agent-passport-system 1.34.0 → 1.36.0

package/dist/src/adapters/a2a.d.ts

@@ -27,4 +27,56 @@ export interface A2AGovernance {
     hook: GovernanceHook;
 }
 export declare function createA2AGovernance(config: GovernanceHookConfig): A2AGovernance;
+import type { Delegation, SignedPassport } from '../types/passport.js';
+export interface A2AAgentCardV2 {
+    name: string;
+    description?: string;
+    url?: string;
+    provider?: {
+        organization: string;
+        url?: string;
+    };
+    version?: string;
+    capabilities?: {
+        streaming?: boolean;
+        pushNotifications?: boolean;
+        stateTransitionHistory?: boolean;
+    };
+    skills?: Array<{
+        id: string;
+        name: string;
+        description?: string;
+        inputModes?: string[];
+        outputModes?: string[];
+    }>;
+    securitySchemes?: Record<string, unknown>;
+    security?: unknown[];
+    defaultInputModes?: string[];
+    defaultOutputModes?: string[];
+    extensions?: {
+        aps_trust?: unknown;
+        [k: string]: unknown;
+    };
+}
+/** Convert APS passport to A2A Agent Card */
+export declare function passportToA2ACard(passport: SignedPassport, opts?: {
+    delegation?: Delegation;
+    url?: string;
+    skills?: A2AAgentCardV2['skills'];
+    capabilities?: A2AAgentCardV2['capabilities'];
+}): A2AAgentCardV2;
+/** Convert A2A Agent Card to APS passport metadata */
+export declare function a2aCardToPassportMeta(card: A2AAgentCardV2): {
+    agentId: string;
+    metadata: Record<string, unknown>;
+};
+/** Verify an A2A agent has valid APS identity */
+export declare function verifyA2AIdentity(card: A2AAgentCardV2, passport: SignedPassport): {
+    valid: boolean;
+    errors: string[];
+};
+/** Extract delegation scope from A2A skills */
+export declare function a2aSkillsToScope(skills?: A2AAgentCardV2['skills']): string[];
+/** Embed APS trust signal in Agent Card extensions */
+export declare function embedA2ATrustSignal(card: A2AAgentCardV2, passport: SignedPassport, trustEndpoint?: string): A2AAgentCardV2;
 //# sourceMappingURL=a2a.d.ts.map

package/dist/src/adapters/a2a.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"a2a.d.ts","sourceRoot":"","sources":["../../../src/adapters/a2a.ts"],"names":[],"mappings":"AACA;;;;;;GAMG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AACrD,OAAO,KAAK,EAAE,oBAAoB,EAAoB,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAA;AACvH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAA;AAEnD,MAAM,WAAW,aAAa;IAC5B,qDAAqD;IACrD,YAAY,EAAE,CAAC,IAAI,EAAE,YAAY,KAAK,MAAM,EAAE,CAAA;IAC9C,8BAA8B;IAC9B,cAAc,EAAE,CACd,UAAU,EAAE,YAAY,EACxB,eAAe,EAAE,MAAM,EACvB,OAAO,EAAE,MAAM,OAAO,CAAC,OAAO,CAAC,KAC5B,OAAO,CAAC;QAAE,MAAM,EAAE,OAAO,CAAC;QAAC,OAAO,EAAE,iBAAiB,CAAC;QAAC,UAAU,EAAE,gBAAgB,CAAA;KAAE,CAAC,CAAA;IAC3F,8BAA8B;IAC9B,iBAAiB,EAAE,CACjB,SAAS,EAAE,MAAM,EACjB,eAAe,EAAE,MAAM,EACvB,OAAO,EAAE,MAAM,OAAO,CAAC,OAAO,CAAC,KAC5B,OAAO,CAAC;QAAE,MAAM,EAAE,OAAO,CAAC;QAAC,OAAO,EAAE,iBAAiB,CAAC;QAAC,UAAU,EAAE,gBAAgB,CAAA;KAAE,CAAC,CAAA;IAC3F,eAAe,EAAE,MAAM,iBAAiB,EAAE,CAAA;IAC1C,IAAI,EAAE,cAAc,CAAA;CACrB;AAED,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,oBAAoB,GAAG,aAAa,CAmD/E"}
+{"version":3,"file":"a2a.d.ts","sourceRoot":"","sources":["../../../src/adapters/a2a.ts"],"names":[],"mappings":"AACA;;;;;;GAMG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AACrD,OAAO,KAAK,EAAE,oBAAoB,EAAoB,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAA;AACvH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAA;AAEnD,MAAM,WAAW,aAAa;IAC5B,qDAAqD;IACrD,YAAY,EAAE,CAAC,IAAI,EAAE,YAAY,KAAK,MAAM,EAAE,CAAA;IAC9C,8BAA8B;IAC9B,cAAc,EAAE,CACd,UAAU,EAAE,YAAY,EACxB,eAAe,EAAE,MAAM,EACvB,OAAO,EAAE,MAAM,OAAO,CAAC,OAAO,CAAC,KAC5B,OAAO,CAAC;QAAE,MAAM,EAAE,OAAO,CAAC;QAAC,OAAO,EAAE,iBAAiB,CAAC;QAAC,UAAU,EAAE,gBAAgB,CAAA;KAAE,CAAC,CAAA;IAC3F,8BAA8B;IAC9B,iBAAiB,EAAE,CACjB,SAAS,EAAE,MAAM,EACjB,eAAe,EAAE,MAAM,EACvB,OAAO,EAAE,MAAM,OAAO,CAAC,OAAO,CAAC,KAC5B,OAAO,CAAC;QAAE,MAAM,EAAE,OAAO,CAAC;QAAC,OAAO,EAAE,iBAAiB,CAAC;QAAC,UAAU,EAAE,gBAAgB,CAAA;KAAE,CAAC,CAAA;IAC3F,eAAe,EAAE,MAAM,iBAAiB,EAAE,CAAA;IAC1C,IAAI,EAAE,cAAc,CAAA;CACrB;AAED,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,oBAAoB,GAAG,aAAa,CAmD/E;AAQD,OAAO,KAAK,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AAEtE,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAA;IACZ,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,QAAQ,CAAC,EAAE;QAAE,YAAY,EAAE,MAAM,CAAC;QAAC,GAAG,CAAC,EAAE,MAAM,CAAA;KAAE,CAAA;IACjD,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,YAAY,CAAC,EAAE;QACb,SAAS,CAAC,EAAE,OAAO,CAAA;QACnB,iBAAiB,CAAC,EAAE,OAAO,CAAA;QAC3B,sBAAsB,CAAC,EAAE,OAAO,CAAA;KACjC,CAAA;IACD,MAAM,CAAC,EAAE,KAAK,CAAC;QACb,EAAE,EAAE,MAAM,CAAA;QACV,IAAI,EAAE,MAAM,CAAA;QACZ,WAAW,CAAC,EAAE,MAAM,CAAA;QACpB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAA;QACrB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAA;KACvB,CAAC,CAAA;IACF,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IACzC,QAAQ,CAAC,EAAE,OAAO,EAAE,CAAA;IACpB,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAA;IAC5B,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAA;IAC7B,UAAU,CAAC,EAAE;QAAE,SAAS,CAAC,EAAE,OAAO,CAAC;QAAC,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAAA;KAAE,CAAA;CAC3D;AAED,6CAA6C;AAC7C,wBAAgB,iBAAiB,CAC/B,QAAQ,EAAE,cAAc,EACxB,IAAI,CAAC,EAAE;IACL,UAAU,CAAC,EAAE,UAAU,CAAA;IACvB,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,MAAM,CAAC,EAAE,cAAc,CAAC,QAAQ,CAAC,CAAA;IACjC,YAAY,CAAC,EAAE,cAAc,CAAC,cAAc,CAAC,CAAA;CAC9C,GACA,cAAc,CAgChB;AAED,sDAAsD;AACtD,wBAAgB,qBAAqB,CACnC,IAAI,EAAE,cAAc,GACnB;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CAAE,CAaxD;AAED,iDAAiD;AACjD,wBAAgB,iBAAiB,CAC/B,IAAI,EAAE,cAAc,EACpB,QAAQ,EAAE,cAAc,GACvB;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,CAiBtC;AAED,+CAA+C;AAC/C,wBAAgB,gBAAgB,CAC9B,MAAM,CAAC,EAAE,cAAc,CAAC,QAAQ,CAAC,GAChC,MAAM,EAAE,CAGV;AAED,sDAAsD;AACtD,wBAAgB,mBAAmB,CACjC,IAAI,EAAE,cAAc,EACpB,QAAQ,EAAE,cAAc,EACxB,aAAa,CAAC,EAAE,MAAM,GACrB,cAAc,CAahB"}

package/dist/src/adapters/a2a.js

@@ -50,4 +50,92 @@ export function createA2AGovernance(config) {
         hook,
     };
 }
+// ══════════════════════════════════════
+// v2: Direct passport ↔ Agent Card bridge (IBAC pattern)
+// ══════════════════════════════════════
+import { verifyPassport } from '../verification/verify.js';
+/** Convert APS passport to A2A Agent Card */
+export function passportToA2ACard(passport, opts) {
+    const p = passport.passport;
+    const card = {
+        name: p.agentName || p.agentId,
+        description: p.mission,
+        url: opts?.url,
+        version: '1.0',
+        capabilities: opts?.capabilities || {},
+        securitySchemes: {
+            aps_ed25519: {
+                type: 'ed25519',
+                publicKey: p.publicKey,
+                agentId: p.agentId,
+            },
+        },
+    };
+    // Map delegation scope to skills
+    if (opts?.skills) {
+        card.skills = opts.skills;
+    }
+    else if (opts?.delegation) {
+        card.skills = opts.delegation.scope.map(s => ({
+            id: s,
+            name: s.replace(/:/g, ' ').replace(/\b\w/g, c => c.toUpperCase()),
+        }));
+    }
+    if (p.ownerAlias) {
+        card.provider = { organization: p.ownerAlias };
+    }
+    return card;
+}
+/** Convert A2A Agent Card to APS passport metadata */
+export function a2aCardToPassportMeta(card) {
+    return {
+        agentId: card.name.toLowerCase().replace(/[^a-z0-9-]/g, '-'),
+        metadata: {
+            a2a_name: card.name,
+            a2a_description: card.description,
+            a2a_url: card.url,
+            a2a_provider: card.provider,
+            a2a_version: card.version,
+            a2a_capabilities: card.capabilities,
+            a2a_skill_count: card.skills?.length || 0,
+        },
+    };
+}
+/** Verify an A2A agent has valid APS identity */
+export function verifyA2AIdentity(card, passport) {
+    const errors = [];
+    const pc = verifyPassport(passport);
+    if (!pc.valid)
+        errors.push(...pc.errors);
+    const p = passport.passport;
+    if (card.name !== p.agentName && card.name !== p.agentId) {
+        errors.push(`Card name "${card.name}" does not match passport agentName "${p.agentName}" or agentId "${p.agentId}"`);
+    }
+    const schemePubKey = card.securitySchemes?.aps_ed25519?.publicKey;
+    if (schemePubKey && schemePubKey !== p.publicKey) {
+        errors.push('Card security scheme publicKey does not match passport publicKey');
+    }
+    return { valid: errors.length === 0, errors };
+}
+/** Extract delegation scope from A2A skills */
+export function a2aSkillsToScope(skills) {
+    if (!skills || skills.length === 0)
+        return [];
+    return skills.map(s => `a2a:${s.id}`);
+}
+/** Embed APS trust signal in Agent Card extensions */
+export function embedA2ATrustSignal(card, passport, trustEndpoint) {
+    return {
+        ...card,
+        extensions: {
+            ...card.extensions,
+            aps_trust: {
+                agentId: passport.passport.agentId,
+                publicKey: passport.passport.publicKey,
+                trustEndpoint: trustEndpoint || `https://gateway.aeoess.com/api/v1/public/trust/${passport.passport.agentId}`,
+                protocol: 'agent-passport-system',
+            },
+        },
+    };
+}
 //# sourceMappingURL=a2a.js.map

package/dist/src/adapters/a2a.js.map

@@ -1 +1 @@
-{"version":3,"file":"a2a.js","sourceRoot":"","sources":["../../../src/adapters/a2a.ts"],"names":[],"mappings":"AAAA,0EAA0E;AAC1E;;;;;;GAMG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AAuBrD,MAAM,UAAU,mBAAmB,CAAC,MAA4B;IAC9D,MAAM,IAAI,GAAG,IAAI,cAAc,CAAC,MAAM,CAAC,CAAA;IAEvC,MAAM,YAAY,GAAG,CAAC,IAAkB,EAAY,EAAE;QACpD,MAAM,MAAM,GAAa,EAAE,CAAA;QAC3B,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBAChC,MAAM,CAAC,IAAI,CAAC,aAAa,KAAK,CAAC,EAAE,EAAE,CAAC,CAAA;YACtC,CAAC;QACH,CAAC;QACD,IAAI,IAAI,CAAC,YAAY,EAAE,SAAS;YAAE,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;QAC9D,IAAI,IAAI,CAAC,YAAY,EAAE,iBAAiB;YAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;QACjE,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;YAAE,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAA;QACxD,OAAO,MAAM,CAAA;IACf,CAAC,CAAA;IAED,MAAM,cAAc,GAAG,KAAK,EAC1B,UAAwB,EACxB,eAAuB,EACvB,OAA+B,EAC/B,EAAE;QACF,MAAM,MAAM,GAAqB;YAC/B,IAAI,EAAE,eAAe;YACrB,MAAM,EAAE,UAAU,CAAC,GAAG;YACtB,aAAa,EAAE,kBAAkB;YACjC,QAAQ,EAAE,EAAE,UAAU,EAAE,UAAU,CAAC,IAAI,EAAE,IAAI,EAAE,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;SAC/E,CAAA;QACD,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IACnC,CAAC,CAAA;IAED,MAAM,iBAAiB,GAAG,KAAK,EAC7B,SAAiB,EACjB,eAAuB,EACvB,OAA+B,EAC/B,EAAE;QACF,MAAM,MAAM,GAAqB;YAC/B,IAAI,EAAE,kBAAkB;YACxB,MAAM,EAAE,SAAS;YACjB,aAAa,EAAE,kBAAkB;YACjC,QAAQ,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;SACrE,CAAA;QACD,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IACnC,CAAC,CAAA;IAED,OAAO;QACL,YAAY;QACZ,cAAc;QACd,iBAAiB;QACjB,eAAe,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,WAAW,EAAE;QACzC,IAAI;KACL,CAAA;AACH,CAAC"}
+{"version":3,"file":"a2a.js","sourceRoot":"","sources":["../../../src/adapters/a2a.ts"],"names":[],"mappings":"AAAA,0EAA0E;AAC1E;;;;;;GAMG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AAuBrD,MAAM,UAAU,mBAAmB,CAAC,MAA4B;IAC9D,MAAM,IAAI,GAAG,IAAI,cAAc,CAAC,MAAM,CAAC,CAAA;IAEvC,MAAM,YAAY,GAAG,CAAC,IAAkB,EAAY,EAAE;QACpD,MAAM,MAAM,GAAa,EAAE,CAAA;QAC3B,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBAChC,MAAM,CAAC,IAAI,CAAC,aAAa,KAAK,CAAC,EAAE,EAAE,CAAC,CAAA;YACtC,CAAC;QACH,CAAC;QACD,IAAI,IAAI,CAAC,YAAY,EAAE,SAAS;YAAE,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;QAC9D,IAAI,IAAI,CAAC,YAAY,EAAE,iBAAiB;YAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;QACjE,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;YAAE,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAA;QACxD,OAAO,MAAM,CAAA;IACf,CAAC,CAAA;IAED,MAAM,cAAc,GAAG,KAAK,EAC1B,UAAwB,EACxB,eAAuB,EACvB,OAA+B,EAC/B,EAAE;QACF,MAAM,MAAM,GAAqB;YAC/B,IAAI,EAAE,eAAe;YACrB,MAAM,EAAE,UAAU,CAAC,GAAG;YACtB,aAAa,EAAE,kBAAkB;YACjC,QAAQ,EAAE,EAAE,UAAU,EAAE,UAAU,CAAC,IAAI,EAAE,IAAI,EAAE,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;SAC/E,CAAA;QACD,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IACnC,CAAC,CAAA;IAED,MAAM,iBAAiB,GAAG,KAAK,EAC7B,SAAiB,EACjB,eAAuB,EACvB,OAA+B,EAC/B,EAAE;QACF,MAAM,MAAM,GAAqB;YAC/B,IAAI,EAAE,kBAAkB;YACxB,MAAM,EAAE,SAAS;YACjB,aAAa,EAAE,kBAAkB;YACjC,QAAQ,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;SACrE,CAAA;QACD,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IACnC,CAAC,CAAA;IAED,OAAO;QACL,YAAY;QACZ,cAAc;QACd,iBAAiB;QACjB,eAAe,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,WAAW,EAAE;QACzC,IAAI;KACL,CAAA;AACH,CAAC;AAGD,yCAAyC;AACzC,yDAAyD;AACzD,yCAAyC;AAEzC,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAA;AA4B1D,6CAA6C;AAC7C,MAAM,UAAU,iBAAiB,CAC/B,QAAwB,EACxB,IAKC;IAED,MAAM,CAAC,GAAG,QAAQ,CAAC,QAAQ,CAAA;IAC3B,MAAM,IAAI,GAAmB;QAC3B,IAAI,EAAE,CAAC,CAAC,SAAS,IAAI,CAAC,CAAC,OAAO;QAC9B,WAAW,EAAE,CAAC,CAAC,OAAO;QACtB,GAAG,EAAE,IAAI,EAAE,GAAG;QACd,OAAO,EAAE,KAAK;QACd,YAAY,EAAE,IAAI,EAAE,YAAY,IAAI,EAAE;QACtC,eAAe,EAAE;YACf,WAAW,EAAE;gBACX,IAAI,EAAE,SAAS;gBACf,SAAS,EAAE,CAAC,CAAC,SAAS;gBACtB,OAAO,EAAE,CAAC,CAAC,OAAO;aACnB;SACF;KACF,CAAA;IAED,iCAAiC;IACjC,IAAI,IAAI,EAAE,MAAM,EAAE,CAAC;QACjB,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAA;IAC3B,CAAC;SAAM,IAAI,IAAI,EAAE,UAAU,EAAE,CAAC;QAC5B,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YAC5C,EAAE,EAAE,CAAC;YACL,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;SAClE,CAAC,CAAC,CAAA;IACL,CAAC;IAED,IAAI,CAAC,CAAC,UAAU,EAAE,CAAC;QACjB,IAAI,CAAC,QAAQ,GAAG,EAAE,YAAY,EAAE,CAAC,CAAC,UAAU,EAAE,CAAA;IAChD,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC;AAED,sDAAsD;AACtD,MAAM,UAAU,qBAAqB,CACnC,IAAoB;IAEpB,OAAO;QACL,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,aAAa,EAAE,GAAG,CAAC;QAC5D,QAAQ,EAAE;YACR,QAAQ,EAAE,IAAI,CAAC,IAAI;YACnB,eAAe,EAAE,IAAI,CAAC,WAAW;YACjC,OAAO,EAAE,IAAI,CAAC,GAAG;YACjB,YAAY,EAAE,IAAI,CAAC,QAAQ;YAC3B,WAAW,EAAE,IAAI,CAAC,OAAO;YACzB,gBAAgB,EAAE,IAAI,CAAC,YAAY;YACnC,eAAe,EAAE,IAAI,CAAC,MAAM,EAAE,MAAM,IAAI,CAAC;SAC1C;KACF,CAAA;AACH,CAAC;AAED,iDAAiD;AACjD,MAAM,UAAU,iBAAiB,CAC/B,IAAoB,EACpB,QAAwB;IAExB,MAAM,MAAM,GAAa,EAAE,CAAA;IAE3B,MAAM,EAAE,GAAG,cAAc,CAAC,QAAQ,CAAC,CAAA;IACnC,IAAI,CAAC,EAAE,CAAC,KAAK;QAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,CAAA;IAExC,MAAM,CAAC,GAAG,QAAQ,CAAC,QAAQ,CAAA;IAC3B,IAAI,IAAI,CAAC,IAAI,KAAK,CAAC,CAAC,SAAS,IAAI,IAAI,CAAC,IAAI,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC;QACzD,MAAM,CAAC,IAAI,CAAC,cAAc,IAAI,CAAC,IAAI,wCAAwC,CAAC,CAAC,SAAS,iBAAiB,CAAC,CAAC,OAAO,GAAG,CAAC,CAAA;IACtH,CAAC;IAED,MAAM,YAAY,GAAI,IAAI,CAAC,eAAe,EAAE,WAAuC,EAAE,SAAS,CAAA;IAC9F,IAAI,YAAY,IAAI,YAAY,KAAK,CAAC,CAAC,SAAS,EAAE,CAAC;QACjD,MAAM,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAA;IACjF,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,MAAM,EAAE,CAAA;AAC/C,CAAC;AAED,+CAA+C;AAC/C,MAAM,UAAU,gBAAgB,CAC9B,MAAiC;IAEjC,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAA;IAC7C,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;AACvC,CAAC;AAED,sDAAsD;AACtD,MAAM,UAAU,mBAAmB,CACjC,IAAoB,EACpB,QAAwB,EACxB,aAAsB;IAEtB,OAAO;QACL,GAAG,IAAI;QACP,UAAU,EAAE;YACV,GAAG,IAAI,CAAC,UAAU;YAClB,SAAS,EAAE;gBACT,OAAO,EAAE,QAAQ,CAAC,QAAQ,CAAC,OAAO;gBAClC,SAAS,EAAE,QAAQ,CAAC,QAAQ,CAAC,SAAS;gBACtC,aAAa,EAAE,aAAa,IAAI,kDAAkD,QAAQ,CAAC,QAAQ,CAAC,OAAO,EAAE;gBAC7G,QAAQ,EAAE,uBAAuB;aAClC;SACF;KACF,CAAA;AACH,CAAC"}

package/dist/src/adapters/crewai.d.ts

@@ -40,4 +40,41 @@ export interface CrewAIGovernance {
  * Maps CrewAI's task/tool lifecycle to APS governance.
  */
 export declare function createCrewAIGovernance(config: GovernanceHookConfig): CrewAIGovernance;
+import type { Delegation, ActionReceipt, SignedPassport } from '../types/passport.js';
+export interface CrewTask {
+    description: string;
+    agent: string;
+    tools?: string[];
+    expected_output?: string;
+}
+export interface CrewGovernanceConfig {
+    passport: SignedPassport;
+    delegation: Delegation;
+    privateKey: string;
+    onReceipt?: (r: ActionReceipt) => void;
+    onDenied?: (info: {
+        task: string;
+        agent: string;
+        reason: string;
+    }) => void;
+}
+export interface GovernedTaskResult {
+    output: unknown;
+    receipt: ActionReceipt;
+    toolReceipts: ActionReceipt[];
+}
+/** Generate scopes needed for a CrewTask */
+export declare function crewTaskToScopes(task: CrewTask): string[];
+/** Verify crew member has authority for task */
+export declare function verifyCrewMember(agentName: string, task: CrewTask, config: CrewGovernanceConfig): {
+    authorized: boolean;
+    reason: string;
+    scope: string;
+};
+/** Wrap task execution with governance */
+export declare function governCrewTask(task: CrewTask, execute: (task: CrewTask) => Promise<unknown>, config: CrewGovernanceConfig): Promise<GovernedTaskResult | {
+    denied: true;
+    reason: string;
+    receipt: ActionReceipt;
+}>;
 //# sourceMappingURL=crewai.d.ts.map

package/dist/src/adapters/crewai.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"crewai.d.ts","sourceRoot":"","sources":["../../../src/adapters/crewai.ts"],"names":[],"mappings":"AACA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AACrD,OAAO,KAAK,EAAE,oBAAoB,EAAoB,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAA;AAEvH,MAAM,WAAW,gBAAgB;IAC/B,WAAW,EAAE,MAAM,CAAA;IACnB,MAAM,EAAE,MAAM,CAAA;IACd,KAAK,EAAE,MAAM,CAAA;CACd;AAED,MAAM,WAAW,gBAAgB;IAC/B,kCAAkC;IAClC,YAAY,EAAE,CAAC,MAAM,EAAE,gBAAgB,KAAK,iBAAiB,CAAA;IAC7D,uCAAuC;IACvC,gBAAgB,EAAE,CAAC,CAAC,EAClB,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,OAAO,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,EACzB,aAAa,CAAC,EAAE,MAAM,KACnB,OAAO,CAAC;QAAE,MAAM,EAAE,CAAC,GAAG,IAAI,CAAC;QAAC,OAAO,EAAE,iBAAiB,CAAC;QAAC,UAAU,EAAE,gBAAgB,CAAA;KAAE,CAAC,CAAA;IAC5F,uBAAuB;IACvB,WAAW,EAAE,MAAM,iBAAiB,EAAE,CAAA;IACtC,8BAA8B;IAC9B,IAAI,EAAE,cAAc,CAAA;CACrB;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,oBAAoB,GAAG,gBAAgB,CAoCrF"}
+{"version":3,"file":"crewai.d.ts","sourceRoot":"","sources":["../../../src/adapters/crewai.ts"],"names":[],"mappings":"AACA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AACrD,OAAO,KAAK,EAAE,oBAAoB,EAAoB,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAA;AAEvH,MAAM,WAAW,gBAAgB;IAC/B,WAAW,EAAE,MAAM,CAAA;IACnB,MAAM,EAAE,MAAM,CAAA;IACd,KAAK,EAAE,MAAM,CAAA;CACd;AAED,MAAM,WAAW,gBAAgB;IAC/B,kCAAkC;IAClC,YAAY,EAAE,CAAC,MAAM,EAAE,gBAAgB,KAAK,iBAAiB,CAAA;IAC7D,uCAAuC;IACvC,gBAAgB,EAAE,CAAC,CAAC,EAClB,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,OAAO,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,EACzB,aAAa,CAAC,EAAE,MAAM,KACnB,OAAO,CAAC;QAAE,MAAM,EAAE,CAAC,GAAG,IAAI,CAAC;QAAC,OAAO,EAAE,iBAAiB,CAAC;QAAC,UAAU,EAAE,gBAAgB,CAAA;KAAE,CAAC,CAAA;IAC5F,uBAAuB;IACvB,WAAW,EAAE,MAAM,iBAAiB,EAAE,CAAA;IACtC,8BAA8B;IAC9B,IAAI,EAAE,cAAc,CAAA;CACrB;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,oBAAoB,GAAG,gBAAgB,CAoCrF;AAWD,OAAO,KAAK,EAAE,UAAU,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AAErF,MAAM,WAAW,QAAQ;IACvB,WAAW,EAAE,MAAM,CAAA;IACnB,KAAK,EAAE,MAAM,CAAA;IACb,KAAK,CAAC,EAAE,MAAM,EAAE,CAAA;IAChB,eAAe,CAAC,EAAE,MAAM,CAAA;CACzB;AAED,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,cAAc,CAAA;IACxB,UAAU,EAAE,UAAU,CAAA;IACtB,UAAU,EAAE,MAAM,CAAA;IAClB,SAAS,CAAC,EAAE,CAAC,CAAC,EAAE,aAAa,KAAK,IAAI,CAAA;IACtC,QAAQ,CAAC,EAAE,CAAC,IAAI,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,KAAK,IAAI,CAAA;CAC3E;AAED,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,OAAO,CAAA;IACf,OAAO,EAAE,aAAa,CAAA;IACtB,YAAY,EAAE,aAAa,EAAE,CAAA;CAC9B;AAmBD,4CAA4C;AAC5C,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,QAAQ,GAAG,MAAM,EAAE,CAQzD;AAED,gDAAgD;AAChD,wBAAgB,gBAAgB,CAC9B,SAAS,EAAE,MAAM,EACjB,IAAI,EAAE,QAAQ,EACd,MAAM,EAAE,oBAAoB,GAC3B;IAAE,UAAU,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAiBxD;AAED,0CAA0C;AAC1C,wBAAsB,cAAc,CAClC,IAAI,EAAE,QAAQ,EACd,OAAO,EAAE,CAAC,IAAI,EAAE,QAAQ,KAAK,OAAO,CAAC,OAAO,CAAC,EAC7C,MAAM,EAAE,oBAAoB,GAC3B,OAAO,CAAC,kBAAkB,GAAG;IAAE,MAAM,EAAE,IAAI,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,aAAa,CAAA;CAAE,CAAC,CAyBxF"}

package/dist/src/adapters/crewai.js

@@ -49,4 +49,79 @@ export function createCrewAIGovernance(config) {
         hook,
     };
 }
+// ══════════════════════════════════════
+// v2: Direct receipt-builder governance (IBAC pattern)
+// ══════════════════════════════════════
+import { scopeAuthorizes, verifyDelegation } from '../core/delegation.js';
+import { verifyPassport } from '../verification/verify.js';
+import { sign } from '../crypto/keys.js';
+import { canonicalize } from '../core/canonical.js';
+function buildCrewReceipt(agentId, delegationId, privateKey, target, scope, status, summary) {
+    const data = {
+        receiptId: `rcpt_crew_${Date.now().toString(36)}_${Math.random().toString(36).slice(2, 6)}`,
+        version: '1.1',
+        timestamp: new Date().toISOString(),
+        agentId, delegationId,
+        action: { type: 'crew_task', target, scopeUsed: scope },
+        result: { status, summary },
+        delegationChain: [],
+    };
+    const sig = sign(canonicalize(data), privateKey);
+    return { ...data, signature: sig };
+}
+/** Generate scopes needed for a CrewTask */
+export function crewTaskToScopes(task) {
+    const scopes = [`crew:execute:${task.agent}`];
+    if (task.tools) {
+        for (const tool of task.tools) {
+            scopes.push(`tools:${tool}`);
+        }
+    }
+    return scopes;
+}
+/** Verify crew member has authority for task */
+export function verifyCrewMember(agentName, task, config) {
+    const scopes = crewTaskToScopes(task);
+    const mainScope = scopes[0];
+    const pc = verifyPassport(config.passport);
+    if (!pc.valid)
+        return { authorized: false, reason: `Passport invalid: ${pc.errors.join(', ')}`, scope: mainScope };
+    const dc = verifyDelegation(config.delegation);
+    if (!dc.valid)
+        return { authorized: false, reason: `Delegation invalid: ${dc.errors.join(', ')}`, scope: mainScope };
+    for (const scope of scopes) {
+        if (!scopeAuthorizes(config.delegation.scope, scope)) {
+            return { authorized: false, reason: `Scope "${scope}" not covered by delegation`, scope };
+        }
+    }
+    return { authorized: true, reason: `All ${scopes.length} scopes authorized`, scope: mainScope };
+}
+/** Wrap task execution with governance */
+export async function governCrewTask(task, execute, config) {
+    const check = verifyCrewMember(task.agent, task, config);
+    const { passport, delegation, privateKey } = config;
+    if (!check.authorized) {
+        if (config.onDenied)
+            config.onDenied({ task: task.description, agent: task.agent, reason: check.reason });
+        const receipt = buildCrewReceipt(passport.passport.agentId, delegation.delegationId, privateKey, task.description, check.scope, 'failure', check.reason);
+        if (config.onReceipt)
+            config.onReceipt(receipt);
+        return { denied: true, reason: check.reason, receipt };
+    }
+    const output = await execute(task);
+    // Build tool-level receipts
+    const toolReceipts = (task.tools || []).map(tool => {
+        const scope = `tools:${tool}`;
+        return buildCrewReceipt(passport.passport.agentId, delegation.delegationId, privateKey, tool, scope, 'success', `Tool ${tool} used during task`);
+    });
+    const mainScope = crewTaskToScopes(task).join(', ');
+    const receipt = buildCrewReceipt(passport.passport.agentId, delegation.delegationId, privateKey, task.description, mainScope, 'success', `Task completed with ${(task.tools || []).length} tools`);
+    if (config.onReceipt)
+        config.onReceipt(receipt);
+    for (const tr of toolReceipts) {
+        if (config.onReceipt)
+            config.onReceipt(tr);
+    }
+    return { output, receipt, toolReceipts };
+}
 //# sourceMappingURL=crewai.js.map

package/dist/src/adapters/crewai.js.map

@@ -1 +1 @@
-{"version":3,"file":"crewai.js","sourceRoot":"","sources":["../../../src/adapters/crewai.ts"],"names":[],"mappings":"AAAA,0EAA0E;AAC1E;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AAyBrD;;;GAGG;AACH,MAAM,UAAU,sBAAsB,CAAC,MAA4B;IACjE,MAAM,IAAI,GAAG,IAAI,cAAc,CAAC,MAAM,CAAC,CAAA;IAEvC,MAAM,YAAY,GAAG,CAAC,MAAwB,EAAqB,EAAE;QACnE,MAAM,MAAM,GAAqB;YAC/B,IAAI,EAAE,sBAAsB;YAC5B,MAAM,EAAE,MAAM,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;YACxC,aAAa,EAAE,cAAc;YAC7B,QAAQ,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,YAAY,EAAE,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE;SACtE,CAAA;QACD,MAAM,UAAU,GAAG,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAA;QAC5C,OAAO,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAA;IAClF,CAAC,CAAA;IAED,MAAM,gBAAgB,GAAG,KAAK,EAC5B,QAAgB,EAChB,MAA+B,EAC/B,OAAyB,EACzB,aAAsB,EACtB,EAAE;QACF,MAAM,MAAM,GAAqB;YAC/B,IAAI,EAAE,eAAe,QAAQ,EAAE;YAC/B,MAAM,EAAE,QAAQ;YAChB,aAAa,EAAE,QAAQ,QAAQ,EAAE;YACjC,QAAQ,EAAE,MAAM;YAChB,aAAa;SACd,CAAA;QACD,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IACnC,CAAC,CAAA;IAED,OAAO;QACL,YAAY;QACZ,gBAAgB;QAChB,WAAW,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,WAAW,EAAE;QACrC,IAAI;KACL,CAAA;AACH,CAAC"}
+{"version":3,"file":"crewai.js","sourceRoot":"","sources":["../../../src/adapters/crewai.ts"],"names":[],"mappings":"AAAA,0EAA0E;AAC1E;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AAyBrD;;;GAGG;AACH,MAAM,UAAU,sBAAsB,CAAC,MAA4B;IACjE,MAAM,IAAI,GAAG,IAAI,cAAc,CAAC,MAAM,CAAC,CAAA;IAEvC,MAAM,YAAY,GAAG,CAAC,MAAwB,EAAqB,EAAE;QACnE,MAAM,MAAM,GAAqB;YAC/B,IAAI,EAAE,sBAAsB;YAC5B,MAAM,EAAE,MAAM,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;YACxC,aAAa,EAAE,cAAc;YAC7B,QAAQ,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,YAAY,EAAE,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE;SACtE,CAAA;QACD,MAAM,UAAU,GAAG,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAA;QAC5C,OAAO,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAA;IAClF,CAAC,CAAA;IAED,MAAM,gBAAgB,GAAG,KAAK,EAC5B,QAAgB,EAChB,MAA+B,EAC/B,OAAyB,EACzB,aAAsB,EACtB,EAAE;QACF,MAAM,MAAM,GAAqB;YAC/B,IAAI,EAAE,eAAe,QAAQ,EAAE;YAC/B,MAAM,EAAE,QAAQ;YAChB,aAAa,EAAE,QAAQ,QAAQ,EAAE;YACjC,QAAQ,EAAE,MAAM;YAChB,aAAa;SACd,CAAA;QACD,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IACnC,CAAC,CAAA;IAED,OAAO;QACL,YAAY;QACZ,gBAAgB;QAChB,WAAW,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,WAAW,EAAE;QACrC,IAAI;KACL,CAAA;AACH,CAAC;AAGD,yCAAyC;AACzC,uDAAuD;AACvD,yCAAyC;AAEzC,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAA;AACzE,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAA;AAC1D,OAAO,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAA;AACxC,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAA;AAwBnD,SAAS,gBAAgB,CACvB,OAAe,EAAE,YAAoB,EAAE,UAAkB,EACzD,MAAc,EAAE,KAAa,EAAE,MAA6B,EAAE,OAAe;IAE7E,MAAM,IAAI,GAAqC;QAC7C,SAAS,EAAE,aAAa,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE;QAC3F,OAAO,EAAE,KAAK;QACd,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,OAAO,EAAE,YAAY;QACrB,MAAM,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE;QACvD,MAAM,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE;QAC3B,eAAe,EAAE,EAAE;KACpB,CAAA;IACD,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,UAAU,CAAC,CAAA;IAChD,OAAO,EAAE,GAAG,IAAI,EAAE,SAAS,EAAE,GAAG,EAAmB,CAAA;AACrD,CAAC;AAED,4CAA4C;AAC5C,MAAM,UAAU,gBAAgB,CAAC,IAAc;IAC7C,MAAM,MAAM,GAAG,CAAC,gBAAgB,IAAI,CAAC,KAAK,EAAE,CAAC,CAAA;IAC7C,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;QACf,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC9B,MAAM,CAAC,IAAI,CAAC,SAAS,IAAI,EAAE,CAAC,CAAA;QAC9B,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAA;AACf,CAAC;AAED,gDAAgD;AAChD,MAAM,UAAU,gBAAgB,CAC9B,SAAiB,EACjB,IAAc,EACd,MAA4B;IAE5B,MAAM,MAAM,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAA;IACrC,MAAM,SAAS,GAAG,MAAM,CAAC,CAAC,CAAC,CAAA;IAE3B,MAAM,EAAE,GAAG,cAAc,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAA;IAC1C,IAAI,CAAC,EAAE,CAAC,KAAK;QAAE,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,qBAAqB,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,CAAA;IAElH,MAAM,EAAE,GAAG,gBAAgB,CAAC,MAAM,CAAC,UAAU,CAAC,CAAA;IAC9C,IAAI,CAAC,EAAE,CAAC,KAAK;QAAE,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,CAAA;IAEpH,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,UAAU,CAAC,KAAK,EAAE,KAAK,CAAC,EAAE,CAAC;YACrD,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,KAAK,6BAA6B,EAAE,KAAK,EAAE,CAAA;QAC3F,CAAC;IACH,CAAC;IAED,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,MAAM,CAAC,MAAM,oBAAoB,EAAE,KAAK,EAAE,SAAS,EAAE,CAAA;AACjG,CAAC;AAED,0CAA0C;AAC1C,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,IAAc,EACd,OAA6C,EAC7C,MAA4B;IAE5B,MAAM,KAAK,GAAG,gBAAgB,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,EAAE,MAAM,CAAC,CAAA;IACxD,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,UAAU,EAAE,GAAG,MAAM,CAAA;IAEnD,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QACtB,IAAI,MAAM,CAAC,QAAQ;YAAE,MAAM,CAAC,QAAQ,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,WAAW,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC,CAAA;QACzG,MAAM,OAAO,GAAG,gBAAgB,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,EAAE,UAAU,CAAC,YAAY,EAAE,UAAU,EAAE,IAAI,CAAC,WAAW,EAAE,KAAK,CAAC,KAAK,EAAE,SAAS,EAAE,KAAK,CAAC,MAAM,CAAC,CAAA;QACxJ,IAAI,MAAM,CAAC,SAAS;YAAE,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,CAAA;QAC/C,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,OAAO,EAAE,CAAA;IACxD,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,CAAA;IAElC,4BAA4B;IAC5B,MAAM,YAAY,GAAoB,CAAC,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE;QAClE,MAAM,KAAK,GAAG,SAAS,IAAI,EAAE,CAAA;QAC7B,OAAO,gBAAgB,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,EAAE,UAAU,CAAC,YAAY,EAAE,UAAU,EAAE,IAAI,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,IAAI,mBAAmB,CAAC,CAAA;IAClJ,CAAC,CAAC,CAAA;IAEF,MAAM,SAAS,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IACnD,MAAM,OAAO,GAAG,gBAAgB,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,EAAE,UAAU,CAAC,YAAY,EAAE,UAAU,EAAE,IAAI,CAAC,WAAW,EAAE,SAAS,EAAE,SAAS,EAAE,uBAAuB,CAAC,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,MAAM,QAAQ,CAAC,CAAA;IAClM,IAAI,MAAM,CAAC,SAAS;QAAE,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,CAAA;IAC/C,KAAK,MAAM,EAAE,IAAI,YAAY,EAAE,CAAC;QAAC,IAAI,MAAM,CAAC,SAAS;YAAE,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC,CAAA;IAAC,CAAC;IAE7E,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,CAAA;AAC1C,CAAC"}

package/dist/src/adapters/ibac-cedar.d.ts

@@ -0,0 +1,24 @@
+/**
+ * Cedar Policy Format Bridge for IBAC
+ *
+ * Converts between Cedar-style policy strings and IBAC tuples,
+ * and between APS delegations and Cedar policy format.
+ * No external dependencies.
+ */
+import type { Delegation } from '../types/passport.js';
+import type { IBACTuple } from './ibac.js';
+/**
+ * Parse a Cedar-style policy string into IBAC tuples.
+ *
+ * Supported format:
+ *   permit(principal == "agent:agent-123", action == "tool:query_db", resource == "table:patients");
+ *   permit(principal == "agent:agent-123", action == "tool:read", resource == "file:report.pdf")
+ *     when { max_rows < 100 };
+ */
+export declare function cedarPolicyToTuples(cedarPolicy: string): IBACTuple[];
+/**
+ * Generate a Cedar-style policy string from an APS delegation.
+ * Each scope in the delegation becomes a separate permit statement.
+ */
+export declare function delegationToCedarPolicy(delegation: Delegation): string;
+//# sourceMappingURL=ibac-cedar.d.ts.map

package/dist/src/adapters/ibac-cedar.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ibac-cedar.d.ts","sourceRoot":"","sources":["../../../src/adapters/ibac-cedar.ts"],"names":[],"mappings":"AACA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAA;AACtD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,WAAW,CAAA;AAE1C;;;;;;;GAOG;AACH,wBAAgB,mBAAmB,CAAC,WAAW,EAAE,MAAM,GAAG,SAAS,EAAE,CAqCpE;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,CAAC,UAAU,EAAE,UAAU,GAAG,MAAM,CAuBtE"}

package/dist/src/adapters/ibac-cedar.js

@@ -0,0 +1,76 @@
+// Copyright 2024-2026 Tymofii Pidlisnyi. Apache-2.0 license. See LICENSE.
+/**
+ * Cedar Policy Format Bridge for IBAC
+ *
+ * Converts between Cedar-style policy strings and IBAC tuples,
+ * and between APS delegations and Cedar policy format.
+ * No external dependencies.
+ */
+/**
+ * Parse a Cedar-style policy string into IBAC tuples.
+ *
+ * Supported format:
+ *   permit(principal == "agent:agent-123", action == "tool:query_db", resource == "table:patients");
+ *   permit(principal == "agent:agent-123", action == "tool:read", resource == "file:report.pdf")
+ *     when { max_rows < 100 };
+ */
+export function cedarPolicyToTuples(cedarPolicy) {
+    const tuples = [];
+    const lines = cedarPolicy.split(';').map(l => l.trim()).filter(Boolean);
+    for (const line of lines) {
+        const match = line.match(/permit\s*\(\s*principal\s*==\s*"([^"]+)"\s*,\s*action\s*==\s*"([^"]+)"\s*,\s*resource\s*==\s*"([^"]+)"\s*\)/);
+        if (!match)
+            continue;
+        const tuple = {
+            principal: match[1],
+            action: match[2],
+            resource: match[3],
+        };
+        // Parse optional "when { ... }" constraints
+        const whenMatch = line.match(/when\s*\{([^}]+)\}/);
+        if (whenMatch) {
+            const constraints = {};
+            const pairs = whenMatch[1].split(',').map(s => s.trim()).filter(Boolean);
+            for (const pair of pairs) {
+                const kv = pair.match(/(\w+)\s*(<|>|<=|>=|==)\s*(\S+)/);
+                if (kv) {
+                    const val = isNaN(Number(kv[3])) ? kv[3].replace(/"/g, '') : Number(kv[3]);
+                    constraints[kv[1]] = val;
+                }
+            }
+            if (Object.keys(constraints).length > 0) {
+                tuple.constraints = constraints;
+            }
+        }
+        tuples.push(tuple);
+    }
+    return tuples;
+}
+/**
+ * Generate a Cedar-style policy string from an APS delegation.
+ * Each scope in the delegation becomes a separate permit statement.
+ */
+export function delegationToCedarPolicy(delegation) {
+    const principal = `agent:${delegation.delegatedTo}`;
+    const statements = delegation.scope.map(scope => {
+        // Parse scope format: "prefix:verb:resource" or "prefix:verb"
+        const parts = scope.split(':');
+        let action;
+        let resource;
+        if (parts.length >= 3) {
+            action = `tool:${parts[1]}`;
+            resource = parts.slice(2).join(':');
+        }
+        else if (parts.length === 2) {
+            action = `tool:${parts[1]}`;
+            resource = `${parts[0]}:*`;
+        }
+        else {
+            action = `tool:${scope}`;
+            resource = '*';
+        }
+        return `permit(\n  principal == "${principal}",\n  action == "${action}",\n  resource == "${resource}"\n)`;
+    });
+    return statements.join(';\n\n') + ';';
+}
+//# sourceMappingURL=ibac-cedar.js.map

package/dist/src/adapters/ibac-cedar.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ibac-cedar.js","sourceRoot":"","sources":["../../../src/adapters/ibac-cedar.ts"],"names":[],"mappings":"AAAA,0EAA0E;AAC1E;;;;;;GAMG;AAKH;;;;;;;GAOG;AACH,MAAM,UAAU,mBAAmB,CAAC,WAAmB;IACrD,MAAM,MAAM,GAAgB,EAAE,CAAA;IAC9B,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;IAEvE,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CACtB,6GAA6G,CAC9G,CAAA;QACD,IAAI,CAAC,KAAK;YAAE,SAAQ;QAEpB,MAAM,KAAK,GAAc;YACvB,SAAS,EAAE,KAAK,CAAC,CAAC,CAAC;YACnB,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;YAChB,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC;SACnB,CAAA;QAED,4CAA4C;QAC5C,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAA;QAClD,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,WAAW,GAA4B,EAAE,CAAA;YAC/C,MAAM,KAAK,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;YACxE,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAA;gBACvD,IAAI,EAAE,EAAE,CAAC;oBACP,MAAM,GAAG,GAAG,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAA;oBAC1E,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAA;gBAC1B,CAAC;YACH,CAAC;YACD,IAAI,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACxC,KAAK,CAAC,WAAW,GAAG,WAAW,CAAA;YACjC,CAAC;QACH,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IACpB,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,uBAAuB,CAAC,UAAsB;IAC5D,MAAM,SAAS,GAAG,SAAS,UAAU,CAAC,WAAW,EAAE,CAAA;IACnD,MAAM,UAAU,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE;QAC9C,8DAA8D;QAC9D,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QAC9B,IAAI,MAAc,CAAA;QAClB,IAAI,QAAgB,CAAA;QAEpB,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YACtB,MAAM,GAAG,QAAQ,KAAK,CAAC,CAAC,CAAC,EAAE,CAAA;YAC3B,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QACrC,CAAC;aAAM,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC9B,MAAM,GAAG,QAAQ,KAAK,CAAC,CAAC,CAAC,EAAE,CAAA;YAC3B,QAAQ,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAA;QAC5B,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,QAAQ,KAAK,EAAE,CAAA;YACxB,QAAQ,GAAG,GAAG,CAAA;QAChB,CAAC;QAED,OAAO,4BAA4B,SAAS,oBAAoB,MAAM,sBAAsB,QAAQ,MAAM,CAAA;IAC5G,CAAC,CAAC,CAAA;IAEF,OAAO,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,GAAG,CAAA;AACvC,CAAC"}

package/dist/src/adapters/ibac.d.ts

@@ -0,0 +1,77 @@
+/**
+ * IBAC Adapter — Intent-Based Access Control Bridge
+ *
+ * Bridges Ken Huang's IBAC framework (CSA MAESTRO, OWASP AIVSS, ITU ANS)
+ * into APS enforcement. IBAC defines the intent. APS proves it was enforced.
+ *
+ * Pipeline: Intent → Scope mapping → Delegation check → Signed receipt
+ */
+import type { Delegation, ActionReceipt, SignedPassport } from '../types/passport.js';
+export interface IBACIntent {
+    task: string;
+    subject: {
+        id: string;
+        role?: string;
+    };
+    actions: IBACAction[];
+    constraints?: Record<string, unknown>;
+    timestamp: string;
+}
+export interface IBACAction {
+    verb: string;
+    resource: string;
+    constraints?: Record<string, unknown>;
+}
+export interface IBACTuple {
+    principal: string;
+    action: string;
+    resource: string;
+    constraints?: Record<string, unknown>;
+}
+export interface IBACEvaluationResult {
+    intent: IBACIntent;
+    delegation: Delegation;
+    tupleResults: Array<{
+        tuple: IBACTuple;
+        authorized: boolean;
+        scope: string;
+        reason: string;
+    }>;
+    receipt: ActionReceipt;
+}
+/**
+ * Convert IBAC intent to APS delegation scope strings.
+ * Maps verb+resource to hierarchical scope: `prefix:resource`
+ */
+export declare function ibacIntentToScope(intent: IBACIntent): string[];
+/**
+ * Convert IBAC tuples to an APS delegation.
+ * Each tuple becomes a scope entry in the delegation.
+ */
+export declare function ibacTuplesToDelegation(tuples: IBACTuple[], principalKey: string, agentKey: string, privateKey: string, opts?: {
+    expiresInHours?: number;
+    spendLimit?: number;
+}): Delegation;
+/**
+ * Evaluate IBAC tuples against an existing APS delegation.
+ * Returns per-tuple authorized/denied with reason.
+ */
+export declare function evaluateIBACTuples(tuples: IBACTuple[], delegation: Delegation): {
+    tupleResults: Array<{
+        tuple: IBACTuple;
+        authorized: boolean;
+        scope: string;
+        reason: string;
+    }>;
+};
+/**
+ * Full pipeline: intent → scope mapping → evaluation → signed receipt.
+ * IBAC defines the intent. APS proves it was enforced.
+ */
+export declare function governIBACIntent(intent: IBACIntent, config: {
+    passport: SignedPassport;
+    delegation: Delegation;
+    privateKey: string;
+    onReceipt?: (r: ActionReceipt) => void;
+}): IBACEvaluationResult;
+//# sourceMappingURL=ibac.d.ts.map

package/dist/src/adapters/ibac.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ibac.d.ts","sourceRoot":"","sources":["../../../src/adapters/ibac.ts"],"names":[],"mappings":"AACA;;;;;;;GAOG;AAKH,OAAO,KAAK,EAAE,UAAU,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AAIrF,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAA;IACZ,OAAO,EAAE;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAA;KAAE,CAAA;IACtC,OAAO,EAAE,UAAU,EAAE,CAAA;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IACrC,SAAS,EAAE,MAAM,CAAA;CAClB;AAED,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAA;IACZ,QAAQ,EAAE,MAAM,CAAA;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CACtC;AAED,MAAM,WAAW,SAAS;IACxB,SAAS,EAAE,MAAM,CAAA;IACjB,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,MAAM,CAAA;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CACtC;AAED,MAAM,WAAW,oBAAoB;IACnC,MAAM,EAAE,UAAU,CAAA;IAClB,UAAU,EAAE,UAAU,CAAA;IACtB,YAAY,EAAE,KAAK,CAAC;QAClB,KAAK,EAAE,SAAS,CAAA;QAChB,UAAU,EAAE,OAAO,CAAA;QACnB,KAAK,EAAE,MAAM,CAAA;QACb,MAAM,EAAE,MAAM,CAAA;KACf,CAAC,CAAA;IACF,OAAO,EAAE,aAAa,CAAA;CACvB;AAcD;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,UAAU,GAAG,MAAM,EAAE,CAM9D;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CACpC,MAAM,EAAE,SAAS,EAAE,EACnB,YAAY,EAAE,MAAM,EACpB,QAAQ,EAAE,MAAM,EAChB,UAAU,EAAE,MAAM,EAClB,IAAI,CAAC,EAAE;IAAE,cAAc,CAAC,EAAE,MAAM,CAAC;IAAC,UAAU,CAAC,EAAE,MAAM,CAAA;CAAE,GACtD,UAAU,CAeZ;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,CAChC,MAAM,EAAE,SAAS,EAAE,EACnB,UAAU,EAAE,UAAU,GACrB;IAAE,YAAY,EAAE,KAAK,CAAC;QAAE,KAAK,EAAE,SAAS,CAAC;QAAC,UAAU,EAAE,OAAO,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;CAAE,CAoBnG;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,CAC9B,MAAM,EAAE,UAAU,EAClB,MAAM,EAAE;IACN,QAAQ,EAAE,cAAc,CAAA;IACxB,UAAU,EAAE,UAAU,CAAA;IACtB,UAAU,EAAE,MAAM,CAAA;IAClB,SAAS,CAAC,EAAE,CAAC,CAAC,EAAE,aAAa,KAAK,IAAI,CAAA;CACvC,GACA,oBAAoB,CA2CtB"}

package/dist/src/adapters/ibac.js

@@ -0,0 +1,117 @@
+// Copyright 2024-2026 Tymofii Pidlisnyi. Apache-2.0 license. See LICENSE.
+/**
+ * IBAC Adapter — Intent-Based Access Control Bridge
+ *
+ * Bridges Ken Huang's IBAC framework (CSA MAESTRO, OWASP AIVSS, ITU ANS)
+ * into APS enforcement. IBAC defines the intent. APS proves it was enforced.
+ *
+ * Pipeline: Intent → Scope mapping → Delegation check → Signed receipt
+ */
+import { createDelegation, scopeAuthorizes } from '../core/delegation.js';
+import { sign } from '../crypto/keys.js';
+import { canonicalize } from '../core/canonical.js';
+// ── Verb → scope prefix mapping ──
+const VERB_PREFIX = {
+    read: 'data:read',
+    query: 'data:read',
+    write: 'data:write',
+    send: 'comms:send',
+    delete: 'admin:delete',
+};
+// ── Core functions ──
+/**
+ * Convert IBAC intent to APS delegation scope strings.
+ * Maps verb+resource to hierarchical scope: `prefix:resource`
+ */
+export function ibacIntentToScope(intent) {
+    if (!intent.actions || intent.actions.length === 0)
+        return [];
+    return intent.actions.map(action => {
+        const prefix = VERB_PREFIX[action.verb] || `data:${action.verb}`;
+        return `${prefix}:${action.resource}`;
+    });
+}
+/**
+ * Convert IBAC tuples to an APS delegation.
+ * Each tuple becomes a scope entry in the delegation.
+ */
+export function ibacTuplesToDelegation(tuples, principalKey, agentKey, privateKey, opts) {
+    const scope = tuples.map(t => {
+        const verb = t.action.replace(/^tool:/, '');
+        const prefix = VERB_PREFIX[verb] || `data:${verb}`;
+        return `${prefix}:${t.resource}`;
+    });
+    return createDelegation({
+        delegatedTo: agentKey,
+        delegatedBy: principalKey,
+        scope,
+        privateKey,
+        spendLimit: opts?.spendLimit,
+        expiresInHours: opts?.expiresInHours,
+    });
+}
+/**
+ * Evaluate IBAC tuples against an existing APS delegation.
+ * Returns per-tuple authorized/denied with reason.
+ */
+export function evaluateIBACTuples(tuples, delegation) {
+    const tupleResults = tuples.map(tuple => {
+        const verb = tuple.action.replace(/^tool:/, '');
+        const prefix = VERB_PREFIX[verb] || `data:${verb}`;
+        const scope = `${prefix}:${tuple.resource}`;
+        // Check expiry
+        if (new Date(delegation.expiresAt) <= new Date()) {
+            return { tuple, authorized: false, scope, reason: 'Delegation expired' };
+        }
+        const authorized = scopeAuthorizes(delegation.scope, scope);
+        const reason = authorized
+            ? `Scope "${scope}" authorized by delegation`
+            : `Scope "${scope}" not covered by delegation [${delegation.scope.join(', ')}]`;
+        return { tuple, authorized, scope, reason };
+    });
+    return { tupleResults };
+}
+/**
+ * Full pipeline: intent → scope mapping → evaluation → signed receipt.
+ * IBAC defines the intent. APS proves it was enforced.
+ */
+export function governIBACIntent(intent, config) {
+    // Convert intent to tuples
+    const tuples = intent.actions.map(action => ({
+        principal: `agent:${intent.subject.id}`,
+        action: `tool:${action.verb}`,
+        resource: action.resource,
+        constraints: action.constraints,
+    }));
+    // Evaluate
+    const { tupleResults } = evaluateIBACTuples(tuples, config.delegation);
+    const allAuthorized = tupleResults.every(r => r.authorized);
+    const scopesUsed = tupleResults.map(r => r.scope).join(', ');
+    // Build signed receipt
+    const receiptData = {
+        receiptId: `rcpt_ibac_${Date.now().toString(36)}_${Math.random().toString(36).slice(2, 6)}`,
+        version: '1.1',
+        timestamp: new Date().toISOString(),
+        agentId: config.passport.passport.agentId,
+        delegationId: config.delegation.delegationId,
+        action: {
+            type: 'ibac_evaluation',
+            target: intent.task,
+            scopeUsed: scopesUsed,
+        },
+        result: {
+            status: allAuthorized ? 'success' : 'failure',
+            summary: allAuthorized
+                ? `All ${tupleResults.length} IBAC tuples authorized`
+                : `${tupleResults.filter(r => !r.authorized).length} of ${tupleResults.length} tuples denied`,
+        },
+        delegationChain: [],
+    };
+    const canonical = canonicalize(receiptData);
+    const signature = sign(canonical, config.privateKey);
+    const receipt = { ...receiptData, signature };
+    if (config.onReceipt)
+        config.onReceipt(receipt);
+    return { intent, delegation: config.delegation, tupleResults, receipt };
+}
+//# sourceMappingURL=ibac.js.map

package/dist/src/adapters/ibac.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ibac.js","sourceRoot":"","sources":["../../../src/adapters/ibac.ts"],"names":[],"mappings":"AAAA,0EAA0E;AAC1E;;;;;;;GAOG;AAEH,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAA;AACzE,OAAO,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAA;AACxC,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAA;AAsCnD,oCAAoC;AAEpC,MAAM,WAAW,GAA2B;IAC1C,IAAI,EAAE,WAAW;IACjB,KAAK,EAAE,WAAW;IAClB,KAAK,EAAE,YAAY;IACnB,IAAI,EAAE,YAAY;IAClB,MAAM,EAAE,cAAc;CACvB,CAAA;AAED,uBAAuB;AAEvB;;;GAGG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAAkB;IAClD,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAA;IAC7D,OAAO,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE;QACjC,MAAM,MAAM,GAAG,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,QAAQ,MAAM,CAAC,IAAI,EAAE,CAAA;QAChE,OAAO,GAAG,MAAM,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAA;IACvC,CAAC,CAAC,CAAA;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,sBAAsB,CACpC,MAAmB,EACnB,YAAoB,EACpB,QAAgB,EAChB,UAAkB,EAClB,IAAuD;IAEvD,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE;QAC3B,MAAM,IAAI,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAA;QAC3C,MAAM,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC,IAAI,QAAQ,IAAI,EAAE,CAAA;QAClD,OAAO,GAAG,MAAM,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAA;IAClC,CAAC,CAAC,CAAA;IAEF,OAAO,gBAAgB,CAAC;QACtB,WAAW,EAAE,QAAQ;QACrB,WAAW,EAAE,YAAY;QACzB,KAAK;QACL,UAAU;QACV,UAAU,EAAE,IAAI,EAAE,UAAU;QAC5B,cAAc,EAAE,IAAI,EAAE,cAAc;KACrC,CAAC,CAAA;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAChC,MAAmB,EACnB,UAAsB;IAEtB,MAAM,YAAY,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAA;QAC/C,MAAM,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC,IAAI,QAAQ,IAAI,EAAE,CAAA;QAClD,MAAM,KAAK,GAAG,GAAG,MAAM,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAA;QAE3C,eAAe;QACf,IAAI,IAAI,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,IAAI,IAAI,EAAE,EAAE,CAAC;YACjD,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,oBAAoB,EAAE,CAAA;QAC1E,CAAC;QAED,MAAM,UAAU,GAAG,eAAe,CAAC,UAAU,CAAC,KAAK,EAAE,KAAK,CAAC,CAAA;QAC3D,MAAM,MAAM,GAAG,UAAU;YACvB,CAAC,CAAC,UAAU,KAAK,4BAA4B;YAC7C,CAAC,CAAC,UAAU,KAAK,gCAAgC,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAA;QAEjF,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,CAAA;IAC7C,CAAC,CAAC,CAAA;IAEF,OAAO,EAAE,YAAY,EAAE,CAAA;AACzB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAC9B,MAAkB,EAClB,MAKC;IAED,2BAA2B;IAC3B,MAAM,MAAM,GAAgB,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACxD,SAAS,EAAE,SAAS,MAAM,CAAC,OAAO,CAAC,EAAE,EAAE;QACvC,MAAM,EAAE,QAAQ,MAAM,CAAC,IAAI,EAAE;QAC7B,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,WAAW,EAAE,MAAM,CAAC,WAAW;KAChC,CAAC,CAAC,CAAA;IAEH,WAAW;IACX,MAAM,EAAE,YAAY,EAAE,GAAG,kBAAkB,CAAC,MAAM,EAAE,MAAM,CAAC,UAAU,CAAC,CAAA;IAEtE,MAAM,aAAa,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAA;IAC3D,MAAM,UAAU,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAE5D,uBAAuB;IACvB,MAAM,WAAW,GAAqC;QACpD,SAAS,EAAE,aAAa,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE;QAC3F,OAAO,EAAE,KAAK;QACd,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,OAAO,EAAE,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO;QACzC,YAAY,EAAE,MAAM,CAAC,UAAU,CAAC,YAAY;QAC5C,MAAM,EAAE;YACN,IAAI,EAAE,iBAAiB;YACvB,MAAM,EAAE,MAAM,CAAC,IAAI;YACnB,SAAS,EAAE,UAAU;SACtB;QACD,MAAM,EAAE;YACN,MAAM,EAAE,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;YAC7C,OAAO,EAAE,aAAa;gBACpB,CAAC,CAAC,OAAO,YAAY,CAAC,MAAM,yBAAyB;gBACrD,CAAC,CAAC,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,MAAM,OAAO,YAAY,CAAC,MAAM,gBAAgB;SAChG;QACD,eAAe,EAAE,EAAE;KACpB,CAAA;IAED,MAAM,SAAS,GAAG,YAAY,CAAC,WAAW,CAAC,CAAA;IAC3C,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,UAAU,CAAC,CAAA;IACpD,MAAM,OAAO,GAAG,EAAE,GAAG,WAAW,EAAE,SAAS,EAAmB,CAAA;IAE9D,IAAI,MAAM,CAAC,SAAS;QAAE,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,CAAA;IAE/C,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC,UAAU,EAAE,YAAY,EAAE,OAAO,EAAE,CAAA;AACzE,CAAC"}