@safebrowse/daemon 0.1.2 → 0.1.3

package/dist/server.d.ts

@@ -8,6 +8,7 @@ export interface SafeBrowseDaemonOptions {
     policyPack?: PolicyPack;
     knowledgeBase?: KnowledgeBaseContext;
     verifiedRegistry?: VerifiedRegistryBundle;
+    parserAllowlistedEgress?: string[];
 }
 export declare function createSafeBrowseServer(options?: SafeBrowseDaemonOptions): Promise<Server>;
 export declare function startSafeBrowseDaemon(options?: SafeBrowseDaemonOptions): Promise<Server>;

package/dist/server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAEA,OAAO,EAAsC,KAAK,MAAM,EAAuB,MAAM,WAAW,CAAC;AAIjG,OAAO,EAcL,KAAK,oBAAoB,EAEzB,KAAK,UAAU,EAMhB,MAAM,kBAAkB,CAAC;AAQ1B,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,kBAAkB,CAAC;AAE/D,MAAM,WAAW,uBAAuB;IACtC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,aAAa,CAAC,EAAE,oBAAoB,CAAC;IACrC,gBAAgB,CAAC,EAAE,sBAAsB,CAAC;CAC3C;AAgGD,wBAAsB,sBAAsB,CAC1C,OAAO,GAAE,uBAA4B,GACpC,OAAO,CAAC,MAAM,CAAC,CAuHjB;AAED,wBAAsB,qBAAqB,CACzC,OAAO,GAAE,uBAA4B,GACpC,OAAO,CAAC,MAAM,CAAC,CAWjB"}
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAEA,OAAO,EAAsC,KAAK,MAAM,EAAuB,MAAM,WAAW,CAAC;AAIjG,OAAO,EA4BL,KAAK,oBAAoB,EAKzB,KAAK,UAAU,EAShB,MAAM,kBAAkB,CAAC;AAS1B,OAAO,KAAK,EAAE,sBAAsB,EAAyB,MAAM,kBAAkB,CAAC;AAEtF,MAAM,WAAW,uBAAuB;IACtC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,aAAa,CAAC,EAAE,oBAAoB,CAAC;IACrC,gBAAgB,CAAC,EAAE,sBAAsB,CAAC;IAC1C,uBAAuB,CAAC,EAAE,MAAM,EAAE,CAAC;CACpC;AAgYD,wBAAsB,sBAAsB,CAC1C,OAAO,GAAE,uBAA4B,GACpC,OAAO,CAAC,MAAM,CAAC,CA+fjB;AAED,wBAAsB,qBAAqB,CACzC,OAAO,GAAE,uBAA4B,GACpC,OAAO,CAAC,MAAM,CAAC,CAWjB"}

package/dist/server.js

@@ -1,10 +1,14 @@
-import { randomUUID } from "node:crypto";
+import { createHash, randomUUID } from "node:crypto";
 import { stat } from "node:fs/promises";
 import { createServer } from "node:http";
 import { resolve } from "node:path";
 import { fileURLToPath } from "node:url";
-import { brokerArtifact, brokerArtifactV2, buildReplayBundle, compilePolicy, evaluateAction, evaluateMemoryWrite, evaluateToolRequest, prepareToolOnboarding, sanitizeObservation, verifyToolCallback } from "@safebrowse/core";
+import { applyV4FailClosedMediation, attachCapabilitiesToPlannerInput, brokerArtifact, brokerArtifactV2, buildReplayBundle, compilePolicy, createApprovalGrantHash, evaluateAction, evaluateCapabilityUse, evaluateMemoryWrite, evaluateMemoryWriteV4, evaluateToolRequest, mintCapabilitiesForObservation, prepareToolOnboarding, prepareToolOnboardingV4, promoteMemoryRecordV4, rollbackMemoryRecordV4, sanitizeObservation, verifyToolCallback, verifyToolCallbackV4 } from "@safebrowse/core";
 import { buildRegistryDefaults, loadKnowledgeBaseContext, loadVerifiedRegistryBundle, loadPolicyPackFromPaths, resolvePolicyLayerFiles } from "./loaders.js";
+import { compileObservationInIsolation, probeParserIsolation } from "./parserIsolation.js";
+function hashValue(input) {
+    return createHash("sha256").update(JSON.stringify(input)).digest("hex");
+}
 async function readJson(request) {
     const chunks = [];
     for await (const chunk of request) {
@@ -17,6 +21,17 @@ function writeJson(response, statusCode, payload) {
     response.setHeader("content-type", "application/json; charset=utf-8");
     response.end(JSON.stringify(payload, null, 2));
 }
+function legacyResponseMeta(route) {
+    return {
+        deprecated: true,
+        telemetry: {
+            deprecated: true,
+            claimScope: "legacy_compatibility",
+            preventionClaim: false,
+            routeVersion: route
+        }
+    };
+}
 async function fileExists(path) {
     try {
         await stat(path);
@@ -45,31 +60,122 @@ async function buildRuntimeContext(options) {
     return {
         policy: compilePolicy(policyPack),
         knowledgeBase,
-        verifiedRegistry
+        verifiedRegistry,
+        parserAllowlistedEgress: options.parserAllowlistedEgress ?? []
     };
 }
 function plusMinutes(value, minutes) {
     return new Date(new Date(value).getTime() + minutes * 60_000).toISOString();
 }
-function createOnboardingSession(request, runtime, workflowBindingId) {
-    const callbackUri = request.oauthContext?.callbackUri ??
+function plusSeconds(value, seconds) {
+    return new Date(new Date(value).getTime() + seconds * 1_000).toISOString();
+}
+function createWorkflowHash(payload) {
+    return hashValue({
+        taskId: payload.taskId,
+        userGoal: payload.userGoal,
+        phase: payload.phase ?? "",
+        allowedOrigins: payload.allowedOrigins ?? [],
+        allowedVerbs: payload.allowedVerbs ?? [],
+        forbiddenSinks: payload.forbiddenSinks ?? []
+    });
+}
+function createSessionState(request, runtime) {
+    const createdAt = new Date().toISOString();
+    const allowedOrigins = request.allowedOrigins ??
+        [...runtime.policy.readOnlyOrigins, ...runtime.policy.writableOrigins];
+    const allowedVerbs = request.allowedVerbs ?? [...runtime.policy.allowedActions];
+    const forbiddenSinks = request.forbiddenSinks ?? [];
+    const session = {
+        sessionId: randomUUID(),
+        taskId: request.taskId,
+        userGoal: request.userGoal,
+        phase: request.phase,
+        allowedOrigins,
+        allowedVerbs,
+        forbiddenSinks,
+        workflowHash: createWorkflowHash({
+            taskId: request.taskId,
+            userGoal: request.userGoal,
+            phase: request.phase,
+            allowedOrigins,
+            allowedVerbs,
+            forbiddenSinks
+        }),
+        currentStep: 0,
+        createdAt,
+        expiresAt: plusSeconds(createdAt, request.expiresInSeconds ?? 1800)
+    };
+    return {
+        session,
+        capabilities: new Map(),
+        usedCapabilities: new Set(),
+        authorityReduced: false,
+        authorityReductionReasons: [],
+        approvalGrants: new Map(),
+        memoryRecords: new Map(),
+        memorySnapshots: new Map(),
+        onboardingSessions: new Map()
+    };
+}
+function shouldReduceAuthority(sessionState, observation) {
+    if (sessionState.authorityReduced) {
+        return true;
+    }
+    const hasPriorSurface = Boolean(sessionState.latestObservation);
+    const hasMeaningfulRisk = observation.parseStatus !== "compiled" ||
+        observation.riskFindings.length > 0 ||
+        observation.secretFindings.length > 0;
+    return hasPriorSurface && hasMeaningfulRisk;
+}
+function applyAuthorityReduction(sessionState, observation, plannerInput) {
+    const reasons = [
+        ...sessionState.authorityReductionReasons,
+        ...(observation.parseStatus !== "compiled"
+            ? [`parse_status_${observation.parseStatus}`]
+            : []),
+        ...observation.riskFindings,
+        ...(observation.secretFindings.length ? ["secret_redaction_boundary"] : [])
+    ];
+    sessionState.authorityReduced = true;
+    sessionState.authorityReductionReasons = [...new Set(reasons)];
+    sessionState.capabilities.clear();
+    return {
+        ...plannerInput,
+        candidateCapabilities: [],
+        riskMarkers: [
+            ...new Set([
+                ...plannerInput.riskMarkers,
+                "multimodal_reducer_active",
+                ...sessionState.authorityReductionReasons.map((reason) => `chain:${reason}`)
+            ])
+        ]
+    };
+}
+function createOnboardingSession(request, runtime, approvalGrant, verifiedRegistryEntry) {
+    const callbackUri = verifiedRegistryEntry?.allowedRedirectUris[0] ??
+        request.oauthContext?.callbackUri ??
         request.callbackUri ??
         request.oauthContext?.redirectUri ??
         request.requestedRedirectUri;
     if (!callbackUri) {
         return undefined;
     }
+    const callbackOrigin = verifiedRegistryEntry?.allowedCallbackOrigins[0] ?? new URL(callbackUri).origin;
     const createdAt = (runtime.now?.() ?? new Date()).toISOString();
     return {
         sessionId: randomUUID(),
-        approvalBindingId: request.approvalBindingId ?? randomUUID(),
-        workflowBindingId,
+        approvalBindingId: approvalGrant.approvalGrantId,
+        workflowBindingId: request.sourceObservationId,
         toolId: request.toolId,
-        registryEntryId: request.registryEntryId ?? request.toolId,
-        registryBundleId: request.registryBundleId ?? runtime.verifiedRegistry?.bundleId ?? "unverified-registry",
+        registryEntryId: verifiedRegistryEntry?.registryEntryId ?? request.registryEntryId ?? request.toolId,
+        registryBundleId: verifiedRegistryEntry?.bundleId ??
+            request.registryBundleId ??
+            runtime.verifiedRegistry?.bundleId ??
+            "unverified-registry",
         callbackUri,
-        callbackOrigin: new URL(callbackUri).origin,
-        requestedScopes: request.requestedScopes ?? request.oauthContext?.requestedScopes ?? [],
+        callbackOrigin,
+        requestedScopes: approvalGrant.scopes,
         state: randomUUID(),
         pkceMethod: "S256",
         createdAt,
@@ -77,9 +183,80 @@ function createOnboardingSession(request, runtime, workflowBindingId) {
         status: "prepared"
     };
 }
+function issueApprovalGrant(request, sessionState) {
+    const issuedAt = new Date().toISOString();
+    const grantWithoutHash = {
+        approvalGrantId: randomUUID(),
+        sessionId: sessionState.session.sessionId,
+        workflowHash: sessionState.session.workflowHash,
+        connectorId: request.connectorId,
+        scopes: request.scopes ?? [],
+        sinkClass: request.sinkClass,
+        capabilityIds: request.capabilityIds ?? [],
+        targetOrigin: request.targetOrigin,
+        issuedAt,
+        expiresAt: plusSeconds(issuedAt, request.expiresInSeconds ?? 600)
+    };
+    return {
+        ...grantWithoutHash,
+        grantHash: createApprovalGrantHash(grantWithoutHash)
+    };
+}
+function findSessionState(sessions, sessionId) {
+    const sessionState = sessions.get(sessionId);
+    if (!sessionState) {
+        return undefined;
+    }
+    if (new Date(sessionState.session.expiresAt).getTime() <= Date.now()) {
+        sessions.delete(sessionId);
+        return undefined;
+    }
+    return sessionState;
+}
+function buildLegacyObservationCapture(payload) {
+    if (payload.surfaceType === "pdf") {
+        return {
+            mimeType: "application/pdf",
+            sourceOrigin: payload.url,
+            viewerOrigin: payload.frameUrl ?? payload.url,
+            renderedText: payload.renderedText,
+            extractedText: payload.extractedText,
+            ocrText: payload.ocrText,
+            annotations: payload.annotations,
+            metadataText: payload.metadataText,
+            extractionMethod: "download",
+            trustSignals: payload.trustSignals
+        };
+    }
+    if (payload.surfaceType === "image") {
+        return {
+            mimeType: "image/png",
+            sourceOrigin: payload.url,
+            viewerOrigin: payload.frameUrl ?? payload.url,
+            ocrText: payload.ocrText,
+            metadataText: payload.metadataText,
+            extractionMethod: "ocr",
+            trustSignals: payload.trustSignals
+        };
+    }
+    if (payload.surfaceType === "tool_manifest") {
+        return {
+            mimeType: "application/json",
+            surfaceKind: "tool_manifest",
+            sourceOrigin: payload.url,
+            viewerOrigin: payload.frameUrl ?? payload.url,
+            extractedText: payload.description,
+            metadataText: payload.schemaDescriptions,
+            extractionMethod: "api",
+            trustSignals: payload.trustSignals
+        };
+    }
+    return undefined;
+}
 export async function createSafeBrowseServer(options = {}) {
     const runtime = await buildRuntimeContext(options);
     const onboardingSessions = new Map();
+    const sessions = new Map();
     return createServer(async (request, response) => {
         if (!request.url) {
             writeJson(response, 400, { error: "missing_url" });
@@ -87,6 +264,7 @@ export async function createSafeBrowseServer(options = {}) {
         }
         try {
             if (request.method === "GET" && request.url === "/health") {
+                const parserProbe = await probeParserIsolation();
                 writeJson(response, 200, {
                     status: "ok",
                     profile: runtime.policy.profile,
@@ -99,7 +277,8 @@ export async function createSafeBrowseServer(options = {}) {
                             signatureVerified: runtime.verifiedRegistry.signatureVerified,
                             entryCount: runtime.verifiedRegistry.entries.length
                         }
-                        : undefined
+                        : undefined,
+                    parserIsolation: parserProbe
                 });
                 return;
             }
@@ -109,39 +288,73 @@ export async function createSafeBrowseServer(options = {}) {
             }
             if (request.url === "/v1/observe") {
                 const payload = await readJson(request);
-                writeJson(response, 200, sanitizeObservation(payload, runtime));
+                writeJson(response, 200, {
+                    ...sanitizeObservation(payload, runtime),
+                    ...legacyResponseMeta("/v1/observe")
+                });
                 return;
             }
             if (request.url === "/v1/action") {
                 const payload = await readJson(request);
-                writeJson(response, 200, evaluateAction(payload, runtime));
+                writeJson(response, 200, {
+                    ...evaluateAction(payload, runtime),
+                    ...legacyResponseMeta("/v1/action")
+                });
                 return;
             }
             if (request.url === "/v1/artifact") {
                 const payload = await readJson(request);
-                writeJson(response, 200, brokerArtifact(payload, runtime));
+                writeJson(response, 200, {
+                    ...brokerArtifact(payload, runtime),
+                    ...legacyResponseMeta("/v1/artifact")
+                });
                 return;
             }
             if (request.url === "/v1/tool") {
                 const payload = await readJson(request);
-                writeJson(response, 200, evaluateToolRequest(payload, runtime));
+                writeJson(response, 200, {
+                    ...evaluateToolRequest(payload, runtime),
+                    ...legacyResponseMeta("/v1/tool")
+                });
                 return;
             }
             if (request.url === "/v1/memory") {
                 const payload = await readJson(request);
-                writeJson(response, 200, evaluateMemoryWrite(payload, runtime));
+                writeJson(response, 200, {
+                    ...evaluateMemoryWrite(payload, runtime),
+                    ...legacyResponseMeta("/v1/memory")
+                });
                 return;
             }
             if (request.url === "/v1/replay") {
                 const payload = await readJson(request);
-                writeJson(response, 200, buildReplayBundle(payload.events, runtime));
+                writeJson(response, 200, {
+                    ...buildReplayBundle(payload.events, runtime),
+                    ...legacyResponseMeta("/v1/replay")
+                });
                 return;
             }
             if (request.url === "/v2/tool/prepare") {
                 const payload = await readJson(request);
                 const prepared = prepareToolOnboarding(payload, runtime);
                 const onboardingSession = prepared.verdict.decision === "ALLOW" && payload.authType === "oauth"
-                    ? createOnboardingSession(payload, runtime, prepared.workflowBinding?.bindingId)
+                    ? createOnboardingSession(payload, runtime, {
+                        approvalGrantId: payload.approvalBindingId ?? randomUUID(),
+                        sessionId: "legacy-session",
+                        workflowHash: hashValue(payload.sourceObservationId ?? payload.requestId),
+                        connectorId: payload.toolId,
+                        scopes: payload.requestedScopes ?? [],
+                        sinkClass: "connector_oauth",
+                        capabilityIds: payload.capabilityId ? [payload.capabilityId] : [],
+                        targetOrigin: payload.callbackOrigin ??
+                            payload.oauthContext?.callbackOrigin ??
+                            payload.callbackUri ??
+                            payload.requestedRedirectUri ??
+                            "unknown",
+                        issuedAt: new Date().toISOString(),
+                        expiresAt: plusMinutes(new Date().toISOString(), 10),
+                        grantHash: "legacy"
+                    })
                     : undefined;
                 if (onboardingSession) {
                     onboardingSessions.set(onboardingSession.sessionId, onboardingSession);
@@ -150,7 +363,8 @@ export async function createSafeBrowseServer(options = {}) {
                     verdict: prepared.verdict,
                     verifiedRegistryEntry: prepared.verifiedRegistryEntry,
                     workflowBinding: prepared.workflowBinding,
-                    onboardingSession
+                    onboardingSession,
+                    ...legacyResponseMeta("/v2/tool/prepare")
                 });
                 return;
             }
@@ -164,12 +378,265 @@ export async function createSafeBrowseServer(options = {}) {
                         status: result.verdict.decision === "ALLOW" ? "used" : session.status
                     });
                 }
-                writeJson(response, 200, result);
+                writeJson(response, 200, {
+                    ...result,
+                    ...legacyResponseMeta("/v2/tool/callback/verify")
+                });
                 return;
             }
             if (request.url === "/v2/artifact") {
                 const payload = await readJson(request);
-                writeJson(response, 200, brokerArtifactV2(payload, runtime));
+                writeJson(response, 200, {
+                    ...brokerArtifactV2(payload, runtime),
+                    ...legacyResponseMeta("/v2/artifact")
+                });
+                return;
+            }
+            if (request.url === "/v4/session/start") {
+                const payload = await readJson(request);
+                const sessionState = createSessionState(payload, runtime);
+                sessions.set(sessionState.session.sessionId, sessionState);
+                writeJson(response, 200, {
+                    session: sessionState.session
+                });
+                return;
+            }
+            if (request.url === "/v4/observe") {
+                const payload = await readJson(request);
+                const sessionState = findSessionState(sessions, payload.sessionId);
+                if (!sessionState) {
+                    writeJson(response, 404, { error: "unknown_session" });
+                    return;
+                }
+                const capture = {
+                    ...payload.capture,
+                    sessionId: payload.sessionId,
+                    taskId: sessionState.session.taskId
+                };
+                const observation = await compileObservationInIsolation({
+                    capture,
+                    workflowHash: sessionState.session.workflowHash,
+                    allowlistedEgress: runtime.parserAllowlistedEgress,
+                    runtime: {
+                        knowledgeBase: runtime.knowledgeBase
+                    }
+                });
+                const failClosedObservation = applyV4FailClosedMediation(observation.compiledObservation, observation.plannerInput, "observe");
+                let capabilities = mintCapabilitiesForObservation(sessionState.session, observation.compiledObservation, {
+                    sourceObservationId: observation.compiledObservation.observationId
+                });
+                let plannerInput = failClosedObservation.plannerInput;
+                if (shouldReduceAuthority(sessionState, observation.compiledObservation)) {
+                    plannerInput = applyAuthorityReduction(sessionState, observation.compiledObservation, plannerInput);
+                    capabilities = [];
+                }
+                sessionState.capabilities.clear();
+                for (const capability of capabilities) {
+                    sessionState.capabilities.set(capability.capabilityId, capability);
+                }
+                sessionState.latestObservation = observation.compiledObservation;
+                writeJson(response, 200, {
+                    compiledObservation: observation.compiledObservation,
+                    observationVerdict: failClosedObservation.verdict,
+                    plannerInput: attachCapabilitiesToPlannerInput(plannerInput, capabilities)
+                });
+                return;
+            }
+            if (request.url === "/v4/action/evaluate") {
+                const payload = await readJson(request);
+                const sessionState = findSessionState(sessions, payload.sessionId);
+                const capability = sessionState?.capabilities.get(payload.capabilityId);
+                const verdict = evaluateCapabilityUse(payload, sessionState?.session, capability, {
+                    alreadyUsed: sessionState?.usedCapabilities.has(payload.capabilityId) ?? false
+                });
+                if (verdict.decision === "ALLOW" && sessionState && capability) {
+                    sessionState.capabilities.delete(payload.capabilityId);
+                    sessionState.usedCapabilities.add(payload.capabilityId);
+                    sessionState.session = {
+                        ...sessionState.session,
+                        currentStep: sessionState.session.currentStep + 1
+                    };
+                }
+                writeJson(response, 200, {
+                    verdict,
+                    executionPlan: verdict.decision === "ALLOW" && capability
+                        ? {
+                            verb: capability.kind,
+                            targetUrl: capability.targetUrl,
+                            targetOrigin: capability.targetOrigin,
+                            selector: capability.selector,
+                            derivedSinkClass: capability.derivedSinkClass,
+                            derivedSensitiveSink: capability.derivedSensitiveSink
+                        }
+                        : undefined
+                });
+                return;
+            }
+            if (request.url === "/v4/approval/grant") {
+                const payload = await readJson(request);
+                const sessionState = findSessionState(sessions, payload.sessionId);
+                if (!sessionState) {
+                    writeJson(response, 404, { error: "unknown_session" });
+                    return;
+                }
+                const unknownCapability = (payload.capabilityIds ?? []).find((capabilityId) => !sessionState.capabilities.has(capabilityId));
+                if (unknownCapability) {
+                    writeJson(response, 400, {
+                        error: "unknown_capability",
+                        capabilityId: unknownCapability
+                    });
+                    return;
+                }
+                if (payload.sinkClass === "connector_oauth" &&
+                    !(payload.capabilityIds ?? []).length) {
+                    writeJson(response, 400, {
+                        error: "capability_ids_required",
+                        sinkClass: payload.sinkClass
+                    });
+                    return;
+                }
+                const approvalGrant = issueApprovalGrant(payload, sessionState);
+                sessionState.approvalGrants.set(approvalGrant.approvalGrantId, approvalGrant);
+                writeJson(response, 200, {
+                    approvalGrant
+                });
+                return;
+            }
+            if (request.url === "/v4/tool/prepare") {
+                const payload = await readJson(request);
+                const sessionState = findSessionState(sessions, payload.sessionId);
+                const approvalGrant = sessionState?.approvalGrants.get(payload.approvalGrantId);
+                const prepared = prepareToolOnboardingV4({
+                    ...payload.request,
+                    approvalGrantId: payload.approvalGrantId
+                }, sessionState?.session, approvalGrant, runtime);
+                const onboardingSession = prepared.verdict.decision === "ALLOW" && payload.request.authType === "oauth" && approvalGrant
+                    ? createOnboardingSession(payload.request, runtime, approvalGrant, prepared.verifiedRegistryEntry)
+                    : undefined;
+                if (sessionState && onboardingSession) {
+                    sessionState.onboardingSessions.set(onboardingSession.sessionId, onboardingSession);
+                }
+                writeJson(response, 200, {
+                    verdict: prepared.verdict,
+                    approvalVerdict: prepared.approvalVerdict,
+                    verifiedRegistryEntry: prepared.verifiedRegistryEntry,
+                    workflowBinding: prepared.workflowBinding,
+                    onboardingSession
+                });
+                return;
+            }
+            if (request.url === "/v4/tool/callback/verify") {
+                const payload = await readJson(request);
+                const sessionState = findSessionState(sessions, payload.sessionId);
+                const approvalGrant = sessionState?.approvalGrants.get(payload.approvalGrantId);
+                const session = sessionState?.onboardingSessions.get(payload.request.sessionId);
+                const result = verifyToolCallbackV4(payload.request, sessionState?.session, session, approvalGrant, runtime);
+                if (sessionState && session) {
+                    sessionState.onboardingSessions.set(payload.request.sessionId, {
+                        ...session,
+                        status: result.verdict.decision === "ALLOW" ? "used" : session.status
+                    });
+                }
+                writeJson(response, 200, result);
+                return;
+            }
+            if (request.url === "/v4/artifact/ingest") {
+                const payload = await readJson(request);
+                const sessionState = findSessionState(sessions, payload.sessionId);
+                if (!sessionState) {
+                    writeJson(response, 404, { error: "unknown_session" });
+                    return;
+                }
+                const capture = {
+                    ...payload.capture,
+                    sessionId: payload.sessionId,
+                    taskId: sessionState.session.taskId
+                };
+                const observation = await compileObservationInIsolation({
+                    capture,
+                    workflowHash: sessionState.session.workflowHash,
+                    allowlistedEgress: runtime.parserAllowlistedEgress,
+                    runtime: {
+                        knowledgeBase: runtime.knowledgeBase
+                    }
+                });
+                const failClosedArtifact = applyV4FailClosedMediation(observation.compiledObservation, observation.plannerInput, "artifact");
+                const legacyArtifact = buildLegacyObservationCapture(capture);
+                const artifactResult = legacyArtifact !== undefined ? brokerArtifact(legacyArtifact, runtime) : undefined;
+                sessionState.latestObservation = observation.compiledObservation;
+                const effectiveArtifactVerdict = failClosedArtifact.failClosed
+                    ? failClosedArtifact.verdict
+                    : artifactResult?.verdict;
+                const effectiveArtifact = failClosedArtifact.failClosed && artifactResult?.artifact
+                    ? {
+                        ...artifactResult.artifact,
+                        toolActivationPolicy: "block",
+                        approvalRequiredForFollowOn: true
+                    }
+                    : artifactResult?.artifact;
+                const plannerInput = shouldReduceAuthority(sessionState, observation.compiledObservation)
+                    ? applyAuthorityReduction(sessionState, observation.compiledObservation, failClosedArtifact.plannerInput)
+                    : failClosedArtifact.plannerInput;
+                writeJson(response, 200, {
+                    compiledObservation: observation.compiledObservation,
+                    plannerInput,
+                    artifactVerdict: effectiveArtifactVerdict,
+                    artifact: effectiveArtifact
+                });
+                return;
+            }
+            if (request.url === "/v4/memory/write") {
+                const payload = await readJson(request);
+                const sessionState = findSessionState(sessions, payload.sessionId);
+                const result = evaluateMemoryWriteV4(payload, sessionState?.session, runtime);
+                if (sessionState && result.record) {
+                    sessionState.memoryRecords.set(result.record.recordId, result.record);
+                }
+                writeJson(response, 200, result);
+                return;
+            }
+            if (request.url === "/v4/memory/promote") {
+                const payload = await readJson(request);
+                const sessionState = findSessionState(sessions, payload.sessionId);
+                const record = sessionState?.memoryRecords.get(payload.recordId);
+                const approvalGrant = payload.approvalGrantId && sessionState
+                    ? sessionState.approvalGrants.get(payload.approvalGrantId)
+                    : undefined;
+                const result = promoteMemoryRecordV4(payload, sessionState?.session, record, approvalGrant);
+                if (sessionState && result.promotedRecord) {
+                    if (record && result.promotedRecord.snapshotId) {
+                        sessionState.memorySnapshots.set(result.promotedRecord.snapshotId, {
+                            ...record,
+                            tier: "trusted_durable",
+                            summaryOnly: false,
+                            snapshotId: result.promotedRecord.snapshotId,
+                            rollbackPointId: result.promotedRecord.rollbackPointId
+                        });
+                    }
+                    sessionState.memoryRecords.set(result.promotedRecord.recordId, result.promotedRecord);
+                }
+                writeJson(response, 200, result);
+                return;
+            }
+            if (request.url === "/v4/memory/rollback") {
+                const payload = await readJson(request);
+                const sessionState = findSessionState(sessions, payload.sessionId);
+                const record = sessionState?.memoryRecords.get(payload.recordId);
+                const snapshotRecord = sessionState?.memorySnapshots.get(payload.snapshotId);
+                const result = rollbackMemoryRecordV4(payload, sessionState?.session, record, snapshotRecord);
+                if (sessionState && result.restoredRecord) {
+                    sessionState.memoryRecords.set(result.restoredRecord.recordId, result.restoredRecord);
+                }
+                writeJson(response, 200, {
+                    ...result,
+                    rollbackEvent: result.verdict.decision === "ALLOW"
+                        ? {
+                            recordId: payload.recordId,
+                            snapshotId: payload.snapshotId,
+                            appliedAt: new Date().toISOString()
+                        }
+                        : undefined
+                });
                 return;
             }
             writeJson(response, 404, { error: "not_found" });