@vess-id/ai-identity 0.3.2 → 0.4.1-alpha.1

package/README.md

@@ -1,6 +1,6 @@
 # @vess-id/ai-identity
 
-TypeScript SDK for AI Identity Layer - Secure delegation system for AI agents accessing external services.
+TypeScript SDK for AI Identity Layer — secure delegation and permission management for AI agents using W3C Verifiable Credentials (VCs), Verifiable Presentations (VPs), and SD-JWT.
 
 ## Installation
 
@@ -18,114 +18,226 @@ import { AIdentityClient } from '@vess-id/ai-identity'
 // Initialize client
 const client = new AIdentityClient({
   proxyApi: {
-    baseUrl: 'http://localhost:3000', // Your Identity API endpoint
+    baseUrl: 'http://localhost:3000',
   },
 })
 
-// Create agent
+// Create agent with its own did:jwk identity
 const agent = await client.setup()
 
-// Issue permission VC
-const vc = await client.issueToolPermission('slack', 'postMessage', {
+// Issue a tool permission VC
+const vc = await client.issueToolPermission('slack', 'message.post', {
   subjectDid: agent.did,
   resourceScope: { channel: 'C123456' },
   expiresIn: '1h',
 })
 
-// Use the permission
+// Invoke tool with VC authorization
 const result = await client.invokeTool(
   'slack',
-  'postMessage',
-  {
-    channel: 'C123456',
-    text: 'Hello from AI Agent!',
-  },
+  'message.post',
+  { channel: 'C123456', text: 'Hello from AI Agent!' },
   [vc]
 )
 ```
 
-## Core Concepts
+## Architecture
 
-### Agents
+```
+User (Issuer)                Agent (Subject)              Service
+    │                            │                           │
+    ├─── issue VC ──────────────►│                           │
+    │    (permission grant)      │                           │
+    │                            ├─── present VP ───────────►│
+    │                            │    (prove permission)     │
+    │                            │◄──── response ────────────┤
+```
 
-Agents are autonomous entities with their own DID (Decentralized Identifier). Each agent has:
+- **Users** issue Verifiable Credentials to delegate permissions to agents
+- **Agents** create Verifiable Presentations to prove their permissions
+- **Services** verify VPs before executing operations
 
-- A unique `did:jwk` identifier
-- Public/private key pair for signing
-- Local encrypted key storage
+## Core Modules
 
-### Verifiable Credentials (VCs)
+### AIdentityClient
 
-VCs represent permissions or capabilities:
+The main orchestrator that provides access to all managers:
 
-- **ToolPermissionVC**: Permission to use a specific tool/action
-- **DataAccessVC**: Permission to access data resources
+```typescript
+const client = new AIdentityClient(config?, password?)
+
+client.agent   // AgentManager — agent creation, export/import, lifecycle
+client.user    // UserIdentityManager — user DID management
+client.vc      // VCManager — VC issuance (SD-JWT)
+client.vp      // VPManager — VP creation and verification
+client.tool    // ToolManager — tool invocation with VP authorization
+client.memory  // MemoryManager — vector-backed memory storage
+client.grant   // GrantManager — grant suggestion and confirmation
+```
 
-### Verifiable Presentations (VPs)
+### Agent Management
 
-VPs are signed presentations of VCs that agents use to prove their permissions when accessing services.
+```typescript
+// Create agent with did:jwk identity
+const agent = await client.setup()
 
-## API Reference
+// List agents
+const agents = await client.agent.list()
 
-### AIdentityClient
+// Export/import agent (including private key)
+const backup = await client.agent.export(agent.did)
+await client.agent.import(backup.agent, backup.privateKey)
+```
+
+Agent types: `autonomous`, `sub_agent`, `tool_agent`, `assistant`, `proxy`
+
+### Verifiable Credentials
+
+Issue SD-JWT VCs with selective disclosure:
+
+```typescript
+// Tool permission
+const vc = await client.issueToolPermission('github', 'issue.create', {
+  subjectDid: agent.did,
+  expiresIn: '24h',
+})
+
+// Data access
+const vc = await client.issueDataAccess('slack:channel', ['read'], {
+  subjectDid: agent.did,
+})
+```
+
+VC types: `ToolAccessCredential`, `ProjectAccessCredential`, `DeveloperCredential`, `TemporaryCredential`, `AdminCredential`, `ReceiptCredential`
+
+### Verifiable Presentations
+
+```typescript
+// Create VP (with holder binding via KB-JWT)
+const vp = await client.vp.create([vc1, vc2], {
+  holderDid: agent.did,
+  challenge: 'nonce-123',
+  domain: 'api.example.com',
+})
+
+// Verify VP
+const result = await client.vp.verify(vp, {
+  expectedChallenge: 'nonce-123',
+  expectedDomain: 'api.example.com',
+})
+```
 
-#### Constructor
+### Tool Invocation
 
 ```typescript
-new AIdentityClient(config?: AIdentityConfig, password?: string)
+const result = await client.invokeTool<SlackResponse>(
+  'slack',
+  'message.post',
+  { channel: 'C123456', text: 'Hello!' },
+  [vc]
+)
 ```
 
-#### Methods
+### Memory
 
-##### `setup(did?: string): Promise<Agent>`
+Vector-backed memory with VC authorization:
 
-Create or load an agent.
+```typescript
+await client.writeMemory('Meeting notes: ...', 'project-alpha', [vc], {
+  type: 'meeting-notes',
+})
 
-##### `issueToolPermission(tool, action, options): Promise<string>`
+const results = await client.queryMemory('latest meeting decisions', [vc], {
+  namespace: 'project-alpha',
+  limit: 10,
+})
+```
 
-Issue a VC for tool permission.
+## Action Registry
 
-##### `issueDataAccess(resource, actions, options): Promise<string>`
+All supported actions are defined in `ACTION_REGISTRY` using `provider.resource.operation` format:
 
-Issue a VC for data access.
+| Provider | Actions |
+|----------|---------|
+| **Slack** | `message.post`, `message.read`, `message.update`, `message.delete`, `channel.read`, `user.read`, `batch.read` |
+| **GitHub** | `issue.create`, `issue.list`, `issue.read`, `issue.update` |
+| **Gmail** | `message.search`, `message.read`, `message.send`, `label.read`, `batch.read` |
+| **Calendar** | Calendar operations |
+| **JIRA** | Issue management |
+| **OS** | Local operations |
 
-##### `invokeTool<T>(tool, action, params, vcs): Promise<ConnectorResponse<T>>`
+Each action defines: risk level, required relations, required scopes, input schema, constraints, and effects.
 
-Invoke a tool with VC authorization.
+```typescript
+import { ACTION_REGISTRY, indexActions } from '@vess-id/ai-identity'
 
-##### `writeMemory(content, namespace, vcs, metadata?)`
+const actions = indexActions(ACTION_REGISTRY)
+const slackPost = actions.get('slack.message.post')
+// { risk: 'high', required_relations: ['editor', 'admin', ...], ... }
+```
 
-Write to memory with VC authorization.
+## Permission Constraints
 
-##### `queryMemory(query, vcs, options?)`
+Fine-grained access control on VCs:
 
-Query memory with VC authorization.
+```typescript
+interface PermissionConstraints {
+  time?: {
+    not_before?: number        // Unix timestamp
+    not_after?: number
+    recurring_start?: string   // "09:00"
+    recurring_end?: string     // "17:00"
+    days_of_week?: number[]    // [1,2,3,4,5] (Mon-Fri)
+    timezone?: string
+  }
+  max_invocations?: number
+  rate_limit_per_min?: number
+}
+```
 
-### Supported Tools
+The `ConstraintEvaluator` checks: expiration, invocation limits, time windows, IP allowlists, and risk thresholds.
 
-#### Slack
+## Registry Utilities
 
-- `postMessage`: Post messages to channels
-- `getChannels`: List available channels
-- `getUserInfo`: Get user information
+```typescript
+import {
+  // Action normalization (MCP interop)
+  normalizeMcpActionName,
+  getAllValidMcpActionNames,
+
+  // Action aliases
+  canonicalizeAction,
+  isActionEquivalent,
+
+  // Providers
+  resolveProvider,
+  CANONICAL_PROVIDERS,  // 'slack' | 'github' | 'gmail' | 'calendar' | 'jira' | 'os'
+
+  // Access orchestration (ABAC/ReBAC)
+  resolveActionsFromSelection,
+  planDelegationForVC,
+  checkPermissionWithVP,
+} from '@vess-id/ai-identity'
+```
 
-#### GitHub
+## Gateway Client
 
-- `createIssue`: Create repository issues
-- `listIssues`: List repository issues
-- `getRepo`: Get repository information
+Event-based communication for CLI and daemon:
 
-#### Gmail
+```typescript
+import { GatewayClient } from '@vess-id/ai-identity'
 
-- `readMail`: Read email messages
-- `listMails`: List email messages
-- `getLabels`: Get available labels
+const gateway = new GatewayClient({ baseUrl: 'https://app.vesslabs.ai' })
 
-#### Google Drive
+// Long-poll for events
+const { events, cursor } = await gateway.getEvents({
+  cursor: lastCursor,
+  waitSeconds: 30,
+})
 
-- `readFile`: Read file content
-- `listFiles`: List files in folder
-- `getFolders`: List folders
+// Acknowledge processed event
+await gateway.ackEvent(event.id)
+```
 
 ## Configuration
 
@@ -150,24 +262,19 @@ interface AIdentityConfig {
     baseUrl: string
   }
   storage?: {
-    keyStorePath?: string // Default: ~/.vess/keys
+    keyStorePath?: string  // Default: ~/.vess-aidentity/keys
   }
 }
 ```
 
-## Examples
-
-See the `examples/` directory for complete usage examples:
-
-- `basic-usage.ts`: Basic SDK usage
-- `github-integration.ts`: GitHub integration example
-
 ## Security
 
-- Private keys are stored locally and encrypted with optional password
-- VCs have configurable expiration times
+- Agents use `did:jwk` identifiers with EC P-256 key pairs
+- Private keys are stored locally with optional password encryption
+- VCs use SD-JWT format with selective disclosure
 - VPs include nonce and domain binding to prevent replay attacks
-- All tool invocations require proper VC authorization
+- All tool invocations require valid VP authorization
+- Constraint evaluation enforces time windows, invocation limits, IP allowlists, and risk thresholds
 
 ## License
 

package/dist/client.d.ts

@@ -5,9 +5,8 @@ import { VCManager } from './vc/vc-manager';
 import { VPManager } from './vp/vp-manager';
 import { ToolManager } from './tool/tool-manager';
 import { MemoryManager } from './memory/memory-manager';
-import { OrganizationManager } from './organization/organization-manager';
 import { GrantManager } from './grant/grant-manager';
-import { Agent, ConnectorResponse } from '@vess-id/ai-identity-types';
+import { Agent, ConnectorResponse } from './types';
 export declare class AIdentityClient {
     readonly agent: AgentManager;
     readonly user: UserIdentityManager;
@@ -15,7 +14,6 @@ export declare class AIdentityClient {
     readonly vp: VPManager;
     readonly tool: ToolManager;
     readonly memory: MemoryManager;
-    readonly organization: OrganizationManager;
     readonly grant: GrantManager;
     private keyManager;
     private currentAgent?;
@@ -75,6 +73,5 @@ export declare class AIdentityClient {
     }): Promise<import("./memory/memory-manager").MemoryQueryResult>;
 }
 export declare function getClient(config?: AIdentityConfig, password?: string): AIdentityClient;
-export * from '@vess-id/ai-identity-types';
 export { configure, AIdentityConfig } from './config';
 //# sourceMappingURL=client.d.ts.map

package/dist/client.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAa,MAAM,UAAU,CAAA;AACrD,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAE1C,OAAO,EAAE,mBAAmB,EAAE,MAAM,kCAAkC,CAAA;AACtE,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAA;AAC3C,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAA;AAC3C,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAA;AACjD,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAA;AACvD,OAAO,EAAE,mBAAmB,EAAE,MAAM,qCAAqC,CAAA;AACzE,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAA;AACpD,OAAO,EACL,KAAK,EACL,iBAAiB,EAClB,MAAM,4BAA4B,CAAA;AAEnC,qBAAa,eAAe;IAC1B,SAAgB,KAAK,EAAE,YAAY,CAAA;IACnC,SAAgB,IAAI,EAAE,mBAAmB,CAAA;IACzC,SAAgB,EAAE,EAAE,SAAS,CAAA;IAC7B,SAAgB,EAAE,EAAE,SAAS,CAAA;IAC7B,SAAgB,IAAI,EAAE,WAAW,CAAA;IACjC,SAAgB,MAAM,EAAE,aAAa,CAAA;IACrC,SAAgB,YAAY,EAAE,mBAAmB,CAAA;IACjD,SAAgB,KAAK,EAAE,YAAY,CAAA;IAEnC,OAAO,CAAC,UAAU,CAAY;IAC9B,OAAO,CAAC,YAAY,CAAC,CAAO;gBAEhB,MAAM,CAAC,EAAE,eAAe,EAAE,QAAQ,CAAC,EAAE,MAAM;IAmBvD;;OAEG;IACG,KAAK,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC;IAWzC;;OAEG;IACH,eAAe,IAAI,KAAK,GAAG,SAAS;IAIpC;;OAEG;IACG,iBAAiB,IAAI,OAAO,CAAC,MAAM,CAAC;IAI1C;;OAEG;IACG,iBAAiB,IAAI,OAAO,CAAC,MAAM,CAAC;IAI1C;;;OAGG;IACG,mBAAmB,CACvB,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,EACd,OAAO,EAAE;QACP,UAAU,CAAC,EAAE,MAAM,CAAA;QACnB,OAAO,CAAC,EAAE,MAAM,CAAA;QAChB,SAAS,CAAC,EAAE,MAAM,CAAA;QAClB,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;QACnC,SAAS,CAAC,EAAE,MAAM,CAAA;KACnB,GACA,OAAO,CAAC,MAAM,CAAC;IAiBlB;;;OAGG;IACG,eAAe,CACnB,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,CAAC,MAAM,GAAG,OAAO,GAAG,QAAQ,CAAC,EAAE,EACxC,OAAO,EAAE;QACP,UAAU,CAAC,EAAE,MAAM,CAAA;QACnB,OAAO,CAAC,EAAE,MAAM,CAAA;QAChB,SAAS,CAAC,EAAE,MAAM,CAAA;QAClB,SAAS,CAAC,EAAE,MAAM,CAAA;KACnB,GACA,OAAO,CAAC,MAAM,CAAC;IAgBlB;;OAEG;IACG,UAAU,CAAC,CAAC,GAAG,GAAG,EACtB,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAC3B,GAAG,EAAE,MAAM,EAAE,GACZ,OAAO,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC;IAYhC;;OAEG;IACG,WAAW,CACf,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,GAAG,EAAE,MAAM,EAAE,EACb,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC;IAehC;;OAEG;IACG,WAAW,CACf,KAAK,EAAE,MAAM,EACb,GAAG,EAAE,MAAM,EAAE,EACb,OAAO,CAAC,EAAE;QACR,SAAS,CAAC,EAAE,MAAM,CAAA;QAClB,KAAK,CAAC,EAAE,MAAM,CAAA;QACd,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;KAC7B;CAaJ;AAKD,wBAAgB,SAAS,CAAC,MAAM,CAAC,EAAE,eAAe,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,eAAe,CAKtF;AAGD,cAAc,4BAA4B,CAAA;AAC1C,OAAO,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,UAAU,CAAA"}
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAa,MAAM,UAAU,CAAA;AACrD,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAE1C,OAAO,EAAE,mBAAmB,EAAE,MAAM,kCAAkC,CAAA;AACtE,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAA;AAC3C,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAA;AAC3C,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAA;AACjD,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAA;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAA;AACpD,OAAO,EAAE,KAAK,EAAE,iBAAiB,EAAE,MAAM,SAAS,CAAA;AAElD,qBAAa,eAAe;IAC1B,SAAgB,KAAK,EAAE,YAAY,CAAA;IACnC,SAAgB,IAAI,EAAE,mBAAmB,CAAA;IACzC,SAAgB,EAAE,EAAE,SAAS,CAAA;IAC7B,SAAgB,EAAE,EAAE,SAAS,CAAA;IAC7B,SAAgB,IAAI,EAAE,WAAW,CAAA;IACjC,SAAgB,MAAM,EAAE,aAAa,CAAA;IACrC,SAAgB,KAAK,EAAE,YAAY,CAAA;IAEnC,OAAO,CAAC,UAAU,CAAY;IAC9B,OAAO,CAAC,YAAY,CAAC,CAAO;gBAEhB,MAAM,CAAC,EAAE,eAAe,EAAE,QAAQ,CAAC,EAAE,MAAM;IAkBvD;;OAEG;IACG,KAAK,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC;IAWzC;;OAEG;IACH,eAAe,IAAI,KAAK,GAAG,SAAS;IAIpC;;OAEG;IACG,iBAAiB,IAAI,OAAO,CAAC,MAAM,CAAC;IAI1C;;OAEG;IACG,iBAAiB,IAAI,OAAO,CAAC,MAAM,CAAC;IAI1C;;;OAGG;IACG,mBAAmB,CACvB,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,EACd,OAAO,EAAE;QACP,UAAU,CAAC,EAAE,MAAM,CAAA;QACnB,OAAO,CAAC,EAAE,MAAM,CAAA;QAChB,SAAS,CAAC,EAAE,MAAM,CAAA;QAClB,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;QACnC,SAAS,CAAC,EAAE,MAAM,CAAA;KACnB,GACA,OAAO,CAAC,MAAM,CAAC;IAiBlB;;;OAGG;IACG,eAAe,CACnB,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,CAAC,MAAM,GAAG,OAAO,GAAG,QAAQ,CAAC,EAAE,EACxC,OAAO,EAAE;QACP,UAAU,CAAC,EAAE,MAAM,CAAA;QACnB,OAAO,CAAC,EAAE,MAAM,CAAA;QAChB,SAAS,CAAC,EAAE,MAAM,CAAA;QAClB,SAAS,CAAC,EAAE,MAAM,CAAA;KACnB,GACA,OAAO,CAAC,MAAM,CAAC;IAgBlB;;OAEG;IACG,UAAU,CAAC,CAAC,GAAG,GAAG,EACtB,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAC3B,GAAG,EAAE,MAAM,EAAE,GACZ,OAAO,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC;IAYhC;;OAEG;IACG,WAAW,CACf,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,GAAG,EAAE,MAAM,EAAE,EACb,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC;IAehC;;OAEG;IACG,WAAW,CACf,KAAK,EAAE,MAAM,EACb,GAAG,EAAE,MAAM,EAAE,EACb,OAAO,CAAC,EAAE;QACR,SAAS,CAAC,EAAE,MAAM,CAAA;QAClB,KAAK,CAAC,EAAE,MAAM,CAAA;QACd,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;KAC7B;CAaJ;AAKD,wBAAgB,SAAS,CAAC,MAAM,CAAC,EAAE,eAAe,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,eAAe,CAKtF;AAED,OAAO,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,UAAU,CAAA"}

package/dist/constraint/__tests__/fixtures/constraint.fixtures.d.ts

@@ -1,4 +1,4 @@
-import { GrantConstraints, TimeWindowConstraint, EvaluationContext } from '@vess-id/ai-identity-types';
+import { GrantConstraints, TimeWindowConstraint, EvaluationContext } from '../../../types';
 export declare const mockExecutorDid = "did:key:z6MkiY62766b1LJkExWMsM3QG4WtX23zJpRgVLwZBKQhyt6d";
 /**
  * Create mock time window constraint

package/dist/constraint/__tests__/fixtures/constraint.fixtures.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"constraint.fixtures.d.ts","sourceRoot":"","sources":["../../../../src/constraint/__tests__/fixtures/constraint.fixtures.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,gBAAgB,EAChB,oBAAoB,EACpB,iBAAiB,EAClB,MAAM,4BAA4B,CAAA;AAGnC,eAAO,MAAM,eAAe,6DAA6D,CAAA;AAEzF;;GAEG;AACH,eAAO,MAAM,oBAAoB,GAAI,YAAW,OAAO,CAAC,oBAAoB,CAAM,KAAG,oBAMnF,CAAA;AAEF;;GAEG;AACH,eAAO,MAAM,qBAAqB,GAAI,YAAW,OAAO,CAAC,gBAAgB,CAAM,KAAG,gBAOhF,CAAA;AAEF;;GAEG;AACH,eAAO,MAAM,iBAAiB,GAAI,YAAW,OAAO,CAAC,iBAAiB,CAAM,KAAG,iBAc7E,CAAA;AAEF;;GAEG;AACH,eAAO,MAAM,wBAAwB,QAAO,gBAW1C,CAAA;AAEF;;GAEG;AACH,eAAO,MAAM,kCAAkC,QAAO,gBAOpD,CAAA;AAEF;;GAEG;AACH,eAAO,MAAM,0BAA0B,QAAO,gBAE5C,CAAA;AAEF;;GAEG;AACH,eAAO,MAAM,6BAA6B,QAAO,gBAE/C,CAAA;AAEF;;GAEG;AACH,eAAO,MAAM,yBAAyB,QAAO,oBAK3C,CAAA;AAEF;;GAEG;AACH,eAAO,MAAM,OAAO;;;;;;;CAOnB,CAAA;AAED;;GAEG;AACH,eAAO,MAAM,oBAAoB;;;;;;CAchC,CAAA"}
+{"version":3,"file":"constraint.fixtures.d.ts","sourceRoot":"","sources":["../../../../src/constraint/__tests__/fixtures/constraint.fixtures.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,gBAAgB,EAChB,oBAAoB,EACpB,iBAAiB,EAClB,MAAM,gBAAgB,CAAA;AAGvB,eAAO,MAAM,eAAe,6DAA6D,CAAA;AAEzF;;GAEG;AACH,eAAO,MAAM,oBAAoB,GAAI,YAAW,OAAO,CAAC,oBAAoB,CAAM,KAAG,oBAMnF,CAAA;AAEF;;GAEG;AACH,eAAO,MAAM,qBAAqB,GAAI,YAAW,OAAO,CAAC,gBAAgB,CAAM,KAAG,gBAOhF,CAAA;AAEF;;GAEG;AACH,eAAO,MAAM,iBAAiB,GAAI,YAAW,OAAO,CAAC,iBAAiB,CAAM,KAAG,iBAc7E,CAAA;AAEF;;GAEG;AACH,eAAO,MAAM,wBAAwB,QAAO,gBAW1C,CAAA;AAEF;;GAEG;AACH,eAAO,MAAM,kCAAkC,QAAO,gBAOpD,CAAA;AAEF;;GAEG;AACH,eAAO,MAAM,0BAA0B,QAAO,gBAE5C,CAAA;AAEF;;GAEG;AACH,eAAO,MAAM,6BAA6B,QAAO,gBAE/C,CAAA;AAEF;;GAEG;AACH,eAAO,MAAM,yBAAyB,QAAO,oBAK3C,CAAA;AAEF;;GAEG;AACH,eAAO,MAAM,OAAO;;;;;;;CAOnB,CAAA;AAED;;GAEG;AACH,eAAO,MAAM,oBAAoB;;;;;;CAchC,CAAA"}

package/dist/constraint/constraint-evaluator.d.ts

@@ -2,7 +2,7 @@
  * ConstraintEvaluator
  * Grant制約の評価ロジック
  */
-import { GrantConstraints, TimeWindowConstraint, EvaluationContext, ConstraintEvaluationResult, ConstraintViolation, ConstraintWarning } from '@vess-id/ai-identity-types';
+import { GrantConstraints, TimeWindowConstraint, EvaluationContext, ConstraintEvaluationResult, ConstraintViolation, ConstraintWarning, PermissionConstraints, PermissionTimeConstraint } from '../types';
 export interface ConstraintEvaluatorOptions {
     /** 警告を発する残り実行回数の閾値 */
     invocationWarningThreshold?: number;
@@ -54,11 +54,42 @@ export declare class ConstraintEvaluator {
         violation?: ConstraintViolation;
         warning?: ConstraintWarning;
     };
+    /**
+     * Evaluate PermissionConstraints from a PermissionRule.
+     *
+     * This is the VC-level constraint evaluator that works with the
+     * normalized PermissionConstraints format (as opposed to GrantConstraints).
+     *
+     * Used by the PolicyEvaluator after rule matching to verify
+     * rule-level constraints are satisfied.
+     */
+    evaluatePermissionConstraints(constraints: PermissionConstraints, context: {
+        now: number;
+        ipAddress?: string;
+        riskScore?: number;
+        invocationCount?: number;
+    }): {
+        allowed: boolean;
+        violations: ConstraintViolation[];
+        warnings: ConstraintWarning[];
+    };
+    /**
+     * Check PermissionTimeConstraint (supports both absolute and recurring)
+     */
+    checkPermissionTimeConstraint(time: PermissionTimeConstraint, currentTime: Date): {
+        violation?: ConstraintViolation;
+        warning?: ConstraintWarning;
+    };
     private getDayOfWeekInTimezone;
     private getTimeInTimezone;
     private getDayName;
     private timeToMinutes;
-    private isIpInCidr;
+    /**
+     * Check if an IP address is within a CIDR range or matches exactly.
+     * Uses unsigned 32-bit arithmetic to avoid sign-bit issues.
+     * Public for reuse by other services (e.g., LocalPolicyEvaluatorService).
+     */
+    isIpInCidr(ip: string, cidr: string): boolean;
     private ipToNumber;
 }
 /**

package/dist/constraint/constraint-evaluator.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"constraint-evaluator.d.ts","sourceRoot":"","sources":["../../src/constraint/constraint-evaluator.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EACL,gBAAgB,EAChB,oBAAoB,EACpB,iBAAiB,EACjB,0BAA0B,EAC1B,mBAAmB,EACnB,iBAAiB,EAClB,MAAM,4BAA4B,CAAA;AAEnC,MAAM,WAAW,0BAA0B;IACzC,sBAAsB;IACtB,0BAA0B,CAAC,EAAE,MAAM,CAAA;IACnC,2CAA2C;IAC3C,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB,kBAAkB;IAClB,eAAe,CAAC,EAAE,MAAM,CAAA;CACzB;AAQD;;GAEG;AACH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,OAAO,CAA4B;gBAE/B,OAAO,CAAC,EAAE,OAAO,CAAC,0BAA0B,CAAC;IAIzD;;OAEG;IACH,QAAQ,CACN,WAAW,EAAE,gBAAgB,EAC7B,OAAO,EAAE,iBAAiB,EAC1B,kBAAkB,EAAE,MAAM,EAC1B,SAAS,CAAC,EAAE,IAAI,GACf,0BAA0B;IAgE7B;;OAEG;IACH,eAAe,CACb,cAAc,CAAC,EAAE,IAAI,EACrB,mBAAmB,CAAC,EAAE,MAAM,GAC3B;QAAE,SAAS,CAAC,EAAE,mBAAmB,CAAA;KAAE;IA4BtC;;OAEG;IACH,oBAAoB,CAClB,cAAc,CAAC,EAAE,MAAM,EACvB,kBAAkB,CAAC,EAAE,MAAM,GAC1B;QAAE,SAAS,CAAC,EAAE,mBAAmB,CAAC;QAAC,OAAO,CAAC,EAAE,iBAAiB,CAAA;KAAE;IA8BnE;;OAEG;IACH,eAAe,CACb,UAAU,EAAE,oBAAoB,EAChC,WAAW,EAAE,IAAI,GAChB;QAAE,SAAS,CAAC,EAAE,mBAAmB,CAAC;QAAC,OAAO,CAAC,EAAE,iBAAiB,CAAA;KAAE;IAoEnE;;OAEG;IACH,gBAAgB,CACd,SAAS,EAAE,MAAM,EAAE,EACnB,SAAS,EAAE,MAAM,GAChB;QAAE,SAAS,CAAC,EAAE,mBAAmB,CAAA;KAAE;IA6BtC;;OAEG;IACH,kBAAkB,CAChB,SAAS,EAAE,MAAM,EACjB,YAAY,EAAE,MAAM,GACnB;QAAE,SAAS,CAAC,EAAE,mBAAmB,CAAC;QAAC,OAAO,CAAC,EAAE,iBAAiB,CAAA;KAAE;IA6BnE,OAAO,CAAC,sBAAsB;IAW9B,OAAO,CAAC,iBAAiB;IAczB,OAAO,CAAC,UAAU;IAKlB,OAAO,CAAC,aAAa;IAKrB,OAAO,CAAC,UAAU;IAelB,OAAO,CAAC,UAAU;CAInB;AAED;;GAEG;AACH,eAAO,MAAM,0BAA0B,qBAA4B,CAAA;AAEnE;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,WAAW,EAAE,gBAAgB,EAC7B,OAAO,EAAE,iBAAiB,EAC1B,kBAAkB,EAAE,MAAM,EAC1B,SAAS,CAAC,EAAE,IAAI,GACf,0BAA0B,CAE5B"}
+{"version":3,"file":"constraint-evaluator.d.ts","sourceRoot":"","sources":["../../src/constraint/constraint-evaluator.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EACL,gBAAgB,EAChB,oBAAoB,EACpB,iBAAiB,EACjB,0BAA0B,EAC1B,mBAAmB,EACnB,iBAAiB,EACjB,qBAAqB,EACrB,wBAAwB,EACzB,MAAM,UAAU,CAAA;AAEjB,MAAM,WAAW,0BAA0B;IACzC,sBAAsB;IACtB,0BAA0B,CAAC,EAAE,MAAM,CAAA;IACnC,2CAA2C;IAC3C,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB,kBAAkB;IAClB,eAAe,CAAC,EAAE,MAAM,CAAA;CACzB;AAQD;;GAEG;AACH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,OAAO,CAA4B;gBAE/B,OAAO,CAAC,EAAE,OAAO,CAAC,0BAA0B,CAAC;IAIzD;;OAEG;IACH,QAAQ,CACN,WAAW,EAAE,gBAAgB,EAC7B,OAAO,EAAE,iBAAiB,EAC1B,kBAAkB,EAAE,MAAM,EAC1B,SAAS,CAAC,EAAE,IAAI,GACf,0BAA0B;IAgE7B;;OAEG;IACH,eAAe,CACb,cAAc,CAAC,EAAE,IAAI,EACrB,mBAAmB,CAAC,EAAE,MAAM,GAC3B;QAAE,SAAS,CAAC,EAAE,mBAAmB,CAAA;KAAE;IA4BtC;;OAEG;IACH,oBAAoB,CAClB,cAAc,CAAC,EAAE,MAAM,EACvB,kBAAkB,CAAC,EAAE,MAAM,GAC1B;QAAE,SAAS,CAAC,EAAE,mBAAmB,CAAC;QAAC,OAAO,CAAC,EAAE,iBAAiB,CAAA;KAAE;IA8BnE;;OAEG;IACH,eAAe,CACb,UAAU,EAAE,oBAAoB,EAChC,WAAW,EAAE,IAAI,GAChB;QAAE,SAAS,CAAC,EAAE,mBAAmB,CAAC;QAAC,OAAO,CAAC,EAAE,iBAAiB,CAAA;KAAE;IAoEnE;;OAEG;IACH,gBAAgB,CACd,SAAS,EAAE,MAAM,EAAE,EACnB,SAAS,EAAE,MAAM,GAChB;QAAE,SAAS,CAAC,EAAE,mBAAmB,CAAA;KAAE;IA6BtC;;OAEG;IACH,kBAAkB,CAChB,SAAS,EAAE,MAAM,EACjB,YAAY,EAAE,MAAM,GACnB;QAAE,SAAS,CAAC,EAAE,mBAAmB,CAAC;QAAC,OAAO,CAAC,EAAE,iBAAiB,CAAA;KAAE;IA6BnE;;;;;;;;OAQG;IACH,6BAA6B,CAC3B,WAAW,EAAE,qBAAqB,EAClC,OAAO,EAAE;QACP,GAAG,EAAE,MAAM,CAAA;QACX,SAAS,CAAC,EAAE,MAAM,CAAA;QAClB,SAAS,CAAC,EAAE,MAAM,CAAA;QAClB,eAAe,CAAC,EAAE,MAAM,CAAA;KACzB,GACA;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,UAAU,EAAE,mBAAmB,EAAE,CAAC;QAAC,QAAQ,EAAE,iBAAiB,EAAE,CAAA;KAAE;IA4CzF;;OAEG;IACH,6BAA6B,CAC3B,IAAI,EAAE,wBAAwB,EAC9B,WAAW,EAAE,IAAI,GAChB;QAAE,SAAS,CAAC,EAAE,mBAAmB,CAAC;QAAC,OAAO,CAAC,EAAE,iBAAiB,CAAA;KAAE;IAsDnE,OAAO,CAAC,sBAAsB;IAW9B,OAAO,CAAC,iBAAiB;IAczB,OAAO,CAAC,UAAU;IAKlB,OAAO,CAAC,aAAa;IAKrB;;;;OAIG;IACH,UAAU,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO;IAoB7C,OAAO,CAAC,UAAU;CAWnB;AAED;;GAEG;AACH,eAAO,MAAM,0BAA0B,qBAA4B,CAAA;AAEnE;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,WAAW,EAAE,gBAAgB,EAC7B,OAAO,EAAE,iBAAiB,EAC1B,kBAAkB,EAAE,MAAM,EAC1B,SAAS,CAAC,EAAE,IAAI,GACf,0BAA0B,CAE5B"}

package/dist/did/agent.d.ts

@@ -1,4 +1,4 @@
-import { Agent, DIDDocument } from '@vess-id/ai-identity-types';
+import { Agent, DIDDocument } from '../types';
 import { KeyManager } from './key-manager';
 export declare class AgentManager {
     private keyManager;

package/dist/did/agent.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"agent.d.ts","sourceRoot":"","sources":["../../src/did/agent.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAA;AAE/D,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAA;AAI1C,qBAAa,YAAY;IACvB,OAAO,CAAC,UAAU,CAAY;IAC9B,OAAO,CAAC,eAAe,CAAiB;gBAE5B,UAAU,CAAC,EAAE,UAAU;IAKnC;;OAEG;IACG,MAAM,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,OAAO,CAAC,KAAK,GAAG;QAAE,EAAE,EAAE,MAAM,CAAA;KAAE,CAAC;IA8B7E;;OAEG;IACG,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAInD;;OAEG;IACG,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,KAAK,GAAG;QAAE,EAAE,EAAE,MAAM,CAAA;KAAE,CAAC;IAYhE;;OAEG;IACG,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIjD;;OAEG;IACG,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAuBhD;;OAEG;IACG,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,KAAK,EAAE,KAAK,CAAC;QAAC,UAAU,EAAE,GAAG,CAAA;KAAE,CAAC;IAiBrE;;OAEG;IACG,MAAM,CAAC,KAAK,EAAE,KAAK,EAAE,UAAU,EAAE,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC;IAI1D;;OAEG;IACG,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,KAAK,GAAG;QAAE,EAAE,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAqBlD,OAAO,CAAC,iBAAiB;IAqB3B,OAAO,CAAC,oBAAoB;YAQd,WAAW;CAK1B"}
+{"version":3,"file":"agent.d.ts","sourceRoot":"","sources":["../../src/did/agent.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,MAAM,UAAU,CAAA;AAE7C,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAA;AAI1C,qBAAa,YAAY;IACvB,OAAO,CAAC,UAAU,CAAY;IAC9B,OAAO,CAAC,eAAe,CAAiB;gBAE5B,UAAU,CAAC,EAAE,UAAU;IAKnC;;OAEG;IACG,MAAM,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,OAAO,CAAC,KAAK,GAAG;QAAE,EAAE,EAAE,MAAM,CAAA;KAAE,CAAC;IA8B7E;;OAEG;IACG,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAInD;;OAEG;IACG,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,KAAK,GAAG;QAAE,EAAE,EAAE,MAAM,CAAA;KAAE,CAAC;IAYhE;;OAEG;IACG,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIjD;;OAEG;IACG,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAuBhD;;OAEG;IACG,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,KAAK,EAAE,KAAK,CAAC;QAAC,UAAU,EAAE,GAAG,CAAA;KAAE,CAAC;IAiBrE;;OAEG;IACG,MAAM,CAAC,KAAK,EAAE,KAAK,EAAE,UAAU,EAAE,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC;IAI1D;;OAEG;IACG,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,KAAK,GAAG;QAAE,EAAE,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAqBlD,OAAO,CAAC,iBAAiB;IAqB3B,OAAO,CAAC,oBAAoB;YAQd,WAAW;CAK1B"}

package/dist/grant/grant-manager.d.ts

@@ -1,5 +1,5 @@
 import { VPManager } from '../vp/vp-manager';
-import { Grant, GrantStatus, CreateGrantRequest, UpdateGrantRequest, CheckGrantPermissionRequest, CheckGrantPermissionResult } from '@vess-id/ai-identity-types';
+import { Grant, GrantStatus, CreateGrantRequest, UpdateGrantRequest, CheckGrantPermissionRequest, CheckGrantPermissionResult } from '../types';
 /**
  * Grant提案レスポンス
  */

package/dist/grant/grant-manager.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"grant-manager.d.ts","sourceRoot":"","sources":["../../src/grant/grant-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAA;AAE5C,OAAO,EACL,KAAK,EACL,WAAW,EACX,kBAAkB,EAClB,kBAAkB,EAClB,2BAA2B,EAC3B,0BAA0B,EAC3B,MAAM,4BAA4B,CAAA;AAEnC;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAA;IACV,YAAY,EAAE,MAAM,CAAA;IACpB,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,SAAS,EAAE,MAAM,CAAA;IACjB,QAAQ,EAAE,MAAM,CAAA;IAChB,gBAAgB,EAAE,MAAM,EAAE,CAAA;IAC1B,kBAAkB,EAAE,KAAK,CAAC;QACxB,IAAI,EAAE,MAAM,CAAA;QACZ,EAAE,CAAC,EAAE,MAAM,CAAA;QACX,OAAO,CAAC,EAAE,MAAM,CAAA;QAChB,IAAI,CAAC,EAAE,MAAM,CAAA;KACd,CAAC,CAAA;IACF,QAAQ,EAAE;QACR,YAAY,EAAE,GAAG,CAAA;QACjB,MAAM,EAAE,MAAM,EAAE,CAAA;KACjB,CAAA;IACD,SAAS,EAAE,MAAM,CAAA;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,YAAY,EAAE,MAAM,CAAA;IACpB,eAAe,EAAE,MAAM,EAAE,CAAA;IACzB,iBAAiB,EAAE,KAAK,CAAC;QACvB,IAAI,EAAE,MAAM,CAAA;QACZ,EAAE,CAAC,EAAE,MAAM,CAAA;QACX,OAAO,CAAC,EAAE,MAAM,CAAA;QAChB,IAAI,CAAC,EAAE,MAAM,CAAA;QACb,QAAQ,EAAE,OAAO,CAAA;KAClB,CAAC,CAAA;IACF,WAAW,EAAE;QACX,cAAc,CAAC,EAAE,MAAM,CAAA;QACvB,SAAS,CAAC,EAAE,MAAM,CAAA;QAClB,UAAU,CAAC,EAAE;YACX,KAAK,EAAE,MAAM,CAAA;YACb,GAAG,EAAE,MAAM,CAAA;YACX,QAAQ,EAAE,MAAM,CAAA;YAChB,UAAU,EAAE,MAAM,EAAE,CAAA;SACrB,CAAA;KACF,CAAA;IACD,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,WAAW,CAAC,EAAE,MAAM,CAAA;CACrB;AAED;;;GAGG;AACH,qBAAa,YAAY;gBACX,UAAU,EAAE,SAAS;IAIjC;;;;;;;OAOG;IACG,OAAO,CACX,OAAO,EAAE;QACP,YAAY,EAAE,MAAM,CAAA;QACpB,MAAM,EAAE,MAAM,CAAA;QACd,SAAS,EAAE,MAAM,CAAA;KAClB,EACD,WAAW,EAAE;QACX,KAAK,CAAC,EAAE,MAAM,CAAA;QACd,SAAS,CAAC,EAAE,MAAM,CAAA;KACnB,GACA,OAAO,CAAC,eAAe,CAAC;IA4B3B;;;;OAIG;IACG,OAAO,CACX,OAAO,EAAE,mBAAmB,EAC5B,WAAW,EAAE;QACX,KAAK,CAAC,EAAE,MAAM,CAAA;QACd,SAAS,CAAC,EAAE,MAAM,CAAA;KACnB,GACA,OAAO,CAAC,KAAK,CAAC;IA4BjB;;;;OAIG;IACG,MAAM,CACV,OAAO,EAAE,kBAAkB,EAC3B,WAAW,EAAE;QACX,KAAK,CAAC,EAAE,MAAM,CAAA;QACd,SAAS,CAAC,EAAE,MAAM,CAAA;KACnB,GACA,OAAO,CAAC,KAAK,CAAC;IA4BjB;;;;OAIG;IACG,WAAW,CACf,MAAM,EAAE,MAAM,EACd,MAAM,CAAC,EAAE,WAAW,GACnB,OAAO,CAAC;QAAE,MAAM,EAAE,KAAK,EAAE,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;IAuB9C;;;;OAIG;IACG,aAAa,CACjB,SAAS,EAAE,MAAM,EACjB,MAAM,CAAC,EAAE,WAAW,GACnB,OAAO,CAAC;QAAE,MAAM,EAAE,KAAK,EAAE,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;IAuB9C;;;OAGG;IACG,GAAG,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC;IAkB1C;;;;;OAKG;IACG,MAAM,CACV,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,MAAM,EACd,WAAW,EAAE;QACX,KAAK,CAAC,EAAE,MAAM,CAAA;QACd,SAAS,CAAC,EAAE,MAAM,CAAA;KACnB,GACA,OAAO,CAAC,KAAK,CAAC;IA4BjB;;;OAGG;IACG,eAAe,CACnB,OAAO,EAAE,2BAA2B,GACnC,OAAO,CAAC,0BAA0B,CAAC;IAmBtC;;;;;OAKG;IACG,MAAM,CACV,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,kBAAkB,EAC3B,WAAW,EAAE;QACX,KAAK,CAAC,EAAE,MAAM,CAAA;QACd,SAAS,CAAC,EAAE,MAAM,CAAA;KACnB,GACA,OAAO,CAAC,KAAK,CAAC;CA2BlB"}
+{"version":3,"file":"grant-manager.d.ts","sourceRoot":"","sources":["../../src/grant/grant-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAA;AAE5C,OAAO,EACL,KAAK,EACL,WAAW,EACX,kBAAkB,EAClB,kBAAkB,EAClB,2BAA2B,EAC3B,0BAA0B,EAC3B,MAAM,UAAU,CAAA;AAEjB;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAA;IACV,YAAY,EAAE,MAAM,CAAA;IACpB,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,SAAS,EAAE,MAAM,CAAA;IACjB,QAAQ,EAAE,MAAM,CAAA;IAChB,gBAAgB,EAAE,MAAM,EAAE,CAAA;IAC1B,kBAAkB,EAAE,KAAK,CAAC;QACxB,IAAI,EAAE,MAAM,CAAA;QACZ,EAAE,CAAC,EAAE,MAAM,CAAA;QACX,OAAO,CAAC,EAAE,MAAM,CAAA;QAChB,IAAI,CAAC,EAAE,MAAM,CAAA;KACd,CAAC,CAAA;IACF,QAAQ,EAAE;QACR,YAAY,EAAE,GAAG,CAAA;QACjB,MAAM,EAAE,MAAM,EAAE,CAAA;KACjB,CAAA;IACD,SAAS,EAAE,MAAM,CAAA;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,YAAY,EAAE,MAAM,CAAA;IACpB,eAAe,EAAE,MAAM,EAAE,CAAA;IACzB,iBAAiB,EAAE,KAAK,CAAC;QACvB,IAAI,EAAE,MAAM,CAAA;QACZ,EAAE,CAAC,EAAE,MAAM,CAAA;QACX,OAAO,CAAC,EAAE,MAAM,CAAA;QAChB,IAAI,CAAC,EAAE,MAAM,CAAA;QACb,QAAQ,EAAE,OAAO,CAAA;KAClB,CAAC,CAAA;IACF,WAAW,EAAE;QACX,cAAc,CAAC,EAAE,MAAM,CAAA;QACvB,SAAS,CAAC,EAAE,MAAM,CAAA;QAClB,UAAU,CAAC,EAAE;YACX,KAAK,EAAE,MAAM,CAAA;YACb,GAAG,EAAE,MAAM,CAAA;YACX,QAAQ,EAAE,MAAM,CAAA;YAChB,UAAU,EAAE,MAAM,EAAE,CAAA;SACrB,CAAA;KACF,CAAA;IACD,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,WAAW,CAAC,EAAE,MAAM,CAAA;CACrB;AAED;;;GAGG;AACH,qBAAa,YAAY;gBACX,UAAU,EAAE,SAAS;IAIjC;;;;;;;OAOG;IACG,OAAO,CACX,OAAO,EAAE;QACP,YAAY,EAAE,MAAM,CAAA;QACpB,MAAM,EAAE,MAAM,CAAA;QACd,SAAS,EAAE,MAAM,CAAA;KAClB,EACD,WAAW,EAAE;QACX,KAAK,CAAC,EAAE,MAAM,CAAA;QACd,SAAS,CAAC,EAAE,MAAM,CAAA;KACnB,GACA,OAAO,CAAC,eAAe,CAAC;IA4B3B;;;;OAIG;IACG,OAAO,CACX,OAAO,EAAE,mBAAmB,EAC5B,WAAW,EAAE;QACX,KAAK,CAAC,EAAE,MAAM,CAAA;QACd,SAAS,CAAC,EAAE,MAAM,CAAA;KACnB,GACA,OAAO,CAAC,KAAK,CAAC;IA4BjB;;;;OAIG;IACG,MAAM,CACV,OAAO,EAAE,kBAAkB,EAC3B,WAAW,EAAE;QACX,KAAK,CAAC,EAAE,MAAM,CAAA;QACd,SAAS,CAAC,EAAE,MAAM,CAAA;KACnB,GACA,OAAO,CAAC,KAAK,CAAC;IA4BjB;;;;OAIG;IACG,WAAW,CACf,MAAM,EAAE,MAAM,EACd,MAAM,CAAC,EAAE,WAAW,GACnB,OAAO,CAAC;QAAE,MAAM,EAAE,KAAK,EAAE,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;IAuB9C;;;;OAIG;IACG,aAAa,CACjB,SAAS,EAAE,MAAM,EACjB,MAAM,CAAC,EAAE,WAAW,GACnB,OAAO,CAAC;QAAE,MAAM,EAAE,KAAK,EAAE,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;IAuB9C;;;OAGG;IACG,GAAG,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC;IAkB1C;;;;;OAKG;IACG,MAAM,CACV,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,MAAM,EACd,WAAW,EAAE;QACX,KAAK,CAAC,EAAE,MAAM,CAAA;QACd,SAAS,CAAC,EAAE,MAAM,CAAA;KACnB,GACA,OAAO,CAAC,KAAK,CAAC;IA4BjB;;;OAGG;IACG,eAAe,CACnB,OAAO,EAAE,2BAA2B,GACnC,OAAO,CAAC,0BAA0B,CAAC;IAmBtC;;;;;OAKG;IACG,MAAM,CACV,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,kBAAkB,EAC3B,WAAW,EAAE;QACX,KAAK,CAAC,EAAE,MAAM,CAAA;QACd,SAAS,CAAC,EAAE,MAAM,CAAA;KACnB,GACA,OAAO,CAAC,KAAK,CAAC;CA2BlB"}

package/dist/identity/device-enroll-manager.d.ts

@@ -60,6 +60,12 @@ export interface DeviceEnrollPollResult {
 export declare class DeviceEnrollManager {
     private baseUrl;
     constructor(baseUrl: string);
+    /**
+     * Build common headers for all API requests.
+     * Includes User-Agent and ngrok-skip-browser-warning to avoid
+     * ngrok free-tier interstitial pages blocking programmatic access.
+     */
+    private buildHeaders;
     /**
      * Start the device enrollment flow.
      * Sends the root DID public key to the Gateway and gets a user code.

package/dist/identity/device-enroll-manager.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"device-enroll-manager.d.ts","sourceRoot":"","sources":["../../src/identity/device-enroll-manager.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,MAAM,WAAW,uBAAuB;IACtC,OAAO,EAAE,MAAM,CAAA;IACf,YAAY,EAAE;QACZ,GAAG,EAAE,MAAM,CAAA;QACX,GAAG,EAAE,MAAM,CAAA;QACX,CAAC,EAAE,MAAM,CAAA;QACT,CAAC,CAAC,EAAE,MAAM,CAAA;QACV,GAAG,CAAC,EAAE,MAAM,CAAA;QACZ,GAAG,CAAC,EAAE,MAAM,CAAA;KACb,CAAA;IACD,UAAU,CAAC,EAAE;QACX,UAAU,CAAC,EAAE,MAAM,CAAA;QACnB,EAAE,CAAC,EAAE,MAAM,CAAA;QACX,UAAU,CAAC,EAAE,MAAM,CAAA;QACnB,QAAQ,CAAC,EAAE,MAAM,CAAA;QACjB,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;KACnB,CAAA;IACD,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB;AAED,MAAM,WAAW,4BAA4B;IAC3C,UAAU,CAAC,EAAE;QACX,UAAU,CAAC,EAAE,MAAM,CAAA;QACnB,EAAE,CAAC,EAAE,MAAM,CAAA;QACX,UAAU,CAAC,EAAE,MAAM,CAAA;QACnB,QAAQ,CAAC,EAAE,MAAM,CAAA;QACjB,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;KACnB,CAAA;IACD,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB;AAED,MAAM,WAAW,uBAAuB;IACtC,SAAS,EAAE,MAAM,CAAA;IACjB,QAAQ,EAAE,MAAM,CAAA;IAChB,eAAe,EAAE,MAAM,CAAA;IACvB,SAAS,EAAE,MAAM,CAAA;CAClB;AAED,MAAM,WAAW,sBAAsB;IACrC,MAAM,EAAE,SAAS,GAAG,UAAU,GAAG,SAAS,GAAG,QAAQ,CAAA;IACrD,kBAAkB,CAAC,EAAE,MAAM,CAAA;IAC3B,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB;AAED,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,OAAO,CAAQ;gBAEX,OAAO,EAAE,MAAM;IAI3B;;;;;;OAMG;IACG,qBAAqB,CACzB,MAAM,EAAE,uBAAuB,GAC9B,OAAO,CAAC,uBAAuB,CAAC;IA2BnC;;;;;;;OAOG;IACG,yBAAyB,CAC7B,MAAM,EAAE,4BAA4B,GACnC,OAAO,CAAC,uBAAuB,CAAC;IA0BnC;;;;;;;OAOG;IACG,oBAAoB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAsB9E;;;;;;;;OAQG;IACG,aAAa,CACjB,MAAM,EAAE,uBAAuB,EAC/B,UAAU,EAAE,CAAC,IAAI,EAAE,uBAAuB,KAAK,IAAI,EACnD,cAAc,GAAE,MAAa,EAC7B,QAAQ,GAAE,MAAY,GACrB,OAAO,CAAC,sBAAsB,CAAC;IAKlC;;;;;;;;OAQG;IACG,uBAAuB,CAC3B,MAAM,EAAE,4BAA4B,EACpC,UAAU,EAAE,CAAC,IAAI,EAAE,uBAAuB,KAAK,IAAI,EACnD,cAAc,GAAE,MAAa,EAC7B,QAAQ,GAAE,MAAY,GACrB,OAAO,CAAC,sBAAsB,CAAC;YAKpB,iBAAiB;CAoBhC"}
+{"version":3,"file":"device-enroll-manager.d.ts","sourceRoot":"","sources":["../../src/identity/device-enroll-manager.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,MAAM,WAAW,uBAAuB;IACtC,OAAO,EAAE,MAAM,CAAA;IACf,YAAY,EAAE;QACZ,GAAG,EAAE,MAAM,CAAA;QACX,GAAG,EAAE,MAAM,CAAA;QACX,CAAC,EAAE,MAAM,CAAA;QACT,CAAC,CAAC,EAAE,MAAM,CAAA;QACV,GAAG,CAAC,EAAE,MAAM,CAAA;QACZ,GAAG,CAAC,EAAE,MAAM,CAAA;KACb,CAAA;IACD,UAAU,CAAC,EAAE;QACX,UAAU,CAAC,EAAE,MAAM,CAAA;QACnB,EAAE,CAAC,EAAE,MAAM,CAAA;QACX,UAAU,CAAC,EAAE,MAAM,CAAA;QACnB,QAAQ,CAAC,EAAE,MAAM,CAAA;QACjB,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;KACnB,CAAA;IACD,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB;AAED,MAAM,WAAW,4BAA4B;IAC3C,UAAU,CAAC,EAAE;QACX,UAAU,CAAC,EAAE,MAAM,CAAA;QACnB,EAAE,CAAC,EAAE,MAAM,CAAA;QACX,UAAU,CAAC,EAAE,MAAM,CAAA;QACnB,QAAQ,CAAC,EAAE,MAAM,CAAA;QACjB,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;KACnB,CAAA;IACD,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB;AAED,MAAM,WAAW,uBAAuB;IACtC,SAAS,EAAE,MAAM,CAAA;IACjB,QAAQ,EAAE,MAAM,CAAA;IAChB,eAAe,EAAE,MAAM,CAAA;IACvB,SAAS,EAAE,MAAM,CAAA;CAClB;AAED,MAAM,WAAW,sBAAsB;IACrC,MAAM,EAAE,SAAS,GAAG,UAAU,GAAG,SAAS,GAAG,QAAQ,CAAA;IACrD,kBAAkB,CAAC,EAAE,MAAM,CAAA;IAC3B,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB;AAED,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,OAAO,CAAQ;gBAEX,OAAO,EAAE,MAAM;IAI3B;;;;OAIG;IACH,OAAO,CAAC,YAAY;IAQpB;;;;;;OAMG;IACG,qBAAqB,CACzB,MAAM,EAAE,uBAAuB,GAC9B,OAAO,CAAC,uBAAuB,CAAC;IA2BnC;;;;;;;OAOG;IACG,yBAAyB,CAC7B,MAAM,EAAE,4BAA4B,GACnC,OAAO,CAAC,uBAAuB,CAAC;IA0BnC;;;;;;;OAOG;IACG,oBAAoB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAsB9E;;;;;;;;OAQG;IACG,aAAa,CACjB,MAAM,EAAE,uBAAuB,EAC/B,UAAU,EAAE,CAAC,IAAI,EAAE,uBAAuB,KAAK,IAAI,EACnD,cAAc,GAAE,MAAa,EAC7B,QAAQ,GAAE,MAAY,GACrB,OAAO,CAAC,sBAAsB,CAAC;IAKlC;;;;;;;;OAQG;IACG,uBAAuB,CAC3B,MAAM,EAAE,4BAA4B,EACpC,UAAU,EAAE,CAAC,IAAI,EAAE,uBAAuB,KAAK,IAAI,EACnD,cAAc,GAAE,MAAa,EAC7B,QAAQ,GAAE,MAAY,GACrB,OAAO,CAAC,sBAAsB,CAAC;YAKpB,iBAAiB;CAoBhC"}

package/dist/identity/user-identity-manager.d.ts

@@ -1,5 +1,5 @@
 import { KeyManager } from '../did/key-manager';
-import { DIDDocument } from '@vess-id/ai-identity-types';
+import { DIDDocument } from '../types';
 /**
  * User Identity Manager
  * Manages DID generation and lifecycle for Users (Issuers) specifically

package/dist/identity/user-identity-manager.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"user-identity-manager.d.ts","sourceRoot":"","sources":["../../src/identity/user-identity-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAA;AAG/C,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAA;AAExD;;;;GAIG;AACH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,UAAU,CAAY;IAC9B,OAAO,CAAC,cAAc,CAAsB;gBAEhC,UAAU,CAAC,EAAE,UAAU;IAInC;;;OAGG;IACG,iBAAiB,IAAI,OAAO,CAAC,MAAM,CAAC;IAgB1C;;OAEG;IACG,aAAa,IAAI,OAAO,CAAC,MAAM,CAAC;IAiBtC;;OAEG;IACG,cAAc,IAAI,OAAO,CAAC,GAAG,CAAC;IAcpC;;OAEG;IACG,cAAc,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAUxD;;OAEG;IACG,kBAAkB,IAAI,OAAO,CAAC;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,GAAG,CAAC;QAAC,WAAW,EAAE,WAAW,CAAA;KAAE,CAAC;IAY/F;;OAEG;IACG,kBAAkB,CAAC,MAAM,EAAE;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,GAAG,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IASjF;;OAEG;IACG,iBAAiB,IAAI,OAAO,CAAC,MAAM,CAAC;IAY1C;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAK5B;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAqBzB;;OAEG;YACW,WAAW;IAYzB;;OAEG;YACW,WAAW;IAczB;;OAEG;YACW,YAAY;CAa3B"}
+{"version":3,"file":"user-identity-manager.d.ts","sourceRoot":"","sources":["../../src/identity/user-identity-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAA;AAG/C,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAA;AAEtC;;;;GAIG;AACH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,UAAU,CAAY;IAC9B,OAAO,CAAC,cAAc,CAAsB;gBAEhC,UAAU,CAAC,EAAE,UAAU;IAInC;;;OAGG;IACG,iBAAiB,IAAI,OAAO,CAAC,MAAM,CAAC;IAgB1C;;OAEG;IACG,aAAa,IAAI,OAAO,CAAC,MAAM,CAAC;IAiBtC;;OAEG;IACG,cAAc,IAAI,OAAO,CAAC,GAAG,CAAC;IAcpC;;OAEG;IACG,cAAc,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAUxD;;OAEG;IACG,kBAAkB,IAAI,OAAO,CAAC;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,GAAG,CAAC;QAAC,WAAW,EAAE,WAAW,CAAA;KAAE,CAAC;IAY/F;;OAEG;IACG,kBAAkB,CAAC,MAAM,EAAE;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,GAAG,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IASjF;;OAEG;IACG,iBAAiB,IAAI,OAAO,CAAC,MAAM,CAAC;IAY1C;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAK5B;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAqBzB;;OAEG;YACW,WAAW;IAYzB;;OAEG;YACW,WAAW;IAczB;;OAEG;YACW,YAAY;CAa3B"}