@lov3kaizen/agentsea-memory 0.5.1

package/dist/sharing/index.cjs

@@ -0,0 +1,1003 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/sharing/index.ts
+var sharing_exports = {};
+__export(sharing_exports, {
+  AccessControl: () => AccessControl,
+  NamespaceManager: () => NamespaceManager,
+  SharedMemory: () => SharedMemory,
+  createAccessControl: () => createAccessControl,
+  createNamespaceManager: () => createNamespaceManager,
+  createSharedMemory: () => createSharedMemory
+});
+module.exports = __toCommonJS(sharing_exports);
+
+// src/sharing/SharedMemory.ts
+var import_eventemitter3 = require("eventemitter3");
+var SharedMemory = class extends import_eventemitter3.EventEmitter {
+  store;
+  config;
+  sharedState = /* @__PURE__ */ new Map();
+  agentStates = /* @__PURE__ */ new Map();
+  subscriptions = /* @__PURE__ */ new Map();
+  // key -> agent IDs
+  lockManager = /* @__PURE__ */ new Map();
+  constructor(store, config = {}) {
+    super();
+    this.store = store;
+    this.config = {
+      conflictResolution: config.conflictResolution ?? "last-write-wins",
+      syncInterval: config.syncInterval ?? 5e3,
+      enableLocking: config.enableLocking ?? true,
+      lockTimeout: config.lockTimeout ?? 3e4,
+      maxSharedEntries: config.maxSharedEntries ?? 1e3
+    };
+  }
+  /**
+   * Set a shared value
+   */
+  async set(agentId, key, value) {
+    if (this.config.enableLocking && this.isLocked(key) && !this.hasLock(key, agentId)) {
+      return false;
+    }
+    const existing = this.sharedState.get(key);
+    if (existing && existing.writtenBy !== agentId) {
+      const resolved = this.resolveConflict(key, existing, { agentId, value });
+      if (!resolved) {
+        this.emit("conflict", key, [existing.writtenBy, agentId]);
+        return false;
+      }
+    }
+    const sharedValue = {
+      value,
+      writtenBy: agentId,
+      writtenAt: Date.now(),
+      version: (existing?.version ?? 0) + 1,
+      readers: existing?.readers ?? /* @__PURE__ */ new Set()
+    };
+    this.sharedState.set(key, sharedValue);
+    await this.persistSharedValue(key, sharedValue);
+    this.emit("write", agentId, key, value);
+    this.notifySubscribers(key, agentId, value);
+    return true;
+  }
+  /**
+   * Get a shared value
+   */
+  async get(agentId, key) {
+    const shared = this.sharedState.get(key);
+    if (!shared) {
+      const loaded = await this.loadSharedValue(key);
+      if (!loaded) return void 0;
+      this.sharedState.set(key, loaded);
+      return loaded.value;
+    }
+    shared.readers.add(agentId);
+    this.emit("read", agentId, key);
+    return shared.value;
+  }
+  /**
+   * Delete a shared value
+   */
+  async delete(agentId, key) {
+    if (this.config.enableLocking && this.isLocked(key) && !this.hasLock(key, agentId)) {
+      return false;
+    }
+    const existed = this.sharedState.delete(key);
+    if (existed) {
+      await this.store.delete(`shared:${key}`);
+      this.emit("delete", agentId, key);
+    }
+    return existed;
+  }
+  /**
+   * Set agent-specific state (not shared)
+   */
+  setAgentState(agentId, key, value) {
+    if (!this.agentStates.has(agentId)) {
+      this.agentStates.set(agentId, /* @__PURE__ */ new Map());
+    }
+    this.agentStates.get(agentId).set(key, value);
+  }
+  /**
+   * Get agent-specific state
+   */
+  getAgentState(agentId, key) {
+    return this.agentStates.get(agentId)?.get(key);
+  }
+  /**
+   * Get all agent state
+   */
+  getAllAgentState(agentId) {
+    return new Map(this.agentStates.get(agentId) ?? []);
+  }
+  /**
+   * Subscribe to changes on a key
+   */
+  subscribe(agentId, key) {
+    if (!this.subscriptions.has(key)) {
+      this.subscriptions.set(key, /* @__PURE__ */ new Set());
+    }
+    this.subscriptions.get(key).add(agentId);
+  }
+  /**
+   * Unsubscribe from changes
+   */
+  unsubscribe(agentId, key) {
+    this.subscriptions.get(key)?.delete(agentId);
+  }
+  /**
+   * Acquire a lock on a key
+   */
+  acquireLock(agentId, key) {
+    if (!this.config.enableLocking) return true;
+    const lock = this.lockManager.get(key);
+    if (lock && lock.expiresAt > Date.now() && lock.agentId !== agentId) {
+      return false;
+    }
+    this.lockManager.set(key, {
+      agentId,
+      expiresAt: Date.now() + this.config.lockTimeout
+    });
+    return true;
+  }
+  /**
+   * Release a lock
+   */
+  releaseLock(agentId, key) {
+    const lock = this.lockManager.get(key);
+    if (lock?.agentId === agentId) {
+      this.lockManager.delete(key);
+      return true;
+    }
+    return false;
+  }
+  /**
+   * Check if key is locked
+   */
+  isLocked(key) {
+    const lock = this.lockManager.get(key);
+    return lock !== void 0 && lock.expiresAt > Date.now();
+  }
+  /**
+   * Check if agent has lock
+   */
+  hasLock(key, agentId) {
+    const lock = this.lockManager.get(key);
+    return lock?.agentId === agentId && lock.expiresAt > Date.now();
+  }
+  /**
+   * Share memories from one agent to shared space
+   */
+  async shareMemories(agentId, entries) {
+    let added = 0;
+    let updated = 0;
+    let conflicts = 0;
+    for (const entry of entries) {
+      const key = `memory:${entry.id}`;
+      const existing = this.sharedState.get(key);
+      if (existing) {
+        if (existing.writtenBy !== agentId) {
+          if (this.config.conflictResolution === "last-write-wins") {
+            await this.set(agentId, key, entry);
+            updated++;
+          } else {
+            conflicts++;
+          }
+        } else {
+          await this.set(agentId, key, entry);
+          updated++;
+        }
+      } else {
+        await this.set(agentId, key, entry);
+        added++;
+      }
+    }
+    this.emit("sync", agentId, entries);
+    return {
+      added,
+      updated,
+      conflicts,
+      timestamp: Date.now()
+    };
+  }
+  /**
+   * Get shared memories
+   */
+  getSharedMemories(_agentId) {
+    const memories = [];
+    for (const [key, shared] of this.sharedState) {
+      if (key.startsWith("memory:")) {
+        const entry = shared.value;
+        memories.push(entry);
+      }
+    }
+    return memories;
+  }
+  /**
+   * Sync with store
+   */
+  async sync() {
+    for (const [key, value] of this.sharedState) {
+      await this.persistSharedValue(key, value);
+    }
+  }
+  /**
+   * Get all shared keys
+   */
+  getSharedKeys() {
+    return Array.from(this.sharedState.keys());
+  }
+  /**
+   * Get metadata for a shared value
+   */
+  getMetadata(key) {
+    const shared = this.sharedState.get(key);
+    if (!shared) return void 0;
+    return {
+      writtenBy: shared.writtenBy,
+      writtenAt: shared.writtenAt,
+      version: shared.version,
+      readers: shared.readers
+    };
+  }
+  /**
+   * Resolve conflict between values
+   */
+  resolveConflict(key, existing, incoming) {
+    switch (this.config.conflictResolution) {
+      case "last-write-wins":
+        return true;
+      case "first-write-wins":
+        return false;
+      case "merge":
+        if (typeof existing.value === "object" && typeof incoming.value === "object") {
+          this.sharedState.set(key, {
+            ...existing,
+            value: {
+              ...existing.value,
+              ...incoming.value
+            },
+            writtenBy: incoming.agentId,
+            writtenAt: Date.now(),
+            version: existing.version + 1
+          });
+          return true;
+        }
+        return true;
+      // Fall back to last-write-wins for non-objects
+      default:
+        return true;
+    }
+  }
+  /**
+   * Notify subscribers of changes
+   */
+  notifySubscribers(key, writerId, value) {
+    const subscribers = this.subscriptions.get(key);
+    if (!subscribers) return;
+    for (const agentId of subscribers) {
+      if (agentId !== writerId) {
+        this.emit("write", writerId, key, value);
+      }
+    }
+  }
+  /**
+   * Persist shared value to store
+   */
+  async persistSharedValue(key, value) {
+    await this.store.add({
+      id: `shared:${key}`,
+      content: JSON.stringify(value),
+      type: "context",
+      importance: 0.5,
+      metadata: {
+        source: "agent",
+        confidence: 1,
+        sharedKey: key,
+        writtenBy: value.writtenBy,
+        version: value.version
+      },
+      timestamp: value.writtenAt,
+      accessCount: 0,
+      createdAt: value.writtenAt,
+      updatedAt: value.writtenAt
+    });
+  }
+  /**
+   * Load shared value from store
+   */
+  async loadSharedValue(key) {
+    const entry = await this.store.get(`shared:${key}`);
+    if (!entry) return null;
+    try {
+      const data = JSON.parse(entry.content);
+      return {
+        ...data,
+        readers: new Set(data.readers ?? [])
+      };
+    } catch {
+      return null;
+    }
+  }
+  /**
+   * Get statistics
+   */
+  getStats() {
+    let totalSubscriptions = 0;
+    for (const subs of this.subscriptions.values()) {
+      totalSubscriptions += subs.size;
+    }
+    return {
+      sharedEntries: this.sharedState.size,
+      agentCount: this.agentStates.size,
+      activeLocks: Array.from(this.lockManager.values()).filter(
+        (l) => l.expiresAt > Date.now()
+      ).length,
+      totalSubscriptions
+    };
+  }
+};
+function createSharedMemory(store, config) {
+  return new SharedMemory(store, config);
+}
+
+// src/sharing/Namespaces.ts
+var import_eventemitter32 = require("eventemitter3");
+var NamespaceManager = class extends import_eventemitter32.EventEmitter {
+  store;
+  namespaces = /* @__PURE__ */ new Map();
+  defaultNamespace = "default";
+  constructor(store, _config) {
+    super();
+    this.store = store;
+    this.createNamespace("default", {
+      description: "Default namespace",
+      settings: { accessLevel: "public" }
+    });
+  }
+  /**
+   * Create a new namespace
+   */
+  createNamespace(name, options = {}) {
+    if (this.namespaces.has(name)) {
+      throw new Error(`Namespace "${name}" already exists`);
+    }
+    const metadata = {
+      name,
+      description: options.description,
+      owner: options.owner,
+      createdAt: Date.now(),
+      updatedAt: Date.now(),
+      entryCount: 0,
+      tags: options.tags,
+      settings: {
+        accessLevel: "private",
+        ...options.settings
+      }
+    };
+    this.namespaces.set(name, metadata);
+    this.emit("created", metadata);
+    return metadata;
+  }
+  /**
+   * Delete a namespace
+   */
+  async deleteNamespace(name, deleteEntries = false) {
+    if (name === "default") {
+      throw new Error("Cannot delete default namespace");
+    }
+    if (!this.namespaces.has(name)) {
+      return false;
+    }
+    if (deleteEntries) {
+      await this.store.clear({ namespace: name });
+    }
+    this.namespaces.delete(name);
+    this.emit("deleted", name);
+    return true;
+  }
+  /**
+   * Get namespace metadata
+   */
+  getNamespace(name) {
+    return this.namespaces.get(name);
+  }
+  /**
+   * List all namespaces
+   */
+  listNamespaces() {
+    return Array.from(this.namespaces.values());
+  }
+  /**
+   * Update namespace settings
+   */
+  updateNamespace(name, updates) {
+    const existing = this.namespaces.get(name);
+    if (!existing) return null;
+    const updated = {
+      ...existing,
+      ...updates,
+      settings: {
+        ...existing.settings,
+        ...updates.settings
+      },
+      updatedAt: Date.now()
+    };
+    this.namespaces.set(name, updated);
+    this.emit("updated", updated);
+    return updated;
+  }
+  /**
+   * Check if agent can access namespace
+   */
+  canAccess(name, agentId, action = "read") {
+    const namespace = this.namespaces.get(name);
+    if (!namespace) return false;
+    const { settings } = namespace;
+    if (settings.accessLevel === "public") {
+      return action === "read" || !settings.readOnly;
+    }
+    if (settings.accessLevel === "private") {
+      return namespace.owner === agentId;
+    }
+    if (settings.accessLevel === "restricted") {
+      const isAllowed = settings.allowedAgents?.includes(agentId) ?? false;
+      if (!isAllowed) {
+        this.emit("accessDenied", name, agentId, action);
+        return false;
+      }
+      return action === "read" || !settings.readOnly;
+    }
+    return false;
+  }
+  /**
+   * Add entry to namespace
+   */
+  async addEntry(namespace, entry, agentId) {
+    if (!this.canAccess(namespace, agentId, "write")) {
+      return null;
+    }
+    const ns = this.namespaces.get(namespace);
+    if (!ns) return null;
+    if (ns.settings.maxEntries && ns.entryCount >= ns.settings.maxEntries) {
+      return null;
+    }
+    const fullEntry = {
+      ...entry,
+      metadata: {
+        source: entry.metadata?.source ?? "explicit",
+        confidence: entry.metadata?.confidence ?? 1,
+        ...entry.metadata,
+        namespace
+      },
+      expiresAt: ns.settings.ttl ? Date.now() + ns.settings.ttl : entry.expiresAt
+    };
+    await this.store.add(fullEntry);
+    ns.entryCount++;
+    ns.updatedAt = Date.now();
+    this.emit("entryAdded", namespace, fullEntry);
+    return fullEntry.id;
+  }
+  /**
+   * Query entries in namespace
+   */
+  async queryEntries(namespace, agentId, options) {
+    if (!this.canAccess(namespace, agentId, "read")) {
+      return [];
+    }
+    const { entries } = await this.store.query({
+      namespace,
+      query: options?.query,
+      limit: options?.limit,
+      types: options?.types
+    });
+    return entries;
+  }
+  /**
+   * Delete entry from namespace
+   */
+  async deleteEntry(namespace, entryId, agentId) {
+    if (!this.canAccess(namespace, agentId, "write")) {
+      return false;
+    }
+    const result = await this.store.delete(entryId);
+    if (result) {
+      const ns = this.namespaces.get(namespace);
+      if (ns) {
+        ns.entryCount = Math.max(0, ns.entryCount - 1);
+        ns.updatedAt = Date.now();
+      }
+    }
+    return result;
+  }
+  /**
+   * Move entries between namespaces
+   */
+  async moveEntries(fromNamespace, toNamespace, entryIds, agentId) {
+    if (!this.canAccess(fromNamespace, agentId, "write")) return 0;
+    if (!this.canAccess(toNamespace, agentId, "write")) return 0;
+    let moved = 0;
+    for (const id of entryIds) {
+      const entry = await this.store.get(id);
+      if (entry && entry.metadata.namespace === fromNamespace) {
+        await this.store.update(id, {
+          metadata: { ...entry.metadata, namespace: toNamespace }
+        });
+        moved++;
+      }
+    }
+    const fromNs = this.namespaces.get(fromNamespace);
+    const toNs = this.namespaces.get(toNamespace);
+    if (fromNs) fromNs.entryCount -= moved;
+    if (toNs) toNs.entryCount += moved;
+    return moved;
+  }
+  /**
+   * Copy entries between namespaces
+   */
+  async copyEntries(fromNamespace, toNamespace, entryIds, agentId) {
+    if (!this.canAccess(fromNamespace, agentId, "read")) return 0;
+    if (!this.canAccess(toNamespace, agentId, "write")) return 0;
+    let copied = 0;
+    for (const id of entryIds) {
+      const entry = await this.store.get(id);
+      if (entry && entry.metadata.namespace === fromNamespace) {
+        const newEntry = {
+          ...entry,
+          id: `${entry.id}-copy-${Date.now()}`,
+          metadata: { ...entry.metadata, namespace: toNamespace },
+          createdAt: Date.now(),
+          updatedAt: Date.now()
+        };
+        await this.store.add(newEntry);
+        copied++;
+      }
+    }
+    const toNs = this.namespaces.get(toNamespace);
+    if (toNs) toNs.entryCount += copied;
+    return copied;
+  }
+  /**
+   * Grant access to namespace
+   */
+  grantAccess(namespace, agentId) {
+    const ns = this.namespaces.get(namespace);
+    if (!ns) return false;
+    if (!ns.settings.allowedAgents) {
+      ns.settings.allowedAgents = [];
+    }
+    if (!ns.settings.allowedAgents.includes(agentId)) {
+      ns.settings.allowedAgents.push(agentId);
+    }
+    return true;
+  }
+  /**
+   * Revoke access from namespace
+   */
+  revokeAccess(namespace, agentId) {
+    const ns = this.namespaces.get(namespace);
+    if (!ns || !ns.settings.allowedAgents) return false;
+    const index = ns.settings.allowedAgents.indexOf(agentId);
+    if (index !== -1) {
+      ns.settings.allowedAgents.splice(index, 1);
+      return true;
+    }
+    return false;
+  }
+  /**
+   * Set default namespace
+   */
+  setDefaultNamespace(name) {
+    if (!this.namespaces.has(name)) return false;
+    this.defaultNamespace = name;
+    return true;
+  }
+  /**
+   * Get default namespace
+   */
+  getDefaultNamespace() {
+    return this.defaultNamespace;
+  }
+  /**
+   * Get namespace statistics
+   */
+  async getNamespaceStats(name) {
+    if (!this.namespaces.has(name)) return null;
+    const { entries, total } = await this.store.query({
+      namespace: name,
+      limit: 1e4
+    });
+    const typeDistribution = {};
+    let oldestEntry = null;
+    let newestEntry = null;
+    let totalSize = 0;
+    for (const entry of entries) {
+      typeDistribution[entry.type] = (typeDistribution[entry.type] ?? 0) + 1;
+      totalSize += entry.content.length;
+      if (oldestEntry === null || entry.timestamp < oldestEntry) {
+        oldestEntry = entry.timestamp;
+      }
+      if (newestEntry === null || entry.timestamp > newestEntry) {
+        newestEntry = entry.timestamp;
+      }
+    }
+    return {
+      entryCount: total,
+      totalSize,
+      oldestEntry,
+      newestEntry,
+      typeDistribution
+    };
+  }
+};
+function createNamespaceManager(store, config) {
+  return new NamespaceManager(store, config);
+}
+
+// src/sharing/AccessControl.ts
+var import_eventemitter33 = require("eventemitter3");
+var AccessControl = class extends import_eventemitter33.EventEmitter {
+  config;
+  rules = /* @__PURE__ */ new Map();
+  accessLog = [];
+  maxLogSize = 1e3;
+  constructor(config = {}) {
+    super();
+    this.config = {
+      roles: config.roles ?? {},
+      defaultRole: config.defaultRole ?? "user",
+      adminUsers: config.adminUsers ?? [],
+      defaultPermission: config.defaultPermission ?? "read",
+      enableAuditLog: config.enableAuditLog ?? true,
+      strictMode: config.strictMode ?? false,
+      maxRulesPerAgent: config.maxRulesPerAgent ?? 100
+    };
+    if (!this.config.strictMode) {
+      this.addRule({
+        id: "default-read",
+        agentId: "*",
+        resource: "*",
+        permission: this.config.defaultPermission,
+        createdBy: "system",
+        createdAt: Date.now()
+      });
+    }
+  }
+  /**
+   * Add a permission rule
+   */
+  addRule(rule) {
+    if (rule.agentId !== "*") {
+      const agentRules = Array.from(this.rules.values()).filter(
+        (r) => r.agentId === rule.agentId
+      );
+      if (agentRules.length >= this.config.maxRulesPerAgent) {
+        return false;
+      }
+    }
+    this.rules.set(rule.id, rule);
+    this.emit("ruleAdded", rule);
+    return true;
+  }
+  /**
+   * Remove a permission rule
+   */
+  removeRule(ruleId) {
+    const existed = this.rules.delete(ruleId);
+    if (existed) {
+      this.emit("ruleRemoved", ruleId);
+    }
+    return existed;
+  }
+  /**
+   * Get rule by ID
+   */
+  getRule(ruleId) {
+    return this.rules.get(ruleId);
+  }
+  /**
+   * Get all rules for an agent
+   */
+  getAgentRules(agentId) {
+    return Array.from(this.rules.values()).filter(
+      (r) => r.agentId === agentId || r.agentId === "*"
+    );
+  }
+  /**
+   * Check if access is allowed
+   */
+  checkAccess(request) {
+    const applicableRules = this.findApplicableRules(request);
+    if (applicableRules.length === 0) {
+      const result2 = {
+        allowed: !this.config.strictMode,
+        reason: this.config.strictMode ? "No applicable rules found" : "Default permission applied"
+      };
+      this.logAccess(request, result2);
+      return result2;
+    }
+    const sortedRules = this.sortRulesBySpecificity(applicableRules);
+    const bestRule = sortedRules[0];
+    if (bestRule.conditions && !this.checkConditions(request, bestRule.conditions)) {
+      const result2 = {
+        allowed: false,
+        reason: "Conditions not met",
+        matchedRule: bestRule
+      };
+      this.logAccess(request, result2);
+      return result2;
+    }
+    const requiredLevel = this.actionToPermissionLevel(request.action);
+    const hasPermission = this.hasPermissionLevel(
+      bestRule.permission,
+      requiredLevel
+    );
+    const result = {
+      allowed: hasPermission,
+      reason: hasPermission ? "Permission granted" : "Insufficient permission level",
+      matchedRule: bestRule
+    };
+    this.logAccess(request, result);
+    if (hasPermission) {
+      this.emit("accessGranted", request);
+    } else {
+      this.emit("accessDenied", request, result.reason);
+    }
+    return result;
+  }
+  /**
+   * Grant permission to agent
+   */
+  grantPermission(granterId, agentId, resource, permission, options) {
+    const rule = {
+      id: `rule-${Date.now()}-${Math.random().toString(36).slice(2, 9)}`,
+      agentId,
+      resource,
+      permission,
+      conditions: options?.conditions,
+      expiresAt: options?.expiresAt,
+      createdBy: granterId,
+      createdAt: Date.now()
+    };
+    this.addRule(rule);
+    return rule;
+  }
+  /**
+   * Revoke all permissions for agent on resource
+   */
+  revokePermission(agentId, resource) {
+    const toRemove = [];
+    for (const [id, rule] of this.rules) {
+      if (rule.agentId === agentId && rule.resource === resource) {
+        toRemove.push(id);
+      }
+    }
+    for (const id of toRemove) {
+      this.removeRule(id);
+    }
+    return toRemove.length;
+  }
+  /**
+   * Check if agent has specific permission
+   */
+  hasPermission(agentId, resource, action) {
+    return this.checkAccess({ agentId, resource, action }).allowed;
+  }
+  /**
+   * Get access log
+   */
+  getAccessLog(options) {
+    let log = [...this.accessLog];
+    if (options?.agentId) {
+      log = log.filter((e) => e.agentId === options.agentId);
+    }
+    if (options?.resource) {
+      log = log.filter((e) => e.resource === options.resource);
+    }
+    if (options?.startTime) {
+      log = log.filter((e) => e.timestamp >= options.startTime);
+    }
+    if (options?.endTime) {
+      log = log.filter((e) => e.timestamp <= options.endTime);
+    }
+    log.sort((a, b) => b.timestamp - a.timestamp);
+    return options?.limit ? log.slice(0, options.limit) : log;
+  }
+  /**
+   * Clear access log
+   */
+  clearAccessLog() {
+    this.accessLog = [];
+  }
+  /**
+   * Find applicable rules for request
+   */
+  findApplicableRules(request) {
+    const now = Date.now();
+    return Array.from(this.rules.values()).filter((rule) => {
+      if (rule.expiresAt && rule.expiresAt < now) {
+        return false;
+      }
+      if (rule.agentId !== "*" && rule.agentId !== request.agentId) {
+        return false;
+      }
+      if (rule.resource !== "*" && rule.resource !== request.resource) {
+        if (!request.resource.startsWith(rule.resource + ":")) {
+          return false;
+        }
+      }
+      return true;
+    });
+  }
+  /**
+   * Sort rules by specificity (most specific first)
+   */
+  sortRulesBySpecificity(rules) {
+    return rules.sort((a, b) => {
+      const agentSpecA = a.agentId !== "*" ? 1 : 0;
+      const agentSpecB = b.agentId !== "*" ? 1 : 0;
+      if (agentSpecA !== agentSpecB) return agentSpecB - agentSpecA;
+      const resourceSpecA = a.resource !== "*" ? 1 : 0;
+      const resourceSpecB = b.resource !== "*" ? 1 : 0;
+      if (resourceSpecA !== resourceSpecB) return resourceSpecB - resourceSpecA;
+      const levelA = this.permissionToLevel(a.permission);
+      const levelB = this.permissionToLevel(b.permission);
+      return levelB - levelA;
+    });
+  }
+  /**
+   * Check conditions
+   */
+  checkConditions(request, conditions) {
+    const now = Date.now();
+    for (const condition of conditions) {
+      switch (condition.type) {
+        case "time-range": {
+          const { start, end } = condition.value;
+          if (now < start || now > end) return false;
+          break;
+        }
+        case "entry-type": {
+          if (!request.entry) break;
+          const allowedTypes = condition.value;
+          if (!allowedTypes.includes(request.entry.type)) return false;
+          break;
+        }
+        case "importance": {
+          if (!request.entry) break;
+          const { min, max } = condition.value;
+          if (min !== void 0 && request.entry.importance < min) return false;
+          if (max !== void 0 && request.entry.importance > max) return false;
+          break;
+        }
+        case "custom": {
+          const fn = condition.value;
+          if (!fn(request)) return false;
+          break;
+        }
+      }
+    }
+    return true;
+  }
+  /**
+   * Convert action to required permission level
+   */
+  actionToPermissionLevel(action) {
+    switch (action) {
+      case "read":
+        return 1;
+      case "write":
+        return 2;
+      case "delete":
+        return 2;
+      case "admin":
+        return 3;
+      default:
+        return 1;
+    }
+  }
+  /**
+   * Convert permission to level number
+   */
+  permissionToLevel(permission) {
+    switch (permission) {
+      case "none":
+        return 0;
+      case "read":
+        return 1;
+      case "write":
+        return 2;
+      case "admin":
+        return 3;
+      default:
+        return 0;
+    }
+  }
+  /**
+   * Check if permission level is sufficient
+   */
+  hasPermissionLevel(permission, required) {
+    return this.permissionToLevel(permission) >= required;
+  }
+  /**
+   * Log access attempt
+   */
+  logAccess(request, result) {
+    if (!this.config.enableAuditLog) return;
+    this.accessLog.push({
+      timestamp: Date.now(),
+      agentId: request.agentId,
+      resource: request.resource,
+      action: request.action,
+      allowed: result.allowed,
+      reason: result.reason
+    });
+    if (this.accessLog.length > this.maxLogSize) {
+      this.accessLog = this.accessLog.slice(-this.maxLogSize);
+    }
+  }
+  /**
+   * Get statistics
+   */
+  getStats() {
+    const agents = new Set(
+      Array.from(this.rules.values()).filter((r) => r.agentId !== "*").map((r) => r.agentId)
+    );
+    const granted = this.accessLog.filter((e) => e.allowed).length;
+    const denied = this.accessLog.filter((e) => !e.allowed).length;
+    return {
+      totalRules: this.rules.size,
+      agentCount: agents.size,
+      accessGranted: granted,
+      accessDenied: denied
+    };
+  }
+  /**
+   * Export rules
+   */
+  exportRules() {
+    return Array.from(this.rules.values());
+  }
+  /**
+   * Import rules
+   */
+  importRules(rules) {
+    let imported = 0;
+    for (const rule of rules) {
+      if (this.addRule(rule)) {
+        imported++;
+      }
+    }
+    return imported;
+  }
+};
+function createAccessControl(config) {
+  return new AccessControl(config);
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  AccessControl,
+  NamespaceManager,
+  SharedMemory,
+  createAccessControl,
+  createNamespaceManager,
+  createSharedMemory
+});