@the-ai-company/cbio-node-runtime 1.58.0 → 1.59.1

package/dist/vault-core/core.js

@@ -2,6 +2,7 @@ import { AuditAction, AuditOutcome, DispatchStatus, } from "./contracts.js";
 import { VaultCoreError } from "./errors.js";
 import { verifySignature } from "../protocol/crypto.js";
 import { getAgentToolbox } from "./tool-metadata.js";
+import { InMemoryRequestRecordRegistry } from "./defaults.js";
 const VAULT_MASTER_ID = "vault-master";
 function toAuditEntry(deps, actor, action, outcome, detail, options) {
     return {
@@ -98,12 +99,21 @@ export class VaultCore {
             vaultId: state.vaultId,
             capabilityId: state.capabilityId ?? "",
             agentId: state.agentId,
-            secretIds: state.secretIds ? [...state.secretIds] : undefined,
-            secretAliases: state.secretAliases ? [...state.secretAliases] : undefined,
             operation: state.operation,
             customFlowId: state.customFlowId,
-            scope: state.scope,
-            methods: [...state.methods],
+            write: {
+                secretIds: state.write.secretIds ? [...state.write.secretIds] : undefined,
+                scope: state.write.scope,
+                methods: [...state.write.methods],
+            },
+            read: state.actions.read.status === "APPROVED"
+                ? {
+                    mode: state.read.mode,
+                    paths: state.read.paths ? [...state.read.paths] : undefined,
+                }
+                : {
+                    mode: "none",
+                },
             issuedAt: state.issuedAt ?? state.requestedAt,
             expiresAt: state.expiresAt,
             rateLimit: state.rateLimit,
@@ -112,49 +122,68 @@ export class VaultCore {
     }
     async _buildAgentCapabilityStates(agentId) {
         return (await this._deps.capabilityStates.list(this._deps.vaultId, agentId)).map((state) => ({
-            status: state.status,
             source: state.source,
             agentId: state.agentId,
             requestId: state.requestId,
             capabilityId: state.capabilityId,
             operation: state.operation,
-            secretIds: state.secretIds ? [...state.secretIds] : undefined,
-            secretAliases: state.secretAliases ? [...state.secretAliases] : undefined,
             customFlowId: state.customFlowId,
-            scope: state.scope,
-            methods: [...state.methods],
+            write: {
+                secretIds: state.write.secretIds ? [...state.write.secretIds] : undefined,
+                scope: state.write.scope,
+                methods: [...state.write.methods],
+            },
+            read: {
+                mode: state.read.mode,
+                paths: state.read.paths ? [...state.read.paths] : undefined,
+            },
             issuedAt: state.issuedAt,
             requestedAt: state.requestedAt,
             expiresAt: state.expiresAt,
             rateLimit: state.rateLimit,
             skipAudit: state.skipAudit,
             justification: state.justification,
-            secretAlias: state.secretAlias,
+            secretId: state.secretId,
             targetUrl: state.targetUrl,
+            actions: {
+                write: { ...state.actions.write },
+                read: { ...state.actions.read },
+            },
         }));
     }
     _isExecutablePendingState(state) {
-        return !!(state.requestId && state.targetUrl && state.secretAlias && state.proof);
+        return !!(state.requestId && state.targetUrl && state.proof);
     }
     async _executePendingCapabilityState(command, mode) {
         if (command.vaultId.value !== this._deps.vaultId.value) {
             throw new VaultCoreError("write vault mismatch", "VAULT_WRITE_DENIED");
         }
         const pending = await this._deps.capabilityStates.getByRequestId(command.vaultId, command.requestId);
-        if (!pending || pending.status !== "PENDING") {
-            throw new VaultCoreError("pending capability state not found", "VAULT_REQUEST_NOT_FOUND");
+        if (!pending) {
+            throw new VaultCoreError("capability action record not found", "VAULT_REQUEST_NOT_FOUND");
+        }
+        if (pending.actions.write.status !== "APPROVED") {
+            throw new VaultCoreError("write approval required before execution", "VAULT_WRITE_DENIED");
+        }
+        if (mode === "once" && pending.source !== "dispatch_discovery") {
+            throw new VaultCoreError("one-time execution is only available for dispatch discovery requests", "VAULT_WRITE_DENIED");
         }
         const issuedAt = this._deps.clock.nowIso();
         const capability = {
             vaultId: this._deps.vaultId,
             agentId: pending.agentId,
             capabilityId: pending.capabilityId ?? this._deps.ids.newCapabilityId(),
-            secretIds: pending.secretIds ? [...pending.secretIds] : undefined,
-            secretAliases: pending.secretAliases ? [...pending.secretAliases] : (pending.secretAlias ? [pending.secretAlias] : []),
             operation: pending.operation,
             customFlowId: pending.customFlowId,
-            scope: pending.targetUrl ?? pending.scope,
-            methods: [...pending.methods],
+            write: {
+                secretIds: pending.write.secretIds ? [...pending.write.secretIds] : undefined,
+                scope: pending.targetUrl ?? pending.write.scope,
+                methods: [...pending.write.methods],
+            },
+            read: {
+                mode: pending.read.mode,
+                paths: pending.read.paths ? [...pending.read.paths] : undefined,
+            },
             issuedAt,
             expiresAt: pending.expiresAt,
             rateLimit: pending.rateLimit,
@@ -166,9 +195,9 @@ export class VaultCore {
                 vaultId: this._deps.vaultId,
                 agent: { kind: "agent", id: pending.agentId },
                 capability,
-                secretAlias: pending.secretAlias === "unknown" ? undefined : pending.secretAlias,
+                secretId: pending.secretId,
                 targetUrl: pending.targetUrl,
-                method: pending.methods[0] ?? "POST",
+                method: pending.write.methods[0] ?? "POST",
                 headers: pending.headers,
                 body: pending.body,
                 proof: pending.proof,
@@ -181,8 +210,8 @@ export class VaultCore {
                 vaultId: this._deps.vaultId,
                 requestId: pending.requestId ?? command.requestId,
                 status: DispatchStatus.SUCCEEDED,
-                targetUrl: pending.scope,
-                method: pending.methods[0] ?? "POST",
+                targetUrl: pending.write.scope,
+                method: pending.write.methods[0] ?? "POST",
             };
         }
         else {
@@ -192,26 +221,13 @@ export class VaultCore {
             await this._deps.capabilityStates.upsert({
                 ...pending,
                 capabilityId: capability.capabilityId,
-                status: "GRANTED",
                 source: "owner_grant",
                 issuedAt,
                 decidedAt: issuedAt,
             });
-            await this._appendAudit(toAuditEntry(this._deps, command.owner, AuditAction.APPROVE_CAPABILITY_REQUEST, AuditOutcome.SUCCEEDED, `executed and granted capability state ${command.requestId}`, {
-                requestId: command.requestId,
-                agentId: pending.agentId,
-                capabilityId: capability.capabilityId,
-                operation: capability.operation,
-            }));
         }
         else {
             await this._deps.capabilityStates.deleteByRequestId(command.vaultId, command.requestId);
-            await this._appendAudit(toAuditEntry(this._deps, command.owner, AuditAction.APPROVE_CAPABILITY_REQUEST, AuditOutcome.SUCCEEDED, `executed once and deleted capability state ${command.requestId}`, {
-                requestId: command.requestId,
-                agentId: pending.agentId,
-                capabilityId: capability.capabilityId,
-                operation: capability.operation,
-            }));
         }
         return result;
     }
@@ -233,8 +249,8 @@ export class VaultCore {
             capabilityId: request.capability?.capabilityId,
             operation: request.capability?.operation ?? AuditAction.AUTHORIZE_DISPATCH,
             targetUrl: request.targetUrl,
-            secretAlias: options?.secretAlias ?? request.secretAlias,
-            secretId: options?.secretId,
+            secretAlias: options?.secretAlias,
+            secretId: options?.secretId ?? request.secretId,
         }));
     }
     async _verifyAgentControlProof(request, action, payload = {}) {
@@ -265,26 +281,32 @@ export class VaultCore {
     }
     async _listVisibleSecretsForAgent(agentId) {
         const capabilities = (await this._deps.capabilityStates.list(this._deps.vaultId, agentId))
-            .filter((state) => state.status === "GRANTED")
+            .filter((state) => !!state.capabilityId && !!state.issuedAt && state.actions.write.status === "APPROVED")
             .map((state) => this._stateToGrantedCapability(state));
         const capabilityMap = new Map();
         for (const capability of capabilities) {
-            for (const alias of capability.secretAliases ?? []) {
-                const existing = capabilityMap.get(alias) ?? [];
+            for (const secretId of capability.write.secretIds ?? []) {
+                const existing = capabilityMap.get(secretId) ?? [];
                 existing.push({
                     capabilityId: capability.capabilityId,
-                    scope: capability.scope,
-                    methods: [...capability.methods],
+                    write: {
+                        secretIds: capability.write.secretIds ? [...capability.write.secretIds] : undefined,
+                        scope: capability.write.scope,
+                        methods: [...capability.write.methods],
+                    },
+                    read: {
+                        mode: capability.read.mode,
+                        paths: capability.read.paths ? [...capability.read.paths] : undefined,
+                    },
                 });
-                capabilityMap.set(alias, existing);
+                capabilityMap.set(secretId, existing);
             }
         }
         const records = await this._deps.secrets.list(this._deps.vaultId);
         return records.map((record) => {
-            const authorizedCapabilities = capabilityMap.get(record.alias.value) ?? [];
+            const authorizedCapabilities = capabilityMap.get(record.secretId.value) ?? [];
             return {
                 vaultId: record.vaultId,
-                secretId: record.secretId,
                 alias: record.alias,
                 issuerId: record.issuerId,
                 source: record.source,
@@ -295,6 +317,48 @@ export class VaultCore {
             };
         });
     }
+    async _recordRequestExecution(request, capability, result) {
+        await this._deps.requests.save({
+            vaultId: this._deps.vaultId,
+            requestId: request.requestId,
+            agentId: request.agent.id,
+            capabilityId: capability?.capabilityId,
+            operation: capability?.operation ?? "dispatch_http",
+            createdAt: this._deps.clock.nowIso(),
+            request: {
+                targetUrl: request.targetUrl,
+                method: request.method,
+                headers: request.headers,
+                body: request.body,
+                secretId: request.secretId,
+            },
+            response: {
+                status: result.responseStatus,
+                body: result.responseBody,
+                error: result.error,
+            },
+            execution: {
+                status: result.status,
+            },
+        });
+    }
+    toVisibleRequestRecord(record, state) {
+        const readStatus = state?.actions.read.status ?? "PENDING";
+        return {
+            requestId: record.requestId,
+            createdAt: record.createdAt,
+            capabilityId: record.capabilityId,
+            operation: record.operation,
+            targetUrl: record.request.targetUrl,
+            method: record.request.method,
+            executionStatus: record.execution.status,
+            responseStatus: record.response?.status,
+            error: record.response?.error,
+            readStatus,
+            hasResponseBody: typeof record.response?.body === "string" && record.response.body.length > 0,
+            resultVisible: readStatus === "APPROVED",
+        };
+    }
     ownerOnCapabilityState(callback) {
         this._capabilityStateObservers.add(callback);
         return () => {
@@ -365,10 +429,13 @@ export class VaultCore {
         try {
             await this._deps.capabilityStates.upsert({
                 ...command.capability,
-                status: "GRANTED",
                 source: "owner_grant",
                 requestId: undefined,
                 requestedAt: command.capability.issuedAt,
+                actions: {
+                    write: { action: "write", status: "APPROVED", decidedAt: command.capability.issuedAt },
+                    read: { action: "read", status: "APPROVED", decidedAt: command.capability.issuedAt },
+                },
             });
             await this._appendAudit(toAuditEntry(this._deps, command.owner, AuditAction.REGISTER_CAPABILITY, AuditOutcome.SUCCEEDED, `capability registered: ${command.capability.capabilityId}`, {
                 capabilityId: command.capability.capabilityId,
@@ -391,27 +458,36 @@ export class VaultCore {
         if (!command.agentId.trim()) {
             throw new VaultCoreError("capability request agent id required", "VAULT_IDENTITY_DENIED");
         }
-        if (!command.scope.scope.trim()) {
+        if (!command.capability.write.scope.trim()) {
             throw new VaultCoreError("capability request scope required", "VAULT_IDENTITY_DENIED");
         }
-        if (command.scope.methods.length === 0) {
+        if (command.capability.write.methods.length === 0) {
             throw new VaultCoreError("capability request method required", "VAULT_IDENTITY_DENIED");
         }
         const pendingRecord = {
             vaultId: this._deps.vaultId,
-            status: "PENDING",
             source: "explicit_request",
             requestId: command.requestId,
             agentId: command.agentId,
-            operation: command.scope.operation,
-            secretAliases: command.scope.secretAliases ? [...command.scope.secretAliases] : [],
-            scope: command.scope.scope,
-            methods: [...command.scope.methods],
-            rateLimit: command.scope.rateLimit,
-            skipAudit: command.scope.skipAudit,
-            expiresAt: command.scope.expiresAt,
+            operation: command.capability.operation,
+            write: {
+                secretIds: command.capability.write.secretIds ? [...command.capability.write.secretIds] : undefined,
+                scope: command.capability.write.scope,
+                methods: [...command.capability.write.methods],
+            },
+            read: {
+                mode: command.capability.read.mode,
+                paths: command.capability.read.paths ? [...command.capability.read.paths] : undefined,
+            },
+            rateLimit: command.capability.rateLimit,
+            skipAudit: command.capability.skipAudit,
+            expiresAt: command.capability.expiresAt,
             justification: command.justification,
             requestedAt: command.requestedAt,
+            actions: {
+                write: { action: "write", status: "PENDING" },
+                read: { action: "read", status: "PENDING" },
+            },
         };
         await this._deps.capabilityStates.upsert(pendingRecord);
         for (const observer of this._capabilityStateObservers) {
@@ -425,7 +501,7 @@ export class VaultCore {
         await this._appendAudit(toAuditEntry(this._deps, command.requester, AuditAction.SUBMIT_CAPABILITY_REQUEST, AuditOutcome.PENDING, `capability request submitted for agent: ${command.agentId}`, {
             requestId: command.requestId,
             agentId: command.agentId,
-            operation: command.scope.operation,
+            operation: command.capability.operation,
         }));
         return pendingRecord;
     }
@@ -434,17 +510,19 @@ export class VaultCore {
             throw new VaultCoreError("capability lookup vault mismatch", "VAULT_IDENTITY_DENIED");
         }
         const state = await this._deps.capabilityStates.getByCapabilityId(vaultId, agentId, capabilityId);
-        return state && state.status === "GRANTED" ? this._stateToGrantedCapability(state) : null;
+        return state && state.capabilityId && state.issuedAt && state.actions.write.status === "APPROVED"
+            ? this._stateToGrantedCapability(state)
+            : null;
     }
     async ownerRegisterCustomFlow(command) {
         if (command.vaultId.value !== this._deps.vaultId.value) {
-            throw new VaultCoreError("custom flow vault mismatch", "VAULT_IDENTITY_DENIED");
+            throw new VaultCoreError("request template vault mismatch", "VAULT_IDENTITY_DENIED");
         }
         if (!command.flow.flowId.trim()) {
-            throw new VaultCoreError("custom flow id required", "VAULT_IDENTITY_DENIED");
+            throw new VaultCoreError("request template id required", "VAULT_IDENTITY_DENIED");
         }
         if (command.flow.mode !== "send_secret" && !command.flow.responseSecret) {
-            throw new VaultCoreError("custom flow response secret rule required", "VAULT_IDENTITY_DENIED");
+            throw new VaultCoreError("request template response secret rule required", "VAULT_IDENTITY_DENIED");
         }
         try {
             await this._deps.customFlows.register({
@@ -458,7 +536,7 @@ export class VaultCore {
                 responseSecret: command.flow.responseSecret,
                 createdAt: this._deps.clock.nowIso(),
             });
-            await this._appendAudit(toAuditEntry(this._deps, command.owner, AuditAction.REGISTER_CUSTOM_FLOW, AuditOutcome.SUCCEEDED, `custom http flow registered: ${command.flow.flowId}`));
+            await this._appendAudit(toAuditEntry(this._deps, command.owner, AuditAction.REGISTER_CUSTOM_FLOW, AuditOutcome.SUCCEEDED, `request template registered: ${command.flow.flowId}`));
         }
         catch (error) {
             const detail = error instanceof Error ? error.message : String(error);
@@ -493,7 +571,7 @@ export class VaultCore {
         try {
             await this._deps.custody.store(record.secretId, plaintext);
             await this._deps.secrets.save(record);
-            await this._appendAudit(toAuditEntry(this._deps, actor, AuditAction.WRITE_SECRET, AuditOutcome.SUCCEEDED, `custom flow stored secret: ${alias}`, {
+            await this._appendAudit(toAuditEntry(this._deps, actor, AuditAction.WRITE_SECRET, AuditOutcome.SUCCEEDED, `request template stored secret: ${alias}`, {
                 secretAlias: record.alias.value,
                 secretId: record.secretId.value,
             }));
@@ -568,10 +646,10 @@ export class VaultCore {
         if (request.vaultId.value !== this._deps.vaultId.value) {
             throw new VaultCoreError("request vault mismatch", "VAULT_DISPATCH_DENIED");
         }
-        const record = request.secretAlias
-            ? await this._deps.secrets.getByAlias({ value: request.secretAlias })
+        const record = request.secretId
+            ? await this._deps.secrets.getById({ value: request.secretId })
             : null;
-        if (request.secretAlias && !record) {
+        if (request.secretId && !record) {
             await this._appendDecisionAudit(request, AuditOutcome.DENIED, "secret not found");
             return {
                 vaultId: this._deps.vaultId,
@@ -588,7 +666,7 @@ export class VaultCore {
         catch (error) {
             const detail = error instanceof Error ? error.message : String(error);
             await this._appendDecisionAudit(request, AuditOutcome.DENIED, detail, {
-                secretAlias: record?.alias.value ?? request.secretAlias,
+                secretAlias: record?.alias.value,
                 secretId: record?.secretId.value,
             });
             throw error;
@@ -599,7 +677,7 @@ export class VaultCore {
             return { vaultId: this._deps.vaultId, decision: "deny", reason: "agent not found", secretId: null };
         }
         const capabilities = (await this._deps.capabilityStates.list(this._deps.vaultId, request.agent.id))
-            .filter((state) => state.status === "GRANTED")
+            .filter((state) => !!state.capabilityId && !!state.issuedAt && state.actions.write.status === "APPROVED")
             .map((state) => this._stateToGrantedCapability(state));
         const requestedCapabilityId = request.capability?.capabilityId;
         const candidateCapabilities = requestedCapabilityId
@@ -610,21 +688,29 @@ export class VaultCore {
             // It's a discovery case if the agent and secret exist but no capability matches
             const pendingRecord = {
                 vaultId: this._deps.vaultId,
-                status: "PENDING",
                 source: "dispatch_discovery",
                 requestId: request.requestId,
                 agentId: request.agent.id,
                 capabilityId: undefined,
                 operation: "dispatch_http",
-                secretAliases: request.secretAlias ? [request.secretAlias] : [],
-                scope: request.targetUrl,
-                methods: [request.method],
+                write: {
+                    secretIds: request.secretId ? [request.secretId] : undefined,
+                    scope: request.targetUrl,
+                    methods: [request.method],
+                },
+                read: {
+                    mode: "none",
+                },
                 requestedAt: request.requestedAt,
-                secretAlias: request.secretAlias ?? "unknown",
+                secretId: request.secretId,
                 targetUrl: request.targetUrl,
                 headers: request.headers,
                 body: request.body,
                 proof: request.proof,
+                actions: {
+                    write: { action: "write", status: "PENDING" },
+                    read: { action: "read", status: "PENDING" },
+                },
             };
             await this._deps.capabilityStates.upsert(pendingRecord);
             // Notify observers
@@ -637,7 +723,7 @@ export class VaultCore {
                 }
             }
             await this._appendDecisionAudit(request, AuditOutcome.PENDING, "dispatch stalled for manual discovery approval", {
-                secretAlias: record?.alias.value ?? request.secretAlias,
+                secretAlias: record?.alias.value,
                 secretId: record?.secretId.value,
             });
             return {
@@ -656,7 +742,7 @@ export class VaultCore {
         catch (error) {
             const detail = error instanceof Error ? error.message : String(error);
             await this._appendDecisionAudit(request, AuditOutcome.DENIED, detail, {
-                secretAlias: record?.alias.value ?? request.secretAlias,
+                secretAlias: record?.alias.value,
                 secretId: record?.secretId.value,
             });
             return {
@@ -669,7 +755,7 @@ export class VaultCore {
         // Capability found, proceed
         if (!capability.skipAudit) {
             await this._appendDecisionAudit(request, AuditOutcome.ALLOWED, "dispatch authorized", {
-                secretAlias: record?.alias.value ?? request.secretAlias,
+                secretAlias: record?.alias.value,
                 secretId: record?.secretId.value,
             });
         }
@@ -720,9 +806,11 @@ export class VaultCore {
             secretAlias: record.alias.value,
             secretId: record.secretId.value,
         }));
+        await this._recordRequestExecution(request, authorization.capability, result);
         return {
             ...result,
             vaultId: this._deps.vaultId,
+            responseBody: undefined,
         };
     }
     async ownerReadAudit(actor, query, request) {
@@ -766,18 +854,16 @@ export class VaultCore {
         }
     }
     isCapabilityMatch(capability, request, secretId) {
-        // Match either alias- or id-based capability grants when a secret is specified.
-        if (request.secretAlias) {
-            const aliasMatched = capability.secretAliases?.includes(request.secretAlias) ?? false;
-            const idMatched = secretId ? (capability.secretIds?.includes(secretId) ?? false) : false;
-            if (!aliasMatched && !idMatched) {
+        if (request.secretId) {
+            const idMatched = secretId ? (capability.write.secretIds?.includes(secretId) ?? false) : false;
+            if (!idMatched) {
                 return false;
             }
         }
-        if (request.method && capability.methods?.length > 0 && !capability.methods.includes(request.method)) {
+        if (request.method && capability.write.methods?.length > 0 && !capability.write.methods.includes(request.method)) {
             return false;
         }
-        if (capability.scope && !isScopeMatch(capability.scope, request.targetUrl)) {
+        if (capability.write.scope && !isScopeMatch(capability.write.scope, request.targetUrl)) {
             return false;
         }
         return true;
@@ -791,7 +877,7 @@ export class VaultCore {
     }
     async ownerListCapabilities(actor, agentId, request) {
         const capabilities = (await this._deps.capabilityStates.list(this._deps.vaultId, agentId))
-            .filter((state) => state.status === "GRANTED")
+            .filter((state) => !!state.capabilityId && !!state.issuedAt && state.actions.write.status === "APPROVED")
             .map((state) => this._stateToGrantedCapability(state));
         await this._appendAudit(toAuditEntry(this._deps, actor, AuditAction.LIST_CAPABILITIES, AuditOutcome.ALLOWED, "capabilities listed", {
             requestId: request?.requestId,
@@ -806,7 +892,6 @@ export class VaultCore {
         }));
         return records.map((record) => ({
             vaultId: record.vaultId,
-            secretId: record.secretId,
             alias: record.alias,
             issuerId: record.issuerId,
             source: record.source,
@@ -828,6 +913,35 @@ export class VaultCore {
         await this._verifyAgentControlProof(request, "list_secrets");
         return this._listVisibleSecretsForAgent(request.agent.id);
     }
+    async agentListRequests(request) {
+        if (request.vaultId.value !== this._deps.vaultId.value) {
+            throw new VaultCoreError("read vault mismatch", "VAULT_READ_DENIED");
+        }
+        await this._verifyAgentControlProof(request, "list_requests");
+        const records = await this._deps.requests.list(this._deps.vaultId, request.agent.id);
+        const states = await this._deps.capabilityStates.list(this._deps.vaultId, request.agent.id);
+        const stateByRequestId = new Map(states.filter((state) => state.requestId).map((state) => [state.requestId, state]));
+        return records.map((record) => this.toVisibleRequestRecord(record, stateByRequestId.get(record.requestId) ?? null));
+    }
+    async agentGetRequest(request) {
+        if (request.vaultId.value !== this._deps.vaultId.value) {
+            throw new VaultCoreError("read vault mismatch", "VAULT_READ_DENIED");
+        }
+        await this._verifyAgentControlProof(request, "read_request_result", { targetRequestId: request.targetRequestId });
+        const record = await this._deps.requests.get(this._deps.vaultId, request.targetRequestId);
+        if (!record || record.agentId !== request.agent.id) {
+            throw new VaultCoreError("request record not found", "VAULT_READ_DENIED");
+        }
+        const state = await this._deps.capabilityStates.getByRequestId(this._deps.vaultId, request.targetRequestId);
+        const readApproved = state?.actions.read.status === "APPROVED";
+        return {
+            requestId: record.requestId,
+            executionStatus: record.execution.status,
+            responseStatus: record.response?.status,
+            responseBody: readApproved ? record.response?.body : undefined,
+            error: record.response?.error,
+        };
+    }
     async agentGetRuntimeManifest(command) {
         if (command.vaultId.value !== this._deps.vaultId.value) {
             throw new VaultCoreError("read vault mismatch", "VAULT_READ_DENIED");
@@ -860,10 +974,9 @@ export class VaultCore {
             throw new VaultCoreError("write vault mismatch", "VAULT_WRITE_DENIED");
         }
         await this._verifyAgentControlProof(command, "submit_capability_request", {
-            scope: command.scope.scope,
-            methods: command.scope.methods,
-            operation: command.scope.operation,
-            secretAliases: command.scope.secretAliases ?? [],
+            write: command.capability.write,
+            read: command.capability.read,
+            operation: command.capability.operation,
             justification: command.justification ?? null,
         });
         return this.ownerSubmitCapabilityRequest({
@@ -871,7 +984,7 @@ export class VaultCore {
             requestId: command.requestId,
             requester: command.agent,
             agentId: command.agent.id,
-            scope: command.scope,
+            capability: command.capability,
             justification: command.justification,
             requestedAt: command.requestedAt,
         });
@@ -881,10 +994,14 @@ export class VaultCore {
         if (!existing) {
             throw new VaultCoreError("capability not found", "VAULT_CAPABILITY_NOT_FOUND");
         }
+        const decidedAt = this._deps.clock.nowIso();
         await this._deps.capabilityStates.upsert({
             ...existing,
-            status: "REJECTED",
-            decidedAt: this._deps.clock.nowIso(),
+            decidedAt,
+            actions: {
+                write: { action: "write", status: "REJECTED", decidedAt },
+                read: { action: "read", status: "REJECTED", decidedAt },
+            },
         });
         await this._appendAudit(toAuditEntry(this._deps, command.owner, AuditAction.REVOKE_CAPABILITY, AuditOutcome.SUCCEEDED, "capability revoked", {
             requestId: command.requestId,
@@ -936,29 +1053,110 @@ export class VaultCore {
             throw new VaultCoreError("read vault mismatch", "VAULT_READ_DENIED");
         }
         return (await this._deps.capabilityStates.list(command.vaultId, command.agentId))
-            .filter((state) => !command.status || state.status === command.status);
+            .filter((state) => !command.writeStatus || state.actions.write.status === command.writeStatus)
+            .filter((state) => !command.readStatus || state.actions.read.status === command.readStatus);
+    }
+    async ownerApproveCapabilityWrite(command) {
+        if (command.vaultId.value !== this._deps.vaultId.value) {
+            throw new VaultCoreError("write vault mismatch", "VAULT_WRITE_DENIED");
+        }
+        const pending = await this._deps.capabilityStates.getByRequestId(command.vaultId, command.requestId);
+        if (!pending) {
+            throw new VaultCoreError("capability action record not found", "VAULT_REQUEST_NOT_FOUND");
+        }
+        if (pending.actions.write.status !== "PENDING") {
+            throw new VaultCoreError("write approval not pending", "VAULT_WRITE_DENIED");
+        }
+        const decidedAt = this._deps.clock.nowIso();
+        const next = {
+            ...pending,
+            decidedAt,
+            actions: {
+                ...pending.actions,
+                write: {
+                    action: "write",
+                    status: "APPROVED",
+                    decidedAt,
+                },
+            },
+        };
+        await this._deps.capabilityStates.upsert(next);
+        await this._appendAudit(toAuditEntry(this._deps, command.owner, AuditAction.APPROVE_CAPABILITY_WRITE, AuditOutcome.SUCCEEDED, `approved write policy for capability request ${command.requestId}`, {
+            requestId: command.requestId,
+            agentId: pending.agentId,
+            operation: pending.operation,
+        }));
+        return next;
+    }
+    async ownerApproveCapabilityRead(command) {
+        if (command.vaultId.value !== this._deps.vaultId.value) {
+            throw new VaultCoreError("write vault mismatch", "VAULT_WRITE_DENIED");
+        }
+        const pending = await this._deps.capabilityStates.getByRequestId(command.vaultId, command.requestId);
+        if (!pending) {
+            throw new VaultCoreError("capability action record not found", "VAULT_REQUEST_NOT_FOUND");
+        }
+        if (pending.actions.write.status !== "APPROVED") {
+            throw new VaultCoreError("write approval required before read approval", "VAULT_WRITE_DENIED");
+        }
+        if (pending.actions.read.status !== "PENDING") {
+            throw new VaultCoreError("read approval not pending", "VAULT_WRITE_DENIED");
+        }
+        const decidedAt = this._deps.clock.nowIso();
+        const next = {
+            ...pending,
+            decidedAt,
+            actions: {
+                ...pending.actions,
+                read: {
+                    action: "read",
+                    status: "APPROVED",
+                    decidedAt,
+                },
+            },
+        };
+        await this._deps.capabilityStates.upsert(next);
+        await this._appendAudit(toAuditEntry(this._deps, command.owner, AuditAction.APPROVE_CAPABILITY_READ, AuditOutcome.SUCCEEDED, `approved read policy for capability request ${command.requestId}`, {
+            requestId: command.requestId,
+            agentId: pending.agentId,
+            operation: pending.operation,
+        }));
+        return next;
     }
-    async ownerExecuteCapabilityStateOnce(command) {
+    async ownerAllowOnce(command) {
         return this._executePendingCapabilityState(command, "once");
     }
-    async ownerExecuteCapabilityStateAndGrant(command) {
+    async ownerAllowAlways(command) {
         return this._executePendingCapabilityState(command, "grant");
     }
-    async ownerRejectCapabilityState(command) {
+    async ownerDeny(command) {
         if (command.vaultId.value !== this._deps.vaultId.value) {
             throw new VaultCoreError("write vault mismatch", "VAULT_WRITE_DENIED");
         }
         const pending = await this._deps.capabilityStates.getByRequestId(command.vaultId, command.requestId);
-        if (!pending || pending.status !== "PENDING") {
-            throw new VaultCoreError("pending capability state not found", "VAULT_REQUEST_NOT_FOUND");
+        if (!pending) {
+            throw new VaultCoreError("capability action record not found", "VAULT_REQUEST_NOT_FOUND");
+        }
+        const decidedAt = this._deps.clock.nowIso();
+        const rejectWrite = pending.actions.write.status === "PENDING";
+        const rejectRead = !rejectWrite && pending.actions.read.status === "PENDING";
+        if (!rejectWrite && !rejectRead) {
+            throw new VaultCoreError("no capability action approval is pending", "VAULT_WRITE_DENIED");
         }
         const rejectedState = {
             ...pending,
-            status: "REJECTED",
-            decidedAt: this._deps.clock.nowIso(),
+            decidedAt,
+            actions: {
+                write: rejectWrite
+                    ? { action: "write", status: "REJECTED", decidedAt }
+                    : { ...pending.actions.write },
+                read: rejectRead
+                    ? { action: "read", status: "REJECTED", decidedAt }
+                    : { ...pending.actions.read },
+            },
         };
         await this._deps.capabilityStates.upsert(rejectedState);
-        await this._appendAudit(toAuditEntry(this._deps, command.owner, AuditAction.REJECT_CAPABILITY_REQUEST, AuditOutcome.SUCCEEDED, `rejected capability request ${command.requestId}`, {
+        await this._appendAudit(toAuditEntry(this._deps, command.owner, rejectWrite ? AuditAction.REJECT_CAPABILITY_WRITE : AuditAction.REJECT_CAPABILITY_READ, AuditOutcome.SUCCEEDED, `rejected capability request ${command.requestId}`, {
             requestId: command.requestId,
             agentId: pending.agentId,
             operation: pending.operation,
@@ -967,6 +1165,9 @@ export class VaultCore {
     }
 }
 export function createVaultCore(deps) {
-    return new VaultCore(deps);
+    return new VaultCore({
+        ...deps,
+        requests: deps.requests ?? new InMemoryRequestRecordRegistry(),
+    });
 }
 //# sourceMappingURL=core.js.map