@vorionsys/cognigate 1.0.0

package/dist/index.cjs

@@ -0,0 +1,515 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  AgentSchema: () => AgentSchema,
+  Cognigate: () => Cognigate,
+  CognigateError: () => CognigateError,
+  GovernanceResultSchema: () => GovernanceResultSchema,
+  ProofRecordSchema: () => ProofRecordSchema,
+  TIER_THRESHOLDS: () => TIER_THRESHOLDS,
+  TrustStatusSchema: () => TrustStatusSchema,
+  TrustTier: () => TrustTier,
+  WebhookRouter: () => WebhookRouter,
+  parseWebhookPayload: () => parseWebhookPayload,
+  verifyWebhookSignature: () => verifyWebhookSignature,
+  z: () => import_zod2.z
+});
+module.exports = __toCommonJS(index_exports);
+
+// src/types.ts
+var import_zod = require("zod");
+var TrustTier = /* @__PURE__ */ ((TrustTier2) => {
+  TrustTier2[TrustTier2["T0_SANDBOX"] = 0] = "T0_SANDBOX";
+  TrustTier2[TrustTier2["T1_OBSERVED"] = 1] = "T1_OBSERVED";
+  TrustTier2[TrustTier2["T2_PROVISIONAL"] = 2] = "T2_PROVISIONAL";
+  TrustTier2[TrustTier2["T3_VERIFIED"] = 3] = "T3_VERIFIED";
+  TrustTier2[TrustTier2["T4_OPERATIONAL"] = 4] = "T4_OPERATIONAL";
+  TrustTier2[TrustTier2["T5_TRUSTED"] = 5] = "T5_TRUSTED";
+  TrustTier2[TrustTier2["T6_CERTIFIED"] = 6] = "T6_CERTIFIED";
+  TrustTier2[TrustTier2["T7_AUTONOMOUS"] = 7] = "T7_AUTONOMOUS";
+  return TrustTier2;
+})(TrustTier || {});
+var TIER_THRESHOLDS = {
+  [0 /* T0_SANDBOX */]: { min: 0, max: 199, name: "Sandbox" },
+  [1 /* T1_OBSERVED */]: { min: 200, max: 349, name: "Observed" },
+  [2 /* T2_PROVISIONAL */]: { min: 350, max: 499, name: "Provisional" },
+  [3 /* T3_VERIFIED */]: { min: 500, max: 649, name: "Verified" },
+  [4 /* T4_OPERATIONAL */]: { min: 650, max: 799, name: "Operational" },
+  [5 /* T5_TRUSTED */]: { min: 800, max: 875, name: "Trusted" },
+  [6 /* T6_CERTIFIED */]: { min: 876, max: 949, name: "Certified" },
+  [7 /* T7_AUTONOMOUS */]: { min: 950, max: 1e3, name: "Autonomous" }
+};
+var TrustStatusSchema = import_zod.z.object({
+  entityId: import_zod.z.string(),
+  trustScore: import_zod.z.number().min(0).max(1e3),
+  trustTier: import_zod.z.nativeEnum(TrustTier),
+  tierName: import_zod.z.string(),
+  capabilities: import_zod.z.array(import_zod.z.string()),
+  factorScores: import_zod.z.record(import_zod.z.string(), import_zod.z.number()),
+  lastEvaluated: import_zod.z.coerce.date(),
+  compliant: import_zod.z.boolean(),
+  warnings: import_zod.z.array(import_zod.z.string())
+});
+var GovernanceResultSchema = import_zod.z.object({
+  decision: import_zod.z.enum(["ALLOW", "DENY", "ESCALATE", "DEGRADE"]),
+  trustScore: import_zod.z.number(),
+  trustTier: import_zod.z.nativeEnum(TrustTier),
+  grantedCapabilities: import_zod.z.array(import_zod.z.string()),
+  deniedCapabilities: import_zod.z.array(import_zod.z.string()),
+  reasoning: import_zod.z.string(),
+  constraints: import_zod.z.record(import_zod.z.string(), import_zod.z.unknown()).optional(),
+  proofId: import_zod.z.string().optional(),
+  timestamp: import_zod.z.coerce.date()
+});
+var ProofRecordSchema = import_zod.z.object({
+  id: import_zod.z.string(),
+  entityId: import_zod.z.string(),
+  intentId: import_zod.z.string(),
+  decision: import_zod.z.enum(["ALLOW", "DENY", "ESCALATE", "DEGRADE"]),
+  action: import_zod.z.string(),
+  outcome: import_zod.z.enum(["SUCCESS", "FAILURE", "PARTIAL", "PENDING"]),
+  trustScoreBefore: import_zod.z.number(),
+  trustScoreAfter: import_zod.z.number(),
+  timestamp: import_zod.z.coerce.date(),
+  hash: import_zod.z.string(),
+  previousHash: import_zod.z.string(),
+  metadata: import_zod.z.record(import_zod.z.string(), import_zod.z.unknown()).optional()
+});
+var AgentSchema = import_zod.z.object({
+  id: import_zod.z.string(),
+  name: import_zod.z.string(),
+  description: import_zod.z.string(),
+  ownerId: import_zod.z.string(),
+  trustScore: import_zod.z.number(),
+  trustTier: import_zod.z.nativeEnum(TrustTier),
+  status: import_zod.z.enum(["ACTIVE", "PAUSED", "SUSPENDED", "TERMINATED"]),
+  capabilities: import_zod.z.array(import_zod.z.string()),
+  executions: import_zod.z.number(),
+  successRate: import_zod.z.number(),
+  createdAt: import_zod.z.coerce.date(),
+  updatedAt: import_zod.z.coerce.date(),
+  metadata: import_zod.z.record(import_zod.z.string(), import_zod.z.unknown()).optional()
+});
+
+// src/client.ts
+var DEFAULT_BASE_URL = "https://cognigate.dev/v1";
+var DEFAULT_TIMEOUT = 3e4;
+var DEFAULT_RETRIES = 3;
+var CognigateError = class extends Error {
+  constructor(message, code, status, details) {
+    super(message);
+    this.code = code;
+    this.status = status;
+    this.details = details;
+    this.name = "CognigateError";
+  }
+};
+var Cognigate = class {
+  config;
+  agents;
+  trust;
+  governance;
+  proofs;
+  constructor(config) {
+    if (!config.apiKey) {
+      throw new CognigateError("API key is required", "MISSING_API_KEY");
+    }
+    this.config = {
+      apiKey: config.apiKey,
+      baseUrl: config.baseUrl || DEFAULT_BASE_URL,
+      timeout: config.timeout || DEFAULT_TIMEOUT,
+      retries: config.retries || DEFAULT_RETRIES,
+      debug: config.debug || false,
+      webhookSecret: config.webhookSecret
+    };
+    this.agents = new AgentsClient(this);
+    this.trust = new TrustClient(this);
+    this.governance = new GovernanceClient(this);
+    this.proofs = new ProofsClient(this);
+  }
+  /**
+   * Make an authenticated request to the Cognigate API
+   */
+  async request(method, path, body) {
+    const url = `${this.config.baseUrl}${path}`;
+    const headers = {
+      "Authorization": `Bearer ${this.config.apiKey}`,
+      "Content-Type": "application/json",
+      "X-SDK-Version": "1.0.0",
+      "X-SDK-Language": "typescript"
+    };
+    let lastError = null;
+    for (let attempt = 0; attempt < this.config.retries; attempt++) {
+      try {
+        const controller = new AbortController();
+        const timeoutId = setTimeout(() => controller.abort(), this.config.timeout);
+        const response = await fetch(url, {
+          method,
+          headers,
+          body: body ? JSON.stringify(body) : void 0,
+          signal: controller.signal
+        });
+        clearTimeout(timeoutId);
+        if (this.config.debug) {
+          console.log(`[Cognigate] ${method} ${path} -> ${response.status}`);
+        }
+        if (!response.ok) {
+          const errorData = await response.json().catch(() => ({}));
+          throw new CognigateError(
+            errorData.message || `Request failed with status ${response.status}`,
+            errorData.code || "REQUEST_FAILED",
+            response.status,
+            errorData.details
+          );
+        }
+        const data = await response.json();
+        return data;
+      } catch (error) {
+        lastError = error;
+        if (error instanceof CognigateError && error.status && error.status < 500) {
+          throw error;
+        }
+        if (attempt < this.config.retries - 1) {
+          const delay = Math.pow(2, attempt) * 1e3;
+          await new Promise((resolve) => setTimeout(resolve, delay));
+        }
+      }
+    }
+    throw lastError || new CognigateError("Request failed", "UNKNOWN_ERROR");
+  }
+  /**
+   * Check API health
+   */
+  async health() {
+    return this.request("GET", "/health");
+  }
+  /**
+   * Get tier from trust score
+   */
+  static getTierFromScore(score) {
+    if (score >= 950) return 7 /* T7_AUTONOMOUS */;
+    if (score >= 876) return 6 /* T6_CERTIFIED */;
+    if (score >= 800) return 5 /* T5_TRUSTED */;
+    if (score >= 650) return 4 /* T4_OPERATIONAL */;
+    if (score >= 500) return 3 /* T3_VERIFIED */;
+    if (score >= 350) return 2 /* T2_PROVISIONAL */;
+    if (score >= 200) return 1 /* T1_OBSERVED */;
+    return 0 /* T0_SANDBOX */;
+  }
+  /**
+   * Get tier name
+   */
+  static getTierName(tier) {
+    return TIER_THRESHOLDS[tier].name;
+  }
+  /**
+   * Get tier thresholds
+   */
+  static getTierThresholds(tier) {
+    return TIER_THRESHOLDS[tier];
+  }
+};
+var AgentsClient = class {
+  constructor(client) {
+    this.client = client;
+  }
+  /**
+   * List all agents
+   */
+  async list(params) {
+    const query = new URLSearchParams();
+    if (params?.page) query.set("page", params.page.toString());
+    if (params?.pageSize) query.set("pageSize", params.pageSize.toString());
+    if (params?.status) query.set("status", params.status);
+    const queryString = query.toString();
+    const path = `/agents${queryString ? `?${queryString}` : ""}`;
+    return this.client.request("GET", path);
+  }
+  /**
+   * Get a specific agent
+   */
+  async get(agentId) {
+    const response = await this.client.request("GET", `/agents/${agentId}`);
+    return AgentSchema.parse(response);
+  }
+  /**
+   * Create a new agent
+   */
+  async create(data) {
+    const response = await this.client.request("POST", "/agents", data);
+    return AgentSchema.parse(response);
+  }
+  /**
+   * Update an agent
+   */
+  async update(agentId, data) {
+    const response = await this.client.request("PATCH", `/agents/${agentId}`, data);
+    return AgentSchema.parse(response);
+  }
+  /**
+   * Delete an agent
+   */
+  async delete(agentId) {
+    await this.client.request("DELETE", `/agents/${agentId}`);
+  }
+  /**
+   * Pause an agent
+   */
+  async pause(agentId) {
+    return this.update(agentId, { status: "PAUSED" });
+  }
+  /**
+   * Resume an agent
+   */
+  async resume(agentId) {
+    return this.update(agentId, { status: "ACTIVE" });
+  }
+};
+var TrustClient = class {
+  constructor(client) {
+    this.client = client;
+  }
+  /**
+   * Get trust status for an entity
+   */
+  async getStatus(entityId) {
+    const response = await this.client.request("GET", `/trust/${entityId}`);
+    return TrustStatusSchema.parse(response);
+  }
+  /**
+   * Get trust history
+   */
+  async getHistory(entityId, params) {
+    const query = new URLSearchParams();
+    if (params?.from) query.set("from", params.from.toISOString());
+    if (params?.to) query.set("to", params.to.toISOString());
+    if (params?.limit) query.set("limit", params.limit.toString());
+    const queryString = query.toString();
+    const path = `/trust/${entityId}/history${queryString ? `?${queryString}` : ""}`;
+    return this.client.request("GET", path);
+  }
+  /**
+   * Submit an outcome to update trust score
+   */
+  async submitOutcome(entityId, proofId, outcome) {
+    const response = await this.client.request(
+      "POST",
+      `/trust/${entityId}/outcome`,
+      { proofId, ...outcome }
+    );
+    return TrustStatusSchema.parse(response);
+  }
+};
+var GovernanceClient = class {
+  constructor(client) {
+    this.client = client;
+  }
+  /**
+   * Parse user intent into structured format
+   */
+  async parseIntent(entityId, rawInput) {
+    return this.client.request("POST", "/governance/parse", {
+      entityId,
+      rawInput
+    });
+  }
+  /**
+   * Enforce governance rules on an intent
+   */
+  async enforce(intent) {
+    const response = await this.client.request(
+      "POST",
+      "/governance/enforce",
+      intent
+    );
+    return GovernanceResultSchema.parse(response);
+  }
+  /**
+   * Convenience method: parse and enforce in one call
+   */
+  async evaluate(entityId, rawInput) {
+    const parseResult = await this.parseIntent(entityId, rawInput);
+    const result = await this.enforce(parseResult.intent);
+    return {
+      intent: parseResult.intent,
+      result
+    };
+  }
+  /**
+   * Check if an action is allowed without creating a proof record
+   */
+  async canPerform(entityId, action, capabilities) {
+    return this.client.request("POST", "/governance/check", {
+      entityId,
+      action,
+      capabilities
+    });
+  }
+};
+var ProofsClient = class {
+  constructor(client) {
+    this.client = client;
+  }
+  /**
+   * Get a specific proof record
+   */
+  async get(proofId) {
+    const response = await this.client.request("GET", `/proofs/${proofId}`);
+    return ProofRecordSchema.parse(response);
+  }
+  /**
+   * List proof records for an entity
+   */
+  async list(entityId, params) {
+    const query = new URLSearchParams();
+    query.set("entityId", entityId);
+    if (params?.page) query.set("page", params.page.toString());
+    if (params?.pageSize) query.set("pageSize", params.pageSize.toString());
+    if (params?.from) query.set("from", params.from.toISOString());
+    if (params?.to) query.set("to", params.to.toISOString());
+    if (params?.outcome) query.set("outcome", params.outcome);
+    return this.client.request("GET", `/proofs?${query.toString()}`);
+  }
+  /**
+   * Get proof chain statistics
+   */
+  async getStats(entityId) {
+    return this.client.request("GET", `/proofs/stats/${entityId}`);
+  }
+  /**
+   * Verify proof chain integrity
+   */
+  async verify(entityId) {
+    return this.client.request("POST", `/proofs/verify/${entityId}`);
+  }
+};
+
+// src/webhooks.ts
+async function verifyWebhookSignature(payload, signature, secret) {
+  const encoder = new TextEncoder();
+  const data = encoder.encode(payload);
+  const key = await crypto.subtle.importKey(
+    "raw",
+    encoder.encode(secret),
+    { name: "HMAC", hash: "SHA-256" },
+    false,
+    ["sign"]
+  );
+  const signatureBuffer = await crypto.subtle.sign("HMAC", key, data);
+  const expectedSignature = bufferToHex(signatureBuffer);
+  return timingSafeEqual(signature, expectedSignature);
+}
+function parseWebhookPayload(body, signature, secret) {
+  return new Promise(async (resolve, reject) => {
+    const isValid = await verifyWebhookSignature(body, signature, secret);
+    if (!isValid) {
+      reject(new Error("Invalid webhook signature"));
+      return;
+    }
+    try {
+      const event = JSON.parse(body);
+      event.timestamp = new Date(event.timestamp);
+      resolve(event);
+    } catch (error) {
+      reject(new Error("Invalid webhook payload"));
+    }
+  });
+}
+var WebhookRouter = class {
+  handlers = /* @__PURE__ */ new Map();
+  /**
+   * Register a handler for a specific event type
+   */
+  on(type, handler) {
+    const existing = this.handlers.get(type) || [];
+    existing.push(handler);
+    this.handlers.set(type, existing);
+    return this;
+  }
+  /**
+   * Register a handler for all events
+   */
+  onAll(handler) {
+    const existing = this.handlers.get("*") || [];
+    existing.push(handler);
+    this.handlers.set("*", existing);
+    return this;
+  }
+  /**
+   * Handle a webhook event
+   */
+  async handle(event) {
+    const typeHandlers = this.handlers.get(event.type) || [];
+    const allHandlers = this.handlers.get("*") || [];
+    const handlers = [...typeHandlers, ...allHandlers];
+    for (const handler of handlers) {
+      await handler(event);
+    }
+  }
+  /**
+   * Create an Express/Connect compatible middleware
+   */
+  middleware(secret) {
+    return async (req, res, _next) => {
+      try {
+        const signature = req.headers["x-cognigate-signature"];
+        const body = typeof req.body === "string" ? req.body : JSON.stringify(req.body);
+        const event = await parseWebhookPayload(body, signature, secret);
+        await this.handle(event);
+        res.status(200).json({ received: true });
+      } catch (error) {
+        res.status(400).json({ error: error.message });
+      }
+    };
+  }
+};
+function bufferToHex(buffer) {
+  return Array.from(new Uint8Array(buffer)).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+function timingSafeEqual(a, b) {
+  if (a.length !== b.length) {
+    return false;
+  }
+  let result = 0;
+  for (let i = 0; i < a.length; i++) {
+    result |= a.charCodeAt(i) ^ b.charCodeAt(i);
+  }
+  return result === 0;
+}
+
+// src/index.ts
+var import_zod2 = require("zod");
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  AgentSchema,
+  Cognigate,
+  CognigateError,
+  GovernanceResultSchema,
+  ProofRecordSchema,
+  TIER_THRESHOLDS,
+  TrustStatusSchema,
+  TrustTier,
+  WebhookRouter,
+  parseWebhookPayload,
+  verifyWebhookSignature,
+  z
+});