@naylence/advanced-security 0.4.4 → 0.4.5

package/dist/node/index.mjs

@@ -6,7 +6,7 @@ import { Certificate, SubjectAlternativeName, NameConstraints, id_ce_subjectAltN
 import { verify, etc } from '@noble/ed25519';
 import { sha256 as sha256$1, sha512 } from '@noble/hashes/sha2.js';
 import { generateFingerprintSync, localDeliveryContext, createFameEnvelope, generateId, formatAddress, FameAddress, SigningMaterial, DeliveryOriginType as DeliveryOriginType$1 } from '@naylence/core';
-import { sha256 } from '@noble/hashes/sha256';
+import { sha256 } from '@noble/hashes/sha2';
 import { chacha20poly1305 } from '@noble/ciphers/chacha.js';
 import { x25519 } from '@noble/curves/ed25519.js';
 import { hkdf } from '@noble/hashes/hkdf.js';
@@ -16,12 +16,12 @@ import { sha256 as sha256$2 } from '@noble/hashes/sha256.js';
 import { X509Certificate } from '@peculiar/x509';
 
 // This file is auto-generated during build - do not edit manually
-// Generated from package.json version: 0.4.4
+// Generated from package.json version: 0.4.5
 /**
  * The package version, injected at build time.
  * @internal
  */
-const VERSION = '0.4.4';
+const VERSION = '0.4.5';
 
 /**
  * Abstract Syntax Tree (AST) node types for the expression language.
@@ -1946,8 +1946,86 @@ function evaluateAsBoolean(ast, context) {
  * Null handling semantics:
  * - Scope predicate builtins (has_scope, has_any_scope, has_all_scopes)
  *   return `false` when passed `null` for required args.
+ * - Security predicate builtins (is_signed, is_encrypted, is_encrypted_at_least)
+ *   return `false` when the envelope lacks the required security posture.
  * - Wrong non-null types still raise BuiltinError to surface real bugs.
  */
+/**
+ * Valid encryption levels for is_encrypted_at_least comparisons.
+ */
+const VALID_ENCRYPTION_LEVELS = [
+    "plaintext",
+    "channel",
+    "sealed",
+];
+/**
+ * Encryption level ordering for comparison.
+ * Higher number = stronger encryption.
+ */
+const ENCRYPTION_LEVEL_ORDER = {
+    plaintext: 0,
+    channel: 1,
+    sealed: 2,
+};
+/**
+ * Normalizes an encryption algorithm string to an EncryptionLevel.
+ *
+ * Mapping rules:
+ * - null/undefined => "plaintext" (no encryption present)
+ * - alg contains "-channel" => "channel" (e.g., "chacha20-poly1305-channel")
+ * - alg contains "-sealed" => "sealed" (explicit sealed marker)
+ * - alg matches ECDH-ES pattern with AEAD cipher => "sealed" (e.g., "ECDH-ES+A256GCM")
+ * - otherwise => "unknown"
+ *
+ * Currently supported algorithms:
+ * - Channel: "chacha20-poly1305-channel"
+ * - Sealed: "ECDH-ES+A256GCM"
+ *
+ * This helper is centralized to ensure consistent mapping across TS and Python.
+ */
+function normalizeEncryptionLevelFromAlg(alg) {
+    if (alg === null || alg === undefined) {
+        return "plaintext";
+    }
+    const algLower = alg.toLowerCase();
+    // Check for channel encryption (e.g., "chacha20-poly1305-channel")
+    // Must check before other patterns since channel suffix is explicit
+    if (algLower.includes("-channel")) {
+        return "channel";
+    }
+    // Check for explicit sealed marker
+    if (algLower.includes("-sealed")) {
+        return "sealed";
+    }
+    // ECDH-ES key agreement with AEAD cipher => sealed encryption
+    // Pattern: "ECDH-ES+A256GCM", "ECDH-ES+A128GCM", etc.
+    if (algLower.startsWith("ecdh-es") && algLower.includes("+a")) {
+        return "sealed";
+    }
+    return "unknown";
+}
+/**
+ * Creates security bindings from an envelope's sec header.
+ * Exposes only metadata, never raw values like sig.val or enc.val.
+ */
+function createSecurityBindings(sec) {
+    const sigPresent = sec?.sig !== undefined;
+    const encPresent = sec?.enc !== undefined;
+    return {
+        sig: {
+            present: sigPresent,
+            kid: sec?.sig?.kid ?? null,
+        },
+        enc: {
+            present: encPresent,
+            alg: sec?.enc?.alg ?? null,
+            kid: sec?.enc?.kid ?? null,
+            level: encPresent
+                ? normalizeEncryptionLevelFromAlg(sec?.enc?.alg ?? null)
+                : "plaintext",
+        },
+    };
+}
 /**
  * Checks if a value is null.
  */
@@ -1956,9 +2034,21 @@ function isNull(value) {
 }
 /**
  * Creates a function registry with auth helpers installed.
+ *
+ * This registry extends the base builtins with:
+ * - Scope builtins: has_scope, has_any_scope, has_all_scopes
+ * - Security builtins: is_signed, encryption_level, is_encrypted, is_encrypted_at_least
  */
-function createAuthFunctionRegistry(grantedScopes = []) {
-    const scopes = grantedScopes ?? [];
+function createAuthFunctionRegistry(grantedScopesOrOptions = []) {
+    // Handle both old signature (array) and new signature (options object)
+    const options = Array.isArray(grantedScopesOrOptions)
+        ? { grantedScopes: grantedScopesOrOptions }
+        : grantedScopesOrOptions;
+    const scopes = options.grantedScopes ?? [];
+    const secBindings = options.securityBindings ?? {
+        sig: { present: false},
+        enc: { level: "plaintext" },
+    };
     /**
      * Checks if any granted scope matches a pattern (using glob syntax).
      */
@@ -2014,11 +2104,85 @@ function createAuthFunctionRegistry(grantedScopes = []) {
         }
         return values.every((scope) => matchesScope(scope));
     };
+    // ============================================================
+    // Security posture builtins
+    // ============================================================
+    /**
+     * is_signed() -> bool
+     *
+     * Returns true if the envelope has a signature present.
+     * No arguments required.
+     */
+    const is_signed = (args) => {
+        assertArgCount(args, 0, "is_signed");
+        return secBindings.sig.present;
+    };
+    /**
+     * encryption_level() -> string
+     *
+     * Returns the normalized encryption level: "plaintext" | "channel" | "sealed" | "unknown"
+     * No arguments required.
+     */
+    const encryption_level = (args) => {
+        assertArgCount(args, 0, "encryption_level");
+        return secBindings.enc.level;
+    };
+    /**
+     * is_encrypted() -> bool
+     *
+     * Returns true if the encryption level is not "plaintext".
+     * This means the envelope has some form of encryption (channel, sealed, or unknown).
+     * No arguments required.
+     */
+    const is_encrypted = (args) => {
+        assertArgCount(args, 0, "is_encrypted");
+        return secBindings.enc.level !== "plaintext";
+    };
+    /**
+     * is_encrypted_at_least(level: string) -> bool
+     *
+     * Returns true if the envelope's encryption level meets or exceeds the required level.
+     *
+     * Level ordering: plaintext < channel < sealed
+     *
+     * Special handling:
+     * - "unknown" encryption level does NOT satisfy "channel" or "sealed" (conservative)
+     * - "plaintext" is always satisfied (any envelope meets at least plaintext)
+     * - null argument => false (predicate-style)
+     * - invalid level string => BuiltinError
+     */
+    const is_encrypted_at_least = (args) => {
+        assertArgCount(args, 1, "is_encrypted_at_least");
+        const requiredLevel = getArg(args, 0, "is_encrypted_at_least");
+        // Null-tolerant: return false if level is null
+        if (!assertStringOrNull(requiredLevel, "level", "is_encrypted_at_least")) {
+            return false;
+        }
+        // Validate required level
+        if (!VALID_ENCRYPTION_LEVELS.includes(requiredLevel)) {
+            throw new BuiltinError("is_encrypted_at_least", `level must be one of: ${VALID_ENCRYPTION_LEVELS.join(", ")}; got "${requiredLevel}"`);
+        }
+        const currentLevel = secBindings.enc.level;
+        const requiredOrder = ENCRYPTION_LEVEL_ORDER[requiredLevel] ?? 0;
+        const currentOrder = ENCRYPTION_LEVEL_ORDER[currentLevel];
+        // If current level is "unknown", it only satisfies "plaintext"
+        if (currentOrder === undefined) {
+            // "unknown" is treated as NOT meeting channel/sealed requirements
+            return requiredOrder === 0; // Only plaintext is satisfied by unknown
+        }
+        return currentOrder >= requiredOrder;
+    };
     return new Map([
         ...BUILTIN_FUNCTIONS,
+        // Scope builtins
         ["has_scope", has_scope],
         ["has_any_scope", has_any_scope],
         ["has_all_scopes", has_all_scopes],
+        // Security posture builtins
+        ["is_signed", is_signed],
+        ["encryption_level", encryption_level],
+        ["is_encrypted", is_encrypted],
+        ["is_encrypted_at_least", is_encrypted_at_least],
     ]);
 }
 /**
@@ -2161,19 +2325,33 @@ function extractClaims(context) {
 }
 /**
  * Creates a safe envelope subset for expression bindings.
+ *
+ * Exposes:
+ * - id, sid, traceId, corrId, flowId, to
+ * - frame: { type }
+ * - sec: { sig: { present, kid }, enc: { present, alg, kid, level } }
+ *
+ * IMPORTANT: Does NOT expose raw security values (sig.val, enc.val).
  */
 function createEnvelopeBindings(envelope) {
     const frame = envelope.frame;
     const envelopeRecord = envelope;
+    const sec = envelopeRecord.sec;
+    const securityBindings = createSecurityBindings(sec);
     return {
-        id: envelope.id ?? null,
-        traceId: envelopeRecord.traceId ?? null,
-        corrId: envelopeRecord.corrId ?? null,
-        flowId: envelopeRecord.flowId ?? null,
-        to: extractAddress(envelope) ?? null,
-        frame: frame
-            ? { type: frame.type ?? null }
-            : { type: null },
+        bindings: {
+            id: envelope.id ?? null,
+            sid: envelopeRecord.sid ?? null,
+            traceId: envelopeRecord.traceId ?? null,
+            corrId: envelopeRecord.corrId ?? null,
+            flowId: envelopeRecord.flowId ?? null,
+            to: extractAddress(envelope) ?? null,
+            frame: frame
+                ? { type: frame.type ?? null }
+                : { type: null },
+            sec: securityBindings,
+        },
+        securityBindings,
     };
 }
 /**
@@ -2327,11 +2505,12 @@ class AdvancedAuthorizationPolicy {
                 continue;
             }
             if (rule.whenAst) {
-                // Lazy initialization of expression bindings
+                // Lazy initialization of expression bindings and security context
                 if (!expressionBindings) {
+                    const envelopeResult = createEnvelopeBindings(envelope);
                     expressionBindings = {
                         claims: extractClaims(context),
-                        envelope: createEnvelopeBindings(envelope),
+                        envelope: envelopeResult.bindings,
                         delivery: createDeliveryBindings(context, resolvedAction),
                         node: createNodeBindings(node),
                         time: {
@@ -2339,9 +2518,13 @@ class AdvancedAuthorizationPolicy {
                             now_iso: new Date().toISOString(),
                         },
                     };
+                    // Create function registry with security bindings for security builtins
+                    functionRegistry = createAuthFunctionRegistry({
+                        grantedScopes,
+                        securityBindings: envelopeResult.securityBindings,
+                    });
                 }
-                const functions = functionRegistry ?? createAuthFunctionRegistry(grantedScopes);
-                functionRegistry = functions;
+                const functions = functionRegistry;
                 const evalContext = {
                     bindings: expressionBindings,
                     limits: this.expressionLimits,
@@ -12662,4 +12845,4 @@ var plugin = /*#__PURE__*/Object.freeze({
     registerAdvancedSecurityPluginFactories: registerAdvancedSecurityPluginFactories
 });
 
-export { FACTORY_META$e as ADVANCED_AUTHORIZATION_POLICY_FACTORY_META, FACTORY_META$9 as ADVANCED_EDDSA_ENVELOPE_SIGNER_FACTORY_META, FACTORY_META$8 as ADVANCED_EDDSA_ENVELOPE_VERIFIER_FACTORY_META, FACTORY_META$4 as ADVANCED_WELCOME_FACTORY_META, AFTHelper, AFTLoadBalancerStickinessManager, AFTLoadBalancerStickinessManagerFactory, AFTReplicaStickinessManager, AFTReplicaStickinessManagerFactory, FACTORY_META$6 as AFT_LOAD_BALANCER_FACTORY_META, FACTORY_META$5 as AFT_REPLICA_FACTORY_META, AdvancedAuthorizationPolicy, AdvancedAuthorizationPolicyFactory, AdvancedEdDSAEnvelopeSignerFactory, AdvancedEdDSAEnvelopeVerifierFactory, AdvancedWelcomeService, AdvancedWelcomeServiceFactory, BUILTIN_FUNCTIONS, BuiltinError, CAServiceClient, CompositeEncryptionManager, CompositeEncryptionManagerFactory, DEFAULT_EXPRESSION_LIMITS, FACTORY_META$b as DEFAULT_SECURE_CHANNEL_MANAGER_FACTORY_META, DEFAULT_STICKINESS_SECURITY_LEVEL, DefaultSecureChannelManager, DefaultSecureChannelManagerFactory, ENV_VAR_FAME_CA_SERVICE_URL, EdDSAEnvelopeVerifier, EvaluationError, Evaluator, ExpressionError, GRANT_PURPOSE_CA_SIGN, LimitExceededError, NoAFTSigner, ParseError, Parser, SidOnlyAFTVerifier, SignedAFTSigner, SignedOptionalAFTVerifier, StickinessMode, StrictAFTVerifier, Tokenizer, TokenizerError, TypeError, UnsignedAFTSigner, VERSION, X5CKeyManager, X5CKeyManagerFactory, FACTORY_META$7 as X5C_KEY_MANAGER_FACTORY_META, __advancedSecurityPluginLoader, astToString, base64UrlDecode, base64UrlEncode, calculateAstDepth, callBuiltin, index as channelEncryption, checkArrayLength, checkAstDepth, checkAstNodeCount, checkExpressionLength, checkFunctionArgCount, checkGlobPatternLength, checkRegexPatternLength, countAstNodes, createAftHelper, createAftPayload, createAftReplicaStickinessManager, createAftSigner, createAftVerifier, createAuthFunctionRegistry, createEd25519Csr, evaluate, evaluateAsBoolean, extractCertificateInfo, formatCertificateInfo, getTypeName, isBuiltinFunction, normalizeJsValue, normalizeStickinessMode, parse, publicKeyFromX5c, registerAdvancedSecurityFactories, index$1 as sealedEncryption, serializeAftClaims, serializeAftHeader, tokenize, utf8Decode, validateJwkX5cCertificate };
+export { FACTORY_META$e as ADVANCED_AUTHORIZATION_POLICY_FACTORY_META, FACTORY_META$9 as ADVANCED_EDDSA_ENVELOPE_SIGNER_FACTORY_META, FACTORY_META$8 as ADVANCED_EDDSA_ENVELOPE_VERIFIER_FACTORY_META, FACTORY_META$4 as ADVANCED_WELCOME_FACTORY_META, AFTHelper, AFTLoadBalancerStickinessManager, AFTLoadBalancerStickinessManagerFactory, AFTReplicaStickinessManager, AFTReplicaStickinessManagerFactory, FACTORY_META$6 as AFT_LOAD_BALANCER_FACTORY_META, FACTORY_META$5 as AFT_REPLICA_FACTORY_META, AdvancedAuthorizationPolicy, AdvancedAuthorizationPolicyFactory, AdvancedEdDSAEnvelopeSignerFactory, AdvancedEdDSAEnvelopeVerifierFactory, AdvancedWelcomeService, AdvancedWelcomeServiceFactory, BUILTIN_FUNCTIONS, BuiltinError, CAServiceClient, CompositeEncryptionManager, CompositeEncryptionManagerFactory, DEFAULT_EXPRESSION_LIMITS, FACTORY_META$b as DEFAULT_SECURE_CHANNEL_MANAGER_FACTORY_META, DEFAULT_STICKINESS_SECURITY_LEVEL, DefaultSecureChannelManager, DefaultSecureChannelManagerFactory, ENV_VAR_FAME_CA_SERVICE_URL, EdDSAEnvelopeVerifier, EvaluationError, Evaluator, ExpressionError, GRANT_PURPOSE_CA_SIGN, LimitExceededError, NoAFTSigner, ParseError, Parser, SidOnlyAFTVerifier, SignedAFTSigner, SignedOptionalAFTVerifier, StickinessMode, StrictAFTVerifier, Tokenizer, TokenizerError, TypeError, UnsignedAFTSigner, VERSION, X5CKeyManager, X5CKeyManagerFactory, FACTORY_META$7 as X5C_KEY_MANAGER_FACTORY_META, __advancedSecurityPluginLoader, astToString, base64UrlDecode, base64UrlEncode, calculateAstDepth, callBuiltin, index as channelEncryption, checkArrayLength, checkAstDepth, checkAstNodeCount, checkExpressionLength, checkFunctionArgCount, checkGlobPatternLength, checkRegexPatternLength, countAstNodes, createAftHelper, createAftPayload, createAftReplicaStickinessManager, createAftSigner, createAftVerifier, createAuthFunctionRegistry, createEd25519Csr, createSecurityBindings, evaluate, evaluateAsBoolean, extractCertificateInfo, formatCertificateInfo, getTypeName, isBuiltinFunction, normalizeEncryptionLevelFromAlg, normalizeJsValue, normalizeStickinessMode, parse, publicKeyFromX5c, registerAdvancedSecurityFactories, index$1 as sealedEncryption, serializeAftClaims, serializeAftHeader, tokenize, utf8Decode, validateJwkX5cCertificate };

package/dist/node/node.cjs

@@ -2,7 +2,7 @@
 
 var factory = require('@naylence/factory');
 var runtime = require('@naylence/runtime');
-var sha256 = require('@noble/hashes/sha256');
+var sha2 = require('@noble/hashes/sha2');
 var core = require('@naylence/core');
 var asn1Schema = require('@peculiar/asn1-schema');
 var asn1X509 = require('@peculiar/asn1-x509');
@@ -575,12 +575,12 @@ async function registerAdvancedSecurityFactories(registrar = factory.Registry, o
 }
 
 // This file is auto-generated during build - do not edit manually
-// Generated from package.json version: 0.4.4
+// Generated from package.json version: 0.4.5
 /**
  * The package version, injected at build time.
  * @internal
  */
-const VERSION = '0.4.4';
+const VERSION = '0.4.5';
 
 async function registerAdvancedSecurityPluginFactories(registrar = factory.Registry) {
     await registerAdvancedSecurityFactories(registrar, { includeExtras: true });
@@ -1985,7 +1985,7 @@ const secure_hash = (args) => {
     }
     // Use generateFingerprintSync from @naylence/core
     // This provides SHA-256 hashing, base62 encoding, and profanity filtering
-    return core.generateFingerprintSync(input_str, length, sha256.sha256);
+    return core.generateFingerprintSync(input_str, length, sha2.sha256);
 };
 // ============================================================
 // Pattern Helpers (BSL-only)
@@ -2559,8 +2559,86 @@ function evaluateAsBoolean(ast, context) {
  * Null handling semantics:
  * - Scope predicate builtins (has_scope, has_any_scope, has_all_scopes)
  *   return `false` when passed `null` for required args.
+ * - Security predicate builtins (is_signed, is_encrypted, is_encrypted_at_least)
+ *   return `false` when the envelope lacks the required security posture.
  * - Wrong non-null types still raise BuiltinError to surface real bugs.
  */
+/**
+ * Valid encryption levels for is_encrypted_at_least comparisons.
+ */
+const VALID_ENCRYPTION_LEVELS = [
+    "plaintext",
+    "channel",
+    "sealed",
+];
+/**
+ * Encryption level ordering for comparison.
+ * Higher number = stronger encryption.
+ */
+const ENCRYPTION_LEVEL_ORDER = {
+    plaintext: 0,
+    channel: 1,
+    sealed: 2,
+};
+/**
+ * Normalizes an encryption algorithm string to an EncryptionLevel.
+ *
+ * Mapping rules:
+ * - null/undefined => "plaintext" (no encryption present)
+ * - alg contains "-channel" => "channel" (e.g., "chacha20-poly1305-channel")
+ * - alg contains "-sealed" => "sealed" (explicit sealed marker)
+ * - alg matches ECDH-ES pattern with AEAD cipher => "sealed" (e.g., "ECDH-ES+A256GCM")
+ * - otherwise => "unknown"
+ *
+ * Currently supported algorithms:
+ * - Channel: "chacha20-poly1305-channel"
+ * - Sealed: "ECDH-ES+A256GCM"
+ *
+ * This helper is centralized to ensure consistent mapping across TS and Python.
+ */
+function normalizeEncryptionLevelFromAlg(alg) {
+    if (alg === null || alg === undefined) {
+        return "plaintext";
+    }
+    const algLower = alg.toLowerCase();
+    // Check for channel encryption (e.g., "chacha20-poly1305-channel")
+    // Must check before other patterns since channel suffix is explicit
+    if (algLower.includes("-channel")) {
+        return "channel";
+    }
+    // Check for explicit sealed marker
+    if (algLower.includes("-sealed")) {
+        return "sealed";
+    }
+    // ECDH-ES key agreement with AEAD cipher => sealed encryption
+    // Pattern: "ECDH-ES+A256GCM", "ECDH-ES+A128GCM", etc.
+    if (algLower.startsWith("ecdh-es") && algLower.includes("+a")) {
+        return "sealed";
+    }
+    return "unknown";
+}
+/**
+ * Creates security bindings from an envelope's sec header.
+ * Exposes only metadata, never raw values like sig.val or enc.val.
+ */
+function createSecurityBindings(sec) {
+    const sigPresent = sec?.sig !== undefined;
+    const encPresent = sec?.enc !== undefined;
+    return {
+        sig: {
+            present: sigPresent,
+            kid: sec?.sig?.kid ?? null,
+        },
+        enc: {
+            present: encPresent,
+            alg: sec?.enc?.alg ?? null,
+            kid: sec?.enc?.kid ?? null,
+            level: encPresent
+                ? normalizeEncryptionLevelFromAlg(sec?.enc?.alg ?? null)
+                : "plaintext",
+        },
+    };
+}
 /**
  * Checks if a value is null.
  */
@@ -2569,9 +2647,21 @@ function isNull(value) {
 }
 /**
  * Creates a function registry with auth helpers installed.
+ *
+ * This registry extends the base builtins with:
+ * - Scope builtins: has_scope, has_any_scope, has_all_scopes
+ * - Security builtins: is_signed, encryption_level, is_encrypted, is_encrypted_at_least
  */
-function createAuthFunctionRegistry(grantedScopes = []) {
-    const scopes = grantedScopes ?? [];
+function createAuthFunctionRegistry(grantedScopesOrOptions = []) {
+    // Handle both old signature (array) and new signature (options object)
+    const options = Array.isArray(grantedScopesOrOptions)
+        ? { grantedScopes: grantedScopesOrOptions }
+        : grantedScopesOrOptions;
+    const scopes = options.grantedScopes ?? [];
+    const secBindings = options.securityBindings ?? {
+        sig: { present: false, kid: null },
+        enc: { present: false, alg: null, kid: null, level: "plaintext" },
+    };
     /**
      * Checks if any granted scope matches a pattern (using glob syntax).
      */
@@ -2627,11 +2717,85 @@ function createAuthFunctionRegistry(grantedScopes = []) {
         }
         return values.every((scope) => matchesScope(scope));
     };
+    // ============================================================
+    // Security posture builtins
+    // ============================================================
+    /**
+     * is_signed() -> bool
+     *
+     * Returns true if the envelope has a signature present.
+     * No arguments required.
+     */
+    const is_signed = (args) => {
+        assertArgCount(args, 0, "is_signed");
+        return secBindings.sig.present;
+    };
+    /**
+     * encryption_level() -> string
+     *
+     * Returns the normalized encryption level: "plaintext" | "channel" | "sealed" | "unknown"
+     * No arguments required.
+     */
+    const encryption_level = (args) => {
+        assertArgCount(args, 0, "encryption_level");
+        return secBindings.enc.level;
+    };
+    /**
+     * is_encrypted() -> bool
+     *
+     * Returns true if the encryption level is not "plaintext".
+     * This means the envelope has some form of encryption (channel, sealed, or unknown).
+     * No arguments required.
+     */
+    const is_encrypted = (args) => {
+        assertArgCount(args, 0, "is_encrypted");
+        return secBindings.enc.level !== "plaintext";
+    };
+    /**
+     * is_encrypted_at_least(level: string) -> bool
+     *
+     * Returns true if the envelope's encryption level meets or exceeds the required level.
+     *
+     * Level ordering: plaintext < channel < sealed
+     *
+     * Special handling:
+     * - "unknown" encryption level does NOT satisfy "channel" or "sealed" (conservative)
+     * - "plaintext" is always satisfied (any envelope meets at least plaintext)
+     * - null argument => false (predicate-style)
+     * - invalid level string => BuiltinError
+     */
+    const is_encrypted_at_least = (args) => {
+        assertArgCount(args, 1, "is_encrypted_at_least");
+        const requiredLevel = getArg(args, 0, "is_encrypted_at_least");
+        // Null-tolerant: return false if level is null
+        if (!assertStringOrNull(requiredLevel, "level", "is_encrypted_at_least")) {
+            return false;
+        }
+        // Validate required level
+        if (!VALID_ENCRYPTION_LEVELS.includes(requiredLevel)) {
+            throw new BuiltinError("is_encrypted_at_least", `level must be one of: ${VALID_ENCRYPTION_LEVELS.join(", ")}; got "${requiredLevel}"`);
+        }
+        const currentLevel = secBindings.enc.level;
+        const requiredOrder = ENCRYPTION_LEVEL_ORDER[requiredLevel] ?? 0;
+        const currentOrder = ENCRYPTION_LEVEL_ORDER[currentLevel];
+        // If current level is "unknown", it only satisfies "plaintext"
+        if (currentOrder === undefined) {
+            // "unknown" is treated as NOT meeting channel/sealed requirements
+            return requiredOrder === 0; // Only plaintext is satisfied by unknown
+        }
+        return currentOrder >= requiredOrder;
+    };
     return new Map([
         ...BUILTIN_FUNCTIONS,
+        // Scope builtins
         ["has_scope", has_scope],
         ["has_any_scope", has_any_scope],
         ["has_all_scopes", has_all_scopes],
+        // Security posture builtins
+        ["is_signed", is_signed],
+        ["encryption_level", encryption_level],
+        ["is_encrypted", is_encrypted],
+        ["is_encrypted_at_least", is_encrypted_at_least],
     ]);
 }
 /**
@@ -2774,19 +2938,33 @@ function extractClaims(context) {
 }
 /**
  * Creates a safe envelope subset for expression bindings.
+ *
+ * Exposes:
+ * - id, sid, traceId, corrId, flowId, to
+ * - frame: { type }
+ * - sec: { sig: { present, kid }, enc: { present, alg, kid, level } }
+ *
+ * IMPORTANT: Does NOT expose raw security values (sig.val, enc.val).
  */
 function createEnvelopeBindings(envelope) {
     const frame = envelope.frame;
     const envelopeRecord = envelope;
+    const sec = envelopeRecord.sec;
+    const securityBindings = createSecurityBindings(sec);
     return {
-        id: envelope.id ?? null,
-        traceId: envelopeRecord.traceId ?? null,
-        corrId: envelopeRecord.corrId ?? null,
-        flowId: envelopeRecord.flowId ?? null,
-        to: extractAddress(envelope) ?? null,
-        frame: frame
-            ? { type: frame.type ?? null }
-            : { type: null },
+        bindings: {
+            id: envelope.id ?? null,
+            sid: envelopeRecord.sid ?? null,
+            traceId: envelopeRecord.traceId ?? null,
+            corrId: envelopeRecord.corrId ?? null,
+            flowId: envelopeRecord.flowId ?? null,
+            to: extractAddress(envelope) ?? null,
+            frame: frame
+                ? { type: frame.type ?? null }
+                : { type: null },
+            sec: securityBindings,
+        },
+        securityBindings,
     };
 }
 /**
@@ -2940,11 +3118,12 @@ class AdvancedAuthorizationPolicy {
                 continue;
             }
             if (rule.whenAst) {
-                // Lazy initialization of expression bindings
+                // Lazy initialization of expression bindings and security context
                 if (!expressionBindings) {
+                    const envelopeResult = createEnvelopeBindings(envelope);
                     expressionBindings = {
                         claims: extractClaims(context),
-                        envelope: createEnvelopeBindings(envelope),
+                        envelope: envelopeResult.bindings,
                         delivery: createDeliveryBindings(context, resolvedAction),
                         node: createNodeBindings(node),
                         time: {
@@ -2952,9 +3131,13 @@ class AdvancedAuthorizationPolicy {
                             now_iso: new Date().toISOString(),
                         },
                     };
+                    // Create function registry with security bindings for security builtins
+                    functionRegistry = createAuthFunctionRegistry({
+                        grantedScopes,
+                        securityBindings: envelopeResult.securityBindings,
+                    });
                 }
-                const functions = functionRegistry ?? createAuthFunctionRegistry(grantedScopes);
-                functionRegistry = functions;
+                const functions = functionRegistry;
                 const evalContext = {
                     bindings: expressionBindings,
                     limits: this.expressionLimits,
@@ -13104,6 +13287,7 @@ exports.createAftVerifier = createAftVerifier;
 exports.createAuthFunctionRegistry = createAuthFunctionRegistry;
 exports.createEd25519Csr = createEd25519Csr;
 exports.createEd25519CsrFromPem = createEd25519CsrFromPem;
+exports.createSecurityBindings = createSecurityBindings;
 exports.createTestCA = createTestCA;
 exports.evaluate = evaluate;
 exports.evaluateAsBoolean = evaluateAsBoolean;
@@ -13116,6 +13300,7 @@ exports.extractSpiffeIdFromCert = extractSpiffeIdFromCert;
 exports.formatCertificateInfo = formatCertificateInfo;
 exports.getTypeName = getTypeName;
 exports.isBuiltinFunction = isBuiltinFunction;
+exports.normalizeEncryptionLevelFromAlg = normalizeEncryptionLevelFromAlg;
 exports.normalizeJsValue = normalizeJsValue;
 exports.normalizeStickinessMode = normalizeStickinessMode;
 exports.parse = parse;