@predicatesystems/authority 0.3.3 → 0.4.0

package/README.md

@@ -5,8 +5,7 @@
 [![License](https://img.shields.io/badge/License-MIT%2FApache--2.0-blue.svg)](LICENSE)
 [![npm](https://img.shields.io/npm/v/@predicatesystems/authority.svg)](https://www.npmjs.com/package/@predicatesystems/authority)
 
-`@predicatesystems/authority` is the TypeScript SDK companion to the Python
-`predicate-authorityd` sidecar from [predicate-authority (Python)](https://github.com/PredicateSystems/predicate-authority). It keeps authority
+`@predicatesystems/authority` is the TypeScript SDK for Predicate Authority. It keeps authority
 decisions in the sidecar and gives Node/TS runtimes a thin, typed client for
 fail-closed pre-execution checks.
 
@@ -33,26 +32,71 @@ This TS repository currently focuses on:
 Out of scope for this package:
 
 - re-implementing policy engine or mandate logic in TypeScript,
-- replacing Python sidecar/control-plane authority logic.
+- replacing sidecar/control-plane authority logic.
 
-## Known Python Parity Baseline
+## Installation
 
-This package targets compatibility with the current Python authority baseline in
-[predicate-authority (Python)](https://github.com/PredicateSystems/predicate-authority):
+```bash
+npm install @predicatesystems/authority
+```
 
-- sidecar authorize route: `POST /v1/authorize` (`/authorize` compat alias),
-- mandate/token baseline: ES256-default signing + standard JWT claim envelope,
-- revocation baseline: explicit cascade semantics and global kill-switch runtime behavior,
-- control-plane baseline: long-poll policy/revocation sync (runtime baseline),
-- control-plane write hardening: replay freshness headers/signature support on Python client paths.
+### Sidecar Prerequisite
 
-The TS SDK should preserve compatibility with these runtime behaviors before
-adding TS-specific extensions.
+This SDK requires the **Predicate Authority Sidecar** daemon to be running. The sidecar is a lightweight Rust binary that handles policy evaluation and mandate signing.
 
-## Installation
+| Resource | Link |
+|----------|------|
+| Sidecar Repository | [predicate-authority-sidecar](https://github.com/PredicateSystems/predicate-authority-sidecar) |
+| Download Binaries | [Latest Releases](https://github.com/PredicateSystems/predicate-authority-sidecar/releases) |
+| License | MIT / Apache 2.0 |
+
+### Quick Sidecar Setup
 
 ```bash
-npm install @predicatesystems/authority
+# Download the latest release for your platform
+# Linux x64, macOS x64/ARM64, Windows x64 available
+
+# Extract and run
+tar -xzf predicate-authorityd-*.tar.gz
+chmod +x predicate-authorityd
+
+# Start with a policy file (local mode)
+./predicate-authorityd run --port 8787 --mode local_only --policy-file policy.json
+```
+
+### Cloud-connected sidecar (control-plane sync)
+
+Connect the sidecar to Predicate Authority control-plane for policy sync, revocation push, and audit forwarding:
+
+```bash
+export PREDICATE_API_KEY="your-api-key"
+
+./predicate-authorityd run \
+  --host 127.0.0.1 \
+  --port 8787 \
+  --mode cloud_connected \
+  --control-plane-url https://api.predicatesystems.dev \
+  --tenant-id your-tenant \
+  --project-id your-project \
+  --predicate-api-key $PREDICATE_API_KEY \
+  --sync-enabled
+```
+
+### Local IdP mode (development/air-gapped)
+
+For development or air-gapped environments without external IdP:
+
+```bash
+export LOCAL_IDP_SIGNING_KEY="replace-with-strong-secret"
+
+./predicate-authorityd run \
+  --host 127.0.0.1 \
+  --port 8787 \
+  --mode local_only \
+  --policy-file policy.json \
+  --identity-mode local-idp \
+  --local-idp-issuer "http://localhost/predicate-local-idp" \
+  --local-idp-audience "api://predicate-authority"
 ```
 
 ## Quick Start

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@predicatesystems/authority",
-  "version": "0.3.3",
+  "version": "0.4.0",
   "description": "TypeScript authority SDK for Predicate Systems sidecar integration.",
   "license": "(MIT OR Apache-2.0)",
   "type": "module",