agent-authority 0.1.0

package/dist/remote.d.ts

@@ -0,0 +1,93 @@
+import type { AuditEntry, AuditFields } from "./types.js";
+import type { AuditStore, RevocationStore, RateStore } from "./store.js";
+/**
+ * Client stores that back an engine with a remote {@link createControlPlane}.
+ * Drop them into `createBehalf({ revocations, audit })` and revocation
+ * propagates across every agent pointed at the same control plane, while audit
+ * is retained centrally — with the five-verb API and enforcement unchanged.
+ */
+export interface RemoteOptions {
+    /** Bearer token, if the control plane requires one. */
+    token?: string;
+    /** Injectable fetch (defaults to global fetch) — handy for tests. */
+    fetch?: typeof fetch;
+}
+declare class RemoteBase {
+    protected readonly base: string;
+    protected readonly fetch: typeof fetch;
+    private readonly token?;
+    constructor(baseUrl: string, opts?: RemoteOptions);
+    protected headers(): Record<string, string>;
+    protected get<T>(path: string): Promise<T>;
+    protected post<T>(path: string, body: unknown): Promise<T>;
+}
+/** Revocation backed by the control plane — revoke once, propagates to all. */
+export declare class HttpRevocationStore extends RemoteBase implements RevocationStore {
+    revoke(id: string): Promise<void>;
+    isRevoked(id: string): Promise<boolean>;
+}
+/** Tamper-evident audit retained centrally by the control plane. */
+export declare class HttpAuditStore extends RemoteBase implements AuditStore {
+    /** One round-trip per record; the control plane (single writer) seals it. */
+    record(fields: AuditFields): Promise<AuditEntry>;
+    append(entry: AuditEntry): Promise<void>;
+    all(): Promise<AuditEntry[]>;
+    forMandate(mandateId: string): Promise<AuditEntry[]>;
+    forIssuer(issuer: string): Promise<AuditEntry[]>;
+}
+/** Rate limiting enforced centrally — one cap shared across all agents. */
+export declare class HttpRateStore extends RemoteBase implements RateStore {
+    hit(key: string, windowMs: number, limit: number, _now: number): Promise<boolean>;
+}
+/** Lightweight typed client for the consent + policy endpoints. */
+export declare class ControlPlaneClient extends RemoteBase {
+    requestConsent(agent: string, capability: string, context?: Record<string, unknown>): Promise<{
+        id: string;
+        status: string;
+    }>;
+    getConsent(id: string): Promise<{
+        id: string;
+        status: string;
+    }>;
+    decideConsent(id: string, approve: boolean): Promise<{
+        id: string;
+        status: string;
+    }>;
+    getPolicy<T = unknown>(name: string): Promise<{
+        name: string;
+        policy: T;
+    }>;
+    putPolicy<T = unknown>(name: string, policy: T): Promise<{
+        name: string;
+        policy: T;
+    }>;
+}
+export interface ConsentProviderOptions {
+    /** How often to poll for a decision. Default 500ms. */
+    pollMs?: number;
+    /** Give up (deny) after this long. Default 30s. */
+    timeoutMs?: number;
+    /** Called with the pending record's id — surface it to a dashboard/approver. */
+    onPending?: (record: {
+        id: string;
+    }) => void;
+    /** Injectable sleep — handy for tests. */
+    sleep?: (ms: number) => Promise<void>;
+}
+/** Info the middleware passes to a just-in-time consent decision. */
+export interface ConsentRequest {
+    tool?: string;
+    capability: string;
+    mandate?: {
+        agent?: string;
+    };
+}
+/**
+ * A consent provider backed by the control plane. Use it as `withBehalf`'s
+ * `onPrompt`: on a denied call it opens a pending consent request, then polls
+ * until a human approves/denies it (via the dashboard or `decideConsent`),
+ * wiring the control plane's consent surface to enforcement end-to-end.
+ */
+export declare function controlPlaneConsent(client: ControlPlaneClient, opts?: ConsentProviderOptions): (info: ConsentRequest) => Promise<boolean>;
+export {};
+//# sourceMappingURL=remote.d.ts.map

package/dist/remote.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"remote.d.ts","sourceRoot":"","sources":["../src/remote.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAC1D,OAAO,KAAK,EAAE,UAAU,EAAE,eAAe,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAEzE;;;;;GAKG;AAEH,MAAM,WAAW,aAAa;IAC5B,uDAAuD;IACvD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,qEAAqE;IACrE,KAAK,CAAC,EAAE,OAAO,KAAK,CAAC;CACtB;AAED,cAAM,UAAU;IACd,SAAS,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IAChC,SAAS,CAAC,QAAQ,CAAC,KAAK,EAAE,OAAO,KAAK,CAAC;IACvC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAS;gBAEpB,OAAO,EAAE,MAAM,EAAE,IAAI,GAAE,aAAkB;IAMrD,SAAS,CAAC,OAAO,IAAI,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC;cAM3B,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC;cAMhC,IAAI,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,GAAG,OAAO,CAAC,CAAC,CAAC;CASjE;AAED,+EAA+E;AAC/E,qBAAa,mBAAoB,SAAQ,UAAW,YAAW,eAAe;IACtE,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAGjC,SAAS,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CAM9C;AAED,oEAAoE;AACpE,qBAAa,cAAe,SAAQ,UAAW,YAAW,UAAU;IAClE,6EAA6E;IACvE,MAAM,CAAC,MAAM,EAAE,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC;IAGhD,MAAM,CAAC,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;IAGxC,GAAG,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;IAG5B,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;IAKpD,SAAS,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;CAKvD;AAED,2EAA2E;AAC3E,qBAAa,aAAc,SAAQ,UAAW,YAAW,SAAS;IAC1D,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CAKxF;AAED,mEAAmE;AACnE,qBAAa,kBAAmB,SAAQ,UAAU;IAChD,cAAc,CAAC,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;YAC1D,MAAM;gBAAU,MAAM;;IAE/C,UAAU,CAAC,EAAE,EAAE,MAAM;YACG,MAAM;gBAAU,MAAM;;IAE9C,aAAa,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO;YACjB,MAAM;gBAAU,MAAM;;IAK/C,SAAS,CAAC,CAAC,GAAG,OAAO,EAAE,IAAI,EAAE,MAAM;cACT,MAAM;gBAAU,CAAC;;IAErC,SAAS,CAAC,CAAC,GAAG,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;cAOb,MAAM;gBAAU,CAAC;;CAEzD;AAED,MAAM,WAAW,sBAAsB;IACrC,uDAAuD;IACvD,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,mDAAmD;IACnD,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,gFAAgF;IAChF,SAAS,CAAC,EAAE,CAAC,MAAM,EAAE;QAAE,EAAE,EAAE,MAAM,CAAA;KAAE,KAAK,IAAI,CAAC;IAC7C,0CAA0C;IAC1C,KAAK,CAAC,EAAE,CAAC,EAAE,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;CACvC;AAED,qEAAqE;AACrE,MAAM,WAAW,cAAc;IAC7B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;CAC9B;AAED;;;;;GAKG;AACH,wBAAgB,mBAAmB,CACjC,MAAM,EAAE,kBAAkB,EAC1B,IAAI,GAAE,sBAA2B,GAChC,CAAC,IAAI,EAAE,cAAc,KAAK,OAAO,CAAC,OAAO,CAAC,CAmB5C"}

package/dist/remote.js

@@ -0,0 +1,120 @@
+class RemoteBase {
+    base;
+    fetch;
+    token;
+    constructor(baseUrl, opts = {}) {
+        this.base = baseUrl.replace(/\/$/, "");
+        this.fetch = opts.fetch ?? fetch;
+        this.token = opts.token;
+    }
+    headers() {
+        const h = { "content-type": "application/json" };
+        if (this.token)
+            h["authorization"] = `Bearer ${this.token}`;
+        return h;
+    }
+    async get(path) {
+        const res = await this.fetch(this.base + path, { headers: this.headers() });
+        if (!res.ok)
+            throw new Error(`control plane ${res.status} for GET ${path}`);
+        return (await res.json());
+    }
+    async post(path, body) {
+        const res = await this.fetch(this.base + path, {
+            method: "POST",
+            headers: this.headers(),
+            body: JSON.stringify(body),
+        });
+        if (!res.ok)
+            throw new Error(`control plane ${res.status} for POST ${path}`);
+        return (await res.json());
+    }
+}
+/** Revocation backed by the control plane — revoke once, propagates to all. */
+export class HttpRevocationStore extends RemoteBase {
+    async revoke(id) {
+        await this.post("/v1/revoke", { id });
+    }
+    async isRevoked(id) {
+        const { revoked } = await this.get(`/v1/revoked/${encodeURIComponent(id)}`);
+        return revoked;
+    }
+}
+/** Tamper-evident audit retained centrally by the control plane. */
+export class HttpAuditStore extends RemoteBase {
+    /** One round-trip per record; the control plane (single writer) seals it. */
+    async record(fields) {
+        return (await this.post("/v1/audit", { fields })).entry;
+    }
+    async append(entry) {
+        await this.post("/v1/audit", { entry });
+    }
+    async all() {
+        return (await this.get("/v1/audit")).entries;
+    }
+    async forMandate(mandateId) {
+        return (await this.get(`/v1/audit/${encodeURIComponent(mandateId)}`)).entries;
+    }
+    async forIssuer(issuer) {
+        return (await this.get(`/v1/audit?issuer=${encodeURIComponent(issuer)}`)).entries;
+    }
+}
+/** Rate limiting enforced centrally — one cap shared across all agents. */
+export class HttpRateStore extends RemoteBase {
+    async hit(key, windowMs, limit, _now) {
+        // `now` is intentionally NOT sent — the control plane stamps each hit with
+        // its own clock, so a skewed or hostile client can't shift the window.
+        return (await this.post("/v1/rate", { key, windowMs, limit })).allowed;
+    }
+}
+/** Lightweight typed client for the consent + policy endpoints. */
+export class ControlPlaneClient extends RemoteBase {
+    requestConsent(agent, capability, context) {
+        return this.post("/v1/consent", { agent, capability, context });
+    }
+    getConsent(id) {
+        return this.get(`/v1/consent/${encodeURIComponent(id)}`);
+    }
+    decideConsent(id, approve) {
+        return this.post(`/v1/consent/${encodeURIComponent(id)}/decision`, { approve });
+    }
+    getPolicy(name) {
+        return this.get(`/v1/policy/${encodeURIComponent(name)}`);
+    }
+    async putPolicy(name, policy) {
+        const res = await this.fetch(`${this.base}/v1/policy/${encodeURIComponent(name)}`, {
+            method: "PUT",
+            headers: this.headers(),
+            body: JSON.stringify({ policy }),
+        });
+        if (!res.ok)
+            throw new Error(`control plane ${res.status} for PUT policy`);
+        return (await res.json());
+    }
+}
+/**
+ * A consent provider backed by the control plane. Use it as `withBehalf`'s
+ * `onPrompt`: on a denied call it opens a pending consent request, then polls
+ * until a human approves/denies it (via the dashboard or `decideConsent`),
+ * wiring the control plane's consent surface to enforcement end-to-end.
+ */
+export function controlPlaneConsent(client, opts = {}) {
+    const pollMs = opts.pollMs ?? 500;
+    const timeoutMs = opts.timeoutMs ?? 30_000;
+    const sleep = opts.sleep ?? ((ms) => new Promise((r) => setTimeout(r, ms)));
+    return async (info) => {
+        const agent = info.mandate?.agent ?? info.tool ?? "agent";
+        const rec = await client.requestConsent(agent, info.capability, { tool: info.tool });
+        opts.onPending?.(rec);
+        const deadline = Date.now() + timeoutMs;
+        while (Date.now() < deadline) {
+            const cur = await client.getConsent(rec.id);
+            // Any terminal state other than approved (denied, expired, …) is a deny.
+            if (cur.status !== "pending")
+                return cur.status === "approved";
+            await sleep(pollMs);
+        }
+        return false; // timed out → deny
+    };
+}
+//# sourceMappingURL=remote.js.map

package/dist/remote.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"remote.js","sourceRoot":"","sources":["../src/remote.ts"],"names":[],"mappings":"AAiBA,MAAM,UAAU;IACK,IAAI,CAAS;IACb,KAAK,CAAe;IACtB,KAAK,CAAU;IAEhC,YAAY,OAAe,EAAE,OAAsB,EAAE;QACnD,IAAI,CAAC,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACvC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC;QACjC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;IAC1B,CAAC;IAES,OAAO;QACf,MAAM,CAAC,GAA2B,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC;QACzE,IAAI,IAAI,CAAC,KAAK;YAAE,CAAC,CAAC,eAAe,CAAC,GAAG,UAAU,IAAI,CAAC,KAAK,EAAE,CAAC;QAC5D,OAAO,CAAC,CAAC;IACX,CAAC;IAES,KAAK,CAAC,GAAG,CAAI,IAAY;QACjC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,IAAI,EAAE,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QAC5E,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,iBAAiB,GAAG,CAAC,MAAM,YAAY,IAAI,EAAE,CAAC,CAAC;QAC5E,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAM,CAAC;IACjC,CAAC;IAES,KAAK,CAAC,IAAI,CAAI,IAAY,EAAE,IAAa;QACjD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,IAAI,EAAE;YAC7C,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE;YACvB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;SAC3B,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,iBAAiB,GAAG,CAAC,MAAM,aAAa,IAAI,EAAE,CAAC,CAAC;QAC7E,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAM,CAAC;IACjC,CAAC;CACF;AAED,+EAA+E;AAC/E,MAAM,OAAO,mBAAoB,SAAQ,UAAU;IACjD,KAAK,CAAC,MAAM,CAAC,EAAU;QACrB,MAAM,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IACxC,CAAC;IACD,KAAK,CAAC,SAAS,CAAC,EAAU;QACxB,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,GAAG,CAChC,eAAe,kBAAkB,CAAC,EAAE,CAAC,EAAE,CACxC,CAAC;QACF,OAAO,OAAO,CAAC;IACjB,CAAC;CACF;AAED,oEAAoE;AACpE,MAAM,OAAO,cAAe,SAAQ,UAAU;IAC5C,6EAA6E;IAC7E,KAAK,CAAC,MAAM,CAAC,MAAmB;QAC9B,OAAO,CAAC,MAAM,IAAI,CAAC,IAAI,CAAwB,WAAW,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC;IACjF,CAAC;IACD,KAAK,CAAC,MAAM,CAAC,KAAiB;QAC5B,MAAM,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;IAC1C,CAAC;IACD,KAAK,CAAC,GAAG;QACP,OAAO,CAAC,MAAM,IAAI,CAAC,GAAG,CAA4B,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC;IAC1E,CAAC;IACD,KAAK,CAAC,UAAU,CAAC,SAAiB;QAChC,OAAO,CACL,MAAM,IAAI,CAAC,GAAG,CAA4B,aAAa,kBAAkB,CAAC,SAAS,CAAC,EAAE,CAAC,CACxF,CAAC,OAAO,CAAC;IACZ,CAAC;IACD,KAAK,CAAC,SAAS,CAAC,MAAc;QAC5B,OAAO,CACL,MAAM,IAAI,CAAC,GAAG,CAA4B,oBAAoB,kBAAkB,CAAC,MAAM,CAAC,EAAE,CAAC,CAC5F,CAAC,OAAO,CAAC;IACZ,CAAC;CACF;AAED,2EAA2E;AAC3E,MAAM,OAAO,aAAc,SAAQ,UAAU;IAC3C,KAAK,CAAC,GAAG,CAAC,GAAW,EAAE,QAAgB,EAAE,KAAa,EAAE,IAAY;QAClE,2EAA2E;QAC3E,uEAAuE;QACvE,OAAO,CAAC,MAAM,IAAI,CAAC,IAAI,CAAuB,UAAU,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC;IAC/F,CAAC;CACF;AAED,mEAAmE;AACnE,MAAM,OAAO,kBAAmB,SAAQ,UAAU;IAChD,cAAc,CAAC,KAAa,EAAE,UAAkB,EAAE,OAAiC;QACjF,OAAO,IAAI,CAAC,IAAI,CAAiC,aAAa,EAAE,EAAE,KAAK,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC,CAAC;IAClG,CAAC;IACD,UAAU,CAAC,EAAU;QACnB,OAAO,IAAI,CAAC,GAAG,CAAiC,eAAe,kBAAkB,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;IAC3F,CAAC;IACD,aAAa,CAAC,EAAU,EAAE,OAAgB;QACxC,OAAO,IAAI,CAAC,IAAI,CACd,eAAe,kBAAkB,CAAC,EAAE,CAAC,WAAW,EAChD,EAAE,OAAO,EAAE,CACZ,CAAC;IACJ,CAAC;IACD,SAAS,CAAc,IAAY;QACjC,OAAO,IAAI,CAAC,GAAG,CAA8B,cAAc,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACzF,CAAC;IACD,KAAK,CAAC,SAAS,CAAc,IAAY,EAAE,MAAS;QAClD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,IAAI,cAAc,kBAAkB,CAAC,IAAI,CAAC,EAAE,EAAE;YACjF,MAAM,EAAE,KAAK;YACb,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE;YACvB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;SACjC,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,iBAAiB,GAAG,CAAC,MAAM,iBAAiB,CAAC,CAAC;QAC3E,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAgC,CAAC;IAC3D,CAAC;CACF;AAoBD;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB,CACjC,MAA0B,EAC1B,OAA+B,EAAE;IAEjC,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,GAAG,CAAC;IAClC,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,MAAM,CAAC;IAC3C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,CAAC,CAAC,EAAU,EAAE,EAAE,CAAC,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;IAEpF,OAAO,KAAK,EAAE,IAAoB,EAAoB,EAAE;QACtD,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,EAAE,KAAK,IAAI,IAAI,CAAC,IAAI,IAAI,OAAO,CAAC;QAC1D,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,KAAK,EAAE,IAAI,CAAC,UAAU,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QACrF,IAAI,CAAC,SAAS,EAAE,CAAC,GAAG,CAAC,CAAC;QAEtB,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;QACxC,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,EAAE,CAAC;YAC7B,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAC5C,yEAAyE;YACzE,IAAI,GAAG,CAAC,MAAM,KAAK,SAAS;gBAAE,OAAO,GAAG,CAAC,MAAM,KAAK,UAAU,CAAC;YAC/D,MAAM,KAAK,CAAC,MAAM,CAAC,CAAC;QACtB,CAAC;QACD,OAAO,KAAK,CAAC,CAAC,mBAAmB;IACnC,CAAC,CAAC;AACJ,CAAC"}

package/dist/seal.d.ts

@@ -0,0 +1,12 @@
+/** An X25519 keypair for sealing, as base64url raw 32-byte keys. */
+export interface SealKeyPair {
+    publicKey: string;
+    privateKey: string;
+}
+/** Generate an X25519 sealing keypair (publish `publicKey`, keep `privateKey`). */
+export declare function newSealKeyPair(): SealKeyPair;
+/** Encrypt `plaintext` so only the holder of `recipientPublicKey`'s key can read it. */
+export declare function seal(plaintext: string, recipientPublicKey: string): string;
+/** Decrypt a `seal-1` credential with the recipient's sealing keypair. */
+export declare function unseal(sealed: string, recipient: SealKeyPair): string;
+//# sourceMappingURL=seal.d.ts.map

package/dist/seal.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"seal.d.ts","sourceRoot":"","sources":["../src/seal.ts"],"names":[],"mappings":"AAsCA,oEAAoE;AACpE,MAAM,WAAW,WAAW;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;CACpB;AAmBD,mFAAmF;AACnF,wBAAgB,cAAc,IAAI,WAAW,CAK5C;AAED,wFAAwF;AACxF,wBAAgB,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,kBAAkB,EAAE,MAAM,GAAG,MAAM,CAmB1E;AAED,0EAA0E;AAC1E,wBAAgB,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,WAAW,GAAG,MAAM,CAwBrE"}

package/dist/seal.js

@@ -0,0 +1,96 @@
+import { generateKeyPairSync, diffieHellman, createPublicKey, createPrivateKey, hkdfSync, createCipheriv, createDecipheriv, randomBytes, } from "node:crypto";
+/**
+ * Sealed holder credentials (defense-in-depth for `serializeWithKey`).
+ *
+ * A holder credential is a secret; binding it to an agent identity (`bindAgent`)
+ * already makes a *stolen* credential inert, but the credential itself is still
+ * sensitive in transit/at rest. Sealing encrypts it to a specific recipient so
+ * only the holder of the matching private key can open it.
+ *
+ * Scheme `seal-1` — a standard ECIES construction over primitives available
+ * natively in Node and, in Python, via the `cryptography` backend, so a
+ * credential sealed in one port can be opened in the other:
+ *
+ *   1. ephemeral X25519 keypair `e`
+ *   2. shared = X25519(e_priv, recipient_pub)
+ *   3. key = HKDF-SHA256(ikm=shared, salt=e_pub‖recipient_pub, info="behalf-seal-v1", 32)
+ *   4. ct‖tag = AES-256-GCM(key, nonce=random12, aad="behalf-seal-v1", plaintext)
+ *   5. wire = base64url(JSON { v:"seal-1", epk, n, ct })   (ct carries the tag)
+ *
+ * The recipient's sealing key is an **X25519** keypair, separate from the
+ * Ed25519 agent-identity key used by `bindAgent` (different algorithms, different
+ * purposes). Generate one with {@link newSealKeyPair} and publish `publicKey`.
+ */
+const INFO = Buffer.from("behalf-seal-v1");
+const AAD = Buffer.from("behalf-seal-v1");
+function rawPublic(key) {
+    const jwk = key.export({ format: "jwk" });
+    if (!jwk.x)
+        throw new Error("not an X25519 public key");
+    return Buffer.from(jwk.x, "base64url");
+}
+function importPublic(rawB64) {
+    return createPublicKey({ key: { kty: "OKP", crv: "X25519", x: rawB64 }, format: "jwk" });
+}
+function importPrivate(kp) {
+    return createPrivateKey({
+        key: { kty: "OKP", crv: "X25519", x: kp.publicKey, d: kp.privateKey },
+        format: "jwk",
+    });
+}
+/** Generate an X25519 sealing keypair (publish `publicKey`, keep `privateKey`). */
+export function newSealKeyPair() {
+    const { publicKey, privateKey } = generateKeyPairSync("x25519");
+    const pubJwk = publicKey.export({ format: "jwk" });
+    const privJwk = privateKey.export({ format: "jwk" });
+    return { publicKey: pubJwk.x, privateKey: privJwk.d };
+}
+/** Encrypt `plaintext` so only the holder of `recipientPublicKey`'s key can read it. */
+export function seal(plaintext, recipientPublicKey) {
+    const recipientPub = importPublic(recipientPublicKey);
+    const eph = generateKeyPairSync("x25519");
+    const shared = diffieHellman({ privateKey: eph.privateKey, publicKey: recipientPub });
+    const ephPubRaw = rawPublic(eph.publicKey);
+    const salt = Buffer.concat([ephPubRaw, Buffer.from(recipientPublicKey, "base64url")]);
+    const key = Buffer.from(hkdfSync("sha256", shared, salt, INFO, 32));
+    const nonce = randomBytes(12);
+    const cipher = createCipheriv("aes-256-gcm", key, nonce);
+    cipher.setAAD(AAD);
+    const ct = Buffer.concat([cipher.update(plaintext, "utf8"), cipher.final()]);
+    const tag = cipher.getAuthTag();
+    const wire = {
+        v: "seal-1",
+        epk: ephPubRaw.toString("base64url"),
+        n: nonce.toString("base64url"),
+        ct: Buffer.concat([ct, tag]).toString("base64url"),
+    };
+    return Buffer.from(JSON.stringify(wire), "utf8").toString("base64url");
+}
+/** Decrypt a `seal-1` credential with the recipient's sealing keypair. */
+export function unseal(sealed, recipient) {
+    let wire;
+    try {
+        wire = JSON.parse(Buffer.from(sealed, "base64url").toString("utf8"));
+    }
+    catch {
+        throw new Error("malformed sealed credential");
+    }
+    if (wire.v !== "seal-1" || !wire.epk || !wire.n || !wire.ct) {
+        throw new Error("unsupported or malformed seal");
+    }
+    const ephPub = importPublic(wire.epk);
+    const shared = diffieHellman({ privateKey: importPrivate(recipient), publicKey: ephPub });
+    const salt = Buffer.concat([
+        Buffer.from(wire.epk, "base64url"),
+        Buffer.from(recipient.publicKey, "base64url"),
+    ]);
+    const key = Buffer.from(hkdfSync("sha256", shared, salt, INFO, 32));
+    const data = Buffer.from(wire.ct, "base64url");
+    const tag = data.subarray(data.length - 16);
+    const ct = data.subarray(0, data.length - 16);
+    const decipher = createDecipheriv("aes-256-gcm", key, Buffer.from(wire.n, "base64url"));
+    decipher.setAAD(AAD);
+    decipher.setAuthTag(tag);
+    return Buffer.concat([decipher.update(ct), decipher.final()]).toString("utf8");
+}
+//# sourceMappingURL=seal.js.map

package/dist/seal.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"seal.js","sourceRoot":"","sources":["../src/seal.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,mBAAmB,EACnB,aAAa,EACb,eAAe,EACf,gBAAgB,EAChB,QAAQ,EACR,cAAc,EACd,gBAAgB,EAChB,WAAW,GAEZ,MAAM,aAAa,CAAC;AAErB;;;;;;;;;;;;;;;;;;;;;GAqBG;AAEH,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;AAC3C,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;AAQ1C,SAAS,SAAS,CAAC,GAAc;IAC/B,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,CAAmB,CAAC;IAC5D,IAAI,CAAC,GAAG,CAAC,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;IACxD,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC;AACzC,CAAC;AAED,SAAS,YAAY,CAAC,MAAc;IAClC,OAAO,eAAe,CAAC,EAAE,GAAG,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC,EAAE,MAAM,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;AAC3F,CAAC;AAED,SAAS,aAAa,CAAC,EAAe;IACpC,OAAO,gBAAgB,CAAC;QACtB,GAAG,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC,EAAE,EAAE,CAAC,SAAS,EAAE,CAAC,EAAE,EAAE,CAAC,UAAU,EAAE;QACrE,MAAM,EAAE,KAAK;KACd,CAAC,CAAC;AACL,CAAC;AAED,mFAAmF;AACnF,MAAM,UAAU,cAAc;IAC5B,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;IAChE,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,CAAmB,CAAC;IACrE,MAAM,OAAO,GAAG,UAAU,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,CAAmB,CAAC;IACvE,OAAO,EAAE,SAAS,EAAE,MAAM,CAAC,CAAE,EAAE,UAAU,EAAE,OAAO,CAAC,CAAE,EAAE,CAAC;AAC1D,CAAC;AAED,wFAAwF;AACxF,MAAM,UAAU,IAAI,CAAC,SAAiB,EAAE,kBAA0B;IAChE,MAAM,YAAY,GAAG,YAAY,CAAC,kBAAkB,CAAC,CAAC;IACtD,MAAM,GAAG,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;IAC1C,MAAM,MAAM,GAAG,aAAa,CAAC,EAAE,UAAU,EAAE,GAAG,CAAC,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,CAAC,CAAC;IACtF,MAAM,SAAS,GAAG,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAC3C,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,kBAAkB,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC;IACtF,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC;IACpE,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;IAC9B,MAAM,MAAM,GAAG,cAAc,CAAC,aAAa,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;IACzD,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACnB,MAAM,EAAE,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAC7E,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IAChC,MAAM,IAAI,GAAG;QACX,CAAC,EAAE,QAAQ;QACX,GAAG,EAAE,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC;QACpC,CAAC,EAAE,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC;QAC9B,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC;KACnD,CAAC;IACF,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AACzE,CAAC;AAED,0EAA0E;AAC1E,MAAM,UAAU,MAAM,CAAC,MAAc,EAAE,SAAsB;IAC3D,IAAI,IAA2D,CAAC;IAChE,IAAI,CAAC;QACH,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;IACvE,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;IACjD,CAAC;IACD,IAAI,IAAI,CAAC,CAAC,KAAK,QAAQ,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;QAC5D,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;IACnD,CAAC;IACD,MAAM,MAAM,GAAG,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACtC,MAAM,MAAM,GAAG,aAAa,CAAC,EAAE,UAAU,EAAE,aAAa,CAAC,SAAS,CAAC,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC,CAAC;IAC1F,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC;QACzB,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,WAAW,CAAC;QAClC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,WAAW,CAAC;KAC9C,CAAC,CAAC;IACH,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC;IACpE,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,WAAW,CAAC,CAAC;IAC/C,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;IAC5C,MAAM,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;IAC9C,MAAM,QAAQ,GAAG,gBAAgB,CAAC,aAAa,EAAE,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC,CAAC;IACxF,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACrB,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IACzB,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AACjF,CAAC"}

package/dist/store.d.ts

@@ -0,0 +1,119 @@
+import type { AuditEntry, AuditFields, ConsentRecord } from "./types.js";
+/**
+ * Pluggable persistence. Defaults are in-memory and local-first, so the library
+ * works with zero setup; swap in a networked store for distributed revocation.
+ */
+export interface RevocationStore {
+    revoke(id: string): Promise<void> | void;
+    isRevoked(id: string): Promise<boolean> | boolean;
+}
+export interface RateStore {
+    /**
+     * Atomically record a hit against `key` and report whether it falls within
+     * `limit` over the sliding `windowMs`. A rejected hit is NOT counted. Back it
+     * with a shared store (the control plane) to enforce one limit across every
+     * agent that holds the mandate — otherwise each process gets its own cap.
+     */
+    hit(key: string, windowMs: number, limit: number, now: number): Promise<boolean> | boolean;
+}
+export interface AuditStore {
+    /**
+     * Seal `fields` onto the chain and persist — the primary write path used by
+     * the engine. The store owns sequencing/hashing so writes stay O(1) and, for
+     * a shared store, race-free under a single writer.
+     */
+    record(fields: AuditFields): Promise<AuditEntry> | AuditEntry;
+    /** Append an already-sealed entry verbatim (replication / import). */
+    append(entry: AuditEntry): Promise<void> | void;
+    /** Entries whose chain includes `mandateId`, in order. */
+    forMandate(mandateId: string): Promise<AuditEntry[]> | AuditEntry[];
+    /** Entries issued under `issuer` (root public key) — per-tenant scoping. */
+    forIssuer(issuer: string): Promise<AuditEntry[]> | AuditEntry[];
+    all(): Promise<AuditEntry[]> | AuditEntry[];
+}
+/** Storage for just-in-time consent records (control plane). */
+export interface ConsentStore {
+    put(record: ConsentRecord): Promise<void> | void;
+    get(id: string): Promise<ConsentRecord | undefined> | ConsentRecord | undefined;
+    list(): Promise<ConsentRecord[]> | ConsentRecord[];
+}
+/** Storage for named tool→capability policies (control plane). */
+export interface PolicyStore {
+    set(name: string, policy: unknown): Promise<void> | void;
+    get(name: string): Promise<unknown> | unknown;
+    has(name: string): Promise<boolean> | boolean;
+}
+export declare class MemoryConsentStore implements ConsentStore {
+    private readonly records;
+    put(record: ConsentRecord): void;
+    get(id: string): ConsentRecord | undefined;
+    list(): ConsentRecord[];
+}
+export declare class MemoryPolicyStore implements PolicyStore {
+    private readonly policies;
+    set(name: string, policy: unknown): void;
+    get(name: string): unknown;
+    has(name: string): boolean;
+}
+export declare class MemoryRevocationStore implements RevocationStore {
+    private revoked;
+    revoke(id: string): void;
+    isRevoked(id: string): boolean;
+}
+export interface CacheOptions {
+    /** How long a "not revoked" answer may be reused before re-checking. */
+    ttlMs: number;
+    /** Override the clock — handy for tests. */
+    now?: () => number;
+}
+/**
+ * Wraps another {@link RevocationStore} (typically the networked
+ * `HttpRevocationStore`) with a bounded cache, so a hot mandate isn't
+ * re-checked over the network on every `authorize()`.
+ *
+ * Safe by construction: revocation is monotonic, so a *revoked* answer is cached
+ * forever, while a *not-revoked* answer is cached only for `ttlMs`. The cost is
+ * a bounded staleness window — a mandate revoked elsewhere may still pass for up
+ * to `ttlMs`. This is exactly the "short TTL + revocation check" trade-off; keep
+ * the TTL small (seconds) for tight revocation, larger to cut traffic.
+ */
+export declare class CachingRevocationStore implements RevocationStore {
+    private readonly inner;
+    private readonly opts;
+    private readonly revoked;
+    private readonly freshUntil;
+    private readonly now;
+    constructor(inner: RevocationStore, opts: CacheOptions);
+    revoke(id: string): Promise<void>;
+    isRevoked(id: string): Promise<boolean>;
+}
+export declare class MemoryRateStore implements RateStore {
+    private readonly hits;
+    hit(key: string, windowMs: number, limit: number, now: number): boolean;
+}
+/**
+ * Token-bucket rate limiting — a smoother alternative to {@link MemoryRateStore}'s
+ * sliding-count window, for callers who want **burst shaping**. Each key owns a
+ * bucket of capacity `limit` that refills continuously at `limit / windowMs`
+ * tokens per ms; a hit consumes one token if available (allow), and a rejected
+ * hit consumes nothing (so rejections aren't counted, matching the sliding
+ * store). The effect: an initial burst of up to `limit`, then a steady long-run
+ * rate of `limit` per `windowMs`. Drop-in for any `RateStore` slot — pass it as
+ * `rate` to an engine, or to the control plane for a shared bucket.
+ *
+ * Like the sliding store this is per-process unless shared; for one cap across
+ * agents, run it inside the control plane and point agents at `HttpRateStore`.
+ */
+export declare class TokenBucketRateStore implements RateStore {
+    private readonly buckets;
+    hit(key: string, windowMs: number, limit: number, now: number): boolean;
+}
+export declare class MemoryAuditStore implements AuditStore {
+    private entries;
+    record(fields: AuditFields): AuditEntry;
+    append(entry: AuditEntry): void;
+    forMandate(mandateId: string): AuditEntry[];
+    forIssuer(issuer: string): AuditEntry[];
+    all(): AuditEntry[];
+}
+//# sourceMappingURL=store.d.ts.map

package/dist/store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"store.d.ts","sourceRoot":"","sources":["../src/store.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAEzE;;;GAGG;AAEH,MAAM,WAAW,eAAe;IAC9B,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;IACzC,SAAS,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO,CAAC;CACnD;AAED,MAAM,WAAW,SAAS;IACxB;;;;;OAKG;IACH,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO,CAAC;CAC5F;AAED,MAAM,WAAW,UAAU;IACzB;;;;OAIG;IACH,MAAM,CAAC,MAAM,EAAE,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC,GAAG,UAAU,CAAC;IAC9D,sEAAsE;IACtE,MAAM,CAAC,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;IAChD,0DAA0D;IAC1D,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC,GAAG,UAAU,EAAE,CAAC;IACpE,4EAA4E;IAC5E,SAAS,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC,GAAG,UAAU,EAAE,CAAC;IAChE,GAAG,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC,GAAG,UAAU,EAAE,CAAC;CAC7C;AAED,gEAAgE;AAChE,MAAM,WAAW,YAAY;IAC3B,GAAG,CAAC,MAAM,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;IACjD,GAAG,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,GAAG,SAAS,CAAC,GAAG,aAAa,GAAG,SAAS,CAAC;IAChF,IAAI,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC,GAAG,aAAa,EAAE,CAAC;CACpD;AAED,kEAAkE;AAClE,MAAM,WAAW,WAAW;IAC1B,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;IACzD,GAAG,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO,CAAC;IAC9C,GAAG,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO,CAAC;CAC/C;AAED,qBAAa,kBAAmB,YAAW,YAAY;IACrD,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAoC;IAC5D,GAAG,CAAC,MAAM,EAAE,aAAa,GAAG,IAAI;IAGhC,GAAG,CAAC,EAAE,EAAE,MAAM,GAAG,aAAa,GAAG,SAAS;IAG1C,IAAI,IAAI,aAAa,EAAE;CAGxB;AAED,qBAAa,iBAAkB,YAAW,WAAW;IACnD,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAA8B;IACvD,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,GAAG,IAAI;IAGxC,GAAG,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAG1B,GAAG,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;CAG3B;AAED,qBAAa,qBAAsB,YAAW,eAAe;IAC3D,OAAO,CAAC,OAAO,CAAqB;IACpC,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,IAAI;IAGxB,SAAS,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO;CAG/B;AAED,MAAM,WAAW,YAAY;IAC3B,wEAAwE;IACxE,KAAK,EAAE,MAAM,CAAC;IACd,4CAA4C;IAC5C,GAAG,CAAC,EAAE,MAAM,MAAM,CAAC;CACpB;AAED;;;;;;;;;;GAUG;AACH,qBAAa,sBAAuB,YAAW,eAAe;IAM1D,OAAO,CAAC,QAAQ,CAAC,KAAK;IACtB,OAAO,CAAC,QAAQ,CAAC,IAAI;IANvB,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAqB;IAC7C,OAAO,CAAC,QAAQ,CAAC,UAAU,CAA6B;IACxD,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAe;gBAGhB,KAAK,EAAE,eAAe,EACtB,IAAI,EAAE,YAAY;IAK/B,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAMjC,SAAS,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CAU9C;AAED,qBAAa,eAAgB,YAAW,SAAS;IAC/C,OAAO,CAAC,QAAQ,CAAC,IAAI,CAA+B;IACpD,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO;CAUxE;AAED;;;;;;;;;;;;GAYG;AACH,qBAAa,oBAAqB,YAAW,SAAS;IACpD,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAuD;IAC/E,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO;CAYxE;AAED,qBAAa,gBAAiB,YAAW,UAAU;IACjD,OAAO,CAAC,OAAO,CAAoB;IACnC,MAAM,CAAC,MAAM,EAAE,WAAW,GAAG,UAAU;IAKvC,MAAM,CAAC,KAAK,EAAE,UAAU,GAAG,IAAI;IAG/B,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,UAAU,EAAE;IAG3C,SAAS,CAAC,MAAM,EAAE,MAAM,GAAG,UAAU,EAAE;IAGvC,GAAG,IAAI,UAAU,EAAE;CAGpB"}

package/dist/store.js

@@ -0,0 +1,139 @@
+import { seal } from "./audit.js";
+export class MemoryConsentStore {
+    records = new Map();
+    put(record) {
+        this.records.set(record.id, record);
+    }
+    get(id) {
+        return this.records.get(id);
+    }
+    list() {
+        return [...this.records.values()];
+    }
+}
+export class MemoryPolicyStore {
+    policies = new Map();
+    set(name, policy) {
+        this.policies.set(name, policy);
+    }
+    get(name) {
+        return this.policies.get(name);
+    }
+    has(name) {
+        return this.policies.has(name);
+    }
+}
+export class MemoryRevocationStore {
+    revoked = new Set();
+    revoke(id) {
+        this.revoked.add(id);
+    }
+    isRevoked(id) {
+        return this.revoked.has(id);
+    }
+}
+/**
+ * Wraps another {@link RevocationStore} (typically the networked
+ * `HttpRevocationStore`) with a bounded cache, so a hot mandate isn't
+ * re-checked over the network on every `authorize()`.
+ *
+ * Safe by construction: revocation is monotonic, so a *revoked* answer is cached
+ * forever, while a *not-revoked* answer is cached only for `ttlMs`. The cost is
+ * a bounded staleness window — a mandate revoked elsewhere may still pass for up
+ * to `ttlMs`. This is exactly the "short TTL + revocation check" trade-off; keep
+ * the TTL small (seconds) for tight revocation, larger to cut traffic.
+ */
+export class CachingRevocationStore {
+    inner;
+    opts;
+    revoked = new Set();
+    freshUntil = new Map();
+    now;
+    constructor(inner, opts) {
+        this.inner = inner;
+        this.opts = opts;
+        this.now = opts.now ?? (() => Date.now());
+    }
+    async revoke(id) {
+        await this.inner.revoke(id);
+        this.revoked.add(id);
+        this.freshUntil.delete(id);
+    }
+    async isRevoked(id) {
+        if (this.revoked.has(id))
+            return true;
+        const until = this.freshUntil.get(id);
+        if (until !== undefined && this.now() < until)
+            return false;
+        const revoked = await this.inner.isRevoked(id);
+        if (revoked)
+            this.revoked.add(id);
+        else
+            this.freshUntil.set(id, this.now() + this.opts.ttlMs);
+        return revoked;
+    }
+}
+export class MemoryRateStore {
+    hits = new Map();
+    hit(key, windowMs, limit, now) {
+        const recent = (this.hits.get(key) ?? []).filter((t) => now - t < windowMs);
+        if (recent.length + 1 > limit) {
+            this.hits.set(key, recent);
+            return false;
+        }
+        recent.push(now);
+        this.hits.set(key, recent);
+        return true;
+    }
+}
+/**
+ * Token-bucket rate limiting — a smoother alternative to {@link MemoryRateStore}'s
+ * sliding-count window, for callers who want **burst shaping**. Each key owns a
+ * bucket of capacity `limit` that refills continuously at `limit / windowMs`
+ * tokens per ms; a hit consumes one token if available (allow), and a rejected
+ * hit consumes nothing (so rejections aren't counted, matching the sliding
+ * store). The effect: an initial burst of up to `limit`, then a steady long-run
+ * rate of `limit` per `windowMs`. Drop-in for any `RateStore` slot — pass it as
+ * `rate` to an engine, or to the control plane for a shared bucket.
+ *
+ * Like the sliding store this is per-process unless shared; for one cap across
+ * agents, run it inside the control plane and point agents at `HttpRateStore`.
+ */
+export class TokenBucketRateStore {
+    buckets = new Map();
+    hit(key, windowMs, limit, now) {
+        if (limit <= 0 || windowMs <= 0)
+            return false;
+        const refillPerMs = limit / windowMs;
+        const b = this.buckets.get(key) ?? { tokens: limit, last: now };
+        // Refill for elapsed time (clamped to capacity), then try to spend a token.
+        b.tokens = Math.min(limit, b.tokens + Math.max(0, now - b.last) * refillPerMs);
+        b.last = now;
+        const allowed = b.tokens >= 1;
+        if (allowed)
+            b.tokens -= 1;
+        this.buckets.set(key, b);
+        return allowed;
+    }
+}
+export class MemoryAuditStore {
+    entries = [];
+    record(fields) {
+        const entry = seal(this.entries[this.entries.length - 1] ?? null, fields);
+        this.entries.push(entry);
+        return entry;
+    }
+    append(entry) {
+        this.entries.push(entry);
+    }
+    forMandate(mandateId) {
+        return this.entries.filter((e) => e.chain.includes(mandateId));
+    }
+    forIssuer(issuer) {
+        return this.entries.filter((e) => e.issuer === issuer);
+    }
+    all() {
+        return [...this.entries];
+    }
+}
+//# sourceMappingURL=store.js.map

package/dist/store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"store.js","sourceRoot":"","sources":["../src/store.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AAqDlC,MAAM,OAAO,kBAAkB;IACZ,OAAO,GAAG,IAAI,GAAG,EAAyB,CAAC;IAC5D,GAAG,CAAC,MAAqB;QACvB,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;IACtC,CAAC;IACD,GAAG,CAAC,EAAU;QACZ,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAC9B,CAAC;IACD,IAAI;QACF,OAAO,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IACpC,CAAC;CACF;AAED,MAAM,OAAO,iBAAiB;IACX,QAAQ,GAAG,IAAI,GAAG,EAAmB,CAAC;IACvD,GAAG,CAAC,IAAY,EAAE,MAAe;QAC/B,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IAClC,CAAC;IACD,GAAG,CAAC,IAAY;QACd,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACjC,CAAC;IACD,GAAG,CAAC,IAAY;QACd,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACjC,CAAC;CACF;AAED,MAAM,OAAO,qBAAqB;IACxB,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IACpC,MAAM,CAAC,EAAU;QACf,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IACvB,CAAC;IACD,SAAS,CAAC,EAAU;QAClB,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAC9B,CAAC;CACF;AASD;;;;;;;;;;GAUG;AACH,MAAM,OAAO,sBAAsB;IAMd;IACA;IANF,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAC5B,UAAU,GAAG,IAAI,GAAG,EAAkB,CAAC;IACvC,GAAG,CAAe;IAEnC,YACmB,KAAsB,EACtB,IAAkB;QADlB,UAAK,GAAL,KAAK,CAAiB;QACtB,SAAI,GAAJ,IAAI,CAAc;QAEnC,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;IAC5C,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,EAAU;QACrB,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC5B,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACrB,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IAC7B,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,EAAU;QACxB,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YAAE,OAAO,IAAI,CAAC;QACtC,MAAM,KAAK,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACtC,IAAI,KAAK,KAAK,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;YAAE,OAAO,KAAK,CAAC;QAE5D,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;QAC/C,IAAI,OAAO;YAAE,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;;YAC7B,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC3D,OAAO,OAAO,CAAC;IACjB,CAAC;CACF;AAED,MAAM,OAAO,eAAe;IACT,IAAI,GAAG,IAAI,GAAG,EAAoB,CAAC;IACpD,GAAG,CAAC,GAAW,EAAE,QAAgB,EAAE,KAAa,EAAE,GAAW;QAC3D,MAAM,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,GAAG,QAAQ,CAAC,CAAC;QAC5E,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,GAAG,KAAK,EAAE,CAAC;YAC9B,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;YAC3B,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACjB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QAC3B,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,OAAO,oBAAoB;IACd,OAAO,GAAG,IAAI,GAAG,EAA4C,CAAC;IAC/E,GAAG,CAAC,GAAW,EAAE,QAAgB,EAAE,KAAa,EAAE,GAAW;QAC3D,IAAI,KAAK,IAAI,CAAC,IAAI,QAAQ,IAAI,CAAC;YAAE,OAAO,KAAK,CAAC;QAC9C,MAAM,WAAW,GAAG,KAAK,GAAG,QAAQ,CAAC;QACrC,MAAM,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC;QAChE,4EAA4E;QAC5E,CAAC,CAAC,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,CAAC;QAC/E,CAAC,CAAC,IAAI,GAAG,GAAG,CAAC;QACb,MAAM,OAAO,GAAG,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC;QAC9B,IAAI,OAAO;YAAE,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC;QAC3B,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QACzB,OAAO,OAAO,CAAC;IACjB,CAAC;CACF;AAED,MAAM,OAAO,gBAAgB;IACnB,OAAO,GAAiB,EAAE,CAAC;IACnC,MAAM,CAAC,MAAmB;QACxB,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,IAAI,EAAE,MAAM,CAAC,CAAC;QAC1E,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACzB,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,CAAC,KAAiB;QACtB,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC3B,CAAC;IACD,UAAU,CAAC,SAAiB;QAC1B,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC;IACjE,CAAC;IACD,SAAS,CAAC,MAAc;QACtB,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC;IACzD,CAAC;IACD,GAAG;QACD,OAAO,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC;IAC3B,CAAC;CACF"}