npm - @private.me/xbind - Versions diffs - 1.3.5 → 3.0.0 - Mend

@private.me/xbind 1.3.5 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (306) hide show

package/LICENSES.md +212 -0
package/README.md +388 -6
package/dist-standalone/_deps/mldsa-wasm/dist/mldsa.js +1 -1920
package/dist-standalone/_deps/shared/cjs/errors.js +1 -639
package/dist-standalone/_deps/shared/cjs/index.js +1 -496
package/dist-standalone/_deps/shared/cjs/types.js +1 -317
package/dist-standalone/_deps/shared/errors.js +1 -255
package/dist-standalone/_deps/shared/index.js +1 -74
package/dist-standalone/_deps/shared/types.js +1 -90
package/dist-standalone/_deps/ux-helpers/cjs/errors.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/index.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/pagination.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/progress.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/search.js +1 -1
package/dist-standalone/_deps/ux-helpers/cjs/types.js +1 -1
package/dist-standalone/_deps/ux-helpers/errors.js +1 -1
package/dist-standalone/_deps/ux-helpers/index.js +1 -1
package/dist-standalone/_deps/ux-helpers/pagination.js +1 -1
package/dist-standalone/_deps/ux-helpers/progress.js +1 -1
package/dist-standalone/_deps/ux-helpers/search.js +1 -1
package/dist-standalone/_deps/xchange/auto-accept.js +1 -1
package/dist-standalone/_deps/xchange/cjs/auto-accept.js +1 -1
package/dist-standalone/_deps/xchange/cjs/errors.js +1 -1
package/dist-standalone/_deps/xchange/cjs/index.js +1 -1
package/dist-standalone/_deps/xchange/cjs/invite-client.js +1 -1
package/dist-standalone/_deps/xchange/cjs/lazy-init.js +1 -1
package/dist-standalone/_deps/xchange/cjs/trust-integration.js +1 -1
package/dist-standalone/_deps/xchange/cjs/xchange.js +1 -1
package/dist-standalone/_deps/xchange/errors.js +1 -1
package/dist-standalone/_deps/xchange/index.js +1 -1
package/dist-standalone/_deps/xchange/invite-client.js +1 -1
package/dist-standalone/_deps/xchange/lazy-init.js +1 -1
package/dist-standalone/_deps/xchange/trust-integration.js +1 -1
package/dist-standalone/_deps/xchange/xchange.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/discovery.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/errors.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/index.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/registry.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/schema.js +1 -1
package/dist-standalone/_deps/xregistry/cjs/types.js +1 -1
package/dist-standalone/_deps/xregistry/discovery.js +1 -1
package/dist-standalone/_deps/xregistry/errors.js +1 -1
package/dist-standalone/_deps/xregistry/index.js +1 -1
package/dist-standalone/_deps/xregistry/registry.js +1 -1
package/dist-standalone/_deps/xregistry/schema.js +1 -1
package/dist-standalone/_deps/xregistry/types.js +1 -1
package/dist-standalone/agent-call.js +1 -642
package/dist-standalone/agent-sdk.js +1 -328
package/dist-standalone/agent.d.ts +95 -5
package/dist-standalone/agent.js +1 -1545
package/dist-standalone/approval.js +1 -193
package/dist-standalone/async-iterators.d.ts +275 -0
package/dist-standalone/async-iterators.js +1 -0
package/dist-standalone/auth.js +1 -219
package/dist-standalone/auto-accept.js +1 -229
package/dist-standalone/backup-config.js +1 -201
package/dist-standalone/backup.d.ts +114 -0
package/dist-standalone/backup.js +1 -0
package/dist-standalone/batch-operations.d.ts +297 -0
package/dist-standalone/batch-operations.js +1 -0
package/dist-standalone/cancellation.d.ts +301 -0
package/dist-standalone/cancellation.js +1 -0
package/dist-standalone/checkpoint.js +1 -186
package/dist-standalone/circuit-breaker.d.ts +351 -0
package/dist-standalone/circuit-breaker.js +1 -0
package/dist-standalone/cjs/agent-call.js +1 -651
package/dist-standalone/cjs/agent-sdk.js +1 -332
package/dist-standalone/cjs/agent.js +1 -1582
package/dist-standalone/cjs/approval.js +1 -199
package/dist-standalone/cjs/async-iterators.js +1 -0
package/dist-standalone/cjs/auth.js +1 -225
package/dist-standalone/cjs/auto-accept.js +1 -233
package/dist-standalone/cjs/backup-config.js +1 -207
package/dist-standalone/cjs/backup.js +1 -0
package/dist-standalone/cjs/batch-operations.js +1 -0
package/dist-standalone/cjs/cancellation.js +1 -0
package/dist-standalone/cjs/checkpoint.js +1 -193
package/dist-standalone/cjs/circuit-breaker.js +1 -0
package/dist-standalone/cjs/cli/init.js +1 -486
package/dist-standalone/cjs/config-validation.js +1 -0
package/dist-standalone/cjs/connect.js +1 -312
package/dist-standalone/cjs/connection-pool.js +1 -0
package/dist-standalone/cjs/correlation-id.js +1 -339
package/dist-standalone/cjs/crypto-utils.js +1 -0
package/dist-standalone/cjs/debug-mode.js +1 -0
package/dist-standalone/cjs/did-document.js +1 -101
package/dist-standalone/cjs/did-privateme.js +1 -130
package/dist-standalone/cjs/did-web.js +1 -201
package/dist-standalone/cjs/discovery.js +1 -462
package/dist-standalone/cjs/dual-mode.js +1 -251
package/dist-standalone/cjs/email-templates.js +1 -313
package/dist-standalone/cjs/email-transport.js +1 -239
package/dist-standalone/cjs/envelope.js +1 -510
package/dist-standalone/cjs/errors.js +1 -826
package/dist-standalone/cjs/event-emitter.js +1 -0
package/dist-standalone/cjs/gateway-state.js +1 -55
package/dist-standalone/cjs/gateway-transport.js +1 -120
package/dist-standalone/cjs/graceful-degradation.js +1 -0
package/dist-standalone/cjs/guardrails.js +1 -223
package/dist-standalone/cjs/health-check.js +1 -0
package/dist-standalone/cjs/http-compat.js +1 -272
package/dist-standalone/cjs/http-status-map.js +1 -571
package/dist-standalone/cjs/identity.js +1 -540
package/dist-standalone/cjs/index.js +1 -237
package/dist-standalone/cjs/invitation.js +1 -421
package/dist-standalone/cjs/invite.js +1 -328
package/dist-standalone/cjs/key-agreement.js +1 -246
package/dist-standalone/cjs/lazy-init.js +1 -300
package/dist-standalone/cjs/logger.js +1 -0
package/dist-standalone/cjs/mdns-discovery.js +1 -202
package/dist-standalone/cjs/nonce-store.js +1 -66
package/dist-standalone/cjs/pairing-manager.js +1 -223
package/dist-standalone/cjs/plugin-system.js +1 -0
package/dist-standalone/cjs/plugins/logging.js +1 -0
package/dist-standalone/cjs/plugins/metrics.js +1 -0
package/dist-standalone/cjs/plugins/validation.js +1 -0
package/dist-standalone/cjs/policy.js +1 -320
package/dist-standalone/cjs/progress-callbacks.js +1 -0
package/dist-standalone/cjs/redis-nonce-store.js +1 -76
package/dist-standalone/cjs/registry-middleware.js +1 -50
package/dist-standalone/cjs/retry-strategies.js +1 -0
package/dist-standalone/cjs/retry-transport.js +1 -102
package/dist-standalone/cjs/runtime/browser.js +1 -0
package/dist-standalone/cjs/runtime/edge.js +1 -0
package/dist-standalone/cjs/runtime/react-native.js +1 -0
package/dist-standalone/cjs/security-policy.js +1 -245
package/dist-standalone/cjs/serialization.js +1 -0
package/dist-standalone/cjs/split-channel.js +1 -177
package/dist-standalone/cjs/subscription-proof.js +1 -230
package/dist-standalone/cjs/succession.js +1 -148
package/dist-standalone/cjs/timeouts.js +1 -0
package/dist-standalone/cjs/trace-context.js +1 -0
package/dist-standalone/cjs/trace-spans.js +1 -0
package/dist-standalone/cjs/transport.js +1 -63
package/dist-standalone/cjs/trust-registry.js +1 -742
package/dist-standalone/cjs/types/error-response.js +1 -56
package/dist-standalone/cjs/vault-auth.js +1 -0
package/dist-standalone/cjs/vault-store-loader.js +1 -0
package/dist-standalone/cjs/verify.js +1 -25
package/dist-standalone/cjs/version-info.js +1 -0
package/dist-standalone/cjs/xfetch.js +1 -252
package/dist-standalone/cli/init.js +1 -449
package/dist-standalone/cli/setup.js +1 -514
package/dist-standalone/cli/types.js +1 -27
package/dist-standalone/cli/xbind.js +1 -148
package/dist-standalone/config-validation.d.ts +185 -0
package/dist-standalone/config-validation.js +1 -0
package/dist-standalone/connect.js +1 -274
package/dist-standalone/connection-pool.d.ts +251 -0
package/dist-standalone/connection-pool.js +1 -0
package/dist-standalone/correlation-id.js +1 -326
package/dist-standalone/crypto-utils.d.ts +60 -0
package/dist-standalone/crypto-utils.js +1 -0
package/dist-standalone/debug-mode.d.ts +286 -0
package/dist-standalone/debug-mode.js +1 -0
package/dist-standalone/did-document.js +1 -96
package/dist-standalone/did-privateme.js +1 -121
package/dist-standalone/did-web.js +1 -196
package/dist-standalone/discovery.js +1 -458
package/dist-standalone/dual-mode.js +1 -247
package/dist-standalone/email-templates.js +1 -309
package/dist-standalone/email-transport.js +1 -232
package/dist-standalone/envelope.d.ts +29 -1
package/dist-standalone/envelope.js +1 -497
package/dist-standalone/errors.d.ts +10 -0
package/dist-standalone/errors.js +1 -811
package/dist-standalone/event-emitter.d.ts +395 -0
package/dist-standalone/event-emitter.js +1 -0
package/dist-standalone/gateway-state.js +1 -51
package/dist-standalone/gateway-transport.js +1 -116
package/dist-standalone/graceful-degradation.d.ts +246 -0
package/dist-standalone/graceful-degradation.js +1 -0
package/dist-standalone/guardrails.js +1 -216
package/dist-standalone/health-check.d.ts +150 -0
package/dist-standalone/health-check.js +1 -0
package/dist-standalone/http-compat.js +1 -267
package/dist-standalone/http-status-map.js +1 -561
package/dist-standalone/identity.d.ts +64 -1
package/dist-standalone/identity.js +1 -515
package/dist-standalone/index.d.ts +45 -3
package/dist-standalone/index.js +1 -52
package/dist-standalone/invitation.js +1 -415
package/dist-standalone/invite.js +1 -324
package/dist-standalone/key-agreement.d.ts +61 -13
package/dist-standalone/key-agreement.js +1 -236
package/dist-standalone/lazy-init.js +1 -295
package/dist-standalone/logger.d.ts +77 -0
package/dist-standalone/logger.js +1 -0
package/dist-standalone/mdns-discovery.js +1 -195
package/dist-standalone/nonce-store.d.ts +16 -3
package/dist-standalone/nonce-store.js +1 -62
package/dist-standalone/package.json +0 -1
package/dist-standalone/pairing-manager.js +1 -219
package/dist-standalone/plugin-system.d.ts +145 -0
package/dist-standalone/plugin-system.js +1 -0
package/dist-standalone/policy.js +1 -315
package/dist-standalone/progress-callbacks.d.ts +394 -0
package/dist-standalone/progress-callbacks.js +1 -0
package/dist-standalone/redis-nonce-store.js +1 -72
package/dist-standalone/registry-middleware.js +1 -47
package/dist-standalone/retry-strategies.d.ts +382 -0
package/dist-standalone/retry-strategies.js +1 -0
package/dist-standalone/retry-transport.js +1 -98
package/dist-standalone/security-policy.js +1 -239
package/dist-standalone/serialization.d.ts +244 -0
package/dist-standalone/serialization.js +1 -0
package/dist-standalone/split-channel.d.ts +49 -1
package/dist-standalone/split-channel.js +1 -171
package/dist-standalone/subscription-proof.js +1 -224
package/dist-standalone/succession.js +1 -142
package/dist-standalone/timeouts.d.ts +275 -0
package/dist-standalone/timeouts.js +1 -0
package/dist-standalone/trace-context.d.ts +252 -0
package/dist-standalone/trace-context.js +1 -0
package/dist-standalone/trace-spans.d.ts +360 -0
package/dist-standalone/trace-spans.js +1 -0
package/dist-standalone/transport.js +1 -59
package/dist-standalone/trust-registry.d.ts +106 -5
package/dist-standalone/trust-registry.js +1 -702
package/dist-standalone/vault-auth.d.ts +91 -0
package/dist-standalone/vault-auth.js +1 -0
package/dist-standalone/vault-store-loader.d.ts +110 -0
package/dist-standalone/vault-store-loader.js +1 -0
package/dist-standalone/verify.js +1 -16
package/dist-standalone/version-info.d.ts +259 -0
package/dist-standalone/version-info.js +1 -0
package/dist-standalone/xfetch.js +1 -247
package/llms.txt +1 -0
package/package.json +65 -5
package/share1.dat +0 -0
package/dist-standalone/_deps/crypto/base64.d.ts +0 -29
package/dist-standalone/_deps/crypto/base64.js +0 -222
package/dist-standalone/_deps/crypto/cjs/base64.js +0 -665
package/dist-standalone/_deps/crypto/cjs/errors.js +0 -675
package/dist-standalone/_deps/crypto/cjs/hmac.js +0 -473
package/dist-standalone/_deps/crypto/cjs/index.js +0 -852
package/dist-standalone/_deps/crypto/cjs/package.json +0 -1
package/dist-standalone/_deps/crypto/cjs/padding.js +0 -511
package/dist-standalone/_deps/crypto/cjs/share-header.js +0 -372
package/dist-standalone/_deps/crypto/cjs/shares.js +0 -874
package/dist-standalone/_deps/crypto/cjs/tlv.js +0 -1021
package/dist-standalone/_deps/crypto/cjs/uuid.js +0 -443
package/dist-standalone/_deps/crypto/cjs/verify.js +0 -414
package/dist-standalone/_deps/crypto/cjs/xorida.js +0 -923
package/dist-standalone/_deps/crypto/errors.d.ts +0 -51
package/dist-standalone/_deps/crypto/errors.js +0 -199
package/dist-standalone/_deps/crypto/hmac.d.ts +0 -39
package/dist-standalone/_deps/crypto/hmac.js +0 -134
package/dist-standalone/_deps/crypto/index.d.ts +0 -20
package/dist-standalone/_deps/crypto/index.js +0 -145
package/dist-standalone/_deps/crypto/padding.d.ts +0 -19
package/dist-standalone/_deps/crypto/padding.js +0 -159
package/dist-standalone/_deps/crypto/share-header.d.ts +0 -44
package/dist-standalone/_deps/crypto/share-header.js +0 -92
package/dist-standalone/_deps/crypto/shares.d.ts +0 -27
package/dist-standalone/_deps/crypto/shares.js +0 -295
package/dist-standalone/_deps/crypto/tlv.d.ts +0 -26
package/dist-standalone/_deps/crypto/tlv.js +0 -364
package/dist-standalone/_deps/crypto/uuid.d.ts +0 -22
package/dist-standalone/_deps/crypto/uuid.js +0 -136
package/dist-standalone/_deps/crypto/verify.d.ts +0 -15
package/dist-standalone/_deps/crypto/verify.js +0 -71
package/dist-standalone/_deps/crypto/xorida.d.ts +0 -44
package/dist-standalone/_deps/crypto/xorida.js +0 -366
package/dist-standalone/_deps/shared/errors.d.ts.map +0 -1
package/dist-standalone/_deps/shared/errors.js.map +0 -1
package/dist-standalone/_deps/shared/index.d.ts.map +0 -1
package/dist-standalone/_deps/shared/index.js.map +0 -1
package/dist-standalone/_deps/shared/types.d.ts.map +0 -1
package/dist-standalone/_deps/shared/types.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/errors.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/errors.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/index.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/index.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/pagination.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/pagination.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/progress.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/progress.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/search.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/search.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/types.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/cjs/types.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/errors.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/errors.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/index.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/index.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/pagination.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/pagination.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/progress.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/progress.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/search.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/search.js.map +0 -1
package/dist-standalone/_deps/ux-helpers/types.d.ts.map +0 -1
package/dist-standalone/_deps/ux-helpers/types.js.map +0 -1
package/dist-standalone/_deps/xregistry/discovery.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/discovery.js.map +0 -1
package/dist-standalone/_deps/xregistry/errors.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/errors.js.map +0 -1
package/dist-standalone/_deps/xregistry/index.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/index.js.map +0 -1
package/dist-standalone/_deps/xregistry/registry.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/registry.js.map +0 -1
package/dist-standalone/_deps/xregistry/schema.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/schema.js.map +0 -1
package/dist-standalone/_deps/xregistry/types.d.ts.map +0 -1
package/dist-standalone/_deps/xregistry/types.js.map +0 -1

package/dist-standalone/policy.js CHANGED Viewed

@@ -1,315 +1 @@
-/**
- * @module policy
- * PolicyEngine for agent.call() constraint enforcement
- *
- * Enforces spending limits, rate limits, scope restrictions, and data filters
- * on agent tool calls. Separate from SecurityPolicy (risk classification).
- */
-import { ok, err } from"./_deps/shared/index.js";
-import { AgentError, AgentErrorCode } from './agent-call.js';
-/**
- * PolicyEngine - Enforces constraints on agent.call() requests
- *
- * Tracks:
- * - Per-transaction spending limits
- * - Daily spending limits
- * - Rate limits (calls per minute)
- * - Allowed tools/scopes
- *
- * Thread-safe for concurrent requests from the same agent.
- */
-export class PolicyEngine {
-    /** Rate limit tracker by agent DID */
-    rateLimits = new Map();
-    /** Daily spending tracker by agent DID */
-    dailySpending = new Map();
-    /** Monthly spending tracker by agent DID */
-    monthlySpending = new Map();
-    /**
-     * Evaluate a policy against a request
-     *
-     * @param agentDID - Agent DID making the request
-     * @param tool - Tool being called (e.g., "stripe:createCharge")
-     * @param params - Tool parameters
-     * @param constraints - Policy constraints to enforce
-     * @returns Policy evaluation result
-     */
-    evaluate(agentDID, tool, params, constraints) {
-        // Check allowed tools
-        if (constraints.allowedTools && constraints.allowedTools.length > 0) {
-            const [service] = tool.split(':');
-            const isAllowed = constraints.allowedTools.some((allowed) => allowed === tool || allowed === `${service}:*` || allowed === '*');
-            if (!isAllowed) {
-                const details = {
-                    requested: tool,
-                    allowed: constraints.allowedTools,
-                    constraint: 'tool',
-                    fix: `Update policy.allowedTools to include "${tool}" or "${service}:*" or request approval`,
-                };
-                return err(new AgentError(AgentErrorCode.POLICY_VIOLATION, `Tool "${tool}" is not allowed by policy`, details));
-            }
-        }
-        // Check scopes
-        if (constraints.scopes && constraints.scopes.length > 0) {
-            // Extract scope from params if present
-            const scope = typeof params === 'object' && params !== null && 'scope' in params
-                ? params.scope
-                : undefined;
-            if (scope && !constraints.scopes.includes(scope)) {
-                const details = {
-                    requested: scope,
-                    allowed: constraints.scopes,
-                    constraint: 'scope',
-                    fix: `Update policy.scopes to include "${scope}" or request additional permissions`,
-                };
-                return err(new AgentError(AgentErrorCode.POLICY_VIOLATION, `Scope "${scope}" is not allowed by policy`, details));
-            }
-        }
-        // Check rate limits
-        if (constraints.limits?.callsPerMinute) {
-            const rateCheck = this.checkRateLimit(agentDID, constraints.limits.callsPerMinute);
-            if (!rateCheck.ok) {
-                return rateCheck;
-            }
-        }
-        // Check spending limits (if amount is in params)
-        const amount = this.extractAmount(params);
-        if (amount !== null) {
-            // Check per-transaction limit
-            if (constraints.limits?.amountPerTxn && amount > constraints.limits.amountPerTxn) {
-                const details = {
-                    requested: amount,
-                    allowed: constraints.limits.amountPerTxn,
-                    constraint: 'amountPerTxn',
-                    fix: `Reduce amount to ${constraints.limits.amountPerTxn} or less, or update policy.limits.amountPerTxn`,
-                };
-                return err(new AgentError(AgentErrorCode.POLICY_VIOLATION, `Amount ${amount} exceeds per-transaction limit of ${constraints.limits.amountPerTxn}`, details));
-            }
-            // Check daily limit
-            if (constraints.limits?.dailyAmount) {
-                const dailyCheck = this.checkDailyLimit(agentDID, amount, constraints.limits.dailyAmount);
-                if (!dailyCheck.ok) {
-                    return dailyCheck;
-                }
-            }
-            // Check monthly limit
-            if (constraints.limits?.monthlyAmount) {
-                const monthlyCheck = this.checkMonthlyLimit(agentDID, amount, constraints.limits.monthlyAmount);
-                if (!monthlyCheck.ok) {
-                    return monthlyCheck;
-                }
-            }
-        }
-        // All checks passed
-        return ok(undefined);
-    }
-    /**
-     * Record a successful call (for rate limiting)
-     *
-     * @param agentDID - Agent DID
-     */
-    recordCall(agentDID) {
-        const now = Date.now();
-        const entry = this.rateLimits.get(agentDID) ?? {
-            calls: [],
-            windowStart: now,
-        };
-        entry.calls.push(now);
-        // Clean up old calls (older than 1 minute)
-        const oneMinuteAgo = now - 60000;
-        entry.calls = entry.calls.filter((timestamp) => timestamp > oneMinuteAgo);
-        this.rateLimits.set(agentDID, entry);
-    }
-    /**
-     * Record successful spending (for daily and monthly limits)
-     *
-     * @param agentDID - Agent DID
-     * @param amount - Amount spent
-     */
-    recordSpending(agentDID, amount) {
-        const today = this.getCurrentDay();
-        const thisMonth = this.getCurrentMonth();
-        // Update daily spending
-        const dailyEntry = this.dailySpending.get(agentDID);
-        if (dailyEntry && dailyEntry.day === today) {
-            dailyEntry.amount += amount;
-        }
-        else {
-            this.dailySpending.set(agentDID, {
-                amount,
-                day: today,
-            });
-        }
-        // Update monthly spending
-        const monthlyEntry = this.monthlySpending.get(agentDID);
-        if (monthlyEntry && monthlyEntry.month === thisMonth) {
-            monthlyEntry.amount += amount;
-        }
-        else {
-            this.monthlySpending.set(agentDID, {
-                amount,
-                month: thisMonth,
-            });
-        }
-    }
-    /**
-     * Get current rate limit status for an agent
-     *
-     * @param agentDID - Agent DID
-     * @returns Calls in current minute
-     */
-    getCurrentRateLimit(agentDID) {
-        const entry = this.rateLimits.get(agentDID);
-        if (!entry)
-            return 0;
-        const now = Date.now();
-        const oneMinuteAgo = now - 60000;
-        // Count calls in last minute
-        return entry.calls.filter((timestamp) => timestamp > oneMinuteAgo).length;
-    }
-    /**
-     * Get current daily spending for an agent
-     *
-     * @param agentDID - Agent DID
-     * @returns Amount spent today
-     */
-    getDailySpending(agentDID) {
-        const today = this.getCurrentDay();
-        const entry = this.dailySpending.get(agentDID);
-        if (!entry || entry.day !== today)
-            return 0;
-        return entry.amount;
-    }
-    /**
-     * Get current monthly spending for an agent
-     *
-     * @param agentDID - Agent DID
-     * @returns Amount spent this month
-     */
-    getMonthlySpending(agentDID) {
-        const thisMonth = this.getCurrentMonth();
-        const entry = this.monthlySpending.get(agentDID);
-        if (!entry || entry.month !== thisMonth)
-            return 0;
-        return entry.amount;
-    }
-    /**
-     * Reset all limits for an agent (for testing)
-     *
-     * @param agentDID - Agent DID
-     */
-    reset(agentDID) {
-        this.rateLimits.delete(agentDID);
-        this.dailySpending.delete(agentDID);
-        this.monthlySpending.delete(agentDID);
-    }
-    /**
-     * Check rate limit
-     */
-    checkRateLimit(agentDID, limit) {
-        const current = this.getCurrentRateLimit(agentDID);
-        if (current >= limit) {
-            const details = {
-                requested: current + 1,
-                allowed: limit,
-                constraint: 'callsPerMinute',
-                current,
-                fix: `Wait before making additional calls, or update policy.limits.callsPerMinute to a higher value`,
-            };
-            return err(new AgentError(AgentErrorCode.POLICY_VIOLATION, `Rate limit exceeded: ${current}/${limit} calls per minute`, details));
-        }
-        return ok(undefined);
-    }
-    /**
-     * Check daily spending limit
-     */
-    checkDailyLimit(agentDID, amount, limit) {
-        const current = this.getDailySpending(agentDID);
-        const newTotal = current + amount;
-        if (newTotal > limit) {
-            const remaining = limit - current;
-            const details = {
-                requested: amount,
-                allowed: limit,
-                constraint: 'dailyAmount',
-                current,
-                newTotal,
-                fix: remaining > 0
-                    ? `Reduce amount to ${remaining} or less (remaining today), or update policy.limits.dailyAmount`
-                    : `Daily limit already reached. Wait until tomorrow or update policy.limits.dailyAmount`,
-            };
-            return err(new AgentError(AgentErrorCode.POLICY_VIOLATION, `Amount ${amount} would exceed daily limit: ${newTotal}/${limit} (current: ${current})`, details));
-        }
-        return ok(undefined);
-    }
-    /**
-     * Extract amount from params
-     */
-    extractAmount(params) {
-        if (typeof params !== 'object' || params === null)
-            return null;
-        const obj = params;
-        // Check common amount field names
-        if (typeof obj.amount === 'number')
-            return obj.amount;
-        if (typeof obj.value === 'number')
-            return obj.value;
-        if (typeof obj.price === 'number')
-            return obj.price;
-        if (typeof obj.total === 'number')
-            return obj.total;
-        return null;
-    }
-    /**
-     * Get current day identifier (YYYY-MM-DD in UTC)
-     */
-    getCurrentDay() {
-        const now = new Date();
-        return now.toISOString().split('T')[0] ?? '';
-    }
-    /**
-     * Get current month identifier (YYYY-MM in UTC)
-     */
-    getCurrentMonth() {
-        const now = new Date();
-        const iso = now.toISOString();
-        return iso.substring(0, 7); // YYYY-MM
-    }
-    /**
-     * Check monthly spending limit
-     */
-    checkMonthlyLimit(agentDID, amount, limit) {
-        const current = this.getMonthlySpending(agentDID);
-        const newTotal = current + amount;
-        if (newTotal > limit) {
-            const remaining = limit - current;
-            const details = {
-                requested: amount,
-                allowed: limit,
-                constraint: 'dailyAmount', // Reuse constraint type (will add monthlyAmount later)
-                current,
-                newTotal,
-                fix: remaining > 0
-                    ? `Reduce amount to ${remaining} or less (remaining this month), or update policy.limits.monthlyAmount`
-                    : `Monthly limit already reached. Wait until next month or update policy.limits.monthlyAmount`,
-            };
-            return err(new AgentError(AgentErrorCode.POLICY_VIOLATION, `Amount ${amount} would exceed monthly limit: ${newTotal}/${limit} (current: ${current})`, details));
-        }
-        return ok(undefined);
-    }
-}
-/**
- * Global policy engine instance (singleton)
- */
-let globalPolicyEngine = null;
-/**
- * Get the global policy engine instance
- *
- * @returns PolicyEngine instance
- */
-export function getGlobalPolicyEngine() {
-    if (!globalPolicyEngine) {
-        globalPolicyEngine = new PolicyEngine();
-    }
-    return globalPolicyEngine;
-}
+import{ok,err}from"./_deps/shared/index.js";import{AgentError,AgentErrorCode}from"./agent-call.js";export class PolicyEngine{rateLimits=new Map;dailySpending=new Map;monthlySpending=new Map;evaluate(t,e,n,o){if(o.allowedTools&&o.allowedTools.length>0){const[t]=e.split(":");if(!o.allowedTools.some(n=>n===e||n===`${t}:*`||"*"===n)){const n={requested:e,allowed:o.allowedTools,constraint:"tool",fix:`Update policy.allowedTools to include "${e}" or "${t}:*" or request approval`};return err(new AgentError(AgentErrorCode.POLICY_VIOLATION,`Tool "${e}" is not allowed by policy`,n))}}if(o.scopes&&o.scopes.length>0){const t="object"==typeof n&&null!==n&&"scope"in n?n.scope:void 0;if(t&&!o.scopes.includes(t)){const e={requested:t,allowed:o.scopes,constraint:"scope",fix:`Update policy.scopes to include "${t}" or request additional permissions`};return err(new AgentError(AgentErrorCode.POLICY_VIOLATION,`Scope "${t}" is not allowed by policy`,e))}}if(o.limits?.callsPerMinute){const e=this.checkRateLimit(t,o.limits.callsPerMinute);if(!e.ok)return e}const i=this.extractAmount(n);if(null!==i){if(o.limits?.amountPerTxn&&i>o.limits.amountPerTxn){const t={requested:i,allowed:o.limits.amountPerTxn,constraint:"amountPerTxn",fix:`Reduce amount to ${o.limits.amountPerTxn} or less, or update policy.limits.amountPerTxn`};return err(new AgentError(AgentErrorCode.POLICY_VIOLATION,`Amount ${i} exceeds per-transaction limit of ${o.limits.amountPerTxn}`,t))}if(o.limits?.dailyAmount){const e=this.checkDailyLimit(t,i,o.limits.dailyAmount);if(!e.ok)return e}if(o.limits?.monthlyAmount){const e=this.checkMonthlyLimit(t,i,o.limits.monthlyAmount);if(!e.ok)return e}}return ok(void 0)}recordCall(t){const e=Date.now(),n=this.rateLimits.get(t)??{calls:[],windowStart:e};n.calls.push(e);const o=e-6e4;n.calls=n.calls.filter(t=>t>o),this.rateLimits.set(t,n)}recordSpending(t,e){const n=this.getCurrentDay(),o=this.getCurrentMonth(),i=this.dailySpending.get(t);i&&i.day===n?i.amount+=e:this.dailySpending.set(t,{amount:e,day:n});const r=this.monthlySpending.get(t);r&&r.month===o?r.amount+=e:this.monthlySpending.set(t,{amount:e,month:o})}getCurrentRateLimit(t){const e=this.rateLimits.get(t);if(!e)return 0;const n=Date.now()-6e4;return e.calls.filter(t=>t>n).length}getDailySpending(t){const e=this.getCurrentDay(),n=this.dailySpending.get(t);return n&&n.day===e?n.amount:0}getMonthlySpending(t){const e=this.getCurrentMonth(),n=this.monthlySpending.get(t);return n&&n.month===e?n.amount:0}reset(t){this.rateLimits.delete(t),this.dailySpending.delete(t),this.monthlySpending.delete(t)}checkRateLimit(t,e){const n=this.getCurrentRateLimit(t);if(n>=e){const t={requested:n+1,allowed:e,constraint:"callsPerMinute",current:n,fix:"Wait before making additional calls, or update policy.limits.callsPerMinute to a higher value"};return err(new AgentError(AgentErrorCode.POLICY_VIOLATION,`Rate limit exceeded: ${n}/${e} calls per minute`,t))}return ok(void 0)}checkDailyLimit(t,e,n){const o=this.getDailySpending(t),i=o+e;if(i>n){const t=n-o,r={requested:e,allowed:n,constraint:"dailyAmount",current:o,newTotal:i,fix:t>0?`Reduce amount to ${t} or less (remaining today), or update policy.limits.dailyAmount`:"Daily limit already reached. Wait until tomorrow or update policy.limits.dailyAmount"};return err(new AgentError(AgentErrorCode.POLICY_VIOLATION,`Amount ${e} would exceed daily limit: ${i}/${n} (current: ${o})`,r))}return ok(void 0)}extractAmount(t){if("object"!=typeof t||null===t)return null;const e=t;return"number"==typeof e.amount?e.amount:"number"==typeof e.value?e.value:"number"==typeof e.price?e.price:"number"==typeof e.total?e.total:null}getCurrentDay(){return(new Date).toISOString().split("T")[0]??""}getCurrentMonth(){return(new Date).toISOString().substring(0,7)}checkMonthlyLimit(t,e,n){const o=this.getMonthlySpending(t),i=o+e;if(i>n){const t=n-o,r={requested:e,allowed:n,constraint:"dailyAmount",current:o,newTotal:i,fix:t>0?`Reduce amount to ${t} or less (remaining this month), or update policy.limits.monthlyAmount`:"Monthly limit already reached. Wait until next month or update policy.limits.monthlyAmount"};return err(new AgentError(AgentErrorCode.POLICY_VIOLATION,`Amount ${e} would exceed monthly limit: ${i}/${n} (current: ${o})`,r))}return ok(void 0)}}let globalPolicyEngine=null;export function getGlobalPolicyEngine(){return globalPolicyEngine||(globalPolicyEngine=new PolicyEngine),globalPolicyEngine}