@atrib/action-gate 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/LICENSE ADDED
@@ -0,0 +1,216 @@
1
+
2
+ Apache License
3
+ Version 2.0, January 2004
4
+ http://www.apache.org/licenses/
5
+
6
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
7
+
8
+ 1. Definitions.
9
+
10
+ "License" shall mean the terms and conditions for use, reproduction,
11
+ and distribution as defined by Sections 1 through 9 of this document.
12
+
13
+ "Licensor" shall mean the copyright owner or entity authorized by
14
+ the copyright owner that is granting the License.
15
+
16
+ "Legal Entity" shall mean the union of the acting entity and all
17
+ other entities that control, are controlled by, or are under common
18
+ control with that entity. For the purposes of this definition,
19
+ "control" means (i) the power, direct or indirect, to cause the
20
+ direction or management of such entity, whether by contract or
21
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
22
+ outstanding shares, or (iii) beneficial ownership of such entity.
23
+
24
+ "You" (or "Your") shall mean an individual or Legal Entity
25
+ exercising permissions granted by this License.
26
+
27
+ "Source" form shall mean the preferred form for making modifications,
28
+ including but not limited to software source code, documentation
29
+ source, and configuration files.
30
+
31
+ "Object" form shall mean any form resulting from mechanical
32
+ transformation or translation of a Source form, including but
33
+ not limited to compiled object code, generated documentation,
34
+ and conversions to other media types.
35
+
36
+ "Work" shall mean the work of authorship, whether in Source or
37
+ Object form, made available under the License, as indicated by a
38
+ copyright notice that is included in or attached to the work
39
+ (an example is provided in the Appendix below).
40
+
41
+ "Derivative Works" shall mean any work, whether in Source or Object
42
+ form, that is based on (or derived from) the Work and for which the
43
+ editorial revisions, annotations, elaborations, or other modifications
44
+ represent, as a whole, an original work of authorship. For the purposes
45
+ of this License, Derivative Works shall not include works that remain
46
+ separable from, or merely link (or bind by name) to the interfaces of,
47
+ the Work and Derivative Works thereof.
48
+
49
+ "Contribution" shall mean any work of authorship, including
50
+ the original version of the Work and any modifications or additions
51
+ to that Work or Derivative Works thereof, that is intentionally
52
+ submitted to Licensor for inclusion in the Work by the copyright owner
53
+ or by an individual or Legal Entity authorized to submit on behalf of
54
+ the copyright owner. For the purposes of this definition, "submitted"
55
+ means any form of electronic, verbal, or written communication sent
56
+ to the Licensor or its representatives, including but not limited to
57
+ communication on electronic mailing lists, source code control systems,
58
+ and issue tracking systems that are managed by, or on behalf of, the
59
+ Licensor for the purpose of discussing and improving the Work, but
60
+ excluding communication that is conspicuously marked or otherwise
61
+ designated in writing by the copyright owner as "Not a Contribution."
62
+
63
+ "Contributor" shall mean Licensor and any individual or Legal Entity
64
+ on behalf of whom a Contribution has been received by Licensor and
65
+ subsequently incorporated within the Work.
66
+
67
+ 2. Grant of Copyright License. Subject to the terms and conditions of
68
+ this License, each Contributor hereby grants to You a perpetual,
69
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
70
+ copyright license to reproduce, prepare Derivative Works of,
71
+ publicly display, publicly perform, sublicense, and distribute the
72
+ Work and such Derivative Works in Source or Object form.
73
+
74
+ 3. Grant of Patent License. Subject to the terms and conditions of
75
+ this License, each Contributor hereby grants to You a perpetual,
76
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
77
+ (except as stated in this section) patent license to make, have made,
78
+ use, offer to sell, sell, import, and otherwise transfer the Work,
79
+ where such license applies only to those patent claims licensable
80
+ by such Contributor that are necessarily infringed by their
81
+ Contribution(s) alone or by combination of their Contribution(s)
82
+ with the Work to which such Contribution(s) was submitted. If You
83
+ institute patent litigation against any entity (including a
84
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
85
+ or a Contribution incorporated within the Work constitutes direct
86
+ or contributory patent infringement, then any patent licenses
87
+ granted to You under this License for that Work shall terminate
88
+ as of the date such litigation is filed.
89
+
90
+ 4. Redistribution. You may reproduce and distribute copies of the
91
+ Work or Derivative Works thereof in any medium, with or without
92
+ modifications, and in Source or Object form, provided that You
93
+ meet the following conditions:
94
+
95
+ (a) You must give any other recipients of the Work or
96
+ Derivative Works a copy of this License; and
97
+
98
+ (b) You must cause any modified files to carry prominent notices
99
+ stating that You changed the files; and
100
+
101
+ (c) You must retain, in the Source form of any Derivative Works
102
+ that You distribute, all copyright, patent, trademark, and
103
+ attribution notices from the Source form of the Work,
104
+ excluding those notices that do not pertain to any part of
105
+ the Derivative Works; and
106
+
107
+ (d) If the Work includes a "NOTICE" text file as part of its
108
+ distribution, then any Derivative Works that You distribute must
109
+ include a readable copy of the attribution notices contained
110
+ within such NOTICE file, excluding those notices that do not
111
+ pertain to any part of the Derivative Works, in at least one
112
+ of the following places: within a NOTICE text file distributed
113
+ as part of the Derivative Works; within the Source form or
114
+ documentation, if provided along with the Derivative Works; or,
115
+ within a display generated by the Derivative Works, if and
116
+ wherever such third-party notices normally appear. The contents
117
+ of the NOTICE file are for informational purposes only and
118
+ do not modify the License. You may add Your own attribution
119
+ notices within Derivative Works that You distribute, alongside
120
+ or as an addendum to the NOTICE text from the Work, provided
121
+ that such additional attribution notices cannot be construed
122
+ as modifying the License.
123
+
124
+ You may add Your own copyright statement to Your modifications and
125
+ may provide additional or different license terms and conditions
126
+ for use, reproduction, or distribution of Your modifications, or
127
+ for any such Derivative Works as a whole, provided Your use,
128
+ reproduction, and distribution of the Work otherwise complies with
129
+ the conditions stated in this License.
130
+
131
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
132
+ any Contribution intentionally submitted for inclusion in the Work
133
+ by You to the Licensor shall be under the terms and conditions of
134
+ this License, without any additional terms or conditions.
135
+ Notwithstanding the above, nothing herein shall supersede or modify
136
+ the terms of any separate license agreement you may have executed
137
+ with Licensor regarding such Contributions.
138
+
139
+ 6. Trademarks. This License does not grant permission to use the trade
140
+ names, trademarks, service marks, or product names of the Licensor,
141
+ except as required for reasonable and customary use in describing the
142
+ origin of the Work and reproducing the content of the NOTICE file.
143
+
144
+ 7. Disclaimer of Warranty. Unless required by applicable law or
145
+ agreed to in writing, Licensor provides the Work (and each
146
+ Contributor provides its Contributions) on an "AS IS" BASIS,
147
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
148
+ implied, including, without limitation, any warranties or conditions
149
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
150
+ PARTICULAR PURPOSE. You are solely responsible for determining the
151
+ appropriateness of using or redistributing the Work and assume any
152
+ risks associated with Your exercise of permissions under this License.
153
+
154
+ 8. Limitation of Liability. In no event and under no legal theory,
155
+ whether in tort (including negligence), contract, or otherwise,
156
+ unless required by applicable law (such as deliberate and grossly
157
+ negligent acts) or agreed to in writing, shall any Contributor be
158
+ liable to You for damages, including any direct, indirect, special,
159
+ incidental, or consequential damages of any character arising as a
160
+ result of this License or out of the use or inability to use the
161
+ Work (including but not limited to damages for loss of goodwill,
162
+ work stoppage, computer failure or malfunction, or any and all
163
+ other commercial damages or losses), even if such Contributor
164
+ has been advised of the possibility of such damages.
165
+
166
+ 9. Accepting Warranty or Additional Liability. While redistributing
167
+ the Work or Derivative Works thereof, You may choose to offer,
168
+ and charge a fee for, acceptance of support, warranty, indemnity,
169
+ or other liability obligations and/or rights consistent with this
170
+ License. However, in accepting such obligations, You may act only
171
+ on Your own behalf and on Your sole responsibility, not on behalf
172
+ of any other Contributor, and only if You agree to indemnify,
173
+ defend, and hold each Contributor harmless for any liability
174
+ incurred by, or claims asserted against, such Contributor by reason
175
+ of your accepting any such warranty or additional liability.
176
+
177
+ END OF TERMS AND CONDITIONS
178
+
179
+ APPENDIX: How to apply the Apache License to your work.
180
+
181
+ To apply the Apache License to your work, attach the following
182
+ boilerplate notice, with the fields enclosed by brackets "[]"
183
+ replaced with your own identifying information. (Don't include
184
+ the brackets!) The text should be enclosed in the appropriate
185
+ comment syntax for the file format. We also recommend that a
186
+ file or class name and description of purpose be included on the
187
+ same "printed page" as the copyright notice for easier
188
+ identification within third-party archives.
189
+
190
+ Copyright [yyyy] [name of copyright owner]
191
+
192
+ Licensed under the Apache License, Version 2.0 (the "License");
193
+ you may not use this file except in compliance with the License.
194
+ You may obtain a copy of the License at
195
+
196
+ http://www.apache.org/licenses/LICENSE-2.0
197
+
198
+ Unless required by applicable law or agreed to in writing, software
199
+ distributed under the License is distributed on an "AS IS" BASIS,
200
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
201
+ See the License for the specific language governing permissions and
202
+ limitations under the License.
203
+
204
+ Copyright 2025-2026 Atrib contributors
205
+
206
+ Licensed under the Apache License, Version 2.0 (the "License");
207
+ you may not use this file except in compliance with the License.
208
+ You may obtain a copy of the License at
209
+
210
+ http://www.apache.org/licenses/LICENSE-2.0
211
+
212
+ Unless required by applicable law or agreed to in writing, software
213
+ distributed under the License is distributed on an "AS IS" BASIS,
214
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
215
+ implied. See the License for the specific language governing
216
+ permissions and limitations under the License.
package/README.md ADDED
@@ -0,0 +1,138 @@
1
+ # @atrib/action-gate
2
+
3
+ `@atrib/action-gate` signs policy decisions and outcomes around high-impact
4
+ agent actions before the action body runs.
5
+
6
+ Use it when a host already knows where an action boundary is: browser
7
+ automation, computer use, support tooling, payment workflows, admin changes, or
8
+ production writes. The host owns policy, identity, approval UI, and execution.
9
+ Atrib records what the host decided and what happened next.
10
+
11
+ The core use case is an action that must outlive the session that proposed it.
12
+ One browser or computer-use run can sign the proposed action, policy decision,
13
+ and outcome. A later session, a different agent, or a reviewer team can accept
14
+ those hashes as verifiable context before continuing work.
15
+
16
+ ## Release state
17
+
18
+ `@atrib/action-gate` is a publish target, but the package has not been created
19
+ on npm yet. Use the workspace dependency or a packed tarball until the manual
20
+ first publish creates version `0.0.1`. Later releases use npm Trusted Publisher
21
+ through `.github/workflows/release.yml`.
22
+
23
+ ## Install
24
+
25
+ Inside the monorepo, depend on the workspace package:
26
+
27
+ ```json
28
+ "@atrib/action-gate": "workspace:*"
29
+ ```
30
+
31
+ Before the first npm publish, test the packed tarball from a clean temp project:
32
+
33
+ ```bash
34
+ npx -y pnpm@9.15.4 --filter @atrib/action-gate build
35
+ cd packages/action-gate
36
+ tarball=$(npx -y pnpm@9.15.4 --silent pack --pack-destination /tmp | tail -n 1)
37
+ tmpdir=$(mktemp -d)
38
+ cd "$tmpdir"
39
+ npm init -y
40
+ npm install "$tarball"
41
+ node --input-type=module -e "import('@atrib/action-gate').then((m) => console.log(Object.keys(m).sort()))"
42
+ ```
43
+
44
+ After the first npm release:
45
+
46
+ ```bash
47
+ pnpm add @atrib/action-gate
48
+ ```
49
+
50
+ ## Basic use
51
+
52
+ ```ts
53
+ import { runGatedAction } from '@atrib/action-gate'
54
+
55
+ const result = await runGatedAction({
56
+ privateKey,
57
+ contextId: '5f9a8a2b68f94a5cb7f9361b2c8d4e10',
58
+ action: {
59
+ run_id: 'browser-run-42',
60
+ action_id: 'act-3',
61
+ agent_id: 'support-agent',
62
+ surface: 'browser',
63
+ tool_name: 'browser.act',
64
+ args: { instruction: 'send customer email' },
65
+ risk: ['external_write', 'customer_message'],
66
+ },
67
+ evaluate: ({ action }) => ({
68
+ outcome: action.risk?.includes('external_write') ? 'escalate' : 'allow',
69
+ policy_id: 'browser-write-policy',
70
+ policy_version: '2026-06-28.1',
71
+ reason: 'browser writes that send customer messages need approval',
72
+ }),
73
+ execute: async () => ({ status: 'sent' }),
74
+ })
75
+
76
+ console.log(result.decision.record_hash)
77
+ console.log(result.outcome.record_hash)
78
+ console.log(result.verification.valid)
79
+ ```
80
+
81
+ ## Contract
82
+
83
+ The package has four gate states:
84
+
85
+ | State | Runtime behavior | Proof behavior |
86
+ | -------------- | --------------------------------------------------- | ------------------------------------------------------------------------------------ |
87
+ | `allowed` | Runs the action body. | Signs a decision, then signs an outcome with `informed_by` pointing at the decision. |
88
+ | `blocked` | Does not run the action body. | Signs the closed decision and blocked outcome. |
89
+ | `escalated` | Does not run until the host approval path resolves. | Signs the escalation decision and outcome. |
90
+ | `policy_error` | Does not run the action body. | Signs that the policy evaluator failed closed. |
91
+
92
+ `verifyActionGateRun()` checks signatures, record hashes, decision-to-outcome
93
+ binding, action id consistency, and the rule that blocked, escalated, and
94
+ policy-error states did not execute.
95
+
96
+ `runGatedAction()` returns both signed records and local sidecars. If `onRecord`
97
+ throws while delivering a signed record to a mirror, log sink, or proof-packet
98
+ writer, the action result still returns a complete decision/outcome pair and
99
+ adds the callback failure to `record_delivery_errors`.
100
+
101
+ ## Privacy and degradation
102
+
103
+ Signed records carry canonical hashes of the action arguments and outcome
104
+ material. Raw action arguments and results stay in local sidecars returned to
105
+ the host. The package does not submit records to the public log by itself.
106
+ Hosts choose whether `onRecord` writes a local mirror, submits to a log, writes
107
+ a proof packet, or does nothing.
108
+
109
+ Policy failures fail closed. If the policy evaluator throws, the package signs a
110
+ `policy_error` decision and a `policy_error` outcome, and the action body does
111
+ not run. If an allowed action body throws, the package signs an
112
+ `execution_error` outcome tied to the decision record.
113
+
114
+ ## Boundary
115
+
116
+ This package does not issue authorization, run a browser, store raw session
117
+ data, or replace a host policy engine. It gives hosts a small control/proof
118
+ contract:
119
+
120
+ 1. propose an action;
121
+ 2. evaluate policy before execution;
122
+ 3. run only when allowed;
123
+ 4. sign the decision and outcome;
124
+ 5. pass the accepted record hashes to a later session, another agent, a reviewer
125
+ team, or a proof packet.
126
+
127
+ Browserbase, Stagehand, browser-use, Playwright, OpenAI Computer Use, hosted
128
+ desktop runtimes, and support tools can keep their own automation layer while
129
+ using this package for the gate.
130
+
131
+ ## Local verification
132
+
133
+ ```bash
134
+ npx -y pnpm@9.15.4 --filter @atrib/action-gate typecheck
135
+ npx -y pnpm@9.15.4 --filter @atrib/action-gate test
136
+ npx -y pnpm@9.15.4 --filter @atrib/action-gate build
137
+ npx -y pnpm@9.15.4 --filter @atrib/integration action-control-gate-smoke
138
+ ```
@@ -0,0 +1,200 @@
1
+ import type { AtribRecord } from '@atrib/mcp';
2
+ export declare const ACTION_GATE_DECISION_EVENT_TYPE_URI: "https://atrib.dev/v1/extensions/action-gate/decision";
3
+ export declare const ACTION_GATE_OUTCOME_EVENT_TYPE_URI: "https://atrib.dev/v1/extensions/action-gate/outcome";
4
+ export declare const ACTION_GATE_DECISION_SCHEMA: "atrib.action-gate.decision.v1";
5
+ export declare const ACTION_GATE_OUTCOME_SCHEMA: "atrib.action-gate.outcome.v1";
6
+ export declare const DEFAULT_ACTION_GATE_SERVER_URL: "action-gate://local";
7
+ type MaybePromise<T> = T | Promise<T>;
8
+ export type Sha256Uri = `sha256:${string}`;
9
+ export type ActionGatePolicyOutcome = 'allow' | 'block' | 'escalate' | 'error';
10
+ export type ActionGateDecisionState = 'allowed' | 'blocked' | 'escalated' | 'policy_error';
11
+ export type ActionGateOutcomeStatus = 'executed' | 'blocked' | 'escalated' | 'policy_error' | 'execution_error';
12
+ export interface ActionGateActionEnvelope {
13
+ readonly run_id: string;
14
+ readonly action_id: string;
15
+ readonly agent_id: string;
16
+ readonly surface: string;
17
+ readonly tool_name: string;
18
+ readonly args?: unknown;
19
+ readonly risk?: readonly string[];
20
+ readonly parent_record_hashes?: readonly Sha256Uri[];
21
+ readonly refs?: Record<string, string>;
22
+ }
23
+ export interface ActionGateAuthority {
24
+ readonly mode: 'host-policy' | 'agent-auth' | 'user-auth' | 'service-auth';
25
+ readonly principal_hash?: Sha256Uri;
26
+ }
27
+ export interface ActionGateApproval {
28
+ readonly required: boolean;
29
+ readonly approval_id?: string;
30
+ readonly reviewer_hint?: string;
31
+ }
32
+ export interface ActionGatePolicyDecision {
33
+ readonly outcome: ActionGatePolicyOutcome;
34
+ readonly policy_id: string;
35
+ readonly policy_version: string;
36
+ readonly reason?: string;
37
+ readonly authority?: ActionGateAuthority;
38
+ readonly approval?: ActionGateApproval;
39
+ readonly evidence?: Record<string, string>;
40
+ }
41
+ export interface ActionGatePolicyInput {
42
+ readonly action: ActionGateActionEnvelope;
43
+ readonly timestamp: string;
44
+ }
45
+ export interface ActionGateDecisionPolicy {
46
+ readonly policy_id: string;
47
+ readonly version: string;
48
+ readonly outcome: ActionGatePolicyOutcome;
49
+ readonly reason?: string;
50
+ readonly authority: ActionGateAuthority;
51
+ readonly approval: ActionGateApproval;
52
+ readonly evidence?: Record<string, string>;
53
+ }
54
+ export interface ActionGateDecisionEntry {
55
+ readonly schema: typeof ACTION_GATE_DECISION_SCHEMA;
56
+ readonly decision_id: Sha256Uri;
57
+ readonly decision_state: ActionGateDecisionState;
58
+ readonly run_id: string;
59
+ readonly action_id: string;
60
+ readonly agent_id: string;
61
+ readonly surface: string;
62
+ readonly tool_name: string;
63
+ readonly args_digest: Sha256Uri;
64
+ readonly risk: readonly string[];
65
+ readonly policy: ActionGateDecisionPolicy;
66
+ readonly timestamp: string;
67
+ readonly parent_record_hashes: readonly Sha256Uri[];
68
+ readonly refs?: Record<string, string>;
69
+ }
70
+ export interface ActionGateOutcomeEntry {
71
+ readonly schema: typeof ACTION_GATE_OUTCOME_SCHEMA;
72
+ readonly outcome_id: Sha256Uri;
73
+ readonly status: ActionGateOutcomeStatus;
74
+ readonly run_id: string;
75
+ readonly action_id: string;
76
+ readonly decision_id: Sha256Uri;
77
+ readonly decision_record_hash: Sha256Uri;
78
+ readonly executed: boolean;
79
+ readonly result_digest?: Sha256Uri;
80
+ readonly error?: {
81
+ readonly name: string;
82
+ readonly message: string;
83
+ };
84
+ readonly timestamp: string;
85
+ }
86
+ export interface ActionGateLocalSidecar {
87
+ readonly package: '@atrib/action-gate';
88
+ readonly record_kind: 'decision' | 'outcome';
89
+ readonly record_hash: Sha256Uri;
90
+ readonly action: ActionGateActionEnvelope;
91
+ readonly decision?: ActionGateDecisionEntry;
92
+ readonly outcome?: ActionGateOutcomeEntry;
93
+ readonly args?: unknown;
94
+ readonly result?: unknown;
95
+ readonly informed_by: readonly Sha256Uri[];
96
+ }
97
+ export interface SignedActionGateDecision {
98
+ readonly record: AtribRecord;
99
+ readonly record_hash: Sha256Uri;
100
+ readonly entry: ActionGateDecisionEntry;
101
+ readonly sidecar: ActionGateLocalSidecar;
102
+ }
103
+ export interface SignedActionGateOutcome {
104
+ readonly record: AtribRecord;
105
+ readonly record_hash: Sha256Uri;
106
+ readonly entry: ActionGateOutcomeEntry;
107
+ readonly sidecar: ActionGateLocalSidecar;
108
+ }
109
+ export interface RunGatedActionInput<TResult> {
110
+ readonly privateKey?: Uint8Array | string;
111
+ readonly contextId?: string;
112
+ readonly serverUrl?: string;
113
+ readonly parentRecordHashes?: readonly Sha256Uri[];
114
+ readonly action: ActionGateActionEnvelope;
115
+ readonly evaluate: (input: ActionGatePolicyInput) => MaybePromise<ActionGatePolicyDecision>;
116
+ readonly execute: () => MaybePromise<TResult>;
117
+ readonly now?: () => number;
118
+ readonly onRecord?: (record: AtribRecord, sidecar: ActionGateLocalSidecar) => MaybePromise<void>;
119
+ }
120
+ export interface ActionGateRunResult<TResult> {
121
+ readonly state: ActionGateDecisionState;
122
+ readonly action_executed: boolean;
123
+ readonly decision: SignedActionGateDecision;
124
+ readonly outcome: SignedActionGateOutcome;
125
+ readonly signed_records: readonly AtribRecord[];
126
+ readonly sidecars: readonly ActionGateLocalSidecar[];
127
+ readonly verification: ActionGateVerificationResult;
128
+ readonly record_delivery_errors: readonly ActionGateRecordDeliveryError[];
129
+ readonly result?: TResult;
130
+ readonly error?: {
131
+ readonly name: string;
132
+ readonly message: string;
133
+ };
134
+ }
135
+ export type ActionGateVerificationIssueCode = 'decision_signature_invalid' | 'outcome_signature_invalid' | 'decision_sidecar_hash_mismatch' | 'outcome_sidecar_hash_mismatch' | 'outcome_missing_decision_parent' | 'decision_record_hash_mismatch' | 'decision_id_mismatch' | 'run_id_mismatch' | 'action_id_mismatch' | 'blocked_action_executed' | 'escalated_action_executed' | 'policy_error_action_executed' | 'allowed_action_missing_execution_status' | 'closed_decision_status_mismatch';
136
+ export interface ActionGateVerificationIssue {
137
+ readonly code: ActionGateVerificationIssueCode;
138
+ readonly message: string;
139
+ }
140
+ export interface ActionGateVerificationResult {
141
+ readonly valid: boolean;
142
+ readonly issues: readonly ActionGateVerificationIssue[];
143
+ }
144
+ export interface ActionGateRecordDeliveryError {
145
+ readonly record_kind: 'decision' | 'outcome';
146
+ readonly record_hash: Sha256Uri;
147
+ readonly name: string;
148
+ readonly message: string;
149
+ }
150
+ export declare function runGatedAction<TResult>(input: RunGatedActionInput<TResult>): Promise<ActionGateRunResult<TResult>>;
151
+ export declare function buildActionGateDecisionEntry({ action, policy, timestamp, parent_record_hashes, }: {
152
+ readonly action: ActionGateActionEnvelope;
153
+ readonly policy: ActionGatePolicyDecision;
154
+ readonly timestamp: string;
155
+ readonly parent_record_hashes?: readonly Sha256Uri[];
156
+ }): ActionGateDecisionEntry;
157
+ export declare function buildActionGateOutcomeEntry({ status, run_id, action_id, decision_id, decision_record_hash, executed, timestamp, result, error, }: {
158
+ readonly status: ActionGateOutcomeStatus;
159
+ readonly run_id: string;
160
+ readonly action_id: string;
161
+ readonly decision_id: Sha256Uri;
162
+ readonly decision_record_hash: Sha256Uri;
163
+ readonly executed: boolean;
164
+ readonly timestamp: string;
165
+ readonly result?: unknown;
166
+ readonly error?: {
167
+ readonly name: string;
168
+ readonly message: string;
169
+ };
170
+ }): ActionGateOutcomeEntry;
171
+ export declare function signActionGateDecision({ entry, action, privateKey, contextId, serverUrl, chainTailHex, timestampMs, }: {
172
+ readonly entry: ActionGateDecisionEntry;
173
+ readonly action: ActionGateActionEnvelope;
174
+ readonly privateKey: Uint8Array;
175
+ readonly contextId: string;
176
+ readonly serverUrl?: string;
177
+ readonly chainTailHex?: string;
178
+ readonly timestampMs: number;
179
+ }): Promise<SignedActionGateDecision>;
180
+ export declare function signActionGateOutcome({ entry, action, privateKey, contextId, decisionRecordHash, serverUrl, chainTailHex, timestampMs, result, }: {
181
+ readonly entry: ActionGateOutcomeEntry;
182
+ readonly action: ActionGateActionEnvelope;
183
+ readonly privateKey: Uint8Array;
184
+ readonly contextId: string;
185
+ readonly decisionRecordHash: Sha256Uri;
186
+ readonly serverUrl?: string;
187
+ readonly chainTailHex?: string;
188
+ readonly timestampMs: number;
189
+ readonly result?: unknown;
190
+ }): Promise<SignedActionGateOutcome>;
191
+ export declare function verifyActionGateRun({ decision, outcome, }: {
192
+ readonly decision: SignedActionGateDecision;
193
+ readonly outcome: SignedActionGateOutcome;
194
+ }): Promise<ActionGateVerificationResult>;
195
+ export declare function digestCanonical(value: unknown): Sha256Uri;
196
+ export declare function hashCanonical(value: unknown): Sha256Uri;
197
+ export declare function recordHashFor(record: AtribRecord): Sha256Uri;
198
+ export declare function resolveActionGatePrivateKey(value?: Uint8Array | string): Uint8Array;
199
+ export {};
200
+ //# sourceMappingURL=index.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAiBA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAA;AAE7C,eAAO,MAAM,mCAAmC,EAC9C,sDAA+D,CAAA;AACjE,eAAO,MAAM,kCAAkC,EAC7C,qDAA8D,CAAA;AAChE,eAAO,MAAM,2BAA2B,EAAG,+BAAwC,CAAA;AACnF,eAAO,MAAM,0BAA0B,EAAG,8BAAuC,CAAA;AACjF,eAAO,MAAM,8BAA8B,EAAG,qBAA8B,CAAA;AAM5E,KAAK,YAAY,CAAC,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAA;AAErC,MAAM,MAAM,SAAS,GAAG,UAAU,MAAM,EAAE,CAAA;AAC1C,MAAM,MAAM,uBAAuB,GAAG,OAAO,GAAG,OAAO,GAAG,UAAU,GAAG,OAAO,CAAA;AAC9E,MAAM,MAAM,uBAAuB,GAAG,SAAS,GAAG,SAAS,GAAG,WAAW,GAAG,cAAc,CAAA;AAC1F,MAAM,MAAM,uBAAuB,GAC/B,UAAU,GACV,SAAS,GACT,WAAW,GACX,cAAc,GACd,iBAAiB,CAAA;AAErB,MAAM,WAAW,wBAAwB;IACvC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;IACvB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAA;IACxB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,CAAA;IACvB,QAAQ,CAAC,IAAI,CAAC,EAAE,SAAS,MAAM,EAAE,CAAA;IACjC,QAAQ,CAAC,oBAAoB,CAAC,EAAE,SAAS,SAAS,EAAE,CAAA;IACpD,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CACvC;AAED,MAAM,WAAW,mBAAmB;IAClC,QAAQ,CAAC,IAAI,EAAE,aAAa,GAAG,YAAY,GAAG,WAAW,GAAG,cAAc,CAAA;IAC1E,QAAQ,CAAC,cAAc,CAAC,EAAE,SAAS,CAAA;CACpC;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAA;IAC1B,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAA;IAC7B,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAA;CAChC;AAED,MAAM,WAAW,wBAAwB;IACvC,QAAQ,CAAC,OAAO,EAAE,uBAAuB,CAAA;IACzC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAA;IAC/B,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAA;IACxB,QAAQ,CAAC,SAAS,CAAC,EAAE,mBAAmB,CAAA;IACxC,QAAQ,CAAC,QAAQ,CAAC,EAAE,kBAAkB,CAAA;IACtC,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CAC3C;AAED,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,MAAM,EAAE,wBAAwB,CAAA;IACzC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;CAC3B;AAED,MAAM,WAAW,wBAAwB;IACvC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAA;IACxB,QAAQ,CAAC,OAAO,EAAE,uBAAuB,CAAA;IACzC,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAA;IACxB,QAAQ,CAAC,SAAS,EAAE,mBAAmB,CAAA;IACvC,QAAQ,CAAC,QAAQ,EAAE,kBAAkB,CAAA;IACrC,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CAC3C;AAED,MAAM,WAAW,uBAAuB;IACtC,QAAQ,CAAC,MAAM,EAAE,OAAO,2BAA2B,CAAA;IACnD,QAAQ,CAAC,WAAW,EAAE,SAAS,CAAA;IAC/B,QAAQ,CAAC,cAAc,EAAE,uBAAuB,CAAA;IAChD,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;IACvB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAA;IACxB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,WAAW,EAAE,SAAS,CAAA;IAC/B,QAAQ,CAAC,IAAI,EAAE,SAAS,MAAM,EAAE,CAAA;IAChC,QAAQ,CAAC,MAAM,EAAE,wBAAwB,CAAA;IACzC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,oBAAoB,EAAE,SAAS,SAAS,EAAE,CAAA;IACnD,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CACvC;AAED,MAAM,WAAW,sBAAsB;IACrC,QAAQ,CAAC,MAAM,EAAE,OAAO,0BAA0B,CAAA;IAClD,QAAQ,CAAC,UAAU,EAAE,SAAS,CAAA;IAC9B,QAAQ,CAAC,MAAM,EAAE,uBAAuB,CAAA;IACxC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;IACvB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,WAAW,EAAE,SAAS,CAAA;IAC/B,QAAQ,CAAC,oBAAoB,EAAE,SAAS,CAAA;IACxC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAA;IAC1B,QAAQ,CAAC,aAAa,CAAC,EAAE,SAAS,CAAA;IAClC,QAAQ,CAAC,KAAK,CAAC,EAAE;QAAE,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAA;IACpE,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;CAC3B;AAED,MAAM,WAAW,sBAAsB;IACrC,QAAQ,CAAC,OAAO,EAAE,oBAAoB,CAAA;IACtC,QAAQ,CAAC,WAAW,EAAE,UAAU,GAAG,SAAS,CAAA;IAC5C,QAAQ,CAAC,WAAW,EAAE,SAAS,CAAA;IAC/B,QAAQ,CAAC,MAAM,EAAE,wBAAwB,CAAA;IACzC,QAAQ,CAAC,QAAQ,CAAC,EAAE,uBAAuB,CAAA;IAC3C,QAAQ,CAAC,OAAO,CAAC,EAAE,sBAAsB,CAAA;IACzC,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,CAAA;IACvB,QAAQ,CAAC,MAAM,CAAC,EAAE,OAAO,CAAA;IACzB,QAAQ,CAAC,WAAW,EAAE,SAAS,SAAS,EAAE,CAAA;CAC3C;AAED,MAAM,WAAW,wBAAwB;IACvC,QAAQ,CAAC,MAAM,EAAE,WAAW,CAAA;IAC5B,QAAQ,CAAC,WAAW,EAAE,SAAS,CAAA;IAC/B,QAAQ,CAAC,KAAK,EAAE,uBAAuB,CAAA;IACvC,QAAQ,CAAC,OAAO,EAAE,sBAAsB,CAAA;CACzC;AAED,MAAM,WAAW,uBAAuB;IACtC,QAAQ,CAAC,MAAM,EAAE,WAAW,CAAA;IAC5B,QAAQ,CAAC,WAAW,EAAE,SAAS,CAAA;IAC/B,QAAQ,CAAC,KAAK,EAAE,sBAAsB,CAAA;IACtC,QAAQ,CAAC,OAAO,EAAE,sBAAsB,CAAA;CACzC;AAED,MAAM,WAAW,mBAAmB,CAAC,OAAO;IAC1C,QAAQ,CAAC,UAAU,CAAC,EAAE,UAAU,GAAG,MAAM,CAAA;IACzC,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAA;IAC3B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAA;IAC3B,QAAQ,CAAC,kBAAkB,CAAC,EAAE,SAAS,SAAS,EAAE,CAAA;IAClD,QAAQ,CAAC,MAAM,EAAE,wBAAwB,CAAA;IACzC,QAAQ,CAAC,QAAQ,EAAE,CAAC,KAAK,EAAE,qBAAqB,KAAK,YAAY,CAAC,wBAAwB,CAAC,CAAA;IAC3F,QAAQ,CAAC,OAAO,EAAE,MAAM,YAAY,CAAC,OAAO,CAAC,CAAA;IAC7C,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,MAAM,CAAA;IAC3B,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,sBAAsB,KAAK,YAAY,CAAC,IAAI,CAAC,CAAA;CACjG;AAED,MAAM,WAAW,mBAAmB,CAAC,OAAO;IAC1C,QAAQ,CAAC,KAAK,EAAE,uBAAuB,CAAA;IACvC,QAAQ,CAAC,eAAe,EAAE,OAAO,CAAA;IACjC,QAAQ,CAAC,QAAQ,EAAE,wBAAwB,CAAA;IAC3C,QAAQ,CAAC,OAAO,EAAE,uBAAuB,CAAA;IACzC,QAAQ,CAAC,cAAc,EAAE,SAAS,WAAW,EAAE,CAAA;IAC/C,QAAQ,CAAC,QAAQ,EAAE,SAAS,sBAAsB,EAAE,CAAA;IACpD,QAAQ,CAAC,YAAY,EAAE,4BAA4B,CAAA;IACnD,QAAQ,CAAC,sBAAsB,EAAE,SAAS,6BAA6B,EAAE,CAAA;IACzE,QAAQ,CAAC,MAAM,CAAC,EAAE,OAAO,CAAA;IACzB,QAAQ,CAAC,KAAK,CAAC,EAAE;QAAE,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAA;CACrE;AAED,MAAM,MAAM,+BAA+B,GACvC,4BAA4B,GAC5B,2BAA2B,GAC3B,gCAAgC,GAChC,+BAA+B,GAC/B,iCAAiC,GACjC,+BAA+B,GAC/B,sBAAsB,GACtB,iBAAiB,GACjB,oBAAoB,GACpB,yBAAyB,GACzB,2BAA2B,GAC3B,8BAA8B,GAC9B,yCAAyC,GACzC,iCAAiC,CAAA;AAErC,MAAM,WAAW,2BAA2B;IAC1C,QAAQ,CAAC,IAAI,EAAE,+BAA+B,CAAA;IAC9C,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAA;CACzB;AAED,MAAM,WAAW,4BAA4B;IAC3C,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAA;IACvB,QAAQ,CAAC,MAAM,EAAE,SAAS,2BAA2B,EAAE,CAAA;CACxD;AAED,MAAM,WAAW,6BAA6B;IAC5C,QAAQ,CAAC,WAAW,EAAE,UAAU,GAAG,SAAS,CAAA;IAC5C,QAAQ,CAAC,WAAW,EAAE,SAAS,CAAA;IAC/B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAA;CACzB;AAED,wBAAsB,cAAc,CAAC,OAAO,EAC1C,KAAK,EAAE,mBAAmB,CAAC,OAAO,CAAC,GAClC,OAAO,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC,CA+EvC;AAED,wBAAgB,4BAA4B,CAAC,EAC3C,MAAM,EACN,MAAM,EACN,SAAS,EACT,oBAAyB,GAC1B,EAAE;IACD,QAAQ,CAAC,MAAM,EAAE,wBAAwB,CAAA;IACzC,QAAQ,CAAC,MAAM,EAAE,wBAAwB,CAAA;IACzC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,oBAAoB,CAAC,EAAE,SAAS,SAAS,EAAE,CAAA;CACrD,GAAG,uBAAuB,CA8B1B;AAED,wBAAgB,2BAA2B,CAAC,EAC1C,MAAM,EACN,MAAM,EACN,SAAS,EACT,WAAW,EACX,oBAAoB,EACpB,QAAQ,EACR,SAAS,EACT,MAAM,EACN,KAAK,GACN,EAAE;IACD,QAAQ,CAAC,MAAM,EAAE,uBAAuB,CAAA;IACxC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;IACvB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,WAAW,EAAE,SAAS,CAAA;IAC/B,QAAQ,CAAC,oBAAoB,EAAE,SAAS,CAAA;IACxC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAA;IAC1B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,MAAM,CAAC,EAAE,OAAO,CAAA;IACzB,QAAQ,CAAC,KAAK,CAAC,EAAE;QAAE,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAA;CACrE,GAAG,sBAAsB,CAkBzB;AAED,wBAAsB,sBAAsB,CAAC,EAC3C,KAAK,EACL,MAAM,EACN,UAAU,EACV,SAAS,EACT,SAA0C,EAC1C,YAAY,EACZ,WAAW,GACZ,EAAE;IACD,QAAQ,CAAC,KAAK,EAAE,uBAAuB,CAAA;IACvC,QAAQ,CAAC,MAAM,EAAE,wBAAwB,CAAA;IACzC,QAAQ,CAAC,UAAU,EAAE,UAAU,CAAA;IAC/B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAA;IAC3B,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAA;IAC9B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;CAC7B,GAAG,OAAO,CAAC,wBAAwB,CAAC,CAkCpC;AAED,wBAAsB,qBAAqB,CAAC,EAC1C,KAAK,EACL,MAAM,EACN,UAAU,EACV,SAAS,EACT,kBAAkB,EAClB,SAA0C,EAC1C,YAAY,EACZ,WAAW,EACX,MAAM,GACP,EAAE;IACD,QAAQ,CAAC,KAAK,EAAE,sBAAsB,CAAA;IACtC,QAAQ,CAAC,MAAM,EAAE,wBAAwB,CAAA;IACzC,QAAQ,CAAC,UAAU,EAAE,UAAU,CAAA;IAC/B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,kBAAkB,EAAE,SAAS,CAAA;IACtC,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAA;IAC3B,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAA;IAC9B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;IAC5B,QAAQ,CAAC,MAAM,CAAC,EAAE,OAAO,CAAA;CAC1B,GAAG,OAAO,CAAC,uBAAuB,CAAC,CAgCnC;AAED,wBAAsB,mBAAmB,CAAC,EACxC,QAAQ,EACR,OAAO,GACR,EAAE;IACD,QAAQ,CAAC,QAAQ,EAAE,wBAAwB,CAAA;IAC3C,QAAQ,CAAC,OAAO,EAAE,uBAAuB,CAAA;CAC1C,GAAG,OAAO,CAAC,4BAA4B,CAAC,CAwGxC;AAED,wBAAgB,eAAe,CAAC,KAAK,EAAE,OAAO,GAAG,SAAS,CAEzD;AAED,wBAAgB,aAAa,CAAC,KAAK,EAAE,OAAO,GAAG,SAAS,CAIvD;AAED,wBAAgB,aAAa,CAAC,MAAM,EAAE,WAAW,GAAG,SAAS,CAE5D;AAED,wBAAgB,2BAA2B,CAAC,KAAK,CAAC,EAAE,UAAU,GAAG,MAAM,GAAG,UAAU,CAYnF"}
package/dist/index.js ADDED
@@ -0,0 +1,460 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ import { randomBytes } from 'node:crypto';
3
+ import canonicalize from 'canonicalize';
4
+ import { base64urlDecode, base64urlEncode, canonicalRecord, computeContentId, getPublicKey, hexDecode, hexEncode, resolveChainRoot, sha256, signRecord, verifyRecord, } from '@atrib/mcp';
5
+ export const ACTION_GATE_DECISION_EVENT_TYPE_URI = 'https://atrib.dev/v1/extensions/action-gate/decision';
6
+ export const ACTION_GATE_OUTCOME_EVENT_TYPE_URI = 'https://atrib.dev/v1/extensions/action-gate/outcome';
7
+ export const ACTION_GATE_DECISION_SCHEMA = 'atrib.action-gate.decision.v1';
8
+ export const ACTION_GATE_OUTCOME_SCHEMA = 'atrib.action-gate.outcome.v1';
9
+ export const DEFAULT_ACTION_GATE_SERVER_URL = 'action-gate://local';
10
+ const DECISION_TOOL_NAME = 'atrib.action_gate.decision';
11
+ const OUTCOME_TOOL_NAME = 'atrib.action_gate.outcome';
12
+ const encoder = new TextEncoder();
13
+ export async function runGatedAction(input) {
14
+ const recordDeliveryErrors = [];
15
+ const privateKey = resolveActionGatePrivateKey(input.privateKey);
16
+ const now = input.now ?? Date.now;
17
+ const contextId = input.contextId ?? randomContextId();
18
+ const serverUrl = input.serverUrl ?? DEFAULT_ACTION_GATE_SERVER_URL;
19
+ const timestampMs = now();
20
+ const timestamp = new Date(timestampMs).toISOString();
21
+ const parentRecordHashes = normalizeRecordHashes([
22
+ ...(input.parentRecordHashes ?? []),
23
+ ...(input.action.parent_record_hashes ?? []),
24
+ ]);
25
+ const policy = await resolvePolicyDecision({
26
+ evaluate: input.evaluate,
27
+ action: input.action,
28
+ timestamp,
29
+ });
30
+ const decisionEntry = buildActionGateDecisionEntry({
31
+ action: input.action,
32
+ policy,
33
+ timestamp,
34
+ parent_record_hashes: parentRecordHashes,
35
+ });
36
+ const decision = await signActionGateDecision({
37
+ entry: decisionEntry,
38
+ action: input.action,
39
+ privateKey,
40
+ contextId,
41
+ serverUrl,
42
+ timestampMs,
43
+ });
44
+ await notifyRecord(input.onRecord, decision.record, decision.sidecar, recordDeliveryErrors);
45
+ const outcomeInput = await resolveOutcomeInput({
46
+ state: decisionEntry.decision_state,
47
+ execute: input.execute,
48
+ });
49
+ const outcomeEntry = buildActionGateOutcomeEntry({
50
+ status: outcomeInput.status,
51
+ run_id: input.action.run_id,
52
+ action_id: input.action.action_id,
53
+ decision_id: decisionEntry.decision_id,
54
+ decision_record_hash: decision.record_hash,
55
+ executed: outcomeInput.executed,
56
+ timestamp: new Date(now()).toISOString(),
57
+ ...(outcomeInput.result !== undefined ? { result: outcomeInput.result } : {}),
58
+ ...(outcomeInput.error ? { error: outcomeInput.error } : {}),
59
+ });
60
+ const outcome = await signActionGateOutcome({
61
+ entry: outcomeEntry,
62
+ action: input.action,
63
+ privateKey,
64
+ contextId,
65
+ serverUrl,
66
+ decisionRecordHash: decision.record_hash,
67
+ chainTailHex: decision.record_hash.slice('sha256:'.length),
68
+ timestampMs: now(),
69
+ });
70
+ await notifyRecord(input.onRecord, outcome.record, outcome.sidecar, recordDeliveryErrors);
71
+ const verification = await verifyActionGateRun({ decision, outcome });
72
+ const base = {
73
+ state: decisionEntry.decision_state,
74
+ action_executed: outcomeEntry.executed,
75
+ decision,
76
+ outcome,
77
+ signed_records: [decision.record, outcome.record],
78
+ sidecars: [decision.sidecar, outcome.sidecar],
79
+ verification,
80
+ record_delivery_errors: recordDeliveryErrors,
81
+ };
82
+ if (outcomeInput.status === 'executed') {
83
+ return { ...base, result: outcomeInput.result };
84
+ }
85
+ if (outcomeInput.status === 'execution_error' && outcomeInput.error) {
86
+ return { ...base, error: outcomeInput.error };
87
+ }
88
+ return base;
89
+ }
90
+ export function buildActionGateDecisionEntry({ action, policy, timestamp, parent_record_hashes = [], }) {
91
+ const decisionState = decisionStateFromPolicy(policy.outcome);
92
+ const entryWithoutId = {
93
+ schema: ACTION_GATE_DECISION_SCHEMA,
94
+ decision_state: decisionState,
95
+ run_id: action.run_id,
96
+ action_id: action.action_id,
97
+ agent_id: action.agent_id,
98
+ surface: action.surface,
99
+ tool_name: action.tool_name,
100
+ args_digest: digestCanonical(action.args ?? {}),
101
+ risk: [...(action.risk ?? [])].sort(),
102
+ policy: {
103
+ policy_id: policy.policy_id,
104
+ version: policy.policy_version,
105
+ outcome: policy.outcome,
106
+ ...(policy.reason ? { reason: policy.reason } : {}),
107
+ authority: policy.authority ?? { mode: 'host-policy' },
108
+ approval: policy.approval ?? { required: policy.outcome === 'escalate' },
109
+ ...(policy.evidence ? { evidence: sortedRecord(policy.evidence) } : {}),
110
+ },
111
+ timestamp,
112
+ parent_record_hashes: normalizeRecordHashes(parent_record_hashes),
113
+ ...(action.refs ? { refs: sortedRecord(action.refs) } : {}),
114
+ };
115
+ return {
116
+ ...entryWithoutId,
117
+ decision_id: digestCanonical(entryWithoutId),
118
+ };
119
+ }
120
+ export function buildActionGateOutcomeEntry({ status, run_id, action_id, decision_id, decision_record_hash, executed, timestamp, result, error, }) {
121
+ const entryWithoutId = {
122
+ schema: ACTION_GATE_OUTCOME_SCHEMA,
123
+ status,
124
+ run_id,
125
+ action_id,
126
+ decision_id,
127
+ decision_record_hash,
128
+ executed,
129
+ ...(result !== undefined ? { result_digest: digestCanonical(result) } : {}),
130
+ ...(error ? { error } : {}),
131
+ timestamp,
132
+ };
133
+ return {
134
+ ...entryWithoutId,
135
+ outcome_id: digestCanonical(entryWithoutId),
136
+ };
137
+ }
138
+ export async function signActionGateDecision({ entry, action, privateKey, contextId, serverUrl = DEFAULT_ACTION_GATE_SERVER_URL, chainTailHex, timestampMs, }) {
139
+ const creatorKey = base64urlEncode(await getPublicKey(privateKey));
140
+ const record = {
141
+ spec_version: 'atrib/1.0',
142
+ content_id: computeContentId(serverUrl, `${DECISION_TOOL_NAME}.${entry.decision_state}`),
143
+ creator_key: creatorKey,
144
+ chain_root: resolveChainRoot({ contextId, autoChainTailHex: chainTailHex }),
145
+ event_type: ACTION_GATE_DECISION_EVENT_TYPE_URI,
146
+ context_id: contextId,
147
+ timestamp: timestampMs,
148
+ signature: '',
149
+ args_hash: hashCanonical(decisionSubject(entry)),
150
+ result_hash: hashCanonical(decisionResult(entry)),
151
+ tool_name: `${DECISION_TOOL_NAME}.${entry.decision_state}`,
152
+ ...(entry.parent_record_hashes.length > 0
153
+ ? { informed_by: [...entry.parent_record_hashes] }
154
+ : {}),
155
+ };
156
+ const signed = await signRecord(record, privateKey);
157
+ const recordHash = recordHashFor(signed);
158
+ return {
159
+ record: signed,
160
+ record_hash: recordHash,
161
+ entry,
162
+ sidecar: {
163
+ package: '@atrib/action-gate',
164
+ record_kind: 'decision',
165
+ record_hash: recordHash,
166
+ action,
167
+ decision: entry,
168
+ args: snapshotCanonical(action.args ?? {}),
169
+ informed_by: entry.parent_record_hashes,
170
+ },
171
+ };
172
+ }
173
+ export async function signActionGateOutcome({ entry, action, privateKey, contextId, decisionRecordHash, serverUrl = DEFAULT_ACTION_GATE_SERVER_URL, chainTailHex, timestampMs, result, }) {
174
+ const creatorKey = base64urlEncode(await getPublicKey(privateKey));
175
+ const record = {
176
+ spec_version: 'atrib/1.0',
177
+ content_id: computeContentId(serverUrl, `${OUTCOME_TOOL_NAME}.${entry.status}`),
178
+ creator_key: creatorKey,
179
+ chain_root: resolveChainRoot({ contextId, autoChainTailHex: chainTailHex }),
180
+ event_type: ACTION_GATE_OUTCOME_EVENT_TYPE_URI,
181
+ context_id: contextId,
182
+ timestamp: timestampMs,
183
+ signature: '',
184
+ args_hash: hashCanonical(outcomeSubject(entry)),
185
+ result_hash: hashCanonical(outcomeResult(entry)),
186
+ tool_name: `${OUTCOME_TOOL_NAME}.${entry.status}`,
187
+ informed_by: [decisionRecordHash],
188
+ };
189
+ const signed = await signRecord(record, privateKey);
190
+ const recordHash = recordHashFor(signed);
191
+ return {
192
+ record: signed,
193
+ record_hash: recordHash,
194
+ entry,
195
+ sidecar: {
196
+ package: '@atrib/action-gate',
197
+ record_kind: 'outcome',
198
+ record_hash: recordHash,
199
+ action,
200
+ outcome: entry,
201
+ ...(result !== undefined ? { result: snapshotCanonical(result) } : {}),
202
+ informed_by: [decisionRecordHash],
203
+ },
204
+ };
205
+ }
206
+ export async function verifyActionGateRun({ decision, outcome, }) {
207
+ const issues = [];
208
+ const decisionOk = await verifyRecord(decision.record);
209
+ const outcomeOk = await verifyRecord(outcome.record);
210
+ if (!decisionOk) {
211
+ issues.push({
212
+ code: 'decision_signature_invalid',
213
+ message: 'decision record signature failed verification',
214
+ });
215
+ }
216
+ if (!outcomeOk) {
217
+ issues.push({
218
+ code: 'outcome_signature_invalid',
219
+ message: 'outcome record signature failed verification',
220
+ });
221
+ }
222
+ if (decision.record_hash !== recordHashFor(decision.record)) {
223
+ issues.push({
224
+ code: 'decision_sidecar_hash_mismatch',
225
+ message: 'decision record_hash does not match signed bytes',
226
+ });
227
+ }
228
+ if (outcome.record_hash !== recordHashFor(outcome.record)) {
229
+ issues.push({
230
+ code: 'outcome_sidecar_hash_mismatch',
231
+ message: 'outcome record_hash does not match signed bytes',
232
+ });
233
+ }
234
+ if (!outcome.record.informed_by?.includes(decision.record_hash)) {
235
+ issues.push({
236
+ code: 'outcome_missing_decision_parent',
237
+ message: 'outcome record does not cite the decision record',
238
+ });
239
+ }
240
+ if (outcome.entry.decision_record_hash !== decision.record_hash) {
241
+ issues.push({
242
+ code: 'decision_record_hash_mismatch',
243
+ message: 'outcome entry points at a different decision record hash',
244
+ });
245
+ }
246
+ if (outcome.entry.decision_id !== decision.entry.decision_id) {
247
+ issues.push({
248
+ code: 'decision_id_mismatch',
249
+ message: 'outcome entry points at a different decision id',
250
+ });
251
+ }
252
+ if (outcome.entry.run_id !== decision.entry.run_id) {
253
+ issues.push({ code: 'run_id_mismatch', message: 'run id drifted between records' });
254
+ }
255
+ if (outcome.entry.action_id !== decision.entry.action_id) {
256
+ issues.push({
257
+ code: 'action_id_mismatch',
258
+ message: 'action id drifted between records',
259
+ });
260
+ }
261
+ const state = decision.entry.decision_state;
262
+ if (state === 'allowed' && !['executed', 'execution_error'].includes(outcome.entry.status)) {
263
+ issues.push({
264
+ code: 'allowed_action_missing_execution_status',
265
+ message: 'allowed decisions must end in executed or execution_error',
266
+ });
267
+ }
268
+ if (state === 'blocked') {
269
+ if (outcome.entry.executed) {
270
+ issues.push({ code: 'blocked_action_executed', message: 'blocked action executed' });
271
+ }
272
+ if (outcome.entry.status !== 'blocked') {
273
+ issues.push({
274
+ code: 'closed_decision_status_mismatch',
275
+ message: 'blocked decision did not produce blocked outcome',
276
+ });
277
+ }
278
+ }
279
+ if (state === 'escalated') {
280
+ if (outcome.entry.executed) {
281
+ issues.push({
282
+ code: 'escalated_action_executed',
283
+ message: 'escalated action executed before approval',
284
+ });
285
+ }
286
+ if (outcome.entry.status !== 'escalated') {
287
+ issues.push({
288
+ code: 'closed_decision_status_mismatch',
289
+ message: 'escalated decision did not produce escalated outcome',
290
+ });
291
+ }
292
+ }
293
+ if (state === 'policy_error') {
294
+ if (outcome.entry.executed) {
295
+ issues.push({
296
+ code: 'policy_error_action_executed',
297
+ message: 'policy-error action executed',
298
+ });
299
+ }
300
+ if (outcome.entry.status !== 'policy_error') {
301
+ issues.push({
302
+ code: 'closed_decision_status_mismatch',
303
+ message: 'policy-error decision did not produce policy_error outcome',
304
+ });
305
+ }
306
+ }
307
+ return { valid: issues.length === 0, issues };
308
+ }
309
+ export function digestCanonical(value) {
310
+ return hashCanonical(value);
311
+ }
312
+ export function hashCanonical(value) {
313
+ const json = canonicalize(value);
314
+ if (json === undefined)
315
+ throw new Error('failed to canonicalize action-gate material');
316
+ return `sha256:${hexEncode(sha256(encoder.encode(json)))}`;
317
+ }
318
+ export function recordHashFor(record) {
319
+ return `sha256:${hexEncode(sha256(canonicalRecord(record)))}`;
320
+ }
321
+ export function resolveActionGatePrivateKey(value) {
322
+ const raw = value ?? (typeof process !== 'undefined' ? process.env.ATRIB_PRIVATE_KEY : undefined);
323
+ if (raw instanceof Uint8Array) {
324
+ if (raw.length !== 32)
325
+ throw new Error('Action Gate privateKey must be 32 bytes');
326
+ return new Uint8Array(raw);
327
+ }
328
+ if (typeof raw !== 'string' || raw.length === 0) {
329
+ throw new Error('provide privateKey or set ATRIB_PRIVATE_KEY');
330
+ }
331
+ const decoded = /^[0-9a-f]{64}$/u.test(raw) ? hexDecode(raw) : base64urlDecode(raw);
332
+ if (decoded.length !== 32)
333
+ throw new Error('Action Gate privateKey must be 32 bytes');
334
+ return decoded;
335
+ }
336
+ function decisionStateFromPolicy(outcome) {
337
+ if (outcome === 'allow')
338
+ return 'allowed';
339
+ if (outcome === 'block')
340
+ return 'blocked';
341
+ if (outcome === 'escalate')
342
+ return 'escalated';
343
+ return 'policy_error';
344
+ }
345
+ async function resolveOutcomeInput({ state, execute, }) {
346
+ if (state === 'blocked')
347
+ return { status: 'blocked', executed: false };
348
+ if (state === 'escalated')
349
+ return { status: 'escalated', executed: false };
350
+ if (state === 'policy_error')
351
+ return { status: 'policy_error', executed: false };
352
+ try {
353
+ return { status: 'executed', executed: true, result: await execute() };
354
+ }
355
+ catch (error) {
356
+ return { status: 'execution_error', executed: true, error: normalizeError(error) };
357
+ }
358
+ }
359
+ async function resolvePolicyDecision({ evaluate, action, timestamp, }) {
360
+ try {
361
+ return await evaluate({ action, timestamp });
362
+ }
363
+ catch (error) {
364
+ const normalized = normalizeError(error);
365
+ return {
366
+ outcome: 'error',
367
+ policy_id: 'action-gate-policy-evaluator',
368
+ policy_version: 'error',
369
+ reason: `policy evaluator failed: ${normalized.name}: ${normalized.message}`,
370
+ authority: { mode: 'host-policy' },
371
+ approval: { required: false },
372
+ };
373
+ }
374
+ }
375
+ function decisionSubject(entry) {
376
+ return {
377
+ schema: entry.schema,
378
+ decision_id: entry.decision_id,
379
+ run_id: entry.run_id,
380
+ action_id: entry.action_id,
381
+ agent_id: entry.agent_id,
382
+ surface: entry.surface,
383
+ tool_name: entry.tool_name,
384
+ args_digest: entry.args_digest,
385
+ };
386
+ }
387
+ function decisionResult(entry) {
388
+ return {
389
+ decision_state: entry.decision_state,
390
+ risk: entry.risk,
391
+ policy: entry.policy,
392
+ parent_record_hashes: entry.parent_record_hashes,
393
+ refs: entry.refs ?? {},
394
+ };
395
+ }
396
+ function outcomeSubject(entry) {
397
+ return {
398
+ schema: entry.schema,
399
+ outcome_id: entry.outcome_id,
400
+ run_id: entry.run_id,
401
+ action_id: entry.action_id,
402
+ decision_id: entry.decision_id,
403
+ decision_record_hash: entry.decision_record_hash,
404
+ };
405
+ }
406
+ function outcomeResult(entry) {
407
+ return {
408
+ status: entry.status,
409
+ executed: entry.executed,
410
+ result_digest: entry.result_digest ?? null,
411
+ error: entry.error ?? null,
412
+ };
413
+ }
414
+ function snapshotCanonical(value) {
415
+ try {
416
+ const json = canonicalize(value);
417
+ if (json === undefined)
418
+ return undefined;
419
+ return JSON.parse(json);
420
+ }
421
+ catch {
422
+ return undefined;
423
+ }
424
+ }
425
+ async function notifyRecord(onRecord, record, sidecar, errors) {
426
+ if (!onRecord)
427
+ return;
428
+ try {
429
+ await onRecord(record, sidecar);
430
+ }
431
+ catch (error) {
432
+ errors.push({
433
+ record_kind: sidecar.record_kind,
434
+ record_hash: sidecar.record_hash,
435
+ ...normalizeError(error),
436
+ });
437
+ }
438
+ }
439
+ function sortedRecord(input) {
440
+ return Object.fromEntries(Object.entries(input).sort(([left], [right]) => left.localeCompare(right)));
441
+ }
442
+ function normalizeRecordHashes(values) {
443
+ const unique = new Set();
444
+ for (const value of values) {
445
+ if (!/^sha256:[0-9a-f]{64}$/u.test(value)) {
446
+ throw new Error('record hashes must be sha256:<64 lowercase hex>');
447
+ }
448
+ unique.add(value);
449
+ }
450
+ return [...unique].sort();
451
+ }
452
+ function randomContextId() {
453
+ return randomBytes(16).toString('hex');
454
+ }
455
+ function normalizeError(error) {
456
+ if (error instanceof Error)
457
+ return { name: error.name, message: error.message };
458
+ return { name: 'Error', message: String(error) };
459
+ }
460
+ //# sourceMappingURL=index.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,sCAAsC;AAEtC,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AACzC,OAAO,YAAY,MAAM,cAAc,CAAA;AACvC,OAAO,EACL,eAAe,EACf,eAAe,EACf,eAAe,EACf,gBAAgB,EAChB,YAAY,EACZ,SAAS,EACT,SAAS,EACT,gBAAgB,EAChB,MAAM,EACN,UAAU,EACV,YAAY,GACb,MAAM,YAAY,CAAA;AAGnB,MAAM,CAAC,MAAM,mCAAmC,GAC9C,sDAA+D,CAAA;AACjE,MAAM,CAAC,MAAM,kCAAkC,GAC7C,qDAA8D,CAAA;AAChE,MAAM,CAAC,MAAM,2BAA2B,GAAG,+BAAwC,CAAA;AACnF,MAAM,CAAC,MAAM,0BAA0B,GAAG,8BAAuC,CAAA;AACjF,MAAM,CAAC,MAAM,8BAA8B,GAAG,qBAA8B,CAAA;AAE5E,MAAM,kBAAkB,GAAG,4BAA4B,CAAA;AACvD,MAAM,iBAAiB,GAAG,2BAA2B,CAAA;AACrD,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAA;AAiLjC,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,KAAmC;IAEnC,MAAM,oBAAoB,GAAoC,EAAE,CAAA;IAChE,MAAM,UAAU,GAAG,2BAA2B,CAAC,KAAK,CAAC,UAAU,CAAC,CAAA;IAChE,MAAM,GAAG,GAAG,KAAK,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,CAAA;IACjC,MAAM,SAAS,GAAG,KAAK,CAAC,SAAS,IAAI,eAAe,EAAE,CAAA;IACtD,MAAM,SAAS,GAAG,KAAK,CAAC,SAAS,IAAI,8BAA8B,CAAA;IACnE,MAAM,WAAW,GAAG,GAAG,EAAE,CAAA;IACzB,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,WAAW,CAAC,CAAC,WAAW,EAAE,CAAA;IACrD,MAAM,kBAAkB,GAAG,qBAAqB,CAAC;QAC/C,GAAG,CAAC,KAAK,CAAC,kBAAkB,IAAI,EAAE,CAAC;QACnC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,oBAAoB,IAAI,EAAE,CAAC;KAC7C,CAAC,CAAA;IACF,MAAM,MAAM,GAAG,MAAM,qBAAqB,CAAC;QACzC,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,MAAM,EAAE,KAAK,CAAC,MAAM;QACpB,SAAS;KACV,CAAC,CAAA;IACF,MAAM,aAAa,GAAG,4BAA4B,CAAC;QACjD,MAAM,EAAE,KAAK,CAAC,MAAM;QACpB,MAAM;QACN,SAAS;QACT,oBAAoB,EAAE,kBAAkB;KACzC,CAAC,CAAA;IACF,MAAM,QAAQ,GAAG,MAAM,sBAAsB,CAAC;QAC5C,KAAK,EAAE,aAAa;QACpB,MAAM,EAAE,KAAK,CAAC,MAAM;QACpB,UAAU;QACV,SAAS;QACT,SAAS;QACT,WAAW;KACZ,CAAC,CAAA;IACF,MAAM,YAAY,CAAC,KAAK,CAAC,QAAQ,EAAE,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,OAAO,EAAE,oBAAoB,CAAC,CAAA;IAE3F,MAAM,YAAY,GAAG,MAAM,mBAAmB,CAAC;QAC7C,KAAK,EAAE,aAAa,CAAC,cAAc;QACnC,OAAO,EAAE,KAAK,CAAC,OAAO;KACvB,CAAC,CAAA;IACF,MAAM,YAAY,GAAG,2BAA2B,CAAC;QAC/C,MAAM,EAAE,YAAY,CAAC,MAAM;QAC3B,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM;QAC3B,SAAS,EAAE,KAAK,CAAC,MAAM,CAAC,SAAS;QACjC,WAAW,EAAE,aAAa,CAAC,WAAW;QACtC,oBAAoB,EAAE,QAAQ,CAAC,WAAW;QAC1C,QAAQ,EAAE,YAAY,CAAC,QAAQ;QAC/B,SAAS,EAAE,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,WAAW,EAAE;QACxC,GAAG,CAAC,YAAY,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC7E,GAAG,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC7D,CAAC,CAAA;IACF,MAAM,OAAO,GAAG,MAAM,qBAAqB,CAAC;QAC1C,KAAK,EAAE,YAAY;QACnB,MAAM,EAAE,KAAK,CAAC,MAAM;QACpB,UAAU;QACV,SAAS;QACT,SAAS;QACT,kBAAkB,EAAE,QAAQ,CAAC,WAAW;QACxC,YAAY,EAAE,QAAQ,CAAC,WAAW,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC;QAC1D,WAAW,EAAE,GAAG,EAAE;KACnB,CAAC,CAAA;IACF,MAAM,YAAY,CAAC,KAAK,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,OAAO,EAAE,oBAAoB,CAAC,CAAA;IAEzF,MAAM,YAAY,GAAG,MAAM,mBAAmB,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAA;IACrE,MAAM,IAAI,GAAG;QACX,KAAK,EAAE,aAAa,CAAC,cAAc;QACnC,eAAe,EAAE,YAAY,CAAC,QAAQ;QACtC,QAAQ;QACR,OAAO;QACP,cAAc,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC;QACjD,QAAQ,EAAE,CAAC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC;QAC7C,YAAY;QACZ,sBAAsB,EAAE,oBAAoB;KACoB,CAAA;IAElE,IAAI,YAAY,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;QACvC,OAAO,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,YAAY,CAAC,MAAiB,EAAE,CAAA;IAC5D,CAAC;IACD,IAAI,YAAY,CAAC,MAAM,KAAK,iBAAiB,IAAI,YAAY,CAAC,KAAK,EAAE,CAAC;QACpE,OAAO,EAAE,GAAG,IAAI,EAAE,KAAK,EAAE,YAAY,CAAC,KAAK,EAAE,CAAA;IAC/C,CAAC;IACD,OAAO,IAAI,CAAA;AACb,CAAC;AAED,MAAM,UAAU,4BAA4B,CAAC,EAC3C,MAAM,EACN,MAAM,EACN,SAAS,EACT,oBAAoB,GAAG,EAAE,GAM1B;IACC,MAAM,aAAa,GAAG,uBAAuB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;IAC7D,MAAM,cAAc,GAAG;QACrB,MAAM,EAAE,2BAA2B;QACnC,cAAc,EAAE,aAAa;QAC7B,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,WAAW,EAAE,eAAe,CAAC,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;QAC/C,IAAI,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE;QACrC,MAAM,EAAE;YACN,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,OAAO,EAAE,MAAM,CAAC,cAAc;YAC9B,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACnD,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,EAAE,IAAI,EAAE,aAAa,EAAE;YACtD,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,EAAE,QAAQ,EAAE,MAAM,CAAC,OAAO,KAAK,UAAU,EAAE;YACxE,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,YAAY,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACxE;QACD,SAAS;QACT,oBAAoB,EAAE,qBAAqB,CAAC,oBAAoB,CAAC;QACjE,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,YAAY,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACL,CAAA;IAExD,OAAO;QACL,GAAG,cAAc;QACjB,WAAW,EAAE,eAAe,CAAC,cAAc,CAAC;KAC7C,CAAA;AACH,CAAC;AAED,MAAM,UAAU,2BAA2B,CAAC,EAC1C,MAAM,EACN,MAAM,EACN,SAAS,EACT,WAAW,EACX,oBAAoB,EACpB,QAAQ,EACR,SAAS,EACT,MAAM,EACN,KAAK,GAWN;IACC,MAAM,cAAc,GAAG;QACrB,MAAM,EAAE,0BAA0B;QAClC,MAAM;QACN,MAAM;QACN,SAAS;QACT,WAAW;QACX,oBAAoB;QACpB,QAAQ;QACR,GAAG,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC3E,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC3B,SAAS;KAC2C,CAAA;IAEtD,OAAO;QACL,GAAG,cAAc;QACjB,UAAU,EAAE,eAAe,CAAC,cAAc,CAAC;KAC5C,CAAA;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAAC,EAC3C,KAAK,EACL,MAAM,EACN,UAAU,EACV,SAAS,EACT,SAAS,GAAG,8BAA8B,EAC1C,YAAY,EACZ,WAAW,GASZ;IACC,MAAM,UAAU,GAAG,eAAe,CAAC,MAAM,YAAY,CAAC,UAAU,CAAC,CAAC,CAAA;IAClE,MAAM,MAAM,GAAgB;QAC1B,YAAY,EAAE,WAAW;QACzB,UAAU,EAAE,gBAAgB,CAAC,SAAS,EAAE,GAAG,kBAAkB,IAAI,KAAK,CAAC,cAAc,EAAE,CAAC;QACxF,WAAW,EAAE,UAAU;QACvB,UAAU,EAAE,gBAAgB,CAAC,EAAE,SAAS,EAAE,gBAAgB,EAAE,YAAY,EAAE,CAAC;QAC3E,UAAU,EAAE,mCAAmC;QAC/C,UAAU,EAAE,SAAS;QACrB,SAAS,EAAE,WAAW;QACtB,SAAS,EAAE,EAAE;QACb,SAAS,EAAE,aAAa,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;QAChD,WAAW,EAAE,aAAa,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;QACjD,SAAS,EAAE,GAAG,kBAAkB,IAAI,KAAK,CAAC,cAAc,EAAE;QAC1D,GAAG,CAAC,KAAK,CAAC,oBAAoB,CAAC,MAAM,GAAG,CAAC;YACvC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,GAAG,KAAK,CAAC,oBAAoB,CAAC,EAAE;YAClD,CAAC,CAAC,EAAE,CAAC;KACR,CAAA;IACD,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,MAAM,EAAE,UAAU,CAAC,CAAA;IACnD,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,CAAA;IACxC,OAAO;QACL,MAAM,EAAE,MAAM;QACd,WAAW,EAAE,UAAU;QACvB,KAAK;QACL,OAAO,EAAE;YACP,OAAO,EAAE,oBAAoB;YAC7B,WAAW,EAAE,UAAU;YACvB,WAAW,EAAE,UAAU;YACvB,MAAM;YACN,QAAQ,EAAE,KAAK;YACf,IAAI,EAAE,iBAAiB,CAAC,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;YAC1C,WAAW,EAAE,KAAK,CAAC,oBAAoB;SACxC;KACF,CAAA;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,EAC1C,KAAK,EACL,MAAM,EACN,UAAU,EACV,SAAS,EACT,kBAAkB,EAClB,SAAS,GAAG,8BAA8B,EAC1C,YAAY,EACZ,WAAW,EACX,MAAM,GAWP;IACC,MAAM,UAAU,GAAG,eAAe,CAAC,MAAM,YAAY,CAAC,UAAU,CAAC,CAAC,CAAA;IAClE,MAAM,MAAM,GAAgB;QAC1B,YAAY,EAAE,WAAW;QACzB,UAAU,EAAE,gBAAgB,CAAC,SAAS,EAAE,GAAG,iBAAiB,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;QAC/E,WAAW,EAAE,UAAU;QACvB,UAAU,EAAE,gBAAgB,CAAC,EAAE,SAAS,EAAE,gBAAgB,EAAE,YAAY,EAAE,CAAC;QAC3E,UAAU,EAAE,kCAAkC;QAC9C,UAAU,EAAE,SAAS;QACrB,SAAS,EAAE,WAAW;QACtB,SAAS,EAAE,EAAE;QACb,SAAS,EAAE,aAAa,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;QAC/C,WAAW,EAAE,aAAa,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;QAChD,SAAS,EAAE,GAAG,iBAAiB,IAAI,KAAK,CAAC,MAAM,EAAE;QACjD,WAAW,EAAE,CAAC,kBAAkB,CAAC;KAClC,CAAA;IACD,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,MAAM,EAAE,UAAU,CAAC,CAAA;IACnD,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,CAAA;IACxC,OAAO;QACL,MAAM,EAAE,MAAM;QACd,WAAW,EAAE,UAAU;QACvB,KAAK;QACL,OAAO,EAAE;YACP,OAAO,EAAE,oBAAoB;YAC7B,WAAW,EAAE,SAAS;YACtB,WAAW,EAAE,UAAU;YACvB,MAAM;YACN,OAAO,EAAE,KAAK;YACd,GAAG,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,iBAAiB,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACtE,WAAW,EAAE,CAAC,kBAAkB,CAAC;SAClC;KACF,CAAA;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,EACxC,QAAQ,EACR,OAAO,GAIR;IACC,MAAM,MAAM,GAAkC,EAAE,CAAA;IAChD,MAAM,UAAU,GAAG,MAAM,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;IACtD,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,MAAM,CAAC,CAAA;IACpD,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,4BAA4B;YAClC,OAAO,EAAE,+CAA+C;SACzD,CAAC,CAAA;IACJ,CAAC;IACD,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,2BAA2B;YACjC,OAAO,EAAE,8CAA8C;SACxD,CAAC,CAAA;IACJ,CAAC;IACD,IAAI,QAAQ,CAAC,WAAW,KAAK,aAAa,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QAC5D,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,gCAAgC;YACtC,OAAO,EAAE,kDAAkD;SAC5D,CAAC,CAAA;IACJ,CAAC;IACD,IAAI,OAAO,CAAC,WAAW,KAAK,aAAa,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAC1D,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,+BAA+B;YACrC,OAAO,EAAE,iDAAiD;SAC3D,CAAC,CAAA;IACJ,CAAC;IACD,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;QAChE,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,iCAAiC;YACvC,OAAO,EAAE,kDAAkD;SAC5D,CAAC,CAAA;IACJ,CAAC;IACD,IAAI,OAAO,CAAC,KAAK,CAAC,oBAAoB,KAAK,QAAQ,CAAC,WAAW,EAAE,CAAC;QAChE,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,+BAA+B;YACrC,OAAO,EAAE,0DAA0D;SACpE,CAAC,CAAA;IACJ,CAAC;IACD,IAAI,OAAO,CAAC,KAAK,CAAC,WAAW,KAAK,QAAQ,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;QAC7D,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,sBAAsB;YAC5B,OAAO,EAAE,iDAAiD;SAC3D,CAAC,CAAA;IACJ,CAAC;IACD,IAAI,OAAO,CAAC,KAAK,CAAC,MAAM,KAAK,QAAQ,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;QACnD,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,iBAAiB,EAAE,OAAO,EAAE,gCAAgC,EAAE,CAAC,CAAA;IACrF,CAAC;IACD,IAAI,OAAO,CAAC,KAAK,CAAC,SAAS,KAAK,QAAQ,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC;QACzD,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,oBAAoB;YAC1B,OAAO,EAAE,mCAAmC;SAC7C,CAAC,CAAA;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,cAAc,CAAA;IAC3C,IAAI,KAAK,KAAK,SAAS,IAAI,CAAC,CAAC,UAAU,EAAE,iBAAiB,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;QAC3F,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,yCAAyC;YAC/C,OAAO,EAAE,2DAA2D;SACrE,CAAC,CAAA;IACJ,CAAC;IACD,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QACxB,IAAI,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;YAC3B,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,yBAAyB,EAAE,OAAO,EAAE,yBAAyB,EAAE,CAAC,CAAA;QACtF,CAAC;QACD,IAAI,OAAO,CAAC,KAAK,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YACvC,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,iCAAiC;gBACvC,OAAO,EAAE,kDAAkD;aAC5D,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IACD,IAAI,KAAK,KAAK,WAAW,EAAE,CAAC;QAC1B,IAAI,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;YAC3B,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,2BAA2B;gBACjC,OAAO,EAAE,2CAA2C;aACrD,CAAC,CAAA;QACJ,CAAC;QACD,IAAI,OAAO,CAAC,KAAK,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;YACzC,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,iCAAiC;gBACvC,OAAO,EAAE,sDAAsD;aAChE,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IACD,IAAI,KAAK,KAAK,cAAc,EAAE,CAAC;QAC7B,IAAI,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;YAC3B,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,8BAA8B;gBACpC,OAAO,EAAE,8BAA8B;aACxC,CAAC,CAAA;QACJ,CAAC;QACD,IAAI,OAAO,CAAC,KAAK,CAAC,MAAM,KAAK,cAAc,EAAE,CAAC;YAC5C,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,iCAAiC;gBACvC,OAAO,EAAE,4DAA4D;aACtE,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,MAAM,EAAE,CAAA;AAC/C,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,KAAc;IAC5C,OAAO,aAAa,CAAC,KAAK,CAAC,CAAA;AAC7B,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,KAAc;IAC1C,MAAM,IAAI,GAAG,YAAY,CAAC,KAAK,CAAC,CAAA;IAChC,IAAI,IAAI,KAAK,SAAS;QAAE,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAA;IACtF,OAAO,UAAU,SAAS,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAA;AAC5D,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,MAAmB;IAC/C,OAAO,UAAU,SAAS,CAAC,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAA;AAC/D,CAAC;AAED,MAAM,UAAU,2BAA2B,CAAC,KAA2B;IACrE,MAAM,GAAG,GAAG,KAAK,IAAI,CAAC,OAAO,OAAO,KAAK,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC,CAAA;IACjG,IAAI,GAAG,YAAY,UAAU,EAAE,CAAC;QAC9B,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAA;QACjF,OAAO,IAAI,UAAU,CAAC,GAAG,CAAC,CAAA;IAC5B,CAAC;IACD,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChD,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAA;IAChE,CAAC;IACD,MAAM,OAAO,GAAG,iBAAiB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,GAAG,CAAC,CAAA;IACnF,IAAI,OAAO,CAAC,MAAM,KAAK,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAA;IACrF,OAAO,OAAO,CAAA;AAChB,CAAC;AAED,SAAS,uBAAuB,CAAC,OAAgC;IAC/D,IAAI,OAAO,KAAK,OAAO;QAAE,OAAO,SAAS,CAAA;IACzC,IAAI,OAAO,KAAK,OAAO;QAAE,OAAO,SAAS,CAAA;IACzC,IAAI,OAAO,KAAK,UAAU;QAAE,OAAO,WAAW,CAAA;IAC9C,OAAO,cAAc,CAAA;AACvB,CAAC;AAED,KAAK,UAAU,mBAAmB,CAAU,EAC1C,KAAK,EACL,OAAO,GAIR;IAMC,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAA;IACtE,IAAI,KAAK,KAAK,WAAW;QAAE,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAA;IAC1E,IAAI,KAAK,KAAK,cAAc;QAAE,OAAO,EAAE,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAA;IAChF,IAAI,CAAC;QACH,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,OAAO,EAAE,EAAE,CAAA;IACxE,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,EAAE,MAAM,EAAE,iBAAiB,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,cAAc,CAAC,KAAK,CAAC,EAAE,CAAA;IACpF,CAAC;AACH,CAAC;AAED,KAAK,UAAU,qBAAqB,CAAC,EACnC,QAAQ,EACR,MAAM,EACN,SAAS,GAKV;IACC,IAAI,CAAC;QACH,OAAO,MAAM,QAAQ,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAA;IAC9C,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,UAAU,GAAG,cAAc,CAAC,KAAK,CAAC,CAAA;QACxC,OAAO;YACL,OAAO,EAAE,OAAO;YAChB,SAAS,EAAE,8BAA8B;YACzC,cAAc,EAAE,OAAO;YACvB,MAAM,EAAE,4BAA4B,UAAU,CAAC,IAAI,KAAK,UAAU,CAAC,OAAO,EAAE;YAC5E,SAAS,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE;YAClC,QAAQ,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE;SAC9B,CAAA;IACH,CAAC;AACH,CAAC;AAED,SAAS,eAAe,CAAC,KAA8B;IACrD,OAAO;QACL,MAAM,EAAE,KAAK,CAAC,MAAM;QACpB,WAAW,EAAE,KAAK,CAAC,WAAW;QAC9B,MAAM,EAAE,KAAK,CAAC,MAAM;QACpB,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,OAAO,EAAE,KAAK,CAAC,OAAO;QACtB,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,WAAW,EAAE,KAAK,CAAC,WAAW;KAC/B,CAAA;AACH,CAAC;AAED,SAAS,cAAc,CAAC,KAA8B;IACpD,OAAO;QACL,cAAc,EAAE,KAAK,CAAC,cAAc;QACpC,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,MAAM,EAAE,KAAK,CAAC,MAAM;QACpB,oBAAoB,EAAE,KAAK,CAAC,oBAAoB;QAChD,IAAI,EAAE,KAAK,CAAC,IAAI,IAAI,EAAE;KACvB,CAAA;AACH,CAAC;AAED,SAAS,cAAc,CAAC,KAA6B;IACnD,OAAO;QACL,MAAM,EAAE,KAAK,CAAC,MAAM;QACpB,UAAU,EAAE,KAAK,CAAC,UAAU;QAC5B,MAAM,EAAE,KAAK,CAAC,MAAM;QACpB,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,WAAW,EAAE,KAAK,CAAC,WAAW;QAC9B,oBAAoB,EAAE,KAAK,CAAC,oBAAoB;KACjD,CAAA;AACH,CAAC;AAED,SAAS,aAAa,CAAC,KAA6B;IAClD,OAAO;QACL,MAAM,EAAE,KAAK,CAAC,MAAM;QACpB,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,aAAa,EAAE,KAAK,CAAC,aAAa,IAAI,IAAI;QAC1C,KAAK,EAAE,KAAK,CAAC,KAAK,IAAI,IAAI;KAC3B,CAAA;AACH,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAc;IACvC,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,YAAY,CAAC,KAAK,CAAC,CAAA;QAChC,IAAI,IAAI,KAAK,SAAS;YAAE,OAAO,SAAS,CAAA;QACxC,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAY,CAAA;IACpC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAA;IAClB,CAAC;AACH,CAAC;AAED,KAAK,UAAU,YAAY,CACzB,QAAkD,EAClD,MAAmB,EACnB,OAA+B,EAC/B,MAAuC;IAEvC,IAAI,CAAC,QAAQ;QAAE,OAAM;IACrB,IAAI,CAAC;QACH,MAAM,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IACjC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,IAAI,CAAC;YACV,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,GAAG,cAAc,CAAC,KAAK,CAAC;SACzB,CAAC,CAAA;IACJ,CAAC;AACH,CAAC;AAED,SAAS,YAAY,CAAC,KAA6B;IACjD,OAAO,MAAM,CAAC,WAAW,CACvB,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,CAC3E,CAAA;AACH,CAAC;AAED,SAAS,qBAAqB,CAAC,MAAyB;IACtD,MAAM,MAAM,GAAG,IAAI,GAAG,EAAa,CAAA;IACnC,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,IAAI,CAAC,wBAAwB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAC1C,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAA;QACpE,CAAC;QACD,MAAM,CAAC,GAAG,CAAC,KAAkB,CAAC,CAAA;IAChC,CAAC;IACD,OAAO,CAAC,GAAG,MAAM,CAAC,CAAC,IAAI,EAAE,CAAA;AAC3B,CAAC;AAED,SAAS,eAAe;IACtB,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;AACxC,CAAC;AAED,SAAS,cAAc,CAAC,KAAc;IACpC,IAAI,KAAK,YAAY,KAAK;QAAE,OAAO,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,CAAA;IAC/E,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,CAAA;AAClD,CAAC"}
package/package.json ADDED
@@ -0,0 +1,58 @@
1
+ {
2
+ "name": "@atrib/action-gate",
3
+ "version": "0.0.1",
4
+ "type": "module",
5
+ "main": "./dist/index.js",
6
+ "types": "./dist/index.d.ts",
7
+ "exports": {
8
+ ".": {
9
+ "import": "./dist/index.js",
10
+ "types": "./dist/index.d.ts"
11
+ }
12
+ },
13
+ "files": [
14
+ "dist"
15
+ ],
16
+ "description": "Host-owned action gate helpers for Atrib's verifiable action layer. Signs policy decisions and outcomes before high-impact agent actions run.",
17
+ "author": "atrib <hello@atrib.dev>",
18
+ "license": "Apache-2.0",
19
+ "homepage": "https://atrib.dev",
20
+ "publishConfig": {
21
+ "access": "public"
22
+ },
23
+ "repository": {
24
+ "type": "git",
25
+ "url": "git+https://github.com/creatornader/atrib.git",
26
+ "directory": "packages/action-gate"
27
+ },
28
+ "keywords": [
29
+ "action-gate",
30
+ "action-control",
31
+ "agent",
32
+ "policy",
33
+ "approval",
34
+ "governance",
35
+ "human-in-the-loop",
36
+ "agent-control",
37
+ "verifiable",
38
+ "receipts",
39
+ "browser-automation",
40
+ "computer-use",
41
+ "atrib"
42
+ ],
43
+ "dependencies": {
44
+ "canonicalize": "^3.0.0",
45
+ "@atrib/mcp": "0.18.1"
46
+ },
47
+ "devDependencies": {
48
+ "@types/node": "^25.9.3",
49
+ "typescript": "^6.0.3",
50
+ "vitest": "^4.1.8"
51
+ },
52
+ "scripts": {
53
+ "build": "rm -rf dist && tsc",
54
+ "test": "vitest run",
55
+ "typecheck": "tsc --noEmit",
56
+ "clean": "rm -rf dist"
57
+ }
58
+ }