npm - @the-ai-company/cbio-node-runtime - Versions diffs - 1.58.0 → 1.59.1 - Mend

@the-ai-company/cbio-node-runtime 1.58.0 → 1.59.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (135) hide show

package/dist/vault-core/contracts.d.ts CHANGED Viewed

@@ -144,16 +144,23 @@ export interface OwnerRevokeCapabilityCommand {
     capabilityId: string;
     requestedAt: string;
 }
+export interface CapabilityWritePolicy {
+    secretIds?: readonly string[];
+    scope: string;
+    methods: readonly string[];
+}
+export interface CapabilityReadPolicy {
+    mode: "none" | "shape_only" | "full" | "custom";
+    paths?: readonly string[];
+}
 export interface AgentCapability {
     vaultId: VaultId;
     capabilityId: string;
     agentId: string;
-    secretIds?: readonly string[];
-    secretAliases?: readonly string[];
     operation: "dispatch_http" | "custom_http";
     customFlowId?: string;
-    scope: string;
-    methods: readonly string[];
+    write: CapabilityWritePolicy;
+    read: CapabilityReadPolicy;
     issuedAt: string;
     expiresAt?: string;
     revocationVersion?: number;
@@ -172,7 +179,6 @@ export interface AgentProof {
 }
 export interface AgentVisibleSecretRecord {
     vaultId: VaultId;
-    secretId: SecretId;
     alias: SecretAlias;
     issuerId: string | null;
     source: SecretSource;
@@ -181,8 +187,8 @@ export interface AgentVisibleSecretRecord {
     isAuthorizedForAgent?: boolean;
     authorizedCapabilities?: readonly {
         capabilityId: string;
-        scope: string;
-        methods: readonly string[];
+        write: CapabilityWritePolicy;
+        read: CapabilityReadPolicy;
     }[];
 }
 export interface AgentGetRuntimeManifestRequest {
@@ -209,20 +215,23 @@ export interface AgentSelfContext {
     nickname?: string;
     metadata?: Record<string, any>;
 }
-export type AgentCapabilityStateStatus = "GRANTED" | "PENDING" | "REJECTED";
 export type AgentCapabilityStateSource = "owner_grant" | "explicit_request" | "dispatch_discovery";
+export type CapabilityApprovalStatus = "PENDING" | "APPROVED" | "REJECTED";
+export type CapabilityActionKind = "write" | "read";
+export interface CapabilityActionState {
+    action: CapabilityActionKind;
+    status: CapabilityApprovalStatus;
+    decidedAt?: string;
+}
 export interface AgentCapabilityState {
-    status: AgentCapabilityStateStatus;
     source: AgentCapabilityStateSource;
     agentId: string;
     requestId?: string;
     capabilityId?: string;
     operation: "dispatch_http" | "custom_http";
-    secretIds?: readonly string[];
-    secretAliases?: readonly string[];
     customFlowId?: string;
-    scope: string;
-    methods: readonly string[];
+    write: CapabilityWritePolicy;
+    read: CapabilityReadPolicy;
     issuedAt?: string;
     requestedAt: string;
     expiresAt?: string;
@@ -232,8 +241,12 @@ export interface AgentCapabilityState {
     };
     skipAudit?: boolean;
     justification?: string;
-    secretAlias?: string;
+    secretId?: string;
     targetUrl?: string;
+    actions: {
+        write: CapabilityActionState;
+        read: CapabilityActionState;
+    };
 }
 export interface CapabilityStateRecord extends AgentCapabilityState {
     vaultId: VaultId;
@@ -251,6 +264,44 @@ export interface AgentRuntimeManifest {
     capabilities: readonly AgentCapabilityState[];
     tools: readonly VaultToolDefinition[];
 }
+export interface RequestRecord {
+    vaultId: VaultId;
+    requestId: string;
+    agentId: string;
+    capabilityId?: string;
+    operation: "dispatch_http" | "custom_http";
+    createdAt: string;
+    request: {
+        targetUrl: string;
+        method: string;
+        headers?: Record<string, string>;
+        body?: string;
+        secretId?: string;
+    };
+    response?: {
+        status?: number;
+        headers?: Record<string, string>;
+        body?: string;
+        error?: string;
+    };
+    execution: {
+        status: DispatchStatus;
+    };
+}
+export interface AgentVisibleRequestRecord {
+    requestId: string;
+    createdAt: string;
+    capabilityId?: string;
+    operation: "dispatch_http" | "custom_http";
+    targetUrl: string;
+    method: string;
+    executionStatus: DispatchStatus;
+    responseStatus?: number;
+    error?: string;
+    readStatus: CapabilityApprovalStatus;
+    hasResponseBody: boolean;
+    resultVisible: boolean;
+}
 export interface VaultToolDefinition {
     name: string;
     description: string;
@@ -274,6 +325,25 @@ export interface AgentListSecretsRequest {
     };
     proof: AgentProof;
 }
+export interface AgentListRequestsRequest {
+    vaultId: VaultId;
+    requestId: string;
+    requestedAt: string;
+    agent: VaultPrincipal & {
+        kind: "agent";
+    };
+    proof: AgentProof;
+}
+export interface AgentGetRequestRequest {
+    vaultId: VaultId;
+    requestId: string;
+    requestedAt: string;
+    agent: VaultPrincipal & {
+        kind: "agent";
+    };
+    proof: AgentProof;
+    targetRequestId: string;
+}
 export interface AgentSubmitCapabilityRequestCommand {
     vaultId: VaultId;
     requestId: string;
@@ -282,14 +352,14 @@ export interface AgentSubmitCapabilityRequestCommand {
         kind: "agent";
     };
     proof: AgentProof;
-    scope: CapabilityRequestScope;
+    capability: CapabilityRequestScope;
+    secretAliases?: readonly string[];
     justification?: string;
 }
 export interface CapabilityRequestScope {
     operation: "dispatch_http" | "custom_http";
-    secretAliases?: readonly string[];
-    scope: string;
-    methods: readonly string[];
+    write: CapabilityWritePolicy;
+    read: CapabilityReadPolicy;
     rateLimit?: {
         maxRequests: number;
         windowMs: number;
@@ -302,7 +372,7 @@ export interface SubmitCapabilityRequestCommand {
     requestId: string;
     requester: VaultPrincipal;
     agentId: string;
-    scope: CapabilityRequestScope;
+    capability: CapabilityRequestScope;
     justification?: string;
     requestedAt: string;
 }
@@ -310,14 +380,30 @@ export interface OwnerListCapabilityStatesRequest {
     vaultId: VaultId;
     owner: VaultPrincipal;
     agentId?: string;
-    status?: AgentCapabilityStateStatus;
+    writeStatus?: CapabilityApprovalStatus;
+    readStatus?: CapabilityApprovalStatus;
+}
+export interface OwnerAllowOnceCommand {
+    vaultId: VaultId;
+    requestId: string;
+    owner: VaultPrincipal;
 }
-export interface OwnerExecuteCapabilityStateCommand {
+export interface OwnerApproveCapabilityWriteCommand {
     vaultId: VaultId;
     requestId: string;
     owner: VaultPrincipal;
 }
-export interface OwnerRejectCapabilityStateCommand {
+export interface OwnerApproveCapabilityReadCommand {
+    vaultId: VaultId;
+    requestId: string;
+    owner: VaultPrincipal;
+}
+export interface OwnerAllowAlwaysCommand {
+    vaultId: VaultId;
+    requestId: string;
+    owner: VaultPrincipal;
+}
+export interface OwnerDenyCommand {
     vaultId: VaultId;
     requestId: string;
     owner: VaultPrincipal;
@@ -332,6 +418,7 @@ export interface DispatchRequest {
     capability?: AgentCapability;
     proof: AgentProof;
     secretAlias?: string;
+    secretId?: string;
     targetUrl: string;
     method: string;
     headers?: Record<string, string>;
@@ -371,6 +458,13 @@ export interface DispatchResult {
     responseBody?: string;
     error?: string;
 }
+export interface AgentRequestResult {
+    requestId: string;
+    executionStatus: DispatchStatus;
+    responseStatus?: number;
+    responseBody?: string;
+    error?: string;
+}
 export interface AuditQuery {
     actorId?: string;
     secretAlias?: string;
@@ -383,8 +477,10 @@ export declare enum AuditAction {
     REGISTER_CUSTOM_FLOW = "REGISTER_CUSTOM_FLOW",
     REGISTER_CAPABILITY = "REGISTER_CAPABILITY",
     SUBMIT_CAPABILITY_REQUEST = "SUBMIT_CAPABILITY_REQUEST",
-    APPROVE_CAPABILITY_REQUEST = "APPROVE_CAPABILITY_REQUEST",
-    REJECT_CAPABILITY_REQUEST = "REJECT_CAPABILITY_REQUEST",
+    APPROVE_CAPABILITY_WRITE = "APPROVE_CAPABILITY_WRITE",
+    APPROVE_CAPABILITY_READ = "APPROVE_CAPABILITY_READ",
+    REJECT_CAPABILITY_WRITE = "REJECT_CAPABILITY_WRITE",
+    REJECT_CAPABILITY_READ = "REJECT_CAPABILITY_READ",
     REVOKE_CAPABILITY = "REVOKE_CAPABILITY",
     WRITE_SECRET = "WRITE_SECRET",
     EXPORT_SECRET = "EXPORT_SECRET",

package/dist/vault-core/contracts.js CHANGED Viewed

@@ -13,8 +13,10 @@ export var AuditAction;
     AuditAction["REGISTER_CUSTOM_FLOW"] = "REGISTER_CUSTOM_FLOW";
     AuditAction["REGISTER_CAPABILITY"] = "REGISTER_CAPABILITY";
     AuditAction["SUBMIT_CAPABILITY_REQUEST"] = "SUBMIT_CAPABILITY_REQUEST";
-    AuditAction["APPROVE_CAPABILITY_REQUEST"] = "APPROVE_CAPABILITY_REQUEST";
-    AuditAction["REJECT_CAPABILITY_REQUEST"] = "REJECT_CAPABILITY_REQUEST";
+    AuditAction["APPROVE_CAPABILITY_WRITE"] = "APPROVE_CAPABILITY_WRITE";
+    AuditAction["APPROVE_CAPABILITY_READ"] = "APPROVE_CAPABILITY_READ";
+    AuditAction["REJECT_CAPABILITY_WRITE"] = "REJECT_CAPABILITY_WRITE";
+    AuditAction["REJECT_CAPABILITY_READ"] = "REJECT_CAPABILITY_READ";
     AuditAction["REVOKE_CAPABILITY"] = "REVOKE_CAPABILITY";
     AuditAction["WRITE_SECRET"] = "WRITE_SECRET";
     AuditAction["EXPORT_SECRET"] = "EXPORT_SECRET";

package/dist/vault-core/contracts.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"contracts.js","sourceRoot":"","sources":["../../src/vault-core/contracts.ts"],"names":[],"mappings":"~~AAyXA~~,MAAM,CAAN,IAAY,cAMX;AAND,WAAY,cAAc;IACxB,yCAAuB,CAAA;IACvB,mCAAiB,CAAA;IACjB,mCAAiB,CAAA;IACjB,qCAAmB,CAAA;IACnB,qCAAmB,CAAA;AACrB,CAAC,EANW,cAAc,KAAd,cAAc,QAMzB;~~AAoBD~~,MAAM,CAAN,IAAY,~~WAuBX~~;~~AAvBD~~,WAAY,WAAW;IACrB,kEAAmD,CAAA;IACnD,8DAA+C,CAAA;IAC/C,4DAA6C,CAAA;IAC7C,0DAA2C,CAAA;IAC3C,sEAAuD,CAAA;IACvD,~~wEAAyD~~,CAAA;~~IACzD~~,~~sEAAuD~~,CAAA;~~IACvD~~,sDAAuC,CAAA;IACvC,4CAA6B,CAAA;IAC7B,8CAA+B,CAAA;IAC/B,gDAAiC,CAAA;IACjC,8CAA+B,CAAA;IAC/B,wDAAyC,CAAA;IACzC,kDAAmC,CAAA;IACnC,0CAA2B,CAAA;IAC3B,sDAAuC,CAAA;IACvC,wCAAyB,CAAA;IACzB,0DAA2C,CAAA;IAC3C,4DAA6C,CAAA;IAC7C,oDAAqC,CAAA;IACrC,kDAAmC,CAAA;IACnC,gDAAiC,CAAA;AACnC,CAAC,~~EAvBW~~,WAAW,KAAX,WAAW,~~QAuBtB~~;AAED,MAAM,CAAN,IAAY,YAMX;AAND,WAAY,YAAY;IACtB,mCAAmB,CAAA;IACnB,iCAAiB,CAAA;IACjB,uCAAuB,CAAA;IACvB,iCAAiB,CAAA;IACjB,mCAAmB,CAAA;AACrB,CAAC,EANW,YAAY,KAAZ,YAAY,QAMvB"}
1	+ {"version":3,"file":"contracts.js","sourceRoot":"","sources":["../../src/vault-core/contracts.ts"],"names":[],"mappings":"AAsdA,MAAM,CAAN,IAAY,cAMX;AAND,WAAY,cAAc;IACxB,yCAAuB,CAAA;IACvB,mCAAiB,CAAA;IACjB,mCAAiB,CAAA;IACjB,qCAAmB,CAAA;IACnB,qCAAmB,CAAA;AACrB,CAAC,EANW,cAAc,KAAd,cAAc,QAMzB;AA4BD,MAAM,CAAN,IAAY,WAyBX;AAzBD,WAAY,WAAW;IACrB,kEAAmD,CAAA;IACnD,8DAA+C,CAAA;IAC/C,4DAA6C,CAAA;IAC7C,0DAA2C,CAAA;IAC3C,sEAAuD,CAAA;IACvD,oEAAqD,CAAA;IACrD,kEAAmD,CAAA;IACnD,kEAAmD,CAAA;IACnD,gEAAiD,CAAA;IACjD,sDAAuC,CAAA;IACvC,4CAA6B,CAAA;IAC7B,8CAA+B,CAAA;IAC/B,gDAAiC,CAAA;IACjC,8CAA+B,CAAA;IAC/B,wDAAyC,CAAA;IACzC,kDAAmC,CAAA;IACnC,0CAA2B,CAAA;IAC3B,sDAAuC,CAAA;IACvC,wCAAyB,CAAA;IACzB,0DAA2C,CAAA;IAC3C,4DAA6C,CAAA;IAC7C,oDAAqC,CAAA;IACrC,kDAAmC,CAAA;IACnC,gDAAiC,CAAA;AACnC,CAAC,EAzBW,WAAW,KAAX,WAAW,QAyBtB;AAED,MAAM,CAAN,IAAY,YAMX;AAND,WAAY,YAAY;IACtB,mCAAmB,CAAA;IACnB,iCAAiB,CAAA;IACjB,uCAAuB,CAAA;IACvB,iCAAiB,CAAA;IACjB,mCAAmB,CAAA;AACrB,CAAC,EANW,YAAY,KAAZ,YAAY,QAMvB"}

package/dist/vault-core/core.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import type { AgentListCapabilitiesRequest, AgentListSecretsRequest, AgentGetRuntimeManifestRequest, AgentRuntimeManifest, AgentSubmitCapabilityRequestCommand, AgentVisibleSecretRecord, AuditEntry, AuditQuery, CustomHttpFlowDefinition, DispatchAuthorization, DispatchRequest, DispatchResult, OwnerExecuteCapabilityStateCommand, OwnerIssueSessionTokenRequest, OwnerRejectCapabilityStateCommand, OwnerDeleteSecretCommand, OwnerExportSecretRequest, OwnerRegisterAgentIdentityCommand, OwnerUpdateAgentIdentityCommand, OwnerRegisterCapabilityCommand, OwnerRegisterCustomHttpFlowCommand, OwnerRevokeCapabilityCommand, OwnerListAgentsRequest, OwnerListCapabilitiesRequest, OwnerListCapabilityStatesRequest, OwnerSecretExport, OwnerSessionToken, SecretRecord, SubmitCapabilityRequestCommand, VaultId, VaultPrincipal, VaultWriteSecretCommand, AgentIdentityRecord, AgentCapability, CapabilityStateRecord } from "./contracts.js";
+import type { AgentListCapabilitiesRequest, AgentListSecretsRequest, AgentListRequestsRequest, AgentGetRequestRequest, AgentRequestResult, AgentGetRuntimeManifestRequest, AgentRuntimeManifest, AgentSubmitCapabilityRequestCommand, AgentVisibleRequestRecord, AgentVisibleSecretRecord, AuditEntry, AuditQuery, CustomHttpFlowDefinition, DispatchAuthorization, DispatchRequest, DispatchResult, OwnerAllowAlwaysCommand, OwnerAllowOnceCommand, OwnerIssueSessionTokenRequest, OwnerDenyCommand, OwnerDeleteSecretCommand, OwnerExportSecretRequest, OwnerRegisterAgentIdentityCommand, OwnerUpdateAgentIdentityCommand, OwnerRegisterCapabilityCommand, OwnerRegisterCustomHttpFlowCommand, OwnerRevokeCapabilityCommand, OwnerListAgentsRequest, OwnerListCapabilitiesRequest, OwnerListCapabilityStatesRequest, OwnerSecretExport, OwnerSessionToken, SecretRecord, SubmitCapabilityRequestCommand, VaultId, VaultPrincipal, VaultWriteSecretCommand, AgentIdentityRecord, AgentCapability, CapabilityStateRecord } from "./contracts.js";
 import type { VaultCoreDependencies } from "./ports.js";
 /**
  * The Sovereign Vault Core.
@@ -18,6 +18,8 @@ export declare class VaultCore {
     private _appendDecisionAudit;
     private _verifyAgentControlProof;
     private _listVisibleSecretsForAgent;
+    private _recordRequestExecution;
+    private toVisibleRequestRecord;
     ownerOnCapabilityState(callback: (record: CapabilityStateRecord) => void): () => void;
     ownerRegisterAgentIdentity(command: OwnerRegisterAgentIdentityCommand): Promise<void>;
     ownerUpdateAgentIdentity(command: OwnerUpdateAgentIdentityCommand): Promise<AgentIdentityRecord>;
@@ -50,6 +52,8 @@ export declare class VaultCore {
     }): Promise<readonly AgentVisibleSecretRecord[]>;
     agentListCapabilities(request: AgentListCapabilitiesRequest): Promise<readonly import("./contracts.js").AgentCapabilityState[]>;
     agentListSecrets(request: AgentListSecretsRequest): Promise<readonly AgentVisibleSecretRecord[]>;
+    agentListRequests(request: AgentListRequestsRequest): Promise<readonly AgentVisibleRequestRecord[]>;
+    agentGetRequest(request: AgentGetRequestRequest): Promise<AgentRequestResult>;
     agentGetRuntimeManifest(command: AgentGetRuntimeManifestRequest): Promise<AgentRuntimeManifest>;
     agentSubmitCapabilityRequest(command: AgentSubmitCapabilityRequestCommand): Promise<CapabilityStateRecord>;
     ownerRevokeCapability(command: OwnerRevokeCapabilityCommand): Promise<void>;
@@ -65,8 +69,10 @@ export declare class VaultCore {
         token: string;
     }): Promise<void>;
     ownerListCapabilityStates(command: OwnerListCapabilityStatesRequest): Promise<readonly CapabilityStateRecord[]>;
-    ownerExecuteCapabilityStateOnce(command: OwnerExecuteCapabilityStateCommand): Promise<DispatchResult>;
-    ownerExecuteCapabilityStateAndGrant(command: OwnerExecuteCapabilityStateCommand): Promise<DispatchResult>;
-    ownerRejectCapabilityState(command: OwnerRejectCapabilityStateCommand): Promise<CapabilityStateRecord>;
+    ownerApproveCapabilityWrite(command: import("./contracts.js").OwnerApproveCapabilityWriteCommand): Promise<CapabilityStateRecord>;
+    ownerApproveCapabilityRead(command: import("./contracts.js").OwnerApproveCapabilityReadCommand): Promise<CapabilityStateRecord>;
+    ownerAllowOnce(command: OwnerAllowOnceCommand): Promise<DispatchResult>;
+    ownerAllowAlways(command: OwnerAllowAlwaysCommand): Promise<DispatchResult>;
+    ownerDeny(command: OwnerDenyCommand): Promise<CapabilityStateRecord>;
 }
 export declare function createVaultCore(deps: VaultCoreDependencies): VaultCore;