@the-ai-company/cbio-node-runtime 1.71.0 → 1.73.0

package/dist/runtime/index.js

@@ -13,7 +13,7 @@ export { createWorkspaceStorage, getDefaultWorkspaceDir, } from "./workspace-sto
 export { createVault, recoverVault, listVaults, updateVaultMetadata, } from "./bootstrap.js";
 export { openOwnerSession, } from "./owner-session.js";
 export { createVaultCore, VaultCore, VaultCoreError, createVaultCoreDependencies, DefaultPolicyEngine, createPersistentVaultCoreDependencies, initializeVaultCustody, recoverVaultWorkingKey, DEFAULT_VAULT_KEY_CUSTODY_BLOB_KEY, PersistentVaultAgentIdentityRegistry, PersistentVaultAuditLog, PersistentVaultAgentSecretGrantRegistry, PersistentVaultSecretDestinationGrantRegistry, PersistentVaultSecretCustody, PersistentVaultSecretRepository, } from "../vault-core/index.js";
-export { DispatchStatus, AuditOperation, } from "../vault-core/index.js";
+export { DispatchStatus, } from "../vault-core/index.js";
 export { createOwnerClient, } from "../clients/owner/index.js";
 export { createAgentClient, } from "../clients/agent/index.js";
 export { createVaultService, } from "../vault-ingress/index.js";

package/dist/runtime/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/runtime/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACxG,OAAO,EAAE,eAAe,EAAE,WAAW,EAAe,iCAAiC,EAAE,MAAM,uBAAuB,CAAC;AACrH,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAE5D,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EACL,cAAc,EACd,eAAe,GAIhB,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,gBAAgB,EAChB,iBAAiB,GAElB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,sBAAsB,EACtB,sBAAsB,GACvB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,WAAW,EACX,YAAY,EACZ,UAAU,EACV,mBAAmB,GAOpB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EACL,gBAAgB,GAGjB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EACL,eAAe,EACf,SAAS,EACT,cAAc,EACd,2BAA2B,EAG3B,mBAAmB,EACnB,qCAAqC,EACrC,sBAAsB,EACtB,sBAAsB,EACtB,kCAAkC,EAIlC,oCAAoC,EACpC,uBAAuB,EACvB,uCAAuC,EACvC,6CAA6C,EAE7C,4BAA4B,EAC5B,+BAA+B,GAChC,MAAM,wBAAwB,CAAC;AAmChC,OAAO,EACL,cAAc,EACd,cAAc,GACf,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACL,iBAAiB,GA6BlB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,iBAAiB,GAOlB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,kBAAkB,GAEnB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,uBAAuB,EACvB,2BAA2B,EAC3B,mBAAmB,EACnB,6BAA6B,GAC9B,MAAM,kCAAkC,CAAC;AAE1C,OAAO,EAAE,0BAA0B,EAAE,MAAM,sCAAsC,CAAC;AAClF,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/runtime/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACxG,OAAO,EAAE,eAAe,EAAE,WAAW,EAAe,iCAAiC,EAAE,MAAM,uBAAuB,CAAC;AACrH,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAE5D,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EACL,cAAc,EACd,eAAe,GAIhB,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,gBAAgB,EAChB,iBAAiB,GAElB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,sBAAsB,EACtB,sBAAsB,GACvB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,WAAW,EACX,YAAY,EACZ,UAAU,EACV,mBAAmB,GAOpB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EACL,gBAAgB,GAGjB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EACL,eAAe,EACf,SAAS,EACT,cAAc,EACd,2BAA2B,EAG3B,mBAAmB,EACnB,qCAAqC,EACrC,sBAAsB,EACtB,sBAAsB,EACtB,kCAAkC,EAIlC,oCAAoC,EACpC,uBAAuB,EACvB,uCAAuC,EACvC,6CAA6C,EAE7C,4BAA4B,EAC5B,+BAA+B,GAChC,MAAM,wBAAwB,CAAC;AAgChC,OAAO,EACL,cAAc,GACf,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACL,iBAAiB,GA6BlB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,iBAAiB,GAOlB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,kBAAkB,GAEnB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,uBAAuB,EACvB,2BAA2B,EAC3B,mBAAmB,EACnB,6BAA6B,GAC9B,MAAM,kCAAkC,CAAC;AAE1C,OAAO,EAAE,0BAA0B,EAAE,MAAM,sCAAsC,CAAC;AAClF,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC"}

package/dist/storage/prefix.d.ts

@@ -3,7 +3,7 @@ export declare class PrefixStorageProvider implements IStorageProvider {
     private readonly base;
     private readonly prefix;
     constructor(base: IStorageProvider, prefix: string);
-    getBaseDir(): string;
+    getBaseDir?(): string;
     private key;
     read(key: string): Promise<Buffer | null>;
     write(key: string, data: Buffer): Promise<void>;

package/dist/storage/prefix.js

@@ -10,10 +10,10 @@ export class PrefixStorageProvider {
         this.prefix = prefix;
     }
     getBaseDir() {
-        if (this.base.getBaseDir) {
+        if (typeof this.base.getBaseDir === 'function') {
             return path.join(this.base.getBaseDir(), this.prefix);
         }
-        return this.prefix;
+        return undefined; // Trigger falsy check in bootstrap
     }
     key(key) {
         return joinPrefix(this.prefix, key);

package/dist/storage/prefix.js.map

@@ -1 +1 @@
-{"version":3,"file":"prefix.js","sourceRoot":"","sources":["../../src/storage/prefix.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAGlC,SAAS,UAAU,CAAC,MAAc,EAAE,GAAW;IAC7C,OAAO,GAAG,CAAC,CAAC,CAAC,GAAG,MAAM,IAAI,GAAG,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC;AAC3C,CAAC;AAED,MAAM,OAAO,qBAAqB;IAEb;IACA;IAFnB,YACmB,IAAsB,EACtB,MAAc;QADd,SAAI,GAAJ,IAAI,CAAkB;QACtB,WAAM,GAAN,MAAM,CAAQ;IAC9B,CAAC;IAEJ,UAAU;QACR,IAAI,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YACzB,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;QACxD,CAAC;QACD,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAGO,GAAG,CAAC,GAAW;QACrB,OAAO,UAAU,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACtC,CAAC;IAED,IAAI,CAAC,GAAW;QACd,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;IACvC,CAAC;IAED,KAAK,CAAC,GAAW,EAAE,IAAY;QAC7B,OAAO,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC;IAC9C,CAAC;IAED,MAAM,CAAC,GAAW;QAChB,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;IACzC,CAAC;IAED,GAAG,CAAC,GAAW;QACb,OAAO,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;IACtC,CAAC;IAED,MAAM,CAAE,OAAe,EAAE,KAAa;QACpC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;QACzE,CAAC;QACD,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC;IAC9D,CAAC;IAED,QAAQ,CAAK,GAAW,EAAE,IAAsB;QAC9C,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACxB,OAAO,IAAI,EAAE,CAAC;QAChB,CAAC;QACD,OAAO,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC;IACjD,CAAC;CACF;AAED,MAAM,UAAU,qBAAqB,CAAC,IAAsB,EAAE,MAAc;IAC1E,OAAO,IAAI,qBAAqB,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;AACjD,CAAC"}
+{"version":3,"file":"prefix.js","sourceRoot":"","sources":["../../src/storage/prefix.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAGlC,SAAS,UAAU,CAAC,MAAc,EAAE,GAAW;IAC7C,OAAO,GAAG,CAAC,CAAC,CAAC,GAAG,MAAM,IAAI,GAAG,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC;AAC3C,CAAC;AAED,MAAM,OAAO,qBAAqB;IAEb;IACA;IAFnB,YACmB,IAAsB,EACtB,MAAc;QADd,SAAI,GAAJ,IAAI,CAAkB;QACtB,WAAM,GAAN,MAAM,CAAQ;IAC9B,CAAC;IAEJ,UAAU;QACR,IAAI,OAAQ,IAAI,CAAC,IAAY,CAAC,UAAU,KAAK,UAAU,EAAE,CAAC;YACxD,OAAO,IAAI,CAAC,IAAI,CAAE,IAAI,CAAC,IAAY,CAAC,UAAU,EAAE,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;QACjE,CAAC;QACD,OAAO,SAAgB,CAAC,CAAC,mCAAmC;IAC9D,CAAC;IAGO,GAAG,CAAC,GAAW;QACrB,OAAO,UAAU,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACtC,CAAC;IAED,IAAI,CAAC,GAAW;QACd,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;IACvC,CAAC;IAED,KAAK,CAAC,GAAW,EAAE,IAAY;QAC7B,OAAO,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC;IAC9C,CAAC;IAED,MAAM,CAAC,GAAW;QAChB,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;IACzC,CAAC;IAED,GAAG,CAAC,GAAW;QACb,OAAO,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;IACtC,CAAC;IAED,MAAM,CAAE,OAAe,EAAE,KAAa;QACpC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;QACzE,CAAC;QACD,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC;IAC9D,CAAC;IAED,QAAQ,CAAK,GAAW,EAAE,IAAsB;QAC9C,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACxB,OAAO,IAAI,EAAE,CAAC;QAChB,CAAC;QACD,OAAO,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC;IACjD,CAAC;CACF;AAED,MAAM,UAAU,qBAAqB,CAAC,IAAsB,EAAE,MAAc;IAC1E,OAAO,IAAI,qBAAqB,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;AACjD,CAAC"}

package/dist/vault-core/contracts.d.ts

@@ -4,24 +4,17 @@ export interface VaultPrincipal {
     kind: VaultPrincipalKind;
     id: string;
 }
-export interface VaultId {
-    readonly value: string;
-}
-export interface SecretId {
-    readonly value: string;
-}
-export interface SecretAlias {
-    readonly value: string;
-}
-export interface SecretVersion {
-    readonly value: string;
-}
+export type VaultId = string;
+export type SecretId = string;
+export type SecretAlias = string;
+export type SecretVersion = string;
+export type SecretIdPreference = string;
 export type SecretLifecycleStatus = "ACTIVE" | "SUPERSEDED" | "REMOVED";
 export interface SecretRecord {
     vault_id: VaultId;
     secret_id: SecretId;
     alias: SecretAlias;
-    version: SecretVersion;
+    version: string;
     lifecycle_status: SecretLifecycleStatus;
     previousSecretId?: SecretId;
     supersededBySecretId?: SecretId;
@@ -164,18 +157,6 @@ export interface AgentProof {
     signature?: string;
     token?: string;
 }
-export interface AgentVisibleSecretRecord {
-    vault_id: VaultId;
-    secret_id: SecretId;
-    alias: SecretAlias;
-    version: SecretVersion;
-    lifecycle_status: SecretLifecycleStatus;
-    issuer_id: string | null;
-    source: SecretSource;
-    created_at: string;
-    updated_at: string;
-    granted: boolean;
-}
 export interface AgentGetRuntimeManifestRequest {
     vault_id: VaultId;
     request_id: string;
@@ -201,7 +182,7 @@ export interface AgentSelfContext {
 }
 export interface AgentRuntimeManifest {
     root_agent_id: string;
-    vault_id: string;
+    vault_id: VaultId;
     vault_nickname?: string;
     issued_at: string;
     agent: AgentSelfContext;
@@ -223,7 +204,6 @@ export interface RequestRecord {
         method: string;
         headers?: Record<string, string>;
         body?: string;
-        secret_alias?: string;
         secret_id: SecretId | null;
     };
     response?: {
@@ -253,81 +233,9 @@ export interface OwnerPendingDispatchSubscription {
     afterEventId?: string;
     onEvent(event: PendingDispatchEvent): void;
 }
-export interface AgentVisibleRequestRecord {
-    request_id: string;
-    created_at: string;
-    reason: string;
-    target_url: string;
-    execution_status: DispatchStatus;
-    response_status?: number;
-    error?: string;
-    has_response_body: boolean;
-    secret_id?: SecretId;
-}
-export interface OwnerVisibleRequestRecord {
-    request_id: string;
-    created_at: string;
-    root_agent_id: string;
-    reason: string;
-    target_url: string;
-    execution_status: DispatchStatus;
-    response_status?: number;
-    error?: string;
-    has_response_body: boolean;
-    missing_grants?: {
-        agent_secret?: boolean;
-        secret_destination?: boolean;
-    };
-    secret_id?: SecretId;
-}
-export interface OwnerRequestRecord {
-    request_id: string;
-    created_at: string;
-    requested_at: string;
-    root_agent_id: string;
-    reason: string;
-    request: {
-        target_url: string;
-        method: string;
-        headers?: Record<string, string>;
-        body?: string;
-        secret_alias?: string;
-        secret_id?: SecretId;
-    };
-    response?: {
-        status?: number;
-        headers?: Record<string, string>;
-        body?: string;
-        error?: string;
-    };
-    execution_status: DispatchStatus;
-    missing_grants?: {
-        agent_secret?: boolean;
-        secret_destination?: boolean;
-    };
-    secret_id?: SecretId;
+export interface OwnerRequestRecord extends RequestRecord {
 }
-export interface AgentRequestRecord {
-    request_id: string;
-    created_at: string;
-    requested_at: string;
-    reason: string;
-    request: {
-        target_url: string;
-        method: string;
-        headers?: Record<string, string>;
-        body?: string;
-        secret_alias?: string;
-        secret_id?: SecretId;
-    };
-    response?: {
-        status?: number;
-        headers?: Record<string, string>;
-        body?: string;
-        error?: string;
-    };
-    execution_status: DispatchStatus;
-    secret_id?: SecretId;
+export interface AgentRequestRecord extends RequestRecord {
 }
 export interface VaultToolDefinition {
     name: string;
@@ -406,7 +314,7 @@ export interface DispatchRequest {
         kind: "agent";
     };
     proof: AgentProof;
-    secret_alias?: string;
+    secret_id?: SecretId;
     reason: string;
     target_url: string;
     method: string;
@@ -454,51 +362,22 @@ export interface DispatchResult {
 }
 export type AgentRequestResult = AgentRequestRecord;
 export interface AuditQuery {
-    vault_id: string;
+    vault_id: VaultId;
     actor_id?: string;
     root_agent_id?: string;
-    secret_alias?: string;
-    secret_id?: string;
+    secret_id?: SecretId;
     request_id?: string;
     since?: string;
 }
-export declare enum AuditOperation {
-    IDENTITY_REGISTER = "identity.register",
-    IDENTITY_UPDATE = "identity.update",
-    IDENTITY_ISSUE_TOKEN = "identity.issue_token",
-    IDENTITY_REVOKE_TOKEN = "identity.revoke_token",
-    GRANT_SECRET = "grant.grant_secret",
-    GRANT_DESTINATION = "grant.grant_destination",
-    REVOKE_SECRET = "grant.revoke_secret",
-    REVOKE_DESTINATION = "grant.revoke_destination",
-    SECRET_WRITE = "secret.write",
-    SECRET_EXPORT = "secret.export",
-    SECRET_DELETE = "secret.delete",
-    POLICY_EVALUATE = "policy.evaluate_dispatch",
-    SECRET_DISPATCH = "secret.dispatch",
-    DISPATCH_APPROVE = "dispatch.approve",
-    DISPATCH_REJECT = "dispatch.reject",
-    DISPATCH_HOLD = "dispatch.pending_approval"
-}
 export interface AuditEntry {
     event_id: string;
     ts: string;
-    vault_id: string;
+    vault_id: VaultId;
     actor: VaultPrincipal;
-    operation: AuditOperation;
-    decision: "allowed" | "denied";
-    execution_status: "not_executed" | "succeeded" | "failed";
-    request_id?: string;
-    secret_alias?: string;
-    secret_id?: string;
-    root_agent_id?: string;
-    site_id?: string;
-    target?: {
-        kind: "http" | "other";
-        url: string;
-    };
-    detail: string;
-    error_code?: string | null;
+    function_name: string;
+    input: Record<string, any>;
+    output?: any;
+    error?: string;
 }
 export interface AgentIdentityRecord {
     vault_id: VaultId;
@@ -532,7 +411,7 @@ export interface OwnerAuditRequest {
 }
 export interface OwnerAuditSubscription {
     afterEventId?: string;
-    operations?: readonly AuditOperation[];
+    function_names?: readonly string[];
     root_agent_id?: string;
     request_id?: string;
     onEvent(entry: AuditEntry): void;
@@ -542,14 +421,14 @@ export interface OwnerExportSecretRequest {
     actor: VaultPrincipal & {
         kind: "owner";
     };
-    alias: string;
+    alias?: string;
     request_id: string;
     requested_at: string;
 }
 export interface OwnerSecretExport {
     vault_id: VaultId;
     secret_id: SecretId;
-    alias: SecretAlias;
+    alias: string;
     plaintext: string;
     exported_at: string;
 }
@@ -568,7 +447,7 @@ export interface OwnerListGrantsRequest {
         kind: "owner";
     };
     root_agent_id?: string;
-    secret_alias?: string;
+    secret_id?: SecretId;
     site_id?: string;
     requested_at: string;
 }

package/dist/vault-core/contracts.js

@@ -6,23 +6,4 @@ export var DispatchStatus;
     DispatchStatus["IN_PROGRESS"] = "IN_PROGRESS";
     DispatchStatus["AWAITING_APPROVAL"] = "AWAITING_APPROVAL";
 })(DispatchStatus || (DispatchStatus = {}));
-export var AuditOperation;
-(function (AuditOperation) {
-    AuditOperation["IDENTITY_REGISTER"] = "identity.register";
-    AuditOperation["IDENTITY_UPDATE"] = "identity.update";
-    AuditOperation["IDENTITY_ISSUE_TOKEN"] = "identity.issue_token";
-    AuditOperation["IDENTITY_REVOKE_TOKEN"] = "identity.revoke_token";
-    AuditOperation["GRANT_SECRET"] = "grant.grant_secret";
-    AuditOperation["GRANT_DESTINATION"] = "grant.grant_destination";
-    AuditOperation["REVOKE_SECRET"] = "grant.revoke_secret";
-    AuditOperation["REVOKE_DESTINATION"] = "grant.revoke_destination";
-    AuditOperation["SECRET_WRITE"] = "secret.write";
-    AuditOperation["SECRET_EXPORT"] = "secret.export";
-    AuditOperation["SECRET_DELETE"] = "secret.delete";
-    AuditOperation["POLICY_EVALUATE"] = "policy.evaluate_dispatch";
-    AuditOperation["SECRET_DISPATCH"] = "secret.dispatch";
-    AuditOperation["DISPATCH_APPROVE"] = "dispatch.approve";
-    AuditOperation["DISPATCH_REJECT"] = "dispatch.reject";
-    AuditOperation["DISPATCH_HOLD"] = "dispatch.pending_approval";
-})(AuditOperation || (AuditOperation = {}));
 //# sourceMappingURL=contracts.js.map

package/dist/vault-core/contracts.js.map

@@ -1 +1 @@
-{"version":3,"file":"contracts.js","sourceRoot":"","sources":["../../src/vault-core/contracts.ts"],"names":[],"mappings":"AA+cA,MAAM,CAAN,IAAY,cAMX;AAND,WAAY,cAAc;IACxB,yCAAuB,CAAA;IACvB,mCAAiB,CAAA;IACjB,mCAAiB,CAAA;IACjB,6CAA2B,CAAA;IAC3B,yDAAuC,CAAA;AACzC,CAAC,EANW,cAAc,KAAd,cAAc,QAMzB;AA0BD,MAAM,CAAN,IAAY,cAqBX;AArBD,WAAY,cAAc;IACxB,yDAAuC,CAAA;IACvC,qDAAmC,CAAA;IACnC,+DAA6C,CAAA;IAC7C,iEAA+C,CAAA;IAE/C,qDAAmC,CAAA;IACnC,+DAA6C,CAAA;IAC7C,uDAAqC,CAAA;IACrC,iEAA+C,CAAA;IAE/C,+CAA6B,CAAA;IAC7B,iDAA+B,CAAA;IAC/B,iDAA+B,CAAA;IAE/B,8DAA4C,CAAA;IAC5C,qDAAmC,CAAA;IAEnC,uDAAqC,CAAA;IACrC,qDAAmC,CAAA;IACnC,6DAA2C,CAAA;AAC7C,CAAC,EArBW,cAAc,KAAd,cAAc,QAqBzB"}
+{"version":3,"file":"contracts.js","sourceRoot":"","sources":["../../src/vault-core/contracts.ts"],"names":[],"mappings":"AAsWA,MAAM,CAAN,IAAY,cAMX;AAND,WAAY,cAAc;IACxB,yCAAuB,CAAA;IACvB,mCAAiB,CAAA;IACjB,mCAAiB,CAAA;IACjB,6CAA2B,CAAA;IAC3B,yDAAuC,CAAA;AACzC,CAAC,EANW,cAAc,KAAd,cAAc,QAMzB"}

package/dist/vault-core/core.d.ts

@@ -1,9 +1,9 @@
-import { type AgentIdentityRecord, type AgentRuntimeManifest, type AgentVisibleRequestRecord, type AgentRequestRecord, type AgentVisibleSecretRecord, type AuditEntry, type AuditQuery, type DispatchAuthorization, type DispatchRequest, type DispatchResult, type OwnerPendingDispatchSubscription, type OwnerAuditSubscription, type OwnerRequestRecord, type OwnerVisibleRequestRecord, type SecretId, type SecretRecord, type VaultId, type VaultPrincipal, type AgentSecretGrant, type SecretDestinationGrant, type DispatchApprovalDecision, type OwnerCreateSecretCommand, type OwnerUpdateSecretCommand, type OwnerSecretExport } from "./contracts.js";
+import { type AgentIdentityRecord, type AgentRuntimeManifest, type AgentRequestRecord, type AuditEntry, type AuditQuery, type DispatchAuthorization, type DispatchRequest, type DispatchResult, type OwnerPendingDispatchSubscription, type OwnerAuditSubscription, type OwnerRequestRecord, type SecretId, type SecretRecord, type VaultId, type VaultPrincipal, type AgentSecretGrant, type SecretDestinationGrant, type DispatchApprovalDecision, type OwnerCreateSecretCommand, type OwnerUpdateSecretCommand, type OwnerSecretExport } from "./contracts.js";
 import type { VaultCoreDependencies } from "./ports.js";
 export declare class VaultCore {
     private readonly _deps;
     constructor(deps: VaultCoreDependencies);
-    get vault_id(): VaultId;
+    get vault_id(): string;
     private _assertOwnerPrincipal;
     private _appendAudit;
     private _verifyAgentControlProof;
@@ -53,7 +53,7 @@ export declare class VaultCore {
         proof: any;
         request_id: string;
         requested_at: string;
-    }): Promise<readonly AgentVisibleSecretRecord[]>;
+    }): Promise<readonly SecretRecord[]>;
     agentListRequests(command: {
         agent: VaultPrincipal & {
             kind: "agent";
@@ -61,7 +61,7 @@ export declare class VaultCore {
         proof: any;
         request_id: string;
         requested_at: string;
-    }): Promise<readonly AgentVisibleRequestRecord[]>;
+    }): Promise<readonly AgentRequestRecord[]>;
     agentGetRequest(command: {
         agent: VaultPrincipal & {
             kind: "agent";
@@ -102,19 +102,19 @@ export declare class VaultCore {
     }, query: AuditQuery): Promise<readonly AuditEntry[]>;
     ownerExportSecret(actor: VaultPrincipal & {
         kind: "owner";
-    }, alias: string): Promise<OwnerSecretExport>;
+    }, alias?: string): Promise<readonly OwnerSecretExport[]>;
     ownerListAgents(actor: VaultPrincipal & {
         kind: "owner";
     }): Promise<readonly AgentIdentityRecord[]>;
     ownerListRequests(actor: VaultPrincipal & {
         kind: "owner";
-    }, root_agent_id?: string): Promise<readonly OwnerVisibleRequestRecord[]>;
+    }, root_agent_id?: string): Promise<readonly OwnerRequestRecord[]>;
     ownerGetRequest(actor: VaultPrincipal & {
         kind: "owner";
     }, request_id: string): Promise<OwnerRequestRecord>;
     ownerListSecrets(actor: VaultPrincipal & {
         kind: "owner";
-    }): Promise<readonly AgentVisibleSecretRecord[]>;
+    }): Promise<readonly SecretRecord[]>;
     ownerIssueSessionToken(request: {
         vault_id: VaultId;
         actor: VaultPrincipal;
@@ -141,9 +141,8 @@ export declare class VaultCore {
     private _recordRequestInternal;
     private _createInitialRequestRecord;
     private _updateRequestRecordInternal;
-    private toAgentVisibleRequestRecord;
-    private toOwnerVisibleRequestRecord;
-    private toOwnerRequestRecord;
     private toAgentRequestRecord;
+    private toOwnerRequestRecord;
+    private _appendAuditEntry;
 }
 export declare function createVaultCore(deps: VaultCoreDependencies): VaultCore;