@primust/artifact-core 1.0.0 → 1.3.0

package/dist/reversibility_taxonomy.js

@@ -0,0 +1,208 @@
+// Reversibility taxonomy for outbound-action records.
+//
+// TypeScript sibling of
+// `packages/primust-checks/src/primust_checks/reversibility_taxonomy.py`.
+// Both implementations stamp the same `TAXONOMY_VERSION` so a credential
+// classified by either side is comparable.
+//
+// Implements the system-default classification referenced by
+// `docs/v30/foundation/OUTBOUND_ACTION_EVIDENCE_SPEC_v0_1.md` §1.2 and §2.5
+// and `AGENT_MANIFEST_SPEC_v0_1.md` §3.3 (`reversibility_overrides`).
+//
+// SI-1: this module emits only enum / count / hash / typed-reference values.
+// The taxonomy itself is content-free.
+export const TAXONOMY_VERSION = '1.0.0';
+export const REVERSIBILITY_CLASSES = [
+    'reversible',
+    'append_only',
+    'external_side_effect',
+    'irreversible',
+    'unknown',
+];
+// Type guard for safe parsing of customer-supplied override strings.
+export function isReversibilityClass(v) {
+    return typeof v === 'string' && REVERSIBILITY_CLASSES.includes(v);
+}
+// Operation-specific defaults, keyed by `${kind}::${operation}`.
+//
+// Operation strings follow the spec's per-adapter convention; see the
+// Python sibling for the full convention table.
+const DEFAULTS = {
+    // ───────── AWS API ─────────
+    'aws_api::GetObject': 'reversible',
+    'aws_api::ListObjects': 'reversible',
+    'aws_api::ListObjectsV2': 'reversible',
+    'aws_api::HeadObject': 'reversible',
+    'aws_api::ListBuckets': 'reversible',
+    'aws_api::DescribeInstances': 'reversible',
+    'aws_api::DescribeDBInstances': 'reversible',
+    'aws_api::GetItem': 'reversible',
+    'aws_api::Query': 'reversible',
+    'aws_api::Scan': 'reversible',
+    'aws_api::PutObject': 'append_only',
+    'aws_api::PutItem': 'append_only',
+    'aws_api::CreateBucket': 'append_only',
+    'aws_api::CreateTable': 'append_only',
+    'aws_api::RunInstances': 'append_only',
+    'aws_api::CreateDBInstance': 'append_only',
+    'aws_api::SendEmail': 'external_side_effect',
+    'aws_api::Publish': 'external_side_effect',
+    'aws_api::SendMessage': 'external_side_effect',
+    'aws_api::Invoke': 'external_side_effect',
+    'aws_api::RebootInstances': 'external_side_effect',
+    'aws_api::StopInstances': 'external_side_effect',
+    'aws_api::StartInstances': 'external_side_effect',
+    'aws_api::DeleteObject': 'irreversible',
+    'aws_api::DeleteObjects': 'irreversible',
+    'aws_api::DeleteBucket': 'irreversible',
+    'aws_api::DeleteTable': 'irreversible',
+    'aws_api::DeleteItem': 'irreversible',
+    'aws_api::TerminateInstances': 'irreversible',
+    'aws_api::DeleteDBInstance': 'irreversible',
+    // ───────── Stripe API (per spec §2.5) ─────────
+    'stripe_api::charges.list': 'reversible',
+    'stripe_api::charges.retrieve': 'reversible',
+    'stripe_api::customers.list': 'reversible',
+    'stripe_api::customers.retrieve': 'reversible',
+    'stripe_api::balance.retrieve': 'reversible',
+    'stripe_api::charges.create': 'irreversible',
+    'stripe_api::payment_intents.confirm': 'irreversible',
+    'stripe_api::charges.refund': 'append_only',
+    'stripe_api::customers.create': 'append_only',
+    'stripe_api::subscriptions.create': 'append_only',
+    'stripe_api::invoices.create': 'append_only',
+    'stripe_api::customers.update': 'external_side_effect',
+    'stripe_api::subscriptions.update': 'external_side_effect',
+    'stripe_api::webhooks.create': 'external_side_effect',
+    'stripe_api::customers.delete': 'irreversible',
+    'stripe_api::subscriptions.delete': 'irreversible',
+    // ───────── GitHub API ─────────
+    'github_api::GET /repos/{owner}/{repo}': 'reversible',
+    'github_api::GET /repos/{owner}/{repo}/issues': 'reversible',
+    'github_api::GET /repos/{owner}/{repo}/pulls': 'reversible',
+    'github_api::GET /repos/{owner}/{repo}/contents/{path}': 'reversible',
+    'github_api::POST /repos/{owner}/{repo}/issues': 'append_only',
+    'github_api::POST /repos/{owner}/{repo}/pulls': 'append_only',
+    'github_api::POST /repos/{owner}/{repo}/issues/{number}/comments': 'append_only',
+    'github_api::POST /repos/{owner}/{repo}/pulls/{number}/reviews': 'append_only',
+    'github_api::POST /repos/{owner}/{repo}/pulls/{number}/merge': 'external_side_effect',
+    'github_api::PATCH /repos/{owner}/{repo}/issues/{number}': 'reversible',
+    'github_api::PATCH /repos/{owner}/{repo}/pulls/{number}': 'reversible',
+    'github_api::PUT /repos/{owner}/{repo}/contents/{path}': 'append_only',
+    'github_api::DELETE /repos/{owner}/{repo}/contents/{path}': 'irreversible',
+    'github_api::DELETE /repos/{owner}/{repo}': 'irreversible',
+    'github_api::DELETE /repos/{owner}/{repo}/branches/{branch}': 'reversible',
+    // ───────── Salesforce REST ─────────
+    'salesforce_rest::GET /sobjects/Account/{id}': 'reversible',
+    'salesforce_rest::GET /sobjects/Task/{id}': 'reversible',
+    'salesforce_rest::GET /query': 'reversible',
+    'salesforce_rest::POST /sobjects/Task': 'append_only',
+    'salesforce_rest::POST /sobjects/Account': 'append_only',
+    'salesforce_rest::POST /sobjects/Lead': 'append_only',
+    'salesforce_rest::POST /sobjects/Contact': 'append_only',
+    'salesforce_rest::POST /sobjects/Opportunity': 'append_only',
+    'salesforce_rest::POST /sobjects/Case': 'append_only',
+    'salesforce_rest::PATCH /sobjects/Account/{id}': 'reversible',
+    'salesforce_rest::PATCH /sobjects/Task/{id}': 'reversible',
+    'salesforce_rest::DELETE /sobjects/Account/{id}': 'irreversible',
+    'salesforce_rest::DELETE /sobjects/Task/{id}': 'irreversible',
+    // ───────── Slack ─────────
+    'slack::conversations.history': 'reversible',
+    'slack::conversations.list': 'reversible',
+    'slack::users.list': 'reversible',
+    'slack::chat.postMessage': 'external_side_effect',
+    'slack::chat.postEphemeral': 'external_side_effect',
+    'slack::chat.update': 'external_side_effect',
+    'slack::files.upload': 'append_only',
+    'slack::conversations.invite': 'external_side_effect',
+    'slack::conversations.kick': 'external_side_effect',
+    'slack::conversations.create': 'append_only',
+    'slack::conversations.archive': 'reversible',
+    'slack::chat.delete': 'irreversible',
+    // ───────── Kubernetes ─────────
+    'k8s::GET /api/v1/namespaces': 'reversible',
+    'k8s::GET /api/v1/namespaces/{ns}/pods': 'reversible',
+    'k8s::GET /apis/apps/v1/namespaces/{ns}/deployments': 'reversible',
+    'k8s::POST /apis/apps/v1/namespaces/{ns}/deployments': 'append_only',
+    'k8s::POST /api/v1/namespaces/{ns}/configmaps': 'append_only',
+    'k8s::POST /api/v1/namespaces/{ns}/secrets': 'append_only',
+    'k8s::PATCH /apis/apps/v1/namespaces/{ns}/deployments/{name}': 'reversible',
+    'k8s::PATCH /api/v1/namespaces/{ns}/configmaps/{name}': 'reversible',
+    'k8s::DELETE /api/v1/namespaces/{ns}/pods/{name}': 'reversible',
+    'k8s::DELETE /apis/apps/v1/namespaces/{ns}/deployments/{name}': 'irreversible',
+    'k8s::DELETE /api/v1/namespaces/{ns}': 'irreversible',
+    'k8s::DELETE /api/v1/namespaces/{ns}/secrets/{name}': 'irreversible',
+    // ───────── Postgres / Snowflake ─────────
+    'postgres::SELECT': 'reversible',
+    'postgres::INSERT': 'append_only',
+    'postgres::UPDATE': 'external_side_effect',
+    'postgres::DELETE': 'irreversible',
+    'postgres::DROP TABLE': 'irreversible',
+    'postgres::TRUNCATE': 'irreversible',
+    'snowflake::SELECT': 'reversible',
+    'snowflake::INSERT': 'append_only',
+    'snowflake::UPDATE': 'external_side_effect',
+    'snowflake::DELETE': 'irreversible',
+    'snowflake::DROP TABLE': 'irreversible',
+    // ───────── Vector stores (per spec §1.2) ─────────
+    'pinecone::upsert': 'append_only',
+    'pinecone::delete': 'irreversible',
+    'pinecone::query': 'reversible',
+    'pinecone::fetch': 'reversible',
+    'vector_store::upsert': 'append_only',
+    'vector_store::query': 'reversible',
+    'vector_store::delete': 'irreversible',
+};
+// Per-kind fallback when the exact (kind, op) isn't in DEFAULTS.
+const KIND_DEFAULTS = {
+    mcp_tool: 'unknown',
+    sdk_tool: 'unknown',
+    cli_subprocess: 'unknown',
+    anthropic_messages: 'append_only',
+    openai_chat: 'append_only',
+    bedrock_invoke: 'append_only',
+    calibrated_profile: 'append_only',
+    approval_gate: 'external_side_effect',
+    cli_prompt: 'external_side_effect',
+    dashboard_escalation: 'external_side_effect',
+    subagent_spawn: 'append_only',
+    mcp_sampling: 'append_only',
+    cross_org_delegation: 'append_only',
+    governance_config_surface: 'external_side_effect',
+    filesystem: 'unknown',
+    generic_http: 'unknown',
+};
+/**
+ * Classify an outbound action by `(target_system_kind, operation)`.
+ *
+ * Lookup order:
+ *   1. Customer override for the exact (kind, op) pair.
+ *   2. System default for the exact (kind, op) pair.
+ *   3. Per-kind fallback.
+ *   4. `'unknown'`.
+ */
+export function classify(target_system_kind, operation, options = {}) {
+    const key = `${target_system_kind}::${operation}`;
+    const override = options.overrides?.[key];
+    if (override !== undefined && isReversibilityClass(override)) {
+        return override;
+    }
+    const exact = DEFAULTS[key];
+    if (exact !== undefined) {
+        return exact;
+    }
+    return KIND_DEFAULTS[target_system_kind] ?? 'unknown';
+}
+/**
+ * True if this kind has real (non-`'unknown'`) classifications in the
+ * system defaults. Used by the Phase 1 acceptance gate.
+ */
+export function isWedgeSurfaceCovered(target_system_kind) {
+    const prefix = `${target_system_kind}::`;
+    for (const [k, v] of Object.entries(DEFAULTS)) {
+        if (k.startsWith(prefix) && v !== 'unknown')
+            return true;
+    }
+    return false;
+}
+//# sourceMappingURL=reversibility_taxonomy.js.map

package/dist/reversibility_taxonomy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"reversibility_taxonomy.js","sourceRoot":"","sources":["../src/reversibility_taxonomy.ts"],"names":[],"mappings":"AAAA,sDAAsD;AACtD,EAAE;AACF,wBAAwB;AACxB,0EAA0E;AAC1E,yEAAyE;AACzE,2CAA2C;AAC3C,EAAE;AACF,6DAA6D;AAC7D,4EAA4E;AAC5E,sEAAsE;AACtE,EAAE;AACF,6EAA6E;AAC7E,uCAAuC;AAEvC,MAAM,CAAC,MAAM,gBAAgB,GAAG,OAAgB,CAAC;AAEjD,MAAM,CAAC,MAAM,qBAAqB,GAAG;IACnC,YAAY;IACZ,aAAa;IACb,sBAAsB;IACtB,cAAc;IACd,SAAS;CACD,CAAC;AAIX,qEAAqE;AACrE,MAAM,UAAU,oBAAoB,CAAC,CAAU;IAC7C,OAAO,OAAO,CAAC,KAAK,QAAQ,IAAK,qBAA2C,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;AAC3F,CAAC;AAED,iEAAiE;AACjE,EAAE;AACF,sEAAsE;AACtE,gDAAgD;AAChD,MAAM,QAAQ,GAAuC;IACnD,8BAA8B;IAC9B,oBAAoB,EAAE,YAAY;IAClC,sBAAsB,EAAE,YAAY;IACpC,wBAAwB,EAAE,YAAY;IACtC,qBAAqB,EAAE,YAAY;IACnC,sBAAsB,EAAE,YAAY;IACpC,4BAA4B,EAAE,YAAY;IAC1C,8BAA8B,EAAE,YAAY;IAC5C,kBAAkB,EAAE,YAAY;IAChC,gBAAgB,EAAE,YAAY;IAC9B,eAAe,EAAE,YAAY;IAC7B,oBAAoB,EAAE,aAAa;IACnC,kBAAkB,EAAE,aAAa;IACjC,uBAAuB,EAAE,aAAa;IACtC,sBAAsB,EAAE,aAAa;IACrC,uBAAuB,EAAE,aAAa;IACtC,2BAA2B,EAAE,aAAa;IAC1C,oBAAoB,EAAE,sBAAsB;IAC5C,kBAAkB,EAAE,sBAAsB;IAC1C,sBAAsB,EAAE,sBAAsB;IAC9C,iBAAiB,EAAE,sBAAsB;IACzC,0BAA0B,EAAE,sBAAsB;IAClD,wBAAwB,EAAE,sBAAsB;IAChD,yBAAyB,EAAE,sBAAsB;IACjD,uBAAuB,EAAE,cAAc;IACvC,wBAAwB,EAAE,cAAc;IACxC,uBAAuB,EAAE,cAAc;IACvC,sBAAsB,EAAE,cAAc;IACtC,qBAAqB,EAAE,cAAc;IACrC,6BAA6B,EAAE,cAAc;IAC7C,2BAA2B,EAAE,cAAc;IAE3C,iDAAiD;IACjD,0BAA0B,EAAE,YAAY;IACxC,8BAA8B,EAAE,YAAY;IAC5C,4BAA4B,EAAE,YAAY;IAC1C,gCAAgC,EAAE,YAAY;IAC9C,8BAA8B,EAAE,YAAY;IAC5C,4BAA4B,EAAE,cAAc;IAC5C,qCAAqC,EAAE,cAAc;IACrD,4BAA4B,EAAE,aAAa;IAC3C,8BAA8B,EAAE,aAAa;IAC7C,kCAAkC,EAAE,aAAa;IACjD,6BAA6B,EAAE,aAAa;IAC5C,8BAA8B,EAAE,sBAAsB;IACtD,kCAAkC,EAAE,sBAAsB;IAC1D,6BAA6B,EAAE,sBAAsB;IACrD,8BAA8B,EAAE,cAAc;IAC9C,kCAAkC,EAAE,cAAc;IAElD,iCAAiC;IACjC,uCAAuC,EAAE,YAAY;IACrD,8CAA8C,EAAE,YAAY;IAC5D,6CAA6C,EAAE,YAAY;IAC3D,uDAAuD,EAAE,YAAY;IACrE,+CAA+C,EAAE,aAAa;IAC9D,8CAA8C,EAAE,aAAa;IAC7D,iEAAiE,EAAE,aAAa;IAChF,+DAA+D,EAAE,aAAa;IAC9E,6DAA6D,EAAE,sBAAsB;IACrF,yDAAyD,EAAE,YAAY;IACvE,wDAAwD,EAAE,YAAY;IACtE,uDAAuD,EAAE,aAAa;IACtE,0DAA0D,EAAE,cAAc;IAC1E,0CAA0C,EAAE,cAAc;IAC1D,4DAA4D,EAAE,YAAY;IAE1E,sCAAsC;IACtC,6CAA6C,EAAE,YAAY;IAC3D,0CAA0C,EAAE,YAAY;IACxD,6BAA6B,EAAE,YAAY;IAC3C,sCAAsC,EAAE,aAAa;IACrD,yCAAyC,EAAE,aAAa;IACxD,sCAAsC,EAAE,aAAa;IACrD,yCAAyC,EAAE,aAAa;IACxD,6CAA6C,EAAE,aAAa;IAC5D,sCAAsC,EAAE,aAAa;IACrD,+CAA+C,EAAE,YAAY;IAC7D,4CAA4C,EAAE,YAAY;IAC1D,gDAAgD,EAAE,cAAc;IAChE,6CAA6C,EAAE,cAAc;IAE7D,4BAA4B;IAC5B,8BAA8B,EAAE,YAAY;IAC5C,2BAA2B,EAAE,YAAY;IACzC,mBAAmB,EAAE,YAAY;IACjC,yBAAyB,EAAE,sBAAsB;IACjD,2BAA2B,EAAE,sBAAsB;IACnD,oBAAoB,EAAE,sBAAsB;IAC5C,qBAAqB,EAAE,aAAa;IACpC,6BAA6B,EAAE,sBAAsB;IACrD,2BAA2B,EAAE,sBAAsB;IACnD,6BAA6B,EAAE,aAAa;IAC5C,8BAA8B,EAAE,YAAY;IAC5C,oBAAoB,EAAE,cAAc;IAEpC,iCAAiC;IACjC,6BAA6B,EAAE,YAAY;IAC3C,uCAAuC,EAAE,YAAY;IACrD,oDAAoD,EAAE,YAAY;IAClE,qDAAqD,EAAE,aAAa;IACpE,8CAA8C,EAAE,aAAa;IAC7D,2CAA2C,EAAE,aAAa;IAC1D,6DAA6D,EAAE,YAAY;IAC3E,sDAAsD,EAAE,YAAY;IACpE,iDAAiD,EAAE,YAAY;IAC/D,8DAA8D,EAAE,cAAc;IAC9E,qCAAqC,EAAE,cAAc;IACrD,oDAAoD,EAAE,cAAc;IAEpE,2CAA2C;IAC3C,kBAAkB,EAAE,YAAY;IAChC,kBAAkB,EAAE,aAAa;IACjC,kBAAkB,EAAE,sBAAsB;IAC1C,kBAAkB,EAAE,cAAc;IAClC,sBAAsB,EAAE,cAAc;IACtC,oBAAoB,EAAE,cAAc;IACpC,mBAAmB,EAAE,YAAY;IACjC,mBAAmB,EAAE,aAAa;IAClC,mBAAmB,EAAE,sBAAsB;IAC3C,mBAAmB,EAAE,cAAc;IACnC,uBAAuB,EAAE,cAAc;IAEvC,oDAAoD;IACpD,kBAAkB,EAAE,aAAa;IACjC,kBAAkB,EAAE,cAAc;IAClC,iBAAiB,EAAE,YAAY;IAC/B,iBAAiB,EAAE,YAAY;IAC/B,sBAAsB,EAAE,aAAa;IACrC,qBAAqB,EAAE,YAAY;IACnC,sBAAsB,EAAE,cAAc;CACvC,CAAC;AAEF,iEAAiE;AACjE,MAAM,aAAa,GAAuC;IACxD,QAAQ,EAAE,SAAS;IACnB,QAAQ,EAAE,SAAS;IACnB,cAAc,EAAE,SAAS;IACzB,kBAAkB,EAAE,aAAa;IACjC,WAAW,EAAE,aAAa;IAC1B,cAAc,EAAE,aAAa;IAC7B,kBAAkB,EAAE,aAAa;IACjC,aAAa,EAAE,sBAAsB;IACrC,UAAU,EAAE,sBAAsB;IAClC,oBAAoB,EAAE,sBAAsB;IAC5C,cAAc,EAAE,aAAa;IAC7B,YAAY,EAAE,aAAa;IAC3B,oBAAoB,EAAE,aAAa;IACnC,yBAAyB,EAAE,sBAAsB;IACjD,UAAU,EAAE,SAAS;IACrB,YAAY,EAAE,SAAS;CACxB,CAAC;AASF;;;;;;;;GAQG;AACH,MAAM,UAAU,QAAQ,CACtB,kBAA0B,EAC1B,SAAiB,EACjB,UAA2B,EAAE;IAE7B,MAAM,GAAG,GAAG,GAAG,kBAAkB,KAAK,SAAS,EAAE,CAAC;IAElD,MAAM,QAAQ,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC,GAAG,CAAC,CAAC;IAC1C,IAAI,QAAQ,KAAK,SAAS,IAAI,oBAAoB,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC7D,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,MAAM,KAAK,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC;IAC5B,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QACxB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,aAAa,CAAC,kBAAkB,CAAC,IAAI,SAAS,CAAC;AACxD,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CAAC,kBAA0B;IAC9D,MAAM,MAAM,GAAG,GAAG,kBAAkB,IAAI,CAAC;IACzC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC9C,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,SAAS;YAAE,OAAO,IAAI,CAAC;IAC3D,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/reversibility_taxonomy.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=reversibility_taxonomy.test.d.ts.map

package/dist/reversibility_taxonomy.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"reversibility_taxonomy.test.d.ts","sourceRoot":"","sources":["../src/reversibility_taxonomy.test.ts"],"names":[],"mappings":""}

package/dist/reversibility_taxonomy.test.js

@@ -0,0 +1,146 @@
+import { describe, it, expect } from 'vitest';
+import { TAXONOMY_VERSION, REVERSIBILITY_CLASSES, isReversibilityClass, classify, isWedgeSurfaceCovered, } from './reversibility_taxonomy.js';
+describe('reversibility_taxonomy', () => {
+    describe('Phase 1 acceptance gate: wedge surfaces', () => {
+        const wedge = ['salesforce_rest', 'slack', 'github_api', 'stripe_api', 'k8s', 'aws_api'];
+        for (const kind of wedge) {
+            it(`${kind} has real (non-unknown) classifications`, () => {
+                expect(isWedgeSurfaceCovered(kind)).toBe(true);
+            });
+        }
+    });
+    describe('per-spec examples (§2.5)', () => {
+        it('stripe charges.create → irreversible', () => {
+            expect(classify('stripe_api', 'charges.create')).toBe('irreversible');
+        });
+        it('stripe customers.update → external_side_effect', () => {
+            expect(classify('stripe_api', 'customers.update')).toBe('external_side_effect');
+        });
+        it('stripe charges.list → reversible', () => {
+            expect(classify('stripe_api', 'charges.list')).toBe('reversible');
+        });
+        it('governance_config_surface default → external_side_effect', () => {
+            expect(classify('governance_config_surface', 'edit_settings_json')).toBe('external_side_effect');
+        });
+        it('vector_store upsert → append_only', () => {
+            expect(classify('vector_store', 'upsert')).toBe('append_only');
+        });
+    });
+    describe('AWS', () => {
+        it('GetObject → reversible', () => {
+            expect(classify('aws_api', 'GetObject')).toBe('reversible');
+        });
+        it('DeleteBucket → irreversible', () => {
+            expect(classify('aws_api', 'DeleteBucket')).toBe('irreversible');
+        });
+        it('PutObject → append_only', () => {
+            expect(classify('aws_api', 'PutObject')).toBe('append_only');
+        });
+        it('SendEmail → external_side_effect', () => {
+            expect(classify('aws_api', 'SendEmail')).toBe('external_side_effect');
+        });
+    });
+    describe('Salesforce', () => {
+        it('POST /sobjects/Task → append_only', () => {
+            expect(classify('salesforce_rest', 'POST /sobjects/Task')).toBe('append_only');
+        });
+        it('PATCH /sobjects/Account/{id} → reversible (field audit trail)', () => {
+            expect(classify('salesforce_rest', 'PATCH /sobjects/Account/{id}')).toBe('reversible');
+        });
+        it('DELETE /sobjects/Account/{id} → irreversible', () => {
+            expect(classify('salesforce_rest', 'DELETE /sobjects/Account/{id}')).toBe('irreversible');
+        });
+    });
+    describe('Slack', () => {
+        it('chat.postMessage → external_side_effect', () => {
+            expect(classify('slack', 'chat.postMessage')).toBe('external_side_effect');
+        });
+        it('conversations.history → reversible', () => {
+            expect(classify('slack', 'conversations.history')).toBe('reversible');
+        });
+        it('chat.delete → irreversible', () => {
+            expect(classify('slack', 'chat.delete')).toBe('irreversible');
+        });
+    });
+    describe('Kubernetes', () => {
+        it('DELETE pod → reversible (controller recreates)', () => {
+            expect(classify('k8s', 'DELETE /api/v1/namespaces/{ns}/pods/{name}')).toBe('reversible');
+        });
+        it('DELETE deployment → irreversible', () => {
+            expect(classify('k8s', 'DELETE /apis/apps/v1/namespaces/{ns}/deployments/{name}')).toBe('irreversible');
+        });
+        it('DELETE namespace → irreversible', () => {
+            expect(classify('k8s', 'DELETE /api/v1/namespaces/{ns}')).toBe('irreversible');
+        });
+    });
+    describe('Postgres', () => {
+        it('SELECT → reversible', () => {
+            expect(classify('postgres', 'SELECT')).toBe('reversible');
+        });
+        it('UPDATE → external_side_effect', () => {
+            expect(classify('postgres', 'UPDATE')).toBe('external_side_effect');
+        });
+        it('DELETE → irreversible', () => {
+            expect(classify('postgres', 'DELETE')).toBe('irreversible');
+        });
+        it('DROP TABLE → irreversible', () => {
+            expect(classify('postgres', 'DROP TABLE')).toBe('irreversible');
+        });
+    });
+    describe('model surfaces', () => {
+        it('anthropic_messages → append_only default', () => {
+            expect(classify('anthropic_messages', 'POST /v1/messages')).toBe('append_only');
+        });
+        it('openai_chat → append_only default', () => {
+            expect(classify('openai_chat', 'POST /v1/chat/completions')).toBe('append_only');
+        });
+    });
+    describe('fallback behavior', () => {
+        it('unknown kind → unknown', () => {
+            expect(classify('not_a_real_kind', 'op')).toBe('unknown');
+        });
+        it('unmapped op on mcp_tool → unknown (kind default)', () => {
+            expect(classify('mcp_tool', 'some_tool_call')).toBe('unknown');
+        });
+        it('unmapped op on aws → unknown', () => {
+            expect(classify('aws_api', 'SomeFutureAction')).toBe('unknown');
+        });
+        it('human-facing default → external_side_effect', () => {
+            expect(classify('approval_gate', 'request')).toBe('external_side_effect');
+        });
+    });
+    describe('customer overrides', () => {
+        it('override beats system default', () => {
+            expect(classify('stripe_api', 'charges.create', {
+                overrides: { 'stripe_api::charges.create': 'reversible' },
+            })).toBe('reversible');
+        });
+        it('invalid override falls back to system default', () => {
+            expect(classify('stripe_api', 'charges.create', {
+                overrides: { 'stripe_api::charges.create': 'not_a_valid_class' },
+            })).toBe('irreversible');
+        });
+        it('override works for unmapped kind', () => {
+            expect(classify('custom_internal_api', 'credit_account', {
+                overrides: { 'custom_internal_api::credit_account': 'irreversible' },
+            })).toBe('irreversible');
+        });
+    });
+    describe('versioning + SI-1 shape', () => {
+        it('TAXONOMY_VERSION is semver', () => {
+            expect(TAXONOMY_VERSION).toMatch(/^\d+\.\d+\.\d+$/);
+        });
+        it('all class values use safe alphabet', () => {
+            for (const cls of REVERSIBILITY_CLASSES) {
+                expect(cls.replace(/_/g, '')).toMatch(/^[a-z]+$/);
+            }
+        });
+        it('isReversibilityClass type guard works', () => {
+            expect(isReversibilityClass('reversible')).toBe(true);
+            expect(isReversibilityClass('garbage')).toBe(false);
+            expect(isReversibilityClass(null)).toBe(false);
+            expect(isReversibilityClass(42)).toBe(false);
+        });
+    });
+});
+//# sourceMappingURL=reversibility_taxonomy.test.js.map

package/dist/reversibility_taxonomy.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"reversibility_taxonomy.test.js","sourceRoot":"","sources":["../src/reversibility_taxonomy.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EACL,gBAAgB,EAChB,qBAAqB,EACrB,oBAAoB,EACpB,QAAQ,EACR,qBAAqB,GACtB,MAAM,6BAA6B,CAAC;AAErC,QAAQ,CAAC,wBAAwB,EAAE,GAAG,EAAE;IACtC,QAAQ,CAAC,yCAAyC,EAAE,GAAG,EAAE;QACvD,MAAM,KAAK,GAAG,CAAC,iBAAiB,EAAE,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC;QACzF,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,EAAE,CAAC,GAAG,IAAI,yCAAyC,EAAE,GAAG,EAAE;gBACxD,MAAM,CAAC,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACjD,CAAC,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,0BAA0B,EAAE,GAAG,EAAE;QACxC,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;YAC9C,MAAM,CAAC,QAAQ,CAAC,YAAY,EAAE,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QACxE,CAAC,CAAC,CAAC;QACH,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;YACxD,MAAM,CAAC,QAAQ,CAAC,YAAY,EAAE,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QAClF,CAAC,CAAC,CAAC;QACH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;YAC1C,MAAM,CAAC,QAAQ,CAAC,YAAY,EAAE,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACpE,CAAC,CAAC,CAAC;QACH,EAAE,CAAC,0DAA0D,EAAE,GAAG,EAAE;YAClE,MAAM,CAAC,QAAQ,CAAC,2BAA2B,EAAE,oBAAoB,CAAC,CAAC,CAAC,IAAI,CACtE,sBAAsB,CACvB,CAAC;QACJ,CAAC,CAAC,CAAC;QACH,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;YAC3C,MAAM,CAAC,QAAQ,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QACjE,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,KAAK,EAAE,GAAG,EAAE;QACnB,EAAE,CAAC,wBAAwB,EAAE,GAAG,EAAE;YAChC,MAAM,CAAC,QAAQ,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC9D,CAAC,CAAC,CAAC;QACH,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;YACrC,MAAM,CAAC,QAAQ,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QACnE,CAAC,CAAC,CAAC;QACH,EAAE,CAAC,yBAAyB,EAAE,GAAG,EAAE;YACjC,MAAM,CAAC,QAAQ,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAC/D,CAAC,CAAC,CAAC;QACH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;YAC1C,MAAM,CAAC,QAAQ,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QACxE,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,YAAY,EAAE,GAAG,EAAE;QAC1B,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;YAC3C,MAAM,CAAC,QAAQ,CAAC,iBAAiB,EAAE,qBAAqB,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QACjF,CAAC,CAAC,CAAC;QACH,EAAE,CAAC,+DAA+D,EAAE,GAAG,EAAE;YACvE,MAAM,CAAC,QAAQ,CAAC,iBAAiB,EAAE,8BAA8B,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACzF,CAAC,CAAC,CAAC;QACH,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;YACtD,MAAM,CAAC,QAAQ,CAAC,iBAAiB,EAAE,+BAA+B,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAC5F,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,OAAO,EAAE,GAAG,EAAE;QACrB,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;YACjD,MAAM,CAAC,QAAQ,CAAC,OAAO,EAAE,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QAC7E,CAAC,CAAC,CAAC;QACH,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;YAC5C,MAAM,CAAC,QAAQ,CAAC,OAAO,EAAE,uBAAuB,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACxE,CAAC,CAAC,CAAC;QACH,EAAE,CAAC,4BAA4B,EAAE,GAAG,EAAE;YACpC,MAAM,CAAC,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAChE,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,YAAY,EAAE,GAAG,EAAE;QAC1B,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;YACxD,MAAM,CAAC,QAAQ,CAAC,KAAK,EAAE,4CAA4C,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC3F,CAAC,CAAC,CAAC;QACH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;YAC1C,MAAM,CACJ,QAAQ,CAAC,KAAK,EAAE,yDAAyD,CAAC,CAC3E,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QACzB,CAAC,CAAC,CAAC;QACH,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;YACzC,MAAM,CAAC,QAAQ,CAAC,KAAK,EAAE,gCAAgC,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QACjF,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,UAAU,EAAE,GAAG,EAAE;QACxB,EAAE,CAAC,qBAAqB,EAAE,GAAG,EAAE;YAC7B,MAAM,CAAC,QAAQ,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC5D,CAAC,CAAC,CAAC;QACH,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;YACvC,MAAM,CAAC,QAAQ,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QACtE,CAAC,CAAC,CAAC;QACH,EAAE,CAAC,uBAAuB,EAAE,GAAG,EAAE;YAC/B,MAAM,CAAC,QAAQ,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,CAAC;QACH,EAAE,CAAC,2BAA2B,EAAE,GAAG,EAAE;YACnC,MAAM,CAAC,QAAQ,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAClE,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;QAC9B,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;YAClD,MAAM,CAAC,QAAQ,CAAC,oBAAoB,EAAE,mBAAmB,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAClF,CAAC,CAAC,CAAC;QACH,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;YAC3C,MAAM,CAAC,QAAQ,CAAC,aAAa,EAAE,2BAA2B,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QACnF,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;QACjC,EAAE,CAAC,wBAAwB,EAAE,GAAG,EAAE;YAChC,MAAM,CAAC,QAAQ,CAAC,iBAAiB,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC5D,CAAC,CAAC,CAAC;QACH,EAAE,CAAC,kDAAkD,EAAE,GAAG,EAAE;YAC1D,MAAM,CAAC,QAAQ,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACjE,CAAC,CAAC,CAAC;QACH,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;YACtC,MAAM,CAAC,QAAQ,CAAC,SAAS,EAAE,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAClE,CAAC,CAAC,CAAC;QACH,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;YACrD,MAAM,CAAC,QAAQ,CAAC,eAAe,EAAE,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QAC5E,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;QAClC,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;YACvC,MAAM,CACJ,QAAQ,CAAC,YAAY,EAAE,gBAAgB,EAAE;gBACvC,SAAS,EAAE,EAAE,4BAA4B,EAAE,YAAY,EAAE;aAC1D,CAAC,CACH,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACvB,CAAC,CAAC,CAAC;QACH,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;YACvD,MAAM,CACJ,QAAQ,CAAC,YAAY,EAAE,gBAAgB,EAAE;gBACvC,SAAS,EAAE,EAAE,4BAA4B,EAAE,mBAAmB,EAAE;aACjE,CAAC,CACH,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QACzB,CAAC,CAAC,CAAC;QACH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;YAC1C,MAAM,CACJ,QAAQ,CAAC,qBAAqB,EAAE,gBAAgB,EAAE;gBAChD,SAAS,EAAE,EAAE,qCAAqC,EAAE,cAAc,EAAE;aACrE,CAAC,CACH,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QACzB,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,yBAAyB,EAAE,GAAG,EAAE;QACvC,EAAE,CAAC,4BAA4B,EAAE,GAAG,EAAE;YACpC,MAAM,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;QACtD,CAAC,CAAC,CAAC;QACH,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;YAC5C,KAAK,MAAM,GAAG,IAAI,qBAAqB,EAAE,CAAC;gBACxC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;YACpD,CAAC;QACH,CAAC,CAAC,CAAC;QACH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;YAC/C,MAAM,CAAC,oBAAoB,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtD,MAAM,CAAC,oBAAoB,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACpD,MAAM,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC/C,MAAM,CAAC,oBAAoB,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC/C,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/signing.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"signing.d.ts","sourceRoot":"","sources":["../src/signing.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAMH,OAAO,KAAK,EAAE,YAAY,EAAE,iBAAiB,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAa9E,6CAA6C;AAC7C,iBAAS,WAAW,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAM9C;AAED,gCAAgC;AAChC,iBAAS,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,UAAU,CASjD;AAED;;;;GAIG;AACH,wBAAgB,eAAe,CAC7B,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,MAAM,EACb,UAAU,EAAE,UAAU,GACrB;IAAE,YAAY,EAAE,YAAY,CAAC;IAAC,UAAU,EAAE,UAAU,CAAA;CAAE,CAsBxD;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,IAAI,CAClB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACjC,UAAU,EAAE,UAAU,EACtB,YAAY,EAAE,YAAY,GACzB;IAAE,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAAC,iBAAiB,EAAE,iBAAiB,CAAA;CAAE,CAkB7E;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,MAAM,CACpB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACjC,iBAAiB,EAAE,iBAAiB,EACpC,eAAe,EAAE,MAAM,GACtB,OAAO,CAWT;AAED;;;;;;;;;GASG;AACH,wBAAgB,SAAS,CAAC,cAAc,EAAE,YAAY,GAAG;IACvD,aAAa,EAAE,YAAY,CAAC;IAC5B,SAAS,EAAE,YAAY,CAAC;IACxB,aAAa,EAAE,UAAU,CAAC;CAC3B,CAyBA;AAGD,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,CAAC"}
+{"version":3,"file":"signing.d.ts","sourceRoot":"","sources":["../src/signing.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAMH,OAAO,KAAK,EAAE,YAAY,EAAE,iBAAiB,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAa9E,6CAA6C;AAC7C,iBAAS,WAAW,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAM9C;AAED,gCAAgC;AAChC,iBAAS,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,UAAU,CASjD;AAED;;;;GAIG;AACH,wBAAgB,eAAe,CAC7B,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,MAAM,EACb,UAAU,EAAE,UAAU,GACrB;IAAE,YAAY,EAAE,YAAY,CAAC;IAAC,UAAU,EAAE,UAAU,CAAA;CAAE,CAsBxD;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,IAAI,CAClB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACjC,UAAU,EAAE,UAAU,EACtB,YAAY,EAAE,YAAY,GACzB;IAAE,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAAC,iBAAiB,EAAE,iBAAiB,CAAA;CAAE,CAkB7E;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,MAAM,CACpB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACjC,iBAAiB,EAAE,iBAAiB,EACpC,eAAe,EAAE,MAAM,GACtB,OAAO,CAmCT;AAED;;;;;;;;;GASG;AACH,wBAAgB,SAAS,CAAC,cAAc,EAAE,YAAY,GAAG;IACvD,aAAa,EAAE,YAAY,CAAC;IAC5B,SAAS,EAAE,YAAY,CAAC;IACxB,aAAa,EAAE,UAAU,CAAC;CAC3B,CAyBA;AAGD,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,CAAC"}

package/dist/signing.js

@@ -19,7 +19,7 @@
 import * as ed from '@noble/ed25519';
 import { sha512 } from '@noble/hashes/sha512';
 import { sha256 } from '@noble/hashes/sha256';
-import { canonical } from './canonical.js';
+import { canonical, canonicalLegacy } from './canonical.js';
 // Configure ed25519 to use sha512
 ed.etc.sha512Sync = (...m) => sha512(ed.etc.concatBytes(...m));
 /** Generate a cryptographically random hex string */
@@ -117,16 +117,40 @@ export function sign(document, privateKey, signerRecord) {
  * @returns true if the cryptographic signature is valid
  */
 export function verify(document, signatureEnvelope, publicKeyB64Url) {
+    let signatureBytes;
+    let publicKeyBytes;
     try {
-        const canonicalStr = canonical(document);
-        const hashBytes = sha256(new TextEncoder().encode(canonicalStr));
-        const signatureBytes = fromBase64Url(signatureEnvelope.signature);
-        const publicKeyBytes = fromBase64Url(publicKeyB64Url);
-        return ed.verify(signatureBytes, hashBytes, publicKeyBytes);
+        signatureBytes = fromBase64Url(signatureEnvelope.signature);
+        publicKeyBytes = fromBase64Url(publicKeyB64Url);
     }
     catch {
         return false;
     }
+    // Try the spec-compliant (ECMA-262) canonical form first; fall back
+    // to the legacy Python form that signed VPECs before 2026-04-19.
+    // Stored signatures are against whichever form was current at
+    // sign-time — new code must still be able to verify legacy VPECs
+    // until every customer rolls forward.
+    // The legacy form has subtle ambiguity (number formatting, key order)
+    // that a malicious prover could exploit; only accept it for signatures
+    // claimed to have been produced before the canonical-form cutover.
+    const LEGACY_CUTOFF = '2026-04-19';
+    const signedAt = signatureEnvelope.signed_at ?? '';
+    const legacyAllowed = signedAt !== '' && signedAt.slice(0, 10) < LEGACY_CUTOFF;
+    const candidates = legacyAllowed ? [canonical, canonicalLegacy] : [canonical];
+    for (const canonFn of candidates) {
+        try {
+            const canonicalStr = canonFn(document);
+            const hashBytes = sha256(new TextEncoder().encode(canonicalStr));
+            if (ed.verify(signatureBytes, hashBytes, publicKeyBytes)) {
+                return true;
+            }
+        }
+        catch {
+            // try next form
+        }
+    }
+    return false;
 }
 /**
  * Rotate a key: create a new kid under the same signer_id.

package/dist/signing.js.map

@@ -1 +1 @@
-{"version":3,"file":"signing.js","sourceRoot":"","sources":["../src/signing.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,KAAK,EAAE,MAAM,gBAAgB,CAAC;AACrC,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAG3C,kCAAkC;AAClC,EAAE,CAAC,GAAG,CAAC,UAAU,GAAG,CAAC,GAAG,CAAe,EAAE,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;AAE7E,qDAAqD;AACrD,SAAS,SAAS,CAAC,KAAa;IAC9B,MAAM,GAAG,GAAG,EAAE,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IACxD,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC;SACnB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;SAC3C,IAAI,CAAC,EAAE,CAAC,CAAC;AACd,CAAC;AAED,6CAA6C;AAC7C,SAAS,WAAW,CAAC,KAAiB;IACpC,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,IAAI,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;IACtC,CAAC;IACD,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AACjF,CAAC;AAED,gCAAgC;AAChC,SAAS,aAAa,CAAC,MAAc;IACnC,MAAM,GAAG,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACzD,MAAM,MAAM,GAAG,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5D,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;IAC5B,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC5C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,KAAK,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAClC,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,eAAe,CAC7B,QAAgB,EAChB,KAAa,EACb,UAAsB;IAEtB,MAAM,UAAU,GAAG,EAAE,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC;IAC/C,MAAM,SAAS,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;IAC9C,MAAM,GAAG,GAAG,OAAO,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC;IAClC,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAErC,MAAM,YAAY,GAAiB;QACjC,SAAS,EAAE,QAAQ;QACnB,GAAG;QACH,iBAAiB,EAAE,WAAW,CAAC,SAAS,CAAC;QACzC,SAAS,EAAE,SAAS;QACpB,MAAM,EAAE,QAAQ;QAChB,iBAAiB,EAAE,IAAI;QACvB,UAAU,EAAE,IAAI;QAChB,iBAAiB,EAAE,IAAI;QACvB,YAAY,EAAE,GAAG;QACjB,cAAc,EAAE,IAAI;QACpB,MAAM,EAAE,KAAK;QACb,WAAW,EAAE,UAAU;KACxB,CAAC;IAEF,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,CAAC;AACtC,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,IAAI,CAClB,QAAiC,EACjC,UAAsB,EACtB,YAA0B;IAE1B,IAAI,YAAY,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CAAC,oBAAoB,YAAY,CAAC,MAAM,cAAc,YAAY,CAAC,GAAG,GAAG,CAAC,CAAC;IAC5F,CAAC;IAED,MAAM,YAAY,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;IACzC,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC;IACjE,MAAM,cAAc,GAAG,EAAE,CAAC,IAAI,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;IAEtD,MAAM,iBAAiB,GAAsB;QAC3C,SAAS,EAAE,YAAY,CAAC,SAAS;QACjC,GAAG,EAAE,YAAY,CAAC,GAAG;QACrB,SAAS,EAAE,SAAS;QACpB,SAAS,EAAE,WAAW,CAAC,cAAc,CAAC;QACtC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;IAEF,OAAO,EAAE,QAAQ,EAAE,iBAAiB,EAAE,CAAC;AACzC,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,MAAM,CACpB,QAAiC,EACjC,iBAAoC,EACpC,eAAuB;IAEvB,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;QACzC,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC;QACjE,MAAM,cAAc,GAAG,aAAa,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC;QAClE,MAAM,cAAc,GAAG,aAAa,CAAC,eAAe,CAAC,CAAC;QAEtD,OAAO,EAAE,CAAC,MAAM,CAAC,cAAc,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;IAC9D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,SAAS,CAAC,cAA4B;IAKpD,IAAI,cAAc,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;QACvC,MAAM,IAAI,KAAK,CACb,iBAAiB,cAAc,CAAC,MAAM,cAAc,cAAc,CAAC,GAAG,qCAAqC,CAC5G,CAAC;IACJ,CAAC;IAED,iDAAiD;IACjD,MAAM,EAAE,YAAY,EAAE,SAAS,EAAE,UAAU,EAAE,aAAa,EAAE,GAAG,eAAe,CAC5E,cAAc,CAAC,SAAS,EACxB,cAAc,CAAC,MAAM,EACrB,cAAc,CAAC,WAAW,CAC3B,CAAC;IAEF,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAErC,mCAAmC;IACnC,MAAM,aAAa,GAAiB;QAClC,GAAG,cAAc;QACjB,MAAM,EAAE,SAAS;QACjB,iBAAiB,EAAE,SAAS,CAAC,GAAG;QAChC,cAAc,EAAE,GAAG;KACpB,CAAC;IAEF,OAAO,EAAE,aAAa,EAAE,SAAS,EAAE,aAAa,EAAE,CAAC;AACrD,CAAC;AAED,uCAAuC;AACvC,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,CAAC"}
+{"version":3,"file":"signing.js","sourceRoot":"","sources":["../src/signing.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,KAAK,EAAE,MAAM,gBAAgB,CAAC;AACrC,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAG5D,kCAAkC;AAClC,EAAE,CAAC,GAAG,CAAC,UAAU,GAAG,CAAC,GAAG,CAAe,EAAE,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;AAE7E,qDAAqD;AACrD,SAAS,SAAS,CAAC,KAAa;IAC9B,MAAM,GAAG,GAAG,EAAE,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IACxD,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC;SACnB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;SAC3C,IAAI,CAAC,EAAE,CAAC,CAAC;AACd,CAAC;AAED,6CAA6C;AAC7C,SAAS,WAAW,CAAC,KAAiB;IACpC,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,IAAI,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;IACtC,CAAC;IACD,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AACjF,CAAC;AAED,gCAAgC;AAChC,SAAS,aAAa,CAAC,MAAc;IACnC,MAAM,GAAG,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACzD,MAAM,MAAM,GAAG,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5D,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;IAC5B,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC5C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,KAAK,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAClC,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,eAAe,CAC7B,QAAgB,EAChB,KAAa,EACb,UAAsB;IAEtB,MAAM,UAAU,GAAG,EAAE,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC;IAC/C,MAAM,SAAS,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;IAC9C,MAAM,GAAG,GAAG,OAAO,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC;IAClC,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAErC,MAAM,YAAY,GAAiB;QACjC,SAAS,EAAE,QAAQ;QACnB,GAAG;QACH,iBAAiB,EAAE,WAAW,CAAC,SAAS,CAAC;QACzC,SAAS,EAAE,SAAS;QACpB,MAAM,EAAE,QAAQ;QAChB,iBAAiB,EAAE,IAAI;QACvB,UAAU,EAAE,IAAI;QAChB,iBAAiB,EAAE,IAAI;QACvB,YAAY,EAAE,GAAG;QACjB,cAAc,EAAE,IAAI;QACpB,MAAM,EAAE,KAAK;QACb,WAAW,EAAE,UAAU;KACxB,CAAC;IAEF,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,CAAC;AACtC,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,IAAI,CAClB,QAAiC,EACjC,UAAsB,EACtB,YAA0B;IAE1B,IAAI,YAAY,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CAAC,oBAAoB,YAAY,CAAC,MAAM,cAAc,YAAY,CAAC,GAAG,GAAG,CAAC,CAAC;IAC5F,CAAC;IAED,MAAM,YAAY,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;IACzC,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC;IACjE,MAAM,cAAc,GAAG,EAAE,CAAC,IAAI,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;IAEtD,MAAM,iBAAiB,GAAsB;QAC3C,SAAS,EAAE,YAAY,CAAC,SAAS;QACjC,GAAG,EAAE,YAAY,CAAC,GAAG;QACrB,SAAS,EAAE,SAAS;QACpB,SAAS,EAAE,WAAW,CAAC,cAAc,CAAC;QACtC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;IAEF,OAAO,EAAE,QAAQ,EAAE,iBAAiB,EAAE,CAAC;AACzC,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,MAAM,CACpB,QAAiC,EACjC,iBAAoC,EACpC,eAAuB;IAEvB,IAAI,cAA0B,CAAC;IAC/B,IAAI,cAA0B,CAAC;IAC/B,IAAI,CAAC;QACH,cAAc,GAAG,aAAa,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC;QAC5D,cAAc,GAAG,aAAa,CAAC,eAAe,CAAC,CAAC;IAClD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IAED,oEAAoE;IACpE,iEAAiE;IACjE,8DAA8D;IAC9D,iEAAiE;IACjE,sCAAsC;IACtC,sEAAsE;IACtE,uEAAuE;IACvE,mEAAmE;IACnE,MAAM,aAAa,GAAG,YAAY,CAAC;IACnC,MAAM,QAAQ,GAAG,iBAAiB,CAAC,SAAS,IAAI,EAAE,CAAC;IACnD,MAAM,aAAa,GAAG,QAAQ,KAAK,EAAE,IAAI,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,aAAa,CAAC;IAC/E,MAAM,UAAU,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC,SAAS,EAAE,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IAE9E,KAAK,MAAM,OAAO,IAAI,UAAU,EAAE,CAAC;QACjC,IAAI,CAAC;YACH,MAAM,YAAY,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;YACvC,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC;YACjE,IAAI,EAAE,CAAC,MAAM,CAAC,cAAc,EAAE,SAAS,EAAE,cAAc,CAAC,EAAE,CAAC;gBACzD,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,gBAAgB;QAClB,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,SAAS,CAAC,cAA4B;IAKpD,IAAI,cAAc,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;QACvC,MAAM,IAAI,KAAK,CACb,iBAAiB,cAAc,CAAC,MAAM,cAAc,cAAc,CAAC,GAAG,qCAAqC,CAC5G,CAAC;IACJ,CAAC;IAED,iDAAiD;IACjD,MAAM,EAAE,YAAY,EAAE,SAAS,EAAE,UAAU,EAAE,aAAa,EAAE,GAAG,eAAe,CAC5E,cAAc,CAAC,SAAS,EACxB,cAAc,CAAC,MAAM,EACrB,cAAc,CAAC,WAAW,CAC3B,CAAC;IAEF,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAErC,mCAAmC;IACnC,MAAM,aAAa,GAAiB;QAClC,GAAG,cAAc;QACjB,MAAM,EAAE,SAAS;QACjB,iBAAiB,EAAE,SAAS,CAAC,GAAG;QAChC,cAAc,EAAE,GAAG;KACpB,CAAC;IAEF,OAAO,EAAE,aAAa,EAAE,SAAS,EAAE,aAAa,EAAE,CAAC;AACrD,CAAC;AAED,uCAAuC;AACvC,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,CAAC"}

package/dist/trust_edge_mapping.d.ts

@@ -0,0 +1,12 @@
+export declare const MAPPING_VERSION: "1.0.0";
+export declare const TRUST_EDGES: readonly ["A2T", "A2M", "A2H", "A2A", "A2S", "A2D"];
+export type TrustEdge = (typeof TRUST_EDGES)[number];
+/**
+ * Resolve the trust edge for a `(target_system_kind, operation)` pair.
+ * Returns `null` if the kind is not recognized — callers MUST treat
+ * this as a gap (record the kind, do not invent a trust edge).
+ */
+export declare function classify(target_system_kind: string, operation: string): TrustEdge | null;
+/** All target_system_kind values this mapping recognizes. */
+export declare function knownKinds(): ReadonlySet<string>;
+//# sourceMappingURL=trust_edge_mapping.d.ts.map

package/dist/trust_edge_mapping.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"trust_edge_mapping.d.ts","sourceRoot":"","sources":["../src/trust_edge_mapping.ts"],"names":[],"mappings":"AAUA,eAAO,MAAM,eAAe,EAAG,OAAgB,CAAC;AAEhD,eAAO,MAAM,WAAW,qDAAsD,CAAC;AAC/E,MAAM,MAAM,SAAS,GAAG,CAAC,OAAO,WAAW,CAAC,CAAC,MAAM,CAAC,CAAC;AA8DrD;;;;GAIG;AACH,wBAAgB,QAAQ,CACtB,kBAAkB,EAAE,MAAM,EAC1B,SAAS,EAAE,MAAM,GAChB,SAAS,GAAG,IAAI,CAalB;AAED,6DAA6D;AAC7D,wBAAgB,UAAU,IAAI,WAAW,CAAC,MAAM,CAAC,CAEhD"}

package/dist/trust_edge_mapping.js

@@ -0,0 +1,88 @@
+// Trust-edge mapping for outbound-action records.
+//
+// TypeScript sibling of
+// `packages/primust-checks/src/primust_checks/trust_edge_mapping.py`.
+//
+// Maps `(target_system_kind, operation)` to one of the six trust edges
+// defined in `docs/v30/foundation/OUTBOUND_ACTION_EVIDENCE_SPEC_v0_1.md` §1.2.
+//
+// SI-1: this module emits only enum values. The mapping itself is content-free.
+export const MAPPING_VERSION = '1.0.0';
+export const TRUST_EDGES = ['A2T', 'A2M', 'A2H', 'A2A', 'A2S', 'A2D'];
+// Primary mapping. Two kinds (mcp_tool, governance_config_surface) are
+// contextual and resolved in `classify` below.
+const PRIMARY = {
+    // A2T
+    sdk_tool: 'A2T',
+    cli_subprocess: 'A2T',
+    // A2M
+    anthropic_messages: 'A2M',
+    openai_chat: 'A2M',
+    bedrock_invoke: 'A2M',
+    calibrated_profile: 'A2M',
+    // A2H
+    approval_gate: 'A2H',
+    cli_prompt: 'A2H',
+    dashboard_escalation: 'A2H',
+    // A2A
+    subagent_spawn: 'A2A',
+    mcp_sampling: 'A2A',
+    cross_org_delegation: 'A2A',
+    // A2S
+    aws_api: 'A2S',
+    salesforce_rest: 'A2S',
+    stripe_api: 'A2S',
+    github_api: 'A2S',
+    fly_api: 'A2S',
+    servicenow_api: 'A2S',
+    slack: 'A2S',
+    k8s: 'A2S',
+    generic_http: 'A2S',
+    // A2D
+    postgres: 'A2D',
+    snowflake: 'A2D',
+    pinecone: 'A2D',
+    s3: 'A2D',
+    filesystem: 'A2D',
+    vector_store: 'A2D',
+};
+const MCP_DATA_METHODS = [
+    'resources/read',
+    'resources/list',
+    'prompts/get',
+    'prompts/list',
+];
+const HTTP_METHOD_PREFIXES = [
+    'GET ',
+    'POST ',
+    'PUT ',
+    'PATCH ',
+    'DELETE ',
+    'HEAD ',
+    'OPTIONS ',
+];
+/**
+ * Resolve the trust edge for a `(target_system_kind, operation)` pair.
+ * Returns `null` if the kind is not recognized — callers MUST treat
+ * this as a gap (record the kind, do not invent a trust edge).
+ */
+export function classify(target_system_kind, operation) {
+    if (target_system_kind === 'mcp_tool') {
+        if (MCP_DATA_METHODS.some((p) => operation.startsWith(p)))
+            return 'A2D';
+        if (operation.includes('sampling'))
+            return 'A2M';
+        return 'A2T';
+    }
+    if (target_system_kind === 'governance_config_surface') {
+        if (HTTP_METHOD_PREFIXES.some((p) => operation.startsWith(p)))
+            return 'A2S';
+        return 'A2D';
+    }
+    return PRIMARY[target_system_kind] ?? null;
+}
+/** All target_system_kind values this mapping recognizes. */
+export function knownKinds() {
+    return new Set([...Object.keys(PRIMARY), 'mcp_tool', 'governance_config_surface']);
+}
+//# sourceMappingURL=trust_edge_mapping.js.map

package/dist/trust_edge_mapping.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"trust_edge_mapping.js","sourceRoot":"","sources":["../src/trust_edge_mapping.ts"],"names":[],"mappings":"AAAA,kDAAkD;AAClD,EAAE;AACF,wBAAwB;AACxB,sEAAsE;AACtE,EAAE;AACF,uEAAuE;AACvE,+EAA+E;AAC/E,EAAE;AACF,gFAAgF;AAEhF,MAAM,CAAC,MAAM,eAAe,GAAG,OAAgB,CAAC;AAEhD,MAAM,CAAC,MAAM,WAAW,GAAG,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAU,CAAC;AAG/E,uEAAuE;AACvE,+CAA+C;AAC/C,MAAM,OAAO,GAA8B;IACzC,MAAM;IACN,QAAQ,EAAE,KAAK;IACf,cAAc,EAAE,KAAK;IAErB,MAAM;IACN,kBAAkB,EAAE,KAAK;IACzB,WAAW,EAAE,KAAK;IAClB,cAAc,EAAE,KAAK;IACrB,kBAAkB,EAAE,KAAK;IAEzB,MAAM;IACN,aAAa,EAAE,KAAK;IACpB,UAAU,EAAE,KAAK;IACjB,oBAAoB,EAAE,KAAK;IAE3B,MAAM;IACN,cAAc,EAAE,KAAK;IACrB,YAAY,EAAE,KAAK;IACnB,oBAAoB,EAAE,KAAK;IAE3B,MAAM;IACN,OAAO,EAAE,KAAK;IACd,eAAe,EAAE,KAAK;IACtB,UAAU,EAAE,KAAK;IACjB,UAAU,EAAE,KAAK;IACjB,OAAO,EAAE,KAAK;IACd,cAAc,EAAE,KAAK;IACrB,KAAK,EAAE,KAAK;IACZ,GAAG,EAAE,KAAK;IACV,YAAY,EAAE,KAAK;IAEnB,MAAM;IACN,QAAQ,EAAE,KAAK;IACf,SAAS,EAAE,KAAK;IAChB,QAAQ,EAAE,KAAK;IACf,EAAE,EAAE,KAAK;IACT,UAAU,EAAE,KAAK;IACjB,YAAY,EAAE,KAAK;CACpB,CAAC;AAEF,MAAM,gBAAgB,GAAG;IACvB,gBAAgB;IAChB,gBAAgB;IAChB,aAAa;IACb,cAAc;CACN,CAAC;AAEX,MAAM,oBAAoB,GAAG;IAC3B,MAAM;IACN,OAAO;IACP,MAAM;IACN,QAAQ;IACR,SAAS;IACT,OAAO;IACP,UAAU;CACF,CAAC;AAEX;;;;GAIG;AACH,MAAM,UAAU,QAAQ,CACtB,kBAA0B,EAC1B,SAAiB;IAEjB,IAAI,kBAAkB,KAAK,UAAU,EAAE,CAAC;QACtC,IAAI,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;QACxE,IAAI,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC;YAAE,OAAO,KAAK,CAAC;QACjD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,kBAAkB,KAAK,2BAA2B,EAAE,CAAC;QACvD,IAAI,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;QAC5E,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,OAAO,CAAC,kBAAkB,CAAC,IAAI,IAAI,CAAC;AAC7C,CAAC;AAED,6DAA6D;AAC7D,MAAM,UAAU,UAAU;IACxB,OAAO,IAAI,GAAG,CAAC,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,UAAU,EAAE,2BAA2B,CAAC,CAAC,CAAC;AACrF,CAAC"}

package/dist/trust_edge_mapping.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=trust_edge_mapping.test.d.ts.map

package/dist/trust_edge_mapping.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"trust_edge_mapping.test.d.ts","sourceRoot":"","sources":["../src/trust_edge_mapping.test.ts"],"names":[],"mappings":""}