@cotal-ai/core 0.1.0

package/dist/identity.d.ts

@@ -0,0 +1,26 @@
+/**
+ * A locally-generated agent identity (an nkey user keypair).
+ *
+ * The public key is the **stable id** used identically everywhere — `card.id`, the
+ * subject-encoded sender token, the JWT subject, and the DM durable name — so the
+ * server's ACLs and the wire layout stay in lockstep. The seed is the private half:
+ * it never goes on the wire and (from the provisioning step on) is signed into a
+ * creds file the endpoint loads to authenticate as this id.
+ */
+export interface Identity {
+    /** User nkey public key (`U…`). The stable agent id. */
+    id: string;
+    /** User nkey seed (`SU…`). Private — kept off the wire. */
+    seed: string;
+}
+/** Generate a fresh user nkey identity locally. The seed is derived here and never
+ *  leaves the generating process except as a creds file handed to its own agent. */
+export declare function newIdentity(): Identity;
+/** The stable id carried by a creds file: the agent's nkey public key. Derived from the
+ *  seed block (format-independent) and cross-checked against the JWT subject — a mismatch
+ *  means a corrupt or spliced creds file (a seed paired with someone else's JWT), which
+ *  would otherwise auth as one identity while the subject token claims another. Lets an
+ *  endpoint that authenticates with creds adopt the matching `card.id`, keeping one id
+ *  everywhere. */
+export declare function idFromCreds(creds: string): string;
+//# sourceMappingURL=identity.d.ts.map

package/dist/identity.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity.d.ts","sourceRoot":"","sources":["../src/identity.ts"],"names":[],"mappings":"AAEA;;;;;;;;GAQG;AACH,MAAM,WAAW,QAAQ;IACvB,wDAAwD;IACxD,EAAE,EAAE,MAAM,CAAC;IACX,2DAA2D;IAC3D,IAAI,EAAE,MAAM,CAAC;CACd;AAED;oFACoF;AACpF,wBAAgB,WAAW,IAAI,QAAQ,CAItC;AAED;;;;;kBAKkB;AAClB,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAWjD"}

package/dist/identity.js

@@ -0,0 +1,29 @@
+import { createUser, fromSeed } from "@nats-io/nkeys";
+/** Generate a fresh user nkey identity locally. The seed is derived here and never
+ *  leaves the generating process except as a creds file handed to its own agent. */
+export function newIdentity() {
+    const kp = createUser();
+    const seed = new TextDecoder().decode(kp.getSeed());
+    return { id: kp.getPublicKey(), seed };
+}
+/** The stable id carried by a creds file: the agent's nkey public key. Derived from the
+ *  seed block (format-independent) and cross-checked against the JWT subject — a mismatch
+ *  means a corrupt or spliced creds file (a seed paired with someone else's JWT), which
+ *  would otherwise auth as one identity while the subject token claims another. Lets an
+ *  endpoint that authenticates with creds adopt the matching `card.id`, keeping one id
+ *  everywhere. */
+export function idFromCreds(creds) {
+    const seedM = creds.match(/BEGIN USER NKEY SEED-----\s*([\s\S]*?)\s*------END USER NKEY SEED/);
+    if (!seedM)
+        throw new Error("creds: no user nkey seed block found");
+    const id = fromSeed(new TextEncoder().encode(seedM[1].trim())).getPublicKey();
+    const jwtM = creds.match(/BEGIN NATS USER JWT-----\s*([\s\S]*?)\s*------END NATS USER JWT/);
+    const payload = jwtM?.[1].trim().split(".")[1];
+    const sub = payload
+        ? JSON.parse(Buffer.from(payload, "base64url").toString("utf8")).sub
+        : undefined;
+    if (sub && sub !== id)
+        throw new Error(`creds: seed identity ${id} != JWT subject ${sub}`);
+    return id;
+}
+//# sourceMappingURL=identity.js.map

package/dist/identity.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity.js","sourceRoot":"","sources":["../src/identity.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAkBtD;oFACoF;AACpF,MAAM,UAAU,WAAW;IACzB,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;IACxB,MAAM,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC;IACpD,OAAO,EAAE,EAAE,EAAE,EAAE,CAAC,YAAY,EAAE,EAAE,IAAI,EAAE,CAAC;AACzC,CAAC;AAED;;;;;kBAKkB;AAClB,MAAM,UAAU,WAAW,CAAC,KAAa;IACvC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,mEAAmE,CAAC,CAAC;IAC/F,IAAI,CAAC,KAAK;QAAE,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;IACpE,MAAM,EAAE,GAAG,QAAQ,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,YAAY,EAAE,CAAC;IAC9E,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,iEAAiE,CAAC,CAAC;IAC5F,MAAM,OAAO,GAAG,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/C,MAAM,GAAG,GAAG,OAAO;QACjB,CAAC,CAAE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAsB,CAAC,GAAG;QAC1F,CAAC,CAAC,SAAS,CAAC;IACd,IAAI,GAAG,IAAI,GAAG,KAAK,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,wBAAwB,EAAE,mBAAmB,GAAG,EAAE,CAAC,CAAC;IAC3F,OAAO,EAAE,CAAC;AACZ,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,12 @@
+export * from "./types.js";
+export * from "./subjects.js";
+export * from "./link.js";
+export * from "./identity.js";
+export * from "./provision.js";
+export * from "./streams.js";
+export * from "./agent-file.js";
+export * from "./endpoint.js";
+export * from "./connector.js";
+export * from "./command.js";
+export * from "./registry.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,cAAc,eAAe,CAAC;AAC9B,cAAc,WAAW,CAAC;AAC1B,cAAc,eAAe,CAAC;AAC9B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,cAAc,CAAC;AAC7B,cAAc,iBAAiB,CAAC;AAChC,cAAc,eAAe,CAAC;AAC9B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,cAAc,CAAC;AAC7B,cAAc,eAAe,CAAC"}

package/dist/index.js

@@ -0,0 +1,12 @@
+export * from "./types.js";
+export * from "./subjects.js";
+export * from "./link.js";
+export * from "./identity.js";
+export * from "./provision.js";
+export * from "./streams.js";
+export * from "./agent-file.js";
+export * from "./endpoint.js";
+export * from "./connector.js";
+export * from "./command.js";
+export * from "./registry.js";
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,cAAc,eAAe,CAAC;AAC9B,cAAc,WAAW,CAAC;AAC1B,cAAc,eAAe,CAAC;AAC9B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,cAAc,CAAC;AAC7B,cAAc,iBAAiB,CAAC;AAChC,cAAc,eAAe,CAAC;AAC9B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,cAAc,CAAC;AAC7B,cAAc,eAAe,CAAC"}

package/dist/link.d.ts

@@ -0,0 +1,37 @@
+/**
+ * The Cotal join link — the onboarding half of the wire contract (v0).
+ *
+ *   cotal://[token@]host[:port]/space[?channel=a,b]    plaintext
+ *   cotals://[token@]host[:port]/space[?channel=a,b]   TLS required
+ *   cotal://user:pass@host/space                       user/password auth
+ *
+ * One copy-pasteable string carries server + credentials + space, so a peer
+ * joins with a single value. The nats.js client does NOT read credentials from
+ * a URL, so we parse them out here and hand them to connect() as options.
+ */
+export interface JoinLink {
+    /** nats:// server URL (auth is carried separately, never in this string). */
+    servers: string;
+    space: string;
+    /** Channels from the link, if any (?channel=a,b). */
+    channels?: string[];
+    /** Whether a TLS connection is required. */
+    tls: boolean;
+    /** Bare token (userinfo without a password). */
+    token?: string;
+    /** Username (userinfo with a password). */
+    user?: string;
+    pass?: string;
+}
+/** Parse a `cotal://` / `cotals://` join link. Throws on anything malformed. */
+export declare function parseJoinLink(link: string): JoinLink;
+/** Build a join link from its parts (for an operator handing one out). */
+export declare function formatJoinLink(opts: {
+    host: string;
+    port?: number;
+    space: string;
+    token?: string;
+    tls?: boolean;
+    channels?: string[];
+}): string;
+//# sourceMappingURL=link.d.ts.map

package/dist/link.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"link.d.ts","sourceRoot":"","sources":["../src/link.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AACH,MAAM,WAAW,QAAQ;IACvB,6EAA6E;IAC7E,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,qDAAqD;IACrD,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,4CAA4C;IAC5C,GAAG,EAAE,OAAO,CAAC;IACb,gDAAgD;IAChD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,2CAA2C;IAC3C,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,gFAAgF;AAChF,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,QAAQ,CA+BpD;AAED,0EAA0E;AAC1E,wBAAgB,cAAc,CAAC,IAAI,EAAE;IACnC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB,GAAG,MAAM,CAMT"}

package/dist/link.js

@@ -0,0 +1,39 @@
+/** Parse a `cotal://` / `cotals://` join link. Throws on anything malformed. */
+export function parseJoinLink(link) {
+    const tls = link.startsWith("cotals://");
+    if (!tls && !link.startsWith("cotal://"))
+        throw new Error(`not a Cotal link (expected cotal:// or cotals://): ${link}`);
+    // Reparse under a "special" scheme so the WHATWG URL parser populates the
+    // authority (credentials/host/port) reliably — non-special schemes don't.
+    const u = new URL(link.replace(/^cotals?:\/\//, tls ? "https://" : "http://"));
+    if (!u.hostname)
+        throw new Error(`Cotal link has no host: ${link}`);
+    const space = decodeURIComponent(u.pathname.replace(/^\/+/, "").split("/")[0] ?? "");
+    if (!space)
+        throw new Error(`Cotal link has no space (cotal://host/<space>): ${link}`);
+    const chParam = u.searchParams.get("channels") ?? u.searchParams.get("channel");
+    const channels = chParam
+        ? chParam.split(",").map((s) => s.trim()).filter(Boolean)
+        : undefined;
+    const user = u.username ? decodeURIComponent(u.username) : undefined;
+    const pass = u.password ? decodeURIComponent(u.password) : undefined;
+    return {
+        servers: `nats://${u.hostname}:${u.port || "4222"}`,
+        space,
+        channels,
+        tls,
+        // userinfo with no ':' is a bare token; with ':' it's user/password.
+        token: user && !pass ? user : undefined,
+        user: pass ? user : undefined,
+        pass: pass || undefined,
+    };
+}
+/** Build a join link from its parts (for an operator handing one out). */
+export function formatJoinLink(opts) {
+    const scheme = opts.tls ? "cotals" : "cotal";
+    const cred = opts.token ? `${encodeURIComponent(opts.token)}@` : "";
+    const port = opts.port ? `:${opts.port}` : "";
+    const query = opts.channels?.length ? `?channel=${opts.channels.join(",")}` : "";
+    return `${scheme}://${cred}${opts.host}${port}/${encodeURIComponent(opts.space)}${query}`;
+}
+//# sourceMappingURL=link.js.map

package/dist/link.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"link.js","sourceRoot":"","sources":["../src/link.ts"],"names":[],"mappings":"AA0BA,gFAAgF;AAChF,MAAM,UAAU,aAAa,CAAC,IAAY;IACxC,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;IACzC,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC;QACtC,MAAM,IAAI,KAAK,CAAC,sDAAsD,IAAI,EAAE,CAAC,CAAC;IAEhF,0EAA0E;IAC1E,0EAA0E;IAC1E,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,GAAG,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC;IAC/E,IAAI,CAAC,CAAC,CAAC,QAAQ;QAAE,MAAM,IAAI,KAAK,CAAC,2BAA2B,IAAI,EAAE,CAAC,CAAC;IAEpE,MAAM,KAAK,GAAG,kBAAkB,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IACrF,IAAI,CAAC,KAAK;QAAE,MAAM,IAAI,KAAK,CAAC,mDAAmD,IAAI,EAAE,CAAC,CAAC;IAEvF,MAAM,OAAO,GAAG,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAChF,MAAM,QAAQ,GAAG,OAAO;QACtB,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC;QACzD,CAAC,CAAC,SAAS,CAAC;IAEd,MAAM,IAAI,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACrE,MAAM,IAAI,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAErE,OAAO;QACL,OAAO,EAAE,UAAU,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,IAAI,IAAI,MAAM,EAAE;QACnD,KAAK;QACL,QAAQ;QACR,GAAG;QACH,qEAAqE;QACrE,KAAK,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS;QACvC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS;QAC7B,IAAI,EAAE,IAAI,IAAI,SAAS;KACxB,CAAC;AACJ,CAAC;AAED,0EAA0E;AAC1E,MAAM,UAAU,cAAc,CAAC,IAO9B;IACC,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC;IAC7C,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;IACpE,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAC9C,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC,YAAY,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IACjF,OAAO,GAAG,MAAM,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,GAAG,IAAI,IAAI,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,KAAK,EAAE,CAAC;AAC5F,CAAC"}

package/dist/provision.d.ts

@@ -0,0 +1,68 @@
+import type { Identity } from "./identity.js";
+/** Cred profiles (per the plan's class table). Demo-1 mints all permissively; steps 5–7
+ *  scope each one — at which point the manager MUST already hold its own privileged
+ *  profile (broad: pre-create others' DM durables, serve ctl), not "agent", or it
+ *  silently loses those powers the moment "agent" is tightened. */
+export type Profile = "agent" | "observer" | "admin" | "manager";
+/** A space's persisted trust material. The `signingSeed` is the sensitive provisioner
+ *  secret; everything else is public (JWTs) or recoverable. */
+export interface SpaceAuth {
+    space: string;
+    operator: {
+        seed: string;
+        jwt: string;
+    };
+    account: {
+        pub: string;
+        seed: string;
+        jwt: string;
+        signingSeed: string;
+        signingPub: string;
+    };
+    sys: {
+        pub: string;
+        jwt: string;
+    };
+}
+/** Generate a fresh operator → account(+signing key) → system-account chain for a space. */
+export declare function createSpaceAuth(space: string): Promise<SpaceAuth>;
+/** Options shaping a minted user's permissions. */
+export interface MintOpts {
+    /** Channels an "agent" may publish to (the agent file's `publish:` allow-list, already
+     *  resolved by the caller). Each is run through the chat-subject builder so a wildcard
+     *  subtree like `team.>` becomes `chat.<id>.team.>`. Defaults to `["general"]`. */
+    channels?: string[];
+    /** The agent's role — scopes its TASK-queue consumer to svc_<role>. */
+    role?: string;
+    /** Control service the agent may address. Defaults to `"manager"`. */
+    manager?: string;
+}
+/** The privileged onboarding ops a launcher needs — implemented by a connected, permissive
+ *  endpoint (the manager, or a short-lived provisioner that `cotal spawn` opens). */
+export interface DurableProvisioner {
+    provisionDmInbox(id: string): Promise<void>;
+    provisionTaskQueue(role: string): Promise<void>;
+}
+/** Onboard an agent for launch (auth mode): pre-create its bind-only DM (+ role TASK) durables
+ *  and mint its scoped creds. The single shared step so every launcher — the manager and
+ *  `cotal spawn` alike — provisions identically (manager not special). */
+export declare function provisionAgent(provisioner: DurableProvisioner, auth: SpaceAuth, identity: Identity, opts?: MintOpts): Promise<string>;
+/** Mint a user creds file for an agent {@link Identity} (its stable id+seed from
+ *  {@link newIdentity}). The account signing key signs over ONLY the public key
+ *  (`fromPublic`) — the agent seed is never part of the signature, it's only folded into
+ *  the resulting creds file. The "agent" profile is scoped to publish only as itself and
+ *  only to its declared channels (the channel-restriction enforcement); "manager" and
+ *  "observer" stay permissive here and are scoped in steps 6–7. */
+export declare function mintCreds(auth: SpaceAuth, identity: Identity, profile: Profile, opts?: MintOpts): Promise<string>;
+/** Render the `nats-server` config that trusts this space's operator and serves its
+ *  accounts via the in-config MEMORY resolver. */
+export declare function serverConfig(auth: SpaceAuth, opts: {
+    port?: number;
+    storeDir: string;
+}): string;
+export declare function authDir(root: string): string;
+/** Persist the space trust material. The file holds the signing seed — treat as a secret. */
+export declare function saveSpaceAuth(dir: string, auth: SpaceAuth): void;
+/** Load the space trust material, or undefined if auth was never set up here. */
+export declare function loadSpaceAuth(dir: string): SpaceAuth | undefined;
+//# sourceMappingURL=provision.d.ts.map

package/dist/provision.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"provision.d.ts","sourceRoot":"","sources":["../src/provision.ts"],"names":[],"mappings":"AAwCA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAE9C;;;mEAGmE;AACnE,MAAM,MAAM,OAAO,GAAG,OAAO,GAAG,UAAU,GAAG,OAAO,GAAG,SAAS,CAAC;AAEjE;+DAC+D;AAC/D,MAAM,WAAW,SAAS;IACxB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC;IACxC,OAAO,EAAE;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,CAAC;IAC7F,GAAG,EAAE;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC;CACnC;AAYD,4FAA4F;AAC5F,wBAAsB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CA6BvE;AAED,mDAAmD;AACnD,MAAM,WAAW,QAAQ;IACvB;;uFAEmF;IACnF,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,uEAAuE;IACvE,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,sEAAsE;IACtE,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;qFACqF;AACrF,MAAM,WAAW,kBAAkB;IACjC,gBAAgB,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC5C,kBAAkB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACjD;AAED;;0EAE0E;AAC1E,wBAAsB,cAAc,CAClC,WAAW,EAAE,kBAAkB,EAC/B,IAAI,EAAE,SAAS,EACf,QAAQ,EAAE,QAAQ,EAClB,IAAI,GAAE,QAAa,GAClB,OAAO,CAAC,MAAM,CAAC,CAIjB;AAED;;;;;mEAKmE;AACnE,wBAAsB,SAAS,CAC7B,IAAI,EAAE,SAAS,EACf,QAAQ,EAAE,QAAQ,EAClB,OAAO,EAAE,OAAO,EAChB,IAAI,GAAE,QAAa,GAClB,OAAO,CAAC,MAAM,CAAC,CAYjB;AAmHD;kDACkD;AAClD,wBAAgB,YAAY,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE;IAAE,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,GAAG,MAAM,CAa/F;AAMD,wBAAgB,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAE5C;AAED,6FAA6F;AAC7F,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,GAAG,IAAI,CAGhE;AAED,iFAAiF;AACjF,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,SAAS,GAAG,SAAS,CAIhE"}

package/dist/provision.js

@@ -0,0 +1,204 @@
+/**
+ * The provisioner — the signer capability for a space.
+ *
+ * A space is one NATS *account*; every agent is a *user* in it. This module mints the
+ * decentralized-JWT trust chain (operator → account → user) programmatically with
+ * `@nats-io/jwt`, so there is no dependency on the external `nsc` CLI and the signing
+ * key stays in one place (whoever holds {@link SpaceAuth.account.signingSeed}).
+ *
+ * Demo-1 stage: out-of-band mint. `cotal up` creates the space's trust material
+ * once and writes a `nats-server` config (operator + system account + MEMORY resolver);
+ * `cotal mint` and the manager load that material and mint per-agent creds files. There
+ * is no connect-time token exchange yet (that's the later auth-callout stage).
+ *
+ * NOT yet provided (our job, not nsc's): credential revocation and an issuance audit
+ * trail. Revocation is deferred past Demo 1; minted creds currently have no TTL.
+ */
+import { readFileSync, writeFileSync, mkdirSync, existsSync } from "node:fs";
+import { join } from "node:path";
+import { encodeOperator, encodeAccount, encodeUser, fmtCreds, } from "@nats-io/jwt";
+import { createOperator, createAccount, fromPublic, fromSeed } from "@nats-io/nkeys";
+import { token, spacePrefix, chatSubject, unicastSubject, anycastSubject, controlServiceSubject, chatStream, dmStream, taskStream, chatDurable, dmDurable, taskDurable, presenceBucket, } from "./subjects.js";
+// Unlimited account limits — without explicit limits a JWT account defaults to 0 conns
+// (every connect denied). JetStream needs storage on the data account but MUST stay off
+// the system account (the server refuses to start otherwise).
+const BASE_LIMITS = {
+    subs: -1, conn: -1, leaf: -1, imports: -1, exports: -1,
+    data: -1, payload: -1, wildcards: true,
+};
+const DATA_LIMITS = { ...BASE_LIMITS, mem_storage: -1, disk_storage: -1 };
+const SYS_LIMITS = { ...BASE_LIMITS, mem_storage: 0, disk_storage: 0 };
+/** Generate a fresh operator → account(+signing key) → system-account chain for a space. */
+export async function createSpaceAuth(space) {
+    const okp = createOperator();
+    const akp = createAccount();
+    const askp = createAccount(); // account signing key — what mints users
+    const syskp = createAccount();
+    const sysPub = syskp.getPublicKey();
+    const operatorJwt = await encodeOperator(`cotal-${token(space)}`, okp, { system_account: sysPub });
+    const accountJwt = await encodeAccount(token(space), akp, { signing_keys: [askp.getPublicKey()], limits: DATA_LIMITS }, { signer: okp });
+    const sysJwt = await encodeAccount("SYS", syskp, { limits: SYS_LIMITS }, { signer: okp });
+    const dec = (u) => new TextDecoder().decode(u);
+    return {
+        space,
+        operator: { seed: dec(okp.getSeed()), jwt: operatorJwt },
+        account: {
+            pub: akp.getPublicKey(),
+            seed: dec(akp.getSeed()),
+            jwt: accountJwt,
+            signingSeed: dec(askp.getSeed()),
+            signingPub: askp.getPublicKey(),
+        },
+        sys: { pub: sysPub, jwt: sysJwt },
+    };
+}
+/** Onboard an agent for launch (auth mode): pre-create its bind-only DM (+ role TASK) durables
+ *  and mint its scoped creds. The single shared step so every launcher — the manager and
+ *  `cotal spawn` alike — provisions identically (manager not special). */
+export async function provisionAgent(provisioner, auth, identity, opts = {}) {
+    await provisioner.provisionDmInbox(identity.id);
+    if (opts.role)
+        await provisioner.provisionTaskQueue(opts.role);
+    return mintCreds(auth, identity, "agent", opts);
+}
+/** Mint a user creds file for an agent {@link Identity} (its stable id+seed from
+ *  {@link newIdentity}). The account signing key signs over ONLY the public key
+ *  (`fromPublic`) — the agent seed is never part of the signature, it's only folded into
+ *  the resulting creds file. The "agent" profile is scoped to publish only as itself and
+ *  only to its declared channels (the channel-restriction enforcement); "manager" and
+ *  "observer" stay permissive here and are scoped in steps 6–7. */
+export async function mintCreds(auth, identity, profile, opts = {}) {
+    const signer = fromSeed(new TextEncoder().encode(auth.account.signingSeed));
+    const perms = permissionsFor(profile, auth.space, identity.id, opts);
+    const userJwt = await encodeUser(profile, fromPublic(identity.id), fromPublic(auth.account.pub), perms, { signer });
+    const creds = fmtCreds(userJwt, fromSeed(new TextEncoder().encode(identity.seed)));
+    return new TextDecoder().decode(creds);
+}
+/** Build the NATS user permission object for a profile: a default-deny allow-list scoped to
+ *  exactly what each profile does. "manager" stays permissive (the privileged provisioner
+ *  host). Subject/stream/durable names come from the shared builders so the ACLs can't drift
+ *  from the wire layout. */
+function permissionsFor(profile, space, id, opts) {
+    if (profile === "manager")
+        return {}; // privileged: allow-all defaults
+    const CHAT = chatStream(space), DM = dmStream(space), TASK = taskStream(space);
+    const KV = `KV_${presenceBucket(space)}`;
+    const inbox = `_INBOX_${id}.>`;
+    if (profile === "observer" || profile === "admin") {
+        // Read-only: live feed via tap, history + presence via ephemeral/ordered consumers it
+        // creates on CHAT + the presence KV. No chat/inst/svc/ctl publish → can't post.
+        //   observer — sub chat.> only; DM_<space>/svc never named → DMs + anycast structurally
+        //     invisible (step-6 inbox scoping means it can't sniff deliveries either).
+        //   admin — sub widened to the whole space so the dashboard's tap also sees DMs (inst.>)
+        //     and anycast (svc.>) live, PLUS DM-stream read verbs so it can backfill DM history.
+        //     A deliberate god-view: DMs are plaintext + ACL-gated, so mint this only for a trusted
+        //     audit dashboard. CONSUMER.CREATE on DM_<space> is the DM-confidentiality surface —
+        //     granted here ONLY for this elevated read-only profile, never to agents.
+        const sub = profile === "admin"
+            ? [`${spacePrefix(space)}.>`, inbox]
+            : [`${spacePrefix(space)}.chat.>`, inbox];
+        const allow = [
+            "$JS.API.INFO",
+            `$JS.API.STREAM.INFO.${CHAT}`,
+            `$JS.API.STREAM.INFO.${KV}`,
+            // ephemeral backlog consumer (channelHistory): a multi-filter create can't encode its
+            // filter in the subject → bare form; the .> form covers named consumers.
+            `$JS.API.CONSUMER.CREATE.${CHAT}`,
+            `$JS.API.CONSUMER.CREATE.${CHAT}.>`,
+            `$JS.API.CONSUMER.INFO.${CHAT}.>`,
+            `$JS.API.CONSUMER.MSG.NEXT.${CHAT}.>`,
+            `$JS.ACK.${CHAT}.>`,
+            `$JS.API.CONSUMER.CREATE.${KV}.>`, // kv.watch ordered consumer (roster is public)
+            `$JS.API.CONSUMER.INFO.${KV}.>`,
+            "$JS.FC.>", // ordered-consumer flow control
+        ];
+        if (profile === "admin") {
+            // DM history backfill (dmHistory): same bare-form gotcha as CHAT — filter_subjects is
+            // plural so the create lands on the bare subject; the .> form covers named consumers.
+            allow.push(`$JS.API.STREAM.INFO.${DM}`, `$JS.API.CONSUMER.CREATE.${DM}`, `$JS.API.CONSUMER.CREATE.${DM}.>`, `$JS.API.CONSUMER.INFO.${DM}.>`, `$JS.API.CONSUMER.MSG.NEXT.${DM}.>`, `$JS.ACK.${DM}.>`);
+        }
+        return { sub: { allow: sub }, pub: { allow } };
+    }
+    // ---- agent ----
+    const channels = opts.channels?.length ? opts.channels : ["general"];
+    const manager = opts.manager ?? "manager";
+    const chatD = chatDurable(id), dmD = dmDurable(id);
+    const svcD = opts.role ? taskDurable(opts.role) : undefined;
+    const pubAllow = [
+        // peer subjects — identity + channel scope (step 5), built from the real builders.
+        ...channels.map((ch) => chatSubject(space, id, ch)),
+        unicastSubject(space, "*", id), //  inst.*.<id>   — DM any instance, as me
+        anycastSubject(space, "*", id), //  svc.*.<id>    — anycast any role, as me
+        controlServiceSubject(space, manager, id), // ctl.<mgr>.<id>
+        // JetStream control plane — scoped to this agent's own streams/durables.
+        "$JS.API.INFO",
+        `$JS.API.STREAM.INFO.${CHAT}`, `$JS.API.STREAM.INFO.${DM}`, `$JS.API.STREAM.INFO.${TASK}`, `$JS.API.STREAM.INFO.${KV}`,
+        // CHAT consumer: self-create (chat is world-readable, so name-scope is enough).
+        `$JS.API.CONSUMER.DURABLE.CREATE.${CHAT}.${chatD}`,
+        `$JS.API.CONSUMER.INFO.${CHAT}.${chatD}`,
+        `$JS.API.CONSUMER.MSG.NEXT.${CHAT}.${chatD}`,
+        `$JS.ACK.${CHAT}.${chatD}.>`,
+        // DM consumer: BIND ONLY — info/fetch/ack its own pre-created durable, never create.
+        `$JS.API.CONSUMER.INFO.${DM}.${dmD}`,
+        `$JS.API.CONSUMER.MSG.NEXT.${DM}.${dmD}`,
+        `$JS.ACK.${DM}.${dmD}.>`,
+        // Presence: watch (read, public roster) + flow control + PUT OWN KEY ONLY.
+        `$JS.API.CONSUMER.CREATE.${KV}.>`,
+        `$JS.API.CONSUMER.INFO.${KV}.>`,
+        "$JS.FC.>",
+        `$KV.${presenceBucket(space)}.${id}`, // own presence key only — can't spoof peers
+    ];
+    if (svcD) {
+        // TASK consumer: BIND ONLY its own role's pre-created durable (svc_<role>). Like DM, the
+        // create-time filter_subject isn't reliably ACL-constrainable, so no create path is
+        // allowed — the privileged provisioner pre-creates svc_<role> filtered to svc.<role>.*.
+        pubAllow.push(`$JS.API.CONSUMER.INFO.${TASK}.${svcD}`, `$JS.API.CONSUMER.MSG.NEXT.${TASK}.${svcD}`, `$JS.ACK.${TASK}.${svcD}.>`);
+    }
+    // Explicit create-deny (defense-in-depth over default-deny) on the two streams whose
+    // create-time filter_subject is the attack surface — DM (private content) and TASK
+    // (cross-role work-stealing). Covers the bare ephemeral form (no trailing token), the
+    // named/new-API form, and the old durable form. No create path on either stream.
+    const pubDeny = [
+        `$JS.API.CONSUMER.CREATE.${DM}`,
+        `$JS.API.CONSUMER.CREATE.${DM}.>`,
+        `$JS.API.CONSUMER.DURABLE.CREATE.${DM}.>`,
+        `$JS.API.CONSUMER.CREATE.${TASK}`,
+        `$JS.API.CONSUMER.CREATE.${TASK}.>`,
+        `$JS.API.CONSUMER.DURABLE.CREATE.${TASK}.>`,
+    ];
+    return { pub: { allow: pubAllow, deny: pubDeny }, sub: { allow: [inbox] } };
+}
+/** Render the `nats-server` config that trusts this space's operator and serves its
+ *  accounts via the in-config MEMORY resolver. */
+export function serverConfig(auth, opts) {
+    const port = opts.port ?? 4222;
+    return `# Generated by \`cotal up\` — do not edit by hand.
+port: ${port}
+jetstream { store_dir: ${JSON.stringify(opts.storeDir)} }
+operator: ${auth.operator.jwt}
+system_account: ${auth.sys.pub}
+resolver: MEMORY
+resolver_preload: {
+  ${auth.account.pub}: ${auth.account.jwt}
+  ${auth.sys.pub}: ${auth.sys.jwt}
+}
+`;
+}
+// ---- persistence (.cotal/auth) ------------------------------------------------
+const AUTH_FILE = "auth.json";
+export function authDir(root) {
+    return join(root, ".cotal", "auth");
+}
+/** Persist the space trust material. The file holds the signing seed — treat as a secret. */
+export function saveSpaceAuth(dir, auth) {
+    mkdirSync(dir, { recursive: true });
+    writeFileSync(join(dir, AUTH_FILE), JSON.stringify(auth, null, 2), { mode: 0o600 });
+}
+/** Load the space trust material, or undefined if auth was never set up here. */
+export function loadSpaceAuth(dir) {
+    const f = join(dir, AUTH_FILE);
+    if (!existsSync(f))
+        return undefined;
+    return JSON.parse(readFileSync(f, "utf8"));
+}
+//# sourceMappingURL=provision.js.map

package/dist/provision.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"provision.js","sourceRoot":"","sources":["../src/provision.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AACH,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAC7E,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EACL,cAAc,EACd,aAAa,EACb,UAAU,EACV,QAAQ,GACT,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AACrF,OAAO,EACL,KAAK,EACL,WAAW,EACX,WAAW,EACX,cAAc,EACd,cAAc,EACd,qBAAqB,EACrB,UAAU,EACV,QAAQ,EACR,UAAU,EACV,WAAW,EACX,SAAS,EACT,WAAW,EACX,cAAc,GACf,MAAM,eAAe,CAAC;AAkBvB,uFAAuF;AACvF,wFAAwF;AACxF,8DAA8D;AAC9D,MAAM,WAAW,GAAG;IAClB,IAAI,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC;IACtD,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,EAAE,SAAS,EAAE,IAAI;CAC9B,CAAC;AACX,MAAM,WAAW,GAAG,EAAE,GAAG,WAAW,EAAE,WAAW,EAAE,CAAC,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC,EAAE,CAAC;AAC1E,MAAM,UAAU,GAAG,EAAE,GAAG,WAAW,EAAE,WAAW,EAAE,CAAC,EAAE,YAAY,EAAE,CAAC,EAAE,CAAC;AAEvE,4FAA4F;AAC5F,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,KAAa;IACjD,MAAM,GAAG,GAAG,cAAc,EAAE,CAAC;IAC7B,MAAM,GAAG,GAAG,aAAa,EAAE,CAAC;IAC5B,MAAM,IAAI,GAAG,aAAa,EAAE,CAAC,CAAC,yCAAyC;IACvE,MAAM,KAAK,GAAG,aAAa,EAAE,CAAC;IAC9B,MAAM,MAAM,GAAG,KAAK,CAAC,YAAY,EAAE,CAAC;IAEpC,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,SAAS,KAAK,CAAC,KAAK,CAAC,EAAE,EAAE,GAAG,EAAE,EAAE,cAAc,EAAE,MAAM,EAAE,CAAC,CAAC;IACnG,MAAM,UAAU,GAAG,MAAM,aAAa,CACpC,KAAK,CAAC,KAAK,CAAC,EACZ,GAAG,EACH,EAAE,YAAY,EAAE,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,EAC5D,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;IACF,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;IAE1F,MAAM,GAAG,GAAG,CAAC,CAAa,EAAE,EAAE,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IAC3D,OAAO;QACL,KAAK;QACL,QAAQ,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC,EAAE,GAAG,EAAE,WAAW,EAAE;QACxD,OAAO,EAAE;YACP,GAAG,EAAE,GAAG,CAAC,YAAY,EAAE;YACvB,IAAI,EAAE,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;YACxB,GAAG,EAAE,UAAU;YACf,WAAW,EAAE,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAChC,UAAU,EAAE,IAAI,CAAC,YAAY,EAAE;SAChC;QACD,GAAG,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE;KAClC,CAAC;AACJ,CAAC;AAqBD;;0EAE0E;AAC1E,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,WAA+B,EAC/B,IAAe,EACf,QAAkB,EAClB,OAAiB,EAAE;IAEnB,MAAM,WAAW,CAAC,gBAAgB,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IAChD,IAAI,IAAI,CAAC,IAAI;QAAE,MAAM,WAAW,CAAC,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC/D,OAAO,SAAS,CAAC,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;AAClD,CAAC;AAED;;;;;mEAKmE;AACnE,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,IAAe,EACf,QAAkB,EAClB,OAAgB,EAChB,OAAiB,EAAE;IAEnB,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC;IAC5E,MAAM,KAAK,GAAG,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;IACrE,MAAM,OAAO,GAAG,MAAM,UAAU,CAC9B,OAAO,EACP,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC,EACvB,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,EAC5B,KAAK,EACL,EAAE,MAAM,EAAE,CACX,CAAC;IACF,MAAM,KAAK,GAAG,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACnF,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACzC,CAAC;AAED;;;4BAG4B;AAC5B,SAAS,cAAc,CACrB,OAAgB,EAChB,KAAa,EACb,EAAU,EACV,IAAc;IAEd,IAAI,OAAO,KAAK,SAAS;QAAE,OAAO,EAAE,CAAC,CAAC,iCAAiC;IACvE,MAAM,IAAI,GAAG,UAAU,CAAC,KAAK,CAAC,EAAE,EAAE,GAAG,QAAQ,CAAC,KAAK,CAAC,EAAE,IAAI,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC;IAC/E,MAAM,EAAE,GAAG,MAAM,cAAc,CAAC,KAAK,CAAC,EAAE,CAAC;IACzC,MAAM,KAAK,GAAG,UAAU,EAAE,IAAI,CAAC;IAE/B,IAAI,OAAO,KAAK,UAAU,IAAI,OAAO,KAAK,OAAO,EAAE,CAAC;QAClD,sFAAsF;QACtF,gFAAgF;QAChF,wFAAwF;QACxF,+EAA+E;QAC/E,yFAAyF;QACzF,yFAAyF;QACzF,4FAA4F;QAC5F,yFAAyF;QACzF,8EAA8E;QAC9E,MAAM,GAAG,GACP,OAAO,KAAK,OAAO;YACjB,CAAC,CAAC,CAAC,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC;YACpC,CAAC,CAAC,CAAC,GAAG,WAAW,CAAC,KAAK,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;QAC9C,MAAM,KAAK,GAAG;YACZ,cAAc;YACd,uBAAuB,IAAI,EAAE;YAC7B,uBAAuB,EAAE,EAAE;YAC3B,sFAAsF;YACtF,yEAAyE;YACzE,2BAA2B,IAAI,EAAE;YACjC,2BAA2B,IAAI,IAAI;YACnC,yBAAyB,IAAI,IAAI;YACjC,6BAA6B,IAAI,IAAI;YACrC,WAAW,IAAI,IAAI;YACnB,2BAA2B,EAAE,IAAI,EAAE,+CAA+C;YAClF,yBAAyB,EAAE,IAAI;YAC/B,UAAU,EAAE,gCAAgC;SAC7C,CAAC;QACF,IAAI,OAAO,KAAK,OAAO,EAAE,CAAC;YACxB,sFAAsF;YACtF,sFAAsF;YACtF,KAAK,CAAC,IAAI,CACR,uBAAuB,EAAE,EAAE,EAC3B,2BAA2B,EAAE,EAAE,EAC/B,2BAA2B,EAAE,IAAI,EACjC,yBAAyB,EAAE,IAAI,EAC/B,6BAA6B,EAAE,IAAI,EACnC,WAAW,EAAE,IAAI,CAClB,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,EAAE,CAAC;IACjD,CAAC;IAED,kBAAkB;IAClB,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IACrE,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,SAAS,CAAC;IAC1C,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,CAAC,EAAE,GAAG,GAAG,SAAS,CAAC,EAAE,CAAC,CAAC;IACnD,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC5D,MAAM,QAAQ,GAAG;QACf,mFAAmF;QACnF,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;QACnD,cAAc,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE,CAAC,EAAE,0CAA0C;QAC1E,cAAc,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE,CAAC,EAAE,2CAA2C;QAC3E,qBAAqB,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE,CAAC,EAAE,iBAAiB;QAC5D,yEAAyE;QACzE,cAAc;QACd,uBAAuB,IAAI,EAAE,EAAE,uBAAuB,EAAE,EAAE,EAAE,uBAAuB,IAAI,EAAE,EAAE,uBAAuB,EAAE,EAAE;QACtH,gFAAgF;QAChF,mCAAmC,IAAI,IAAI,KAAK,EAAE;QAClD,yBAAyB,IAAI,IAAI,KAAK,EAAE;QACxC,6BAA6B,IAAI,IAAI,KAAK,EAAE;QAC5C,WAAW,IAAI,IAAI,KAAK,IAAI;QAC5B,qFAAqF;QACrF,yBAAyB,EAAE,IAAI,GAAG,EAAE;QACpC,6BAA6B,EAAE,IAAI,GAAG,EAAE;QACxC,WAAW,EAAE,IAAI,GAAG,IAAI;QACxB,2EAA2E;QAC3E,2BAA2B,EAAE,IAAI;QACjC,yBAAyB,EAAE,IAAI;QAC/B,UAAU;QACV,OAAO,cAAc,CAAC,KAAK,CAAC,IAAI,EAAE,EAAE,EAAE,4CAA4C;KACnF,CAAC;IACF,IAAI,IAAI,EAAE,CAAC;QACT,yFAAyF;QACzF,oFAAoF;QACpF,wFAAwF;QACxF,QAAQ,CAAC,IAAI,CACX,yBAAyB,IAAI,IAAI,IAAI,EAAE,EACvC,6BAA6B,IAAI,IAAI,IAAI,EAAE,EAC3C,WAAW,IAAI,IAAI,IAAI,IAAI,CAC5B,CAAC;IACJ,CAAC;IACD,qFAAqF;IACrF,mFAAmF;IACnF,sFAAsF;IACtF,iFAAiF;IACjF,MAAM,OAAO,GAAG;QACd,2BAA2B,EAAE,EAAE;QAC/B,2BAA2B,EAAE,IAAI;QACjC,mCAAmC,EAAE,IAAI;QACzC,2BAA2B,IAAI,EAAE;QACjC,2BAA2B,IAAI,IAAI;QACnC,mCAAmC,IAAI,IAAI;KAC5C,CAAC;IACF,OAAO,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC;AAC9E,CAAC;AAED;kDACkD;AAClD,MAAM,UAAU,YAAY,CAAC,IAAe,EAAE,IAAyC;IACrF,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC;IAC/B,OAAO;QACD,IAAI;yBACa,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC;YAC1C,IAAI,CAAC,QAAQ,CAAC,GAAG;kBACX,IAAI,CAAC,GAAG,CAAC,GAAG;;;IAG1B,IAAI,CAAC,OAAO,CAAC,GAAG,KAAK,IAAI,CAAC,OAAO,CAAC,GAAG;IACrC,IAAI,CAAC,GAAG,CAAC,GAAG,KAAK,IAAI,CAAC,GAAG,CAAC,GAAG;;CAEhC,CAAC;AACF,CAAC;AAED,kFAAkF;AAElF,MAAM,SAAS,GAAG,WAAW,CAAC;AAE9B,MAAM,UAAU,OAAO,CAAC,IAAY;IAClC,OAAO,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;AACtC,CAAC;AAED,6FAA6F;AAC7F,MAAM,UAAU,aAAa,CAAC,GAAW,EAAE,IAAe;IACxD,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACpC,aAAa,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;AACtF,CAAC;AAED,iFAAiF;AACjF,MAAM,UAAU,aAAa,CAAC,GAAW;IACvC,MAAM,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;IAC/B,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;QAAE,OAAO,SAAS,CAAC;IACrC,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,EAAE,MAAM,CAAC,CAAc,CAAC;AAC1D,CAAC"}

package/dist/registry.d.ts

@@ -0,0 +1,24 @@
+/**
+ * A typed registry of extensions, keyed by `kind:name`. Implementations
+ * **self-register** their extensions (connectors, commands …) as a side-effect of
+ * import; composition roots just import the packages they want and then resolve.
+ *
+ * Core stays ignorant of which extensions exist: they plug into the registry, not
+ * the other way round. An unknown extension throws — no silent fallback.
+ */
+export interface Extension {
+    readonly kind: string;
+    readonly name: string;
+}
+export declare class Registry {
+    #private;
+    /** Register one or more extensions. A duplicate `kind:name` throws. */
+    register(...exts: Extension[]): void;
+    /** Resolve one extension by kind + name. Unknown throws. */
+    resolve<T extends Extension>(kind: T["kind"], name: string): T;
+    /** Every registered extension of a kind (e.g. all commands, for CLI dispatch). */
+    all<T extends Extension>(kind: T["kind"]): T[];
+}
+/** The process-wide registry. Implementations self-register into it on import. */
+export declare const registry: Registry;
+//# sourceMappingURL=registry.d.ts.map

package/dist/registry.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"registry.d.ts","sourceRoot":"","sources":["../src/registry.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,MAAM,WAAW,SAAS;IACxB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;CACvB;AAED,qBAAa,QAAQ;;IAGnB,uEAAuE;IACvE,QAAQ,CAAC,GAAG,IAAI,EAAE,SAAS,EAAE,GAAG,IAAI;IAQpC,4DAA4D;IAC5D,OAAO,CAAC,CAAC,SAAS,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,MAAM,GAAG,CAAC;IAM9D,kFAAkF;IAClF,GAAG,CAAC,CAAC,SAAS,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE;CAG/C;AAED,kFAAkF;AAClF,eAAO,MAAM,QAAQ,UAAiB,CAAC"}

package/dist/registry.js

@@ -0,0 +1,26 @@
+export class Registry {
+    #byKey = new Map();
+    /** Register one or more extensions. A duplicate `kind:name` throws. */
+    register(...exts) {
+        for (const ext of exts) {
+            const key = `${ext.kind}:${ext.name}`;
+            if (this.#byKey.has(key))
+                throw new Error(`extension already registered: ${key}`);
+            this.#byKey.set(key, ext);
+        }
+    }
+    /** Resolve one extension by kind + name. Unknown throws. */
+    resolve(kind, name) {
+        const ext = this.#byKey.get(`${kind}:${name}`);
+        if (!ext)
+            throw new Error(`no ${kind} registered for "${name}"`);
+        return ext;
+    }
+    /** Every registered extension of a kind (e.g. all commands, for CLI dispatch). */
+    all(kind) {
+        return [...this.#byKey.values()].filter((e) => e.kind === kind);
+    }
+}
+/** The process-wide registry. Implementations self-register into it on import. */
+export const registry = new Registry();
+//# sourceMappingURL=registry.js.map

package/dist/registry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"registry.js","sourceRoot":"","sources":["../src/registry.ts"],"names":[],"mappings":"AAaA,MAAM,OAAO,QAAQ;IACnB,MAAM,GAAG,IAAI,GAAG,EAAqB,CAAC;IAEtC,uEAAuE;IACvE,QAAQ,CAAC,GAAG,IAAiB;QAC3B,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,MAAM,GAAG,GAAG,GAAG,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;YACtC,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,MAAM,IAAI,KAAK,CAAC,iCAAiC,GAAG,EAAE,CAAC,CAAC;YAClF,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC;IAED,4DAA4D;IAC5D,OAAO,CAAsB,IAAe,EAAE,IAAY;QACxD,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,IAAI,IAAI,IAAI,EAAE,CAAC,CAAC;QAC/C,IAAI,CAAC,GAAG;YAAE,MAAM,IAAI,KAAK,CAAC,MAAM,IAAI,oBAAoB,IAAI,GAAG,CAAC,CAAC;QACjE,OAAO,GAAQ,CAAC;IAClB,CAAC;IAED,kFAAkF;IAClF,GAAG,CAAsB,IAAe;QACtC,OAAO,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAQ,CAAC;IACzE,CAAC;CACF;AAED,kFAAkF;AAClF,MAAM,CAAC,MAAM,QAAQ,GAAG,IAAI,QAAQ,EAAE,CAAC"}

package/dist/streams.d.ts

@@ -0,0 +1,47 @@
+import { type ConsumerConfig, type JetStreamManager } from "@nats-io/jetstream";
+/**
+ * Create (idempotently) the three backing streams for a space — CHAT (multicast backlog +
+ * history), DM (per-instance inboxes), TASK (anycast work queue).
+ *
+ * This is **privileged**: under auth mode `STREAM.CREATE` is denied to regular agents
+ * (streams are space infrastructure, not per-agent), so it runs once at setup
+ * (`cotal up`) or from a permissive endpoint. The single source of the stream
+ * definitions, shared by the endpoint and the setup path so they can't diverge.
+ */
+export declare function createSpaceStreams(jsm: JetStreamManager, space: string): Promise<void>;
+/**
+ * The DM inbox durable for an instance — ONE definition, used both by the privileged
+ * pre-create (manager/provisioner, auth mode) and the endpoint's open-mode self-create, so
+ * an idempotent re-add can never error on a config delta. The `filter_subject` binds the
+ * durable to inst.<id>.* — only the privileged creator sets it, which is the whole point:
+ * an agent can't create a durable filtered to someone else's inbox.
+ *
+ * `inactive_threshold` is set ONLY when the caller passes one — i.e. the open-mode
+ * self-create, where the agent owns the durable and a threshold cleanly retires its inbox
+ * after it departs. The privileged auth pre-create OMITS it: the agent BINDS-only and is
+ * denied CONSUMER.CREATE, so a threshold would retire the durable before a late/relaunched
+ * agent binds it, and the bind would then fail permanently ("consumer not found"). Persisting
+ * it is the price of bind-only; explicit cleanup on agent-stop is a follow-up.
+ */
+export declare function dmDurableConfig(space: string, id: string, opts?: {
+    ackWaitMs?: number;
+    inactiveThresholdMs?: number;
+}): Partial<ConsumerConfig>;
+/**
+ * The TASK work-queue durable for a role — ONE definition, shared by the privileged
+ * pre-create (auth mode) and the endpoint's open-mode self-create. The durable is shared
+ * across all instances of a role (queue group); the privileged creator sets the
+ * filter_subject to svc.<role>.* so an agent can't bind a consumer filtered to another
+ * role's queue (the same create-time-filter attack surface as DM). Idempotent per role.
+ */
+export declare function taskDurableConfig(space: string, role: string, opts?: {
+    ackWaitMs?: number;
+}): Partial<ConsumerConfig>;
+/** Connect with the given (privileged) creds, create the space's streams, and disconnect.
+ *  Used by `cotal up` to pre-create streams once at setup. */
+export declare function setupSpaceStreams(opts: {
+    servers: string;
+    space: string;
+    creds: string;
+}): Promise<void>;
+//# sourceMappingURL=streams.d.ts.map

package/dist/streams.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"streams.d.ts","sourceRoot":"","sources":["../src/streams.ts"],"names":[],"mappings":"AAAA,OAAO,EAOL,KAAK,cAAc,EACnB,KAAK,gBAAgB,EACtB,MAAM,oBAAoB,CAAC;AAkB5B;;;;;;;;GAQG;AACH,wBAAsB,kBAAkB,CACtC,GAAG,EAAE,gBAAgB,EACrB,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,IAAI,CAAC,CAsBf;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,eAAe,CAC7B,KAAK,EAAE,MAAM,EACb,EAAE,EAAE,MAAM,EACV,IAAI,GAAE;IAAE,SAAS,CAAC,EAAE,MAAM,CAAC;IAAC,mBAAmB,CAAC,EAAE,MAAM,CAAA;CAAO,GAC9D,OAAO,CAAC,cAAc,CAAC,CAUzB;AAED;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAC/B,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,MAAM,EACZ,IAAI,GAAE;IAAE,SAAS,CAAC,EAAE,MAAM,CAAA;CAAO,GAChC,OAAO,CAAC,cAAc,CAAC,CAOzB;AAED;8DAC8D;AAC9D,wBAAsB,iBAAiB,CAAC,IAAI,EAAE;IAC5C,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf,GAAG,OAAO,CAAC,IAAI,CAAC,CAahB"}