agent-authority 0.1.0

package/dist/index.d.ts

@@ -0,0 +1,35 @@
+/**
+ * Behalf — the reference implementation of agent authority.
+ *
+ * Five verbs, one primitive (the Mandate):
+ *
+ *   import { Behalf } from "agent-authority";
+ *
+ *   const mandate = await Behalf.grant({               // 1. GRANT
+ *     principal: user.id,
+ *     agent: "research-agent",
+ *     can: ["read:calendar", "spend:usd<=50"],
+ *     expiresIn: "1h",
+ *   });
+ *
+ *   await mandate.authorize("spend:usd=20");           // 2. AUTHORIZE
+ *   const child = mandate.attenuate({ can: ["read:calendar"], expiresIn: "10m" }); // 3. DELEGATE
+ *   await Behalf.revoke(mandate.id);                   // 4. REVOKE
+ *   const trail = await Behalf.audit(mandate.id);      // 5. AUDIT
+ */
+export { Behalf, createBehalf, BehalfDelegationError, type BehalfConfig, } from "./behalf.js";
+export { Mandate } from "./mandate.js";
+export { newKeyPair, exportPublicKey, importPublicKey, exportPrivateKey, importPrivateKey, type KeyPair, } from "./crypto.js";
+export { parse as parseCapability, permits, isNarrowing, type Capability, } from "./capability.js";
+export { MemoryRevocationStore, MemoryAuditStore, MemoryRateStore, TokenBucketRateStore, MemoryConsentStore, MemoryPolicyStore, CachingRevocationStore, type RevocationStore, type AuditStore, type RateStore, type ConsentStore, type PolicyStore, type CacheOptions, } from "./store.js";
+export { FileRevocationStore, FileAuditStore, FileConsentStore, FilePolicyStore, FileRateStore, } from "./persist.js";
+export { createControlPlane, type ControlPlane, type ControlPlaneOptions, type ConsentRecord, } from "./control-plane.js";
+export { HttpRevocationStore, HttpAuditStore, HttpRateStore, ControlPlaneClient, controlPlaneConsent, type RemoteOptions, type ConsentProviderOptions, type ConsentRequest, } from "./remote.js";
+export { newSealKeyPair, seal, unseal, type SealKeyPair } from "./seal.js";
+export { verify as verifyAuditLog } from "./audit.js";
+export { lint, isClean, type LintFinding, type LintLevel } from "./lint.js";
+export { generateQuickstart, findSurface, listSurfaces, DEFAULT_SURFACES, type Surface, type QuickstartOptions, type Quickstart, } from "./quickstart.js";
+export { present, behalfFetch, authorizeIncoming, guard, MANDATE_HEADER, type PresentOptions, type GuardOptions, type GuardedRequest, } from "./a2a.js";
+export { BehalfError, AuthorizationError, WideningError, IntegrityError, CapabilityParseError, } from "./errors.js";
+export type { Caveat, Block, Proof, MandateToken, GrantOptions, AttenuateOptions, AuditEntry, AuditIntegrity, } from "./types.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,EACL,MAAM,EACN,YAAY,EACZ,qBAAqB,EACrB,KAAK,YAAY,GAClB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AACvC,OAAO,EACL,UAAU,EACV,eAAe,EACf,eAAe,EACf,gBAAgB,EAChB,gBAAgB,EAChB,KAAK,OAAO,GACb,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,KAAK,IAAI,eAAe,EACxB,OAAO,EACP,WAAW,EACX,KAAK,UAAU,GAChB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EACL,qBAAqB,EACrB,gBAAgB,EAChB,eAAe,EACf,oBAAoB,EACpB,kBAAkB,EAClB,iBAAiB,EACjB,sBAAsB,EACtB,KAAK,eAAe,EACpB,KAAK,UAAU,EACf,KAAK,SAAS,EACd,KAAK,YAAY,EACjB,KAAK,WAAW,EAChB,KAAK,YAAY,GAClB,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,mBAAmB,EACnB,cAAc,EACd,gBAAgB,EAChB,eAAe,EACf,aAAa,GACd,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,kBAAkB,EAClB,KAAK,YAAY,EACjB,KAAK,mBAAmB,EACxB,KAAK,aAAa,GACnB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,mBAAmB,EACnB,cAAc,EACd,aAAa,EACb,kBAAkB,EAClB,mBAAmB,EACnB,KAAK,aAAa,EAClB,KAAK,sBAAsB,EAC3B,KAAK,cAAc,GACpB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,WAAW,EAAE,MAAM,WAAW,CAAC;AAC3E,OAAO,EAAE,MAAM,IAAI,cAAc,EAAE,MAAM,YAAY,CAAC;AACtD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,WAAW,EAAE,KAAK,SAAS,EAAE,MAAM,WAAW,CAAC;AAC5E,OAAO,EACL,kBAAkB,EAClB,WAAW,EACX,YAAY,EACZ,gBAAgB,EAChB,KAAK,OAAO,EACZ,KAAK,iBAAiB,EACtB,KAAK,UAAU,GAChB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EACL,OAAO,EACP,WAAW,EACX,iBAAiB,EACjB,KAAK,EACL,cAAc,EACd,KAAK,cAAc,EACnB,KAAK,YAAY,EACjB,KAAK,cAAc,GACpB,MAAM,UAAU,CAAC;AAClB,OAAO,EACL,WAAW,EACX,kBAAkB,EAClB,aAAa,EACb,cAAc,EACd,oBAAoB,GACrB,MAAM,aAAa,CAAC;AACrB,YAAY,EACV,MAAM,EACN,KAAK,EACL,KAAK,EACL,YAAY,EACZ,YAAY,EACZ,gBAAgB,EAChB,UAAU,EACV,cAAc,GACf,MAAM,YAAY,CAAC"}

package/dist/index.js

@@ -0,0 +1,34 @@
+/**
+ * Behalf — the reference implementation of agent authority.
+ *
+ * Five verbs, one primitive (the Mandate):
+ *
+ *   import { Behalf } from "agent-authority";
+ *
+ *   const mandate = await Behalf.grant({               // 1. GRANT
+ *     principal: user.id,
+ *     agent: "research-agent",
+ *     can: ["read:calendar", "spend:usd<=50"],
+ *     expiresIn: "1h",
+ *   });
+ *
+ *   await mandate.authorize("spend:usd=20");           // 2. AUTHORIZE
+ *   const child = mandate.attenuate({ can: ["read:calendar"], expiresIn: "10m" }); // 3. DELEGATE
+ *   await Behalf.revoke(mandate.id);                   // 4. REVOKE
+ *   const trail = await Behalf.audit(mandate.id);      // 5. AUDIT
+ */
+export { Behalf, createBehalf, BehalfDelegationError, } from "./behalf.js";
+export { Mandate } from "./mandate.js";
+export { newKeyPair, exportPublicKey, importPublicKey, exportPrivateKey, importPrivateKey, } from "./crypto.js";
+export { parse as parseCapability, permits, isNarrowing, } from "./capability.js";
+export { MemoryRevocationStore, MemoryAuditStore, MemoryRateStore, TokenBucketRateStore, MemoryConsentStore, MemoryPolicyStore, CachingRevocationStore, } from "./store.js";
+export { FileRevocationStore, FileAuditStore, FileConsentStore, FilePolicyStore, FileRateStore, } from "./persist.js";
+export { createControlPlane, } from "./control-plane.js";
+export { HttpRevocationStore, HttpAuditStore, HttpRateStore, ControlPlaneClient, controlPlaneConsent, } from "./remote.js";
+export { newSealKeyPair, seal, unseal } from "./seal.js";
+export { verify as verifyAuditLog } from "./audit.js";
+export { lint, isClean } from "./lint.js";
+export { generateQuickstart, findSurface, listSurfaces, DEFAULT_SURFACES, } from "./quickstart.js";
+export { present, behalfFetch, authorizeIncoming, guard, MANDATE_HEADER, } from "./a2a.js";
+export { BehalfError, AuthorizationError, WideningError, IntegrityError, CapabilityParseError, } from "./errors.js";
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,EACL,MAAM,EACN,YAAY,EACZ,qBAAqB,GAEtB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AACvC,OAAO,EACL,UAAU,EACV,eAAe,EACf,eAAe,EACf,gBAAgB,EAChB,gBAAgB,GAEjB,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,KAAK,IAAI,eAAe,EACxB,OAAO,EACP,WAAW,GAEZ,MAAM,iBAAiB,CAAC;AACzB,OAAO,EACL,qBAAqB,EACrB,gBAAgB,EAChB,eAAe,EACf,oBAAoB,EACpB,kBAAkB,EAClB,iBAAiB,EACjB,sBAAsB,GAOvB,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,mBAAmB,EACnB,cAAc,EACd,gBAAgB,EAChB,eAAe,EACf,aAAa,GACd,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,kBAAkB,GAInB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,mBAAmB,EACnB,cAAc,EACd,aAAa,EACb,kBAAkB,EAClB,mBAAmB,GAIpB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,MAAM,EAAoB,MAAM,WAAW,CAAC;AAC3E,OAAO,EAAE,MAAM,IAAI,cAAc,EAAE,MAAM,YAAY,CAAC;AACtD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAoC,MAAM,WAAW,CAAC;AAC5E,OAAO,EACL,kBAAkB,EAClB,WAAW,EACX,YAAY,EACZ,gBAAgB,GAIjB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EACL,OAAO,EACP,WAAW,EACX,iBAAiB,EACjB,KAAK,EACL,cAAc,GAIf,MAAM,UAAU,CAAC;AAClB,OAAO,EACL,WAAW,EACX,kBAAkB,EAClB,aAAa,EACb,cAAc,EACd,oBAAoB,GACrB,MAAM,aAAa,CAAC"}

package/dist/lint.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Capability linting. The grammar permits broad or unbounded scopes (`*`, an
+ * unconstrained `spend:`, ...); the spec says these are "discouraged; lint
+ * warns". This surfaces them so humans and agents write tight scopes by default.
+ */
+export type LintLevel = "error" | "warn" | "info";
+export interface LintFinding {
+    capability: string;
+    level: LintLevel;
+    rule: string;
+    message: string;
+}
+/** Lint a set of capability strings; returns findings ordered by input. */
+export declare function lint(capabilities: string[]): LintFinding[];
+/** True if linting found nothing at `warn` or `error` level. */
+export declare function isClean(capabilities: string[]): boolean;
+//# sourceMappingURL=lint.d.ts.map

package/dist/lint.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"lint.d.ts","sourceRoot":"","sources":["../src/lint.ts"],"names":[],"mappings":"AAGA;;;;GAIG;AAEH,MAAM,MAAM,SAAS,GAAG,OAAO,GAAG,MAAM,GAAG,MAAM,CAAC;AAElD,MAAM,WAAW,WAAW;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,SAAS,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CACjB;AAOD,2EAA2E;AAC3E,wBAAgB,IAAI,CAAC,YAAY,EAAE,MAAM,EAAE,GAAG,WAAW,EAAE,CAoE1D;AAED,gEAAgE;AAChE,wBAAgB,OAAO,CAAC,YAAY,EAAE,MAAM,EAAE,GAAG,OAAO,CAEvD"}

package/dist/lint.js

@@ -0,0 +1,75 @@
+import { parse } from "./capability.js";
+import { CapabilityParseError } from "./errors.js";
+/** Verbs that move a quantity and should carry an amount limit. */
+const QUANTITATIVE_VERBS = new Set(["spend", "pay", "transfer", "charge", "withdraw", "refund"]);
+/** Verbs that fan out and should usually carry a rate limit. */
+const RATE_VERBS = new Set(["send", "email", "sms", "notify", "post", "publish", "call"]);
+/** Lint a set of capability strings; returns findings ordered by input. */
+export function lint(capabilities) {
+    const findings = [];
+    const seen = new Set();
+    for (const raw of capabilities) {
+        if (seen.has(raw)) {
+            findings.push({
+                capability: raw,
+                level: "warn",
+                rule: "duplicate",
+                message: "duplicate capability; remove the repeat",
+            });
+            continue;
+        }
+        seen.add(raw);
+        let cap;
+        try {
+            cap = parse(raw);
+        }
+        catch (e) {
+            findings.push({
+                capability: raw,
+                level: "error",
+                rule: "unparseable",
+                message: e instanceof CapabilityParseError ? e.message : String(e),
+            });
+            continue;
+        }
+        if (cap.wildcard) {
+            findings.push({
+                capability: raw,
+                level: "warn",
+                rule: "wildcard",
+                message: "`*` grants unlimited authority; grant specific capabilities instead",
+            });
+            continue;
+        }
+        if (cap.verb === "*" || cap.resource === "*") {
+            findings.push({
+                capability: raw,
+                level: "warn",
+                rule: "wildcard-part",
+                message: "a `*` verb or resource is overly broad; name it explicitly",
+            });
+        }
+        if (QUANTITATIVE_VERBS.has(cap.verb) && !cap.amount) {
+            findings.push({
+                capability: raw,
+                level: "warn",
+                rule: "unbounded-amount",
+                message: `"${cap.verb}" has no limit; add a cap like "${cap.verb}:${cap.resource}<=50"`,
+            });
+        }
+        if (RATE_VERBS.has(cap.verb) && !cap.rate) {
+            findings.push({
+                capability: raw,
+                level: "info",
+                rule: "no-rate-limit",
+                message: `"${cap.verb}" has no rate limit; consider "${raw} rate<=10/h"`,
+            });
+        }
+    }
+    return findings;
+}
+/** True if linting found nothing at `warn` or `error` level. */
+export function isClean(capabilities) {
+    return !lint(capabilities).some((f) => f.level !== "info");
+}
+//# sourceMappingURL=lint.js.map

package/dist/lint.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"lint.js","sourceRoot":"","sources":["../src/lint.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAmB,MAAM,iBAAiB,CAAC;AACzD,OAAO,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AAiBnD,mEAAmE;AACnE,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC,CAAC,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,QAAQ,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC;AACjG,gEAAgE;AAChE,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC;AAE1F,2EAA2E;AAC3E,MAAM,UAAU,IAAI,CAAC,YAAsB;IACzC,MAAM,QAAQ,GAAkB,EAAE,CAAC;IACnC,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAE/B,KAAK,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;QAC/B,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YAClB,QAAQ,CAAC,IAAI,CAAC;gBACZ,UAAU,EAAE,GAAG;gBACf,KAAK,EAAE,MAAM;gBACb,IAAI,EAAE,WAAW;gBACjB,OAAO,EAAE,yCAAyC;aACnD,CAAC,CAAC;YACH,SAAS;QACX,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAEd,IAAI,GAAe,CAAC;QACpB,IAAI,CAAC;YACH,GAAG,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC;QACnB,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,QAAQ,CAAC,IAAI,CAAC;gBACZ,UAAU,EAAE,GAAG;gBACf,KAAK,EAAE,OAAO;gBACd,IAAI,EAAE,aAAa;gBACnB,OAAO,EAAE,CAAC,YAAY,oBAAoB,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;aACnE,CAAC,CAAC;YACH,SAAS;QACX,CAAC;QAED,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;YACjB,QAAQ,CAAC,IAAI,CAAC;gBACZ,UAAU,EAAE,GAAG;gBACf,KAAK,EAAE,MAAM;gBACb,IAAI,EAAE,UAAU;gBAChB,OAAO,EAAE,qEAAqE;aAC/E,CAAC,CAAC;YACH,SAAS;QACX,CAAC;QAED,IAAI,GAAG,CAAC,IAAI,KAAK,GAAG,IAAI,GAAG,CAAC,QAAQ,KAAK,GAAG,EAAE,CAAC;YAC7C,QAAQ,CAAC,IAAI,CAAC;gBACZ,UAAU,EAAE,GAAG;gBACf,KAAK,EAAE,MAAM;gBACb,IAAI,EAAE,eAAe;gBACrB,OAAO,EAAE,4DAA4D;aACtE,CAAC,CAAC;QACL,CAAC;QAED,IAAI,kBAAkB,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC;YACpD,QAAQ,CAAC,IAAI,CAAC;gBACZ,UAAU,EAAE,GAAG;gBACf,KAAK,EAAE,MAAM;gBACb,IAAI,EAAE,kBAAkB;gBACxB,OAAO,EAAE,IAAI,GAAG,CAAC,IAAI,mCAAmC,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,QAAQ,OAAO;aACxF,CAAC,CAAC;QACL,CAAC;QAED,IAAI,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;YAC1C,QAAQ,CAAC,IAAI,CAAC;gBACZ,UAAU,EAAE,GAAG;gBACf,KAAK,EAAE,MAAM;gBACb,IAAI,EAAE,eAAe;gBACrB,OAAO,EAAE,IAAI,GAAG,CAAC,IAAI,kCAAkC,GAAG,cAAc;aACzE,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,gEAAgE;AAChE,MAAM,UAAU,OAAO,CAAC,YAAsB;IAC5C,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,MAAM,CAAC,CAAC;AAC7D,CAAC"}

package/dist/mandate.d.ts

@@ -0,0 +1,99 @@
+import type { AttenuateOptions, AuditEntry, MandateToken, Proof } from "./types.js";
+import { type KeyPair } from "./crypto.js";
+import type { KeyObject } from "node:crypto";
+/**
+ * The engine that actually verifies and enforces — implemented by {@link Behalf}.
+ * Kept as an interface here to avoid a circular import with the Mandate wrapper.
+ */
+export interface Engine {
+    authorizeAsHolder(token: MandateToken, action: string, delegationKey: KeyObject | undefined): Promise<void>;
+    attenuate(token: MandateToken, delegationKey: KeyObject | undefined, opts: AttenuateOptions): Mandate;
+    provePossession(token: MandateToken, delegationKey: KeyObject, action: string, nonce?: string, agentKeys?: KeyObject[]): Proof;
+    revoke(id: string): Promise<void>;
+    audit(id: string): Promise<AuditEntry[]>;
+}
+/**
+ * A handle to a capability token. Construction is internal — obtain one via
+ * `Behalf.grant(...)`, `mandate.attenuate(...)`, or `Behalf.import(token)`.
+ *
+ * A mandate obtained from `grant`/`attenuate` also carries an in-memory
+ * `delegationKey` (the Ed25519 private key that authorizes the next block), so
+ * it can be further attenuated. A mandate restored via `import` has only the
+ * public token: it can be verified, authorized, and audited, but not delegated.
+ */
+export declare class Mandate {
+    /** The serializable wire token. */
+    readonly token: MandateToken;
+    private readonly engine;
+    /** Private key for the next attenuation block; undefined if imported. */
+    private readonly delegationKey?;
+    constructor(
+    /** The serializable wire token. */
+    token: MandateToken, engine: Engine, 
+    /** Private key for the next attenuation block; undefined if imported. */
+    delegationKey?: KeyObject | undefined);
+    /** Every caveat across every block, in chain order. */
+    private get caveats();
+    /** This mandate's own id (the deepest id in the chain). */
+    get id(): string;
+    /** Full chain of ids, root → this mandate. Revoking any kills this one. */
+    get chain(): string[];
+    /** The principal that authorized the root grant, if present. */
+    get principal(): string | undefined;
+    /** The agent this mandate is currently bound to (latest binding wins). */
+    get agent(): string | undefined;
+    /** Effective expiry (earliest expires caveat). */
+    get expiresAt(): number | undefined;
+    /** True if this mandate carries the secret needed to delegate further. */
+    get canDelegate(): boolean;
+    /**
+     * Prove authority for a concrete action. Resolves if permitted; throws
+     * {@link AuthorizationError} otherwise. Always writes an audit record.
+     *
+     * Requires this mandate to hold its delegation key (i.e. it came from
+     * `grant`/`attenuate`, not `import`): authorization includes a proof of
+     * possession of the chain's terminal key, which closes truncation and makes a
+     * serialized token unusable as a bare bearer credential. To authorize a
+     * mandate you received from elsewhere, the holder must present a proof — see
+     * `agent-authority/a2a`, or use `engine.inspect()` for an advisory (no-possession)
+     * check.
+     */
+    authorize(action: string): Promise<void>;
+    /** Hand a narrowed mandate to a sub-agent. Can only shrink scope. */
+    attenuate(opts: AttenuateOptions): Mandate;
+    /**
+     * Mint a fresh proof of possession for performing `action`, to present this
+     * mandate across a trust boundary (e.g. an A2A call). Bound to the action and
+     * the exact chain. Requires the delegation key, so only the legitimate holder
+     * can produce it.
+     */
+    prove(action: string, opts?: {
+        nonce?: string;
+        agentKeys?: KeyPair[];
+    }): Proof;
+    /** Revoke this mandate and its entire downstream chain. */
+    revoke(): Promise<void>;
+    /** This mandate's hash-chained audit trail. */
+    audit(): Promise<AuditEntry[]>;
+    /** Compact, transmittable string form (base64url JSON of the public token). */
+    serialize(): string;
+    /**
+     * Transferable holder credential: the token PLUS its delegation key, so the
+     * recipient can authorize, prove, and attenuate after `engine.import(...)`.
+     * This is how a delegated mandate is handed to a sub-agent in another process.
+     *
+     * TREAT AS A SECRET: anyone holding this string can exercise the mandate's
+     * full authority until expiry/revocation. Deliver only over a secure channel.
+     * Use `serialize()` for the public, presentation-only form.
+     */
+    serializeWithKey(): string;
+    /**
+     * Holder credential, encrypted to a recipient's X25519 sealing key — so the
+     * credential is unreadable in transit/at rest to anyone but the intended
+     * agent. Open it with `engine.importSealed(sealed, recipientKeyPair)`. This is
+     * `serializeWithKey()` wrapped in `seal()`; use it when the delivery channel
+     * isn't fully trusted. (Defense-in-depth on top of `bindAgent`.)
+     */
+    sealForRecipient(recipientPublicKey: string): string;
+}
+//# sourceMappingURL=mandate.d.ts.map

package/dist/mandate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mandate.d.ts","sourceRoot":"","sources":["../src/mandate.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,UAAU,EAAU,YAAY,EAAE,KAAK,EAAE,MAAM,YAAY,CAAC;AAC5F,OAAO,EAAoB,KAAK,OAAO,EAAE,MAAM,aAAa,CAAC;AAE7D,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAE7C;;;GAGG;AACH,MAAM,WAAW,MAAM;IACrB,iBAAiB,CACf,KAAK,EAAE,YAAY,EACnB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,SAAS,GAAG,SAAS,GACnC,OAAO,CAAC,IAAI,CAAC,CAAC;IACjB,SAAS,CAAC,KAAK,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,GAAG,SAAS,EAAE,IAAI,EAAE,gBAAgB,GAAG,OAAO,CAAC;IACtG,eAAe,CACb,KAAK,EAAE,YAAY,EACnB,aAAa,EAAE,SAAS,EACxB,MAAM,EAAE,MAAM,EACd,KAAK,CAAC,EAAE,MAAM,EACd,SAAS,CAAC,EAAE,SAAS,EAAE,GACtB,KAAK,CAAC;IACT,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAClC,KAAK,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;CAC1C;AAED;;;;;;;;GAQG;AACH,qBAAa,OAAO;IAEhB,mCAAmC;IACnC,QAAQ,CAAC,KAAK,EAAE,YAAY;IAC5B,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,yEAAyE;IACzE,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC;;IAJ/B,mCAAmC;IAC1B,KAAK,EAAE,YAAY,EACX,MAAM,EAAE,MAAM;IAC/B,yEAAyE;IACxD,aAAa,CAAC,EAAE,SAAS,YAAA;IAG5C,uDAAuD;IACvD,OAAO,KAAK,OAAO,GAElB;IAED,2DAA2D;IAC3D,IAAI,EAAE,IAAI,MAAM,CAGf;IAED,2EAA2E;IAC3E,IAAI,KAAK,IAAI,MAAM,EAAE,CAIpB;IAED,gEAAgE;IAChE,IAAI,SAAS,IAAI,MAAM,GAAG,SAAS,CAGlC;IAED,0EAA0E;IAC1E,IAAI,KAAK,IAAI,MAAM,GAAG,SAAS,CAI9B;IAED,kDAAkD;IAClD,IAAI,SAAS,IAAI,MAAM,GAAG,SAAS,CAMlC;IAED,0EAA0E;IAC1E,IAAI,WAAW,IAAI,OAAO,CAEzB;IAED;;;;;;;;;;;OAWG;IACH,SAAS,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIxC,qEAAqE;IACrE,SAAS,CAAC,IAAI,EAAE,gBAAgB,GAAG,OAAO;IAI1C;;;;;OAKG;IACH,KAAK,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,GAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,SAAS,CAAC,EAAE,OAAO,EAAE,CAAA;KAAO,GAAG,KAAK;IAQlF,2DAA2D;IAC3D,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;IAIvB,+CAA+C;IAC/C,KAAK,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;IAI9B,+EAA+E;IAC/E,SAAS,IAAI,MAAM;IAInB;;;;;;;;OAQG;IACH,gBAAgB,IAAI,MAAM;IAQ1B;;;;;;OAMG;IACH,gBAAgB,CAAC,kBAAkB,EAAE,MAAM,GAAG,MAAM;CAGrD"}

package/dist/mandate.js

@@ -0,0 +1,141 @@
+import { exportPrivateKey } from "./crypto.js";
+import { seal } from "./seal.js";
+/**
+ * A handle to a capability token. Construction is internal — obtain one via
+ * `Behalf.grant(...)`, `mandate.attenuate(...)`, or `Behalf.import(token)`.
+ *
+ * A mandate obtained from `grant`/`attenuate` also carries an in-memory
+ * `delegationKey` (the Ed25519 private key that authorizes the next block), so
+ * it can be further attenuated. A mandate restored via `import` has only the
+ * public token: it can be verified, authorized, and audited, but not delegated.
+ */
+export class Mandate {
+    token;
+    engine;
+    delegationKey;
+    constructor(
+    /** The serializable wire token. */
+    token, engine, 
+    /** Private key for the next attenuation block; undefined if imported. */
+    delegationKey) {
+        this.token = token;
+        this.engine = engine;
+        this.delegationKey = delegationKey;
+    }
+    /** Every caveat across every block, in chain order. */
+    get caveats() {
+        return this.token.blocks.flatMap((b) => b.caveats);
+    }
+    /** This mandate's own id (the deepest id in the chain). */
+    get id() {
+        const ids = this.chain;
+        return ids[ids.length - 1];
+    }
+    /** Full chain of ids, root → this mandate. Revoking any kills this one. */
+    get chain() {
+        const ids = [this.token.id];
+        for (const c of this.caveats)
+            if (c.t === "id")
+                ids.push(c.id);
+        return ids;
+    }
+    /** The principal that authorized the root grant, if present. */
+    get principal() {
+        for (const c of this.caveats)
+            if (c.t === "principal")
+                return c.principal;
+        return undefined;
+    }
+    /** The agent this mandate is currently bound to (latest binding wins). */
+    get agent() {
+        let agent;
+        for (const c of this.caveats)
+            if (c.t === "agent")
+                agent = c.agent;
+        return agent;
+    }
+    /** Effective expiry (earliest expires caveat). */
+    get expiresAt() {
+        let earliest;
+        for (const c of this.caveats) {
+            if (c.t === "expires")
+                earliest = earliest === undefined ? c.at : Math.min(earliest, c.at);
+        }
+        return earliest;
+    }
+    /** True if this mandate carries the secret needed to delegate further. */
+    get canDelegate() {
+        return this.delegationKey !== undefined;
+    }
+    /**
+     * Prove authority for a concrete action. Resolves if permitted; throws
+     * {@link AuthorizationError} otherwise. Always writes an audit record.
+     *
+     * Requires this mandate to hold its delegation key (i.e. it came from
+     * `grant`/`attenuate`, not `import`): authorization includes a proof of
+     * possession of the chain's terminal key, which closes truncation and makes a
+     * serialized token unusable as a bare bearer credential. To authorize a
+     * mandate you received from elsewhere, the holder must present a proof — see
+     * `agent-authority/a2a`, or use `engine.inspect()` for an advisory (no-possession)
+     * check.
+     */
+    authorize(action) {
+        return this.engine.authorizeAsHolder(this.token, action, this.delegationKey);
+    }
+    /** Hand a narrowed mandate to a sub-agent. Can only shrink scope. */
+    attenuate(opts) {
+        return this.engine.attenuate(this.token, this.delegationKey, opts);
+    }
+    /**
+     * Mint a fresh proof of possession for performing `action`, to present this
+     * mandate across a trust boundary (e.g. an A2A call). Bound to the action and
+     * the exact chain. Requires the delegation key, so only the legitimate holder
+     * can produce it.
+     */
+    prove(action, opts = {}) {
+        if (!this.delegationKey) {
+            throw new Error("cannot prove possession: this mandate was imported without its key");
+        }
+        const agentKeys = opts.agentKeys?.map((k) => k.privateKey);
+        return this.engine.provePossession(this.token, this.delegationKey, action, opts.nonce, agentKeys);
+    }
+    /** Revoke this mandate and its entire downstream chain. */
+    revoke() {
+        return this.engine.revoke(this.id);
+    }
+    /** This mandate's hash-chained audit trail. */
+    audit() {
+        return this.engine.audit(this.id);
+    }
+    /** Compact, transmittable string form (base64url JSON of the public token). */
+    serialize() {
+        return Buffer.from(JSON.stringify(this.token), "utf8").toString("base64url");
+    }
+    /**
+     * Transferable holder credential: the token PLUS its delegation key, so the
+     * recipient can authorize, prove, and attenuate after `engine.import(...)`.
+     * This is how a delegated mandate is handed to a sub-agent in another process.
+     *
+     * TREAT AS A SECRET: anyone holding this string can exercise the mandate's
+     * full authority until expiry/revocation. Deliver only over a secure channel.
+     * Use `serialize()` for the public, presentation-only form.
+     */
+    serializeWithKey() {
+        if (!this.delegationKey) {
+            throw new Error("cannot export with key: this mandate was imported without its key");
+        }
+        const payload = { token: this.token, key: exportPrivateKey(this.delegationKey) };
+        return Buffer.from(JSON.stringify(payload), "utf8").toString("base64url");
+    }
+    /**
+     * Holder credential, encrypted to a recipient's X25519 sealing key — so the
+     * credential is unreadable in transit/at rest to anyone but the intended
+     * agent. Open it with `engine.importSealed(sealed, recipientKeyPair)`. This is
+     * `serializeWithKey()` wrapped in `seal()`; use it when the delivery channel
+     * isn't fully trusted. (Defense-in-depth on top of `bindAgent`.)
+     */
+    sealForRecipient(recipientPublicKey) {
+        return seal(this.serializeWithKey(), recipientPublicKey);
+    }
+}
+//# sourceMappingURL=mandate.js.map

package/dist/mandate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mandate.js","sourceRoot":"","sources":["../src/mandate.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,gBAAgB,EAAgB,MAAM,aAAa,CAAC;AAC7D,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAyBjC;;;;;;;;GAQG;AACH,MAAM,OAAO,OAAO;IAGP;IACQ;IAEA;IALnB;IACE,mCAAmC;IAC1B,KAAmB,EACX,MAAc;IAC/B,yEAAyE;IACxD,aAAyB;QAHjC,UAAK,GAAL,KAAK,CAAc;QACX,WAAM,GAAN,MAAM,CAAQ;QAEd,kBAAa,GAAb,aAAa,CAAY;IACzC,CAAC;IAEJ,uDAAuD;IACvD,IAAY,OAAO;QACjB,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IACrD,CAAC;IAED,2DAA2D;IAC3D,IAAI,EAAE;QACJ,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC;QACvB,OAAO,GAAG,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC7B,CAAC;IAED,2EAA2E;IAC3E,IAAI,KAAK;QACP,MAAM,GAAG,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAC5B,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,OAAO;YAAE,IAAI,CAAC,CAAC,CAAC,KAAK,IAAI;gBAAE,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QAC/D,OAAO,GAAG,CAAC;IACb,CAAC;IAED,gEAAgE;IAChE,IAAI,SAAS;QACX,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,OAAO;YAAE,IAAI,CAAC,CAAC,CAAC,KAAK,WAAW;gBAAE,OAAO,CAAC,CAAC,SAAS,CAAC;QAC1E,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,0EAA0E;IAC1E,IAAI,KAAK;QACP,IAAI,KAAyB,CAAC;QAC9B,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,OAAO;YAAE,IAAI,CAAC,CAAC,CAAC,KAAK,OAAO;gBAAE,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC;QACnE,OAAO,KAAK,CAAC;IACf,CAAC;IAED,kDAAkD;IAClD,IAAI,SAAS;QACX,IAAI,QAA4B,CAAC;QACjC,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YAC7B,IAAI,CAAC,CAAC,CAAC,KAAK,SAAS;gBAAE,QAAQ,GAAG,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;QAC7F,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,0EAA0E;IAC1E,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,aAAa,KAAK,SAAS,CAAC;IAC1C,CAAC;IAED;;;;;;;;;;;OAWG;IACH,SAAS,CAAC,MAAc;QACtB,OAAO,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;IAC/E,CAAC;IAED,qEAAqE;IACrE,SAAS,CAAC,IAAsB;QAC9B,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC;IACrE,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,MAAc,EAAE,OAAkD,EAAE;QACxE,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC;QACxF,CAAC;QACD,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;QAC3D,OAAO,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,aAAa,EAAE,MAAM,EAAE,IAAI,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;IACpG,CAAC;IAED,2DAA2D;IAC3D,MAAM;QACJ,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACrC,CAAC;IAED,+CAA+C;IAC/C,KAAK;QACH,OAAO,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACpC,CAAC;IAED,+EAA+E;IAC/E,SAAS;QACP,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAC/E,CAAC;IAED;;;;;;;;OAQG;IACH,gBAAgB;QACd,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,mEAAmE,CAAC,CAAC;QACvF,CAAC;QACD,MAAM,OAAO,GAAG,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,GAAG,EAAE,gBAAgB,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE,CAAC;QACjF,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAC5E,CAAC;IAED;;;;;;OAMG;IACH,gBAAgB,CAAC,kBAA0B;QACzC,OAAO,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,kBAAkB,CAAC,CAAC;IAC3D,CAAC;CACF"}

package/dist/mcp-server.d.ts

@@ -0,0 +1,26 @@
+#!/usr/bin/env node
+import { Behalf } from "./behalf.js";
+interface JsonRpcRequest {
+    jsonrpc: "2.0";
+    id?: string | number | null;
+    method: string;
+    params?: Record<string, unknown>;
+}
+interface JsonRpcResponse {
+    jsonrpc: "2.0";
+    id: string | number | null;
+    result?: unknown;
+    error?: {
+        code: number;
+        message: string;
+    };
+}
+export interface McpServer {
+    /** Handle one JSON-RPC request; returns a response, or null for notifications. */
+    dispatch(req: JsonRpcRequest): Promise<JsonRpcResponse | null>;
+    /** Wire the server to stdin/stdout and run until the stream closes. */
+    start(): void;
+}
+export declare function createMcpServer(engine?: Behalf): McpServer;
+export {};
+//# sourceMappingURL=mcp-server.d.ts.map

package/dist/mcp-server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-server.d.ts","sourceRoot":"","sources":["../src/mcp-server.ts"],"names":[],"mappings":";AAIA,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAarC,UAAU,cAAc;IACtB,OAAO,EAAE,KAAK,CAAC;IACf,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC;AAED,UAAU,eAAe;IACvB,OAAO,EAAE,KAAK,CAAC;IACf,EAAE,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC;IAC3B,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;CAC3C;AAED,MAAM,WAAW,SAAS;IACxB,kFAAkF;IAClF,QAAQ,CAAC,GAAG,EAAE,cAAc,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,CAAC;IAC/D,uEAAuE;IACvE,KAAK,IAAI,IAAI,CAAC;CACf;AAED,wBAAgB,eAAe,CAAC,MAAM,GAAE,MAAuB,GAAG,SAAS,CAiF1E"}

package/dist/mcp-server.js

@@ -0,0 +1,111 @@
+#!/usr/bin/env node
+import { createInterface } from "node:readline";
+import { fileURLToPath } from "node:url";
+import { realpathSync } from "node:fs";
+import { Behalf } from "./behalf.js";
+import { behalfMcpTools } from "./mcp.js";
+/**
+ * A minimal, dependency-free MCP server over stdio (newline-delimited JSON-RPC
+ * 2.0). It exposes the Behalf discovery tools — `request_mandate`,
+ * `present_mandate`, `check_authority` — so any MCP client (Claude Desktop,
+ * Cursor, ...) can obtain and use authority natively. Staying SDK-free keeps the
+ * "thin, near-zero-deps" principle: the wire protocol is small enough to own.
+ */
+const PROTOCOL_VERSION = "2024-11-05";
+export function createMcpServer(engine = Behalf.default) {
+    const tools = behalfMcpTools(engine);
+    const byName = new Map(tools.map((t) => [t.name, t]));
+    async function dispatch(req) {
+        const id = req.id ?? null;
+        const ok = (result) => ({ jsonrpc: "2.0", id, result });
+        const err = (code, message) => ({
+            jsonrpc: "2.0",
+            id,
+            error: { code, message },
+        });
+        switch (req.method) {
+            case "initialize":
+                return ok({
+                    protocolVersion: PROTOCOL_VERSION,
+                    capabilities: { tools: {} },
+                    serverInfo: { name: "agent-authority", version: "0.1.0" },
+                });
+            case "notifications/initialized":
+            case "initialized":
+                return null; // notification, no reply
+            case "ping":
+                return ok({});
+            case "tools/list":
+                return ok({
+                    tools: tools.map((t) => ({
+                        name: t.name,
+                        description: t.description,
+                        inputSchema: t.inputSchema,
+                    })),
+                });
+            case "tools/call": {
+                const name = req.params?.name;
+                const args = req.params?.arguments ?? {};
+                const tool = byName.get(name);
+                if (!tool)
+                    return err(-32602, `unknown tool "${name}"`);
+                try {
+                    const result = await tool.handler(args);
+                    return ok({
+                        content: [{ type: "text", text: JSON.stringify(result) }],
+                        isError: false,
+                    });
+                }
+                catch (e) {
+                    return ok({
+                        content: [{ type: "text", text: e.message }],
+                        isError: true,
+                    });
+                }
+            }
+            default:
+                // Ignore other notifications; error on unknown requests.
+                if (req.id === undefined)
+                    return null;
+                return err(-32601, `method not found: ${req.method}`);
+        }
+    }
+    function start() {
+        const rl = createInterface({ input: process.stdin });
+        rl.on("line", (line) => {
+            const trimmed = line.trim();
+            if (!trimmed)
+                return;
+            let req;
+            try {
+                req = JSON.parse(trimmed);
+            }
+            catch {
+                return; // ignore malformed input
+            }
+            dispatch(req).then((res) => {
+                if (res)
+                    process.stdout.write(JSON.stringify(res) + "\n");
+            });
+        });
+    }
+    return { dispatch, start };
+}
+// Allow `node dist/mcp-server.js` (and the `agent-authority-mcp` bin) to run the server,
+// while never auto-starting when imported (e.g. by tests). Compares real paths
+// so an npm bin symlink still resolves to this module.
+function runningAsMain() {
+    const entry = process.argv[1];
+    if (!entry)
+        return false;
+    try {
+        return realpathSync(entry) === realpathSync(fileURLToPath(import.meta.url));
+    }
+    catch {
+        return false;
+    }
+}
+if (runningAsMain()) {
+    createMcpServer().start();
+}
+//# sourceMappingURL=mcp-server.js.map

package/dist/mcp-server.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-server.js","sourceRoot":"","sources":["../src/mcp-server.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EAAE,cAAc,EAAuB,MAAM,UAAU,CAAC;AAE/D;;;;;;GAMG;AAEH,MAAM,gBAAgB,GAAG,YAAY,CAAC;AAuBtC,MAAM,UAAU,eAAe,CAAC,SAAiB,MAAM,CAAC,OAAO;IAC7D,MAAM,KAAK,GAAqB,cAAc,CAAC,MAAM,CAAC,CAAC;IACvD,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IAEtD,KAAK,UAAU,QAAQ,CAAC,GAAmB;QACzC,MAAM,EAAE,GAAG,GAAG,CAAC,EAAE,IAAI,IAAI,CAAC;QAC1B,MAAM,EAAE,GAAG,CAAC,MAAe,EAAmB,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;QAClF,MAAM,GAAG,GAAG,CAAC,IAAY,EAAE,OAAe,EAAmB,EAAE,CAAC,CAAC;YAC/D,OAAO,EAAE,KAAK;YACd,EAAE;YACF,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE;SACzB,CAAC,CAAC;QAEH,QAAQ,GAAG,CAAC,MAAM,EAAE,CAAC;YACnB,KAAK,YAAY;gBACf,OAAO,EAAE,CAAC;oBACR,eAAe,EAAE,gBAAgB;oBACjC,YAAY,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE;oBAC3B,UAAU,EAAE,EAAE,IAAI,EAAE,iBAAiB,EAAE,OAAO,EAAE,OAAO,EAAE;iBAC1D,CAAC,CAAC;YAEL,KAAK,2BAA2B,CAAC;YACjC,KAAK,aAAa;gBAChB,OAAO,IAAI,CAAC,CAAC,yBAAyB;YAExC,KAAK,MAAM;gBACT,OAAO,EAAE,CAAC,EAAE,CAAC,CAAC;YAEhB,KAAK,YAAY;gBACf,OAAO,EAAE,CAAC;oBACR,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;wBACvB,IAAI,EAAE,CAAC,CAAC,IAAI;wBACZ,WAAW,EAAE,CAAC,CAAC,WAAW;wBAC1B,WAAW,EAAE,CAAC,CAAC,WAAW;qBAC3B,CAAC,CAAC;iBACJ,CAAC,CAAC;YAEL,KAAK,YAAY,CAAC,CAAC,CAAC;gBAClB,MAAM,IAAI,GAAG,GAAG,CAAC,MAAM,EAAE,IAAc,CAAC;gBACxC,MAAM,IAAI,GAAI,GAAG,CAAC,MAAM,EAAE,SAAqC,IAAI,EAAE,CAAC;gBACtE,MAAM,IAAI,GAAG,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;gBAC9B,IAAI,CAAC,IAAI;oBAAE,OAAO,GAAG,CAAC,CAAC,KAAK,EAAE,iBAAiB,IAAI,GAAG,CAAC,CAAC;gBACxD,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;oBACxC,OAAO,EAAE,CAAC;wBACR,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC;wBACzD,OAAO,EAAE,KAAK;qBACf,CAAC,CAAC;gBACL,CAAC;gBAAC,OAAO,CAAC,EAAE,CAAC;oBACX,OAAO,EAAE,CAAC;wBACR,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAG,CAAW,CAAC,OAAO,EAAE,CAAC;wBACvD,OAAO,EAAE,IAAI;qBACd,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED;gBACE,yDAAyD;gBACzD,IAAI,GAAG,CAAC,EAAE,KAAK,SAAS;oBAAE,OAAO,IAAI,CAAC;gBACtC,OAAO,GAAG,CAAC,CAAC,KAAK,EAAE,qBAAqB,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QAC1D,CAAC;IACH,CAAC;IAED,SAAS,KAAK;QACZ,MAAM,EAAE,GAAG,eAAe,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;QACrD,EAAE,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;YACrB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAC5B,IAAI,CAAC,OAAO;gBAAE,OAAO;YACrB,IAAI,GAAmB,CAAC;YACxB,IAAI,CAAC;gBACH,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAC5B,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,CAAC,yBAAyB;YACnC,CAAC;YACD,QAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE;gBACzB,IAAI,GAAG;oBAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC;YAC5D,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;AAC7B,CAAC;AAED,yFAAyF;AACzF,+EAA+E;AAC/E,uDAAuD;AACvD,SAAS,aAAa;IACpB,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC9B,IAAI,CAAC,KAAK;QAAE,OAAO,KAAK,CAAC;IACzB,IAAI,CAAC;QACH,OAAO,YAAY,CAAC,KAAK,CAAC,KAAK,YAAY,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAC9E,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AACD,IAAI,aAAa,EAAE,EAAE,CAAC;IACpB,eAAe,EAAE,CAAC,KAAK,EAAE,CAAC;AAC5B,CAAC"}