@vess-id/vess 0.2.0-alpha.3 → 0.2.0-alpha.30

package/dist/utils/credential-errors.d.ts

@@ -1,3 +1,44 @@
 /** Check if an error message indicates an invalid credential (expired, revoked, etc.) */
 export declare function isCredentialInvalidError(message?: string): boolean;
+/**
+ * Minimal shape of the reauth payload api returns on revoked/expired OAuth tokens.
+ * Kept loose on purpose — the api may add fields without breaking agentd.
+ *
+ * Layer note — three similar types intentionally exist in this repo:
+ *   - `ApiReauthRequired` (this file): wire shape parsed from api bodies
+ *   - `ReauthRequiredInfo`     (gateway-client.ts): wire-level result carried
+ *     alongside `InvokeToolResult.errorCode`
+ *   - `ReauthRequiredExecutionInfo` (core/types.ts): user-facing ExecuteResult
+ *     field, trimmed of wire-level knobs (e.g. `metadata`)
+ * The duplication is deliberate: each layer drops context the next one
+ * doesn't need, which keeps the CLI surface minimal.
+ */
+export interface ApiReauthRequired {
+    provider: string;
+    reason: string;
+    message: string;
+    authUrl: string;
+    projectId?: string;
+    metadata?: Record<string, any>;
+}
+/**
+ * Probe an api response body for a reauth_required signal.
+ *
+ * The api shape is:
+ *   `{ success:false, error, metadata: { action: 'reauth_required',
+ *      reauthRequired: { provider, reason, message, authUrl, projectId, ... } } }`
+ *
+ * Returns the extracted payload if present, otherwise `undefined`.
+ *
+ * Guards:
+ *   - Requires `authUrl` to be a non-empty string (without it the signal is
+ *     useless — the CLI caller has nothing to surface to the user).
+ *   - Does not trust the outer `success` flag. If a future api bug sets
+ *     `success:true` on a reauth response, we still treat it as a reauth
+ *     failure: the underlying SaaS token is gone, and any "data" in that
+ *     envelope would be stale or misleading. `action:'reauth_required'`
+ *     is the canonical signal, not `success`. (Spec'd in gateway-client
+ *     reauth tests as the "contradictory body" regression guard.)
+ */
+export declare function extractReauthRequired(body: unknown): ApiReauthRequired | undefined;
 //# sourceMappingURL=credential-errors.d.ts.map

package/dist/utils/credential-errors.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"credential-errors.d.ts","sourceRoot":"","sources":["../../src/utils/credential-errors.ts"],"names":[],"mappings":"AAcA,yFAAyF;AACzF,wBAAgB,wBAAwB,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAGlE"}
+{"version":3,"file":"credential-errors.d.ts","sourceRoot":"","sources":["../../src/utils/credential-errors.ts"],"names":[],"mappings":"AAgBA,yFAAyF;AACzF,wBAAgB,wBAAwB,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAGlE;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,MAAM,CAAA;IAChB,MAAM,EAAE,MAAM,CAAA;IACd,OAAO,EAAE,MAAM,CAAA;IACf,OAAO,EAAE,MAAM,CAAA;IACf,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;CAC/B;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,OAAO,GAAG,iBAAiB,GAAG,SAAS,CAclF"}

package/dist/utils/credential-errors.js

@@ -1,6 +1,8 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.isCredentialInvalidError = isCredentialInvalidError;
+exports.extractReauthRequired = extractReauthRequired;
+const ai_identity_1 = require("@vess-id/ai-identity");
 /**
  * Patterns that indicate a credential/VP is invalid (expired, revoked, malformed).
  * Shared between gateway-client (HTTP response detection) and execution-engine (error classification).
@@ -20,4 +22,41 @@ function isCredentialInvalidError(message) {
         return false;
     return CREDENTIAL_ERROR_PATTERNS.some(pattern => pattern.test(message));
 }
+/**
+ * Probe an api response body for a reauth_required signal.
+ *
+ * The api shape is:
+ *   `{ success:false, error, metadata: { action: 'reauth_required',
+ *      reauthRequired: { provider, reason, message, authUrl, projectId, ... } } }`
+ *
+ * Returns the extracted payload if present, otherwise `undefined`.
+ *
+ * Guards:
+ *   - Requires `authUrl` to be a non-empty string (without it the signal is
+ *     useless — the CLI caller has nothing to surface to the user).
+ *   - Does not trust the outer `success` flag. If a future api bug sets
+ *     `success:true` on a reauth response, we still treat it as a reauth
+ *     failure: the underlying SaaS token is gone, and any "data" in that
+ *     envelope would be stale or misleading. `action:'reauth_required'`
+ *     is the canonical signal, not `success`. (Spec'd in gateway-client
+ *     reauth tests as the "contradictory body" regression guard.)
+ */
+function extractReauthRequired(body) {
+    if (!body || typeof body !== 'object')
+        return undefined;
+    const metadata = body.metadata;
+    if (!metadata || metadata.action !== ai_identity_1.REAUTH_REQUIRED_ACTION)
+        return undefined;
+    const r = metadata.reauthRequired;
+    if (!r || typeof r.authUrl !== 'string' || r.authUrl.length === 0)
+        return undefined;
+    return {
+        provider: String(r.provider ?? ''),
+        reason: String(r.reason ?? ''),
+        message: String(r.message ?? body.error ?? ''),
+        authUrl: r.authUrl,
+        projectId: r.projectId,
+        metadata: r.metadata,
+    };
+}
 //# sourceMappingURL=credential-errors.js.map

package/dist/utils/credential-errors.js.map

@@ -1 +1 @@
-{"version":3,"file":"credential-errors.js","sourceRoot":"","sources":["../../src/utils/credential-errors.ts"],"names":[],"mappings":";;AAeA,4DAGC;AAlBD;;;GAGG;AACH,MAAM,yBAAyB,GAAa;IAC1C,yBAAyB;IACzB,8BAA8B;IAC9B,iBAAiB;IACjB,iBAAiB;IACjB,0BAA0B;IAC1B,sBAAsB;IACtB,wBAAwB;CACzB,CAAA;AAED,yFAAyF;AACzF,SAAgB,wBAAwB,CAAC,OAAgB;IACvD,IAAI,CAAC,OAAO;QAAE,OAAO,KAAK,CAAA;IAC1B,OAAO,yBAAyB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;AACzE,CAAC"}
+{"version":3,"file":"credential-errors.js","sourceRoot":"","sources":["../../src/utils/credential-errors.ts"],"names":[],"mappings":";;AAiBA,4DAGC;AA2CD,sDAcC;AA7ED,sDAA6D;AAE7D;;;GAGG;AACH,MAAM,yBAAyB,GAAa;IAC1C,yBAAyB;IACzB,8BAA8B;IAC9B,iBAAiB;IACjB,iBAAiB;IACjB,0BAA0B;IAC1B,sBAAsB;IACtB,wBAAwB;CACzB,CAAA;AAED,yFAAyF;AACzF,SAAgB,wBAAwB,CAAC,OAAgB;IACvD,IAAI,CAAC,OAAO;QAAE,OAAO,KAAK,CAAA;IAC1B,OAAO,yBAAyB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;AACzE,CAAC;AAwBD;;;;;;;;;;;;;;;;;;GAkBG;AACH,SAAgB,qBAAqB,CAAC,IAAa;IACjD,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO,SAAS,CAAA;IACvD,MAAM,QAAQ,GAAI,IAAY,CAAC,QAAQ,CAAA;IACvC,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,oCAAsB;QAAE,OAAO,SAAS,CAAA;IAC7E,MAAM,CAAC,GAAG,QAAQ,CAAC,cAAc,CAAA;IACjC,IAAI,CAAC,CAAC,IAAI,OAAO,CAAC,CAAC,OAAO,KAAK,QAAQ,IAAI,CAAC,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,SAAS,CAAA;IACnF,OAAO;QACL,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC,QAAQ,IAAI,EAAE,CAAC;QAClC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC;QAC9B,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,IAAK,IAAY,CAAC,KAAK,IAAI,EAAE,CAAC;QACvD,OAAO,EAAE,CAAC,CAAC,OAAO;QAClB,SAAS,EAAE,CAAC,CAAC,SAAS;QACtB,QAAQ,EAAE,CAAC,CAAC,QAAQ;KACrB,CAAA;AACH,CAAC"}

package/dist/wallet/wallet.d.ts

@@ -51,6 +51,12 @@ export declare class Wallet {
      */
     findCredentialByResource(normalizedKey: string, holderDid: string, projectId: string): StoredCredential | null;
     revokeCredential(id: string): void;
+    /**
+     * Startup cleanup: mark all active credentials that have passed their
+     * expiry as 'expired'. Returns the number of credentials updated.
+     * Idempotent — safe to call multiple times.
+     */
+    purgeExpiredCredentials(): number;
     getExpiredCredentials(): StoredCredential[];
     getActiveCredentials(): StoredCredential[];
     private rowToCredential;

package/dist/wallet/wallet.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"wallet.d.ts","sourceRoot":"","sources":["../../src/wallet/wallet.ts"],"names":[],"mappings":"AAAA,OAAO,QAAQ,MAAM,gBAAgB,CAAA;AAErC,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAA;AAE9D,MAAM,WAAW,eAAe;IAC9B,EAAE,CAAC,EAAE,MAAM,CAAA;IACX,SAAS,EAAE,MAAM,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;IACjB,aAAa,EAAE,MAAM,CAAA;IACrB,OAAO,EAAE,MAAM,EAAE,CAAA;IACjB,QAAQ,EAAE,MAAM,CAAA;IAChB,qBAAqB,CAAC,EAAE,MAAM,CAAA;IAC9B,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAC5B,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,MAAM,CAAC,EAAE,QAAQ,GAAG,SAAS,GAAG,SAAS,CAAA;IACzC,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB;;;;;OAKG;IACH,SAAS,CAAC,EAAE,kBAAkB,EAAE,CAAA;IAChC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CACnC;AAED,MAAM,WAAW,gBAAiB,SAAQ,eAAe;IACvD,EAAE,EAAE,MAAM,CAAA;IACV,MAAM,EAAE,QAAQ,GAAG,SAAS,GAAG,SAAS,CAAA;IACxC,SAAS,EAAE,MAAM,CAAA;CAClB;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAC/B,GAAG,EAAE,OAAO,GACX,kBAAkB,EAAE,GAAG,SAAS,CAelC;AAED,qBAAa,MAAM;IACL,OAAO,CAAC,QAAQ,CAAC,EAAE;gBAAF,EAAE,EAAE,QAAQ,CAAC,QAAQ;IAElD,eAAe,CAAC,KAAK,EAAE,eAAe,GAAG,gBAAgB;IAqDzD;;;;OAIG;IACH,cAAc,CACZ,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,MAAM,EACjB,UAAU,CAAC,EAAE,MAAM,GAClB,gBAAgB,GAAG,IAAI;IAoC1B;;;OAGG;IACH,sBAAsB,CACpB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,MAAM,GAChB,gBAAgB,GAAG,IAAI;IAgB1B;;OAEG;IACH,wBAAwB,CACtB,aAAa,EAAE,MAAM,EACrB,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,GAChB,gBAAgB,GAAG,IAAI;IAe1B,gBAAgB,CAAC,EAAE,EAAE,MAAM,GAAG,IAAI;IAIlC,qBAAqB,IAAI,gBAAgB,EAAE;IAS3C,oBAAoB,IAAI,gBAAgB,EAAE;IAS1C,OAAO,CAAC,eAAe;CAkBxB"}
+{"version":3,"file":"wallet.d.ts","sourceRoot":"","sources":["../../src/wallet/wallet.ts"],"names":[],"mappings":"AAAA,OAAO,QAAQ,MAAM,gBAAgB,CAAA;AAErC,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAA;AAE9D,MAAM,WAAW,eAAe;IAC9B,EAAE,CAAC,EAAE,MAAM,CAAA;IACX,SAAS,EAAE,MAAM,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;IACjB,aAAa,EAAE,MAAM,CAAA;IACrB,OAAO,EAAE,MAAM,EAAE,CAAA;IACjB,QAAQ,EAAE,MAAM,CAAA;IAChB,qBAAqB,CAAC,EAAE,MAAM,CAAA;IAC9B,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAC5B,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,MAAM,CAAC,EAAE,QAAQ,GAAG,SAAS,GAAG,SAAS,CAAA;IACzC,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB;;;;;OAKG;IACH,SAAS,CAAC,EAAE,kBAAkB,EAAE,CAAA;IAChC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CACnC;AAED,MAAM,WAAW,gBAAiB,SAAQ,eAAe;IACvD,EAAE,EAAE,MAAM,CAAA;IACV,MAAM,EAAE,QAAQ,GAAG,SAAS,GAAG,SAAS,CAAA;IACxC,SAAS,EAAE,MAAM,CAAA;CAClB;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAC/B,GAAG,EAAE,OAAO,GACX,kBAAkB,EAAE,GAAG,SAAS,CAelC;AAED,qBAAa,MAAM;IACL,OAAO,CAAC,QAAQ,CAAC,EAAE;gBAAF,EAAE,EAAE,QAAQ,CAAC,QAAQ;IAElD,eAAe,CAAC,KAAK,EAAE,eAAe,GAAG,gBAAgB;IAqDzD;;;;OAIG;IACH,cAAc,CACZ,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,MAAM,EACjB,UAAU,CAAC,EAAE,MAAM,GAClB,gBAAgB,GAAG,IAAI;IAoC1B;;;OAGG;IACH,sBAAsB,CACpB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,MAAM,GAChB,gBAAgB,GAAG,IAAI;IAgB1B;;OAEG;IACH,wBAAwB,CACtB,aAAa,EAAE,MAAM,EACrB,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,GAChB,gBAAgB,GAAG,IAAI;IAe1B,gBAAgB,CAAC,EAAE,EAAE,MAAM,GAAG,IAAI;IAIlC;;;;OAIG;IACH,uBAAuB,IAAI,MAAM;IAOjC,qBAAqB,IAAI,gBAAgB,EAAE;IAS3C,oBAAoB,IAAI,gBAAgB,EAAE;IAS1C,OAAO,CAAC,eAAe;CAkBxB"}

package/dist/wallet/wallet.js

@@ -137,6 +137,15 @@ class Wallet {
     revokeCredential(id) {
         this.db.prepare('UPDATE credentials SET status = ? WHERE id = ?').run('revoked', id);
     }
+    /**
+     * Startup cleanup: mark all active credentials that have passed their
+     * expiry as 'expired'. Returns the number of credentials updated.
+     * Idempotent — safe to call multiple times.
+     */
+    purgeExpiredCredentials() {
+        const result = this.db.prepare("UPDATE credentials SET status = 'expired' WHERE status = 'active' AND expires_at IS NOT NULL AND expires_at <= ?").run(Date.now());
+        return result.changes;
+    }
     getExpiredCredentials() {
         const now = Date.now();
         const rows = this.db.prepare('SELECT * FROM credentials WHERE status = ? AND expires_at IS NOT NULL AND expires_at <= ?').all('active', now);

package/dist/wallet/wallet.js.map

@@ -1 +1 @@
-{"version":3,"file":"wallet.js","sourceRoot":"","sources":["../../src/wallet/wallet.ts"],"names":[],"mappings":";;;AAoCA,8CAiBC;AApDD,mCAAmC;AA+BnC;;;GAGG;AACH,SAAgB,iBAAiB,CAC/B,GAAY;IAEZ,IAAI,GAAG,IAAI,IAAI;QAAE,OAAO,SAAS,CAAA;IACjC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC;QAAE,OAAO,SAAS,CAAA;IACzC,OAAO,GAAG;SACP,MAAM,CAAC,CAAC,CAAC,EAAgC,EAAE,CAAC,CAAC,IAAI,IAAI,IAAI,OAAO,CAAC,KAAK,QAAQ,CAAC;SAC/E,GAAG,CAAC,CAAC,CAAC,EAAE;QACP,MAAM,SAAS,GAAuB;YACpC,QAAQ,EAAE,OAAO,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE;YAC1D,IAAI,EAAE,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE;SAC/C,CAAA;QACD,IAAI,OAAO,CAAC,CAAC,EAAE,KAAK,QAAQ;YAAE,SAAS,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,CAAA;QACjD,IAAI,OAAO,CAAC,CAAC,OAAO,KAAK,QAAQ;YAAE,SAAS,CAAC,OAAO,GAAG,CAAC,CAAC,OAAO,CAAA;QAChE,OAAO,SAAS,CAAA;IAClB,CAAC,CAAC;SACD,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,EAAE,IAAI,CAAC,CAAC,IAAI,KAAK,EAAE,CAAC,CAAA;AACpD,CAAC;AAED,MAAa,MAAM;IACY;IAA7B,YAA6B,EAAqB;QAArB,OAAE,GAAF,EAAE,CAAmB;IAAG,CAAC;IAEtD,eAAe,CAAC,KAAsB;QACpC,MAAM,EAAE,GAAG,KAAK,CAAC,EAAE,IAAI,IAAA,mBAAU,GAAE,CAAA;QACnC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QAEtB,2DAA2D;QAC3D,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;YACnB,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAA;YAClD,IAAI,WAAW,CAAC,MAAM,GAAG,KAAK,EAAE,CAAC;gBAC/B,MAAM,IAAI,KAAK,CAAC,2CAA2C,WAAW,CAAC,MAAM,SAAS,CAAC,CAAA;YACzF,CAAC;QACH,CAAC;QAED,4DAA4D;QAC5D,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;YACpB,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,SAAS,CAAC,CAAA;YACpD,IAAI,YAAY,CAAC,MAAM,GAAG,KAAK,EAAE,CAAC;gBAChC,MAAM,IAAI,KAAK,CAAC,4CAA4C,YAAY,CAAC,MAAM,SAAS,CAAC,CAAA;YAC3F,CAAC;QACH,CAAC;QAED,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC;;;;;;KAMf,CAAC,CAAC,GAAG,CACJ,EAAE,EACF,KAAK,CAAC,SAAS,EACf,KAAK,CAAC,SAAS,EACf,KAAK,CAAC,aAAa,EACnB,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,EAC7B,KAAK,CAAC,QAAQ,EACd,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,EACxD,KAAK,CAAC,qBAAqB,IAAI,IAAI,EACnC,KAAK,CAAC,mBAAmB,IAAI,IAAI,EACjC,KAAK,CAAC,aAAa,IAAI,IAAI,EAC3B,KAAK,CAAC,MAAM,IAAI,QAAQ,EACxB,KAAK,CAAC,SAAS,IAAI,IAAI,EACvB,GAAG,EACH,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CACvD,CAAA;QAED,OAAO;YACL,GAAG,KAAK;YACR,EAAE;YACF,MAAM,EAAE,KAAK,CAAC,MAAM,IAAI,QAAQ;YAChC,SAAS,EAAE,GAAG;YACd,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,SAAS,EAAE,KAAK,CAAC,SAAS;SAC3B,CAAA;IACH,CAAC;IAED;;;;OAIG;IACH,cAAc,CACZ,SAAiB,EACjB,MAAc,EACd,SAAiB,EACjB,UAAmB;QAEnB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QAEtB,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;YAC7B,6EAA6E;YAC7E,IAAI,UAAU,CAAC,MAAM,GAAG,GAAG,IAAI,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC9D,OAAO,IAAI,CAAA;YACb,CAAC;YAED,MAAM,GAAG,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC;;;;;;;;;OAS3B,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,EAAE,UAAU,CAAoB,CAAA;YAExE,OAAO,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;QAC/C,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC;;;;;;;;KAQ3B,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,CAAoB,CAAA;QAE5D,OAAO,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAC/C,CAAC;IAED;;;OAGG;IACH,sBAAsB,CACpB,SAAiB,EACjB,MAAc,EACd,SAAiB;QAEjB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QACtB,MAAM,GAAG,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC;;;;;;;;;KAS3B,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,CAAoB,CAAA;QAE5D,OAAO,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAC/C,CAAC;IAED;;OAEG;IACH,wBAAwB,CACtB,aAAqB,EACrB,SAAiB,EACjB,SAAiB;QAEjB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QACtB,MAAM,GAAG,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC;;;;;;;;KAQ3B,CAAC,CAAC,GAAG,CAAC,aAAa,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,CAAoB,CAAA;QAEnE,OAAO,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAC/C,CAAC;IAED,gBAAgB,CAAC,EAAU;QACzB,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,gDAAgD,CAAC,CAAC,GAAG,CAAC,SAAS,EAAE,EAAE,CAAC,CAAA;IACtF,CAAC;IAED,qBAAqB;QACnB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QACtB,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAC1B,2FAA2F,CAC5F,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAU,CAAA;QAE7B,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAA;IAC/C,CAAC;IAED,oBAAoB;QAClB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QACtB,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAC1B,uFAAuF,CACxF,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAU,CAAA;QAE7B,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAA;IAC/C,CAAC;IAEO,eAAe,CAAC,GAAQ;QAC9B,OAAO;YACL,EAAE,EAAE,GAAG,CAAC,EAAE;YACV,SAAS,EAAE,GAAG,CAAC,UAAU;YACzB,SAAS,EAAE,GAAG,CAAC,UAAU;YACzB,aAAa,EAAE,GAAG,CAAC,cAAc;YACjC,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC;YAChC,QAAQ,EAAE,GAAG,CAAC,QAAQ;YACtB,qBAAqB,EAAE,GAAG,CAAC,uBAAuB,IAAI,SAAS;YAC/D,mBAAmB,EAAE,GAAG,CAAC,oBAAoB,IAAI,SAAS;YAC1D,aAAa,EAAE,GAAG,CAAC,cAAc,IAAI,SAAS;YAC9C,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,SAAS,EAAE,GAAG,CAAC,UAAU,IAAI,SAAS;YACtC,SAAS,EAAE,GAAG,CAAC,UAAU;YACzB,SAAS,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS;YAChE,QAAQ,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS;SAC9D,CAAA;IACH,CAAC;CACF;AA5LD,wBA4LC"}
+{"version":3,"file":"wallet.js","sourceRoot":"","sources":["../../src/wallet/wallet.ts"],"names":[],"mappings":";;;AAoCA,8CAiBC;AApDD,mCAAmC;AA+BnC;;;GAGG;AACH,SAAgB,iBAAiB,CAC/B,GAAY;IAEZ,IAAI,GAAG,IAAI,IAAI;QAAE,OAAO,SAAS,CAAA;IACjC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC;QAAE,OAAO,SAAS,CAAA;IACzC,OAAO,GAAG;SACP,MAAM,CAAC,CAAC,CAAC,EAAgC,EAAE,CAAC,CAAC,IAAI,IAAI,IAAI,OAAO,CAAC,KAAK,QAAQ,CAAC;SAC/E,GAAG,CAAC,CAAC,CAAC,EAAE;QACP,MAAM,SAAS,GAAuB;YACpC,QAAQ,EAAE,OAAO,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE;YAC1D,IAAI,EAAE,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE;SAC/C,CAAA;QACD,IAAI,OAAO,CAAC,CAAC,EAAE,KAAK,QAAQ;YAAE,SAAS,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,CAAA;QACjD,IAAI,OAAO,CAAC,CAAC,OAAO,KAAK,QAAQ;YAAE,SAAS,CAAC,OAAO,GAAG,CAAC,CAAC,OAAO,CAAA;QAChE,OAAO,SAAS,CAAA;IAClB,CAAC,CAAC;SACD,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,EAAE,IAAI,CAAC,CAAC,IAAI,KAAK,EAAE,CAAC,CAAA;AACpD,CAAC;AAED,MAAa,MAAM;IACY;IAA7B,YAA6B,EAAqB;QAArB,OAAE,GAAF,EAAE,CAAmB;IAAG,CAAC;IAEtD,eAAe,CAAC,KAAsB;QACpC,MAAM,EAAE,GAAG,KAAK,CAAC,EAAE,IAAI,IAAA,mBAAU,GAAE,CAAA;QACnC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QAEtB,2DAA2D;QAC3D,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;YACnB,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAA;YAClD,IAAI,WAAW,CAAC,MAAM,GAAG,KAAK,EAAE,CAAC;gBAC/B,MAAM,IAAI,KAAK,CAAC,2CAA2C,WAAW,CAAC,MAAM,SAAS,CAAC,CAAA;YACzF,CAAC;QACH,CAAC;QAED,4DAA4D;QAC5D,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;YACpB,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,SAAS,CAAC,CAAA;YACpD,IAAI,YAAY,CAAC,MAAM,GAAG,KAAK,EAAE,CAAC;gBAChC,MAAM,IAAI,KAAK,CAAC,4CAA4C,YAAY,CAAC,MAAM,SAAS,CAAC,CAAA;YAC3F,CAAC;QACH,CAAC;QAED,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC;;;;;;KAMf,CAAC,CAAC,GAAG,CACJ,EAAE,EACF,KAAK,CAAC,SAAS,EACf,KAAK,CAAC,SAAS,EACf,KAAK,CAAC,aAAa,EACnB,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,EAC7B,KAAK,CAAC,QAAQ,EACd,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,EACxD,KAAK,CAAC,qBAAqB,IAAI,IAAI,EACnC,KAAK,CAAC,mBAAmB,IAAI,IAAI,EACjC,KAAK,CAAC,aAAa,IAAI,IAAI,EAC3B,KAAK,CAAC,MAAM,IAAI,QAAQ,EACxB,KAAK,CAAC,SAAS,IAAI,IAAI,EACvB,GAAG,EACH,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CACvD,CAAA;QAED,OAAO;YACL,GAAG,KAAK;YACR,EAAE;YACF,MAAM,EAAE,KAAK,CAAC,MAAM,IAAI,QAAQ;YAChC,SAAS,EAAE,GAAG;YACd,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,SAAS,EAAE,KAAK,CAAC,SAAS;SAC3B,CAAA;IACH,CAAC;IAED;;;;OAIG;IACH,cAAc,CACZ,SAAiB,EACjB,MAAc,EACd,SAAiB,EACjB,UAAmB;QAEnB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QAEtB,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;YAC7B,6EAA6E;YAC7E,IAAI,UAAU,CAAC,MAAM,GAAG,GAAG,IAAI,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC9D,OAAO,IAAI,CAAA;YACb,CAAC;YAED,MAAM,GAAG,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC;;;;;;;;;OAS3B,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,EAAE,UAAU,CAAoB,CAAA;YAExE,OAAO,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;QAC/C,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC;;;;;;;;KAQ3B,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,CAAoB,CAAA;QAE5D,OAAO,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAC/C,CAAC;IAED;;;OAGG;IACH,sBAAsB,CACpB,SAAiB,EACjB,MAAc,EACd,SAAiB;QAEjB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QACtB,MAAM,GAAG,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC;;;;;;;;;KAS3B,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,CAAoB,CAAA;QAE5D,OAAO,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAC/C,CAAC;IAED;;OAEG;IACH,wBAAwB,CACtB,aAAqB,EACrB,SAAiB,EACjB,SAAiB;QAEjB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QACtB,MAAM,GAAG,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC;;;;;;;;KAQ3B,CAAC,CAAC,GAAG,CAAC,aAAa,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,CAAoB,CAAA;QAEnE,OAAO,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAC/C,CAAC;IAED,gBAAgB,CAAC,EAAU;QACzB,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,gDAAgD,CAAC,CAAC,GAAG,CAAC,SAAS,EAAE,EAAE,CAAC,CAAA;IACtF,CAAC;IAED;;;;OAIG;IACH,uBAAuB;QACrB,MAAM,MAAM,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAC5B,kHAAkH,CACnH,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAA;QACjB,OAAO,MAAM,CAAC,OAAO,CAAA;IACvB,CAAC;IAED,qBAAqB;QACnB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QACtB,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAC1B,2FAA2F,CAC5F,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAU,CAAA;QAE7B,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAA;IAC/C,CAAC;IAED,oBAAoB;QAClB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QACtB,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAC1B,uFAAuF,CACxF,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAU,CAAA;QAE7B,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAA;IAC/C,CAAC;IAEO,eAAe,CAAC,GAAQ;QAC9B,OAAO;YACL,EAAE,EAAE,GAAG,CAAC,EAAE;YACV,SAAS,EAAE,GAAG,CAAC,UAAU;YACzB,SAAS,EAAE,GAAG,CAAC,UAAU;YACzB,aAAa,EAAE,GAAG,CAAC,cAAc;YACjC,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC;YAChC,QAAQ,EAAE,GAAG,CAAC,QAAQ;YACtB,qBAAqB,EAAE,GAAG,CAAC,uBAAuB,IAAI,SAAS;YAC/D,mBAAmB,EAAE,GAAG,CAAC,oBAAoB,IAAI,SAAS;YAC1D,aAAa,EAAE,GAAG,CAAC,cAAc,IAAI,SAAS;YAC9C,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,SAAS,EAAE,GAAG,CAAC,UAAU,IAAI,SAAS;YACtC,SAAS,EAAE,GAAG,CAAC,UAAU;YACzB,SAAS,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS;YAChE,QAAQ,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS;SAC9D,CAAA;IACH,CAAC;CACF;AAxMD,wBAwMC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vess-id/vess",
-  "version": "0.2.0-alpha.3",
+  "version": "0.2.0-alpha.30",
   "description": "VESS local AI agent runtime — manages agent identity, permissions, and execution boundaries",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -17,17 +17,17 @@
     "semantic-release": "semantic-release"
   },
   "dependencies": {
-    "@modelcontextprotocol/sdk": "^1.18.1",
+    "@modelcontextprotocol/sdk": "^1.29.0",
     "@napi-rs/keyring": "^1.2.0",
     "@sd-jwt/crypto-nodejs": "^0.15.0",
     "@sd-jwt/sd-jwt-vc": "^0.15.1",
-    "@vess-id/ai-identity": "^0.4.0",
-    "better-sqlite3": "^11.0.0",
-    "commander": "^12.0.0",
-    "zod": "^3.23.0"
+    "@vess-id/ai-identity": "0.5.0-alpha.13",
+    "better-sqlite3": "^11.10.0",
+    "commander": "^12.1.0",
+    "zod": "^3.25.76"
   },
   "optionalDependencies": {
-    "node-mac-auth": "^1.0.0"
+    "node-mac-auth": "^1.1.0"
   },
   "devDependencies": {
     "@semantic-release/changelog": "^6.0.3",
@@ -35,16 +35,16 @@
     "@semantic-release/exec": "^7.1.0",
     "@semantic-release/git": "^10.0.1",
     "@semantic-release/github": "^12.0.6",
-    "@semantic-release/npm": "^13.0.0",
+    "@semantic-release/npm": "^13.1.5",
     "@semantic-release/release-notes-generator": "^14.1.0",
-    "@types/better-sqlite3": "^7.6.0",
-    "@types/jest": "^29.5.0",
-    "@types/node": "^22.0.0",
-    "conventional-changelog-conventionalcommits": "^9.3.0",
+    "@types/better-sqlite3": "^7.6.13",
+    "@types/jest": "^29.5.14",
+    "@types/node": "^22.19.17",
+    "conventional-changelog-conventionalcommits": "^9.3.1",
     "jest": "^29.7.0",
     "semantic-release": "^25.0.3",
-    "ts-jest": "^29.1.0",
-    "typescript": "^5.3.0"
+    "ts-jest": "^29.4.9",
+    "typescript": "^5.9.3"
   },
   "engines": {
     "node": ">=22.0.0"