agent-passport-system 1.28.0 → 1.29.1

package/README.md

@@ -2,14 +2,15 @@
 
 [![npm version](https://img.shields.io/npm/v/agent-passport-system)](https://www.npmjs.com/package/agent-passport-system)
 [![license](https://img.shields.io/npm/l/agent-passport-system)](https://github.com/aeoess/agent-passport-system/blob/main/LICENSE)
-[![tests](https://img.shields.io/badge/tests-1656%20passing-brightgreen)](https://github.com/aeoess/agent-passport-system)
+[![tests](https://img.shields.io/badge/tests-1852%20passing-brightgreen)](https://github.com/aeoess/agent-passport-system)
 [![DOI](https://zenodo.org/badge/DOI/10.5281/zenodo.18749779.svg)](https://doi.org/10.5281/zenodo.18749779)
+[![cited](https://img.shields.io/badge/cited%20by-PDR%20in%20Production%20(UBC)-blue)](https://doi.org/10.5281/zenodo.19323172)
 
-> **For AI agents:** visit [aeoess.com/llms.txt](https://aeoess.com/llms.txt) for machine-readable docs or [llms-full.txt](https://aeoess.com/llms-full.txt) for the complete reference.
+> **For AI agents:** visit [aeoess.com/llms.txt](https://aeoess.com/llms.txt) for machine-readable docs or [llms-full.txt](https://aeoess.com/llms-full.txt) for the complete reference. MCP discovery: [.well-known/mcp.json](https://aeoess.com/.well-known/mcp.json).
 
-**Governance infrastructure for the agent economy.** Identity, delegation, reputation, enforcement, commerce, institutional governance. Not just identity — the full stack.
+**Enforcement infrastructure for the agent economy.** Every action evaluated in under 2ms. 15 constraint dimensions. 403 ops/sec. Sub-millisecond denial. Feeless Nano payments. 95 modules. 1,919 tests. Not just identity — the full enforcement stack.
 
-AI agents represent companies and people. They spend real money, access sensitive data, negotiate contracts, and talk to other agents. APS answers: what is this agent allowed to do? How much can it spend? Is it trustworthy? What happens when it violates a constraint? And can you prove all of this cryptographically?
+AI agents represent companies and people. They spend real money, access sensitive data, negotiate contracts, and talk to other agents. APS is the enforcement layer that answers: what is this agent allowed to do? How much can it spend? Is it trustworthy? What happens when it violates a constraint? And can you prove all of this cryptographically? Independently validated by [PDR in Production (Nanook & Gerundium, UBC)](https://doi.org/10.5281/zenodo.19323172).
 
 ```bash
 npm install agent-passport-system
@@ -27,6 +28,21 @@ npm install agent-passport-system
 
 **Revoke authority instantly** — cascade revocation propagates through delegation chains. Revoke a parent, all children are automatically revoked. The gateway rechecks revocation at execution time, not just at approval time.
 
+## Benchmarks
+
+| Metric | Value | Notes |
+|--------|------:|-------|
+| Policy eval p50 | <2ms | Full 15-dimension constraint check |
+| Policy eval p95 | <5ms | Including reputation lookup |
+| Policy eval p99 | <10ms | Worst case with cold cache |
+| Denial latency | <1ms | Fail-fast on first constraint violation |
+| Throughput | 403 ops/sec | Single-threaded gateway |
+| Cascade revocation | <5ms | Chains up to 100 deep |
+| Receipt generation | <1ms | Ed25519 signed, hash-chained |
+| Nano transaction | <1s | Feeless, delegation-scoped |
+
+15 constraint dimensions: scope, spend, tier, values, revocation, taint, anomaly, circuit, approval, temporal, jurisdiction, purpose, combination, retention, terms. [Full benchmarks →](https://aeoess.com/benchmarks.html)
+
 ## Quick Example: Enforce, Don't Just Identify
 
 ```typescript
@@ -124,7 +140,7 @@ const agent = joinSocialContract({ name: 'my-agent', owner: 'alice', floor: floo
 
 ## The Stack
 
-56 core modules + 32 v2 constitutional modules. 1707 tests. Zero heavy dependencies.
+63 core modules + 32 v2 constitutional modules. 1919 tests. Zero heavy dependencies.
 
 | Layer | What it does | Key primitive |
 |-------|-------------|---------------|
@@ -143,7 +159,7 @@ const agent = joinSocialContract({ name: 'my-agent', owner: 'alice', floor: floo
 
 ## MCP Server
 
-121 tools across all modules. Any MCP client connects agents directly.
+124 tools across all modules. Any MCP client connects agents directly.
 
 ```bash
 npm install -g agent-passport-system-mcp
@@ -178,7 +194,7 @@ npx agent-passport audit --floor values/floor.yaml
 
 ```bash
 npm test
-# 1707 tests across 86 files, 443 suites, 0 failures
+# 1919 tests across 98 files, 484 suites, 0 failures
 ```
 
 50 adversarial tests: Merkle tampering, attribution gaming, compliance violations, floor negotiation attacks, cross-chain confused deputy, taint laundering, authority probing.
@@ -196,7 +212,7 @@ npm test
 | Signed receipts | 3-sig chain | Proposed | Logs | General | — |
 | Values enforcement | 8 principles, graduated | — | Rules | — | — |
 | Coordination | Task lifecycle + MCP | — | — | — | — |
-| Tests | 1656 (50 adversarial) | None | Limited | None | None |
+| Tests | 1852 (50 adversarial) | None | Limited | None | None |
 
 ## Recognition
 
@@ -228,6 +244,24 @@ Protocol: [aeoess.com/protocol.html](https://aeoess.com/protocol.html) · Agora:
 - Quick start: [aeoess.com/llms/quickstart.txt](https://aeoess.com/llms/quickstart.txt)
 - API reference: [aeoess.com/llms/api.txt](https://aeoess.com/llms/api.txt)
 
+## Passport Issuer (CA Model)
+
+Passports issued through official AEOESS infrastructure are countersigned with the AEOESS issuer key. Self-signed passports are cryptographically valid but won't pass issuer verification.
+
+```typescript
+import { countersignPassport, verifyIssuerSignature } from 'agent-passport-system'
+
+// Issuer countersigns after agent self-signs
+const issued = countersignPassport(signedPassport, issuerPrivateKey, 'aeoess')
+
+// Anyone can verify against the published public key
+const AEOESS_KEY = 'e11f46f5831432d17852189d5df10ed21d5774797ae9ee52dbab8c650fec16ae'
+const trusted = verifyIssuerSignature(issued, AEOESS_KEY) // true
+```
+
+Published key: [aeoess.com/.well-known/aeoess-issuer.json](https://aeoess.com/.well-known/aeoess-issuer.json)  
+MCP tool: `verify_issuer`
+
 ## License
 
 Apache-2.0 — see [LICENSE](LICENSE)

package/dist/src/adapters/openshell.d.ts

@@ -0,0 +1,64 @@
+/**
+ * NVIDIA OpenShell Adapter
+ *
+ * Maps APS delegation scopes to OpenShell sandbox policy YAML.
+ * An agent's delegation chain determines what the sandbox can access.
+ *
+ * Usage:
+ *   const policy = delegationToPolicy(delegation, basePolicy)
+ *   // Write policy to YAML, pass to: openshell sandbox create --policy ./policy.yaml
+ */
+import type { Delegation } from '../types/passport.js';
+export interface OpenShellPolicy {
+    version: 1;
+    identity_policy?: {
+        agent_public_key: string;
+        issuer_public_key?: string;
+        delegation_chain_depth: number;
+    };
+    filesystem_policy?: {
+        read_only: string[];
+        read_write: string[];
+    };
+    network_policies?: Record<string, NetworkPolicyEntry>;
+    process?: {
+        run_as_user: string;
+        run_as_group: string;
+    };
+}
+export interface NetworkPolicyEntry {
+    name: string;
+    endpoints: Array<{
+        host: string;
+        port: number;
+        protocol?: string;
+    }>;
+    binaries?: Array<{
+        path: string;
+    }>;
+}
+export interface ScopeMapping {
+    scope: string;
+    filesystemRead?: string[];
+    filesystemWrite?: string[];
+    networkAllow?: Array<{
+        host: string;
+        port: number;
+    }>;
+    inferenceLocal?: boolean;
+}
+/**
+ * Extract effective scopes from a delegation, applying monotonic narrowing.
+ */
+export declare function extractEffectiveScopes(delegation: Delegation): string[];
+/**
+ * Map APS delegation scopes to OpenShell policy sections.
+ * The output policy is the intersection of the delegation scope and the base policy.
+ */
+export declare function delegationToPolicy(delegation: Delegation, agentPublicKey: string, issuerPublicKey?: string, customMappings?: Record<string, Partial<ScopeMapping>>): OpenShellPolicy;
+/**
+ * Serialize an OpenShell policy to YAML string.
+ * Minimal YAML serializer — no external deps.
+ */
+export declare function policyToYaml(policy: OpenShellPolicy): string;
+//# sourceMappingURL=openshell.d.ts.map

package/dist/src/adapters/openshell.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"openshell.d.ts","sourceRoot":"","sources":["../../../src/adapters/openshell.ts"],"names":[],"mappings":"AACA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAA;AAEtD,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,CAAC,CAAA;IACV,eAAe,CAAC,EAAE;QAChB,gBAAgB,EAAE,MAAM,CAAA;QACxB,iBAAiB,CAAC,EAAE,MAAM,CAAA;QAC1B,sBAAsB,EAAE,MAAM,CAAA;KAC/B,CAAA;IACD,iBAAiB,CAAC,EAAE;QAClB,SAAS,EAAE,MAAM,EAAE,CAAA;QACnB,UAAU,EAAE,MAAM,EAAE,CAAA;KACrB,CAAA;IACD,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,kBAAkB,CAAC,CAAA;IACrD,OAAO,CAAC,EAAE;QACR,WAAW,EAAE,MAAM,CAAA;QACnB,YAAY,EAAE,MAAM,CAAA;KACrB,CAAA;CACF;AAED,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,CAAA;IACZ,SAAS,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;IACnE,QAAQ,CAAC,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;CACnC;AAED,MAAM,WAAW,YAAY;IAC3B,KAAK,EAAE,MAAM,CAAA;IACb,cAAc,CAAC,EAAE,MAAM,EAAE,CAAA;IACzB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAA;IAC1B,YAAY,CAAC,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;IACpD,cAAc,CAAC,EAAE,OAAO,CAAA;CACzB;AAuBD;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,UAAU,EAAE,UAAU,GAAG,MAAM,EAAE,CAEvE;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,CAChC,UAAU,EAAE,UAAU,EACtB,cAAc,EAAE,MAAM,EACtB,eAAe,CAAC,EAAE,MAAM,EACxB,cAAc,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC,GACrD,eAAe,CA4CjB;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,MAAM,EAAE,eAAe,GAAG,MAAM,CAwC5D"}

package/dist/src/adapters/openshell.js

@@ -0,0 +1,126 @@
+// Copyright 2024-2026 Tymofii Pidlisnyi. Apache-2.0 license. See LICENSE.
+/**
+ * NVIDIA OpenShell Adapter
+ *
+ * Maps APS delegation scopes to OpenShell sandbox policy YAML.
+ * An agent's delegation chain determines what the sandbox can access.
+ *
+ * Usage:
+ *   const policy = delegationToPolicy(delegation, basePolicy)
+ *   // Write policy to YAML, pass to: openshell sandbox create --policy ./policy.yaml
+ */
+const DEFAULT_SCOPE_MAPPINGS = {
+    'filesystem:read': { filesystemRead: ['/sandbox', '/tmp'] },
+    'filesystem:write': { filesystemWrite: ['/sandbox', '/tmp'] },
+    'network:*': { networkAllow: [] },
+    'commerce:*': { networkAllow: [{ host: 'gateway.aeoess.com', port: 443 }] },
+    'inference:local': { inferenceLocal: true },
+};
+/**
+ * Check if a delegation scope covers a target scope.
+ * Supports wildcards: 'commerce:*' covers 'commerce:send'.
+ */
+function scopeCovers(granted, target) {
+    if (granted === target)
+        return true;
+    if (granted.endsWith(':*')) {
+        const prefix = granted.slice(0, -1);
+        return target.startsWith(prefix);
+    }
+    return false;
+}
+/**
+ * Extract effective scopes from a delegation, applying monotonic narrowing.
+ */
+export function extractEffectiveScopes(delegation) {
+    return delegation.scope || [];
+}
+/**
+ * Map APS delegation scopes to OpenShell policy sections.
+ * The output policy is the intersection of the delegation scope and the base policy.
+ */
+export function delegationToPolicy(delegation, agentPublicKey, issuerPublicKey, customMappings) {
+    const mappings = { ...DEFAULT_SCOPE_MAPPINGS, ...customMappings };
+    const scopes = extractEffectiveScopes(delegation);
+    const readPaths = new Set(['/usr', '/lib', '/etc']);
+    const writePaths = new Set();
+    const networkEntries = [];
+    for (const scope of scopes) {
+        for (const [pattern, mapping] of Object.entries(mappings)) {
+            if (scopeCovers(pattern, scope)) {
+                if (mapping.filesystemRead)
+                    mapping.filesystemRead.forEach(p => readPaths.add(p));
+                if (mapping.filesystemWrite)
+                    mapping.filesystemWrite.forEach(p => writePaths.add(p));
+                if (mapping.networkAllow)
+                    networkEntries.push(...mapping.networkAllow);
+            }
+        }
+    }
+    const policy = {
+        version: 1,
+        identity_policy: {
+            agent_public_key: agentPublicKey,
+            issuer_public_key: issuerPublicKey,
+            delegation_chain_depth: delegation.currentDepth || 0,
+        },
+        filesystem_policy: {
+            read_only: [...readPaths],
+            read_write: [...writePaths],
+        },
+        process: { run_as_user: 'sandbox', run_as_group: 'sandbox' },
+    };
+    if (networkEntries.length > 0) {
+        policy.network_policies = {};
+        networkEntries.forEach((entry, i) => {
+            const key = `aps_${entry.host.replace(/\./g, '_')}`;
+            policy.network_policies[key] = {
+                name: `APS: ${entry.host}`,
+                endpoints: [{ host: entry.host, port: entry.port, protocol: 'rest' }],
+            };
+        });
+    }
+    return policy;
+}
+/**
+ * Serialize an OpenShell policy to YAML string.
+ * Minimal YAML serializer — no external deps.
+ */
+export function policyToYaml(policy) {
+    const lines = [`version: ${policy.version}`];
+    if (policy.identity_policy) {
+        lines.push('', 'identity_policy:');
+        lines.push(`  agent_public_key: "${policy.identity_policy.agent_public_key}"`);
+        if (policy.identity_policy.issuer_public_key)
+            lines.push(`  issuer_public_key: "${policy.identity_policy.issuer_public_key}"`);
+        lines.push(`  delegation_chain_depth: ${policy.identity_policy.delegation_chain_depth}`);
+    }
+    if (policy.filesystem_policy) {
+        lines.push('', 'filesystem_policy:');
+        lines.push('  read_only:');
+        policy.filesystem_policy.read_only.forEach(p => lines.push(`    - ${p}`));
+        lines.push('  read_write:');
+        policy.filesystem_policy.read_write.forEach(p => lines.push(`    - ${p}`));
+    }
+    if (policy.process) {
+        lines.push('', 'process:');
+        lines.push(`  run_as_user: ${policy.process.run_as_user}`);
+        lines.push(`  run_as_group: ${policy.process.run_as_group}`);
+    }
+    if (policy.network_policies) {
+        lines.push('', 'network_policies:');
+        for (const [key, entry] of Object.entries(policy.network_policies)) {
+            lines.push(`  ${key}:`);
+            lines.push(`    name: "${entry.name}"`);
+            lines.push('    endpoints:');
+            entry.endpoints.forEach(ep => {
+                lines.push(`      - host: ${ep.host}`);
+                lines.push(`        port: ${ep.port}`);
+                if (ep.protocol)
+                    lines.push(`        protocol: ${ep.protocol}`);
+            });
+        }
+    }
+    return lines.join('\n') + '\n';
+}
+//# sourceMappingURL=openshell.js.map

package/dist/src/adapters/openshell.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"openshell.js","sourceRoot":"","sources":["../../../src/adapters/openshell.ts"],"names":[],"mappings":"AAAA,0EAA0E;AAC1E;;;;;;;;;GASG;AAoCH,MAAM,sBAAsB,GAA0C;IACpE,iBAAiB,EAAE,EAAE,cAAc,EAAE,CAAC,UAAU,EAAE,MAAM,CAAC,EAAE;IAC3D,kBAAkB,EAAE,EAAE,eAAe,EAAE,CAAC,UAAU,EAAE,MAAM,CAAC,EAAE;IAC7D,WAAW,EAAE,EAAE,YAAY,EAAE,EAAE,EAAE;IACjC,YAAY,EAAE,EAAE,YAAY,EAAE,CAAC,EAAE,IAAI,EAAE,oBAAoB,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,EAAE;IAC3E,iBAAiB,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE;CAC5C,CAAA;AAED;;;GAGG;AACH,SAAS,WAAW,CAAC,OAAe,EAAE,MAAc;IAClD,IAAI,OAAO,KAAK,MAAM;QAAE,OAAO,IAAI,CAAA;IACnC,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAC3B,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;QACnC,OAAO,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;IAClC,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB,CAAC,UAAsB;IAC3D,OAAO,UAAU,CAAC,KAAK,IAAI,EAAE,CAAA;AAC/B,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAChC,UAAsB,EACtB,cAAsB,EACtB,eAAwB,EACxB,cAAsD;IAEtD,MAAM,QAAQ,GAAG,EAAE,GAAG,sBAAsB,EAAE,GAAG,cAAc,EAAE,CAAA;IACjE,MAAM,MAAM,GAAG,sBAAsB,CAAC,UAAU,CAAC,CAAA;IAEjD,MAAM,SAAS,GAAG,IAAI,GAAG,CAAS,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,CAAA;IAC3D,MAAM,UAAU,GAAG,IAAI,GAAG,EAAU,CAAA;IACpC,MAAM,cAAc,GAA0C,EAAE,CAAA;IAEhE,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,KAAK,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC1D,IAAI,WAAW,CAAC,OAAO,EAAE,KAAK,CAAC,EAAE,CAAC;gBAChC,IAAI,OAAO,CAAC,cAAc;oBAAE,OAAO,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;gBACjF,IAAI,OAAO,CAAC,eAAe;oBAAE,OAAO,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;gBACpF,IAAI,OAAO,CAAC,YAAY;oBAAE,cAAc,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,YAAY,CAAC,CAAA;YACxE,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,MAAM,GAAoB;QAC9B,OAAO,EAAE,CAAC;QACV,eAAe,EAAE;YACf,gBAAgB,EAAE,cAAc;YAChC,iBAAiB,EAAE,eAAe;YAClC,sBAAsB,EAAE,UAAU,CAAC,YAAY,IAAI,CAAC;SACrD;QACD,iBAAiB,EAAE;YACjB,SAAS,EAAE,CAAC,GAAG,SAAS,CAAC;YACzB,UAAU,EAAE,CAAC,GAAG,UAAU,CAAC;SAC5B;QACD,OAAO,EAAE,EAAE,WAAW,EAAE,SAAS,EAAE,YAAY,EAAE,SAAS,EAAE;KAC7D,CAAA;IAED,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,MAAM,CAAC,gBAAgB,GAAG,EAAE,CAAA;QAC5B,cAAc,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,CAAC,EAAE,EAAE;YAClC,MAAM,GAAG,GAAG,OAAO,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,EAAE,CAAA;YACnD,MAAM,CAAC,gBAAiB,CAAC,GAAG,CAAC,GAAG;gBAC9B,IAAI,EAAE,QAAQ,KAAK,CAAC,IAAI,EAAE;gBAC1B,SAAS,EAAE,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;aACtE,CAAA;QACH,CAAC,CAAC,CAAA;IACJ,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,MAAuB;IAClD,MAAM,KAAK,GAAa,CAAC,YAAY,MAAM,CAAC,OAAO,EAAE,CAAC,CAAA;IAEtD,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC;QAC3B,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE,kBAAkB,CAAC,CAAA;QAClC,KAAK,CAAC,IAAI,CAAC,wBAAwB,MAAM,CAAC,eAAe,CAAC,gBAAgB,GAAG,CAAC,CAAA;QAC9E,IAAI,MAAM,CAAC,eAAe,CAAC,iBAAiB;YAC1C,KAAK,CAAC,IAAI,CAAC,yBAAyB,MAAM,CAAC,eAAe,CAAC,iBAAiB,GAAG,CAAC,CAAA;QAClF,KAAK,CAAC,IAAI,CAAC,6BAA6B,MAAM,CAAC,eAAe,CAAC,sBAAsB,EAAE,CAAC,CAAA;IAC1F,CAAC;IAED,IAAI,MAAM,CAAC,iBAAiB,EAAE,CAAC;QAC7B,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE,oBAAoB,CAAC,CAAA;QACpC,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAA;QAC1B,MAAM,CAAC,iBAAiB,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,CAAA;QACzE,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;QAC3B,MAAM,CAAC,iBAAiB,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,CAAA;IAC5E,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACnB,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE,UAAU,CAAC,CAAA;QAC1B,KAAK,CAAC,IAAI,CAAC,kBAAkB,MAAM,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAA;QAC1D,KAAK,CAAC,IAAI,CAAC,mBAAmB,MAAM,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC,CAAA;IAC9D,CAAC;IAED,IAAI,MAAM,CAAC,gBAAgB,EAAE,CAAC;QAC5B,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE,mBAAmB,CAAC,CAAA;QACnC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,gBAAgB,CAAC,EAAE,CAAC;YACnE,KAAK,CAAC,IAAI,CAAC,KAAK,GAAG,GAAG,CAAC,CAAA;YACvB,KAAK,CAAC,IAAI,CAAC,cAAc,KAAK,CAAC,IAAI,GAAG,CAAC,CAAA;YACvC,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAA;YAC5B,KAAK,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE;gBAC3B,KAAK,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAAC,IAAI,EAAE,CAAC,CAAA;gBACtC,KAAK,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAAC,IAAI,EAAE,CAAC,CAAA;gBACtC,IAAI,EAAE,CAAC,QAAQ;oBAAE,KAAK,CAAC,IAAI,CAAC,qBAAqB,EAAE,CAAC,QAAQ,EAAE,CAAC,CAAA;YACjE,CAAC,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAA;AAChC,CAAC"}

package/dist/src/core/anchor-state.d.ts

@@ -0,0 +1,46 @@
+/** External anchor state for a receipt or batch.
+ *  unanchored: exists only in gateway memory
+ *  batched_pending: included in a Merkle batch, root not yet anchored externally
+ *  anchored: Merkle root published to external log (Rekor, Solana, etc.)
+ *  critical_direct_anchor: individual receipt anchored directly (bypass batching) */
+export type AnchorState = 'unanchored' | 'batched_pending' | 'anchored' | 'critical_direct_anchor';
+/** Anchor metadata on a receipt */
+export interface AnchorMetadata {
+    state: AnchorState;
+    /** Batch ID if batched_pending or anchored */
+    batchId?: string;
+    /** External anchor reference (URL, transaction ID, etc.) */
+    anchorRef?: string;
+    /** When the anchor was confirmed */
+    anchoredAt?: string;
+    /** Which anchor backend was used */
+    anchorBackend?: string;
+}
+/** Auto-batch configuration */
+export interface AutoBatchConfig {
+    /** Maximum seconds between batch commits (0 = disabled) */
+    maxIntervalSeconds: number;
+    /** Maximum receipts before auto-commit (0 = disabled) */
+    maxReceiptsPerBatch: number;
+    /** Whether critical/irreversible actions get direct anchor */
+    directAnchorCritical: boolean;
+}
+export declare const DEFAULT_AUTO_BATCH_CONFIG: AutoBatchConfig;
+/** Create initial anchor metadata for a new receipt */
+export declare function createAnchorMetadata(critical?: boolean): AnchorMetadata;
+/** Transition anchor state when receipt is added to a batch */
+export declare function markBatched(anchor: AnchorMetadata, batchId: string): AnchorMetadata;
+/** Transition anchor state when batch root is externally anchored */
+export declare function markAnchored(anchor: AnchorMetadata, anchorRef: string, anchorBackend: string): AnchorMetadata;
+/** Check if auto-batch should fire based on config and current state */
+export declare function shouldAutoBatch(pendingCount: number, lastBatchTime: string | null, config?: AutoBatchConfig): {
+    trigger: boolean;
+    reason: 'max_receipts' | 'max_interval' | null;
+};
+/** Check if an anchor state meets a minimum requirement */
+export declare function meetsAnchorRequirement(current: AnchorState, minimum: AnchorState): boolean;
+/** Check if anchor state transition is valid (can only move forward) */
+export declare function isValidAnchorTransition(from: AnchorState, to: AnchorState): boolean;
+/** Exported ordering for cross-language verification */
+export declare const ANCHOR_STATE_ORDER: Record<AnchorState, number>;
+//# sourceMappingURL=anchor-state.d.ts.map

package/dist/src/core/anchor-state.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"anchor-state.d.ts","sourceRoot":"","sources":["../../../src/core/anchor-state.ts"],"names":[],"mappings":"AAYA;;;;qFAIqF;AACrF,MAAM,MAAM,WAAW,GAAG,YAAY,GAAG,iBAAiB,GAAG,UAAU,GAAG,wBAAwB,CAAA;AAElG,mCAAmC;AACnC,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,WAAW,CAAA;IAClB,8CAA8C;IAC9C,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,4DAA4D;IAC5D,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,oCAAoC;IACpC,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,oCAAoC;IACpC,aAAa,CAAC,EAAE,MAAM,CAAA;CACvB;AAED,+BAA+B;AAC/B,MAAM,WAAW,eAAe;IAC9B,2DAA2D;IAC3D,kBAAkB,EAAE,MAAM,CAAA;IAC1B,yDAAyD;IACzD,mBAAmB,EAAE,MAAM,CAAA;IAC3B,8DAA8D;IAC9D,oBAAoB,EAAE,OAAO,CAAA;CAC9B;AAED,eAAO,MAAM,yBAAyB,EAAE,eAIvC,CAAA;AAED,uDAAuD;AACvD,wBAAgB,oBAAoB,CAAC,QAAQ,GAAE,OAAe,GAAG,cAAc,CAI9E;AAED,+DAA+D;AAC/D,wBAAgB,WAAW,CAAC,MAAM,EAAE,cAAc,EAAE,OAAO,EAAE,MAAM,GAAG,cAAc,CAInF;AAED,qEAAqE;AACrE,wBAAgB,YAAY,CAC1B,MAAM,EAAE,cAAc,EACtB,SAAS,EAAE,MAAM,EACjB,aAAa,EAAE,MAAM,GACpB,cAAc,CAQhB;AAED,wEAAwE;AACxE,wBAAgB,eAAe,CAC7B,YAAY,EAAE,MAAM,EACpB,aAAa,EAAE,MAAM,GAAG,IAAI,EAC5B,MAAM,GAAE,eAA2C,GAClD;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,cAAc,GAAG,cAAc,GAAG,IAAI,CAAA;CAAE,CAsBtE;AAUD,2DAA2D;AAC3D,wBAAgB,sBAAsB,CACpC,OAAO,EAAE,WAAW,EACpB,OAAO,EAAE,WAAW,GACnB,OAAO,CAET;AAED,wEAAwE;AACxE,wBAAgB,uBAAuB,CAAC,IAAI,EAAE,WAAW,EAAE,EAAE,EAAE,WAAW,GAAG,OAAO,CAEnF;AAED,wDAAwD;AACxD,eAAO,MAAM,kBAAkB,6BAAe,CAAA"}

package/dist/src/core/anchor-state.js

@@ -0,0 +1,80 @@
+// ══════════════════════════════════════════════════════════════════
+// Anchor States — External verifiability tracking for receipts
+// ══════════════════════════════════════════════════════════════════
+// Consilium Priority 6. Gemini: "explicit receipt anchor states."
+// desiorac (A2A #1672): batch commitment lags individual receipts.
+//
+// Every receipt and batch carries an anchor state:
+//   unanchored → batched_pending → anchored → critical_direct_anchor
+//
+// Auto-batching: configurable window (N seconds or N receipts).
+// ══════════════════════════════════════════════════════════════════
+export const DEFAULT_AUTO_BATCH_CONFIG = {
+    maxIntervalSeconds: 300, // 5 minutes
+    maxReceiptsPerBatch: 100,
+    directAnchorCritical: true,
+};
+/** Create initial anchor metadata for a new receipt */
+export function createAnchorMetadata(critical = false) {
+    return {
+        state: critical ? 'critical_direct_anchor' : 'unanchored',
+    };
+}
+/** Transition anchor state when receipt is added to a batch */
+export function markBatched(anchor, batchId) {
+    if (anchor.state === 'critical_direct_anchor')
+        return anchor; // already anchored
+    if (anchor.state === 'anchored')
+        return anchor; // already anchored
+    return { ...anchor, state: 'batched_pending', batchId };
+}
+/** Transition anchor state when batch root is externally anchored */
+export function markAnchored(anchor, anchorRef, anchorBackend) {
+    if (anchor.state === 'critical_direct_anchor')
+        return anchor;
+    return {
+        ...anchor,
+        state: 'anchored',
+        anchorRef, anchorBackend,
+        anchoredAt: new Date().toISOString(),
+    };
+}
+/** Check if auto-batch should fire based on config and current state */
+export function shouldAutoBatch(pendingCount, lastBatchTime, config = DEFAULT_AUTO_BATCH_CONFIG) {
+    if (pendingCount === 0)
+        return { trigger: false, reason: null };
+    // Receipt count trigger
+    if (config.maxReceiptsPerBatch > 0 && pendingCount >= config.maxReceiptsPerBatch) {
+        return { trigger: true, reason: 'max_receipts' };
+    }
+    // Time interval trigger
+    if (config.maxIntervalSeconds > 0 && lastBatchTime) {
+        const elapsed = (Date.now() - new Date(lastBatchTime).getTime()) / 1000;
+        if (elapsed >= config.maxIntervalSeconds) {
+            return { trigger: true, reason: 'max_interval' };
+        }
+    }
+    // First batch ever — trigger on interval if no previous batch
+    if (config.maxIntervalSeconds > 0 && !lastBatchTime && pendingCount > 0) {
+        return { trigger: true, reason: 'max_interval' };
+    }
+    return { trigger: false, reason: null };
+}
+/** Anchor state ordering — higher number = more externally verifiable */
+const ANCHOR_ORDER = {
+    unanchored: 0,
+    batched_pending: 1,
+    anchored: 2,
+    critical_direct_anchor: 3,
+};
+/** Check if an anchor state meets a minimum requirement */
+export function meetsAnchorRequirement(current, minimum) {
+    return ANCHOR_ORDER[current] >= ANCHOR_ORDER[minimum];
+}
+/** Check if anchor state transition is valid (can only move forward) */
+export function isValidAnchorTransition(from, to) {
+    return ANCHOR_ORDER[to] >= ANCHOR_ORDER[from];
+}
+/** Exported ordering for cross-language verification */
+export const ANCHOR_STATE_ORDER = ANCHOR_ORDER;
+//# sourceMappingURL=anchor-state.js.map

package/dist/src/core/anchor-state.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"anchor-state.js","sourceRoot":"","sources":["../../../src/core/anchor-state.ts"],"names":[],"mappings":"AAAA,qEAAqE;AACrE,+DAA+D;AAC/D,qEAAqE;AACrE,kEAAkE;AAClE,mEAAmE;AACnE,EAAE;AACF,mDAAmD;AACnD,qEAAqE;AACrE,EAAE;AACF,gEAAgE;AAChE,qEAAqE;AAgCrE,MAAM,CAAC,MAAM,yBAAyB,GAAoB;IACxD,kBAAkB,EAAE,GAAG,EAAI,YAAY;IACvC,mBAAmB,EAAE,GAAG;IACxB,oBAAoB,EAAE,IAAI;CAC3B,CAAA;AAED,uDAAuD;AACvD,MAAM,UAAU,oBAAoB,CAAC,WAAoB,KAAK;IAC5D,OAAO;QACL,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC,wBAAwB,CAAC,CAAC,CAAC,YAAY;KAC1D,CAAA;AACH,CAAC;AAED,+DAA+D;AAC/D,MAAM,UAAU,WAAW,CAAC,MAAsB,EAAE,OAAe;IACjE,IAAI,MAAM,CAAC,KAAK,KAAK,wBAAwB;QAAE,OAAO,MAAM,CAAA,CAAC,mBAAmB;IAChF,IAAI,MAAM,CAAC,KAAK,KAAK,UAAU;QAAE,OAAO,MAAM,CAAA,CAAC,mBAAmB;IAClE,OAAO,EAAE,GAAG,MAAM,EAAE,KAAK,EAAE,iBAAiB,EAAE,OAAO,EAAE,CAAA;AACzD,CAAC;AAED,qEAAqE;AACrE,MAAM,UAAU,YAAY,CAC1B,MAAsB,EACtB,SAAiB,EACjB,aAAqB;IAErB,IAAI,MAAM,CAAC,KAAK,KAAK,wBAAwB;QAAE,OAAO,MAAM,CAAA;IAC5D,OAAO;QACL,GAAG,MAAM;QACT,KAAK,EAAE,UAAU;QACjB,SAAS,EAAE,aAAa;QACxB,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACrC,CAAA;AACH,CAAC;AAED,wEAAwE;AACxE,MAAM,UAAU,eAAe,CAC7B,YAAoB,EACpB,aAA4B,EAC5B,SAA0B,yBAAyB;IAEnD,IAAI,YAAY,KAAK,CAAC;QAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,CAAA;IAE/D,wBAAwB;IACxB,IAAI,MAAM,CAAC,mBAAmB,GAAG,CAAC,IAAI,YAAY,IAAI,MAAM,CAAC,mBAAmB,EAAE,CAAC;QACjF,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,cAAc,EAAE,CAAA;IAClD,CAAC;IAED,wBAAwB;IACxB,IAAI,MAAM,CAAC,kBAAkB,GAAG,CAAC,IAAI,aAAa,EAAE,CAAC;QACnD,MAAM,OAAO,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,IAAI,CAAC,aAAa,CAAC,CAAC,OAAO,EAAE,CAAC,GAAG,IAAI,CAAA;QACvE,IAAI,OAAO,IAAI,MAAM,CAAC,kBAAkB,EAAE,CAAC;YACzC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,cAAc,EAAE,CAAA;QAClD,CAAC;IACH,CAAC;IAED,8DAA8D;IAC9D,IAAI,MAAM,CAAC,kBAAkB,GAAG,CAAC,IAAI,CAAC,aAAa,IAAI,YAAY,GAAG,CAAC,EAAE,CAAC;QACxE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,cAAc,EAAE,CAAA;IAClD,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,CAAA;AACzC,CAAC;AAED,yEAAyE;AACzE,MAAM,YAAY,GAAgC;IAChD,UAAU,EAAE,CAAC;IACb,eAAe,EAAE,CAAC;IAClB,QAAQ,EAAE,CAAC;IACX,sBAAsB,EAAE,CAAC;CAC1B,CAAA;AAED,2DAA2D;AAC3D,MAAM,UAAU,sBAAsB,CACpC,OAAoB,EACpB,OAAoB;IAEpB,OAAO,YAAY,CAAC,OAAO,CAAC,IAAI,YAAY,CAAC,OAAO,CAAC,CAAA;AACvD,CAAC;AAED,wEAAwE;AACxE,MAAM,UAAU,uBAAuB,CAAC,IAAiB,EAAE,EAAe;IACxE,OAAO,YAAY,CAAC,EAAE,CAAC,IAAI,YAAY,CAAC,IAAI,CAAC,CAAA;AAC/C,CAAC;AAED,wDAAwD;AACxD,MAAM,CAAC,MAAM,kBAAkB,GAAG,YAAY,CAAA"}

package/dist/src/core/attestation.d.ts

@@ -0,0 +1,35 @@
+import type { PassportGrade, AttestationFlag, IssuanceChallenge, IssuanceEvidenceRecord, IssuanceContext, PassportAttestationSummary, RuntimeAttestation, ObservedContext, SignalVerificationResult, DerivedSignal, AttestationClass, WorkspaceManifest } from '../types/attestation.js';
+import type { SignedPassport } from '../types/passport.js';
+export declare function createIssuanceChallenge(publicKeyHash: string, options?: {
+    requestedClasses?: AttestationClass[];
+    expiresInSeconds?: number;
+}): IssuanceChallenge;
+export declare function verifyRuntimeAttestation(attestation: RuntimeAttestation, challenge: IssuanceChallenge, trustedAttesterKeys: Map<string, string>): SignalVerificationResult;
+export declare function computePassportGrade(evidence: IssuanceEvidenceRecord, options?: {
+    hasIssuerSignature?: boolean;
+    hasVerifiedRuntime?: boolean;
+    hasVerifiedProvider?: boolean;
+    hasPrincipalEndorsement?: boolean;
+}): PassportGrade;
+export declare function computeAttestationFlags(grade: PassportGrade, evidence: IssuanceEvidenceRecord): AttestationFlag[];
+export declare function computeAttestationBundleHash(evidence: IssuanceEvidenceRecord): string;
+export declare function createIssuanceContext(evidence: IssuanceEvidenceRecord, options?: {
+    hasIssuerSignature?: boolean;
+    hasVerifiedRuntime?: boolean;
+    hasVerifiedProvider?: boolean;
+    hasPrincipalEndorsement?: boolean;
+    verificationResults?: SignalVerificationResult[];
+    derivedSignals?: DerivedSignal[];
+}): IssuanceContext;
+export declare function bindAttestation(signedPassport: SignedPassport, context: IssuanceContext): SignedPassport & {
+    attestation: PassportAttestationSummary;
+};
+export declare function createWorkspaceManifest(entries: Array<{
+    path: string;
+    sizeBytes: number;
+    lastModified: Date;
+}>): WorkspaceManifest;
+export declare function createEmptyEvidenceRecord(observed?: Partial<ObservedContext>): IssuanceEvidenceRecord;
+export declare function isChallengeFresh(challenge: IssuanceChallenge): boolean;
+export declare function isGradeAtLeast(grade: PassportGrade, minimum: PassportGrade): boolean;
+//# sourceMappingURL=attestation.d.ts.map

package/dist/src/core/attestation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"attestation.d.ts","sourceRoot":"","sources":["../../../src/core/attestation.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EACV,aAAa,EAAE,eAAe,EAC9B,iBAAiB,EACjB,sBAAsB,EACtB,eAAe,EAAE,0BAA0B,EAC3C,kBAAkB,EACF,eAAe,EAC/B,wBAAwB,EAAE,aAAa,EACvC,gBAAgB,EAChB,iBAAiB,EAElB,MAAM,yBAAyB,CAAA;AAChC,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AAU1D,wBAAgB,uBAAuB,CACrC,aAAa,EAAE,MAAM,EACrB,OAAO,CAAC,EAAE;IACR,gBAAgB,CAAC,EAAE,gBAAgB,EAAE,CAAC;IACtC,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B,GACA,iBAAiB,CAYnB;AAKD,wBAAgB,wBAAwB,CACtC,WAAW,EAAE,kBAAkB,EAC/B,SAAS,EAAE,iBAAiB,EAC5B,mBAAmB,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,GACvC,wBAAwB,CA0E1B;AAQD,wBAAgB,oBAAoB,CAClC,QAAQ,EAAE,sBAAsB,EAChC,OAAO,CAAC,EAAE;IACR,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,uBAAuB,CAAC,EAAE,OAAO,CAAC;CACnC,GACA,aAAa,CAmBf;AAID,wBAAgB,uBAAuB,CACrC,KAAK,EAAE,aAAa,EACpB,QAAQ,EAAE,sBAAsB,GAC/B,eAAe,EAAE,CAWnB;AAKD,wBAAgB,4BAA4B,CAAC,QAAQ,EAAE,sBAAsB,GAAG,MAAM,CAErF;AAID,wBAAgB,qBAAqB,CACnC,QAAQ,EAAE,sBAAsB,EAChC,OAAO,CAAC,EAAE;IACR,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC,mBAAmB,CAAC,EAAE,wBAAwB,EAAE,CAAC;IACjD,cAAc,CAAC,EAAE,aAAa,EAAE,CAAC;CAClC,GACA,eAAe,CAgBjB;AAKD,wBAAgB,eAAe,CAC7B,cAAc,EAAE,cAAc,EAC9B,OAAO,EAAE,eAAe,GACvB,cAAc,GAAG;IAAE,WAAW,EAAE,0BAA0B,CAAA;CAAE,CAU9D;AAMD,wBAAgB,uBAAuB,CACrC,OAAO,EAAE,KAAK,CAAC;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,YAAY,EAAE,IAAI,CAAA;CAAE,CAAC,GACtE,iBAAiB,CA0BnB;AAID,wBAAgB,yBAAyB,CACvC,QAAQ,CAAC,EAAE,OAAO,CAAC,eAAe,CAAC,GAClC,sBAAsB,CAaxB;AAID,wBAAgB,gBAAgB,CAAC,SAAS,EAAE,iBAAiB,GAAG,OAAO,CAEtE;AAID,wBAAgB,cAAc,CAAC,KAAK,EAAE,aAAa,EAAE,OAAO,EAAE,aAAa,GAAG,OAAO,CAEpF"}