@getstackrun/sdk 0.1.0

package/dist/types.d.ts

@@ -0,0 +1,361 @@
+export interface Agent {
+    id: string;
+    operator_id: string;
+    name: string;
+    description: string | null;
+    status: 'active' | 'suspended';
+    credential_access: 'full' | 'proxy_only';
+    created_at: string;
+    updated_at: string;
+}
+export interface RegisterAgentInput {
+    name: string;
+    description?: string;
+    credential_access?: 'full' | 'proxy_only';
+}
+export interface UpdateAgentInput {
+    name?: string;
+    description?: string;
+    status?: 'active' | 'suspended';
+    credential_access?: 'full' | 'proxy_only';
+}
+export interface IssuedPassport {
+    token: string;
+    jti: string;
+    expires_at: string;
+}
+export interface IssuePassportInput {
+    agent_id: string;
+    scopes?: string[];
+    ttl_seconds?: number;
+    session_id?: string;
+    intent_description?: string;
+    intent_services?: string[];
+    accountability?: 'logged' | 'enforced';
+}
+export interface DelegatePassportInput {
+    parent_token: string;
+    child_agent_id: string;
+    scopes?: string[];
+    ttl_seconds?: number;
+}
+export interface VerifyPassportResult {
+    valid: boolean;
+    jti: string;
+    agent_id: string;
+    expires_at: string;
+    claims: Record<string, unknown>;
+}
+export interface ActivePassport {
+    jti: string;
+    agent_id: string;
+    session_id: string | null;
+    delegation_depth: number;
+    parent_passport_id: string | null;
+    issued_at: string;
+    expires_at: string;
+}
+export interface Service {
+    id: string;
+    name: string;
+    provider: string;
+    category: string;
+    available: boolean;
+}
+export interface ServiceConnection {
+    id: string;
+    operator_id: string;
+    service_id: string;
+    provider: string;
+    status: string;
+    verification_status: string | null;
+    verified_at: string | null;
+    proxy_enabled: boolean;
+    connected_by: string | null;
+    created_at: string;
+}
+export interface ConnectServiceInput {
+    service_id: string;
+    provider: string;
+    credential: string;
+    scopes?: string[];
+}
+export interface ConnectCustomServiceInput {
+    name: string;
+    description?: string;
+    credential: string | Record<string, string>;
+    scopes?: string[];
+}
+export interface GrantAgentAccessInput {
+    agent_id: string;
+    connection_id: string;
+    scopes?: string[];
+}
+export interface CredentialResult {
+    provider: string;
+    credential?: string;
+    credentials?: Record<string, string>;
+}
+export interface Dropoff {
+    id: string;
+    operator_id: string;
+    from_agent: string;
+    to_agent: string;
+    schema: Record<string, unknown>;
+    status: string;
+    ttl_seconds: number;
+    created_at: string;
+    expires_at: string;
+}
+export interface CreateDropoffInput {
+    from_agent: string;
+    to_agent: string;
+    schema: Record<string, unknown>;
+    ttl_seconds?: number;
+}
+export interface Skill {
+    id: string;
+    operator_id: string;
+    agent_id: string | null;
+    name: string;
+    description: string;
+    tags: string[];
+    input_schema: Record<string, unknown>;
+    output_schema: Record<string, unknown>;
+    trust_level_required: string;
+    status: string;
+    execution_mode: string;
+    credential_mode: string;
+    price_per_invocation: number;
+    invocation_count: number;
+    average_rating: number | null;
+    rating_count: number;
+    created_at: string;
+    updated_at: string;
+}
+export interface PublishSkillInput {
+    name: string;
+    description: string;
+    tags?: string[];
+    input_schema: Record<string, unknown>;
+    output_schema: Record<string, unknown>;
+    trust_level_required?: string;
+    agent_id?: string;
+    execution_mode?: 'open' | 'sealed' | 'source';
+    llm_enabled?: boolean;
+    llm_model?: string;
+    llm_config?: Record<string, unknown>;
+    execution_runtime?: 'javascript' | 'python' | 'none';
+    execution_script?: string;
+    required_credentials?: Array<{
+        provider: string;
+        scopes?: string[];
+    }>;
+    credential_mode?: 'none' | 'buyer_provides' | 'seller_provides' | 'both';
+    price_per_invocation?: number;
+}
+export interface BrowseSkillsQuery {
+    query?: string;
+    tags?: string;
+    trust_level?: string;
+    status?: string;
+    limit?: string;
+    offset?: string;
+}
+export interface SkillInvocation {
+    id: string;
+    skill_id: string;
+    status: string;
+    output?: unknown;
+    error?: {
+        code: string;
+        message: string;
+    };
+    expires_at: string;
+    created_at: string;
+    started_at?: string;
+    completed_at?: string;
+    llm_tokens_input?: number;
+    llm_tokens_output?: number;
+    execution_duration_ms?: number;
+}
+export interface InvokeSkillInput {
+    agent_id: string;
+    input: Record<string, unknown>;
+    passport_id?: string;
+}
+export interface SkillRequest {
+    id: string;
+    operator_id: string;
+    description: string;
+    desired_input_schema: Record<string, unknown> | null;
+    desired_output_schema: Record<string, unknown> | null;
+    max_price_cents: number | null;
+    tags: string[];
+    status: string;
+    created_at: string;
+}
+export interface PostSkillRequestInput {
+    description: string;
+    desired_input_schema?: Record<string, unknown>;
+    desired_output_schema?: Record<string, unknown>;
+    max_price_cents?: number;
+    tags?: string[];
+}
+export interface IdentitySettings {
+    identity_claim_ttl: '30d' | '90d' | '180d' | '1y';
+    identity_claim_inheritance: 'auto' | 'opt_in';
+    identity_auto_revoke: boolean;
+}
+export interface UpdateIdentitySettingsInput {
+    identity_claim_ttl?: '30d' | '90d' | '180d' | '1y';
+    identity_claim_inheritance?: 'auto' | 'opt_in';
+    identity_auto_revoke?: boolean;
+}
+export interface IdentityProvider {
+    key: string;
+    name: string;
+    layers: string[];
+    assurance: string;
+    description: string;
+}
+export interface IdentityClaim {
+    id: string;
+    operator_id: string;
+    provider_key: string;
+    layer: string;
+    claim_type: string;
+    claim_ref: string;
+    assurance_level: string;
+    verified_at: string;
+    expires_at: string | null;
+}
+export interface InitiateVerificationInput {
+    provider_key: string;
+    requested_claims?: string[];
+    return_url?: string;
+}
+export interface VerificationResult {
+    session_ref: string;
+    authorization_url?: string;
+    status: string;
+}
+export interface TeamMember {
+    id: string;
+    operator_id: string;
+    email: string;
+    name: string | null;
+    role: 'admin' | 'member';
+    status: 'invited' | 'active' | 'revoked';
+    allowed_connections: string[] | null;
+    created_at: string;
+}
+export interface InviteMemberInput {
+    email: string;
+    name?: string;
+    role?: 'admin' | 'member';
+    allowed_connections?: string[];
+}
+export interface UpdateMemberInput {
+    role?: 'admin' | 'member';
+    allowed_connections?: string[];
+}
+export interface DeliveryMethod {
+    id: string;
+    operator_id: string;
+    channel_type: 'email' | 'sms' | 'webhook';
+    destination: string;
+    verified: boolean;
+    webhook_secret?: string | null;
+    created_at: string;
+}
+export interface AddDeliveryMethodInput {
+    channel_type: 'email' | 'sms' | 'webhook';
+    destination: string;
+}
+export interface NotificationRule {
+    id: string;
+    operator_id: string;
+    destination_ids: string[];
+    events: string[];
+    min_severity: string;
+    delivery_methods?: DeliveryMethod[];
+    created_at: string;
+}
+export interface CreateNotificationRuleInput {
+    destination_ids: string[];
+    events: string[];
+    min_severity?: string;
+}
+export interface UpdateNotificationRuleInput {
+    destination_ids?: string[];
+    events?: string[];
+    min_severity?: string;
+}
+/** @deprecated Use DeliveryMethod + NotificationRule instead */
+export interface NotificationChannel {
+    id: string;
+    operator_id: string;
+    channel_type: 'email' | 'sms' | 'webhook';
+    destination: string;
+    events: string[];
+    min_severity: string;
+    verified: boolean;
+    created_at: string;
+}
+/** @deprecated Use AddDeliveryMethodInput + CreateNotificationRuleInput instead */
+export interface CreateNotificationChannelInput {
+    channel_type: 'email' | 'sms' | 'webhook';
+    destination: string;
+    events?: string[];
+    min_severity?: string;
+}
+export interface SecurityEvent {
+    id: string;
+    operator_id: string;
+    agent_id: string | null;
+    passport_jti: string | null;
+    signal_type: string;
+    severity: string;
+    message: string;
+    metadata: Record<string, unknown> | null;
+    resolved: boolean;
+    resolved_at: string | null;
+    created_at: string;
+}
+export interface AuditEntry {
+    id: string;
+    operator_id: string;
+    agent_id: string | null;
+    layer: string;
+    action: string;
+    outcome: string;
+    duration_ms: number | null;
+    created_at: string;
+}
+export interface ProxyRequest {
+    provider: string;
+    method: string;
+    url: string;
+    headers?: Record<string, string>;
+    body?: unknown;
+}
+export interface ProxyResponse {
+    status: number;
+    headers: Record<string, string>;
+    body: unknown;
+}
+export interface CheckpointInput {
+    agent_id: string;
+    summary: string;
+    actions_taken?: string[];
+    credentials_used?: string[];
+}
+export interface CheckoutInput {
+    agent_id: string;
+    summary: string;
+    actions_taken?: string[];
+    credentials_used?: string[];
+    services_accessed?: string[];
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AACA,MAAM,WAAW,KAAK;IACpB,EAAE,EAAE,MAAM,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,MAAM,EAAE,QAAQ,GAAG,WAAW,CAAC;IAC/B,iBAAiB,EAAE,MAAM,GAAG,YAAY,CAAC;IACzC,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,iBAAiB,CAAC,EAAE,MAAM,GAAG,YAAY,CAAC;CAC3C;AAED,MAAM,WAAW,gBAAgB;IAC/B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,QAAQ,GAAG,WAAW,CAAC;IAChC,iBAAiB,CAAC,EAAE,MAAM,GAAG,YAAY,CAAC;CAC3C;AAGD,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,EAAE,MAAM,CAAC;IACZ,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,cAAc,CAAC,EAAE,QAAQ,GAAG,UAAU,CAAC;CACxC;AAED,MAAM,WAAW,qBAAqB;IACpC,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,MAAM,CAAC;IACvB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,oBAAoB;IACnC,KAAK,EAAE,OAAO,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;IACZ,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACjC;AAED,MAAM,WAAW,cAAc;IAC7B,GAAG,EAAE,MAAM,CAAC;IACZ,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,gBAAgB,EAAE,MAAM,CAAC;IACzB,kBAAkB,EAAE,MAAM,GAAG,IAAI,CAAC;IAClC,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;CACpB;AAGD,MAAM,WAAW,OAAO;IACtB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,OAAO,CAAC;CACpB;AAED,MAAM,WAAW,iBAAiB;IAChC,EAAE,EAAE,MAAM,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,mBAAmB,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,aAAa,EAAE,OAAO,CAAC;IACvB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,mBAAmB;IAClC,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;CACnB;AAED,MAAM,WAAW,yBAAyB;IACxC,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC5C,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;CACnB;AAED,MAAM,WAAW,qBAAqB;IACpC,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;CACnB;AAGD,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACtC;AAGD,MAAM,WAAW,OAAO;IACtB,EAAE,EAAE,MAAM,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,kBAAkB;IACjC,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAChC,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAGD,MAAM,WAAW,KAAK;IACpB,EAAE,EAAE,MAAM,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACtC,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,oBAAoB,EAAE,MAAM,CAAC;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,cAAc,EAAE,MAAM,CAAC;IACvB,eAAe,EAAE,MAAM,CAAC;IACxB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,gBAAgB,EAAE,MAAM,CAAC;IACzB,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACtC,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,cAAc,CAAC,EAAE,MAAM,GAAG,QAAQ,GAAG,QAAQ,CAAC;IAC9C,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACrC,iBAAiB,CAAC,EAAE,YAAY,GAAG,QAAQ,GAAG,MAAM,CAAC;IACrD,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,oBAAoB,CAAC,EAAE,KAAK,CAAC;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC,CAAC;IACtE,eAAe,CAAC,EAAE,MAAM,GAAG,gBAAgB,GAAG,iBAAiB,GAAG,MAAM,CAAC;IACzE,oBAAoB,CAAC,EAAE,MAAM,CAAC;CAC/B;AAED,MAAM,WAAW,iBAAiB;IAChC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;IAC1C,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,qBAAqB,CAAC,EAAE,MAAM,CAAC;CAChC;AAED,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/B,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAGD,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,oBAAoB,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IACrD,qBAAqB,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IACtD,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,qBAAqB;IACpC,WAAW,EAAE,MAAM,CAAC;IACpB,oBAAoB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/C,qBAAqB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAChD,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;CACjB;AAGD,MAAM,WAAW,gBAAgB;IAC/B,kBAAkB,EAAE,KAAK,GAAG,KAAK,GAAG,MAAM,GAAG,IAAI,CAAC;IAClD,0BAA0B,EAAE,MAAM,GAAG,QAAQ,CAAC;IAC9C,oBAAoB,EAAE,OAAO,CAAC;CAC/B;AAED,MAAM,WAAW,2BAA2B;IAC1C,kBAAkB,CAAC,EAAE,KAAK,GAAG,KAAK,GAAG,MAAM,GAAG,IAAI,CAAC;IACnD,0BAA0B,CAAC,EAAE,MAAM,GAAG,QAAQ,CAAC;IAC/C,oBAAoB,CAAC,EAAE,OAAO,CAAC;CAChC;AAGD,MAAM,WAAW,gBAAgB;IAC/B,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe,EAAE,MAAM,CAAC;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3B;AAED,MAAM,WAAW,yBAAyB;IACxC,YAAY,EAAE,MAAM,CAAC;IACrB,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,kBAAkB;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,MAAM,EAAE,MAAM,CAAC;CAChB;AAGD,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,IAAI,EAAE,OAAO,GAAG,QAAQ,CAAC;IACzB,MAAM,EAAE,SAAS,GAAG,QAAQ,GAAG,SAAS,CAAC;IACzC,mBAAmB,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IACrC,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,OAAO,GAAG,QAAQ,CAAC;IAC1B,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;CAChC;AAED,MAAM,WAAW,iBAAiB;IAChC,IAAI,CAAC,EAAE,OAAO,GAAG,QAAQ,CAAC;IAC1B,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;CAChC;AAGD,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,OAAO,GAAG,KAAK,GAAG,SAAS,CAAC;IAC1C,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,OAAO,CAAC;IAClB,cAAc,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,sBAAsB;IACrC,YAAY,EAAE,OAAO,GAAG,KAAK,GAAG,SAAS,CAAC;IAC1C,WAAW,EAAE,MAAM,CAAC;CACrB;AAGD,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAE,MAAM,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,gBAAgB,CAAC,EAAE,cAAc,EAAE,CAAC;IACpC,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,2BAA2B;IAC1C,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,2BAA2B;IAC1C,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,gEAAgE;AAChE,MAAM,WAAW,mBAAmB;IAClC,EAAE,EAAE,MAAM,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,OAAO,GAAG,KAAK,GAAG,SAAS,CAAC;IAC1C,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,OAAO,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,mFAAmF;AACnF,MAAM,WAAW,8BAA8B;IAC7C,YAAY,EAAE,OAAO,GAAG,KAAK,GAAG,SAAS,CAAC;IAC1C,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAGD,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IACzC,QAAQ,EAAE,OAAO,CAAC;IAClB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,UAAU,EAAE,MAAM,CAAC;CACpB;AAGD,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,UAAU,EAAE,MAAM,CAAC;CACpB;AAGD,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AAED,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,IAAI,EAAE,OAAO,CAAC;CACf;AAGD,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC7B;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC9B"}

package/dist/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":""}

package/dist/verify-offline.d.ts

@@ -0,0 +1,70 @@
+import { type JWK } from 'jose';
+/**
+ * Decoded claims returned on successful offline verification. Shape
+ * matches the JWT issued by `@stack/api`, namespaced under `stk`.
+ */
+export interface VerifiedPassportClaims {
+    jti: string;
+    sub: string;
+    iss: string;
+    aud: string | string[];
+    iat: number;
+    exp: number;
+    stk: {
+        operator_id: string;
+        agent_id: string;
+        agent_name: string;
+        services: Array<{
+            service_id: string;
+            service_name: string;
+            scopes: string[];
+            credential_ref: string;
+            constraints?: unknown;
+        }>;
+        identity_claims: unknown[];
+        delegation_depth: number;
+        parent_passport_id?: string;
+        session_id: string;
+        accountability?: 'enforced' | 'logged' | 'standard';
+        intent_summary?: string;
+        intent_services?: string[];
+        checkpoint_interval?: number;
+    };
+}
+export interface VerifyOfflineOptions {
+    /**
+     * JWKS source. Exactly one of:
+     *   - `jwksUrl`   — a URL to `/v1/.well-known/jwks.json`; keys are
+     *                   fetched once and cached per process.
+     *   - `publicJwk` — a pre-fetched public key for fully air-gapped
+     *                   verification (no network at verify time, ever).
+     */
+    jwksUrl?: string;
+    publicJwk?: JWK;
+    /**
+     * Expected token issuer. Defaults to the STACK issuer used by the
+     * reference API (`getstack.run`). Override if you run a self-hosted
+     * deployment.
+     */
+    issuer?: string;
+    /** Expected audience. Defaults to the passport audience. */
+    audience?: string;
+}
+/**
+ * Verify a STACK passport using only the public signing key.
+ *
+ * This function never calls the STACK API for revocation, freshness, or
+ * any other status. It is strictly cryptographic: signature, issuer,
+ * audience, and expiry.
+ *
+ * For downstream services that need to reject revoked passports, combine
+ * this with a short-window cache against `/v1/passports/verify` (which
+ * does consult the revocation store). This split lets high-frequency
+ * paths stay offline while still honoring explicit revocations.
+ *
+ * @throws on any failure — invalid signature, wrong issuer/audience,
+ * expired, or malformed JWT. The caller should treat any throw as a
+ * rejected passport.
+ */
+export declare function verifyPassportOffline(token: string, options: VerifyOfflineOptions): Promise<VerifiedPassportClaims>;
+//# sourceMappingURL=verify-offline.d.ts.map

package/dist/verify-offline.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify-offline.d.ts","sourceRoot":"","sources":["../src/verify-offline.ts"],"names":[],"mappings":"AAAA,OAAO,EAA4C,KAAK,GAAG,EAAE,MAAM,MAAM,CAAC;AAE1E;;;GAGG;AACH,MAAM,WAAW,sBAAsB;IACrC,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACvB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE;QACH,WAAW,EAAE,MAAM,CAAC;QACpB,QAAQ,EAAE,MAAM,CAAC;QACjB,UAAU,EAAE,MAAM,CAAC;QACnB,QAAQ,EAAE,KAAK,CAAC;YACd,UAAU,EAAE,MAAM,CAAC;YACnB,YAAY,EAAE,MAAM,CAAC;YACrB,MAAM,EAAE,MAAM,EAAE,CAAC;YACjB,cAAc,EAAE,MAAM,CAAC;YACvB,WAAW,CAAC,EAAE,OAAO,CAAC;SACvB,CAAC,CAAC;QACH,eAAe,EAAE,OAAO,EAAE,CAAC;QAC3B,gBAAgB,EAAE,MAAM,CAAC;QACzB,kBAAkB,CAAC,EAAE,MAAM,CAAC;QAC5B,UAAU,EAAE,MAAM,CAAC;QACnB,cAAc,CAAC,EAAE,UAAU,GAAG,QAAQ,GAAG,UAAU,CAAC;QACpD,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;QAC3B,mBAAmB,CAAC,EAAE,MAAM,CAAC;KAC9B,CAAC;CACH;AAED,MAAM,WAAW,oBAAoB;IACnC;;;;;;OAMG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,GAAG,CAAC;IAChB;;;;OAIG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,4DAA4D;IAC5D,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAiBD;;;;;;;;;;;;;;;GAeG;AACH,wBAAsB,qBAAqB,CACzC,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,oBAAoB,GAC5B,OAAO,CAAC,sBAAsB,CAAC,CAkCjC"}

package/dist/verify-offline.js

@@ -0,0 +1,61 @@
+import { jwtVerify, createRemoteJWKSet, importJWK } from 'jose';
+const DEFAULT_ISSUER = 'getstack.run';
+const DEFAULT_AUDIENCE = 'stack:passport';
+// Cache remote JWKS resolvers per URL so repeat verifies share the key cache.
+const remoteJwksCache = new Map();
+function getRemoteJwks(url) {
+    let cached = remoteJwksCache.get(url);
+    if (!cached) {
+        cached = createRemoteJWKSet(new URL(url));
+        remoteJwksCache.set(url, cached);
+    }
+    return cached;
+}
+/**
+ * Verify a STACK passport using only the public signing key.
+ *
+ * This function never calls the STACK API for revocation, freshness, or
+ * any other status. It is strictly cryptographic: signature, issuer,
+ * audience, and expiry.
+ *
+ * For downstream services that need to reject revoked passports, combine
+ * this with a short-window cache against `/v1/passports/verify` (which
+ * does consult the revocation store). This split lets high-frequency
+ * paths stay offline while still honoring explicit revocations.
+ *
+ * @throws on any failure — invalid signature, wrong issuer/audience,
+ * expired, or malformed JWT. The caller should treat any throw as a
+ * rejected passport.
+ */
+export async function verifyPassportOffline(token, options) {
+    if (!options.jwksUrl && !options.publicJwk) {
+        throw new Error('verifyPassportOffline: supply either jwksUrl or publicJwk');
+    }
+    if (options.jwksUrl && options.publicJwk) {
+        throw new Error('verifyPassportOffline: pass only one of jwksUrl or publicJwk');
+    }
+    const verifyOpts = {
+        issuer: options.issuer ?? DEFAULT_ISSUER,
+        audience: options.audience ?? DEFAULT_AUDIENCE,
+        algorithms: ['EdDSA'],
+    };
+    // Split the call so each overload resolves cleanly. jwtVerify has
+    // separate signatures for a static key vs a GetKey function, and the
+    // union of the two doesn't narrow in a single call site.
+    const { payload } = options.publicJwk
+        ? await jwtVerify(token, await importJWK(options.publicJwk, 'EdDSA'), verifyOpts)
+        : await jwtVerify(token, getRemoteJwks(options.jwksUrl), verifyOpts);
+    if (!payload.jti || !payload.sub || !payload.iss || !payload.aud) {
+        throw new Error('verifyPassportOffline: token missing required claims');
+    }
+    return {
+        jti: payload.jti,
+        sub: payload.sub,
+        iss: payload.iss,
+        aud: payload.aud,
+        iat: payload.iat,
+        exp: payload.exp,
+        stk: payload['stk'],
+    };
+}
+//# sourceMappingURL=verify-offline.js.map

package/dist/verify-offline.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify-offline.js","sourceRoot":"","sources":["../src/verify-offline.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,kBAAkB,EAAE,SAAS,EAAY,MAAM,MAAM,CAAC;AAuD1E,MAAM,cAAc,GAAG,cAAc,CAAC;AACtC,MAAM,gBAAgB,GAAG,gBAAgB,CAAC;AAE1C,8EAA8E;AAC9E,MAAM,eAAe,GAAG,IAAI,GAAG,EAAiD,CAAC;AAEjF,SAAS,aAAa,CAAC,GAAW;IAChC,IAAI,MAAM,GAAG,eAAe,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACtC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,GAAG,kBAAkB,CAAC,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;QAC1C,eAAe,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IACnC,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,KAAa,EACb,OAA6B;IAE7B,IAAI,CAAC,OAAO,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;QAC3C,MAAM,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;IAC/E,CAAC;IACD,IAAI,OAAO,CAAC,OAAO,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;QACzC,MAAM,IAAI,KAAK,CAAC,8DAA8D,CAAC,CAAC;IAClF,CAAC;IAED,MAAM,UAAU,GAAG;QACjB,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,cAAc;QACxC,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,gBAAgB;QAC9C,UAAU,EAAE,CAAC,OAAO,CAAC;KACtB,CAAC;IAEF,kEAAkE;IAClE,qEAAqE;IACrE,yDAAyD;IACzD,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,SAAS;QACnC,CAAC,CAAC,MAAM,SAAS,CAAC,KAAK,EAAE,MAAM,SAAS,CAAC,OAAO,CAAC,SAAS,EAAE,OAAO,CAAC,EAAE,UAAU,CAAC;QACjF,CAAC,CAAC,MAAM,SAAS,CAAC,KAAK,EAAE,aAAa,CAAC,OAAO,CAAC,OAAQ,CAAC,EAAE,UAAU,CAAC,CAAC;IAExE,IAAI,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;QACjE,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;IAC1E,CAAC;IAED,OAAO;QACL,GAAG,EAAE,OAAO,CAAC,GAAG;QAChB,GAAG,EAAE,OAAO,CAAC,GAAG;QAChB,GAAG,EAAE,OAAO,CAAC,GAAG;QAChB,GAAG,EAAE,OAAO,CAAC,GAAG;QAChB,GAAG,EAAE,OAAO,CAAC,GAAI;QACjB,GAAG,EAAE,OAAO,CAAC,GAAI;QACjB,GAAG,EAAE,OAAO,CAAC,KAAK,CAAkC;KACrD,CAAC;AACJ,CAAC"}

package/package.json

@@ -0,0 +1,63 @@
+{
+  "name": "@getstackrun/sdk",
+  "version": "0.1.0",
+  "description": "Official JavaScript/TypeScript SDK for STACK — runtime security layer for AI agents",
+  "type": "module",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "default": "./dist/index.js"
+    }
+  },
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsc --watch",
+    "typecheck": "tsc --noEmit",
+    "clean": "node -e \"const fs=require('fs');fs.rmSync('dist',{recursive:true,force:true});fs.rmSync('.turbo',{recursive:true,force:true})\"",
+    "prepublishOnly": "npm run clean && npm run build"
+  },
+  "keywords": [
+    "stack",
+    "getstack",
+    "ai-agents",
+    "agent-security",
+    "mcp",
+    "passports",
+    "identity",
+    "skills",
+    "revocation",
+    "audit",
+    "eddsa",
+    "jwt"
+  ],
+  "license": "MIT",
+  "homepage": "https://getstack.run",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/getstack-run/stack.git",
+    "directory": "packages/sdk"
+  },
+  "bugs": {
+    "email": "support@getstack.run"
+  },
+  "engines": {
+    "node": ">=18"
+  },
+  "sideEffects": false,
+  "publishConfig": {
+    "access": "public"
+  },
+  "dependencies": {
+    "jose": "^6.2.2"
+  },
+  "devDependencies": {
+    "typescript": "^5.8.0"
+  }
+}