@vorionsys/basis 1.0.1

package/dist/kya/authorization.js

@@ -0,0 +1,258 @@
+/**
+ * KYA Authorization Manager
+ * Capability-based access control + policy enforcement
+ */
+export class AuthorizationManager {
+    config;
+    policyBundles;
+    capabilities;
+    constructor(config) {
+        this.config = config;
+        this.policyBundles = new Map();
+        this.capabilities = new Map();
+        // Load policy bundles
+        this.loadPolicyBundles();
+    }
+    /**
+     * Authorize agent action
+     */
+    async authorize(request) {
+        // 1. Get agent capabilities
+        const agentCapabilities = this.capabilities.get(request.agentDID) || [];
+        // 2. Find matching capability
+        const matchingCap = agentCapabilities.find(token => token.capabilities.some((cap) => this.matchesCapability(cap, request.action, request.resource)));
+        if (!matchingCap) {
+            return {
+                allowed: false,
+                reason: 'No matching capability',
+                trustImpact: -10,
+            };
+        }
+        // 3. Check capability expiry
+        const now = new Date();
+        const notBefore = new Date(matchingCap.notBefore);
+        const notAfter = new Date(matchingCap.notAfter);
+        if (now < notBefore || now > notAfter) {
+            return {
+                allowed: false,
+                reason: 'Capability expired or not yet valid',
+                trustImpact: -5,
+            };
+        }
+        // 4. Evaluate conditions
+        const capability = matchingCap.capabilities.find((cap) => this.matchesCapability(cap, request.action, request.resource));
+        if (capability.conditions) {
+            const conditionsValid = await this.evaluateConditions(capability.conditions, request);
+            if (!conditionsValid) {
+                return {
+                    allowed: false,
+                    reason: 'Capability conditions not met',
+                    trustImpact: -5,
+                };
+            }
+        }
+        // 5. Check policy constraints
+        const policyViolations = await this.checkPolicyConstraints(request);
+        if (policyViolations.length > 0) {
+            return {
+                allowed: false,
+                reason: `Policy violations: ${policyViolations.join(', ')}`,
+                trustImpact: -20,
+            };
+        }
+        // 6. ALLOW
+        return {
+            allowed: true,
+            reason: 'Authorized',
+            conditions: capability.conditions,
+            trustImpact: 1,
+        };
+    }
+    /**
+     * Grant capability to agent
+     */
+    async grantCapability(agentDID, capabilityToken) {
+        const existing = this.capabilities.get(agentDID) || [];
+        existing.push(capabilityToken);
+        this.capabilities.set(agentDID, existing);
+    }
+    /**
+     * Revoke capability from agent
+     */
+    async revokeCapability(agentDID, capabilityId) {
+        const existing = this.capabilities.get(agentDID) || [];
+        const filtered = existing.filter(cap => cap.id !== capabilityId);
+        this.capabilities.set(agentDID, filtered);
+    }
+    // ============================================================================
+    // Private Methods
+    // ============================================================================
+    /**
+     * Check if capability matches action + resource
+     */
+    matchesCapability(capability, action, resource) {
+        // Exact match
+        if (capability.action === action && capability.resource === resource) {
+            return true;
+        }
+        // Wildcard match
+        const actionMatch = this.matchesPattern(capability.action, action);
+        const resourceMatch = this.matchesPattern(capability.resource, resource);
+        return actionMatch && resourceMatch;
+    }
+    /**
+     * Pattern matching with wildcards
+     */
+    matchesPattern(pattern, value) {
+        if (pattern === '*')
+            return true;
+        if (pattern === value)
+            return true;
+        // Convert glob pattern to regex
+        const regexPattern = pattern
+            .replace(/\./g, '\\.')
+            .replace(/\*/g, '.*');
+        const regex = new RegExp(`^${regexPattern}$`);
+        return regex.test(value);
+    }
+    /**
+     * Evaluate capability conditions
+     */
+    async evaluateConditions(conditions, request) {
+        // Example condition checks
+        if (conditions.maxFileSize && request.resource.startsWith('/')) {
+            // Would check actual file size
+            return true;
+        }
+        if (conditions.rateLimit) {
+            // Would check rate limiting
+            return true;
+        }
+        if (conditions.methods && Array.isArray(conditions.methods)) {
+            // Would check HTTP method
+            return true;
+        }
+        return true;
+    }
+    /**
+     * Check policy constraints (MUST NOT do)
+     */
+    async checkPolicyConstraints(request) {
+        const violations = [];
+        // Get applicable policy bundle
+        const policyBundle = this.policyBundles.get(this.config.defaultJurisdiction);
+        if (!policyBundle) {
+            return violations;
+        }
+        // Check each constraint
+        for (const constraint of policyBundle.constraints) {
+            const violated = await this.evaluateConstraint(constraint.rule, request);
+            if (violated) {
+                violations.push(constraint.description);
+                // Apply enforcement action
+                if (constraint.enforcement === 'block') {
+                    // Already blocked by adding to violations
+                }
+                else if (constraint.enforcement === 'warn') {
+                    console.warn(`Policy warning: ${constraint.description}`);
+                }
+                else if (constraint.enforcement === 'log') {
+                    console.log(`Policy logged: ${constraint.description}`);
+                }
+            }
+        }
+        return violations;
+    }
+    /**
+     * Evaluate constraint rule (simplified)
+     */
+    async evaluateConstraint(rule, request) {
+        // Would use CEL (Common Expression Language) or JSON Logic
+        // For now, simple keyword matching
+        if (rule.includes('no_credential_access') && request.resource.includes('credential')) {
+            return true;
+        }
+        if (rule.includes('no_external_code') && request.action.includes('code.execute')) {
+            return true;
+        }
+        return false;
+    }
+    /**
+     * Load policy bundles from configuration
+     */
+    loadPolicyBundles() {
+        // Would load from files/database
+        // For now, create a default policy bundle
+        const defaultBundle = {
+            id: 'vorion-default-v1',
+            version: '1.0.0',
+            jurisdiction: 'Global',
+            constraints: [
+                {
+                    id: 'no-credential-access',
+                    description: 'Agents cannot access credential files',
+                    rule: 'no_credential_access',
+                    severity: 'critical',
+                    enforcement: 'block',
+                },
+                {
+                    id: 'no-external-code',
+                    description: 'Agents cannot execute external code',
+                    rule: 'no_external_code',
+                    severity: 'high',
+                    enforcement: 'block',
+                },
+            ],
+            obligations: [],
+            permissions: [],
+        };
+        this.policyBundles.set('Global', defaultBundle);
+    }
+}
+// ============================================================================
+// Example Usage
+// ============================================================================
+/*
+import { AuthorizationManager } from './authorization';
+
+async function example() {
+  const authManager = new AuthorizationManager({
+    policyBundlesPath: './policies',
+    defaultJurisdiction: 'Global',
+  });
+
+  // Grant capability to agent
+  await authManager.grantCapability('did:vorion:agent:123', {
+    id: 'cap_001',
+    issuer: 'did:vorion:org:agentanchor',
+    subject: 'did:vorion:agent:123',
+    capabilities: [
+      {
+        action: 'file.write',
+        resource: '/data/user_documents/*',
+        conditions: {
+          maxFileSize: 10485760,
+          allowedExtensions: ['.txt', '.md', '.json'],
+        },
+      },
+    ],
+    notBefore: new Date().toISOString(),
+    notAfter: new Date(Date.now() + 30 * 24 * 60 * 60 * 1000).toISOString(),
+    signature: '...',
+  });
+
+  // Check authorization
+  const decision = await authManager.authorize({
+    agentDID: 'did:vorion:agent:123',
+    action: 'file.write',
+    resource: '/data/user_documents/report.txt',
+    context: {
+      timestamp: Date.now(),
+    },
+  });
+
+  console.log('Authorized:', decision.allowed);
+  console.log('Reason:', decision.reason);
+}
+*/
+//# sourceMappingURL=authorization.js.map

package/dist/kya/behavior.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"behavior.d.ts","sourceRoot":"","sources":["../../src/kya/behavior.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,YAAY,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAE3E,qBAAa,eAAe;IAId,OAAO,CAAC,MAAM;IAH1B,OAAO,CAAC,QAAQ,CAA+B;IAC/C,OAAO,CAAC,WAAW,CAAsB;gBAErB,MAAM,EAAE,cAAc;IAK1C;;OAEG;IACG,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC;IA4EhE;;OAEG;IACG,kBAAkB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IA0BpE;;OAEG;IACG,4BAA4B,CAChC,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,YAAY,EAAE,GACxB,OAAO,CAAC,MAAM,CAAC;IAgClB;;OAEG;IACG,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;CAGvD"}

package/dist/kya/behavior.js

@@ -0,0 +1,142 @@
+/**
+ * KYA Behavior Monitor
+ * Real-time anomaly detection + trust scoring
+ */
+export class BehaviorMonitor {
+    config;
+    profiles;
+    trustScores;
+    constructor(config) {
+        this.config = config;
+        this.profiles = new Map();
+        this.trustScores = new Map();
+    }
+    /**
+     * Detect anomalies in agent behavior
+     */
+    async detectAnomalies(agentDID) {
+        const profile = await this.getBehaviorProfile(agentDID);
+        const alerts = [];
+        // 1. Rate spike detection
+        const zScore = (profile.recentWindow.actionsInLastHour - profile.baseline.actionsPerHour.mean) /
+            profile.baseline.actionsPerHour.stddev;
+        if (zScore > 3) {
+            alerts.push({
+                severity: 'high',
+                type: 'rate_spike',
+                description: `Action rate is ${zScore.toFixed(1)} standard deviations above baseline`,
+                evidence: {
+                    baseline: profile.baseline.actionsPerHour.mean,
+                    current: profile.recentWindow.actionsInLastHour,
+                },
+                recommendedAction: 'throttle',
+                trustImpact: -50,
+            });
+        }
+        // 2. Success rate drop
+        const successDrop = profile.baseline.successRate.mean - profile.recentWindow.successRateLastHour;
+        if (successDrop > 0.2) {
+            alerts.push({
+                severity: 'medium',
+                type: 'success_rate_drop',
+                description: `Success rate dropped ${(successDrop * 100).toFixed(1)}%`,
+                evidence: {
+                    baseline: profile.baseline.successRate.mean,
+                    current: profile.recentWindow.successRateLastHour,
+                },
+                recommendedAction: 'warn',
+                trustImpact: -20,
+            });
+        }
+        // 3. New capability usage
+        if (profile.recentWindow.newActionsInLastHour.length > 3) {
+            alerts.push({
+                severity: 'low',
+                type: 'new_capabilities',
+                description: `Agent using ${profile.recentWindow.newActionsInLastHour.length} new capabilities`,
+                evidence: {
+                    newActions: profile.recentWindow.newActionsInLastHour,
+                },
+                recommendedAction: 'log',
+                trustImpact: -5,
+            });
+        }
+        // 4. Suspicious resource access
+        const suspiciousResources = profile.recentWindow.newResourcesInLastHour.filter((r) => r.includes('.env') || r.includes('credentials') || r.includes('secret'));
+        if (suspiciousResources.length > 0) {
+            alerts.push({
+                severity: 'critical',
+                type: 'suspicious_resource_access',
+                description: 'Agent accessing sensitive resources',
+                evidence: {
+                    resources: suspiciousResources,
+                },
+                recommendedAction: 'suspend',
+                trustImpact: -150,
+            });
+        }
+        return alerts;
+    }
+    /**
+     * Get or create behavior profile for agent
+     */
+    async getBehaviorProfile(agentDID) {
+        if (this.profiles.has(agentDID)) {
+            return this.profiles.get(agentDID);
+        }
+        // Create initial profile
+        const profile = {
+            agentDID,
+            baseline: {
+                actionsPerHour: { mean: 10, stddev: 3 },
+                successRate: { mean: 0.95, stddev: 0.05 },
+                topActions: [],
+                topResources: [],
+            },
+            recentWindow: {
+                actionsInLastHour: 0,
+                successRateLastHour: 1.0,
+                newActionsInLastHour: [],
+                newResourcesInLastHour: [],
+            },
+        };
+        this.profiles.set(agentDID, profile);
+        return profile;
+    }
+    /**
+     * Update trust score from behavior
+     */
+    async updateTrustScoreFromBehavior(agentDID, anomalies) {
+        const currentScore = this.trustScores.get(agentDID) || 500; // Default: T3
+        // Apply trust impact from anomalies
+        const totalImpact = anomalies.reduce((sum, alert) => sum + alert.trustImpact, 0);
+        // Update trust score
+        const newScore = Math.max(0, Math.min(1000, currentScore + totalImpact));
+        this.trustScores.set(agentDID, newScore);
+        // Take recommended actions
+        for (const alert of anomalies) {
+            switch (alert.recommendedAction) {
+                case 'suspend':
+                    console.warn(`SUSPEND agent ${agentDID}:`, alert.description);
+                    break;
+                case 'throttle':
+                    console.warn(`THROTTLE agent ${agentDID}:`, alert.description);
+                    break;
+                case 'warn':
+                    console.warn(`WARNING for agent ${agentDID}:`, alert.description);
+                    break;
+                case 'log':
+                    console.log(`LOG for agent ${agentDID}:`, alert.description);
+                    break;
+            }
+        }
+        return newScore;
+    }
+    /**
+     * Get current trust score
+     */
+    async getTrustScore(agentDID) {
+        return this.trustScores.get(agentDID) || 500;
+    }
+}
+//# sourceMappingURL=behavior.js.map

package/dist/kya/identity.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity.d.ts","sourceRoot":"","sources":["../../src/kya/identity.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,OAAO,EACL,WAAW,EACX,iBAAiB,EACjB,aAAa,EAEd,MAAM,YAAY,CAAC;AAEpB,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,QAAQ,CAAW;IAC3B,OAAO,CAAC,KAAK,CAA2B;gBAE5B,MAAM,EAAE,iBAAiB;IAYrC;;OAEG;IACG,MAAM,CAAC,KAAK,EAAE,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC;IAmCpD;;OAEG;IACG,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAqBnD;;;OAGG;YACW,gBAAgB;IAgD9B;;OAEG;IACH,iBAAiB,IAAI,MAAM;IAM3B;;OAEG;IACG,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC;IAc/E,OAAO,CAAC,UAAU;IAQlB,OAAO,CAAC,UAAU;IAMlB,OAAO,CAAC,gBAAgB;CAQzB"}

package/dist/kya/identity.js

@@ -0,0 +1,187 @@
+/**
+ * KYA Identity Verification
+ * W3C DID resolution + Ed25519 signature verification
+ */
+import * as ed from '@noble/ed25519';
+import { Resolver } from 'did-resolver';
+export class IdentityVerifier {
+    resolver;
+    cache;
+    constructor(config) {
+        // Initialize DID resolver (would integrate with did-resolver library)
+        this.resolver = new Resolver({
+            // Custom resolver for did:vorion:
+            vorion: async (did) => {
+                return this.resolveVorionDID(did);
+            },
+        });
+        this.cache = new Map();
+    }
+    /**
+     * Verify agent identity using DID + signature
+     */
+    async verify(proof) {
+        try {
+            // 1. Resolve DID document
+            const didDoc = await this.resolveDID(proof.did);
+            // 2. Extract verification method
+            const verificationMethod = didDoc.verificationMethod?.find((vm) => vm.type === 'Ed25519VerificationKey2020');
+            if (!verificationMethod) {
+                throw new Error('No Ed25519 verification method found');
+            }
+            // 3. Verify signature
+            const message = `${proof.challenge}:${proof.timestamp}`;
+            const messageBytes = new TextEncoder().encode(message);
+            const signatureBytes = this.hexToBytes(proof.signature);
+            const publicKeyBytes = this.multibaseToBytes(verificationMethod.publicKeyMultibase);
+            const isValid = await ed.verify(signatureBytes, messageBytes, publicKeyBytes);
+            // 4. Check timestamp freshness (prevent replay attacks)
+            const age = Date.now() - proof.timestamp;
+            if (age > 60000) { // 1 minute max
+                throw new Error('Proof too old (replay attack prevention)');
+            }
+            return isValid;
+        }
+        catch (error) {
+            console.error('Identity verification failed:', error);
+            return false;
+        }
+    }
+    /**
+     * Resolve DID to DID Document
+     */
+    async resolveDID(did) {
+        // Check cache first
+        if (this.cache.has(did)) {
+            return this.cache.get(did);
+        }
+        // Resolve from network
+        const result = await this.resolver.resolve(did);
+        if (!result.didDocument) {
+            throw new Error(`Failed to resolve DID: ${did}`);
+        }
+        const didDoc = result.didDocument;
+        // Cache for future lookups
+        this.cache.set(did, didDoc);
+        return didDoc;
+    }
+    /**
+     * Custom Vorion DID resolver
+     * Format: did:vorion:<method>:<identifier>
+     */
+    async resolveVorionDID(did) {
+        // Parse DID
+        const parts = did.split(':');
+        if (parts.length < 4) {
+            throw new Error('Invalid Vorion DID format');
+        }
+        const method = parts[2]; // e.g., 'ed25519'
+        const identifier = parts[3]; // e.g., '5Z8K3q2YvU8pVzNxF9sT7bQw6JhR1XmDcL4nVk'
+        // Fetch from Vorion DID registry (would be actual API call)
+        // For now, return mock structure
+        return {
+            didDocument: {
+                '@context': [
+                    'https://www.w3.org/ns/did/v1',
+                    'https://vorion.org/ns/kya/v1',
+                ],
+                id: did,
+                controller: did,
+                verificationMethod: [
+                    {
+                        id: `${did}#keys-1`,
+                        type: 'Ed25519VerificationKey2020',
+                        controller: did,
+                        publicKeyMultibase: `z${identifier}`,
+                    },
+                ],
+                authentication: [`${did}#keys-1`],
+                assertionMethod: [`${did}#keys-1`],
+                service: [
+                    {
+                        id: `${did}#agentcard`,
+                        type: 'AgentCard',
+                        serviceEndpoint: `https://agentanchorai.com/cards/${identifier}`,
+                    },
+                ],
+                kya: {
+                    trustScore: 0,
+                    tier: 'T0',
+                    certified: false,
+                    capabilities: [],
+                    restrictions: [],
+                },
+            },
+        };
+    }
+    /**
+     * Generate challenge for identity proof
+     */
+    generateChallenge() {
+        const bytes = new Uint8Array(32);
+        crypto.getRandomValues(bytes);
+        return this.bytesToHex(bytes);
+    }
+    /**
+     * Sign challenge with private key (for agents to use)
+     */
+    async signChallenge(challenge, privateKey) {
+        const timestamp = Date.now();
+        const message = `${challenge}:${timestamp}`;
+        const messageBytes = new TextEncoder().encode(message);
+        const signature = await ed.sign(messageBytes, privateKey);
+        return this.bytesToHex(signature);
+    }
+    // ============================================================================
+    // Utility Methods
+    // ============================================================================
+    hexToBytes(hex) {
+        const bytes = new Uint8Array(hex.length / 2);
+        for (let i = 0; i < hex.length; i += 2) {
+            bytes[i / 2] = parseInt(hex.substr(i, 2), 16);
+        }
+        return bytes;
+    }
+    bytesToHex(bytes) {
+        return Array.from(bytes)
+            .map(b => b.toString(16).padStart(2, '0'))
+            .join('');
+    }
+    multibaseToBytes(multibase) {
+        // Remove 'z' prefix (base58btc encoding)
+        const base58 = multibase.substring(1);
+        // Decode base58 (simplified, would use actual base58 library)
+        // For now, assume hex encoding
+        return this.hexToBytes(base58);
+    }
+}
+// ============================================================================
+// Example Usage
+// ============================================================================
+/*
+import { IdentityVerifier } from './identity';
+
+async function example() {
+  const verifier = new IdentityVerifier({
+    networks: ['vorion', 'ethereum'],
+    cacheEnabled: true,
+  });
+
+  // Agent generates proof
+  const challenge = verifier.generateChallenge();
+  const privateKey = ed.utils.randomPrivateKey();
+  const signature = await verifier.signChallenge(challenge, privateKey);
+
+  // Verify identity
+  const isValid = await verifier.verify({
+    did: 'did:vorion:ed25519:5Z8K3q2YvU8pVzNxF9sT7bQw6JhR1XmDcL4nVk',
+    timestamp: Date.now(),
+    challenge,
+    signature,
+    publicKey: ed.utils.bytesToHex(await ed.getPublicKey(privateKey)),
+  });
+
+  console.log('Identity valid:', isValid);
+}
+*/
+//# sourceMappingURL=identity.js.map

package/dist/kya/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/kya/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,cAAc,eAAe,CAAC;AAC9B,cAAc,oBAAoB,CAAC;AACnC,cAAc,qBAAqB,CAAC;AACpC,cAAc,eAAe,CAAC;AAC9B,cAAc,YAAY,CAAC;AAE3B,OAAO,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACjD,OAAO,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAC1D,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAChD,OAAO,EAAE,SAAS,EAAgB,MAAM,YAAY,CAAC;AAErD;;GAEG;AACH,qBAAa,GAAG;IACP,QAAQ,EAAE,gBAAgB,CAAC;IAC3B,aAAa,EAAE,oBAAoB,CAAC;IACpC,cAAc,EAAE,mBAAmB,CAAC;IACpC,QAAQ,EAAE,eAAe,CAAC;gBAErB,MAAM,EAAE,SAAS;IAO7B;;;;;;OAMG;IACG,WAAW,CAAC,MAAM,EAAE;QACxB,QAAQ,EAAE,MAAM,CAAC;QACjB,MAAM,EAAE,MAAM,CAAC;QACf,QAAQ,EAAE,MAAM,CAAC;QACjB,KAAK,EAAE;YACL,SAAS,EAAE,MAAM,CAAC;YAClB,SAAS,EAAE,MAAM,CAAC;YAClB,SAAS,EAAE,MAAM,CAAC;SACnB,CAAC;KACH,GAAG,OAAO,CAAC;QACV,OAAO,EAAE,OAAO,CAAC;QACjB,MAAM,EAAE,MAAM,CAAC;QACf,UAAU,EAAE,MAAM,CAAC;QACnB,SAAS,EAAE,MAAM,EAAE,CAAC;KACrB,CAAC;IAiEF,OAAO,CAAC,UAAU;CAGnB"}

package/dist/kya/index.js

@@ -0,0 +1,99 @@
+/**
+ * KYA (Know Your Agent) Framework SDK
+ *
+ * TypeScript SDK for KYA framework integration
+ * Part of BASIS (Blockchain Agent Standard for Identity and Security)
+ */
+export * from './identity.js';
+export * from './authorization.js';
+export * from './accountability.js';
+export * from './behavior.js';
+export * from './types.js';
+import { IdentityVerifier } from './identity.js';
+import { AuthorizationManager } from './authorization.js';
+import { AccountabilityChain } from './accountability.js';
+import { BehaviorMonitor } from './behavior.js';
+/**
+ * Main KYA Framework SDK
+ */
+export class KYA {
+    identity;
+    authorization;
+    accountability;
+    behavior;
+    constructor(config) {
+        this.identity = new IdentityVerifier(config.didResolver);
+        this.authorization = new AuthorizationManager(config.policyEngine);
+        this.accountability = new AccountabilityChain(config.database);
+        this.behavior = new BehaviorMonitor(config.database);
+    }
+    /**
+     * Complete agent verification flow
+     * 1. Verify identity (DID + signature)
+     * 2. Check authorization (capabilities + policies)
+     * 3. Log to accountability chain
+     * 4. Monitor behavior for anomalies
+     */
+    async verifyAgent(params) {
+        // 1. Identity verification
+        const identityValid = await this.identity.verify({
+            did: params.agentDID,
+            challenge: params.proof.challenge,
+            signature: params.proof.signature,
+            timestamp: params.proof.timestamp,
+            publicKey: '', // Will be resolved from DID
+        });
+        if (!identityValid) {
+            return {
+                allowed: false,
+                reason: 'Identity verification failed',
+                trustScore: 0,
+                anomalies: [],
+            };
+        }
+        // 2. Authorization check
+        const authDecision = await this.authorization.authorize({
+            agentDID: params.agentDID,
+            action: params.action,
+            resource: params.resource,
+            context: {
+                timestamp: Date.now(),
+            },
+        });
+        if (!authDecision.allowed) {
+            return {
+                allowed: false,
+                reason: authDecision.reason,
+                trustScore: 0,
+                anomalies: [],
+            };
+        }
+        // 3. Behavior monitoring (detect anomalies)
+        const anomalies = await this.behavior.detectAnomalies(params.agentDID);
+        // 4. Log to accountability chain
+        await this.accountability.append({
+            id: this.generateId(),
+            timestamp: Date.now(),
+            agentDID: params.agentDID,
+            action: params.action,
+            resource: params.resource,
+            outcome: 'success',
+            evidence: {
+                intentHash: '',
+                authorizationDecision: authDecision,
+            },
+            signature: params.proof.signature,
+            chainLink: { prevHash: null },
+        });
+        return {
+            allowed: true,
+            reason: 'Verified and authorized',
+            trustScore: await this.behavior.getTrustScore(params.agentDID),
+            anomalies: anomalies.map((a) => a.type),
+        };
+    }
+    generateId() {
+        return `kya_${Date.now()}_${Math.random().toString(36).substring(2, 15)}`;
+    }
+}
+//# sourceMappingURL=index.js.map