@lelu-auth/lelu 0.1.0

package/dist/index.d.mts

@@ -0,0 +1,104 @@
+import { L as LeluClient, C as ClientConfig } from './client-BD9h8CBT.mjs';
+export { A as AgentAuthDecision, a as AgentAuthRequest, b as AgentAuthRequestSchema, c as AgentContext, d as AgentContextSchema, e as AuthDecision, f as AuthEngineError, g as AuthRequest, h as AuthRequestSchema, D as DelegateScopeRequest, i as DelegateScopeRequestSchema, j as DelegateScopeResult, M as MintTokenRequest, k as MintTokenRequestSchema, l as MintTokenResult, R as RevokeTokenResult } from './client-BD9h8CBT.mjs';
+import 'zod';
+
+/**
+ * Vercel AI SDK integration for Lelu — Confidence-Aware Auth.
+ *
+ * Wraps a Vercel AI SDK `tool()` definition with a Lelu authorization
+ * gate. The wrapped tool runs the original `execute` function only when
+ * Lelu allows it; otherwise it returns a structured refusal object that
+ * the model can inspect and self-correct on.
+ *
+ * @example
+ * ```ts
+ * import { tool } from 'ai';
+ * import { z } from 'zod';
+ * import { LeluClient } from '@lelu-auth/lelu';
+ * import { secureTool } from 'lelu/vercel';
+ *
+ * const lelu = new LeluClient({ baseUrl: 'http://localhost:8082' });
+ *
+ * const refundTool = secureTool({
+ *   client: lelu,
+ *   actor: 'invoice_bot',
+ *   action: 'invoice:refund',
+ *   confidence: 0.92,
+ *   tool: tool({
+ *     description: 'Process a customer refund',
+ *     parameters: z.object({ invoiceId: z.string() }),
+ *     execute: async ({ invoiceId }) => ({ refunded: invoiceId }),
+ *   }),
+ * });
+ *
+ * // Use in streamText / generateText:
+ * const result = await streamText({
+ *   model: openai('gpt-4o'),
+ *   tools: { refundTool },
+ * });
+ * ```
+ */
+
+/**
+ * The minimal shape of a Vercel AI SDK `tool()` return value.
+ * We keep this local to avoid a hard dependency on `ai`.
+ */
+interface VercelTool<TArgs = unknown, TResult = unknown> {
+    description?: string;
+    parameters: unknown;
+    execute?: (args: TArgs, options?: unknown) => Promise<TResult>;
+}
+interface LeluDeniedResult {
+    /** Always `false` when the tool was blocked. */
+    allowed: false;
+    /** Human/LLM-readable denial reason. */
+    reason: string;
+    /** Whether the action is queued for human review. */
+    requiresHumanReview: boolean;
+    /** The downgraded scope when confidence caused a downgrade. */
+    downgradedScope?: string;
+}
+interface SecureToolOptions<TArgs = unknown, TResult = unknown> {
+    /** Configured Lelu client. */
+    client: LeluClient;
+    /** The agent actor / scope registered in Lelu policy. */
+    actor: string;
+    /** The permission string being checked. */
+    action: string;
+    /**
+     * LLM confidence score (0.0–1.0). Can be a static number or a function
+     * receiving the parsed tool arguments, allowing dynamic confidence based
+     * on the actual call. Defaults to `1.0`.
+     */
+    confidence?: number | ((args: TArgs) => number);
+    /** Optional user ID the agent is acting on behalf of. */
+    actingFor?: string;
+    /** The original Vercel AI SDK tool to wrap. */
+    tool: VercelTool<TArgs, TResult>;
+}
+/**
+ * Wraps a Vercel AI SDK `tool()` with Lelu Confidence-Aware Auth.
+ *
+ * Returns a new tool object with the same `description` and `parameters`
+ * but with an `execute` function that gates through Lelu first.
+ *
+ * On denial the tool returns a `LeluDeniedResult` object (not a throw) so
+ * the model sees a structured response it can reason about.
+ */
+declare function secureTool<TArgs = unknown, TResult = unknown>(opts: SecureToolOptions<TArgs, TResult>): VercelTool<TArgs, TResult | LeluDeniedResult>;
+
+/**
+ * Creates a LeluClient with the given configuration.
+ * Equivalent to `new LeluClient(config)`.
+ *
+ * @example
+ * ```ts
+ * import { createClient } from "@lelu-auth/lelu";
+ *
+ * const lelu = createClient({ baseUrl: "http://localhost:8080" });
+ * const { allowed } = await lelu.agentAuthorize({ ... });
+ * ```
+ */
+declare function createClient(config?: ClientConfig): LeluClient;
+
+export { ClientConfig, LeluClient, type LeluDeniedResult, type SecureToolOptions, type VercelTool, createClient, secureTool };

package/dist/index.d.ts

@@ -0,0 +1,104 @@
+import { L as LeluClient, C as ClientConfig } from './client-BD9h8CBT.js';
+export { A as AgentAuthDecision, a as AgentAuthRequest, b as AgentAuthRequestSchema, c as AgentContext, d as AgentContextSchema, e as AuthDecision, f as AuthEngineError, g as AuthRequest, h as AuthRequestSchema, D as DelegateScopeRequest, i as DelegateScopeRequestSchema, j as DelegateScopeResult, M as MintTokenRequest, k as MintTokenRequestSchema, l as MintTokenResult, R as RevokeTokenResult } from './client-BD9h8CBT.js';
+import 'zod';
+
+/**
+ * Vercel AI SDK integration for Lelu — Confidence-Aware Auth.
+ *
+ * Wraps a Vercel AI SDK `tool()` definition with a Lelu authorization
+ * gate. The wrapped tool runs the original `execute` function only when
+ * Lelu allows it; otherwise it returns a structured refusal object that
+ * the model can inspect and self-correct on.
+ *
+ * @example
+ * ```ts
+ * import { tool } from 'ai';
+ * import { z } from 'zod';
+ * import { LeluClient } from '@lelu-auth/lelu';
+ * import { secureTool } from 'lelu/vercel';
+ *
+ * const lelu = new LeluClient({ baseUrl: 'http://localhost:8082' });
+ *
+ * const refundTool = secureTool({
+ *   client: lelu,
+ *   actor: 'invoice_bot',
+ *   action: 'invoice:refund',
+ *   confidence: 0.92,
+ *   tool: tool({
+ *     description: 'Process a customer refund',
+ *     parameters: z.object({ invoiceId: z.string() }),
+ *     execute: async ({ invoiceId }) => ({ refunded: invoiceId }),
+ *   }),
+ * });
+ *
+ * // Use in streamText / generateText:
+ * const result = await streamText({
+ *   model: openai('gpt-4o'),
+ *   tools: { refundTool },
+ * });
+ * ```
+ */
+
+/**
+ * The minimal shape of a Vercel AI SDK `tool()` return value.
+ * We keep this local to avoid a hard dependency on `ai`.
+ */
+interface VercelTool<TArgs = unknown, TResult = unknown> {
+    description?: string;
+    parameters: unknown;
+    execute?: (args: TArgs, options?: unknown) => Promise<TResult>;
+}
+interface LeluDeniedResult {
+    /** Always `false` when the tool was blocked. */
+    allowed: false;
+    /** Human/LLM-readable denial reason. */
+    reason: string;
+    /** Whether the action is queued for human review. */
+    requiresHumanReview: boolean;
+    /** The downgraded scope when confidence caused a downgrade. */
+    downgradedScope?: string;
+}
+interface SecureToolOptions<TArgs = unknown, TResult = unknown> {
+    /** Configured Lelu client. */
+    client: LeluClient;
+    /** The agent actor / scope registered in Lelu policy. */
+    actor: string;
+    /** The permission string being checked. */
+    action: string;
+    /**
+     * LLM confidence score (0.0–1.0). Can be a static number or a function
+     * receiving the parsed tool arguments, allowing dynamic confidence based
+     * on the actual call. Defaults to `1.0`.
+     */
+    confidence?: number | ((args: TArgs) => number);
+    /** Optional user ID the agent is acting on behalf of. */
+    actingFor?: string;
+    /** The original Vercel AI SDK tool to wrap. */
+    tool: VercelTool<TArgs, TResult>;
+}
+/**
+ * Wraps a Vercel AI SDK `tool()` with Lelu Confidence-Aware Auth.
+ *
+ * Returns a new tool object with the same `description` and `parameters`
+ * but with an `execute` function that gates through Lelu first.
+ *
+ * On denial the tool returns a `LeluDeniedResult` object (not a throw) so
+ * the model sees a structured response it can reason about.
+ */
+declare function secureTool<TArgs = unknown, TResult = unknown>(opts: SecureToolOptions<TArgs, TResult>): VercelTool<TArgs, TResult | LeluDeniedResult>;
+
+/**
+ * Creates a LeluClient with the given configuration.
+ * Equivalent to `new LeluClient(config)`.
+ *
+ * @example
+ * ```ts
+ * import { createClient } from "@lelu-auth/lelu";
+ *
+ * const lelu = createClient({ baseUrl: "http://localhost:8080" });
+ * const { allowed } = await lelu.agentAuthorize({ ... });
+ * ```
+ */
+declare function createClient(config?: ClientConfig): LeluClient;
+
+export { ClientConfig, LeluClient, type LeluDeniedResult, type SecureToolOptions, type VercelTool, createClient, secureTool };

package/dist/index.js

@@ -0,0 +1,306 @@
+'use strict';
+
+var zod = require('zod');
+
+// src/vercel/index.ts
+function secureTool(opts) {
+  const { client, actor, action, actingFor } = opts;
+  const wrapped = {
+    parameters: opts.tool.parameters,
+    async execute(args, options) {
+      const confidence = typeof opts.confidence === "function" ? opts.confidence(args) : opts.confidence ?? 1;
+      let decision;
+      try {
+        decision = await client.agentAuthorize({
+          actor,
+          action,
+          context: { confidence, actingFor }
+        });
+      } catch (err) {
+        return {
+          allowed: false,
+          reason: `Lelu authorization check failed: ${String(err)}`,
+          requiresHumanReview: false
+        };
+      }
+      if (decision.requiresHumanReview) {
+        return {
+          allowed: false,
+          reason: `Action '${action}' for agent '${actor}' is queued for human review. Reason: ${decision.reason}. Confidence: ${(confidence * 100).toFixed(0)}%.`,
+          requiresHumanReview: true
+        };
+      }
+      if (!decision.allowed) {
+        const denied = {
+          allowed: false,
+          reason: `Action '${action}' was denied for agent '${actor}'. Reason: ${decision.reason}.`,
+          requiresHumanReview: false
+        };
+        if (decision.downgradedScope !== void 0) {
+          denied.downgradedScope = decision.downgradedScope;
+        }
+        return {
+          ...denied
+        };
+      }
+      if (!opts.tool.execute) {
+        throw new Error(
+          `[Lelu] secureTool: the wrapped tool '${action}' has no execute function.`
+        );
+      }
+      return opts.tool.execute(args, options);
+    }
+  };
+  if (opts.tool.description !== void 0) {
+    wrapped.description = opts.tool.description;
+  }
+  return wrapped;
+}
+var AuthRequestSchema = zod.z.object({
+  userId: zod.z.string().min(1, "userId is required"),
+  action: zod.z.string().min(1, "action is required"),
+  resource: zod.z.record(zod.z.string()).optional()
+});
+var AgentContextSchema = zod.z.object({
+  /** LLM confidence score — 0.0 to 1.0 */
+  confidence: zod.z.number().min(0).max(1),
+  /** User the agent is acting on behalf of */
+  actingFor: zod.z.string().optional(),
+  /** Requested agent scope */
+  scope: zod.z.string().optional()
+});
+var AgentAuthRequestSchema = zod.z.object({
+  actor: zod.z.string().min(1, "actor is required"),
+  action: zod.z.string().min(1, "action is required"),
+  resource: zod.z.record(zod.z.string()).optional(),
+  context: AgentContextSchema
+});
+var MintTokenRequestSchema = zod.z.object({
+  scope: zod.z.string().min(1),
+  actingFor: zod.z.string().optional(),
+  ttlSeconds: zod.z.number().int().positive().optional()
+});
+var DelegateScopeRequestSchema = zod.z.object({
+  delegator: zod.z.string().min(1, "delegator is required"),
+  delegatee: zod.z.string().min(1, "delegatee is required"),
+  scopedTo: zod.z.array(zod.z.string().min(1)).optional(),
+  ttlSeconds: zod.z.number().int().positive().optional(),
+  confidence: zod.z.number().min(0).max(1).optional(),
+  actingFor: zod.z.string().optional(),
+  tenantId: zod.z.string().optional()
+});
+var AuthEngineError = class extends Error {
+  constructor(message, status, details) {
+    super(message);
+    this.status = status;
+    this.details = details;
+    this.name = "AuthEngineError";
+  }
+};
+
+// src/client.ts
+var LeluClient = class {
+  baseUrl;
+  timeoutMs;
+  apiKey;
+  constructor(cfg = {}) {
+    this.baseUrl = (cfg.baseUrl ?? "http://localhost:8080").replace(/\/$/, "");
+    this.timeoutMs = cfg.timeoutMs ?? 5e3;
+    this.apiKey = cfg.apiKey;
+  }
+  // ── Human authorization ────────────────────────────────────────────────────
+  /**
+   * Checks whether a human user is permitted to perform an action.
+   */
+  async authorize(req) {
+    const validated = AuthRequestSchema.parse(req);
+    const body = {
+      user_id: validated.userId,
+      action: validated.action,
+      resource: validated.resource
+    };
+    const data = await this.post("/v1/authorize", body);
+    return {
+      allowed: data.allowed,
+      reason: data.reason,
+      traceId: data.trace_id
+    };
+  }
+  // ── Agent authorization ────────────────────────────────────────────────────
+  /**
+   * Checks whether an AI agent is permitted to perform an action, taking the
+   * confidence score into account (Confidence-Aware Auth ★).
+   */
+  async agentAuthorize(req) {
+    const validated = AgentAuthRequestSchema.parse(req);
+    const body = {
+      actor: validated.actor,
+      action: validated.action,
+      resource: validated.resource,
+      confidence: validated.context.confidence,
+      acting_for: validated.context.actingFor,
+      scope: validated.context.scope
+    };
+    const data = await this.post("/v1/agent/authorize", body);
+    return {
+      allowed: data.allowed,
+      reason: data.reason,
+      traceId: data.trace_id,
+      downgradedScope: data.downgraded_scope,
+      requiresHumanReview: data.requires_human_review,
+      confidenceUsed: data.confidence_used
+    };
+  }
+  // ── JIT Token minting ──────────────────────────────────────────────────────
+  /**
+   * Mints a scoped JWT for an agent with an optional TTL.
+   * Default TTL is 60 seconds.
+   */
+  async mintToken(req) {
+    const validated = MintTokenRequestSchema.parse(req);
+    const body = {
+      scope: validated.scope,
+      acting_for: validated.actingFor,
+      ttl_seconds: validated.ttlSeconds ?? 60
+    };
+    const data = await this.post("/v1/tokens/mint", body);
+    return {
+      token: data.token,
+      tokenId: data.token_id,
+      expiresAt: new Date(data.expires_at * 1e3)
+    };
+  }
+  // ── Token revocation ───────────────────────────────────────────────────────
+  /**
+   * Immediately revokes a JIT token by its ID.
+   */
+  async revokeToken(tokenId) {
+    const data = await this.delete(
+      `/v1/tokens/${encodeURIComponent(tokenId)}`
+    );
+    return { success: data.success };
+  }
+  // ── Multi-agent delegation ─────────────────────────────────────────────────
+  /**
+   * Delegates a constrained sub-scope from one agent to another.
+   *
+   * Validates the delegation rule in the loaded policy, caps the TTL to the
+   * policy maximum, and mints a child JIT token scoped to the granted actions.
+   *
+   * The delegator's `confidence` score is checked against the policy's
+   * `require_confidence_above` before delegation is granted.
+   */
+  async delegateScope(req) {
+    const validated = DelegateScopeRequestSchema.parse(req);
+    const body = {
+      delegator: validated.delegator,
+      delegatee: validated.delegatee,
+      scoped_to: validated.scopedTo ?? [],
+      ttl_seconds: validated.ttlSeconds ?? 60,
+      confidence: validated.confidence ?? 1,
+      acting_for: validated.actingFor ?? "",
+      tenant_id: validated.tenantId ?? ""
+    };
+    const data = await this.post("/v1/agent/delegate", body);
+    return {
+      token: data.token,
+      tokenId: data.token_id,
+      expiresAt: new Date(data.expires_at * 1e3),
+      delegator: data.delegator,
+      delegatee: data.delegatee,
+      grantedScopes: data.granted_scopes,
+      traceId: data.trace_id
+    };
+  }
+  // ── Health check ───────────────────────────────────────────────────────────
+  /**
+   * Returns true if the engine is reachable and healthy.
+   */
+  async isHealthy() {
+    try {
+      const data = await this.get("/healthz");
+      return data.status === "ok";
+    } catch {
+      return false;
+    }
+  }
+  // ── HTTP helpers ───────────────────────────────────────────────────────────
+  headers() {
+    const h = { "Content-Type": "application/json" };
+    if (this.apiKey) {
+      h["Authorization"] = `Bearer ${this.apiKey}`;
+    }
+    return h;
+  }
+  async post(path, body) {
+    const ctrl = new AbortController();
+    const timer = setTimeout(() => ctrl.abort(), this.timeoutMs);
+    try {
+      const res = await fetch(`${this.baseUrl}${path}`, {
+        method: "POST",
+        headers: this.headers(),
+        body: JSON.stringify(body),
+        signal: ctrl.signal
+      });
+      return this.parseResponse(res);
+    } finally {
+      clearTimeout(timer);
+    }
+  }
+  async delete(path) {
+    const ctrl = new AbortController();
+    const timer = setTimeout(() => ctrl.abort(), this.timeoutMs);
+    try {
+      const res = await fetch(`${this.baseUrl}${path}`, {
+        method: "DELETE",
+        headers: this.headers(),
+        signal: ctrl.signal
+      });
+      return this.parseResponse(res);
+    } finally {
+      clearTimeout(timer);
+    }
+  }
+  async get(path) {
+    const ctrl = new AbortController();
+    const timer = setTimeout(() => ctrl.abort(), this.timeoutMs);
+    try {
+      const res = await fetch(`${this.baseUrl}${path}`, {
+        method: "GET",
+        headers: this.headers(),
+        signal: ctrl.signal
+      });
+      return this.parseResponse(res);
+    } finally {
+      clearTimeout(timer);
+    }
+  }
+  async parseResponse(res) {
+    const json = await res.json();
+    if (!res.ok) {
+      throw new AuthEngineError(
+        json["error"] ?? "engine error",
+        res.status,
+        json
+      );
+    }
+    return json;
+  }
+};
+
+// src/index.ts
+function createClient(config) {
+  return new LeluClient(config);
+}
+
+exports.AgentAuthRequestSchema = AgentAuthRequestSchema;
+exports.AgentContextSchema = AgentContextSchema;
+exports.AuthEngineError = AuthEngineError;
+exports.AuthRequestSchema = AuthRequestSchema;
+exports.DelegateScopeRequestSchema = DelegateScopeRequestSchema;
+exports.LeluClient = LeluClient;
+exports.MintTokenRequestSchema = MintTokenRequestSchema;
+exports.createClient = createClient;
+exports.secureTool = secureTool;
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/vercel/index.ts","../src/types.ts","../src/client.ts","../src/index.ts"],"names":["z"],"mappings":";;;;;AAgGO,SAAS,WACd,IAAA,EAC+C;AAC/C,EAAA,MAAM,EAAE,MAAA,EAAQ,KAAA,EAAO,MAAA,EAAQ,WAAU,GAAI,IAAA;AAE7C,EAAA,MAAM,OAAA,GAAyD;AAAA,IAC7D,UAAA,EAAY,KAAK,IAAA,CAAK,UAAA;AAAA,IAEtB,MAAM,OAAA,CACJ,IAAA,EACA,OAAA,EACqC;AAErC,MAAA,MAAM,UAAA,GACJ,OAAO,IAAA,CAAK,UAAA,KAAe,UAAA,GACvB,KAAK,UAAA,CAAW,IAAI,CAAA,GACnB,IAAA,CAAK,UAAA,IAAc,CAAA;AAE1B,MAAA,IAAI,QAAA;AACJ,MAAA,IAAI;AACF,QAAA,QAAA,GAAW,MAAM,OAAO,cAAA,CAAe;AAAA,UACrC,KAAA;AAAA,UACA,MAAA;AAAA,UACA,OAAA,EAAS,EAAE,UAAA,EAAY,SAAA;AAAU,SAClC,CAAA;AAAA,MACH,SAAS,GAAA,EAAK;AAEZ,QAAA,OAAO;AAAA,UACL,OAAA,EAAS,KAAA;AAAA,UACT,MAAA,EAAQ,CAAA,iCAAA,EAAoC,MAAA,CAAO,GAAG,CAAC,CAAA,CAAA;AAAA,UACvD,mBAAA,EAAqB;AAAA,SACvB;AAAA,MACF;AAGA,MAAA,IAAI,SAAS,mBAAA,EAAqB;AAChC,QAAA,OAAO;AAAA,UACL,OAAA,EAAS,KAAA;AAAA,UACT,MAAA,EACE,CAAA,QAAA,EAAW,MAAM,CAAA,aAAA,EAAgB,KAAK,CAAA,sCAAA,EAC3B,QAAA,CAAS,MAAM,CAAA,cAAA,EAAA,CAAkB,UAAA,GAAa,GAAA,EAAK,OAAA,CAAQ,CAAC,CAAC,CAAA,EAAA,CAAA;AAAA,UAC1E,mBAAA,EAAqB;AAAA,SACvB;AAAA,MACF;AAGA,MAAA,IAAI,CAAC,SAAS,OAAA,EAAS;AACrB,QAAA,MAAM,MAAA,GAA2B;AAAA,UAC/B,OAAA,EAAS,KAAA;AAAA,UACT,QACE,CAAA,QAAA,EAAW,MAAM,2BAA2B,KAAK,CAAA,WAAA,EACtC,SAAS,MAAM,CAAA,CAAA,CAAA;AAAA,UAC5B,mBAAA,EAAqB;AAAA,SACvB;AACA,QAAA,IAAI,QAAA,CAAS,oBAAoB,MAAA,EAAW;AAC1C,UAAA,MAAA,CAAO,kBAAkB,QAAA,CAAS,eAAA;AAAA,QACpC;AACA,QAAA,OAAO;AAAA,UACL,GAAG;AAAA,SACL;AAAA,MACF;AAGA,MAAA,IAAI,CAAC,IAAA,CAAK,IAAA,CAAK,OAAA,EAAS;AACtB,QAAA,MAAM,IAAI,KAAA;AAAA,UACR,wCAAwC,MAAM,CAAA,0BAAA;AAAA,SAChD;AAAA,MACF;AACA,MAAA,OAAO,IAAA,CAAK,IAAA,CAAK,OAAA,CAAQ,IAAA,EAAM,OAAO,CAAA;AAAA,IACxC;AAAA,GACF;AAEA,EAAA,IAAI,IAAA,CAAK,IAAA,CAAK,WAAA,KAAgB,MAAA,EAAW;AACvC,IAAA,OAAA,CAAQ,WAAA,GAAc,KAAK,IAAA,CAAK,WAAA;AAAA,EAClC;AAEA,EAAA,OAAO,OAAA;AACT;ACzKO,IAAM,iBAAA,GAAoBA,MAAE,MAAA,CAAO;AAAA,EACxC,QAAQA,KAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,GAAG,oBAAoB,CAAA;AAAA,EAC9C,QAAQA,KAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,GAAG,oBAAoB,CAAA;AAAA,EAC9C,UAAUA,KAAA,CAAE,MAAA,CAAOA,MAAE,MAAA,EAAQ,EAAE,QAAA;AACjC,CAAC;AAEM,IAAM,kBAAA,GAAqBA,MAAE,MAAA,CAAO;AAAA;AAAA,EAEzC,UAAA,EAAYA,MAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,CAAC,CAAA;AAAA;AAAA,EAEnC,SAAA,EAAWA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA;AAAA,EAE/B,KAAA,EAAOA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AACpB,CAAC;AAEM,IAAM,sBAAA,GAAyBA,MAAE,MAAA,CAAO;AAAA,EAC7C,OAAOA,KAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,GAAG,mBAAmB,CAAA;AAAA,EAC5C,QAAQA,KAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,GAAG,oBAAoB,CAAA;AAAA,EAC9C,UAAUA,KAAA,CAAE,MAAA,CAAOA,MAAE,MAAA,EAAQ,EAAE,QAAA,EAAS;AAAA,EACxC,OAAA,EAAS;AACX,CAAC;AAEM,IAAM,sBAAA,GAAyBA,MAAE,MAAA,CAAO;AAAA,EAC7C,KAAA,EAAOA,KAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EACvB,SAAA,EAAWA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC/B,UAAA,EAAYA,MAAE,MAAA,EAAO,CAAE,KAAI,CAAE,QAAA,GAAW,QAAA;AAC1C,CAAC;AAEM,IAAM,0BAAA,GAA6BA,MAAE,MAAA,CAAO;AAAA,EACjD,WAAWA,KAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,GAAG,uBAAuB,CAAA;AAAA,EACpD,WAAWA,KAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,GAAG,uBAAuB,CAAA;AAAA,EACpD,QAAA,EAAUA,KAAA,CAAE,KAAA,CAAMA,KAAA,CAAE,MAAA,GAAS,GAAA,CAAI,CAAC,CAAC,CAAA,CAAE,QAAA,EAAS;AAAA,EAC9C,UAAA,EAAYA,MAAE,MAAA,EAAO,CAAE,KAAI,CAAE,QAAA,GAAW,QAAA,EAAS;AAAA,EACjD,UAAA,EAAYA,KAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,QAAA,EAAS;AAAA,EAC9C,SAAA,EAAWA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC/B,QAAA,EAAUA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AACvB,CAAC;AA2EM,IAAM,eAAA,GAAN,cAA8B,KAAA,CAAM;AAAA,EACzC,WAAA,CACE,OAAA,EACgB,MAAA,EACA,OAAA,EAChB;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AAHG,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AACA,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAGhB,IAAA,IAAA,CAAK,IAAA,GAAO,iBAAA;AAAA,EACd;AACF;;;ACrFO,IAAM,aAAN,MAAiB;AAAA,EACL,OAAA;AAAA,EACA,SAAA;AAAA,EACA,MAAA;AAAA,EAEjB,WAAA,CAAY,GAAA,GAAoB,EAAC,EAAG;AAClC,IAAA,IAAA,CAAK,WAAW,GAAA,CAAI,OAAA,IAAW,uBAAA,EAAyB,OAAA,CAAQ,OAAO,EAAE,CAAA;AACzE,IAAA,IAAA,CAAK,SAAA,GAAY,IAAI,SAAA,IAAa,GAAA;AAClC,IAAA,IAAA,CAAK,SAAS,GAAA,CAAI,MAAA;AAAA,EACpB;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,UAAU,GAAA,EAAyC;AACvD,IAAA,MAAM,SAAA,GAAY,iBAAA,CAAkB,KAAA,CAAM,GAAG,CAAA;AAC7C,IAAA,MAAM,IAAA,GAAO;AAAA,MACX,SAAS,SAAA,CAAU,MAAA;AAAA,MACnB,QAAQ,SAAA,CAAU,MAAA;AAAA,MAClB,UAAU,SAAA,CAAU;AAAA,KACtB;AACA,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,IAAA,CAIrB,iBAAiB,IAAI,CAAA;AAExB,IAAA,OAAO;AAAA,MACL,SAAS,IAAA,CAAK,OAAA;AAAA,MACd,QAAQ,IAAA,CAAK,MAAA;AAAA,MACb,SAAS,IAAA,CAAK;AAAA,KAChB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,eAAe,GAAA,EAAmD;AACtE,IAAA,MAAM,SAAA,GAAY,sBAAA,CAAuB,KAAA,CAAM,GAAG,CAAA;AAClD,IAAA,MAAM,IAAA,GAAO;AAAA,MACX,OAAO,SAAA,CAAU,KAAA;AAAA,MACjB,QAAQ,SAAA,CAAU,MAAA;AAAA,MAClB,UAAU,SAAA,CAAU,QAAA;AAAA,MACpB,UAAA,EAAY,UAAU,OAAA,CAAQ,UAAA;AAAA,MAC9B,UAAA,EAAY,UAAU,OAAA,CAAQ,SAAA;AAAA,MAC9B,KAAA,EAAO,UAAU,OAAA,CAAQ;AAAA,KAC3B;AACA,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,IAAA,CAOrB,uBAAuB,IAAI,CAAA;AAE9B,IAAA,OAAO;AAAA,MACL,SAAS,IAAA,CAAK,OAAA;AAAA,MACd,QAAQ,IAAA,CAAK,MAAA;AAAA,MACb,SAAS,IAAA,CAAK,QAAA;AAAA,MACd,iBAAiB,IAAA,CAAK,gBAAA;AAAA,MACtB,qBAAqB,IAAA,CAAK,qBAAA;AAAA,MAC1B,gBAAgB,IAAA,CAAK;AAAA,KACvB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,UAAU,GAAA,EAAiD;AAC/D,IAAA,MAAM,SAAA,GAAY,sBAAA,CAAuB,KAAA,CAAM,GAAG,CAAA;AAClD,IAAA,MAAM,IAAA,GAAO;AAAA,MACX,OAAO,SAAA,CAAU,KAAA;AAAA,MACjB,YAAY,SAAA,CAAU,SAAA;AAAA,MACtB,WAAA,EAAa,UAAU,UAAA,IAAc;AAAA,KACvC;AACA,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,IAAA,CAIrB,mBAAmB,IAAI,CAAA;AAE1B,IAAA,OAAO;AAAA,MACL,OAAO,IAAA,CAAK,KAAA;AAAA,MACZ,SAAS,IAAA,CAAK,QAAA;AAAA,MACd,SAAA,EAAW,IAAI,IAAA,CAAK,IAAA,CAAK,aAAa,GAAI;AAAA,KAC5C;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,YAAY,OAAA,EAA6C;AAC7D,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,MAAA;AAAA,MACtB,CAAA,WAAA,EAAc,kBAAA,CAAmB,OAAO,CAAC,CAAA;AAAA,KAC3C;AACA,IAAA,OAAO,EAAE,OAAA,EAAS,IAAA,CAAK,OAAA,EAAQ;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaA,MAAM,cAAc,GAAA,EAAyD;AAC3E,IAAA,MAAM,SAAA,GAAY,0BAAA,CAA2B,KAAA,CAAM,GAAG,CAAA;AACtD,IAAA,MAAM,IAAA,GAAO;AAAA,MACX,WAAW,SAAA,CAAU,SAAA;AAAA,MACrB,WAAW,SAAA,CAAU,SAAA;AAAA,MACrB,SAAA,EAAW,SAAA,CAAU,QAAA,IAAY,EAAC;AAAA,MAClC,WAAA,EAAa,UAAU,UAAA,IAAc,EAAA;AAAA,MACrC,UAAA,EAAY,UAAU,UAAA,IAAc,CAAA;AAAA,MACpC,UAAA,EAAY,UAAU,SAAA,IAAa,EAAA;AAAA,MACnC,SAAA,EAAW,UAAU,QAAA,IAAY;AAAA,KACnC;AACA,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,IAAA,CAQrB,sBAAsB,IAAI,CAAA;AAE7B,IAAA,OAAO;AAAA,MACL,OAAO,IAAA,CAAK,KAAA;AAAA,MACZ,SAAS,IAAA,CAAK,QAAA;AAAA,MACd,SAAA,EAAW,IAAI,IAAA,CAAK,IAAA,CAAK,aAAa,GAAI,CAAA;AAAA,MAC1C,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,eAAe,IAAA,CAAK,cAAA;AAAA,MACpB,SAAS,IAAA,CAAK;AAAA,KAChB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,SAAA,GAA8B;AAClC,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,GAAA,CAAwB,UAAU,CAAA;AAC1D,MAAA,OAAO,KAAK,MAAA,KAAW,IAAA;AAAA,IACzB,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AAAA;AAAA,EAIQ,OAAA,GAAkC;AACxC,IAAA,MAAM,CAAA,GAA4B,EAAE,cAAA,EAAgB,kBAAA,EAAmB;AACvE,IAAA,IAAI,KAAK,MAAA,EAAQ;AACf,MAAA,CAAA,CAAE,eAAe,CAAA,GAAI,CAAA,OAAA,EAAU,IAAA,CAAK,MAAM,CAAA,CAAA;AAAA,IAC5C;AACA,IAAA,OAAO,CAAA;AAAA,EACT;AAAA,EAEA,MAAc,IAAA,CAAQ,IAAA,EAAc,IAAA,EAA2B;AAC7D,IAAA,MAAM,IAAA,GAAO,IAAI,eAAA,EAAgB;AACjC,IAAA,MAAM,QAAQ,UAAA,CAAW,MAAM,KAAK,KAAA,EAAM,EAAG,KAAK,SAAS,CAAA;AAC3D,IAAA,IAAI;AACF,MAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,CAAA,EAAG,KAAK,OAAO,CAAA,EAAG,IAAI,CAAA,CAAA,EAAI;AAAA,QAChD,MAAA,EAAQ,MAAA;AAAA,QACR,OAAA,EAAS,KAAK,OAAA,EAAQ;AAAA,QACtB,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI,CAAA;AAAA,QACzB,QAAQ,IAAA,CAAK;AAAA,OACd,CAAA;AACD,MAAA,OAAO,IAAA,CAAK,cAAiB,GAAG,CAAA;AAAA,IAClC,CAAA,SAAE;AACA,MAAA,YAAA,CAAa,KAAK,CAAA;AAAA,IACpB;AAAA,EACF;AAAA,EAEA,MAAc,OAAU,IAAA,EAA0B;AAChD,IAAA,MAAM,IAAA,GAAO,IAAI,eAAA,EAAgB;AACjC,IAAA,MAAM,QAAQ,UAAA,CAAW,MAAM,KAAK,KAAA,EAAM,EAAG,KAAK,SAAS,CAAA;AAC3D,IAAA,IAAI;AACF,MAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,CAAA,EAAG,KAAK,OAAO,CAAA,EAAG,IAAI,CAAA,CAAA,EAAI;AAAA,QAChD,MAAA,EAAQ,QAAA;AAAA,QACR,OAAA,EAAS,KAAK,OAAA,EAAQ;AAAA,QACtB,QAAQ,IAAA,CAAK;AAAA,OACd,CAAA;AACD,MAAA,OAAO,IAAA,CAAK,cAAiB,GAAG,CAAA;AAAA,IAClC,CAAA,SAAE;AACA,MAAA,YAAA,CAAa,KAAK,CAAA;AAAA,IACpB;AAAA,EACF;AAAA,EAEA,MAAc,IAAO,IAAA,EAA0B;AAC7C,IAAA,MAAM,IAAA,GAAO,IAAI,eAAA,EAAgB;AACjC,IAAA,MAAM,QAAQ,UAAA,CAAW,MAAM,KAAK,KAAA,EAAM,EAAG,KAAK,SAAS,CAAA;AAC3D,IAAA,IAAI;AACF,MAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,CAAA,EAAG,KAAK,OAAO,CAAA,EAAG,IAAI,CAAA,CAAA,EAAI;AAAA,QAChD,MAAA,EAAQ,KAAA;AAAA,QACR,OAAA,EAAS,KAAK,OAAA,EAAQ;AAAA,QACtB,QAAQ,IAAA,CAAK;AAAA,OACd,CAAA;AACD,MAAA,OAAO,IAAA,CAAK,cAAiB,GAAG,CAAA;AAAA,IAClC,CAAA,SAAE;AACA,MAAA,YAAA,CAAa,KAAK,CAAA;AAAA,IACpB;AAAA,EACF;AAAA,EAEA,MAAc,cAAiB,GAAA,EAA2B;AACxD,IAAA,MAAM,IAAA,GAAQ,MAAM,GAAA,CAAI,IAAA,EAAK;AAC7B,IAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,MAAA,MAAM,IAAI,eAAA;AAAA,QACP,IAAA,CAAK,OAAO,CAAA,IAAgB,cAAA;AAAA,QAC7B,GAAA,CAAI,MAAA;AAAA,QACJ;AAAA,OACF;AAAA,IACF;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AACF;;;AC7NO,SAAS,aAAa,MAAA,EAAmC;AAC9D,EAAA,OAAO,IAAI,WAAW,MAAM,CAAA;AAC9B","file":"index.js","sourcesContent":["/**\n * Vercel AI SDK integration for Lelu — Confidence-Aware Auth.\n *\n * Wraps a Vercel AI SDK `tool()` definition with a Lelu authorization\n * gate. The wrapped tool runs the original `execute` function only when\n * Lelu allows it; otherwise it returns a structured refusal object that\n * the model can inspect and self-correct on.\n *\n * @example\n * ```ts\n * import { tool } from 'ai';\n * import { z } from 'zod';\n * import { LeluClient } from '@lelu-auth/lelu';\n * import { secureTool } from 'lelu/vercel';\n *\n * const lelu = new LeluClient({ baseUrl: 'http://localhost:8082' });\n *\n * const refundTool = secureTool({\n *   client: lelu,\n *   actor: 'invoice_bot',\n *   action: 'invoice:refund',\n *   confidence: 0.92,\n *   tool: tool({\n *     description: 'Process a customer refund',\n *     parameters: z.object({ invoiceId: z.string() }),\n *     execute: async ({ invoiceId }) => ({ refunded: invoiceId }),\n *   }),\n * });\n *\n * // Use in streamText / generateText:\n * const result = await streamText({\n *   model: openai('gpt-4o'),\n *   tools: { refundTool },\n * });\n * ```\n */\n\nimport { LeluClient } from \"../client.js\";\n\n// ─── Minimal Vercel AI SDK tool type ──────────────────────────────────────────\n\n/**\n * The minimal shape of a Vercel AI SDK `tool()` return value.\n * We keep this local to avoid a hard dependency on `ai`.\n */\nexport interface VercelTool<TArgs = unknown, TResult = unknown> {\n  description?: string;\n  parameters: unknown;\n  execute?: (args: TArgs, options?: unknown) => Promise<TResult>;\n}\n\n// ─── Denied / Review result shape ─────────────────────────────────────────────\n\nexport interface LeluDeniedResult {\n  /** Always `false` when the tool was blocked. */\n  allowed: false;\n  /** Human/LLM-readable denial reason. */\n  reason: string;\n  /** Whether the action is queued for human review. */\n  requiresHumanReview: boolean;\n  /** The downgraded scope when confidence caused a downgrade. */\n  downgradedScope?: string;\n}\n\n// ─── Options ──────────────────────────────────────────────────────────────────\n\nexport interface SecureToolOptions<TArgs = unknown, TResult = unknown> {\n  /** Configured Lelu client. */\n  client: LeluClient;\n  /** The agent actor / scope registered in Lelu policy. */\n  actor: string;\n  /** The permission string being checked. */\n  action: string;\n  /**\n   * LLM confidence score (0.0–1.0). Can be a static number or a function\n   * receiving the parsed tool arguments, allowing dynamic confidence based\n   * on the actual call. Defaults to `1.0`.\n   */\n  confidence?: number | ((args: TArgs) => number);\n  /** Optional user ID the agent is acting on behalf of. */\n  actingFor?: string;\n  /** The original Vercel AI SDK tool to wrap. */\n  tool: VercelTool<TArgs, TResult>;\n}\n\n// ─── secureTool ───────────────────────────────────────────────────────────────\n\n/**\n * Wraps a Vercel AI SDK `tool()` with Lelu Confidence-Aware Auth.\n *\n * Returns a new tool object with the same `description` and `parameters`\n * but with an `execute` function that gates through Lelu first.\n *\n * On denial the tool returns a `LeluDeniedResult` object (not a throw) so\n * the model sees a structured response it can reason about.\n */\nexport function secureTool<TArgs = unknown, TResult = unknown>(\n  opts: SecureToolOptions<TArgs, TResult>\n): VercelTool<TArgs, TResult | LeluDeniedResult> {\n  const { client, actor, action, actingFor } = opts;\n\n  const wrapped: VercelTool<TArgs, TResult | LeluDeniedResult> = {\n    parameters: opts.tool.parameters,\n\n    async execute(\n      args: TArgs,\n      options?: unknown\n    ): Promise<TResult | LeluDeniedResult> {\n      // Resolve confidence — static number or dynamic function.\n      const confidence =\n        typeof opts.confidence === \"function\"\n          ? opts.confidence(args)\n          : (opts.confidence ?? 1.0);\n\n      let decision;\n      try {\n        decision = await client.agentAuthorize({\n          actor,\n          action,\n          context: { confidence, actingFor },\n        });\n      } catch (err) {\n        // Fail open with a structured denial so the model can handle it.\n        return {\n          allowed: false,\n          reason: `Lelu authorization check failed: ${String(err)}`,\n          requiresHumanReview: false,\n        };\n      }\n\n      // ── Human review required ──────────────────────────────────────────\n      if (decision.requiresHumanReview) {\n        return {\n          allowed: false,\n          reason:\n            `Action '${action}' for agent '${actor}' is queued for human review. ` +\n            `Reason: ${decision.reason}. Confidence: ${(confidence * 100).toFixed(0)}%.`,\n          requiresHumanReview: true,\n        };\n      }\n\n      // ── Hard deny ─────────────────────────────────────────────────────\n      if (!decision.allowed) {\n        const denied: LeluDeniedResult = {\n          allowed: false,\n          reason:\n            `Action '${action}' was denied for agent '${actor}'. ` +\n            `Reason: ${decision.reason}.`,\n          requiresHumanReview: false,\n        };\n        if (decision.downgradedScope !== undefined) {\n          denied.downgradedScope = decision.downgradedScope;\n        }\n        return {\n          ...denied,\n        };\n      }\n\n      // ── Authorized — run original execute ─────────────────────────────\n      if (!opts.tool.execute) {\n        throw new Error(\n          `[Lelu] secureTool: the wrapped tool '${action}' has no execute function.`\n        );\n      }\n      return opts.tool.execute(args, options);\n    },\n  };\n\n  if (opts.tool.description !== undefined) {\n    wrapped.description = opts.tool.description;\n  }\n\n  return wrapped;\n}\n","import { z } from \"zod\";\n\n// ─── Request / Response schemas ───────────────────────────────────────────────\n\nexport const AuthRequestSchema = z.object({\n  userId: z.string().min(1, \"userId is required\"),\n  action: z.string().min(1, \"action is required\"),\n  resource: z.record(z.string()).optional(),\n});\n\nexport const AgentContextSchema = z.object({\n  /** LLM confidence score — 0.0 to 1.0 */\n  confidence: z.number().min(0).max(1),\n  /** User the agent is acting on behalf of */\n  actingFor: z.string().optional(),\n  /** Requested agent scope */\n  scope: z.string().optional(),\n});\n\nexport const AgentAuthRequestSchema = z.object({\n  actor: z.string().min(1, \"actor is required\"),\n  action: z.string().min(1, \"action is required\"),\n  resource: z.record(z.string()).optional(),\n  context: AgentContextSchema,\n});\n\nexport const MintTokenRequestSchema = z.object({\n  scope: z.string().min(1),\n  actingFor: z.string().optional(),\n  ttlSeconds: z.number().int().positive().optional(),\n});\n\nexport const DelegateScopeRequestSchema = z.object({\n  delegator: z.string().min(1, \"delegator is required\"),\n  delegatee: z.string().min(1, \"delegatee is required\"),\n  scopedTo: z.array(z.string().min(1)).optional(),\n  ttlSeconds: z.number().int().positive().optional(),\n  confidence: z.number().min(0).max(1).optional(),\n  actingFor: z.string().optional(),\n  tenantId: z.string().optional(),\n});\n\n// ─── Decision types ───────────────────────────────────────────────────────────\n\nexport interface AuthDecision {\n  allowed: boolean;\n  reason: string;\n  traceId: string;\n}\n\nexport interface AgentAuthDecision {\n  allowed: boolean;\n  reason: string;\n  traceId: string;\n  downgradedScope: string | undefined;\n  requiresHumanReview: boolean;\n  confidenceUsed: number;\n}\n\nexport interface MintTokenResult {\n  token: string;\n  tokenId: string;\n  expiresAt: Date;\n}\n\nexport interface DelegateScopeRequest {\n  /** Agent delegating the scope */\n  delegator: string;\n  /** Agent receiving the constrained sub-scope */\n  delegatee: string;\n  /** Actions to grant (must be subset of policy's can_delegate.scoped_to) */\n  scopedTo?: string[];\n  /** Token TTL in seconds — capped by the policy's max_ttl_seconds */\n  ttlSeconds?: number;\n  /** Delegator's confidence score — checked against require_confidence_above */\n  confidence?: number;\n  /** User the delegated agent acts on behalf of */\n  actingFor?: string;\n  tenantId?: string;\n}\n\nexport interface DelegateScopeResult {\n  token: string;\n  tokenId: string;\n  expiresAt: Date;\n  delegator: string;\n  delegatee: string;\n  grantedScopes: string[];\n  traceId: string;\n}\n\nexport interface RevokeTokenResult {\n  success: boolean;\n}\n\n// ─── Typed Input types ───────────────────────────────────────────────────────\n\nexport type AuthRequest = z.infer<typeof AuthRequestSchema>;\nexport type AgentAuthRequest = z.infer<typeof AgentAuthRequestSchema>;\nexport type AgentContext = z.infer<typeof AgentContextSchema>;\nexport type MintTokenRequest = z.infer<typeof MintTokenRequestSchema>;\n\n// ─── Client config ────────────────────────────────────────────────────────────\n\nexport interface ClientConfig {\n  /** Base URL of the Auth Permission Engine (default: http://localhost:8080) */\n  baseUrl?: string;\n  /** Request timeout in milliseconds (default: 5000) */\n  timeoutMs?: number;\n  /** Optional bearer token for authenticating with the engine */\n  apiKey?: string;\n}\n\n// ─── Error type ───────────────────────────────────────────────────────────────\n\nexport class AuthEngineError extends Error {\n  constructor(\n    message: string,\n    public readonly status?: number,\n    public readonly details?: unknown\n  ) {\n    super(message);\n    this.name = \"AuthEngineError\";\n  }\n}\n","import {\n  AuthEngineError,\n  AuthRequestSchema,\n  AgentAuthRequestSchema,\n  MintTokenRequestSchema,\n  DelegateScopeRequestSchema,\n  type AuthDecision,\n  type AgentAuthDecision,\n  type MintTokenResult,\n  type DelegateScopeResult,\n  type DelegateScopeRequest,\n  type RevokeTokenResult,\n  type AuthRequest,\n  type AgentAuthRequest,\n  type MintTokenRequest,\n  type ClientConfig,\n} from \"./types.js\";\n\n// ─── Client ───────────────────────────────────────────────────────────────────\n\n/**\n * LeluClient is the core SDK entry-point. It communicates with the local\n * Auth Permission Engine sidecar over HTTP/JSON.\n *\n * @example\n * ```ts\n * const lelu = new LeluClient({ baseUrl: \"http://localhost:8080\" });\n *\n * const decision = await lelu.agentAuthorize({\n *   actor: \"invoice_bot\",\n *   action: \"approve_refunds\",\n *   context: { confidence: 0.92, actingFor: \"user_123\" },\n * });\n *\n * if (!decision.allowed) {\n *   console.log(decision.reason);\n * }\n * ```\n */\nexport class LeluClient {\n  private readonly baseUrl: string;\n  private readonly timeoutMs: number;\n  private readonly apiKey: string | undefined;\n\n  constructor(cfg: ClientConfig = {}) {\n    this.baseUrl = (cfg.baseUrl ?? \"http://localhost:8080\").replace(/\\/$/, \"\");\n    this.timeoutMs = cfg.timeoutMs ?? 5_000;\n    this.apiKey = cfg.apiKey;\n  }\n\n  // ── Human authorization ────────────────────────────────────────────────────\n\n  /**\n   * Checks whether a human user is permitted to perform an action.\n   */\n  async authorize(req: AuthRequest): Promise<AuthDecision> {\n    const validated = AuthRequestSchema.parse(req);\n    const body = {\n      user_id: validated.userId,\n      action: validated.action,\n      resource: validated.resource,\n    };\n    const data = await this.post<{\n      allowed: boolean;\n      reason: string;\n      trace_id: string;\n    }>(\"/v1/authorize\", body);\n\n    return {\n      allowed: data.allowed,\n      reason: data.reason,\n      traceId: data.trace_id,\n    };\n  }\n\n  // ── Agent authorization ────────────────────────────────────────────────────\n\n  /**\n   * Checks whether an AI agent is permitted to perform an action, taking the\n   * confidence score into account (Confidence-Aware Auth ★).\n   */\n  async agentAuthorize(req: AgentAuthRequest): Promise<AgentAuthDecision> {\n    const validated = AgentAuthRequestSchema.parse(req);\n    const body = {\n      actor: validated.actor,\n      action: validated.action,\n      resource: validated.resource,\n      confidence: validated.context.confidence,\n      acting_for: validated.context.actingFor,\n      scope: validated.context.scope,\n    };\n    const data = await this.post<{\n      allowed: boolean;\n      reason: string;\n      trace_id: string;\n      downgraded_scope?: string;\n      requires_human_review: boolean;\n      confidence_used: number;\n    }>(\"/v1/agent/authorize\", body);\n\n    return {\n      allowed: data.allowed,\n      reason: data.reason,\n      traceId: data.trace_id,\n      downgradedScope: data.downgraded_scope,\n      requiresHumanReview: data.requires_human_review,\n      confidenceUsed: data.confidence_used,\n    };\n  }\n\n  // ── JIT Token minting ──────────────────────────────────────────────────────\n\n  /**\n   * Mints a scoped JWT for an agent with an optional TTL.\n   * Default TTL is 60 seconds.\n   */\n  async mintToken(req: MintTokenRequest): Promise<MintTokenResult> {\n    const validated = MintTokenRequestSchema.parse(req);\n    const body = {\n      scope: validated.scope,\n      acting_for: validated.actingFor,\n      ttl_seconds: validated.ttlSeconds ?? 60,\n    };\n    const data = await this.post<{\n      token: string;\n      token_id: string;\n      expires_at: number;\n    }>(\"/v1/tokens/mint\", body);\n\n    return {\n      token: data.token,\n      tokenId: data.token_id,\n      expiresAt: new Date(data.expires_at * 1000),\n    };\n  }\n\n  // ── Token revocation ───────────────────────────────────────────────────────\n\n  /**\n   * Immediately revokes a JIT token by its ID.\n   */\n  async revokeToken(tokenId: string): Promise<RevokeTokenResult> {\n    const data = await this.delete<{ success: boolean }>(\n      `/v1/tokens/${encodeURIComponent(tokenId)}`\n    );\n    return { success: data.success };\n  }\n\n  // ── Multi-agent delegation ─────────────────────────────────────────────────\n\n  /**\n   * Delegates a constrained sub-scope from one agent to another.\n   *\n   * Validates the delegation rule in the loaded policy, caps the TTL to the\n   * policy maximum, and mints a child JIT token scoped to the granted actions.\n   *\n   * The delegator's `confidence` score is checked against the policy's\n   * `require_confidence_above` before delegation is granted.\n   */\n  async delegateScope(req: DelegateScopeRequest): Promise<DelegateScopeResult> {\n    const validated = DelegateScopeRequestSchema.parse(req);\n    const body = {\n      delegator: validated.delegator,\n      delegatee: validated.delegatee,\n      scoped_to: validated.scopedTo ?? [],\n      ttl_seconds: validated.ttlSeconds ?? 60,\n      confidence: validated.confidence ?? 1.0,\n      acting_for: validated.actingFor ?? \"\",\n      tenant_id: validated.tenantId ?? \"\",\n    };\n    const data = await this.post<{\n      token: string;\n      token_id: string;\n      expires_at: number;\n      delegator: string;\n      delegatee: string;\n      granted_scopes: string[];\n      trace_id: string;\n    }>(\"/v1/agent/delegate\", body);\n\n    return {\n      token: data.token,\n      tokenId: data.token_id,\n      expiresAt: new Date(data.expires_at * 1000),\n      delegator: data.delegator,\n      delegatee: data.delegatee,\n      grantedScopes: data.granted_scopes,\n      traceId: data.trace_id,\n    };\n  }\n\n  // ── Health check ───────────────────────────────────────────────────────────\n\n  /**\n   * Returns true if the engine is reachable and healthy.\n   */\n  async isHealthy(): Promise<boolean> {\n    try {\n      const data = await this.get<{ status: string }>(\"/healthz\");\n      return data.status === \"ok\";\n    } catch {\n      return false;\n    }\n  }\n\n  // ── HTTP helpers ───────────────────────────────────────────────────────────\n\n  private headers(): Record<string, string> {\n    const h: Record<string, string> = { \"Content-Type\": \"application/json\" };\n    if (this.apiKey) {\n      h[\"Authorization\"] = `Bearer ${this.apiKey}`;\n    }\n    return h;\n  }\n\n  private async post<T>(path: string, body: unknown): Promise<T> {\n    const ctrl = new AbortController();\n    const timer = setTimeout(() => ctrl.abort(), this.timeoutMs);\n    try {\n      const res = await fetch(`${this.baseUrl}${path}`, {\n        method: \"POST\",\n        headers: this.headers(),\n        body: JSON.stringify(body),\n        signal: ctrl.signal,\n      });\n      return this.parseResponse<T>(res);\n    } finally {\n      clearTimeout(timer);\n    }\n  }\n\n  private async delete<T>(path: string): Promise<T> {\n    const ctrl = new AbortController();\n    const timer = setTimeout(() => ctrl.abort(), this.timeoutMs);\n    try {\n      const res = await fetch(`${this.baseUrl}${path}`, {\n        method: \"DELETE\",\n        headers: this.headers(),\n        signal: ctrl.signal,\n      });\n      return this.parseResponse<T>(res);\n    } finally {\n      clearTimeout(timer);\n    }\n  }\n\n  private async get<T>(path: string): Promise<T> {\n    const ctrl = new AbortController();\n    const timer = setTimeout(() => ctrl.abort(), this.timeoutMs);\n    try {\n      const res = await fetch(`${this.baseUrl}${path}`, {\n        method: \"GET\",\n        headers: this.headers(),\n        signal: ctrl.signal,\n      });\n      return this.parseResponse<T>(res);\n    } finally {\n      clearTimeout(timer);\n    }\n  }\n\n  private async parseResponse<T>(res: Response): Promise<T> {\n    const json = (await res.json()) as Record<string, unknown>;\n    if (!res.ok) {\n      throw new AuthEngineError(\n        (json[\"error\"] as string) ?? \"engine error\",\n        res.status,\n        json\n      );\n    }\n    return json as T;\n  }\n}\n","// Auth Permission Engine — TypeScript SDK\n// Public API surface\n\n// ─── Vercel AI SDK integration ────────────────────────────────────────────────\n// Import via: import { secureTool } from 'lelu/vercel'\n// (tree-shakeable — does not add weight to non-Vercel users)\nexport { secureTool } from \"./vercel/index.js\";\nexport type { SecureToolOptions, LeluDeniedResult, VercelTool } from \"./vercel/index.js\";\n\nexport { LeluClient } from \"./client.js\";\n\nexport type {\n  AuthRequest,\n  AgentAuthRequest,\n  AgentContext,\n  MintTokenRequest,\n  DelegateScopeRequest,\n  AuthDecision,\n  AgentAuthDecision,\n  MintTokenResult,\n  DelegateScopeResult,\n  RevokeTokenResult,\n  ClientConfig,\n} from \"./types.js\";\n\nexport {\n  AuthEngineError,\n  AuthRequestSchema,\n  AgentAuthRequestSchema,\n  AgentContextSchema,\n  MintTokenRequestSchema,\n  DelegateScopeRequestSchema,\n} from \"./types.js\";\n\n// ─── Convenience factory ──────────────────────────────────────────────────────\n\nimport { LeluClient } from \"./client.js\";\nimport type { ClientConfig } from \"./types.js\";\n\n/**\n * Creates a LeluClient with the given configuration.\n * Equivalent to `new LeluClient(config)`.\n *\n * @example\n * ```ts\n * import { createClient } from \"@lelu-auth/lelu\";\n *\n * const lelu = createClient({ baseUrl: \"http://localhost:8080\" });\n * const { allowed } = await lelu.agentAuthorize({ ... });\n * ```\n */\nexport function createClient(config?: ClientConfig): LeluClient {\n  return new LeluClient(config);\n}\n"]}