@zauso-ai/capstan-core 0.1.2

package/dist/api.d.ts

@@ -0,0 +1,19 @@
+import type { APIDefinition } from "./types.js";
+/**
+ * Define a typed API route handler.
+ *
+ * The returned definition wraps the original handler so that:
+ *  1. Input is validated against the Zod `input` schema (if provided).
+ *  2. The handler runs with the validated input.
+ *  3. Output is validated against the Zod `output` schema (if provided).
+ *
+ * The definition object is also stored for introspection by the agent
+ * manifest system (see `getAPIRegistry()`).
+ */
+export declare function defineAPI<TInput = unknown, TOutput = unknown>(def: APIDefinition<TInput, TOutput>): APIDefinition<TInput, TOutput>;
+/**
+ * Return all API definitions registered via `defineAPI()`.
+ * Primarily consumed by `createCapstanApp` when building route metadata.
+ */
+export declare function getAPIRegistry(): ReadonlyArray<APIDefinition>;
+//# sourceMappingURL=api.d.ts.map

package/dist/api.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"api.d.ts","sourceRoot":"","sources":["../src/api.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,aAAa,EAGd,MAAM,YAAY,CAAC;AAEpB;;;;;;;;;;GAUG;AACH,wBAAgB,SAAS,CAAC,MAAM,GAAG,OAAO,EAAE,OAAO,GAAG,OAAO,EAC3D,GAAG,EAAE,aAAa,CAAC,MAAM,EAAE,OAAO,CAAC,GAClC,aAAa,CAAC,MAAM,EAAE,OAAO,CAAC,CAiChC;AAQD;;;GAGG;AACH,wBAAgB,cAAc,IAAI,aAAa,CAAC,aAAa,CAAC,CAE7D"}

package/dist/api.js

@@ -0,0 +1,49 @@
+/**
+ * Define a typed API route handler.
+ *
+ * The returned definition wraps the original handler so that:
+ *  1. Input is validated against the Zod `input` schema (if provided).
+ *  2. The handler runs with the validated input.
+ *  3. Output is validated against the Zod `output` schema (if provided).
+ *
+ * The definition object is also stored for introspection by the agent
+ * manifest system (see `getAPIRegistry()`).
+ */
+export function defineAPI(def) {
+    const wrappedHandler = async (args) => {
+        // --- validate input ---------------------------------------------------
+        let validatedInput = args.input;
+        if (def.input) {
+            validatedInput = def.input.parse(args.input);
+        }
+        // --- run handler ------------------------------------------------------
+        const result = await def.handler({
+            input: validatedInput,
+            ctx: args.ctx,
+        });
+        // --- validate output --------------------------------------------------
+        if (def.output) {
+            return def.output.parse(result);
+        }
+        return result;
+    };
+    const wrapped = {
+        ...def,
+        handler: wrappedHandler,
+    };
+    // Register for introspection.
+    apiRegistry.push(wrapped);
+    return wrapped;
+}
+// ---------------------------------------------------------------------------
+// Internal registry — used by createCapstanApp to build the agent manifest.
+// ---------------------------------------------------------------------------
+const apiRegistry = [];
+/**
+ * Return all API definitions registered via `defineAPI()`.
+ * Primarily consumed by `createCapstanApp` when building route metadata.
+ */
+export function getAPIRegistry() {
+    return apiRegistry;
+}
+//# sourceMappingURL=api.js.map

package/dist/api.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"api.js","sourceRoot":"","sources":["../src/api.ts"],"names":[],"mappings":"AAMA;;;;;;;;;;GAUG;AACH,MAAM,UAAU,SAAS,CACvB,GAAmC;IAEnC,MAAM,cAAc,GAAG,KAAK,EAC1B,IAA6B,EACX,EAAE;QACpB,yEAAyE;QACzE,IAAI,cAAc,GAAW,IAAI,CAAC,KAAK,CAAC;QACxC,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;YACd,cAAc,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAW,CAAC;QACzD,CAAC;QAED,yEAAyE;QACzE,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC;YAC/B,KAAK,EAAE,cAAc;YACrB,GAAG,EAAE,IAAI,CAAC,GAAG;SACd,CAAC,CAAC;QAEH,yEAAyE;QACzE,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;YACf,OAAO,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAY,CAAC;QAC7C,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC,CAAC;IAEF,MAAM,OAAO,GAAmC;QAC9C,GAAG,GAAG;QACN,OAAO,EAAE,cAAc;KACxB,CAAC;IAEF,8BAA8B;IAC9B,WAAW,CAAC,IAAI,CAAC,OAAwB,CAAC,CAAC;IAE3C,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,8EAA8E;AAC9E,4EAA4E;AAC5E,8EAA8E;AAE9E,MAAM,WAAW,GAAoB,EAAE,CAAC;AAExC;;;GAGG;AACH,MAAM,UAAU,cAAc;IAC5B,OAAO,WAAW,CAAC;AACrB,CAAC"}

package/dist/approval.d.ts

@@ -0,0 +1,41 @@
+export interface PendingApproval {
+    id: string;
+    method: string;
+    path: string;
+    input: unknown;
+    policy: string;
+    reason: string;
+    status: "pending" | "approved" | "denied";
+    createdAt: string;
+    resolvedAt?: string;
+    resolvedBy?: string;
+    result?: unknown;
+}
+/**
+ * Create a new pending approval and store it. Returns the created approval.
+ */
+export declare function createApproval(opts: {
+    method: string;
+    path: string;
+    input: unknown;
+    policy: string;
+    reason: string;
+}): PendingApproval;
+/**
+ * Retrieve a single approval by ID, or undefined if not found.
+ */
+export declare function getApproval(id: string): PendingApproval | undefined;
+/**
+ * List all approvals, optionally filtered by status.
+ */
+export declare function listApprovals(status?: "pending" | "approved" | "denied"): PendingApproval[];
+/**
+ * Resolve a pending approval as approved or denied.
+ * Returns the updated approval, or undefined if not found.
+ */
+export declare function resolveApproval(id: string, decision: "approved" | "denied", resolvedBy?: string): PendingApproval | undefined;
+/**
+ * Remove all approvals from the in-memory store.
+ */
+export declare function clearApprovals(): void;
+//# sourceMappingURL=approval.d.ts.map

package/dist/approval.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"approval.d.ts","sourceRoot":"","sources":["../src/approval.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,SAAS,GAAG,UAAU,GAAG,QAAQ,CAAC;IAC1C,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAKD;;GAEG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE;IACnC,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;CAChB,GAAG,eAAe,CAclB;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,EAAE,EAAE,MAAM,GAAG,eAAe,GAAG,SAAS,CAEnE;AAED;;GAEG;AACH,wBAAgB,aAAa,CAC3B,MAAM,CAAC,EAAE,SAAS,GAAG,UAAU,GAAG,QAAQ,GACzC,eAAe,EAAE,CAInB;AAED;;;GAGG;AACH,wBAAgB,eAAe,CAC7B,EAAE,EAAE,MAAM,EACV,QAAQ,EAAE,UAAU,GAAG,QAAQ,EAC/B,UAAU,CAAC,EAAE,MAAM,GAClB,eAAe,GAAG,SAAS,CAS7B;AAED;;GAEG;AACH,wBAAgB,cAAc,IAAI,IAAI,CAErC"}

package/dist/approval.js

@@ -0,0 +1,58 @@
+import { randomUUID } from "node:crypto";
+/** In-memory store for pending approvals (dev mode). */
+const approvals = new Map();
+/**
+ * Create a new pending approval and store it. Returns the created approval.
+ */
+export function createApproval(opts) {
+    const id = randomUUID();
+    const approval = {
+        id,
+        method: opts.method,
+        path: opts.path,
+        input: opts.input,
+        policy: opts.policy,
+        reason: opts.reason,
+        status: "pending",
+        createdAt: new Date().toISOString(),
+    };
+    approvals.set(id, approval);
+    return approval;
+}
+/**
+ * Retrieve a single approval by ID, or undefined if not found.
+ */
+export function getApproval(id) {
+    return approvals.get(id);
+}
+/**
+ * List all approvals, optionally filtered by status.
+ */
+export function listApprovals(status) {
+    const all = Array.from(approvals.values());
+    if (status === undefined)
+        return all;
+    return all.filter((a) => a.status === status);
+}
+/**
+ * Resolve a pending approval as approved or denied.
+ * Returns the updated approval, or undefined if not found.
+ */
+export function resolveApproval(id, decision, resolvedBy) {
+    const approval = approvals.get(id);
+    if (!approval)
+        return undefined;
+    approval.status = decision;
+    approval.resolvedAt = new Date().toISOString();
+    if (resolvedBy !== undefined) {
+        approval.resolvedBy = resolvedBy;
+    }
+    return approval;
+}
+/**
+ * Remove all approvals from the in-memory store.
+ */
+export function clearApprovals() {
+    approvals.clear();
+}
+//# sourceMappingURL=approval.js.map

package/dist/approval.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"approval.js","sourceRoot":"","sources":["../src/approval.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAgBzC,wDAAwD;AACxD,MAAM,SAAS,GAAG,IAAI,GAAG,EAA2B,CAAC;AAErD;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,IAM9B;IACC,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;IACxB,MAAM,QAAQ,GAAoB;QAChC,EAAE;QACF,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,MAAM,EAAE,SAAS;QACjB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;IACF,SAAS,CAAC,GAAG,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC;IAC5B,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,EAAU;IACpC,OAAO,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;AAC3B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAC3B,MAA0C;IAE1C,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC;IAC3C,IAAI,MAAM,KAAK,SAAS;QAAE,OAAO,GAAG,CAAC;IACrC,OAAO,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC;AAChD,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,eAAe,CAC7B,EAAU,EACV,QAA+B,EAC/B,UAAmB;IAEnB,MAAM,QAAQ,GAAG,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IACnC,IAAI,CAAC,QAAQ;QAAE,OAAO,SAAS,CAAC;IAChC,QAAQ,CAAC,MAAM,GAAG,QAAQ,CAAC;IAC3B,QAAQ,CAAC,UAAU,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC/C,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;QAC7B,QAAQ,CAAC,UAAU,GAAG,UAAU,CAAC;IACnC,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc;IAC5B,SAAS,CAAC,KAAK,EAAE,CAAC;AACpB,CAAC"}

package/dist/config.d.ts

@@ -0,0 +1,14 @@
+import type { CapstanConfig } from "./types.js";
+/**
+ * Define the app-level Capstan configuration.
+ *
+ * This is a pass-through identity function that provides type-checking and
+ * editor auto-complete for the config object. The returned value is the
+ * same object that was passed in.
+ */
+export declare function defineConfig(config: CapstanConfig): CapstanConfig;
+/**
+ * Read an environment variable, returning an empty string if it is not set.
+ */
+export declare function env(key: string): string;
+//# sourceMappingURL=config.d.ts.map

package/dist/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAEhD;;;;;;GAMG;AACH,wBAAgB,YAAY,CAAC,MAAM,EAAE,aAAa,GAAG,aAAa,CAEjE;AAED;;GAEG;AACH,wBAAgB,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAEvC"}

package/dist/config.js

@@ -0,0 +1,17 @@
+/**
+ * Define the app-level Capstan configuration.
+ *
+ * This is a pass-through identity function that provides type-checking and
+ * editor auto-complete for the config object. The returned value is the
+ * same object that was passed in.
+ */
+export function defineConfig(config) {
+    return config;
+}
+/**
+ * Read an environment variable, returning an empty string if it is not set.
+ */
+export function env(key) {
+    return process.env[key] ?? "";
+}
+//# sourceMappingURL=config.js.map

package/dist/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAEA;;;;;;GAMG;AACH,MAAM,UAAU,YAAY,CAAC,MAAqB;IAChD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,GAAG,CAAC,GAAW;IAC7B,OAAO,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;AAChC,CAAC"}

package/dist/context.d.ts

@@ -0,0 +1,10 @@
+import type { Context as HonoContext } from "hono";
+import type { CapstanContext } from "./types.js";
+/**
+ * Build a CapstanContext from the raw Hono request context.
+ *
+ * Auth defaults to anonymous. The real auth layer (@zauso-ai/capstan-auth) replaces
+ * the auth object via middleware before any handler runs.
+ */
+export declare function createContext(honoCtx: HonoContext): CapstanContext;
+//# sourceMappingURL=context.d.ts.map

package/dist/context.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"context.d.ts","sourceRoot":"","sources":["../src/context.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,MAAM,CAAC;AACnD,OAAO,KAAK,EAAsB,cAAc,EAAE,MAAM,YAAY,CAAC;AAErE;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,OAAO,EAAE,WAAW,GAAG,cAAc,CAkBlE"}

package/dist/context.js

@@ -0,0 +1,22 @@
+/**
+ * Build a CapstanContext from the raw Hono request context.
+ *
+ * Auth defaults to anonymous. The real auth layer (@zauso-ai/capstan-auth) replaces
+ * the auth object via middleware before any handler runs.
+ */
+export function createContext(honoCtx) {
+    const anonymousAuth = {
+        isAuthenticated: false,
+        type: "anonymous",
+        permissions: [],
+    };
+    // If middleware has already attached auth info, use it; otherwise anonymous.
+    const existingAuth = honoCtx.get("capstanAuth");
+    return {
+        auth: existingAuth ?? anonymousAuth,
+        request: honoCtx.req.raw,
+        env: process.env,
+        honoCtx,
+    };
+}
+//# sourceMappingURL=context.js.map

package/dist/context.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"context.js","sourceRoot":"","sources":["../src/context.ts"],"names":[],"mappings":"AAGA;;;;;GAKG;AACH,MAAM,UAAU,aAAa,CAAC,OAAoB;IAChD,MAAM,aAAa,GAAuB;QACxC,eAAe,EAAE,KAAK;QACtB,IAAI,EAAE,WAAW;QACjB,WAAW,EAAE,EAAE;KAChB,CAAC;IAEF,6EAA6E;IAC7E,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAEjC,CAAC;IAEd,OAAO;QACL,IAAI,EAAE,YAAY,IAAI,aAAa;QACnC,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,GAAG;QACxB,GAAG,EAAE,OAAO,CAAC,GAAyC;QACtD,OAAO;KACR,CAAC;AACJ,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,13 @@
+export { defineAPI, getAPIRegistry } from "./api.js";
+export { defineMiddleware } from "./middleware.js";
+export { definePolicy, enforcePolicies } from "./policy.js";
+export { defineConfig, env } from "./config.js";
+export { createCapstanApp } from "./server.js";
+export { createContext } from "./context.js";
+export { createApproval, getApproval, listApprovals, resolveApproval, clearApprovals, } from "./approval.js";
+export type { PendingApproval } from "./approval.js";
+export type { CapstanApp } from "./server.js";
+export type { APIDefinition, APIHandlerInput, CapstanAuthContext, CapstanConfig, CapstanContext, HttpMethod, MiddlewareDefinition, PolicyCheckResult, PolicyDefinition, PolicyEffect, RouteMetadata, } from "./types.js";
+export { verifyCapstanApp, renderRuntimeVerifyText } from "./verify.js";
+export type { VerifyReport, VerifyDiagnostic, VerifyStep } from "./verify.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,SAAS,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AACrD,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC5D,OAAO,EAAE,YAAY,EAAE,GAAG,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EACL,cAAc,EACd,WAAW,EACX,aAAa,EACb,eAAe,EACf,cAAc,GACf,MAAM,eAAe,CAAC;AAEvB,YAAY,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAErD,YAAY,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAE9C,YAAY,EACV,aAAa,EACb,eAAe,EACf,kBAAkB,EAClB,aAAa,EACb,cAAc,EACd,UAAU,EACV,oBAAoB,EACpB,iBAAiB,EACjB,gBAAgB,EAChB,YAAY,EACZ,aAAa,GACd,MAAM,YAAY,CAAC;AAEpB,OAAO,EAAE,gBAAgB,EAAE,uBAAuB,EAAE,MAAM,aAAa,CAAC;AACxE,YAAY,EAAE,YAAY,EAAE,gBAAgB,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC"}

package/dist/index.js

@@ -0,0 +1,10 @@
+// Public API ----------------------------------------------------------------
+export { defineAPI, getAPIRegistry } from "./api.js";
+export { defineMiddleware } from "./middleware.js";
+export { definePolicy, enforcePolicies } from "./policy.js";
+export { defineConfig, env } from "./config.js";
+export { createCapstanApp } from "./server.js";
+export { createContext } from "./context.js";
+export { createApproval, getApproval, listApprovals, resolveApproval, clearApprovals, } from "./approval.js";
+export { verifyCapstanApp, renderRuntimeVerifyText } from "./verify.js";
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,8EAA8E;AAE9E,OAAO,EAAE,SAAS,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AACrD,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC5D,OAAO,EAAE,YAAY,EAAE,GAAG,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EACL,cAAc,EACd,WAAW,EACX,aAAa,EACb,eAAe,EACf,cAAc,GACf,MAAM,eAAe,CAAC;AAoBvB,OAAO,EAAE,gBAAgB,EAAE,uBAAuB,EAAE,MAAM,aAAa,CAAC"}

package/dist/middleware.d.ts

@@ -0,0 +1,25 @@
+import type { MiddlewareDefinition } from "./types.js";
+/**
+ * Define a Capstan middleware.
+ *
+ * Accepts either a full `MiddlewareDefinition` object (with optional `name`)
+ * or a bare handler function, which is wrapped into a definition with no name.
+ *
+ * ```ts
+ * const logging = defineMiddleware({
+ *   name: "logging",
+ *   handler: async ({ request, ctx, next }) => {
+ *     console.log(request.method, request.url);
+ *     return next();
+ *   },
+ * });
+ *
+ * // shorthand
+ * const logging2 = defineMiddleware(async ({ request, ctx, next }) => {
+ *   console.log(request.method, request.url);
+ *   return next();
+ * });
+ * ```
+ */
+export declare function defineMiddleware(def: MiddlewareDefinition | MiddlewareDefinition["handler"]): MiddlewareDefinition;
+//# sourceMappingURL=middleware.d.ts.map

package/dist/middleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../src/middleware.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAEvD;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAgB,gBAAgB,CAC9B,GAAG,EAAE,oBAAoB,GAAG,oBAAoB,CAAC,SAAS,CAAC,GAC1D,oBAAoB,CAKtB"}

package/dist/middleware.js

@@ -0,0 +1,29 @@
+/**
+ * Define a Capstan middleware.
+ *
+ * Accepts either a full `MiddlewareDefinition` object (with optional `name`)
+ * or a bare handler function, which is wrapped into a definition with no name.
+ *
+ * ```ts
+ * const logging = defineMiddleware({
+ *   name: "logging",
+ *   handler: async ({ request, ctx, next }) => {
+ *     console.log(request.method, request.url);
+ *     return next();
+ *   },
+ * });
+ *
+ * // shorthand
+ * const logging2 = defineMiddleware(async ({ request, ctx, next }) => {
+ *   console.log(request.method, request.url);
+ *   return next();
+ * });
+ * ```
+ */
+export function defineMiddleware(def) {
+    if (typeof def === "function") {
+        return { handler: def };
+    }
+    return def;
+}
+//# sourceMappingURL=middleware.js.map

package/dist/middleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../src/middleware.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAM,UAAU,gBAAgB,CAC9B,GAA2D;IAE3D,IAAI,OAAO,GAAG,KAAK,UAAU,EAAE,CAAC;QAC9B,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC;IAC1B,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/policy.d.ts

@@ -0,0 +1,22 @@
+import type { CapstanContext, PolicyCheckResult, PolicyDefinition } from "./types.js";
+/**
+ * Define a named permission policy.
+ *
+ * Policies are evaluated at request time by `enforcePolicies()`. Each policy
+ * returns an effect (`allow`, `deny`, `approve`, `redact`) and an optional
+ * human-readable reason.
+ */
+export declare function definePolicy(def: PolicyDefinition): PolicyDefinition;
+/**
+ * Run all provided policies and return the single most-restrictive result.
+ *
+ * If no policies are provided the default result is `{ effect: "allow" }`.
+ *
+ * Evaluation order:
+ *  1. Every policy in the array is executed (none are short-circuited so that
+ *     callers can collect all reasons if desired).
+ *  2. The result with the highest severity wins.
+ *  3. Ties are broken by array order (later policy wins).
+ */
+export declare function enforcePolicies(policies: PolicyDefinition[], ctx: CapstanContext, input?: unknown): Promise<PolicyCheckResult>;
+//# sourceMappingURL=policy.d.ts.map

package/dist/policy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy.d.ts","sourceRoot":"","sources":["../src/policy.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,cAAc,EACd,iBAAiB,EACjB,gBAAgB,EAEjB,MAAM,YAAY,CAAC;AAEpB;;;;;;GAMG;AACH,wBAAgB,YAAY,CAAC,GAAG,EAAE,gBAAgB,GAAG,gBAAgB,CAEpE;AAYD;;;;;;;;;;GAUG;AACH,wBAAsB,eAAe,CACnC,QAAQ,EAAE,gBAAgB,EAAE,EAC5B,GAAG,EAAE,cAAc,EACnB,KAAK,CAAC,EAAE,OAAO,GACd,OAAO,CAAC,iBAAiB,CAAC,CAqB5B"}

package/dist/policy.js

@@ -0,0 +1,45 @@
+/**
+ * Define a named permission policy.
+ *
+ * Policies are evaluated at request time by `enforcePolicies()`. Each policy
+ * returns an effect (`allow`, `deny`, `approve`, `redact`) and an optional
+ * human-readable reason.
+ */
+export function definePolicy(def) {
+    return def;
+}
+/**
+ * Severity order for policy effects — higher index is more restrictive.
+ */
+const EFFECT_SEVERITY = {
+    allow: 0,
+    redact: 1,
+    approve: 2,
+    deny: 3,
+};
+/**
+ * Run all provided policies and return the single most-restrictive result.
+ *
+ * If no policies are provided the default result is `{ effect: "allow" }`.
+ *
+ * Evaluation order:
+ *  1. Every policy in the array is executed (none are short-circuited so that
+ *     callers can collect all reasons if desired).
+ *  2. The result with the highest severity wins.
+ *  3. Ties are broken by array order (later policy wins).
+ */
+export async function enforcePolicies(policies, ctx, input) {
+    if (policies.length === 0) {
+        return { effect: "allow" };
+    }
+    const results = await Promise.all(policies.map((p) => p.check({ ctx, input })));
+    let mostRestrictive = { effect: "allow" };
+    for (const result of results) {
+        if (EFFECT_SEVERITY[result.effect] >=
+            EFFECT_SEVERITY[mostRestrictive.effect]) {
+            mostRestrictive = result;
+        }
+    }
+    return mostRestrictive;
+}
+//# sourceMappingURL=policy.js.map

package/dist/policy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy.js","sourceRoot":"","sources":["../src/policy.ts"],"names":[],"mappings":"AAOA;;;;;;GAMG;AACH,MAAM,UAAU,YAAY,CAAC,GAAqB;IAChD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;GAEG;AACH,MAAM,eAAe,GAAiC;IACpD,KAAK,EAAE,CAAC;IACR,MAAM,EAAE,CAAC;IACT,OAAO,EAAE,CAAC;IACV,IAAI,EAAE,CAAC;CACR,CAAC;AAEF;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,QAA4B,EAC5B,GAAmB,EACnB,KAAe;IAEf,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;IAC7B,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAC/B,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC,CAC7C,CAAC;IAEF,IAAI,eAAe,GAAsB,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;IAE7D,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,IACE,eAAe,CAAC,MAAM,CAAC,MAAM,CAAC;YAC9B,eAAe,CAAC,eAAe,CAAC,MAAM,CAAC,EACvC,CAAC;YACD,eAAe,GAAG,MAAM,CAAC;QAC3B,CAAC;IACH,CAAC;IAED,OAAO,eAAe,CAAC;AACzB,CAAC"}

package/dist/server.d.ts

@@ -0,0 +1,32 @@
+import { Hono } from "hono";
+import type { APIDefinition, CapstanConfig, CapstanContext, HttpMethod, PolicyDefinition, RouteMetadata } from "./types.js";
+/** Hono env binding that carries the CapstanContext through middleware. */
+interface CapstanEnv {
+    Variables: {
+        capstanCtx: CapstanContext;
+    };
+}
+export interface CapstanApp {
+    /** The underlying Hono application instance. */
+    app: Hono<CapstanEnv>;
+    /** All registered route metadata — used by the agent manifest endpoint. */
+    routeRegistry: RouteMetadata[];
+    /**
+     * Register an API definition on the Hono app at the given method + path.
+     *
+     * This both mounts the HTTP handler and records metadata in `routeRegistry`
+     * so the `/.well-known/capstan.json` manifest stays in sync.
+     */
+    registerAPI: (method: HttpMethod, path: string, apiDef: APIDefinition, policies?: PolicyDefinition[]) => void;
+}
+/**
+ * Create a fully-wired Capstan application backed by a Hono server.
+ *
+ * The returned object contains:
+ * - `app`           -- Hono instance ready to handle requests
+ * - `routeRegistry` -- array of route metadata for the agent manifest
+ * - `registerAPI()` -- helper to register an API definition as an HTTP route
+ */
+export declare function createCapstanApp(config: CapstanConfig): CapstanApp;
+export {};
+//# sourceMappingURL=server.d.ts.map

package/dist/server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAY5B,OAAO,KAAK,EACV,aAAa,EACb,aAAa,EACb,cAAc,EACd,UAAU,EACV,gBAAgB,EAChB,aAAa,EACd,MAAM,YAAY,CAAC;AAEpB,2EAA2E;AAC3E,UAAU,UAAU;IAClB,SAAS,EAAE;QACT,UAAU,EAAE,cAAc,CAAC;KAC5B,CAAC;CACH;AAED,MAAM,WAAW,UAAU;IACzB,gDAAgD;IAChD,GAAG,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;IACtB,2EAA2E;IAC3E,aAAa,EAAE,aAAa,EAAE,CAAC;IAC/B;;;;;OAKG;IACH,WAAW,EAAE,CACX,MAAM,EAAE,UAAU,EAClB,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,aAAa,EACrB,QAAQ,CAAC,EAAE,gBAAgB,EAAE,KAC1B,IAAI,CAAC;CACX;AAuBD;;;;;;;GAOG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,aAAa,GAAG,UAAU,CAmTlE"}