@the-ai-company/cbio-node-runtime 1.55.1 → 1.57.0

package/dist/vault-core/core.js

@@ -2,6 +2,7 @@ import { AuditAction, AuditOutcome, DispatchStatus, } from "./contracts.js";
 import { VaultCoreError } from "./errors.js";
 import { verifySignature } from "../protocol/crypto.js";
 import { getAgentToolbox } from "./tool-metadata.js";
+const VAULT_MASTER_ID = "vault-master";
 function toAuditEntry(deps, actor, action, outcome, detail, options) {
     return {
         entryId: deps.ids.newAuditEntryId(),
@@ -35,11 +36,37 @@ function buildSecretRecord(deps, command) {
         updatedAt: now,
     };
 }
+function normalizeScopeTarget(targetUrl) {
+    try {
+        const parsed = new URL(targetUrl);
+        if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
+            return null;
+        }
+        parsed.protocol = parsed.protocol.toLowerCase();
+        parsed.hostname = parsed.hostname.toLowerCase();
+        parsed.hash = "";
+        parsed.search = "";
+        if ((parsed.protocol === "https:" && parsed.port === "443") || (parsed.protocol === "http:" && parsed.port === "80")) {
+            parsed.port = "";
+        }
+        parsed.pathname = parsed.pathname || "/";
+        return parsed.toString();
+    }
+    catch {
+        return null;
+    }
+}
 function isScopeMatch(scope, targetUrl) {
+    const normalizedTarget = normalizeScopeTarget(targetUrl);
+    if (!normalizedTarget) {
+        return false;
+    }
     if (scope.endsWith("*")) {
-        return targetUrl.startsWith(scope.slice(0, -1));
+        const normalizedPrefix = normalizeScopeTarget(scope.slice(0, -1));
+        return normalizedPrefix ? normalizedTarget.startsWith(normalizedPrefix) : false;
     }
-    return scope === targetUrl;
+    const normalizedScope = normalizeScopeTarget(scope);
+    return normalizedScope === normalizedTarget;
 }
 function createAgentControlBinding(requestId, requestedAt, agentId, action, payload = {}) {
     return JSON.stringify({
@@ -56,11 +83,137 @@ function createAgentControlBinding(requestId, requestedAt, agentId, action, payl
  */
 export class VaultCore {
     _deps;
-    _pendingObservers = new Set();
-    _pendingCapabilityObservers = new Set();
+    _capabilityStateObservers = new Set();
     constructor(_deps) {
         this._deps = _deps;
     }
+    _assertOwnerPrincipal(actor, code = "VAULT_AUDIT_DENIED") {
+        if (actor.kind !== "owner" || actor.id !== VAULT_MASTER_ID) {
+            throw new VaultCoreError("owner access denied", code);
+        }
+    }
+    _stateToGrantedCapability(state) {
+        return {
+            vaultId: state.vaultId,
+            capabilityId: state.capabilityId ?? "",
+            agentId: state.agentId,
+            secretIds: state.secretIds ? [...state.secretIds] : undefined,
+            secretAliases: state.secretAliases ? [...state.secretAliases] : undefined,
+            operation: state.operation,
+            customFlowId: state.customFlowId,
+            scope: state.scope,
+            methods: [...state.methods],
+            issuedAt: state.issuedAt ?? state.requestedAt,
+            expiresAt: state.expiresAt,
+            rateLimit: state.rateLimit,
+            skipAudit: state.skipAudit,
+        };
+    }
+    async _buildAgentCapabilityStates(agentId) {
+        return (await this._deps.capabilityStates.list(this._deps.vaultId, agentId)).map((state) => ({
+            status: state.status,
+            source: state.source,
+            agentId: state.agentId,
+            requestId: state.requestId,
+            capabilityId: state.capabilityId,
+            operation: state.operation,
+            secretIds: state.secretIds ? [...state.secretIds] : undefined,
+            secretAliases: state.secretAliases ? [...state.secretAliases] : undefined,
+            customFlowId: state.customFlowId,
+            scope: state.scope,
+            methods: [...state.methods],
+            issuedAt: state.issuedAt,
+            requestedAt: state.requestedAt,
+            expiresAt: state.expiresAt,
+            rateLimit: state.rateLimit,
+            skipAudit: state.skipAudit,
+            justification: state.justification,
+            secretAlias: state.secretAlias,
+            targetUrl: state.targetUrl,
+        }));
+    }
+    _isExecutablePendingState(state) {
+        return !!(state.requestId && state.targetUrl && state.secretAlias && state.proof);
+    }
+    async _executePendingCapabilityState(command, mode) {
+        if (command.vaultId.value !== this._deps.vaultId.value) {
+            throw new VaultCoreError("write vault mismatch", "VAULT_WRITE_DENIED");
+        }
+        const pending = await this._deps.capabilityStates.getByRequestId(command.vaultId, command.requestId);
+        if (!pending || pending.status !== "PENDING") {
+            throw new VaultCoreError("pending capability state not found", "VAULT_REQUEST_NOT_FOUND");
+        }
+        const issuedAt = this._deps.clock.nowIso();
+        const capability = {
+            vaultId: this._deps.vaultId,
+            agentId: pending.agentId,
+            capabilityId: pending.capabilityId ?? this._deps.ids.newCapabilityId(),
+            secretIds: pending.secretIds ? [...pending.secretIds] : undefined,
+            secretAliases: pending.secretAliases ? [...pending.secretAliases] : (pending.secretAlias ? [pending.secretAlias] : []),
+            operation: pending.operation,
+            customFlowId: pending.customFlowId,
+            scope: pending.targetUrl ?? pending.scope,
+            methods: [...pending.methods],
+            issuedAt,
+            expiresAt: pending.expiresAt,
+            rateLimit: pending.rateLimit,
+            skipAudit: pending.skipAudit,
+        };
+        let result;
+        if (this._isExecutablePendingState(pending)) {
+            result = await this.agentDispatchSecret({
+                vaultId: this._deps.vaultId,
+                agent: { kind: "agent", id: pending.agentId },
+                capability,
+                secretAlias: pending.secretAlias === "unknown" ? undefined : pending.secretAlias,
+                targetUrl: pending.targetUrl,
+                method: pending.methods[0] ?? "POST",
+                headers: pending.headers,
+                body: pending.body,
+                proof: pending.proof,
+                requestId: pending.requestId,
+                requestedAt: pending.requestedAt,
+            });
+        }
+        else if (mode === "grant") {
+            result = {
+                vaultId: this._deps.vaultId,
+                requestId: pending.requestId ?? command.requestId,
+                status: DispatchStatus.SUCCEEDED,
+                targetUrl: pending.scope,
+                method: pending.methods[0] ?? "POST",
+            };
+        }
+        else {
+            throw new VaultCoreError("pending capability state is not executable", "VAULT_WRITE_DENIED");
+        }
+        if (mode === "grant") {
+            await this._deps.capabilityStates.upsert({
+                ...pending,
+                capabilityId: capability.capabilityId,
+                status: "GRANTED",
+                source: "owner_grant",
+                issuedAt,
+                decidedAt: issuedAt,
+            });
+            await this._appendAudit(toAuditEntry(this._deps, command.owner, AuditAction.APPROVE_CAPABILITY_REQUEST, AuditOutcome.SUCCEEDED, `executed and granted capability state ${command.requestId}`, {
+                requestId: command.requestId,
+                agentId: pending.agentId,
+                capabilityId: capability.capabilityId,
+                operation: capability.operation,
+            }));
+        }
+        else {
+            await this._deps.capabilityStates.deleteByRequestId(command.vaultId, command.requestId);
+            await this._appendAudit(toAuditEntry(this._deps, command.owner, AuditAction.APPROVE_CAPABILITY_REQUEST, AuditOutcome.SUCCEEDED, `executed once and deleted capability state ${command.requestId}`, {
+                requestId: command.requestId,
+                agentId: pending.agentId,
+                capabilityId: capability.capabilityId,
+                operation: capability.operation,
+            }));
+        }
+        return result;
+    }
     get vaultId() {
         return this._deps.vaultId;
     }
@@ -110,7 +263,9 @@ export class VaultCore {
         }
     }
     async _listVisibleSecretsForAgent(agentId) {
-        const capabilities = await this._deps.capabilities.list(this._deps.vaultId, agentId);
+        const capabilities = (await this._deps.capabilityStates.list(this._deps.vaultId, agentId))
+            .filter((state) => state.status === "GRANTED")
+            .map((state) => this._stateToGrantedCapability(state));
         const capabilityMap = new Map();
         for (const capability of capabilities) {
             for (const alias of capability.secretAliases ?? []) {
@@ -139,16 +294,10 @@ export class VaultCore {
             };
         });
     }
-    ownerOnPendingDispatch(callback) {
-        this._pendingObservers.add(callback);
-        return () => {
-            this._pendingObservers.delete(callback);
-        };
-    }
-    ownerOnPendingCapabilityRequest(callback) {
-        this._pendingCapabilityObservers.add(callback);
+    ownerOnCapabilityState(callback) {
+        this._capabilityStateObservers.add(callback);
         return () => {
-            this._pendingCapabilityObservers.delete(callback);
+            this._capabilityStateObservers.delete(callback);
         };
     }
     async ownerRegisterAgentIdentity(command) {
@@ -213,7 +362,13 @@ export class VaultCore {
             throw new VaultCoreError("capability id required", "VAULT_IDENTITY_DENIED");
         }
         try {
-            await this._deps.capabilities.register(command.capability);
+            await this._deps.capabilityStates.upsert({
+                ...command.capability,
+                status: "GRANTED",
+                source: "owner_grant",
+                requestId: undefined,
+                requestedAt: command.capability.issuedAt,
+            });
             await this._appendAudit(toAuditEntry(this._deps, command.owner, AuditAction.REGISTER_CAPABILITY, AuditOutcome.SUCCEEDED, `capability registered: ${command.capability.capabilityId}`, {
                 capabilityId: command.capability.capabilityId,
                 operation: command.capability.operation,
@@ -243,28 +398,27 @@ export class VaultCore {
         }
         const pendingRecord = {
             vaultId: this._deps.vaultId,
+            status: "PENDING",
+            source: "explicit_request",
             requestId: command.requestId,
-            requester: command.requester,
             agentId: command.agentId,
-            scope: {
-                operation: command.scope.operation,
-                secretAliases: command.scope.secretAliases ? [...command.scope.secretAliases] : [],
-                scope: command.scope.scope,
-                methods: [...command.scope.methods],
-                rateLimit: command.scope.rateLimit,
-                skipAudit: command.scope.skipAudit,
-                expiresAt: command.scope.expiresAt,
-            },
+            operation: command.scope.operation,
+            secretAliases: command.scope.secretAliases ? [...command.scope.secretAliases] : [],
+            scope: command.scope.scope,
+            methods: [...command.scope.methods],
+            rateLimit: command.scope.rateLimit,
+            skipAudit: command.scope.skipAudit,
+            expiresAt: command.scope.expiresAt,
             justification: command.justification,
             requestedAt: command.requestedAt,
         };
-        await this._deps.pendingCapabilityRequests.save(pendingRecord);
-        for (const observer of this._pendingCapabilityObservers) {
+        await this._deps.capabilityStates.upsert(pendingRecord);
+        for (const observer of this._capabilityStateObservers) {
             try {
                 observer(pendingRecord);
             }
             catch (error) {
-                console.error("VaultCore: error in pending capability observer:", error);
+                console.error("VaultCore: error in capability state observer:", error);
             }
         }
         await this._appendAudit(toAuditEntry(this._deps, command.requester, AuditAction.SUBMIT_CAPABILITY_REQUEST, AuditOutcome.PENDING, `capability request submitted for agent: ${command.agentId}`, {
@@ -278,7 +432,8 @@ export class VaultCore {
         if (vaultId.value !== this._deps.vaultId.value) {
             throw new VaultCoreError("capability lookup vault mismatch", "VAULT_IDENTITY_DENIED");
         }
-        return this._deps.capabilities.get(vaultId, agentId, capabilityId);
+        const state = await this._deps.capabilityStates.getByCapabilityId(vaultId, agentId, capabilityId);
+        return state && state.status === "GRANTED" ? this._stateToGrantedCapability(state) : null;
     }
     async ownerRegisterCustomFlow(command) {
         if (command.vaultId.value !== this._deps.vaultId.value) {
@@ -481,8 +636,14 @@ export class VaultCore {
         if (!agentRecord) {
             return { vaultId: this._deps.vaultId, decision: "deny", reason: "agent not found", secretId: null, executorTarget: null };
         }
-        const capabilities = await this._deps.capabilities.list(this._deps.vaultId, request.agent.id);
-        const capability = capabilities.find(cap => this.isCapabilityMatch(cap, request));
+        const capabilities = (await this._deps.capabilityStates.list(this._deps.vaultId, request.agent.id))
+            .filter((state) => state.status === "GRANTED")
+            .map((state) => this._stateToGrantedCapability(state));
+        const requestedCapabilityId = request.capability?.capabilityId;
+        const candidateCapabilities = requestedCapabilityId
+            ? capabilities.filter((cap) => cap.capabilityId === requestedCapabilityId)
+            : capabilities;
+        const capability = candidateCapabilities.find((cap) => this.isCapabilityMatch(cap, request, record?.secretId.value));
         const executorTarget = record
             ? record.targetBindings.find((binding) => binding.targetUrl === request.targetUrl)
                 ?? record.targetBindings.find((binding) => binding.targetId === request.targetUrl)
@@ -491,25 +652,31 @@ export class VaultCore {
         if (!capability) {
             // It's a discovery case if the agent and secret exist but no capability matches
             const pendingRecord = {
+                vaultId: this._deps.vaultId,
+                status: "PENDING",
+                source: "dispatch_discovery",
                 requestId: request.requestId,
                 agentId: request.agent.id,
                 capabilityId: undefined,
+                operation: "dispatch_http",
+                secretAliases: request.secretAlias ? [request.secretAlias] : [],
+                scope: request.targetUrl,
+                methods: [request.method],
+                requestedAt: request.requestedAt,
                 secretAlias: request.secretAlias ?? "unknown",
                 targetUrl: request.targetUrl,
-                method: request.method,
                 headers: request.headers,
                 body: request.body,
-                requestedAt: request.requestedAt,
                 proof: request.proof,
             };
-            await this._deps.pendingRequests.save(pendingRecord);
+            await this._deps.capabilityStates.upsert(pendingRecord);
             // Notify observers
-            for (const observer of this._pendingObservers) {
+            for (const observer of this._capabilityStateObservers) {
                 try {
                     observer(pendingRecord);
                 }
                 catch (error) {
-                    console.error("VaultCore: error in pending observer:", error);
+                    console.error("VaultCore: error in capability state observer:", error);
                 }
             }
             await this._appendDecisionAudit(request, AuditOutcome.PENDING, "dispatch stalled for manual discovery approval", {
@@ -524,6 +691,26 @@ export class VaultCore {
                 executorTarget,
             };
         }
+        try {
+            await this._deps.policy.authorizeDispatch({
+                ...request,
+                capability,
+            }, record);
+        }
+        catch (error) {
+            const detail = error instanceof Error ? error.message : String(error);
+            await this._appendDecisionAudit(request, AuditOutcome.DENIED, detail, {
+                secretAlias: record?.alias.value ?? request.secretAlias,
+                secretId: record?.secretId.value,
+            });
+            return {
+                vaultId: this._deps.vaultId,
+                decision: "deny",
+                reason: detail,
+                secretId: record?.secretId ?? null,
+                executorTarget,
+            };
+        }
         // Capability found, proceed
         if (!capability.skipAudit) {
             await this._appendDecisionAudit(request, AuditOutcome.ALLOWED, "dispatch authorized", {
@@ -585,11 +772,13 @@ export class VaultCore {
         };
     }
     async ownerReadAudit(actor, query, request) {
+        this._assertOwnerPrincipal(actor, "VAULT_AUDIT_DENIED");
         const entries = await this._deps.audit.query(query);
         await this._appendAudit(toAuditEntry(this._deps, actor, AuditAction.READ_AUDIT, AuditOutcome.ALLOWED, "audit queried"));
         return entries;
     }
     async ownerExportSecret(actor, alias, request) {
+        this._assertOwnerPrincipal(actor, "VAULT_AUDIT_DENIED");
         try {
             const record = await this._deps.secrets.getByAlias({ value: alias });
             if (!record) {
@@ -622,10 +811,14 @@ export class VaultCore {
             throw error;
         }
     }
-    isCapabilityMatch(capability, request) {
-        // Basic Iron Triangle match
-        if (request.secretAlias && !capability.secretAliases?.includes(request.secretAlias)) {
-            return false;
+    isCapabilityMatch(capability, request, secretId) {
+        // Match either alias- or id-based capability grants when a secret is specified.
+        if (request.secretAlias) {
+            const aliasMatched = capability.secretAliases?.includes(request.secretAlias) ?? false;
+            const idMatched = secretId ? (capability.secretIds?.includes(secretId) ?? false) : false;
+            if (!aliasMatched && !idMatched) {
+                return false;
+            }
         }
         if (request.method && capability.methods?.length > 0 && !capability.methods.includes(request.method)) {
             return false;
@@ -643,7 +836,9 @@ export class VaultCore {
         return identities;
     }
     async ownerListCapabilities(actor, agentId, request) {
-        const capabilities = await this._deps.capabilities.list(this._deps.vaultId, agentId);
+        const capabilities = (await this._deps.capabilityStates.list(this._deps.vaultId, agentId))
+            .filter((state) => state.status === "GRANTED")
+            .map((state) => this._stateToGrantedCapability(state));
         await this._appendAudit(toAuditEntry(this._deps, actor, AuditAction.LIST_CAPABILITIES, AuditOutcome.ALLOWED, "capabilities listed", {
             requestId: request?.requestId,
             agentId,
@@ -670,7 +865,7 @@ export class VaultCore {
             throw new VaultCoreError("read vault mismatch", "VAULT_READ_DENIED");
         }
         await this._verifyAgentControlProof(request, "list_capabilities");
-        return this._deps.capabilities.list(this._deps.vaultId, request.agent.id);
+        return this._buildAgentCapabilityStates(request.agent.id);
     }
     async agentListSecrets(request) {
         if (request.vaultId.value !== this._deps.vaultId.value) {
@@ -683,13 +878,25 @@ export class VaultCore {
         if (command.vaultId.value !== this._deps.vaultId.value) {
             throw new VaultCoreError("read vault mismatch", "VAULT_READ_DENIED");
         }
-        const capabilities = await this._deps.capabilities.list(this._deps.vaultId, command.agent.id);
+        await this._verifyAgentControlProof(command, "get_manifest");
+        const agentRecord = await this._deps.agentIdentities.get(this._deps.vaultId, command.agent.id);
+        if (!agentRecord) {
+            throw new VaultCoreError("agent identity not registered", "VAULT_DISPATCH_DENIED");
+        }
+        const capabilities = await this._buildAgentCapabilityStates(command.agent.id);
         const vaultNickname = "CBIO Vault"; // TODO: Pull from profile if available
         return {
             agentId: command.agent.id,
             vaultId: this._deps.vaultId.value,
             vaultNickname,
             issuedAt: this._deps.clock.nowIso(),
+            agent: {
+                agentId: agentRecord.agentId,
+                identityId: agentRecord.identityId,
+                publicKey: agentRecord.publicKey,
+                nickname: agentRecord.nickname,
+                metadata: agentRecord.metadata,
+            },
             capabilities,
             tools: getAgentToolbox(),
         };
@@ -716,7 +923,15 @@ export class VaultCore {
         });
     }
     async ownerRevokeCapability(command) {
-        await this._deps.policy.revokeCapability(command.vaultId, command.agentId, command.capabilityId);
+        const existing = await this._deps.capabilityStates.getByCapabilityId(command.vaultId, command.agentId, command.capabilityId);
+        if (!existing) {
+            throw new VaultCoreError("capability not found", "VAULT_CAPABILITY_NOT_FOUND");
+        }
+        await this._deps.capabilityStates.upsert({
+            ...existing,
+            status: "REJECTED",
+            decidedAt: this._deps.clock.nowIso(),
+        });
         await this._appendAudit(toAuditEntry(this._deps, command.owner, AuditAction.REVOKE_CAPABILITY, AuditOutcome.SUCCEEDED, "capability revoked", {
             requestId: command.requestId,
             agentId: command.agentId,
@@ -762,135 +977,39 @@ export class VaultCore {
         await this._deps.sessionTokens.revoke(request.token);
         await this._appendAudit(toAuditEntry(this._deps, request.actor, AuditAction.REVOKE_SESSION_TOKEN, AuditOutcome.SUCCEEDED, "session token revoked"));
     }
-    async ownerListPendingDispatches(command) {
+    async ownerListCapabilityStates(command) {
         if (command.vaultId.value !== this._deps.vaultId.value) {
             throw new VaultCoreError("read vault mismatch", "VAULT_READ_DENIED");
         }
-        return this._deps.pendingRequests.list(command.vaultId);
+        return (await this._deps.capabilityStates.list(command.vaultId, command.agentId))
+            .filter((state) => !command.status || state.status === command.status);
     }
-    async ownerListPendingCapabilityRequests(command) {
-        if (command.vaultId.value !== this._deps.vaultId.value) {
-            throw new VaultCoreError("read vault mismatch", "VAULT_READ_DENIED");
-        }
-        return this._deps.pendingCapabilityRequests.list(command.vaultId);
+    async ownerExecuteCapabilityStateOnce(command) {
+        return this._executePendingCapabilityState(command, "once");
     }
-    async ownerApproveCapabilityRequest(command) {
-        if (command.vaultId.value !== this._deps.vaultId.value) {
-            throw new VaultCoreError("write vault mismatch", "VAULT_WRITE_DENIED");
-        }
-        const pending = await this._deps.pendingCapabilityRequests.get(command.requestId);
-        if (!pending) {
-            throw new VaultCoreError("pending capability request not found", "VAULT_REQUEST_NOT_FOUND");
-        }
-        const capability = {
-            vaultId: this._deps.vaultId,
-            agentId: pending.agentId,
-            capabilityId: command.capabilityId ?? this._deps.ids.newCapabilityId(),
-            operation: pending.scope.operation,
-            secretAliases: pending.scope.secretAliases ? [...pending.scope.secretAliases] : [],
-            scope: pending.scope.scope,
-            methods: [...pending.scope.methods],
-            rateLimit: pending.scope.rateLimit,
-            skipAudit: pending.scope.skipAudit,
-            expiresAt: pending.scope.expiresAt,
-            issuedAt: this._deps.clock.nowIso(),
-        };
-        await this._deps.capabilities.register(capability);
-        await this._deps.pendingCapabilityRequests.delete(command.requestId);
-        await this._appendAudit(toAuditEntry(this._deps, command.owner, AuditAction.APPROVE_CAPABILITY_REQUEST, AuditOutcome.SUCCEEDED, `approved capability request ${command.requestId}`, {
-            requestId: command.requestId,
-            agentId: pending.agentId,
-            capabilityId: capability.capabilityId,
-            operation: capability.operation,
-        }));
-        return capability;
+    async ownerExecuteCapabilityStateAndGrant(command) {
+        return this._executePendingCapabilityState(command, "grant");
     }
-    async ownerRejectCapabilityRequest(command) {
+    async ownerRejectCapabilityState(command) {
         if (command.vaultId.value !== this._deps.vaultId.value) {
             throw new VaultCoreError("write vault mismatch", "VAULT_WRITE_DENIED");
         }
-        const pending = await this._deps.pendingCapabilityRequests.get(command.requestId);
-        if (!pending) {
-            throw new VaultCoreError("pending capability request not found", "VAULT_REQUEST_NOT_FOUND");
+        const pending = await this._deps.capabilityStates.getByRequestId(command.vaultId, command.requestId);
+        if (!pending || pending.status !== "PENDING") {
+            throw new VaultCoreError("pending capability state not found", "VAULT_REQUEST_NOT_FOUND");
         }
-        await this._deps.pendingCapabilityRequests.delete(command.requestId);
+        const rejectedState = {
+            ...pending,
+            status: "REJECTED",
+            decidedAt: this._deps.clock.nowIso(),
+        };
+        await this._deps.capabilityStates.upsert(rejectedState);
         await this._appendAudit(toAuditEntry(this._deps, command.owner, AuditAction.REJECT_CAPABILITY_REQUEST, AuditOutcome.SUCCEEDED, `rejected capability request ${command.requestId}`, {
             requestId: command.requestId,
             agentId: pending.agentId,
-            operation: pending.scope.operation,
-        }));
-    }
-    async ownerApproveDispatch(command) {
-        if (command.vaultId.value !== this._deps.vaultId.value) {
-            throw new VaultCoreError("write vault mismatch", "VAULT_WRITE_DENIED");
-        }
-        const pending = await this._deps.pendingRequests.get(command.requestId);
-        if (!pending) {
-            throw new VaultCoreError("pending request not found", "VAULT_REQUEST_NOT_FOUND");
-        }
-        const agentRecord = await this._deps.agentIdentities.get(this._deps.vaultId, pending.agentId);
-        if (!agentRecord) {
-            throw new VaultCoreError("agent identity not found", "VAULT_AGENT_NOT_FOUND");
-        }
-        let capability;
-        if (pending.capabilityId) {
-            const existing = await this._deps.capabilities.get(this._deps.vaultId, pending.agentId, pending.capabilityId);
-            if (!existing) {
-                throw new VaultCoreError("capability not found", "VAULT_CAPABILITY_NOT_FOUND");
-            }
-            capability = existing;
-        }
-        else {
-            // Discovery case: derive from request
-            const capabilityId = this._deps.ids.newCapabilityId();
-            capability = {
-                vaultId: this._deps.vaultId,
-                agentId: pending.agentId,
-                capabilityId,
-                secretAliases: [pending.secretAlias],
-                methods: [pending.method],
-                scope: pending.targetUrl,
-                operation: "dispatch_http",
-                issuedAt: this._deps.clock.nowIso(),
-                skipAudit: command.skipAudit ?? false,
-            };
-            if (command.permanent) {
-                await this._deps.capabilities.register(capability);
-            }
-        }
-        const result = await this.agentDispatchSecret({
-            vaultId: this._deps.vaultId,
-            agent: { kind: "agent", id: pending.agentId },
-            capability: capability,
-            secretAlias: pending.secretAlias === "unknown" ? undefined : pending.secretAlias,
-            targetUrl: pending.targetUrl,
-            method: pending.method,
-            headers: pending.headers,
-            body: pending.body,
-            proof: pending.proof,
-            requestId: pending.requestId,
-            requestedAt: pending.requestedAt,
-        });
-        await this._deps.pendingRequests.delete(command.requestId);
-        await this._appendAudit(toAuditEntry(this._deps, command.owner, AuditAction.APPROVE_DISPATCH, AuditOutcome.SUCCEEDED, `approved dispatch ${command.requestId}${command.permanent ? " and granted permanent capability" : ""}`, {
-            requestId: command.requestId,
-            agentId: pending.agentId,
-            capabilityId: capability.capabilityId,
-        }));
-        return result;
-    }
-    async ownerRejectDispatch(command) {
-        if (command.vaultId.value !== this._deps.vaultId.value) {
-            throw new VaultCoreError("write vault mismatch", "VAULT_WRITE_DENIED");
-        }
-        const pending = await this._deps.pendingRequests.get(command.requestId);
-        if (!pending) {
-            throw new VaultCoreError("pending request not found", "VAULT_REQUEST_NOT_FOUND");
-        }
-        await this._deps.pendingRequests.delete(command.requestId);
-        await this._appendAudit(toAuditEntry(this._deps, command.owner, AuditAction.REJECT_DISPATCH, AuditOutcome.SUCCEEDED, `rejected dispatch ${command.requestId}`, {
-            requestId: command.requestId,
+            operation: pending.operation,
         }));
+        return rejectedState;
     }
 }
 export function createVaultCore(deps) {