex", String(startIndex));
+  if (count !== void 0) params.set("count", String(count));
+  return params.size > 0 ? params : void 0;
+}
+function makeScimClient(postFn, getFn, putFn, deleteFn) {
+  const users = {
+    async list(params) {
+      const qs = buildScimQuery(
+        params.filter,
+        params.startIndex,
+        params.count
+      );
+      const { body } = await getFn(
+        scimUsersPath(params.orgId),
+        qs
+      );
+      return body;
+    },
+    async create(orgId, user) {
+      const payload = user.schemas ? user : { ...user, schemas: [SCIM_USER_SCHEMA] };
+      const { body } = await postFn(scimUsersPath(orgId), payload);
+      return body;
+    },
+    async update(orgId, id, user) {
+      const payload = user.schemas ? user : { ...user, schemas: [SCIM_USER_SCHEMA] };
+      const { body } = await putFn(
+        `${scimUsersPath(orgId)}/${encodeURIComponent(id)}`,
+        payload
+      );
+      return body;
+    },
+    async delete(orgId, id) {
+      return deleteFn(
+        `${scimUsersPath(orgId)}/${encodeURIComponent(id)}`
+      );
+    }
+  };
+  const groups = {
+    async list(params) {
+      const qs = buildScimQuery(
+        params.filter,
+        params.startIndex,
+        params.count
+      );
+      const { body } = await getFn(
+        scimGroupsPath(params.orgId),
+        qs
+      );
+      return body;
+    },
+    async create(orgId, group) {
+      const payload = group["schemas"] ? group : { ...group, schemas: [SCIM_GROUP_SCHEMA] };
+      const { body } = await postFn(
+        scimGroupsPath(orgId),
+        payload
+      );
+      return body;
+    },
+    async delete(orgId, id) {
+      return deleteFn(
+        `${scimGroupsPath(orgId)}/${encodeURIComponent(id)}`
+      );
+    }
+  };
+  return { users, groups };
+}
+
+// src/evidence-bundle.ts
+function wireToBundle(w) {
+  return {
+    bundleId: w.bundle_id,
+    orgId: w.org_id,
+    incidentId: w.incident_id,
+    status: w.status,
+    includedPermits: w.included_permits ?? [],
+    includeOverrides: w.include_overrides ?? false,
+    format: w.format,
+    createdAt: w.created_at,
+    expiresAt: w.expires_at,
+    ...w.download_url !== void 0 ? { downloadUrl: w.download_url } : {},
+    ...w.metadata !== void 0 ? { metadata: w.metadata } : {}
+  };
+}
+function makeEvidenceBundleClient(postFn, getFn, getRawFn) {
+  return {
+    async list(params = {}) {
+      const qs = new URLSearchParams();
+      if (params.executionId !== void 0) qs.set("execution_id", params.executionId);
+      if (params.limit !== void 0) qs.set("limit", String(params.limit));
+      if (params.cursor !== void 0) qs.set("cursor", params.cursor);
+      const { body } = await getFn("/v1/evidence-bundles", qs.size > 0 ? qs : void 0);
+      return {
+        bundles: (body.bundles ?? []).map(wireToBundle),
+        nextCursor: body.next_cursor ?? null
+      };
+    },
+    async create(params) {
+      const payload = {
+        incident_id: params.incidentId
+      };
+      if (params.includedPermits !== void 0) {
+        payload["included_permits"] = params.includedPermits;
+      }
+      if (params.includeOverrides !== void 0) {
+        payload["include_overrides"] = params.includeOverrides;
+      }
+      const { body } = await postFn(
+        "/v1/evidence-bundles",
+        payload
+      );
+      return wireToBundle(body);
+    },
+    async get(bundleId) {
+      const { body } = await getFn(
+        `/v1/evidence-bundles/${encodeURIComponent(bundleId)}`
+      );
+      return wireToBundle(body);
+    },
+    async download(bundleId, format = "json") {
+      const qs = new URLSearchParams({ format });
+      const raw = await getRawFn(
+        `/v1/evidence-bundles/${encodeURIComponent(bundleId)}/download?${qs}`
+      );
+      return Buffer.from(raw);
+    }
+  };
+}
+
+// src/auth.ts
+function wireToTokenResponse(w) {
+  return {
+    accessToken: w.access_token,
+    refreshToken: w.refresh_token,
+    tokenType: w.token_type,
+    expiresIn: w.expires_in,
+    ...w.scope !== void 0 ? { scope: w.scope } : {},
+    ...w.idp_id !== void 0 ? { idpId: w.idp_id } : {}
+  };
+}
+function wireToIdpConnection(w) {
+  return {
+    id: w.id,
+    name: w.name,
+    provider: w.provider,
+    enabled: w.enabled,
+    isDefault: w.default,
+    ...w.domains !== void 0 ? { domains: w.domains } : {},
+    createdAt: w.created_at
+  };
+}
+function makeAuthClient(postFn, getFn) {
+  return {
+    async refresh(refreshToken) {
+      const { body } = await postFn(
+        "/v1/auth/token/refresh",
+        { refresh_token: refreshToken, grant_type: "refresh_token" }
+      );
+      return wireToTokenResponse(body);
+    },
+    async refreshWithIdp(idpId, refreshToken) {
+      const path = `/v1/auth/idp/${encodeURIComponent(idpId)}/token/refresh`;
+      const { body } = await postFn(path, {
+        refresh_token: refreshToken,
+        grant_type: "refresh_token",
+        idp_id: idpId
+      });
+      return wireToTokenResponse(body);
+    },
+    async listIdpConnections() {
+      const { body } = await getFn(
+        "/v1/auth/idp-connections"
+      );
+      return (body.connections ?? []).map(wireToIdpConnection);
+    }
+  };
+}
+
+// src/sso.ts
+function wireToSsoConnection(w) {
+  return {
+    id: w.id,
+    organizationId: w.organization_id,
+    name: w.name,
+    protocol: w.protocol,
+    idpEntityId: w.idp_entity_id,
+    metadataUrl: w.metadata_url,
+    metadataXml: w.metadata_xml,
+    emailDomain: w.email_domain,
+    enforceForDomain: w.enforce_for_domain,
+    isActive: w.is_active,
+    supabaseProviderId: w.supabase_provider_id,
+    createdBy: w.created_by,
+    createdAt: w.created_at,
+    updatedAt: w.updated_at
+  };
+}
+function wireToSsoJitRule(w) {
+  return {
+    id: w.id,
+    connectionId: w.connection_id,
+    organizationId: w.organization_id,
+    claimAttribute: w.claim_attribute,
+    claimValue: w.claim_value,
+    grantedRole: w.granted_role,
+    precedence: w.precedence,
+    isActive: w.is_active,
+    createdAt: w.created_at,
+    updatedAt: w.updated_at
+  };
+}
+function wireToSsoReadiness(w) {
+  return {
+    connectionConfigured: w.connection_configured,
+    connectionTested: w.connection_tested,
+    breakGlassSet: w.break_glass_set,
+    serviceApiKeysReviewed: w.service_api_keys_reviewed
+  };
+}
+function ssoConnectionInputToWire(input) {
+  const w = {};
+  if (input.name !== void 0) w["name"] = input.name;
+  if (input.protocol !== void 0) w["protocol"] = input.protocol;
+  if (input.idpEntityId !== void 0) w["idp_entity_id"] = input.idpEntityId;
+  if (input.metadataUrl !== void 0) w["metadata_url"] = input.metadataUrl;
+  if (input.metadataXml !== void 0) w["metadata_xml"] = input.metadataXml;
+  if (input.emailDomain !== void 0) w["email_domain"] = input.emailDomain;
+  if (input.enforceForDomain !== void 0) w["enforce_for_domain"] = input.enforceForDomain;
+  return w;
+}
+function makeSsoClient(getFn, postFn, patchFn, deleteFn) {
+  return {
+    async listConnections() {
+      const { body } = await getFn("/v1/sso/connections");
+      return { connections: (body.connections ?? []).map(wireToSsoConnection) };
+    },
+    async getConnection(id) {
+      const { body } = await getFn(`/v1/sso/connections/${encodeURIComponent(id)}`);
+      return wireToSsoConnection(body);
+    },
+    async createConnection(input) {
+      const { body } = await postFn("/v1/sso/connections", ssoConnectionInputToWire(input));
+      return wireToSsoConnection(body);
+    },
+    async updateConnection(id, input) {
+      const { body } = await patchFn(
+        `/v1/sso/connections/${encodeURIComponent(id)}`,
+        ssoConnectionInputToWire(input)
+      );
+      return wireToSsoConnection(body);
+    },
+    async deleteConnection(id) {
+      await deleteFn(`/v1/sso/connections/${encodeURIComponent(id)}`);
+    },
+    async activateConnection(id) {
+      const { body } = await postFn(
+        `/v1/sso/connections/${encodeURIComponent(id)}/activate`,
+        {}
+      );
+      return { ok: body.ok, supabaseProviderId: body.supabase_provider_id };
+    },
+    async enforce(action) {
+      const { body } = await postFn("/v1/sso/enforce", { action });
+      return {
+        ok: body.ok,
+        action: body.action,
+        enforceSso: body.enforce_sso,
+        enforceSsoAt: body.enforce_sso_at
+      };
+    },
+    async getStatus() {
+      const { body } = await getFn("/v1/sso/status");
+      return wireToSsoReadiness(body.readiness);
+    },
+    async listJitRules(connectionId) {
+      const qs = connectionId ? new URLSearchParams({ connection_id: connectionId }) : void 0;
+      const { body } = await getFn("/v1/sso/jit-rules", qs);
+      return { rules: (body.rules ?? []).map(wireToSsoJitRule) };
+    },
+    async createJitRule(input) {
+      const payload = {
+        connection_id: input.connectionId,
+        claim_attribute: input.claimAttribute,
+        claim_value: input.claimValue,
+        granted_role: input.grantedRole
+      };
+      if (input.precedence !== void 0) payload["precedence"] = input.precedence;
+      const { body } = await postFn("/v1/sso/jit-rules", payload);
+      return wireToSsoJitRule(body);
+    },
+    async patchJitRule(id, patch) {
+      const payload = {};
+      if (patch.claimAttribute !== void 0) payload["claim_attribute"] = patch.claimAttribute;
+      if (patch.claimValue !== void 0) payload["claim_value"] = patch.claimValue;
+      if (patch.grantedRole !== void 0) payload["granted_role"] = patch.grantedRole;
+      if (patch.precedence !== void 0) payload["precedence"] = patch.precedence;
+      if (patch.isActive !== void 0) payload["is_active"] = patch.isActive;
+      const { body } = await patchFn(
+        `/v1/sso/jit-rules/${encodeURIComponent(id)}`,
+        payload
+      );
+      return wireToSsoJitRule(body);
+    },
+    async deleteJitRule(id) {
+      await deleteFn(`/v1/sso/jit-rules/${encodeURIComponent(id)}`);
+    }
+  };
+}
+
+// src/access-governance-log.ts
+function wireToEvent(w) {
+  return {
+    id: w.id,
+    eventType: w.event_type,
+    orgId: w.org_id,
+    actorId: w.actor_id,
+    actorEmail: w.actor_email,
+    ipAddress: w.ip_address,
+    metadata: w.metadata ?? {},
+    createdAt: w.created_at
+  };
+}
+function makeAccessGovernanceLogClient(getFn) {
+  return {
+    async list(query = {}) {
+      const qs = new URLSearchParams();
+      if (query.limit !== void 0) qs.set("limit", String(query.limit));
+      if (query.cursor) qs.set("cursor", query.cursor);
+      if (query.eventType) qs.set("event_type", query.eventType);
+      if (query.actorId) qs.set("actor_id", query.actorId);
+      if (query.from) qs.set("from", query.from);
+      if (query.to) qs.set("to", query.to);
+      const { body } = await getFn(
+        "/v1/access-governance-log",
+        qs.size > 0 ? qs : void 0
+      );
+      return {
+        events: (body.events ?? []).map(wireToEvent),
+        nextCursor: body.next_cursor,
+        totalCount: body.total_count ?? 0
+      };
+    }
+  };
+}
+
 // src/client.ts
 var DEFAULT_BASE_URL = "https://api.atlasent.io";
 var DEFAULT_TIMEOUT_MS = 1e4;
-var SDK_VERSION = "2.2.0";
+var SDK_VERSION = "2.10.0";
+var warnedBrowser = false;
+var V1_EVALUATE_BATCH_PATH = "/v1/evaluate/batch";
+var V1_EVALUATE_BATCH_LEGACY_PATH = "/v1-evaluate-batch";
+var V1_EVALUATE_STREAM_PATH = "/v1/evaluate/stream";
+var V1_EVALUATE_STREAM_LEGACY_PATH = "/v1-evaluate-stream";
 function _buildUserAgent() {
   const isNode2 = typeof process !== "undefined" && typeof process?.versions?.node === "string";
   return isNode2 ? `@atlasent/sdk/${SDK_VERSION} node/${process.version}` : `@atlasent/sdk/${SDK_VERSION} browser`;
@@ -262,6 +819,18 @@ var AtlaSentClient = class {
   fetchImpl;
   userAgent;
   retryPolicy;
+  /** SCIM 2.0 provisioning sub-client. Access as `client.scim`. */
+  scim;
+  /** Evidence bundle sub-client. Access as `client.evidenceBundles`. */
+  evidenceBundles;
+  /** Auth / token management sub-client. Access as `client.auth`. */
+  auth;
+  /** SSO administration sub-client. Access as `client.sso`. */
+  sso;
+  /** Access governance log sub-client. Access as `client.accessGovernanceLog`. */
+  accessGovernanceLog;
+  /** Trust-root snapshot manager for this client instance. */
+  trustRoot;
   constructor(options) {
     if (!options.apiKey || typeof options.apiKey !== "string") {
       throw new AtlaSentError("apiKey is required", {
@@ -274,6 +843,12 @@ var AtlaSentClient = class {
         { code: "network" }
       );
     }
+    if (!warnedBrowser && typeof globalThis["window"] !== "undefined" && typeof process === "undefined") {
+      warnedBrowser = true;
+      console.warn(
+        "[@atlasent/sdk] Running in a browser environment. API keys should not be exposed in client-side bundles. Use a server-side proxy instead."
+      );
+    }
     this.apiKey = _validateApiKey(options.apiKey);
     this.baseUrl = _enforceTls(options.baseUrl ?? DEFAULT_BASE_URL).replace(
       /\/+$/,
@@ -283,6 +858,44 @@ var AtlaSentClient = class {
     this.fetchImpl = options.fetch ?? globalThis.fetch.bind(globalThis);
     this.userAgent = _buildUserAgent();
     this.retryPolicy = mergePolicy(options.retryPolicy ?? {});
+    this.scim = makeScimClient(
+      (path, body, query) => this._post(path, body, query),
+      (path, query) => this._get(path, query),
+      (path, body) => this._put(path, body),
+      (path) => this._delete(path)
+    );
+    this.evidenceBundles = makeEvidenceBundleClient(
+      (path, body) => this._post(path, body),
+      (path, query) => this._get(path, query),
+      (path) => this._getRaw(path)
+    );
+    this.auth = makeAuthClient(
+      (path, body) => this._post(path, body),
+      (path) => this._get(path)
+    );
+    this.sso = makeSsoClient(
+      (path, query) => this._get(path, query),
+      (path, body) => this._post(path, body),
+      (path, body) => this._patch(path, body),
+      (path) => this._delete(path)
+    );
+    this.accessGovernanceLog = makeAccessGovernanceLogClient(
+      (path, query) => this._get(path, query)
+    );
+    if (options.trustRootUrl !== void 0 || options.trustSnapshotRefreshMs !== void 0) {
+      const globalSnap = getGlobalTrustRootManager({ disableRefresh: true }).getSnapshot();
+      this.trustRoot = new TrustRootManager(globalSnap, {
+        ...options.trustRootUrl !== void 0 && { refreshBaseUrl: options.trustRootUrl },
+        ...options.trustSnapshotRefreshMs !== void 0 && { refreshIntervalMs: options.trustSnapshotRefreshMs }
+      });
+    } else {
+      this.trustRoot = getGlobalTrustRootManager();
+    }
+    this.trustRoot.checkExpiry();
+  }
+  /** Return the current trust-root snapshot (pinned or last successful refresh). */
+  getTrustSnapshot() {
+    return this.trustRoot.getSnapshot();
   }
   /**
    * Ask the policy engine whether an agent action is permitted.
@@ -308,6 +921,12 @@ var AtlaSentClient = class {
       actor_id: normalized.actor_id,
       context: normalized.context ?? {}
     };
+    if (normalized.explain !== void 0) body.explain = normalized.explain;
+    if (normalized.environment !== void 0) body.environment = normalized.environment;
+    if (normalized.resource !== void 0) body.resource = normalized.resource;
+    if (normalized.current_state !== void 0) body.current_state = normalized.current_state;
+    if (normalized.proposed_state !== void 0) body.proposed_state = normalized.proposed_state;
+    if (normalized.execution_binding !== void 0) body.execution_binding = normalized.execution_binding;
     const { body: wire, rateLimit } = await this.post(
       "/v1-evaluate",
       body
@@ -344,9 +963,224 @@ var AtlaSentClient = class {
       reason,
       auditHash: wire.audit_hash ?? "",
       timestamp: wire.timestamp ?? "",
+      rateLimit,
+      ...wire.risk_envelope && {
+        riskEnvelope: {
+          weightedScore: wire.risk_envelope.weighted_score,
+          engineDecision: wire.risk_envelope.engine_decision,
+          envelopeDecision: wire.risk_envelope.envelope_decision,
+          promoted: wire.risk_envelope.promoted,
+          hardBlocks: wire.risk_envelope.hard_blocks ?? [],
+          ...wire.risk_envelope.factors && { factors: wire.risk_envelope.factors }
+        }
+      },
+      ...wire.risk_class !== void 0 && { riskClass: wire.risk_class },
+      ...wire.authority_basis && {
+        authorityBasis: {
+          kind: wire.authority_basis.kind,
+          ...wire.authority_basis.reference !== void 0 && { reference: wire.authority_basis.reference },
+          ...wire.authority_basis.granted_by !== void 0 && { grantedBy: wire.authority_basis.granted_by },
+          ...wire.authority_basis.rationale !== void 0 && { rationale: wire.authority_basis.rationale },
+          ...wire.authority_basis.expires_at !== void 0 && { expiresAt: wire.authority_basis.expires_at }
+        }
+      },
+      ...wire.escalation_id !== void 0 && { escalationId: wire.escalation_id }
+    };
+  }
+  /**
+   * Batch evaluate — send up to 100 decisions in a single round-trip.
+   *
+  * Wraps `POST /v1/evaluate/batch` (with fallback to
+  * `POST /v1-evaluate-batch` on older runtimes). The server evaluates each item
+   * against the active policy bundle and returns results in the same
+   * order as the input. One rate-limit token is consumed for the
+   * whole batch, and one audit-chain entry lists every included
+   * decision id.
+   *
+   * A per-item policy `deny` is **not** thrown — it appears as
+   * `item.decision === "deny"` in the returned items. A whole-batch
+   * network error, 4xx, or 5xx throws {@link AtlaSentError}.
+   *
+   * Requires the `v2_batch` tenant feature flag to be enabled on the
+   * org (returns 404 when off). Requires scope `evaluate:write`.
+   *
+   * @param requests - 1–100 evaluate items.
+   * @param batchId  - Optional caller-supplied UUID for idempotency.
+   *   A retried call with the same `batchId` and identical items
+   *   returns the cached response within 24 h (`replayed: true`).
+   */
+  async evaluateBatch(requests, batchId) {
+    if (!Array.isArray(requests) || requests.length === 0) {
+      throw new AtlaSentError(
+        "evaluateBatch: requests must be a non-empty array",
+        { code: "bad_request" }
+      );
+    }
+    if (requests.length > 100) {
+      throw new AtlaSentError(
+        `evaluateBatch: requests.length ${requests.length} exceeds the 100-item cap`,
+        { code: "bad_request" }
+      );
+    }
+    const wireItems = requests.map((r) => ({
+      action_type: r.action,
+      actor_id: r.agent,
+      context: r.context ?? {}
+    }));
+    const wireBody = { items: wireItems };
+    if (batchId) wireBody.batch_id = batchId;
+    const { body: wire, rateLimit } = await this.postWithPathFallback(
+      V1_EVALUATE_BATCH_PATH,
+      V1_EVALUATE_BATCH_LEGACY_PATH,
+      wireBody
+    );
+    const items = (wire.items ?? []).map(
+      (item) => {
+        const rawDecision = typeof item.decision === "string" ? item.decision.toLowerCase() : void 0;
+        const decision = rawDecision === "allow" || rawDecision === "deny" || rawDecision === "hold" || rawDecision === "escalate" ? rawDecision : void 0;
+        return {
+          index: item.index,
+          ...decision !== void 0 ? { decision } : {},
+          ...item.decision_id ? { decisionId: item.decision_id } : {},
+          ...item.permit_token != null ? { permitToken: item.permit_token } : {},
+          ...item.reason != null ? { reason: item.reason } : {},
+          ...item.audit_entry_hash ? { auditHash: item.audit_entry_hash } : {},
+          ...item.timestamp ? { timestamp: item.timestamp } : {},
+          ...item.error ? { error: item.error } : {},
+          ...item.message ? { message: item.message } : {}
+        };
+      }
+    );
+    return {
+      batchId: wire.batch_id,
+      items,
+      partial: wire.partial ?? false,
+      ...wire.replayed ? { replayed: wire.replayed } : {},
       rateLimit
     };
   }
+  /**
+   * Subscribe to a live stream of decisions for this org.
+   *
+   * Wraps `GET /v1-decisions-stream`. The server emits one SSE frame
+   * per audit event and sends a heartbeat every 15 s. The session
+   * auto-closes after `maxSeconds` (default 30 min); reconnect with
+   * the last received `event.id` to resume without replaying history.
+   *
+   * ```ts
+   * const controller = new AbortController();
+   * for await (const event of client.subscribeDecisions({ signal: controller.signal })) {
+   *   if (event.type === "heartbeat") continue;
+   *   console.log(event.type, event.decision, event.actorId);
+   *   if (event.type === "session_end") break; // reconnect
+   * }
+   * ```
+   *
+   * Requires scope `audit:read`. Requires the `v2_decisions_stream`
+   * tenant feature flag (returns 404 when off).
+   */
+  async *subscribeDecisions(opts = {}) {
+    const url = new URL(`${this.baseUrl}/v1-decisions-stream`);
+    if (opts.types?.length) url.searchParams.set("types", opts.types.join(","));
+    if (opts.actorId) url.searchParams.set("actor_id", opts.actorId);
+    if (opts.maxSeconds !== void 0) url.searchParams.set("max_seconds", String(opts.maxSeconds));
+    const headers = {
+      Accept: "text/event-stream",
+      Authorization: `Bearer ${this.apiKey}`,
+      "User-Agent": this.userAgent,
+      // ADR-025: declare the wire-protocol version we were built
+      // against. Runtime serves this version's response shape; older
+      // versions outside the compatibility window get 426.
+      "X-AtlaSent-Protocol-Version": "1"
+    };
+    if (opts.lastEventId) headers["Last-Event-ID"] = opts.lastEventId;
+    let response;
+    try {
+      response = await this.fetchImpl(url.toString(), {
+        method: "GET",
+        headers,
+        ...opts.signal ? { signal: opts.signal } : {}
+      });
+    } catch (err) {
+      if (err instanceof Error && err.name === "AbortError") return;
+      throw new AtlaSentError(
+        `Failed to connect to decisions stream: ${err instanceof Error ? err.message : String(err)}`,
+        { code: "network" }
+      );
+    }
+    if (!response.ok) {
+      const code = response.status === 401 ? "invalid_api_key" : "server_error";
+      throw new AtlaSentError(
+        `Decisions stream returned ${response.status}`,
+        { code, status: response.status }
+      );
+    }
+    if (!response.body) {
+      throw new AtlaSentError("Decisions stream response has no body", { code: "bad_response" });
+    }
+    const reader = response.body.getReader();
+    const decoder = new TextDecoder("utf-8");
+    let buf = "";
+    try {
+      while (true) {
+        let chunk;
+        try {
+          chunk = await reader.read();
+        } catch (err) {
+          if (err instanceof Error && err.name === "AbortError") return;
+          throw new AtlaSentError(
+            `Decisions stream read error: ${err instanceof Error ? err.message : String(err)}`,
+            { code: "network" }
+          );
+        }
+        if (chunk.done) break;
+        buf += decoder.decode(chunk.value, { stream: true });
+        const rawBlocks = buf.split("\n\n");
+        buf = rawBlocks.pop() ?? "";
+        for (const block of rawBlocks) {
+          if (!block.trim()) continue;
+          if (block.trimStart().startsWith(":")) {
+            yield { type: "heartbeat" };
+            continue;
+          }
+          let id;
+          let eventType = "audit_event";
+          let dataLine = "";
+          for (const line of block.split("\n")) {
+            if (line.startsWith("id:")) id = line.slice(3).trim();
+            else if (line.startsWith("event:")) eventType = line.slice(6).trim();
+            else if (line.startsWith("data:")) dataLine = line.slice(5).trim();
+          }
+          if (!dataLine) continue;
+          let parsed;
+          try {
+            parsed = JSON.parse(dataLine);
+          } catch {
+            continue;
+          }
+          if (eventType === "session_end") {
+            yield { ...id !== void 0 ? { id } : {}, type: "session_end", payload: parsed };
+            return;
+          }
+          const decision = typeof parsed.decision === "string" ? parsed.decision.toLowerCase() : void 0;
+          yield {
+            ...id !== void 0 ? { id } : {},
+            type: eventType,
+            ...decision ? { decision } : {},
+            ...typeof parsed.actor_id === "string" ? { actorId: parsed.actor_id } : {},
+            ...typeof parsed.resource_type === "string" ? { resourceType: parsed.resource_type } : {},
+            ...typeof parsed.resource_id === "string" ? { resourceId: parsed.resource_id } : {},
+            ...parsed.payload && typeof parsed.payload === "object" ? { payload: parsed.payload } : {},
+            ...typeof parsed.hash === "string" ? { hash: parsed.hash } : {},
+            ...typeof parsed.previous_hash === "string" ? { previousHash: parsed.previous_hash } : {},
+            ...typeof parsed.occurred_at === "string" ? { occurredAt: parsed.occurred_at } : {}
+          };
+        }
+      }
+    } finally {
+      reader.releaseLock();
+    }
+  }
   /**
    * Pre-flight evaluation that always returns the constraint trace.
    *
@@ -413,7 +1247,17 @@ var AtlaSentClient = class {
       reason,
       auditHash: wire.audit_hash ?? "",
       timestamp: wire.timestamp ?? "",
-      rateLimit
+      rateLimit,
+      ...wire.risk_envelope && {
+        riskEnvelope: {
+          weightedScore: wire.risk_envelope.weighted_score,
+          engineDecision: wire.risk_envelope.engine_decision,
+          envelopeDecision: wire.risk_envelope.envelope_decision,
+          promoted: wire.risk_envelope.promoted,
+          hardBlocks: wire.risk_envelope.hard_blocks ?? [],
+          ...wire.risk_envelope.factors && { factors: wire.risk_envelope.factors }
+        }
+      }
     };
     let constraintTrace = null;
     if (wire.constraint_trace !== void 0 && wire.constraint_trace !== null && typeof wire.constraint_trace === "object") {
@@ -462,6 +1306,7 @@ var AtlaSentClient = class {
       outcome: wire.outcome ?? "",
       permitHash: wire.permit_hash ?? "",
       timestamp: wire.timestamp ?? "",
+      expiresAt: wire.expires_at ?? null,
       rateLimit
     };
   }
@@ -479,6 +1324,7 @@ var AtlaSentClient = class {
     const agent = input.agent ?? "ci-deploy-bot";
     const action = input.action ?? PRODUCTION_DEPLOY_ACTION;
     const context = input.context ?? {};
+    const environment = typeof context.environment === "string" ? context.environment : typeof context.environment_name === "string" ? context.environment_name : void 0;
     const evaluation = await this.evaluate({ agent, action, context });
     if (evaluation.decision !== "allow") {
       return {
@@ -495,7 +1341,8 @@ var AtlaSentClient = class {
       permitId: evaluation.permitId,
       agent,
       action,
-      context
+      context,
+      ...environment !== void 0 ? { environment } : {}
     });
     if (!verification.verified) {
       return {
@@ -709,15 +1556,15 @@ var AtlaSentClient = class {
    */
   async keySelf() {
     const { body: wire, rateLimit } = await this.get("/v1-api-key-self");
-    if (typeof wire.key_id !== "string" || typeof wire.organization_id !== "string") {
+    if (typeof wire.key_id !== "string" || typeof wire.org_id !== "string") {
       throw new AtlaSentError(
-        "Malformed response from /v1-api-key-self: missing `key_id` or `organization_id`",
+        "Malformed response from /v1-api-key-self: missing `key_id` or `org_id`",
         { code: "bad_response" }
       );
     }
     return {
       keyId: wire.key_id,
-      organizationId: wire.organization_id,
+      orgId: wire.org_id,
       environment: wire.environment,
       scopes: wire.scopes ?? [],
       allowedCidrs: wire.allowed_cidrs ?? null,
@@ -784,7 +1631,153 @@ var AtlaSentClient = class {
     return { ...wire, rateLimit };
   }
   /**
-   * Open a streaming evaluation session against `POST /v1-evaluate-stream`.
+   * Re-evaluate a recorded decision against its originally-pinned policy
+   * bundle and engine version, and report whether the result agrees with
+   * what was recorded.
+   *
+   * Wraps `POST /v1-decisions-replay/:id/replay`. **Side-effect-free** — no
+   * audit chain row is written and no permit is issued (per ADR-016).
+   * Useful for compliance review, regression testing of bundle changes,
+   * and post-incident investigation.
+   *
+   * Outcomes encoded in the response:
+   * - `variance: "NONE"` — replay agrees with the original decision.
+   * - `variance: "DECISION_CHANGED"` — same envelope, same bundle, different
+   *   decision. Almost always indicates non-determinism in a rule
+   *   (e.g. wall-clock comparison) and warrants investigation.
+   * - `variance: "ENVELOPE_DRIFT"` — the recorded request envelope no longer
+   *   hashes to the recorded value. The replay short-circuits without
+   *   running the engine; `replay_decision` is absent. Treat as evidence
+   *   of substrate tamper or a recorder bug.
+   *
+   * Server-side 409 responses (replay refused because the engine version
+   * does not accept replay, or because no bundle was pinned) surface as
+   * `AtlaSentError` with `code: "replay_not_eligible"` — callers should
+   * treat them as expected for old / un-pinned decisions, not as bugs.
+   *
+   * Requires the `evaluate:write` API key scope.
+   *
+   * @param decisionId The UUID of the recorded decision to replay.
+   *                   Matches `execution_evaluations.request_id`.
+   *
+   * @example
+   * ```ts
+   * const result = await client.replayDecision("dec_abc123");
+   * if (result.variance === "DECISION_CHANGED") {
+   *   console.warn(
+   *     `Decision ${result.decision_id} changed on replay: ` +
+   *     `${result.original_decision} → ${result.replay_decision}`,
+   *   );
+   * }
+   * ```
+   */
+  async replayDecision(decisionId) {
+    if (typeof decisionId !== "string" || decisionId.length === 0) {
+      throw new AtlaSentError("decisionId is required", {
+        code: "bad_request"
+      });
+    }
+    const path = `/v1-decisions-replay/${encodeURIComponent(decisionId)}/replay`;
+    const { body: wire, rateLimit } = await this.post(
+      path,
+      {}
+    );
+    if (typeof wire.decision_id !== "string" || typeof wire.original_decision !== "string" || typeof wire.engine_version_kind !== "string" || typeof wire.accepts_replay !== "boolean" || typeof wire.variance !== "string" || typeof wire.envelope_verification !== "string" || typeof wire.replayed_at !== "string") {
+      throw new AtlaSentError(
+        "Malformed response from /v1-decisions-replay/:id/replay: missing required fields",
+        { code: "bad_response" }
+      );
+    }
+    return { ...wire, rateLimit };
+  }
+  /**
+   * ADR-015 Phase C — SDK-canonical replay runtime.
+   *
+   * Re-evaluates a recorded decision against its originally-pinned policy
+   * bundle and engine version via `POST /v1/decisions/:id/replay`.
+   * Side-effect-free server-side: no audit chain row is written and no
+   * permit is issued (ADR-016 `mode: "replay"` sentinel).
+   *
+   * Differences from {@link replayDecision} (the 2.7.0 raw-wire surface):
+   *
+   * | | `replayDecision()` | `replay()` |
+   * | --- | --- | --- |
+   * | Path | `/v1-decisions-replay/:id/replay` | `/v1/decisions/:id/replay` |
+   * | Variance | raw wire (`DECISION_CHANGED`) | SDK-canonical (`POLICY_DRIFT`) |
+   * | 409 handling | throws `AtlaSentError` | returns `ENGINE_DRIFT` / `BUNDLE_MISSING` |
+   * | Input shape | `decisionId: string` | `{ evaluationId }` |
+   *
+   * **Never throws on `409 replay_not_eligible`** — instead returns a
+   * `ReplayResponse` with `varianceKind: "ENGINE_DRIFT"` (engine retired
+   * beyond archival window) or `"BUNDLE_MISSING"` (no bundle pinned on
+   * the original evaluation). Callers can always `switch` on
+   * `result.varianceKind` without a try/catch.
+   *
+   * Fix-forward note: this method was originally landed in PR #275 but
+   * dropped from the squash merge. The TS types (`ReplayResponse`,
+   * `ReplayRequest`) and CHANGELOG made it through; the method itself
+   * did not. Restored here to match the Python {@link
+   * AtlaSentClient}.replay() that landed in atlasent-sdk@2.6.0 (Python).
+   */
+  async replay(input) {
+    if (!input || typeof input.evaluationId !== "string" || input.evaluationId.length === 0) {
+      throw new AtlaSentError("evaluationId is required", {
+        code: "bad_request"
+      });
+    }
+    const path = `/v1/decisions/${encodeURIComponent(input.evaluationId)}/replay`;
+    let wire;
+    let rateLimit;
+    try {
+      const result = await this.post(path, {});
+      wire = result.body;
+      rateLimit = result.rateLimit;
+    } catch (err) {
+      if (err instanceof AtlaSentError && err.status === 409) {
+        const msg = (err.message ?? "").toLowerCase();
+        const varianceKind2 = msg.includes("bundle") ? "BUNDLE_MISSING" : "ENGINE_DRIFT";
+        return {
+          decisionId: input.evaluationId,
+          varianceKind: varianceKind2,
+          originalDecision: "deny",
+          acceptsReplay: false,
+          replayedAt: (/* @__PURE__ */ new Date()).toISOString(),
+          rateLimit: null
+        };
+      }
+      throw err;
+    }
+    const VARIANCE_MAP = {
+      NONE: "NONE",
+      DECISION_CHANGED: "POLICY_DRIFT",
+      ENVELOPE_DRIFT: "ENVELOPE_DRIFT",
+      CHAIN_TAMPER: "CHAIN_TAMPER",
+      BUNDLE_MISSING: "BUNDLE_MISSING",
+      ENGINE_DRIFT: "ENGINE_DRIFT"
+    };
+    const rawVariance = typeof wire.variance === "string" ? wire.variance : "";
+    const varianceKind = VARIANCE_MAP[rawVariance] ?? "NONE";
+    const replayDec = typeof wire.replay_decision === "string" ? wire.replay_decision.toLowerCase() : void 0;
+    const originalDec = typeof wire.original_decision === "string" ? wire.original_decision.toLowerCase() : "deny";
+    const response = {
+      decisionId: typeof wire.decision_id === "string" ? wire.decision_id : input.evaluationId,
+      varianceKind,
+      originalDecision: originalDec,
+      acceptsReplay: typeof wire.accepts_replay === "boolean" ? wire.accepts_replay : true,
+      replayedAt: typeof wire.replayed_at === "string" ? wire.replayed_at : (/* @__PURE__ */ new Date()).toISOString(),
+      rateLimit
+    };
+    if (typeof wire.original_deny_code === "string") response.originalDenyCode = wire.original_deny_code;
+    if (replayDec !== void 0) response.replayedDecision = replayDec;
+    if (typeof wire.replay_deny_code === "string") response.replayedDenyCode = wire.replay_deny_code;
+    if (typeof wire.engine_version === "string") response.engineVersion = wire.engine_version;
+    if (typeof wire.engine_version_kind === "string") response.engineVersionKind = wire.engine_version_kind;
+    if (typeof wire.envelope_verification === "string") response.envelopeVerification = wire.envelope_verification;
+    return response;
+  }
+  /**
+  * Open a streaming evaluation session against `POST /v1/evaluate/stream`
+  * (with fallback to `POST /v1-evaluate-stream` on older runtimes).
    *
    * Yields {@link StreamDecisionEvent} and {@link StreamProgressEvent} objects
    * as the server emits them. The iterator ends cleanly when the server sends
@@ -822,7 +1815,7 @@ var AtlaSentClient = class {
       api_key: this.apiKey
     };
     const requestId = globalThis.crypto.randomUUID();
-    const url = `${this.baseUrl}/v1-evaluate-stream`;
+    let streamPath = V1_EVALUATE_STREAM_PATH;
     let lastEventId;
     let retryCount = 0;
     while (true) {
@@ -831,6 +1824,8 @@ var AtlaSentClient = class {
         "Content-Type": "application/json",
         Authorization: `Bearer ${this.apiKey}`,
         "User-Agent": this.userAgent,
+        // ADR-025: wire-protocol version declared on every request.
+        "X-AtlaSent-Protocol-Version": "1",
         "X-Request-ID": requestId
       };
       if (lastEventId !== void 0) {
@@ -840,7 +1835,7 @@ var AtlaSentClient = class {
       const signal = opts.signal ? AbortSignal.any([connectionTimeoutSignal, opts.signal]) : connectionTimeoutSignal;
       let response;
       try {
-        response = await this.fetchImpl(url, {
+        response = await this.fetchImpl(`${this.baseUrl}${streamPath}`, {
           method: "POST",
           headers,
           body: JSON.stringify(body),
@@ -856,6 +1851,10 @@ var AtlaSentClient = class {
         throw mapped;
       }
       if (!response.ok) {
+        if (streamPath === V1_EVALUATE_STREAM_PATH && (response.status === 404 || response.status === 405)) {
+          streamPath = V1_EVALUATE_STREAM_LEGACY_PATH;
+          continue;
+        }
         throw await buildHttpError(response, requestId);
       }
       if (!response.body) {
@@ -907,6 +1906,16 @@ var AtlaSentClient = class {
   async post(path, body, query) {
     return this.request(path, "POST", body, query);
   }
+  async postWithPathFallback(primaryPath, fallbackPath, body, query) {
+    try {
+      return await this.post(primaryPath, body, query);
+    } catch (err) {
+      if (err instanceof AtlaSentError && (err.status === 404 || err.status === 405)) {
+        return this.post(fallbackPath, body, query);
+      }
+      throw err;
+    }
+  }
   async get(path, query) {
     return this.request(path, "GET", void 0, query);
   }
@@ -918,7 +1927,9 @@ var AtlaSentClient = class {
       Accept: "application/json",
       Authorization: `Bearer ${this.apiKey}`,
       "User-Agent": this.userAgent,
-      "X-Request-ID": requestId
+      "X-Request-ID": requestId,
+      // ADR-025: wire-protocol version declared on every request.
+      "X-AtlaSent-Protocol-Version": "1"
     };
     if (method === "POST") headers["Content-Type"] = "application/json";
     const bodyStr = method === "POST" ? JSON.stringify(body) : void 0;
@@ -1534,6 +2545,145 @@ var AtlaSentClient = class {
     );
     return body;
   }
+  // ── Constrained governance agents (read surface) ──────────────────────────
+  //
+  // Three GETs onto the v1-governance-agents edge function. Doctrine:
+  // findings produced by these endpoints are advisory signal, never
+  // authority. There is no `runGovernanceAgent` method on this client —
+  // invocation belongs in CI (atlasent-action `governance-agents` mode),
+  // not in application code.
+  /**
+   * List the advisory governance-agent registry for the calling org.
+   *
+   * Calls `GET /v1/governance/agents`. The registry is reference data
+   * seeded at runtime-DB migration time; every row has
+   * `authority_class = "advisory"` and `can_authorize = false` —
+   * structural invariants enforced by the schema, not policy.
+   */
+  async listGovernanceAgents() {
+    const { body } = await this.get(
+      "/v1/governance/agents"
+    );
+    return [...body.agents ?? []];
+  }
+  /**
+   * List advisory findings emitted against one governed change.
+   *
+   * Calls `GET /v1/governance/findings?change_id=…[&agent_slug=…]`.
+   * Returns the typed-finding rows in `created_at DESC` order, including
+   * `routed_gate_id` when the finding→gate trigger linked them. Findings
+   * with `can_authorize === false` (always) are advisory; rendering them
+   * never satisfies a gate.
+   */
+  async listGovernanceFindings(query) {
+    if (!query?.change_id) {
+      throw new AtlaSentError("change_id is required", { code: "bad_request" });
+    }
+    const params = new URLSearchParams({ change_id: query.change_id });
+    if (query.agent_slug) params.set("agent_slug", query.agent_slug);
+    const { body } = await this.get(
+      "/v1/governance/findings",
+      params
+    );
+    return [...body.findings ?? []];
+  }
+  /**
+   * List agent run records against one governed change.
+   *
+   * Calls `GET /v1/governance/evaluations?change_id=…[&agent_slug=…]`.
+   * Returns every persisted evaluation, including `failed` / `timeout`
+   * runs and `completed` runs with zero findings — the latter is the
+   * positive signal "the agent ran and found nothing", which the UI
+   * surfaces as `clear`.
+   */
+  async listGovernanceEvaluations(query) {
+    if (!query?.change_id) {
+      throw new AtlaSentError("change_id is required", { code: "bad_request" });
+    }
+    const params = new URLSearchParams({ change_id: query.change_id });
+    if (query.agent_slug) params.set("agent_slug", query.agent_slug);
+    const { body } = await this.get(
+      "/v1/governance/evaluations",
+      params
+    );
+    return [...body.evaluations ?? []];
+  }
+  // ── Private adapters for sub-client factories ──────────────────────────────
+  // Thin wrappers that expose the private request infrastructure to sub-client
+  // factories (scim, evidenceBundles, auth) without widening the public API.
+  async _post(path, body, query) {
+    const { body: b } = await this.post(path, body, query);
+    return { body: b };
+  }
+  async _get(path, query) {
+    const { body: b } = await this.get(path, query);
+    return { body: b };
+  }
+  async _put(path, body) {
+    return this._requestRaw(path, "PUT", body, void 0);
+  }
+  async _patch(path, body) {
+    return this._requestRaw(path, "PATCH", body, void 0);
+  }
+  async _delete(path) {
+    await this._requestRaw(path, "DELETE", void 0, void 0);
+  }
+  async _getRaw(path) {
+    const url = `${this.baseUrl}${path}`;
+    const requestId = globalThis.crypto.randomUUID();
+    const headers = {
+      Authorization: `Bearer ${this.apiKey}`,
+      "User-Agent": this.userAgent,
+      "X-Request-ID": requestId,
+      "X-AtlaSent-Protocol-Version": "1"
+    };
+    const response = await this.fetchImpl(url, {
+      method: "GET",
+      headers,
+      signal: AbortSignal.timeout(this.timeoutMs)
+    });
+    if (!response.ok) {
+      const text = await response.text().catch(() => "");
+      throw new AtlaSentError(`GET ${path} returned ${response.status}`, {
+        code: response.status >= 500 ? "server_error" : "bad_request",
+        status: response.status,
+        requestId
+      });
+    }
+    return response.arrayBuffer();
+  }
+  async _requestRaw(path, method, body, query) {
+    const qs = query && Array.from(query).length > 0 ? `?${query.toString()}` : "";
+    const url = `${this.baseUrl}${path}${qs}`;
+    const requestId = globalThis.crypto.randomUUID();
+    const headers = {
+      Accept: "application/json",
+      Authorization: `Bearer ${this.apiKey}`,
+      "User-Agent": this.userAgent,
+      "X-Request-ID": requestId,
+      "X-AtlaSent-Protocol-Version": "1"
+    };
+    if (method === "PUT" && body !== void 0) {
+      headers["Content-Type"] = "application/json";
+    }
+    const init = { method, headers, signal: AbortSignal.timeout(this.timeoutMs) };
+    if (method === "PUT" && body !== void 0) {
+      init.body = JSON.stringify(body);
+    }
+    const response = await this.fetchImpl(url, init);
+    if (!response.ok) {
+      const text = await response.text().catch(() => "");
+      throw new AtlaSentError(`${method} ${path} returned ${response.status}`, {
+        code: response.status >= 500 ? "server_error" : "bad_request",
+        status: response.status,
+        requestId
+      });
+    }
+    if (method === "DELETE") {
+      return { body: {} };
+    }
+    return { body: await response.json() };
+  }
 };
 function parseRateLimitHeaders(headers) {
   const rawLimit = headers.get("x-ratelimit-limit");
@@ -1679,7 +2829,7 @@ function buildAuditEventsQuery(query) {
   return params;
 }
 function sleep(ms) {
-  return new Promise((resolve2) => setTimeout(resolve2, ms));
+  return new Promise((resolve3) => setTimeout(resolve3, ms));
 }
 function parseRetryAfter(raw) {
   if (!raw) return void 0;
@@ -1700,14 +2850,14 @@ async function* parseSseStream(body, requestId, timeoutMs, onEventId) {
     if (timeoutMs <= 0) {
       return reader.read();
     }
-    return new Promise((resolve2, reject) => {
+    return new Promise((resolve3, reject) => {
       const timer = setTimeout(() => {
         reject(new StreamTimeoutError(timeoutMs));
       }, timeoutMs);
       reader.read().then(
         (result) => {
           clearTimeout(timer);
-          resolve2(result);
+          resolve3(result);
         },
         (err) => {
           clearTimeout(timer);
@@ -1835,6 +2985,7 @@ function getClient() {
   sharedClient = new AtlaSentClient(options);
   return sharedClient;
 }
+var ACTION_TYPE_RE = /^[a-z][a-z0-9_]*(\.[a-z][a-z0-9_]*)+$/;
 function wireDecisionToDenied(serverDecision) {
   const lower = serverDecision.toLowerCase();
   if (lower === "hold" || lower === "escalate") return lower;
@@ -1873,6 +3024,21 @@ async function computeExecutionHash(payload) {
   }
 }
 async function protect(request) {
+  if (!ACTION_TYPE_RE.test(request.action)) {
+    throw new AtlaSentError(
+      `action must be in dot-notation format (e.g. "production.deploy"). Got: ${JSON.stringify(request.action)}`,
+      { code: "bad_request" }
+    );
+  }
+  const trustMgr = getGlobalTrustRootManager({ disableRefresh: false });
+  if (trustMgr.checkExpiry() === "expired") {
+    const snap = trustMgr.getSnapshot();
+    throw new BundleVerificationError({
+      reason: "trust_snapshot_expired",
+      snapshotValidUntil: snap.valid_until,
+      snapshotFetchedAt: snap.issued_at
+    });
+  }
   const client = getClient();
   const evaluation = await client.evaluate(request);
   if (evaluation.decision !== "allow") {
@@ -1883,12 +3049,13 @@ async function protect(request) {
       auditHash: evaluation.auditHash
     });
   }
-  const environment = request.context?.environment ?? (() => {
-    console.warn(
-      "[atlasent] environment not set on evaluate request \u2014 defaulting to 'production'. Set context.environment explicitly to suppress."
+  const environment = request.context?.environment;
+  if (!environment) {
+    throw new AtlaSentError(
+      'context.environment is required. Pass the environment where this action executes (e.g. "production", "staging").',
+      { code: "bad_request" }
     );
-    return "production";
-  })();
+  }
   const evaluatePayload = {
     action_type: request.action,
     actor_id: request.agent,
@@ -1919,21 +3086,22 @@ async function protect(request) {
     permitHash: verification.permitHash,
     auditHash: evaluation.auditHash,
     reason: evaluation.reason,
-    timestamp: verification.timestamp
+    timestamp: verification.timestamp,
+    permitExpiresAt: verification.expiresAt ?? null
   };
 }
 
 // src/hono.ts
 var DEFAULT_CONTEXT_KEY = "atlasent";
-async function resolve(value, c) {
+async function resolve2(value, c) {
   return typeof value === "function" ? await value(c) : value;
 }
 function atlaSentGuard(options) {
   const contextKey = options.key ?? DEFAULT_CONTEXT_KEY;
   return async (c, next) => {
     const [agent, action, ctx] = await Promise.all([
-      resolve(options.agent, c),
-      resolve(options.action, c),
+      resolve2(options.agent, c),
+      resolve2(options.action, c),
       options.context ? options.context(c) : Promise.resolve(void 0)
     ]);
     const request = { agent, action };