@lelu-auth/lelu 0.1.9 → 0.1.10

package/LICENSE

@@ -1,21 +1,21 @@
-MIT License
-
-Copyright (c) 2026 Abenezer <abenezergetachew0923@gmail.com>
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+MIT License
+
+Copyright (c) 2026 Abenezer <abenezergetachew0923@gmail.com>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -1,55 +1,96 @@
-# Lelu
-
-The TypeScript SDK for Lelu — the confidence-aware authorization engine for autonomous AI agents.
-
-Lelu provides confidence-aware access control, human-in-the-loop approvals, and SOC 2-ready audit trails for your autonomous agents.
-
-## Installation
-
-```bash
-npm install @lelu-auth/lelu
-```
-
-## Quick Start
-
-```typescript
-import { createClient } from "@lelu-auth/lelu";
-
-// Initialize the client
-const lelu = createClient({ 
-  baseUrl: "http://localhost:8082" 
-});
-
-// Authorize an agent action
-async function runAgent() {
-  const { allowed, reason } = await lelu.agentAuthorize({
-    agentId: "agent-123",
-    action: "read_database",
-    resource: "users_table",
-    context: {
-      confidence: 0.95
-    }
-  });
-
-  if (allowed) {
-    console.log("Action permitted!");
-  } else {
-    console.log("Action denied:", reason);
-  }
-}
-```
-
-## Features
-
-- **Confidence-Aware**: Dynamically adjust permissions based on the AI agent's confidence level.
-- **Human-in-the-loop**: Require human approval for low-confidence or high-risk actions.
-- **Audit Trails**: SOC 2-ready logging of all agent decisions and actions.
-- **Framework Agnostic**: Works with LangChain, AutoGPT, or custom agent frameworks.
-
-## Documentation
-
-For full documentation, visit [https://github.com/lelu-auth/lelu](https://github.com/lelu-auth/lelu).
-
-## License
-
-MIT
+[![Lelu logo](https://ui-seven-amber.vercel.app/logo.svg)](https://ui-seven-amber.vercel.app/)
+
+# Lelu
+
+The TypeScript SDK for Lelu — the confidence-aware authorization engine for autonomous AI agents.
+
+Lelu provides confidence-aware access control, human-in-the-loop approvals, and SOC 2-ready audit trails for your autonomous agents.
+
+## Installation
+
+```bash
+npm install @lelu-auth/lelu
+```
+
+## Start Dashboard (Localhost)
+
+After installing the package, start the local dashboard stack with one command:
+
+```bash
+npx @lelu-auth/lelu dashboard
+```
+
+Then open:
+
+```text
+http://localhost:3002/audit
+```
+
+This command clones/updates the Lelu stack in `~/.lelu-stack` and runs `docker compose up -d --build`.
+
+Or run the public Lelu engine image:
+
+```bash
+docker pull abenezer0923/lelu-engine:latest
+docker run --rm -p 8083:8080 abenezer0923/lelu-engine:latest
+```
+
+## Docker Support
+
+Lelu works in Dockerized apps.
+
+The SDK resolves engine URL in this order:
+
+1. `baseUrl` passed to `createClient(...)`
+2. `LELU_BASE_URL` environment variable
+3. `http://localhost:8080` fallback
+
+Example for containers:
+
+```bash
+LELU_BASE_URL=http://host.docker.internal:8083
+```
+
+## Quick Start
+
+```typescript
+import { createClient } from "@lelu-auth/lelu";
+
+// Initialize the client
+const lelu = createClient({ 
+  baseUrl: "http://localhost:8083" 
+});
+
+// Authorize an agent action
+async function runAgent() {
+  const { allowed, reason } = await lelu.agentAuthorize({
+    agentId: "agent-123",
+    action: "read_database",
+    resource: "users_table",
+    context: {
+      confidence: 0.95
+    }
+  });
+
+  if (allowed) {
+    console.log("Action permitted!");
+  } else {
+    console.log("Action denied:", reason);
+  }
+}
+```
+
+## Features
+
+- **Confidence-Aware**: Dynamically adjust permissions based on the AI agent's confidence level.
+- **Human-in-the-loop**: Require human approval for low-confidence or high-risk actions.
+- **Audit Trails**: SOC 2-ready logging of all agent decisions and actions.
+- **Framework Agnostic**: Works with LangChain, AutoGPT, or custom agent frameworks.
+
+## Documentation
+
+For full documentation, visit [https://ui-seven-amber.vercel.app/](https://ui-seven-amber.vercel.app/).
+
+## License
+
+MIT

package/dist/{client-BD9h8CBT.d.mts → client-DauLJ9a4.d.mts}

@@ -151,12 +151,56 @@ interface DelegateScopeResult {
 interface RevokeTokenResult {
     success: boolean;
 }
+interface AuditEvent {
+    id: number;
+    tenantId: string;
+    traceId: string;
+    timestamp: string;
+    actor: string;
+    action: string;
+    resource?: Record<string, string>;
+    confidenceScore?: number;
+    decision: string;
+    reason?: string;
+    downgradedScope?: string;
+    latencyMs: number;
+    engineVersion?: string;
+    policyVersion?: string;
+    createdAt: string;
+}
+interface ListAuditEventsRequest {
+    /** Maximum number of events to return (default: 20, max: 500) */
+    limit?: number;
+    /** Pagination cursor (offset) */
+    cursor?: number;
+    /** Filter by actor */
+    actor?: string;
+    /** Filter by action */
+    action?: string;
+    /** Filter by decision */
+    decision?: string;
+    /** Filter by trace ID */
+    traceId?: string;
+    /** Filter events from this timestamp (ISO 8601) */
+    from?: string;
+    /** Filter events to this timestamp (ISO 8601) */
+    to?: string;
+    /** Tenant ID (defaults to "default") */
+    tenantId?: string;
+}
+interface ListAuditEventsResult {
+    events: AuditEvent[];
+    count: number;
+    limit: number;
+    cursor: number;
+    nextCursor: number;
+}
 type AuthRequest = z.infer<typeof AuthRequestSchema>;
 type AgentAuthRequest = z.infer<typeof AgentAuthRequestSchema>;
 type AgentContext = z.infer<typeof AgentContextSchema>;
 type MintTokenRequest = z.infer<typeof MintTokenRequestSchema>;
 interface ClientConfig {
-    /** Base URL of the Auth Permission Engine (default: http://localhost:8080) */
+    /** Base URL of the Auth Permission Engine (defaults to LELU_BASE_URL env var, else http://localhost:8080) */
     baseUrl?: string;
     /** Request timeout in milliseconds (default: 5000) */
     timeoutMs?: number;
@@ -168,6 +212,92 @@ declare class AuthEngineError extends Error {
     readonly details?: unknown | undefined;
     constructor(message: string, status?: number | undefined, details?: unknown | undefined);
 }
+interface Policy {
+    id: string;
+    tenantId: string;
+    name: string;
+    content: string;
+    version: string;
+    hmacSha256: string;
+    createdAt: string;
+    updatedAt: string;
+}
+interface Policy {
+    id: string;
+    tenantId: string;
+    name: string;
+    content: string;
+    version: string;
+    hmacSha256: string;
+    createdAt: string;
+    updatedAt: string;
+}
+interface ListPoliciesRequest {
+    /** Tenant ID (defaults to "default") */
+    tenantId?: string;
+}
+interface ListPoliciesRequest {
+    /** Tenant ID (defaults to "default") */
+    tenantId?: string;
+}
+interface ListPoliciesResult {
+    policies: Policy[];
+    count: number;
+}
+interface ListPoliciesResult {
+    policies: Policy[];
+    count: number;
+}
+interface GetPolicyRequest {
+    /** Policy name */
+    name: string;
+    /** Tenant ID (defaults to "default") */
+    tenantId?: string;
+}
+interface GetPolicyRequest {
+    /** Policy name */
+    name: string;
+    /** Tenant ID (defaults to "default") */
+    tenantId?: string;
+}
+interface UpsertPolicyRequest {
+    /** Policy name */
+    name: string;
+    /** Policy content (Rego code) */
+    content: string;
+    /** Policy version (defaults to "1.0") */
+    version?: string;
+    /** Tenant ID (defaults to "default") */
+    tenantId?: string;
+}
+interface UpsertPolicyRequest {
+    /** Policy name */
+    name: string;
+    /** Policy content (Rego code) */
+    content: string;
+    /** Policy version (defaults to "1.0") */
+    version?: string;
+    /** Tenant ID (defaults to "default") */
+    tenantId?: string;
+}
+interface DeletePolicyRequest {
+    /** Policy name */
+    name: string;
+    /** Tenant ID (defaults to "default") */
+    tenantId?: string;
+}
+interface DeletePolicyRequest {
+    /** Policy name */
+    name: string;
+    /** Tenant ID (defaults to "default") */
+    tenantId?: string;
+}
+interface DeletePolicyResult {
+    deleted: boolean;
+}
+interface DeletePolicyResult {
+    deleted: boolean;
+}
 
 /**
  * LeluClient is the core SDK entry-point. It communicates with the local
@@ -225,6 +355,15 @@ declare class LeluClient {
      * Returns true if the engine is reachable and healthy.
      */
     isHealthy(): Promise<boolean>;
+    /**
+     * Lists audit events from the platform API.
+     * Requires the platform service to be running (not just the engine).
+     */
+    listAuditEvents(req?: ListAuditEventsRequest): Promise<ListAuditEventsResult>;
+    listPolicies(req?: ListPoliciesRequest): Promise<ListPoliciesResult>;
+    getPolicy(req: GetPolicyRequest): Promise<Policy>;
+    upsertPolicy(req: UpsertPolicyRequest): Promise<Policy>;
+    deletePolicy(req: DeletePolicyRequest): Promise<DeletePolicyResult>;
     private headers;
     private post;
     private delete;
@@ -232,4 +371,4 @@ declare class LeluClient {
     private parseResponse;
 }
 
-export { type AgentAuthDecision as A, type ClientConfig as C, type DelegateScopeRequest as D, LeluClient as L, type MintTokenRequest as M, type RevokeTokenResult as R, type AgentAuthRequest as a, AgentAuthRequestSchema as b, type AgentContext as c, AgentContextSchema as d, type AuthDecision as e, AuthEngineError as f, type AuthRequest as g, AuthRequestSchema as h, DelegateScopeRequestSchema as i, type DelegateScopeResult as j, MintTokenRequestSchema as k, type MintTokenResult as l };
+export { type AgentAuthDecision as A, type ClientConfig as C, type DelegateScopeRequest as D, LeluClient as L, type MintTokenRequest as M, type RevokeTokenResult as R, type AgentAuthRequest as a, AgentAuthRequestSchema as b, type AgentContext as c, AgentContextSchema as d, type AuditEvent as e, type AuthDecision as f, AuthEngineError as g, type AuthRequest as h, AuthRequestSchema as i, DelegateScopeRequestSchema as j, type DelegateScopeResult as k, type ListAuditEventsRequest as l, type ListAuditEventsResult as m, MintTokenRequestSchema as n, type MintTokenResult as o };

package/dist/{client-BD9h8CBT.d.ts → client-DauLJ9a4.d.ts}

@@ -151,12 +151,56 @@ interface DelegateScopeResult {
 interface RevokeTokenResult {
     success: boolean;
 }
+interface AuditEvent {
+    id: number;
+    tenantId: string;
+    traceId: string;
+    timestamp: string;
+    actor: string;
+    action: string;
+    resource?: Record<string, string>;
+    confidenceScore?: number;
+    decision: string;
+    reason?: string;
+    downgradedScope?: string;
+    latencyMs: number;
+    engineVersion?: string;
+    policyVersion?: string;
+    createdAt: string;
+}
+interface ListAuditEventsRequest {
+    /** Maximum number of events to return (default: 20, max: 500) */
+    limit?: number;
+    /** Pagination cursor (offset) */
+    cursor?: number;
+    /** Filter by actor */
+    actor?: string;
+    /** Filter by action */
+    action?: string;
+    /** Filter by decision */
+    decision?: string;
+    /** Filter by trace ID */
+    traceId?: string;
+    /** Filter events from this timestamp (ISO 8601) */
+    from?: string;
+    /** Filter events to this timestamp (ISO 8601) */
+    to?: string;
+    /** Tenant ID (defaults to "default") */
+    tenantId?: string;
+}
+interface ListAuditEventsResult {
+    events: AuditEvent[];
+    count: number;
+    limit: number;
+    cursor: number;
+    nextCursor: number;
+}
 type AuthRequest = z.infer<typeof AuthRequestSchema>;
 type AgentAuthRequest = z.infer<typeof AgentAuthRequestSchema>;
 type AgentContext = z.infer<typeof AgentContextSchema>;
 type MintTokenRequest = z.infer<typeof MintTokenRequestSchema>;
 interface ClientConfig {
-    /** Base URL of the Auth Permission Engine (default: http://localhost:8080) */
+    /** Base URL of the Auth Permission Engine (defaults to LELU_BASE_URL env var, else http://localhost:8080) */
     baseUrl?: string;
     /** Request timeout in milliseconds (default: 5000) */
     timeoutMs?: number;
@@ -168,6 +212,92 @@ declare class AuthEngineError extends Error {
     readonly details?: unknown | undefined;
     constructor(message: string, status?: number | undefined, details?: unknown | undefined);
 }
+interface Policy {
+    id: string;
+    tenantId: string;
+    name: string;
+    content: string;
+    version: string;
+    hmacSha256: string;
+    createdAt: string;
+    updatedAt: string;
+}
+interface Policy {
+    id: string;
+    tenantId: string;
+    name: string;
+    content: string;
+    version: string;
+    hmacSha256: string;
+    createdAt: string;
+    updatedAt: string;
+}
+interface ListPoliciesRequest {
+    /** Tenant ID (defaults to "default") */
+    tenantId?: string;
+}
+interface ListPoliciesRequest {
+    /** Tenant ID (defaults to "default") */
+    tenantId?: string;
+}
+interface ListPoliciesResult {
+    policies: Policy[];
+    count: number;
+}
+interface ListPoliciesResult {
+    policies: Policy[];
+    count: number;
+}
+interface GetPolicyRequest {
+    /** Policy name */
+    name: string;
+    /** Tenant ID (defaults to "default") */
+    tenantId?: string;
+}
+interface GetPolicyRequest {
+    /** Policy name */
+    name: string;
+    /** Tenant ID (defaults to "default") */
+    tenantId?: string;
+}
+interface UpsertPolicyRequest {
+    /** Policy name */
+    name: string;
+    /** Policy content (Rego code) */
+    content: string;
+    /** Policy version (defaults to "1.0") */
+    version?: string;
+    /** Tenant ID (defaults to "default") */
+    tenantId?: string;
+}
+interface UpsertPolicyRequest {
+    /** Policy name */
+    name: string;
+    /** Policy content (Rego code) */
+    content: string;
+    /** Policy version (defaults to "1.0") */
+    version?: string;
+    /** Tenant ID (defaults to "default") */
+    tenantId?: string;
+}
+interface DeletePolicyRequest {
+    /** Policy name */
+    name: string;
+    /** Tenant ID (defaults to "default") */
+    tenantId?: string;
+}
+interface DeletePolicyRequest {
+    /** Policy name */
+    name: string;
+    /** Tenant ID (defaults to "default") */
+    tenantId?: string;
+}
+interface DeletePolicyResult {
+    deleted: boolean;
+}
+interface DeletePolicyResult {
+    deleted: boolean;
+}
 
 /**
  * LeluClient is the core SDK entry-point. It communicates with the local
@@ -225,6 +355,15 @@ declare class LeluClient {
      * Returns true if the engine is reachable and healthy.
      */
     isHealthy(): Promise<boolean>;
+    /**
+     * Lists audit events from the platform API.
+     * Requires the platform service to be running (not just the engine).
+     */
+    listAuditEvents(req?: ListAuditEventsRequest): Promise<ListAuditEventsResult>;
+    listPolicies(req?: ListPoliciesRequest): Promise<ListPoliciesResult>;
+    getPolicy(req: GetPolicyRequest): Promise<Policy>;
+    upsertPolicy(req: UpsertPolicyRequest): Promise<Policy>;
+    deletePolicy(req: DeletePolicyRequest): Promise<DeletePolicyResult>;
     private headers;
     private post;
     private delete;
@@ -232,4 +371,4 @@ declare class LeluClient {
     private parseResponse;
 }
 
-export { type AgentAuthDecision as A, type ClientConfig as C, type DelegateScopeRequest as D, LeluClient as L, type MintTokenRequest as M, type RevokeTokenResult as R, type AgentAuthRequest as a, AgentAuthRequestSchema as b, type AgentContext as c, AgentContextSchema as d, type AuthDecision as e, AuthEngineError as f, type AuthRequest as g, AuthRequestSchema as h, DelegateScopeRequestSchema as i, type DelegateScopeResult as j, MintTokenRequestSchema as k, type MintTokenResult as l };
+export { type AgentAuthDecision as A, type ClientConfig as C, type DelegateScopeRequest as D, LeluClient as L, type MintTokenRequest as M, type RevokeTokenResult as R, type AgentAuthRequest as a, AgentAuthRequestSchema as b, type AgentContext as c, AgentContextSchema as d, type AuditEvent as e, type AuthDecision as f, AuthEngineError as g, type AuthRequest as h, AuthRequestSchema as i, DelegateScopeRequestSchema as j, type DelegateScopeResult as k, type ListAuditEventsRequest as l, type ListAuditEventsResult as m, MintTokenRequestSchema as n, type MintTokenResult as o };

package/dist/express/index.d.mts

@@ -1,5 +1,5 @@
 import { RequestHandler } from 'express';
-import { L as LeluClient } from '../client-BD9h8CBT.mjs';
+import { L as LeluClient } from '../client-DauLJ9a4.mjs';
 import 'zod';
 
 interface AuthorizeOptions {

package/dist/express/index.d.ts

@@ -1,5 +1,5 @@
 import { RequestHandler } from 'express';
-import { L as LeluClient } from '../client-BD9h8CBT.js';
+import { L as LeluClient } from '../client-DauLJ9a4.js';
 import 'zod';
 
 interface AuthorizeOptions {