@the-ai-company/cbio-node-runtime 1.58.0 → 1.60.0

package/dist/vault-core/core.js

@@ -2,6 +2,7 @@ import { AuditAction, AuditOutcome, DispatchStatus, } from "./contracts.js";
 import { VaultCoreError } from "./errors.js";
 import { verifySignature } from "../protocol/crypto.js";
 import { getAgentToolbox } from "./tool-metadata.js";
+import { InMemoryRequestRecordRegistry } from "./defaults.js";
 const VAULT_MASTER_ID = "vault-master";
 function toAuditEntry(deps, actor, action, outcome, detail, options) {
     return {
@@ -21,22 +22,32 @@ function toAuditEntry(deps, actor, action, outcome, detail, options) {
         agentId: options?.agentId,
     };
 }
-function buildSecretRecord(deps, command) {
+function buildSecretRecord(deps, command, previousRecord) {
     const now = deps.clock.nowIso();
     const source = command.source?.kind === "request" && command.source.requestId
         ? { kind: "request", requestId: command.source.requestId }
         : { kind: "manual" };
+    const previousVersion = previousRecord ? Number.parseInt(previousRecord.version.value, 10) : 0;
+    const nextVersion = Number.isFinite(previousVersion) ? previousVersion + 1 : 1;
     return {
         vaultId: deps.vaultId,
         secretId: deps.ids.newSecretId(),
         alias: { value: command.alias },
-        version: deps.ids.newVersion(),
+        version: { value: String(nextVersion) },
+        lifecycleStatus: "ACTIVE",
+        previousSecretId: previousRecord?.secretId,
         issuerId: command.kind === "issuer.write_secret" ? command.issuerSiteId : null,
         source,
         createdAt: now,
         updatedAt: now,
     };
 }
+function isSecretActive(record) {
+    if (record.lifecycleStatus) {
+        return record.lifecycleStatus === "ACTIVE";
+    }
+    return !record.retiredAt;
+}
 function normalizeScopeTarget(targetUrl) {
     try {
         const parsed = new URL(targetUrl);
@@ -98,12 +109,21 @@ export class VaultCore {
             vaultId: state.vaultId,
             capabilityId: state.capabilityId ?? "",
             agentId: state.agentId,
-            secretIds: state.secretIds ? [...state.secretIds] : undefined,
-            secretAliases: state.secretAliases ? [...state.secretAliases] : undefined,
             operation: state.operation,
             customFlowId: state.customFlowId,
-            scope: state.scope,
-            methods: [...state.methods],
+            write: {
+                secretIds: state.write.secretIds ? [...state.write.secretIds] : undefined,
+                scope: state.write.scope,
+                methods: [...state.write.methods],
+            },
+            read: state.actions.read.status === "APPROVED"
+                ? {
+                    mode: state.read.mode,
+                    paths: state.read.paths ? [...state.read.paths] : undefined,
+                }
+                : {
+                    mode: "none",
+                },
             issuedAt: state.issuedAt ?? state.requestedAt,
             expiresAt: state.expiresAt,
             rateLimit: state.rateLimit,
@@ -112,49 +132,68 @@ export class VaultCore {
     }
     async _buildAgentCapabilityStates(agentId) {
         return (await this._deps.capabilityStates.list(this._deps.vaultId, agentId)).map((state) => ({
-            status: state.status,
             source: state.source,
             agentId: state.agentId,
             requestId: state.requestId,
             capabilityId: state.capabilityId,
             operation: state.operation,
-            secretIds: state.secretIds ? [...state.secretIds] : undefined,
-            secretAliases: state.secretAliases ? [...state.secretAliases] : undefined,
             customFlowId: state.customFlowId,
-            scope: state.scope,
-            methods: [...state.methods],
+            write: {
+                secretIds: state.write.secretIds ? [...state.write.secretIds] : undefined,
+                scope: state.write.scope,
+                methods: [...state.write.methods],
+            },
+            read: {
+                mode: state.read.mode,
+                paths: state.read.paths ? [...state.read.paths] : undefined,
+            },
             issuedAt: state.issuedAt,
             requestedAt: state.requestedAt,
             expiresAt: state.expiresAt,
             rateLimit: state.rateLimit,
             skipAudit: state.skipAudit,
             justification: state.justification,
-            secretAlias: state.secretAlias,
+            secretId: state.secretId,
             targetUrl: state.targetUrl,
+            actions: {
+                write: { ...state.actions.write },
+                read: { ...state.actions.read },
+            },
         }));
     }
     _isExecutablePendingState(state) {
-        return !!(state.requestId && state.targetUrl && state.secretAlias && state.proof);
+        return !!(state.requestId && state.targetUrl && state.proof);
     }
     async _executePendingCapabilityState(command, mode) {
         if (command.vaultId.value !== this._deps.vaultId.value) {
             throw new VaultCoreError("write vault mismatch", "VAULT_WRITE_DENIED");
         }
         const pending = await this._deps.capabilityStates.getByRequestId(command.vaultId, command.requestId);
-        if (!pending || pending.status !== "PENDING") {
-            throw new VaultCoreError("pending capability state not found", "VAULT_REQUEST_NOT_FOUND");
+        if (!pending) {
+            throw new VaultCoreError("capability action record not found", "VAULT_REQUEST_NOT_FOUND");
+        }
+        if (pending.actions.write.status !== "APPROVED") {
+            throw new VaultCoreError("write approval required before execution", "VAULT_WRITE_DENIED");
+        }
+        if (mode === "once" && pending.source !== "dispatch_discovery") {
+            throw new VaultCoreError("one-time execution is only available for dispatch discovery requests", "VAULT_WRITE_DENIED");
         }
         const issuedAt = this._deps.clock.nowIso();
         const capability = {
             vaultId: this._deps.vaultId,
             agentId: pending.agentId,
             capabilityId: pending.capabilityId ?? this._deps.ids.newCapabilityId(),
-            secretIds: pending.secretIds ? [...pending.secretIds] : undefined,
-            secretAliases: pending.secretAliases ? [...pending.secretAliases] : (pending.secretAlias ? [pending.secretAlias] : []),
             operation: pending.operation,
             customFlowId: pending.customFlowId,
-            scope: pending.targetUrl ?? pending.scope,
-            methods: [...pending.methods],
+            write: {
+                secretIds: pending.write.secretIds ? [...pending.write.secretIds] : undefined,
+                scope: pending.targetUrl ?? pending.write.scope,
+                methods: [...pending.write.methods],
+            },
+            read: {
+                mode: pending.read.mode,
+                paths: pending.read.paths ? [...pending.read.paths] : undefined,
+            },
             issuedAt,
             expiresAt: pending.expiresAt,
             rateLimit: pending.rateLimit,
@@ -166,9 +205,9 @@ export class VaultCore {
                 vaultId: this._deps.vaultId,
                 agent: { kind: "agent", id: pending.agentId },
                 capability,
-                secretAlias: pending.secretAlias === "unknown" ? undefined : pending.secretAlias,
+                secretId: pending.secretId,
                 targetUrl: pending.targetUrl,
-                method: pending.methods[0] ?? "POST",
+                method: pending.write.methods[0] ?? "POST",
                 headers: pending.headers,
                 body: pending.body,
                 proof: pending.proof,
@@ -181,8 +220,8 @@ export class VaultCore {
                 vaultId: this._deps.vaultId,
                 requestId: pending.requestId ?? command.requestId,
                 status: DispatchStatus.SUCCEEDED,
-                targetUrl: pending.scope,
-                method: pending.methods[0] ?? "POST",
+                targetUrl: pending.write.scope,
+                method: pending.write.methods[0] ?? "POST",
             };
         }
         else {
@@ -192,26 +231,13 @@ export class VaultCore {
             await this._deps.capabilityStates.upsert({
                 ...pending,
                 capabilityId: capability.capabilityId,
-                status: "GRANTED",
                 source: "owner_grant",
                 issuedAt,
                 decidedAt: issuedAt,
             });
-            await this._appendAudit(toAuditEntry(this._deps, command.owner, AuditAction.APPROVE_CAPABILITY_REQUEST, AuditOutcome.SUCCEEDED, `executed and granted capability state ${command.requestId}`, {
-                requestId: command.requestId,
-                agentId: pending.agentId,
-                capabilityId: capability.capabilityId,
-                operation: capability.operation,
-            }));
         }
         else {
             await this._deps.capabilityStates.deleteByRequestId(command.vaultId, command.requestId);
-            await this._appendAudit(toAuditEntry(this._deps, command.owner, AuditAction.APPROVE_CAPABILITY_REQUEST, AuditOutcome.SUCCEEDED, `executed once and deleted capability state ${command.requestId}`, {
-                requestId: command.requestId,
-                agentId: pending.agentId,
-                capabilityId: capability.capabilityId,
-                operation: capability.operation,
-            }));
         }
         return result;
     }
@@ -233,8 +259,8 @@ export class VaultCore {
             capabilityId: request.capability?.capabilityId,
             operation: request.capability?.operation ?? AuditAction.AUTHORIZE_DISPATCH,
             targetUrl: request.targetUrl,
-            secretAlias: options?.secretAlias ?? request.secretAlias,
-            secretId: options?.secretId,
+            secretAlias: options?.secretAlias,
+            secretId: options?.secretId ?? request.secretId,
         }));
     }
     async _verifyAgentControlProof(request, action, payload = {}) {
@@ -265,27 +291,36 @@ export class VaultCore {
     }
     async _listVisibleSecretsForAgent(agentId) {
         const capabilities = (await this._deps.capabilityStates.list(this._deps.vaultId, agentId))
-            .filter((state) => state.status === "GRANTED")
+            .filter((state) => !!state.capabilityId && !!state.issuedAt && state.actions.write.status === "APPROVED")
             .map((state) => this._stateToGrantedCapability(state));
         const capabilityMap = new Map();
         for (const capability of capabilities) {
-            for (const alias of capability.secretAliases ?? []) {
-                const existing = capabilityMap.get(alias) ?? [];
+            for (const secretId of capability.write.secretIds ?? []) {
+                const existing = capabilityMap.get(secretId) ?? [];
                 existing.push({
                     capabilityId: capability.capabilityId,
-                    scope: capability.scope,
-                    methods: [...capability.methods],
+                    write: {
+                        secretIds: capability.write.secretIds ? [...capability.write.secretIds] : undefined,
+                        scope: capability.write.scope,
+                        methods: [...capability.write.methods],
+                    },
+                    read: {
+                        mode: capability.read.mode,
+                        paths: capability.read.paths ? [...capability.read.paths] : undefined,
+                    },
                 });
-                capabilityMap.set(alias, existing);
+                capabilityMap.set(secretId, existing);
             }
         }
         const records = await this._deps.secrets.list(this._deps.vaultId);
         return records.map((record) => {
-            const authorizedCapabilities = capabilityMap.get(record.alias.value) ?? [];
+            const authorizedCapabilities = capabilityMap.get(record.secretId.value) ?? [];
             return {
                 vaultId: record.vaultId,
                 secretId: record.secretId,
                 alias: record.alias,
+                version: record.version,
+                lifecycleStatus: record.lifecycleStatus ?? "ACTIVE",
                 issuerId: record.issuerId,
                 source: record.source,
                 createdAt: record.createdAt,
@@ -295,6 +330,94 @@ export class VaultCore {
             };
         });
     }
+    async _recordRequestExecution(request, capability, result) {
+        await this._deps.requests.save({
+            vaultId: this._deps.vaultId,
+            requestId: request.requestId,
+            agentId: request.agent.id,
+            capabilityId: capability?.capabilityId,
+            operation: capability?.operation ?? "dispatch_http",
+            createdAt: this._deps.clock.nowIso(),
+            request: {
+                targetUrl: request.targetUrl,
+                method: request.method,
+                headers: request.headers,
+                body: request.body,
+                secretId: request.secretId,
+            },
+            response: {
+                status: result.responseStatus,
+                body: result.responseBody,
+                error: result.error,
+            },
+            execution: {
+                status: result.status,
+            },
+        });
+    }
+    toVisibleRequestRecord(record, state) {
+        const readStatus = state?.actions.read.status ?? "PENDING";
+        return {
+            requestId: record.requestId,
+            createdAt: record.createdAt,
+            capabilityId: record.capabilityId,
+            operation: record.operation,
+            targetUrl: record.request.targetUrl,
+            method: record.request.method,
+            executionStatus: record.execution.status,
+            responseStatus: record.response?.status,
+            error: record.response?.error,
+            readStatus,
+            hasResponseBody: typeof record.response?.body === "string" && record.response.body.length > 0,
+            resultVisible: readStatus === "APPROVED",
+        };
+    }
+    toOwnerVisibleRequestRecord(record, state) {
+        return {
+            requestId: record.requestId,
+            createdAt: record.createdAt,
+            agentId: record.agentId,
+            capabilityId: record.capabilityId,
+            operation: record.operation,
+            targetUrl: record.request.targetUrl,
+            method: record.request.method,
+            executionStatus: record.execution.status,
+            responseStatus: record.response?.status,
+            error: record.response?.error,
+            writeStatus: state?.actions.write.status ?? "PENDING",
+            readStatus: state?.actions.read.status ?? "PENDING",
+            hasResponseBody: typeof record.response?.body === "string" && record.response.body.length > 0,
+        };
+    }
+    toOwnerRequestRecord(record, state) {
+        return {
+            requestId: record.requestId,
+            createdAt: record.createdAt,
+            agentId: record.agentId,
+            capabilityId: record.capabilityId,
+            operation: record.operation,
+            request: {
+                targetUrl: record.request.targetUrl,
+                method: record.request.method,
+                headers: record.request.headers ? { ...record.request.headers } : undefined,
+                body: record.request.body,
+                secretId: record.request.secretId,
+            },
+            response: record.response
+                ? {
+                    status: record.response.status,
+                    headers: record.response.headers ? { ...record.response.headers } : undefined,
+                    body: record.response.body,
+                    error: record.response.error,
+                }
+                : undefined,
+            actions: {
+                write: state?.actions.write ?? { action: "write", status: "PENDING" },
+                read: state?.actions.read ?? { action: "read", status: "PENDING" },
+            },
+            executionStatus: record.execution.status,
+        };
+    }
     ownerOnCapabilityState(callback) {
         this._capabilityStateObservers.add(callback);
         return () => {
@@ -365,10 +488,13 @@ export class VaultCore {
         try {
             await this._deps.capabilityStates.upsert({
                 ...command.capability,
-                status: "GRANTED",
                 source: "owner_grant",
                 requestId: undefined,
                 requestedAt: command.capability.issuedAt,
+                actions: {
+                    write: { action: "write", status: "APPROVED", decidedAt: command.capability.issuedAt },
+                    read: { action: "read", status: "APPROVED", decidedAt: command.capability.issuedAt },
+                },
             });
             await this._appendAudit(toAuditEntry(this._deps, command.owner, AuditAction.REGISTER_CAPABILITY, AuditOutcome.SUCCEEDED, `capability registered: ${command.capability.capabilityId}`, {
                 capabilityId: command.capability.capabilityId,
@@ -391,27 +517,36 @@ export class VaultCore {
         if (!command.agentId.trim()) {
             throw new VaultCoreError("capability request agent id required", "VAULT_IDENTITY_DENIED");
         }
-        if (!command.scope.scope.trim()) {
+        if (!command.capability.write.scope.trim()) {
             throw new VaultCoreError("capability request scope required", "VAULT_IDENTITY_DENIED");
         }
-        if (command.scope.methods.length === 0) {
+        if (command.capability.write.methods.length === 0) {
             throw new VaultCoreError("capability request method required", "VAULT_IDENTITY_DENIED");
         }
         const pendingRecord = {
             vaultId: this._deps.vaultId,
-            status: "PENDING",
             source: "explicit_request",
             requestId: command.requestId,
             agentId: command.agentId,
-            operation: command.scope.operation,
-            secretAliases: command.scope.secretAliases ? [...command.scope.secretAliases] : [],
-            scope: command.scope.scope,
-            methods: [...command.scope.methods],
-            rateLimit: command.scope.rateLimit,
-            skipAudit: command.scope.skipAudit,
-            expiresAt: command.scope.expiresAt,
+            operation: command.capability.operation,
+            write: {
+                secretIds: command.capability.write.secretIds ? [...command.capability.write.secretIds] : undefined,
+                scope: command.capability.write.scope,
+                methods: [...command.capability.write.methods],
+            },
+            read: {
+                mode: command.capability.read.mode,
+                paths: command.capability.read.paths ? [...command.capability.read.paths] : undefined,
+            },
+            rateLimit: command.capability.rateLimit,
+            skipAudit: command.capability.skipAudit,
+            expiresAt: command.capability.expiresAt,
             justification: command.justification,
             requestedAt: command.requestedAt,
+            actions: {
+                write: { action: "write", status: "PENDING" },
+                read: { action: "read", status: "PENDING" },
+            },
         };
         await this._deps.capabilityStates.upsert(pendingRecord);
         for (const observer of this._capabilityStateObservers) {
@@ -425,7 +560,7 @@ export class VaultCore {
         await this._appendAudit(toAuditEntry(this._deps, command.requester, AuditAction.SUBMIT_CAPABILITY_REQUEST, AuditOutcome.PENDING, `capability request submitted for agent: ${command.agentId}`, {
             requestId: command.requestId,
             agentId: command.agentId,
-            operation: command.scope.operation,
+            operation: command.capability.operation,
         }));
         return pendingRecord;
     }
@@ -434,17 +569,19 @@ export class VaultCore {
             throw new VaultCoreError("capability lookup vault mismatch", "VAULT_IDENTITY_DENIED");
         }
         const state = await this._deps.capabilityStates.getByCapabilityId(vaultId, agentId, capabilityId);
-        return state && state.status === "GRANTED" ? this._stateToGrantedCapability(state) : null;
+        return state && state.capabilityId && state.issuedAt && state.actions.write.status === "APPROVED"
+            ? this._stateToGrantedCapability(state)
+            : null;
     }
     async ownerRegisterCustomFlow(command) {
         if (command.vaultId.value !== this._deps.vaultId.value) {
-            throw new VaultCoreError("custom flow vault mismatch", "VAULT_IDENTITY_DENIED");
+            throw new VaultCoreError("request template vault mismatch", "VAULT_IDENTITY_DENIED");
         }
         if (!command.flow.flowId.trim()) {
-            throw new VaultCoreError("custom flow id required", "VAULT_IDENTITY_DENIED");
+            throw new VaultCoreError("request template id required", "VAULT_IDENTITY_DENIED");
         }
         if (command.flow.mode !== "send_secret" && !command.flow.responseSecret) {
-            throw new VaultCoreError("custom flow response secret rule required", "VAULT_IDENTITY_DENIED");
+            throw new VaultCoreError("request template response secret rule required", "VAULT_IDENTITY_DENIED");
         }
         try {
             await this._deps.customFlows.register({
@@ -458,7 +595,7 @@ export class VaultCore {
                 responseSecret: command.flow.responseSecret,
                 createdAt: this._deps.clock.nowIso(),
             });
-            await this._appendAudit(toAuditEntry(this._deps, command.owner, AuditAction.REGISTER_CUSTOM_FLOW, AuditOutcome.SUCCEEDED, `custom http flow registered: ${command.flow.flowId}`));
+            await this._appendAudit(toAuditEntry(this._deps, command.owner, AuditAction.REGISTER_CUSTOM_FLOW, AuditOutcome.SUCCEEDED, `request template registered: ${command.flow.flowId}`));
         }
         catch (error) {
             const detail = error instanceof Error ? error.message : String(error);
@@ -478,7 +615,7 @@ export class VaultCore {
             throw new VaultCoreError("alias already bound to existing secret", "VAULT_WRITE_DENIED");
         }
         const record = buildSecretRecord(this._deps, {
-            kind: "owner.write_secret",
+            kind: "owner.create_secret",
             vaultId: this._deps.vaultId,
             requestId,
             owner: actor,
@@ -493,7 +630,7 @@ export class VaultCore {
         try {
             await this._deps.custody.store(record.secretId, plaintext);
             await this._deps.secrets.save(record);
-            await this._appendAudit(toAuditEntry(this._deps, actor, AuditAction.WRITE_SECRET, AuditOutcome.SUCCEEDED, `custom flow stored secret: ${alias}`, {
+            await this._appendAudit(toAuditEntry(this._deps, actor, AuditAction.WRITE_SECRET, AuditOutcome.SUCCEEDED, `request template stored secret: ${alias}`, {
                 secretAlias: record.alias.value,
                 secretId: record.secretId.value,
             }));
@@ -507,7 +644,36 @@ export class VaultCore {
         }
         return record;
     }
-    async ownerWriteSecret(command) {
+    async _getActiveSecretByAlias(alias) {
+        const matches = (await this._deps.secrets.list(this._deps.vaultId))
+            .filter((record) => record.alias.value === alias && isSecretActive(record));
+        if (matches.length > 1) {
+            throw new VaultCoreError(`multiple active secrets found for alias: ${alias}`, "VAULT_WRITE_DENIED");
+        }
+        return matches[0] ?? null;
+    }
+    async _persistNewSecretRecord(record, plaintext, actor, successDetail) {
+        try {
+            await this._deps.custody.store(record.secretId, plaintext);
+            await this._deps.secrets.save(record);
+            await this._appendAudit(toAuditEntry(this._deps, actor, AuditAction.WRITE_SECRET, AuditOutcome.SUCCEEDED, successDetail, {
+                secretAlias: record.alias.value,
+                secretId: record.secretId.value,
+            }));
+        }
+        catch (error) {
+            await Promise.allSettled([
+                this._deps.secrets.delete(record.secretId),
+                this._deps.custody.delete(record.secretId),
+            ]);
+            throw error;
+        }
+        return record;
+    }
+    async ownerCreateSecret(command) {
+        return this.ownerWriteSecret(command);
+    }
+    async ownerUpdateSecret(command) {
         if (command.vaultId.value !== this._deps.vaultId.value) {
             throw new VaultCoreError("write vault mismatch", "VAULT_WRITE_DENIED");
         }
@@ -516,47 +682,89 @@ export class VaultCore {
         }
         catch (error) {
             const detail = error instanceof Error ? error.message : String(error);
-            await this._appendAudit(toAuditEntry(this._deps, command.kind === "owner.write_secret" ? command.owner : command.issuer, AuditAction.WRITE_SECRET, AuditOutcome.DENIED, detail, {
+            await this._appendAudit(toAuditEntry(this._deps, command.owner, AuditAction.WRITE_SECRET, AuditOutcome.DENIED, detail, {
                 secretAlias: command.alias,
             }));
             throw error;
         }
-        const existing = await this._deps.secrets.getByAlias({ value: command.alias });
-        if (existing) {
-            await this._appendAudit(toAuditEntry(this._deps, command.kind === "owner.write_secret" ? command.owner : command.issuer, AuditAction.REASSIGN_ALIAS, AuditOutcome.DENIED, "alias already bound to existing secret; explicit alias lifecycle required", {
-                secretAlias: existing.alias.value,
-                secretId: existing.secretId.value,
-            }));
-            throw new VaultCoreError("alias already bound to existing secret", "VAULT_WRITE_DENIED");
+        const existing = await this._getActiveSecretByAlias(command.alias);
+        if (!existing) {
+            throw new VaultCoreError(`secret not found: ${command.alias}`, "VAULT_SECRET_NOT_FOUND");
         }
-        const record = buildSecretRecord(this._deps, command);
+        const record = buildSecretRecord(this._deps, command, existing);
+        const supersededAt = this._deps.clock.nowIso();
+        const superseded = {
+            ...existing,
+            lifecycleStatus: "SUPERSEDED",
+            supersededBySecretId: record.secretId,
+            supersededAt,
+            retiredAt: supersededAt,
+            updatedAt: supersededAt,
+        };
+        let custodyStored = false;
+        let previousSuperseded = false;
+        let newRecordSaved = false;
         try {
             await this._deps.custody.store(record.secretId, command.plaintext);
+            custodyStored = true;
+            await this._deps.secrets.save(superseded);
+            previousSuperseded = true;
             await this._deps.secrets.save(record);
-            await this._appendAudit(toAuditEntry(this._deps, command.kind === "owner.write_secret" ? command.owner : command.issuer, AuditAction.WRITE_SECRET, AuditOutcome.SUCCEEDED, "secret stored", {
+            newRecordSaved = true;
+            await this._appendAudit(toAuditEntry(this._deps, command.owner, AuditAction.WRITE_SECRET, AuditOutcome.SUCCEEDED, "secret updated", {
                 secretAlias: record.alias.value,
                 secretId: record.secretId.value,
             }));
+            return record;
         }
         catch (error) {
+            if (previousSuperseded) {
+                await Promise.allSettled([this._deps.secrets.save(existing)]);
+            }
             await Promise.allSettled([
-                this._deps.secrets.delete(record.secretId),
-                this._deps.custody.delete(record.secretId),
+                newRecordSaved ? this._deps.secrets.delete(record.secretId) : Promise.resolve(),
+                custodyStored ? this._deps.custody.delete(record.secretId) : Promise.resolve(),
             ]);
             throw error;
         }
-        return record;
     }
-    async ownerDeleteSecret(command) {
-        const record = await this._deps.secrets.getByAlias({ value: command.alias });
+    async ownerWriteSecret(command) {
+        if (command.vaultId.value !== this._deps.vaultId.value) {
+            throw new VaultCoreError("write vault mismatch", "VAULT_WRITE_DENIED");
+        }
+        try {
+            await this._deps.policy.authorizeWrite(command);
+        }
+        catch (error) {
+            const detail = error instanceof Error ? error.message : String(error);
+            await this._appendAudit(toAuditEntry(this._deps, command.kind === "issuer.write_secret" ? command.issuer : command.owner, AuditAction.WRITE_SECRET, AuditOutcome.DENIED, detail, {
+                secretAlias: command.alias,
+            }));
+            throw error;
+        }
+        const existing = await this._getActiveSecretByAlias(command.alias);
+        if (existing) {
+            await this._appendAudit(toAuditEntry(this._deps, command.kind === "issuer.write_secret" ? command.issuer : command.owner, AuditAction.REASSIGN_ALIAS, AuditOutcome.DENIED, "alias already bound to existing secret; explicit alias lifecycle required", {
+                secretAlias: existing.alias.value,
+                secretId: existing.secretId.value,
+            }));
+            throw new VaultCoreError("alias already bound to existing secret", "VAULT_WRITE_DENIED");
+        }
+        const record = buildSecretRecord(this._deps, command);
+        return this._persistNewSecretRecord(record, command.plaintext, command.kind === "issuer.write_secret" ? command.issuer : command.owner, "secret created");
+    }
+    async ownerRemoveSecret(command) {
+        const record = await this._getActiveSecretByAlias(command.alias);
         if (!record) {
             throw new VaultCoreError(`secret not found: ${command.alias}`, "VAULT_SECRET_NOT_FOUND");
         }
-        const retiredAt = this._deps.clock.nowIso();
+        const removedAt = this._deps.clock.nowIso();
         await this._deps.secrets.save({
             ...record,
-            updatedAt: retiredAt,
-            retiredAt,
+            lifecycleStatus: "REMOVED",
+            updatedAt: removedAt,
+            removedAt,
+            retiredAt: removedAt,
         });
         await this._appendAudit(toAuditEntry(this._deps, command.owner, AuditAction.DELETE_SECRET, AuditOutcome.SUCCEEDED, `retired secret ${command.alias}`, {
             requestId: command.requestId,
@@ -564,14 +772,17 @@ export class VaultCore {
             secretId: record.secretId.value,
         }));
     }
+    async ownerDeleteSecret(command) {
+        return this.ownerRemoveSecret(command);
+    }
     async agentAuthorizeDispatch(request) {
         if (request.vaultId.value !== this._deps.vaultId.value) {
             throw new VaultCoreError("request vault mismatch", "VAULT_DISPATCH_DENIED");
         }
-        const record = request.secretAlias
-            ? await this._deps.secrets.getByAlias({ value: request.secretAlias })
+        const record = request.secretId
+            ? await this._deps.secrets.getById({ value: request.secretId })
             : null;
-        if (request.secretAlias && !record) {
+        if (request.secretId && !record) {
             await this._appendDecisionAudit(request, AuditOutcome.DENIED, "secret not found");
             return {
                 vaultId: this._deps.vaultId,
@@ -588,7 +799,7 @@ export class VaultCore {
         catch (error) {
             const detail = error instanceof Error ? error.message : String(error);
             await this._appendDecisionAudit(request, AuditOutcome.DENIED, detail, {
-                secretAlias: record?.alias.value ?? request.secretAlias,
+                secretAlias: record?.alias.value,
                 secretId: record?.secretId.value,
             });
             throw error;
@@ -599,7 +810,7 @@ export class VaultCore {
             return { vaultId: this._deps.vaultId, decision: "deny", reason: "agent not found", secretId: null };
         }
         const capabilities = (await this._deps.capabilityStates.list(this._deps.vaultId, request.agent.id))
-            .filter((state) => state.status === "GRANTED")
+            .filter((state) => !!state.capabilityId && !!state.issuedAt && state.actions.write.status === "APPROVED")
             .map((state) => this._stateToGrantedCapability(state));
         const requestedCapabilityId = request.capability?.capabilityId;
         const candidateCapabilities = requestedCapabilityId
@@ -610,21 +821,29 @@ export class VaultCore {
             // It's a discovery case if the agent and secret exist but no capability matches
             const pendingRecord = {
                 vaultId: this._deps.vaultId,
-                status: "PENDING",
                 source: "dispatch_discovery",
                 requestId: request.requestId,
                 agentId: request.agent.id,
                 capabilityId: undefined,
                 operation: "dispatch_http",
-                secretAliases: request.secretAlias ? [request.secretAlias] : [],
-                scope: request.targetUrl,
-                methods: [request.method],
+                write: {
+                    secretIds: request.secretId ? [request.secretId] : undefined,
+                    scope: request.targetUrl,
+                    methods: [request.method],
+                },
+                read: {
+                    mode: "none",
+                },
                 requestedAt: request.requestedAt,
-                secretAlias: request.secretAlias ?? "unknown",
+                secretId: request.secretId,
                 targetUrl: request.targetUrl,
                 headers: request.headers,
                 body: request.body,
                 proof: request.proof,
+                actions: {
+                    write: { action: "write", status: "PENDING" },
+                    read: { action: "read", status: "PENDING" },
+                },
             };
             await this._deps.capabilityStates.upsert(pendingRecord);
             // Notify observers
@@ -637,7 +856,7 @@ export class VaultCore {
                 }
             }
             await this._appendDecisionAudit(request, AuditOutcome.PENDING, "dispatch stalled for manual discovery approval", {
-                secretAlias: record?.alias.value ?? request.secretAlias,
+                secretAlias: record?.alias.value,
                 secretId: record?.secretId.value,
             });
             return {
@@ -656,7 +875,7 @@ export class VaultCore {
         catch (error) {
             const detail = error instanceof Error ? error.message : String(error);
             await this._appendDecisionAudit(request, AuditOutcome.DENIED, detail, {
-                secretAlias: record?.alias.value ?? request.secretAlias,
+                secretAlias: record?.alias.value,
                 secretId: record?.secretId.value,
             });
             return {
@@ -669,7 +888,7 @@ export class VaultCore {
         // Capability found, proceed
         if (!capability.skipAudit) {
             await this._appendDecisionAudit(request, AuditOutcome.ALLOWED, "dispatch authorized", {
-                secretAlias: record?.alias.value ?? request.secretAlias,
+                secretAlias: record?.alias.value,
                 secretId: record?.secretId.value,
             });
         }
@@ -720,9 +939,11 @@ export class VaultCore {
             secretAlias: record.alias.value,
             secretId: record.secretId.value,
         }));
+        await this._recordRequestExecution(request, authorization.capability, result);
         return {
             ...result,
             vaultId: this._deps.vaultId,
+            responseBody: undefined,
         };
     }
     async ownerReadAudit(actor, query, request) {
@@ -766,18 +987,16 @@ export class VaultCore {
         }
     }
     isCapabilityMatch(capability, request, secretId) {
-        // Match either alias- or id-based capability grants when a secret is specified.
-        if (request.secretAlias) {
-            const aliasMatched = capability.secretAliases?.includes(request.secretAlias) ?? false;
-            const idMatched = secretId ? (capability.secretIds?.includes(secretId) ?? false) : false;
-            if (!aliasMatched && !idMatched) {
+        if (request.secretId) {
+            const idMatched = secretId ? (capability.write.secretIds?.includes(secretId) ?? false) : false;
+            if (!idMatched) {
                 return false;
             }
         }
-        if (request.method && capability.methods?.length > 0 && !capability.methods.includes(request.method)) {
+        if (request.method && capability.write.methods?.length > 0 && !capability.write.methods.includes(request.method)) {
             return false;
         }
-        if (capability.scope && !isScopeMatch(capability.scope, request.targetUrl)) {
+        if (capability.write.scope && !isScopeMatch(capability.write.scope, request.targetUrl)) {
             return false;
         }
         return true;
@@ -791,7 +1010,7 @@ export class VaultCore {
     }
     async ownerListCapabilities(actor, agentId, request) {
         const capabilities = (await this._deps.capabilityStates.list(this._deps.vaultId, agentId))
-            .filter((state) => state.status === "GRANTED")
+            .filter((state) => !!state.capabilityId && !!state.issuedAt && state.actions.write.status === "APPROVED")
             .map((state) => this._stateToGrantedCapability(state));
         await this._appendAudit(toAuditEntry(this._deps, actor, AuditAction.LIST_CAPABILITIES, AuditOutcome.ALLOWED, "capabilities listed", {
             requestId: request?.requestId,
@@ -799,6 +1018,28 @@ export class VaultCore {
         }));
         return capabilities;
     }
+    async ownerListRequests(actor, agentId, request) {
+        const records = await this._deps.requests.list(this._deps.vaultId, agentId);
+        const states = await this._deps.capabilityStates.list(this._deps.vaultId, agentId);
+        const stateByRequestId = new Map(states.filter((state) => state.requestId).map((state) => [state.requestId, state]));
+        await this._appendAudit(toAuditEntry(this._deps, actor, AuditAction.LIST_REQUESTS, AuditOutcome.ALLOWED, "request records listed", {
+            requestId: request?.requestId,
+            agentId,
+        }));
+        return records.map((record) => this.toOwnerVisibleRequestRecord(record, stateByRequestId.get(record.requestId) ?? null));
+    }
+    async ownerGetRequest(actor, targetRequestId, request) {
+        const record = await this._deps.requests.get(this._deps.vaultId, targetRequestId);
+        if (!record) {
+            throw new VaultCoreError("request record not found", "VAULT_READ_DENIED");
+        }
+        const state = await this._deps.capabilityStates.getByRequestId(this._deps.vaultId, targetRequestId);
+        await this._appendAudit(toAuditEntry(this._deps, actor, AuditAction.READ_REQUEST, AuditOutcome.ALLOWED, "request record read", {
+            requestId: request?.requestId,
+            agentId: record.agentId,
+        }));
+        return this.toOwnerRequestRecord(record, state);
+    }
     async ownerListSecrets(actor, request) {
         const records = await this._deps.secrets.list(this._deps.vaultId);
         await this._appendAudit(toAuditEntry(this._deps, actor, AuditAction.READ_AUDIT, AuditOutcome.ALLOWED, "secret metadata listed", {
@@ -808,6 +1049,8 @@ export class VaultCore {
             vaultId: record.vaultId,
             secretId: record.secretId,
             alias: record.alias,
+            version: record.version,
+            lifecycleStatus: record.lifecycleStatus ?? "ACTIVE",
             issuerId: record.issuerId,
             source: record.source,
             createdAt: record.createdAt,
@@ -828,6 +1071,35 @@ export class VaultCore {
         await this._verifyAgentControlProof(request, "list_secrets");
         return this._listVisibleSecretsForAgent(request.agent.id);
     }
+    async agentListRequests(request) {
+        if (request.vaultId.value !== this._deps.vaultId.value) {
+            throw new VaultCoreError("read vault mismatch", "VAULT_READ_DENIED");
+        }
+        await this._verifyAgentControlProof(request, "list_requests");
+        const records = await this._deps.requests.list(this._deps.vaultId, request.agent.id);
+        const states = await this._deps.capabilityStates.list(this._deps.vaultId, request.agent.id);
+        const stateByRequestId = new Map(states.filter((state) => state.requestId).map((state) => [state.requestId, state]));
+        return records.map((record) => this.toVisibleRequestRecord(record, stateByRequestId.get(record.requestId) ?? null));
+    }
+    async agentGetRequest(request) {
+        if (request.vaultId.value !== this._deps.vaultId.value) {
+            throw new VaultCoreError("read vault mismatch", "VAULT_READ_DENIED");
+        }
+        await this._verifyAgentControlProof(request, "read_request_result", { targetRequestId: request.targetRequestId });
+        const record = await this._deps.requests.get(this._deps.vaultId, request.targetRequestId);
+        if (!record || record.agentId !== request.agent.id) {
+            throw new VaultCoreError("request record not found", "VAULT_READ_DENIED");
+        }
+        const state = await this._deps.capabilityStates.getByRequestId(this._deps.vaultId, request.targetRequestId);
+        const readApproved = state?.actions.read.status === "APPROVED";
+        return {
+            requestId: record.requestId,
+            executionStatus: record.execution.status,
+            responseStatus: record.response?.status,
+            responseBody: readApproved ? record.response?.body : undefined,
+            error: record.response?.error,
+        };
+    }
     async agentGetRuntimeManifest(command) {
         if (command.vaultId.value !== this._deps.vaultId.value) {
             throw new VaultCoreError("read vault mismatch", "VAULT_READ_DENIED");
@@ -860,10 +1132,9 @@ export class VaultCore {
             throw new VaultCoreError("write vault mismatch", "VAULT_WRITE_DENIED");
         }
         await this._verifyAgentControlProof(command, "submit_capability_request", {
-            scope: command.scope.scope,
-            methods: command.scope.methods,
-            operation: command.scope.operation,
-            secretAliases: command.scope.secretAliases ?? [],
+            write: command.capability.write,
+            read: command.capability.read,
+            operation: command.capability.operation,
             justification: command.justification ?? null,
         });
         return this.ownerSubmitCapabilityRequest({
@@ -871,7 +1142,7 @@ export class VaultCore {
             requestId: command.requestId,
             requester: command.agent,
             agentId: command.agent.id,
-            scope: command.scope,
+            capability: command.capability,
             justification: command.justification,
             requestedAt: command.requestedAt,
         });
@@ -881,10 +1152,14 @@ export class VaultCore {
         if (!existing) {
             throw new VaultCoreError("capability not found", "VAULT_CAPABILITY_NOT_FOUND");
         }
+        const decidedAt = this._deps.clock.nowIso();
         await this._deps.capabilityStates.upsert({
             ...existing,
-            status: "REJECTED",
-            decidedAt: this._deps.clock.nowIso(),
+            decidedAt,
+            actions: {
+                write: { action: "write", status: "REJECTED", decidedAt },
+                read: { action: "read", status: "REJECTED", decidedAt },
+            },
         });
         await this._appendAudit(toAuditEntry(this._deps, command.owner, AuditAction.REVOKE_CAPABILITY, AuditOutcome.SUCCEEDED, "capability revoked", {
             requestId: command.requestId,
@@ -936,29 +1211,110 @@ export class VaultCore {
             throw new VaultCoreError("read vault mismatch", "VAULT_READ_DENIED");
         }
         return (await this._deps.capabilityStates.list(command.vaultId, command.agentId))
-            .filter((state) => !command.status || state.status === command.status);
+            .filter((state) => !command.writeStatus || state.actions.write.status === command.writeStatus)
+            .filter((state) => !command.readStatus || state.actions.read.status === command.readStatus);
     }
-    async ownerExecuteCapabilityStateOnce(command) {
+    async ownerApproveCapabilityWrite(command) {
+        if (command.vaultId.value !== this._deps.vaultId.value) {
+            throw new VaultCoreError("write vault mismatch", "VAULT_WRITE_DENIED");
+        }
+        const pending = await this._deps.capabilityStates.getByRequestId(command.vaultId, command.requestId);
+        if (!pending) {
+            throw new VaultCoreError("capability action record not found", "VAULT_REQUEST_NOT_FOUND");
+        }
+        if (pending.actions.write.status !== "PENDING") {
+            throw new VaultCoreError("write approval not pending", "VAULT_WRITE_DENIED");
+        }
+        const decidedAt = this._deps.clock.nowIso();
+        const next = {
+            ...pending,
+            decidedAt,
+            actions: {
+                ...pending.actions,
+                write: {
+                    action: "write",
+                    status: "APPROVED",
+                    decidedAt,
+                },
+            },
+        };
+        await this._deps.capabilityStates.upsert(next);
+        await this._appendAudit(toAuditEntry(this._deps, command.owner, AuditAction.APPROVE_CAPABILITY_WRITE, AuditOutcome.SUCCEEDED, `approved write policy for capability request ${command.requestId}`, {
+            requestId: command.requestId,
+            agentId: pending.agentId,
+            operation: pending.operation,
+        }));
+        return next;
+    }
+    async ownerApproveCapabilityRead(command) {
+        if (command.vaultId.value !== this._deps.vaultId.value) {
+            throw new VaultCoreError("write vault mismatch", "VAULT_WRITE_DENIED");
+        }
+        const pending = await this._deps.capabilityStates.getByRequestId(command.vaultId, command.requestId);
+        if (!pending) {
+            throw new VaultCoreError("capability action record not found", "VAULT_REQUEST_NOT_FOUND");
+        }
+        if (pending.actions.write.status !== "APPROVED") {
+            throw new VaultCoreError("write approval required before read approval", "VAULT_WRITE_DENIED");
+        }
+        if (pending.actions.read.status !== "PENDING") {
+            throw new VaultCoreError("read approval not pending", "VAULT_WRITE_DENIED");
+        }
+        const decidedAt = this._deps.clock.nowIso();
+        const next = {
+            ...pending,
+            decidedAt,
+            actions: {
+                ...pending.actions,
+                read: {
+                    action: "read",
+                    status: "APPROVED",
+                    decidedAt,
+                },
+            },
+        };
+        await this._deps.capabilityStates.upsert(next);
+        await this._appendAudit(toAuditEntry(this._deps, command.owner, AuditAction.APPROVE_CAPABILITY_READ, AuditOutcome.SUCCEEDED, `approved read policy for capability request ${command.requestId}`, {
+            requestId: command.requestId,
+            agentId: pending.agentId,
+            operation: pending.operation,
+        }));
+        return next;
+    }
+    async ownerAllowOnce(command) {
         return this._executePendingCapabilityState(command, "once");
     }
-    async ownerExecuteCapabilityStateAndGrant(command) {
+    async ownerAllowAlways(command) {
         return this._executePendingCapabilityState(command, "grant");
     }
-    async ownerRejectCapabilityState(command) {
+    async ownerDeny(command) {
         if (command.vaultId.value !== this._deps.vaultId.value) {
             throw new VaultCoreError("write vault mismatch", "VAULT_WRITE_DENIED");
         }
         const pending = await this._deps.capabilityStates.getByRequestId(command.vaultId, command.requestId);
-        if (!pending || pending.status !== "PENDING") {
-            throw new VaultCoreError("pending capability state not found", "VAULT_REQUEST_NOT_FOUND");
+        if (!pending) {
+            throw new VaultCoreError("capability action record not found", "VAULT_REQUEST_NOT_FOUND");
+        }
+        const decidedAt = this._deps.clock.nowIso();
+        const rejectWrite = pending.actions.write.status === "PENDING";
+        const rejectRead = !rejectWrite && pending.actions.read.status === "PENDING";
+        if (!rejectWrite && !rejectRead) {
+            throw new VaultCoreError("no capability action approval is pending", "VAULT_WRITE_DENIED");
         }
         const rejectedState = {
             ...pending,
-            status: "REJECTED",
-            decidedAt: this._deps.clock.nowIso(),
+            decidedAt,
+            actions: {
+                write: rejectWrite
+                    ? { action: "write", status: "REJECTED", decidedAt }
+                    : { ...pending.actions.write },
+                read: rejectRead
+                    ? { action: "read", status: "REJECTED", decidedAt }
+                    : { ...pending.actions.read },
+            },
         };
         await this._deps.capabilityStates.upsert(rejectedState);
-        await this._appendAudit(toAuditEntry(this._deps, command.owner, AuditAction.REJECT_CAPABILITY_REQUEST, AuditOutcome.SUCCEEDED, `rejected capability request ${command.requestId}`, {
+        await this._appendAudit(toAuditEntry(this._deps, command.owner, rejectWrite ? AuditAction.REJECT_CAPABILITY_WRITE : AuditAction.REJECT_CAPABILITY_READ, AuditOutcome.SUCCEEDED, `rejected capability request ${command.requestId}`, {
             requestId: command.requestId,
             agentId: pending.agentId,
             operation: pending.operation,
@@ -967,6 +1323,9 @@ export class VaultCore {
     }
 }
 export function createVaultCore(deps) {
-    return new VaultCore(deps);
+    return new VaultCore({
+        ...deps,
+        requests: deps.requests ?? new InMemoryRequestRecordRegistry(),
+    });
 }
 //# sourceMappingURL=core.js.map