@attestplane/attestplane 0.0.1-alpha.1 → 0.0.3-alpha

package/dist/adapters/langsmith.js

@@ -0,0 +1,173 @@
+// SPDX-FileCopyrightText: 2026 The Attestplane Authors
+// SPDX-License-Identifier: Apache-2.0
+/**
+ * LangSmith → Attestplane evidence-event adapter (TypeScript port of
+ * `sdk/python/src/attestplane/adapters/langsmith.py`).
+ *
+ * Byte-identical translation semantics with the Python adapter:
+ * given the same LangSmith Run, both adapters produce the same
+ * EventDraft fields (event_type, actor, payload, subject_ref,
+ * session_id, reference_db_ref).
+ *
+ * Pure function per GenericRuntimeAdapter contract: no I/O, no
+ * LangSmith API calls.
+ *
+ * Trust boundary (ADR-0004 § 4): adapter consumes the public
+ * LangSmith Run shape, not LangChain proprietary code. LangChain
+ * does not endorse this adapter; see docs/policy/forbidden_claims.md
+ * § G.
+ *
+ * Redaction (ADR-0008 § Boundary anti-requirements):
+ * - Raw inputs / outputs are NEVER copied to payload — only SHA-256
+ *   hashes go in `arguments_hash` / `result_hash`.
+ * - Error strings are truncated to 200 chars to limit PII leakage.
+ * - end_user_id (from LangSmith metadata.user_id) is wrapped in
+ *   SubjectRef(scheme="opaque").
+ *
+ * Run type → event_type mapping is identical to the Python adapter:
+ * all run_types map to `tool_call_event` in v1; payload.kind carries
+ * the LangSmith run_type for downstream filtering.
+ */
+import { createHash } from 'node:crypto';
+import { AdapterTranslationError, GenericRuntimeAdapter } from '../adapters.js';
+import { TOOL_CALL_EVENT } from '../event_types.js';
+import { makeEventDraft, makeSubjectRef } from '../types.js';
+const KNOWN_RUN_TYPES = new Set([
+    'tool',
+    'llm',
+    'chain',
+    'retriever',
+    'prompt',
+    'parser',
+    'embedding',
+]);
+function _canonicalReplacer() {
+    // sort_keys + default=str equivalent (matches Python's json.dumps
+    // with sort_keys=True, separators=(",",":"), default=str).
+    return function (_key, value) {
+        if (value === undefined)
+            return undefined;
+        if (value instanceof Date)
+            return value.toISOString();
+        if (value !== null && typeof value === 'object' && !Array.isArray(value)) {
+            const sorted = {};
+            const obj = value;
+            for (const k of Object.keys(obj).sort()) {
+                sorted[k] = obj[k];
+            }
+            return sorted;
+        }
+        return value;
+    };
+}
+function _hashJson(value) {
+    // Match Python: json.dumps(value, sort_keys=True, separators=(",",":"), default=str)
+    // JS JSON.stringify by default uses no separators; we need to mimic compact form.
+    // The canonical_replacer above sorts keys; we then re-emit with the no-space
+    // separator form by passing the result through a second stringify.
+    const sorted = JSON.parse(JSON.stringify(value, _canonicalReplacer()));
+    const compact = JSON.stringify(sorted);
+    return createHash('sha256').update(compact, 'utf-8').digest('hex');
+}
+function _truncate(text, n = 200) {
+    if (text.length <= n)
+        return text;
+    return `${text.slice(0, n - 3)}...`;
+}
+export class LangSmithAdapter extends GenericRuntimeAdapter {
+    runtime_name = 'langsmith';
+    schema_version = 1;
+    translate(runtime_event) {
+        if (typeof runtime_event !== 'object' ||
+            runtime_event === null ||
+            typeof runtime_event.id !== 'string' ||
+            typeof runtime_event.run_type !== 'string') {
+            throw new AdapterTranslationError(`expected LangSmithRun object, got ${runtime_event === null ? 'null' : typeof runtime_event}`);
+        }
+        const run = runtime_event;
+        let resultStatus;
+        if (run.error) {
+            resultStatus = 'ERROR';
+        }
+        else {
+            resultStatus = 'OK';
+        }
+        const kind = KNOWN_RUN_TYPES.has(run.run_type) ? run.run_type : 'unknown';
+        const inputs = run.inputs ?? {};
+        const payload = {
+            kind,
+            tool_name: `langsmith.${kind}.${run.name}`,
+            tool_call_id: run.id,
+            arguments_hash: _hashJson(inputs),
+            result_status: resultStatus,
+        };
+        if (run.outputs != null) {
+            payload.result_hash = _hashJson(run.outputs);
+        }
+        if (run.end_time != null) {
+            const ms = run.end_time.getTime() - run.start_time.getTime();
+            payload.latency_ms = Math.trunc(ms);
+        }
+        if (run.error) {
+            payload.error_code = _truncate(run.error);
+        }
+        if (run.tags && run.tags.length > 0) {
+            payload.tags = [...run.tags];
+        }
+        const sessionId = run.trace_id ?? run.id;
+        return makeEventDraft({
+            event_type: TOOL_CALL_EVENT,
+            actor: `langsmith://${run.run_type}/${run.name}`,
+            payload,
+            subject_ref: run.end_user_id ? makeSubjectRef('opaque', run.end_user_id) : null,
+            session_id: sessionId,
+            reference_db_ref: run.parent_run_id ?? null,
+        });
+    }
+    static fromDict(raw) {
+        const required = ['id', 'name', 'run_type', 'start_time'];
+        const missing = required.filter((k) => !(k in raw));
+        if (missing.length > 0) {
+            throw new AdapterTranslationError(`LangSmith run dict missing required fields: ${JSON.stringify(missing.sort())}`);
+        }
+        const parseDt = (value) => {
+            if (value instanceof Date)
+                return value;
+            if (typeof value === 'string') {
+                const normalized = value.endsWith('Z') ? value.replace('Z', '+00:00') : value;
+                const d = new Date(normalized);
+                if (Number.isNaN(d.getTime())) {
+                    throw new AdapterTranslationError(`unparsable datetime ${JSON.stringify(value)}`);
+                }
+                return d;
+            }
+            throw new AdapterTranslationError(`datetime field has type ${typeof value}, expected Date or ISO string`);
+        };
+        const metadata = raw.metadata ?? {};
+        if (typeof metadata !== 'object' || Array.isArray(metadata)) {
+            throw new AdapterTranslationError('metadata must be an object');
+        }
+        const tagsRaw = raw.tags;
+        if (tagsRaw !== undefined && tagsRaw !== null && !Array.isArray(tagsRaw)) {
+            throw new AdapterTranslationError('tags must be an array');
+        }
+        const tags = Array.isArray(tagsRaw) ? tagsRaw.map((t) => String(t)) : [];
+        return {
+            id: String(raw.id),
+            name: String(raw.name),
+            run_type: String(raw.run_type),
+            start_time: parseDt(raw.start_time),
+            end_time: raw.end_time ? parseDt(raw.end_time) : null,
+            inputs: raw.inputs ?? {},
+            outputs: raw.outputs ?? null,
+            error: raw.error ?? null,
+            trace_id: raw.trace_id ?? null,
+            parent_run_id: raw.parent_run_id ?? null,
+            status: raw.status ?? null,
+            tags,
+            metadata,
+            end_user_id: typeof metadata.user_id === 'string' ? metadata.user_id : null,
+        };
+    }
+}
+//# sourceMappingURL=langsmith.js.map

package/dist/adapters/langsmith.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"langsmith.js","sourceRoot":"","sources":["../../src/adapters/langsmith.ts"],"names":[],"mappings":"AAAA,uDAAuD;AACvD,sCAAsC;AACtC;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,OAAO,EAAE,uBAAuB,EAAE,qBAAqB,EAAE,MAAM,gBAAgB,CAAC;AAChF,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,EAAmB,cAAc,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAE9E,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC;IAC9B,MAAM;IACN,KAAK;IACL,OAAO;IACP,WAAW;IACX,QAAQ;IACR,QAAQ;IACR,WAAW;CACZ,CAAC,CAAC;AAmBH,SAAS,kBAAkB;IACzB,kEAAkE;IAClE,2DAA2D;IAC3D,OAAO,UAAyB,IAAY,EAAE,KAAc;QAC1D,IAAI,KAAK,KAAK,SAAS;YAAE,OAAO,SAAS,CAAC;QAC1C,IAAI,KAAK,YAAY,IAAI;YAAE,OAAO,KAAK,CAAC,WAAW,EAAE,CAAC;QACtD,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YACzE,MAAM,MAAM,GAA4B,EAAE,CAAC;YAC3C,MAAM,GAAG,GAAG,KAAgC,CAAC;YAC7C,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;gBACxC,MAAM,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;YACrB,CAAC;YACD,OAAO,MAAM,CAAC;QAChB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;AACJ,CAAC;AAED,SAAS,SAAS,CAAC,KAAc;IAC/B,qFAAqF;IACrF,kFAAkF;IAClF,6EAA6E;IAC7E,mEAAmE;IACnE,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,kBAAkB,EAAE,CAAC,CAAC,CAAC;IACvE,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IACvC,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACrE,CAAC;AAED,SAAS,SAAS,CAAC,IAAY,EAAE,CAAC,GAAG,GAAG;IACtC,IAAI,IAAI,CAAC,MAAM,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IAClC,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC;AACtC,CAAC;AAED,MAAM,OAAO,gBAAiB,SAAQ,qBAAmC;IAC9D,YAAY,GAAG,WAAW,CAAC;IAC3B,cAAc,GAAG,CAAC,CAAC;IAE5B,SAAS,CAAC,aAA2B;QACnC,IACE,OAAO,aAAa,KAAK,QAAQ;YACjC,aAAa,KAAK,IAAI;YACtB,OAAQ,aAA8B,CAAC,EAAE,KAAK,QAAQ;YACtD,OAAQ,aAA8B,CAAC,QAAQ,KAAK,QAAQ,EAC5D,CAAC;YACD,MAAM,IAAI,uBAAuB,CAC/B,qCAAqC,aAAa,KAAK,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,aAAa,EAAE,CAC9F,CAAC;QACJ,CAAC;QAED,MAAM,GAAG,GAAG,aAAa,CAAC;QAE1B,IAAI,YAAoB,CAAC;QACzB,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;YACd,YAAY,GAAG,OAAO,CAAC;QACzB,CAAC;aAAM,CAAC;YACN,YAAY,GAAG,IAAI,CAAC;QACtB,CAAC;QAED,MAAM,IAAI,GAAG,eAAe,CAAC,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;QAE1E,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,IAAI,EAAE,CAAC;QAChC,MAAM,OAAO,GAA4B;YACvC,IAAI;YACJ,SAAS,EAAE,aAAa,IAAI,IAAI,GAAG,CAAC,IAAI,EAAE;YAC1C,YAAY,EAAE,GAAG,CAAC,EAAE;YACpB,cAAc,EAAE,SAAS,CAAC,MAAM,CAAC;YACjC,aAAa,EAAE,YAAY;SAC5B,CAAC;QACF,IAAI,GAAG,CAAC,OAAO,IAAI,IAAI,EAAE,CAAC;YACxB,OAAO,CAAC,WAAW,GAAG,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC/C,CAAC;QACD,IAAI,GAAG,CAAC,QAAQ,IAAI,IAAI,EAAE,CAAC;YACzB,MAAM,EAAE,GAAG,GAAG,CAAC,QAAQ,CAAC,OAAO,EAAE,GAAG,GAAG,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;YAC7D,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QACtC,CAAC;QACD,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;YACd,OAAO,CAAC,UAAU,GAAG,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QAC5C,CAAC;QACD,IAAI,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpC,OAAO,CAAC,IAAI,GAAG,CAAC,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC;QAC/B,CAAC;QAED,MAAM,SAAS,GAAG,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC,EAAE,CAAC;QAEzC,OAAO,cAAc,CAAC;YACpB,UAAU,EAAE,eAAe;YAC3B,KAAK,EAAE,eAAe,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC,IAAI,EAAE;YAChD,OAAO;YACP,WAAW,EAAE,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,cAAc,CAAC,QAAQ,EAAE,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,IAAI;YAC/E,UAAU,EAAE,SAAS;YACrB,gBAAgB,EAAE,GAAG,CAAC,aAAa,IAAI,IAAI;SAC5C,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,QAAQ,CAAC,GAA4B;QAC1C,MAAM,QAAQ,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,YAAY,CAAU,CAAC;QACnE,MAAM,OAAO,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC;QACpD,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvB,MAAM,IAAI,uBAAuB,CAC/B,+CAA+C,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,EAAE,CAChF,CAAC;QACJ,CAAC;QAED,MAAM,OAAO,GAAG,CAAC,KAAc,EAAQ,EAAE;YACvC,IAAI,KAAK,YAAY,IAAI;gBAAE,OAAO,KAAK,CAAC;YACxC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;gBAC9B,MAAM,UAAU,GAAG,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;gBAC9E,MAAM,CAAC,GAAG,IAAI,IAAI,CAAC,UAAU,CAAC,CAAC;gBAC/B,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC;oBAC9B,MAAM,IAAI,uBAAuB,CAAC,uBAAuB,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;gBACpF,CAAC;gBACD,OAAO,CAAC,CAAC;YACX,CAAC;YACD,MAAM,IAAI,uBAAuB,CAC/B,2BAA2B,OAAO,KAAK,+BAA+B,CACvE,CAAC;QACJ,CAAC,CAAC;QAEF,MAAM,QAAQ,GAAI,GAAG,CAAC,QAAgD,IAAI,EAAE,CAAC;QAC7E,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5D,MAAM,IAAI,uBAAuB,CAAC,4BAA4B,CAAC,CAAC;QAClE,CAAC;QAED,MAAM,OAAO,GAAG,GAAG,CAAC,IAAI,CAAC;QACzB,IAAI,OAAO,KAAK,SAAS,IAAI,OAAO,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YACzE,MAAM,IAAI,uBAAuB,CAAC,uBAAuB,CAAC,CAAC;QAC7D,CAAC;QACD,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAEzE,OAAO;YACL,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YAClB,IAAI,EAAE,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC;YACtB,QAAQ,EAAE,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;YAC9B,UAAU,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;YACnC,QAAQ,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI;YACrD,MAAM,EAAG,GAAG,CAAC,MAAkC,IAAI,EAAE;YACrD,OAAO,EAAG,GAAG,CAAC,OAA0C,IAAI,IAAI;YAChE,KAAK,EAAG,GAAG,CAAC,KAAuB,IAAI,IAAI;YAC3C,QAAQ,EAAG,GAAG,CAAC,QAA0B,IAAI,IAAI;YACjD,aAAa,EAAG,GAAG,CAAC,aAA+B,IAAI,IAAI;YAC3D,MAAM,EAAG,GAAG,CAAC,MAAwB,IAAI,IAAI;YAC7C,IAAI;YACJ,QAAQ;YACR,WAAW,EAAE,OAAO,QAAQ,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI;SAC5E,CAAC;IACJ,CAAC;CACF"}

package/dist/adapters.d.ts

@@ -0,0 +1,88 @@
+/**
+ * Abstract runtime-adapter base — the only adapter surface in the substrate.
+ *
+ * Per ADR-0004 § 1 ("Universal rule"):
+ *
+ *   Any AIOS surface whose primary semantic is authority or execution stays
+ *   in AIOS. Attestplane only ever records the event of a decision having
+ *   been made, never owns the decision.
+ *
+ * A `GenericRuntimeAdapter` translates one runtime-specific event into one
+ * `EventDraft`. That is the only verb it owns. The abstract class
+ * deliberately exposes no `execute()`, `grant()`, or `decide()` method.
+ *
+ * Concrete adapters (AIOS, LangGraph, Claude Code SDK, …) live in their
+ * respective execution-plane repositories or in `attestplane-contrib`, not
+ * in the substrate OSS tree.
+ *
+ * Spec-Only Phase 0 deliverable (migration plan ticket #3).
+ */
+import type { EventDraft } from './types.js';
+/** Base class for any adapter-raised error. */
+export declare class AdapterError extends Error {
+    constructor(message: string);
+}
+/**
+ * A runtime event could not be translated into an `EventDraft`.
+ *
+ * Adapters MUST throw this (or a subclass) rather than returning a
+ * partially-populated draft or silently dropping the event. Silent drops
+ * would defeat the point of a substrate.
+ */
+export declare class AdapterTranslationError extends AdapterError {
+    constructor(message: string);
+}
+/**
+ * Abstract base for any execution-plane → Attestplane adapter.
+ *
+ * The contract is intentionally narrow:
+ *
+ * 1. `translate()` is the only required method.
+ * 2. `translate()` is a **pure function**: given the same input it returns
+ *    the same output. No I/O, no side effects, no clock reads, no random
+ *    number generation, no calls back into the runtime.
+ * 3. The returned `EventDraft` is the caller-provided portion of the audit
+ *    event. The substrate assigns `event_id`, `timestamp`, `seq`,
+ *    `prev_hash`, and `event_hash`. Adapters do not produce those fields.
+ * 4. Adapters do not execute, grant, decide, or otherwise affect runtime
+ *    state. The base class enforces this via a runtime check in the
+ *    constructor that rejects forbidden method names at instantiation
+ *    time. (TypeScript does not have a Python-style `__init_subclass__`
+ *    hook, so the check runs at `new` time rather than class-creation
+ *    time.)
+ *
+ * Reserved method names that any subclass MUST NOT define at the public
+ * level (any leading underscore exempts the name):
+ *
+ * - `execute`, `run`, `dispatch`
+ * - `grant`, `revoke`, `issue`
+ * - `decide`, `approve`, `reject`
+ * - `settle`, `charge`, `credit`
+ * - `schedule`, `allocate`
+ *
+ * Defining any of these is an ADR-0004 boundary violation and the
+ * constructor throws on first instantiation.
+ */
+export declare abstract class GenericRuntimeAdapter<RuntimeEvent> {
+    abstract readonly runtime_name: string;
+    abstract readonly schema_version: number;
+    constructor();
+    /**
+     * Translate one runtime-specific event into one `EventDraft`.
+     *
+     * Implementations MUST:
+     *
+     * - Throw `AdapterTranslationError` on any input the adapter cannot map.
+     *   Never return `null` or a partially-populated draft.
+     * - Be pure: same input → same output, no I/O, no clock reads.
+     * - Apply pseudonymization at the boundary: any direct identifier in
+     *   `runtime_event` that maps to a data subject MUST be wrapped in a
+     *   `SubjectRef` with an appropriate `scheme` before being placed in the
+     *   returned draft. Raw PII in `payload` is a GDPR Art. 4(5) violation.
+     * - Not call into the runtime to fetch additional context. If the
+     *   runtime event lacks information the adapter needs, the runtime must
+     *   emit a richer event — not the adapter.
+     */
+    abstract translate(runtime_event: RuntimeEvent): EventDraft;
+}
+//# sourceMappingURL=adapters.d.ts.map

package/dist/adapters.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"adapters.d.ts","sourceRoot":"","sources":["../src/adapters.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAE7C,+CAA+C;AAC/C,qBAAa,YAAa,SAAQ,KAAK;gBACzB,OAAO,EAAE,MAAM;CAI5B;AAED;;;;;;GAMG;AACH,qBAAa,uBAAwB,SAAQ,YAAY;gBAC3C,OAAO,EAAE,MAAM;CAI5B;AAmBD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AACH,8BAAsB,qBAAqB,CAAC,YAAY;IACtD,QAAQ,CAAC,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IACvC,QAAQ,CAAC,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;;IAqBzC;;;;;;;;;;;;;;;OAeG;IACH,QAAQ,CAAC,SAAS,CAAC,aAAa,EAAE,YAAY,GAAG,UAAU;CAC5D"}

package/dist/adapters.js

@@ -0,0 +1,109 @@
+// SPDX-FileCopyrightText: 2026 The Attestplane Authors
+// SPDX-License-Identifier: Apache-2.0
+/**
+ * Abstract runtime-adapter base — the only adapter surface in the substrate.
+ *
+ * Per ADR-0004 § 1 ("Universal rule"):
+ *
+ *   Any AIOS surface whose primary semantic is authority or execution stays
+ *   in AIOS. Attestplane only ever records the event of a decision having
+ *   been made, never owns the decision.
+ *
+ * A `GenericRuntimeAdapter` translates one runtime-specific event into one
+ * `EventDraft`. That is the only verb it owns. The abstract class
+ * deliberately exposes no `execute()`, `grant()`, or `decide()` method.
+ *
+ * Concrete adapters (AIOS, LangGraph, Claude Code SDK, …) live in their
+ * respective execution-plane repositories or in `attestplane-contrib`, not
+ * in the substrate OSS tree.
+ *
+ * Spec-Only Phase 0 deliverable (migration plan ticket #3).
+ */
+/** Base class for any adapter-raised error. */
+export class AdapterError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'AdapterError';
+    }
+}
+/**
+ * A runtime event could not be translated into an `EventDraft`.
+ *
+ * Adapters MUST throw this (or a subclass) rather than returning a
+ * partially-populated draft or silently dropping the event. Silent drops
+ * would defeat the point of a substrate.
+ */
+export class AdapterTranslationError extends AdapterError {
+    constructor(message) {
+        super(message);
+        this.name = 'AdapterTranslationError';
+    }
+}
+const FORBIDDEN_METHOD_NAMES = new Set([
+    'execute',
+    'run',
+    'dispatch',
+    'grant',
+    'revoke',
+    'issue',
+    'decide',
+    'approve',
+    'reject',
+    'settle',
+    'charge',
+    'credit',
+    'schedule',
+    'allocate',
+]);
+/**
+ * Abstract base for any execution-plane → Attestplane adapter.
+ *
+ * The contract is intentionally narrow:
+ *
+ * 1. `translate()` is the only required method.
+ * 2. `translate()` is a **pure function**: given the same input it returns
+ *    the same output. No I/O, no side effects, no clock reads, no random
+ *    number generation, no calls back into the runtime.
+ * 3. The returned `EventDraft` is the caller-provided portion of the audit
+ *    event. The substrate assigns `event_id`, `timestamp`, `seq`,
+ *    `prev_hash`, and `event_hash`. Adapters do not produce those fields.
+ * 4. Adapters do not execute, grant, decide, or otherwise affect runtime
+ *    state. The base class enforces this via a runtime check in the
+ *    constructor that rejects forbidden method names at instantiation
+ *    time. (TypeScript does not have a Python-style `__init_subclass__`
+ *    hook, so the check runs at `new` time rather than class-creation
+ *    time.)
+ *
+ * Reserved method names that any subclass MUST NOT define at the public
+ * level (any leading underscore exempts the name):
+ *
+ * - `execute`, `run`, `dispatch`
+ * - `grant`, `revoke`, `issue`
+ * - `decide`, `approve`, `reject`
+ * - `settle`, `charge`, `credit`
+ * - `schedule`, `allocate`
+ *
+ * Defining any of these is an ADR-0004 boundary violation and the
+ * constructor throws on first instantiation.
+ */
+export class GenericRuntimeAdapter {
+    constructor() {
+        const proto = Object.getPrototypeOf(this);
+        const offenders = [];
+        for (const name of Object.getOwnPropertyNames(proto)) {
+            if (name === 'constructor')
+                continue;
+            if (name.startsWith('_'))
+                continue;
+            if (FORBIDDEN_METHOD_NAMES.has(name)) {
+                offenders.push(name);
+            }
+        }
+        if (offenders.length > 0) {
+            offenders.sort();
+            throw new TypeError(`${this.constructor.name} defines forbidden authority/execution method(s) ` +
+                `[${offenders.join(', ')}]; adapters may only translate events. See ADR-0004 § 1.`);
+        }
+    }
+}
+//# sourceMappingURL=adapters.js.map

package/dist/adapters.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"adapters.js","sourceRoot":"","sources":["../src/adapters.ts"],"names":[],"mappings":"AAAA,uDAAuD;AACvD,sCAAsC;AACtC;;;;;;;;;;;;;;;;;;GAkBG;AAIH,+CAA+C;AAC/C,MAAM,OAAO,YAAa,SAAQ,KAAK;IACrC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,cAAc,CAAC;IAC7B,CAAC;CACF;AAED;;;;;;GAMG;AACH,MAAM,OAAO,uBAAwB,SAAQ,YAAY;IACvD,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,yBAAyB,CAAC;IACxC,CAAC;CACF;AAED,MAAM,sBAAsB,GAAwB,IAAI,GAAG,CAAC;IAC1D,SAAS;IACT,KAAK;IACL,UAAU;IACV,OAAO;IACP,QAAQ;IACR,OAAO;IACP,QAAQ;IACR,SAAS;IACT,QAAQ;IACR,QAAQ;IACR,QAAQ;IACR,QAAQ;IACR,UAAU;IACV,UAAU;CACX,CAAC,CAAC;AAEH;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AACH,MAAM,OAAgB,qBAAqB;IAIzC;QACE,MAAM,KAAK,GAAG,MAAM,CAAC,cAAc,CAAC,IAAI,CAAW,CAAC;QACpD,MAAM,SAAS,GAAa,EAAE,CAAC;QAC/B,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,mBAAmB,CAAC,KAAK,CAAC,EAAE,CAAC;YACrD,IAAI,IAAI,KAAK,aAAa;gBAAE,SAAS;YACrC,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;gBAAE,SAAS;YACnC,IAAI,sBAAsB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;gBACrC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;QACD,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACzB,SAAS,CAAC,IAAI,EAAE,CAAC;YACjB,MAAM,IAAI,SAAS,CACjB,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,mDAAmD;gBACzE,IAAI,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,0DAA0D,CACrF,CAAC;QACJ,CAAC;IACH,CAAC;CAmBF"}

package/dist/anchoring.d.ts

@@ -0,0 +1,119 @@
+/**
+ * RFC-3161 anchoring (TypeScript port of `sdk/python/src/attestplane/anchoring/`).
+ *
+ * Ships the design skeleton — types, abstract base, mock provider,
+ * multi-TSA composite, and an anchor-aware verifier API. Real
+ * cryptography-backed providers (Free TSA, DigiCert) ship in a
+ * follow-up alongside `anchor_vectors.json` cross-language fixtures.
+ *
+ * Surface parity with the Python module: anyone reading the Python
+ * skeleton at `attestplane.anchoring` finds the same shapes here.
+ */
+import type { ChainedEvent } from './types.js';
+export declare const ANCHOR_SCHEMA_VERSION: 1;
+export type AnchorStatus = 'unanchored' | 'pending' | 'anchored' | 'failed_permanent';
+export type CertStatus = 'VALID' | 'VALID_UNVERIFIED' | 'MISSING_LTV_ARTIFACTS' | 'EXPIRED_VALID_AT_ISSUANCE' | 'REVOKED';
+export type AnchorVerificationStatus = 'verified' | 'failed' | 'not_performed';
+export declare class AnchorError extends Error {
+    constructor(message: string);
+}
+export declare class TSAUnavailableError extends AnchorError {
+    constructor(message: string);
+}
+export declare class AnchorVerificationError extends AnchorError {
+    constructor(message: string);
+}
+export interface AnchorRecord {
+    readonly anchor_schema_version: number;
+    readonly anchored_seq: number;
+    readonly anchored_event_hash: Uint8Array;
+    readonly tsa_provider_id: string;
+    readonly tsa_token: Uint8Array;
+    readonly tsa_cert_chain: readonly Uint8Array[];
+    readonly ocsp_responses: readonly Uint8Array[];
+    readonly issued_at_claimed: Date;
+}
+export declare function validateAnchorRecord(a: AnchorRecord): void;
+export interface AnchorPolicy {
+    readonly batch_size: number;
+    readonly max_idle_seconds: number;
+    readonly per_event: boolean;
+}
+export declare const DEFAULT_ANCHOR_POLICY: AnchorPolicy;
+export declare function makeAnchorPolicy(input?: Partial<AnchorPolicy>): AnchorPolicy;
+export interface TimestampRequest {
+    readonly digest: Uint8Array;
+    readonly nonce?: Uint8Array;
+}
+export declare function makeTimestampRequest(input: TimestampRequest): TimestampRequest;
+/**
+ * Abstract base for any TSA provider implementation.
+ *
+ * TypeScript analogue of Python's `TSAProvider` ABC. The
+ * forbidden-mutating-verb check runs in the constructor (TS has no
+ * `__init_subclass__` equivalent).
+ */
+export declare abstract class TSAProvider {
+    abstract readonly provider_id: string;
+    abstract readonly schema_version: number;
+    constructor();
+    abstract requestTimestamp(request: TimestampRequest, options?: {
+        readonly anchoredSeq?: number;
+        readonly now?: Date;
+    }): AnchorRecord;
+}
+export interface MockTSAProviderInput {
+    readonly provider_id?: string;
+    readonly fixed_time?: Date;
+    readonly fail_with?: Error;
+}
+export declare class MockTSAProvider extends TSAProvider {
+    readonly provider_id: string;
+    readonly schema_version: 1;
+    private readonly _fixed_time;
+    private readonly _fail_with;
+    constructor(input?: MockTSAProviderInput);
+    requestTimestamp(request: TimestampRequest, options?: {
+        readonly anchoredSeq?: number;
+        readonly now?: Date;
+    }): AnchorRecord;
+}
+export interface MultiTSAProviderInput {
+    readonly providers: readonly TSAProvider[];
+    readonly tolerate_partial?: boolean;
+}
+export declare class MultiTSAProvider {
+    private readonly _providers;
+    private readonly _tolerate_partial;
+    constructor(input: MultiTSAProviderInput);
+    get providerIds(): readonly string[];
+    requestTimestamps(request: TimestampRequest, options?: {
+        readonly anchoredSeq?: number;
+        readonly now?: Date;
+    }): AnchorRecord[];
+}
+export interface SingleAnchorResult {
+    readonly seq: number;
+    readonly provider: string;
+    readonly valid: boolean;
+    readonly cert_status: CertStatus;
+    readonly ltv_artifacts_present: boolean;
+    readonly reason: string | null;
+}
+export interface AnchorVerificationResult {
+    readonly chain_ok: boolean;
+    readonly chain_reason: string | null;
+    readonly anchored_seqs: ReadonlySet<number>;
+    readonly unanchored_seqs: ReadonlySet<number>;
+    readonly anchor_results: readonly SingleAnchorResult[];
+    readonly verification_status: AnchorVerificationStatus;
+    readonly ok: boolean;
+}
+export interface VerifyChainWithAnchorsOptions {
+    readonly trustRootsDer?: readonly Uint8Array[];
+    readonly intermediatesDer?: readonly Uint8Array[];
+    readonly verificationTime?: Date;
+    readonly maxChainDepth?: number;
+}
+export declare function verifyChainWithAnchors(events: readonly ChainedEvent[], anchors: readonly AnchorRecord[], options?: VerifyChainWithAnchorsOptions): AnchorVerificationResult;
+//# sourceMappingURL=anchoring.d.ts.map

package/dist/anchoring.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"anchoring.d.ts","sourceRoot":"","sources":["../src/anchoring.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;GAUG;AAMH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAE/C,eAAO,MAAM,qBAAqB,EAAG,CAAU,CAAC;AAEhD,MAAM,MAAM,YAAY,GAAG,YAAY,GAAG,SAAS,GAAG,UAAU,GAAG,kBAAkB,CAAC;AAEtF,MAAM,MAAM,UAAU,GAClB,OAAO,GACP,kBAAkB,GAClB,uBAAuB,GACvB,2BAA2B,GAC3B,SAAS,CAAC;AACd,MAAM,MAAM,wBAAwB,GAAG,UAAU,GAAG,QAAQ,GAAG,eAAe,CAAC;AAI/E,qBAAa,WAAY,SAAQ,KAAK;gBACxB,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,mBAAoB,SAAQ,WAAW;gBACtC,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,uBAAwB,SAAQ,WAAW;gBAC1C,OAAO,EAAE,MAAM;CAI5B;AAID,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,qBAAqB,EAAE,MAAM,CAAC;IACvC,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,mBAAmB,EAAE,UAAU,CAAC;IACzC,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,SAAS,EAAE,UAAU,CAAC;IAC/B,QAAQ,CAAC,cAAc,EAAE,SAAS,UAAU,EAAE,CAAC;IAC/C,QAAQ,CAAC,cAAc,EAAE,SAAS,UAAU,EAAE,CAAC;IAC/C,QAAQ,CAAC,iBAAiB,EAAE,IAAI,CAAC;CAClC;AAED,wBAAgB,oBAAoB,CAAC,CAAC,EAAE,YAAY,GAAG,IAAI,CAiB1D;AAED,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,SAAS,EAAE,OAAO,CAAC;CAC7B;AAED,eAAO,MAAM,qBAAqB,EAAE,YAIlC,CAAC;AAEH,wBAAgB,gBAAgB,CAAC,KAAK,CAAC,EAAE,OAAO,CAAC,YAAY,CAAC,GAAG,YAAY,CAS5E;AAED,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,MAAM,EAAE,UAAU,CAAC;IAC5B,QAAQ,CAAC,KAAK,CAAC,EAAE,UAAU,CAAC;CAC7B;AAED,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,gBAAgB,GAAG,gBAAgB,CAO9E;AAcD;;;;;;GAMG;AACH,8BAAsB,WAAW;IAC/B,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IACtC,QAAQ,CAAC,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;;IAoBzC,QAAQ,CAAC,gBAAgB,CACvB,OAAO,EAAE,gBAAgB,EACzB,OAAO,CAAC,EAAE;QAAE,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,IAAI,CAAA;KAAE,GAC/D,YAAY;CAChB;AAID,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,UAAU,CAAC,EAAE,IAAI,CAAC;IAC3B,QAAQ,CAAC,SAAS,CAAC,EAAE,KAAK,CAAC;CAC5B;AAED,qBAAa,eAAgB,SAAQ,WAAW;IAC9C,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,cAAc,IAAyB;IAChD,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAc;IAC1C,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAe;gBAE9B,KAAK,GAAE,oBAAyB;IAW5C,gBAAgB,CACd,OAAO,EAAE,gBAAgB,EACzB,OAAO,GAAE;QAAE,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,IAAI,CAAA;KAAO,GACnE,YAAY;CA6BhB;AAID,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,SAAS,EAAE,SAAS,WAAW,EAAE,CAAC;IAC3C,QAAQ,CAAC,gBAAgB,CAAC,EAAE,OAAO,CAAC;CACrC;AAED,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAyB;IACpD,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAU;gBAEhC,KAAK,EAAE,qBAAqB;IAqBxC,IAAI,WAAW,IAAI,SAAS,MAAM,EAAE,CAEnC;IAED,iBAAiB,CACf,OAAO,EAAE,gBAAgB,EACzB,OAAO,CAAC,EAAE;QAAE,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,IAAI,CAAA;KAAE,GAC/D,YAAY,EAAE;CAoBlB;AAID,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;IACxB,QAAQ,CAAC,WAAW,EAAE,UAAU,CAAC;IACjC,QAAQ,CAAC,qBAAqB,EAAE,OAAO,CAAC;IACxC,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;CAChC;AAED,MAAM,WAAW,wBAAwB;IACvC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;IAC3B,QAAQ,CAAC,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IACrC,QAAQ,CAAC,aAAa,EAAE,WAAW,CAAC,MAAM,CAAC,CAAC;IAC5C,QAAQ,CAAC,eAAe,EAAE,WAAW,CAAC,MAAM,CAAC,CAAC;IAC9C,QAAQ,CAAC,cAAc,EAAE,SAAS,kBAAkB,EAAE,CAAC;IACvD,QAAQ,CAAC,mBAAmB,EAAE,wBAAwB,CAAC;IACvD,QAAQ,CAAC,EAAE,EAAE,OAAO,CAAC;CACtB;AAUD,MAAM,WAAW,6BAA6B;IAC5C,QAAQ,CAAC,aAAa,CAAC,EAAE,SAAS,UAAU,EAAE,CAAC;IAC/C,QAAQ,CAAC,gBAAgB,CAAC,EAAE,SAAS,UAAU,EAAE,CAAC;IAClD,QAAQ,CAAC,gBAAgB,CAAC,EAAE,IAAI,CAAC;IACjC,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;CACjC;AAED,wBAAgB,sBAAsB,CACpC,MAAM,EAAE,SAAS,YAAY,EAAE,EAC/B,OAAO,EAAE,SAAS,YAAY,EAAE,EAChC,OAAO,GAAE,6BAAkC,GAC1C,wBAAwB,CA0I1B"}