@the-ai-company/cbio-node-runtime 1.56.0 → 1.58.0

package/dist/vault-core/core.js

@@ -23,15 +23,16 @@ function toAuditEntry(deps, actor, action, outcome, detail, options) {
 }
 function buildSecretRecord(deps, command) {
     const now = deps.clock.nowIso();
+    const source = command.source?.kind === "request" && command.source.requestId
+        ? { kind: "request", requestId: command.source.requestId }
+        : { kind: "manual" };
     return {
         vaultId: deps.vaultId,
         secretId: deps.ids.newSecretId(),
         alias: { value: command.alias },
         version: deps.ids.newVersion(),
         issuerId: command.kind === "issuer.write_secret" ? command.issuerSiteId : null,
-        targetBindings: command.kind === "issuer.write_secret"
-            ? [...(command.targetBindings ?? [{ kind: "site", targetId: command.issuerSiteId }])]
-            : [...(command.targetBindings ?? [])],
+        source,
         createdAt: now,
         updatedAt: now,
     };
@@ -83,8 +84,7 @@ function createAgentControlBinding(requestId, requestedAt, agentId, action, payl
  */
 export class VaultCore {
     _deps;
-    _pendingObservers = new Set();
-    _pendingCapabilityObservers = new Set();
+    _capabilityStateObservers = new Set();
     constructor(_deps) {
         this._deps = _deps;
     }
@@ -93,6 +93,128 @@ export class VaultCore {
             throw new VaultCoreError("owner access denied", code);
         }
     }
+    _stateToGrantedCapability(state) {
+        return {
+            vaultId: state.vaultId,
+            capabilityId: state.capabilityId ?? "",
+            agentId: state.agentId,
+            secretIds: state.secretIds ? [...state.secretIds] : undefined,
+            secretAliases: state.secretAliases ? [...state.secretAliases] : undefined,
+            operation: state.operation,
+            customFlowId: state.customFlowId,
+            scope: state.scope,
+            methods: [...state.methods],
+            issuedAt: state.issuedAt ?? state.requestedAt,
+            expiresAt: state.expiresAt,
+            rateLimit: state.rateLimit,
+            skipAudit: state.skipAudit,
+        };
+    }
+    async _buildAgentCapabilityStates(agentId) {
+        return (await this._deps.capabilityStates.list(this._deps.vaultId, agentId)).map((state) => ({
+            status: state.status,
+            source: state.source,
+            agentId: state.agentId,
+            requestId: state.requestId,
+            capabilityId: state.capabilityId,
+            operation: state.operation,
+            secretIds: state.secretIds ? [...state.secretIds] : undefined,
+            secretAliases: state.secretAliases ? [...state.secretAliases] : undefined,
+            customFlowId: state.customFlowId,
+            scope: state.scope,
+            methods: [...state.methods],
+            issuedAt: state.issuedAt,
+            requestedAt: state.requestedAt,
+            expiresAt: state.expiresAt,
+            rateLimit: state.rateLimit,
+            skipAudit: state.skipAudit,
+            justification: state.justification,
+            secretAlias: state.secretAlias,
+            targetUrl: state.targetUrl,
+        }));
+    }
+    _isExecutablePendingState(state) {
+        return !!(state.requestId && state.targetUrl && state.secretAlias && state.proof);
+    }
+    async _executePendingCapabilityState(command, mode) {
+        if (command.vaultId.value !== this._deps.vaultId.value) {
+            throw new VaultCoreError("write vault mismatch", "VAULT_WRITE_DENIED");
+        }
+        const pending = await this._deps.capabilityStates.getByRequestId(command.vaultId, command.requestId);
+        if (!pending || pending.status !== "PENDING") {
+            throw new VaultCoreError("pending capability state not found", "VAULT_REQUEST_NOT_FOUND");
+        }
+        const issuedAt = this._deps.clock.nowIso();
+        const capability = {
+            vaultId: this._deps.vaultId,
+            agentId: pending.agentId,
+            capabilityId: pending.capabilityId ?? this._deps.ids.newCapabilityId(),
+            secretIds: pending.secretIds ? [...pending.secretIds] : undefined,
+            secretAliases: pending.secretAliases ? [...pending.secretAliases] : (pending.secretAlias ? [pending.secretAlias] : []),
+            operation: pending.operation,
+            customFlowId: pending.customFlowId,
+            scope: pending.targetUrl ?? pending.scope,
+            methods: [...pending.methods],
+            issuedAt,
+            expiresAt: pending.expiresAt,
+            rateLimit: pending.rateLimit,
+            skipAudit: pending.skipAudit,
+        };
+        let result;
+        if (this._isExecutablePendingState(pending)) {
+            result = await this.agentDispatchSecret({
+                vaultId: this._deps.vaultId,
+                agent: { kind: "agent", id: pending.agentId },
+                capability,
+                secretAlias: pending.secretAlias === "unknown" ? undefined : pending.secretAlias,
+                targetUrl: pending.targetUrl,
+                method: pending.methods[0] ?? "POST",
+                headers: pending.headers,
+                body: pending.body,
+                proof: pending.proof,
+                requestId: pending.requestId,
+                requestedAt: pending.requestedAt,
+            });
+        }
+        else if (mode === "grant") {
+            result = {
+                vaultId: this._deps.vaultId,
+                requestId: pending.requestId ?? command.requestId,
+                status: DispatchStatus.SUCCEEDED,
+                targetUrl: pending.scope,
+                method: pending.methods[0] ?? "POST",
+            };
+        }
+        else {
+            throw new VaultCoreError("pending capability state is not executable", "VAULT_WRITE_DENIED");
+        }
+        if (mode === "grant") {
+            await this._deps.capabilityStates.upsert({
+                ...pending,
+                capabilityId: capability.capabilityId,
+                status: "GRANTED",
+                source: "owner_grant",
+                issuedAt,
+                decidedAt: issuedAt,
+            });
+            await this._appendAudit(toAuditEntry(this._deps, command.owner, AuditAction.APPROVE_CAPABILITY_REQUEST, AuditOutcome.SUCCEEDED, `executed and granted capability state ${command.requestId}`, {
+                requestId: command.requestId,
+                agentId: pending.agentId,
+                capabilityId: capability.capabilityId,
+                operation: capability.operation,
+            }));
+        }
+        else {
+            await this._deps.capabilityStates.deleteByRequestId(command.vaultId, command.requestId);
+            await this._appendAudit(toAuditEntry(this._deps, command.owner, AuditAction.APPROVE_CAPABILITY_REQUEST, AuditOutcome.SUCCEEDED, `executed once and deleted capability state ${command.requestId}`, {
+                requestId: command.requestId,
+                agentId: pending.agentId,
+                capabilityId: capability.capabilityId,
+                operation: capability.operation,
+            }));
+        }
+        return result;
+    }
     get vaultId() {
         return this._deps.vaultId;
     }
@@ -142,7 +264,9 @@ export class VaultCore {
         }
     }
     async _listVisibleSecretsForAgent(agentId) {
-        const capabilities = await this._deps.capabilities.list(this._deps.vaultId, agentId);
+        const capabilities = (await this._deps.capabilityStates.list(this._deps.vaultId, agentId))
+            .filter((state) => state.status === "GRANTED")
+            .map((state) => this._stateToGrantedCapability(state));
         const capabilityMap = new Map();
         for (const capability of capabilities) {
             for (const alias of capability.secretAliases ?? []) {
@@ -163,7 +287,7 @@ export class VaultCore {
                 secretId: record.secretId,
                 alias: record.alias,
                 issuerId: record.issuerId,
-                targetBindings: [...record.targetBindings],
+                source: record.source,
                 createdAt: record.createdAt,
                 updatedAt: record.updatedAt,
                 isAuthorizedForAgent: authorizedCapabilities.length > 0,
@@ -171,16 +295,10 @@ export class VaultCore {
             };
         });
     }
-    ownerOnPendingDispatch(callback) {
-        this._pendingObservers.add(callback);
+    ownerOnCapabilityState(callback) {
+        this._capabilityStateObservers.add(callback);
         return () => {
-            this._pendingObservers.delete(callback);
-        };
-    }
-    ownerOnPendingCapabilityRequest(callback) {
-        this._pendingCapabilityObservers.add(callback);
-        return () => {
-            this._pendingCapabilityObservers.delete(callback);
+            this._capabilityStateObservers.delete(callback);
         };
     }
     async ownerRegisterAgentIdentity(command) {
@@ -245,7 +363,13 @@ export class VaultCore {
             throw new VaultCoreError("capability id required", "VAULT_IDENTITY_DENIED");
         }
         try {
-            await this._deps.capabilities.register(command.capability);
+            await this._deps.capabilityStates.upsert({
+                ...command.capability,
+                status: "GRANTED",
+                source: "owner_grant",
+                requestId: undefined,
+                requestedAt: command.capability.issuedAt,
+            });
             await this._appendAudit(toAuditEntry(this._deps, command.owner, AuditAction.REGISTER_CAPABILITY, AuditOutcome.SUCCEEDED, `capability registered: ${command.capability.capabilityId}`, {
                 capabilityId: command.capability.capabilityId,
                 operation: command.capability.operation,
@@ -275,28 +399,27 @@ export class VaultCore {
         }
         const pendingRecord = {
             vaultId: this._deps.vaultId,
+            status: "PENDING",
+            source: "explicit_request",
             requestId: command.requestId,
-            requester: command.requester,
             agentId: command.agentId,
-            scope: {
-                operation: command.scope.operation,
-                secretAliases: command.scope.secretAliases ? [...command.scope.secretAliases] : [],
-                scope: command.scope.scope,
-                methods: [...command.scope.methods],
-                rateLimit: command.scope.rateLimit,
-                skipAudit: command.scope.skipAudit,
-                expiresAt: command.scope.expiresAt,
-            },
+            operation: command.scope.operation,
+            secretAliases: command.scope.secretAliases ? [...command.scope.secretAliases] : [],
+            scope: command.scope.scope,
+            methods: [...command.scope.methods],
+            rateLimit: command.scope.rateLimit,
+            skipAudit: command.scope.skipAudit,
+            expiresAt: command.scope.expiresAt,
             justification: command.justification,
             requestedAt: command.requestedAt,
         };
-        await this._deps.pendingCapabilityRequests.save(pendingRecord);
-        for (const observer of this._pendingCapabilityObservers) {
+        await this._deps.capabilityStates.upsert(pendingRecord);
+        for (const observer of this._capabilityStateObservers) {
             try {
                 observer(pendingRecord);
             }
             catch (error) {
-                console.error("VaultCore: error in pending capability observer:", error);
+                console.error("VaultCore: error in capability state observer:", error);
             }
         }
         await this._appendAudit(toAuditEntry(this._deps, command.requester, AuditAction.SUBMIT_CAPABILITY_REQUEST, AuditOutcome.PENDING, `capability request submitted for agent: ${command.agentId}`, {
@@ -310,7 +433,8 @@ export class VaultCore {
         if (vaultId.value !== this._deps.vaultId.value) {
             throw new VaultCoreError("capability lookup vault mismatch", "VAULT_IDENTITY_DENIED");
         }
-        return this._deps.capabilities.get(vaultId, agentId, capabilityId);
+        const state = await this._deps.capabilityStates.getByCapabilityId(vaultId, agentId, capabilityId);
+        return state && state.status === "GRANTED" ? this._stateToGrantedCapability(state) : null;
     }
     async ownerRegisterCustomFlow(command) {
         if (command.vaultId.value !== this._deps.vaultId.value) {
@@ -344,13 +468,7 @@ export class VaultCore {
     }
     async _storeCustomFlowSecret(flow, alias, plaintext) {
         const actor = { kind: "owner", id: flow.ownerId };
-        const targetBindings = [{
-                kind: "site",
-                targetId: flow.flowId,
-                targetUrl: flow.targetUrl,
-                methods: [flow.method],
-                paths: [new URL(flow.targetUrl).pathname || "/"],
-            }];
+        const requestId = this._deps.ids.newRequestId("custom_flow_store");
         const existing = await this._deps.secrets.getByAlias({ value: alias });
         if (existing) {
             await this._appendAudit(toAuditEntry(this._deps, actor, AuditAction.REASSIGN_ALIAS, AuditOutcome.DENIED, "alias already bound to existing secret; explicit alias lifecycle required", {
@@ -362,11 +480,14 @@ export class VaultCore {
         const record = buildSecretRecord(this._deps, {
             kind: "owner.write_secret",
             vaultId: this._deps.vaultId,
-            requestId: this._deps.ids.newRequestId("custom_flow_store"),
+            requestId,
             owner: actor,
             alias,
             plaintext,
-            targetBindings,
+            source: {
+                kind: "request",
+                requestId,
+            },
             requestedAt: this._deps.clock.nowIso(),
         });
         try {
@@ -443,41 +564,6 @@ export class VaultCore {
             secretId: record.secretId.value,
         }));
     }
-    async ownerDefineSecretTargets(command) {
-        if (command.vaultId.value !== this._deps.vaultId.value) {
-            throw new VaultCoreError("write vault mismatch", "VAULT_WRITE_DENIED");
-        }
-        try {
-            await this._deps.policy.authorizeDefineSecretTargets(command);
-        }
-        catch (error) {
-            const detail = error instanceof Error ? error.message : String(error);
-            await this._appendAudit(toAuditEntry(this._deps, command.owner, AuditAction.DEFINE_SECRET_TARGETS, AuditOutcome.DENIED, detail, {
-                secretAlias: command.alias,
-            }));
-            throw error;
-        }
-        const existing = await this._deps.secrets.getByAlias({ value: command.alias });
-        if (!existing) {
-            const error = new VaultCoreError("secret not found", "VAULT_SECRET_NOT_FOUND");
-            await this._appendAudit(toAuditEntry(this._deps, command.owner, AuditAction.DEFINE_SECRET_TARGETS, AuditOutcome.DENIED, error.message, {
-                secretAlias: command.alias,
-            }));
-            throw error;
-        }
-        const nextRecord = {
-            ...existing,
-            targetBindings: [...command.targetBindings],
-            updatedAt: this._deps.clock.nowIso(),
-        };
-        await this._deps.secrets.save(nextRecord);
-        await this._appendAudit(toAuditEntry(this._deps, command.owner, AuditAction.DEFINE_SECRET_TARGETS, AuditOutcome.SUCCEEDED, "secret targets defined", {
-            requestId: command.requestId,
-            secretAlias: nextRecord.alias.value,
-            secretId: nextRecord.secretId.value,
-        }));
-        return nextRecord;
-    }
     async agentAuthorizeDispatch(request) {
         if (request.vaultId.value !== this._deps.vaultId.value) {
             throw new VaultCoreError("request vault mismatch", "VAULT_DISPATCH_DENIED");
@@ -492,7 +578,6 @@ export class VaultCore {
                 decision: "deny",
                 reason: "secret not found",
                 secretId: null,
-                executorTarget: null,
             };
         }
         try {
@@ -511,41 +596,44 @@ export class VaultCore {
         // DISCOVERY LOGIC: Find best matching capability
         const agentRecord = await this._deps.agentIdentities.get(this._deps.vaultId, request.agent.id);
         if (!agentRecord) {
-            return { vaultId: this._deps.vaultId, decision: "deny", reason: "agent not found", secretId: null, executorTarget: null };
+            return { vaultId: this._deps.vaultId, decision: "deny", reason: "agent not found", secretId: null };
         }
-        const capabilities = await this._deps.capabilities.list(this._deps.vaultId, request.agent.id);
+        const capabilities = (await this._deps.capabilityStates.list(this._deps.vaultId, request.agent.id))
+            .filter((state) => state.status === "GRANTED")
+            .map((state) => this._stateToGrantedCapability(state));
         const requestedCapabilityId = request.capability?.capabilityId;
         const candidateCapabilities = requestedCapabilityId
             ? capabilities.filter((cap) => cap.capabilityId === requestedCapabilityId)
             : capabilities;
         const capability = candidateCapabilities.find((cap) => this.isCapabilityMatch(cap, request, record?.secretId.value));
-        const executorTarget = record
-            ? record.targetBindings.find((binding) => binding.targetUrl === request.targetUrl)
-                ?? record.targetBindings.find((binding) => binding.targetId === request.targetUrl)
-                ?? null
-            : null;
         if (!capability) {
             // It's a discovery case if the agent and secret exist but no capability matches
             const pendingRecord = {
+                vaultId: this._deps.vaultId,
+                status: "PENDING",
+                source: "dispatch_discovery",
                 requestId: request.requestId,
                 agentId: request.agent.id,
                 capabilityId: undefined,
+                operation: "dispatch_http",
+                secretAliases: request.secretAlias ? [request.secretAlias] : [],
+                scope: request.targetUrl,
+                methods: [request.method],
+                requestedAt: request.requestedAt,
                 secretAlias: request.secretAlias ?? "unknown",
                 targetUrl: request.targetUrl,
-                method: request.method,
                 headers: request.headers,
                 body: request.body,
-                requestedAt: request.requestedAt,
                 proof: request.proof,
             };
-            await this._deps.pendingRequests.save(pendingRecord);
+            await this._deps.capabilityStates.upsert(pendingRecord);
             // Notify observers
-            for (const observer of this._pendingObservers) {
+            for (const observer of this._capabilityStateObservers) {
                 try {
                     observer(pendingRecord);
                 }
                 catch (error) {
-                    console.error("VaultCore: error in pending observer:", error);
+                    console.error("VaultCore: error in capability state observer:", error);
                 }
             }
             await this._appendDecisionAudit(request, AuditOutcome.PENDING, "dispatch stalled for manual discovery approval", {
@@ -557,7 +645,6 @@ export class VaultCore {
                 decision: "pending",
                 reason: "no matching capability found (discovery needed)",
                 secretId: record?.secretId ?? null,
-                executorTarget,
             };
         }
         try {
@@ -577,7 +664,6 @@ export class VaultCore {
                 decision: "deny",
                 reason: detail,
                 secretId: record?.secretId ?? null,
-                executorTarget,
             };
         }
         // Capability found, proceed
@@ -592,7 +678,6 @@ export class VaultCore {
             decision: "allow",
             reason: null,
             secretId: record?.secretId ?? null,
-            executorTarget,
             capability, // Expose the found capability for subsequent steps
         };
     }
@@ -705,7 +790,9 @@ export class VaultCore {
         return identities;
     }
     async ownerListCapabilities(actor, agentId, request) {
-        const capabilities = await this._deps.capabilities.list(this._deps.vaultId, agentId);
+        const capabilities = (await this._deps.capabilityStates.list(this._deps.vaultId, agentId))
+            .filter((state) => state.status === "GRANTED")
+            .map((state) => this._stateToGrantedCapability(state));
         await this._appendAudit(toAuditEntry(this._deps, actor, AuditAction.LIST_CAPABILITIES, AuditOutcome.ALLOWED, "capabilities listed", {
             requestId: request?.requestId,
             agentId,
@@ -722,7 +809,7 @@ export class VaultCore {
             secretId: record.secretId,
             alias: record.alias,
             issuerId: record.issuerId,
-            targetBindings: [...record.targetBindings],
+            source: record.source,
             createdAt: record.createdAt,
             updatedAt: record.updatedAt,
         }));
@@ -732,7 +819,7 @@ export class VaultCore {
             throw new VaultCoreError("read vault mismatch", "VAULT_READ_DENIED");
         }
         await this._verifyAgentControlProof(request, "list_capabilities");
-        return this._deps.capabilities.list(this._deps.vaultId, request.agent.id);
+        return this._buildAgentCapabilityStates(request.agent.id);
     }
     async agentListSecrets(request) {
         if (request.vaultId.value !== this._deps.vaultId.value) {
@@ -745,13 +832,25 @@ export class VaultCore {
         if (command.vaultId.value !== this._deps.vaultId.value) {
             throw new VaultCoreError("read vault mismatch", "VAULT_READ_DENIED");
         }
-        const capabilities = await this._deps.capabilities.list(this._deps.vaultId, command.agent.id);
+        await this._verifyAgentControlProof(command, "get_manifest");
+        const agentRecord = await this._deps.agentIdentities.get(this._deps.vaultId, command.agent.id);
+        if (!agentRecord) {
+            throw new VaultCoreError("agent identity not registered", "VAULT_DISPATCH_DENIED");
+        }
+        const capabilities = await this._buildAgentCapabilityStates(command.agent.id);
         const vaultNickname = "CBIO Vault"; // TODO: Pull from profile if available
         return {
             agentId: command.agent.id,
             vaultId: this._deps.vaultId.value,
             vaultNickname,
             issuedAt: this._deps.clock.nowIso(),
+            agent: {
+                agentId: agentRecord.agentId,
+                identityId: agentRecord.identityId,
+                publicKey: agentRecord.publicKey,
+                nickname: agentRecord.nickname,
+                metadata: agentRecord.metadata,
+            },
             capabilities,
             tools: getAgentToolbox(),
         };
@@ -778,7 +877,15 @@ export class VaultCore {
         });
     }
     async ownerRevokeCapability(command) {
-        await this._deps.policy.revokeCapability(command.vaultId, command.agentId, command.capabilityId);
+        const existing = await this._deps.capabilityStates.getByCapabilityId(command.vaultId, command.agentId, command.capabilityId);
+        if (!existing) {
+            throw new VaultCoreError("capability not found", "VAULT_CAPABILITY_NOT_FOUND");
+        }
+        await this._deps.capabilityStates.upsert({
+            ...existing,
+            status: "REJECTED",
+            decidedAt: this._deps.clock.nowIso(),
+        });
         await this._appendAudit(toAuditEntry(this._deps, command.owner, AuditAction.REVOKE_CAPABILITY, AuditOutcome.SUCCEEDED, "capability revoked", {
             requestId: command.requestId,
             agentId: command.agentId,
@@ -824,135 +931,39 @@ export class VaultCore {
         await this._deps.sessionTokens.revoke(request.token);
         await this._appendAudit(toAuditEntry(this._deps, request.actor, AuditAction.REVOKE_SESSION_TOKEN, AuditOutcome.SUCCEEDED, "session token revoked"));
     }
-    async ownerListPendingDispatches(command) {
+    async ownerListCapabilityStates(command) {
         if (command.vaultId.value !== this._deps.vaultId.value) {
             throw new VaultCoreError("read vault mismatch", "VAULT_READ_DENIED");
         }
-        return this._deps.pendingRequests.list(command.vaultId);
+        return (await this._deps.capabilityStates.list(command.vaultId, command.agentId))
+            .filter((state) => !command.status || state.status === command.status);
     }
-    async ownerListPendingCapabilityRequests(command) {
-        if (command.vaultId.value !== this._deps.vaultId.value) {
-            throw new VaultCoreError("read vault mismatch", "VAULT_READ_DENIED");
-        }
-        return this._deps.pendingCapabilityRequests.list(command.vaultId);
+    async ownerExecuteCapabilityStateOnce(command) {
+        return this._executePendingCapabilityState(command, "once");
     }
-    async ownerApproveCapabilityRequest(command) {
-        if (command.vaultId.value !== this._deps.vaultId.value) {
-            throw new VaultCoreError("write vault mismatch", "VAULT_WRITE_DENIED");
-        }
-        const pending = await this._deps.pendingCapabilityRequests.get(command.requestId);
-        if (!pending) {
-            throw new VaultCoreError("pending capability request not found", "VAULT_REQUEST_NOT_FOUND");
-        }
-        const capability = {
-            vaultId: this._deps.vaultId,
-            agentId: pending.agentId,
-            capabilityId: command.capabilityId ?? this._deps.ids.newCapabilityId(),
-            operation: pending.scope.operation,
-            secretAliases: pending.scope.secretAliases ? [...pending.scope.secretAliases] : [],
-            scope: pending.scope.scope,
-            methods: [...pending.scope.methods],
-            rateLimit: pending.scope.rateLimit,
-            skipAudit: pending.scope.skipAudit,
-            expiresAt: pending.scope.expiresAt,
-            issuedAt: this._deps.clock.nowIso(),
-        };
-        await this._deps.capabilities.register(capability);
-        await this._deps.pendingCapabilityRequests.delete(command.requestId);
-        await this._appendAudit(toAuditEntry(this._deps, command.owner, AuditAction.APPROVE_CAPABILITY_REQUEST, AuditOutcome.SUCCEEDED, `approved capability request ${command.requestId}`, {
-            requestId: command.requestId,
-            agentId: pending.agentId,
-            capabilityId: capability.capabilityId,
-            operation: capability.operation,
-        }));
-        return capability;
+    async ownerExecuteCapabilityStateAndGrant(command) {
+        return this._executePendingCapabilityState(command, "grant");
     }
-    async ownerRejectCapabilityRequest(command) {
+    async ownerRejectCapabilityState(command) {
         if (command.vaultId.value !== this._deps.vaultId.value) {
             throw new VaultCoreError("write vault mismatch", "VAULT_WRITE_DENIED");
         }
-        const pending = await this._deps.pendingCapabilityRequests.get(command.requestId);
-        if (!pending) {
-            throw new VaultCoreError("pending capability request not found", "VAULT_REQUEST_NOT_FOUND");
+        const pending = await this._deps.capabilityStates.getByRequestId(command.vaultId, command.requestId);
+        if (!pending || pending.status !== "PENDING") {
+            throw new VaultCoreError("pending capability state not found", "VAULT_REQUEST_NOT_FOUND");
         }
-        await this._deps.pendingCapabilityRequests.delete(command.requestId);
+        const rejectedState = {
+            ...pending,
+            status: "REJECTED",
+            decidedAt: this._deps.clock.nowIso(),
+        };
+        await this._deps.capabilityStates.upsert(rejectedState);
         await this._appendAudit(toAuditEntry(this._deps, command.owner, AuditAction.REJECT_CAPABILITY_REQUEST, AuditOutcome.SUCCEEDED, `rejected capability request ${command.requestId}`, {
             requestId: command.requestId,
             agentId: pending.agentId,
-            operation: pending.scope.operation,
-        }));
-    }
-    async ownerApproveDispatch(command) {
-        if (command.vaultId.value !== this._deps.vaultId.value) {
-            throw new VaultCoreError("write vault mismatch", "VAULT_WRITE_DENIED");
-        }
-        const pending = await this._deps.pendingRequests.get(command.requestId);
-        if (!pending) {
-            throw new VaultCoreError("pending request not found", "VAULT_REQUEST_NOT_FOUND");
-        }
-        const agentRecord = await this._deps.agentIdentities.get(this._deps.vaultId, pending.agentId);
-        if (!agentRecord) {
-            throw new VaultCoreError("agent identity not found", "VAULT_AGENT_NOT_FOUND");
-        }
-        let capability;
-        if (pending.capabilityId) {
-            const existing = await this._deps.capabilities.get(this._deps.vaultId, pending.agentId, pending.capabilityId);
-            if (!existing) {
-                throw new VaultCoreError("capability not found", "VAULT_CAPABILITY_NOT_FOUND");
-            }
-            capability = existing;
-        }
-        else {
-            // Discovery case: derive from request
-            const capabilityId = this._deps.ids.newCapabilityId();
-            capability = {
-                vaultId: this._deps.vaultId,
-                agentId: pending.agentId,
-                capabilityId,
-                secretAliases: [pending.secretAlias],
-                methods: [pending.method],
-                scope: pending.targetUrl,
-                operation: "dispatch_http",
-                issuedAt: this._deps.clock.nowIso(),
-                skipAudit: command.skipAudit ?? false,
-            };
-            if (command.permanent) {
-                await this._deps.capabilities.register(capability);
-            }
-        }
-        const result = await this.agentDispatchSecret({
-            vaultId: this._deps.vaultId,
-            agent: { kind: "agent", id: pending.agentId },
-            capability: capability,
-            secretAlias: pending.secretAlias === "unknown" ? undefined : pending.secretAlias,
-            targetUrl: pending.targetUrl,
-            method: pending.method,
-            headers: pending.headers,
-            body: pending.body,
-            proof: pending.proof,
-            requestId: pending.requestId,
-            requestedAt: pending.requestedAt,
-        });
-        await this._deps.pendingRequests.delete(command.requestId);
-        await this._appendAudit(toAuditEntry(this._deps, command.owner, AuditAction.APPROVE_DISPATCH, AuditOutcome.SUCCEEDED, `approved dispatch ${command.requestId}${command.permanent ? " and granted permanent capability" : ""}`, {
-            requestId: command.requestId,
-            agentId: pending.agentId,
-            capabilityId: capability.capabilityId,
-        }));
-        return result;
-    }
-    async ownerRejectDispatch(command) {
-        if (command.vaultId.value !== this._deps.vaultId.value) {
-            throw new VaultCoreError("write vault mismatch", "VAULT_WRITE_DENIED");
-        }
-        const pending = await this._deps.pendingRequests.get(command.requestId);
-        if (!pending) {
-            throw new VaultCoreError("pending request not found", "VAULT_REQUEST_NOT_FOUND");
-        }
-        await this._deps.pendingRequests.delete(command.requestId);
-        await this._appendAudit(toAuditEntry(this._deps, command.owner, AuditAction.REJECT_DISPATCH, AuditOutcome.SUCCEEDED, `rejected dispatch ${command.requestId}`, {
-            requestId: command.requestId,
+            operation: pending.operation,
         }));
+        return rejectedState;
     }
 }
 export function createVaultCore(deps) {