npm - @vorionsys/a3i - Versions diffs - 0.1.0 - Mend

@vorionsys/a3i 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (166) hide show

package/LICENSE +190 -0
package/dist/api/handlers.d.ts +231 -0
package/dist/api/handlers.d.ts.map +1 -0
package/dist/api/handlers.js +279 -0
package/dist/api/handlers.js.map +1 -0
package/dist/api/index.d.ts +24 -0
package/dist/api/index.d.ts.map +1 -0
package/dist/api/index.js +27 -0
package/dist/api/index.js.map +1 -0
package/dist/api/middleware.d.ts +106 -0
package/dist/api/middleware.d.ts.map +1 -0
package/dist/api/middleware.js +186 -0
package/dist/api/middleware.js.map +1 -0
package/dist/api/routes.d.ts +41 -0
package/dist/api/routes.d.ts.map +1 -0
package/dist/api/routes.js +91 -0
package/dist/api/routes.js.map +1 -0
package/dist/authorization/constraints.d.ts +75 -0
package/dist/authorization/constraints.d.ts.map +1 -0
package/dist/authorization/constraints.js +302 -0
package/dist/authorization/constraints.js.map +1 -0
package/dist/authorization/decision.d.ts +98 -0
package/dist/authorization/decision.d.ts.map +1 -0
package/dist/authorization/decision.js +202 -0
package/dist/authorization/decision.js.map +1 -0
package/dist/authorization/engine.d.ts +141 -0
package/dist/authorization/engine.d.ts.map +1 -0
package/dist/authorization/engine.js +339 -0
package/dist/authorization/engine.js.map +1 -0
package/dist/authorization/index.d.ts +10 -0
package/dist/authorization/index.d.ts.map +1 -0
package/dist/authorization/index.js +13 -0
package/dist/authorization/index.js.map +1 -0
package/dist/banding/band-calculator.d.ts +137 -0
package/dist/banding/band-calculator.d.ts.map +1 -0
package/dist/banding/band-calculator.js +252 -0
package/dist/banding/band-calculator.js.map +1 -0
package/dist/banding/bands.d.ts +56 -0
package/dist/banding/bands.d.ts.map +1 -0
package/dist/banding/bands.js +200 -0
package/dist/banding/bands.js.map +1 -0
package/dist/banding/hysteresis.d.ts +64 -0
package/dist/banding/hysteresis.d.ts.map +1 -0
package/dist/banding/hysteresis.js +143 -0
package/dist/banding/hysteresis.js.map +1 -0
package/dist/banding/index.d.ts +10 -0
package/dist/banding/index.d.ts.map +1 -0
package/dist/banding/index.js +10 -0
package/dist/banding/index.js.map +1 -0
package/dist/canary/canary-service.d.ts +123 -0
package/dist/canary/canary-service.d.ts.map +1 -0
package/dist/canary/canary-service.js +353 -0
package/dist/canary/canary-service.js.map +1 -0
package/dist/canary/index.d.ts +12 -0
package/dist/canary/index.d.ts.map +1 -0
package/dist/canary/index.js +14 -0
package/dist/canary/index.js.map +1 -0
package/dist/canary/probe-library.d.ts +43 -0
package/dist/canary/probe-library.d.ts.map +1 -0
package/dist/canary/probe-library.js +655 -0
package/dist/canary/probe-library.js.map +1 -0
package/dist/execution/engine.d.ts +120 -0
package/dist/execution/engine.d.ts.map +1 -0
package/dist/execution/engine.js +220 -0
package/dist/execution/engine.js.map +1 -0
package/dist/execution/index.d.ts +7 -0
package/dist/execution/index.d.ts.map +1 -0
package/dist/execution/index.js +7 -0
package/dist/execution/index.js.map +1 -0
package/dist/gate/index.d.ts +12 -0
package/dist/gate/index.d.ts.map +1 -0
package/dist/gate/index.js +14 -0
package/dist/gate/index.js.map +1 -0
package/dist/gate/pre-action-gate.d.ts +87 -0
package/dist/gate/pre-action-gate.d.ts.map +1 -0
package/dist/gate/pre-action-gate.js +286 -0
package/dist/gate/pre-action-gate.js.map +1 -0
package/dist/gate/risk-classifier.d.ts +43 -0
package/dist/gate/risk-classifier.d.ts.map +1 -0
package/dist/gate/risk-classifier.js +157 -0
package/dist/gate/risk-classifier.js.map +1 -0
package/dist/hooks/executor.d.ts +56 -0
package/dist/hooks/executor.d.ts.map +1 -0
package/dist/hooks/executor.js +217 -0
package/dist/hooks/executor.js.map +1 -0
package/dist/hooks/index.d.ts +45 -0
package/dist/hooks/index.d.ts.map +1 -0
package/dist/hooks/index.js +49 -0
package/dist/hooks/index.js.map +1 -0
package/dist/hooks/manager.d.ts +156 -0
package/dist/hooks/manager.d.ts.map +1 -0
package/dist/hooks/manager.js +267 -0
package/dist/hooks/manager.js.map +1 -0
package/dist/hooks/registry.d.ts +130 -0
package/dist/hooks/registry.d.ts.map +1 -0
package/dist/hooks/registry.js +238 -0
package/dist/hooks/registry.js.map +1 -0
package/dist/hooks/types.d.ts +226 -0
package/dist/hooks/types.d.ts.map +1 -0
package/dist/hooks/types.js +41 -0
package/dist/hooks/types.js.map +1 -0
package/dist/index.d.ts +20 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +31 -0
package/dist/index.js.map +1 -0
package/dist/observation/attestation.d.ts +102 -0
package/dist/observation/attestation.d.ts.map +1 -0
package/dist/observation/attestation.js +127 -0
package/dist/observation/attestation.js.map +1 -0
package/dist/observation/ceilings.d.ts +60 -0
package/dist/observation/ceilings.d.ts.map +1 -0
package/dist/observation/ceilings.js +110 -0
package/dist/observation/ceilings.js.map +1 -0
package/dist/observation/index.d.ts +11 -0
package/dist/observation/index.d.ts.map +1 -0
package/dist/observation/index.js +14 -0
package/dist/observation/index.js.map +1 -0
package/dist/observation/tiers.d.ts +96 -0
package/dist/observation/tiers.d.ts.map +1 -0
package/dist/observation/tiers.js +225 -0
package/dist/observation/tiers.js.map +1 -0
package/dist/orchestrator/index.d.ts +8 -0
package/dist/orchestrator/index.d.ts.map +1 -0
package/dist/orchestrator/index.js +8 -0
package/dist/orchestrator/index.js.map +1 -0
package/dist/orchestrator/orchestrator.d.ts +225 -0
package/dist/orchestrator/orchestrator.d.ts.map +1 -0
package/dist/orchestrator/orchestrator.js +302 -0
package/dist/orchestrator/orchestrator.js.map +1 -0
package/dist/orchestrator/proof-plane-adapter.d.ts +80 -0
package/dist/orchestrator/proof-plane-adapter.d.ts.map +1 -0
package/dist/orchestrator/proof-plane-adapter.js +78 -0
package/dist/orchestrator/proof-plane-adapter.js.map +1 -0
package/dist/trust/calculator.d.ts +60 -0
package/dist/trust/calculator.d.ts.map +1 -0
package/dist/trust/calculator.js +163 -0
package/dist/trust/calculator.js.map +1 -0
package/dist/trust/dimensions.d.ts +133 -0
package/dist/trust/dimensions.d.ts.map +1 -0
package/dist/trust/dimensions.js +257 -0
package/dist/trust/dimensions.js.map +1 -0
package/dist/trust/index.d.ts +14 -0
package/dist/trust/index.d.ts.map +1 -0
package/dist/trust/index.js +25 -0
package/dist/trust/index.js.map +1 -0
package/dist/trust/profile-service.d.ts +179 -0
package/dist/trust/profile-service.d.ts.map +1 -0
package/dist/trust/profile-service.js +378 -0
package/dist/trust/profile-service.js.map +1 -0
package/dist/trust/profile-store.d.ts +122 -0
package/dist/trust/profile-store.d.ts.map +1 -0
package/dist/trust/profile-store.js +132 -0
package/dist/trust/profile-store.js.map +1 -0
package/dist/trust/trust-calculator.d.ts +111 -0
package/dist/trust/trust-calculator.d.ts.map +1 -0
package/dist/trust/trust-calculator.js +271 -0
package/dist/trust/trust-calculator.js.map +1 -0
package/dist/trust/trust-dynamics.d.ts +152 -0
package/dist/trust/trust-dynamics.d.ts.map +1 -0
package/dist/trust/trust-dynamics.js +302 -0
package/dist/trust/trust-dynamics.js.map +1 -0
package/dist/trust/weights.d.ts +57 -0
package/dist/trust/weights.d.ts.map +1 -0
package/dist/trust/weights.js +75 -0
package/dist/trust/weights.js.map +1 -0
package/package.json +81 -0

package/dist/authorization/decision.js ADDED Viewed

@@ -0,0 +1,202 @@
+/**
+ * Decision Builder - Construct authorization decisions
+ *
+ * Provides utilities for creating Decision objects with proper
+ * validation and structure.
+ */
+import { v4 as uuidv4 } from 'uuid';
+import { TrustBand, DenialReason, } from '@vorionsys/contracts';
+/**
+ * Build a permit decision
+ */
+export function buildPermitDecision(intent, profile, constraints, reasoning, options = {}) {
+    const now = options.now ?? new Date();
+    const validityDurationMs = options.validityDurationMs ?? 5 * 60 * 1000; // 5 minutes
+    return {
+        decisionId: options.decisionId ?? uuidv4(),
+        intentId: intent.intentId,
+        agentId: intent.agentId,
+        correlationId: intent.correlationId,
+        permitted: true,
+        constraints,
+        trustBand: profile.band,
+        trustScore: profile.adjustedScore,
+        policySetId: options.policySetId,
+        reasoning,
+        decidedAt: now,
+        expiresAt: new Date(now.getTime() + validityDurationMs),
+        latencyMs: 0, // Will be set by engine
+        version: 1,
+    };
+}
+/**
+ * Build a deny decision
+ */
+export function buildDenyDecision(intent, profile, _reason, // Reserved for future denialReason field in Decision
+reasoning, options = {}) {
+    const now = options.now ?? new Date();
+    const validityDurationMs = options.validityDurationMs ?? 5 * 60 * 1000;
+    return {
+        decisionId: options.decisionId ?? uuidv4(),
+        intentId: intent.intentId,
+        agentId: intent.agentId,
+        correlationId: intent.correlationId,
+        permitted: false,
+        constraints: undefined,
+        trustBand: profile?.band ?? TrustBand.T0_SANDBOX,
+        trustScore: profile?.adjustedScore ?? 0,
+        policySetId: options.policySetId,
+        reasoning,
+        decidedAt: now,
+        expiresAt: new Date(now.getTime() + validityDurationMs),
+        latencyMs: 0, // Will be set by engine
+        version: 1,
+    };
+}
+/**
+ * Get remediation suggestions for a denial reason
+ */
+export function getRemediations(reason, _context) {
+    switch (reason) {
+        case DenialReason.INSUFFICIENT_TRUST:
+            return [
+                'Increase trust score through positive behavioral evidence',
+                'Request human supervision for this action',
+                'Use a higher observation tier (e.g., WHITE_BOX) if available',
+            ];
+        case DenialReason.POLICY_VIOLATION:
+            return [
+                'Review the policy requirements for this action type',
+                'Request policy exception through governance channel',
+            ];
+        case DenialReason.RESOURCE_RESTRICTED:
+            return [
+                'Request access to the required resources',
+                'Use alternative resources that are permitted',
+            ];
+        case DenialReason.DATA_SENSITIVITY_EXCEEDED:
+            return [
+                'Reduce data sensitivity requirements',
+                'Request elevated data access permissions',
+                'Use anonymized or redacted data instead',
+            ];
+        case DenialReason.RATE_LIMIT_EXCEEDED:
+            return [
+                'Wait for the rate limit window to reset',
+                'Reduce request frequency',
+                'Request higher rate limits through governance',
+            ];
+        case DenialReason.CONTEXT_MISMATCH:
+            return [
+                'Verify the execution context is appropriate',
+                'Switch to the correct environment',
+                'Update intent context to match actual conditions',
+            ];
+        case DenialReason.EXPIRED_INTENT:
+            return [
+                'Create a new intent with updated expiration',
+                'Submit intents more promptly',
+            ];
+        case DenialReason.SYSTEM_ERROR:
+            return [
+                'Retry the request',
+                'Contact system administrators if the issue persists',
+            ];
+        default:
+            return ['Contact support for assistance'];
+    }
+}
+/**
+ * Determine the denial reason based on evaluation context
+ */
+export function determineDenialReason(profile, _intent, // Reserved for future intent-specific denial logic
+minRequiredBand, checks) {
+    if (checks.intentExpired) {
+        return DenialReason.EXPIRED_INTENT;
+    }
+    if (checks.rateLimitExceeded) {
+        return DenialReason.RATE_LIMIT_EXCEEDED;
+    }
+    if (checks.resourceRestricted) {
+        return DenialReason.RESOURCE_RESTRICTED;
+    }
+    if (checks.contextMismatch) {
+        return DenialReason.CONTEXT_MISMATCH;
+    }
+    if (checks.policyViolation) {
+        return DenialReason.POLICY_VIOLATION;
+    }
+    if (!profile || profile.band < minRequiredBand) {
+        return DenialReason.INSUFFICIENT_TRUST;
+    }
+    return DenialReason.POLICY_VIOLATION;
+}
+/**
+ * Create decision summary for logging
+ */
+export function summarizeDecision(decision) {
+    const action = decision.permitted ? 'PERMITTED' : 'DENIED';
+    const band = TrustBand[decision.trustBand];
+    return `[${decision.decisionId}] ${action} for agent ${decision.agentId} (${band}, score=${decision.trustScore}) - ${decision.reasoning[0] ?? 'No reason'}`;
+}
+/**
+ * Check if a decision is still valid
+ */
+export function isDecisionValid(decision, now = new Date()) {
+    return now < decision.expiresAt;
+}
+/**
+ * Decision builder class for fluent API
+ */
+export class DecisionBuilder {
+    intent;
+    profile = null;
+    permitted = false;
+    constraints;
+    reasoning = [];
+    denialReason;
+    options = {};
+    constructor(intent) {
+        this.intent = intent;
+    }
+    withProfile(profile) {
+        this.profile = profile;
+        return this;
+    }
+    permit() {
+        this.permitted = true;
+        return this;
+    }
+    deny(reason) {
+        this.permitted = false;
+        this.denialReason = reason;
+        return this;
+    }
+    withConstraints(constraints) {
+        this.constraints = constraints;
+        return this;
+    }
+    addReasoning(...reasons) {
+        this.reasoning.push(...reasons);
+        return this;
+    }
+    withOptions(options) {
+        this.options = { ...this.options, ...options };
+        return this;
+    }
+    build() {
+        if (this.permitted && this.profile && this.constraints) {
+            return buildPermitDecision(this.intent, this.profile, this.constraints, this.reasoning, this.options);
+        }
+        else {
+            return buildDenyDecision(this.intent, this.profile, this.denialReason ?? DenialReason.POLICY_VIOLATION, this.reasoning, this.options);
+        }
+    }
+    /**
+     * Static factory for creating builders
+     */
+    static for(intent) {
+        return new DecisionBuilder(intent);
+    }
+}
+//# sourceMappingURL=decision.js.map

package/dist/authorization/decision.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"decision.js","sourceRoot":"","sources":["../../src/authorization/decision.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,EAAE,IAAI,MAAM,EAAE,MAAM,MAAM,CAAC;AACpC,OAAO,EACL,SAAS,EACT,YAAY,GAKb,MAAM,sBAAsB,CAAC;AAwC9B;;GAEG;AACH,MAAM,UAAU,mBAAmB,CACjC,MAAc,EACd,OAAqB,EACrB,WAAgC,EAChC,SAAmB,EACnB,UAAgC,EAAE;IAElC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,IAAI,IAAI,IAAI,EAAE,CAAC;IACtC,MAAM,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,YAAY;IAEpF,OAAO;QACL,UAAU,EAAE,OAAO,CAAC,UAAU,IAAI,MAAM,EAAE;QAC1C,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,aAAa,EAAE,MAAM,CAAC,aAAa;QACnC,SAAS,EAAE,IAAI;QACf,WAAW;QACX,SAAS,EAAE,OAAO,CAAC,IAAI;QACvB,UAAU,EAAE,OAAO,CAAC,aAAa;QACjC,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,SAAS;QACT,SAAS,EAAE,GAAG;QACd,SAAS,EAAE,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,kBAAkB,CAAC;QACvD,SAAS,EAAE,CAAC,EAAE,wBAAwB;QACtC,OAAO,EAAE,CAAC;KACX,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAC/B,MAAc,EACd,OAA4B,EAC5B,OAAqB,EAAE,qDAAqD;AAC5E,SAAmB,EACnB,UAAgC,EAAE;IAElC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,IAAI,IAAI,IAAI,EAAE,CAAC;IACtC,MAAM,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;IAEvE,OAAO;QACL,UAAU,EAAE,OAAO,CAAC,UAAU,IAAI,MAAM,EAAE;QAC1C,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,aAAa,EAAE,MAAM,CAAC,aAAa;QACnC,SAAS,EAAE,KAAK;QAChB,WAAW,EAAE,SAAS;QACtB,SAAS,EAAE,OAAO,EAAE,IAAI,IAAI,SAAS,CAAC,UAAU;QAChD,UAAU,EAAE,OAAO,EAAE,aAAa,IAAI,CAAC;QACvC,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,SAAS;QACT,SAAS,EAAE,GAAG;QACd,SAAS,EAAE,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,kBAAkB,CAAC;QACvD,SAAS,EAAE,CAAC,EAAE,wBAAwB;QACtC,OAAO,EAAE,CAAC;KACX,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,MAAoB,EAAE,QAAkC;IACtF,QAAQ,MAAM,EAAE,CAAC;QACf,KAAK,YAAY,CAAC,kBAAkB;YAClC,OAAO;gBACL,2DAA2D;gBAC3D,2CAA2C;gBAC3C,8DAA8D;aAC/D,CAAC;QACJ,KAAK,YAAY,CAAC,gBAAgB;YAChC,OAAO;gBACL,qDAAqD;gBACrD,qDAAqD;aACtD,CAAC;QACJ,KAAK,YAAY,CAAC,mBAAmB;YACnC,OAAO;gBACL,0CAA0C;gBAC1C,8CAA8C;aAC/C,CAAC;QACJ,KAAK,YAAY,CAAC,yBAAyB;YACzC,OAAO;gBACL,sCAAsC;gBACtC,0CAA0C;gBAC1C,yCAAyC;aAC1C,CAAC;QACJ,KAAK,YAAY,CAAC,mBAAmB;YACnC,OAAO;gBACL,yCAAyC;gBACzC,0BAA0B;gBAC1B,+CAA+C;aAChD,CAAC;QACJ,KAAK,YAAY,CAAC,gBAAgB;YAChC,OAAO;gBACL,6CAA6C;gBAC7C,mCAAmC;gBACnC,kDAAkD;aACnD,CAAC;QACJ,KAAK,YAAY,CAAC,cAAc;YAC9B,OAAO;gBACL,6CAA6C;gBAC7C,8BAA8B;aAC/B,CAAC;QACJ,KAAK,YAAY,CAAC,YAAY;YAC5B,OAAO;gBACL,mBAAmB;gBACnB,qDAAqD;aACtD,CAAC;QACJ;YACE,OAAO,CAAC,gCAAgC,CAAC,CAAC;IAC9C,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CACnC,OAA4B,EAC5B,OAAe,EAAE,mDAAmD;AACpE,eAA0B,EAC1B,MAMC;IAED,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;QACzB,OAAO,YAAY,CAAC,cAAc,CAAC;IACrC,CAAC;IACD,IAAI,MAAM,CAAC,iBAAiB,EAAE,CAAC;QAC7B,OAAO,YAAY,CAAC,mBAAmB,CAAC;IAC1C,CAAC;IACD,IAAI,MAAM,CAAC,kBAAkB,EAAE,CAAC;QAC9B,OAAO,YAAY,CAAC,mBAAmB,CAAC;IAC1C,CAAC;IACD,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC;QAC3B,OAAO,YAAY,CAAC,gBAAgB,CAAC;IACvC,CAAC;IACD,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC;QAC3B,OAAO,YAAY,CAAC,gBAAgB,CAAC;IACvC,CAAC;IACD,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,IAAI,GAAG,eAAe,EAAE,CAAC;QAC/C,OAAO,YAAY,CAAC,kBAAkB,CAAC;IACzC,CAAC;IACD,OAAO,YAAY,CAAC,gBAAgB,CAAC;AACvC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,QAAkB;IAClD,MAAM,MAAM,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC;IAC3D,MAAM,IAAI,GAAG,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;IAC3C,OAAO,IAAI,QAAQ,CAAC,UAAU,KAAK,MAAM,cAAc,QAAQ,CAAC,OAAO,KAAK,IAAI,WAAW,QAAQ,CAAC,UAAU,OAAO,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,WAAW,EAAE,CAAC;AAC9J,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,QAAkB,EAAE,MAAY,IAAI,IAAI,EAAE;IACxE,OAAO,GAAG,GAAG,QAAQ,CAAC,SAAS,CAAC;AAClC,CAAC;AAED;;GAEG;AACH,MAAM,OAAO,eAAe;IAClB,MAAM,CAAS;IACf,OAAO,GAAwB,IAAI,CAAC;IACpC,SAAS,GAAY,KAAK,CAAC;IAC3B,WAAW,CAAkC;IAC7C,SAAS,GAAa,EAAE,CAAC;IACzB,YAAY,CAA2B;IACvC,OAAO,GAAyB,EAAE,CAAC;IAE3C,YAAY,MAAc;QACxB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,WAAW,CAAC,OAAqB;QAC/B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM;QACJ,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;QACtB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC,MAAoB;QACvB,IAAI,CAAC,SAAS,GAAG,KAAK,CAAC;QACvB,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC;QAC3B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,eAAe,CAAC,WAAgC;QAC9C,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;QAC/B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,YAAY,CAAC,GAAG,OAAiB;QAC/B,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC;QAChC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,WAAW,CAAC,OAA6B;QACvC,IAAI,CAAC,OAAO,GAAG,EAAE,GAAG,IAAI,CAAC,OAAO,EAAE,GAAG,OAAO,EAAE,CAAC;QAC/C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK;QACH,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACvD,OAAO,mBAAmB,CACxB,IAAI,CAAC,MAAM,EACX,IAAI,CAAC,OAAO,EACZ,IAAI,CAAC,WAAW,EAChB,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,OAAO,CACb,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,OAAO,iBAAiB,CACtB,IAAI,CAAC,MAAM,EACX,IAAI,CAAC,OAAO,EACZ,IAAI,CAAC,YAAY,IAAI,YAAY,CAAC,gBAAgB,EAClD,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,OAAO,CACb,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,GAAG,CAAC,MAAc;QACvB,OAAO,IAAI,eAAe,CAAC,MAAM,CAAC,CAAC;IACrC,CAAC;CACF"}

package/dist/authorization/engine.d.ts ADDED Viewed

@@ -0,0 +1,141 @@
+/**
+ * Authorization Engine - Core authorization decision-making
+ *
+ * The AuthorizationEngine is the central component of A3I that makes
+ * permit/deny decisions for agent intents based on:
+ * - Agent's trust profile and band
+ * - Intent characteristics (action type, data sensitivity, reversibility)
+ * - Policy rules and constraints
+ * - Context factors
+ * - Hook system for extensibility
+ *
+ * Key principles:
+ * - Deterministic: Same inputs always produce same outputs
+ * - Fast: <50ms latency target for decisions
+ * - Auditable: All decisions logged with reasoning
+ * - Extensible: Hooks for pre/post authorization
+ */
+import { TrustBand, ActionType, DataSensitivity, Reversibility, DenialReason, type Intent, type Decision, type TrustProfile, type AuthorizationResponse } from '@vorionsys/contracts';
+import { type ConstraintGenerationOptions } from './constraints.js';
+import { TrustProfileService } from '../trust/profile-service.js';
+import { type HookManager } from '../hooks/index.js';
+/**
+ * Minimum trust band required for each action type
+ */
+export declare const ACTION_TYPE_REQUIREMENTS: Record<ActionType, TrustBand>;
+/**
+ * Minimum trust band required for each data sensitivity level
+ */
+export declare const DATA_SENSITIVITY_REQUIREMENTS: Record<DataSensitivity, TrustBand>;
+/**
+ * Trust band adjustments for reversibility
+ */
+export declare const REVERSIBILITY_ADJUSTMENTS: Record<Reversibility, number>;
+/**
+ * Proof plane event logger interface
+ * (Actual implementation in Vorion package)
+ */
+export interface ProofPlaneLogger {
+    logDecision(decision: Decision, intent: Intent): Promise<void>;
+}
+/**
+ * No-op proof plane logger for when proof plane is not connected
+ */
+export declare const noopProofLogger: ProofPlaneLogger;
+/**
+ * Configuration for the authorization engine
+ */
+export interface AuthorizationEngineConfig {
+    /** Profile service for trust lookups */
+    profileService?: TrustProfileService;
+    /** Custom action type requirements */
+    actionTypeRequirements?: Partial<Record<ActionType, TrustBand>>;
+    /** Custom data sensitivity requirements */
+    dataSensitivityRequirements?: Partial<Record<DataSensitivity, TrustBand>>;
+    /** Proof plane logger for audit trail */
+    proofLogger?: ProofPlaneLogger;
+    /** Hook manager for extensibility */
+    hookManager?: HookManager;
+    /** Default policy set ID */
+    defaultPolicySetId?: string;
+    /** Decision validity duration in ms */
+    decisionValidityMs?: number;
+    /** Enable strict mode (deny on any ambiguity) */
+    strictMode?: boolean;
+    /** Enable hooks (default: true if hookManager provided) */
+    enableHooks?: boolean;
+}
+/**
+ * Authorization request with full intent
+ */
+export interface AuthorizeRequest {
+    /** The intent to authorize */
+    intent: Intent;
+    /** Optional: Override constraint generation */
+    constraintOptions?: ConstraintGenerationOptions;
+    /** Optional: Use specific policy set */
+    policySetId?: string;
+}
+/**
+ * AuthorizationEngine - Makes permit/deny decisions for agent intents
+ */
+export declare class AuthorizationEngine {
+    private readonly profileService;
+    private readonly actionRequirements;
+    private readonly sensitivityRequirements;
+    private readonly proofLogger;
+    private readonly hookManager?;
+    private readonly config;
+    constructor(config?: AuthorizationEngineConfig);
+    /**
+     * Authorize an intent
+     *
+     * This is the main entry point for authorization decisions.
+     * Returns a Decision object indicating whether the intent is permitted.
+     *
+     * Hook integration:
+     * - PRE_AUTHORIZE hooks run before evaluation (can abort)
+     * - POST_AUTHORIZE hooks run after decision is made
+     */
+    authorize(request: AuthorizeRequest): Promise<AuthorizationResponse>;
+    /**
+     * Evaluate an intent against a trust profile
+     * This is the core authorization logic - deterministic and fast
+     */
+    evaluate(intent: Intent, profile: TrustProfile): {
+        permitted: boolean;
+        reasoning: string[];
+        denialReason: DenialReason;
+        requiredBand: TrustBand;
+    };
+    /**
+     * Check resource scope restrictions
+     */
+    private checkResourceScope;
+    /**
+     * Check context restrictions
+     */
+    private checkContext;
+    /**
+     * Quick check if an agent can perform an action type
+     * (Without full profile lookup - uses cached band if available)
+     */
+    canPerformActionType(band: TrustBand, actionType: ActionType): boolean;
+    /**
+     * Quick check if an agent can access data sensitivity level
+     */
+    canAccessDataSensitivity(band: TrustBand, sensitivity: DataSensitivity): boolean;
+    /**
+     * Get the minimum band required for an action + sensitivity combination
+     */
+    getRequiredBand(actionType: ActionType, dataSensitivity: DataSensitivity, reversibility?: Reversibility): TrustBand;
+    /**
+     * Get the profile service
+     */
+    getProfileService(): TrustProfileService;
+}
+/**
+ * Create an AuthorizationEngine with default configuration
+ */
+export declare function createAuthorizationEngine(config?: AuthorizationEngineConfig): AuthorizationEngine;
+//# sourceMappingURL=engine.d.ts.map

package/dist/authorization/engine.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"engine.d.ts","sourceRoot":"","sources":["../../src/authorization/engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EACL,SAAS,EACT,UAAU,EACV,eAAe,EACf,aAAa,EACb,YAAY,EACZ,KAAK,MAAM,EACX,KAAK,QAAQ,EACb,KAAK,YAAY,EACjB,KAAK,qBAAqB,EAC3B,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAEL,KAAK,2BAA2B,EAEjC,MAAM,kBAAkB,CAAC;AAO1B,OAAO,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAC;AAClE,OAAO,EACL,KAAK,WAAW,EAEjB,MAAM,mBAAmB,CAAC;AAE3B;;GAEG;AACH,eAAO,MAAM,wBAAwB,EAAE,MAAM,CAAC,UAAU,EAAE,SAAS,CAOlE,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,6BAA6B,EAAE,MAAM,CAAC,eAAe,EAAE,SAAS,CAK5E,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,yBAAyB,EAAE,MAAM,CAAC,aAAa,EAAE,MAAM,CAInE,CAAC;AAEF;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,WAAW,CAAC,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAChE;AAED;;GAEG;AACH,eAAO,MAAM,eAAe,EAAE,gBAE7B,CAAC;AAEF;;GAEG;AACH,MAAM,WAAW,yBAAyB;IACxC,wCAAwC;IACxC,cAAc,CAAC,EAAE,mBAAmB,CAAC;IACrC,sCAAsC;IACtC,sBAAsB,CAAC,EAAE,OAAO,CAAC,MAAM,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC,CAAC;IAChE,2CAA2C;IAC3C,2BAA2B,CAAC,EAAE,OAAO,CAAC,MAAM,CAAC,eAAe,EAAE,SAAS,CAAC,CAAC,CAAC;IAC1E,yCAAyC;IACzC,WAAW,CAAC,EAAE,gBAAgB,CAAC;IAC/B,qCAAqC;IACrC,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,4BAA4B;IAC5B,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,uCAAuC;IACvC,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,iDAAiD;IACjD,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,2DAA2D;IAC3D,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,8BAA8B;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,+CAA+C;IAC/C,iBAAiB,CAAC,EAAE,2BAA2B,CAAC;IAChD,wCAAwC;IACxC,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAsB;IACrD,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAgC;IACnE,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAAqC;IAC7E,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAmB;IAC/C,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAc;IAC3C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAyJ;gBAEpK,MAAM,GAAE,yBAA8B;IAoBlD;;;;;;;;;OASG;IACG,SAAS,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,qBAAqB,CAAC;IA8H1E;;;OAGG;IACH,QAAQ,CACN,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,YAAY,GACpB;QACD,SAAS,EAAE,OAAO,CAAC;QACnB,SAAS,EAAE,MAAM,EAAE,CAAC;QACpB,YAAY,EAAE,YAAY,CAAC;QAC3B,YAAY,EAAE,SAAS,CAAC;KACzB;IAwFD;;OAEG;IACH,OAAO,CAAC,kBAAkB;IA0B1B;;OAEG;IACH,OAAO,CAAC,YAAY;IAsCpB;;;OAGG;IACH,oBAAoB,CAAC,IAAI,EAAE,SAAS,EAAE,UAAU,EAAE,UAAU,GAAG,OAAO;IAItE;;OAEG;IACH,wBAAwB,CAAC,IAAI,EAAE,SAAS,EAAE,WAAW,EAAE,eAAe,GAAG,OAAO;IAIhF;;OAEG;IACH,eAAe,CACb,UAAU,EAAE,UAAU,EACtB,eAAe,EAAE,eAAe,EAChC,aAAa,GAAE,aAAwC,GACtD,SAAS;IAQZ;;OAEG;IACH,iBAAiB,IAAI,mBAAmB;CAGzC;AAED;;GAEG;AACH,wBAAgB,yBAAyB,CACvC,MAAM,CAAC,EAAE,yBAAyB,GACjC,mBAAmB,CAErB"}