@undefineds.co/linx 0.2.3 → 0.2.12

package/dist/lib/watch/pod-approval.js

@@ -1,4 +1,6 @@
 import { setTimeout as delay } from 'node:timers/promises';
+import { getClientCredentialId, getClientCredentialKey } from '../credentials-store.js';
+import { AS_ACTOR, AS_ANNOUNCE, AS_OBJECT, DCT_CREATED, ODRL_ACTION, ODRL_POLICY, ODRL_TARGET, RDF_TYPE, UDFS_ACTION, UDFS_ACTOR, UDFS_ACTOR_ROLE, UDFS_APPROVAL_REQUEST, UDFS_ASSIGNED_TO, UDFS_AUDIT_ENTRY, UDFS_AUTONOMY_GRANT, UDFS_CONTEXT, UDFS_DECISION_BY, UDFS_DECISION_ROLE, UDFS_EFFECT, UDFS_ON_BEHALF_OF, UDFS_POLICY_VERSION, UDFS_REASON, UDFS_RESOLVED_AT, UDFS_REVOKED_AT, UDFS_RISK, UDFS_RISK_CEILING, UDFS_SESSION, UDFS_STATUS, UDFS_TOOL_CALL_ID, UDFS_TOOL_NAME, buildApprovalResourceUrl, buildAuditResourceUrl, buildGrantResourceUrl, buildInboxResourceUrl, firstIri, firstLiteral, iri, listTurtleResources, literal, parseManagedTurtleBlocks, readTurtleResource, subjectIdFromResourceUrl, upsertManagedTurtleBlock, } from '../pi-adapter/pod-native.js';
 const WATCH_CHAT_ID = 'linx-watch';
 const WATCH_AGENT_ID = 'linx-watch-assistant';
 const REMOTE_APPROVAL_POLICY_VERSION = 'linx-watch-remote-approval/v1';
@@ -162,16 +164,17 @@ function parseRequestAuditContext(value) {
         }
         const kind = normalizeString(parsed.kind);
         const message = normalizeString(parsed.message);
-        const backend = normalizeString(parsed.backend);
         const sessionId = normalizeString(parsed.sessionId);
-        if (!kind || !message || !backend || !sessionId) {
+        if (!kind || !message || !sessionId) {
             return null;
         }
         return {
             kind: kind,
             message,
-            backend: backend,
             sessionId,
+            ...(normalizeString(parsed.backend) ? { backend: normalizeString(parsed.backend) } : {}),
+            ...(normalizeString(parsed.runtime) ? { runtime: normalizeString(parsed.runtime) } : {}),
+            ...(normalizeString(parsed.toolName) ? { toolName: normalizeString(parsed.toolName) } : {}),
             ...(normalizeString(parsed.command) ? { command: normalizeString(parsed.command) } : {}),
             ...(normalizeString(parsed.cwd) ? { cwd: normalizeString(parsed.cwd) } : {}),
         };
@@ -249,71 +252,36 @@ function missingRemoteApprovalCredentialsMessage() {
     return 'LinX remote approval requires `linx login` first.';
 }
 function unsupportedRemoteApprovalAuthMessage() {
-    return 'LinX remote approval requires client credentials auth in `~/.linx`.';
+    return 'LinX remote approval requires a valid LinX login in `~/.linx`.';
 }
 async function createDefaultRuntime() {
-    const [credentialsStore, solidAuth, models] = await Promise.all([
+    const [credentialsStore, solidAuth, oidcAuth] = await Promise.all([
         dynamicImport(new URL('../credentials-store.js', import.meta.url).href),
         dynamicImport(new URL('../solid-auth.js', import.meta.url).href),
-        dynamicImport(new URL('../models.js', import.meta.url).href),
+        dynamicImport(new URL('../oidc-auth.js', import.meta.url).href),
     ]);
     return {
         loadCredentials: credentialsStore.loadCredentials,
         getClientCredentials: credentialsStore.getClientCredentials,
+        getOidcAccessToken: oidcAuth.getOidcAccessToken,
         authenticate: solidAuth.authenticate,
-        createStore(session) {
-            const db = models.drizzle(session, {
-                logger: false,
-                disableInteropDiscovery: true,
-                schema: models.solidSchema,
-            });
-            let initialized = false;
-            async function ensureInitialized() {
-                if (initialized) {
-                    return;
-                }
-                initialized = true;
-                await db.init([
-                    models.approvalTable,
-                    models.auditTable,
-                    models.grantTable,
-                    models.inboxNotificationTable,
-                ]).catch(() => undefined);
+        authenticatedFetch(url, token, init) {
+            const headers = new Headers(init?.headers);
+            headers.set('Authorization', `Bearer ${token}`);
+            return fetch(url, { ...init, headers });
+        },
+        createStore(sessionOrWebId, fetcher) {
+            const webId = typeof sessionOrWebId === 'string' ? sessionOrWebId : sessionOrWebId.info.webId;
+            if (!webId) {
+                throw new Error('Remote approval authentication succeeded without a WebID.');
+            }
+            const activeFetcher = fetcher ?? (typeof sessionOrWebId === 'string'
+                ? undefined
+                : ((url, init) => sessionOrWebId.fetch(url, init)));
+            if (!activeFetcher) {
+                throw new Error('Remote approval authentication succeeded without a Pod fetcher.');
             }
-            return {
-                async listApprovals() {
-                    await ensureInitialized();
-                    return await db.select().from(models.approvalTable).execute();
-                },
-                async insertApproval(row) {
-                    await ensureInitialized();
-                    await db.insert(models.approvalTable).values(row).execute();
-                },
-                async updateApproval(id, patch) {
-                    await ensureInitialized();
-                    await db.update(models.approvalTable).set(patch).where(models.eq(models.approvalTable.id, id)).execute();
-                },
-                async listAudits() {
-                    await ensureInitialized();
-                    return await db.select().from(models.auditTable).execute();
-                },
-                async insertAudit(row) {
-                    await ensureInitialized();
-                    await db.insert(models.auditTable).values(row).execute();
-                },
-                async listGrants() {
-                    await ensureInitialized();
-                    return await db.select().from(models.grantTable).execute();
-                },
-                async insertGrant(row) {
-                    await ensureInitialized();
-                    await db.insert(models.grantTable).values(row).execute();
-                },
-                async insertInboxNotification(row) {
-                    await ensureInitialized();
-                    await db.insert(models.inboxNotificationTable).values(row).execute();
-                },
-            };
+            return createNativeRemoteApprovalStore(webId, activeFetcher);
         },
         sleep(ms) {
             return delay(ms);
@@ -329,90 +297,362 @@ async function withRemoteApprovalStore(runtime, fn) {
         throw new Error(missingRemoteApprovalCredentialsMessage());
     }
     const clientCredentials = runtime.getClientCredentials(stored);
-    if (!clientCredentials) {
-        throw new Error(unsupportedRemoteApprovalAuthMessage());
-    }
-    const { session } = await runtime.authenticate(clientCredentials.clientId, clientCredentials.clientSecret, stored.url);
-    const webId = session.info.webId ?? stored.webId;
-    if (!webId) {
-        await session.logout().catch(() => undefined);
-        throw new Error('Remote approval authentication succeeded without a WebID.');
+    if (clientCredentials) {
+        const { session } = await runtime.authenticate(getClientCredentialId(clientCredentials), getClientCredentialKey(clientCredentials), stored.url);
+        const webId = session.info.webId ?? stored.webId;
+        if (!webId) {
+            await session.logout().catch(() => undefined);
+            throw new Error('Remote approval authentication succeeded without a WebID.');
+        }
+        try {
+            return await fn({
+                store: runtime.createStore(session),
+                webId,
+                stored,
+            });
+        }
+        finally {
+            await session.logout().catch(() => undefined);
+        }
     }
-    try {
+    const accessToken = await runtime.getOidcAccessToken?.(stored);
+    if (accessToken && stored.webId && runtime.authenticatedFetch) {
+        const fetcher = (url, init) => runtime.authenticatedFetch(url, accessToken, init);
         return await fn({
-            store: runtime.createStore(session),
-            webId,
+            store: runtime.createStore(stored.webId, fetcher),
+            webId: stored.webId,
             stored,
         });
     }
-    finally {
-        await session.logout().catch(() => undefined);
+    throw new Error(unsupportedRemoteApprovalAuthMessage());
+}
+function createNativeRemoteApprovalStore(webId, fetcher) {
+    return {
+        listApprovals: () => listApprovalRows(webId, fetcher),
+        insertApproval: (row) => writeApprovalRow(webId, fetcher, row),
+        async updateApproval(id, patch) {
+            const existing = (await listApprovalRows(webId, fetcher)).find((row) => row.id === id);
+            if (!existing) {
+                throw new Error(`Remote approval not found: ${id}`);
+            }
+            await writeApprovalRow(webId, fetcher, { ...existing, ...patch });
+        },
+        listAudits: () => listAuditRows(webId, fetcher),
+        insertAudit: (row) => writeAuditRow(webId, fetcher, row),
+        listGrants: () => listGrantRows(webId, fetcher),
+        insertGrant: (row) => writeGrantRow(webId, fetcher, row),
+        insertInboxNotification: (row) => writeInboxNotificationRow(webId, fetcher, row),
+    };
+}
+async function listApprovalRows(webId, fetcher) {
+    const urls = await listTurtleResources(fetcher, `${getPodBaseUrl(webId)}/.data/approvals/`);
+    const rows = [];
+    for (const url of urls.filter((entry) => entry.endsWith('.ttl'))) {
+        const turtle = await readTurtleResource(fetcher, url).catch(() => null);
+        if (!turtle)
+            continue;
+        const predicates = parseManagedTurtleBlocks(turtle, url).get(url);
+        if (!predicates)
+            continue;
+        const row = approvalRowFromPredicates(url, predicates);
+        if (row)
+            rows.push(row);
+    }
+    return rows;
+}
+async function writeApprovalRow(webId, fetcher, row) {
+    const url = buildApprovalResourceUrl(webId, row.id);
+    await upsertManagedTurtleBlock(fetcher, url, {
+        subject: url,
+        triples: [
+            { predicate: RDF_TYPE, object: iri(UDFS_APPROVAL_REQUEST) },
+            { predicate: UDFS_SESSION, object: iri(row.session) },
+            { predicate: UDFS_TOOL_CALL_ID, object: literal(row.toolCallId) },
+            { predicate: UDFS_TOOL_NAME, object: literal(row.toolName) },
+            { predicate: ODRL_TARGET, object: iri(row.target) },
+            { predicate: ODRL_ACTION, object: iri(row.action) },
+            { predicate: UDFS_RISK, object: literal(row.risk) },
+            { predicate: UDFS_STATUS, object: literal(row.status) },
+            ...(row.assignedTo ? [{ predicate: UDFS_ASSIGNED_TO, object: iri(row.assignedTo) }] : []),
+            ...(row.decisionBy ? [{ predicate: UDFS_DECISION_BY, object: iri(row.decisionBy) }] : []),
+            ...(row.decisionRole ? [{ predicate: UDFS_DECISION_ROLE, object: literal(row.decisionRole) }] : []),
+            ...(row.onBehalfOf ? [{ predicate: UDFS_ON_BEHALF_OF, object: iri(row.onBehalfOf) }] : []),
+            ...(row.reason ? [{ predicate: UDFS_REASON, object: literal(row.reason) }] : []),
+            ...(row.policyVersion ? [{ predicate: UDFS_POLICY_VERSION, object: literal(row.policyVersion) }] : []),
+            { predicate: DCT_CREATED, object: literal(toIsoString(row.createdAt, new Date().toISOString())) },
+            ...(row.resolvedAt ? [{ predicate: UDFS_RESOLVED_AT, object: literal(toIsoString(row.resolvedAt, new Date().toISOString())) }] : []),
+        ],
+    });
+}
+async function listAuditRows(webId, fetcher) {
+    const urls = await listTurtleResources(fetcher, `${getPodBaseUrl(webId)}/.data/audit/`);
+    const rows = [];
+    for (const url of urls.filter((entry) => entry.endsWith('.ttl'))) {
+        const turtle = await readTurtleResource(fetcher, url).catch(() => null);
+        if (!turtle)
+            continue;
+        const predicates = parseManagedTurtleBlocks(turtle, url).get(url);
+        if (!predicates)
+            continue;
+        const row = auditRowFromPredicates(url, predicates);
+        if (row)
+            rows.push(row);
+    }
+    return rows;
+}
+async function writeAuditRow(webId, fetcher, row) {
+    const url = buildAuditResourceUrl(webId, row.id);
+    await upsertManagedTurtleBlock(fetcher, url, {
+        subject: url,
+        triples: [
+            { predicate: RDF_TYPE, object: iri(UDFS_AUDIT_ENTRY) },
+            { predicate: UDFS_ACTION, object: literal(row.action) },
+            { predicate: UDFS_ACTOR, object: iri(row.actor) },
+            { predicate: UDFS_ACTOR_ROLE, object: literal(row.actorRole) },
+            ...(row.onBehalfOf ? [{ predicate: UDFS_ON_BEHALF_OF, object: iri(row.onBehalfOf) }] : []),
+            ...(row.session ? [{ predicate: UDFS_SESSION, object: iri(row.session) }] : []),
+            ...(row.toolCallId ? [{ predicate: UDFS_TOOL_CALL_ID, object: literal(row.toolCallId) }] : []),
+            ...(row.approval ? [{ predicate: 'https://undefineds.co/ns#approval', object: iri(row.approval) }] : []),
+            ...(row.context ? [{ predicate: UDFS_CONTEXT, object: literal(row.context) }] : []),
+            ...(row.policyVersion ? [{ predicate: UDFS_POLICY_VERSION, object: literal(row.policyVersion) }] : []),
+            { predicate: DCT_CREATED, object: literal(toIsoString(row.createdAt, new Date().toISOString())) },
+        ],
+    });
+}
+async function listGrantRows(webId, fetcher) {
+    const urls = await listTurtleResources(fetcher, `${getPodBaseUrl(webId)}/settings/autonomy/grants/`);
+    const rows = [];
+    for (const url of urls.filter((entry) => entry.endsWith('.ttl'))) {
+        const turtle = await readTurtleResource(fetcher, url).catch(() => null);
+        if (!turtle)
+            continue;
+        const predicates = parseManagedTurtleBlocks(turtle, url).get(url);
+        if (!predicates)
+            continue;
+        const row = grantRowFromPredicates(url, predicates);
+        if (row)
+            rows.push(row);
+    }
+    return rows;
+}
+async function writeGrantRow(webId, fetcher, row) {
+    const id = normalizeString(row.id) ?? crypto.randomUUID();
+    const url = buildGrantResourceUrl(webId, id);
+    const target = normalizeString(row.target);
+    const action = normalizeString(row.action);
+    const effect = normalizeString(row.effect);
+    const decisionBy = normalizeString(row.decisionBy);
+    const decisionRole = normalizeString(row.decisionRole);
+    if (!target || !action || !effect || !decisionBy || !decisionRole) {
+        throw new Error(`Invalid remote approval grant row: ${id}`);
+    }
+    await upsertManagedTurtleBlock(fetcher, url, {
+        subject: url,
+        triples: [
+            { predicate: RDF_TYPE, object: iri(ODRL_POLICY) },
+            { predicate: RDF_TYPE, object: iri(UDFS_AUTONOMY_GRANT) },
+            { predicate: ODRL_TARGET, object: iri(target) },
+            { predicate: ODRL_ACTION, object: iri(action) },
+            { predicate: UDFS_EFFECT, object: literal(effect) },
+            ...(normalizeString(row.riskCeiling) ? [{ predicate: UDFS_RISK_CEILING, object: literal(normalizeString(row.riskCeiling)) }] : []),
+            { predicate: UDFS_DECISION_BY, object: iri(decisionBy) },
+            { predicate: UDFS_DECISION_ROLE, object: literal(decisionRole) },
+            ...(normalizeString(row.onBehalfOf) ? [{ predicate: UDFS_ON_BEHALF_OF, object: iri(normalizeString(row.onBehalfOf)) }] : []),
+            { predicate: DCT_CREATED, object: literal(toIsoString(row.createdAt, new Date().toISOString())) },
+            ...(normalizeString(row.revokedAt) ? [{ predicate: UDFS_REVOKED_AT, object: literal(normalizeString(row.revokedAt)) }] : []),
+        ],
+    });
+}
+async function writeInboxNotificationRow(webId, fetcher, row) {
+    const url = buildInboxResourceUrl(webId, row.id);
+    await upsertManagedTurtleBlock(fetcher, url, {
+        subject: url,
+        triples: [
+            { predicate: RDF_TYPE, object: iri(AS_ANNOUNCE) },
+            ...(row.actor ? [{ predicate: AS_ACTOR, object: iri(row.actor) }] : []),
+            { predicate: AS_OBJECT, object: iri(row.object) },
+            { predicate: DCT_CREATED, object: literal(toIsoString(row.createdAt, new Date().toISOString())) },
+        ],
+    });
+}
+function approvalRowFromPredicates(url, predicates) {
+    const session = firstIri(predicates, UDFS_SESSION);
+    const toolCallId = firstLiteral(predicates, UDFS_TOOL_CALL_ID);
+    const toolName = firstLiteral(predicates, UDFS_TOOL_NAME);
+    const target = firstIri(predicates, ODRL_TARGET);
+    const action = firstIri(predicates, ODRL_ACTION);
+    const risk = firstLiteral(predicates, UDFS_RISK);
+    const status = firstLiteral(predicates, UDFS_STATUS);
+    const createdAt = firstLiteral(predicates, DCT_CREATED);
+    if (!session || !toolCallId || !toolName || !target || !action || !risk || !status || !createdAt) {
+        return null;
+    }
+    return {
+        id: subjectIdFromResourceUrl(url),
+        session,
+        toolCallId,
+        toolName,
+        target,
+        action,
+        risk,
+        status,
+        assignedTo: firstIri(predicates, UDFS_ASSIGNED_TO),
+        decisionBy: firstIri(predicates, UDFS_DECISION_BY),
+        decisionRole: firstLiteral(predicates, UDFS_DECISION_ROLE),
+        onBehalfOf: firstIri(predicates, UDFS_ON_BEHALF_OF),
+        reason: firstLiteral(predicates, UDFS_REASON),
+        policyVersion: firstLiteral(predicates, UDFS_POLICY_VERSION),
+        createdAt,
+        resolvedAt: firstLiteral(predicates, UDFS_RESOLVED_AT),
+    };
+}
+function auditRowFromPredicates(url, predicates) {
+    const action = firstLiteral(predicates, UDFS_ACTION);
+    const actor = firstIri(predicates, UDFS_ACTOR);
+    const actorRole = firstLiteral(predicates, UDFS_ACTOR_ROLE);
+    const createdAt = firstLiteral(predicates, DCT_CREATED);
+    if (!action || !actor || !actorRole || !createdAt) {
+        return null;
+    }
+    return {
+        id: subjectIdFromResourceUrl(url),
+        action,
+        actor,
+        actorRole,
+        onBehalfOf: firstIri(predicates, UDFS_ON_BEHALF_OF),
+        session: firstIri(predicates, UDFS_SESSION),
+        toolCallId: firstLiteral(predicates, UDFS_TOOL_CALL_ID),
+        approval: firstIri(predicates, 'https://undefineds.co/ns#approval'),
+        context: firstLiteral(predicates, UDFS_CONTEXT),
+        policyVersion: firstLiteral(predicates, UDFS_POLICY_VERSION),
+        createdAt,
+    };
+}
+function grantRowFromPredicates(url, predicates) {
+    const target = firstIri(predicates, ODRL_TARGET);
+    const action = firstIri(predicates, ODRL_ACTION);
+    const effect = firstLiteral(predicates, UDFS_EFFECT);
+    const decisionBy = firstIri(predicates, UDFS_DECISION_BY);
+    const decisionRole = firstLiteral(predicates, UDFS_DECISION_ROLE);
+    const createdAt = firstLiteral(predicates, DCT_CREATED);
+    if (!target || !action || !effect || !decisionBy || !decisionRole || !createdAt) {
+        return null;
     }
+    return {
+        id: subjectIdFromResourceUrl(url),
+        target,
+        action,
+        effect,
+        riskCeiling: firstLiteral(predicates, UDFS_RISK_CEILING),
+        decisionBy,
+        decisionRole,
+        onBehalfOf: firstIri(predicates, UDFS_ON_BEHALF_OF),
+        createdAt,
+        revokedAt: firstLiteral(predicates, UDFS_REVOKED_AT),
+    };
 }
 export async function createRemoteWatchApproval(options) {
     const activeRuntime = options.runtime ?? await createDefaultRuntime();
-    return withRemoteApprovalStore(activeRuntime, async ({ store, webId }) => {
+    return createRemoteApproval({
+        subject: ({ webId }) => ({
+            sessionUri: buildThreadUri(webId, options.record.id),
+            actorUri: buildAgentUri(webId),
+            policyVersion: REMOTE_APPROVAL_POLICY_VERSION,
+        }),
+        request: ({ sessionUri }) => ({
+            kind: options.request.kind,
+            message: buildRequestMessage(options.request),
+            toolCallId: extractToolCallId(options.request),
+            toolName: buildToolName(options.request),
+            action: buildActionUri(options.request),
+            risk: buildRisk(options.request),
+            ...(options.request.kind === 'command-approval' && options.request.command ? { command: options.request.command } : {}),
+            ...(options.request.kind === 'command-approval' && options.request.cwd ? { cwd: options.request.cwd } : {}),
+            context: buildRequestAuditContext(options.record, options.request),
+        }),
+        runtime: activeRuntime,
+    });
+}
+export async function createRemoteApproval(options) {
+    const activeRuntime = options.runtime ?? await createDefaultRuntime();
+    return withRemoteApprovalStore(activeRuntime, async ({ store, webId, stored }) => {
+        const subject = typeof options.subject === 'function'
+            ? options.subject({ webId, stored })
+            : options.subject;
+        const request = typeof options.request === 'function'
+            ? options.request({ webId, stored, sessionUri: subject.sessionUri })
+            : options.request;
         const approvalId = crypto.randomUUID();
         const now = activeRuntime.now();
-        const sessionUri = buildThreadUri(webId, options.record.id);
+        const sessionUri = subject.sessionUri;
         const approvalUri = buildApprovalUri(webId, approvalId);
-        const toolCallId = extractToolCallId(options.request);
-        const requestContext = buildRequestAuditContext(options.record, options.request);
+        const targetUri = subject.targetUri ?? sessionUri;
+        const assignedTo = subject.assignedTo ?? webId;
+        const onBehalfOf = subject.onBehalfOf ?? webId;
+        const policyVersion = subject.policyVersion ?? REMOTE_APPROVAL_POLICY_VERSION;
+        const requestContext = request.context ?? {
+            kind: request.kind,
+            message: request.message,
+            sessionId: extractSessionId(sessionUri),
+            toolName: request.toolName,
+            ...(request.command ? { command: request.command } : {}),
+            ...(request.cwd ? { cwd: request.cwd } : {}),
+        };
         await store.insertApproval({
             id: approvalId,
             session: sessionUri,
-            toolCallId,
-            toolName: buildToolName(options.request),
-            target: sessionUri,
-            action: buildActionUri(options.request),
-            risk: buildRisk(options.request),
+            toolCallId: request.toolCallId,
+            toolName: request.toolName,
+            target: targetUri,
+            action: request.action,
+            risk: request.risk,
             status: 'pending',
-            assignedTo: webId,
-            policyVersion: REMOTE_APPROVAL_POLICY_VERSION,
+            assignedTo,
+            policyVersion,
             createdAt: now,
         });
         await store.insertAudit({
             id: crypto.randomUUID(),
             action: 'approval_requested',
-            actor: buildAgentUri(webId),
+            actor: subject.actorUri,
             actorRole: 'secretary',
-            onBehalfOf: webId,
+            onBehalfOf,
             session: sessionUri,
-            toolCallId,
+            toolCallId: request.toolCallId,
             approval: approvalUri,
             context: JSON.stringify(requestContext),
-            policyVersion: REMOTE_APPROVAL_POLICY_VERSION,
+            policyVersion,
             createdAt: now,
         });
         await store.insertInboxNotification({
             id: crypto.randomUUID(),
-            actor: buildAgentUri(webId),
+            actor: subject.actorUri,
             object: approvalUri,
             createdAt: now,
         }).catch(() => undefined);
         return normalizeApprovalSummary({
             id: approvalId,
             session: sessionUri,
-            toolCallId,
-            toolName: buildToolName(options.request),
-            target: sessionUri,
-            action: buildActionUri(options.request),
-            risk: buildRisk(options.request),
+            toolCallId: request.toolCallId,
+            toolName: request.toolName,
+            target: targetUri,
+            action: request.action,
+            risk: request.risk,
             status: 'pending',
-            assignedTo: webId,
-            policyVersion: REMOTE_APPROVAL_POLICY_VERSION,
+            assignedTo,
+            policyVersion,
             createdAt: now,
         }, [{
                 id: crypto.randomUUID(),
                 action: 'approval_requested',
-                actor: buildAgentUri(webId),
+                actor: subject.actorUri,
                 actorRole: 'secretary',
-                onBehalfOf: webId,
+                onBehalfOf,
                 session: sessionUri,
-                toolCallId,
+                toolCallId: request.toolCallId,
                 approval: approvalUri,
                 context: JSON.stringify(requestContext),
-                policyVersion: REMOTE_APPROVAL_POLICY_VERSION,
+                policyVersion,
                 createdAt: now,
             }]);
     });
@@ -465,6 +705,38 @@ export async function requestRemoteWatchApproval(options) {
         runtime: activeRuntime,
     });
 }
+export async function requestRemoteApproval(options) {
+    const activeRuntime = options.runtime ?? await createDefaultRuntime();
+    const delegated = await withRemoteApprovalStore(activeRuntime, async ({ store, webId, stored }) => {
+        const subject = typeof options.subject === 'function'
+            ? options.subject({ webId, stored })
+            : options.subject;
+        const request = typeof options.request === 'function'
+            ? options.request({ webId, stored, sessionUri: subject.sessionUri })
+            : options.request;
+        const grants = await store.listGrants();
+        const requestTarget = subject.targetUri ?? subject.sessionUri;
+        return grants.some((grant) => (grant.effect === 'allow'
+            && grant.action === request.action
+            && grant.target === requestTarget
+            && riskScore(typeof grant.riskCeiling === 'string' ? grant.riskCeiling : undefined) >= riskScore(request.risk)
+            && !grant.revokedAt));
+    });
+    if (delegated) {
+        return 'accept_for_session';
+    }
+    const summary = await createRemoteApproval({
+        subject: options.subject,
+        request: options.request,
+        runtime: activeRuntime,
+    });
+    return waitForRemoteWatchApproval({
+        approvalId: summary.id,
+        pollMs: options.pollMs,
+        signal: options.signal,
+        runtime: activeRuntime,
+    });
+}
 export async function listRemoteWatchApprovals(options = {}) {
     const activeRuntime = options.runtime ?? await createDefaultRuntime();
     const requestedStatus = options.status ?? 'pending';
@@ -562,10 +834,12 @@ export async function resolveRemoteWatchApproval(options) {
 }
 export const __podApprovalInternal = {
     createAbortError,
+    createDefaultRuntime,
     buildActionUri,
     buildRequestAuditContext,
     buildRisk,
     buildToolName,
+    createNativeRemoteApprovalStore,
     extractToolCallId,
     decisionFromApprovalRow,
     encodeDecisionReason,