agent-passport-system 1.33.0 → 1.35.0

package/README.md

@@ -2,7 +2,7 @@
 
 [![npm version](https://img.shields.io/npm/v/agent-passport-system)](https://www.npmjs.com/package/agent-passport-system)
 [![license](https://img.shields.io/npm/l/agent-passport-system)](https://github.com/aeoess/agent-passport-system/blob/main/LICENSE)
-[![tests](https://img.shields.io/badge/tests-2180%20passing-brightgreen)](https://github.com/aeoess/agent-passport-system)
+[![tests](https://img.shields.io/badge/tests-2230%20passing-brightgreen)](https://github.com/aeoess/agent-passport-system)
 [![DOI](https://zenodo.org/badge/DOI/10.5281/zenodo.18749779.svg)](https://doi.org/10.5281/zenodo.18749779)
 
 > **For AI agents:** visit [aeoess.com/llms.txt](https://aeoess.com/llms.txt) for machine-readable docs or [llms-full.txt](https://aeoess.com/llms-full.txt) for the complete reference.
@@ -107,7 +107,7 @@ const agent = joinSocialContract({ name: 'my-agent', owner: 'alice', floor: floo
 
 ## The Stack
 
-71 core modules + 32 v2 constitutional modules. 2,180 tests. Zero heavy dependencies.
+71 core modules + 32 v2 constitutional modules. 2,306 tests. Zero heavy dependencies.
 
 | Layer | What it does | Key primitive |
 |-------|-------------|---------------|
@@ -126,7 +126,7 @@ const agent = joinSocialContract({ name: 'my-agent', owner: 'alice', floor: floo
 
 ## MCP Server
 
-125 tools across all modules. Any MCP client connects agents directly.
+131 tools across all modules. Any MCP client connects agents directly.
 
 ```bash
 npm install -g agent-passport-system-mcp
@@ -161,7 +161,7 @@ npx agent-passport audit --floor values/floor.yaml
 
 ```bash
 npm test
-# 2,180 tests, 0 failures
+# 2,306 tests, 0 failures
 ```
 
 50 adversarial tests: Merkle tampering, attribution gaming, compliance violations, floor negotiation attacks, cross-chain confused deputy, taint laundering, authority probing.
@@ -179,7 +179,7 @@ npm test
 | Signed receipts | 3-sig chain | Proposed | Logs | General | — |
 | Values enforcement | 8 principles, graduated | — | Rules | — | — |
 | Coordination | Task lifecycle + MCP | — | — | — | — |
-| Tests | 2,180 (50 adversarial) | None | Limited | None | None |
+| Tests | 2,230 (50 adversarial) | None | Limited | None | None |
 
 ## Recognition
 

package/dist/src/core/evaluation-context.d.ts

@@ -0,0 +1,23 @@
+import type { EvaluationContext, BehavioralAttestationResult } from '../types/attestation.js';
+/** Create and hash an evaluation context */
+export declare function createEvaluationContext(opts: EvaluationContext): {
+    context: EvaluationContext;
+    hash: string;
+};
+/** Create a result that validates internal consistency */
+export declare function createBehavioralAttestationResult(opts: {
+    context: EvaluationContext;
+    dimensionScores: Record<string, {
+        score: number;
+        weight: number;
+    }>;
+    classification: 'hold' | 'bend' | 'break';
+    confidence: number;
+    formatArtifactCorrected: boolean;
+}): BehavioralAttestationResult;
+/** Validate internal consistency of a result */
+export declare function validateAttestationResult(result: BehavioralAttestationResult): {
+    valid: boolean;
+    errors: string[];
+};
+//# sourceMappingURL=evaluation-context.d.ts.map

package/dist/src/core/evaluation-context.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"evaluation-context.d.ts","sourceRoot":"","sources":["../../../src/core/evaluation-context.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,iBAAiB,EAAE,2BAA2B,EAAE,MAAM,yBAAyB,CAAA;AAM7F,4CAA4C;AAC5C,wBAAgB,uBAAuB,CAAC,IAAI,EAAE,iBAAiB,GAAG;IAChE,OAAO,EAAE,iBAAiB,CAAA;IAC1B,IAAI,EAAE,MAAM,CAAA;CACb,CAWA;AAED,0DAA0D;AAC1D,wBAAgB,iCAAiC,CAAC,IAAI,EAAE;IACtD,OAAO,EAAE,iBAAiB,CAAA;IAC1B,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;IAClE,cAAc,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAA;IACzC,UAAU,EAAE,MAAM,CAAA;IAClB,uBAAuB,EAAE,OAAO,CAAA;CACjC,GAAG,2BAA2B,CA2B9B;AAqBD,gDAAgD;AAChD,wBAAgB,yBAAyB,CAAC,MAAM,EAAE,2BAA2B,GAAG;IAC9E,KAAK,EAAE,OAAO,CAAA;IACd,MAAM,EAAE,MAAM,EAAE,CAAA;CACjB,CAuCA"}

package/dist/src/core/evaluation-context.js

@@ -0,0 +1,100 @@
+// Copyright 2024-2026 Tymofii Pidlisnyi. Apache-2.0 license. See LICENSE.
+// Behavioral Evaluation Context — Issue #9 (lowkey-divine schema)
+// Separates evaluation input conditions from evaluation output results.
+import { createHash } from 'crypto';
+import { canonicalize } from './canonical.js';
+function sha256Hex(input) {
+    return createHash('sha256').update(input).digest('hex');
+}
+/** Create and hash an evaluation context */
+export function createEvaluationContext(opts) {
+    const context = {
+        substrate: opts.substrate,
+        responseFormatSchema: opts.responseFormatSchema,
+        normalizationMethod: opts.normalizationMethod,
+        evaluationProtocolVersion: opts.evaluationProtocolVersion,
+        sampleSize: opts.sampleSize,
+        evaluatedAt: opts.evaluatedAt,
+    };
+    const hash = sha256Hex(canonicalize(context));
+    return { context, hash };
+}
+/** Create a result that validates internal consistency */
+export function createBehavioralAttestationResult(opts) {
+    const evaluationContextHash = sha256Hex(canonicalize(opts.context));
+    // Auto-compute aggregate from weighted dimensions
+    let weightedSum = 0;
+    let totalWeight = 0;
+    const entries = Object.entries(opts.dimensionScores);
+    for (const [, dim] of entries) {
+        weightedSum += dim.score * dim.weight;
+        totalWeight += dim.weight;
+    }
+    const aggregateScore = totalWeight > 0 ? weightedSum / totalWeight : 0;
+    // Auto-detect dimensional inversion: dimensions disagree in direction
+    // (some well above aggregate, some well below) despite aggregate looking normal
+    const dimensionalInversionDetected = detectDimensionalInversion(opts.dimensionScores, aggregateScore);
+    return {
+        evaluationContextHash,
+        dimensionScores: opts.dimensionScores,
+        aggregateScore: Math.round(aggregateScore * 10000) / 10000,
+        classification: opts.classification,
+        confidence: opts.confidence,
+        formatArtifactCorrected: opts.formatArtifactCorrected,
+        dimensionalInversionDetected,
+    };
+}
+/** Detect dimensional inversion: dimensions pulling in opposite directions */
+function detectDimensionalInversion(scores, aggregate) {
+    const entries = Object.values(scores);
+    if (entries.length < 2)
+        return false;
+    // Inversion = at least one dimension significantly above AND at least one significantly below
+    const threshold = 0.2;
+    let hasHigh = false;
+    let hasLow = false;
+    for (const dim of entries) {
+        if (dim.score - aggregate > threshold)
+            hasHigh = true;
+        if (aggregate - dim.score > threshold)
+            hasLow = true;
+    }
+    return hasHigh && hasLow;
+}
+/** Validate internal consistency of a result */
+export function validateAttestationResult(result) {
+    const errors = [];
+    // Check confidence in [0,1]
+    if (result.confidence < 0 || result.confidence > 1) {
+        errors.push(`confidence must be in [0,1], got ${result.confidence}`);
+    }
+    // Check all weights sum to ~1.0
+    const entries = Object.values(result.dimensionScores);
+    if (entries.length > 0) {
+        const totalWeight = entries.reduce((sum, d) => sum + d.weight, 0);
+        if (Math.abs(totalWeight - 1.0) > 0.01) {
+            errors.push(`dimension weights must sum to ~1.0, got ${totalWeight}`);
+        }
+    }
+    // Check aggregate matches weighted dimension sum
+    if (entries.length > 0) {
+        let weightedSum = 0;
+        let totalWeight = 0;
+        for (const dim of entries) {
+            weightedSum += dim.score * dim.weight;
+            totalWeight += dim.weight;
+        }
+        const expectedAggregate = totalWeight > 0 ? weightedSum / totalWeight : 0;
+        const rounded = Math.round(expectedAggregate * 10000) / 10000;
+        if (Math.abs(result.aggregateScore - rounded) > 0.001) {
+            errors.push(`aggregateScore ${result.aggregateScore} does not match weighted dimension sum ${rounded}`);
+        }
+    }
+    // Check dimensionalInversionDetected matches actual dimension analysis
+    const actualInversion = detectDimensionalInversion(result.dimensionScores, result.aggregateScore);
+    if (result.dimensionalInversionDetected !== actualInversion) {
+        errors.push(`dimensionalInversionDetected is ${result.dimensionalInversionDetected} but analysis shows ${actualInversion}`);
+    }
+    return { valid: errors.length === 0, errors };
+}
+//# sourceMappingURL=evaluation-context.js.map

package/dist/src/core/evaluation-context.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"evaluation-context.js","sourceRoot":"","sources":["../../../src/core/evaluation-context.ts"],"names":[],"mappings":"AAAA,0EAA0E;AAC1E,kEAAkE;AAClE,wEAAwE;AAExE,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAA;AACnC,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAA;AAG7C,SAAS,SAAS,CAAC,KAAa;IAC9B,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;AACzD,CAAC;AAED,4CAA4C;AAC5C,MAAM,UAAU,uBAAuB,CAAC,IAAuB;IAI7D,MAAM,OAAO,GAAsB;QACjC,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,oBAAoB,EAAE,IAAI,CAAC,oBAAoB;QAC/C,mBAAmB,EAAE,IAAI,CAAC,mBAAmB;QAC7C,yBAAyB,EAAE,IAAI,CAAC,yBAAyB;QACzD,UAAU,EAAE,IAAI,CAAC,UAAU;QAC3B,WAAW,EAAE,IAAI,CAAC,WAAW;KAC9B,CAAA;IACD,MAAM,IAAI,GAAG,SAAS,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAA;IAC7C,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAA;AAC1B,CAAC;AAED,0DAA0D;AAC1D,MAAM,UAAU,iCAAiC,CAAC,IAMjD;IACC,MAAM,qBAAqB,GAAG,SAAS,CAAC,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;IAEnE,kDAAkD;IAClD,IAAI,WAAW,GAAG,CAAC,CAAA;IACnB,IAAI,WAAW,GAAG,CAAC,CAAA;IACnB,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;IAEpD,KAAK,MAAM,CAAC,EAAE,GAAG,CAAC,IAAI,OAAO,EAAE,CAAC;QAC9B,WAAW,IAAI,GAAG,CAAC,KAAK,GAAG,GAAG,CAAC,MAAM,CAAA;QACrC,WAAW,IAAI,GAAG,CAAC,MAAM,CAAA;IAC3B,CAAC;IACD,MAAM,cAAc,GAAG,WAAW,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC,CAAA;IAEtE,sEAAsE;IACtE,gFAAgF;IAChF,MAAM,4BAA4B,GAAG,0BAA0B,CAAC,IAAI,CAAC,eAAe,EAAE,cAAc,CAAC,CAAA;IAErG,OAAO;QACL,qBAAqB;QACrB,eAAe,EAAE,IAAI,CAAC,eAAe;QACrC,cAAc,EAAE,IAAI,CAAC,KAAK,CAAC,cAAc,GAAG,KAAK,CAAC,GAAG,KAAK;QAC1D,cAAc,EAAE,IAAI,CAAC,cAAc;QACnC,UAAU,EAAE,IAAI,CAAC,UAAU;QAC3B,uBAAuB,EAAE,IAAI,CAAC,uBAAuB;QACrD,4BAA4B;KAC7B,CAAA;AACH,CAAC;AAED,8EAA8E;AAC9E,SAAS,0BAA0B,CACjC,MAAyD,EACzD,SAAiB;IAEjB,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;IACrC,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,KAAK,CAAA;IAEpC,8FAA8F;IAC9F,MAAM,SAAS,GAAG,GAAG,CAAA;IACrB,IAAI,OAAO,GAAG,KAAK,CAAA;IACnB,IAAI,MAAM,GAAG,KAAK,CAAA;IAClB,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;QAC1B,IAAI,GAAG,CAAC,KAAK,GAAG,SAAS,GAAG,SAAS;YAAE,OAAO,GAAG,IAAI,CAAA;QACrD,IAAI,SAAS,GAAG,GAAG,CAAC,KAAK,GAAG,SAAS;YAAE,MAAM,GAAG,IAAI,CAAA;IACtD,CAAC;IACD,OAAO,OAAO,IAAI,MAAM,CAAA;AAC1B,CAAC;AAED,gDAAgD;AAChD,MAAM,UAAU,yBAAyB,CAAC,MAAmC;IAI3E,MAAM,MAAM,GAAa,EAAE,CAAA;IAE3B,4BAA4B;IAC5B,IAAI,MAAM,CAAC,UAAU,GAAG,CAAC,IAAI,MAAM,CAAC,UAAU,GAAG,CAAC,EAAE,CAAC;QACnD,MAAM,CAAC,IAAI,CAAC,oCAAoC,MAAM,CAAC,UAAU,EAAE,CAAC,CAAA;IACtE,CAAC;IAED,gCAAgC;IAChC,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAA;IACrD,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,MAAM,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAA;QACjE,IAAI,IAAI,CAAC,GAAG,CAAC,WAAW,GAAG,GAAG,CAAC,GAAG,IAAI,EAAE,CAAC;YACvC,MAAM,CAAC,IAAI,CAAC,2CAA2C,WAAW,EAAE,CAAC,CAAA;QACvE,CAAC;IACH,CAAC;IAED,iDAAiD;IACjD,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,IAAI,WAAW,GAAG,CAAC,CAAA;QACnB,IAAI,WAAW,GAAG,CAAC,CAAA;QACnB,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;YAC1B,WAAW,IAAI,GAAG,CAAC,KAAK,GAAG,GAAG,CAAC,MAAM,CAAA;YACrC,WAAW,IAAI,GAAG,CAAC,MAAM,CAAA;QAC3B,CAAC;QACD,MAAM,iBAAiB,GAAG,WAAW,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC,CAAA;QACzE,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,iBAAiB,GAAG,KAAK,CAAC,GAAG,KAAK,CAAA;QAC7D,IAAI,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,cAAc,GAAG,OAAO,CAAC,GAAG,KAAK,EAAE,CAAC;YACtD,MAAM,CAAC,IAAI,CAAC,kBAAkB,MAAM,CAAC,cAAc,0CAA0C,OAAO,EAAE,CAAC,CAAA;QACzG,CAAC;IACH,CAAC;IAED,uEAAuE;IACvE,MAAM,eAAe,GAAG,0BAA0B,CAAC,MAAM,CAAC,eAAe,EAAE,MAAM,CAAC,cAAc,CAAC,CAAA;IACjG,IAAI,MAAM,CAAC,4BAA4B,KAAK,eAAe,EAAE,CAAC;QAC5D,MAAM,CAAC,IAAI,CAAC,mCAAmC,MAAM,CAAC,4BAA4B,uBAAuB,eAAe,EAAE,CAAC,CAAA;IAC7H,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,MAAM,EAAE,CAAA;AAC/C,CAAC"}

package/dist/src/core/feasibility.d.ts

@@ -23,4 +23,30 @@ export declare function lintTaskFeasibility(opts: {
     role: TaskRoleSpec;
     taskDeadline?: string;
 }): FeasibilityResult;
+export interface GatewayLintResult {
+    severity: 'error' | 'warning';
+    code: string;
+    message: string;
+}
+export interface GatewayLintReport {
+    delegation_id?: string;
+    checks_run: number;
+    checks_skipped: number;
+    skipped_reasons: string[];
+    errors: number;
+    warnings: number;
+    results: GatewayLintResult[];
+}
+/**
+ * Lint a delegation against a task context using only checks
+ * that the gateway can actually enforce.
+ *
+ * When context is not provided, checks that depend on it are skipped
+ * and listed in skipped_reasons. An empty-context call returns a report
+ * that says "N checks skipped" — not a false "clean" report.
+ */
+export declare function lintDelegationForGateway(delegation: Delegation, context?: {
+    requiredScopes?: string[];
+    estimatedSpend?: number;
+}): GatewayLintReport;
 //# sourceMappingURL=feasibility.d.ts.map

package/dist/src/core/feasibility.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"feasibility.d.ts","sourceRoot":"","sources":["../../../src/core/feasibility.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAA;AACtD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAA;AAC5D,OAAO,KAAK,EAAoB,iBAAiB,EAAE,MAAM,yBAAyB,CAAA;AAkBlF;;;GAGG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE;IACnC,WAAW,EAAE,MAAM,CAAA;IACnB,WAAW,EAAE,MAAM,CAAA;IACnB,KAAK,EAAE,MAAM,EAAE,CAAA;IACf,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,cAAc,CAAC,EAAE,MAAM,CAAA;CACxB,GAAG,iBAAiB,CAgHpB;AAMD;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE;IACxC,UAAU,EAAE,UAAU,CAAA;IACtB,IAAI,EAAE,YAAY,CAAA;IAClB,YAAY,CAAC,EAAE,MAAM,CAAA;CACtB,GAAG,iBAAiB,CA8EpB"}
+{"version":3,"file":"feasibility.d.ts","sourceRoot":"","sources":["../../../src/core/feasibility.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAA;AACtD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAA;AAC5D,OAAO,KAAK,EAAoB,iBAAiB,EAAE,MAAM,yBAAyB,CAAA;AAkBlF;;;GAGG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE;IACnC,WAAW,EAAE,MAAM,CAAA;IACnB,WAAW,EAAE,MAAM,CAAA;IACnB,KAAK,EAAE,MAAM,EAAE,CAAA;IACf,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,cAAc,CAAC,EAAE,MAAM,CAAA;CACxB,GAAG,iBAAiB,CAgHpB;AAMD;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE;IACxC,UAAU,EAAE,UAAU,CAAA;IACtB,IAAI,EAAE,YAAY,CAAA;IAClB,YAAY,CAAC,EAAE,MAAM,CAAA;CACtB,GAAG,iBAAiB,CA8EpB;AASD,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,OAAO,GAAG,SAAS,CAAA;IAC7B,IAAI,EAAE,MAAM,CAAA;IACZ,OAAO,EAAE,MAAM,CAAA;CAChB;AAED,MAAM,WAAW,iBAAiB;IAChC,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,UAAU,EAAE,MAAM,CAAA;IAClB,cAAc,EAAE,MAAM,CAAA;IACtB,eAAe,EAAE,MAAM,EAAE,CAAA;IACzB,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,MAAM,CAAA;IAChB,OAAO,EAAE,iBAAiB,EAAE,CAAA;CAC7B;AAED;;;;;;;GAOG;AACH,wBAAgB,wBAAwB,CACtC,UAAU,EAAE,UAAU,EACtB,OAAO,CAAC,EAAE;IACR,cAAc,CAAC,EAAE,MAAM,EAAE,CAAA;IACzB,cAAc,CAAC,EAAE,MAAM,CAAA;CACxB,GACA,iBAAiB,CA4DnB"}

package/dist/src/core/feasibility.js

@@ -202,4 +202,66 @@ export function lintTaskFeasibility(opts) {
     }
     return result(issues);
 }
+/**
+ * Lint a delegation against a task context using only checks
+ * that the gateway can actually enforce.
+ *
+ * When context is not provided, checks that depend on it are skipped
+ * and listed in skipped_reasons. An empty-context call returns a report
+ * that says "N checks skipped" — not a false "clean" report.
+ */
+export function lintDelegationForGateway(delegation, context) {
+    const results = [];
+    let checksRun = 0;
+    let checksSkipped = 0;
+    const skippedReasons = [];
+    // ── Check 1: SPEND_TOO_LOW ──
+    if (delegation.spendLimit !== undefined && context?.estimatedSpend !== undefined) {
+        checksRun++;
+        if (delegation.spendLimit < context.estimatedSpend) {
+            results.push({
+                severity: 'error',
+                code: 'SPEND_TOO_LOW',
+                message: `Spend limit ($${delegation.spendLimit}) is below estimated task cost ($${context.estimatedSpend}).`,
+            });
+        }
+    }
+    else {
+        checksSkipped++;
+        if (context?.estimatedSpend === undefined) {
+            skippedReasons.push('estimatedSpend not provided');
+        }
+        else {
+            skippedReasons.push('spendLimit not set on delegation');
+        }
+    }
+    // ── Check 2: SCOPE_MISSING ──
+    if (context?.requiredScopes && context.requiredScopes.length > 0) {
+        checksRun++;
+        const missingScopes = context.requiredScopes.filter(required => !delegation.scope.some(granted => scopeCovers(granted, required)));
+        if (missingScopes.length > 0) {
+            results.push({
+                severity: 'error',
+                code: 'SCOPE_MISSING',
+                message: `Task requires scope '${missingScopes.join("', '")}' but delegation grants [${delegation.scope.map(s => `'${s}'`).join(', ')}].`,
+            });
+        }
+    }
+    else {
+        checksSkipped++;
+        skippedReasons.push('requiredScopes not provided');
+    }
+    // ── Skipped checks (gateway schema limitations) ──
+    checksSkipped += 3;
+    skippedReasons.push('ALREADY_EXPIRED: expiresAt not in gateway delegations table', 'DEADLINE_IMPOSSIBLE: expiresAt not available', 'DEPTH_MAXED: currentDepth not tracked by gateway');
+    return {
+        delegation_id: delegation.delegationId,
+        checks_run: checksRun,
+        checks_skipped: checksSkipped,
+        skipped_reasons: skippedReasons,
+        errors: results.filter(r => r.severity === 'error').length,
+        warnings: results.filter(r => r.severity === 'warning').length,
+        results,
+    };
+}
 //# sourceMappingURL=feasibility.js.map

package/dist/src/core/feasibility.js.map

@@ -1 +1 @@
-{"version":3,"file":"feasibility.js","sourceRoot":"","sources":["../../../src/core/feasibility.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,0DAA0D;AAC1D,4DAA4D;AAK5D,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAA;AAE7C,SAAS,MAAM,CAAC,MAA0B;IACxC,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,MAAM,CAAA;IACpE,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,MAAM,CAAA;IACxE,OAAO;QACL,QAAQ,EAAE,UAAU,KAAK,CAAC;QAC1B,MAAM;QACN,UAAU;QACV,YAAY;KACb,CAAA;AACH,CAAC;AAED,yCAAyC;AACzC,qBAAqB;AACrB,yCAAyC;AAEzC;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,IAQ9B;IACC,MAAM,MAAM,GAAuB,EAAE,CAAA;IAErC,6CAA6C;IAC7C,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3C,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,aAAa;YACnB,QAAQ,EAAE,OAAO;YACjB,OAAO,EAAE,mDAAmD;YAC5D,KAAK,EAAE,OAAO;SACf,CAAC,CAAA;IACJ,CAAC;IAED,8CAA8C;IAC9C,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,WAAW,KAAK,IAAI,CAAC,WAAW,EAAE,CAAC;QAC9D,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,iBAAiB;YACvB,QAAQ,EAAE,SAAS;YACnB,OAAO,EAAE,+BAA+B;YACxC,KAAK,EAAE,aAAa;SACrB,CAAC,CAAA;IACJ,CAAC;IAED,6BAA6B;IAC7B,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;QACtB,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,kBAAkB;YACxB,QAAQ,EAAE,OAAO;YACjB,OAAO,EAAE,8CAA8C;YACvD,KAAK,EAAE,aAAa;SACrB,CAAC,CAAA;IACJ,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;QACtB,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,mBAAmB;YACzB,QAAQ,EAAE,OAAO;YACjB,OAAO,EAAE,+CAA+C;YACxD,KAAK,EAAE,aAAa;SACrB,CAAC,CAAA;IACJ,CAAC;IAED,kCAAkC;IAClC,IAAI,IAAI,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;QAClC,IAAI,IAAI,CAAC,UAAU,GAAG,CAAC,EAAE,CAAC;YACxB,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,gBAAgB;gBACtB,QAAQ,EAAE,OAAO;gBACjB,OAAO,EAAE,4BAA4B,IAAI,CAAC,UAAU,EAAE;gBACtD,KAAK,EAAE,YAAY;aACpB,CAAC,CAAA;QACJ,CAAC;QACD,IAAI,IAAI,CAAC,UAAU,KAAK,CAAC,EAAE,CAAC;YAC1B,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,YAAY;gBAClB,QAAQ,EAAE,SAAS;gBACnB,OAAO,EAAE,6CAA6C;gBACtD,KAAK,EAAE,YAAY;aACpB,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,4BAA4B;IAC5B,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,IAAI,CAAC,CAAA;IACpC,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,IAAI,CAAC,CAAA;IAC/B,IAAI,KAAK,GAAG,IAAI,EAAE,CAAC;QACjB,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,gBAAgB;YACtB,QAAQ,EAAE,OAAO;YACjB,OAAO,EAAE,iBAAiB,KAAK,sBAAsB,IAAI,EAAE;YAC3D,KAAK,EAAE,cAAc;SACtB,CAAC,CAAA;IACJ,CAAC;IACD,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,gBAAgB;YACtB,QAAQ,EAAE,SAAS;YACnB,OAAO,EAAE,mBAAmB,KAAK,IAAI,IAAI,wCAAwC;YACjF,KAAK,EAAE,cAAc;SACtB,CAAC,CAAA;IACJ,CAAC;IAED,6BAA6B;IAC7B,IAAI,IAAI,CAAC,cAAc,KAAK,SAAS,IAAI,IAAI,CAAC,cAAc,IAAI,CAAC,EAAE,CAAC;QAClE,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,qBAAqB;YAC3B,QAAQ,EAAE,OAAO;YACjB,OAAO,EAAE,kDAAkD,IAAI,CAAC,cAAc,IAAI;YAClF,KAAK,EAAE,gBAAgB;SACxB,CAAC,CAAA;IACJ,CAAC;IAED,+BAA+B;IAC/B,IAAI,IAAI,CAAC,cAAc,KAAK,SAAS,IAAI,IAAI,CAAC,cAAc,GAAG,CAAC,IAAI,IAAI,CAAC,cAAc,GAAG,CAAC,EAAE,CAAC;QAC5F,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,cAAc;YACpB,QAAQ,EAAE,SAAS;YACnB,OAAO,EAAE,2CAA2C,IAAI,CAAC,cAAc,IAAI;YAC3E,KAAK,EAAE,gBAAgB;SACxB,CAAC,CAAA;IACJ,CAAC;IAED,4BAA4B;IAC5B,IAAI,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,GAAG,CAAC,EAAE,CAAC;QAClD,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,gBAAgB;YACtB,QAAQ,EAAE,SAAS;YACnB,OAAO,EAAE,mEAAmE;YAC5E,KAAK,EAAE,OAAO;SACf,CAAC,CAAA;IACJ,CAAC;IAED,OAAO,MAAM,CAAC,MAAM,CAAC,CAAA;AACvB,CAAC;AAED,yCAAyC;AACzC,2BAA2B;AAC3B,yCAAyC;AAEzC;;;GAGG;AACH,MAAM,UAAU,mBAAmB,CAAC,IAInC;IACC,MAAM,MAAM,GAAuB,EAAE,CAAA;IACrC,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,GAAG,IAAI,CAAA;IAEjC,6DAA6D;IAC7D,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;QAC1C,MAAM,OAAO,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,WAAW,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC,CAAA;QACtE,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,gBAAgB;gBACtB,QAAQ,EAAE,OAAO;gBACjB,OAAO,EAAE,qBAAqB,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,oCAAoC,QAAQ,GAAG;gBACxG,KAAK,EAAE,OAAO;aACf,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,qEAAqE;IACrE,KAAK,MAAM,SAAS,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;QAC7C,MAAM,OAAO,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,WAAW,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC,CAAA;QACvE,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,iBAAiB;gBACvB,QAAQ,EAAE,SAAS;gBACnB,OAAO,EAAE,sBAAsB,SAAS,oCAAoC;gBAC5E,KAAK,EAAE,OAAO;aACf,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,6CAA6C;IAC7C,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;QACtB,MAAM,gBAAgB,GAAG,IAAI,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,CAAA;QACvD,MAAM,QAAQ,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,CAAA;QAC5C,IAAI,gBAAgB,GAAG,QAAQ,EAAE,CAAC;YAChC,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,oCAAoC;gBAC1C,QAAQ,EAAE,OAAO;gBACjB,OAAO,EAAE,sBAAsB,UAAU,CAAC,SAAS,yBAAyB,IAAI,CAAC,YAAY,EAAE;gBAC/F,KAAK,EAAE,WAAW;aACnB,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,gCAAgC;IAChC,IAAI,IAAI,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;QAChD,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,oBAAoB;YAC1B,QAAQ,EAAE,OAAO;YACjB,OAAO,EAAE,yBAAyB,UAAU,CAAC,SAAS,EAAE;YACxD,KAAK,EAAE,WAAW;SACnB,CAAC,CAAA;IACJ,CAAC;IAED,+BAA+B;IAC/B,IAAI,UAAU,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;QACxC,MAAM,SAAS,GAAG,UAAU,CAAC,UAAU,GAAG,CAAC,UAAU,CAAC,WAAW,IAAI,CAAC,CAAC,CAAA;QACvE,IAAI,SAAS,IAAI,CAAC,EAAE,CAAC;YACnB,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,kBAAkB;gBACxB,QAAQ,EAAE,OAAO;gBACjB,OAAO,EAAE,sCAAsC,UAAU,CAAC,WAAW,OAAO,UAAU,CAAC,UAAU,EAAE;gBACnG,KAAK,EAAE,YAAY;aACpB,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,8DAA8D;IAC9D,IAAI,UAAU,CAAC,YAAY,IAAI,UAAU,CAAC,QAAQ,EAAE,CAAC;QACnD,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,oBAAoB;YAC1B,QAAQ,EAAE,MAAM;YAChB,OAAO,EAAE,8BAA8B,UAAU,CAAC,YAAY,IAAI,UAAU,CAAC,QAAQ,iCAAiC;YACtH,KAAK,EAAE,cAAc;SACtB,CAAC,CAAA;IACJ,CAAC;IAED,OAAO,MAAM,CAAC,MAAM,CAAC,CAAA;AACvB,CAAC"}
+{"version":3,"file":"feasibility.js","sourceRoot":"","sources":["../../../src/core/feasibility.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,0DAA0D;AAC1D,4DAA4D;AAK5D,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAA;AAE7C,SAAS,MAAM,CAAC,MAA0B;IACxC,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,MAAM,CAAA;IACpE,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,MAAM,CAAA;IACxE,OAAO;QACL,QAAQ,EAAE,UAAU,KAAK,CAAC;QAC1B,MAAM;QACN,UAAU;QACV,YAAY;KACb,CAAA;AACH,CAAC;AAED,yCAAyC;AACzC,qBAAqB;AACrB,yCAAyC;AAEzC;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,IAQ9B;IACC,MAAM,MAAM,GAAuB,EAAE,CAAA;IAErC,6CAA6C;IAC7C,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3C,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,aAAa;YACnB,QAAQ,EAAE,OAAO;YACjB,OAAO,EAAE,mDAAmD;YAC5D,KAAK,EAAE,OAAO;SACf,CAAC,CAAA;IACJ,CAAC;IAED,8CAA8C;IAC9C,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,WAAW,KAAK,IAAI,CAAC,WAAW,EAAE,CAAC;QAC9D,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,iBAAiB;YACvB,QAAQ,EAAE,SAAS;YACnB,OAAO,EAAE,+BAA+B;YACxC,KAAK,EAAE,aAAa;SACrB,CAAC,CAAA;IACJ,CAAC;IAED,6BAA6B;IAC7B,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;QACtB,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,kBAAkB;YACxB,QAAQ,EAAE,OAAO;YACjB,OAAO,EAAE,8CAA8C;YACvD,KAAK,EAAE,aAAa;SACrB,CAAC,CAAA;IACJ,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;QACtB,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,mBAAmB;YACzB,QAAQ,EAAE,OAAO;YACjB,OAAO,EAAE,+CAA+C;YACxD,KAAK,EAAE,aAAa;SACrB,CAAC,CAAA;IACJ,CAAC;IAED,kCAAkC;IAClC,IAAI,IAAI,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;QAClC,IAAI,IAAI,CAAC,UAAU,GAAG,CAAC,EAAE,CAAC;YACxB,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,gBAAgB;gBACtB,QAAQ,EAAE,OAAO;gBACjB,OAAO,EAAE,4BAA4B,IAAI,CAAC,UAAU,EAAE;gBACtD,KAAK,EAAE,YAAY;aACpB,CAAC,CAAA;QACJ,CAAC;QACD,IAAI,IAAI,CAAC,UAAU,KAAK,CAAC,EAAE,CAAC;YAC1B,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,YAAY;gBAClB,QAAQ,EAAE,SAAS;gBACnB,OAAO,EAAE,6CAA6C;gBACtD,KAAK,EAAE,YAAY;aACpB,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,4BAA4B;IAC5B,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,IAAI,CAAC,CAAA;IACpC,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,IAAI,CAAC,CAAA;IAC/B,IAAI,KAAK,GAAG,IAAI,EAAE,CAAC;QACjB,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,gBAAgB;YACtB,QAAQ,EAAE,OAAO;YACjB,OAAO,EAAE,iBAAiB,KAAK,sBAAsB,IAAI,EAAE;YAC3D,KAAK,EAAE,cAAc;SACtB,CAAC,CAAA;IACJ,CAAC;IACD,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,gBAAgB;YACtB,QAAQ,EAAE,SAAS;YACnB,OAAO,EAAE,mBAAmB,KAAK,IAAI,IAAI,wCAAwC;YACjF,KAAK,EAAE,cAAc;SACtB,CAAC,CAAA;IACJ,CAAC;IAED,6BAA6B;IAC7B,IAAI,IAAI,CAAC,cAAc,KAAK,SAAS,IAAI,IAAI,CAAC,cAAc,IAAI,CAAC,EAAE,CAAC;QAClE,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,qBAAqB;YAC3B,QAAQ,EAAE,OAAO;YACjB,OAAO,EAAE,kDAAkD,IAAI,CAAC,cAAc,IAAI;YAClF,KAAK,EAAE,gBAAgB;SACxB,CAAC,CAAA;IACJ,CAAC;IAED,+BAA+B;IAC/B,IAAI,IAAI,CAAC,cAAc,KAAK,SAAS,IAAI,IAAI,CAAC,cAAc,GAAG,CAAC,IAAI,IAAI,CAAC,cAAc,GAAG,CAAC,EAAE,CAAC;QAC5F,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,cAAc;YACpB,QAAQ,EAAE,SAAS;YACnB,OAAO,EAAE,2CAA2C,IAAI,CAAC,cAAc,IAAI;YAC3E,KAAK,EAAE,gBAAgB;SACxB,CAAC,CAAA;IACJ,CAAC;IAED,4BAA4B;IAC5B,IAAI,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,GAAG,CAAC,EAAE,CAAC;QAClD,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,gBAAgB;YACtB,QAAQ,EAAE,SAAS;YACnB,OAAO,EAAE,mEAAmE;YAC5E,KAAK,EAAE,OAAO;SACf,CAAC,CAAA;IACJ,CAAC;IAED,OAAO,MAAM,CAAC,MAAM,CAAC,CAAA;AACvB,CAAC;AAED,yCAAyC;AACzC,2BAA2B;AAC3B,yCAAyC;AAEzC;;;GAGG;AACH,MAAM,UAAU,mBAAmB,CAAC,IAInC;IACC,MAAM,MAAM,GAAuB,EAAE,CAAA;IACrC,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,GAAG,IAAI,CAAA;IAEjC,6DAA6D;IAC7D,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;QAC1C,MAAM,OAAO,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,WAAW,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC,CAAA;QACtE,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,gBAAgB;gBACtB,QAAQ,EAAE,OAAO;gBACjB,OAAO,EAAE,qBAAqB,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,oCAAoC,QAAQ,GAAG;gBACxG,KAAK,EAAE,OAAO;aACf,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,qEAAqE;IACrE,KAAK,MAAM,SAAS,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;QAC7C,MAAM,OAAO,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,WAAW,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC,CAAA;QACvE,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,iBAAiB;gBACvB,QAAQ,EAAE,SAAS;gBACnB,OAAO,EAAE,sBAAsB,SAAS,oCAAoC;gBAC5E,KAAK,EAAE,OAAO;aACf,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,6CAA6C;IAC7C,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;QACtB,MAAM,gBAAgB,GAAG,IAAI,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,CAAA;QACvD,MAAM,QAAQ,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,CAAA;QAC5C,IAAI,gBAAgB,GAAG,QAAQ,EAAE,CAAC;YAChC,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,oCAAoC;gBAC1C,QAAQ,EAAE,OAAO;gBACjB,OAAO,EAAE,sBAAsB,UAAU,CAAC,SAAS,yBAAyB,IAAI,CAAC,YAAY,EAAE;gBAC/F,KAAK,EAAE,WAAW;aACnB,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,gCAAgC;IAChC,IAAI,IAAI,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;QAChD,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,oBAAoB;YAC1B,QAAQ,EAAE,OAAO;YACjB,OAAO,EAAE,yBAAyB,UAAU,CAAC,SAAS,EAAE;YACxD,KAAK,EAAE,WAAW;SACnB,CAAC,CAAA;IACJ,CAAC;IAED,+BAA+B;IAC/B,IAAI,UAAU,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;QACxC,MAAM,SAAS,GAAG,UAAU,CAAC,UAAU,GAAG,CAAC,UAAU,CAAC,WAAW,IAAI,CAAC,CAAC,CAAA;QACvE,IAAI,SAAS,IAAI,CAAC,EAAE,CAAC;YACnB,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,kBAAkB;gBACxB,QAAQ,EAAE,OAAO;gBACjB,OAAO,EAAE,sCAAsC,UAAU,CAAC,WAAW,OAAO,UAAU,CAAC,UAAU,EAAE;gBACnG,KAAK,EAAE,YAAY;aACpB,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,8DAA8D;IAC9D,IAAI,UAAU,CAAC,YAAY,IAAI,UAAU,CAAC,QAAQ,EAAE,CAAC;QACnD,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,oBAAoB;YAC1B,QAAQ,EAAE,MAAM;YAChB,OAAO,EAAE,8BAA8B,UAAU,CAAC,YAAY,IAAI,UAAU,CAAC,QAAQ,iCAAiC;YACtH,KAAK,EAAE,cAAc;SACtB,CAAC,CAAA;IACJ,CAAC;IAED,OAAO,MAAM,CAAC,MAAM,CAAC,CAAA;AACvB,CAAC;AAyBD;;;;;;;GAOG;AACH,MAAM,UAAU,wBAAwB,CACtC,UAAsB,EACtB,OAGC;IAED,MAAM,OAAO,GAAwB,EAAE,CAAA;IACvC,IAAI,SAAS,GAAG,CAAC,CAAA;IACjB,IAAI,aAAa,GAAG,CAAC,CAAA;IACrB,MAAM,cAAc,GAAa,EAAE,CAAA;IAEnC,+BAA+B;IAC/B,IAAI,UAAU,CAAC,UAAU,KAAK,SAAS,IAAI,OAAO,EAAE,cAAc,KAAK,SAAS,EAAE,CAAC;QACjF,SAAS,EAAE,CAAA;QACX,IAAI,UAAU,CAAC,UAAU,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC;YACnD,OAAO,CAAC,IAAI,CAAC;gBACX,QAAQ,EAAE,OAAO;gBACjB,IAAI,EAAE,eAAe;gBACrB,OAAO,EAAE,iBAAiB,UAAU,CAAC,UAAU,oCAAoC,OAAO,CAAC,cAAc,IAAI;aAC9G,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;SAAM,CAAC;QACN,aAAa,EAAE,CAAA;QACf,IAAI,OAAO,EAAE,cAAc,KAAK,SAAS,EAAE,CAAC;YAC1C,cAAc,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAA;QACpD,CAAC;aAAM,CAAC;YACN,cAAc,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAA;QACzD,CAAC;IACH,CAAC;IAED,+BAA+B;IAC/B,IAAI,OAAO,EAAE,cAAc,IAAI,OAAO,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjE,SAAS,EAAE,CAAA;QACX,MAAM,aAAa,GAAG,OAAO,CAAC,cAAc,CAAC,MAAM,CACjD,QAAQ,CAAC,EAAE,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,WAAW,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAC9E,CAAA;QACD,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7B,OAAO,CAAC,IAAI,CAAC;gBACX,QAAQ,EAAE,OAAO;gBACjB,IAAI,EAAE,eAAe;gBACrB,OAAO,EAAE,wBAAwB,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,4BAA4B,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI;aAC1I,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;SAAM,CAAC;QACN,aAAa,EAAE,CAAA;QACf,cAAc,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAA;IACpD,CAAC;IAED,oDAAoD;IACpD,aAAa,IAAI,CAAC,CAAA;IAClB,cAAc,CAAC,IAAI,CACjB,6DAA6D,EAC7D,8CAA8C,EAC9C,kDAAkD,CACnD,CAAA;IAED,OAAO;QACL,aAAa,EAAE,UAAU,CAAC,YAAY;QACtC,UAAU,EAAE,SAAS;QACrB,cAAc,EAAE,aAAa;QAC7B,eAAe,EAAE,cAAc;QAC/B,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,MAAM;QAC1D,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,MAAM;QAC9D,OAAO;KACR,CAAA;AACH,CAAC"}

package/dist/src/core/key-rotation.d.ts

@@ -0,0 +1,53 @@
+import type { AgentPassport, KeyPair } from '../types/passport.js';
+import type { RotatableDIDDocument, RotationMode, RotationState } from '../types/passport.js';
+/**
+ * Create a rotation-capable DID Document for a passport.
+ * One verificationMethod, empty rotationLog, no pending rotation.
+ */
+export declare function createDIDDocument(passport: AgentPassport): RotatableDIDDocument;
+/**
+ * Announce a key rotation. Old key signs the rotation entry.
+ *
+ * planned mode: configurable overlap (default 24h). Both keys valid until activationTime.
+ * emergency mode: old key immediately retired. New key is sole authority.
+ */
+export declare function announceKeyRotation(doc: RotatableDIDDocument, oldPrivateKey: string, newKeyPair: KeyPair, options: {
+    mode: RotationMode;
+    activationDelayMs?: number;
+}): RotatableDIDDocument;
+/**
+ * Activate a pending planned rotation after activationTime.
+ * Removes old key from auth/assertion/capabilityDelegation, sets retiredAt.
+ */
+export declare function activateKeyRotation(doc: RotatableDIDDocument, now?: Date): RotatableDIDDocument;
+/**
+ * Walk rotationLog and verify each entry's rotationSignature.
+ * Returns true if ALL entries have valid signatures, false if any fail.
+ */
+export declare function verifyRotationChain(doc: RotatableDIDDocument): boolean;
+/**
+ * Check if a public key is currently authorized for active operations.
+ * NOTE: This is SDK convenience. Gateway enforcement is authoritative.
+ */
+export declare function isKeyActive(doc: RotatableDIDDocument, publicKey: string, now?: Date): boolean;
+export interface RotationResult {
+    didDocument: RotatableDIDDocument;
+    rotationState: RotationState;
+    revocationResults: Array<{
+        delegationId: string;
+        cascadeCount: number;
+        error?: string;
+    }>;
+}
+/**
+ * Full rotation with delegation invalidation. Explicit state machine:
+ * announced → revocation_in_progress → revocation_complete → activated
+ *
+ * Partial failure is VISIBLE. If 3 of 5 delegations revoke but 2 fail,
+ * state stays 'revocation_in_progress' and the caller sees which failed.
+ */
+export declare function rotateAndInvalidate(doc: RotatableDIDDocument, oldPrivateKey: string, newKeyPair: KeyPair, delegationIdsToRevoke: string[], options: {
+    mode: RotationMode;
+    activationDelayMs?: number;
+}): RotationResult;
+//# sourceMappingURL=key-rotation.d.ts.map

package/dist/src/core/key-rotation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"key-rotation.d.ts","sourceRoot":"","sources":["../../../src/core/key-rotation.ts"],"names":[],"mappings":"AAeA,OAAO,KAAK,EAAE,aAAa,EAAE,OAAO,EAAE,MAAM,sBAAsB,CAAA;AAClE,OAAO,KAAK,EACV,oBAAoB,EACpB,YAAY,EAAE,aAAa,EAC5B,MAAM,sBAAsB,CAAA;AAa7B;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,aAAa,GAAG,oBAAoB,CAwB/E;AAkBD;;;;;GAKG;AACH,wBAAgB,mBAAmB,CACjC,GAAG,EAAE,oBAAoB,EACzB,aAAa,EAAE,MAAM,EACrB,UAAU,EAAE,OAAO,EACnB,OAAO,EAAE;IAAE,IAAI,EAAE,YAAY,CAAC;IAAC,iBAAiB,CAAC,EAAE,MAAM,CAAA;CAAE,GAC1D,oBAAoB,CAmFtB;AAMD;;;GAGG;AACH,wBAAgB,mBAAmB,CACjC,GAAG,EAAE,oBAAoB,EACzB,GAAG,CAAC,EAAE,IAAI,GACT,oBAAoB,CAuDtB;AAMD;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,oBAAoB,GAAG,OAAO,CAUtE;AAMD;;;GAGG;AACH,wBAAgB,WAAW,CACzB,GAAG,EAAE,oBAAoB,EACzB,SAAS,EAAE,MAAM,EACjB,GAAG,CAAC,EAAE,IAAI,GACT,OAAO,CAwBT;AAMD,MAAM,WAAW,cAAc;IAC7B,WAAW,EAAE,oBAAoB,CAAA;IACjC,aAAa,EAAE,aAAa,CAAA;IAC5B,iBAAiB,EAAE,KAAK,CAAC;QAAE,YAAY,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;CACzF;AAED;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CACjC,GAAG,EAAE,oBAAoB,EACzB,aAAa,EAAE,MAAM,EACrB,UAAU,EAAE,OAAO,EACnB,qBAAqB,EAAE,MAAM,EAAE,EAC/B,OAAO,EAAE;IAAE,IAAI,EAAE,YAAY,CAAC;IAAC,iBAAiB,CAAC,EAAE,MAAM,CAAA;CAAE,GAC1D,cAAc,CAsEhB"}