@mandatez/sdk 0.1.1 → 0.1.8

package/dist/policies/templates.d.ts

@@ -0,0 +1,223 @@
+import type { PolicyRule } from '../policy/index.js';
+export interface PolicyTemplate {
+    /** Stable template identifier. Used as the `preset_id` on saved policies. */
+    id: string;
+    /** Display name shown in onboarding and dashboard galleries. */
+    name: string;
+    /** Human summary — shown next to the template in pickers. */
+    description: string;
+    /** Ordered rules for the PolicyEngine. First match wins, so the trailing
+     *  catch-all block only fires on actions no prior rule matched. */
+    rules: readonly PolicyRule[];
+}
+export declare const POLICY_TEMPLATES: {
+    readonly hipaa_healthcare: {
+        readonly id: "tpl_hipaa";
+        readonly name: "HIPAA Healthcare Agent";
+        readonly description: "For agents handling PHI. Blocks export, requires approval for writes, logs all reads.";
+        readonly rules: readonly [{
+            readonly id: "r1";
+            readonly action_types: ["export"];
+            readonly resource_pattern: "*";
+            readonly effect: "block";
+        }, {
+            readonly id: "r2";
+            readonly action_types: ["delete"];
+            readonly resource_pattern: "*";
+            readonly effect: "block";
+        }, {
+            readonly id: "r3";
+            readonly action_types: ["write"];
+            readonly resource_pattern: "phi/*";
+            readonly effect: "flag";
+        }, {
+            readonly id: "r4";
+            readonly action_types: ["read"];
+            readonly resource_pattern: "phi/*";
+            readonly effect: "allow";
+        }, {
+            readonly id: "r5";
+            readonly action_types: ("read" | "write" | "export" | "delete" | "call" | "payment" | "*")[];
+            readonly resource_pattern: "*";
+            readonly effect: "block";
+        }];
+    };
+    readonly fintech_payments: {
+        readonly id: "tpl_fintech";
+        readonly name: "Fintech Payments Agent";
+        readonly description: "For agents processing payments. All payment actions require human approval.";
+        readonly rules: readonly [{
+            readonly id: "r1";
+            readonly action_types: ["payment"];
+            readonly resource_pattern: "*";
+            readonly effect: "flag";
+        }, {
+            readonly id: "r2";
+            readonly action_types: ["delete"];
+            readonly resource_pattern: "*";
+            readonly effect: "block";
+        }, {
+            readonly id: "r3";
+            readonly action_types: ["export"];
+            readonly resource_pattern: "customer/*";
+            readonly effect: "flag";
+        }, {
+            readonly id: "r4";
+            readonly action_types: ["read"];
+            readonly resource_pattern: "customer/*";
+            readonly effect: "allow";
+        }, {
+            readonly id: "r5";
+            readonly action_types: ("read" | "write" | "export" | "delete" | "call" | "payment" | "*")[];
+            readonly resource_pattern: "*";
+            readonly effect: "block";
+        }];
+    };
+    readonly customer_support: {
+        readonly id: "tpl_support";
+        readonly name: "Customer Support Agent";
+        readonly description: "For agents responding to customer tickets. Read-only on customer data, write to tickets only.";
+        readonly rules: readonly [{
+            readonly id: "r1";
+            readonly action_types: ["read"];
+            readonly resource_pattern: "customers/*";
+            readonly effect: "allow";
+        }, {
+            readonly id: "r2";
+            readonly action_types: ["read"];
+            readonly resource_pattern: "tickets/*";
+            readonly effect: "allow";
+        }, {
+            readonly id: "r3";
+            readonly action_types: ["write"];
+            readonly resource_pattern: "tickets/*";
+            readonly effect: "allow";
+        }, {
+            readonly id: "r4";
+            readonly action_types: ["delete"];
+            readonly resource_pattern: "*";
+            readonly effect: "block";
+        }, {
+            readonly id: "r5";
+            readonly action_types: ["export"];
+            readonly resource_pattern: "*";
+            readonly effect: "block";
+        }, {
+            readonly id: "r6";
+            readonly action_types: ("read" | "write" | "export" | "delete" | "call" | "payment" | "*")[];
+            readonly resource_pattern: "*";
+            readonly effect: "block";
+        }];
+    };
+    readonly code_assistant: {
+        readonly id: "tpl_code";
+        readonly name: "Code Assistant Agent";
+        readonly description: "For agents that review or generate code. Read code, open PRs, no direct deploys.";
+        readonly rules: readonly [{
+            readonly id: "r1";
+            readonly action_types: ["read"];
+            readonly resource_pattern: "repo/*";
+            readonly effect: "allow";
+        }, {
+            readonly id: "r2";
+            readonly action_types: ["write"];
+            readonly resource_pattern: "repo/pull-requests/*";
+            readonly effect: "allow";
+        }, {
+            readonly id: "r3";
+            readonly action_types: ["call"];
+            readonly resource_pattern: "github/*";
+            readonly effect: "allow";
+        }, {
+            readonly id: "r4";
+            readonly action_types: ["call"];
+            readonly resource_pattern: "deploy/*";
+            readonly effect: "flag";
+        }, {
+            readonly id: "r5";
+            readonly action_types: ["delete"];
+            readonly resource_pattern: "*";
+            readonly effect: "block";
+        }, {
+            readonly id: "r6";
+            readonly action_types: ("read" | "write" | "export" | "delete" | "call" | "payment" | "*")[];
+            readonly resource_pattern: "*";
+            readonly effect: "block";
+        }];
+    };
+    readonly data_analyst: {
+        readonly id: "tpl_analyst";
+        readonly name: "Data Analyst Agent";
+        readonly description: "For agents running queries on data warehouses. Read-only, no writes or exports without approval.";
+        readonly rules: readonly [{
+            readonly id: "r1";
+            readonly action_types: ["read"];
+            readonly resource_pattern: "warehouse/*";
+            readonly effect: "allow";
+        }, {
+            readonly id: "r2";
+            readonly action_types: ["call"];
+            readonly resource_pattern: "warehouse/query/*";
+            readonly effect: "allow";
+        }, {
+            readonly id: "r3";
+            readonly action_types: ["export"];
+            readonly resource_pattern: "*";
+            readonly effect: "flag";
+        }, {
+            readonly id: "r4";
+            readonly action_types: ["write", "delete"];
+            readonly resource_pattern: "*";
+            readonly effect: "block";
+        }, {
+            readonly id: "r5";
+            readonly action_types: ("read" | "write" | "export" | "delete" | "call" | "payment" | "*")[];
+            readonly resource_pattern: "*";
+            readonly effect: "block";
+        }];
+    };
+    readonly sales_outbound: {
+        readonly id: "tpl_sales";
+        readonly name: "Sales Outbound Agent";
+        readonly description: "For agents running cold outreach. Write to CRM, send emails with approval, no exports.";
+        readonly rules: readonly [{
+            readonly id: "r1";
+            readonly action_types: ["read"];
+            readonly resource_pattern: "crm/*";
+            readonly effect: "allow";
+        }, {
+            readonly id: "r2";
+            readonly action_types: ["write"];
+            readonly resource_pattern: "crm/contacts/*";
+            readonly effect: "allow";
+        }, {
+            readonly id: "r3";
+            readonly action_types: ["call"];
+            readonly resource_pattern: "email/send";
+            readonly effect: "flag";
+        }, {
+            readonly id: "r4";
+            readonly action_types: ["export"];
+            readonly resource_pattern: "*";
+            readonly effect: "block";
+        }, {
+            readonly id: "r5";
+            readonly action_types: ["delete"];
+            readonly resource_pattern: "*";
+            readonly effect: "block";
+        }, {
+            readonly id: "r6";
+            readonly action_types: ("read" | "write" | "export" | "delete" | "call" | "payment" | "*")[];
+            readonly resource_pattern: "*";
+            readonly effect: "block";
+        }];
+    };
+};
+export type PolicyTemplateKey = keyof typeof POLICY_TEMPLATES;
+/** Find a template by its key (e.g. `hipaa_healthcare`) or id (e.g. `tpl_hipaa`). */
+export declare function findTemplate(keyOrId: string): PolicyTemplate | undefined;
+/** Array form for UI rendering — preserves insertion order. */
+export declare const POLICY_TEMPLATE_LIST: readonly (PolicyTemplate & {
+    key: PolicyTemplateKey;
+})[];
+//# sourceMappingURL=templates.d.ts.map

package/dist/policies/templates.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"templates.d.ts","sourceRoot":"","sources":["../../src/policies/templates.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAErD,MAAM,WAAW,cAAc;IAC7B,6EAA6E;IAC7E,EAAE,EAAE,MAAM,CAAC;IACX,gEAAgE;IAChE,IAAI,EAAE,MAAM,CAAC;IACb,6DAA6D;IAC7D,WAAW,EAAE,MAAM,CAAC;IACpB;uEACmE;IACnE,KAAK,EAAE,SAAS,UAAU,EAAE,CAAC;CAC9B;AAWD,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAkFsB,CAAC;AAEpD,MAAM,MAAM,iBAAiB,GAAG,MAAM,OAAO,gBAAgB,CAAC;AAE9D,qFAAqF;AACrF,wBAAgB,YAAY,CAC1B,OAAO,EAAE,MAAM,GACd,cAAc,GAAG,SAAS,CAQ5B;AAED,+DAA+D;AAC/D,eAAO,MAAM,oBAAoB,EAAE,SAAS,CAAC,cAAc,GAAG;IAAE,GAAG,EAAE,iBAAiB,CAAA;CAAE,CAAC,EAIpF,CAAC"}

package/dist/policies/templates.js

@@ -0,0 +1,102 @@
+const ALL_ACTION_TYPES = [
+    'read',
+    'write',
+    'delete',
+    'export',
+    'call',
+    'payment',
+];
+export const POLICY_TEMPLATES = {
+    hipaa_healthcare: {
+        id: 'tpl_hipaa',
+        name: 'HIPAA Healthcare Agent',
+        description: 'For agents handling PHI. Blocks export, requires approval for writes, logs all reads.',
+        rules: [
+            { id: 'r1', action_types: ['export'], resource_pattern: '*', effect: 'block' },
+            { id: 'r2', action_types: ['delete'], resource_pattern: '*', effect: 'block' },
+            { id: 'r3', action_types: ['write'], resource_pattern: 'phi/*', effect: 'flag' },
+            { id: 'r4', action_types: ['read'], resource_pattern: 'phi/*', effect: 'allow' },
+            { id: 'r5', action_types: ALL_ACTION_TYPES, resource_pattern: '*', effect: 'block' },
+        ],
+    },
+    fintech_payments: {
+        id: 'tpl_fintech',
+        name: 'Fintech Payments Agent',
+        description: 'For agents processing payments. All payment actions require human approval.',
+        rules: [
+            { id: 'r1', action_types: ['payment'], resource_pattern: '*', effect: 'flag' },
+            { id: 'r2', action_types: ['delete'], resource_pattern: '*', effect: 'block' },
+            { id: 'r3', action_types: ['export'], resource_pattern: 'customer/*', effect: 'flag' },
+            { id: 'r4', action_types: ['read'], resource_pattern: 'customer/*', effect: 'allow' },
+            { id: 'r5', action_types: ALL_ACTION_TYPES, resource_pattern: '*', effect: 'block' },
+        ],
+    },
+    customer_support: {
+        id: 'tpl_support',
+        name: 'Customer Support Agent',
+        description: 'For agents responding to customer tickets. Read-only on customer data, write to tickets only.',
+        rules: [
+            { id: 'r1', action_types: ['read'], resource_pattern: 'customers/*', effect: 'allow' },
+            { id: 'r2', action_types: ['read'], resource_pattern: 'tickets/*', effect: 'allow' },
+            { id: 'r3', action_types: ['write'], resource_pattern: 'tickets/*', effect: 'allow' },
+            { id: 'r4', action_types: ['delete'], resource_pattern: '*', effect: 'block' },
+            { id: 'r5', action_types: ['export'], resource_pattern: '*', effect: 'block' },
+            { id: 'r6', action_types: ALL_ACTION_TYPES, resource_pattern: '*', effect: 'block' },
+        ],
+    },
+    code_assistant: {
+        id: 'tpl_code',
+        name: 'Code Assistant Agent',
+        description: 'For agents that review or generate code. Read code, open PRs, no direct deploys.',
+        rules: [
+            { id: 'r1', action_types: ['read'], resource_pattern: 'repo/*', effect: 'allow' },
+            { id: 'r2', action_types: ['write'], resource_pattern: 'repo/pull-requests/*', effect: 'allow' },
+            { id: 'r3', action_types: ['call'], resource_pattern: 'github/*', effect: 'allow' },
+            { id: 'r4', action_types: ['call'], resource_pattern: 'deploy/*', effect: 'flag' },
+            { id: 'r5', action_types: ['delete'], resource_pattern: '*', effect: 'block' },
+            { id: 'r6', action_types: ALL_ACTION_TYPES, resource_pattern: '*', effect: 'block' },
+        ],
+    },
+    data_analyst: {
+        id: 'tpl_analyst',
+        name: 'Data Analyst Agent',
+        description: 'For agents running queries on data warehouses. Read-only, no writes or exports without approval.',
+        rules: [
+            { id: 'r1', action_types: ['read'], resource_pattern: 'warehouse/*', effect: 'allow' },
+            { id: 'r2', action_types: ['call'], resource_pattern: 'warehouse/query/*', effect: 'allow' },
+            { id: 'r3', action_types: ['export'], resource_pattern: '*', effect: 'flag' },
+            { id: 'r4', action_types: ['write', 'delete'], resource_pattern: '*', effect: 'block' },
+            { id: 'r5', action_types: ALL_ACTION_TYPES, resource_pattern: '*', effect: 'block' },
+        ],
+    },
+    sales_outbound: {
+        id: 'tpl_sales',
+        name: 'Sales Outbound Agent',
+        description: 'For agents running cold outreach. Write to CRM, send emails with approval, no exports.',
+        rules: [
+            { id: 'r1', action_types: ['read'], resource_pattern: 'crm/*', effect: 'allow' },
+            { id: 'r2', action_types: ['write'], resource_pattern: 'crm/contacts/*', effect: 'allow' },
+            { id: 'r3', action_types: ['call'], resource_pattern: 'email/send', effect: 'flag' },
+            { id: 'r4', action_types: ['export'], resource_pattern: '*', effect: 'block' },
+            { id: 'r5', action_types: ['delete'], resource_pattern: '*', effect: 'block' },
+            { id: 'r6', action_types: ALL_ACTION_TYPES, resource_pattern: '*', effect: 'block' },
+        ],
+    },
+};
+/** Find a template by its key (e.g. `hipaa_healthcare`) or id (e.g. `tpl_hipaa`). */
+export function findTemplate(keyOrId) {
+    if (keyOrId in POLICY_TEMPLATES) {
+        return POLICY_TEMPLATES[keyOrId];
+    }
+    for (const template of Object.values(POLICY_TEMPLATES)) {
+        if (template.id === keyOrId)
+            return template;
+    }
+    return undefined;
+}
+/** Array form for UI rendering — preserves insertion order. */
+export const POLICY_TEMPLATE_LIST = Object.keys(POLICY_TEMPLATES).map((key) => ({
+    key,
+    ...POLICY_TEMPLATES[key],
+}));
+//# sourceMappingURL=templates.js.map

package/dist/policies/templates.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"templates.js","sourceRoot":"","sources":["../../src/policies/templates.ts"],"names":[],"mappings":"AAcA,MAAM,gBAAgB,GAA+B;IACnD,MAAM;IACN,OAAO;IACP,QAAQ;IACR,QAAQ;IACR,MAAM;IACN,SAAS;CACV,CAAC;AAEF,MAAM,CAAC,MAAM,gBAAgB,GAAG;IAC9B,gBAAgB,EAAE;QAChB,EAAE,EAAE,WAAW;QACf,IAAI,EAAE,wBAAwB;QAC9B,WAAW,EACT,uFAAuF;QACzF,KAAK,EAAE;YACL,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,QAAQ,CAAC,EAAE,gBAAgB,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE;YAC9E,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,QAAQ,CAAC,EAAE,gBAAgB,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE;YAC9E,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,OAAO,CAAC,EAAE,gBAAgB,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE;YAChF,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,MAAM,CAAC,EAAE,gBAAgB,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE;YAChF,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE;SACrF;KACF;IACD,gBAAgB,EAAE;QAChB,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,wBAAwB;QAC9B,WAAW,EACT,6EAA6E;QAC/E,KAAK,EAAE;YACL,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,SAAS,CAAC,EAAE,gBAAgB,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE;YAC9E,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,QAAQ,CAAC,EAAE,gBAAgB,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE;YAC9E,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,QAAQ,CAAC,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,EAAE;YACtF,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,MAAM,CAAC,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,EAAE,OAAO,EAAE;YACrF,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE;SACrF;KACF;IACD,gBAAgB,EAAE;QAChB,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,wBAAwB;QAC9B,WAAW,EACT,+FAA+F;QACjG,KAAK,EAAE;YACL,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,MAAM,CAAC,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,EAAE,OAAO,EAAE;YACtF,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,MAAM,CAAC,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE;YACpF,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,OAAO,CAAC,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE;YACrF,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,QAAQ,CAAC,EAAE,gBAAgB,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE;YAC9E,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,QAAQ,CAAC,EAAE,gBAAgB,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE;YAC9E,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE;SACrF;KACF;IACD,cAAc,EAAE;QACd,EAAE,EAAE,UAAU;QACd,IAAI,EAAE,sBAAsB;QAC5B,WAAW,EACT,kFAAkF;QACpF,KAAK,EAAE;YACL,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,MAAM,CAAC,EAAE,gBAAgB,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE;YACjF,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,OAAO,CAAC,EAAE,gBAAgB,EAAE,sBAAsB,EAAE,MAAM,EAAE,OAAO,EAAE;YAChG,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,MAAM,CAAC,EAAE,gBAAgB,EAAE,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE;YACnF,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,MAAM,CAAC,EAAE,gBAAgB,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE;YAClF,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,QAAQ,CAAC,EAAE,gBAAgB,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE;YAC9E,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE;SACrF;KACF;IACD,YAAY,EAAE;QACZ,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EACT,kGAAkG;QACpG,KAAK,EAAE;YACL,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,MAAM,CAAC,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,EAAE,OAAO,EAAE;YACtF,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,MAAM,CAAC,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,MAAM,EAAE,OAAO,EAAE;YAC5F,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,QAAQ,CAAC,EAAE,gBAAgB,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE;YAC7E,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,gBAAgB,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE;YACvF,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE;SACrF;KACF;IACD,cAAc,EAAE;QACd,EAAE,EAAE,WAAW;QACf,IAAI,EAAE,sBAAsB;QAC5B,WAAW,EACT,wFAAwF;QAC1F,KAAK,EAAE;YACL,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,MAAM,CAAC,EAAE,gBAAgB,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE;YAChF,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,OAAO,CAAC,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,EAAE,OAAO,EAAE;YAC1F,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,MAAM,CAAC,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,EAAE;YACpF,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,QAAQ,CAAC,EAAE,gBAAgB,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE;YAC9E,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,QAAQ,CAAC,EAAE,gBAAgB,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE;YAC9E,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE;SACrF;KACF;CACgD,CAAC;AAIpD,qFAAqF;AACrF,MAAM,UAAU,YAAY,CAC1B,OAAe;IAEf,IAAI,OAAO,IAAI,gBAAgB,EAAE,CAAC;QAChC,OAAO,gBAAgB,CAAC,OAA4B,CAAC,CAAC;IACxD,CAAC;IACD,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACvD,IAAI,QAAQ,CAAC,EAAE,KAAK,OAAO;YAAE,OAAO,QAAQ,CAAC;IAC/C,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,+DAA+D;AAC/D,MAAM,CAAC,MAAM,oBAAoB,GAC9B,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAyB,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;IACnE,GAAG;IACH,GAAG,gBAAgB,CAAC,GAAG,CAAC;CACzB,CAAC,CAAC,CAAC"}

package/dist/risk/index.d.ts

@@ -0,0 +1,58 @@
+export type RiskGrade = 'A+' | 'A' | 'B' | 'C' | 'D' | 'F';
+export type RiskDomain = 'financial' | 'communication' | 'database' | 'external_api' | 'storage' | 'other';
+export type RiskActionType = 'read' | 'write' | 'export' | 'delete' | 'call' | 'payment';
+export interface RiskSeverityBucket {
+    events: number;
+    blocked: number;
+    flagged: number;
+    deduction: number;
+}
+export interface RiskIncidentPatterns {
+    hourly_spikes: Array<{
+        hour: string;
+        count: number;
+        ratio_over_average: number;
+    }>;
+    repeated_blocks: Array<{
+        resource: string;
+        blocked_count: number;
+    }>;
+    escalations: Array<{
+        resource: string;
+        chain: RiskActionType[];
+        started_at: string;
+        ended_at: string;
+    }>;
+}
+export interface RiskScoreRecord {
+    id?: string;
+    agent_id: string;
+    owner_id: string;
+    overall_score: number;
+    grade: RiskGrade;
+    severity_breakdown: Record<RiskActionType, RiskSeverityBucket>;
+    domain_classification: Record<RiskDomain, number>;
+    incident_patterns: RiskIncidentPatterns;
+    blocked_ratio: number;
+    flagged_ratio: number;
+    event_count: number;
+    window_days: number;
+    computed_at: string;
+}
+export interface RiskClientConfig {
+    /** Dashboard API base URL, e.g. 'https://dashboard.mandatez.com'. */
+    apiUrl: string;
+    /** Bearer API key ("mz_live_..."). */
+    apiKey: string;
+}
+/**
+ * Fetch the most recent risk score for an agent. The dashboard auto-computes
+ * a fresh score if none exists yet, so this never returns null.
+ */
+export declare function getRiskScore(agentId: string, config: RiskClientConfig): Promise<RiskScoreRecord>;
+/**
+ * Trigger a fresh risk score computation for an agent and return the new record.
+ * `windowDays` defaults to the dashboard's server-side default (30) when omitted.
+ */
+export declare function computeRiskScore(agentId: string, config: RiskClientConfig, windowDays?: number): Promise<RiskScoreRecord>;
+//# sourceMappingURL=index.d.ts.map

package/dist/risk/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/risk/index.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,SAAS,GAAG,IAAI,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,CAAC;AAC3D,MAAM,MAAM,UAAU,GAClB,WAAW,GACX,eAAe,GACf,UAAU,GACV,cAAc,GACd,SAAS,GACT,OAAO,CAAC;AAEZ,MAAM,MAAM,cAAc,GAAG,MAAM,GAAG,OAAO,GAAG,QAAQ,GAAG,QAAQ,GAAG,MAAM,GAAG,SAAS,CAAC;AAEzF,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,oBAAoB;IACnC,aAAa,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,kBAAkB,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAClF,eAAe,EAAE,KAAK,CAAC;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,aAAa,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACpE,WAAW,EAAE,KAAK,CAAC;QACjB,QAAQ,EAAE,MAAM,CAAC;QACjB,KAAK,EAAE,cAAc,EAAE,CAAC;QACxB,UAAU,EAAE,MAAM,CAAC;QACnB,QAAQ,EAAE,MAAM,CAAC;KAClB,CAAC,CAAC;CACJ;AAED,MAAM,WAAW,eAAe;IAC9B,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,MAAM,CAAC;IACtB,KAAK,EAAE,SAAS,CAAC;IACjB,kBAAkB,EAAE,MAAM,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;IAC/D,qBAAqB,EAAE,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IAClD,iBAAiB,EAAE,oBAAoB,CAAC;IACxC,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,gBAAgB;IAC/B,qEAAqE;IACrE,MAAM,EAAE,MAAM,CAAC;IACf,sCAAsC;IACtC,MAAM,EAAE,MAAM,CAAC;CAChB;AAeD;;;GAGG;AACH,wBAAsB,YAAY,CAChC,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,gBAAgB,GACvB,OAAO,CAAC,eAAe,CAAC,CAa1B;AAED;;;GAGG;AACH,wBAAsB,gBAAgB,CACpC,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,gBAAgB,EACxB,UAAU,CAAC,EAAE,MAAM,GAClB,OAAO,CAAC,eAAe,CAAC,CAiB1B"}

package/dist/risk/index.js

@@ -0,0 +1,45 @@
+function normalizeUrl(url) {
+    return url.replace(/\/+$/, '');
+}
+async function readError(res, fallback) {
+    try {
+        const body = (await res.json());
+        return body.error ?? fallback;
+    }
+    catch {
+        return fallback;
+    }
+}
+/**
+ * Fetch the most recent risk score for an agent. The dashboard auto-computes
+ * a fresh score if none exists yet, so this never returns null.
+ */
+export async function getRiskScore(agentId, config) {
+    const res = await fetch(`${normalizeUrl(config.apiUrl)}/api/risk/${agentId}`, {
+        method: 'GET',
+        headers: { Authorization: `Bearer ${config.apiKey}` },
+    });
+    if (!res.ok) {
+        throw new Error(`MandateZ getRiskScore failed: ${await readError(res, `HTTP ${res.status}`)}`);
+    }
+    return (await res.json());
+}
+/**
+ * Trigger a fresh risk score computation for an agent and return the new record.
+ * `windowDays` defaults to the dashboard's server-side default (30) when omitted.
+ */
+export async function computeRiskScore(agentId, config, windowDays) {
+    const res = await fetch(`${normalizeUrl(config.apiUrl)}/api/risk/compute/${agentId}`, {
+        method: 'POST',
+        headers: {
+            Authorization: `Bearer ${config.apiKey}`,
+            'Content-Type': 'application/json',
+        },
+        body: JSON.stringify(windowDays != null ? { window_days: windowDays } : {}),
+    });
+    if (!res.ok) {
+        throw new Error(`MandateZ computeRiskScore failed: ${await readError(res, `HTTP ${res.status}`)}`);
+    }
+    return (await res.json());
+}
+//# sourceMappingURL=index.js.map

package/dist/risk/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/risk/index.ts"],"names":[],"mappings":"AAoDA,SAAS,YAAY,CAAC,GAAW;IAC/B,OAAO,GAAG,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;AACjC,CAAC;AAED,KAAK,UAAU,SAAS,CAAC,GAAa,EAAE,QAAgB;IACtD,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAuB,CAAC;QACtD,OAAO,IAAI,CAAC,KAAK,IAAI,QAAQ,CAAC;IAChC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,QAAQ,CAAC;IAClB,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,OAAe,EACf,MAAwB;IAExB,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,aAAa,OAAO,EAAE,EAAE;QAC5E,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,MAAM,CAAC,MAAM,EAAE,EAAE;KACtD,CAAC,CAAC;IAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CACb,iCAAiC,MAAM,SAAS,CAAC,GAAG,EAAE,QAAQ,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,CAC9E,CAAC;IACJ,CAAC;IAED,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAoB,CAAC;AAC/C,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,OAAe,EACf,MAAwB,EACxB,UAAmB;IAEnB,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,qBAAqB,OAAO,EAAE,EAAE;QACpF,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,aAAa,EAAE,UAAU,MAAM,CAAC,MAAM,EAAE;YACxC,cAAc,EAAE,kBAAkB;SACnC;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU,IAAI,IAAI,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC5E,CAAC,CAAC;IAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CACb,qCAAqC,MAAM,SAAS,CAAC,GAAG,EAAE,QAAQ,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,CAClF,CAAC;IACJ,CAAC;IAED,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAoB,CAAC;AAC/C,CAAC"}

package/dist/transport/supabase.d.ts

@@ -1,4 +1,6 @@
 import type { AgentEvent } from '../events/schema.js';
+import type { AgentTrustProfile } from '../trust/posture.js';
+import type { IdentityCheckResult } from '../identity/hibp.js';
 export interface SupabaseTransportConfig {
     supabaseUrl: string;
     supabaseAnonKey: string;
@@ -6,10 +8,37 @@ export interface SupabaseTransportConfig {
 export declare class SupabaseTransport {
     private client;
     constructor(config: SupabaseTransportConfig);
+    /**
+     * Upserts an agent row. Idempotent — safe to call on every client startup.
+     */
+    upsertAgent(params: {
+        agentId: string;
+        ownerId: string;
+        name: string;
+        publicKey: string;
+        metadata?: Record<string, unknown>;
+    }): Promise<void>;
     /**
      * Inserts a signed AgentEvent into the agent_events table.
      * Throws on Supabase errors so callers can handle failures.
      */
     emitEvent(event: AgentEvent): Promise<AgentEvent>;
+    /**
+     * Fetches all events for an agent, ordered by timestamp.
+     */
+    fetchAgentEvents(agentId: string): Promise<AgentEvent[]>;
+    /**
+     * Inserts an identity check result into the identity_checks table.
+     */
+    insertIdentityCheck(params: {
+        ownerId: string;
+        agentId: string;
+        email: string;
+        result: IdentityCheckResult;
+    }): Promise<void>;
+    /**
+     * Updates the agent's trust profile columns in the agents table.
+     */
+    updateAgentTrust(agentId: string, profile: AgentTrustProfile): Promise<void>;
 }
 //# sourceMappingURL=supabase.d.ts.map

package/dist/transport/supabase.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"supabase.d.ts","sourceRoot":"","sources":["../../src/transport/supabase.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAEtD,MAAM,WAAW,uBAAuB;IACtC,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,CAAC;CACzB;AAED,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,MAAM,CAAiB;gBAEnB,MAAM,EAAE,uBAAuB;IAI3C;;;OAGG;IACG,SAAS,CAAC,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;CAqBxD"}
+{"version":3,"file":"supabase.d.ts","sourceRoot":"","sources":["../../src/transport/supabase.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AACtD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAC7D,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAE/D,MAAM,WAAW,uBAAuB;IACtC,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,CAAC;CACzB;AAED,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,MAAM,CAAiB;gBAEnB,MAAM,EAAE,uBAAuB;IAI3C;;OAEG;IACG,WAAW,CAAC,MAAM,EAAE;QACxB,OAAO,EAAE,MAAM,CAAC;QAChB,OAAO,EAAE,MAAM,CAAC;QAChB,IAAI,EAAE,MAAM,CAAC;QACb,SAAS,EAAE,MAAM,CAAC;QAClB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KACpC,GAAG,OAAO,CAAC,IAAI,CAAC;IAiBjB;;;OAGG;IACG,SAAS,CAAC,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IAsBvD;;OAEG;IACG,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;IA0B9D;;OAEG;IACG,mBAAmB,CAAC,MAAM,EAAE;QAChC,OAAO,EAAE,MAAM,CAAC;QAChB,OAAO,EAAE,MAAM,CAAC;QAChB,KAAK,EAAE,MAAM,CAAC;QACd,MAAM,EAAE,mBAAmB,CAAC;KAC7B,GAAG,OAAO,CAAC,IAAI,CAAC;IAgBjB;;OAEG;IACG,gBAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC;CAqBnF"}

package/dist/transport/supabase.js

@@ -4,6 +4,21 @@ export class SupabaseTransport {
     constructor(config) {
         this.client = createClient(config.supabaseUrl, config.supabaseAnonKey);
     }
+    /**
+     * Upserts an agent row. Idempotent — safe to call on every client startup.
+     */
+    async upsertAgent(params) {
+        const { error } = await this.client.from('agents').upsert({
+            id: params.agentId,
+            owner_id: params.ownerId,
+            name: params.name,
+            public_key: params.publicKey,
+            metadata: params.metadata ?? {},
+        }, { onConflict: 'id' });
+        if (error) {
+            throw new Error(`Failed to upsert agent: ${error.message}`);
+        }
+    }
     /**
      * Inserts a signed AgentEvent into the agent_events table.
      * Throws on Supabase errors so callers can handle failures.
@@ -27,5 +42,71 @@ export class SupabaseTransport {
         }
         return event;
     }
+    /**
+     * Fetches all events for an agent, ordered by timestamp.
+     */
+    async fetchAgentEvents(agentId) {
+        const { data, error } = await this.client
+            .from('agent_events')
+            .select('*')
+            .eq('agent_id', agentId)
+            .order('timestamp', { ascending: true });
+        if (error) {
+            throw new Error(`Failed to fetch agent events: ${error.message}`);
+        }
+        return (data ?? []).map((row) => ({
+            event_id: row.id,
+            agent_id: row.agent_id,
+            owner_id: row.owner_id,
+            timestamp: row.timestamp,
+            action_type: row.action_type,
+            resource: row.resource,
+            outcome: row.outcome,
+            policy_id: row.policy_id ?? null,
+            metadata: row.metadata ?? {},
+            signature: row.signature,
+            public_key: row.public_key,
+        }));
+    }
+    /**
+     * Inserts an identity check result into the identity_checks table.
+     */
+    async insertIdentityCheck(params) {
+        const { error } = await this.client.from('identity_checks').insert({
+            owner_id: params.ownerId,
+            agent_id: params.agentId,
+            email: params.email,
+            risk_score: params.result.risk_score,
+            breach_count: params.result.breach_count,
+            breaches: params.result.breaches,
+            status: params.result.status,
+        });
+        if (error) {
+            throw new Error(`Failed to insert identity check: ${error.message}`);
+        }
+    }
+    /**
+     * Updates the agent's trust profile columns in the agents table.
+     */
+    async updateAgentTrust(agentId, profile) {
+        const { error } = await this.client
+            .from('agents')
+            .update({
+            trust_score: profile.trust_score,
+            trust_grade: profile.trust_grade,
+            total_events: profile.total_events,
+            allowed_ratio: profile.allowed_ratio,
+            flagged_ratio: profile.flagged_ratio,
+            blocked_ratio: profile.blocked_ratio,
+            human_approvals: profile.human_approvals,
+            human_rejections: profile.human_rejections,
+            first_seen: profile.first_seen,
+            last_active: profile.last_active,
+        })
+            .eq('id', agentId);
+        if (error) {
+            throw new Error(`Failed to update agent trust: ${error.message}`);
+        }
+    }
 }
 //# sourceMappingURL=supabase.js.map

package/dist/transport/supabase.js.map

@@ -1 +1 @@
-{"version":3,"file":"supabase.js","sourceRoot":"","sources":["../../src/transport/supabase.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAkB,MAAM,uBAAuB,CAAC;AAQrE,MAAM,OAAO,iBAAiB;IACpB,MAAM,CAAiB;IAE/B,YAAY,MAA+B;QACzC,IAAI,CAAC,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,eAAe,CAAC,CAAC;IACzE,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,SAAS,CAAC,KAAiB;QAC/B,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,MAAM,CAAC;YAC9D,EAAE,EAAE,KAAK,CAAC,QAAQ;YAClB,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,WAAW,EAAE,KAAK,CAAC,WAAW;YAC9B,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,UAAU,EAAE,KAAK,CAAC,UAAU;SAC7B,CAAC,CAAC;QAEH,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,yBAAyB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAC5D,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;CACF"}
+{"version":3,"file":"supabase.js","sourceRoot":"","sources":["../../src/transport/supabase.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAkB,MAAM,uBAAuB,CAAC;AAUrE,MAAM,OAAO,iBAAiB;IACpB,MAAM,CAAiB;IAE/B,YAAY,MAA+B;QACzC,IAAI,CAAC,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,eAAe,CAAC,CAAC;IACzE,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW,CAAC,MAMjB;QACC,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM,CACvD;YACE,EAAE,EAAE,MAAM,CAAC,OAAO;YAClB,QAAQ,EAAE,MAAM,CAAC,OAAO;YACxB,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,UAAU,EAAE,MAAM,CAAC,SAAS;YAC5B,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,EAAE;SAChC,EACD,EAAE,UAAU,EAAE,IAAI,EAAE,CACrB,CAAC;QAEF,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,2BAA2B,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,SAAS,CAAC,KAAiB;QAC/B,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,MAAM,CAAC;YAC9D,EAAE,EAAE,KAAK,CAAC,QAAQ;YAClB,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,WAAW,EAAE,KAAK,CAAC,WAAW;YAC9B,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,UAAU,EAAE,KAAK,CAAC,UAAU;SAC7B,CAAC,CAAC;QAEH,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,yBAAyB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAC5D,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,gBAAgB,CAAC,OAAe;QACpC,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,MAAM;aACtC,IAAI,CAAC,cAAc,CAAC;aACpB,MAAM,CAAC,GAAG,CAAC;aACX,EAAE,CAAC,UAAU,EAAE,OAAO,CAAC;aACvB,KAAK,CAAC,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAE3C,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,iCAAiC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QACpE,CAAC;QAED,OAAO,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,GAA4B,EAAE,EAAE,CAAC,CAAC;YACzD,QAAQ,EAAE,GAAG,CAAC,EAAY;YAC1B,QAAQ,EAAE,GAAG,CAAC,QAAkB;YAChC,QAAQ,EAAE,GAAG,CAAC,QAAkB;YAChC,SAAS,EAAE,GAAG,CAAC,SAAmB;YAClC,WAAW,EAAE,GAAG,CAAC,WAAwC;YACzD,QAAQ,EAAE,GAAG,CAAC,QAAkB;YAChC,OAAO,EAAE,GAAG,CAAC,OAAgC;YAC7C,SAAS,EAAG,GAAG,CAAC,SAAoB,IAAI,IAAI;YAC5C,QAAQ,EAAG,GAAG,CAAC,QAAoC,IAAI,EAAE;YACzD,SAAS,EAAE,GAAG,CAAC,SAAmB;YAClC,UAAU,EAAE,GAAG,CAAC,UAAoB;SACrC,CAAC,CAAC,CAAC;IACN,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,mBAAmB,CAAC,MAKzB;QACC,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,MAAM,CAAC;YACjE,QAAQ,EAAE,MAAM,CAAC,OAAO;YACxB,QAAQ,EAAE,MAAM,CAAC,OAAO;YACxB,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,UAAU,EAAE,MAAM,CAAC,MAAM,CAAC,UAAU;YACpC,YAAY,EAAE,MAAM,CAAC,MAAM,CAAC,YAAY;YACxC,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,QAAQ;YAChC,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,MAAM;SAC7B,CAAC,CAAC;QAEH,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,oCAAoC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QACvE,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,gBAAgB,CAAC,OAAe,EAAE,OAA0B;QAChE,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,MAAM;aAChC,IAAI,CAAC,QAAQ,CAAC;aACd,MAAM,CAAC;YACN,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,aAAa,EAAE,OAAO,CAAC,aAAa;YACpC,aAAa,EAAE,OAAO,CAAC,aAAa;YACpC,aAAa,EAAE,OAAO,CAAC,aAAa;YACpC,eAAe,EAAE,OAAO,CAAC,eAAe;YACxC,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;YAC1C,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,WAAW,EAAE,OAAO,CAAC,WAAW;SACjC,CAAC;aACD,EAAE,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAErB,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,iCAAiC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QACpE,CAAC;IACH,CAAC;CACF"}

package/dist/trust/posture.d.ts

@@ -0,0 +1,24 @@
+import type { AgentEvent } from '../events/schema.js';
+export interface AgentTrustProfile {
+    trust_score: number;
+    trust_grade: 'unverified' | 'low' | 'medium' | 'high' | 'verified';
+    total_events: number;
+    allowed_ratio: number;
+    flagged_ratio: number;
+    blocked_ratio: number;
+    human_approvals: number;
+    human_rejections: number;
+    first_seen: string | null;
+    last_active: string | null;
+}
+/**
+ * Computes a trust score (0–100) and profile from an agent's event history.
+ *
+ * Scoring model:
+ * - Behavioral history  40pts: (allowed / total) * 40
+ * - Longevity           20pts: min(days_active / 90, 1) * 20
+ * - Human oversight     25pts: (approvals / (approvals + rejections + 1)) * 25
+ * - Policy compliance   15pts: (1 - blocked_ratio - flagged_ratio * 0.5) * 15
+ */
+export declare function computeTrustScore(events: AgentEvent[]): AgentTrustProfile;
+//# sourceMappingURL=posture.d.ts.map

package/dist/trust/posture.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"posture.d.ts","sourceRoot":"","sources":["../../src/trust/posture.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAEtD,MAAM,WAAW,iBAAiB;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,YAAY,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IACnE,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,eAAe,EAAE,MAAM,CAAC;IACxB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;CAC5B;AAUD;;;;;;;;GAQG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,UAAU,EAAE,GAAG,iBAAiB,CA8DzE"}