@the-ai-company/cbio-node-runtime 1.62.0 → 1.62.2

package/dist/vault-core/core.js

@@ -3,67 +3,8 @@ import { VaultCoreError } from "./errors.js";
 import { verifySignature } from "../protocol/crypto.js";
 import { getAgentToolbox } from "./tool-metadata.js";
 import { InMemoryRequestRecordRegistry } from "./defaults.js";
+import { applyResponseReadPolicy } from "./read-policy.js";
 const VAULT_MASTER_ID = "vault-master";
-function redactResponseShapeValue(value) {
-    if (value === null || value === undefined) {
-        return null;
-    }
-    if (Array.isArray(value)) {
-        return value.map((entry) => redactResponseShapeValue(entry));
-    }
-    if (typeof value === "object") {
-        return Object.fromEntries(Object.entries(value).map(([key, entry]) => [key, redactResponseShapeValue(entry)]));
-    }
-    return null;
-}
-function applyResponseReadPolicy(body, policy) {
-    if (body === undefined)
-        return body;
-    if (policy.mode === "full")
-        return body;
-    if (policy.mode === "none")
-        return undefined;
-    let parsed;
-    try {
-        parsed = JSON.parse(body);
-    }
-    catch {
-        return policy.mode === "shape_only" ? JSON.stringify(null) : undefined;
-    }
-    if (policy.mode === "shape_only") {
-        return JSON.stringify(redactResponseShapeValue(parsed));
-    }
-    if (policy.mode !== "custom") {
-        return body;
-    }
-    const result = {};
-    for (const path of policy.paths ?? []) {
-        const segments = path.split(".").filter(Boolean);
-        if (!segments.length)
-            continue;
-        let source = parsed;
-        let valid = true;
-        for (const segment of segments) {
-            if (source && typeof source === "object" && segment in source) {
-                source = source[segment];
-            }
-            else {
-                valid = false;
-                break;
-            }
-        }
-        if (!valid)
-            continue;
-        let target = result;
-        for (let index = 0; index < segments.length - 1; index += 1) {
-            const segment = segments[index];
-            target[segment] ??= {};
-            target = target[segment];
-        }
-        target[segments[segments.length - 1]] = source;
-    }
-    return JSON.stringify(result);
-}
 function toAuditEntry(deps, actor, action, outcome, detail, options) {
     return {
         entryId: deps.ids.newAuditEntryId(),
@@ -176,14 +117,7 @@ export class VaultCore {
                 scope: state.write.scope,
                 methods: [...state.write.methods],
             },
-            read: state.actions.read.status === "APPROVED"
-                ? {
-                    mode: state.read.mode,
-                    paths: state.read.paths ? [...state.read.paths] : undefined,
-                }
-                : {
-                    mode: "none",
-                },
+            read: { paths: [...(state.readGrant ?? [])] },
             issuedAt: state.issuedAt ?? state.requestedAt,
             expiresAt: state.expiresAt,
             rateLimit: state.rateLimit,
@@ -204,26 +138,35 @@ export class VaultCore {
                 methods: [...state.write.methods],
             },
             read: {
-                mode: state.read.mode,
-                paths: state.read.paths ? [...state.read.paths] : undefined,
+                paths: [...state.read.paths],
             },
             issuedAt: state.issuedAt,
             requestedAt: state.requestedAt,
             expiresAt: state.expiresAt,
             rateLimit: state.rateLimit,
             skipAudit: state.skipAudit,
+            writeGrant: state.writeGrant,
+            writeGrantedAt: state.writeGrantedAt,
+            readGrant: state.readGrant ? [...state.readGrant] : null,
+            readGrantedAt: state.readGrantedAt,
             reason: state.reason,
             secretId: state.secretId,
             targetUrl: state.targetUrl,
-            actions: {
-                write: { ...state.actions.write },
-                read: { ...state.actions.read },
-            },
         }));
     }
     _isExecutablePendingState(state) {
         return !!(state.requestId && state.targetUrl && state.proof);
     }
+    async _resolveRequestState(record) {
+        const byRequestId = await this._deps.capabilityStates.getByRequestId(this._deps.vaultId, record.requestId);
+        if (byRequestId) {
+            return byRequestId;
+        }
+        if (record.capabilityId) {
+            return this._deps.capabilityStates.getByCapabilityId(this._deps.vaultId, record.agentId, record.capabilityId);
+        }
+        return null;
+    }
     async _executePendingCapabilityState(command, mode) {
         if (command.vaultId.value !== this._deps.vaultId.value) {
             throw new VaultCoreError("write vault mismatch", "VAULT_WRITE_DENIED");
@@ -232,8 +175,8 @@ export class VaultCore {
         if (!pending) {
             throw new VaultCoreError("capability action record not found", "VAULT_REQUEST_NOT_FOUND");
         }
-        if (pending.actions.write.status !== "APPROVED") {
-            throw new VaultCoreError("write approval required before execution", "VAULT_WRITE_DENIED");
+        if (pending.writeGrant !== "once" && pending.writeGrant !== "always") {
+            throw new VaultCoreError("write grant required before execution", "VAULT_WRITE_DENIED");
         }
         if (mode === "once" && pending.source !== "dispatch_discovery") {
             throw new VaultCoreError("one-time execution is only available for dispatch discovery requests", "VAULT_WRITE_DENIED");
@@ -250,10 +193,7 @@ export class VaultCore {
                 scope: pending.targetUrl ?? pending.write.scope,
                 methods: [...pending.write.methods],
             },
-            read: {
-                mode: pending.read.mode,
-                paths: pending.read.paths ? [...pending.read.paths] : undefined,
-            },
+            read: { paths: [...(pending.readGrant ?? [])] },
             issuedAt,
             expiresAt: pending.expiresAt,
             rateLimit: pending.rateLimit,
@@ -296,6 +236,8 @@ export class VaultCore {
                 source: "owner_grant",
                 issuedAt,
                 decidedAt: issuedAt,
+                writeGrant: "always",
+                writeGrantedAt: pending.writeGrantedAt ?? issuedAt,
             });
         }
         else {
@@ -353,7 +295,7 @@ export class VaultCore {
     }
     async _listVisibleSecretsForAgent(agentId) {
         const capabilities = (await this._deps.capabilityStates.list(this._deps.vaultId, agentId))
-            .filter((state) => !!state.capabilityId && !!state.issuedAt && state.actions.write.status === "APPROVED")
+            .filter((state) => !!state.capabilityId && !!state.issuedAt && state.writeGrant === "always")
             .map((state) => this._stateToGrantedCapability(state));
         const capabilityMap = new Map();
         for (const capability of capabilities) {
@@ -367,8 +309,7 @@ export class VaultCore {
                         methods: [...capability.write.methods],
                     },
                     read: {
-                        mode: capability.read.mode,
-                        paths: capability.read.paths ? [...capability.read.paths] : undefined,
+                        paths: [...capability.read.paths],
                     },
                 });
                 capabilityMap.set(secretId, existing);
@@ -419,7 +360,7 @@ export class VaultCore {
         });
     }
     toVisibleRequestRecord(record, state) {
-        const readStatus = state?.actions.read.status ?? "PENDING";
+        const readGrant = state?.readGrant ?? null;
         return {
             requestId: record.requestId,
             createdAt: record.createdAt,
@@ -431,9 +372,9 @@ export class VaultCore {
             executionStatus: record.execution.status,
             responseStatus: record.response?.status,
             error: record.response?.error,
-            readStatus,
+            readGrant,
             hasResponseBody: typeof record.response?.body === "string" && record.response.body.length > 0,
-            resultVisible: readStatus === "APPROVED",
+            resultVisible: typeof record.response?.body === "string" && record.response.body.length > 0,
         };
     }
     toOwnerVisibleRequestRecord(record, state) {
@@ -449,8 +390,8 @@ export class VaultCore {
             executionStatus: record.execution.status,
             responseStatus: record.response?.status,
             error: record.response?.error,
-            writeStatus: state?.actions.write.status ?? "PENDING",
-            readStatus: state?.actions.read.status ?? "PENDING",
+            writeGrant: state?.writeGrant ?? null,
+            readGrant: state?.readGrant ?? null,
             hasResponseBody: typeof record.response?.body === "string" && record.response.body.length > 0,
         };
     }
@@ -477,10 +418,10 @@ export class VaultCore {
                     error: record.response.error,
                 }
                 : undefined,
-            actions: {
-                write: state?.actions.write ?? { action: "write", status: "PENDING" },
-                read: state?.actions.read ?? { action: "read", status: "PENDING" },
-            },
+            writeGrant: state?.writeGrant ?? null,
+            writeGrantedAt: state?.writeGrantedAt,
+            readGrant: state?.readGrant ?? null,
+            readGrantedAt: state?.readGrantedAt,
             executionStatus: record.execution.status,
         };
     }
@@ -557,10 +498,10 @@ export class VaultCore {
                 source: "owner_grant",
                 requestId: undefined,
                 requestedAt: command.capability.issuedAt,
-                actions: {
-                    write: { action: "write", status: "APPROVED", decidedAt: command.capability.issuedAt },
-                    read: { action: "read", status: "APPROVED", decidedAt: command.capability.issuedAt },
-                },
+                writeGrant: "always",
+                writeGrantedAt: command.capability.issuedAt,
+                readGrant: [...command.capability.read.paths],
+                readGrantedAt: command.capability.issuedAt,
             });
             await this._appendAudit(toAuditEntry(this._deps, command.owner, AuditAction.REGISTER_CAPABILITY, AuditOutcome.SUCCEEDED, `capability registered: ${command.capability.capabilityId}`, {
                 capabilityId: command.capability.capabilityId,
@@ -601,18 +542,15 @@ export class VaultCore {
                 methods: [...command.capability.write.methods],
             },
             read: {
-                mode: command.capability.read.mode,
-                paths: command.capability.read.paths ? [...command.capability.read.paths] : undefined,
+                paths: [...command.capability.read.paths],
             },
             rateLimit: command.capability.rateLimit,
             skipAudit: command.capability.skipAudit,
             expiresAt: command.capability.expiresAt,
             reason: command.reason,
             requestedAt: command.requestedAt,
-            actions: {
-                write: { action: "write", status: "PENDING" },
-                read: { action: "read", status: "PENDING" },
-            },
+            writeGrant: null,
+            readGrant: null,
         };
         await this._deps.capabilityStates.upsert(pendingRecord);
         for (const observer of this._capabilityStateObservers) {
@@ -635,7 +573,7 @@ export class VaultCore {
             throw new VaultCoreError("capability lookup vault mismatch", "VAULT_IDENTITY_DENIED");
         }
         const state = await this._deps.capabilityStates.getByCapabilityId(vaultId, agentId, capabilityId);
-        return state && state.capabilityId && state.issuedAt && state.actions.write.status === "APPROVED"
+        return state && state.capabilityId && state.issuedAt && state.writeGrant === "always"
             ? this._stateToGrantedCapability(state)
             : null;
     }
@@ -881,7 +819,7 @@ export class VaultCore {
             return { vaultId: this._deps.vaultId, decision: "deny", reason: "agent not found", secretId: null };
         }
         const capabilities = (await this._deps.capabilityStates.list(this._deps.vaultId, request.agent.id))
-            .filter((state) => !!state.capabilityId && !!state.issuedAt && state.actions.write.status === "APPROVED")
+            .filter((state) => !!state.capabilityId && !!state.issuedAt && state.writeGrant === "always")
             .map((state) => this._stateToGrantedCapability(state));
         const requestedCapabilityId = request.capability?.capabilityId;
         const candidateCapabilities = requestedCapabilityId
@@ -903,7 +841,7 @@ export class VaultCore {
                     methods: [request.method],
                 },
                 read: {
-                    mode: "none",
+                    paths: [],
                 },
                 requestedAt: request.requestedAt,
                 reason: request.reason,
@@ -912,10 +850,8 @@ export class VaultCore {
                 headers: request.headers,
                 body: request.body,
                 proof: request.proof,
-                actions: {
-                    write: { action: "write", status: "PENDING" },
-                    read: { action: "read", status: "PENDING" },
-                },
+                writeGrant: null,
+                readGrant: null,
             };
             await this._deps.capabilityStates.upsert(pendingRecord);
             // Notify observers
@@ -1082,7 +1018,7 @@ export class VaultCore {
     }
     async ownerListCapabilities(actor, agentId, request) {
         const capabilities = (await this._deps.capabilityStates.list(this._deps.vaultId, agentId))
-            .filter((state) => !!state.capabilityId && !!state.issuedAt && state.actions.write.status === "APPROVED")
+            .filter((state) => !!state.capabilityId && !!state.issuedAt && state.writeGrant === "always")
             .map((state) => this._stateToGrantedCapability(state));
         await this._appendAudit(toAuditEntry(this._deps, actor, AuditAction.LIST_CAPABILITIES, AuditOutcome.ALLOWED, "capabilities listed", {
             requestId: request?.requestId,
@@ -1092,20 +1028,18 @@ export class VaultCore {
     }
     async ownerListRequests(actor, agentId, request) {
         const records = await this._deps.requests.list(this._deps.vaultId, agentId);
-        const states = await this._deps.capabilityStates.list(this._deps.vaultId, agentId);
-        const stateByRequestId = new Map(states.filter((state) => state.requestId).map((state) => [state.requestId, state]));
         await this._appendAudit(toAuditEntry(this._deps, actor, AuditAction.LIST_REQUESTS, AuditOutcome.ALLOWED, "request records listed", {
             requestId: request?.requestId,
             agentId,
         }));
-        return records.map((record) => this.toOwnerVisibleRequestRecord(record, stateByRequestId.get(record.requestId) ?? null));
+        return Promise.all(records.map(async (record) => this.toOwnerVisibleRequestRecord(record, await this._resolveRequestState(record))));
     }
     async ownerGetRequest(actor, targetRequestId, request) {
         const record = await this._deps.requests.get(this._deps.vaultId, targetRequestId);
         if (!record) {
             throw new VaultCoreError("request record not found", "VAULT_READ_DENIED");
         }
-        const state = await this._deps.capabilityStates.getByRequestId(this._deps.vaultId, targetRequestId);
+        const state = await this._resolveRequestState(record);
         await this._appendAudit(toAuditEntry(this._deps, actor, AuditAction.READ_REQUEST, AuditOutcome.ALLOWED, "request record read", {
             requestId: request?.requestId,
             agentId: record.agentId,
@@ -1149,9 +1083,7 @@ export class VaultCore {
         }
         await this._verifyAgentControlProof(request, "list_requests");
         const records = await this._deps.requests.list(this._deps.vaultId, request.agent.id);
-        const states = await this._deps.capabilityStates.list(this._deps.vaultId, request.agent.id);
-        const stateByRequestId = new Map(states.filter((state) => state.requestId).map((state) => [state.requestId, state]));
-        return records.map((record) => this.toVisibleRequestRecord(record, stateByRequestId.get(record.requestId) ?? null));
+        return Promise.all(records.map(async (record) => this.toVisibleRequestRecord(record, await this._resolveRequestState(record))));
     }
     async agentGetRequest(request) {
         if (request.vaultId.value !== this._deps.vaultId.value) {
@@ -1162,11 +1094,8 @@ export class VaultCore {
         if (!record || record.agentId !== request.agent.id) {
             throw new VaultCoreError("request record not found", "VAULT_READ_DENIED");
         }
-        const state = await this._deps.capabilityStates.getByRequestId(this._deps.vaultId, request.targetRequestId);
-        const readApproved = state?.actions.read.status === "APPROVED";
-        const responseBody = readApproved
-            ? applyResponseReadPolicy(record.response?.body, state?.read ?? { mode: "full" })
-            : undefined;
+        const state = await this._resolveRequestState(record);
+        const responseBody = applyResponseReadPolicy(record.response?.body, { paths: [...(state?.readGrant ?? [])] });
         return {
             requestId: record.requestId,
             executionStatus: record.execution.status,
@@ -1234,10 +1163,10 @@ export class VaultCore {
         await this._deps.capabilityStates.upsert({
             ...existing,
             decidedAt,
-            actions: {
-                write: { action: "write", status: "REJECTED", decidedAt },
-                read: { action: "read", status: "REJECTED", decidedAt },
-            },
+            writeGrant: "none",
+            writeGrantedAt: decidedAt,
+            readGrant: [],
+            readGrantedAt: decidedAt,
         });
         await this._appendAudit(toAuditEntry(this._deps, command.owner, AuditAction.REVOKE_CAPABILITY, AuditOutcome.SUCCEEDED, "capability revoked", {
             requestId: command.requestId,
@@ -1289,10 +1218,10 @@ export class VaultCore {
             throw new VaultCoreError("read vault mismatch", "VAULT_READ_DENIED");
         }
         return (await this._deps.capabilityStates.list(command.vaultId, command.agentId))
-            .filter((state) => !command.writeStatus || state.actions.write.status === command.writeStatus)
-            .filter((state) => !command.readStatus || state.actions.read.status === command.readStatus);
+            .filter((state) => command.writeGranted === undefined || (command.writeGranted ? state.writeGrant != null : state.writeGrant == null))
+            .filter((state) => command.readGranted === undefined || (command.readGranted ? state.readGrant != null : state.readGrant == null));
     }
-    async ownerApproveCapabilityWrite(command) {
+    async ownerApproveCapabilityRead(command) {
         if (command.vaultId.value !== this._deps.vaultId.value) {
             throw new VaultCoreError("write vault mismatch", "VAULT_WRITE_DENIED");
         }
@@ -1300,75 +1229,43 @@ export class VaultCore {
         if (!pending) {
             throw new VaultCoreError("capability action record not found", "VAULT_REQUEST_NOT_FOUND");
         }
-        if (pending.actions.write.status !== "PENDING") {
-            throw new VaultCoreError("write approval not pending", "VAULT_WRITE_DENIED");
+        if (pending.writeGrant == null) {
+            throw new VaultCoreError("write decision required before read grant", "VAULT_WRITE_DENIED");
+        }
+        if (pending.readGrant != null) {
+            throw new VaultCoreError("read grant already decided", "VAULT_WRITE_DENIED");
         }
         const decidedAt = this._deps.clock.nowIso();
         const next = {
             ...pending,
+            readGrant: [...(command.read?.paths ?? [])],
+            readGrantedAt: decidedAt,
             decidedAt,
-            actions: {
-                ...pending.actions,
-                write: {
-                    action: "write",
-                    status: "APPROVED",
-                    decidedAt,
-                },
-            },
         };
         await this._deps.capabilityStates.upsert(next);
-        await this._appendAudit(toAuditEntry(this._deps, command.owner, AuditAction.APPROVE_CAPABILITY_WRITE, AuditOutcome.SUCCEEDED, `approved write policy for capability request ${command.requestId}`, {
+        await this._appendAudit(toAuditEntry(this._deps, command.owner, AuditAction.APPROVE_CAPABILITY_READ, AuditOutcome.SUCCEEDED, `approved read policy for capability request ${command.requestId}`, {
             requestId: command.requestId,
             agentId: pending.agentId,
             operation: pending.operation,
         }));
         return next;
     }
-    async ownerApproveCapabilityRead(command) {
-        if (command.vaultId.value !== this._deps.vaultId.value) {
-            throw new VaultCoreError("write vault mismatch", "VAULT_WRITE_DENIED");
-        }
+    async ownerAllowOnce(command) {
         const pending = await this._deps.capabilityStates.getByRequestId(command.vaultId, command.requestId);
         if (!pending) {
             throw new VaultCoreError("capability action record not found", "VAULT_REQUEST_NOT_FOUND");
         }
-        if (pending.actions.write.status !== "APPROVED") {
-            throw new VaultCoreError("write approval required before read approval", "VAULT_WRITE_DENIED");
-        }
-        if (pending.actions.read.status !== "PENDING") {
-            throw new VaultCoreError("read approval not pending", "VAULT_WRITE_DENIED");
-        }
         const decidedAt = this._deps.clock.nowIso();
-        const next = {
-            ...pending,
-            read: command.read
-                ? {
-                    mode: command.read.mode,
-                    paths: command.read.paths ? [...command.read.paths] : undefined,
-                }
-                : pending.read,
-            decidedAt,
-            actions: {
-                ...pending.actions,
-                read: {
-                    action: "read",
-                    status: "APPROVED",
-                    decidedAt,
-                },
-            },
-        };
-        await this._deps.capabilityStates.upsert(next);
-        await this._appendAudit(toAuditEntry(this._deps, command.owner, AuditAction.APPROVE_CAPABILITY_READ, AuditOutcome.SUCCEEDED, `approved read policy for capability request ${command.requestId}`, {
-            requestId: command.requestId,
-            agentId: pending.agentId,
-            operation: pending.operation,
-        }));
-        return next;
-    }
-    async ownerAllowOnce(command) {
+        await this._deps.capabilityStates.upsert({ ...pending, writeGrant: "once", writeGrantedAt: decidedAt, decidedAt });
         return this._executePendingCapabilityState(command, "once");
     }
     async ownerAllowAlways(command) {
+        const pending = await this._deps.capabilityStates.getByRequestId(command.vaultId, command.requestId);
+        if (!pending) {
+            throw new VaultCoreError("capability action record not found", "VAULT_REQUEST_NOT_FOUND");
+        }
+        const decidedAt = this._deps.clock.nowIso();
+        await this._deps.capabilityStates.upsert({ ...pending, writeGrant: "always", writeGrantedAt: decidedAt, decidedAt });
         return this._executePendingCapabilityState(command, "grant");
     }
     async ownerDeny(command) {
@@ -1380,22 +1277,18 @@ export class VaultCore {
             throw new VaultCoreError("capability action record not found", "VAULT_REQUEST_NOT_FOUND");
         }
         const decidedAt = this._deps.clock.nowIso();
-        const rejectWrite = pending.actions.write.status === "PENDING";
-        const rejectRead = !rejectWrite && pending.actions.read.status === "PENDING";
+        const rejectWrite = pending.writeGrant == null;
+        const rejectRead = !rejectWrite && pending.readGrant == null;
         if (!rejectWrite && !rejectRead) {
             throw new VaultCoreError("no capability action approval is pending", "VAULT_WRITE_DENIED");
         }
         const rejectedState = {
             ...pending,
             decidedAt,
-            actions: {
-                write: rejectWrite
-                    ? { action: "write", status: "REJECTED", decidedAt }
-                    : { ...pending.actions.write },
-                read: rejectRead
-                    ? { action: "read", status: "REJECTED", decidedAt }
-                    : { ...pending.actions.read },
-            },
+            writeGrant: rejectWrite ? "none" : pending.writeGrant,
+            writeGrantedAt: rejectWrite ? decidedAt : pending.writeGrantedAt,
+            readGrant: rejectRead ? [] : pending.readGrant,
+            readGrantedAt: rejectRead ? decidedAt : pending.readGrantedAt,
         };
         await this._deps.capabilityStates.upsert(rejectedState);
         await this._appendAudit(toAuditEntry(this._deps, command.owner, rejectWrite ? AuditAction.REJECT_CAPABILITY_WRITE : AuditAction.REJECT_CAPABILITY_READ, AuditOutcome.SUCCEEDED, `rejected capability request ${command.requestId}`, {