@emilia-protocol/sdk 0.1.0 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (17) hide show
  1. package/README.md +810 -0
  2. package/dist/client.d.ts +540 -0
  3. package/dist/client.d.ts.map +1 -0
  4. package/dist/client.js +740 -0
  5. package/dist/client.js.map +1 -0
  6. package/dist/index.d.ts +512 -189
  7. package/dist/index.d.ts.map +1 -0
  8. package/dist/index.js +317 -139
  9. package/dist/index.js.map +1 -0
  10. package/dist/types.d.ts +508 -0
  11. package/dist/types.d.ts.map +1 -0
  12. package/dist/types.js +35 -0
  13. package/dist/types.js.map +1 -0
  14. package/package.json +28 -11
  15. package/src/client.ts +920 -0
  16. package/src/index.ts +932 -0
  17. package/src/types.ts +640 -0
package/dist/client.js ADDED
@@ -0,0 +1,740 @@
1
+ // ============================================================================
2
+ // EMILIA Protocol — TypeScript Client
3
+ // ============================================================================
4
+ import { EPError } from './types.js';
5
+ const SDK_VERSION = '1.0.0';
6
+ const DEFAULT_BASE_URL = 'https://emiliaprotocol.ai';
7
+ const DEFAULT_TIMEOUT = 30_000;
8
+ // ----------------------------------------------------------------------------
9
+ // EPClient
10
+ // ----------------------------------------------------------------------------
11
+ /**
12
+ * Client for the EMILIA Protocol API.
13
+ *
14
+ * All public methods return typed promises and throw `EPError` on failure.
15
+ *
16
+ * @example
17
+ * ```typescript
18
+ * import { EPClient } from '@emilia-protocol/sdk';
19
+ *
20
+ * const ep = new EPClient({ apiKey: process.env.EP_API_KEY });
21
+ *
22
+ * const profile = await ep.trustProfile('merchant-xyz');
23
+ * console.log(profile.current_confidence); // "confident"
24
+ * ```
25
+ */
26
+ export class EPClient {
27
+ baseUrl;
28
+ apiKey;
29
+ timeout;
30
+ fetchImpl;
31
+ constructor(options = {}) {
32
+ this.baseUrl = (options.baseUrl ??
33
+ (typeof process !== 'undefined' ? process.env['EP_BASE_URL'] : undefined) ??
34
+ DEFAULT_BASE_URL).replace(/\/+$/, '');
35
+ this.apiKey =
36
+ options.apiKey ??
37
+ (typeof process !== 'undefined' ? process.env['EP_API_KEY'] : undefined) ??
38
+ '';
39
+ this.timeout = options.timeout ?? DEFAULT_TIMEOUT;
40
+ this.fetchImpl = options.fetchImpl ?? fetch;
41
+ }
42
+ // --------------------------------------------------------------------------
43
+ // Core fetch implementation
44
+ // --------------------------------------------------------------------------
45
+ async request(path, options = {}) {
46
+ // Build URL with query params
47
+ let url = `${this.baseUrl}${path}`;
48
+ if (options.params) {
49
+ const entries = Object.entries(options.params).filter(([, v]) => v !== undefined && v !== null);
50
+ if (entries.length > 0) {
51
+ url += `?${new URLSearchParams(entries.map(([k, v]) => [k, String(v)]))}`;
52
+ }
53
+ }
54
+ const headers = {
55
+ 'Content-Type': 'application/json',
56
+ 'User-Agent': `@emilia-protocol/sdk/${SDK_VERSION}`,
57
+ };
58
+ if (options.auth && this.apiKey) {
59
+ headers['Authorization'] = `Bearer ${this.apiKey}`;
60
+ }
61
+ const controller = new AbortController();
62
+ const timer = setTimeout(() => controller.abort(), this.timeout);
63
+ try {
64
+ const res = await this.fetchImpl(url, {
65
+ method: options.method ?? 'GET',
66
+ headers,
67
+ body: options.body !== undefined ? JSON.stringify(options.body) : undefined,
68
+ signal: controller.signal,
69
+ });
70
+ // Parse JSON regardless of status so we can surface API error messages
71
+ const data = await res.json().catch(() => undefined);
72
+ if (!res.ok) {
73
+ const payload = data;
74
+ const message = typeof payload?.['error'] === 'string'
75
+ ? payload['error']
76
+ : `EP API error: ${res.status}`;
77
+ const code = typeof payload?.['code'] === 'string' ? payload['code'] : undefined;
78
+ throw new EPError(message, res.status, code);
79
+ }
80
+ return data;
81
+ }
82
+ catch (err) {
83
+ if (err instanceof EPError)
84
+ throw err;
85
+ // AbortError → timeout
86
+ if (err instanceof Error && err.name === 'AbortError') {
87
+ throw new EPError(`Request timed out after ${this.timeout}ms`, undefined, 'timeout');
88
+ }
89
+ throw new EPError(err instanceof Error ? err.message : 'Unknown network error', undefined, 'network_error');
90
+ }
91
+ finally {
92
+ clearTimeout(timer);
93
+ }
94
+ }
95
+ // --------------------------------------------------------------------------
96
+ // Trust Profile & Evaluation
97
+ // --------------------------------------------------------------------------
98
+ /**
99
+ * Get an entity's full trust profile.
100
+ *
101
+ * This is the CANONICAL read surface for EP trust data. Call this before
102
+ * transacting with any counterparty or installing any software.
103
+ *
104
+ * @example
105
+ * ```typescript
106
+ * const profile = await ep.trustProfile('merchant-xyz');
107
+ * console.log(profile.current_confidence); // "confident"
108
+ * console.log(profile.trust_profile?.behavioral?.completion_rate); // 97.2
109
+ * ```
110
+ */
111
+ async trustProfile(entityId) {
112
+ return this.request(`/api/trust/profile/${encodeURIComponent(entityId)}`);
113
+ }
114
+ /**
115
+ * Evaluate an entity against a named trust policy.
116
+ *
117
+ * Returns a canonical TrustDecision with detailed reasoning.
118
+ * Supply `context` for context-aware evaluation (geo, category, value_band, etc.).
119
+ *
120
+ * @example
121
+ * ```typescript
122
+ * const result = await ep.trustEvaluate('merchant-xyz', 'strict', {
123
+ * category: 'furniture',
124
+ * geo: 'US-CA',
125
+ * value_band: 'high',
126
+ * });
127
+ * if (result.decision !== 'allow') console.warn('Reasons:', result.reasons);
128
+ * ```
129
+ */
130
+ async trustEvaluate(entityId, policy = 'standard', context) {
131
+ return this.request('/api/trust/evaluate', {
132
+ method: 'POST',
133
+ body: {
134
+ entity_id: entityId,
135
+ policy,
136
+ ...(context ? { context } : {}),
137
+ },
138
+ });
139
+ }
140
+ /**
141
+ * Pre-action trust gate — call before any high-stakes autonomous action.
142
+ *
143
+ * Combines trust evaluation with delegation verification in a single call.
144
+ * The gate returns allow/review/deny with appeal paths for non-allow decisions.
145
+ *
146
+ * @example
147
+ * ```typescript
148
+ * const gate = await ep.trustGate({
149
+ * entityId: 'payment-agent-v2',
150
+ * action: 'execute_payment',
151
+ * policy: 'strict',
152
+ * valueUsd: 500,
153
+ * });
154
+ * if (gate.decision !== 'allow') throw new Error(`Blocked: ${gate.reasons?.join(', ')}`);
155
+ * ```
156
+ */
157
+ async trustGate(options) {
158
+ return this.request('/api/trust/gate', {
159
+ method: 'POST',
160
+ body: {
161
+ entity_id: options.entityId,
162
+ action: options.action,
163
+ policy: options.policy ?? 'standard',
164
+ value_usd: options.valueUsd ?? null,
165
+ delegation_id: options.delegationId ?? null,
166
+ },
167
+ });
168
+ }
169
+ /**
170
+ * Get domain-specific trust scores for an entity.
171
+ *
172
+ * Optionally filter to a subset of domains. Useful when you need trust
173
+ * context scoped to a specific action category (e.g. "financial" before
174
+ * authorizing a payment).
175
+ *
176
+ * @example
177
+ * ```typescript
178
+ * const scores = await ep.domainScore('agent-v2', ['financial', 'delegation']);
179
+ * console.log(scores.domains.financial?.confidence); // "confident"
180
+ * ```
181
+ */
182
+ async domainScore(entityId, domains) {
183
+ return this.request(`/api/trust/domain-score/${encodeURIComponent(entityId)}`, { params: domains?.length ? { domains: domains.join(',') } : undefined });
184
+ }
185
+ /**
186
+ * EP-SX: Software pre-action enforcement check (experimental).
187
+ *
188
+ * Evaluates a software entity (MCP server, npm package, browser extension,
189
+ * GitHub App, Shopify App, etc.) for installation safety. Returns allow/
190
+ * review/deny with publisher verification, permission class, and provenance.
191
+ *
192
+ * @example
193
+ * ```typescript
194
+ * const preflight = await ep.installPreflight(
195
+ * 'mcp-server-acme-v1',
196
+ * 'mcp_server_safe_v1',
197
+ * { host: 'claude-desktop', permission_class: 'bounded_external_access' },
198
+ * );
199
+ * if (preflight.decision === 'deny') throw new Error('Installation blocked by EP');
200
+ * ```
201
+ */
202
+ async installPreflight(entityId, policy, context) {
203
+ return this.request('/api/trust/install-preflight', {
204
+ method: 'POST',
205
+ body: {
206
+ entity_id: entityId,
207
+ policy: policy ?? 'standard',
208
+ ...(context ? { context } : {}),
209
+ },
210
+ });
211
+ }
212
+ // --------------------------------------------------------------------------
213
+ // Entities
214
+ // --------------------------------------------------------------------------
215
+ /**
216
+ * Register a new entity.
217
+ *
218
+ * Public endpoint — no API key required. Returns the entity record and the
219
+ * first API key. Store the API key securely; it will not be shown again.
220
+ *
221
+ * @example
222
+ * ```typescript
223
+ * const { entity, api_key } = await ep.registerEntity({
224
+ * entityId: 'acme-payment-agent',
225
+ * displayName: 'Acme Payment Agent',
226
+ * entityType: 'agent',
227
+ * description: 'Handles autonomous payment flows for Acme Corp.',
228
+ * capabilities: ['payment', 'refund'],
229
+ * });
230
+ * console.log('Save this key:', api_key); // ep_live_...
231
+ * ```
232
+ */
233
+ async registerEntity(options) {
234
+ return this.request('/api/entities/register', {
235
+ method: 'POST',
236
+ body: {
237
+ entity_id: options.entityId,
238
+ display_name: options.displayName,
239
+ entity_type: options.entityType,
240
+ description: options.description,
241
+ capabilities: options.capabilities,
242
+ },
243
+ });
244
+ }
245
+ /**
246
+ * Search for entities by name, capability, or category.
247
+ *
248
+ * @example
249
+ * ```typescript
250
+ * const { entities } = await ep.searchEntities('payment', 'agent');
251
+ * for (const e of entities) {
252
+ * console.log(e.display_name, e.confidence);
253
+ * }
254
+ * ```
255
+ */
256
+ async searchEntities(query, entityType, minConfidence) {
257
+ return this.request('/api/entities/search', {
258
+ params: {
259
+ q: query,
260
+ type: entityType,
261
+ min_confidence: minConfidence,
262
+ },
263
+ });
264
+ }
265
+ /**
266
+ * Get the entity leaderboard ranked by trust confidence.
267
+ *
268
+ * @example
269
+ * ```typescript
270
+ * const { leaderboard } = await ep.leaderboard(5, 'merchant');
271
+ * leaderboard.forEach(e => console.log(`#${e.rank} ${e.display_name}`));
272
+ * ```
273
+ */
274
+ async leaderboard(limit = 10, entityType) {
275
+ return this.request('/api/leaderboard', {
276
+ params: {
277
+ limit: Math.min(limit, 50),
278
+ type: entityType,
279
+ },
280
+ });
281
+ }
282
+ // --------------------------------------------------------------------------
283
+ // Receipts
284
+ // --------------------------------------------------------------------------
285
+ /**
286
+ * Submit a transaction receipt to the EP ledger.
287
+ *
288
+ * Requires an API key. Receipts are append-only, cryptographically hashed,
289
+ * and chain-linked. `transaction_ref` must be unique per entity.
290
+ *
291
+ * The `agent_behavior` field is the strongest Phase 1 signal — always set it.
292
+ *
293
+ * @example
294
+ * ```typescript
295
+ * const { receipt } = await ep.submitReceipt({
296
+ * entity_id: 'merchant-xyz',
297
+ * transaction_ref: 'order-8821',
298
+ * transaction_type: 'purchase',
299
+ * agent_behavior: 'completed',
300
+ * delivery_accuracy: 98,
301
+ * product_accuracy: 95,
302
+ * price_integrity: 100,
303
+ * });
304
+ * console.log('Receipt ID:', receipt.receipt_id);
305
+ * ```
306
+ */
307
+ async submitReceipt(input) {
308
+ return this.request('/api/receipts/submit', {
309
+ method: 'POST',
310
+ auth: true,
311
+ body: input,
312
+ });
313
+ }
314
+ /**
315
+ * Submit multiple receipts atomically. Maximum 50 per call.
316
+ *
317
+ * Each result in the response array indicates success or failure for that
318
+ * receipt independently — partial success is possible.
319
+ *
320
+ * @example
321
+ * ```typescript
322
+ * const result = await ep.batchSubmit([
323
+ * { entity_id: 'merchant-a', transaction_ref: 'tx-1', transaction_type: 'purchase', agent_behavior: 'completed' },
324
+ * { entity_id: 'merchant-b', transaction_ref: 'tx-2', transaction_type: 'service', agent_behavior: 'completed' },
325
+ * ]);
326
+ * result.results.forEach(r => console.log(r.entity_id, r.success ? 'ok' : r.error));
327
+ * ```
328
+ */
329
+ async batchSubmit(receipts) {
330
+ return this.request('/api/receipts/batch', {
331
+ method: 'POST',
332
+ auth: true,
333
+ body: { receipts: receipts.slice(0, 50) },
334
+ });
335
+ }
336
+ /**
337
+ * Confirm or reject a receipt as the counterparty (bilateral confirmation).
338
+ *
339
+ * The confirmation window is 48 hours from receipt creation. Confirmed
340
+ * receipts receive a higher provenance tier, improving their evidential weight.
341
+ *
342
+ * @example
343
+ * ```typescript
344
+ * await ep.confirmReceipt('ep_rcpt_abc123', true);
345
+ * ```
346
+ */
347
+ async confirmReceipt(receiptId, confirm) {
348
+ return this.request('/api/receipts/confirm', {
349
+ method: 'POST',
350
+ auth: true,
351
+ body: { receipt_id: receiptId, confirm },
352
+ });
353
+ }
354
+ /**
355
+ * Verify a receipt against the on-chain Merkle root.
356
+ *
357
+ * @example
358
+ * ```typescript
359
+ * const { verified, anchored } = await ep.verifyReceipt('ep_rcpt_abc123');
360
+ * if (!verified) console.error('Receipt integrity check failed');
361
+ * ```
362
+ */
363
+ async verifyReceipt(receiptId) {
364
+ return this.request(`/api/verify/${encodeURIComponent(receiptId)}`);
365
+ }
366
+ // --------------------------------------------------------------------------
367
+ // Disputes & Due Process
368
+ // --------------------------------------------------------------------------
369
+ /**
370
+ * File a dispute against a receipt.
371
+ *
372
+ * Requires an API key. Any affected party can challenge. The receipt
373
+ * submitter has 7 days to respond before EP escalates.
374
+ *
375
+ * @example
376
+ * ```typescript
377
+ * const dispute = await ep.fileDispute({
378
+ * receiptId: 'ep_rcpt_abc123',
379
+ * reason: 'inaccurate_signals',
380
+ * description: 'Delivery accuracy was reported as 98 but the item arrived damaged.',
381
+ * evidence: { photo_url: 'https://...' },
382
+ * });
383
+ * console.log('Dispute ID:', dispute.dispute_id);
384
+ * console.log('Respond by:', dispute.response_deadline);
385
+ * ```
386
+ */
387
+ async fileDispute(options) {
388
+ return this.request('/api/disputes/file', {
389
+ method: 'POST',
390
+ auth: true,
391
+ body: {
392
+ receipt_id: options.receiptId,
393
+ reason: options.reason,
394
+ description: options.description ?? null,
395
+ evidence: options.evidence ?? null,
396
+ },
397
+ });
398
+ }
399
+ /**
400
+ * Get the current status of a dispute.
401
+ *
402
+ * Dispute status is public — transparency is a protocol value.
403
+ *
404
+ * @example
405
+ * ```typescript
406
+ * const dispute = await ep.disputeStatus('ep_disp_xyz789');
407
+ * console.log(dispute.status, dispute.resolution);
408
+ * ```
409
+ */
410
+ async disputeStatus(disputeId) {
411
+ return this.request(`/api/disputes/${encodeURIComponent(disputeId)}`);
412
+ }
413
+ /**
414
+ * Respond to a dispute filed against one of your receipts.
415
+ *
416
+ * Requires an API key. Must be called within the response_deadline window.
417
+ *
418
+ * @example
419
+ * ```typescript
420
+ * await ep.respondToDispute({
421
+ * disputeId: 'ep_disp_xyz789',
422
+ * response: 'The delivery accuracy score reflects the state at handoff, confirmed by carrier log.',
423
+ * evidence: { carrier_log_url: 'https://...' },
424
+ * });
425
+ * ```
426
+ */
427
+ async respondToDispute(options) {
428
+ return this.request('/api/disputes/respond', {
429
+ method: 'POST',
430
+ auth: true,
431
+ body: {
432
+ dispute_id: options.disputeId,
433
+ response: options.response,
434
+ evidence: options.evidence ?? null,
435
+ },
436
+ });
437
+ }
438
+ /**
439
+ * Withdraw an open dispute before it reaches resolution.
440
+ *
441
+ * Requires an API key. Only the filer can withdraw.
442
+ *
443
+ * @example
444
+ * ```typescript
445
+ * await ep.withdrawDispute('ep_disp_xyz789');
446
+ * ```
447
+ */
448
+ async withdrawDispute(disputeId) {
449
+ return this.request('/api/disputes/withdraw', {
450
+ method: 'POST',
451
+ auth: true,
452
+ body: { dispute_id: disputeId },
453
+ });
454
+ }
455
+ /**
456
+ * Appeal a dispute resolution.
457
+ *
458
+ * Requires an API key. Only dispute participants may appeal. The dispute must
459
+ * be in upheld, reversed, or dismissed state. The appeal decision is final.
460
+ *
461
+ * "Trust must never be more powerful than appeal." — EP Constitutional Principle
462
+ *
463
+ * @example
464
+ * ```typescript
465
+ * await ep.appealDispute({
466
+ * disputeId: 'ep_disp_xyz789',
467
+ * reason: 'New evidence shows the carrier log was misread. Attaching corrected scan.',
468
+ * evidence: { corrected_scan: 'https://...' },
469
+ * });
470
+ * ```
471
+ */
472
+ async appealDispute(options) {
473
+ return this.request('/api/disputes/appeal', {
474
+ method: 'POST',
475
+ auth: true,
476
+ body: {
477
+ dispute_id: options.disputeId,
478
+ reason: options.reason,
479
+ evidence: options.evidence ?? null,
480
+ },
481
+ });
482
+ }
483
+ /**
484
+ * Report a trust issue as a human.
485
+ *
486
+ * No authentication required. The human appeal channel — use when someone
487
+ * is wrongly downgraded, harmed by a trusted entity, or has observed fraud.
488
+ *
489
+ * @example
490
+ * ```typescript
491
+ * await ep.reportTrustIssue({
492
+ * entityId: 'merchant-xyz',
493
+ * reportType: 'harmed_by_trusted_entity',
494
+ * description: 'I paid for an item marked as delivered but never received it.',
495
+ * contactEmail: 'jane@example.com',
496
+ * });
497
+ * ```
498
+ */
499
+ async reportTrustIssue(options) {
500
+ return this.request('/api/disputes/report', {
501
+ method: 'POST',
502
+ body: {
503
+ entity_id: options.entityId,
504
+ report_type: options.reportType,
505
+ description: options.description,
506
+ contact_email: options.contactEmail ?? null,
507
+ },
508
+ });
509
+ }
510
+ // --------------------------------------------------------------------------
511
+ // Delegation (EP-DX)
512
+ // --------------------------------------------------------------------------
513
+ /**
514
+ * Create a delegation: authorize an agent to act on behalf of a principal.
515
+ *
516
+ * Requires an API key. The delegation record can be verified by any party
517
+ * using `verifyDelegation`.
518
+ *
519
+ * @example
520
+ * ```typescript
521
+ * const delegation = await ep.createDelegation({
522
+ * principalId: 'ep_principal_acme',
523
+ * agentEntityId: 'acme-payment-agent',
524
+ * scope: ['purchase', 'refund'],
525
+ * maxValueUsd: 1000,
526
+ * expiresAt: '2026-12-31T23:59:59Z',
527
+ * });
528
+ * console.log('Delegation ID:', delegation.delegation_id);
529
+ * ```
530
+ */
531
+ async createDelegation(options) {
532
+ return this.request('/api/delegations/create', {
533
+ method: 'POST',
534
+ auth: true,
535
+ body: {
536
+ principal_id: options.principalId,
537
+ agent_entity_id: options.agentEntityId,
538
+ scope: options.scope,
539
+ max_value_usd: options.maxValueUsd ?? null,
540
+ expires_at: options.expiresAt ?? null,
541
+ constraints: options.constraints ?? null,
542
+ },
543
+ });
544
+ }
545
+ /**
546
+ * Verify that a delegation is valid and covers a given action type.
547
+ *
548
+ * @example
549
+ * ```typescript
550
+ * const result = await ep.verifyDelegation('ep_del_abc123', 'purchase');
551
+ * if (!result.valid) throw new Error('Delegation invalid or expired');
552
+ * ```
553
+ */
554
+ async verifyDelegation(delegationId, actionType) {
555
+ return this.request(`/api/delegations/${encodeURIComponent(delegationId)}/verify`, {
556
+ params: { action_type: actionType },
557
+ });
558
+ }
559
+ // --------------------------------------------------------------------------
560
+ // Identity Continuity (EP-IX)
561
+ // --------------------------------------------------------------------------
562
+ /**
563
+ * Look up a principal — the enduring actor behind one or more entities.
564
+ *
565
+ * Returns the principal record, its controlled entities, identity bindings,
566
+ * and continuity claim history.
567
+ *
568
+ * @example
569
+ * ```typescript
570
+ * const result = await ep.principalLookup('ep_principal_acme');
571
+ * console.log('Entities:', result.entities?.map(e => e.entity_id));
572
+ * ```
573
+ */
574
+ async principalLookup(principalId) {
575
+ return this.request(`/api/identity/principal/${encodeURIComponent(principalId)}`);
576
+ }
577
+ /**
578
+ * View entity lineage — predecessors, successors, and continuity decisions.
579
+ *
580
+ * Use to check whether an entity has suspicious continuity gaps that might
581
+ * indicate reputation laundering (whitewashing).
582
+ *
583
+ * @example
584
+ * ```typescript
585
+ * const lineage = await ep.lineage('merchant-xyz');
586
+ * if (lineage.predecessors?.some(p => p.status === 'disputed')) {
587
+ * console.warn('Entity has disputed predecessor — review before transacting');
588
+ * }
589
+ * ```
590
+ */
591
+ async lineage(entityId) {
592
+ return this.request(`/api/identity/lineage/${encodeURIComponent(entityId)}`);
593
+ }
594
+ // --------------------------------------------------------------------------
595
+ // Policies
596
+ // --------------------------------------------------------------------------
597
+ /**
598
+ * List all available trust policies with their requirements and families.
599
+ *
600
+ * Returns 8 policies: 4 core (strict, standard, permissive, discovery) and
601
+ * 4 software-specific (github_private_repo_safe_v1, npm_buildtime_safe_v1,
602
+ * browser_extension_safe_v1, mcp_server_safe_v1).
603
+ *
604
+ * @example
605
+ * ```typescript
606
+ * const { policies } = await ep.listPolicies();
607
+ * policies.forEach(p => console.log(p.name, '-', p.description));
608
+ * ```
609
+ */
610
+ async listPolicies() {
611
+ return this.request('/api/policies');
612
+ }
613
+ // --------------------------------------------------------------------------
614
+ // System
615
+ // --------------------------------------------------------------------------
616
+ /**
617
+ * Public proof metrics — entity count, test count, tool count, policy count.
618
+ *
619
+ * @example
620
+ * ```typescript
621
+ * const stats = await ep.stats();
622
+ * console.log(`${stats.total_entities} entities across ${stats.trust_policies} policies`);
623
+ * ```
624
+ */
625
+ async stats() {
626
+ return this.request('/api/stats');
627
+ }
628
+ /**
629
+ * Health check. Returns subsystem status.
630
+ *
631
+ * @example
632
+ * ```typescript
633
+ * const health = await ep.health();
634
+ * console.log(health.status); // "ok"
635
+ * ```
636
+ */
637
+ async health() {
638
+ return this.request('/api/health');
639
+ }
640
+ // --------------------------------------------------------------------------
641
+ // EP Commit
642
+ // --------------------------------------------------------------------------
643
+ /**
644
+ * Issue a signed EP Commit before a high-stakes action.
645
+ *
646
+ * The commit binds the agent to a specific action type, entity, and policy
647
+ * before execution. Returns decision (allow/deny/review), commit_id, expiry,
648
+ * scope, and appeal path.
649
+ *
650
+ * @example
651
+ * ```typescript
652
+ * const { decision, commit } = await ep.issueCommit({
653
+ * action_type: 'transact',
654
+ * entity_id: 'payment-agent-v2',
655
+ * max_value_usd: 500,
656
+ * policy: 'strict',
657
+ * });
658
+ * if (decision !== 'allow') throw new Error('Commit denied');
659
+ * console.log(commit.commit_id);
660
+ * ```
661
+ */
662
+ async issueCommit(params) {
663
+ return this.request('/api/commit/issue', {
664
+ method: 'POST',
665
+ auth: true,
666
+ body: params,
667
+ });
668
+ }
669
+ /**
670
+ * Verify a commit's signature, status, and validity.
671
+ *
672
+ * @example
673
+ * ```typescript
674
+ * const result = await ep.verifyCommit('epc_abc123');
675
+ * if (!result.valid) console.error('Commit invalid');
676
+ * ```
677
+ */
678
+ async verifyCommit(commitId) {
679
+ return this.request('/api/commit/verify', {
680
+ method: 'POST',
681
+ body: { commit_id: commitId },
682
+ });
683
+ }
684
+ /**
685
+ * Get the current state of a commit.
686
+ *
687
+ * @example
688
+ * ```typescript
689
+ * const { commit } = await ep.getCommitStatus('epc_abc123');
690
+ * console.log(commit.status); // "active" | "revoked" | "expired" | "fulfilled"
691
+ * ```
692
+ */
693
+ async getCommitStatus(commitId) {
694
+ return this.request(`/api/commit/${encodeURIComponent(commitId)}`, {
695
+ auth: true,
696
+ });
697
+ }
698
+ /**
699
+ * Revoke an active commit before it is fulfilled or expires.
700
+ *
701
+ * @example
702
+ * ```typescript
703
+ * await ep.revokeCommit('epc_abc123', 'Action no longer needed');
704
+ * ```
705
+ */
706
+ async revokeCommit(commitId, reason) {
707
+ return this.request(`/api/commit/${encodeURIComponent(commitId)}/revoke`, {
708
+ method: 'POST',
709
+ auth: true,
710
+ body: { reason },
711
+ });
712
+ }
713
+ /**
714
+ * Bind a post-action receipt to a commit, completing the commit-execute-receipt cycle.
715
+ *
716
+ * @example
717
+ * ```typescript
718
+ * await ep.bindReceiptToCommit('epc_abc123', 'ep_rcpt_xyz789');
719
+ * ```
720
+ */
721
+ async bindReceiptToCommit(commitId, receiptId) {
722
+ return this.request(`/api/commit/${encodeURIComponent(commitId)}/receipt`, {
723
+ method: 'POST',
724
+ auth: true,
725
+ body: { receipt_id: receiptId },
726
+ });
727
+ }
728
+ /**
729
+ * Legacy: get the 0-100 compatibility score for an entity.
730
+ *
731
+ * Prefer `trustProfile()` for all new integrations. This endpoint exists
732
+ * for backward compatibility only.
733
+ *
734
+ * @deprecated Use trustProfile() instead.
735
+ */
736
+ async legacyScore(entityId) {
737
+ return this.request(`/api/score/${encodeURIComponent(entityId)}`);
738
+ }
739
+ }
740
+ //# sourceMappingURL=client.js.map