npm - @vorionsys/basis - Versions diffs - 1.0.1 → 1.0.2 - Mend

@vorionsys/basis 1.0.1 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (183) hide show

package/README.md CHANGED Viewed

@@ -1,16 +1,8 @@
 # @vorionsys/basis
-**Behavioral AI Safety & Integrity Standard (BASIS)** - Open standard for AI agent governance with an 8-tier trust framework, 23 trust factors, and a KYA (Know Your Agent) verification SDK.
+**Baseline Authority for Safe & Interoperable Systems (BASIS)** -- Open standard for AI agent governance with an 8-tier trust framework, 23 trust factors, a validation gate, and a KYA (Know Your Agent) verification SDK.
-## Overview
-BASIS defines how autonomous AI agents earn, maintain, and lose trust. It provides:
-- **8 Trust Tiers (T0-T7)**: Progressive autonomy levels from Sandbox to Autonomous
-- **23 Trust Factors**: 15 core + 8 life-critical evaluation criteria
-- **Tier-Gated Capabilities**: What agents can do at each trust level
-- **KYA Framework**: Identity, Authorization, Accountability, and Behavior monitoring
-- **Validation Gate**: Central pass/reject/escalate decisions for agent manifests
+> Part of the [Vorion](https://vorion.org) platform for autonomous AI agent infrastructure.
 ## Installation
@@ -18,8 +10,22 @@ BASIS defines how autonomous AI agents earn, maintain, and lose trust. It provid
 npm install @vorionsys/basis
 ```
+## What is BASIS?
+BASIS (Baseline Authority for Safe & Interoperable Systems) defines how autonomous AI agents earn, maintain, and lose trust. It is the governance layer for any system that deploys, orchestrates, or monitors AI agents.
+BASIS provides:
+- **8 Trust Tiers (T0-T7)** -- Progressive autonomy levels from Sandbox to Autonomous
+- **23 Trust Factors** -- 15 core + 8 life-critical evaluation criteria with weighted scoring
+- **Tier-Gated Capabilities** -- What agents can do at each trust level (35 capabilities across 8 categories)
+- **Validation Gate** -- Central PASS / REJECT / ESCALATE decisions for agent manifests
+- **KYA (Know Your Agent) Framework** -- Identity verification, authorization, accountability chains, and behavior monitoring
 ## Quick Start
+### Evaluate an Agent's Trust Score
 ```typescript
 import {
   TrustTier,
@@ -27,17 +33,162 @@ import {
   calculateTrustScore,
   getRequiredFactors,
   getTrustTierFromScore,
+  type FactorScore,
 } from '@vorionsys/basis';
-// Get required factors for a tier
-const required = getRequiredFactors(TrustTier.T4_OPERATIONAL);
+// Which factors are required for T4 Standard?
+const required = getRequiredFactors(TrustTier.T4_STANDARD);
 console.log(`T4 requires ${required.length} factors`);
-// Calculate trust score from factor scores
-const evaluation = calculateTrustScore(factorScores, TrustTier.T4_OPERATIONAL);
+// Build factor scores for an agent
+const factorScores: FactorScore[] = [
+  { code: 'CT_COMP', score: 0.85, timestamp: new Date(), source: 'measured', confidence: 0.9 },
+  { code: 'CT_REL',  score: 0.80, timestamp: new Date(), source: 'measured', confidence: 0.9 },
+  { code: 'CT_OBS',  score: 0.78, timestamp: new Date(), source: 'measured', confidence: 0.85 },
+  // ... additional factor scores
+];
+// Calculate trust score against a target tier
+const evaluation = calculateTrustScore(factorScores, TrustTier.T4_STANDARD);
 console.log(`Score: ${evaluation.totalScore}/1000`);
 console.log(`Compliant: ${evaluation.compliant}`);
-console.log(`Missing: ${evaluation.missingFactors}`);
+console.log(`Missing factors: ${evaluation.missingFactors}`);
+console.log(`Below threshold: ${evaluation.belowThreshold}`);
+// Determine tier from a raw score
+const tier = getTrustTierFromScore(720);
+// => TrustTier.T4_STANDARD
+```
+### Validate an Agent Manifest
+```typescript
+import {
+  validateAgent,
+  GateDecision,
+  ValidationSeverity,
+  type AgentManifest,
+} from '@vorionsys/basis';
+const manifest: AgentManifest = {
+  agentId: 'a3i.acme-corp.invoice-bot:ABF-L3@1.0.0',
+  organization: 'acme-corp',
+  agentClass: 'invoice-bot',
+  trustScore: 520,
+  requestedCapabilities: ['CAP-DB-READ', 'CAP-WRITE-APPROVED'],
+};
+const result = validateAgent(manifest);
+switch (result.decision) {
+  case GateDecision.PASS:
+    console.log('Agent validated -- proceed');
+    console.log('Allowed capabilities:', result.allowedCapabilities);
+    break;
+  case GateDecision.REJECT:
+    console.log('Agent rejected:', result.errors);
+    break;
+  case GateDecision.ESCALATE:
+    console.log('Human review required:', result.warnings);
+    break;
+}
+```
+### Check Tier-Gated Capabilities
+```typescript
+import {
+  TrustTier,
+  getCapabilitiesForTier,
+  getNewCapabilitiesAtTier,
+  hasCapability,
+  getToolsForTier,
+} from '@vorionsys/basis';
+// Get all capabilities available at T4
+const caps = getCapabilitiesForTier(TrustTier.T4_STANDARD);
+console.log(`T4 agents have ${caps.length} capabilities`);
+// Get only the capabilities that unlock at T4
+const newCaps = getNewCapabilitiesAtTier(TrustTier.T4_STANDARD);
+console.log('New at T4:', newCaps.map(c => c.name));
+// Check if a specific tier has a capability
+const canWrite = hasCapability(TrustTier.T2_PROVISIONAL, 'CAP-WRITE-APPROVED');
+console.log(`T2 can write to approved locations: ${canWrite}`);
+// Get all tools available at a tier
+const tools = getToolsForTier(TrustTier.T3_MONITORED);
+console.log('T3 tools:', tools);
+```
+### KYA (Know Your Agent) Verification
+```typescript
+import { KYA } from '@vorionsys/basis';
+const kya = new KYA({
+  didResolver: {
+    networks: ['vorion', 'ethereum'],
+    cacheEnabled: true,
+  },
+  policyEngine: {
+    policyBundlesPath: './policies',
+    defaultJurisdiction: 'Global',
+  },
+  database: {
+    type: 'postgres',
+    connectionString: process.env.DATABASE_URL!,
+  },
+});
+// Complete 4-step verification flow:
+// 1. Identity   -- DID resolution + Ed25519 signature verification
+// 2. Authorization -- Capability token + policy constraint check
+// 3. Accountability -- Hash-linked audit chain logging
+// 4. Behavior   -- Anomaly detection (rate spikes, suspicious access)
+const result = await kya.verifyAgent({
+  agentDID: 'did:vorion:ed25519:5Z8K3q2YvU8pVzNxF9sT7bQw6JhR1Xm',
+  action: 'file.read',
+  resource: 'documents/report.pdf',
+  proof: {
+    challenge: 'abc123...',
+    signature: 'deadbeef...',
+    timestamp: Date.now(),
+  },
+});
+if (result.allowed) {
+  console.log(`Trust score: ${result.trustScore}`);
+  console.log(`Anomalies detected: ${result.anomalies}`);
+} else {
+  console.log(`Denied: ${result.reason}`);
+}
+```
+### Use Pre-Built Validation Gates
+```typescript
+import {
+  createValidationGate,
+  strictValidationGate,
+  productionValidationGate,
+} from '@vorionsys/basis';
+// Strict mode -- treats warnings as errors
+const result1 = strictValidationGate.validate(manifest);
+// Production mode -- requires registered profile, minimum T2 tier
+const result2 = productionValidationGate.validate(manifest, registeredProfile);
+// Custom gate with your own defaults
+const myGate = createValidationGate({
+  strict: false,
+  requireRegisteredProfile: true,
+  minimumTrustTier: TrustTier.T3_MONITORED,
+  allowCapabilityEscalation: true,
+});
+const result3 = myGate.validate(manifest);
 ```
 ## Trust Tiers
@@ -47,17 +198,17 @@ console.log(`Missing: ${evaluation.missingFactors}`);
 | T0 | 0-199 | Sandbox | 0 | Observation only, no external access |
 | T1 | 200-349 | Observed | 3 | Basic competence demonstrated |
 | T2 | 350-499 | Provisional | 6 | Accountability + safety emerging |
-| T3 | 500-649 | Verified | 9 | Security + identity confirmed |
-| T4 | 650-799 | Operational | 13 | Human oversight + alignment |
+| T3 | 500-649 | Monitored | 9 | Security + identity confirmed |
+| T4 | 650-799 | Standard | 13 | Human oversight + alignment |
 | T5 | 800-875 | Trusted | 16 | Stewardship + humility |
 | T6 | 876-950 | Certified | 20 | Adaptability + causal reasoning |
-| T7 | 951-1000 | Autonomous | 23 | Full autonomy - all factors |
+| T7 | 951-1000 | Autonomous | 23 | Full autonomy -- all factors |
 ## Trust Factors
 ### Core Factors (15)
-| Code | Name | Required From | Tier |
+| Code | Name | Required From | Factor Tier |
 |------|------|--------------|------|
 | CT-COMP | Competence | T1 | Foundational |
 | CT-REL | Reliability | T1 | Foundational |
@@ -90,65 +241,51 @@ For healthcare, safety, and life-saving AI applications:
 | LC-MORAL | Nuanced Moral Reasoning | T7 |
 | LC-TRACK | Proven Efficacy Track Record | T7 |
-## KYA (Know Your Agent)
+## Capability Categories
-The KYA framework provides a complete agent verification pipeline:
+Capabilities are gated by trust tier. As agents earn higher trust, they unlock more capabilities across 8 categories:
-```typescript
-import { KYA } from '@vorionsys/basis';
-const kya = new KYA({
-  didResolver: myDIDResolver,
-  policyEngine: myPolicyEngine,
-  database: myDatabase,
-});
+| Category | Examples | First Available |
+|----------|----------|----------------|
+| Data Access | Read public/internal data, database read/write, secrets | T0 |
+| File Operations | Write to approved directories | T2 |
+| API Access | Internal API read, external GET, full REST | T1 |
+| Code Execution | Generate responses, data transforms, sandboxed code | T0 |
+| Agent Interaction | Agent communication, delegation, spawning | T4 |
+| Resource Management | Resource provisioning, budget management | T4 |
+| System Administration | Limited admin, infrastructure management, full admin | T5 |
+| Governance | Human escalation, policy modification, strategic decisions | T4 |
-// Complete verification flow:
-// 1. Identity (DID + signature verification)
-// 2. Authorization (capability + policy check)
-// 3. Accountability (audit chain logging)
-// 4. Behavior (anomaly detection)
-const result = await kya.verifyAgent({
-  agentDID: 'did:vorion:agent-123',
-  action: 'read',
-  resource: 'documents/report.pdf',
-  proof: { challenge, signature, timestamp },
-});
-if (result.allowed) {
-  console.log(`Trust score: ${result.trustScore}`);
-  console.log(`Anomalies: ${result.anomalies}`);
-}
-```
-## Validation Gate
+## API Reference
-Central pass/reject/escalate decisions:
+### Enums
 ```typescript
-import { GateDecision, ValidationSeverity } from '@vorionsys/basis';
-// GateDecision.PASS     - Agent proceeds
-// GateDecision.REJECT   - Agent blocked
-// GateDecision.ESCALATE - Human review required
-```
+// Trust tier levels (T0-T7)
+enum TrustTier {
+  T0_SANDBOX, T1_OBSERVED, T2_PROVISIONAL, T3_MONITORED,
+  T4_STANDARD, T5_TRUSTED, T6_CERTIFIED, T7_AUTONOMOUS
+}
-## Capabilities
+// Factor classification tiers
+enum FactorTier {
+  FOUNDATIONAL, OPERATIONAL, SOPHISTICATED, LIFE_CRITICAL
+}
-Tier-gated capabilities define what agents can do:
+// Capability categories
+enum CapabilityCategory {
+  DATA_ACCESS, FILE_OPERATIONS, API_ACCESS, CODE_EXECUTION,
+  AGENT_INTERACTION, RESOURCE_MANAGEMENT, SYSTEM_ADMINISTRATION, GOVERNANCE
+}
-```typescript
-import { getCapabilitiesForTier, hasCapability, TrustTier } from '@vorionsys/basis';
+// Validation gate decisions
+enum GateDecision { PASS, REJECT, ESCALATE }
-const caps = getCapabilitiesForTier(TrustTier.T4_OPERATIONAL);
-const canWrite = hasCapability('CAP-WRITE-DATA', TrustTier.T2_PROVISIONAL);
+// Validation issue severity
+enum ValidationSeverity { INFO, WARNING, ERROR, CRITICAL }
 ```
-Capability categories: Data Access, File Operations, API Access, Code Execution, Agent Interaction, Resource Management, System Administration, Governance.
-## API Reference
-### Trust Score Calculation
+### Trust Score Functions
 ```typescript
 calculateTrustScore(scores: FactorScore[], tier: TrustTier): TrustEvaluation
@@ -160,36 +297,157 @@ getTierName(tier: TrustTier): string
 getTierColor(tier: TrustTier): string
 ```
+### Capability Functions
+```typescript
+getCapabilitiesForTier(tier: TrustTier): Capability[]
+getNewCapabilitiesAtTier(tier: TrustTier): Capability[]
+hasCapability(agentTier: TrustTier, capabilityCode: string): boolean
+getToolsForTier(tier: TrustTier): string[]
+```
+### Validation Gate Functions
+```typescript
+validateAgent(manifest: AgentManifest, profile?: RegisteredProfile, options?: ValidationGateOptions): ValidationGateResult
+isValidAgent(manifest: AgentManifest, profile?: RegisteredProfile, options?: ValidationGateOptions): boolean
+createValidationGate(defaultOptions: ValidationGateOptions): { validate, isValid }
+scoreToTier(score: number): TrustTier
+// Pre-built gates
+strictValidationGate       // Treats warnings as errors
+productionValidationGate   // Requires registered profile, minimum T2
+```
+### KYA Classes
+```typescript
+class KYA {
+  identity: IdentityVerifier;
+  authorization: AuthorizationManager;
+  accountability: AccountabilityChain;
+  behavior: BehaviorMonitor;
+  verifyAgent(params): Promise<{ allowed, reason, trustScore, anomalies }>
+}
+class IdentityVerifier {
+  verify(proof: IdentityProof): Promise<boolean>
+  resolveDID(did: string): Promise<DIDDocument>
+  generateChallenge(): string
+  signChallenge(challenge: string, privateKey: Uint8Array): Promise<string>
+}
+class AuthorizationManager {
+  authorize(request: AuthorizationRequest): Promise<AuthorizationDecision>
+  grantCapability(agentDID: string, token: CapabilityToken): Promise<void>
+  revokeCapability(agentDID: string, capabilityId: string): Promise<void>
+}
+class AccountabilityChain {
+  append(record: AccountabilityRecord): Promise<void>
+  verify(agentDID: string): Promise<{ valid, totalRecords, brokenLinks }>
+  query(agentDID: string, options?): Promise<AccountabilityRecord[]>
+}
+class BehaviorMonitor {
+  detectAnomalies(agentDID: string): Promise<AnomalyAlert[]>
+  getBehaviorProfile(agentDID: string): Promise<BehaviorProfile>
+  updateTrustScoreFromBehavior(agentDID: string, anomalies: AnomalyAlert[]): Promise<number>
+  getTrustScore(agentDID: string): Promise<number>
+}
+```
 ### Constants
 ```typescript
-CORE_FACTORS        // 15 core trust factors
-LIFE_CRITICAL_FACTORS // 8 life-critical factors
-ALL_FACTORS         // All 23 factors combined
-TIER_THRESHOLDS     // Score ranges per tier
-TRUST_TIER_DISPLAY  // Display config (name, color)
+CORE_FACTORS              // 15 core trust factors with metadata
+LIFE_CRITICAL_FACTORS     // 8 life-critical factors with metadata
+ALL_FACTORS               // All 23 factors combined
+TIER_THRESHOLDS           // Score ranges per tier ({ min, max })
+FACTOR_THRESHOLDS_BY_TIER // Per-factor thresholds at each tier (minimum, weight, critical)
+FACTOR_MINIMUM_SCORE      // Global minimum factor score (0.5)
+TRUST_TIER_DISPLAY        // Display config per tier (name, color, textColor)
+CAPABILITIES_BY_TIER      // Capability arrays indexed by TrustTier
+TIER_CAPABILITY_SUMMARY   // Human-readable capability summaries per tier
+// Capability arrays per tier
+T0_CAPABILITIES through T7_CAPABILITIES
+```
+### Zod Schemas
+```typescript
+agentManifestSchema        // Validates AgentManifest shape
+registeredProfileSchema    // Validates RegisteredProfile shape
+validationIssueSchema      // Validates ValidationIssue shape
+validationGateResultSchema // Validates ValidationGateResult shape
 ```
-## TypeScript
+### Key Interfaces
 ```typescript
 import type {
-  TrustTier,
-  FactorTier,
-  FactorCode,
-  CoreFactorCode,
-  LifeCriticalFactorCode,
+  // Trust scoring
   FactorScore,
   TrustEvaluation,
   FactorThreshold,
+  // Capabilities
   Capability,
-  CapabilityCategory,
-  GateDecision,
-  ValidationSeverity,
+  // Validation gate
+  AgentManifest,
+  RegisteredProfile,
+  ValidationGateResult,
+  ValidationGateOptions,
+  ValidationIssue,
+  CustomValidator,
+  // KYA types
   KYAConfig,
+  DIDDocument,
+  DIDResolverConfig,
+  PolicyEngineConfig,
+  DatabaseConfig,
+  IdentityProof,
+  VerificationMethod,
+  AuthorizationRequest,
+  AuthorizationDecision,
+  CapabilityToken,
+  KYACapability,
+  PolicyBundle,
+  Constraint,
+  Obligation,
+  Permission,
+  AccountabilityRecord,
+  AccountabilityVerification,
+  BehaviorProfile,
+  AnomalyAlert,
+  TrustScoreComponents,
+  TrustScoreUpdate,
+  KYAMetadata,
+  ServiceEndpoint,
 } from '@vorionsys/basis';
 ```
+## Sub-path Imports
+The KYA module can also be imported directly:
+```typescript
+import { KYA, IdentityVerifier } from '@vorionsys/basis/kya';
+```
+## Requirements
+- Node.js >= 18.0.0
+- TypeScript >= 5.3 (recommended)
+## Repository
+This package is part of the [Vorion monorepo](https://github.com/voriongit/vorion) at `packages/basis`.
 ## License
-Apache-2.0
+[Apache-2.0](./LICENSE)

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+/**
+ * BASIS - Baseline Authority for Safe & Interoperable Systems
+ *
+ * Core trust framework for autonomous AI agents
+ */
+export * from './trust-factors';
+export * from './trust-capabilities';
+export * from './validation-gate';
+export * from './kya';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,cAAc,iBAAiB,CAAC;AAGhC,cAAc,sBAAsB,CAAC;AAGrC,cAAc,OAAO,CAAC"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,cAAc,iBAAiB,CAAC;AAGhC,cAAc,sBAAsB,CAAC;AAGrC,cAAc,mBAAmB,CAAC;AAGlC,cAAc,OAAO,CAAC"}

package/dist/index.js CHANGED Viewed

@@ -1,5 +1,5 @@
 /**
- * BASIS - Behavioral AI Safety & Integrity Standard
+ * BASIS - Baseline Authority for Safe & Interoperable Systems
  *
  * Core trust framework for autonomous AI agents
  */
@@ -7,6 +7,8 @@
 export * from './trust-factors';
 // Trust Capabilities - What agents can do at each tier
 export * from './trust-capabilities';
+// Validation Gate - Agent manifest validation
+export * from './validation-gate';
 // KYA (Know Your Agent) - Identity and authorization
 export * from './kya';
 //# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,mCAAmC;AACnC,cAAc,iBAAiB,CAAC;AAEhC,uDAAuD;AACvD,cAAc,sBAAsB,CAAC;AAErC,8CAA8C;AAC9C,cAAc,mBAAmB,CAAC;AAElC,qDAAqD;AACrD,cAAc,OAAO,CAAC"}

package/dist/kya/accountability.d.ts ADDED Viewed

@@ -0,0 +1,39 @@
+/**
+ * KYA Accountability Chain
+ * Immutable hash-linked audit trail
+ */
+import { AccountabilityRecord, DatabaseConfig } from './types.js';
+export declare class AccountabilityChain {
+    private config;
+    private records;
+    constructor(config: DatabaseConfig);
+    /**
+     * Append record to accountability chain
+     */
+    append(record: AccountabilityRecord): Promise<void>;
+    /**
+     * Verify chain integrity for agent
+     */
+    verify(agentDID: string): Promise<{
+        valid: boolean;
+        totalRecords: number;
+        brokenLinks: number;
+    }>;
+    /**
+     * Query records for agent
+     */
+    query(agentDID: string, options?: {
+        action?: string;
+        timeRange?: [number, number];
+        outcome?: 'success' | 'failure' | 'denied';
+    }): Promise<AccountabilityRecord[]>;
+    /**
+     * Calculate hash for record
+     */
+    private calculateHash;
+    /**
+     * Update agent's accountability score
+     */
+    private updateAccountabilityScore;
+}
+//# sourceMappingURL=accountability.d.ts.map

package/dist/kya/accountability.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"accountability.js","sourceRoot":"","sources":["../../src/kya/accountability.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAGpC,MAAM,OAAO,mBAAmB;IAGV;IAFZ,OAAO,CAAsC;IAErD,YAAoB,MAAsB;QAAtB,WAAM,GAAN,MAAM,CAAgB;QACxC,IAAI,CAAC,OAAO,GAAG,IAAI,GAAG,EAAE,CAAC;QACzB,4CAA4C;IAC9C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM,CAAC,MAA4B;QACvC,wCAAwC;QACxC,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC7D,MAAM,UAAU,GAAG,YAAY,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAEzD,uBAAuB;QACvB,MAAM,CAAC,SAAS,CAAC,QAAQ,GAAG,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAE/E,oCAAoC;QACpC,MAAM,IAAI,GAAG,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;QAExC,6CAA6C;QAC7C,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC1B,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;QAEhD,mDAAmD;QACnD,MAAM,IAAI,CAAC,yBAAyB,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;IACxE,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM,CAAC,QAAgB;QAK3B,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QAEjD,IAAI,WAAW,GAAG,CAAC,CAAC;QACpB,IAAI,QAAQ,GAAkB,IAAI,CAAC;QAEnC,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,IAAI,MAAM,CAAC,SAAS,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;gBAC3C,WAAW,EAAE,CAAC;YAChB,CAAC;YAED,cAAc;YACd,MAAM,YAAY,GAAG,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;YAChD,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,CAAC;gBACpC,GAAG,MAAM;gBACT,SAAS,EAAE,EAAE,GAAG,MAAM,CAAC,SAAS,EAAE;aACnC,CAAC,CAAC;YAEH,IAAI,YAAY,KAAK,UAAU,EAAE,CAAC;gBAChC,WAAW,EAAE,CAAC;YAChB,CAAC;YAED,QAAQ,GAAG,YAAY,CAAC;QAC1B,CAAC;QAED,OAAO;YACL,KAAK,EAAE,WAAW,KAAK,CAAC;YACxB,YAAY,EAAE,OAAO,CAAC,MAAM;YAC5B,WAAW;SACZ,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,KAAK,CAAC,QAAgB,EAAE,OAI7B;QACC,IAAI,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QAE/C,IAAI,OAAO,EAAE,MAAM,EAAE,CAAC;YACpB,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;QAC7D,CAAC;QAED,IAAI,OAAO,EAAE,SAAS,EAAE,CAAC;YACvB,MAAM,CAAC,KAAK,EAAE,GAAG,CAAC,GAAG,OAAO,CAAC,SAAS,CAAC;YACvC,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,IAAI,KAAK,IAAI,CAAC,CAAC,SAAS,IAAI,GAAG,CAAC,CAAC;QAC5E,CAAC;QAED,IAAI,OAAO,EAAE,OAAO,EAAE,CAAC;YACrB,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACK,aAAa,CAAC,MAA4B;QAChD,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC;YAC7B,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,QAAQ,EAAE,MAAM,CAAC,SAAS,CAAC,QAAQ;SACpC,CAAC,CAAC;QAEH,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC5D,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,yBAAyB,CACrC,QAAgB,EAChB,OAAyC;QAEzC,gDAAgD;QAChD,MAAM,MAAM,GAAG,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAC5E,gDAAgD;IAClD,CAAC;CACF"}

package/dist/kya/authorization.d.ts ADDED Viewed

@@ -0,0 +1,48 @@
+/**
+ * KYA Authorization Manager
+ * Capability-based access control + policy enforcement
+ */
+import { AuthorizationRequest, AuthorizationDecision, CapabilityToken, PolicyEngineConfig } from './types.js';
+export declare class AuthorizationManager {
+    private config;
+    private policyBundles;
+    private capabilities;
+    constructor(config: PolicyEngineConfig);
+    /**
+     * Authorize agent action
+     */
+    authorize(request: AuthorizationRequest): Promise<AuthorizationDecision>;
+    /**
+     * Grant capability to agent
+     */
+    grantCapability(agentDID: string, capabilityToken: CapabilityToken): Promise<void>;
+    /**
+     * Revoke capability from agent
+     */
+    revokeCapability(agentDID: string, capabilityId: string): Promise<void>;
+    /**
+     * Check if capability matches action + resource
+     */
+    private matchesCapability;
+    /**
+     * Pattern matching with wildcards
+     */
+    private matchesPattern;
+    /**
+     * Evaluate capability conditions
+     */
+    private evaluateConditions;
+    /**
+     * Check policy constraints (MUST NOT do)
+     */
+    private checkPolicyConstraints;
+    /**
+     * Evaluate constraint rule (simplified)
+     */
+    private evaluateConstraint;
+    /**
+     * Load policy bundles from configuration
+     */
+    private loadPolicyBundles;
+}
+//# sourceMappingURL=authorization.d.ts.map

package/dist/kya/authorization.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"authorization.js","sourceRoot":"","sources":["../../src/kya/authorization.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAWH,MAAM,OAAO,oBAAoB;IAIX;IAHZ,aAAa,CAA4B;IACzC,YAAY,CAAiC;IAErD,YAAoB,MAA0B;QAA1B,WAAM,GAAN,MAAM,CAAoB;QAC5C,IAAI,CAAC,aAAa,GAAG,IAAI,GAAG,EAAE,CAAC;QAC/B,IAAI,CAAC,YAAY,GAAG,IAAI,GAAG,EAAE,CAAC;QAE9B,sBAAsB;QACtB,IAAI,CAAC,iBAAiB,EAAE,CAAC;IAC3B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS,CAAC,OAA6B;QAC3C,4BAA4B;QAC5B,MAAM,iBAAiB,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QAExE,8BAA8B;QAC9B,MAAM,WAAW,GAAG,iBAAiB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CACjD,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,GAAkB,EAAE,EAAE,CAC7C,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,CAAC,CAC9D,CACF,CAAC;QAEF,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,wBAAwB;gBAChC,WAAW,EAAE,CAAC,EAAE;aACjB,CAAC;QACJ,CAAC;QAED,6BAA6B;QAC7B,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QAClD,MAAM,QAAQ,GAAG,IAAI,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QAEhD,IAAI,GAAG,GAAG,SAAS,IAAI,GAAG,GAAG,QAAQ,EAAE,CAAC;YACtC,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,qCAAqC;gBAC7C,WAAW,EAAE,CAAC,CAAC;aAChB,CAAC;QACJ,CAAC;QAED,yBAAyB;QACzB,MAAM,UAAU,GAAG,WAAW,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,GAAkB,EAAE,EAAE,CACtE,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,CAAC,CAC7D,CAAC;QAEH,IAAI,UAAU,CAAC,UAAU,EAAE,CAAC;YAC1B,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,kBAAkB,CACnD,UAAU,CAAC,UAAU,EACrB,OAAO,CACR,CAAC;YAEF,IAAI,CAAC,eAAe,EAAE,CAAC;gBACrB,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,+BAA+B;oBACvC,WAAW,EAAE,CAAC,CAAC;iBAChB,CAAC;YACJ,CAAC;QACH,CAAC;QAED,8BAA8B;QAC9B,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAC;QAEpE,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,sBAAsB,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;gBAC3D,WAAW,EAAE,CAAC,EAAE;aACjB,CAAC;QACJ,CAAC;QAED,WAAW;QACX,OAAO;YACL,OAAO,EAAE,IAAI;YACb,MAAM,EAAE,YAAY;YACpB,UAAU,EAAE,UAAU,CAAC,UAAU;YACjC,WAAW,EAAE,CAAC;SACf,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CACnB,QAAgB,EAChB,eAAgC;QAEhC,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QACvD,QAAQ,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAC/B,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC5C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,gBAAgB,CAAC,QAAgB,EAAE,YAAoB;QAC3D,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QACvD,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,KAAK,YAAY,CAAC,CAAC;QACjE,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC5C,CAAC;IAED,+EAA+E;IAC/E,kBAAkB;IAClB,+EAA+E;IAE/E;;OAEG;IACK,iBAAiB,CACvB,UAAgD,EAChD,MAAc,EACd,QAAgB;QAEhB,cAAc;QACd,IAAI,UAAU,CAAC,MAAM,KAAK,MAAM,IAAI,UAAU,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;YACrE,OAAO,IAAI,CAAC;QACd,CAAC;QAED,iBAAiB;QACjB,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACnE,MAAM,aAAa,GAAG,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAEzE,OAAO,WAAW,IAAI,aAAa,CAAC;IACtC,CAAC;IAED;;OAEG;IACK,cAAc,CAAC,OAAe,EAAE,KAAa;QACnD,IAAI,OAAO,KAAK,GAAG;YAAE,OAAO,IAAI,CAAC;QACjC,IAAI,OAAO,KAAK,KAAK;YAAE,OAAO,IAAI,CAAC;QAEnC,gCAAgC;QAChC,MAAM,YAAY,GAAG,OAAO;aACzB,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC;aACrB,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QAExB,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,IAAI,YAAY,GAAG,CAAC,CAAC;QAC9C,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC3B,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,kBAAkB,CAC9B,UAAmC,EACnC,OAA6B;QAE7B,2BAA2B;QAC3B,IAAI,UAAU,CAAC,WAAW,IAAI,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAC/D,+BAA+B;YAC/B,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,UAAU,CAAC,SAAS,EAAE,CAAC;YACzB,4BAA4B;YAC5B,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,UAAU,CAAC,OAAO,IAAI,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YAC5D,0BAA0B;YAC1B,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,sBAAsB,CAClC,OAA6B;QAE7B,MAAM,UAAU,GAAa,EAAE,CAAC;QAEhC,+BAA+B;QAC/B,MAAM,YAAY,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,mBAAmB,CAAC,CAAC;QAE7E,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,OAAO,UAAU,CAAC;QACpB,CAAC;QAED,wBAAwB;QACxB,KAAK,MAAM,UAAU,IAAI,YAAY,CAAC,WAAW,EAAE,CAAC;YAClD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YAEzE,IAAI,QAAQ,EAAE,CAAC;gBACb,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;gBAExC,2BAA2B;gBAC3B,IAAI,UAAU,CAAC,WAAW,KAAK,OAAO,EAAE,CAAC;oBACvC,0CAA0C;gBAC5C,CAAC;qBAAM,IAAI,UAAU,CAAC,WAAW,KAAK,MAAM,EAAE,CAAC;oBAC7C,OAAO,CAAC,IAAI,CAAC,mBAAmB,UAAU,CAAC,WAAW,EAAE,CAAC,CAAC;gBAC5D,CAAC;qBAAM,IAAI,UAAU,CAAC,WAAW,KAAK,KAAK,EAAE,CAAC;oBAC5C,OAAO,CAAC,GAAG,CAAC,kBAAkB,UAAU,CAAC,WAAW,EAAE,CAAC,CAAC;gBAC1D,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,UAAU,CAAC;IACpB,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,kBAAkB,CAC9B,IAAY,EACZ,OAA6B;QAE7B,2DAA2D;QAC3D,mCAAmC;QACnC,IAAI,IAAI,CAAC,QAAQ,CAAC,sBAAsB,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;YACrF,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,IAAI,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;YACjF,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACK,iBAAiB;QACvB,iCAAiC;QACjC,0CAA0C;QAC1C,MAAM,aAAa,GAAiB;YAClC,EAAE,EAAE,mBAAmB;YACvB,OAAO,EAAE,OAAO;YAChB,YAAY,EAAE,QAAQ;YACtB,WAAW,EAAE;gBACX;oBACE,EAAE,EAAE,sBAAsB;oBAC1B,WAAW,EAAE,uCAAuC;oBACpD,IAAI,EAAE,sBAAsB;oBAC5B,QAAQ,EAAE,UAAU;oBACpB,WAAW,EAAE,OAAO;iBACrB;gBACD;oBACE,EAAE,EAAE,kBAAkB;oBACtB,WAAW,EAAE,qCAAqC;oBAClD,IAAI,EAAE,kBAAkB;oBACxB,QAAQ,EAAE,MAAM;oBAChB,WAAW,EAAE,OAAO;iBACrB;aACF;YACD,WAAW,EAAE,EAAE;YACf,WAAW,EAAE,EAAE;SAChB,CAAC;QAEF,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;IAClD,CAAC;CACF;AAED,+EAA+E;AAC/E,gBAAgB;AAChB,+EAA+E;AAE/E;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA0CE"}

package/dist/kya/behavior.d.ts ADDED Viewed

@@ -0,0 +1,28 @@
+/**
+ * KYA Behavior Monitor
+ * Real-time anomaly detection + trust scoring
+ */
+import { AnomalyAlert, BehaviorProfile, DatabaseConfig } from './types.js';
+export declare class BehaviorMonitor {
+    private config;
+    private profiles;
+    private trustScores;
+    constructor(config: DatabaseConfig);
+    /**
+     * Detect anomalies in agent behavior
+     */
+    detectAnomalies(agentDID: string): Promise<AnomalyAlert[]>;
+    /**
+     * Get or create behavior profile for agent
+     */
+    getBehaviorProfile(agentDID: string): Promise<BehaviorProfile>;
+    /**
+     * Update trust score from behavior
+     */
+    updateTrustScoreFromBehavior(agentDID: string, anomalies: AnomalyAlert[]): Promise<number>;
+    /**
+     * Get current trust score
+     */
+    getTrustScore(agentDID: string): Promise<number>;
+}
+//# sourceMappingURL=behavior.d.ts.map