agent-passport-system 1.21.8 → 1.24.0

package/README.md

@@ -9,7 +9,7 @@
 
 Cryptographic identity, ethical governance, economic attribution, data source registration, protocol-native communication, intent architecture, cascade revocation, coordination primitives, and agentic commerce for autonomous AI agents.
 
-**42 core modules + 32 v2 constitutional modules. 1358 tests. Zero heavy dependencies. Running code. MCP server included.**
+**42 core modules + 32 v2 constitutional modules. 1445 tests. Zero heavy dependencies. Running code. MCP server included.**
 
 > *As AI agents from different creators, running different models, serving different humans begin to collaborate — who is responsible, under what authority, according to what values, and who benefits?*
 
@@ -409,7 +409,7 @@ Or zero-install remote mode:
 npx agent-passport-system-mcp setup --remote
 ```
 
-**98 tools across all 44 modules, role-scoped access control.** Identity, delegation, agora, values/policy, coordination, and commerce — all accessible via MCP. Every operation Ed25519 signed. Auto-configures Claude Desktop and Cursor.
+**108 tools across all 48 modules, role-scoped access control.** Identity, delegation, agora, values/policy, coordination, and commerce — all accessible via MCP. Every operation Ed25519 signed. Auto-configures Claude Desktop and Cursor.
 
 Every operation is Ed25519 signed. Role is auto-detected from task assignments. Role-specific prompts served via MCP prompts API. File-backed task persistence at `~/.agent-passport-tasks.json`.
 
@@ -431,7 +431,7 @@ PyPI: [agent-passport-system](https://pypi.org/project/agent-passport-system/)
 
 ```bash
 npm test
-# 1358 tests across 58 files, 361 suites, 0 failures
+# 1445 tests across 58 files, 380 suites, 0 failures
 ```
 
 Includes 50 adversarial tests across 4 test files: Merkle tree tampering, attribution gaming resistance, compliance violations, floor negotiation attacks, wrong-key attestations, cross-chain confused deputy, taint laundering, permit bypass, causal chain manipulation.
@@ -527,7 +527,7 @@ src/                    32 source files
     reputation-authority.ts — Reputation/tier types
     cross-chain.ts     — Cross-chain taint/SAO types
     data-source.ts     — Data source/access receipt types
-tests/                  68 test files, 1358 tests (361 suites)
+tests/                  74 test files, 1445 tests (380 suites)
   adversarial.ts       — 50 adversarial cases
   adversarial-paper.test.ts — 22 paper-linked attack scenarios
   adversarial-causal-chain.test.ts — 18 causal chain attacks

package/dist/src/adapters/a2a.d.ts

@@ -0,0 +1,30 @@
+/**
+ * Google A2A Adapter — maps A2A Agent Cards to APS passports
+ * and A2A Tasks to APS coordination.
+ *
+ * A2A pattern: Agent Card (discovery) → Task (work) → Artifact (output)
+ * APS pattern: Passport (identity) → Intent/Decision (governance) → Receipt (proof)
+ */
+import { GovernanceHook } from './governance-hook.js';
+import type { GovernanceHookConfig, GovernanceReceipt, GovernanceResult } from './governance-hook.js';
+import type { A2AAgentCard } from '../types/a2a.js';
+export interface A2AGovernance {
+    /** Map an A2A Agent Card to APS-compatible scopes */
+    deriveScopes: (card: A2AAgentCard) => string[];
+    /** Govern an A2A task send */
+    governTaskSend: (targetCard: A2AAgentCard, taskDescription: string, execute: () => Promise<unknown>) => Promise<{
+        result: unknown;
+        receipt: GovernanceReceipt;
+        governance: GovernanceResult;
+    }>;
+    /** Govern receiving a task */
+    governTaskReceive: (senderUrl: string, taskDescription: string, execute: () => Promise<unknown>) => Promise<{
+        result: unknown;
+        receipt: GovernanceReceipt;
+        governance: GovernanceResult;
+    }>;
+    get_audit_trail: () => GovernanceReceipt[];
+    hook: GovernanceHook;
+}
+export declare function createA2AGovernance(config: GovernanceHookConfig): A2AGovernance;
+//# sourceMappingURL=a2a.d.ts.map

package/dist/src/adapters/a2a.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"a2a.d.ts","sourceRoot":"","sources":["../../../src/adapters/a2a.ts"],"names":[],"mappings":"AACA;;;;;;GAMG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AACrD,OAAO,KAAK,EAAE,oBAAoB,EAAoB,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAA;AACvH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAA;AAEnD,MAAM,WAAW,aAAa;IAC5B,qDAAqD;IACrD,YAAY,EAAE,CAAC,IAAI,EAAE,YAAY,KAAK,MAAM,EAAE,CAAA;IAC9C,8BAA8B;IAC9B,cAAc,EAAE,CACd,UAAU,EAAE,YAAY,EACxB,eAAe,EAAE,MAAM,EACvB,OAAO,EAAE,MAAM,OAAO,CAAC,OAAO,CAAC,KAC5B,OAAO,CAAC;QAAE,MAAM,EAAE,OAAO,CAAC;QAAC,OAAO,EAAE,iBAAiB,CAAC;QAAC,UAAU,EAAE,gBAAgB,CAAA;KAAE,CAAC,CAAA;IAC3F,8BAA8B;IAC9B,iBAAiB,EAAE,CACjB,SAAS,EAAE,MAAM,EACjB,eAAe,EAAE,MAAM,EACvB,OAAO,EAAE,MAAM,OAAO,CAAC,OAAO,CAAC,KAC5B,OAAO,CAAC;QAAE,MAAM,EAAE,OAAO,CAAC;QAAC,OAAO,EAAE,iBAAiB,CAAC;QAAC,UAAU,EAAE,gBAAgB,CAAA;KAAE,CAAC,CAAA;IAC3F,eAAe,EAAE,MAAM,iBAAiB,EAAE,CAAA;IAC1C,IAAI,EAAE,cAAc,CAAA;CACrB;AAED,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,oBAAoB,GAAG,aAAa,CAmD/E"}

package/dist/src/adapters/a2a.js

@@ -0,0 +1,53 @@
+// Copyright 2024-2026 Tymofii Pidlisnyi. Apache-2.0 license. See LICENSE.
+/**
+ * Google A2A Adapter — maps A2A Agent Cards to APS passports
+ * and A2A Tasks to APS coordination.
+ *
+ * A2A pattern: Agent Card (discovery) → Task (work) → Artifact (output)
+ * APS pattern: Passport (identity) → Intent/Decision (governance) → Receipt (proof)
+ */
+import { GovernanceHook } from './governance-hook.js';
+export function createA2AGovernance(config) {
+    const hook = new GovernanceHook(config);
+    const deriveScopes = (card) => {
+        const scopes = [];
+        if (card.skills) {
+            for (const skill of card.skills) {
+                scopes.push(`a2a:skill:${skill.id}`);
+            }
+        }
+        if (card.capabilities?.streaming)
+            scopes.push('a2a:streaming');
+        if (card.capabilities?.pushNotifications)
+            scopes.push('a2a:push');
+        if (scopes.length === 0)
+            scopes.push('a2a:task:execute');
+        return scopes;
+    };
+    const governTaskSend = async (targetCard, taskDescription, execute) => {
+        const action = {
+            type: 'a2a:task:send',
+            target: targetCard.url,
+            scopeRequired: 'a2a:task:execute',
+            metadata: { targetName: targetCard.name, task: taskDescription.slice(0, 200) },
+        };
+        return hook.wrap(action, execute);
+    };
+    const governTaskReceive = async (senderUrl, taskDescription, execute) => {
+        const action = {
+            type: 'a2a:task:receive',
+            target: senderUrl,
+            scopeRequired: 'a2a:task:execute',
+            metadata: { sender: senderUrl, task: taskDescription.slice(0, 200) },
+        };
+        return hook.wrap(action, execute);
+    };
+    return {
+        deriveScopes,
+        governTaskSend,
+        governTaskReceive,
+        get_audit_trail: () => hook.getReceipts(),
+        hook,
+    };
+}
+//# sourceMappingURL=a2a.js.map

package/dist/src/adapters/a2a.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"a2a.js","sourceRoot":"","sources":["../../../src/adapters/a2a.ts"],"names":[],"mappings":"AAAA,0EAA0E;AAC1E;;;;;;GAMG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AAuBrD,MAAM,UAAU,mBAAmB,CAAC,MAA4B;IAC9D,MAAM,IAAI,GAAG,IAAI,cAAc,CAAC,MAAM,CAAC,CAAA;IAEvC,MAAM,YAAY,GAAG,CAAC,IAAkB,EAAY,EAAE;QACpD,MAAM,MAAM,GAAa,EAAE,CAAA;QAC3B,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBAChC,MAAM,CAAC,IAAI,CAAC,aAAa,KAAK,CAAC,EAAE,EAAE,CAAC,CAAA;YACtC,CAAC;QACH,CAAC;QACD,IAAI,IAAI,CAAC,YAAY,EAAE,SAAS;YAAE,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;QAC9D,IAAI,IAAI,CAAC,YAAY,EAAE,iBAAiB;YAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;QACjE,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;YAAE,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAA;QACxD,OAAO,MAAM,CAAA;IACf,CAAC,CAAA;IAED,MAAM,cAAc,GAAG,KAAK,EAC1B,UAAwB,EACxB,eAAuB,EACvB,OAA+B,EAC/B,EAAE;QACF,MAAM,MAAM,GAAqB;YAC/B,IAAI,EAAE,eAAe;YACrB,MAAM,EAAE,UAAU,CAAC,GAAG;YACtB,aAAa,EAAE,kBAAkB;YACjC,QAAQ,EAAE,EAAE,UAAU,EAAE,UAAU,CAAC,IAAI,EAAE,IAAI,EAAE,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;SAC/E,CAAA;QACD,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IACnC,CAAC,CAAA;IAED,MAAM,iBAAiB,GAAG,KAAK,EAC7B,SAAiB,EACjB,eAAuB,EACvB,OAA+B,EAC/B,EAAE;QACF,MAAM,MAAM,GAAqB;YAC/B,IAAI,EAAE,kBAAkB;YACxB,MAAM,EAAE,SAAS;YACjB,aAAa,EAAE,kBAAkB;YACjC,QAAQ,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;SACrE,CAAA;QACD,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IACnC,CAAC,CAAA;IAED,OAAO;QACL,YAAY;QACZ,cAAc;QACd,iBAAiB;QACjB,eAAe,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,WAAW,EAAE;QACzC,IAAI;KACL,CAAA;AACH,CAAC"}

package/dist/src/adapters/adk.d.ts

@@ -0,0 +1,26 @@
+/**
+ * Google ADK Adapter — maps ADK's GovernancePlugin pattern to APS governance.
+ *
+ * ADK pattern: before_action(context) → action → after_action(context, result)
+ * APS pattern: beforeAction(descriptor) → execute → afterAction(result) → receipt
+ */
+import { GovernanceHook } from './governance-hook.js';
+import type { GovernanceHookConfig, GovernanceReceipt } from './governance-hook.js';
+export interface ADKActionContext {
+    tool_name: string;
+    tool_input: Record<string, unknown>;
+    agent_name: string;
+    session_id?: string;
+}
+export interface ADKGovernancePlugin {
+    before_action: (ctx: ADKActionContext) => {
+        allowed: boolean;
+        reason: string;
+        intentId: string;
+    };
+    after_action: (ctx: ADKActionContext, result: unknown) => GovernanceReceipt;
+    get_audit_trail: () => GovernanceReceipt[];
+    hook: GovernanceHook;
+}
+export declare function createADKGovernancePlugin(config: GovernanceHookConfig): ADKGovernancePlugin;
+//# sourceMappingURL=adk.d.ts.map

package/dist/src/adapters/adk.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"adk.d.ts","sourceRoot":"","sources":["../../../src/adapters/adk.ts"],"names":[],"mappings":"AACA;;;;;GAKG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AACrD,OAAO,KAAK,EAAE,oBAAoB,EAAsC,iBAAiB,EAAE,MAAM,sBAAsB,CAAA;AAEvH,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE,MAAM,CAAA;IACjB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IACnC,UAAU,EAAE,MAAM,CAAA;IAClB,UAAU,CAAC,EAAE,MAAM,CAAA;CACpB;AAED,MAAM,WAAW,mBAAmB;IAClC,aAAa,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAA;IAChG,YAAY,EAAE,CAAC,GAAG,EAAE,gBAAgB,EAAE,MAAM,EAAE,OAAO,KAAK,iBAAiB,CAAA;IAC3E,eAAe,EAAE,MAAM,iBAAiB,EAAE,CAAA;IAC1C,IAAI,EAAE,cAAc,CAAA;CACrB;AAED,wBAAgB,yBAAyB,CAAC,MAAM,EAAE,oBAAoB,GAAG,mBAAmB,CA6C3F"}

package/dist/src/adapters/adk.js

@@ -0,0 +1,50 @@
+// Copyright 2024-2026 Tymofii Pidlisnyi. Apache-2.0 license. See LICENSE.
+/**
+ * Google ADK Adapter — maps ADK's GovernancePlugin pattern to APS governance.
+ *
+ * ADK pattern: before_action(context) → action → after_action(context, result)
+ * APS pattern: beforeAction(descriptor) → execute → afterAction(result) → receipt
+ */
+import { GovernanceHook } from './governance-hook.js';
+export function createADKGovernancePlugin(config) {
+    const hook = new GovernanceHook(config);
+    const pendingIntents = new Map();
+    const before_action = (ctx) => {
+        const action = {
+            type: `adk:tool:${ctx.tool_name}`,
+            target: ctx.tool_name,
+            scopeRequired: `tool:${ctx.tool_name}`,
+            metadata: { agent: ctx.agent_name, session: ctx.session_id, ...ctx.tool_input },
+        };
+        const governance = hook.beforeAction(action);
+        if (governance.verdict !== 'deny') {
+            pendingIntents.set(governance.intentId, { governance, action, startedAt: new Date().toISOString() });
+        }
+        return { allowed: governance.verdict !== 'deny', reason: governance.reason, intentId: governance.intentId };
+    };
+    const after_action = (ctx, _result) => {
+        // Find the pending intent from before_action
+        let pending = [...pendingIntents.entries()].find(([_, v]) => v.action.target === ctx.tool_name);
+        if (!pending) {
+            // No matching intent — create a standalone receipt
+            const action = {
+                type: `adk:tool:${ctx.tool_name}`,
+                target: ctx.tool_name,
+                scopeRequired: `tool:${ctx.tool_name}`,
+                metadata: { agent: ctx.agent_name },
+            };
+            const gov = hook.beforeAction(action);
+            return hook.afterAction(gov, action, 'success', new Date().toISOString());
+        }
+        const [intentId, { governance, action, startedAt }] = pending;
+        pendingIntents.delete(intentId);
+        return hook.afterAction(governance, action, 'success', startedAt);
+    };
+    return {
+        before_action,
+        after_action,
+        get_audit_trail: () => hook.getReceipts(),
+        hook,
+    };
+}
+//# sourceMappingURL=adk.js.map

package/dist/src/adapters/adk.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"adk.js","sourceRoot":"","sources":["../../../src/adapters/adk.ts"],"names":[],"mappings":"AAAA,0EAA0E;AAC1E;;;;;GAKG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AAiBrD,MAAM,UAAU,yBAAyB,CAAC,MAA4B;IACpE,MAAM,IAAI,GAAG,IAAI,cAAc,CAAC,MAAM,CAAC,CAAA;IACvC,MAAM,cAAc,GAAG,IAAI,GAAG,EAAyF,CAAA;IAEvH,MAAM,aAAa,GAAG,CAAC,GAAqB,EAAE,EAAE;QAC9C,MAAM,MAAM,GAAqB;YAC/B,IAAI,EAAE,YAAY,GAAG,CAAC,SAAS,EAAE;YACjC,MAAM,EAAE,GAAG,CAAC,SAAS;YACrB,aAAa,EAAE,QAAQ,GAAG,CAAC,SAAS,EAAE;YACtC,QAAQ,EAAE,EAAE,KAAK,EAAE,GAAG,CAAC,UAAU,EAAE,OAAO,EAAE,GAAG,CAAC,UAAU,EAAE,GAAG,GAAG,CAAC,UAAU,EAAE;SAChF,CAAA;QACD,MAAM,UAAU,GAAG,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAA;QAC5C,IAAI,UAAU,CAAC,OAAO,KAAK,MAAM,EAAE,CAAC;YAClC,cAAc,CAAC,GAAG,CAAC,UAAU,CAAC,QAAQ,EAAE,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAA;QACtG,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC,OAAO,KAAK,MAAM,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,QAAQ,EAAE,CAAA;IAC7G,CAAC,CAAA;IAGD,MAAM,YAAY,GAAG,CAAC,GAAqB,EAAE,OAAgB,EAAqB,EAAE;QAClF,6CAA6C;QAC7C,IAAI,OAAO,GAAG,CAAC,GAAG,cAAc,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,KAAK,GAAG,CAAC,SAAS,CAAC,CAAA;QAC/F,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,mDAAmD;YACnD,MAAM,MAAM,GAAqB;gBAC/B,IAAI,EAAE,YAAY,GAAG,CAAC,SAAS,EAAE;gBACjC,MAAM,EAAE,GAAG,CAAC,SAAS;gBACrB,aAAa,EAAE,QAAQ,GAAG,CAAC,SAAS,EAAE;gBACtC,QAAQ,EAAE,EAAE,KAAK,EAAE,GAAG,CAAC,UAAU,EAAE;aACpC,CAAA;YACD,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAA;YACrC,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAA;QAC3E,CAAC;QAED,MAAM,CAAC,QAAQ,EAAE,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,GAAG,OAAO,CAAA;QAC7D,cAAc,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAA;QAC/B,OAAO,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,CAAC,CAAA;IACnE,CAAC,CAAA;IAED,OAAO;QACL,aAAa;QACb,YAAY;QACZ,eAAe,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,WAAW,EAAE;QACzC,IAAI;KACL,CAAA;AACH,CAAC"}

package/dist/src/adapters/crewai.d.ts

@@ -0,0 +1,43 @@
+/**
+ * CrewAI Adapter — wraps APS GovernanceHook for CrewAI's callback lifecycle.
+ *
+ * Usage:
+ *   import { createCrewAIGovernance } from 'agent-passport-system'
+ *   const gov = createCrewAIGovernance({ agentId, ...keys, delegationId, allowedScopes })
+ *
+ *   // In CrewAI task config:
+ *   task = Task(
+ *     description="...",
+ *     callback=gov.taskCallback
+ *   )
+ *
+ *   // Or wrap any tool call:
+ *   const result = await gov.governedToolCall('search', { query: '...' }, searchTool)
+ */
+import { GovernanceHook } from './governance-hook.js';
+import type { GovernanceHookConfig, GovernanceReceipt, GovernanceResult } from './governance-hook.js';
+export interface CrewAITaskOutput {
+    description: string;
+    result: string;
+    agent: string;
+}
+export interface CrewAIGovernance {
+    /** Use as CrewAI task callback */
+    taskCallback: (output: CrewAITaskOutput) => GovernanceReceipt;
+    /** Wrap a tool call with governance */
+    governedToolCall: <T>(toolName: string, params: Record<string, unknown>, execute: () => Promise<T>, estimatedCost?: number) => Promise<{
+        result: T | null;
+        receipt: GovernanceReceipt;
+        governance: GovernanceResult;
+    }>;
+    /** Get all receipts */
+    getReceipts: () => GovernanceReceipt[];
+    /** Get the underlying hook */
+    hook: GovernanceHook;
+}
+/**
+ * Create a CrewAI governance adapter.
+ * Maps CrewAI's task/tool lifecycle to APS governance.
+ */
+export declare function createCrewAIGovernance(config: GovernanceHookConfig): CrewAIGovernance;
+//# sourceMappingURL=crewai.d.ts.map

package/dist/src/adapters/crewai.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"crewai.d.ts","sourceRoot":"","sources":["../../../src/adapters/crewai.ts"],"names":[],"mappings":"AACA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AACrD,OAAO,KAAK,EAAE,oBAAoB,EAAoB,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAA;AAEvH,MAAM,WAAW,gBAAgB;IAC/B,WAAW,EAAE,MAAM,CAAA;IACnB,MAAM,EAAE,MAAM,CAAA;IACd,KAAK,EAAE,MAAM,CAAA;CACd;AAED,MAAM,WAAW,gBAAgB;IAC/B,kCAAkC;IAClC,YAAY,EAAE,CAAC,MAAM,EAAE,gBAAgB,KAAK,iBAAiB,CAAA;IAC7D,uCAAuC;IACvC,gBAAgB,EAAE,CAAC,CAAC,EAClB,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,OAAO,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,EACzB,aAAa,CAAC,EAAE,MAAM,KACnB,OAAO,CAAC;QAAE,MAAM,EAAE,CAAC,GAAG,IAAI,CAAC;QAAC,OAAO,EAAE,iBAAiB,CAAC;QAAC,UAAU,EAAE,gBAAgB,CAAA;KAAE,CAAC,CAAA;IAC5F,uBAAuB;IACvB,WAAW,EAAE,MAAM,iBAAiB,EAAE,CAAA;IACtC,8BAA8B;IAC9B,IAAI,EAAE,cAAc,CAAA;CACrB;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,oBAAoB,GAAG,gBAAgB,CAoCrF"}

package/dist/src/adapters/crewai.js

@@ -0,0 +1,52 @@
+// Copyright 2024-2026 Tymofii Pidlisnyi. Apache-2.0 license. See LICENSE.
+/**
+ * CrewAI Adapter — wraps APS GovernanceHook for CrewAI's callback lifecycle.
+ *
+ * Usage:
+ *   import { createCrewAIGovernance } from 'agent-passport-system'
+ *   const gov = createCrewAIGovernance({ agentId, ...keys, delegationId, allowedScopes })
+ *
+ *   // In CrewAI task config:
+ *   task = Task(
+ *     description="...",
+ *     callback=gov.taskCallback
+ *   )
+ *
+ *   // Or wrap any tool call:
+ *   const result = await gov.governedToolCall('search', { query: '...' }, searchTool)
+ */
+import { GovernanceHook } from './governance-hook.js';
+/**
+ * Create a CrewAI governance adapter.
+ * Maps CrewAI's task/tool lifecycle to APS governance.
+ */
+export function createCrewAIGovernance(config) {
+    const hook = new GovernanceHook(config);
+    const taskCallback = (output) => {
+        const action = {
+            type: 'crewai:task_complete',
+            target: output.description.slice(0, 100),
+            scopeRequired: 'task:execute',
+            metadata: { agent: output.agent, resultLength: output.result.length },
+        };
+        const governance = hook.beforeAction(action);
+        return hook.afterAction(governance, action, 'success', new Date().toISOString());
+    };
+    const governedToolCall = async (toolName, params, execute, estimatedCost) => {
+        const action = {
+            type: `crewai:tool:${toolName}`,
+            target: toolName,
+            scopeRequired: `tool:${toolName}`,
+            metadata: params,
+            estimatedCost,
+        };
+        return hook.wrap(action, execute);
+    };
+    return {
+        taskCallback,
+        governedToolCall,
+        getReceipts: () => hook.getReceipts(),
+        hook,
+    };
+}
+//# sourceMappingURL=crewai.js.map

package/dist/src/adapters/crewai.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"crewai.js","sourceRoot":"","sources":["../../../src/adapters/crewai.ts"],"names":[],"mappings":"AAAA,0EAA0E;AAC1E;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AAyBrD;;;GAGG;AACH,MAAM,UAAU,sBAAsB,CAAC,MAA4B;IACjE,MAAM,IAAI,GAAG,IAAI,cAAc,CAAC,MAAM,CAAC,CAAA;IAEvC,MAAM,YAAY,GAAG,CAAC,MAAwB,EAAqB,EAAE;QACnE,MAAM,MAAM,GAAqB;YAC/B,IAAI,EAAE,sBAAsB;YAC5B,MAAM,EAAE,MAAM,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;YACxC,aAAa,EAAE,cAAc;YAC7B,QAAQ,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,YAAY,EAAE,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE;SACtE,CAAA;QACD,MAAM,UAAU,GAAG,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAA;QAC5C,OAAO,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAA;IAClF,CAAC,CAAA;IAED,MAAM,gBAAgB,GAAG,KAAK,EAC5B,QAAgB,EAChB,MAA+B,EAC/B,OAAyB,EACzB,aAAsB,EACtB,EAAE;QACF,MAAM,MAAM,GAAqB;YAC/B,IAAI,EAAE,eAAe,QAAQ,EAAE;YAC/B,MAAM,EAAE,QAAQ;YAChB,aAAa,EAAE,QAAQ,QAAQ,EAAE;YACjC,QAAQ,EAAE,MAAM;YAChB,aAAa;SACd,CAAA;QACD,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IACnC,CAAC,CAAA;IAED,OAAO;QACL,YAAY;QACZ,gBAAgB;QAChB,WAAW,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,WAAW,EAAE;QACrC,IAAI;KACL,CAAA;AACH,CAAC"}

package/dist/src/adapters/governance-hook.d.ts

@@ -0,0 +1,94 @@
+/**
+ * Generic Governance Hook — framework-agnostic adapter interface.
+ *
+ * Any agent framework (CrewAI, ADK, LangChain, AutoGen, A2A) implements
+ * this interface to get APS governance for free.
+ *
+ * The hook wraps the framework's action lifecycle:
+ *   beforeAction → policy evaluation → action execution → afterAction → receipt
+ */
+export interface GovernanceHookConfig {
+    agentId: string;
+    agentPublicKey: string;
+    agentPrivateKey: string;
+    delegationId: string;
+    /** Scopes this agent is authorized for */
+    allowedScopes: string[];
+    /** Values floor principles to enforce (default: all 8) */
+    enforcedPrinciples?: string[];
+    /** Maximum spend per action (for commerce) */
+    spendLimitPerAction?: number;
+    /** Whether to generate receipts for read-only actions */
+    receiptForReads?: boolean;
+}
+export interface ActionDescriptor {
+    /** What the agent wants to do */
+    type: string;
+    /** What it's acting on */
+    target: string;
+    /** Required scope */
+    scopeRequired: string;
+    /** Framework-specific metadata */
+    metadata?: Record<string, unknown>;
+    /** Estimated cost (for commerce actions) */
+    estimatedCost?: number;
+}
+export type GovernanceVerdict = 'permit' | 'deny' | 'narrow' | 'audit';
+export interface GovernanceResult {
+    verdict: GovernanceVerdict;
+    intentId: string;
+    decisionId: string;
+    reason: string;
+    /** Narrowed scope if verdict is 'narrow' */
+    narrowedScope?: string[];
+    /** Policy violations if verdict is 'deny' */
+    violations?: string[];
+}
+export interface GovernanceReceipt {
+    receiptId: string;
+    intentId: string;
+    decisionId: string;
+    agentId: string;
+    action: ActionDescriptor;
+    verdict: GovernanceVerdict;
+    executionResult: 'success' | 'failure' | 'partial';
+    startedAt: string;
+    completedAt: string;
+    durationMs: number;
+    signature: string;
+}
+export declare class GovernanceHook {
+    private config;
+    private actionLog;
+    private totalSpend;
+    constructor(config: GovernanceHookConfig);
+    /**
+     * STEP 1: Before action — evaluate policy.
+     * Call this before the agent executes anything.
+     * Returns permit/deny/narrow/audit.
+     */
+    beforeAction(action: ActionDescriptor): GovernanceResult;
+    /**
+     * STEP 2: After action — generate signed receipt.
+     * Call this after the action completes (success or failure).
+     */
+    afterAction(result: GovernanceResult, action: ActionDescriptor, executionResult: 'success' | 'failure' | 'partial', startedAt: string): GovernanceReceipt;
+    /**
+     * CONVENIENCE: Wrap an async action with full governance lifecycle.
+     * beforeAction → execute → afterAction → receipt
+     */
+    wrap<T>(action: ActionDescriptor, execute: () => Promise<T>): Promise<{
+        result: T | null;
+        receipt: GovernanceReceipt;
+        governance: GovernanceResult;
+    }>;
+    /** Get all receipts from this session */
+    getReceipts(): GovernanceReceipt[];
+    /** Get total spend this session */
+    getTotalSpend(): number;
+    /** Verify a receipt signature */
+    verifyReceipt(receipt: GovernanceReceipt): boolean;
+    /** Get the agent's governance config (for framework registration) */
+    getConfig(): GovernanceHookConfig;
+}
+//# sourceMappingURL=governance-hook.d.ts.map

package/dist/src/adapters/governance-hook.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"governance-hook.d.ts","sourceRoot":"","sources":["../../../src/adapters/governance-hook.ts"],"names":[],"mappings":"AACA;;;;;;;;GAQG;AAYH,MAAM,WAAW,oBAAoB;IACnC,OAAO,EAAE,MAAM,CAAA;IACf,cAAc,EAAE,MAAM,CAAA;IACtB,eAAe,EAAE,MAAM,CAAA;IACvB,YAAY,EAAE,MAAM,CAAA;IACpB,0CAA0C;IAC1C,aAAa,EAAE,MAAM,EAAE,CAAA;IACvB,0DAA0D;IAC1D,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAA;IAC7B,8CAA8C;IAC9C,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAC5B,yDAAyD;IACzD,eAAe,CAAC,EAAE,OAAO,CAAA;CAC1B;AAED,MAAM,WAAW,gBAAgB;IAC/B,iCAAiC;IACjC,IAAI,EAAE,MAAM,CAAA;IACZ,0BAA0B;IAC1B,MAAM,EAAE,MAAM,CAAA;IACd,qBAAqB;IACrB,aAAa,EAAE,MAAM,CAAA;IACrB,kCAAkC;IAClC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAClC,4CAA4C;IAC5C,aAAa,CAAC,EAAE,MAAM,CAAA;CACvB;AAED,MAAM,MAAM,iBAAiB,GAAG,QAAQ,GAAG,MAAM,GAAG,QAAQ,GAAG,OAAO,CAAA;AAEtE,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,iBAAiB,CAAA;IAC1B,QAAQ,EAAE,MAAM,CAAA;IAChB,UAAU,EAAE,MAAM,CAAA;IAClB,MAAM,EAAE,MAAM,CAAA;IACd,4CAA4C;IAC5C,aAAa,CAAC,EAAE,MAAM,EAAE,CAAA;IACxB,6CAA6C;IAC7C,UAAU,CAAC,EAAE,MAAM,EAAE,CAAA;CACtB;AAED,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,MAAM,CAAA;IACjB,QAAQ,EAAE,MAAM,CAAA;IAChB,UAAU,EAAE,MAAM,CAAA;IAClB,OAAO,EAAE,MAAM,CAAA;IACf,MAAM,EAAE,gBAAgB,CAAA;IACxB,OAAO,EAAE,iBAAiB,CAAA;IAC1B,eAAe,EAAE,SAAS,GAAG,SAAS,GAAG,SAAS,CAAA;IAClD,SAAS,EAAE,MAAM,CAAA;IACjB,WAAW,EAAE,MAAM,CAAA;IACnB,UAAU,EAAE,MAAM,CAAA;IAClB,SAAS,EAAE,MAAM,CAAA;CAClB;AAMD,qBAAa,cAAc;IACzB,OAAO,CAAC,MAAM,CAAsB;IACpC,OAAO,CAAC,SAAS,CAA0B;IAC3C,OAAO,CAAC,UAAU,CAAI;gBAEV,MAAM,EAAE,oBAAoB;IAIxC;;;;OAIG;IACH,YAAY,CAAC,MAAM,EAAE,gBAAgB,GAAG,gBAAgB;IAuCxD;;;OAGG;IACH,WAAW,CACT,MAAM,EAAE,gBAAgB,EACxB,MAAM,EAAE,gBAAgB,EACxB,eAAe,EAAE,SAAS,GAAG,SAAS,GAAG,SAAS,EAClD,SAAS,EAAE,MAAM,GAChB,iBAAiB;IA4BpB;;;OAGG;IACG,IAAI,CAAC,CAAC,EACV,MAAM,EAAE,gBAAgB,EACxB,OAAO,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,GACxB,OAAO,CAAC;QAAE,MAAM,EAAE,CAAC,GAAG,IAAI,CAAC;QAAC,OAAO,EAAE,iBAAiB,CAAC;QAAC,UAAU,EAAE,gBAAgB,CAAA;KAAE,CAAC;IAuB1F,yCAAyC;IACzC,WAAW,IAAI,iBAAiB,EAAE;IAElC,mCAAmC;IACnC,aAAa,IAAI,MAAM;IAEvB,iCAAiC;IACjC,aAAa,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO;IAKlD,qEAAqE;IACrE,SAAS,IAAI,oBAAoB;CAClC"}

package/dist/src/adapters/governance-hook.js

@@ -0,0 +1,123 @@
+// Copyright 2024-2026 Tymofii Pidlisnyi. Apache-2.0 license. See LICENSE.
+/**
+ * Generic Governance Hook — framework-agnostic adapter interface.
+ *
+ * Any agent framework (CrewAI, ADK, LangChain, AutoGen, A2A) implements
+ * this interface to get APS governance for free.
+ *
+ * The hook wraps the framework's action lifecycle:
+ *   beforeAction → policy evaluation → action execution → afterAction → receipt
+ */
+import { randomBytes } from 'node:crypto';
+import { sign, verify } from '../crypto/keys.js';
+import { canonicalize } from '../core/canonical.js';
+// ═══════════════════════════════════════
+// GovernanceHook — the core adapter class
+// ═══════════════════════════════════════
+export class GovernanceHook {
+    config;
+    actionLog = [];
+    totalSpend = 0;
+    constructor(config) {
+        this.config = config;
+    }
+    /**
+     * STEP 1: Before action — evaluate policy.
+     * Call this before the agent executes anything.
+     * Returns permit/deny/narrow/audit.
+     */
+    beforeAction(action) {
+        const intentId = 'intent_' + randomBytes(8).toString('hex');
+        const decisionId = 'dec_' + randomBytes(8).toString('hex');
+        const violations = [];
+        // Check 1: Scope authorization
+        const scopeMatch = this.config.allowedScopes.some(s => s === action.scopeRequired || s === '*' ||
+            (s.endsWith(':*') && action.scopeRequired.startsWith(s.slice(0, -1))));
+        if (!scopeMatch) {
+            violations.push(`Scope "${action.scopeRequired}" not in allowed: [${this.config.allowedScopes.join(', ')}]`);
+        }
+        // Check 2: Spend limit
+        if (action.estimatedCost && this.config.spendLimitPerAction) {
+            if (action.estimatedCost > this.config.spendLimitPerAction) {
+                violations.push(`Cost $${action.estimatedCost} exceeds limit $${this.config.spendLimitPerAction}`);
+            }
+        }
+        // Check 3: Delegation active (placeholder for revocation check)
+        if (!this.config.delegationId) {
+            violations.push('No active delegation');
+        }
+        const verdict = violations.length > 0 ? 'deny' : 'permit';
+        return {
+            verdict,
+            intentId,
+            decisionId,
+            reason: violations.length > 0
+                ? `Denied: ${violations.join('; ')}`
+                : `Permitted: scope "${action.scopeRequired}" authorized`,
+            violations: violations.length > 0 ? violations : undefined,
+        };
+    }
+    /**
+     * STEP 2: After action — generate signed receipt.
+     * Call this after the action completes (success or failure).
+     */
+    afterAction(result, action, executionResult, startedAt) {
+        const completedAt = new Date().toISOString();
+        const startMs = new Date(startedAt).getTime();
+        const endMs = new Date(completedAt).getTime();
+        const receiptPayload = {
+            receiptId: 'rcpt_' + randomBytes(8).toString('hex'),
+            intentId: result.intentId,
+            decisionId: result.decisionId,
+            agentId: this.config.agentId,
+            action,
+            verdict: result.verdict,
+            executionResult,
+            startedAt,
+            completedAt,
+            durationMs: endMs - startMs,
+        };
+        const sig = sign(canonicalize(receiptPayload), this.config.agentPrivateKey);
+        const receipt = { ...receiptPayload, signature: sig };
+        if (action.estimatedCost && executionResult === 'success') {
+            this.totalSpend += action.estimatedCost;
+        }
+        this.actionLog.push(receipt);
+        return receipt;
+    }
+    /**
+     * CONVENIENCE: Wrap an async action with full governance lifecycle.
+     * beforeAction → execute → afterAction → receipt
+     */
+    async wrap(action, execute) {
+        const governance = this.beforeAction(action);
+        if (governance.verdict === 'deny') {
+            const receipt = this.afterAction(governance, action, 'failure', new Date().toISOString());
+            return { result: null, receipt, governance };
+        }
+        const startedAt = new Date().toISOString();
+        let executionResult = 'failure';
+        let result = null;
+        try {
+            result = await execute();
+            executionResult = 'success';
+        }
+        catch {
+            executionResult = 'failure';
+        }
+        const receipt = this.afterAction(governance, action, executionResult, startedAt);
+        return { result, receipt, governance };
+    }
+    /** Get all receipts from this session */
+    getReceipts() { return [...this.actionLog]; }
+    /** Get total spend this session */
+    getTotalSpend() { return this.totalSpend; }
+    /** Verify a receipt signature */
+    verifyReceipt(receipt) {
+        const { signature, ...payload } = receipt;
+        return verify(canonicalize(payload), signature, this.config.agentPublicKey);
+    }
+    /** Get the agent's governance config (for framework registration) */
+    getConfig() { return { ...this.config }; }
+}
+//# sourceMappingURL=governance-hook.js.map

package/dist/src/adapters/governance-hook.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"governance-hook.js","sourceRoot":"","sources":["../../../src/adapters/governance-hook.ts"],"names":[],"mappings":"AAAA,0EAA0E;AAC1E;;;;;;;;GAQG;AAEH,OAAO,EAAc,WAAW,EAAE,MAAM,aAAa,CAAA;AACrD,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAA;AAChD,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAA;AA+DnD,0CAA0C;AAC1C,0CAA0C;AAC1C,0CAA0C;AAE1C,MAAM,OAAO,cAAc;IACjB,MAAM,CAAsB;IAC5B,SAAS,GAAwB,EAAE,CAAA;IACnC,UAAU,GAAG,CAAC,CAAA;IAEtB,YAAY,MAA4B;QACtC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;IACtB,CAAC;IAED;;;;OAIG;IACH,YAAY,CAAC,MAAwB;QACnC,MAAM,QAAQ,GAAG,SAAS,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;QAC3D,MAAM,UAAU,GAAG,MAAM,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;QAC1D,MAAM,UAAU,GAAa,EAAE,CAAA;QAE/B,+BAA+B;QAC/B,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CACpD,CAAC,KAAK,MAAM,CAAC,aAAa,IAAI,CAAC,KAAK,GAAG;YACvC,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,MAAM,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CACtE,CAAA;QACD,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,UAAU,CAAC,IAAI,CAAC,UAAU,MAAM,CAAC,aAAa,sBAAsB,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QAC9G,CAAC;QAED,uBAAuB;QACvB,IAAI,MAAM,CAAC,aAAa,IAAI,IAAI,CAAC,MAAM,CAAC,mBAAmB,EAAE,CAAC;YAC5D,IAAI,MAAM,CAAC,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,mBAAmB,EAAE,CAAC;gBAC3D,UAAU,CAAC,IAAI,CAAC,SAAS,MAAM,CAAC,aAAa,mBAAmB,IAAI,CAAC,MAAM,CAAC,mBAAmB,EAAE,CAAC,CAAA;YACpG,CAAC;QACH,CAAC;QAED,gEAAgE;QAChE,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;YAC9B,UAAU,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAA;QACzC,CAAC;QAED,MAAM,OAAO,GAAsB,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAA;QAE5E,OAAO;YACL,OAAO;YACP,QAAQ;YACR,UAAU;YACV,MAAM,EAAE,UAAU,CAAC,MAAM,GAAG,CAAC;gBAC3B,CAAC,CAAC,WAAW,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;gBACpC,CAAC,CAAC,qBAAqB,MAAM,CAAC,aAAa,cAAc;YAC3D,UAAU,EAAE,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS;SAC3D,CAAA;IACH,CAAC;IAED;;;OAGG;IACH,WAAW,CACT,MAAwB,EACxB,MAAwB,EACxB,eAAkD,EAClD,SAAiB;QAEjB,MAAM,WAAW,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAA;QAC5C,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAA;QAC7C,MAAM,KAAK,GAAG,IAAI,IAAI,CAAC,WAAW,CAAC,CAAC,OAAO,EAAE,CAAA;QAE7C,MAAM,cAAc,GAAG;YACrB,SAAS,EAAE,OAAO,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC;YACnD,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,MAAM;YACN,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,eAAe;YACf,SAAS;YACT,WAAW;YACX,UAAU,EAAE,KAAK,GAAG,OAAO;SAC5B,CAAA;QAED,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,cAAc,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,CAAA;QAC3E,MAAM,OAAO,GAAsB,EAAE,GAAG,cAAc,EAAE,SAAS,EAAE,GAAG,EAAE,CAAA;QAExE,IAAI,MAAM,CAAC,aAAa,IAAI,eAAe,KAAK,SAAS,EAAE,CAAC;YAC1D,IAAI,CAAC,UAAU,IAAI,MAAM,CAAC,aAAa,CAAA;QACzC,CAAC;QACD,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;QAC5B,OAAO,OAAO,CAAA;IAChB,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,IAAI,CACR,MAAwB,EACxB,OAAyB;QAEzB,MAAM,UAAU,GAAG,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAA;QAE5C,IAAI,UAAU,CAAC,OAAO,KAAK,MAAM,EAAE,CAAC;YAClC,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAA;YACzF,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,CAAA;QAC9C,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAA;QAC1C,IAAI,eAAe,GAA0B,SAAS,CAAA;QACtD,IAAI,MAAM,GAAa,IAAI,CAAA;QAE3B,IAAI,CAAC;YACH,MAAM,GAAG,MAAM,OAAO,EAAE,CAAA;YACxB,eAAe,GAAG,SAAS,CAAA;QAC7B,CAAC;QAAC,MAAM,CAAC;YACP,eAAe,GAAG,SAAS,CAAA;QAC7B,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,MAAM,EAAE,eAAe,EAAE,SAAS,CAAC,CAAA;QAChF,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,CAAA;IACxC,CAAC;IAED,yCAAyC;IACzC,WAAW,KAA0B,OAAO,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,CAAA,CAAC,CAAC;IAEjE,mCAAmC;IACnC,aAAa,KAAa,OAAO,IAAI,CAAC,UAAU,CAAA,CAAC,CAAC;IAElD,iCAAiC;IACjC,aAAa,CAAC,OAA0B;QACtC,MAAM,EAAE,SAAS,EAAE,GAAG,OAAO,EAAE,GAAG,OAAO,CAAA;QACzC,OAAO,MAAM,CAAC,YAAY,CAAC,OAAO,CAAC,EAAE,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,CAAA;IAC7E,CAAC;IAED,qEAAqE;IACrE,SAAS,KAA2B,OAAO,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,CAAA,CAAC,CAAC;CAChE"}

package/dist/src/adapters/langchain.d.ts

@@ -0,0 +1,25 @@
+/**
+ * LangChain Adapter — maps LangChain's callback handler lifecycle to APS governance.
+ *
+ * LangChain pattern: on_tool_start → tool runs → on_tool_end / on_tool_error
+ * APS pattern: beforeAction → execute → afterAction → receipt
+ */
+import { GovernanceHook } from './governance-hook.js';
+import type { GovernanceHookConfig, GovernanceReceipt } from './governance-hook.js';
+export interface LangChainGovernanceHandler {
+    on_tool_start: (toolName: string, input: string, runId: string) => {
+        allowed: boolean;
+        intentId: string;
+    };
+    on_tool_end: (output: string, runId: string) => GovernanceReceipt | null;
+    on_tool_error: (error: string, runId: string) => GovernanceReceipt | null;
+    on_chain_start: (chainType: string, inputs: Record<string, unknown>, runId: string) => {
+        allowed: boolean;
+        intentId: string;
+    };
+    on_chain_end: (outputs: Record<string, unknown>, runId: string) => GovernanceReceipt | null;
+    get_audit_trail: () => GovernanceReceipt[];
+    hook: GovernanceHook;
+}
+export declare function createLangChainGovernanceHandler(config: GovernanceHookConfig): LangChainGovernanceHandler;
+//# sourceMappingURL=langchain.d.ts.map

package/dist/src/adapters/langchain.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"langchain.d.ts","sourceRoot":"","sources":["../../../src/adapters/langchain.ts"],"names":[],"mappings":"AACA;;;;;GAKG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AACrD,OAAO,KAAK,EAAE,oBAAoB,EAAsC,iBAAiB,EAAE,MAAM,sBAAsB,CAAA;AAEvH,MAAM,WAAW,0BAA0B;IACzC,aAAa,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,KAAK;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAA;IACzG,WAAW,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,KAAK,iBAAiB,GAAG,IAAI,CAAA;IACxE,aAAa,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,KAAK,iBAAiB,GAAG,IAAI,CAAA;IACzE,cAAc,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,KAAK,EAAE,MAAM,KAAK;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAA;IAC7H,YAAY,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,KAAK,EAAE,MAAM,KAAK,iBAAiB,GAAG,IAAI,CAAA;IAC3F,eAAe,EAAE,MAAM,iBAAiB,EAAE,CAAA;IAC1C,IAAI,EAAE,cAAc,CAAA;CACrB;AAED,wBAAgB,gCAAgC,CAAC,MAAM,EAAE,oBAAoB,GAAG,0BAA0B,CA2DzG"}