@kernel.chat/kbot-finance 0.2.0

package/LICENSE

@@ -0,0 +1,19 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+   Copyright 2026 kernel.chat contributors
+
+   Full license text: https://www.apache.org/licenses/LICENSE-2.0

package/README.md

@@ -0,0 +1,188 @@
+# @kernel.chat/kbot-finance
+
+**Audit-grade AI infrastructure for capital markets.**
+
+The AI Intelligence Layer never produces the number. The deterministic engine does.
+Every action is content-addressed, every step is hash-chained, every approval is signed.
+
+Apache 2.0. Node 22+. Replit-importable.
+
+---
+
+## What this is
+
+A reference implementation of three layers that together form an
+AI-Native Capital Markets Operating System:
+
+1. **Deterministic engine adapters** — call known-good engines (Polymarket
+   Gamma in v0.1; QuantLib, NautilusTrader, Aeron, alts-NAV in later versions).
+   The AI agent cannot compute the number — it can only request one inside a
+   content-addressed envelope.
+
+2. **Regulatory verifier** — Norm-AI-pattern rules-as-code. Every action
+   passes through before reaching the engine. Failures emit adverse-action
+   reason codes. Jurisdiction-aware (US, EU, UK, SG, HK, UAE, GLOBAL).
+
+3. **Hash-chained audit log** — append-only, WORM-compatible. Every
+   verifier check, engine request, engine response, approval, and incident
+   is recorded with a hash linking it to the previous entry. Tampering
+   anywhere invalidates everything after.
+
+Plus a **material-gate approval substrate** for actions that require a signed
+human approver token before execution.
+
+## Try it on Replit
+
+This subdirectory is self-contained. Import the repo into Replit and the
+first `Run` will:
+
+1. `npm install`
+2. `npm run demo` — runs the end-to-end flow against the live Polymarket
+   Gamma API, prints the audit log, verifies the hash chain.
+
+No keys, no setup. Public API only.
+
+## Run locally
+
+```bash
+cd packages/kbot-finance
+npm install
+npm run demo        # live end-to-end
+npm test            # unit + integration
+npm run test:live   # explicit live-smoke against Gamma
+KBOT_FINANCE_OFFLINE=1 npm test  # CI without network
+```
+
+## Architecture (one diagram)
+
+```
+┌──────────────────────────────────────────────────────────────────┐
+│  AI Intelligence Layer  (kbot agent calls polymarketQuery(...))   │
+└─────────────┬────────────────────────────────────────────────────┘
+              │ content-addressed request envelope
+              ▼
+┌──────────────────────────────────────────────────────────────────┐
+│  Regulatory Verifier  (rules-as-code, jurisdiction-aware)         │
+└─────────────┬────────────────────────────────────────────────────┘
+              │ pass / adverse-action reason code
+              ▼
+┌──────────────────────────────────────────────────────────────────┐
+│  Material-Gate Approval  (signed token, if action is material)    │
+└─────────────┬────────────────────────────────────────────────────┘
+              │
+              ▼
+┌──────────────────────────────────────────────────────────────────┐
+│  Deterministic Engine Adapter  (Polymarket Gamma in v0.1)         │
+└─────────────┬────────────────────────────────────────────────────┘
+              │ sealed envelope: { request_hash, engine_version, value, ... }
+              ▼
+┌──────────────────────────────────────────────────────────────────┐
+│  Hash-Chained Audit Log  (append-only, replayable, WORM-ready)    │
+└──────────────────────────────────────────────────────────────────┘
+```
+
+## Public API
+
+```ts
+import {
+  // Content addressing
+  canonicalize,
+  requestHash,
+  sealEnvelope,
+  // Audit
+  AppendOnlyAuditLog,
+  // Governance
+  Approver,
+  verifyApproval,
+  // Verifier
+  runVerifier,
+  makePositionLimitRule,
+  makeKellyCapRule,
+  // Engines
+  polymarket,
+  // Tools
+  polymarketQuery,
+} from "@kernel.chat/kbot-finance";
+```
+
+## What v0.1 demonstrates
+
+- **Content addressing.** Two calls with logically identical inputs produce
+  byte-identical `request_hash`. Independent of object key order.
+- **Audit-log integrity.** Tampering with any entry is detectable by
+  `AppendOnlyAuditLog.verify()`. Concurrent appends serialize correctly.
+- **Verifier short-circuit.** A rule rejection prevents the engine call
+  entirely; the failure is logged with an adverse-action code.
+- **Honesty primitive.** `byte_identical_replayable: false` on the Polymarket
+  envelope — markets move; the live Gamma API is not deterministic at the
+  block level. A future adapter that pins to a Goldsky/Graph snapshot will
+  flip this flag to `true`.
+- **Approval tokens.** HMAC-signed (Ed25519 in v0.2), bound to the exact
+  request_hash + materiality + summary the approver saw.
+
+## What v0.1 deliberately does NOT do
+
+- No trading / signing / order placement on Polymarket. Read-only. Write
+  comes after the audit primitives are proven.
+- No deterministic floating-point. QuantLib + CRlibm integration lands in
+  v0.2 when the rates/alts adapters arrive.
+- No on-chain proofs. zk-STARK-verified compute against a Goldsky subgraph
+  is the v3 audit primitive; v0.1 is HTTPS + content-hash.
+- No MCP server wrapper. v0.2 ships an MCP server that exposes
+  `polymarket_query` to any MCP client (Claude Code, Cursor, kbot core).
+
+## Layout
+
+```
+src/
+  envelope.ts                    # canonical JSON + SHA-256 + sealEnvelope()
+  audit-log.ts                   # hash-chained append-only log + verify()
+  governance.ts                  # Approver + verifyApproval()
+  verifier/
+    index.ts                     # Rule + VerifierContext + runVerifier()
+    position-limit.ts            # Pre-trade size + notional caps (Rule 15c3-5 echo)
+    kelly-cap.ts                 # Half-Kelly position-sizing cap
+  adapters/
+    polymarket/
+      types.ts                   # Gamma API + outcome union types
+      client.ts                  # HTTPS client; never throws across boundary
+      commands.ts                # listMarkets / getMarket / listEvents
+      index.ts
+  tools/
+    polymarket-query.ts          # The kbot-shaped tool wiring all layers
+  demo.ts                        # End-to-end script (npm run demo)
+  index.ts                       # Public surface
+test/
+  envelope.test.ts
+  audit-log.test.ts
+  verifier.test.ts
+  governance.test.ts
+  polymarket.live.test.ts        # LIVE SMOKE — hits real Gamma
+```
+
+## Strategic positioning
+
+This is the open-source counter to Palantir AIP: same architectural pattern
+(deterministic substrate + AI orchestration + governance), but MIT/Apache
+core, BYOK, MCP-native, lower price floor, developer-first.
+
+Bloomberg ASKB shipped the "AI emits engine query, engine produces number"
+pattern (BQL emission) in Feb 2026. That pattern, generalized, is the
+content-addressed envelope. ASKB picked their own proprietary engine; this
+package picks open ones and ships the **deterministic-replay MCP extension
+spec MCP currently lacks**.
+
+The 12-18 month window is the gap between *Bloomberg validates the pattern*
+(done) and *first nine-figure AI enforcement action lands* (H2 2026 - H1 2027).
+After that, the spec freezes around whoever shipped first.
+
+## License
+
+Apache 2.0. Built to underpin commercial premium offerings (SOC 2, hosted
+replay-retention, certified determinism) — the Aeron / PyKX dual-shape.
+
+## Status
+
+v0.1 reference implementation. Not yet certified for production trading.
+Not investment advice. Not affiliated with Polymarket, Bloomberg, FINOS,
+ISDA, or any regulator.

package/RFC-content-addressed-mcp.md

@@ -0,0 +1,240 @@
+# RFC: Content-Addressed Request Envelope for MCP
+
+**Status:** Draft 0.1
+**Author:** kbot-finance contributors (@kernel.chat)
+**Date:** 2026-05-10
+**Reference implementation:** `@kernel.chat/kbot-finance` v0.2.0
+
+## Abstract
+
+This RFC proposes a small, optional extension to the Model Context Protocol
+(MCP) that gives MCP tool calls **deterministic replay semantics**.
+
+Every MCP request/response pair carries an opaque envelope containing a
+content-addressed hash over canonicalized inputs, a pinned engine version,
+and a data-as-of timestamp. Identical envelopes resolve to identical
+responses, byte-for-byte, when the underlying engine is deterministic.
+
+The envelope is **additive**: clients and servers that don't implement
+the extension continue to work. Servers that opt in expose a `replay(hash)`
+tool and emit envelope metadata alongside every tool result.
+
+## Motivation
+
+MCP is on track to be the agent-tool protocol that wins (~9,400 servers,
+adopted by Anthropic, OpenAI, Microsoft, Google as of April 2026). It has
+the right shape for tool-use composition across models and clients.
+
+It lacks one primitive: **auditable, replayable tool calls**. This matters
+for any deployment in a regulated industry — capital markets, healthcare,
+legal, defense, drug discovery, tax. Today, an MCP client invoking a tool
+gets back a result with no canonical replay key. If a regulator later asks
+"what did the agent see when it made that decision," the answer is
+"we have a log, sort of, but we can't deterministically reconstruct the
+exact tool call." That's insufficient for SR 26-02, EU AI Act Annex IV,
+MiFID II RTS 6, FINRA 2026 ROR, FCA SS1/23, and the converging US AI
+oversight regime that follows the inter-agency RFI on agentic AI.
+
+Bloomberg ASKB (Feb 2026) ships this pattern internally: agents emit BQL
+code, the BQL engine produces the number, and the output is replayable
+inside the Terminal. Closed, proprietary. This RFC is the open
+equivalent.
+
+## Non-goals
+
+- Replace MCP's existing tool schema or JSON-RPC transport.
+- Mandate determinism in the tool implementation. Tools may emit
+  `byte_identical_replayable: false` truthfully — the envelope still
+  carries the request hash for audit, just without a replay guarantee.
+- Specify cryptographic algorithms beyond SHA-256. Implementations
+  may upgrade to BLAKE3, SHA-3, or post-quantum hashes by emitting
+  a hash-algorithm tag.
+
+## Specification
+
+### Envelope structure
+
+Servers implementing the extension expose two metadata fields on every
+tool response:
+
+```jsonc
+{
+  // ...standard MCP CallToolResult fields...
+  "_meta": {
+    "kbot-finance/content-addressed": {
+      "version": "0.1",
+      "request_hash": "<64-hex SHA-256>",
+      "engine_version": "<vendor-defined string>",
+      "schema_hash": "<64-hex SHA-256 over the tool's JSON schema>",
+      "data_as_of": "<ISO 8601 UTC timestamp>",
+      "produced_at": "<ISO 8601 UTC timestamp>",
+      "byte_identical_replayable": true | false,
+      "deterministic_seed": "<optional hex string>"
+    }
+  }
+}
+```
+
+### Canonical hashing
+
+`request_hash` is computed as:
+
+```
+SHA-256(canonicalize({
+  operation: <tool name>,
+  engine_version,
+  schema_hash,
+  inputs: <tool args>,
+  data_as_of,
+  deterministic_seed?  // present iff supplied
+}))
+```
+
+`canonicalize()` is RFC 8785 JSON Canonicalization Scheme (JCS), with the
+additional constraint that **non-finite numbers (NaN, ±Infinity) and
+`undefined` values MUST cause hashing to fail**, not be silently elided.
+
+### `replay` tool
+
+Servers implementing the extension SHOULD expose a tool named `replay`:
+
+```jsonc
+{
+  "name": "replay",
+  "description": "Re-execute a prior request by hash and return the byte-identical result, or report a mismatch.",
+  "inputSchema": {
+    "type": "object",
+    "properties": {
+      "request_hash": { "type": "string", "description": "The hash returned by a prior call." }
+    },
+    "required": ["request_hash"]
+  }
+}
+```
+
+Replay returns either:
+
+- The original sealed envelope, byte-identical to the prior call, when the
+  server's audit log retains the request and the engine is deterministic
+  for that request; or
+- A `replay_mismatch` error with details when the request is known but the
+  current engine cannot reproduce it (e.g., the engine version was rotated,
+  the data snapshot expired).
+
+### `byte_identical_replayable: false` is normative, not a bug
+
+A truthful `false` declaration is part of the audit story. Live HTTPS APIs
+(Polymarket Gamma, SEC EDGAR's `recent` table), non-deterministic GPU
+inference, and any tool whose backing engine isn't bit-stable MUST emit
+`byte_identical_replayable: false`. The audit log still records the hash
+and the response; replay is just not byte-guaranteed.
+
+The "honesty primitive" is a hard rule: a server claiming `true` when it
+cannot deliver byte-identical replay is non-conformant.
+
+### Audit log compatibility
+
+The extension does not require a particular audit log shape. The reference
+implementation uses a hash-chained append-only JSONL log with the
+following entry shape:
+
+```jsonc
+{
+  "seq": <monotonic>,
+  "timestamp": "<ISO 8601>",
+  "action": "engine_request" | "engine_response" | "verifier_check" | "incident" | "replay_request" | "replay_verified" | "replay_mismatch" | "approval_granted" | "approval_denied",
+  "subject": "<tool name>",
+  "session_id": "<client-chosen>",
+  "payload": { ... },
+  "prev_hash": "<64-hex SHA-256 of the previous entry, or all-zeros for genesis>",
+  "self_hash": "<64-hex SHA-256 of this entry without self_hash>"
+}
+```
+
+Tampering with any entry breaks the chain at that entry and at every
+subsequent entry, detectable in `O(n)` time by walking the log.
+
+### Capability advertisement
+
+Servers implementing the extension advertise via the standard MCP
+capabilities negotiation:
+
+```jsonc
+{
+  "capabilities": {
+    "tools": {},
+    "experimental": {
+      "kbot-finance/content-addressed": { "version": "0.1" }
+    }
+  }
+}
+```
+
+Clients that don't recognise the experimental capability ignore the
+`_meta` block harmlessly.
+
+## Reference implementation
+
+`@kernel.chat/kbot-finance` v0.2.0 ships:
+
+- `sealEnvelope()` — wraps an engine call, computes the hash, returns
+  the envelope.
+- `AppendOnlyAuditLog` — hash-chained log with `verify()` for integrity
+  checks.
+- `mcp-server.ts` — MCP server that exposes audit-grade tools
+  (`polymarket_query`, `edgar_query`, `annex_iv_export`,
+  `audit_log_verify`) using this envelope shape.
+
+Install: `npm install @kernel.chat/kbot-finance`
+Run: `npx @kernel.chat/kbot-finance mcp`
+
+## Security considerations
+
+- **Hash collisions.** SHA-256 collision resistance is ~2^128. Adequate
+  for the audit horizon of regulated industries (10 years per EU AI Act
+  Art. 19). Post-quantum upgrades should swap to SHA-3-256 or BLAKE3
+  via an explicit `hash_algorithm` field.
+- **Replay attacks.** The envelope is a *content identifier*, not an
+  authentication token. Replay of a known hash in a different session
+  is not a security issue at the envelope layer — session authentication
+  remains the client's responsibility.
+- **Privacy.** Canonicalized inputs may contain sensitive data. Audit
+  log storage MUST respect the same access controls as the inputs
+  themselves. The hash itself reveals nothing about the inputs.
+- **Side-channel determinism.** Bit-identical replay across hardware
+  (x86 vs ARM, AVX-512 vs not, GPU vs CPU) requires pinned-architecture
+  execution or correctly-rounded math (CRlibm, sleef). Servers that
+  cannot pin their execution environment MUST emit
+  `byte_identical_replayable: false`.
+
+## Backwards compatibility
+
+The extension is purely additive. MCP clients that don't recognise the
+`_meta.kbot-finance/content-addressed` block ignore it. Servers that
+don't implement the extension are fully conformant MCP servers.
+
+## Open questions
+
+1. **Hash algorithm agility.** Should the spec require a `hash_algorithm`
+   tag from day one, even if v0.1 only supports SHA-256?
+2. **Replay tool naming.** Is `replay` too generic? Alternatives:
+   `audit_replay`, `__replay`, `mcp.replay`.
+3. **Audit log shape standardization.** Should the audit log entry
+   format be in the spec, or left to implementations?
+4. **Capability negotiation.** Does the `experimental.` prefix slow
+   adoption, or is it the right caution for v0.1?
+
+## Acknowledgements
+
+- Anthropic, for MCP itself.
+- Bloomberg ASKB, for shipping the pattern in closed form and proving the
+  buyer demand.
+- Adaptive Financial Consulting (Aeron), whose deterministic-replay
+  primitives in financial messaging inspired the audit log shape.
+- The FINOS AI Governance Framework v2.0 working group, whose risk
+  catalog informed the audit log entry types.
+
+## License
+
+This RFC is published under CC BY 4.0. The reference implementation is
+Apache 2.0.

package/dist/adapters/edgar/client.d.ts

@@ -0,0 +1,11 @@
+import { type EdgarOutcome } from "./types.js";
+/**
+ * EDGAR HTTPS client. Returns discriminated unions; never throws across
+ * the boundary. SEC requires a User-Agent that identifies the requester;
+ * we send one by default and let operators override via env.
+ */
+export declare function edgarGet<T>(path: string, options?: {
+    baseUrl?: string;
+    timeoutMs?: number;
+}): Promise<EdgarOutcome<T>>;
+//# sourceMappingURL=client.d.ts.map

package/dist/adapters/edgar/client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../../src/adapters/edgar/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAwC,KAAK,YAAY,EAAmB,MAAM,YAAY,CAAC;AAEtG;;;;GAIG;AACH,wBAAsB,QAAQ,CAAC,CAAC,EAC9B,IAAI,EAAE,MAAM,EACZ,OAAO,GAAE;IAAE,OAAO,CAAC,EAAE,MAAM,CAAC;IAAC,SAAS,CAAC,EAAE,MAAM,CAAA;CAAO,GACrD,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CA6C1B"}

package/dist/adapters/edgar/client.js

@@ -0,0 +1,56 @@
+import { EDGAR_SUBMISSIONS_BASE, getUserAgent } from "./types.js";
+/**
+ * EDGAR HTTPS client. Returns discriminated unions; never throws across
+ * the boundary. SEC requires a User-Agent that identifies the requester;
+ * we send one by default and let operators override via env.
+ */
+export async function edgarGet(path, options = {}) {
+    const base = options.baseUrl ?? EDGAR_SUBMISSIONS_BASE;
+    const url = new URL(path.startsWith("/") ? path : "/" + path, base);
+    const userAgent = getUserAgent();
+    if (!userAgent || userAgent.trim().length === 0) {
+        return err({
+            code: "missing_user_agent",
+            message: "Set KBOT_FINANCE_SEC_UA to a descriptive contact string per SEC fair-use policy.",
+        });
+    }
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), options.timeoutMs ?? 15_000);
+    try {
+        const res = await fetch(url, {
+            method: "GET",
+            headers: {
+                Accept: "application/json",
+                "User-Agent": userAgent,
+                "Accept-Encoding": "gzip, deflate",
+            },
+            signal: controller.signal,
+        });
+        if (res.status === 404) {
+            return err({ code: "not_found", message: `404 ${url.pathname}`, status: 404 });
+        }
+        if (res.status === 429) {
+            return err({ code: "rate_limited", message: "429 from EDGAR", status: 429 });
+        }
+        if (!res.ok) {
+            return err({ code: "http", message: `HTTP ${res.status}`, status: res.status });
+        }
+        try {
+            const value = (await res.json());
+            return { ok: true, value };
+        }
+        catch (parseErr) {
+            return err({ code: "parse", message: `JSON parse failed: ${parseErr.message}` });
+        }
+    }
+    catch (netErr) {
+        return err({ code: "network", message: netErr.message });
+    }
+    finally {
+        clearTimeout(timeout);
+    }
+}
+function err(error) {
+    return { ok: false, error };
+}
+//# sourceMappingURL=client.js.map

package/dist/adapters/edgar/client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.js","sourceRoot":"","sources":["../../../src/adapters/edgar/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,sBAAsB,EAAE,YAAY,EAAsC,MAAM,YAAY,CAAC;AAEtG;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,QAAQ,CAC5B,IAAY,EACZ,UAAoD,EAAE;IAEtD,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,IAAI,sBAAsB,CAAC;IACvD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,GAAG,IAAI,EAAE,IAAI,CAAC,CAAC;IAEpE,MAAM,SAAS,GAAG,YAAY,EAAE,CAAC;IACjC,IAAI,CAAC,SAAS,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChD,OAAO,GAAG,CAAC;YACT,IAAI,EAAE,oBAAoB;YAC1B,OAAO,EAAE,kFAAkF;SAC5F,CAAC,CAAC;IACL,CAAC;IAED,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,OAAO,CAAC,SAAS,IAAI,MAAM,CAAC,CAAC;IAElF,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAC3B,MAAM,EAAE,KAAK;YACb,OAAO,EAAE;gBACP,MAAM,EAAE,kBAAkB;gBAC1B,YAAY,EAAE,SAAS;gBACvB,iBAAiB,EAAE,eAAe;aACnC;YACD,MAAM,EAAE,UAAU,CAAC,MAAM;SAC1B,CAAC,CAAC;QACH,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YACvB,OAAO,GAAG,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,OAAO,GAAG,CAAC,QAAQ,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QACjF,CAAC;QACD,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YACvB,OAAO,GAAG,CAAC,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,gBAAgB,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QAC/E,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,OAAO,GAAG,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,GAAG,CAAC,MAAM,EAAE,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QAClF,CAAC;QACD,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAM,CAAC;YACtC,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;QAC7B,CAAC;QAAC,OAAO,QAAQ,EAAE,CAAC;YAClB,OAAO,GAAG,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,sBAAuB,QAAkB,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QAC9F,CAAC;IACH,CAAC;IAAC,OAAO,MAAM,EAAE,CAAC;QAChB,OAAO,GAAG,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAG,MAAgB,CAAC,OAAO,EAAE,CAAC,CAAC;IACtE,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,OAAO,CAAC,CAAC;IACxB,CAAC;AACH,CAAC;AAED,SAAS,GAAG,CAAC,KAAiB;IAC5B,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;AAC9B,CAAC"}

package/dist/adapters/edgar/commands.d.ts

@@ -0,0 +1,27 @@
+import { type EdgarOutcome, type EdgarSubmissionsResponse, type EdgarCompanyFactsResponse } from "./types.js";
+/**
+ * Read-only commands against SEC EDGAR.
+ *
+ * Filings are immutable by SEC policy — every filing has a stable accession
+ * number — so content-addressing is essentially native. The adapter returns
+ * raw responses; the kbot tool layer computes envelopes over them.
+ */
+export declare function getSubmissions(cik: string | number): Promise<EdgarOutcome<EdgarSubmissionsResponse>>;
+export declare function getCompanyFacts(cik: string | number): Promise<EdgarOutcome<EdgarCompanyFactsResponse>>;
+export interface NormalizedFiling {
+    readonly accession_number: string;
+    readonly filing_date: string | null;
+    readonly report_date: string | null;
+    readonly form: string;
+    readonly primary_document: string | null;
+    readonly description: string | null;
+    readonly is_xbrl: boolean;
+    readonly archive_url: string;
+}
+/**
+ * Flatten EDGAR's column-oriented `recent` table into rows. Filings are
+ * presented oldest-last in EDGAR's response; we preserve that order so the
+ * caller can pick recent N consistently.
+ */
+export declare function normalizeRecentFilings(response: EdgarSubmissionsResponse, cik: string | number, limit?: number): ReadonlyArray<NormalizedFiling>;
+//# sourceMappingURL=commands.d.ts.map

package/dist/adapters/edgar/commands.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"commands.d.ts","sourceRoot":"","sources":["../../../src/adapters/edgar/commands.ts"],"names":[],"mappings":"AACA,OAAO,EAAU,KAAK,YAAY,EAAE,KAAK,wBAAwB,EAAE,KAAK,yBAAyB,EAAE,MAAM,YAAY,CAAC;AAEtH;;;;;;GAMG;AAEH,wBAAsB,cAAc,CAClC,GAAG,EAAE,MAAM,GAAG,MAAM,GACnB,OAAO,CAAC,YAAY,CAAC,wBAAwB,CAAC,CAAC,CAGjD;AAED,wBAAsB,eAAe,CACnC,GAAG,EAAE,MAAM,GAAG,MAAM,GACnB,OAAO,CAAC,YAAY,CAAC,yBAAyB,CAAC,CAAC,CAGlD;AAED,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IACpC,QAAQ,CAAC,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IACpC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;IACzC,QAAQ,CAAC,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IACpC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;CAC9B;AAED;;;;GAIG;AACH,wBAAgB,sBAAsB,CACpC,QAAQ,EAAE,wBAAwB,EAClC,GAAG,EAAE,MAAM,GAAG,MAAM,EACpB,KAAK,SAAK,GACT,aAAa,CAAC,gBAAgB,CAAC,CA8BjC"}

package/dist/adapters/edgar/commands.js

@@ -0,0 +1,56 @@
+import { edgarGet } from "./client.js";
+import { padCik } from "./types.js";
+/**
+ * Read-only commands against SEC EDGAR.
+ *
+ * Filings are immutable by SEC policy — every filing has a stable accession
+ * number — so content-addressing is essentially native. The adapter returns
+ * raw responses; the kbot tool layer computes envelopes over them.
+ */
+export async function getSubmissions(cik) {
+    const padded = padCik(cik);
+    return edgarGet(`/submissions/CIK${padded}.json`);
+}
+export async function getCompanyFacts(cik) {
+    const padded = padCik(cik);
+    return edgarGet(`/api/xbrl/companyfacts/CIK${padded}.json`);
+}
+/**
+ * Flatten EDGAR's column-oriented `recent` table into rows. Filings are
+ * presented oldest-last in EDGAR's response; we preserve that order so the
+ * caller can pick recent N consistently.
+ */
+export function normalizeRecentFilings(response, cik, limit = 25) {
+    const recent = response.filings?.recent;
+    if (!recent)
+        return [];
+    const accs = recent.accessionNumber ?? [];
+    const dates = recent.filingDate ?? [];
+    const reports = recent.reportDate ?? [];
+    const forms = recent.form ?? [];
+    const docs = recent.primaryDocument ?? [];
+    const descs = recent.primaryDocDescription ?? [];
+    const xbrl = recent.isXBRL ?? [];
+    const cikStr = padCik(cik).replace(/^0+/, "");
+    const out = [];
+    const count = Math.min(accs.length, limit);
+    for (let i = 0; i < count; i++) {
+        const acc = accs[i];
+        if (!acc)
+            continue;
+        const accNoDashes = acc.replace(/-/g, "");
+        const doc = docs[i] ?? "";
+        out.push({
+            accession_number: acc,
+            filing_date: dates[i] ?? null,
+            report_date: reports[i] ?? null,
+            form: forms[i] ?? "",
+            primary_document: doc.length > 0 ? doc : null,
+            description: descs[i] ?? null,
+            is_xbrl: (xbrl[i] ?? 0) === 1,
+            archive_url: `https://www.sec.gov/Archives/edgar/data/${cikStr}/${accNoDashes}/${doc}`,
+        });
+    }
+    return out;
+}
+//# sourceMappingURL=commands.js.map

package/dist/adapters/edgar/commands.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"commands.js","sourceRoot":"","sources":["../../../src/adapters/edgar/commands.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,MAAM,EAAoF,MAAM,YAAY,CAAC;AAEtH;;;;;;GAMG;AAEH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,GAAoB;IAEpB,MAAM,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;IAC3B,OAAO,QAAQ,CAA2B,mBAAmB,MAAM,OAAO,CAAC,CAAC;AAC9E,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,GAAoB;IAEpB,MAAM,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;IAC3B,OAAO,QAAQ,CAA4B,6BAA6B,MAAM,OAAO,CAAC,CAAC;AACzF,CAAC;AAaD;;;;GAIG;AACH,MAAM,UAAU,sBAAsB,CACpC,QAAkC,EAClC,GAAoB,EACpB,KAAK,GAAG,EAAE;IAEV,MAAM,MAAM,GAAG,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACxC,IAAI,CAAC,MAAM;QAAE,OAAO,EAAE,CAAC;IACvB,MAAM,IAAI,GAAG,MAAM,CAAC,eAAe,IAAI,EAAE,CAAC;IAC1C,MAAM,KAAK,GAAG,MAAM,CAAC,UAAU,IAAI,EAAE,CAAC;IACtC,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,IAAI,EAAE,CAAC;IACxC,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;IAChC,MAAM,IAAI,GAAG,MAAM,CAAC,eAAe,IAAI,EAAE,CAAC;IAC1C,MAAM,KAAK,GAAG,MAAM,CAAC,qBAAqB,IAAI,EAAE,CAAC;IACjD,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC;IACjC,MAAM,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAC9C,MAAM,GAAG,GAAuB,EAAE,CAAC;IACnC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IAC3C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC;QAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,IAAI,CAAC,GAAG;YAAE,SAAS;QACnB,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QAC1C,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC1B,GAAG,CAAC,IAAI,CAAC;YACP,gBAAgB,EAAE,GAAG;YACrB,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,IAAI;YAC7B,WAAW,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,IAAI;YAC/B,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE;YACpB,gBAAgB,EAAE,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI;YAC7C,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,IAAI;YAC7B,OAAO,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC;YAC7B,WAAW,EAAE,2CAA2C,MAAM,IAAI,WAAW,IAAI,GAAG,EAAE;SACvF,CAAC,CAAC;IACL,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/adapters/edgar/index.d.ts

@@ -0,0 +1,4 @@
+export * from "./types.js";
+export * from "./commands.js";
+export { edgarGet } from "./client.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/adapters/edgar/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/adapters/edgar/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,cAAc,eAAe,CAAC;AAC9B,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC"}

package/dist/adapters/edgar/index.js

@@ -0,0 +1,4 @@
+export * from "./types.js";
+export * from "./commands.js";
+export { edgarGet } from "./client.js";
+//# sourceMappingURL=index.js.map

package/dist/adapters/edgar/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/adapters/edgar/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,cAAc,eAAe,CAAC;AAC9B,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC"}