npm - @vorionsys/atsf-core - Versions diffs - 0.1.0 → 0.2.1 - Mend

@vorionsys/atsf-core 0.1.0 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (215) hide show

package/README.md +12 -12
package/dist/api/server.d.ts.map +1 -1
package/dist/api/server.js +463 -35
package/dist/api/server.js.map +1 -1
package/dist/arbitration/index.d.ts.map +1 -1
package/dist/arbitration/index.js +8 -6
package/dist/arbitration/index.js.map +1 -1
package/dist/audit/key-manager.d.ts +118 -0
package/dist/audit/key-manager.d.ts.map +1 -0
package/dist/audit/key-manager.js +565 -0
package/dist/audit/key-manager.js.map +1 -0
package/dist/basis/evaluator.d.ts +31 -0
package/dist/basis/evaluator.d.ts.map +1 -1
package/dist/basis/evaluator.js +205 -10
package/dist/basis/evaluator.js.map +1 -1
package/dist/basis/parser.d.ts +210 -210
package/dist/basis/parser.js.map +1 -1
package/dist/carbon-aware/carbon-metrics.d.ts +151 -0
package/dist/carbon-aware/carbon-metrics.d.ts.map +1 -0
package/dist/carbon-aware/carbon-metrics.js +370 -0
package/dist/carbon-aware/carbon-metrics.js.map +1 -0
package/dist/carbon-aware/carbon-router.d.ts +101 -0
package/dist/carbon-aware/carbon-router.d.ts.map +1 -0
package/dist/carbon-aware/carbon-router.js +400 -0
package/dist/carbon-aware/carbon-router.js.map +1 -0
package/dist/chain/index.d.ts +147 -0
package/dist/chain/index.d.ts.map +1 -0
package/dist/chain/index.js +219 -0
package/dist/chain/index.js.map +1 -0
package/dist/cognigate/index.d.ts +33 -4
package/dist/cognigate/index.d.ts.map +1 -1
package/dist/cognigate/index.js +199 -24
package/dist/cognigate/index.js.map +1 -1
package/dist/common/adapters.d.ts +172 -0
package/dist/common/adapters.d.ts.map +1 -0
package/dist/common/adapters.js +329 -0
package/dist/common/adapters.js.map +1 -0
package/dist/common/config.d.ts +168 -163
package/dist/common/config.d.ts.map +1 -1
package/dist/common/config.js +2 -0
package/dist/common/config.js.map +1 -1
package/dist/common/index.d.ts +1 -0
package/dist/common/index.d.ts.map +1 -1
package/dist/common/index.js +1 -0
package/dist/common/index.js.map +1 -1
package/dist/common/types.d.ts +67 -16
package/dist/common/types.d.ts.map +1 -1
package/dist/common/types.js +4 -0
package/dist/common/types.js.map +1 -1
package/dist/enforce/index.d.ts +226 -16
package/dist/enforce/index.d.ts.map +1 -1
package/dist/enforce/index.js +196 -49
package/dist/enforce/index.js.map +1 -1
package/dist/governance/fluid-workflow.d.ts +217 -0
package/dist/governance/fluid-workflow.d.ts.map +1 -0
package/dist/governance/fluid-workflow.js +491 -0
package/dist/governance/fluid-workflow.js.map +1 -0
package/dist/governance/index.d.ts +1 -0
package/dist/governance/index.d.ts.map +1 -1
package/dist/governance/index.js +1 -0
package/dist/governance/index.js.map +1 -1
package/dist/index.d.ts +9 -3
package/dist/index.d.ts.map +1 -1
package/dist/index.js +14 -3
package/dist/index.js.map +1 -1
package/dist/intent/index.d.ts +127 -10
package/dist/intent/index.d.ts.map +1 -1
package/dist/intent/index.js +121 -16
package/dist/intent/index.js.map +1 -1
package/dist/langchain/executor.d.ts +19 -5
package/dist/langchain/executor.d.ts.map +1 -1
package/dist/langchain/executor.js +287 -36
package/dist/langchain/executor.js.map +1 -1
package/dist/langchain/index.d.ts +2 -1
package/dist/langchain/index.d.ts.map +1 -1
package/dist/langchain/index.js +3 -1
package/dist/langchain/index.js.map +1 -1
package/dist/langchain/tools.d.ts.map +1 -1
package/dist/langchain/tools.js +2 -1
package/dist/langchain/tools.js.map +1 -1
package/dist/langchain/types.d.ts +41 -0
package/dist/langchain/types.d.ts.map +1 -1
package/dist/layers/index.d.ts +1 -1
package/dist/layers/index.d.ts.map +1 -1
package/dist/persistence/file.d.ts +35 -3
package/dist/persistence/file.d.ts.map +1 -1
package/dist/persistence/file.js +138 -11
package/dist/persistence/file.js.map +1 -1
package/dist/persistence/index.d.ts +11 -1
package/dist/persistence/index.d.ts.map +1 -1
package/dist/persistence/index.js +25 -1
package/dist/persistence/index.js.map +1 -1
package/dist/persistence/sqlite.d.ts +135 -0
package/dist/persistence/sqlite.d.ts.map +1 -0
package/dist/persistence/sqlite.js +372 -0
package/dist/persistence/sqlite.js.map +1 -0
package/dist/persistence/supabase.d.ts +93 -0
package/dist/persistence/supabase.d.ts.map +1 -0
package/dist/persistence/supabase.js +219 -0
package/dist/persistence/supabase.js.map +1 -0
package/dist/persistence/types.d.ts +5 -1
package/dist/persistence/types.d.ts.map +1 -1
package/dist/phase6/ceiling.d.ts +177 -0
package/dist/phase6/ceiling.d.ts.map +1 -0
package/dist/phase6/ceiling.js +463 -0
package/dist/phase6/ceiling.js.map +1 -0
package/dist/phase6/context.d.ts +207 -0
package/dist/phase6/context.d.ts.map +1 -0
package/dist/phase6/context.js +603 -0
package/dist/phase6/context.js.map +1 -0
package/dist/phase6/index.d.ts +79 -0
package/dist/phase6/index.d.ts.map +1 -0
package/dist/phase6/index.js +152 -0
package/dist/phase6/index.js.map +1 -0
package/dist/phase6/presets.d.ts +148 -0
package/dist/phase6/presets.d.ts.map +1 -0
package/dist/phase6/presets.js +467 -0
package/dist/phase6/presets.js.map +1 -0
package/dist/phase6/provenance.d.ts +148 -0
package/dist/phase6/provenance.d.ts.map +1 -0
package/dist/phase6/provenance.js +545 -0
package/dist/phase6/provenance.js.map +1 -0
package/dist/phase6/role-gates/index.d.ts +7 -0
package/dist/phase6/role-gates/index.d.ts.map +1 -0
package/dist/phase6/role-gates/index.js +7 -0
package/dist/phase6/role-gates/index.js.map +1 -0
package/dist/phase6/role-gates/kernel.d.ts +84 -0
package/dist/phase6/role-gates/kernel.d.ts.map +1 -0
package/dist/phase6/role-gates/kernel.js +258 -0
package/dist/phase6/role-gates/kernel.js.map +1 -0
package/dist/phase6/role-gates/policy.d.ts +110 -0
package/dist/phase6/role-gates/policy.d.ts.map +1 -0
package/dist/phase6/role-gates/policy.js +157 -0
package/dist/phase6/role-gates/policy.js.map +1 -0
package/dist/phase6/role-gates.d.ts +164 -0
package/dist/phase6/role-gates.d.ts.map +1 -0
package/dist/phase6/role-gates.js +536 -0
package/dist/phase6/role-gates.js.map +1 -0
package/dist/phase6/types.d.ts +1827 -0
package/dist/phase6/types.d.ts.map +1 -0
package/dist/phase6/types.js +450 -0
package/dist/phase6/types.js.map +1 -0
package/dist/phase6/weight-presets/canonical.d.ts +93 -0
package/dist/phase6/weight-presets/canonical.d.ts.map +1 -0
package/dist/phase6/weight-presets/canonical.js +122 -0
package/dist/phase6/weight-presets/canonical.js.map +1 -0
package/dist/phase6/weight-presets/deltas.d.ts +144 -0
package/dist/phase6/weight-presets/deltas.d.ts.map +1 -0
package/dist/phase6/weight-presets/deltas.js +184 -0
package/dist/phase6/weight-presets/deltas.js.map +1 -0
package/dist/phase6/weight-presets/index.d.ts +8 -0
package/dist/phase6/weight-presets/index.d.ts.map +1 -0
package/dist/phase6/weight-presets/index.js +8 -0
package/dist/phase6/weight-presets/index.js.map +1 -0
package/dist/phase6/weight-presets/merger.d.ts +79 -0
package/dist/phase6/weight-presets/merger.d.ts.map +1 -0
package/dist/phase6/weight-presets/merger.js +161 -0
package/dist/phase6/weight-presets/merger.js.map +1 -0
package/dist/proof/index.d.ts +50 -1
package/dist/proof/index.d.ts.map +1 -1
package/dist/proof/index.js +122 -3
package/dist/proof/index.js.map +1 -1
package/dist/proof/merkle.d.ts +195 -0
package/dist/proof/merkle.d.ts.map +1 -0
package/dist/proof/merkle.js +412 -0
package/dist/proof/merkle.js.map +1 -0
package/dist/proof/zk-proofs.d.ts +218 -0
package/dist/proof/zk-proofs.d.ts.map +1 -0
package/dist/proof/zk-proofs.js +531 -0
package/dist/proof/zk-proofs.js.map +1 -0
package/dist/trust-engine/ceiling-enforcement/audit.d.ts +98 -0
package/dist/trust-engine/ceiling-enforcement/audit.d.ts.map +1 -0
package/dist/trust-engine/ceiling-enforcement/audit.js +160 -0
package/dist/trust-engine/ceiling-enforcement/audit.js.map +1 -0
package/dist/trust-engine/ceiling-enforcement/index.d.ts +6 -0
package/dist/trust-engine/ceiling-enforcement/index.d.ts.map +1 -0
package/dist/trust-engine/ceiling-enforcement/index.js +6 -0
package/dist/trust-engine/ceiling-enforcement/index.js.map +1 -0
package/dist/trust-engine/ceiling-enforcement/kernel.d.ts +112 -0
package/dist/trust-engine/ceiling-enforcement/kernel.d.ts.map +1 -0
package/dist/trust-engine/ceiling-enforcement/kernel.js +158 -0
package/dist/trust-engine/ceiling-enforcement/kernel.js.map +1 -0
package/dist/trust-engine/context-policy/enforcement.d.ts +62 -0
package/dist/trust-engine/context-policy/enforcement.d.ts.map +1 -0
package/dist/trust-engine/context-policy/enforcement.js +104 -0
package/dist/trust-engine/context-policy/enforcement.js.map +1 -0
package/dist/trust-engine/context-policy/factory.d.ts +75 -0
package/dist/trust-engine/context-policy/factory.d.ts.map +1 -0
package/dist/trust-engine/context-policy/factory.js +130 -0
package/dist/trust-engine/context-policy/factory.js.map +1 -0
package/dist/trust-engine/context-policy/index.d.ts +6 -0
package/dist/trust-engine/context-policy/index.d.ts.map +1 -0
package/dist/trust-engine/context-policy/index.js +6 -0
package/dist/trust-engine/context-policy/index.js.map +1 -0
package/dist/trust-engine/creation-modifiers/index.d.ts +5 -0
package/dist/trust-engine/creation-modifiers/index.d.ts.map +1 -0
package/dist/trust-engine/creation-modifiers/index.js +5 -0
package/dist/trust-engine/creation-modifiers/index.js.map +1 -0
package/dist/trust-engine/creation-modifiers/types.d.ts +112 -0
package/dist/trust-engine/creation-modifiers/types.d.ts.map +1 -0
package/dist/trust-engine/creation-modifiers/types.js +166 -0
package/dist/trust-engine/creation-modifiers/types.js.map +1 -0
package/dist/trust-engine/decay-profiles.d.ts +159 -0
package/dist/trust-engine/decay-profiles.d.ts.map +1 -0
package/dist/trust-engine/decay-profiles.js +210 -0
package/dist/trust-engine/decay-profiles.js.map +1 -0
package/dist/trust-engine/index.d.ts +144 -5
package/dist/trust-engine/index.d.ts.map +1 -1
package/dist/trust-engine/index.js +320 -15
package/dist/trust-engine/index.js.map +1 -1
package/dist/trust-engine/phase6-types.d.ts +123 -0
package/dist/trust-engine/phase6-types.d.ts.map +1 -0
package/dist/trust-engine/phase6-types.js +88 -0
package/dist/trust-engine/phase6-types.js.map +1 -0
package/package.json +26 -10

package/README.md CHANGED Viewed

@@ -1,11 +1,11 @@
-# @vorion/atsf-core
+# @vorionsys/atsf-core
 Agentic Trust Scoring Framework - Core runtime for AI agent governance, trust scoring, and policy enforcement.
 ## Installation
 ```bash
-npm install @vorion/atsf-core
+npm install @vorionsys/atsf-core
 ```
 ## Quick Start
@@ -18,7 +18,7 @@ import {
   createIntentService,
   EnforcementService,
   createEnforcementService,
-} from '@vorion/atsf-core';
+} from '@vorionsys/atsf-core';
 // Create a trust engine
 const trustEngine = createTrustEngine();
@@ -50,7 +50,7 @@ console.log(record?.score, record?.level);
 0-1000 trust scoring with 6 tiers, time-based decay, and accelerated decay on failure.
 ```typescript
-import { TrustEngine, createTrustEngine } from '@vorion/atsf-core';
+import { TrustEngine, createTrustEngine } from '@vorionsys/atsf-core';
 // Basic usage
 const engine = createTrustEngine();
@@ -71,7 +71,7 @@ const configuredEngine = createTrustEngine({
 Constraint evaluation for governance policies.
 ```typescript
-import { createEvaluator, parseNamespace } from '@vorion/atsf-core';
+import { createEvaluator, parseNamespace } from '@vorionsys/atsf-core';
 const evaluator = createEvaluator();
 evaluator.registerNamespace(parseNamespace(ruleDefinition));
@@ -83,7 +83,7 @@ const result = await evaluator.evaluate(context);
 Submit and track agent intents through the governance pipeline.
 ```typescript
-import { createIntentService } from '@vorion/atsf-core';
+import { createIntentService } from '@vorionsys/atsf-core';
 const intentService = createIntentService();
 const intent = await intentService.submit({
@@ -98,7 +98,7 @@ const intent = await intentService.submit({
 Policy decision point for allow/deny/escalate decisions.
 ```typescript
-import { createEnforcementService } from '@vorion/atsf-core';
+import { createEnforcementService } from '@vorionsys/atsf-core';
 const enforcer = createEnforcementService({
   defaultAction: 'deny',
@@ -112,7 +112,7 @@ const decision = await enforcer.decide(context);
 Immutable audit chain with SHA-256 hashing.
 ```typescript
-import { createProofService } from '@vorion/atsf-core';
+import { createProofService } from '@vorionsys/atsf-core';
 const proofService = createProofService();
 const proof = await proofService.create({ intent, decision, inputs, outputs });
@@ -124,7 +124,7 @@ const verification = await proofService.verify(proof.id);
 Constrained execution with resource limits.
 ```typescript
-import { createGateway } from '@vorion/atsf-core';
+import { createGateway } from '@vorionsys/atsf-core';
 const gateway = createGateway({
   maxMemoryMb: 256,
@@ -150,7 +150,7 @@ const result = await gateway.execute(context);
 The Trust Engine extends `EventEmitter` and emits the following events:
 ```typescript
-import { TrustEngine } from '@vorion/atsf-core';
+import { TrustEngine } from '@vorionsys/atsf-core';
 const engine = new TrustEngine();
@@ -225,7 +225,7 @@ import {
   createTrustEngine,
   createFileProvider,
   createMemoryProvider,
-} from '@vorion/atsf-core';
+} from '@vorionsys/atsf-core';
 // File-based persistence
 const fileProvider = createFileProvider({
@@ -263,7 +263,7 @@ import {
   createTrustEngine,
   createTrustAwareExecutor,
   createTrustTools,
-} from '@vorion/atsf-core';
+} from '@vorionsys/atsf-core';
 // Create trust-aware executor
 const engine = createTrustEngine();

package/dist/api/server.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/api/server.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAgB,EAAE,eAAe,~~EAAE~~,MAAM,SAAS,CAAC;~~AASnD~~;;GAEG;AACH,wBAAsB,YAAY,IAAI,OAAO,CAAC,eAAe,CAAC,~~CAyG7D~~;AAED;;GAEG;AACH,wBAAsB,WAAW,IAAI,OAAO,CAAC,IAAI,CAAC,CAsBjD"}
1	+ {"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/api/server.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAgB,EAAE,eAAe,EAAgC,MAAM,SAAS,CAAC;AA4KjF;;GAEG;AACH,wBAAsB,YAAY,IAAI,OAAO,CAAC,eAAe,CAAC,CA2iB7D;AAED;;GAEG;AACH,wBAAsB,WAAW,IAAI,OAAO,CAAC,IAAI,CAAC,CAsBjD"}

package/dist/api/server.js CHANGED Viewed

@@ -9,16 +9,100 @@ import Fastify from 'fastify';
 import cors from '@fastify/cors';
 import helmet from '@fastify/helmet';
 import rateLimit from '@fastify/rate-limit';
-import { createLogger, logger } from '../common/logger.js';
+import { createLogger } from '../common/logger.js';
 import { getConfig } from '../common/config.js';
+import { createIntentService } from '../intent/index.js';
+import { createProofService } from '../proof/index.js';
+import { createTrustEngine } from '../trust-engine/index.js';
+import { createEvaluator } from '../basis/evaluator.js';
 const apiLogger = createLogger({ component: 'api' });
+// ============================================================
+// Health Check Implementation
+// ============================================================
+/**
+ * Get system metrics for health reporting
+ */
+function getSystemMetrics(startTime) {
+    const memUsage = process.memoryUsage();
+    const heapUsed = memUsage.heapUsed;
+    const heapTotal = memUsage.heapTotal;
+    return {
+        memoryUsageMB: Math.round(heapUsed / 1024 / 1024),
+        memoryUsagePercent: Math.round((heapUsed / heapTotal) * 100),
+        heapTotalMB: Math.round(heapTotal / 1024 / 1024),
+        uptimeSeconds: Math.round((Date.now() - startTime.getTime()) / 1000),
+        nodeVersion: process.version,
+    };
+}
+/**
+ * Check system health (memory, etc.)
+ */
+function checkSystemHealth(startTime) {
+    const metrics = getSystemMetrics(startTime);
+    // Warning threshold: 80% memory usage
+    // Error threshold: 95% memory usage
+    let status = 'ok';
+    let message = 'System healthy';
+    if (metrics.memoryUsagePercent > 95) {
+        status = 'error';
+        message = 'Critical memory pressure';
+    }
+    else if (metrics.memoryUsagePercent > 80) {
+        status = 'degraded';
+        message = 'High memory usage';
+    }
+    return {
+        status,
+        message,
+        details: {
+            memoryUsageMB: metrics.memoryUsageMB,
+            memoryUsagePercent: metrics.memoryUsagePercent,
+            uptimeSeconds: metrics.uptimeSeconds,
+        },
+    };
+}
+/**
+ * Check a service by attempting a simple operation
+ */
+async function checkService(name, checkFn) {
+    const start = Date.now();
+    try {
+        await checkFn();
+        return {
+            status: 'ok',
+            latencyMs: Date.now() - start,
+            message: `${name} operational`,
+        };
+    }
+    catch (error) {
+        return {
+            status: 'error',
+            latencyMs: Date.now() - start,
+            message: `${name} error: ${error instanceof Error ? error.message : 'Unknown error'}`,
+        };
+    }
+}
 /**
  * Create and configure the API server
  */
 export async function createServer() {
     const config = getConfig();
+    const startTime = new Date();
+    // Initialize services
+    const intentService = createIntentService();
+    const proofService = createProofService();
+    const trustEngine = createTrustEngine();
+    const evaluator = createEvaluator();
+    // Use pino logger config for Fastify 5
+    const isTest = process.env['NODE_ENV'] === 'test' || process.env['VITEST'];
     const server = Fastify({
-        logger: logger,
+        logger: isTest ? false : {
+            level: config.env === 'production' ? 'info' : 'debug',
+            transport: config.env !== 'production' ? {
+                target: 'pino-pretty',
+                options: { colorize: true },
+            } : undefined,
+        },
         requestIdHeader: 'x-request-id',
         requestIdLogLabel: 'requestId',
     });
@@ -34,51 +118,395 @@ export async function createServer() {
         max: config.api.rateLimit,
         timeWindow: '1 minute',
     });
-    // Health check endpoint
-    server.get('/health', async () => ({
-        status: 'healthy',
-        version: process.env['npm_package_version'],
-        environment: config.env,
+    // API Key authentication for protected routes
+    const API_KEY = process.env['VORION_API_KEY'] || config.api.apiKey;
+    const requiresAuth = (url) => {
+        // Public endpoints that don't require auth
+        const publicPaths = ['/health', '/ready', '/live', '/api/v1/health'];
+        return !publicPaths.some(path => url === path || url.startsWith(path + '?'));
+    };
+    server.addHook('onRequest', async (request, reply) => {
+        // Skip auth in test mode or for public endpoints
+        if (isTest || !requiresAuth(request.url)) {
+            return;
+        }
+        // Skip auth if no API key is configured (development mode)
+        if (!API_KEY) {
+            return;
+        }
+        const authHeader = request.headers['authorization'];
+        if (!authHeader) {
+            return reply.status(401).send({
+                error: { code: 'UNAUTHORIZED', message: 'Missing Authorization header' },
+            });
+        }
+        const [scheme, token] = authHeader.split(' ');
+        if (scheme?.toLowerCase() !== 'bearer' || token !== API_KEY) {
+            return reply.status(401).send({
+                error: { code: 'UNAUTHORIZED', message: 'Invalid API key' },
+            });
+        }
+    });
+    // Health check endpoint - performs actual checks on all services
+    server.get('/health', async () => {
+        const checks = {};
+        // Check trust engine
+        checks.trustEngine = await checkService('Trust engine', async () => {
+            await trustEngine.getScore('__health_check__');
+        });
+        // Check proof service
+        checks.proofService = await checkService('Proof service', async () => {
+            await proofService.get('__health_check_proof__');
+        });
+        // Check intent service
+        checks.intentService = await checkService('Intent service', async () => {
+            await intentService.get('__health_check_intent__', '__system__');
+        });
+        // Check system health
+        checks.system = checkSystemHealth(startTime);
+        // Determine overall status
+        const statuses = Object.values(checks).map((c) => c.status);
+        let status;
+        if (statuses.every((s) => s === 'ok')) {
+            status = 'healthy';
+        }
+        else if (statuses.some((s) => s === 'error')) {
+            status = 'unhealthy';
+        }
+        else {
+            status = 'degraded';
+        }
+        return {
+            status,
+            timestamp: new Date().toISOString(),
+            version: process.env['npm_package_version'],
+            environment: config.env,
+            checks,
+            metrics: getSystemMetrics(startTime),
+        };
+    });
+    // Ready check endpoint - verifies all critical services are ready
+    server.get('/ready', async (_request, reply) => {
+        const checks = {};
+        // Check trust engine (critical)
+        checks.trustEngine = await checkService('Trust engine', async () => {
+            await trustEngine.getScore('__health_check__');
+        });
+        // Check proof service (critical)
+        checks.proofService = await checkService('Proof service', async () => {
+            await proofService.get('__health_check_proof__');
+        });
+        // Check intent service (critical)
+        checks.intentService = await checkService('Intent service', async () => {
+            await intentService.get('__health_check_intent__', '__system__');
+        });
+        const allPassed = Object.values(checks).every((c) => c.status === 'ok' || c.status === 'degraded');
+        // Return 503 if not ready (for Kubernetes probes)
+        if (!allPassed) {
+            reply.status(503);
+        }
+        return {
+            status: allPassed ? 'ready' : 'not_ready',
+            timestamp: new Date().toISOString(),
+            checks,
+            allPassed,
+        };
+    });
+    // Liveness probe endpoint - simple alive check (no deep checks)
+    server.get('/live', async () => ({
+        status: 'alive',
         timestamp: new Date().toISOString(),
     }));
-    // Ready check endpoint
-    server.get('/ready', async () => ({
-        status: 'ready',
-        checks: {
-            database: 'ok', // TODO: Implement actual checks
-            redis: 'ok',
-            proof: 'ok',
-        },
-    }));
     // API routes
     server.register(async (api) => {
-        // Intent routes
-        api.post('/intents', async (_request, _reply) => {
-            // TODO: Implement intent submission
-            return { message: 'Intent submission - not implemented' };
+        // SDK: Health check endpoint
+        api.get('/health', async () => ({
+            status: 'healthy',
+            version: process.env['npm_package_version'] ?? '0.1.0',
+        }));
+        // Intent routes - unified handler for both legacy and SDK formats
+        api.post('/intents', async (request, reply) => {
+            const body = request.body;
+            // Detect format: SDK format has 'agentId' and 'action', legacy has 'entityId' and 'goal'
+            if ('agentId' in body && 'action' in body) {
+                // SDK format
+                const startTime = Date.now();
+                const { agentId, capabilities = [], action } = body;
+                if (!agentId || !action?.type || !action?.resource) {
+                    return reply.status(400).send({
+                        error: { code: 'INVALID_REQUEST', message: 'Missing required fields: agentId, action.type, action.resource' },
+                    });
+                }
+                // Get or create agent trust record
+                let trustRecord = await trustEngine.getScore(agentId);
+                if (!trustRecord) {
+                    await trustEngine.initializeEntity(agentId, 3); // Default to T3
+                    trustRecord = await trustEngine.getScore(agentId);
+                }
+                // Check capability
+                const hasCapability = capabilities.some(cap => cap === '*' ||
+                    cap === action.type ||
+                    cap === `${action.type}:*` ||
+                    cap === `${action.type}:${action.resource.split('/')[0]}`);
+                // Determine decision
+                const trustLevel = trustRecord?.level ?? 3;
+                const trustScore = trustRecord?.score ?? 500;
+                const allowed = hasCapability && trustScore >= 200;
+                // Decision tier based on trust level
+                let tier;
+                if (!allowed) {
+                    tier = 'RED';
+                }
+                else if (trustLevel >= 5) {
+                    tier = 'GREEN';
+                }
+                else {
+                    tier = 'YELLOW';
+                }
+                // Create proof record
+                const proofId = `proof-${Date.now()}-${Math.random().toString(36).slice(2, 9)}`;
+                const intentId = `intent-${Date.now()}-${Math.random().toString(36).slice(2, 9)}`;
+                // Determine constraints based on tier
+                const constraints = [];
+                if (trustLevel <= 1) {
+                    constraints.push('rate_limit:10/min', 'audit:full', 'sandbox:true');
+                }
+                else if (trustLevel <= 3) {
+                    constraints.push('rate_limit:100/min', 'audit:standard');
+                }
+                else if (trustLevel <= 5) {
+                    constraints.push('rate_limit:1000/min', 'audit:light');
+                }
+                const reason = allowed
+                    ? 'Action permitted based on capabilities and trust level'
+                    : hasCapability
+                        ? `Trust score ${trustScore} below minimum threshold (200)`
+                        : `Missing capability for ${action.type}:${action.resource.split('/')[0]}`;
+                apiLogger.info({ intentId, agentId, action: action.type, allowed, tier }, 'Intent processed');
+                return {
+                    intentId,
+                    allowed,
+                    tier,
+                    reason,
+                    proofId,
+                    constraints: allowed ? constraints : undefined,
+                    processingTimeMs: Date.now() - startTime,
+                };
+            }
+            else {
+                // Legacy format
+                const { entityId, goal, context, metadata } = body;
+                if (!entityId || !goal) {
+                    return reply.status(400).send({
+                        error: { code: 'INVALID_REQUEST', message: 'Missing required fields: entityId, goal' },
+                    });
+                }
+                const intent = await intentService.submit({
+                    entityId,
+                    goal,
+                    context: context ?? {},
+                    metadata,
+                }, { tenantId: '__system__' });
+                apiLogger.info({ intentId: intent.id, entityId }, 'Intent submitted');
+                return reply.status(201).send({ intent });
+            }
+        });
+        api.get('/intents/:id', async (request, reply) => {
+            const intent = await intentService.get(request.params.id, '__system__');
+            if (!intent) {
+                return reply.status(404).send({
+                    error: { code: 'NOT_FOUND', message: 'Intent not found' },
+                });
+            }
+            return { intent };
         });
-        api.get('/intents/:id', async (_request, _reply) => {
-            // TODO: Implement intent retrieval
-            return { message: 'Intent retrieval - not implemented' };
+        // SDK: Check intent (pre-flight, no side effects)
+        api.post('/intents/check', async (request, reply) => {
+            const { agentId, capabilities = [], action } = request.body;
+            if (!agentId || !action?.type || !action?.resource) {
+                return reply.status(400).send({
+                    error: { code: 'INVALID_REQUEST', message: 'Missing required fields' },
+                });
+            }
+            // Get agent trust record
+            const trustRecord = await trustEngine.getScore(agentId);
+            const trustScore = trustRecord?.score ?? 0;
+            const trustLevel = trustRecord?.level ?? 0;
+            // Check capability
+            const hasCapability = capabilities.some(cap => cap === '*' ||
+                cap === action.type ||
+                cap === `${action.type}:*` ||
+                cap === `${action.type}:${action.resource.split('/')[0]}`);
+            const wouldAllow = hasCapability && trustScore >= 200;
+            let tier;
+            if (!wouldAllow) {
+                tier = 'RED';
+            }
+            else if (trustLevel >= 5) {
+                tier = 'GREEN';
+            }
+            else {
+                tier = 'YELLOW';
+            }
+            const reason = wouldAllow
+                ? 'Action would be permitted'
+                : hasCapability
+                    ? `Trust score ${trustScore} below minimum threshold`
+                    : `Missing capability for ${action.type}`;
+            return { wouldAllow, tier, reason };
         });
         // Proof routes
-        api.get('/proofs/:id', async (_request, _reply) => {
-            // TODO: Implement proof retrieval
-            return { message: 'Proof retrieval - not implemented' };
+        api.get('/proofs/:id', async (request, reply) => {
+            const proof = await proofService.get(request.params.id);
+            if (!proof) {
+                return reply.status(404).send({
+                    error: { code: 'NOT_FOUND', message: 'Proof not found' },
+                });
+            }
+            return { proof };
         });
-        api.post('/proofs/:id/verify', async (_request, _reply) => {
-            // TODO: Implement proof verification
-            return { message: 'Proof verification - not implemented' };
+        api.post('/proofs/:id/verify', async (request, reply) => {
+            const result = await proofService.verify(request.params.id);
+            if (result.chainPosition === -1) {
+                return reply.status(404).send({
+                    error: { code: 'NOT_FOUND', message: 'Proof not found' },
+                });
+            }
+            return { verification: result };
         });
         // Trust routes
-        api.get('/trust/:entityId', async (_request, _reply) => {
-            // TODO: Implement trust retrieval
-            return { message: 'Trust retrieval - not implemented' };
+        api.get('/trust/:entityId', async (request) => {
+            const record = await trustEngine.getScore(request.params.entityId);
+            if (!record) {
+                // Return null values for non-existent agents (SDK compatible)
+                return {
+                    agentId: request.params.entityId,
+                    score: null,
+                    tier: null,
+                    tierName: null,
+                    message: 'Agent not found',
+                };
+            }
+            return {
+                agentId: record.entityId,
+                score: record.score,
+                tier: record.level,
+                tierName: trustEngine.getLevelName(record.level),
+                observationCeiling: 7, // Max tier ceiling
+            };
+        });
+        // SDK: Admit agent endpoint
+        api.post('/trust/admit', async (request, reply) => {
+            const { agentId, name, capabilities, observationTier } = request.body;
+            if (!agentId || !name) {
+                return reply.status(400).send({
+                    error: { code: 'INVALID_REQUEST', message: 'Missing required fields: agentId, name' },
+                });
+            }
+            // Initialize agent in trust engine at T3 (Monitored)
+            const initialLevel = 3;
+            await trustEngine.initializeEntity(agentId, initialLevel);
+            const record = await trustEngine.getScore(agentId);
+            const expiresAt = new Date(Date.now() + 365 * 24 * 60 * 60 * 1000).toISOString(); // 1 year
+            apiLogger.info({ agentId, name, initialLevel }, 'Agent admitted');
+            return reply.status(201).send({
+                admitted: true,
+                initialTier: record?.level ?? initialLevel,
+                initialScore: record?.score ?? 500,
+                observationCeiling: observationTier === 'WHITE_BOX' ? 7 : observationTier === 'GRAY_BOX' ? 5 : 3,
+                capabilities: capabilities ?? [],
+                expiresAt,
+            });
+        });
+        // SDK: Record trust signal
+        api.post('/trust/:agentId/signal', async (request, reply) => {
+            const { agentId } = request.params;
+            const { type, source, weight = 0.1, context } = request.body;
+            const recordBefore = await trustEngine.getScore(agentId);
+            if (!recordBefore) {
+                return reply.status(404).send({
+                    error: { code: 'NOT_FOUND', message: 'Agent not found' },
+                });
+            }
+            const scoreBefore = recordBefore.score;
+            // Map signal type to trust value
+            const valueMap = {
+                success: 0.8 + (weight * 0.2),
+                failure: 0.2 - (weight * 0.1),
+                violation: 0.0,
+                neutral: 0.5,
+            };
+            // Record the signal
+            await trustEngine.recordSignal({
+                id: `signal-${Date.now()}-${Math.random().toString(36).slice(2)}`,
+                entityId: agentId,
+                type: `behavioral.${type}`,
+                value: valueMap[type] ?? 0.5,
+                source,
+                timestamp: new Date().toISOString(),
+                metadata: context ?? {},
+            });
+            const recordAfter = await trustEngine.getScore(agentId);
+            const scoreAfter = recordAfter?.score ?? scoreBefore;
+            return {
+                accepted: true,
+                scoreBefore,
+                scoreAfter,
+                change: scoreAfter - scoreBefore,
+                newTier: recordAfter?.level ?? null,
+                newTierName: recordAfter ? trustEngine.getLevelName(recordAfter.level) : null,
+            };
         });
         // Constraint routes
-        api.post('/constraints/validate', async (_request, _reply) => {
-            // TODO: Implement constraint validation
-            return { message: 'Constraint validation - not implemented' };
+        api.post('/constraints/validate', async (request, reply) => {
+            const { entityId, intentType, context } = request.body;
+            if (!entityId || !intentType) {
+                return reply.status(400).send({
+                    error: { code: 'INVALID_REQUEST', message: 'Missing required fields' },
+                });
+            }
+            // Get entity trust record
+            const trustRecord = await trustEngine.getScore(entityId);
+            if (!trustRecord) {
+                return reply.status(404).send({
+                    error: { code: 'NOT_FOUND', message: 'Entity not found' },
+                });
+            }
+            // Create evaluation context
+            const evalContext = {
+                intent: {
+                    id: 'validation-check',
+                    type: intentType,
+                    goal: 'constraint-validation',
+                    context: context ?? {},
+                },
+                entity: {
+                    id: entityId,
+                    type: 'agent',
+                    trustScore: trustRecord.score,
+                    trustLevel: trustRecord.level,
+                    attributes: {},
+                },
+                environment: {
+                    timestamp: new Date().toISOString(),
+                    timezone: 'UTC',
+                    requestId: request.id,
+                },
+                custom: {},
+            };
+            // Evaluate constraints
+            const result = await evaluator.evaluate(evalContext);
+            return {
+                validation: {
+                    passed: result.passed,
+                    action: result.finalAction,
+                    rulesEvaluated: result.rulesEvaluated.length,
+                    violations: result.violatedRules.map((r) => ({
+                        ruleId: r.ruleId,
+                        reason: r.reason,
+                    })),
+                },
+            };
         });
     }, { prefix: config.api.basePath });
     // Error handler