agent-passport-system 1.27.0 → 1.29.0

package/README.md

@@ -2,14 +2,14 @@
 
 [![npm version](https://img.shields.io/npm/v/agent-passport-system)](https://www.npmjs.com/package/agent-passport-system)
 [![license](https://img.shields.io/npm/l/agent-passport-system)](https://github.com/aeoess/agent-passport-system/blob/main/LICENSE)
-[![tests](https://img.shields.io/badge/tests-1557%20passing-brightgreen)](https://github.com/aeoess/agent-passport-system)
+[![tests](https://img.shields.io/badge/tests-1715%20passing-brightgreen)](https://github.com/aeoess/agent-passport-system)
 [![DOI](https://zenodo.org/badge/DOI/10.5281/zenodo.18749779.svg)](https://doi.org/10.5281/zenodo.18749779)
 
 > **For AI agents:** visit [aeoess.com/llms.txt](https://aeoess.com/llms.txt) for machine-readable docs or [llms-full.txt](https://aeoess.com/llms-full.txt) for the complete reference.
 
-**Governance, trust, and enforcement for AI agents. Not just identity.**
+**Governance infrastructure for the agent economy.** Identity, delegation, reputation, enforcement, commerce, institutional governance. Not just identity — the full stack.
 
-When an AI agent acts on your behalf, APS answers: what is it allowed to do? How much can it spend? Is it trustworthy? What happens when it violates a constraint? And can you prove all of this cryptographically?
+AI agents represent companies and people. They spend real money, access sensitive data, negotiate contracts, and talk to other agents. APS answers: what is this agent allowed to do? How much can it spend? Is it trustworthy? What happens when it violates a constraint? And can you prove all of this cryptographically?
 
 ```bash
 npm install agent-passport-system
@@ -70,6 +70,40 @@ const result = await gateway.processToolCall({
 
 **What just happened:** The gateway verified the agent's identity, checked delegation scope, enforced spend limits, evaluated values floor compliance, verified reputation tier, checked revocation status, executed the tool, generated a signed receipt, and updated reputation. All in one call. The agent never touched the tool directly.
 
+## Framework Integration: CrewAI
+
+Add governance to any CrewAI crew in 10 lines. Works the same way with LangChain, ADK, A2A, or any custom framework.
+
+```typescript
+import { generateKeyPair, createCrewAIGovernance } from 'agent-passport-system'
+
+const keys = generateKeyPair()
+const gov = createCrewAIGovernance({
+  agentId: 'research-agent',
+  ...keys,
+  delegationId: 'del_research_2026',
+  allowedScopes: ['tool:web_search', 'tool:read_file', 'task:execute'],
+  spendLimitPerAction: 5.00,
+})
+
+// Wrap any tool call — permitted actions execute, denied ones don't
+const result = await gov.governedToolCall(
+  'web_search',
+  { query: 'AI governance standards' },
+  () => mySearchTool('AI governance standards'),
+  0.01  // estimated cost
+)
+// result.governance.verdict → 'permit' or 'deny'
+// result.receipt → signed proof of the action (or denial)
+
+// Use as CrewAI task callback
+const receipt = gov.taskCallback({ description: '...', result: '...', agent: 'research-agent' })
+```
+
+**What you get:** scope enforcement (agent can only use allowed tools), spend controls ($5/action limit), signed receipts for every action (permit or deny), and a verifiable audit trail. The agent never bypasses governance because the wrapper executes the action, not the agent.
+
+See [`examples/crewai-governance.ts`](examples/crewai-governance.ts) for the full working example. Adapters also available for [LangChain](src/adapters/langchain.ts), [Google ADK](src/adapters/adk.ts), and [A2A](src/adapters/a2a.ts).
+
 ## Identity Is the Foundation, Not the Product
 
 Everything above is built on Ed25519 cryptographic identity. But identity is the plumbing, not the value proposition.
@@ -90,7 +124,7 @@ const agent = joinSocialContract({ name: 'my-agent', owner: 'alice', floor: floo
 
 ## The Stack
 
-48 core modules + 32 v2 constitutional modules. 1557 tests. Zero heavy dependencies.
+62 core modules + 32 v2 constitutional modules. 1715 tests. Zero heavy dependencies.
 
 | Layer | What it does | Key primitive |
 |-------|-------------|---------------|
@@ -109,7 +143,7 @@ const agent = joinSocialContract({ name: 'my-agent', owner: 'alice', floor: floo
 
 ## MCP Server
 
-120 tools across all modules. Any MCP client connects agents directly.
+121 tools across all modules. Any MCP client connects agents directly.
 
 ```bash
 npm install -g agent-passport-system-mcp
@@ -144,7 +178,7 @@ npx agent-passport audit --floor values/floor.yaml
 
 ```bash
 npm test
-# 1557 tests across 84 files, 405 suites, 0 failures
+# 1715 tests across 93 files, 446 suites, 0 failures
 ```
 
 50 adversarial tests: Merkle tampering, attribution gaming, compliance violations, floor negotiation attacks, cross-chain confused deputy, taint laundering, authority probing.
@@ -162,7 +196,7 @@ npm test
 | Signed receipts | 3-sig chain | Proposed | Logs | General | — |
 | Values enforcement | 8 principles, graduated | — | Rules | — | — |
 | Coordination | Task lifecycle + MCP | — | — | — | — |
-| Tests | 1557 (50 adversarial) | None | Limited | None | None |
+| Tests | 1715 (50 adversarial) | None | Limited | None | None |
 
 ## Recognition
 
@@ -177,6 +211,10 @@ npm test
 
 **"Monotonic Narrowing for Agent Authority"** — Published on [Zenodo](https://doi.org/10.5281/zenodo.18749779). [Read →](papers/agent-social-contract.md)
 
+**"Faceted Authority Attenuation: A Product Lattice Model for AI Agent Governance"** — Published on [Zenodo](https://doi.org/10.5281/zenodo.19260073). Seven-dimensional product lattice formalization with authorization witnesses, constraint vectors, and institutional governance composition.
+
+**Cited by:** Nanook & Gerundium, "PDR in Production: Empirical Validation of Behavioral Trust Scoring in Multi-Agent Systems" ([DOI:10.5281/zenodo.19323172](https://doi.org/10.5281/zenodo.19323172)) — Section 7.6 independently validates the APS Bayesian reputation model, sigma dynamics, and structuralVerdict/trustVerdict separation using production data from UBC.
+
 ## Authorship
 
 Designed and built by **Tymofii Pidlisnyi** with AI assistance from **Claude** (Anthropic).

package/dist/src/core/anchor-state.d.ts

@@ -0,0 +1,46 @@
+/** External anchor state for a receipt or batch.
+ *  unanchored: exists only in gateway memory
+ *  batched_pending: included in a Merkle batch, root not yet anchored externally
+ *  anchored: Merkle root published to external log (Rekor, Solana, etc.)
+ *  critical_direct_anchor: individual receipt anchored directly (bypass batching) */
+export type AnchorState = 'unanchored' | 'batched_pending' | 'anchored' | 'critical_direct_anchor';
+/** Anchor metadata on a receipt */
+export interface AnchorMetadata {
+    state: AnchorState;
+    /** Batch ID if batched_pending or anchored */
+    batchId?: string;
+    /** External anchor reference (URL, transaction ID, etc.) */
+    anchorRef?: string;
+    /** When the anchor was confirmed */
+    anchoredAt?: string;
+    /** Which anchor backend was used */
+    anchorBackend?: string;
+}
+/** Auto-batch configuration */
+export interface AutoBatchConfig {
+    /** Maximum seconds between batch commits (0 = disabled) */
+    maxIntervalSeconds: number;
+    /** Maximum receipts before auto-commit (0 = disabled) */
+    maxReceiptsPerBatch: number;
+    /** Whether critical/irreversible actions get direct anchor */
+    directAnchorCritical: boolean;
+}
+export declare const DEFAULT_AUTO_BATCH_CONFIG: AutoBatchConfig;
+/** Create initial anchor metadata for a new receipt */
+export declare function createAnchorMetadata(critical?: boolean): AnchorMetadata;
+/** Transition anchor state when receipt is added to a batch */
+export declare function markBatched(anchor: AnchorMetadata, batchId: string): AnchorMetadata;
+/** Transition anchor state when batch root is externally anchored */
+export declare function markAnchored(anchor: AnchorMetadata, anchorRef: string, anchorBackend: string): AnchorMetadata;
+/** Check if auto-batch should fire based on config and current state */
+export declare function shouldAutoBatch(pendingCount: number, lastBatchTime: string | null, config?: AutoBatchConfig): {
+    trigger: boolean;
+    reason: 'max_receipts' | 'max_interval' | null;
+};
+/** Check if an anchor state meets a minimum requirement */
+export declare function meetsAnchorRequirement(current: AnchorState, minimum: AnchorState): boolean;
+/** Check if anchor state transition is valid (can only move forward) */
+export declare function isValidAnchorTransition(from: AnchorState, to: AnchorState): boolean;
+/** Exported ordering for cross-language verification */
+export declare const ANCHOR_STATE_ORDER: Record<AnchorState, number>;
+//# sourceMappingURL=anchor-state.d.ts.map

package/dist/src/core/anchor-state.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"anchor-state.d.ts","sourceRoot":"","sources":["../../../src/core/anchor-state.ts"],"names":[],"mappings":"AAYA;;;;qFAIqF;AACrF,MAAM,MAAM,WAAW,GAAG,YAAY,GAAG,iBAAiB,GAAG,UAAU,GAAG,wBAAwB,CAAA;AAElG,mCAAmC;AACnC,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,WAAW,CAAA;IAClB,8CAA8C;IAC9C,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,4DAA4D;IAC5D,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,oCAAoC;IACpC,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,oCAAoC;IACpC,aAAa,CAAC,EAAE,MAAM,CAAA;CACvB;AAED,+BAA+B;AAC/B,MAAM,WAAW,eAAe;IAC9B,2DAA2D;IAC3D,kBAAkB,EAAE,MAAM,CAAA;IAC1B,yDAAyD;IACzD,mBAAmB,EAAE,MAAM,CAAA;IAC3B,8DAA8D;IAC9D,oBAAoB,EAAE,OAAO,CAAA;CAC9B;AAED,eAAO,MAAM,yBAAyB,EAAE,eAIvC,CAAA;AAED,uDAAuD;AACvD,wBAAgB,oBAAoB,CAAC,QAAQ,GAAE,OAAe,GAAG,cAAc,CAI9E;AAED,+DAA+D;AAC/D,wBAAgB,WAAW,CAAC,MAAM,EAAE,cAAc,EAAE,OAAO,EAAE,MAAM,GAAG,cAAc,CAInF;AAED,qEAAqE;AACrE,wBAAgB,YAAY,CAC1B,MAAM,EAAE,cAAc,EACtB,SAAS,EAAE,MAAM,EACjB,aAAa,EAAE,MAAM,GACpB,cAAc,CAQhB;AAED,wEAAwE;AACxE,wBAAgB,eAAe,CAC7B,YAAY,EAAE,MAAM,EACpB,aAAa,EAAE,MAAM,GAAG,IAAI,EAC5B,MAAM,GAAE,eAA2C,GAClD;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,cAAc,GAAG,cAAc,GAAG,IAAI,CAAA;CAAE,CAsBtE;AAUD,2DAA2D;AAC3D,wBAAgB,sBAAsB,CACpC,OAAO,EAAE,WAAW,EACpB,OAAO,EAAE,WAAW,GACnB,OAAO,CAET;AAED,wEAAwE;AACxE,wBAAgB,uBAAuB,CAAC,IAAI,EAAE,WAAW,EAAE,EAAE,EAAE,WAAW,GAAG,OAAO,CAEnF;AAED,wDAAwD;AACxD,eAAO,MAAM,kBAAkB,6BAAe,CAAA"}

package/dist/src/core/anchor-state.js

@@ -0,0 +1,80 @@
+// ══════════════════════════════════════════════════════════════════
+// Anchor States — External verifiability tracking for receipts
+// ══════════════════════════════════════════════════════════════════
+// Consilium Priority 6. Gemini: "explicit receipt anchor states."
+// desiorac (A2A #1672): batch commitment lags individual receipts.
+//
+// Every receipt and batch carries an anchor state:
+//   unanchored → batched_pending → anchored → critical_direct_anchor
+//
+// Auto-batching: configurable window (N seconds or N receipts).
+// ══════════════════════════════════════════════════════════════════
+export const DEFAULT_AUTO_BATCH_CONFIG = {
+    maxIntervalSeconds: 300, // 5 minutes
+    maxReceiptsPerBatch: 100,
+    directAnchorCritical: true,
+};
+/** Create initial anchor metadata for a new receipt */
+export function createAnchorMetadata(critical = false) {
+    return {
+        state: critical ? 'critical_direct_anchor' : 'unanchored',
+    };
+}
+/** Transition anchor state when receipt is added to a batch */
+export function markBatched(anchor, batchId) {
+    if (anchor.state === 'critical_direct_anchor')
+        return anchor; // already anchored
+    if (anchor.state === 'anchored')
+        return anchor; // already anchored
+    return { ...anchor, state: 'batched_pending', batchId };
+}
+/** Transition anchor state when batch root is externally anchored */
+export function markAnchored(anchor, anchorRef, anchorBackend) {
+    if (anchor.state === 'critical_direct_anchor')
+        return anchor;
+    return {
+        ...anchor,
+        state: 'anchored',
+        anchorRef, anchorBackend,
+        anchoredAt: new Date().toISOString(),
+    };
+}
+/** Check if auto-batch should fire based on config and current state */
+export function shouldAutoBatch(pendingCount, lastBatchTime, config = DEFAULT_AUTO_BATCH_CONFIG) {
+    if (pendingCount === 0)
+        return { trigger: false, reason: null };
+    // Receipt count trigger
+    if (config.maxReceiptsPerBatch > 0 && pendingCount >= config.maxReceiptsPerBatch) {
+        return { trigger: true, reason: 'max_receipts' };
+    }
+    // Time interval trigger
+    if (config.maxIntervalSeconds > 0 && lastBatchTime) {
+        const elapsed = (Date.now() - new Date(lastBatchTime).getTime()) / 1000;
+        if (elapsed >= config.maxIntervalSeconds) {
+            return { trigger: true, reason: 'max_interval' };
+        }
+    }
+    // First batch ever — trigger on interval if no previous batch
+    if (config.maxIntervalSeconds > 0 && !lastBatchTime && pendingCount > 0) {
+        return { trigger: true, reason: 'max_interval' };
+    }
+    return { trigger: false, reason: null };
+}
+/** Anchor state ordering — higher number = more externally verifiable */
+const ANCHOR_ORDER = {
+    unanchored: 0,
+    batched_pending: 1,
+    anchored: 2,
+    critical_direct_anchor: 3,
+};
+/** Check if an anchor state meets a minimum requirement */
+export function meetsAnchorRequirement(current, minimum) {
+    return ANCHOR_ORDER[current] >= ANCHOR_ORDER[minimum];
+}
+/** Check if anchor state transition is valid (can only move forward) */
+export function isValidAnchorTransition(from, to) {
+    return ANCHOR_ORDER[to] >= ANCHOR_ORDER[from];
+}
+/** Exported ordering for cross-language verification */
+export const ANCHOR_STATE_ORDER = ANCHOR_ORDER;
+//# sourceMappingURL=anchor-state.js.map

package/dist/src/core/anchor-state.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"anchor-state.js","sourceRoot":"","sources":["../../../src/core/anchor-state.ts"],"names":[],"mappings":"AAAA,qEAAqE;AACrE,+DAA+D;AAC/D,qEAAqE;AACrE,kEAAkE;AAClE,mEAAmE;AACnE,EAAE;AACF,mDAAmD;AACnD,qEAAqE;AACrE,EAAE;AACF,gEAAgE;AAChE,qEAAqE;AAgCrE,MAAM,CAAC,MAAM,yBAAyB,GAAoB;IACxD,kBAAkB,EAAE,GAAG,EAAI,YAAY;IACvC,mBAAmB,EAAE,GAAG;IACxB,oBAAoB,EAAE,IAAI;CAC3B,CAAA;AAED,uDAAuD;AACvD,MAAM,UAAU,oBAAoB,CAAC,WAAoB,KAAK;IAC5D,OAAO;QACL,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC,wBAAwB,CAAC,CAAC,CAAC,YAAY;KAC1D,CAAA;AACH,CAAC;AAED,+DAA+D;AAC/D,MAAM,UAAU,WAAW,CAAC,MAAsB,EAAE,OAAe;IACjE,IAAI,MAAM,CAAC,KAAK,KAAK,wBAAwB;QAAE,OAAO,MAAM,CAAA,CAAC,mBAAmB;IAChF,IAAI,MAAM,CAAC,KAAK,KAAK,UAAU;QAAE,OAAO,MAAM,CAAA,CAAC,mBAAmB;IAClE,OAAO,EAAE,GAAG,MAAM,EAAE,KAAK,EAAE,iBAAiB,EAAE,OAAO,EAAE,CAAA;AACzD,CAAC;AAED,qEAAqE;AACrE,MAAM,UAAU,YAAY,CAC1B,MAAsB,EACtB,SAAiB,EACjB,aAAqB;IAErB,IAAI,MAAM,CAAC,KAAK,KAAK,wBAAwB;QAAE,OAAO,MAAM,CAAA;IAC5D,OAAO;QACL,GAAG,MAAM;QACT,KAAK,EAAE,UAAU;QACjB,SAAS,EAAE,aAAa;QACxB,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACrC,CAAA;AACH,CAAC;AAED,wEAAwE;AACxE,MAAM,UAAU,eAAe,CAC7B,YAAoB,EACpB,aAA4B,EAC5B,SAA0B,yBAAyB;IAEnD,IAAI,YAAY,KAAK,CAAC;QAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,CAAA;IAE/D,wBAAwB;IACxB,IAAI,MAAM,CAAC,mBAAmB,GAAG,CAAC,IAAI,YAAY,IAAI,MAAM,CAAC,mBAAmB,EAAE,CAAC;QACjF,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,cAAc,EAAE,CAAA;IAClD,CAAC;IAED,wBAAwB;IACxB,IAAI,MAAM,CAAC,kBAAkB,GAAG,CAAC,IAAI,aAAa,EAAE,CAAC;QACnD,MAAM,OAAO,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,IAAI,CAAC,aAAa,CAAC,CAAC,OAAO,EAAE,CAAC,GAAG,IAAI,CAAA;QACvE,IAAI,OAAO,IAAI,MAAM,CAAC,kBAAkB,EAAE,CAAC;YACzC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,cAAc,EAAE,CAAA;QAClD,CAAC;IACH,CAAC;IAED,8DAA8D;IAC9D,IAAI,MAAM,CAAC,kBAAkB,GAAG,CAAC,IAAI,CAAC,aAAa,IAAI,YAAY,GAAG,CAAC,EAAE,CAAC;QACxE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,cAAc,EAAE,CAAA;IAClD,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,CAAA;AACzC,CAAC;AAED,yEAAyE;AACzE,MAAM,YAAY,GAAgC;IAChD,UAAU,EAAE,CAAC;IACb,eAAe,EAAE,CAAC;IAClB,QAAQ,EAAE,CAAC;IACX,sBAAsB,EAAE,CAAC;CAC1B,CAAA;AAED,2DAA2D;AAC3D,MAAM,UAAU,sBAAsB,CACpC,OAAoB,EACpB,OAAoB;IAEpB,OAAO,YAAY,CAAC,OAAO,CAAC,IAAI,YAAY,CAAC,OAAO,CAAC,CAAA;AACvD,CAAC;AAED,wEAAwE;AACxE,MAAM,UAAU,uBAAuB,CAAC,IAAiB,EAAE,EAAe;IACxE,OAAO,YAAY,CAAC,EAAE,CAAC,IAAI,YAAY,CAAC,IAAI,CAAC,CAAA;AAC/C,CAAC;AAED,wDAAwD;AACxD,MAAM,CAAC,MAAM,kBAAkB,GAAG,YAAY,CAAA"}

package/dist/src/core/canonical-jcs.d.ts

@@ -0,0 +1,23 @@
+/** RFC 8785 JSON Canonicalization Scheme.
+ *  Differences from legacy canonicalize():
+ *  - null values ARE preserved (not filtered)
+ *  - undefined object values become null
+ *  - Number serialization follows ES2015 spec
+ *  - All other behavior is identical (sorted keys, no whitespace) */
+export declare function canonicalizeJCS(value: unknown): string;
+/** Detect which canonicalization variant was likely used.
+ *  Checks if null values are present — JCS preserves them, legacy strips them. */
+export declare function detectCanonicalVariant(obj: unknown, canonicalString: string): 'jcs' | 'legacy' | 'ambiguous';
+/** Cross-language test vector for canonicalization verification */
+export interface CanonicalizationTestVector {
+    id: string;
+    description: string;
+    input: unknown;
+    expected_jcs: string;
+    expected_legacy: string;
+    sha256_jcs: string;
+    sha256_legacy: string;
+}
+/** Built-in test vectors for cross-language verification */
+export declare function getTestVectors(): CanonicalizationTestVector[];
+//# sourceMappingURL=canonical-jcs.d.ts.map

package/dist/src/core/canonical-jcs.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"canonical-jcs.d.ts","sourceRoot":"","sources":["../../../src/core/canonical-jcs.ts"],"names":[],"mappings":"AAcA;;;;;qEAKqE;AACrE,wBAAgB,eAAe,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,CAiCtD;AAED;kFACkF;AAClF,wBAAgB,sBAAsB,CACpC,GAAG,EAAE,OAAO,EACZ,eAAe,EAAE,MAAM,GACtB,KAAK,GAAG,QAAQ,GAAG,WAAW,CAMhC;AAYD,mEAAmE;AACnE,MAAM,WAAW,0BAA0B;IACzC,EAAE,EAAE,MAAM,CAAA;IACV,WAAW,EAAE,MAAM,CAAA;IACnB,KAAK,EAAE,OAAO,CAAA;IACd,YAAY,EAAE,MAAM,CAAA;IACpB,eAAe,EAAE,MAAM,CAAA;IACvB,UAAU,EAAE,MAAM,CAAA;IAClB,aAAa,EAAE,MAAM,CAAA;CACtB;AAOD,4DAA4D;AAC5D,wBAAgB,cAAc,IAAI,0BAA0B,EAAE,CAoF7D"}

package/dist/src/core/canonical-jcs.js

@@ -0,0 +1,125 @@
+// ══════════════════════════════════════════════════════════════════
+// JCS Canonicalization — RFC 8785 compliant JSON Canonicalization
+// ══════════════════════════════════════════════════════════════════
+// The original canonicalize() filters null values — a deviation from
+// RFC 8785 that cannot be changed without breaking existing signatures.
+//
+// This module provides:
+//   canonicalizeJCS() — strict RFC 8785 compliance
+//   verifyCanonical()  — detect which variant was used
+//
+// Migration: new signatures should use JCS. Old signatures keep
+// working with the legacy function. Verification tries both.
+// ══════════════════════════════════════════════════════════════════
+/** RFC 8785 JSON Canonicalization Scheme.
+ *  Differences from legacy canonicalize():
+ *  - null values ARE preserved (not filtered)
+ *  - undefined object values become null
+ *  - Number serialization follows ES2015 spec
+ *  - All other behavior is identical (sorted keys, no whitespace) */
+export function canonicalizeJCS(value) {
+    if (value === null || value === undefined)
+        return 'null';
+    switch (typeof value) {
+        case 'boolean':
+            return value ? 'true' : 'false';
+        case 'number': {
+            if (!isFinite(value))
+                throw new Error('JCS does not support Infinity or NaN');
+            // ES2015 number serialization — JSON.stringify handles this correctly
+            return JSON.stringify(value);
+        }
+        case 'string':
+            return JSON.stringify(value);
+        case 'object': {
+            if (value instanceof Date)
+                return JSON.stringify(value);
+            if (Array.isArray(value)) {
+                return '[' + value.map(item => canonicalizeJCS(item)).join(',') + ']';
+            }
+            // Object: sort keys by Unicode code point, preserve null values
+            const obj = value;
+            const keys = Object.keys(obj).sort();
+            const pairs = [];
+            for (const key of keys) {
+                const v = obj[key];
+                // RFC 8785: undefined becomes null, null is preserved
+                // Only skip if the key was never set (shouldn't happen with Object.keys)
+                pairs.push(`${JSON.stringify(key)}:${canonicalizeJCS(v)}`);
+            }
+            return '{' + pairs.join(',') + '}';
+        }
+        default:
+            throw new Error(`JCS: unsupported type ${typeof value}`);
+    }
+}
+/** Detect which canonicalization variant was likely used.
+ *  Checks if null values are present — JCS preserves them, legacy strips them. */
+export function detectCanonicalVariant(obj, canonicalString) {
+    // If the object has no null values, both variants produce identical output
+    if (!hasNullValues(obj))
+        return 'ambiguous';
+    // If canonical string contains `:null`, it's JCS (legacy strips nulls)
+    if (canonicalString.includes(':null'))
+        return 'jcs';
+    return 'legacy';
+}
+function hasNullValues(obj) {
+    if (obj === null)
+        return true;
+    if (typeof obj !== 'object' || obj === undefined)
+        return false;
+    if (Array.isArray(obj))
+        return obj.some(hasNullValues);
+    return Object.values(obj).some(v => v === null || v === undefined || hasNullValues(v));
+}
+import { createHash } from 'crypto';
+/** Generate SHA-256 hex digest of a string */
+function sha256hex(input) {
+    return createHash('sha256').update(input, 'utf-8').digest('hex');
+}
+/** Built-in test vectors for cross-language verification */
+export function getTestVectors() {
+    const vectors = [];
+    function addVector(id, desc, input, jcs, legacy) {
+        vectors.push({
+            id, description: desc, input,
+            expected_jcs: jcs, expected_legacy: legacy,
+            sha256_jcs: sha256hex(jcs), sha256_legacy: sha256hex(legacy),
+        });
+    }
+    // V1: Simple object — both variants identical
+    addVector('cv-001', 'Simple object, no nulls — variants identical', { agentId: 'agent-001', scope: 'read' }, '{"agentId":"agent-001","scope":"read"}', '{"agentId":"agent-001","scope":"read"}');
+    // V2: Object with null — variants diverge
+    addVector('cv-002', 'Null value — JCS preserves, legacy strips', { agentId: 'agent-001', metadata: null, scope: 'read' }, '{"agentId":"agent-001","metadata":null,"scope":"read"}', '{"agentId":"agent-001","scope":"read"}');
+    // V3: Key ordering
+    addVector('cv-003', 'Keys sorted by Unicode code point', { zebra: 1, alpha: 2, middle: 3 }, '{"alpha":2,"middle":3,"zebra":1}', '{"alpha":2,"middle":3,"zebra":1}');
+    // V4: Nested objects with null
+    addVector('cv-004', 'Nested object with null at depth', { outer: { inner: null, value: 42 }, top: 'ok' }, '{"outer":{"inner":null,"value":42},"top":"ok"}', '{"outer":{"value":42},"top":"ok"}');
+    // V5: Arrays with null elements
+    addVector('cv-005', 'Array with null elements — both preserve array nulls', { items: [1, null, 3] }, '{"items":[1,null,3]}', '{"items":[1,null,3]}');
+    // V6: Number edge cases
+    addVector('cv-006', 'Number formatting — integers and floats', { integer: 42, negative: -7, float: 3.14, zero: 0 }, '{"float":3.14,"integer":42,"negative":-7,"zero":0}', '{"float":3.14,"integer":42,"negative":-7,"zero":0}');
+    // V7: Empty structures
+    addVector('cv-007', 'Empty object and empty array', { emptyArr: [], emptyObj: {} }, '{"emptyArr":[],"emptyObj":{}}', '{"emptyArr":[],"emptyObj":{}}');
+    // V8: Unicode
+    addVector('cv-008', 'Unicode string content', { name: 'Тимофій', emoji: '🔐' }, '{"emoji":"🔐","name":"Тимофій"}', '{"emoji":"🔐","name":"Тимофій"}');
+    // V9: Realistic APS object — delegation-like structure
+    addVector('cv-009', 'Realistic delegation object with mixed null/present fields', {
+        delegationId: 'del_abc123',
+        delegatedBy: 'did:aps:principal001',
+        delegatedTo: 'did:aps:agent002',
+        scope: ['data:read', 'commerce:checkout'],
+        spendLimit: 500,
+        obligationBundleHash: null,
+        expiresAt: '2026-04-01T00:00:00Z',
+        notBefore: null,
+        maxDepth: 3,
+        currentDepth: 1,
+        createdAt: '2026-03-29T00:00:00Z',
+    }, '{"createdAt":"2026-03-29T00:00:00Z","currentDepth":1,"delegatedBy":"did:aps:principal001","delegatedTo":"did:aps:agent002","delegationId":"del_abc123","expiresAt":"2026-04-01T00:00:00Z","maxDepth":3,"notBefore":null,"obligationBundleHash":null,"scope":["data:read","commerce:checkout"],"spendLimit":500}', '{"createdAt":"2026-03-29T00:00:00Z","currentDepth":1,"delegatedBy":"did:aps:principal001","delegatedTo":"did:aps:agent002","delegationId":"del_abc123","expiresAt":"2026-04-01T00:00:00Z","maxDepth":3,"scope":["data:read","commerce:checkout"],"spendLimit":500}');
+    // V10: Boolean values
+    addVector('cv-010', 'Boolean values', { active: true, revoked: false }, '{"active":true,"revoked":false}', '{"active":true,"revoked":false}');
+    return vectors;
+}
+//# sourceMappingURL=canonical-jcs.js.map

package/dist/src/core/canonical-jcs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"canonical-jcs.js","sourceRoot":"","sources":["../../../src/core/canonical-jcs.ts"],"names":[],"mappings":"AAAA,qEAAqE;AACrE,kEAAkE;AAClE,qEAAqE;AACrE,qEAAqE;AACrE,wEAAwE;AACxE,EAAE;AACF,wBAAwB;AACxB,mDAAmD;AACnD,uDAAuD;AACvD,EAAE;AACF,gEAAgE;AAChE,6DAA6D;AAC7D,qEAAqE;AAErE;;;;;qEAKqE;AACrE,MAAM,UAAU,eAAe,CAAC,KAAc;IAC5C,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,MAAM,CAAA;IAExD,QAAQ,OAAO,KAAK,EAAE,CAAC;QACrB,KAAK,SAAS;YACZ,OAAO,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAA;QACjC,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;gBAAE,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAA;YAC7E,sEAAsE;YACtE,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;QAC9B,CAAC;QACD,KAAK,QAAQ;YACX,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;QAC9B,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,IAAI,KAAK,YAAY,IAAI;gBAAE,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;YACvD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBACzB,OAAO,GAAG,GAAG,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAA;YACvE,CAAC;YACD,gEAAgE;YAChE,MAAM,GAAG,GAAG,KAAgC,CAAA;YAC5C,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAA;YACpC,MAAM,KAAK,GAAa,EAAE,CAAA;YAC1B,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;gBACvB,MAAM,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAA;gBAClB,sDAAsD;gBACtD,yEAAyE;gBACzE,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,eAAe,CAAC,CAAC,CAAC,EAAE,CAAC,CAAA;YAC5D,CAAC;YACD,OAAO,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAA;QACpC,CAAC;QACD;YACE,MAAM,IAAI,KAAK,CAAC,yBAAyB,OAAO,KAAK,EAAE,CAAC,CAAA;IAC5D,CAAC;AACH,CAAC;AAED;kFACkF;AAClF,MAAM,UAAU,sBAAsB,CACpC,GAAY,EACZ,eAAuB;IAEvB,2EAA2E;IAC3E,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC;QAAE,OAAO,WAAW,CAAA;IAC3C,uEAAuE;IACvE,IAAI,eAAe,CAAC,QAAQ,CAAC,OAAO,CAAC;QAAE,OAAO,KAAK,CAAA;IACnD,OAAO,QAAQ,CAAA;AACjB,CAAC;AAED,SAAS,aAAa,CAAC,GAAY;IACjC,IAAI,GAAG,KAAK,IAAI;QAAE,OAAO,IAAI,CAAA;IAC7B,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,SAAS;QAAE,OAAO,KAAK,CAAA;IAC9D,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC,IAAI,CAAC,aAAa,CAAC,CAAA;IACtD,OAAO,MAAM,CAAC,MAAM,CAAC,GAA8B,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAC5D,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,SAAS,IAAI,aAAa,CAAC,CAAC,CAAC,CAAC,CAAA;AACtD,CAAC;AAED,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAA;AAanC,8CAA8C;AAC9C,SAAS,SAAS,CAAC,KAAa;IAC9B,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;AAClE,CAAC;AAED,4DAA4D;AAC5D,MAAM,UAAU,cAAc;IAC5B,MAAM,OAAO,GAAiC,EAAE,CAAA;IAEhD,SAAS,SAAS,CAAC,EAAU,EAAE,IAAY,EAAE,KAAc,EAAE,GAAW,EAAE,MAAc;QACtF,OAAO,CAAC,IAAI,CAAC;YACX,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,KAAK;YAC5B,YAAY,EAAE,GAAG,EAAE,eAAe,EAAE,MAAM;YAC1C,UAAU,EAAE,SAAS,CAAC,GAAG,CAAC,EAAE,aAAa,EAAE,SAAS,CAAC,MAAM,CAAC;SAC7D,CAAC,CAAA;IACJ,CAAC;IAED,8CAA8C;IAC9C,SAAS,CAAC,QAAQ,EAAE,8CAA8C,EAChE,EAAE,OAAO,EAAE,WAAW,EAAE,KAAK,EAAE,MAAM,EAAE,EACvC,wCAAwC,EACxC,wCAAwC,CAAC,CAAA;IAE3C,0CAA0C;IAC1C,SAAS,CAAC,QAAQ,EAAE,2CAA2C,EAC7D,EAAE,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,EACvD,wDAAwD,EACxD,wCAAwC,CAAC,CAAA;IAE3C,mBAAmB;IACnB,SAAS,CAAC,QAAQ,EAAE,mCAAmC,EACrD,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,EACjC,kCAAkC,EAClC,kCAAkC,CAAC,CAAA;IAErC,+BAA+B;IAC/B,SAAS,CAAC,QAAQ,EAAE,kCAAkC,EACpD,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,EAChD,gDAAgD,EAChD,mCAAmC,CAAC,CAAA;IAEtC,gCAAgC;IAChC,SAAS,CAAC,QAAQ,EAAE,sDAAsD,EACxE,EAAE,KAAK,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EACvB,sBAAsB,EACtB,sBAAsB,CAAC,CAAA;IAEzB,wBAAwB;IACxB,SAAS,CAAC,QAAQ,EAAE,yCAAyC,EAC3D,EAAE,OAAO,EAAE,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,EAAE,EACnD,oDAAoD,EACpD,oDAAoD,CAAC,CAAA;IAEvD,uBAAuB;IACvB,SAAS,CAAC,QAAQ,EAAE,8BAA8B,EAChD,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,EAC9B,+BAA+B,EAC/B,+BAA+B,CAAC,CAAA;IAElC,cAAc;IACd,SAAS,CAAC,QAAQ,EAAE,wBAAwB,EAC1C,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,EAAE,EAChC,iCAAiC,EACjC,iCAAiC,CAAC,CAAA;IAEpC,uDAAuD;IACvD,SAAS,CAAC,QAAQ,EAAE,4DAA4D,EAC9E;QACE,YAAY,EAAE,YAAY;QAC1B,WAAW,EAAE,sBAAsB;QACnC,WAAW,EAAE,kBAAkB;QAC/B,KAAK,EAAE,CAAC,WAAW,EAAE,mBAAmB,CAAC;QACzC,UAAU,EAAE,GAAG;QACf,oBAAoB,EAAE,IAAI;QAC1B,SAAS,EAAE,sBAAsB;QACjC,SAAS,EAAE,IAAI;QACf,QAAQ,EAAE,CAAC;QACX,YAAY,EAAE,CAAC;QACf,SAAS,EAAE,sBAAsB;KAClC,EACD,iTAAiT,EACjT,oQAAoQ,CAAC,CAAA;IAEvQ,sBAAsB;IACtB,SAAS,CAAC,QAAQ,EAAE,gBAAgB,EAClC,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,EAChC,iCAAiC,EACjC,iCAAiC,CAAC,CAAA;IAEpC,OAAO,OAAO,CAAA;AAChB,CAAC"}

package/dist/src/core/data-narrowing.d.ts

@@ -0,0 +1,43 @@
+import type { ConstraintFacet, ConstraintStatus } from '../types/gateway.js';
+/** A facet evaluation snapshot — facet name + its status */
+export interface FacetSnapshot {
+    facet: ConstraintFacet;
+    status: ConstraintStatus;
+}
+/** Result of a narrowing check */
+export interface NarrowingCheckResult {
+    valid: boolean;
+    /** Facets where data attempted to widen authority */
+    violations: Array<{
+        facet: ConstraintFacet;
+        before: ConstraintStatus;
+        after: ConstraintStatus;
+        message: string;
+    }>;
+}
+/** Assert that data influence only narrows authority.
+ *  Compares constraint evaluations BEFORE and AFTER data is considered.
+ *  Any facet that moves from a more restrictive status to a more
+ *  permissive one is a violation — data attempted to widen authority.
+ *
+ *  @param before - Facet evaluations before data influence
+ *  @param after  - Facet evaluations after data influence
+ *  @returns NarrowingCheckResult with any violations */
+export declare function assertDataNarrowsOnly(before: FacetSnapshot[], after: FacetSnapshot[]): NarrowingCheckResult;
+/** Apply data-sourced constraint modifications safely.
+ *  Only allows narrowing (making more restrictive).
+ *  Returns the narrowed snapshots with any widening attempts rejected.
+ *
+ *  Use case: a data source declares "this data requires scope:read_only"
+ *  → the constraint is narrowed. But if data declares "grant scope:admin"
+ *  → the widening is rejected and the original constraint stands. */
+export declare function applyDataConstraints(current: FacetSnapshot[], dataInfluence: FacetSnapshot[]): {
+    result: FacetSnapshot[];
+    rejected: NarrowingCheckResult['violations'];
+};
+/** Check if a status transition is valid narrowing (same or more restrictive) */
+export declare function isValidNarrowing(before: ConstraintStatus, after: ConstraintStatus): boolean;
+/** The status ordering: fail < unknown < not_applicable < pass.
+ *  Exported for test vectors and cross-language verification. */
+export declare const NARROWING_ORDER: Record<ConstraintStatus, number>;
+//# sourceMappingURL=data-narrowing.d.ts.map

package/dist/src/core/data-narrowing.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"data-narrowing.d.ts","sourceRoot":"","sources":["../../../src/core/data-narrowing.ts"],"names":[],"mappings":"AAaA,OAAO,KAAK,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAA;AAE5E,4DAA4D;AAC5D,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE,eAAe,CAAA;IACtB,MAAM,EAAE,gBAAgB,CAAA;CACzB;AAED,kCAAkC;AAClC,MAAM,WAAW,oBAAoB;IACnC,KAAK,EAAE,OAAO,CAAA;IACd,qDAAqD;IACrD,UAAU,EAAE,KAAK,CAAC;QAChB,KAAK,EAAE,eAAe,CAAA;QACtB,MAAM,EAAE,gBAAgB,CAAA;QACxB,KAAK,EAAE,gBAAgB,CAAA;QACvB,OAAO,EAAE,MAAM,CAAA;KAChB,CAAC,CAAA;CACH;AAWD;;;;;;;wDAOwD;AACxD,wBAAgB,qBAAqB,CACnC,MAAM,EAAE,aAAa,EAAE,EACvB,KAAK,EAAE,aAAa,EAAE,GACrB,oBAAoB,CAwBtB;AAED;;;;;;qEAMqE;AACrE,wBAAgB,oBAAoB,CAClC,OAAO,EAAE,aAAa,EAAE,EACxB,aAAa,EAAE,aAAa,EAAE,GAC7B;IAAE,MAAM,EAAE,aAAa,EAAE,CAAC;IAAC,QAAQ,EAAE,oBAAoB,CAAC,YAAY,CAAC,CAAA;CAAE,CAkC3E;AAED,iFAAiF;AACjF,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,gBAAgB,EAAE,KAAK,EAAE,gBAAgB,GAAG,OAAO,CAE3F;AAED;iEACiE;AACjE,eAAO,MAAM,eAAe,kCAAe,CAAA"}

package/dist/src/core/data-narrowing.js

@@ -0,0 +1,97 @@
+// ══════════════════════════════════════════════════════════════════
+// Data Narrowing Invariant — Data Can Only Narrow Authority
+// ══════════════════════════════════════════════════════════════════
+// GPT's "Context-Bypass Attack" (consilium March 2026):
+// An agent reads a data source containing authority-widening
+// instructions. The gateway must ensure data inputs can ONLY narrow
+// the ConstraintVector, never widen it.
+//
+// Same as monotonic narrowing for delegation — monotonic narrowing
+// for data influence. Only signed delegations from a higher-tier
+// principal can widen authority.
+// ══════════════════════════════════════════════════════════════════
+/** Status ordering for monotonic narrowing check.
+ *  Lower number = more restrictive. Authority can only move DOWN. */
+const STATUS_ORDER = {
+    'fail': 0,
+    'unknown': 1,
+    'not_applicable': 2,
+    'pass': 3,
+};
+/** Assert that data influence only narrows authority.
+ *  Compares constraint evaluations BEFORE and AFTER data is considered.
+ *  Any facet that moves from a more restrictive status to a more
+ *  permissive one is a violation — data attempted to widen authority.
+ *
+ *  @param before - Facet evaluations before data influence
+ *  @param after  - Facet evaluations after data influence
+ *  @returns NarrowingCheckResult with any violations */
+export function assertDataNarrowsOnly(before, after) {
+    const violations = [];
+    const beforeMap = new Map(before.map(f => [f.facet, f.status]));
+    for (const a of after) {
+        const beforeStatus = beforeMap.get(a.facet);
+        if (beforeStatus === undefined)
+            continue; // new facet, no comparison
+        const beforeOrder = STATUS_ORDER[beforeStatus];
+        const afterOrder = STATUS_ORDER[a.status];
+        // If after is MORE permissive (higher order) than before → violation
+        if (afterOrder > beforeOrder) {
+            violations.push({
+                facet: a.facet,
+                before: beforeStatus,
+                after: a.status,
+                message: `Data attempted to widen ${a.facet}: ${beforeStatus} → ${a.status}`,
+            });
+        }
+    }
+    return { valid: violations.length === 0, violations };
+}
+/** Apply data-sourced constraint modifications safely.
+ *  Only allows narrowing (making more restrictive).
+ *  Returns the narrowed snapshots with any widening attempts rejected.
+ *
+ *  Use case: a data source declares "this data requires scope:read_only"
+ *  → the constraint is narrowed. But if data declares "grant scope:admin"
+ *  → the widening is rejected and the original constraint stands. */
+export function applyDataConstraints(current, dataInfluence) {
+    const currentMap = new Map(current.map(f => [f.facet, f]));
+    const result = [...current];
+    const rejected = [];
+    for (const influence of dataInfluence) {
+        const existing = currentMap.get(influence.facet);
+        if (!existing) {
+            // New facet from data — only accept if restrictive (fail or unknown)
+            if (STATUS_ORDER[influence.status] <= STATUS_ORDER['unknown']) {
+                result.push(influence);
+            }
+            continue;
+        }
+        const existingOrder = STATUS_ORDER[existing.status];
+        const influenceOrder = STATUS_ORDER[influence.status];
+        if (influenceOrder <= existingOrder) {
+            // More restrictive or equal — allowed (narrowing)
+            const idx = result.findIndex(f => f.facet === influence.facet);
+            if (idx >= 0)
+                result[idx] = influence;
+        }
+        else {
+            // Less restrictive — rejected (widening attempt)
+            rejected.push({
+                facet: influence.facet,
+                before: existing.status,
+                after: influence.status,
+                message: `Rejected: data tried to widen ${influence.facet} from ${existing.status} to ${influence.status}`,
+            });
+        }
+    }
+    return { result, rejected };
+}
+/** Check if a status transition is valid narrowing (same or more restrictive) */
+export function isValidNarrowing(before, after) {
+    return STATUS_ORDER[after] <= STATUS_ORDER[before];
+}
+/** The status ordering: fail < unknown < not_applicable < pass.
+ *  Exported for test vectors and cross-language verification. */
+export const NARROWING_ORDER = STATUS_ORDER;
+//# sourceMappingURL=data-narrowing.js.map

package/dist/src/core/data-narrowing.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"data-narrowing.js","sourceRoot":"","sources":["../../../src/core/data-narrowing.ts"],"names":[],"mappings":"AAAA,qEAAqE;AACrE,4DAA4D;AAC5D,qEAAqE;AACrE,wDAAwD;AACxD,6DAA6D;AAC7D,oEAAoE;AACpE,wCAAwC;AACxC,EAAE;AACF,mEAAmE;AACnE,iEAAiE;AACjE,iCAAiC;AACjC,qEAAqE;AAsBrE;qEACqE;AACrE,MAAM,YAAY,GAAqC;IACrD,MAAM,EAAE,CAAC;IACT,SAAS,EAAE,CAAC;IACZ,gBAAgB,EAAE,CAAC;IACnB,MAAM,EAAE,CAAC;CACV,CAAA;AAED;;;;;;;wDAOwD;AACxD,MAAM,UAAU,qBAAqB,CACnC,MAAuB,EACvB,KAAsB;IAEtB,MAAM,UAAU,GAAuC,EAAE,CAAA;IAEzD,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAA;IAE/D,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,MAAM,YAAY,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAA;QAC3C,IAAI,YAAY,KAAK,SAAS;YAAE,SAAQ,CAAC,2BAA2B;QAEpE,MAAM,WAAW,GAAG,YAAY,CAAC,YAAY,CAAC,CAAA;QAC9C,MAAM,UAAU,GAAG,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC,CAAA;QAEzC,qEAAqE;QACrE,IAAI,UAAU,GAAG,WAAW,EAAE,CAAC;YAC7B,UAAU,CAAC,IAAI,CAAC;gBACd,KAAK,EAAE,CAAC,CAAC,KAAK;gBACd,MAAM,EAAE,YAAY;gBACpB,KAAK,EAAE,CAAC,CAAC,MAAM;gBACf,OAAO,EAAE,2BAA2B,CAAC,CAAC,KAAK,KAAK,YAAY,MAAM,CAAC,CAAC,MAAM,EAAE;aAC7E,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,UAAU,EAAE,CAAA;AACvD,CAAC;AAED;;;;;;qEAMqE;AACrE,MAAM,UAAU,oBAAoB,CAClC,OAAwB,EACxB,aAA8B;IAE9B,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,CAAA;IAC1D,MAAM,MAAM,GAAoB,CAAC,GAAG,OAAO,CAAC,CAAA;IAC5C,MAAM,QAAQ,GAAuC,EAAE,CAAA;IAEvD,KAAK,MAAM,SAAS,IAAI,aAAa,EAAE,CAAC;QACtC,MAAM,QAAQ,GAAG,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;QAChD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,qEAAqE;YACrE,IAAI,YAAY,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,YAAY,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC9D,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;YACxB,CAAC;YACD,SAAQ;QACV,CAAC;QAED,MAAM,aAAa,GAAG,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;QACnD,MAAM,cAAc,GAAG,YAAY,CAAC,SAAS,CAAC,MAAM,CAAC,CAAA;QAErD,IAAI,cAAc,IAAI,aAAa,EAAE,CAAC;YACpC,kDAAkD;YAClD,MAAM,GAAG,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,SAAS,CAAC,KAAK,CAAC,CAAA;YAC9D,IAAI,GAAG,IAAI,CAAC;gBAAE,MAAM,CAAC,GAAG,CAAC,GAAG,SAAS,CAAA;QACvC,CAAC;aAAM,CAAC;YACN,iDAAiD;YACjD,QAAQ,CAAC,IAAI,CAAC;gBACZ,KAAK,EAAE,SAAS,CAAC,KAAK;gBACtB,MAAM,EAAE,QAAQ,CAAC,MAAM;gBACvB,KAAK,EAAE,SAAS,CAAC,MAAM;gBACvB,OAAO,EAAE,iCAAiC,SAAS,CAAC,KAAK,SAAS,QAAQ,CAAC,MAAM,OAAO,SAAS,CAAC,MAAM,EAAE;aAC3G,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAA;AAC7B,CAAC;AAED,iFAAiF;AACjF,MAAM,UAAU,gBAAgB,CAAC,MAAwB,EAAE,KAAuB;IAChF,OAAO,YAAY,CAAC,KAAK,CAAC,IAAI,YAAY,CAAC,MAAM,CAAC,CAAA;AACpD,CAAC;AAED;iEACiE;AACjE,MAAM,CAAC,MAAM,eAAe,GAAG,YAAY,CAAA"}

package/dist/src/core/data-source-attribution.d.ts

@@ -0,0 +1,17 @@
+import type { DataAccessReceipt } from '../types/data-source.js';
+import type { DataAttributionModel, DataSourceAttributionReport } from '../types/data-contribution.js';
+export declare function computeDataSourceAttribution(opts: {
+    outputArtifactId: string;
+    outputType: 'decision' | 'content' | 'model' | 'action';
+    accessReceipts: DataAccessReceipt[];
+    sourceDescriptors?: Map<string, string>;
+    model?: DataAttributionModel;
+    customWeights?: Map<string, number>;
+    generatorPublicKey: string;
+    generatorPrivateKey: string;
+}): DataSourceAttributionReport;
+export declare function verifyDataSourceAttribution(report: DataSourceAttributionReport, publicKey: string): {
+    valid: boolean;
+    errors: string[];
+};
+//# sourceMappingURL=data-source-attribution.d.ts.map

package/dist/src/core/data-source-attribution.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"data-source-attribution.d.ts","sourceRoot":"","sources":["../../../src/core/data-source-attribution.ts"],"names":[],"mappings":"AAmBA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAA;AAChE,OAAO,KAAK,EACV,oBAAoB,EAEpB,2BAA2B,EAC5B,MAAM,+BAA+B,CAAA;AAkHtC,wBAAgB,4BAA4B,CAAC,IAAI,EAAE;IACjD,gBAAgB,EAAE,MAAM,CAAA;IACxB,UAAU,EAAE,UAAU,GAAG,SAAS,GAAG,OAAO,GAAG,QAAQ,CAAA;IACvD,cAAc,EAAE,iBAAiB,EAAE,CAAA;IACnC,iBAAiB,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IACvC,KAAK,CAAC,EAAE,oBAAoB,CAAA;IAC5B,aAAa,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IACnC,kBAAkB,EAAE,MAAM,CAAA;IAC1B,mBAAmB,EAAE,MAAM,CAAA;CAC5B,GAAG,2BAA2B,CAsE9B;AAMD,wBAAgB,2BAA2B,CACzC,MAAM,EAAE,2BAA2B,EACnC,SAAS,EAAE,MAAM,GAChB;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,CAwCtC"}