@mandatez/sdk 0.1.1 → 0.1.8

package/dist/exporters/splunk.d.ts

@@ -0,0 +1,33 @@
+import type { AgentEvent } from '../events/schema.js';
+import type { EventExporter } from './index.js';
+export interface SplunkExporterConfig {
+    /**
+     * Base URL of your Splunk HTTP Event Collector, without the
+     * /services/collector path. Example: https://splunk.acme.com:8088
+     */
+    hecUrl: string;
+    /** HEC token, sent as `Authorization: Splunk <token>`. */
+    token: string;
+    /** Splunk source field — defaults to 'mandatez'. */
+    source?: string;
+    /** Splunk sourcetype — defaults to 'mandatez:event'. */
+    sourcetype?: string;
+    /** Splunk index — defaults to 'main'. */
+    index?: string;
+}
+/**
+ * Ships MandateZ AgentEvents to Splunk via HTTP Event Collector.
+ *
+ * @see https://docs.splunk.com/Documentation/Splunk/latest/Data/UsetheHTTPEventCollector
+ */
+export declare class SplunkExporter implements EventExporter {
+    readonly name = "splunk";
+    private readonly endpoint;
+    private readonly token;
+    private readonly source;
+    private readonly sourcetype;
+    private readonly index;
+    constructor(config: SplunkExporterConfig);
+    export(event: AgentEvent): Promise<void>;
+}
+//# sourceMappingURL=splunk.d.ts.map

package/dist/exporters/splunk.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"splunk.d.ts","sourceRoot":"","sources":["../../src/exporters/splunk.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AACtD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAEhD,MAAM,WAAW,oBAAoB;IACnC;;;OAGG;IACH,MAAM,EAAE,MAAM,CAAC;IACf,0DAA0D;IAC1D,KAAK,EAAE,MAAM,CAAC;IACd,oDAAoD;IACpD,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,wDAAwD;IACxD,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,yCAAyC;IACzC,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;;GAIG;AACH,qBAAa,cAAe,YAAW,aAAa;IAClD,QAAQ,CAAC,IAAI,YAAY;IACzB,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAS;IAC/B,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IACpC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAS;gBAEnB,MAAM,EAAE,oBAAoB;IAelC,MAAM,CAAC,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;CAoC/C"}

package/dist/exporters/splunk.js

@@ -0,0 +1,62 @@
+/**
+ * Ships MandateZ AgentEvents to Splunk via HTTP Event Collector.
+ *
+ * @see https://docs.splunk.com/Documentation/Splunk/latest/Data/UsetheHTTPEventCollector
+ */
+export class SplunkExporter {
+    name = 'splunk';
+    endpoint;
+    token;
+    source;
+    sourcetype;
+    index;
+    constructor(config) {
+        if (!config.hecUrl) {
+            throw new Error('SplunkExporter: hecUrl is required');
+        }
+        if (!config.token) {
+            throw new Error('SplunkExporter: token is required');
+        }
+        const base = config.hecUrl.replace(/\/+$/, '');
+        this.endpoint = `${base}/services/collector/event`;
+        this.token = config.token;
+        this.source = config.source ?? 'mandatez';
+        this.sourcetype = config.sourcetype ?? 'mandatez:event';
+        this.index = config.index ?? 'main';
+    }
+    async export(event) {
+        const payload = {
+            time: Math.floor(new Date(event.timestamp).getTime() / 1000),
+            host: 'mandatez-sdk',
+            source: this.source,
+            sourcetype: this.sourcetype,
+            index: this.index,
+            event: {
+                event_id: event.event_id,
+                agent_id: event.agent_id,
+                owner_id: event.owner_id,
+                timestamp: event.timestamp,
+                action_type: event.action_type,
+                resource: event.resource,
+                outcome: event.outcome,
+                policy_id: event.policy_id,
+                signature: event.signature,
+                public_key: event.public_key,
+                metadata: event.metadata,
+            },
+        };
+        const res = await fetch(this.endpoint, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                Authorization: `Splunk ${this.token}`,
+            },
+            body: JSON.stringify(payload),
+        });
+        if (!res.ok) {
+            const body = await res.text().catch(() => '');
+            throw new Error(`SplunkExporter: HTTP ${res.status} ${body.slice(0, 200)}`);
+        }
+    }
+}
+//# sourceMappingURL=splunk.js.map

package/dist/exporters/splunk.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"splunk.js","sourceRoot":"","sources":["../../src/exporters/splunk.ts"],"names":[],"mappings":"AAmBA;;;;GAIG;AACH,MAAM,OAAO,cAAc;IAChB,IAAI,GAAG,QAAQ,CAAC;IACR,QAAQ,CAAS;IACjB,KAAK,CAAS;IACd,MAAM,CAAS;IACf,UAAU,CAAS;IACnB,KAAK,CAAS;IAE/B,YAAY,MAA4B;QACtC,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;YACnB,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACxD,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;QACvD,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAC/C,IAAI,CAAC,QAAQ,GAAG,GAAG,IAAI,2BAA2B,CAAC;QACnD,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;QAC1B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,UAAU,CAAC;QAC1C,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,IAAI,gBAAgB,CAAC;QACxD,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC;IACtC,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,KAAiB;QAC5B,MAAM,OAAO,GAAG;YACd,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC;YAC5D,IAAI,EAAE,cAAc;YACpB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,KAAK,EAAE;gBACL,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,SAAS,EAAE,KAAK,CAAC,SAAS;gBAC1B,WAAW,EAAE,KAAK,CAAC,WAAW;gBAC9B,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,OAAO,EAAE,KAAK,CAAC,OAAO;gBACtB,SAAS,EAAE,KAAK,CAAC,SAAS;gBAC1B,SAAS,EAAE,KAAK,CAAC,SAAS;gBAC1B,UAAU,EAAE,KAAK,CAAC,UAAU;gBAC5B,QAAQ,EAAE,KAAK,CAAC,QAAQ;aACzB;SACF,CAAC;QAEF,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE;YACrC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,aAAa,EAAE,UAAU,IAAI,CAAC,KAAK,EAAE;aACtC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;SAC9B,CAAC,CAAC;QAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;YAC9C,MAAM,IAAI,KAAK,CAAC,wBAAwB,GAAG,CAAC,MAAM,IAAI,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;QAC9E,CAAC;IACH,CAAC;CACF"}

package/dist/exporters/webhook.d.ts

@@ -0,0 +1,33 @@
+import type { AgentEvent } from '../events/schema.js';
+import type { EventExporter } from './index.js';
+export interface WebhookExporterConfig {
+    /** Destination URL. Must be HTTPS in production. */
+    url: string;
+    /**
+     * Optional shared-secret header. Sent as `Authorization: Bearer <secret>`.
+     * Use this to authenticate the webhook on the receiver side.
+     */
+    secret?: string;
+    /** Extra headers merged into every request. */
+    headers?: Record<string, string>;
+    /** Request timeout in milliseconds. Defaults to 5000. */
+    timeoutMs?: number;
+}
+/**
+ * Generic POST-an-AgentEvent-to-a-URL exporter. Handy for wiring
+ * MandateZ into any SIEM, log pipeline, or internal webhook queue
+ * that can accept JSON over HTTPS.
+ *
+ * Payload shape is the full AgentEvent — never modify or rename
+ * fields, this is the canonical cross-vendor envelope.
+ */
+export declare class WebhookExporter implements EventExporter {
+    readonly name = "webhook";
+    private readonly url;
+    private readonly secret?;
+    private readonly headers;
+    private readonly timeoutMs;
+    constructor(config: WebhookExporterConfig);
+    export(event: AgentEvent): Promise<void>;
+}
+//# sourceMappingURL=webhook.d.ts.map

package/dist/exporters/webhook.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"webhook.d.ts","sourceRoot":"","sources":["../../src/exporters/webhook.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AACtD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAEhD,MAAM,WAAW,qBAAqB;IACpC,oDAAoD;IACpD,GAAG,EAAE,MAAM,CAAC;IACZ;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,+CAA+C;IAC/C,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,yDAAyD;IACzD,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;;;;;;GAOG;AACH,qBAAa,eAAgB,YAAW,aAAa;IACnD,QAAQ,CAAC,IAAI,aAAa;IAC1B,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAS;IAC7B,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAyB;IACjD,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;gBAEvB,MAAM,EAAE,qBAAqB;IAUnC,MAAM,CAAC,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;CA6B/C"}

package/dist/exporters/webhook.js

@@ -0,0 +1,52 @@
+/**
+ * Generic POST-an-AgentEvent-to-a-URL exporter. Handy for wiring
+ * MandateZ into any SIEM, log pipeline, or internal webhook queue
+ * that can accept JSON over HTTPS.
+ *
+ * Payload shape is the full AgentEvent — never modify or rename
+ * fields, this is the canonical cross-vendor envelope.
+ */
+export class WebhookExporter {
+    name = 'webhook';
+    url;
+    secret;
+    headers;
+    timeoutMs;
+    constructor(config) {
+        if (!config.url) {
+            throw new Error('WebhookExporter: url is required');
+        }
+        this.url = config.url;
+        this.secret = config.secret;
+        this.headers = config.headers ?? {};
+        this.timeoutMs = config.timeoutMs ?? 5000;
+    }
+    async export(event) {
+        const controller = new AbortController();
+        const timer = setTimeout(() => controller.abort(), this.timeoutMs);
+        const headers = {
+            'Content-Type': 'application/json',
+            'User-Agent': 'mandatez-sdk/webhook-exporter',
+            ...this.headers,
+        };
+        if (this.secret) {
+            headers.Authorization = `Bearer ${this.secret}`;
+        }
+        try {
+            const res = await fetch(this.url, {
+                method: 'POST',
+                headers,
+                body: JSON.stringify(event),
+                signal: controller.signal,
+            });
+            if (!res.ok) {
+                const body = await res.text().catch(() => '');
+                throw new Error(`WebhookExporter: HTTP ${res.status} ${body.slice(0, 200)}`);
+            }
+        }
+        finally {
+            clearTimeout(timer);
+        }
+    }
+}
+//# sourceMappingURL=webhook.js.map

package/dist/exporters/webhook.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"webhook.js","sourceRoot":"","sources":["../../src/exporters/webhook.ts"],"names":[],"mappings":"AAiBA;;;;;;;GAOG;AACH,MAAM,OAAO,eAAe;IACjB,IAAI,GAAG,SAAS,CAAC;IACT,GAAG,CAAS;IACZ,MAAM,CAAU;IAChB,OAAO,CAAyB;IAChC,SAAS,CAAS;IAEnC,YAAY,MAA6B;QACvC,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;QACtD,CAAC;QACD,IAAI,CAAC,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC;QACtB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;QAC5B,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC;QACpC,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,SAAS,IAAI,IAAI,CAAC;IAC5C,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,KAAiB;QAC5B,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;QAEnE,MAAM,OAAO,GAA2B;YACtC,cAAc,EAAE,kBAAkB;YAClC,YAAY,EAAE,+BAA+B;YAC7C,GAAG,IAAI,CAAC,OAAO;SAChB,CAAC;QACF,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,OAAO,CAAC,aAAa,GAAG,UAAU,IAAI,CAAC,MAAM,EAAE,CAAC;QAClD,CAAC;QAED,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE;gBAChC,MAAM,EAAE,MAAM;gBACd,OAAO;gBACP,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC;gBAC3B,MAAM,EAAE,UAAU,CAAC,MAAM;aAC1B,CAAC,CAAC;YAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;gBACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;gBAC9C,MAAM,IAAI,KAAK,CAAC,yBAAyB,GAAG,CAAC,MAAM,IAAI,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;YAC/E,CAAC;QACH,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,KAAK,CAAC,CAAC;QACtB,CAAC;IACH,CAAC;CACF"}

package/dist/identity/hibp.d.ts

@@ -0,0 +1,39 @@
+/**
+ * HaveIBeenPwned v3 API wrapper for Identity Intelligence.
+ *
+ * Checks whether an email has appeared in known data breaches,
+ * then converts the breach list into a numeric risk score + status.
+ *
+ * API docs: https://haveibeenpwned.com/API/v3
+ */
+export type IdentityStatus = 'clean' | 'flagged' | 'blocked';
+export interface HibpBreach {
+    name: string;
+    /** ISO date string (YYYY-MM-DD) when the breach occurred */
+    date: string;
+    /** HIBP marks some breaches as "sensitive" — e.g. leaked dating sites */
+    sensitive: boolean;
+}
+export interface IdentityCheckResult {
+    status: IdentityStatus;
+    risk_score: 0 | 1 | 2 | 3;
+    breach_count: number;
+    breaches: HibpBreach[];
+}
+/**
+ * Calls HIBP and returns a normalized risk result.
+ *
+ * Risk scoring:
+ * - 0 breaches               → score 0, status 'clean'
+ * - 1 breach, all >1yr old   → score 1, status 'clean'
+ * - 1-2 recent breaches      → score 2, status 'flagged'
+ * - 3+ breaches OR any       → score 3, status 'blocked'
+ *   sensitive breach
+ */
+export declare function checkIdentity(email: string, apiKey: string): Promise<IdentityCheckResult>;
+/**
+ * Pure function — given a list of breaches, compute risk_score + status.
+ * Exported so callers can re-score cached breach lists without re-hitting HIBP.
+ */
+export declare function scoreBreaches(breaches: HibpBreach[]): IdentityCheckResult;
+//# sourceMappingURL=hibp.d.ts.map

package/dist/identity/hibp.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hibp.d.ts","sourceRoot":"","sources":["../../src/identity/hibp.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAKH,MAAM,MAAM,cAAc,GAAG,OAAO,GAAG,SAAS,GAAG,SAAS,CAAC;AAE7D,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,4DAA4D;IAC5D,IAAI,EAAE,MAAM,CAAC;IACb,yEAAyE;IACzE,SAAS,EAAE,OAAO,CAAC;CACpB;AAED,MAAM,WAAW,mBAAmB;IAClC,MAAM,EAAE,cAAc,CAAC;IACvB,UAAU,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,UAAU,EAAE,CAAC;CACxB;AAYD;;;;;;;;;GASG;AACH,wBAAsB,aAAa,CACjC,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,mBAAmB,CAAC,CA8C9B;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAAC,QAAQ,EAAE,UAAU,EAAE,GAAG,mBAAmB,CAyBzE"}

package/dist/identity/hibp.js

@@ -0,0 +1,85 @@
+/**
+ * HaveIBeenPwned v3 API wrapper for Identity Intelligence.
+ *
+ * Checks whether an email has appeared in known data breaches,
+ * then converts the breach list into a numeric risk score + status.
+ *
+ * API docs: https://haveibeenpwned.com/API/v3
+ */
+const HIBP_API_BASE = 'https://haveibeenpwned.com/api/v3';
+const ONE_YEAR_MS = 365 * 24 * 60 * 60 * 1000;
+/**
+ * Calls HIBP and returns a normalized risk result.
+ *
+ * Risk scoring:
+ * - 0 breaches               → score 0, status 'clean'
+ * - 1 breach, all >1yr old   → score 1, status 'clean'
+ * - 1-2 recent breaches      → score 2, status 'flagged'
+ * - 3+ breaches OR any       → score 3, status 'blocked'
+ *   sensitive breach
+ */
+export async function checkIdentity(email, apiKey) {
+    if (!email || !email.includes('@')) {
+        throw new Error('checkIdentity: invalid email');
+    }
+    if (!apiKey) {
+        throw new Error('checkIdentity: HIBP API key is required');
+    }
+    const url = `${HIBP_API_BASE}/breachedaccount/${encodeURIComponent(email)}?truncateResponse=false`;
+    const response = await fetch(url, {
+        headers: {
+            'hibp-api-key': apiKey,
+            'user-agent': 'MandateZ-IdentityIntelligence',
+            accept: 'application/json',
+        },
+    });
+    // 404 = clean (HIBP returns 404 when the account is not in any breach)
+    if (response.status === 404) {
+        return { status: 'clean', risk_score: 0, breach_count: 0, breaches: [] };
+    }
+    if (response.status === 401 || response.status === 403) {
+        throw new Error('HIBP API key is invalid or missing required entitlements');
+    }
+    if (response.status === 429) {
+        throw new Error('HIBP rate limit exceeded — back off and retry');
+    }
+    if (!response.ok) {
+        throw new Error(`HIBP API error: ${response.status} ${response.statusText}`);
+    }
+    const raw = (await response.json());
+    const breaches = raw
+        .filter((b) => !b.IsFabricated && !b.IsRetired)
+        .map((b) => ({
+        name: b.Title ?? b.Name,
+        date: b.BreachDate,
+        sensitive: Boolean(b.IsSensitive),
+    }));
+    return scoreBreaches(breaches);
+}
+/**
+ * Pure function — given a list of breaches, compute risk_score + status.
+ * Exported so callers can re-score cached breach lists without re-hitting HIBP.
+ */
+export function scoreBreaches(breaches) {
+    const count = breaches.length;
+    if (count === 0) {
+        return { status: 'clean', risk_score: 0, breach_count: 0, breaches: [] };
+    }
+    const hasSensitive = breaches.some((b) => b.sensitive);
+    if (hasSensitive || count >= 3) {
+        return { status: 'blocked', risk_score: 3, breach_count: count, breaches };
+    }
+    const now = Date.now();
+    const recentBreaches = breaches.filter((b) => {
+        const breachTime = new Date(b.date).getTime();
+        if (Number.isNaN(breachTime))
+            return true; // unknown date → treat as recent
+        return now - breachTime < ONE_YEAR_MS;
+    });
+    if (count === 1 && recentBreaches.length === 0) {
+        return { status: 'clean', risk_score: 1, breach_count: 1, breaches };
+    }
+    // 1-2 recent breaches
+    return { status: 'flagged', risk_score: 2, breach_count: count, breaches };
+}
+//# sourceMappingURL=hibp.js.map

package/dist/identity/hibp.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hibp.js","sourceRoot":"","sources":["../../src/identity/hibp.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,MAAM,aAAa,GAAG,mCAAmC,CAAC;AAC1D,MAAM,WAAW,GAAG,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AA6B9C;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,KAAa,EACb,MAAc;IAEd,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;IAClD,CAAC;IACD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;IAC7D,CAAC;IAED,MAAM,GAAG,GAAG,GAAG,aAAa,oBAAoB,kBAAkB,CAAC,KAAK,CAAC,yBAAyB,CAAC;IAEnG,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAChC,OAAO,EAAE;YACP,cAAc,EAAE,MAAM;YACtB,YAAY,EAAE,+BAA+B;YAC7C,MAAM,EAAE,kBAAkB;SAC3B;KACF,CAAC,CAAC;IAEH,uEAAuE;IACvE,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QAC5B,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,CAAC,EAAE,YAAY,EAAE,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;IAC3E,CAAC;IAED,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QACvD,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;IAC9E,CAAC;IAED,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;IACnE,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,mBAAmB,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;IAC/E,CAAC;IAED,MAAM,GAAG,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAoB,CAAC;IAEvD,MAAM,QAAQ,GAAiB,GAAG;SAC/B,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,YAAY,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;SAC9C,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACX,IAAI,EAAE,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,IAAI;QACvB,IAAI,EAAE,CAAC,CAAC,UAAU;QAClB,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC,WAAW,CAAC;KAClC,CAAC,CAAC,CAAC;IAEN,OAAO,aAAa,CAAC,QAAQ,CAAC,CAAC;AACjC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,aAAa,CAAC,QAAsB;IAClD,MAAM,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC;IAE9B,IAAI,KAAK,KAAK,CAAC,EAAE,CAAC;QAChB,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,CAAC,EAAE,YAAY,EAAE,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;IAC3E,CAAC;IAED,MAAM,YAAY,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IACvD,IAAI,YAAY,IAAI,KAAK,IAAI,CAAC,EAAE,CAAC;QAC/B,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC,EAAE,YAAY,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;IAC7E,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,cAAc,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;QAC3C,MAAM,UAAU,GAAG,IAAI,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC;QAC9C,IAAI,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC;YAAE,OAAO,IAAI,CAAC,CAAC,iCAAiC;QAC5E,OAAO,GAAG,GAAG,UAAU,GAAG,WAAW,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,IAAI,KAAK,KAAK,CAAC,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/C,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,CAAC,EAAE,YAAY,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC;IACvE,CAAC;IAED,sBAAsB;IACtB,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC,EAAE,YAAY,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;AAC7E,CAAC"}

package/dist/index.d.ts

@@ -8,10 +8,25 @@ export type { SupabaseTransportConfig } from './transport/index.js';
 export { PolicyEngine } from './policy/index.js';
 export { PolicyRuleSchema, PolicySchema } from './policy/index.js';
 export type { PolicyRule, Policy, PolicyOutcome, PolicyEvaluation } from './policy/index.js';
+export { POLICY_TEMPLATES, POLICY_TEMPLATE_LIST, findTemplate } from './policies/templates.js';
+export type { PolicyTemplate, PolicyTemplateKey } from './policies/templates.js';
 export { OversightGate, SlackAlertChannel, WebhookAlertChannel } from './oversight/index.js';
 export type { OversightConfig, OversightResult, AlertChannel, OversightAlert, TimeoutAction, ApprovalDecision } from './oversight/index.js';
 export { MandateZClient } from './client.js';
-export type { MandateZClientConfig, TrackInput } from './client.js';
+export type { MandateZClientConfig, TrackInput, TrackBatchInput, TrackBatchResult, BatchConfig, CheckIdentityInput, CheckIdentityOutput, VerifyAgentInput, VerifyAgentOutput, VerifyAgentRawResponse, AgentTrustGrade, } from './client.js';
+export { checkIdentity, scoreBreaches } from './identity/hibp.js';
+export type { IdentityCheckResult, IdentityStatus, HibpBreach } from './identity/hibp.js';
+export { computeTrustScore } from './trust/posture.js';
+export type { AgentTrustProfile } from './trust/posture.js';
+export { getRiskScore, computeRiskScore } from './risk/index.js';
+export type { RiskScoreRecord, RiskGrade, RiskDomain, RiskActionType, RiskSeverityBucket, RiskIncidentPatterns, RiskClientConfig, } from './risk/index.js';
 export { MandateZN8nHook } from './integrations/n8n/index.js';
 export { MandateZLangChainCallback } from './integrations/langchain/index.js';
+export { MandateZAgent } from './wrapper/index.js';
+export type { MandateZAgentConfig } from './wrapper/index.js';
+export { withMandateZ } from './integrations/langchain/decorator.js';
+export { verifyAttestation } from './attestations/index.js';
+export type { AttestationRecord, AttestationViolation, Verdict, VerifyAttestationResponse, VerifyAttestationOptions, } from './attestations/index.js';
+export { DatadogExporter, SplunkExporter, WebhookExporter, OpenTelemetryExporter, } from './exporters/index.js';
+export type { EventExporter, DatadogExporterConfig, SplunkExporterConfig, WebhookExporterConfig, OpenTelemetryExporterConfig, } from './exporters/index.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAC5D,YAAY,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAEzD,OAAO,EAAE,gBAAgB,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AAC5E,YAAY,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACrE,OAAO,EAAE,iBAAiB,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEnE,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AACzD,YAAY,EAAE,uBAAuB,EAAE,MAAM,sBAAsB,CAAC;AAEpE,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACjD,OAAO,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACnE,YAAY,EAAE,UAAU,EAAE,MAAM,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AAE7F,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC7F,YAAY,EAAE,eAAe,EAAE,eAAe,EAAE,YAAY,EAAE,cAAc,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAE5I,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,YAAY,EAAE,oBAAoB,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEpE,OAAO,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAC9D,OAAO,EAAE,yBAAyB,EAAE,MAAM,mCAAmC,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAC5D,YAAY,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAEzD,OAAO,EAAE,gBAAgB,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AAC5E,YAAY,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACrE,OAAO,EAAE,iBAAiB,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEnE,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AACzD,YAAY,EAAE,uBAAuB,EAAE,MAAM,sBAAsB,CAAC;AAEpE,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACjD,OAAO,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACnE,YAAY,EAAE,UAAU,EAAE,MAAM,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AAE7F,OAAO,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAC/F,YAAY,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAEjF,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC7F,YAAY,EAAE,eAAe,EAAE,eAAe,EAAE,YAAY,EAAE,cAAc,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAE5I,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,YAAY,EACV,oBAAoB,EACpB,UAAU,EACV,eAAe,EACf,gBAAgB,EAChB,WAAW,EACX,kBAAkB,EAClB,mBAAmB,EACnB,gBAAgB,EAChB,iBAAiB,EACjB,sBAAsB,EACtB,eAAe,GAChB,MAAM,aAAa,CAAC;AAErB,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAClE,YAAY,EAAE,mBAAmB,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAE1F,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACvD,YAAY,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAE5D,OAAO,EAAE,YAAY,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACjE,YAAY,EACV,eAAe,EACf,SAAS,EACT,UAAU,EACV,cAAc,EACd,kBAAkB,EAClB,oBAAoB,EACpB,gBAAgB,GACjB,MAAM,iBAAiB,CAAC;AAEzB,OAAO,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAC9D,OAAO,EAAE,yBAAyB,EAAE,MAAM,mCAAmC,CAAC;AAE9E,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,YAAY,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAE9D,OAAO,EAAE,YAAY,EAAE,MAAM,uCAAuC,CAAC;AAErE,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,YAAY,EACV,iBAAiB,EACjB,oBAAoB,EACpB,OAAO,EACP,yBAAyB,EACzB,wBAAwB,GACzB,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EACL,eAAe,EACf,cAAc,EACd,eAAe,EACf,qBAAqB,GACtB,MAAM,sBAAsB,CAAC;AAC9B,YAAY,EACV,aAAa,EACb,qBAAqB,EACrB,oBAAoB,EACpB,qBAAqB,EACrB,2BAA2B,GAC5B,MAAM,sBAAsB,CAAC"}

package/dist/index.js

@@ -6,8 +6,16 @@ export { createSignedEvent, verifyEvent } from './events/index.js';
 export { SupabaseTransport } from './transport/index.js';
 export { PolicyEngine } from './policy/index.js';
 export { PolicyRuleSchema, PolicySchema } from './policy/index.js';
+export { POLICY_TEMPLATES, POLICY_TEMPLATE_LIST, findTemplate } from './policies/templates.js';
 export { OversightGate, SlackAlertChannel, WebhookAlertChannel } from './oversight/index.js';
 export { MandateZClient } from './client.js';
+export { checkIdentity, scoreBreaches } from './identity/hibp.js';
+export { computeTrustScore } from './trust/posture.js';
+export { getRiskScore, computeRiskScore } from './risk/index.js';
 export { MandateZN8nHook } from './integrations/n8n/index.js';
 export { MandateZLangChainCallback } from './integrations/langchain/index.js';
+export { MandateZAgent } from './wrapper/index.js';
+export { withMandateZ } from './integrations/langchain/decorator.js';
+export { verifyAttestation } from './attestations/index.js';
+export { DatadogExporter, SplunkExporter, WebhookExporter, OpenTelemetryExporter, } from './exporters/index.js';
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,2CAA2C;AAC3C,+BAA+B;AAE/B,OAAO,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAG5D,OAAO,EAAE,gBAAgB,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AAE5E,OAAO,EAAE,iBAAiB,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEnE,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAGzD,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACjD,OAAO,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAGnE,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAG7F,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAG7C,OAAO,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAC9D,OAAO,EAAE,yBAAyB,EAAE,MAAM,mCAAmC,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,2CAA2C;AAC3C,+BAA+B;AAE/B,OAAO,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAG5D,OAAO,EAAE,gBAAgB,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AAE5E,OAAO,EAAE,iBAAiB,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEnE,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAGzD,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACjD,OAAO,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAGnE,OAAO,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAG/F,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAG7F,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAe7C,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAGlE,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAGvD,OAAO,EAAE,YAAY,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AAWjE,OAAO,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAC9D,OAAO,EAAE,yBAAyB,EAAE,MAAM,mCAAmC,CAAC;AAE9E,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAGnD,OAAO,EAAE,YAAY,EAAE,MAAM,uCAAuC,CAAC;AAErE,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAS5D,OAAO,EACL,eAAe,EACf,cAAc,EACd,eAAe,EACf,qBAAqB,GACtB,MAAM,sBAAsB,CAAC"}

package/dist/integrations/langchain/decorator.d.ts

@@ -0,0 +1,31 @@
+import type { MandateZAgentConfig } from '../../wrapper/index.js';
+/**
+ * Minimal structural type for a LangChain runnable.
+ * We don't depend on @langchain/core — anything with invoke/stream works.
+ */
+interface LangChainRunnable {
+    invoke?: (...args: unknown[]) => unknown;
+    stream?: (...args: unknown[]) => unknown;
+    batch?: (...args: unknown[]) => unknown;
+    [key: string]: unknown;
+}
+/**
+ * Wrap a LangChain runnable (chain, agent, LLM, tool) with MandateZ governance.
+ *
+ * Transparently wraps .invoke(), .stream(), and .batch() if present, leaving
+ * all other methods untouched. Each invocation emits a signed AgentEvent.
+ *
+ * @example
+ *   const chain = new ChatOpenAI();
+ *   const governed = withMandateZ(chain, {
+ *     agentId: 'ag_...',
+ *     ownerId: 'owner_1',
+ *     privateKey: process.env.AGENT_PRIVATE_KEY!,
+ *     supabaseUrl: process.env.SUPABASE_URL!,
+ *     supabaseAnonKey: process.env.SUPABASE_ANON_KEY!,
+ *   });
+ *   await governed.invoke({ input: 'hello' });
+ */
+export declare function withMandateZ<T extends LangChainRunnable>(chain: T, config: MandateZAgentConfig): T;
+export {};
+//# sourceMappingURL=decorator.d.ts.map

package/dist/integrations/langchain/decorator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"decorator.d.ts","sourceRoot":"","sources":["../../../src/integrations/langchain/decorator.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAElE;;;GAGG;AACH,UAAU,iBAAiB;IACzB,MAAM,CAAC,EAAE,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,CAAC;IACzC,MAAM,CAAC,EAAE,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,CAAC;IACzC,KAAK,CAAC,EAAE,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,CAAC;IACxC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,YAAY,CAAC,CAAC,SAAS,iBAAiB,EACtD,KAAK,EAAE,CAAC,EACR,MAAM,EAAE,mBAAmB,GAC1B,CAAC,CAsBH"}

package/dist/integrations/langchain/decorator.js

@@ -0,0 +1,36 @@
+import { MandateZAgent } from '../../wrapper/index.js';
+/**
+ * Wrap a LangChain runnable (chain, agent, LLM, tool) with MandateZ governance.
+ *
+ * Transparently wraps .invoke(), .stream(), and .batch() if present, leaving
+ * all other methods untouched. Each invocation emits a signed AgentEvent.
+ *
+ * @example
+ *   const chain = new ChatOpenAI();
+ *   const governed = withMandateZ(chain, {
+ *     agentId: 'ag_...',
+ *     ownerId: 'owner_1',
+ *     privateKey: process.env.AGENT_PRIVATE_KEY!,
+ *     supabaseUrl: process.env.SUPABASE_URL!,
+ *     supabaseAnonKey: process.env.SUPABASE_ANON_KEY!,
+ *   });
+ *   await governed.invoke({ input: 'hello' });
+ */
+export function withMandateZ(chain, config) {
+    const baseName = config.name ?? (chain.constructor?.name ?? 'langchain/runnable');
+    const handler = {
+        get(target, prop, receiver) {
+            const value = Reflect.get(target, prop, receiver);
+            if (prop === 'invoke' || prop === 'stream' || prop === 'batch') {
+                if (typeof value !== 'function')
+                    return value;
+                const method = value.bind(target);
+                const wrapped = MandateZAgent(async (...args) => method(...args), { ...config, name: `${baseName}/${String(prop)}` });
+                return wrapped;
+            }
+            return value;
+        },
+    };
+    return new Proxy(chain, handler);
+}
+//# sourceMappingURL=decorator.js.map

package/dist/integrations/langchain/decorator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"decorator.js","sourceRoot":"","sources":["../../../src/integrations/langchain/decorator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAcvD;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,UAAU,YAAY,CAC1B,KAAQ,EACR,MAA2B;IAE3B,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,IAAI,IAAI,oBAAoB,CAAC,CAAC;IAClF,MAAM,OAAO,GAAoB;QAC/B,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ;YACxB,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;YAElD,IAAI,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;gBAC/D,IAAI,OAAO,KAAK,KAAK,UAAU;oBAAE,OAAO,KAAK,CAAC;gBAE9C,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,MAAM,CAAoC,CAAC;gBACrE,MAAM,OAAO,GAAG,aAAa,CAC3B,KAAK,EAAE,GAAG,IAAe,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,EAC7C,EAAE,GAAG,MAAM,EAAE,IAAI,EAAE,GAAG,QAAQ,IAAI,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,CACnD,CAAC;gBACF,OAAO,OAAO,CAAC;YACjB,CAAC;YAED,OAAO,KAAK,CAAC;QACf,CAAC;KACF,CAAC;IAEF,OAAO,IAAI,KAAK,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;AACnC,CAAC"}