@vorim/sdk 3.4.3 → 3.6.0

package/dist/integrations/anthropic.d.ts

@@ -38,6 +38,16 @@ interface VorimAnthropicConfig {
     defaultPermission?: PermissionScope;
     /** Whether to emit audit events asynchronously (fire-and-forget). @default true */
     asyncAudit?: boolean;
+    /**
+     * Gate each tool call through the runtime-control decision API
+     * (`beforeAction`) instead of the lightweight permission check. @default false
+     *
+     * When true, tool calls are evaluated against live policy rules and the
+     * returned decisionId is linked onto each audit event's decision_id.
+     * Requires the runtime_control plan feature (Growth+) and consumes decision
+     * quota. When false (default) the fast permission check is used.
+     */
+    useRuntimeControl?: boolean;
     /**
      * Replayable agent decision evidence (VAIP -02). Hashes attached to
      * every audit event. If `replay.tools` is omitted, the registry's
@@ -95,10 +105,13 @@ declare class VorimToolRegistry {
     private agentId;
     private defaultPermission;
     private asyncAudit;
+    private useRuntimeControl;
     private tools;
     private replayInputs;
     private replayCache;
     constructor(config: VorimAnthropicConfig);
+    /** Gate a tool call: runtime decision (with decisionId) or permission check. */
+    private gate;
     private getReplayContext;
     private deriveCatalogue;
     /** Register a tool. Invalidates the cached tool-catalogue hash. */

package/dist/integrations/anthropic.js

@@ -16,10 +16,9 @@ function jcsCanonicalise(value) {
     return "[" + value.map(jcsCanonicalise).join(",") + "]";
   }
   if (typeof value === "object") {
-    const keys = Object.keys(value).sort();
-    const parts = keys.map((k) => {
-      return JSON.stringify(k) + ":" + jcsCanonicalise(value[k]);
-    });
+    const obj = value;
+    const keys = Object.keys(obj).filter((k) => obj[k] !== void 0).sort();
+    const parts = keys.map((k) => JSON.stringify(k) + ":" + jcsCanonicalise(obj[k]));
     return "{" + parts.join(",") + "}";
   }
   throw new Error(`jcsCanonicalise: unsupported value type: ${typeof value}`);
@@ -70,6 +69,7 @@ var VorimToolRegistry = class {
   agentId;
   defaultPermission;
   asyncAudit;
+  useRuntimeControl;
   tools = /* @__PURE__ */ new Map();
   replayInputs;
   replayCache = null;
@@ -78,8 +78,25 @@ var VorimToolRegistry = class {
     this.agentId = config.agentId;
     this.defaultPermission = config.defaultPermission ?? "agent:execute";
     this.asyncAudit = config.asyncAudit ?? true;
+    this.useRuntimeControl = config.useRuntimeControl ?? false;
     this.replayInputs = config.replay;
   }
+  /** Gate a tool call: runtime decision (with decisionId) or permission check. */
+  async gate(scope, actionTarget, payload) {
+    if (this.useRuntimeControl) {
+      const d = await this.vorim.beforeAction(
+        { agentId: this.agentId, actionType: "tool_call", actionTarget, requiredScope: scope, payload },
+        { throwOnDeny: false }
+      );
+      return {
+        allowed: d.decision === "allow" || d.decision === "modify" || d.decision === "fallback",
+        reason: d.reason,
+        decisionId: d.decisionId || void 0
+      };
+    }
+    const { allowed, reason } = await this.vorim.check(this.agentId, scope);
+    return { allowed, reason };
+  }
   async getReplayContext() {
     if (!this.replayInputs) return {};
     if (!this.replayCache) {
@@ -138,7 +155,7 @@ var VorimToolRegistry = class {
       };
     }
     const scope = definition.permission ?? this.defaultPermission;
-    const { allowed, reason } = await this.vorim.check(this.agentId, scope);
+    const { allowed, reason, decisionId } = await this.gate(scope, block.name, block.input);
     const replayCtx = await this.getReplayContext();
     if (!allowed) {
       const event = {
@@ -148,6 +165,7 @@ var VorimToolRegistry = class {
         resource: truncate(JSON.stringify(block.input), 500),
         permission: scope,
         result: "denied",
+        ...decisionId ? { decision_id: decisionId } : {},
         metadata: { reason, framework: "anthropic" },
         ...replayCtx
       };
@@ -171,6 +189,7 @@ var VorimToolRegistry = class {
         permission: scope,
         result: "success",
         latency_ms: Date.now() - start,
+        ...decisionId ? { decision_id: decisionId } : {},
         metadata: { framework: "anthropic" },
         ...replayCtx
       };
@@ -187,6 +206,7 @@ var VorimToolRegistry = class {
         result: "error",
         latency_ms: Date.now() - start,
         error_code: err instanceof Error ? err.name : "UNKNOWN",
+        ...decisionId ? { decision_id: decisionId } : {},
         metadata: { error: errMsg, framework: "anthropic" },
         ...replayCtx
       };

package/dist/integrations/anthropic.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../src/replay.ts","../../src/integrations/anthropic.ts"],"sourcesContent":["/**\n * Replayable agent decision evidence helpers.\n *\n * Canonical-form hashing for the VAIP -02 schema fields that the SDK\n * attaches to audit events. The hashes recorded in audit_events.tool_catalogue_hash\n * and audit_events.system_prompt_hash use these functions, so the bytes\n * an auditor or counterparty reconstructs must match what the SDK produced.\n *\n * These helpers are intentionally separate from the signing path. The\n * v0 canonical signature form (event_type|action|resource|input_hash|\n * output_hash|result) does NOT cover model_version, tool_catalogue_hash,\n * or system_prompt_hash. They will enter the canonical bytes in v1\n * (RFC 8785 JCS) in a follow-up release.\n *\n * Stable across SDK versions: the canonical-form version is documented\n * in CANONICAL_TOOL_CATALOGUE_VERSION. Future changes get a v2 etc;\n * never edit the existing v1 logic, or already-recorded hashes lose\n * their meaning.\n */\n\n// ─── Versioning ───────────────────────────────────────────────────────────\n\n/**\n * Canonical-form version for tool catalogue hashes produced by this SDK.\n * Recorded in tool_catalogue_canon_version on the event metadata (when\n * the metadata field is used) so verifiers know which hash recipe to\n * reproduce. Increment ONLY if the algorithm changes in a way that\n * would change the hash for the same logical catalogue.\n */\nexport const CANONICAL_TOOL_CATALOGUE_VERSION = 'v1' as const;\n\n// ─── Types ────────────────────────────────────────────────────────────────\n\n/**\n * Minimum shape a tool needs for catalogue hashing. The framework\n * integrations adapt their native tool objects to this shape before\n * calling hashToolCatalogue.\n */\nexport interface CatalogueTool {\n  /** The name the model sees and calls. Required. */\n  name: string;\n  /** Human-readable description shown to the model. Optional; absent ↔ empty string. */\n  description?: string;\n  /**\n   * JSON Schema describing the tool's input parameters. Optional;\n   * absent ↔ empty object `{}`. The schema gets RFC 8785 JCS-canonicalised\n   * before hashing so semantically-equivalent variations (key order,\n   * whitespace) produce the same hash.\n   */\n  schema?: Record<string, unknown> | null;\n}\n\n// ─── RFC 8785 JCS subset ──────────────────────────────────────────────────\n\n/**\n * RFC 8785 JSON Canonicalization Scheme, sufficient subset for tool\n * catalogue values.\n *\n * Rules:\n *  - Object keys sorted lexicographically by UTF-16 code units (which\n *    is what JS string comparison does naturally).\n *  - No whitespace between tokens.\n *  - Numbers: integers as integers, finite floats per ECMAScript\n *    Number.prototype.toString. JCS forbids NaN and Infinity.\n *  - Strings: JSON-escape using minimal set per RFC 8259 § 7.\n *  - null, true, false, arrays: as JSON.stringify produces them, since\n *    JSON.stringify already produces the canonical form for these.\n *\n * Not vendoring a full library because tool schemas don't carry\n * non-integer numbers in practice and the JS spec for Number.toString\n * happens to coincide with JCS § 3.2.2.2 for the integer case.\n */\nexport function jcsCanonicalise(value: unknown): string {\n  if (value === null) return 'null';\n  if (value === true) return 'true';\n  if (value === false) return 'false';\n\n  if (typeof value === 'number') {\n    if (!Number.isFinite(value)) {\n      throw new Error('jcsCanonicalise: NaN and Infinity are not JCS-valid');\n    }\n    // For integers in safe range, .toString() matches JCS. For\n    // non-integer floats, .toString() also matches in modern JS\n    // engines (V8, JavaScriptCore, SpiderMonkey all use the shortest\n    // round-trip representation, which is what JCS § 3.2.2.2 requires).\n    return value.toString();\n  }\n\n  if (typeof value === 'string') {\n    return JSON.stringify(value);\n  }\n\n  if (Array.isArray(value)) {\n    return '[' + value.map(jcsCanonicalise).join(',') + ']';\n  }\n\n  if (typeof value === 'object') {\n    const keys = Object.keys(value as Record<string, unknown>).sort();\n    const parts = keys.map(k => {\n      return JSON.stringify(k) + ':' + jcsCanonicalise((value as Record<string, unknown>)[k]);\n    });\n    return '{' + parts.join(',') + '}';\n  }\n\n  // undefined, function, symbol, bigint — not JSON-representable\n  throw new Error(`jcsCanonicalise: unsupported value type: ${typeof value}`);\n}\n\n// ─── SHA-256 ──────────────────────────────────────────────────────────────\n\nasync function sha256Hex(input: string | Uint8Array): Promise<string> {\n  const bytes = typeof input === 'string' ? new TextEncoder().encode(input) : input;\n\n  // Node.js Web Crypto (Node 18+) supports digest. Browser Web Crypto does too.\n  // Fall back to node:crypto if Web Crypto is unavailable.\n  const subtle = (globalThis as any).crypto?.subtle;\n  if (subtle) {\n    const buf = await subtle.digest('SHA-256', bytes);\n    return Array.from(new Uint8Array(buf))\n      .map(b => b.toString(16).padStart(2, '0'))\n      .join('');\n  }\n\n  // Node fallback\n  const nodeCrypto = await import('node:crypto');\n  return nodeCrypto.createHash('sha256').update(bytes).digest('hex');\n}\n\n// ─── Public API ───────────────────────────────────────────────────────────\n\n/**\n * Hash a single tool definition. Returns `sha256:<hex>`.\n *\n * Canonical form (v1):\n *   JCS-canonicalised JSON of `{name, description, schema}` where\n *   absent fields substitute `description: \"\"` and `schema: {}`.\n */\nexport async function hashTool(tool: CatalogueTool): Promise<string> {\n  const normalised = {\n    name: tool.name,\n    description: tool.description ?? '',\n    schema: tool.schema ?? {},\n  };\n  const hex = await sha256Hex(jcsCanonicalise(normalised));\n  return `sha256:${hex}`;\n}\n\n/**\n * Hash an entire tool catalogue. Returns `sha256:<hex>`.\n *\n * Reordering tools does NOT change the hash (tool hashes sorted\n * lexicographically before concatenation). Adding, removing, or\n * modifying a tool DOES change the hash.\n *\n * Per-tool hashing first means a verifier comparing two catalogue\n * hashes that differ can also be given the per-tool hashes to\n * identify which specific tool changed.\n */\nexport async function hashToolCatalogue(tools: CatalogueTool[]): Promise<string> {\n  if (tools.length === 0) {\n    // Empty catalogue has a deterministic, stable hash distinct from \"no field\"\n    return `sha256:${await sha256Hex('[]')}`;\n  }\n  const perTool = await Promise.all(tools.map(hashTool));\n  perTool.sort();\n  const hex = await sha256Hex(perTool.join(''));\n  return `sha256:${hex}`;\n}\n\n/**\n * Hash a system prompt. Returns `sha256:<hex>`.\n *\n * The prompt is UTF-8 encoded and hashed verbatim — no normalisation.\n * If a caller wants to ignore whitespace or comment differences, they\n * should normalise before calling. The intent here is deterministic\n * reproducibility, not semantic equivalence.\n */\nexport async function hashSystemPrompt(prompt: string): Promise<string> {\n  const hex = await sha256Hex(prompt);\n  return `sha256:${hex}`;\n}\n\n/**\n * Convenience: hash the previous event's canonical bytes for use in\n * the prev_event_hash field of hash-chained ingest. Caller provides\n * the canonical bytes (use canonicalPayloadV0 from the main module).\n */\nexport async function hashPreviousEvent(canonicalBytes: string): Promise<string> {\n  const hex = await sha256Hex(canonicalBytes);\n  return `sha256:${hex}`;\n}\n\n// ─── Replay context — framework integration helper ────────────────────────\n\n/**\n * Raw inputs the integration captures from the framework. Set by the\n * integration's config; turned into hashes by {@link prepareReplayContext}.\n */\nexport interface ReplayInputs {\n  /** Stable identifier for the model. E.g. `\"anthropic:claude-opus-4-8\"`. */\n  modelVersion?: string;\n  /** Tools available to the agent at call time. Hashed via {@link hashToolCatalogue}. */\n  tools?: CatalogueTool[];\n  /** System prompt active at call time. Hashed via {@link hashSystemPrompt}. */\n  systemPrompt?: string;\n}\n\n/**\n * Pre-computed hashes ready to attach to audit events. The three keys\n * match the audit_events column names.\n */\nexport interface ReplayContext {\n  model_version?: string;\n  tool_catalogue_hash?: string;\n  system_prompt_hash?: string;\n}\n\n/**\n * Compute replay context once from raw inputs. Use at integration\n * setup time so each emit can attach the hashes without re-hashing.\n *\n * Returns an object suitable for spreading into an AuditEventInput:\n *   `await vorim.emit({ ...event, ...replayContext })`\n *\n * If a field is absent in the inputs, it is absent in the result\n * (not the empty string). That keeps the event lean.\n */\nexport async function prepareReplayContext(\n  inputs: ReplayInputs,\n): Promise<ReplayContext> {\n  const ctx: ReplayContext = {};\n  if (inputs.modelVersion) ctx.model_version = inputs.modelVersion;\n  if (inputs.tools) ctx.tool_catalogue_hash = await hashToolCatalogue(inputs.tools);\n  if (inputs.systemPrompt) ctx.system_prompt_hash = await hashSystemPrompt(inputs.systemPrompt);\n  return ctx;\n}\n","// ============================================================================\n// VORIM SDK — Anthropic/Claude Integration\n// Wraps Anthropic tool use with Vorim permission checks, audit trails,\n// and agent identity. Works with the Anthropic Node.js SDK (messages API\n// with tool use).\n//\n// Peer dependency: @anthropic-ai/sdk >=0.30.0\n// ============================================================================\n\nimport type { VorimSDK } from '../index.js';\nimport type { PermissionScope, AuditEventInput } from '../types.js';\nimport {\n  prepareReplayContext,\n  type ReplayInputs,\n  type ReplayContext,\n  type CatalogueTool,\n} from '../replay.js';\n\n// ─── Re-declared Anthropic types (peer dependency — not bundled) ──────────\n\ninterface AnthropicTool {\n  name: string;\n  description: string;\n  input_schema: Record<string, unknown>;\n}\n\ninterface ToolUseBlock {\n  type: 'tool_use';\n  id: string;\n  name: string;\n  input: Record<string, unknown>;\n}\n\ninterface ToolResultBlock {\n  type: 'tool_result';\n  tool_use_id: string;\n  content: string;\n  is_error?: boolean;\n}\n\n// ─── Configuration ────────────────────────────────────────────────────────\n\nexport interface VorimToolDefinition<TArgs = Record<string, unknown>, TResult = unknown> {\n  /** Tool name (must match the tool name sent to Claude). */\n  name: string;\n  /** Description shown to Claude. */\n  description: string;\n  /** JSON Schema for the tool's input. */\n  input_schema: Record<string, unknown>;\n  /** The function to execute when the tool is called. */\n  execute: (args: TArgs) => Promise<TResult>;\n  /** Vorim permission scope required. @default 'agent:execute' */\n  permission?: PermissionScope;\n}\n\nexport interface VorimAnthropicConfig {\n  /** Vorim SDK instance. */\n  vorim: VorimSDK;\n  /** The Vorim agent_id. */\n  agentId: string;\n  /** Default permission scope for tools without an explicit one. @default 'agent:execute' */\n  defaultPermission?: PermissionScope;\n  /** Whether to emit audit events asynchronously (fire-and-forget). @default true */\n  asyncAudit?: boolean;\n  /**\n   * Replayable agent decision evidence (VAIP -02). Hashes attached to\n   * every audit event. If `replay.tools` is omitted, the registry's\n   * own tool list is used automatically. Not covered by v0 canonical\n   * signature form.\n   */\n  replay?: ReplayInputs;\n}\n\n// ─── Tool Registry ────────────────────────────────────────────────────────\n\n/**\n * Manages a set of tools with Vorim permission checks and audit logging.\n * Converts tools to Anthropic's tool format and handles execution of\n * tool_use blocks from Claude's response.\n *\n * @example\n * ```ts\n * import Anthropic from \"@anthropic-ai/sdk\";\n * import createVorim from \"@vorim/sdk\";\n * import { VorimToolRegistry } from \"@vorim/sdk/integrations/anthropic\";\n *\n * const vorim = createVorim({ apiKey: \"agid_sk_live_...\" });\n * const anthropic = new Anthropic();\n *\n * const registry = new VorimToolRegistry({\n *   vorim,\n *   agentId: \"agid_acme_a1b2c3d4\",\n * });\n *\n * registry.add({\n *   name: \"search_docs\",\n *   description: \"Search internal documents\",\n *   input_schema: {\n *     type: \"object\",\n *     properties: { query: { type: \"string\" } },\n *     required: [\"query\"],\n *   },\n *   execute: async ({ query }) => searchDocs(query),\n *   permission: \"agent:read\",\n * });\n *\n * const response = await anthropic.messages.create({\n *   model: \"claude-sonnet-4-20250514\",\n *   max_tokens: 1024,\n *   messages,\n *   tools: registry.toAnthropicTools(),\n * });\n *\n * // Execute tool_use blocks from response\n * const toolResults = await registry.executeToolUseBlocks(\n *   response.content.filter(b => b.type === \"tool_use\")\n * );\n * ```\n */\nexport class VorimToolRegistry {\n  private vorim: VorimSDK;\n  private agentId: string;\n  private defaultPermission: PermissionScope;\n  private asyncAudit: boolean;\n  private tools = new Map<string, VorimToolDefinition>();\n  private replayInputs: ReplayInputs | undefined;\n  private replayCache: Promise<ReplayContext> | null = null;\n\n  constructor(config: VorimAnthropicConfig) {\n    this.vorim = config.vorim;\n    this.agentId = config.agentId;\n    this.defaultPermission = config.defaultPermission ?? 'agent:execute';\n    this.asyncAudit = config.asyncAudit ?? true;\n    this.replayInputs = config.replay;\n  }\n\n  private async getReplayContext(): Promise<ReplayContext> {\n    if (!this.replayInputs) return {};\n    if (!this.replayCache) {\n      const inputs: ReplayInputs = {\n        ...this.replayInputs,\n        tools: this.replayInputs.tools ?? this.deriveCatalogue(),\n      };\n      this.replayCache = prepareReplayContext(inputs);\n    }\n    return this.replayCache;\n  }\n\n  private deriveCatalogue(): CatalogueTool[] {\n    return [...this.tools.values()].map(t => ({\n      name: t.name,\n      description: t.description,\n      schema: t.input_schema,\n    }));\n  }\n\n  /** Register a tool. Invalidates the cached tool-catalogue hash. */\n  add<TArgs, TResult>(definition: VorimToolDefinition<TArgs, TResult>): this {\n    this.tools.set(definition.name, definition as VorimToolDefinition);\n    this.replayCache = null;\n    return this;\n  }\n\n  /** Register multiple tools. */\n  addAll(definitions: VorimToolDefinition[]): this {\n    for (const def of definitions) this.add(def);\n    return this;\n  }\n\n  /** Convert registered tools to Anthropic's tool format. */\n  toAnthropicTools(): AnthropicTool[] {\n    return [...this.tools.values()].map(t => ({\n      name: t.name,\n      description: t.description,\n      input_schema: t.input_schema,\n    }));\n  }\n\n  /**\n   * Execute tool_use blocks from a Claude message response.\n   * Each call is checked against Vorim permissions and audited.\n   * Returns an array of tool_result blocks ready to send back to Claude.\n   */\n  async executeToolUseBlocks(toolUseBlocks: ToolUseBlock[]): Promise<ToolResultBlock[]> {\n    return Promise.all(\n      toolUseBlocks.map(block => this.executeSingleBlock(block)),\n    );\n  }\n\n  private async executeSingleBlock(block: ToolUseBlock): Promise<ToolResultBlock> {\n    const definition = this.tools.get(block.name);\n\n    if (!definition) {\n      return {\n        type: 'tool_result',\n        tool_use_id: block.id,\n        content: JSON.stringify({ error: `Unknown tool: ${block.name}` }),\n        is_error: true,\n      };\n    }\n\n    const scope = definition.permission ?? this.defaultPermission;\n\n    // 1. Permission check\n    const { allowed, reason } = await this.vorim.check(this.agentId, scope);\n    const replayCtx = await this.getReplayContext();\n\n    if (!allowed) {\n      const event: AuditEventInput = {\n        agent_id: this.agentId,\n        event_type: 'tool_call',\n        action: block.name,\n        resource: truncate(JSON.stringify(block.input), 500),\n        permission: scope,\n        result: 'denied',\n        metadata: { reason, framework: 'anthropic' },\n        ...replayCtx,\n      };\n      this.emitAudit(event);\n\n      return {\n        type: 'tool_result',\n        tool_use_id: block.id,\n        content: JSON.stringify({ error: `Permission denied: ${scope}${reason ? ` — ${reason}` : ''}` }),\n        is_error: true,\n      };\n    }\n\n    // 2. Execute\n    const start = Date.now();\n    try {\n      const result = await definition.execute(block.input as any);\n      const content = typeof result === 'string' ? result : JSON.stringify(result);\n\n      const event: AuditEventInput = {\n        agent_id: this.agentId,\n        event_type: 'tool_call',\n        action: block.name,\n        resource: truncate(JSON.stringify(block.input), 500),\n        permission: scope,\n        result: 'success',\n        latency_ms: Date.now() - start,\n        metadata: { framework: 'anthropic' },\n        ...replayCtx,\n      };\n      this.emitAudit(event);\n\n      return { type: 'tool_result', tool_use_id: block.id, content };\n    } catch (err) {\n      const errMsg = err instanceof Error ? err.message : String(err);\n\n      const event: AuditEventInput = {\n        agent_id: this.agentId,\n        event_type: 'tool_call',\n        action: block.name,\n        resource: truncate(JSON.stringify(block.input), 500),\n        permission: scope,\n        result: 'error',\n        latency_ms: Date.now() - start,\n        error_code: err instanceof Error ? err.name : 'UNKNOWN',\n        metadata: { error: errMsg, framework: 'anthropic' },\n        ...replayCtx,\n      };\n      this.emitAudit(event);\n\n      return {\n        type: 'tool_result',\n        tool_use_id: block.id,\n        content: JSON.stringify({ error: errMsg }),\n        is_error: true,\n      };\n    }\n  }\n\n  private emitAudit(event: AuditEventInput): void {\n    this.vorim.emit(event).catch(() => {});\n  }\n}\n\n// ─── Agent Loop ───────────────────────────────────────────────────────────\n\n/** Minimal Anthropic client interface (avoids importing the full SDK). */\ninterface AnthropicClient {\n  messages: {\n    create(params: any): Promise<any>;\n  };\n}\n\nexport interface VorimAgentLoopConfig extends VorimAnthropicConfig {\n  /** Anthropic client instance. */\n  anthropic: AnthropicClient;\n  /** Model to use. @default 'claude-sonnet-4-20250514' */\n  model?: string;\n  /** System prompt for the agent. */\n  systemPrompt?: string;\n  /** Maximum tool-use iterations before stopping. @default 10 */\n  maxIterations?: number;\n  /** Max tokens per response. @default 1024 */\n  maxTokens?: number;\n}\n\n/**\n * Runs a complete agent loop with Claude tool use, Vorim\n * permission enforcement, and audit logging.\n *\n * @example\n * ```ts\n * import Anthropic from \"@anthropic-ai/sdk\";\n * import createVorim from \"@vorim/sdk\";\n * import { runAgentLoop, VorimToolRegistry } from \"@vorim/sdk/integrations/anthropic\";\n *\n * const registry = new VorimToolRegistry({ vorim, agentId });\n * registry.add({ name: \"search\", ... });\n *\n * const response = await runAgentLoop({\n *   vorim,\n *   agentId,\n *   anthropic: new Anthropic(),\n *   model: \"claude-sonnet-4-20250514\",\n *   systemPrompt: \"You are a helpful assistant.\",\n *   registry,\n *   userMessage: \"Find docs about onboarding\",\n * });\n * ```\n */\nexport async function runAgentLoop(\n  config: VorimAgentLoopConfig & {\n    registry: VorimToolRegistry;\n    userMessage: string;\n  },\n): Promise<string> {\n  const {\n    anthropic,\n    model = 'claude-sonnet-4-20250514',\n    systemPrompt,\n    maxIterations = 10,\n    maxTokens = 1024,\n    registry,\n    userMessage,\n  } = config;\n\n  const tools = registry.toAnthropicTools();\n  const messages: any[] = [{ role: 'user', content: userMessage }];\n\n  for (let i = 0; i < maxIterations; i++) {\n    const response = await anthropic.messages.create({\n      model,\n      max_tokens: maxTokens,\n      ...(systemPrompt ? { system: systemPrompt } : {}),\n      messages,\n      ...(tools.length > 0 ? { tools } : {}),\n    });\n\n    // If stop_reason is \"end_turn\" — Claude is done\n    if (response.stop_reason === 'end_turn' || response.stop_reason !== 'tool_use') {\n      const textBlocks = response.content.filter((b: any) => b.type === 'text');\n      return textBlocks.map((b: any) => b.text).join('') || '';\n    }\n\n    // Extract tool_use blocks and execute\n    const toolUseBlocks = response.content.filter((b: any) => b.type === 'tool_use');\n    const toolResults = await registry.executeToolUseBlocks(toolUseBlocks);\n\n    // Append assistant response and tool results to conversation\n    messages.push({ role: 'assistant', content: response.content });\n    messages.push({ role: 'user', content: toolResults });\n  }\n\n  return '';\n}\n\n// ─── Agent Registration Helper ───────────────────────────────────────────\n\n/**\n * Registers a new agent with Vorim and returns a ready-to-use tool registry\n * configured for Anthropic/Claude.\n *\n * @example\n * ```ts\n * const { agentId, registry } = await createVorimClaudeAgent({\n *   vorim,\n *   name: \"claude-assistant\",\n *   capabilities: [\"search\", \"calculate\"],\n *   scopes: [\"agent:read\", \"agent:execute\"],\n *   tools: [searchTool, calcTool],\n * });\n * ```\n */\nexport async function createVorimClaudeAgent(config: {\n  vorim: VorimSDK;\n  name: string;\n  description?: string;\n  capabilities: string[];\n  scopes: PermissionScope[];\n  tools: VorimToolDefinition[];\n}) {\n  const { vorim, name, description, capabilities, scopes, tools } = config;\n\n  const registration = await vorim.register({\n    name,\n    description,\n    capabilities,\n    scopes,\n  });\n\n  const agentId = registration.agent.agent_id;\n  const registry = new VorimToolRegistry({ vorim, agentId });\n  registry.addAll(tools);\n\n  return {\n    agentId,\n    registration,\n    registry,\n    privateKey: registration.private_key,\n  };\n}\n\n// ─── Helpers ──────────────────────────────────────────────────────────────\n\nfunction truncate(str: string, max: number): string {\n  return str.length > max ? str.slice(0, max) + '…' : str;\n}\n"],"mappings":";AAwEO,SAAS,gBAAgB,OAAwB;AACtD,MAAI,UAAU,KAAM,QAAO;AAC3B,MAAI,UAAU,KAAM,QAAO;AAC3B,MAAI,UAAU,MAAO,QAAO;AAE5B,MAAI,OAAO,UAAU,UAAU;AAC7B,QAAI,CAAC,OAAO,SAAS,KAAK,GAAG;AAC3B,YAAM,IAAI,MAAM,qDAAqD;AAAA,IACvE;AAKA,WAAO,MAAM,SAAS;AAAA,EACxB;AAEA,MAAI,OAAO,UAAU,UAAU;AAC7B,WAAO,KAAK,UAAU,KAAK;AAAA,EAC7B;AAEA,MAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,WAAO,MAAM,MAAM,IAAI,eAAe,EAAE,KAAK,GAAG,IAAI;AAAA,EACtD;AAEA,MAAI,OAAO,UAAU,UAAU;AAC7B,UAAM,OAAO,OAAO,KAAK,KAAgC,EAAE,KAAK;AAChE,UAAM,QAAQ,KAAK,IAAI,OAAK;AAC1B,aAAO,KAAK,UAAU,CAAC,IAAI,MAAM,gBAAiB,MAAkC,CAAC,CAAC;AAAA,IACxF,CAAC;AACD,WAAO,MAAM,MAAM,KAAK,GAAG,IAAI;AAAA,EACjC;AAGA,QAAM,IAAI,MAAM,4CAA4C,OAAO,KAAK,EAAE;AAC5E;AAIA,eAAe,UAAU,OAA6C;AACpE,QAAM,QAAQ,OAAO,UAAU,WAAW,IAAI,YAAY,EAAE,OAAO,KAAK,IAAI;AAI5E,QAAM,SAAU,WAAmB,QAAQ;AAC3C,MAAI,QAAQ;AACV,UAAM,MAAM,MAAM,OAAO,OAAO,WAAW,KAAK;AAChD,WAAO,MAAM,KAAK,IAAI,WAAW,GAAG,CAAC,EAClC,IAAI,OAAK,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EACxC,KAAK,EAAE;AAAA,EACZ;AAGA,QAAM,aAAa,MAAM,OAAO,QAAa;AAC7C,SAAO,WAAW,WAAW,QAAQ,EAAE,OAAO,KAAK,EAAE,OAAO,KAAK;AACnE;AAWA,eAAsB,SAAS,MAAsC;AACnE,QAAM,aAAa;AAAA,IACjB,MAAM,KAAK;AAAA,IACX,aAAa,KAAK,eAAe;AAAA,IACjC,QAAQ,KAAK,UAAU,CAAC;AAAA,EAC1B;AACA,QAAM,MAAM,MAAM,UAAU,gBAAgB,UAAU,CAAC;AACvD,SAAO,UAAU,GAAG;AACtB;AAaA,eAAsB,kBAAkB,OAAyC;AAC/E,MAAI,MAAM,WAAW,GAAG;AAEtB,WAAO,UAAU,MAAM,UAAU,IAAI,CAAC;AAAA,EACxC;AACA,QAAM,UAAU,MAAM,QAAQ,IAAI,MAAM,IAAI,QAAQ,CAAC;AACrD,UAAQ,KAAK;AACb,QAAM,MAAM,MAAM,UAAU,QAAQ,KAAK,EAAE,CAAC;AAC5C,SAAO,UAAU,GAAG;AACtB;AAUA,eAAsB,iBAAiB,QAAiC;AACtE,QAAM,MAAM,MAAM,UAAU,MAAM;AAClC,SAAO,UAAU,GAAG;AACtB;AA+CA,eAAsB,qBACpB,QACwB;AACxB,QAAM,MAAqB,CAAC;AAC5B,MAAI,OAAO,aAAc,KAAI,gBAAgB,OAAO;AACpD,MAAI,OAAO,MAAO,KAAI,sBAAsB,MAAM,kBAAkB,OAAO,KAAK;AAChF,MAAI,OAAO,aAAc,KAAI,qBAAqB,MAAM,iBAAiB,OAAO,YAAY;AAC5F,SAAO;AACT;;;ACpHO,IAAM,oBAAN,MAAwB;AAAA,EACrB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,QAAQ,oBAAI,IAAiC;AAAA,EAC7C;AAAA,EACA,cAA6C;AAAA,EAErD,YAAY,QAA8B;AACxC,SAAK,QAAQ,OAAO;AACpB,SAAK,UAAU,OAAO;AACtB,SAAK,oBAAoB,OAAO,qBAAqB;AACrD,SAAK,aAAa,OAAO,cAAc;AACvC,SAAK,eAAe,OAAO;AAAA,EAC7B;AAAA,EAEA,MAAc,mBAA2C;AACvD,QAAI,CAAC,KAAK,aAAc,QAAO,CAAC;AAChC,QAAI,CAAC,KAAK,aAAa;AACrB,YAAM,SAAuB;AAAA,QAC3B,GAAG,KAAK;AAAA,QACR,OAAO,KAAK,aAAa,SAAS,KAAK,gBAAgB;AAAA,MACzD;AACA,WAAK,cAAc,qBAAqB,MAAM;AAAA,IAChD;AACA,WAAO,KAAK;AAAA,EACd;AAAA,EAEQ,kBAAmC;AACzC,WAAO,CAAC,GAAG,KAAK,MAAM,OAAO,CAAC,EAAE,IAAI,QAAM;AAAA,MACxC,MAAM,EAAE;AAAA,MACR,aAAa,EAAE;AAAA,MACf,QAAQ,EAAE;AAAA,IACZ,EAAE;AAAA,EACJ;AAAA;AAAA,EAGA,IAAoB,YAAuD;AACzE,SAAK,MAAM,IAAI,WAAW,MAAM,UAAiC;AACjE,SAAK,cAAc;AACnB,WAAO;AAAA,EACT;AAAA;AAAA,EAGA,OAAO,aAA0C;AAC/C,eAAW,OAAO,YAAa,MAAK,IAAI,GAAG;AAC3C,WAAO;AAAA,EACT;AAAA;AAAA,EAGA,mBAAoC;AAClC,WAAO,CAAC,GAAG,KAAK,MAAM,OAAO,CAAC,EAAE,IAAI,QAAM;AAAA,MACxC,MAAM,EAAE;AAAA,MACR,aAAa,EAAE;AAAA,MACf,cAAc,EAAE;AAAA,IAClB,EAAE;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,qBAAqB,eAA2D;AACpF,WAAO,QAAQ;AAAA,MACb,cAAc,IAAI,WAAS,KAAK,mBAAmB,KAAK,CAAC;AAAA,IAC3D;AAAA,EACF;AAAA,EAEA,MAAc,mBAAmB,OAA+C;AAC9E,UAAM,aAAa,KAAK,MAAM,IAAI,MAAM,IAAI;AAE5C,QAAI,CAAC,YAAY;AACf,aAAO;AAAA,QACL,MAAM;AAAA,QACN,aAAa,MAAM;AAAA,QACnB,SAAS,KAAK,UAAU,EAAE,OAAO,iBAAiB,MAAM,IAAI,GAAG,CAAC;AAAA,QAChE,UAAU;AAAA,MACZ;AAAA,IACF;AAEA,UAAM,QAAQ,WAAW,cAAc,KAAK;AAG5C,UAAM,EAAE,SAAS,OAAO,IAAI,MAAM,KAAK,MAAM,MAAM,KAAK,SAAS,KAAK;AACtE,UAAM,YAAY,MAAM,KAAK,iBAAiB;AAE9C,QAAI,CAAC,SAAS;AACZ,YAAM,QAAyB;AAAA,QAC7B,UAAU,KAAK;AAAA,QACf,YAAY;AAAA,QACZ,QAAQ,MAAM;AAAA,QACd,UAAU,SAAS,KAAK,UAAU,MAAM,KAAK,GAAG,GAAG;AAAA,QACnD,YAAY;AAAA,QACZ,QAAQ;AAAA,QACR,UAAU,EAAE,QAAQ,WAAW,YAAY;AAAA,QAC3C,GAAG;AAAA,MACL;AACA,WAAK,UAAU,KAAK;AAEpB,aAAO;AAAA,QACL,MAAM;AAAA,QACN,aAAa,MAAM;AAAA,QACnB,SAAS,KAAK,UAAU,EAAE,OAAO,sBAAsB,KAAK,GAAG,SAAS,WAAM,MAAM,KAAK,EAAE,GAAG,CAAC;AAAA,QAC/F,UAAU;AAAA,MACZ;AAAA,IACF;AAGA,UAAM,QAAQ,KAAK,IAAI;AACvB,QAAI;AACF,YAAM,SAAS,MAAM,WAAW,QAAQ,MAAM,KAAY;AAC1D,YAAM,UAAU,OAAO,WAAW,WAAW,SAAS,KAAK,UAAU,MAAM;AAE3E,YAAM,QAAyB;AAAA,QAC7B,UAAU,KAAK;AAAA,QACf,YAAY;AAAA,QACZ,QAAQ,MAAM;AAAA,QACd,UAAU,SAAS,KAAK,UAAU,MAAM,KAAK,GAAG,GAAG;AAAA,QACnD,YAAY;AAAA,QACZ,QAAQ;AAAA,QACR,YAAY,KAAK,IAAI,IAAI;AAAA,QACzB,UAAU,EAAE,WAAW,YAAY;AAAA,QACnC,GAAG;AAAA,MACL;AACA,WAAK,UAAU,KAAK;AAEpB,aAAO,EAAE,MAAM,eAAe,aAAa,MAAM,IAAI,QAAQ;AAAA,IAC/D,SAAS,KAAK;AACZ,YAAM,SAAS,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAE9D,YAAM,QAAyB;AAAA,QAC7B,UAAU,KAAK;AAAA,QACf,YAAY;AAAA,QACZ,QAAQ,MAAM;AAAA,QACd,UAAU,SAAS,KAAK,UAAU,MAAM,KAAK,GAAG,GAAG;AAAA,QACnD,YAAY;AAAA,QACZ,QAAQ;AAAA,QACR,YAAY,KAAK,IAAI,IAAI;AAAA,QACzB,YAAY,eAAe,QAAQ,IAAI,OAAO;AAAA,QAC9C,UAAU,EAAE,OAAO,QAAQ,WAAW,YAAY;AAAA,QAClD,GAAG;AAAA,MACL;AACA,WAAK,UAAU,KAAK;AAEpB,aAAO;AAAA,QACL,MAAM;AAAA,QACN,aAAa,MAAM;AAAA,QACnB,SAAS,KAAK,UAAU,EAAE,OAAO,OAAO,CAAC;AAAA,QACzC,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,UAAU,OAA8B;AAC9C,SAAK,MAAM,KAAK,KAAK,EAAE,MAAM,MAAM;AAAA,IAAC,CAAC;AAAA,EACvC;AACF;AAgDA,eAAsB,aACpB,QAIiB;AACjB,QAAM;AAAA,IACJ;AAAA,IACA,QAAQ;AAAA,IACR;AAAA,IACA,gBAAgB;AAAA,IAChB,YAAY;AAAA,IACZ;AAAA,IACA;AAAA,EACF,IAAI;AAEJ,QAAM,QAAQ,SAAS,iBAAiB;AACxC,QAAM,WAAkB,CAAC,EAAE,MAAM,QAAQ,SAAS,YAAY,CAAC;AAE/D,WAAS,IAAI,GAAG,IAAI,eAAe,KAAK;AACtC,UAAM,WAAW,MAAM,UAAU,SAAS,OAAO;AAAA,MAC/C;AAAA,MACA,YAAY;AAAA,MACZ,GAAI,eAAe,EAAE,QAAQ,aAAa,IAAI,CAAC;AAAA,MAC/C;AAAA,MACA,GAAI,MAAM,SAAS,IAAI,EAAE,MAAM,IAAI,CAAC;AAAA,IACtC,CAAC;AAGD,QAAI,SAAS,gBAAgB,cAAc,SAAS,gBAAgB,YAAY;AAC9E,YAAM,aAAa,SAAS,QAAQ,OAAO,CAAC,MAAW,EAAE,SAAS,MAAM;AACxE,aAAO,WAAW,IAAI,CAAC,MAAW,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK;AAAA,IACxD;AAGA,UAAM,gBAAgB,SAAS,QAAQ,OAAO,CAAC,MAAW,EAAE,SAAS,UAAU;AAC/E,UAAM,cAAc,MAAM,SAAS,qBAAqB,aAAa;AAGrE,aAAS,KAAK,EAAE,MAAM,aAAa,SAAS,SAAS,QAAQ,CAAC;AAC9D,aAAS,KAAK,EAAE,MAAM,QAAQ,SAAS,YAAY,CAAC;AAAA,EACtD;AAEA,SAAO;AACT;AAmBA,eAAsB,uBAAuB,QAO1C;AACD,QAAM,EAAE,OAAO,MAAM,aAAa,cAAc,QAAQ,MAAM,IAAI;AAElE,QAAM,eAAe,MAAM,MAAM,SAAS;AAAA,IACxC;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AAED,QAAM,UAAU,aAAa,MAAM;AACnC,QAAM,WAAW,IAAI,kBAAkB,EAAE,OAAO,QAAQ,CAAC;AACzD,WAAS,OAAO,KAAK;AAErB,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA,YAAY,aAAa;AAAA,EAC3B;AACF;AAIA,SAAS,SAAS,KAAa,KAAqB;AAClD,SAAO,IAAI,SAAS,MAAM,IAAI,MAAM,GAAG,GAAG,IAAI,WAAM;AACtD;","names":[]}
+{"version":3,"sources":["../../src/replay.ts","../../src/integrations/anthropic.ts"],"sourcesContent":["/**\n * Replayable agent decision evidence helpers.\n *\n * Canonical-form hashing for the VAIP -02 schema fields that the SDK\n * attaches to audit events. The hashes recorded in audit_events.tool_catalogue_hash\n * and audit_events.system_prompt_hash use these functions, so the bytes\n * an auditor or counterparty reconstructs must match what the SDK produced.\n *\n * These helpers are intentionally separate from the signing path. The\n * v0 canonical signature form (event_type|action|resource|input_hash|\n * output_hash|result) does NOT cover model_version, tool_catalogue_hash,\n * or system_prompt_hash. They will enter the canonical bytes in v1\n * (RFC 8785 JCS) in a follow-up release.\n *\n * Stable across SDK versions: the canonical-form version is documented\n * in CANONICAL_TOOL_CATALOGUE_VERSION. Future changes get a v2 etc;\n * never edit the existing v1 logic, or already-recorded hashes lose\n * their meaning.\n */\n\n// ─── Versioning ───────────────────────────────────────────────────────────\n\n/**\n * Canonical-form version for tool catalogue hashes produced by this SDK.\n * Recorded in tool_catalogue_canon_version on the event metadata (when\n * the metadata field is used) so verifiers know which hash recipe to\n * reproduce. Increment ONLY if the algorithm changes in a way that\n * would change the hash for the same logical catalogue.\n */\nexport const CANONICAL_TOOL_CATALOGUE_VERSION = 'v1' as const;\n\n// ─── Types ────────────────────────────────────────────────────────────────\n\n/**\n * Minimum shape a tool needs for catalogue hashing. The framework\n * integrations adapt their native tool objects to this shape before\n * calling hashToolCatalogue.\n */\nexport interface CatalogueTool {\n  /** The name the model sees and calls. Required. */\n  name: string;\n  /** Human-readable description shown to the model. Optional; absent ↔ empty string. */\n  description?: string;\n  /**\n   * JSON Schema describing the tool's input parameters. Optional;\n   * absent ↔ empty object `{}`. The schema gets RFC 8785 JCS-canonicalised\n   * before hashing so semantically-equivalent variations (key order,\n   * whitespace) produce the same hash.\n   */\n  schema?: Record<string, unknown> | null;\n}\n\n// ─── RFC 8785 JCS subset ──────────────────────────────────────────────────\n\n/**\n * RFC 8785 JSON Canonicalization Scheme, sufficient subset for tool\n * catalogue values.\n *\n * Rules:\n *  - Object keys sorted lexicographically by UTF-16 code units (which\n *    is what JS string comparison does naturally).\n *  - No whitespace between tokens.\n *  - Numbers: integers as integers, finite floats per ECMAScript\n *    Number.prototype.toString. JCS forbids NaN and Infinity.\n *  - Strings: JSON-escape using minimal set per RFC 8259 § 7.\n *  - null, true, false, arrays: as JSON.stringify produces them, since\n *    JSON.stringify already produces the canonical form for these.\n *\n * Not vendoring a full library because tool schemas don't carry\n * non-integer numbers in practice and the JS spec for Number.toString\n * happens to coincide with JCS § 3.2.2.2 for the integer case.\n */\nexport function jcsCanonicalise(value: unknown): string {\n  if (value === null) return 'null';\n  if (value === true) return 'true';\n  if (value === false) return 'false';\n\n  if (typeof value === 'number') {\n    if (!Number.isFinite(value)) {\n      throw new Error('jcsCanonicalise: NaN and Infinity are not JCS-valid');\n    }\n    // For integers in safe range, .toString() matches JCS. For\n    // non-integer floats, .toString() also matches in modern JS\n    // engines (V8, JavaScriptCore, SpiderMonkey all use the shortest\n    // round-trip representation, which is what JCS § 3.2.2.2 requires).\n    return value.toString();\n  }\n\n  if (typeof value === 'string') {\n    return JSON.stringify(value);\n  }\n\n  if (Array.isArray(value)) {\n    return '[' + value.map(jcsCanonicalise).join(',') + ']';\n  }\n\n  if (typeof value === 'object') {\n    const obj = value as Record<string, unknown>;\n    // Filter undefined-valued fields, matching @vorim/verify and\n    // @vorim/shared-types. Without this the SDK throws on { a: 1, b: undefined }\n    // while the verifier silently drops b — a cross-module canonical-form\n    // divergence that would break signature verification on such events.\n    const keys = Object.keys(obj).filter(k => obj[k] !== undefined).sort();\n    const parts = keys.map(k => JSON.stringify(k) + ':' + jcsCanonicalise(obj[k]));\n    return '{' + parts.join(',') + '}';\n  }\n\n  // undefined, function, symbol, bigint — not JSON-representable\n  throw new Error(`jcsCanonicalise: unsupported value type: ${typeof value}`);\n}\n\n// ─── SHA-256 ──────────────────────────────────────────────────────────────\n\nasync function sha256Hex(input: string | Uint8Array): Promise<string> {\n  const bytes = typeof input === 'string' ? new TextEncoder().encode(input) : input;\n\n  // Node.js Web Crypto (Node 18+) supports digest. Browser Web Crypto does too.\n  // Fall back to node:crypto if Web Crypto is unavailable.\n  const subtle = (globalThis as any).crypto?.subtle;\n  if (subtle) {\n    const buf = await subtle.digest('SHA-256', bytes);\n    return Array.from(new Uint8Array(buf))\n      .map(b => b.toString(16).padStart(2, '0'))\n      .join('');\n  }\n\n  // Node fallback\n  const nodeCrypto = await import('node:crypto');\n  return nodeCrypto.createHash('sha256').update(bytes).digest('hex');\n}\n\n// ─── Public API ───────────────────────────────────────────────────────────\n\n/**\n * Hash a single tool definition. Returns `sha256:<hex>`.\n *\n * Canonical form (v1):\n *   JCS-canonicalised JSON of `{name, description, schema}` where\n *   absent fields substitute `description: \"\"` and `schema: {}`.\n */\nexport async function hashTool(tool: CatalogueTool): Promise<string> {\n  const normalised = {\n    name: tool.name,\n    description: tool.description ?? '',\n    schema: tool.schema ?? {},\n  };\n  const hex = await sha256Hex(jcsCanonicalise(normalised));\n  return `sha256:${hex}`;\n}\n\n/**\n * Hash an entire tool catalogue. Returns `sha256:<hex>`.\n *\n * Reordering tools does NOT change the hash (tool hashes sorted\n * lexicographically before concatenation). Adding, removing, or\n * modifying a tool DOES change the hash.\n *\n * Per-tool hashing first means a verifier comparing two catalogue\n * hashes that differ can also be given the per-tool hashes to\n * identify which specific tool changed.\n */\nexport async function hashToolCatalogue(tools: CatalogueTool[]): Promise<string> {\n  if (tools.length === 0) {\n    // Empty catalogue has a deterministic, stable hash distinct from \"no field\"\n    return `sha256:${await sha256Hex('[]')}`;\n  }\n  const perTool = await Promise.all(tools.map(hashTool));\n  perTool.sort();\n  const hex = await sha256Hex(perTool.join(''));\n  return `sha256:${hex}`;\n}\n\n/**\n * Hash a system prompt. Returns `sha256:<hex>`.\n *\n * The prompt is UTF-8 encoded and hashed verbatim — no normalisation.\n * If a caller wants to ignore whitespace or comment differences, they\n * should normalise before calling. The intent here is deterministic\n * reproducibility, not semantic equivalence.\n */\nexport async function hashSystemPrompt(prompt: string): Promise<string> {\n  const hex = await sha256Hex(prompt);\n  return `sha256:${hex}`;\n}\n\n/**\n * Convenience: hash the previous event's canonical bytes for use in\n * the prev_event_hash field of hash-chained ingest. Caller provides\n * the canonical bytes (use canonicalPayloadV0 from the main module).\n */\nexport async function hashPreviousEvent(canonicalBytes: string): Promise<string> {\n  const hex = await sha256Hex(canonicalBytes);\n  return `sha256:${hex}`;\n}\n\n// ─── Replay context — framework integration helper ────────────────────────\n\n/**\n * Raw inputs the integration captures from the framework. Set by the\n * integration's config; turned into hashes by {@link prepareReplayContext}.\n */\nexport interface ReplayInputs {\n  /** Stable identifier for the model. E.g. `\"anthropic:claude-opus-4-8\"`. */\n  modelVersion?: string;\n  /** Tools available to the agent at call time. Hashed via {@link hashToolCatalogue}. */\n  tools?: CatalogueTool[];\n  /** System prompt active at call time. Hashed via {@link hashSystemPrompt}. */\n  systemPrompt?: string;\n}\n\n/**\n * Pre-computed hashes ready to attach to audit events. The three keys\n * match the audit_events column names.\n */\nexport interface ReplayContext {\n  model_version?: string;\n  tool_catalogue_hash?: string;\n  system_prompt_hash?: string;\n}\n\n/**\n * Compute replay context once from raw inputs. Use at integration\n * setup time so each emit can attach the hashes without re-hashing.\n *\n * Returns an object suitable for spreading into an AuditEventInput:\n *   `await vorim.emit({ ...event, ...replayContext })`\n *\n * If a field is absent in the inputs, it is absent in the result\n * (not the empty string). That keeps the event lean.\n */\nexport async function prepareReplayContext(\n  inputs: ReplayInputs,\n): Promise<ReplayContext> {\n  const ctx: ReplayContext = {};\n  if (inputs.modelVersion) ctx.model_version = inputs.modelVersion;\n  if (inputs.tools) ctx.tool_catalogue_hash = await hashToolCatalogue(inputs.tools);\n  if (inputs.systemPrompt) ctx.system_prompt_hash = await hashSystemPrompt(inputs.systemPrompt);\n  return ctx;\n}\n","// ============================================================================\n// VORIM SDK — Anthropic/Claude Integration\n// Wraps Anthropic tool use with Vorim permission checks, audit trails,\n// and agent identity. Works with the Anthropic Node.js SDK (messages API\n// with tool use).\n//\n// Peer dependency: @anthropic-ai/sdk >=0.30.0\n// ============================================================================\n\nimport type { VorimSDK } from '../index.js';\nimport type { PermissionScope, AuditEventInput } from '../types.js';\nimport {\n  prepareReplayContext,\n  type ReplayInputs,\n  type ReplayContext,\n  type CatalogueTool,\n} from '../replay.js';\n\n// ─── Re-declared Anthropic types (peer dependency — not bundled) ──────────\n\ninterface AnthropicTool {\n  name: string;\n  description: string;\n  input_schema: Record<string, unknown>;\n}\n\ninterface ToolUseBlock {\n  type: 'tool_use';\n  id: string;\n  name: string;\n  input: Record<string, unknown>;\n}\n\ninterface ToolResultBlock {\n  type: 'tool_result';\n  tool_use_id: string;\n  content: string;\n  is_error?: boolean;\n}\n\n// ─── Configuration ────────────────────────────────────────────────────────\n\nexport interface VorimToolDefinition<TArgs = Record<string, unknown>, TResult = unknown> {\n  /** Tool name (must match the tool name sent to Claude). */\n  name: string;\n  /** Description shown to Claude. */\n  description: string;\n  /** JSON Schema for the tool's input. */\n  input_schema: Record<string, unknown>;\n  /** The function to execute when the tool is called. */\n  execute: (args: TArgs) => Promise<TResult>;\n  /** Vorim permission scope required. @default 'agent:execute' */\n  permission?: PermissionScope;\n}\n\nexport interface VorimAnthropicConfig {\n  /** Vorim SDK instance. */\n  vorim: VorimSDK;\n  /** The Vorim agent_id. */\n  agentId: string;\n  /** Default permission scope for tools without an explicit one. @default 'agent:execute' */\n  defaultPermission?: PermissionScope;\n  /** Whether to emit audit events asynchronously (fire-and-forget). @default true */\n  asyncAudit?: boolean;\n  /**\n   * Gate each tool call through the runtime-control decision API\n   * (`beforeAction`) instead of the lightweight permission check. @default false\n   *\n   * When true, tool calls are evaluated against live policy rules and the\n   * returned decisionId is linked onto each audit event's decision_id.\n   * Requires the runtime_control plan feature (Growth+) and consumes decision\n   * quota. When false (default) the fast permission check is used.\n   */\n  useRuntimeControl?: boolean;\n  /**\n   * Replayable agent decision evidence (VAIP -02). Hashes attached to\n   * every audit event. If `replay.tools` is omitted, the registry's\n   * own tool list is used automatically. Not covered by v0 canonical\n   * signature form.\n   */\n  replay?: ReplayInputs;\n}\n\n// ─── Tool Registry ────────────────────────────────────────────────────────\n\n/**\n * Manages a set of tools with Vorim permission checks and audit logging.\n * Converts tools to Anthropic's tool format and handles execution of\n * tool_use blocks from Claude's response.\n *\n * @example\n * ```ts\n * import Anthropic from \"@anthropic-ai/sdk\";\n * import createVorim from \"@vorim/sdk\";\n * import { VorimToolRegistry } from \"@vorim/sdk/integrations/anthropic\";\n *\n * const vorim = createVorim({ apiKey: \"agid_sk_live_...\" });\n * const anthropic = new Anthropic();\n *\n * const registry = new VorimToolRegistry({\n *   vorim,\n *   agentId: \"agid_acme_a1b2c3d4\",\n * });\n *\n * registry.add({\n *   name: \"search_docs\",\n *   description: \"Search internal documents\",\n *   input_schema: {\n *     type: \"object\",\n *     properties: { query: { type: \"string\" } },\n *     required: [\"query\"],\n *   },\n *   execute: async ({ query }) => searchDocs(query),\n *   permission: \"agent:read\",\n * });\n *\n * const response = await anthropic.messages.create({\n *   model: \"claude-sonnet-4-20250514\",\n *   max_tokens: 1024,\n *   messages,\n *   tools: registry.toAnthropicTools(),\n * });\n *\n * // Execute tool_use blocks from response\n * const toolResults = await registry.executeToolUseBlocks(\n *   response.content.filter(b => b.type === \"tool_use\")\n * );\n * ```\n */\nexport class VorimToolRegistry {\n  private vorim: VorimSDK;\n  private agentId: string;\n  private defaultPermission: PermissionScope;\n  private asyncAudit: boolean;\n  private useRuntimeControl: boolean;\n  private tools = new Map<string, VorimToolDefinition>();\n  private replayInputs: ReplayInputs | undefined;\n  private replayCache: Promise<ReplayContext> | null = null;\n\n  constructor(config: VorimAnthropicConfig) {\n    this.vorim = config.vorim;\n    this.agentId = config.agentId;\n    this.defaultPermission = config.defaultPermission ?? 'agent:execute';\n    this.asyncAudit = config.asyncAudit ?? true;\n    this.useRuntimeControl = config.useRuntimeControl ?? false;\n    this.replayInputs = config.replay;\n  }\n\n  /** Gate a tool call: runtime decision (with decisionId) or permission check. */\n  private async gate(\n    scope: PermissionScope,\n    actionTarget: string,\n    payload?: Record<string, unknown>,\n  ): Promise<{ allowed: boolean; reason?: string; decisionId?: string }> {\n    if (this.useRuntimeControl) {\n      const d = await this.vorim.beforeAction(\n        { agentId: this.agentId, actionType: 'tool_call', actionTarget, requiredScope: scope, payload },\n        { throwOnDeny: false },\n      );\n      return {\n        allowed: d.decision === 'allow' || d.decision === 'modify' || d.decision === 'fallback',\n        reason: d.reason,\n        decisionId: d.decisionId || undefined,\n      };\n    }\n    const { allowed, reason } = await this.vorim.check(this.agentId, scope);\n    return { allowed, reason };\n  }\n\n  private async getReplayContext(): Promise<ReplayContext> {\n    if (!this.replayInputs) return {};\n    if (!this.replayCache) {\n      const inputs: ReplayInputs = {\n        ...this.replayInputs,\n        tools: this.replayInputs.tools ?? this.deriveCatalogue(),\n      };\n      this.replayCache = prepareReplayContext(inputs);\n    }\n    return this.replayCache;\n  }\n\n  private deriveCatalogue(): CatalogueTool[] {\n    return [...this.tools.values()].map(t => ({\n      name: t.name,\n      description: t.description,\n      schema: t.input_schema,\n    }));\n  }\n\n  /** Register a tool. Invalidates the cached tool-catalogue hash. */\n  add<TArgs, TResult>(definition: VorimToolDefinition<TArgs, TResult>): this {\n    this.tools.set(definition.name, definition as VorimToolDefinition);\n    this.replayCache = null;\n    return this;\n  }\n\n  /** Register multiple tools. */\n  addAll(definitions: VorimToolDefinition[]): this {\n    for (const def of definitions) this.add(def);\n    return this;\n  }\n\n  /** Convert registered tools to Anthropic's tool format. */\n  toAnthropicTools(): AnthropicTool[] {\n    return [...this.tools.values()].map(t => ({\n      name: t.name,\n      description: t.description,\n      input_schema: t.input_schema,\n    }));\n  }\n\n  /**\n   * Execute tool_use blocks from a Claude message response.\n   * Each call is checked against Vorim permissions and audited.\n   * Returns an array of tool_result blocks ready to send back to Claude.\n   */\n  async executeToolUseBlocks(toolUseBlocks: ToolUseBlock[]): Promise<ToolResultBlock[]> {\n    return Promise.all(\n      toolUseBlocks.map(block => this.executeSingleBlock(block)),\n    );\n  }\n\n  private async executeSingleBlock(block: ToolUseBlock): Promise<ToolResultBlock> {\n    const definition = this.tools.get(block.name);\n\n    if (!definition) {\n      return {\n        type: 'tool_result',\n        tool_use_id: block.id,\n        content: JSON.stringify({ error: `Unknown tool: ${block.name}` }),\n        is_error: true,\n      };\n    }\n\n    const scope = definition.permission ?? this.defaultPermission;\n\n    // 1. Gate: runtime decision (with decisionId linkage) or permission check.\n    const { allowed, reason, decisionId } = await this.gate(scope, block.name, block.input as Record<string, unknown>);\n    const replayCtx = await this.getReplayContext();\n\n    if (!allowed) {\n      const event: AuditEventInput = {\n        agent_id: this.agentId,\n        event_type: 'tool_call',\n        action: block.name,\n        resource: truncate(JSON.stringify(block.input), 500),\n        permission: scope,\n        result: 'denied',\n        ...(decisionId ? { decision_id: decisionId } : {}),\n        metadata: { reason, framework: 'anthropic' },\n        ...replayCtx,\n      };\n      this.emitAudit(event);\n\n      return {\n        type: 'tool_result',\n        tool_use_id: block.id,\n        content: JSON.stringify({ error: `Permission denied: ${scope}${reason ? ` — ${reason}` : ''}` }),\n        is_error: true,\n      };\n    }\n\n    // 2. Execute\n    const start = Date.now();\n    try {\n      const result = await definition.execute(block.input as any);\n      const content = typeof result === 'string' ? result : JSON.stringify(result);\n\n      const event: AuditEventInput = {\n        agent_id: this.agentId,\n        event_type: 'tool_call',\n        action: block.name,\n        resource: truncate(JSON.stringify(block.input), 500),\n        permission: scope,\n        result: 'success',\n        latency_ms: Date.now() - start,\n        ...(decisionId ? { decision_id: decisionId } : {}),\n        metadata: { framework: 'anthropic' },\n        ...replayCtx,\n      };\n      this.emitAudit(event);\n\n      return { type: 'tool_result', tool_use_id: block.id, content };\n    } catch (err) {\n      const errMsg = err instanceof Error ? err.message : String(err);\n\n      const event: AuditEventInput = {\n        agent_id: this.agentId,\n        event_type: 'tool_call',\n        action: block.name,\n        resource: truncate(JSON.stringify(block.input), 500),\n        permission: scope,\n        result: 'error',\n        latency_ms: Date.now() - start,\n        error_code: err instanceof Error ? err.name : 'UNKNOWN',\n        ...(decisionId ? { decision_id: decisionId } : {}),\n        metadata: { error: errMsg, framework: 'anthropic' },\n        ...replayCtx,\n      };\n      this.emitAudit(event);\n\n      return {\n        type: 'tool_result',\n        tool_use_id: block.id,\n        content: JSON.stringify({ error: errMsg }),\n        is_error: true,\n      };\n    }\n  }\n\n  private emitAudit(event: AuditEventInput): void {\n    this.vorim.emit(event).catch(() => {});\n  }\n}\n\n// ─── Agent Loop ───────────────────────────────────────────────────────────\n\n/** Minimal Anthropic client interface (avoids importing the full SDK). */\ninterface AnthropicClient {\n  messages: {\n    create(params: any): Promise<any>;\n  };\n}\n\nexport interface VorimAgentLoopConfig extends VorimAnthropicConfig {\n  /** Anthropic client instance. */\n  anthropic: AnthropicClient;\n  /** Model to use. @default 'claude-sonnet-4-20250514' */\n  model?: string;\n  /** System prompt for the agent. */\n  systemPrompt?: string;\n  /** Maximum tool-use iterations before stopping. @default 10 */\n  maxIterations?: number;\n  /** Max tokens per response. @default 1024 */\n  maxTokens?: number;\n}\n\n/**\n * Runs a complete agent loop with Claude tool use, Vorim\n * permission enforcement, and audit logging.\n *\n * @example\n * ```ts\n * import Anthropic from \"@anthropic-ai/sdk\";\n * import createVorim from \"@vorim/sdk\";\n * import { runAgentLoop, VorimToolRegistry } from \"@vorim/sdk/integrations/anthropic\";\n *\n * const registry = new VorimToolRegistry({ vorim, agentId });\n * registry.add({ name: \"search\", ... });\n *\n * const response = await runAgentLoop({\n *   vorim,\n *   agentId,\n *   anthropic: new Anthropic(),\n *   model: \"claude-sonnet-4-20250514\",\n *   systemPrompt: \"You are a helpful assistant.\",\n *   registry,\n *   userMessage: \"Find docs about onboarding\",\n * });\n * ```\n */\nexport async function runAgentLoop(\n  config: VorimAgentLoopConfig & {\n    registry: VorimToolRegistry;\n    userMessage: string;\n  },\n): Promise<string> {\n  const {\n    anthropic,\n    model = 'claude-sonnet-4-20250514',\n    systemPrompt,\n    maxIterations = 10,\n    maxTokens = 1024,\n    registry,\n    userMessage,\n  } = config;\n\n  const tools = registry.toAnthropicTools();\n  const messages: any[] = [{ role: 'user', content: userMessage }];\n\n  for (let i = 0; i < maxIterations; i++) {\n    const response = await anthropic.messages.create({\n      model,\n      max_tokens: maxTokens,\n      ...(systemPrompt ? { system: systemPrompt } : {}),\n      messages,\n      ...(tools.length > 0 ? { tools } : {}),\n    });\n\n    // If stop_reason is \"end_turn\" — Claude is done\n    if (response.stop_reason === 'end_turn' || response.stop_reason !== 'tool_use') {\n      const textBlocks = response.content.filter((b: any) => b.type === 'text');\n      return textBlocks.map((b: any) => b.text).join('') || '';\n    }\n\n    // Extract tool_use blocks and execute\n    const toolUseBlocks = response.content.filter((b: any) => b.type === 'tool_use');\n    const toolResults = await registry.executeToolUseBlocks(toolUseBlocks);\n\n    // Append assistant response and tool results to conversation\n    messages.push({ role: 'assistant', content: response.content });\n    messages.push({ role: 'user', content: toolResults });\n  }\n\n  return '';\n}\n\n// ─── Agent Registration Helper ───────────────────────────────────────────\n\n/**\n * Registers a new agent with Vorim and returns a ready-to-use tool registry\n * configured for Anthropic/Claude.\n *\n * @example\n * ```ts\n * const { agentId, registry } = await createVorimClaudeAgent({\n *   vorim,\n *   name: \"claude-assistant\",\n *   capabilities: [\"search\", \"calculate\"],\n *   scopes: [\"agent:read\", \"agent:execute\"],\n *   tools: [searchTool, calcTool],\n * });\n * ```\n */\nexport async function createVorimClaudeAgent(config: {\n  vorim: VorimSDK;\n  name: string;\n  description?: string;\n  capabilities: string[];\n  scopes: PermissionScope[];\n  tools: VorimToolDefinition[];\n}) {\n  const { vorim, name, description, capabilities, scopes, tools } = config;\n\n  const registration = await vorim.register({\n    name,\n    description,\n    capabilities,\n    scopes,\n  });\n\n  const agentId = registration.agent.agent_id;\n  const registry = new VorimToolRegistry({ vorim, agentId });\n  registry.addAll(tools);\n\n  return {\n    agentId,\n    registration,\n    registry,\n    privateKey: registration.private_key,\n  };\n}\n\n// ─── Helpers ──────────────────────────────────────────────────────────────\n\nfunction truncate(str: string, max: number): string {\n  return str.length > max ? str.slice(0, max) + '…' : str;\n}\n"],"mappings":";AAwEO,SAAS,gBAAgB,OAAwB;AACtD,MAAI,UAAU,KAAM,QAAO;AAC3B,MAAI,UAAU,KAAM,QAAO;AAC3B,MAAI,UAAU,MAAO,QAAO;AAE5B,MAAI,OAAO,UAAU,UAAU;AAC7B,QAAI,CAAC,OAAO,SAAS,KAAK,GAAG;AAC3B,YAAM,IAAI,MAAM,qDAAqD;AAAA,IACvE;AAKA,WAAO,MAAM,SAAS;AAAA,EACxB;AAEA,MAAI,OAAO,UAAU,UAAU;AAC7B,WAAO,KAAK,UAAU,KAAK;AAAA,EAC7B;AAEA,MAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,WAAO,MAAM,MAAM,IAAI,eAAe,EAAE,KAAK,GAAG,IAAI;AAAA,EACtD;AAEA,MAAI,OAAO,UAAU,UAAU;AAC7B,UAAM,MAAM;AAKZ,UAAM,OAAO,OAAO,KAAK,GAAG,EAAE,OAAO,OAAK,IAAI,CAAC,MAAM,MAAS,EAAE,KAAK;AACrE,UAAM,QAAQ,KAAK,IAAI,OAAK,KAAK,UAAU,CAAC,IAAI,MAAM,gBAAgB,IAAI,CAAC,CAAC,CAAC;AAC7E,WAAO,MAAM,MAAM,KAAK,GAAG,IAAI;AAAA,EACjC;AAGA,QAAM,IAAI,MAAM,4CAA4C,OAAO,KAAK,EAAE;AAC5E;AAIA,eAAe,UAAU,OAA6C;AACpE,QAAM,QAAQ,OAAO,UAAU,WAAW,IAAI,YAAY,EAAE,OAAO,KAAK,IAAI;AAI5E,QAAM,SAAU,WAAmB,QAAQ;AAC3C,MAAI,QAAQ;AACV,UAAM,MAAM,MAAM,OAAO,OAAO,WAAW,KAAK;AAChD,WAAO,MAAM,KAAK,IAAI,WAAW,GAAG,CAAC,EAClC,IAAI,OAAK,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EACxC,KAAK,EAAE;AAAA,EACZ;AAGA,QAAM,aAAa,MAAM,OAAO,QAAa;AAC7C,SAAO,WAAW,WAAW,QAAQ,EAAE,OAAO,KAAK,EAAE,OAAO,KAAK;AACnE;AAWA,eAAsB,SAAS,MAAsC;AACnE,QAAM,aAAa;AAAA,IACjB,MAAM,KAAK;AAAA,IACX,aAAa,KAAK,eAAe;AAAA,IACjC,QAAQ,KAAK,UAAU,CAAC;AAAA,EAC1B;AACA,QAAM,MAAM,MAAM,UAAU,gBAAgB,UAAU,CAAC;AACvD,SAAO,UAAU,GAAG;AACtB;AAaA,eAAsB,kBAAkB,OAAyC;AAC/E,MAAI,MAAM,WAAW,GAAG;AAEtB,WAAO,UAAU,MAAM,UAAU,IAAI,CAAC;AAAA,EACxC;AACA,QAAM,UAAU,MAAM,QAAQ,IAAI,MAAM,IAAI,QAAQ,CAAC;AACrD,UAAQ,KAAK;AACb,QAAM,MAAM,MAAM,UAAU,QAAQ,KAAK,EAAE,CAAC;AAC5C,SAAO,UAAU,GAAG;AACtB;AAUA,eAAsB,iBAAiB,QAAiC;AACtE,QAAM,MAAM,MAAM,UAAU,MAAM;AAClC,SAAO,UAAU,GAAG;AACtB;AA+CA,eAAsB,qBACpB,QACwB;AACxB,QAAM,MAAqB,CAAC;AAC5B,MAAI,OAAO,aAAc,KAAI,gBAAgB,OAAO;AACpD,MAAI,OAAO,MAAO,KAAI,sBAAsB,MAAM,kBAAkB,OAAO,KAAK;AAChF,MAAI,OAAO,aAAc,KAAI,qBAAqB,MAAM,iBAAiB,OAAO,YAAY;AAC5F,SAAO;AACT;;;AC7GO,IAAM,oBAAN,MAAwB;AAAA,EACrB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,QAAQ,oBAAI,IAAiC;AAAA,EAC7C;AAAA,EACA,cAA6C;AAAA,EAErD,YAAY,QAA8B;AACxC,SAAK,QAAQ,OAAO;AACpB,SAAK,UAAU,OAAO;AACtB,SAAK,oBAAoB,OAAO,qBAAqB;AACrD,SAAK,aAAa,OAAO,cAAc;AACvC,SAAK,oBAAoB,OAAO,qBAAqB;AACrD,SAAK,eAAe,OAAO;AAAA,EAC7B;AAAA;AAAA,EAGA,MAAc,KACZ,OACA,cACA,SACqE;AACrE,QAAI,KAAK,mBAAmB;AAC1B,YAAM,IAAI,MAAM,KAAK,MAAM;AAAA,QACzB,EAAE,SAAS,KAAK,SAAS,YAAY,aAAa,cAAc,eAAe,OAAO,QAAQ;AAAA,QAC9F,EAAE,aAAa,MAAM;AAAA,MACvB;AACA,aAAO;AAAA,QACL,SAAS,EAAE,aAAa,WAAW,EAAE,aAAa,YAAY,EAAE,aAAa;AAAA,QAC7E,QAAQ,EAAE;AAAA,QACV,YAAY,EAAE,cAAc;AAAA,MAC9B;AAAA,IACF;AACA,UAAM,EAAE,SAAS,OAAO,IAAI,MAAM,KAAK,MAAM,MAAM,KAAK,SAAS,KAAK;AACtE,WAAO,EAAE,SAAS,OAAO;AAAA,EAC3B;AAAA,EAEA,MAAc,mBAA2C;AACvD,QAAI,CAAC,KAAK,aAAc,QAAO,CAAC;AAChC,QAAI,CAAC,KAAK,aAAa;AACrB,YAAM,SAAuB;AAAA,QAC3B,GAAG,KAAK;AAAA,QACR,OAAO,KAAK,aAAa,SAAS,KAAK,gBAAgB;AAAA,MACzD;AACA,WAAK,cAAc,qBAAqB,MAAM;AAAA,IAChD;AACA,WAAO,KAAK;AAAA,EACd;AAAA,EAEQ,kBAAmC;AACzC,WAAO,CAAC,GAAG,KAAK,MAAM,OAAO,CAAC,EAAE,IAAI,QAAM;AAAA,MACxC,MAAM,EAAE;AAAA,MACR,aAAa,EAAE;AAAA,MACf,QAAQ,EAAE;AAAA,IACZ,EAAE;AAAA,EACJ;AAAA;AAAA,EAGA,IAAoB,YAAuD;AACzE,SAAK,MAAM,IAAI,WAAW,MAAM,UAAiC;AACjE,SAAK,cAAc;AACnB,WAAO;AAAA,EACT;AAAA;AAAA,EAGA,OAAO,aAA0C;AAC/C,eAAW,OAAO,YAAa,MAAK,IAAI,GAAG;AAC3C,WAAO;AAAA,EACT;AAAA;AAAA,EAGA,mBAAoC;AAClC,WAAO,CAAC,GAAG,KAAK,MAAM,OAAO,CAAC,EAAE,IAAI,QAAM;AAAA,MACxC,MAAM,EAAE;AAAA,MACR,aAAa,EAAE;AAAA,MACf,cAAc,EAAE;AAAA,IAClB,EAAE;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,qBAAqB,eAA2D;AACpF,WAAO,QAAQ;AAAA,MACb,cAAc,IAAI,WAAS,KAAK,mBAAmB,KAAK,CAAC;AAAA,IAC3D;AAAA,EACF;AAAA,EAEA,MAAc,mBAAmB,OAA+C;AAC9E,UAAM,aAAa,KAAK,MAAM,IAAI,MAAM,IAAI;AAE5C,QAAI,CAAC,YAAY;AACf,aAAO;AAAA,QACL,MAAM;AAAA,QACN,aAAa,MAAM;AAAA,QACnB,SAAS,KAAK,UAAU,EAAE,OAAO,iBAAiB,MAAM,IAAI,GAAG,CAAC;AAAA,QAChE,UAAU;AAAA,MACZ;AAAA,IACF;AAEA,UAAM,QAAQ,WAAW,cAAc,KAAK;AAG5C,UAAM,EAAE,SAAS,QAAQ,WAAW,IAAI,MAAM,KAAK,KAAK,OAAO,MAAM,MAAM,MAAM,KAAgC;AACjH,UAAM,YAAY,MAAM,KAAK,iBAAiB;AAE9C,QAAI,CAAC,SAAS;AACZ,YAAM,QAAyB;AAAA,QAC7B,UAAU,KAAK;AAAA,QACf,YAAY;AAAA,QACZ,QAAQ,MAAM;AAAA,QACd,UAAU,SAAS,KAAK,UAAU,MAAM,KAAK,GAAG,GAAG;AAAA,QACnD,YAAY;AAAA,QACZ,QAAQ;AAAA,QACR,GAAI,aAAa,EAAE,aAAa,WAAW,IAAI,CAAC;AAAA,QAChD,UAAU,EAAE,QAAQ,WAAW,YAAY;AAAA,QAC3C,GAAG;AAAA,MACL;AACA,WAAK,UAAU,KAAK;AAEpB,aAAO;AAAA,QACL,MAAM;AAAA,QACN,aAAa,MAAM;AAAA,QACnB,SAAS,KAAK,UAAU,EAAE,OAAO,sBAAsB,KAAK,GAAG,SAAS,WAAM,MAAM,KAAK,EAAE,GAAG,CAAC;AAAA,QAC/F,UAAU;AAAA,MACZ;AAAA,IACF;AAGA,UAAM,QAAQ,KAAK,IAAI;AACvB,QAAI;AACF,YAAM,SAAS,MAAM,WAAW,QAAQ,MAAM,KAAY;AAC1D,YAAM,UAAU,OAAO,WAAW,WAAW,SAAS,KAAK,UAAU,MAAM;AAE3E,YAAM,QAAyB;AAAA,QAC7B,UAAU,KAAK;AAAA,QACf,YAAY;AAAA,QACZ,QAAQ,MAAM;AAAA,QACd,UAAU,SAAS,KAAK,UAAU,MAAM,KAAK,GAAG,GAAG;AAAA,QACnD,YAAY;AAAA,QACZ,QAAQ;AAAA,QACR,YAAY,KAAK,IAAI,IAAI;AAAA,QACzB,GAAI,aAAa,EAAE,aAAa,WAAW,IAAI,CAAC;AAAA,QAChD,UAAU,EAAE,WAAW,YAAY;AAAA,QACnC,GAAG;AAAA,MACL;AACA,WAAK,UAAU,KAAK;AAEpB,aAAO,EAAE,MAAM,eAAe,aAAa,MAAM,IAAI,QAAQ;AAAA,IAC/D,SAAS,KAAK;AACZ,YAAM,SAAS,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAE9D,YAAM,QAAyB;AAAA,QAC7B,UAAU,KAAK;AAAA,QACf,YAAY;AAAA,QACZ,QAAQ,MAAM;AAAA,QACd,UAAU,SAAS,KAAK,UAAU,MAAM,KAAK,GAAG,GAAG;AAAA,QACnD,YAAY;AAAA,QACZ,QAAQ;AAAA,QACR,YAAY,KAAK,IAAI,IAAI;AAAA,QACzB,YAAY,eAAe,QAAQ,IAAI,OAAO;AAAA,QAC9C,GAAI,aAAa,EAAE,aAAa,WAAW,IAAI,CAAC;AAAA,QAChD,UAAU,EAAE,OAAO,QAAQ,WAAW,YAAY;AAAA,QAClD,GAAG;AAAA,MACL;AACA,WAAK,UAAU,KAAK;AAEpB,aAAO;AAAA,QACL,MAAM;AAAA,QACN,aAAa,MAAM;AAAA,QACnB,SAAS,KAAK,UAAU,EAAE,OAAO,OAAO,CAAC;AAAA,QACzC,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,UAAU,OAA8B;AAC9C,SAAK,MAAM,KAAK,KAAK,EAAE,MAAM,MAAM;AAAA,IAAC,CAAC;AAAA,EACvC;AACF;AAgDA,eAAsB,aACpB,QAIiB;AACjB,QAAM;AAAA,IACJ;AAAA,IACA,QAAQ;AAAA,IACR;AAAA,IACA,gBAAgB;AAAA,IAChB,YAAY;AAAA,IACZ;AAAA,IACA;AAAA,EACF,IAAI;AAEJ,QAAM,QAAQ,SAAS,iBAAiB;AACxC,QAAM,WAAkB,CAAC,EAAE,MAAM,QAAQ,SAAS,YAAY,CAAC;AAE/D,WAAS,IAAI,GAAG,IAAI,eAAe,KAAK;AACtC,UAAM,WAAW,MAAM,UAAU,SAAS,OAAO;AAAA,MAC/C;AAAA,MACA,YAAY;AAAA,MACZ,GAAI,eAAe,EAAE,QAAQ,aAAa,IAAI,CAAC;AAAA,MAC/C;AAAA,MACA,GAAI,MAAM,SAAS,IAAI,EAAE,MAAM,IAAI,CAAC;AAAA,IACtC,CAAC;AAGD,QAAI,SAAS,gBAAgB,cAAc,SAAS,gBAAgB,YAAY;AAC9E,YAAM,aAAa,SAAS,QAAQ,OAAO,CAAC,MAAW,EAAE,SAAS,MAAM;AACxE,aAAO,WAAW,IAAI,CAAC,MAAW,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK;AAAA,IACxD;AAGA,UAAM,gBAAgB,SAAS,QAAQ,OAAO,CAAC,MAAW,EAAE,SAAS,UAAU;AAC/E,UAAM,cAAc,MAAM,SAAS,qBAAqB,aAAa;AAGrE,aAAS,KAAK,EAAE,MAAM,aAAa,SAAS,SAAS,QAAQ,CAAC;AAC9D,aAAS,KAAK,EAAE,MAAM,QAAQ,SAAS,YAAY,CAAC;AAAA,EACtD;AAEA,SAAO;AACT;AAmBA,eAAsB,uBAAuB,QAO1C;AACD,QAAM,EAAE,OAAO,MAAM,aAAa,cAAc,QAAQ,MAAM,IAAI;AAElE,QAAM,eAAe,MAAM,MAAM,SAAS;AAAA,IACxC;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AAED,QAAM,UAAU,aAAa,MAAM;AACnC,QAAM,WAAW,IAAI,kBAAkB,EAAE,OAAO,QAAQ,CAAC;AACzD,WAAS,OAAO,KAAK;AAErB,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA,YAAY,aAAa;AAAA,EAC3B;AACF;AAIA,SAAS,SAAS,KAAa,KAAqB;AAClD,SAAO,IAAI,SAAS,MAAM,IAAI,MAAM,GAAG,GAAG,IAAI,WAAM;AACtD;","names":[]}

package/dist/integrations/langchain.cjs

@@ -55,10 +55,9 @@ function jcsCanonicalise(value) {
     return "[" + value.map(jcsCanonicalise).join(",") + "]";
   }
   if (typeof value === "object") {
-    const keys = Object.keys(value).sort();
-    const parts = keys.map((k) => {
-      return JSON.stringify(k) + ":" + jcsCanonicalise(value[k]);
-    });
+    const obj = value;
+    const keys = Object.keys(obj).filter((k) => obj[k] !== void 0).sort();
+    const parts = keys.map((k) => JSON.stringify(k) + ":" + jcsCanonicalise(obj[k]));
     return "{" + parts.join(",") + "}";
   }
   throw new Error(`jcsCanonicalise: unsupported value type: ${typeof value}`);

package/dist/integrations/langchain.cjs.map

@@ -1 +1 @@
-{"version":3,"sources":["../../src/integrations/langchain.ts","../../src/replay.ts"],"sourcesContent":["// ============================================================================\n// VORIM SDK — LangChain / LangGraph JS Integration\n// Provides tool wrapping with permission checks + audit trail,\n// a callback handler for observability, and a factory for creating\n// Vorim-secured LangGraph ReAct agents.\n//\n// Peer dependencies:\n//   @langchain/core >=0.3.0\n//   @langchain/langgraph >=0.2.0\n// ============================================================================\n\nimport type { VorimSDK } from '../index.js';\nimport type { PermissionScope, AuditEventInput } from '../types.js';\nimport {\n  prepareReplayContext,\n  type ReplayInputs,\n  type ReplayContext,\n  type CatalogueTool,\n} from '../replay.js';\n\n// ─── Re-declared LangChain types (peer dependency — not bundled) ──────────\n// These mirror the actual types from @langchain/core so consumers don't\n// need to import them separately for basic usage.\n\n/** Minimal subset of @langchain/core Serialized */\ninterface Serialized {\n  lc: number;\n  type: string;\n  id: string[];\n  kwargs?: Record<string, unknown>;\n}\n\n// ─── Configuration ────────────────────────────────────────────────────────\n\nexport interface VorimLangChainConfig {\n  /** Vorim SDK instance. */\n  vorim: VorimSDK;\n  /** The Vorim agent_id to associate with this LangChain agent. */\n  agentId: string;\n  /** Map tool names → Vorim permission scopes. Unmapped tools default to 'agent:execute'. */\n  permissionMap?: Record<string, PermissionScope>;\n  /** Default permission scope for tools not in permissionMap. @default 'agent:execute' */\n  defaultPermission?: PermissionScope;\n  /** Whether to emit audit events asynchronously (fire-and-forget). @default true */\n  asyncAudit?: boolean;\n  /**\n   * Replayable agent decision evidence (VAIP -02). When provided, the\n   * hashes of the model version, tool catalogue, and system prompt are\n   * attached to every emitted audit event so an auditor can later\n   * reproduce the agent's decision context.\n   *\n   * Hashes are computed once on first emit and cached for subsequent\n   * emits in this config's lifetime.\n   *\n   * These fields are NOT covered by the v0 canonical signature form;\n   * advisory only until v1 (RFC 8785 JCS) lands.\n   */\n  replay?: ReplayInputs;\n}\n\n// ─── Tool Wrapper ─────────────────────────────────────────────────────────\n\n/**\n * Wraps a LangChain `StructuredTool` (or `DynamicStructuredTool`) with\n * Vorim permission checks before execution and audit event emission after.\n *\n * Works with any tool that has `name`, `description`, `schema`, and `_call`.\n *\n * @example\n * ```ts\n * import { DynamicStructuredTool } from \"@langchain/core/tools\";\n * import { wrapTool } from \"@vorim/sdk/integrations/langchain\";\n *\n * const guarded = wrapTool(myTool, {\n *   vorim, agentId: \"agid_acme_a1b2c3d4\",\n *   permissionMap: { search_docs: \"agent:read\" },\n * });\n * ```\n */\nexport function wrapTool<T extends LangChainTool>(\n  tool: T,\n  config: VorimLangChainConfig,\n): T {\n  const { vorim, agentId, permissionMap = {}, defaultPermission = 'agent:execute', asyncAudit = true, replay } = config;\n\n  const originalCall = tool._call.bind(tool);\n  const getReplayCtx = makeReplayContextGetter(replay);\n\n  // Override _call to inject permission check + audit\n  (tool as any)._call = async function vorimGuardedCall(\n    arg: unknown,\n    runManager?: unknown,\n    parentConfig?: unknown,\n  ): Promise<unknown> {\n    const scope = permissionMap[tool.name] ?? defaultPermission;\n\n    // 1. Permission check\n    const { allowed, reason } = await vorim.check(agentId, scope);\n    const replayCtx = await getReplayCtx();\n\n    if (!allowed) {\n      const event: AuditEventInput = {\n        agent_id: agentId,\n        event_type: 'tool_call',\n        action: tool.name,\n        resource: truncate(JSON.stringify(arg), 500),\n        permission: scope,\n        result: 'denied',\n        metadata: { reason, framework: 'langchain' },\n        ...replayCtx,\n      };\n      emitAudit(vorim, event, asyncAudit);\n      throw new Error(`Vorim: permission denied for \"${tool.name}\" — scope \"${scope}\"${reason ? `: ${reason}` : ''}`);\n    }\n\n    // 2. Execute the original tool\n    const start = Date.now();\n    let result: unknown;\n    try {\n      result = await originalCall(arg, runManager, parentConfig);\n    } catch (err) {\n      const event: AuditEventInput = {\n        agent_id: agentId,\n        event_type: 'tool_call',\n        action: tool.name,\n        resource: truncate(JSON.stringify(arg), 500),\n        permission: scope,\n        result: 'error',\n        latency_ms: Date.now() - start,\n        error_code: err instanceof Error ? err.name : 'UNKNOWN',\n        metadata: { error: err instanceof Error ? err.message : String(err), framework: 'langchain' },\n        ...replayCtx,\n      };\n      emitAudit(vorim, event, asyncAudit);\n      throw err;\n    }\n\n    // 3. Audit success\n    const event: AuditEventInput = {\n      agent_id: agentId,\n      event_type: 'tool_call',\n      action: tool.name,\n      resource: truncate(JSON.stringify(arg), 500),\n      permission: scope,\n      result: 'success',\n      latency_ms: Date.now() - start,\n      metadata: { framework: 'langchain' },\n      ...replayCtx,\n    };\n    emitAudit(vorim, event, asyncAudit);\n\n    return result;\n  };\n\n  return tool;\n}\n\n/**\n * Lazy-cached replay context getter. The hashes are computed once on\n * first call and reused for subsequent calls in this closure's lifetime.\n * Returns an empty object when no `replay` config was provided so the\n * spread is a no-op.\n */\nfunction makeReplayContextGetter(replay: ReplayInputs | undefined): () => Promise<ReplayContext> {\n  if (!replay) return async () => ({});\n  let cached: Promise<ReplayContext> | null = null;\n  return () => {\n    if (!cached) cached = prepareReplayContext(replay);\n    return cached;\n  };\n}\n\n/**\n * Wraps an array of LangChain tools with Vorim permission + audit.\n */\nexport function wrapTools<T extends LangChainTool>(\n  tools: T[],\n  config: VorimLangChainConfig,\n): T[] {\n  return tools.map(t => wrapTool(t, config));\n}\n\n// ─── Callback Handler ─────────────────────────────────────────────────────\n\n/**\n * LangChain callback handler that emits Vorim audit events for every\n * tool invocation. This is a **non-intrusive** observability layer —\n * it does not block or modify tool execution.\n *\n * Attach it to any LangChain invoke/stream call:\n * ```ts\n * const handler = new VorimCallbackHandler(vorim, \"agid_acme_a1b2c3d4\");\n * await agent.invoke({ messages }, { callbacks: [handler] });\n * ```\n */\nexport class VorimCallbackHandler {\n  name = 'VorimCallbackHandler';\n  private vorim: VorimSDK;\n  private agentId: string;\n  private runMap = new Map<string, { tool: string; input: string; startTime: number }>();\n  private getReplayCtx: () => Promise<ReplayContext>;\n\n  // Flags to satisfy BaseCallbackHandler interface\n  ignoreLLM = true;\n  ignoreChain = true;\n  ignoreAgent = true;\n  ignoreRetriever = true;\n  ignoreCustomEvent = true;\n  lc_serializable = false;\n\n  get lc_id(): string[] { return ['vorim', 'callbacks', 'VorimCallbackHandler']; }\n  get lc_namespace(): string[] { return ['vorim', 'callbacks']; }\n\n  /**\n   * @param vorim Vorim SDK instance.\n   * @param agentId The Vorim agent_id whose actions this callback audits.\n   * @param replay Optional replayable-evidence inputs. Same shape as\n   *               {@link VorimLangChainConfig.replay}; hashes are\n   *               computed once and attached to every audit event.\n   */\n  constructor(vorim: VorimSDK, agentId: string, replay?: ReplayInputs) {\n    this.vorim = vorim;\n    this.agentId = agentId;\n    this.getReplayCtx = makeReplayContextGetter(replay);\n  }\n\n  async handleToolStart(\n    tool: Serialized,\n    input: string,\n    runId: string,\n    _parentRunId?: string,\n    _tags?: string[],\n    _metadata?: Record<string, unknown>,\n    runName?: string,\n  ): Promise<void> {\n    const toolName = runName ?? tool.id?.[tool.id.length - 1] ?? 'unknown';\n    this.runMap.set(runId, { tool: toolName, input, startTime: Date.now() });\n  }\n\n  async handleToolEnd(\n    _output: unknown,\n    runId: string,\n  ): Promise<void> {\n    const run = this.runMap.get(runId);\n    if (!run) return;\n    this.runMap.delete(runId);\n    const replayCtx = await this.getReplayCtx();\n\n    await this.vorim.emit({\n      agent_id: this.agentId,\n      event_type: 'tool_call',\n      action: run.tool,\n      resource: truncate(run.input, 500),\n      result: 'success',\n      latency_ms: Date.now() - run.startTime,\n      metadata: { framework: 'langchain' },\n      ...replayCtx,\n    }).catch(() => {}); // never throw from callback\n  }\n\n  async handleToolError(\n    err: Error,\n    runId: string,\n  ): Promise<void> {\n    const run = this.runMap.get(runId);\n    if (!run) return;\n    this.runMap.delete(runId);\n    const replayCtx = await this.getReplayCtx();\n\n    await this.vorim.emit({\n      agent_id: this.agentId,\n      event_type: 'tool_call',\n      action: run.tool,\n      resource: truncate(run.input, 500),\n      result: 'error',\n      latency_ms: Date.now() - run.startTime,\n      error_code: err.name,\n      metadata: { error: err.message, framework: 'langchain' },\n      ...replayCtx,\n    }).catch(() => {});\n  }\n\n  // Required by BaseCallbackHandler — no-op for events we don't need\n  copy(): VorimCallbackHandler {\n    return new VorimCallbackHandler(this.vorim, this.agentId);\n  }\n\n  toJSON() {\n    return { lc: 1, type: 'not_implemented', id: this.lc_id };\n  }\n\n  toJSONNotImplemented() {\n    return this.toJSON();\n  }\n}\n\n// ─── Agent Factory ────────────────────────────────────────────────────────\n\nexport interface CreateVorimAgentConfig extends VorimLangChainConfig {\n  /** Display name for the agent when registering with Vorim. */\n  name: string;\n  /** Agent capabilities (e.g. [\"web_search\", \"code_execution\"]). */\n  capabilities: string[];\n  /** Initial permission scopes to grant. */\n  scopes: PermissionScope[];\n  /** Optional description. */\n  description?: string;\n}\n\n/**\n * Registers a new agent with Vorim and returns wrapped tools + callback handler\n * ready to use with `createReactAgent` or any LangChain agent.\n *\n * @example\n * ```ts\n * import { createReactAgent } from \"@langchain/langgraph/prebuilt\";\n * import { ChatOpenAI } from \"@langchain/openai\";\n * import { createVorimAgent } from \"@vorim/sdk/integrations/langchain\";\n *\n * const { agentId, tools, callbackHandler } = await createVorimAgent({\n *   vorim,\n *   name: \"research-agent\",\n *   capabilities: [\"web_search\"],\n *   scopes: [\"agent:read\", \"agent:execute\"],\n *   tools: [searchTool, analysisTool],\n * });\n *\n * const agent = createReactAgent({\n *   llm: new ChatOpenAI({ model: \"gpt-4o\" }),\n *   tools,\n * });\n *\n * const result = await agent.invoke(\n *   { messages: [{ role: \"user\", content: \"Research AI trends\" }] },\n *   { callbacks: [callbackHandler] },\n * );\n * ```\n */\nexport async function createVorimAgent<T extends LangChainTool>(config: CreateVorimAgentConfig & { tools: T[] }) {\n  const { vorim, name, capabilities, scopes, description, tools: rawTools, permissionMap, defaultPermission, asyncAudit, replay } = config;\n\n  // Register agent with Vorim\n  const registration = await vorim.register({\n    name,\n    description,\n    capabilities,\n    scopes,\n  });\n\n  const agentId = registration.agent.agent_id;\n\n  // If the caller passed `replay.tools`, use those. Otherwise derive a\n  // tool catalogue from the rawTools we're about to wrap so the\n  // replayable-evidence story works automatically.\n  const derivedReplay: ReplayInputs | undefined = replay\n    ? { ...replay, tools: replay.tools ?? deriveCatalogueFromLangChainTools(rawTools) }\n    : { tools: deriveCatalogueFromLangChainTools(rawTools) };\n\n  const agentConfig: VorimLangChainConfig = {\n    vorim, agentId, permissionMap, defaultPermission, asyncAudit, replay: derivedReplay,\n  };\n\n  // Wrap tools with permission checks\n  const tools = wrapTools(rawTools, agentConfig);\n\n  // Create callback handler for audit trail\n  const callbackHandler = new VorimCallbackHandler(vorim, agentId, derivedReplay);\n\n  return {\n    /** The Vorim agent_id. */\n    agentId,\n    /** The full agent registration result. */\n    registration,\n    /** Tools wrapped with Vorim permission checks + audit. */\n    tools,\n    /** Callback handler for audit trail observability. */\n    callbackHandler,\n    /** The private key (store securely — shown once). */\n    privateKey: registration.private_key,\n  };\n}\n\n// ─── Internal helpers ─────────────────────────────────────────────────────\n\n/** Minimal interface matching any LangChain StructuredTool / DynamicStructuredTool. */\ninterface LangChainTool {\n  name: string;\n  description: string;\n  schema: unknown;\n  _call(arg: any, runManager?: any, parentConfig?: any): Promise<any>;\n}\n\nfunction truncate(str: string, max: number): string {\n  return str.length > max ? str.slice(0, max) + '…' : str;\n}\n\nfunction emitAudit(vorim: VorimSDK, event: AuditEventInput, async: boolean): void {\n  if (async) {\n    vorim.emit(event).catch(() => {});\n  } else {\n    vorim.emit(event).catch(() => {});\n  }\n}\n\n/**\n * Convert LangChain tools to the catalogue shape used by hashToolCatalogue.\n * Best-effort: LangChain tool schemas can be Zod or plain JSON Schema.\n * If we can't get a serialisable shape, we fall back to `null` schema\n * which the hashing treats as `{}`.\n */\nfunction deriveCatalogueFromLangChainTools(tools: LangChainTool[]): CatalogueTool[] {\n  return tools.map(t => {\n    let schema: Record<string, unknown> | null = null;\n    const raw = t.schema as unknown;\n    if (raw && typeof raw === 'object') {\n      // If it's already plain JSON-serialisable, use it. Otherwise null.\n      try {\n        schema = JSON.parse(JSON.stringify(raw));\n      } catch {\n        schema = null;\n      }\n    }\n    return {\n      name: t.name,\n      description: t.description ?? '',\n      schema,\n    };\n  });\n}\n","/**\n * Replayable agent decision evidence helpers.\n *\n * Canonical-form hashing for the VAIP -02 schema fields that the SDK\n * attaches to audit events. The hashes recorded in audit_events.tool_catalogue_hash\n * and audit_events.system_prompt_hash use these functions, so the bytes\n * an auditor or counterparty reconstructs must match what the SDK produced.\n *\n * These helpers are intentionally separate from the signing path. The\n * v0 canonical signature form (event_type|action|resource|input_hash|\n * output_hash|result) does NOT cover model_version, tool_catalogue_hash,\n * or system_prompt_hash. They will enter the canonical bytes in v1\n * (RFC 8785 JCS) in a follow-up release.\n *\n * Stable across SDK versions: the canonical-form version is documented\n * in CANONICAL_TOOL_CATALOGUE_VERSION. Future changes get a v2 etc;\n * never edit the existing v1 logic, or already-recorded hashes lose\n * their meaning.\n */\n\n// ─── Versioning ───────────────────────────────────────────────────────────\n\n/**\n * Canonical-form version for tool catalogue hashes produced by this SDK.\n * Recorded in tool_catalogue_canon_version on the event metadata (when\n * the metadata field is used) so verifiers know which hash recipe to\n * reproduce. Increment ONLY if the algorithm changes in a way that\n * would change the hash for the same logical catalogue.\n */\nexport const CANONICAL_TOOL_CATALOGUE_VERSION = 'v1' as const;\n\n// ─── Types ────────────────────────────────────────────────────────────────\n\n/**\n * Minimum shape a tool needs for catalogue hashing. The framework\n * integrations adapt their native tool objects to this shape before\n * calling hashToolCatalogue.\n */\nexport interface CatalogueTool {\n  /** The name the model sees and calls. Required. */\n  name: string;\n  /** Human-readable description shown to the model. Optional; absent ↔ empty string. */\n  description?: string;\n  /**\n   * JSON Schema describing the tool's input parameters. Optional;\n   * absent ↔ empty object `{}`. The schema gets RFC 8785 JCS-canonicalised\n   * before hashing so semantically-equivalent variations (key order,\n   * whitespace) produce the same hash.\n   */\n  schema?: Record<string, unknown> | null;\n}\n\n// ─── RFC 8785 JCS subset ──────────────────────────────────────────────────\n\n/**\n * RFC 8785 JSON Canonicalization Scheme, sufficient subset for tool\n * catalogue values.\n *\n * Rules:\n *  - Object keys sorted lexicographically by UTF-16 code units (which\n *    is what JS string comparison does naturally).\n *  - No whitespace between tokens.\n *  - Numbers: integers as integers, finite floats per ECMAScript\n *    Number.prototype.toString. JCS forbids NaN and Infinity.\n *  - Strings: JSON-escape using minimal set per RFC 8259 § 7.\n *  - null, true, false, arrays: as JSON.stringify produces them, since\n *    JSON.stringify already produces the canonical form for these.\n *\n * Not vendoring a full library because tool schemas don't carry\n * non-integer numbers in practice and the JS spec for Number.toString\n * happens to coincide with JCS § 3.2.2.2 for the integer case.\n */\nexport function jcsCanonicalise(value: unknown): string {\n  if (value === null) return 'null';\n  if (value === true) return 'true';\n  if (value === false) return 'false';\n\n  if (typeof value === 'number') {\n    if (!Number.isFinite(value)) {\n      throw new Error('jcsCanonicalise: NaN and Infinity are not JCS-valid');\n    }\n    // For integers in safe range, .toString() matches JCS. For\n    // non-integer floats, .toString() also matches in modern JS\n    // engines (V8, JavaScriptCore, SpiderMonkey all use the shortest\n    // round-trip representation, which is what JCS § 3.2.2.2 requires).\n    return value.toString();\n  }\n\n  if (typeof value === 'string') {\n    return JSON.stringify(value);\n  }\n\n  if (Array.isArray(value)) {\n    return '[' + value.map(jcsCanonicalise).join(',') + ']';\n  }\n\n  if (typeof value === 'object') {\n    const keys = Object.keys(value as Record<string, unknown>).sort();\n    const parts = keys.map(k => {\n      return JSON.stringify(k) + ':' + jcsCanonicalise((value as Record<string, unknown>)[k]);\n    });\n    return '{' + parts.join(',') + '}';\n  }\n\n  // undefined, function, symbol, bigint — not JSON-representable\n  throw new Error(`jcsCanonicalise: unsupported value type: ${typeof value}`);\n}\n\n// ─── SHA-256 ──────────────────────────────────────────────────────────────\n\nasync function sha256Hex(input: string | Uint8Array): Promise<string> {\n  const bytes = typeof input === 'string' ? new TextEncoder().encode(input) : input;\n\n  // Node.js Web Crypto (Node 18+) supports digest. Browser Web Crypto does too.\n  // Fall back to node:crypto if Web Crypto is unavailable.\n  const subtle = (globalThis as any).crypto?.subtle;\n  if (subtle) {\n    const buf = await subtle.digest('SHA-256', bytes);\n    return Array.from(new Uint8Array(buf))\n      .map(b => b.toString(16).padStart(2, '0'))\n      .join('');\n  }\n\n  // Node fallback\n  const nodeCrypto = await import('node:crypto');\n  return nodeCrypto.createHash('sha256').update(bytes).digest('hex');\n}\n\n// ─── Public API ───────────────────────────────────────────────────────────\n\n/**\n * Hash a single tool definition. Returns `sha256:<hex>`.\n *\n * Canonical form (v1):\n *   JCS-canonicalised JSON of `{name, description, schema}` where\n *   absent fields substitute `description: \"\"` and `schema: {}`.\n */\nexport async function hashTool(tool: CatalogueTool): Promise<string> {\n  const normalised = {\n    name: tool.name,\n    description: tool.description ?? '',\n    schema: tool.schema ?? {},\n  };\n  const hex = await sha256Hex(jcsCanonicalise(normalised));\n  return `sha256:${hex}`;\n}\n\n/**\n * Hash an entire tool catalogue. Returns `sha256:<hex>`.\n *\n * Reordering tools does NOT change the hash (tool hashes sorted\n * lexicographically before concatenation). Adding, removing, or\n * modifying a tool DOES change the hash.\n *\n * Per-tool hashing first means a verifier comparing two catalogue\n * hashes that differ can also be given the per-tool hashes to\n * identify which specific tool changed.\n */\nexport async function hashToolCatalogue(tools: CatalogueTool[]): Promise<string> {\n  if (tools.length === 0) {\n    // Empty catalogue has a deterministic, stable hash distinct from \"no field\"\n    return `sha256:${await sha256Hex('[]')}`;\n  }\n  const perTool = await Promise.all(tools.map(hashTool));\n  perTool.sort();\n  const hex = await sha256Hex(perTool.join(''));\n  return `sha256:${hex}`;\n}\n\n/**\n * Hash a system prompt. Returns `sha256:<hex>`.\n *\n * The prompt is UTF-8 encoded and hashed verbatim — no normalisation.\n * If a caller wants to ignore whitespace or comment differences, they\n * should normalise before calling. The intent here is deterministic\n * reproducibility, not semantic equivalence.\n */\nexport async function hashSystemPrompt(prompt: string): Promise<string> {\n  const hex = await sha256Hex(prompt);\n  return `sha256:${hex}`;\n}\n\n/**\n * Convenience: hash the previous event's canonical bytes for use in\n * the prev_event_hash field of hash-chained ingest. Caller provides\n * the canonical bytes (use canonicalPayloadV0 from the main module).\n */\nexport async function hashPreviousEvent(canonicalBytes: string): Promise<string> {\n  const hex = await sha256Hex(canonicalBytes);\n  return `sha256:${hex}`;\n}\n\n// ─── Replay context — framework integration helper ────────────────────────\n\n/**\n * Raw inputs the integration captures from the framework. Set by the\n * integration's config; turned into hashes by {@link prepareReplayContext}.\n */\nexport interface ReplayInputs {\n  /** Stable identifier for the model. E.g. `\"anthropic:claude-opus-4-8\"`. */\n  modelVersion?: string;\n  /** Tools available to the agent at call time. Hashed via {@link hashToolCatalogue}. */\n  tools?: CatalogueTool[];\n  /** System prompt active at call time. Hashed via {@link hashSystemPrompt}. */\n  systemPrompt?: string;\n}\n\n/**\n * Pre-computed hashes ready to attach to audit events. The three keys\n * match the audit_events column names.\n */\nexport interface ReplayContext {\n  model_version?: string;\n  tool_catalogue_hash?: string;\n  system_prompt_hash?: string;\n}\n\n/**\n * Compute replay context once from raw inputs. Use at integration\n * setup time so each emit can attach the hashes without re-hashing.\n *\n * Returns an object suitable for spreading into an AuditEventInput:\n *   `await vorim.emit({ ...event, ...replayContext })`\n *\n * If a field is absent in the inputs, it is absent in the result\n * (not the empty string). That keeps the event lean.\n */\nexport async function prepareReplayContext(\n  inputs: ReplayInputs,\n): Promise<ReplayContext> {\n  const ctx: ReplayContext = {};\n  if (inputs.modelVersion) ctx.model_version = inputs.modelVersion;\n  if (inputs.tools) ctx.tool_catalogue_hash = await hashToolCatalogue(inputs.tools);\n  if (inputs.systemPrompt) ctx.system_prompt_hash = await hashSystemPrompt(inputs.systemPrompt);\n  return ctx;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACwEO,SAAS,gBAAgB,OAAwB;AACtD,MAAI,UAAU,KAAM,QAAO;AAC3B,MAAI,UAAU,KAAM,QAAO;AAC3B,MAAI,UAAU,MAAO,QAAO;AAE5B,MAAI,OAAO,UAAU,UAAU;AAC7B,QAAI,CAAC,OAAO,SAAS,KAAK,GAAG;AAC3B,YAAM,IAAI,MAAM,qDAAqD;AAAA,IACvE;AAKA,WAAO,MAAM,SAAS;AAAA,EACxB;AAEA,MAAI,OAAO,UAAU,UAAU;AAC7B,WAAO,KAAK,UAAU,KAAK;AAAA,EAC7B;AAEA,MAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,WAAO,MAAM,MAAM,IAAI,eAAe,EAAE,KAAK,GAAG,IAAI;AAAA,EACtD;AAEA,MAAI,OAAO,UAAU,UAAU;AAC7B,UAAM,OAAO,OAAO,KAAK,KAAgC,EAAE,KAAK;AAChE,UAAM,QAAQ,KAAK,IAAI,OAAK;AAC1B,aAAO,KAAK,UAAU,CAAC,IAAI,MAAM,gBAAiB,MAAkC,CAAC,CAAC;AAAA,IACxF,CAAC;AACD,WAAO,MAAM,MAAM,KAAK,GAAG,IAAI;AAAA,EACjC;AAGA,QAAM,IAAI,MAAM,4CAA4C,OAAO,KAAK,EAAE;AAC5E;AAIA,eAAe,UAAU,OAA6C;AACpE,QAAM,QAAQ,OAAO,UAAU,WAAW,IAAI,YAAY,EAAE,OAAO,KAAK,IAAI;AAI5E,QAAM,SAAU,WAAmB,QAAQ;AAC3C,MAAI,QAAQ;AACV,UAAM,MAAM,MAAM,OAAO,OAAO,WAAW,KAAK;AAChD,WAAO,MAAM,KAAK,IAAI,WAAW,GAAG,CAAC,EAClC,IAAI,OAAK,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EACxC,KAAK,EAAE;AAAA,EACZ;AAGA,QAAM,aAAa,MAAM,OAAO,QAAa;AAC7C,SAAO,WAAW,WAAW,QAAQ,EAAE,OAAO,KAAK,EAAE,OAAO,KAAK;AACnE;AAWA,eAAsB,SAAS,MAAsC;AACnE,QAAM,aAAa;AAAA,IACjB,MAAM,KAAK;AAAA,IACX,aAAa,KAAK,eAAe;AAAA,IACjC,QAAQ,KAAK,UAAU,CAAC;AAAA,EAC1B;AACA,QAAM,MAAM,MAAM,UAAU,gBAAgB,UAAU,CAAC;AACvD,SAAO,UAAU,GAAG;AACtB;AAaA,eAAsB,kBAAkB,OAAyC;AAC/E,MAAI,MAAM,WAAW,GAAG;AAEtB,WAAO,UAAU,MAAM,UAAU,IAAI,CAAC;AAAA,EACxC;AACA,QAAM,UAAU,MAAM,QAAQ,IAAI,MAAM,IAAI,QAAQ,CAAC;AACrD,UAAQ,KAAK;AACb,QAAM,MAAM,MAAM,UAAU,QAAQ,KAAK,EAAE,CAAC;AAC5C,SAAO,UAAU,GAAG;AACtB;AAUA,eAAsB,iBAAiB,QAAiC;AACtE,QAAM,MAAM,MAAM,UAAU,MAAM;AAClC,SAAO,UAAU,GAAG;AACtB;AA+CA,eAAsB,qBACpB,QACwB;AACxB,QAAM,MAAqB,CAAC;AAC5B,MAAI,OAAO,aAAc,KAAI,gBAAgB,OAAO;AACpD,MAAI,OAAO,MAAO,KAAI,sBAAsB,MAAM,kBAAkB,OAAO,KAAK;AAChF,MAAI,OAAO,aAAc,KAAI,qBAAqB,MAAM,iBAAiB,OAAO,YAAY;AAC5F,SAAO;AACT;;;AD5JO,SAAS,SACd,MACA,QACG;AACH,QAAM,EAAE,OAAO,SAAS,gBAAgB,CAAC,GAAG,oBAAoB,iBAAiB,aAAa,MAAM,OAAO,IAAI;AAE/G,QAAM,eAAe,KAAK,MAAM,KAAK,IAAI;AACzC,QAAM,eAAe,wBAAwB,MAAM;AAGnD,EAAC,KAAa,QAAQ,eAAe,iBACnC,KACA,YACA,cACkB;AAClB,UAAM,QAAQ,cAAc,KAAK,IAAI,KAAK;AAG1C,UAAM,EAAE,SAAS,OAAO,IAAI,MAAM,MAAM,MAAM,SAAS,KAAK;AAC5D,UAAM,YAAY,MAAM,aAAa;AAErC,QAAI,CAAC,SAAS;AACZ,YAAMA,SAAyB;AAAA,QAC7B,UAAU;AAAA,QACV,YAAY;AAAA,QACZ,QAAQ,KAAK;AAAA,QACb,UAAU,SAAS,KAAK,UAAU,GAAG,GAAG,GAAG;AAAA,QAC3C,YAAY;AAAA,QACZ,QAAQ;AAAA,QACR,UAAU,EAAE,QAAQ,WAAW,YAAY;AAAA,QAC3C,GAAG;AAAA,MACL;AACA,gBAAU,OAAOA,QAAO,UAAU;AAClC,YAAM,IAAI,MAAM,iCAAiC,KAAK,IAAI,mBAAc,KAAK,IAAI,SAAS,KAAK,MAAM,KAAK,EAAE,EAAE;AAAA,IAChH;AAGA,UAAM,QAAQ,KAAK,IAAI;AACvB,QAAI;AACJ,QAAI;AACF,eAAS,MAAM,aAAa,KAAK,YAAY,YAAY;AAAA,IAC3D,SAAS,KAAK;AACZ,YAAMA,SAAyB;AAAA,QAC7B,UAAU;AAAA,QACV,YAAY;AAAA,QACZ,QAAQ,KAAK;AAAA,QACb,UAAU,SAAS,KAAK,UAAU,GAAG,GAAG,GAAG;AAAA,QAC3C,YAAY;AAAA,QACZ,QAAQ;AAAA,QACR,YAAY,KAAK,IAAI,IAAI;AAAA,QACzB,YAAY,eAAe,QAAQ,IAAI,OAAO;AAAA,QAC9C,UAAU,EAAE,OAAO,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,GAAG,WAAW,YAAY;AAAA,QAC5F,GAAG;AAAA,MACL;AACA,gBAAU,OAAOA,QAAO,UAAU;AAClC,YAAM;AAAA,IACR;AAGA,UAAM,QAAyB;AAAA,MAC7B,UAAU;AAAA,MACV,YAAY;AAAA,MACZ,QAAQ,KAAK;AAAA,MACb,UAAU,SAAS,KAAK,UAAU,GAAG,GAAG,GAAG;AAAA,MAC3C,YAAY;AAAA,MACZ,QAAQ;AAAA,MACR,YAAY,KAAK,IAAI,IAAI;AAAA,MACzB,UAAU,EAAE,WAAW,YAAY;AAAA,MACnC,GAAG;AAAA,IACL;AACA,cAAU,OAAO,OAAO,UAAU;AAElC,WAAO;AAAA,EACT;AAEA,SAAO;AACT;AAQA,SAAS,wBAAwB,QAAgE;AAC/F,MAAI,CAAC,OAAQ,QAAO,aAAa,CAAC;AAClC,MAAI,SAAwC;AAC5C,SAAO,MAAM;AACX,QAAI,CAAC,OAAQ,UAAS,qBAAqB,MAAM;AACjD,WAAO;AAAA,EACT;AACF;AAKO,SAAS,UACd,OACA,QACK;AACL,SAAO,MAAM,IAAI,OAAK,SAAS,GAAG,MAAM,CAAC;AAC3C;AAeO,IAAM,uBAAN,MAAM,sBAAqB;AAAA,EAChC,OAAO;AAAA,EACC;AAAA,EACA;AAAA,EACA,SAAS,oBAAI,IAAgE;AAAA,EAC7E;AAAA;AAAA,EAGR,YAAY;AAAA,EACZ,cAAc;AAAA,EACd,cAAc;AAAA,EACd,kBAAkB;AAAA,EAClB,oBAAoB;AAAA,EACpB,kBAAkB;AAAA,EAElB,IAAI,QAAkB;AAAE,WAAO,CAAC,SAAS,aAAa,sBAAsB;AAAA,EAAG;AAAA,EAC/E,IAAI,eAAyB;AAAE,WAAO,CAAC,SAAS,WAAW;AAAA,EAAG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAS9D,YAAY,OAAiB,SAAiB,QAAuB;AACnE,SAAK,QAAQ;AACb,SAAK,UAAU;AACf,SAAK,eAAe,wBAAwB,MAAM;AAAA,EACpD;AAAA,EAEA,MAAM,gBACJ,MACA,OACA,OACA,cACA,OACA,WACA,SACe;AACf,UAAM,WAAW,WAAW,KAAK,KAAK,KAAK,GAAG,SAAS,CAAC,KAAK;AAC7D,SAAK,OAAO,IAAI,OAAO,EAAE,MAAM,UAAU,OAAO,WAAW,KAAK,IAAI,EAAE,CAAC;AAAA,EACzE;AAAA,EAEA,MAAM,cACJ,SACA,OACe;AACf,UAAM,MAAM,KAAK,OAAO,IAAI,KAAK;AACjC,QAAI,CAAC,IAAK;AACV,SAAK,OAAO,OAAO,KAAK;AACxB,UAAM,YAAY,MAAM,KAAK,aAAa;AAE1C,UAAM,KAAK,MAAM,KAAK;AAAA,MACpB,UAAU,KAAK;AAAA,MACf,YAAY;AAAA,MACZ,QAAQ,IAAI;AAAA,MACZ,UAAU,SAAS,IAAI,OAAO,GAAG;AAAA,MACjC,QAAQ;AAAA,MACR,YAAY,KAAK,IAAI,IAAI,IAAI;AAAA,MAC7B,UAAU,EAAE,WAAW,YAAY;AAAA,MACnC,GAAG;AAAA,IACL,CAAC,EAAE,MAAM,MAAM;AAAA,IAAC,CAAC;AAAA,EACnB;AAAA,EAEA,MAAM,gBACJ,KACA,OACe;AACf,UAAM,MAAM,KAAK,OAAO,IAAI,KAAK;AACjC,QAAI,CAAC,IAAK;AACV,SAAK,OAAO,OAAO,KAAK;AACxB,UAAM,YAAY,MAAM,KAAK,aAAa;AAE1C,UAAM,KAAK,MAAM,KAAK;AAAA,MACpB,UAAU,KAAK;AAAA,MACf,YAAY;AAAA,MACZ,QAAQ,IAAI;AAAA,MACZ,UAAU,SAAS,IAAI,OAAO,GAAG;AAAA,MACjC,QAAQ;AAAA,MACR,YAAY,KAAK,IAAI,IAAI,IAAI;AAAA,MAC7B,YAAY,IAAI;AAAA,MAChB,UAAU,EAAE,OAAO,IAAI,SAAS,WAAW,YAAY;AAAA,MACvD,GAAG;AAAA,IACL,CAAC,EAAE,MAAM,MAAM;AAAA,IAAC,CAAC;AAAA,EACnB;AAAA;AAAA,EAGA,OAA6B;AAC3B,WAAO,IAAI,sBAAqB,KAAK,OAAO,KAAK,OAAO;AAAA,EAC1D;AAAA,EAEA,SAAS;AACP,WAAO,EAAE,IAAI,GAAG,MAAM,mBAAmB,IAAI,KAAK,MAAM;AAAA,EAC1D;AAAA,EAEA,uBAAuB;AACrB,WAAO,KAAK,OAAO;AAAA,EACrB;AACF;AA4CA,eAAsB,iBAA0C,QAAiD;AAC/G,QAAM,EAAE,OAAO,MAAM,cAAc,QAAQ,aAAa,OAAO,UAAU,eAAe,mBAAmB,YAAY,OAAO,IAAI;AAGlI,QAAM,eAAe,MAAM,MAAM,SAAS;AAAA,IACxC;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AAED,QAAM,UAAU,aAAa,MAAM;AAKnC,QAAM,gBAA0C,SAC5C,EAAE,GAAG,QAAQ,OAAO,OAAO,SAAS,kCAAkC,QAAQ,EAAE,IAChF,EAAE,OAAO,kCAAkC,QAAQ,EAAE;AAEzD,QAAM,cAAoC;AAAA,IACxC;AAAA,IAAO;AAAA,IAAS;AAAA,IAAe;AAAA,IAAmB;AAAA,IAAY,QAAQ;AAAA,EACxE;AAGA,QAAM,QAAQ,UAAU,UAAU,WAAW;AAG7C,QAAM,kBAAkB,IAAI,qBAAqB,OAAO,SAAS,aAAa;AAE9E,SAAO;AAAA;AAAA,IAEL;AAAA;AAAA,IAEA;AAAA;AAAA,IAEA;AAAA;AAAA,IAEA;AAAA;AAAA,IAEA,YAAY,aAAa;AAAA,EAC3B;AACF;AAYA,SAAS,SAAS,KAAa,KAAqB;AAClD,SAAO,IAAI,SAAS,MAAM,IAAI,MAAM,GAAG,GAAG,IAAI,WAAM;AACtD;AAEA,SAAS,UAAU,OAAiB,OAAwB,OAAsB;AAChF,MAAI,OAAO;AACT,UAAM,KAAK,KAAK,EAAE,MAAM,MAAM;AAAA,IAAC,CAAC;AAAA,EAClC,OAAO;AACL,UAAM,KAAK,KAAK,EAAE,MAAM,MAAM;AAAA,IAAC,CAAC;AAAA,EAClC;AACF;AAQA,SAAS,kCAAkC,OAAyC;AAClF,SAAO,MAAM,IAAI,OAAK;AACpB,QAAI,SAAyC;AAC7C,UAAM,MAAM,EAAE;AACd,QAAI,OAAO,OAAO,QAAQ,UAAU;AAElC,UAAI;AACF,iBAAS,KAAK,MAAM,KAAK,UAAU,GAAG,CAAC;AAAA,MACzC,QAAQ;AACN,iBAAS;AAAA,MACX;AAAA,IACF;AACA,WAAO;AAAA,MACL,MAAM,EAAE;AAAA,MACR,aAAa,EAAE,eAAe;AAAA,MAC9B;AAAA,IACF;AAAA,EACF,CAAC;AACH;","names":["event"]}
+{"version":3,"sources":["../../src/integrations/langchain.ts","../../src/replay.ts"],"sourcesContent":["// ============================================================================\n// VORIM SDK — LangChain / LangGraph JS Integration\n// Provides tool wrapping with permission checks + audit trail,\n// a callback handler for observability, and a factory for creating\n// Vorim-secured LangGraph ReAct agents.\n//\n// Peer dependencies:\n//   @langchain/core >=0.3.0\n//   @langchain/langgraph >=0.2.0\n// ============================================================================\n\nimport type { VorimSDK } from '../index.js';\nimport type { PermissionScope, AuditEventInput } from '../types.js';\nimport {\n  prepareReplayContext,\n  type ReplayInputs,\n  type ReplayContext,\n  type CatalogueTool,\n} from '../replay.js';\n\n// ─── Re-declared LangChain types (peer dependency — not bundled) ──────────\n// These mirror the actual types from @langchain/core so consumers don't\n// need to import them separately for basic usage.\n\n/** Minimal subset of @langchain/core Serialized */\ninterface Serialized {\n  lc: number;\n  type: string;\n  id: string[];\n  kwargs?: Record<string, unknown>;\n}\n\n// ─── Configuration ────────────────────────────────────────────────────────\n\nexport interface VorimLangChainConfig {\n  /** Vorim SDK instance. */\n  vorim: VorimSDK;\n  /** The Vorim agent_id to associate with this LangChain agent. */\n  agentId: string;\n  /** Map tool names → Vorim permission scopes. Unmapped tools default to 'agent:execute'. */\n  permissionMap?: Record<string, PermissionScope>;\n  /** Default permission scope for tools not in permissionMap. @default 'agent:execute' */\n  defaultPermission?: PermissionScope;\n  /** Whether to emit audit events asynchronously (fire-and-forget). @default true */\n  asyncAudit?: boolean;\n  /**\n   * Replayable agent decision evidence (VAIP -02). When provided, the\n   * hashes of the model version, tool catalogue, and system prompt are\n   * attached to every emitted audit event so an auditor can later\n   * reproduce the agent's decision context.\n   *\n   * Hashes are computed once on first emit and cached for subsequent\n   * emits in this config's lifetime.\n   *\n   * These fields are NOT covered by the v0 canonical signature form;\n   * advisory only until v1 (RFC 8785 JCS) lands.\n   */\n  replay?: ReplayInputs;\n}\n\n// ─── Tool Wrapper ─────────────────────────────────────────────────────────\n\n/**\n * Wraps a LangChain `StructuredTool` (or `DynamicStructuredTool`) with\n * Vorim permission checks before execution and audit event emission after.\n *\n * Works with any tool that has `name`, `description`, `schema`, and `_call`.\n *\n * @example\n * ```ts\n * import { DynamicStructuredTool } from \"@langchain/core/tools\";\n * import { wrapTool } from \"@vorim/sdk/integrations/langchain\";\n *\n * const guarded = wrapTool(myTool, {\n *   vorim, agentId: \"agid_acme_a1b2c3d4\",\n *   permissionMap: { search_docs: \"agent:read\" },\n * });\n * ```\n */\nexport function wrapTool<T extends LangChainTool>(\n  tool: T,\n  config: VorimLangChainConfig,\n): T {\n  const { vorim, agentId, permissionMap = {}, defaultPermission = 'agent:execute', asyncAudit = true, replay } = config;\n\n  const originalCall = tool._call.bind(tool);\n  const getReplayCtx = makeReplayContextGetter(replay);\n\n  // Override _call to inject permission check + audit\n  (tool as any)._call = async function vorimGuardedCall(\n    arg: unknown,\n    runManager?: unknown,\n    parentConfig?: unknown,\n  ): Promise<unknown> {\n    const scope = permissionMap[tool.name] ?? defaultPermission;\n\n    // 1. Permission check\n    const { allowed, reason } = await vorim.check(agentId, scope);\n    const replayCtx = await getReplayCtx();\n\n    if (!allowed) {\n      const event: AuditEventInput = {\n        agent_id: agentId,\n        event_type: 'tool_call',\n        action: tool.name,\n        resource: truncate(JSON.stringify(arg), 500),\n        permission: scope,\n        result: 'denied',\n        metadata: { reason, framework: 'langchain' },\n        ...replayCtx,\n      };\n      emitAudit(vorim, event, asyncAudit);\n      throw new Error(`Vorim: permission denied for \"${tool.name}\" — scope \"${scope}\"${reason ? `: ${reason}` : ''}`);\n    }\n\n    // 2. Execute the original tool\n    const start = Date.now();\n    let result: unknown;\n    try {\n      result = await originalCall(arg, runManager, parentConfig);\n    } catch (err) {\n      const event: AuditEventInput = {\n        agent_id: agentId,\n        event_type: 'tool_call',\n        action: tool.name,\n        resource: truncate(JSON.stringify(arg), 500),\n        permission: scope,\n        result: 'error',\n        latency_ms: Date.now() - start,\n        error_code: err instanceof Error ? err.name : 'UNKNOWN',\n        metadata: { error: err instanceof Error ? err.message : String(err), framework: 'langchain' },\n        ...replayCtx,\n      };\n      emitAudit(vorim, event, asyncAudit);\n      throw err;\n    }\n\n    // 3. Audit success\n    const event: AuditEventInput = {\n      agent_id: agentId,\n      event_type: 'tool_call',\n      action: tool.name,\n      resource: truncate(JSON.stringify(arg), 500),\n      permission: scope,\n      result: 'success',\n      latency_ms: Date.now() - start,\n      metadata: { framework: 'langchain' },\n      ...replayCtx,\n    };\n    emitAudit(vorim, event, asyncAudit);\n\n    return result;\n  };\n\n  return tool;\n}\n\n/**\n * Lazy-cached replay context getter. The hashes are computed once on\n * first call and reused for subsequent calls in this closure's lifetime.\n * Returns an empty object when no `replay` config was provided so the\n * spread is a no-op.\n */\nfunction makeReplayContextGetter(replay: ReplayInputs | undefined): () => Promise<ReplayContext> {\n  if (!replay) return async () => ({});\n  let cached: Promise<ReplayContext> | null = null;\n  return () => {\n    if (!cached) cached = prepareReplayContext(replay);\n    return cached;\n  };\n}\n\n/**\n * Wraps an array of LangChain tools with Vorim permission + audit.\n */\nexport function wrapTools<T extends LangChainTool>(\n  tools: T[],\n  config: VorimLangChainConfig,\n): T[] {\n  return tools.map(t => wrapTool(t, config));\n}\n\n// ─── Callback Handler ─────────────────────────────────────────────────────\n\n/**\n * LangChain callback handler that emits Vorim audit events for every\n * tool invocation. This is a **non-intrusive** observability layer —\n * it does not block or modify tool execution.\n *\n * Attach it to any LangChain invoke/stream call:\n * ```ts\n * const handler = new VorimCallbackHandler(vorim, \"agid_acme_a1b2c3d4\");\n * await agent.invoke({ messages }, { callbacks: [handler] });\n * ```\n */\nexport class VorimCallbackHandler {\n  name = 'VorimCallbackHandler';\n  private vorim: VorimSDK;\n  private agentId: string;\n  private runMap = new Map<string, { tool: string; input: string; startTime: number }>();\n  private getReplayCtx: () => Promise<ReplayContext>;\n\n  // Flags to satisfy BaseCallbackHandler interface\n  ignoreLLM = true;\n  ignoreChain = true;\n  ignoreAgent = true;\n  ignoreRetriever = true;\n  ignoreCustomEvent = true;\n  lc_serializable = false;\n\n  get lc_id(): string[] { return ['vorim', 'callbacks', 'VorimCallbackHandler']; }\n  get lc_namespace(): string[] { return ['vorim', 'callbacks']; }\n\n  /**\n   * @param vorim Vorim SDK instance.\n   * @param agentId The Vorim agent_id whose actions this callback audits.\n   * @param replay Optional replayable-evidence inputs. Same shape as\n   *               {@link VorimLangChainConfig.replay}; hashes are\n   *               computed once and attached to every audit event.\n   */\n  constructor(vorim: VorimSDK, agentId: string, replay?: ReplayInputs) {\n    this.vorim = vorim;\n    this.agentId = agentId;\n    this.getReplayCtx = makeReplayContextGetter(replay);\n  }\n\n  async handleToolStart(\n    tool: Serialized,\n    input: string,\n    runId: string,\n    _parentRunId?: string,\n    _tags?: string[],\n    _metadata?: Record<string, unknown>,\n    runName?: string,\n  ): Promise<void> {\n    const toolName = runName ?? tool.id?.[tool.id.length - 1] ?? 'unknown';\n    this.runMap.set(runId, { tool: toolName, input, startTime: Date.now() });\n  }\n\n  async handleToolEnd(\n    _output: unknown,\n    runId: string,\n  ): Promise<void> {\n    const run = this.runMap.get(runId);\n    if (!run) return;\n    this.runMap.delete(runId);\n    const replayCtx = await this.getReplayCtx();\n\n    await this.vorim.emit({\n      agent_id: this.agentId,\n      event_type: 'tool_call',\n      action: run.tool,\n      resource: truncate(run.input, 500),\n      result: 'success',\n      latency_ms: Date.now() - run.startTime,\n      metadata: { framework: 'langchain' },\n      ...replayCtx,\n    }).catch(() => {}); // never throw from callback\n  }\n\n  async handleToolError(\n    err: Error,\n    runId: string,\n  ): Promise<void> {\n    const run = this.runMap.get(runId);\n    if (!run) return;\n    this.runMap.delete(runId);\n    const replayCtx = await this.getReplayCtx();\n\n    await this.vorim.emit({\n      agent_id: this.agentId,\n      event_type: 'tool_call',\n      action: run.tool,\n      resource: truncate(run.input, 500),\n      result: 'error',\n      latency_ms: Date.now() - run.startTime,\n      error_code: err.name,\n      metadata: { error: err.message, framework: 'langchain' },\n      ...replayCtx,\n    }).catch(() => {});\n  }\n\n  // Required by BaseCallbackHandler — no-op for events we don't need\n  copy(): VorimCallbackHandler {\n    return new VorimCallbackHandler(this.vorim, this.agentId);\n  }\n\n  toJSON() {\n    return { lc: 1, type: 'not_implemented', id: this.lc_id };\n  }\n\n  toJSONNotImplemented() {\n    return this.toJSON();\n  }\n}\n\n// ─── Agent Factory ────────────────────────────────────────────────────────\n\nexport interface CreateVorimAgentConfig extends VorimLangChainConfig {\n  /** Display name for the agent when registering with Vorim. */\n  name: string;\n  /** Agent capabilities (e.g. [\"web_search\", \"code_execution\"]). */\n  capabilities: string[];\n  /** Initial permission scopes to grant. */\n  scopes: PermissionScope[];\n  /** Optional description. */\n  description?: string;\n}\n\n/**\n * Registers a new agent with Vorim and returns wrapped tools + callback handler\n * ready to use with `createReactAgent` or any LangChain agent.\n *\n * @example\n * ```ts\n * import { createReactAgent } from \"@langchain/langgraph/prebuilt\";\n * import { ChatOpenAI } from \"@langchain/openai\";\n * import { createVorimAgent } from \"@vorim/sdk/integrations/langchain\";\n *\n * const { agentId, tools, callbackHandler } = await createVorimAgent({\n *   vorim,\n *   name: \"research-agent\",\n *   capabilities: [\"web_search\"],\n *   scopes: [\"agent:read\", \"agent:execute\"],\n *   tools: [searchTool, analysisTool],\n * });\n *\n * const agent = createReactAgent({\n *   llm: new ChatOpenAI({ model: \"gpt-4o\" }),\n *   tools,\n * });\n *\n * const result = await agent.invoke(\n *   { messages: [{ role: \"user\", content: \"Research AI trends\" }] },\n *   { callbacks: [callbackHandler] },\n * );\n * ```\n */\nexport async function createVorimAgent<T extends LangChainTool>(config: CreateVorimAgentConfig & { tools: T[] }) {\n  const { vorim, name, capabilities, scopes, description, tools: rawTools, permissionMap, defaultPermission, asyncAudit, replay } = config;\n\n  // Register agent with Vorim\n  const registration = await vorim.register({\n    name,\n    description,\n    capabilities,\n    scopes,\n  });\n\n  const agentId = registration.agent.agent_id;\n\n  // If the caller passed `replay.tools`, use those. Otherwise derive a\n  // tool catalogue from the rawTools we're about to wrap so the\n  // replayable-evidence story works automatically.\n  const derivedReplay: ReplayInputs | undefined = replay\n    ? { ...replay, tools: replay.tools ?? deriveCatalogueFromLangChainTools(rawTools) }\n    : { tools: deriveCatalogueFromLangChainTools(rawTools) };\n\n  const agentConfig: VorimLangChainConfig = {\n    vorim, agentId, permissionMap, defaultPermission, asyncAudit, replay: derivedReplay,\n  };\n\n  // Wrap tools with permission checks\n  const tools = wrapTools(rawTools, agentConfig);\n\n  // Create callback handler for audit trail\n  const callbackHandler = new VorimCallbackHandler(vorim, agentId, derivedReplay);\n\n  return {\n    /** The Vorim agent_id. */\n    agentId,\n    /** The full agent registration result. */\n    registration,\n    /** Tools wrapped with Vorim permission checks + audit. */\n    tools,\n    /** Callback handler for audit trail observability. */\n    callbackHandler,\n    /** The private key (store securely — shown once). */\n    privateKey: registration.private_key,\n  };\n}\n\n// ─── Internal helpers ─────────────────────────────────────────────────────\n\n/** Minimal interface matching any LangChain StructuredTool / DynamicStructuredTool. */\ninterface LangChainTool {\n  name: string;\n  description: string;\n  schema: unknown;\n  _call(arg: any, runManager?: any, parentConfig?: any): Promise<any>;\n}\n\nfunction truncate(str: string, max: number): string {\n  return str.length > max ? str.slice(0, max) + '…' : str;\n}\n\nfunction emitAudit(vorim: VorimSDK, event: AuditEventInput, async: boolean): void {\n  if (async) {\n    vorim.emit(event).catch(() => {});\n  } else {\n    vorim.emit(event).catch(() => {});\n  }\n}\n\n/**\n * Convert LangChain tools to the catalogue shape used by hashToolCatalogue.\n * Best-effort: LangChain tool schemas can be Zod or plain JSON Schema.\n * If we can't get a serialisable shape, we fall back to `null` schema\n * which the hashing treats as `{}`.\n */\nfunction deriveCatalogueFromLangChainTools(tools: LangChainTool[]): CatalogueTool[] {\n  return tools.map(t => {\n    let schema: Record<string, unknown> | null = null;\n    const raw = t.schema as unknown;\n    if (raw && typeof raw === 'object') {\n      // If it's already plain JSON-serialisable, use it. Otherwise null.\n      try {\n        schema = JSON.parse(JSON.stringify(raw));\n      } catch {\n        schema = null;\n      }\n    }\n    return {\n      name: t.name,\n      description: t.description ?? '',\n      schema,\n    };\n  });\n}\n","/**\n * Replayable agent decision evidence helpers.\n *\n * Canonical-form hashing for the VAIP -02 schema fields that the SDK\n * attaches to audit events. The hashes recorded in audit_events.tool_catalogue_hash\n * and audit_events.system_prompt_hash use these functions, so the bytes\n * an auditor or counterparty reconstructs must match what the SDK produced.\n *\n * These helpers are intentionally separate from the signing path. The\n * v0 canonical signature form (event_type|action|resource|input_hash|\n * output_hash|result) does NOT cover model_version, tool_catalogue_hash,\n * or system_prompt_hash. They will enter the canonical bytes in v1\n * (RFC 8785 JCS) in a follow-up release.\n *\n * Stable across SDK versions: the canonical-form version is documented\n * in CANONICAL_TOOL_CATALOGUE_VERSION. Future changes get a v2 etc;\n * never edit the existing v1 logic, or already-recorded hashes lose\n * their meaning.\n */\n\n// ─── Versioning ───────────────────────────────────────────────────────────\n\n/**\n * Canonical-form version for tool catalogue hashes produced by this SDK.\n * Recorded in tool_catalogue_canon_version on the event metadata (when\n * the metadata field is used) so verifiers know which hash recipe to\n * reproduce. Increment ONLY if the algorithm changes in a way that\n * would change the hash for the same logical catalogue.\n */\nexport const CANONICAL_TOOL_CATALOGUE_VERSION = 'v1' as const;\n\n// ─── Types ────────────────────────────────────────────────────────────────\n\n/**\n * Minimum shape a tool needs for catalogue hashing. The framework\n * integrations adapt their native tool objects to this shape before\n * calling hashToolCatalogue.\n */\nexport interface CatalogueTool {\n  /** The name the model sees and calls. Required. */\n  name: string;\n  /** Human-readable description shown to the model. Optional; absent ↔ empty string. */\n  description?: string;\n  /**\n   * JSON Schema describing the tool's input parameters. Optional;\n   * absent ↔ empty object `{}`. The schema gets RFC 8785 JCS-canonicalised\n   * before hashing so semantically-equivalent variations (key order,\n   * whitespace) produce the same hash.\n   */\n  schema?: Record<string, unknown> | null;\n}\n\n// ─── RFC 8785 JCS subset ──────────────────────────────────────────────────\n\n/**\n * RFC 8785 JSON Canonicalization Scheme, sufficient subset for tool\n * catalogue values.\n *\n * Rules:\n *  - Object keys sorted lexicographically by UTF-16 code units (which\n *    is what JS string comparison does naturally).\n *  - No whitespace between tokens.\n *  - Numbers: integers as integers, finite floats per ECMAScript\n *    Number.prototype.toString. JCS forbids NaN and Infinity.\n *  - Strings: JSON-escape using minimal set per RFC 8259 § 7.\n *  - null, true, false, arrays: as JSON.stringify produces them, since\n *    JSON.stringify already produces the canonical form for these.\n *\n * Not vendoring a full library because tool schemas don't carry\n * non-integer numbers in practice and the JS spec for Number.toString\n * happens to coincide with JCS § 3.2.2.2 for the integer case.\n */\nexport function jcsCanonicalise(value: unknown): string {\n  if (value === null) return 'null';\n  if (value === true) return 'true';\n  if (value === false) return 'false';\n\n  if (typeof value === 'number') {\n    if (!Number.isFinite(value)) {\n      throw new Error('jcsCanonicalise: NaN and Infinity are not JCS-valid');\n    }\n    // For integers in safe range, .toString() matches JCS. For\n    // non-integer floats, .toString() also matches in modern JS\n    // engines (V8, JavaScriptCore, SpiderMonkey all use the shortest\n    // round-trip representation, which is what JCS § 3.2.2.2 requires).\n    return value.toString();\n  }\n\n  if (typeof value === 'string') {\n    return JSON.stringify(value);\n  }\n\n  if (Array.isArray(value)) {\n    return '[' + value.map(jcsCanonicalise).join(',') + ']';\n  }\n\n  if (typeof value === 'object') {\n    const obj = value as Record<string, unknown>;\n    // Filter undefined-valued fields, matching @vorim/verify and\n    // @vorim/shared-types. Without this the SDK throws on { a: 1, b: undefined }\n    // while the verifier silently drops b — a cross-module canonical-form\n    // divergence that would break signature verification on such events.\n    const keys = Object.keys(obj).filter(k => obj[k] !== undefined).sort();\n    const parts = keys.map(k => JSON.stringify(k) + ':' + jcsCanonicalise(obj[k]));\n    return '{' + parts.join(',') + '}';\n  }\n\n  // undefined, function, symbol, bigint — not JSON-representable\n  throw new Error(`jcsCanonicalise: unsupported value type: ${typeof value}`);\n}\n\n// ─── SHA-256 ──────────────────────────────────────────────────────────────\n\nasync function sha256Hex(input: string | Uint8Array): Promise<string> {\n  const bytes = typeof input === 'string' ? new TextEncoder().encode(input) : input;\n\n  // Node.js Web Crypto (Node 18+) supports digest. Browser Web Crypto does too.\n  // Fall back to node:crypto if Web Crypto is unavailable.\n  const subtle = (globalThis as any).crypto?.subtle;\n  if (subtle) {\n    const buf = await subtle.digest('SHA-256', bytes);\n    return Array.from(new Uint8Array(buf))\n      .map(b => b.toString(16).padStart(2, '0'))\n      .join('');\n  }\n\n  // Node fallback\n  const nodeCrypto = await import('node:crypto');\n  return nodeCrypto.createHash('sha256').update(bytes).digest('hex');\n}\n\n// ─── Public API ───────────────────────────────────────────────────────────\n\n/**\n * Hash a single tool definition. Returns `sha256:<hex>`.\n *\n * Canonical form (v1):\n *   JCS-canonicalised JSON of `{name, description, schema}` where\n *   absent fields substitute `description: \"\"` and `schema: {}`.\n */\nexport async function hashTool(tool: CatalogueTool): Promise<string> {\n  const normalised = {\n    name: tool.name,\n    description: tool.description ?? '',\n    schema: tool.schema ?? {},\n  };\n  const hex = await sha256Hex(jcsCanonicalise(normalised));\n  return `sha256:${hex}`;\n}\n\n/**\n * Hash an entire tool catalogue. Returns `sha256:<hex>`.\n *\n * Reordering tools does NOT change the hash (tool hashes sorted\n * lexicographically before concatenation). Adding, removing, or\n * modifying a tool DOES change the hash.\n *\n * Per-tool hashing first means a verifier comparing two catalogue\n * hashes that differ can also be given the per-tool hashes to\n * identify which specific tool changed.\n */\nexport async function hashToolCatalogue(tools: CatalogueTool[]): Promise<string> {\n  if (tools.length === 0) {\n    // Empty catalogue has a deterministic, stable hash distinct from \"no field\"\n    return `sha256:${await sha256Hex('[]')}`;\n  }\n  const perTool = await Promise.all(tools.map(hashTool));\n  perTool.sort();\n  const hex = await sha256Hex(perTool.join(''));\n  return `sha256:${hex}`;\n}\n\n/**\n * Hash a system prompt. Returns `sha256:<hex>`.\n *\n * The prompt is UTF-8 encoded and hashed verbatim — no normalisation.\n * If a caller wants to ignore whitespace or comment differences, they\n * should normalise before calling. The intent here is deterministic\n * reproducibility, not semantic equivalence.\n */\nexport async function hashSystemPrompt(prompt: string): Promise<string> {\n  const hex = await sha256Hex(prompt);\n  return `sha256:${hex}`;\n}\n\n/**\n * Convenience: hash the previous event's canonical bytes for use in\n * the prev_event_hash field of hash-chained ingest. Caller provides\n * the canonical bytes (use canonicalPayloadV0 from the main module).\n */\nexport async function hashPreviousEvent(canonicalBytes: string): Promise<string> {\n  const hex = await sha256Hex(canonicalBytes);\n  return `sha256:${hex}`;\n}\n\n// ─── Replay context — framework integration helper ────────────────────────\n\n/**\n * Raw inputs the integration captures from the framework. Set by the\n * integration's config; turned into hashes by {@link prepareReplayContext}.\n */\nexport interface ReplayInputs {\n  /** Stable identifier for the model. E.g. `\"anthropic:claude-opus-4-8\"`. */\n  modelVersion?: string;\n  /** Tools available to the agent at call time. Hashed via {@link hashToolCatalogue}. */\n  tools?: CatalogueTool[];\n  /** System prompt active at call time. Hashed via {@link hashSystemPrompt}. */\n  systemPrompt?: string;\n}\n\n/**\n * Pre-computed hashes ready to attach to audit events. The three keys\n * match the audit_events column names.\n */\nexport interface ReplayContext {\n  model_version?: string;\n  tool_catalogue_hash?: string;\n  system_prompt_hash?: string;\n}\n\n/**\n * Compute replay context once from raw inputs. Use at integration\n * setup time so each emit can attach the hashes without re-hashing.\n *\n * Returns an object suitable for spreading into an AuditEventInput:\n *   `await vorim.emit({ ...event, ...replayContext })`\n *\n * If a field is absent in the inputs, it is absent in the result\n * (not the empty string). That keeps the event lean.\n */\nexport async function prepareReplayContext(\n  inputs: ReplayInputs,\n): Promise<ReplayContext> {\n  const ctx: ReplayContext = {};\n  if (inputs.modelVersion) ctx.model_version = inputs.modelVersion;\n  if (inputs.tools) ctx.tool_catalogue_hash = await hashToolCatalogue(inputs.tools);\n  if (inputs.systemPrompt) ctx.system_prompt_hash = await hashSystemPrompt(inputs.systemPrompt);\n  return ctx;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACwEO,SAAS,gBAAgB,OAAwB;AACtD,MAAI,UAAU,KAAM,QAAO;AAC3B,MAAI,UAAU,KAAM,QAAO;AAC3B,MAAI,UAAU,MAAO,QAAO;AAE5B,MAAI,OAAO,UAAU,UAAU;AAC7B,QAAI,CAAC,OAAO,SAAS,KAAK,GAAG;AAC3B,YAAM,IAAI,MAAM,qDAAqD;AAAA,IACvE;AAKA,WAAO,MAAM,SAAS;AAAA,EACxB;AAEA,MAAI,OAAO,UAAU,UAAU;AAC7B,WAAO,KAAK,UAAU,KAAK;AAAA,EAC7B;AAEA,MAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,WAAO,MAAM,MAAM,IAAI,eAAe,EAAE,KAAK,GAAG,IAAI;AAAA,EACtD;AAEA,MAAI,OAAO,UAAU,UAAU;AAC7B,UAAM,MAAM;AAKZ,UAAM,OAAO,OAAO,KAAK,GAAG,EAAE,OAAO,OAAK,IAAI,CAAC,MAAM,MAAS,EAAE,KAAK;AACrE,UAAM,QAAQ,KAAK,IAAI,OAAK,KAAK,UAAU,CAAC,IAAI,MAAM,gBAAgB,IAAI,CAAC,CAAC,CAAC;AAC7E,WAAO,MAAM,MAAM,KAAK,GAAG,IAAI;AAAA,EACjC;AAGA,QAAM,IAAI,MAAM,4CAA4C,OAAO,KAAK,EAAE;AAC5E;AAIA,eAAe,UAAU,OAA6C;AACpE,QAAM,QAAQ,OAAO,UAAU,WAAW,IAAI,YAAY,EAAE,OAAO,KAAK,IAAI;AAI5E,QAAM,SAAU,WAAmB,QAAQ;AAC3C,MAAI,QAAQ;AACV,UAAM,MAAM,MAAM,OAAO,OAAO,WAAW,KAAK;AAChD,WAAO,MAAM,KAAK,IAAI,WAAW,GAAG,CAAC,EAClC,IAAI,OAAK,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EACxC,KAAK,EAAE;AAAA,EACZ;AAGA,QAAM,aAAa,MAAM,OAAO,QAAa;AAC7C,SAAO,WAAW,WAAW,QAAQ,EAAE,OAAO,KAAK,EAAE,OAAO,KAAK;AACnE;AAWA,eAAsB,SAAS,MAAsC;AACnE,QAAM,aAAa;AAAA,IACjB,MAAM,KAAK;AAAA,IACX,aAAa,KAAK,eAAe;AAAA,IACjC,QAAQ,KAAK,UAAU,CAAC;AAAA,EAC1B;AACA,QAAM,MAAM,MAAM,UAAU,gBAAgB,UAAU,CAAC;AACvD,SAAO,UAAU,GAAG;AACtB;AAaA,eAAsB,kBAAkB,OAAyC;AAC/E,MAAI,MAAM,WAAW,GAAG;AAEtB,WAAO,UAAU,MAAM,UAAU,IAAI,CAAC;AAAA,EACxC;AACA,QAAM,UAAU,MAAM,QAAQ,IAAI,MAAM,IAAI,QAAQ,CAAC;AACrD,UAAQ,KAAK;AACb,QAAM,MAAM,MAAM,UAAU,QAAQ,KAAK,EAAE,CAAC;AAC5C,SAAO,UAAU,GAAG;AACtB;AAUA,eAAsB,iBAAiB,QAAiC;AACtE,QAAM,MAAM,MAAM,UAAU,MAAM;AAClC,SAAO,UAAU,GAAG;AACtB;AA+CA,eAAsB,qBACpB,QACwB;AACxB,QAAM,MAAqB,CAAC;AAC5B,MAAI,OAAO,aAAc,KAAI,gBAAgB,OAAO;AACpD,MAAI,OAAO,MAAO,KAAI,sBAAsB,MAAM,kBAAkB,OAAO,KAAK;AAChF,MAAI,OAAO,aAAc,KAAI,qBAAqB,MAAM,iBAAiB,OAAO,YAAY;AAC5F,SAAO;AACT;;;AD/JO,SAAS,SACd,MACA,QACG;AACH,QAAM,EAAE,OAAO,SAAS,gBAAgB,CAAC,GAAG,oBAAoB,iBAAiB,aAAa,MAAM,OAAO,IAAI;AAE/G,QAAM,eAAe,KAAK,MAAM,KAAK,IAAI;AACzC,QAAM,eAAe,wBAAwB,MAAM;AAGnD,EAAC,KAAa,QAAQ,eAAe,iBACnC,KACA,YACA,cACkB;AAClB,UAAM,QAAQ,cAAc,KAAK,IAAI,KAAK;AAG1C,UAAM,EAAE,SAAS,OAAO,IAAI,MAAM,MAAM,MAAM,SAAS,KAAK;AAC5D,UAAM,YAAY,MAAM,aAAa;AAErC,QAAI,CAAC,SAAS;AACZ,YAAMA,SAAyB;AAAA,QAC7B,UAAU;AAAA,QACV,YAAY;AAAA,QACZ,QAAQ,KAAK;AAAA,QACb,UAAU,SAAS,KAAK,UAAU,GAAG,GAAG,GAAG;AAAA,QAC3C,YAAY;AAAA,QACZ,QAAQ;AAAA,QACR,UAAU,EAAE,QAAQ,WAAW,YAAY;AAAA,QAC3C,GAAG;AAAA,MACL;AACA,gBAAU,OAAOA,QAAO,UAAU;AAClC,YAAM,IAAI,MAAM,iCAAiC,KAAK,IAAI,mBAAc,KAAK,IAAI,SAAS,KAAK,MAAM,KAAK,EAAE,EAAE;AAAA,IAChH;AAGA,UAAM,QAAQ,KAAK,IAAI;AACvB,QAAI;AACJ,QAAI;AACF,eAAS,MAAM,aAAa,KAAK,YAAY,YAAY;AAAA,IAC3D,SAAS,KAAK;AACZ,YAAMA,SAAyB;AAAA,QAC7B,UAAU;AAAA,QACV,YAAY;AAAA,QACZ,QAAQ,KAAK;AAAA,QACb,UAAU,SAAS,KAAK,UAAU,GAAG,GAAG,GAAG;AAAA,QAC3C,YAAY;AAAA,QACZ,QAAQ;AAAA,QACR,YAAY,KAAK,IAAI,IAAI;AAAA,QACzB,YAAY,eAAe,QAAQ,IAAI,OAAO;AAAA,QAC9C,UAAU,EAAE,OAAO,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,GAAG,WAAW,YAAY;AAAA,QAC5F,GAAG;AAAA,MACL;AACA,gBAAU,OAAOA,QAAO,UAAU;AAClC,YAAM;AAAA,IACR;AAGA,UAAM,QAAyB;AAAA,MAC7B,UAAU;AAAA,MACV,YAAY;AAAA,MACZ,QAAQ,KAAK;AAAA,MACb,UAAU,SAAS,KAAK,UAAU,GAAG,GAAG,GAAG;AAAA,MAC3C,YAAY;AAAA,MACZ,QAAQ;AAAA,MACR,YAAY,KAAK,IAAI,IAAI;AAAA,MACzB,UAAU,EAAE,WAAW,YAAY;AAAA,MACnC,GAAG;AAAA,IACL;AACA,cAAU,OAAO,OAAO,UAAU;AAElC,WAAO;AAAA,EACT;AAEA,SAAO;AACT;AAQA,SAAS,wBAAwB,QAAgE;AAC/F,MAAI,CAAC,OAAQ,QAAO,aAAa,CAAC;AAClC,MAAI,SAAwC;AAC5C,SAAO,MAAM;AACX,QAAI,CAAC,OAAQ,UAAS,qBAAqB,MAAM;AACjD,WAAO;AAAA,EACT;AACF;AAKO,SAAS,UACd,OACA,QACK;AACL,SAAO,MAAM,IAAI,OAAK,SAAS,GAAG,MAAM,CAAC;AAC3C;AAeO,IAAM,uBAAN,MAAM,sBAAqB;AAAA,EAChC,OAAO;AAAA,EACC;AAAA,EACA;AAAA,EACA,SAAS,oBAAI,IAAgE;AAAA,EAC7E;AAAA;AAAA,EAGR,YAAY;AAAA,EACZ,cAAc;AAAA,EACd,cAAc;AAAA,EACd,kBAAkB;AAAA,EAClB,oBAAoB;AAAA,EACpB,kBAAkB;AAAA,EAElB,IAAI,QAAkB;AAAE,WAAO,CAAC,SAAS,aAAa,sBAAsB;AAAA,EAAG;AAAA,EAC/E,IAAI,eAAyB;AAAE,WAAO,CAAC,SAAS,WAAW;AAAA,EAAG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAS9D,YAAY,OAAiB,SAAiB,QAAuB;AACnE,SAAK,QAAQ;AACb,SAAK,UAAU;AACf,SAAK,eAAe,wBAAwB,MAAM;AAAA,EACpD;AAAA,EAEA,MAAM,gBACJ,MACA,OACA,OACA,cACA,OACA,WACA,SACe;AACf,UAAM,WAAW,WAAW,KAAK,KAAK,KAAK,GAAG,SAAS,CAAC,KAAK;AAC7D,SAAK,OAAO,IAAI,OAAO,EAAE,MAAM,UAAU,OAAO,WAAW,KAAK,IAAI,EAAE,CAAC;AAAA,EACzE;AAAA,EAEA,MAAM,cACJ,SACA,OACe;AACf,UAAM,MAAM,KAAK,OAAO,IAAI,KAAK;AACjC,QAAI,CAAC,IAAK;AACV,SAAK,OAAO,OAAO,KAAK;AACxB,UAAM,YAAY,MAAM,KAAK,aAAa;AAE1C,UAAM,KAAK,MAAM,KAAK;AAAA,MACpB,UAAU,KAAK;AAAA,MACf,YAAY;AAAA,MACZ,QAAQ,IAAI;AAAA,MACZ,UAAU,SAAS,IAAI,OAAO,GAAG;AAAA,MACjC,QAAQ;AAAA,MACR,YAAY,KAAK,IAAI,IAAI,IAAI;AAAA,MAC7B,UAAU,EAAE,WAAW,YAAY;AAAA,MACnC,GAAG;AAAA,IACL,CAAC,EAAE,MAAM,MAAM;AAAA,IAAC,CAAC;AAAA,EACnB;AAAA,EAEA,MAAM,gBACJ,KACA,OACe;AACf,UAAM,MAAM,KAAK,OAAO,IAAI,KAAK;AACjC,QAAI,CAAC,IAAK;AACV,SAAK,OAAO,OAAO,KAAK;AACxB,UAAM,YAAY,MAAM,KAAK,aAAa;AAE1C,UAAM,KAAK,MAAM,KAAK;AAAA,MACpB,UAAU,KAAK;AAAA,MACf,YAAY;AAAA,MACZ,QAAQ,IAAI;AAAA,MACZ,UAAU,SAAS,IAAI,OAAO,GAAG;AAAA,MACjC,QAAQ;AAAA,MACR,YAAY,KAAK,IAAI,IAAI,IAAI;AAAA,MAC7B,YAAY,IAAI;AAAA,MAChB,UAAU,EAAE,OAAO,IAAI,SAAS,WAAW,YAAY;AAAA,MACvD,GAAG;AAAA,IACL,CAAC,EAAE,MAAM,MAAM;AAAA,IAAC,CAAC;AAAA,EACnB;AAAA;AAAA,EAGA,OAA6B;AAC3B,WAAO,IAAI,sBAAqB,KAAK,OAAO,KAAK,OAAO;AAAA,EAC1D;AAAA,EAEA,SAAS;AACP,WAAO,EAAE,IAAI,GAAG,MAAM,mBAAmB,IAAI,KAAK,MAAM;AAAA,EAC1D;AAAA,EAEA,uBAAuB;AACrB,WAAO,KAAK,OAAO;AAAA,EACrB;AACF;AA4CA,eAAsB,iBAA0C,QAAiD;AAC/G,QAAM,EAAE,OAAO,MAAM,cAAc,QAAQ,aAAa,OAAO,UAAU,eAAe,mBAAmB,YAAY,OAAO,IAAI;AAGlI,QAAM,eAAe,MAAM,MAAM,SAAS;AAAA,IACxC;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AAED,QAAM,UAAU,aAAa,MAAM;AAKnC,QAAM,gBAA0C,SAC5C,EAAE,GAAG,QAAQ,OAAO,OAAO,SAAS,kCAAkC,QAAQ,EAAE,IAChF,EAAE,OAAO,kCAAkC,QAAQ,EAAE;AAEzD,QAAM,cAAoC;AAAA,IACxC;AAAA,IAAO;AAAA,IAAS;AAAA,IAAe;AAAA,IAAmB;AAAA,IAAY,QAAQ;AAAA,EACxE;AAGA,QAAM,QAAQ,UAAU,UAAU,WAAW;AAG7C,QAAM,kBAAkB,IAAI,qBAAqB,OAAO,SAAS,aAAa;AAE9E,SAAO;AAAA;AAAA,IAEL;AAAA;AAAA,IAEA;AAAA;AAAA,IAEA;AAAA;AAAA,IAEA;AAAA;AAAA,IAEA,YAAY,aAAa;AAAA,EAC3B;AACF;AAYA,SAAS,SAAS,KAAa,KAAqB;AAClD,SAAO,IAAI,SAAS,MAAM,IAAI,MAAM,GAAG,GAAG,IAAI,WAAM;AACtD;AAEA,SAAS,UAAU,OAAiB,OAAwB,OAAsB;AAChF,MAAI,OAAO;AACT,UAAM,KAAK,KAAK,EAAE,MAAM,MAAM;AAAA,IAAC,CAAC;AAAA,EAClC,OAAO;AACL,UAAM,KAAK,KAAK,EAAE,MAAM,MAAM;AAAA,IAAC,CAAC;AAAA,EAClC;AACF;AAQA,SAAS,kCAAkC,OAAyC;AAClF,SAAO,MAAM,IAAI,OAAK;AACpB,QAAI,SAAyC;AAC7C,UAAM,MAAM,EAAE;AACd,QAAI,OAAO,OAAO,QAAQ,UAAU;AAElC,UAAI;AACF,iBAAS,KAAK,MAAM,KAAK,UAAU,GAAG,CAAC;AAAA,MACzC,QAAQ;AACN,iBAAS;AAAA,MACX;AAAA,IACF;AACA,WAAO;AAAA,MACL,MAAM,EAAE;AAAA,MACR,aAAa,EAAE,eAAe;AAAA,MAC9B;AAAA,IACF;AAAA,EACF,CAAC;AACH;","names":["event"]}

package/dist/integrations/langchain.js

@@ -16,10 +16,9 @@ function jcsCanonicalise(value) {
     return "[" + value.map(jcsCanonicalise).join(",") + "]";
   }
   if (typeof value === "object") {
-    const keys = Object.keys(value).sort();
-    const parts = keys.map((k) => {
-      return JSON.stringify(k) + ":" + jcsCanonicalise(value[k]);
-    });
+    const obj = value;
+    const keys = Object.keys(obj).filter((k) => obj[k] !== void 0).sort();
+    const parts = keys.map((k) => JSON.stringify(k) + ":" + jcsCanonicalise(obj[k]));
     return "{" + parts.join(",") + "}";
   }
   throw new Error(`jcsCanonicalise: unsupported value type: ${typeof value}`);