agentcheck-sdk 1.0.0 → 2.0.0

package/dist/integrations/langchain.d.ts

@@ -0,0 +1,63 @@
+/**
+ * LangChain integration for AgentCheck.
+ *
+ * Wraps LangChain tools with delegation checking and provides a callback
+ * handler that logs all tool calls to the AgentCheck audit trail.
+ *
+ * Requires: npm install langchain @langchain/core
+ *
+ * Tier: Molecule (be-mol-agentcheck-langchain-ts) - composes Client + LangChain.
+ */
+import type { AgentCheckClient } from "../client";
+/** Minimal BaseTool interface - duck-typed to avoid a hard langchain-core dependency. */
+interface LangChainTool {
+    name: string;
+    _run?: (...args: unknown[]) => unknown | Promise<unknown>;
+    [key: string]: unknown;
+}
+/** Minimal BaseCallbackHandler shape from langchain-core. */
+interface LangChainCallbackHandlerBase {
+    on_tool_start?: (serialized: Record<string, unknown>, inputStr: string, ...args: unknown[]) => void | Promise<void>;
+    on_tool_end?: (output: string, ...args: unknown[]) => void | Promise<void>;
+    on_tool_error?: (error: Error, ...args: unknown[]) => void | Promise<void>;
+}
+export declare class AgentCheckToolkit {
+    private readonly client;
+    private readonly delegationId;
+    /**
+     * @param client AgentCheck Client used to verify delegations.
+     * @param delegationId The agreement ID that authorizes tool usage.
+     */
+    constructor(client: AgentCheckClient, delegationId: string);
+    /**
+     * Wrap a single LangChain tool with a delegation guard.
+     *
+     * Replaces the tool's _run method so that the delegation is checked
+     * before every invocation.
+     *
+     * @param tool LangChain BaseTool instance.
+     * @returns The same tool with _run replaced.
+     */
+    wrapTool<T extends LangChainTool>(tool: T): T;
+    /**
+     * Wrap multiple tools with delegation guards.
+     *
+     * @param tools Array of LangChain BaseTool instances.
+     * @returns Array of wrapped tools.
+     */
+    wrapTools<T extends LangChainTool>(tools: T[]): T[];
+}
+export declare class AgentCheckCallbackHandler implements LangChainCallbackHandlerBase {
+    private readonly client;
+    private readonly delegationId;
+    /**
+     * @param client AgentCheck Client used for logging executions.
+     * @param delegationId The agreement ID to associate tool calls with.
+     */
+    constructor(client: AgentCheckClient, delegationId: string);
+    on_tool_start(serialized: Record<string, unknown>, inputStr: string): Promise<void>;
+    on_tool_end(output: string, ...args: unknown[]): Promise<void>;
+    on_tool_error(error: Error, ...args: unknown[]): Promise<void>;
+    private logExecution;
+}
+export {};

package/dist/integrations/langchain.js

@@ -0,0 +1,104 @@
+"use strict";
+/**
+ * LangChain integration for AgentCheck.
+ *
+ * Wraps LangChain tools with delegation checking and provides a callback
+ * handler that logs all tool calls to the AgentCheck audit trail.
+ *
+ * Requires: npm install langchain @langchain/core
+ *
+ * Tier: Molecule (be-mol-agentcheck-langchain-ts) - composes Client + LangChain.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AgentCheckCallbackHandler = exports.AgentCheckToolkit = void 0;
+class AgentCheckToolkit {
+    /**
+     * @param client AgentCheck Client used to verify delegations.
+     * @param delegationId The agreement ID that authorizes tool usage.
+     */
+    constructor(client, delegationId) {
+        this.client = client;
+        this.delegationId = delegationId;
+    }
+    /**
+     * Wrap a single LangChain tool with a delegation guard.
+     *
+     * Replaces the tool's _run method so that the delegation is checked
+     * before every invocation.
+     *
+     * @param tool LangChain BaseTool instance.
+     * @returns The same tool with _run replaced.
+     */
+    wrapTool(tool) {
+        const originalRun = tool._run?.bind(tool);
+        if (!originalRun)
+            return tool;
+        const client = this.client;
+        const delegationId = this.delegationId;
+        tool._run = async (...args) => {
+            await checkDelegation(client, delegationId);
+            return originalRun(...args);
+        };
+        return tool;
+    }
+    /**
+     * Wrap multiple tools with delegation guards.
+     *
+     * @param tools Array of LangChain BaseTool instances.
+     * @returns Array of wrapped tools.
+     */
+    wrapTools(tools) {
+        return tools.map((t) => this.wrapTool(t));
+    }
+}
+exports.AgentCheckToolkit = AgentCheckToolkit;
+class AgentCheckCallbackHandler {
+    /**
+     * @param client AgentCheck Client used for logging executions.
+     * @param delegationId The agreement ID to associate tool calls with.
+     */
+    constructor(client, delegationId) {
+        this.client = client;
+        this.delegationId = delegationId;
+    }
+    async on_tool_start(serialized, inputStr) {
+        const toolName = serialized.name ?? "unknown_tool";
+        await this.logExecution(toolName, "started", { input: inputStr });
+    }
+    async on_tool_end(output, ...args) {
+        const kwargs = args[0] ?? {};
+        const toolName = kwargs.name ?? "unknown_tool";
+        await this.logExecution(toolName, "success", {
+            output: String(output).slice(0, 200),
+        });
+    }
+    async on_tool_error(error, ...args) {
+        const kwargs = args[0] ?? {};
+        const toolName = kwargs.name ?? "unknown_tool";
+        await this.logExecution(toolName, "error", { error: error.message });
+    }
+    async logExecution(toolName, result, metadata) {
+        try {
+            await this.client.request("POST", "/api/v1/executions", {
+                agent: "langchain",
+                action: toolName,
+                agreement_id: this.delegationId,
+                result,
+                metadata,
+            });
+        }
+        catch {
+            // Best-effort logging - do not propagate errors
+        }
+    }
+}
+exports.AgentCheckCallbackHandler = AgentCheckCallbackHandler;
+// ---------------------------------------------------------------------------
+// Internal helpers
+// ---------------------------------------------------------------------------
+async function checkDelegation(client, delegationId) {
+    const agreement = await client.get(delegationId);
+    if (agreement.status !== "approved") {
+        throw new Error(`Delegation ${delegationId} is not approved (status=${agreement.status})`);
+    }
+}

package/dist/pipeline.d.ts

@@ -3,10 +3,18 @@
  *
  * Connects all modules into a single chain:
  * delegation check -> scope -> semantic(LLM) -> budget -> pattern -> human -> execute -> log
+ *
+ * Phase 3 addition: VerificationPipeline accepts optional TrustEngine and
+ * LayerRouter. When provided, each verify() call consults the agent's trust
+ * score via the router to decide which layers to run. After execution the
+ * outcome is recorded back to TrustEngine. When omitted the original
+ * fixed-order behaviour is preserved (backwards compatible).
  */
 import { AgentCheckClient } from "./client";
 import { BudgetTracker, HumanEscalation, PatternMonitor } from "./safety";
 import { LLMProvider } from "./semantic";
+import { TrustEngine } from "./trust";
+import { LayerRouter } from "./router";
 export interface CheckResult {
     layer: string;
     passed: boolean;
@@ -28,22 +36,38 @@ export interface PipelineConfig {
     pattern?: PatternMonitor;
     escalation?: HumanEscalation;
     semanticThreshold?: number;
+    /** Optional trust engine for agent trust tracking (Phase 3). */
+    trustEngine?: TrustEngine;
+    /** Optional router for dynamic layer selection (Phase 3). */
+    router?: LayerRouter;
 }
 export declare class VerificationPipeline {
+    /**
+     * Complete delegation verification pipeline.
+     *
+     * Phase 3: When trustEngine and router are supplied, only the layers
+     * selected by the router for the agent's current trust tier are executed.
+     * After each verifyAndExecute() call the outcome is recorded back to
+     * the TrustEngine so trust scores evolve over time.
+     */
     private client;
     private scopeEngine;
     private semantic?;
     private budget?;
     private pattern;
     private escalation?;
+    private trustEngine?;
+    private router?;
     constructor(client: AgentCheckClient, config?: PipelineConfig);
     verify(agent: string, action: string, opts?: {
         amount?: number;
         context?: Record<string, unknown>;
+        riskLevel?: string;
     }): Promise<PipelineResult>;
     verifyAndExecute<T>(agent: string, action: string, executeFn: () => Promise<T>, opts?: {
         amount?: number;
         context?: Record<string, unknown>;
+        riskLevel?: string;
     }): Promise<PipelineResult>;
     private logExecution;
 }

package/dist/pipeline.js

@@ -4,6 +4,12 @@
  *
  * Connects all modules into a single chain:
  * delegation check -> scope -> semantic(LLM) -> budget -> pattern -> human -> execute -> log
+ *
+ * Phase 3 addition: VerificationPipeline accepts optional TrustEngine and
+ * LayerRouter. When provided, each verify() call consults the agent's trust
+ * score via the router to decide which layers to run. After execution the
+ * outcome is recorded back to TrustEngine. When omitted the original
+ * fixed-order behaviour is preserved (backwards compatible).
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.VerificationPipeline = void 0;
@@ -18,11 +24,13 @@ class VerificationPipeline {
         this.budget = config.budget;
         this.pattern = config.pattern || new safety_1.PatternMonitor();
         this.escalation = config.escalation;
+        this.trustEngine = config.trustEngine;
+        this.router = config.router;
     }
     async verify(agent, action, opts = {}) {
         const checks = [];
         const amount = opts.amount || 0;
-        // Layer 1: Delegation exists
+        // Layer 1: Delegation exists on AgentCheck server
         let agreement;
         let t = Date.now();
         try {
@@ -38,57 +46,81 @@ class VerificationPipeline {
             checks.push({ layer: "delegation_check", passed: false, reason: `Server error: ${e.message}`, durationMs: Date.now() - t });
             return { allowed: false, executed: false, action, agent, checks, error: e.message };
         }
-        // Layer 2: Scope rules
-        t = Date.now();
-        const scope = this.scopeEngine.parse(agreement.scope);
-        const scopeResult = this.scopeEngine.verify(scope, action, { amount });
-        checks.push({ layer: "scope_engine", passed: scopeResult.allowed, reason: scopeResult.reason, durationMs: Date.now() - t });
-        if (!scopeResult.allowed) {
-            return { allowed: false, executed: false, action, agent, checks, error: scopeResult.reason };
+        // Determine which local layers to run
+        let activeLayers;
+        if (this.trustEngine && this.router) {
+            const trust = this.trustEngine.getScore(agent);
+            activeLayers = this.router.route(trust, action, { amount, riskLevel: opts.riskLevel });
         }
-        // Layer 3: Semantic (LLM) - only for free-text scope
-        if (this.semantic && typeof scope === "string") {
-            t = Date.now();
-            const sem = await this.semantic.verify(agreement.scope, action, opts.context || { amount });
-            const isOk = sem.assessment !== "denied";
-            checks.push({
-                layer: "semantic_verifier",
-                passed: isOk,
-                reason: `[${sem.assessment}] ${sem.reasoning} (confidence: ${(sem.confidence * 100).toFixed(0)}%)`,
-                durationMs: Date.now() - t,
-            });
-            if (sem.assessment === "denied") {
-                return { allowed: false, executed: false, action, agent, checks, error: sem.reasoning };
+        else {
+            // Fixed order: run every configured layer (original behaviour)
+            activeLayers = ["scope_engine"];
+            if (this.semantic)
+                activeLayers.push("semantic_verifier");
+            if (this.budget)
+                activeLayers.push("budget_tracker");
+            activeLayers.push("pattern_monitor");
+            if (this.escalation)
+                activeLayers.push("human_escalation");
+        }
+        const scope = this.scopeEngine.parse(agreement.scope);
+        for (const layerName of activeLayers) {
+            if (layerName === "scope_engine") {
+                t = Date.now();
+                const r = this.scopeEngine.verify(scope, action, { amount });
+                checks.push({ layer: "scope_engine", passed: r.allowed, reason: r.reason, durationMs: Date.now() - t });
+                if (!r.allowed)
+                    return { allowed: false, executed: false, action, agent, checks, error: r.reason };
             }
-            if (sem.assessment === "suspicious") {
-                checks.push({ layer: "semantic_flag", passed: true, reason: "LLM flagged suspicious - recommend human review", durationMs: 0 });
+            else if (layerName === "semantic_verifier") {
+                if (this.semantic && typeof scope === "string") {
+                    t = Date.now();
+                    const sem = await this.semantic.verify(agreement.scope, action, opts.context || { amount });
+                    const isOk = sem.assessment !== "denied";
+                    checks.push({
+                        layer: "semantic_verifier",
+                        passed: isOk,
+                        reason: `[${sem.assessment}] ${sem.reasoning} (confidence: ${(sem.confidence * 100).toFixed(0)}%)`,
+                        durationMs: Date.now() - t,
+                    });
+                    if (sem.assessment === "denied") {
+                        return { allowed: false, executed: false, action, agent, checks, error: sem.reasoning };
+                    }
+                    if (sem.assessment === "suspicious") {
+                        checks.push({ layer: "semantic_flag", passed: true, reason: "LLM flagged suspicious - recommend human review", durationMs: 0 });
+                    }
+                }
             }
-        }
-        // Layer 4: Budget
-        if (this.budget) {
-            t = Date.now();
-            const br = this.budget.check(action, amount);
-            checks.push({ layer: "budget_tracker", passed: br.allowed, reason: br.reason, durationMs: Date.now() - t });
-            if (!br.allowed) {
-                return { allowed: false, executed: false, action, agent, checks, error: br.reason };
+            else if (layerName === "budget_tracker") {
+                if (this.budget) {
+                    t = Date.now();
+                    const br = this.budget.check(action, amount);
+                    checks.push({ layer: "budget_tracker", passed: br.allowed, reason: br.reason, durationMs: Date.now() - t });
+                    if (!br.allowed)
+                        return { allowed: false, executed: false, action, agent, checks, error: br.reason };
+                }
             }
-        }
-        // Layer 5: Pattern
-        t = Date.now();
-        const alerts = this.pattern.check(action, amount);
-        const hasCritical = alerts.some(a => a.level === "critical");
-        const patternMsg = alerts.length ? alerts.map(a => a.message).join("; ") : "Normal pattern";
-        checks.push({ layer: "pattern_monitor", passed: !hasCritical, reason: patternMsg, durationMs: Date.now() - t });
-        if (hasCritical) {
-            return { allowed: false, executed: false, action, agent, checks, error: alerts[0].message };
-        }
-        // Layer 6: Human escalation
-        if (this.escalation) {
-            t = Date.now();
-            const er = this.escalation.check(action, amount);
-            checks.push({ layer: "human_escalation", passed: er.allowed, reason: er.reason, durationMs: Date.now() - t });
-            if (!er.allowed) {
-                return { allowed: false, executed: false, action, agent, checks, error: er.reason };
+            else if (layerName === "pattern_monitor") {
+                t = Date.now();
+                const alerts = this.pattern.check(action, amount);
+                const hasCritical = alerts.some(a => a.level === "critical");
+                const patternMsg = alerts.length ? alerts.map(a => a.message).join("; ") : "Normal pattern";
+                checks.push({ layer: "pattern_monitor", passed: !hasCritical, reason: patternMsg, durationMs: Date.now() - t });
+                if (hasCritical) {
+                    return { allowed: false, executed: false, action, agent, checks, error: alerts[0].message };
+                }
+            }
+            else if (layerName === "human_escalation") {
+                if (this.escalation) {
+                    t = Date.now();
+                    const er = this.escalation.check(action, amount);
+                    checks.push({ layer: "human_escalation", passed: er.allowed, reason: er.reason, durationMs: Date.now() - t });
+                    if (!er.allowed)
+                        return { allowed: false, executed: false, action, agent, checks, error: er.reason };
+                }
+            }
+            else if (layerName === "pqc_signing") {
+                checks.push({ layer: "pqc_signing", passed: true, reason: `PQC signing required (amount=${amount} > threshold)`, durationMs: 0 });
             }
         }
         return { allowed: true, executed: false, action, agent, checks };
@@ -96,6 +128,8 @@ class VerificationPipeline {
     async verifyAndExecute(agent, action, executeFn, opts = {}) {
         const result = await this.verify(agent, action, opts);
         if (!result.allowed) {
+            // Record failed attempt to trust engine
+            this.trustEngine?.recordOutcome(agent, false);
             this.logExecution(agent, action, opts.amount || 0, "blocked", result.error);
             return result;
         }
@@ -111,6 +145,8 @@ class VerificationPipeline {
         }
         this.budget?.recordUsage(action, opts.amount || 0);
         this.pattern.record(action, opts.amount || 0);
+        // Record outcome to trust engine
+        this.trustEngine?.recordOutcome(agent, result.executed);
         this.logExecution(agent, action, opts.amount || 0, result.executed ? "success" : "failed", result.error);
         return result;
     }

package/dist/pqc/dsse.d.ts

@@ -0,0 +1,47 @@
+/**
+ * DSSE (Dead Simple Signing Envelope) structures for AgentCheck PQC integration.
+ *
+ * Implements the DSSE envelope format per https://github.com/secure-systems-lab/dsse
+ * with Pre-Authentication Encoding (PAE) for ML-DSA-87 / HMAC-SHA256 signatures.
+ *
+ * Tier: Atom (be-atom-agentcheck-dsse-ts) - single responsibility: envelope data model.
+ */
+export declare const DSSE_PAYLOAD_TYPE = "application/vnd.agentcheck.audit+json";
+export interface DsseSignatureData {
+    keyid: string;
+    sig: string;
+}
+export declare class DsseSignature {
+    readonly keyid: string;
+    readonly sig: string;
+    constructor(keyid: string, sig: string);
+    /** Decode signature from base64 to Uint8Array. */
+    sigBytes(): Uint8Array;
+    toDict(): DsseSignatureData;
+    static fromDict(d: DsseSignatureData): DsseSignature;
+}
+export interface DsseEnvelopeData {
+    payloadType: string;
+    payload: string;
+    signatures: DsseSignatureData[];
+}
+export declare class DsseEnvelope {
+    readonly payloadType: string;
+    readonly payload: string;
+    readonly signatures: DsseSignature[];
+    constructor(payloadType: string, payload: string, signatures?: DsseSignature[]);
+    /** Decode base64 payload to object. */
+    decodePayload(): Record<string, unknown>;
+    /**
+     * Pre-Authentication Encoding per DSSE spec.
+     *
+     * Format: DSSEv1 SP len(payloadType) SP payloadType SP len(payload) SP payload
+     */
+    pae(): Uint8Array;
+    toDict(): DsseEnvelopeData;
+    static fromDict(d: DsseEnvelopeData): DsseEnvelope;
+    /** Create a new unsigned DSSE envelope from a payload object. */
+    static create(payload: Record<string, unknown>, payloadType?: string): DsseEnvelope;
+    /** Return a new envelope with an additional signature appended. */
+    withSignature(sig: DsseSignature): DsseEnvelope;
+}

package/dist/pqc/dsse.js

@@ -0,0 +1,113 @@
+"use strict";
+/**
+ * DSSE (Dead Simple Signing Envelope) structures for AgentCheck PQC integration.
+ *
+ * Implements the DSSE envelope format per https://github.com/secure-systems-lab/dsse
+ * with Pre-Authentication Encoding (PAE) for ML-DSA-87 / HMAC-SHA256 signatures.
+ *
+ * Tier: Atom (be-atom-agentcheck-dsse-ts) - single responsibility: envelope data model.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DsseEnvelope = exports.DsseSignature = exports.DSSE_PAYLOAD_TYPE = void 0;
+exports.DSSE_PAYLOAD_TYPE = "application/vnd.agentcheck.audit+json";
+class DsseSignature {
+    constructor(keyid, sig) {
+        this.keyid = keyid;
+        this.sig = sig;
+    }
+    /** Decode signature from base64 to Uint8Array. */
+    sigBytes() {
+        return base64Decode(this.sig);
+    }
+    toDict() {
+        return { keyid: this.keyid, sig: this.sig };
+    }
+    static fromDict(d) {
+        return new DsseSignature(d.keyid, d.sig);
+    }
+}
+exports.DsseSignature = DsseSignature;
+class DsseEnvelope {
+    constructor(payloadType, payload, signatures = []) {
+        this.payloadType = payloadType;
+        this.payload = payload;
+        this.signatures = signatures;
+    }
+    /** Decode base64 payload to object. */
+    decodePayload() {
+        const raw = base64Decode(this.payload);
+        const json = new TextDecoder().decode(raw);
+        return JSON.parse(json);
+    }
+    /**
+     * Pre-Authentication Encoding per DSSE spec.
+     *
+     * Format: DSSEv1 SP len(payloadType) SP payloadType SP len(payload) SP payload
+     */
+    pae() {
+        const enc = new TextEncoder();
+        const payloadTypeBytes = enc.encode(this.payloadType);
+        const payloadBytes = base64Decode(this.payload);
+        const prefix = enc.encode(`DSSEv1 ${payloadTypeBytes.length} `);
+        const middle = enc.encode(` ${payloadBytes.length} `);
+        const total = prefix.length +
+            payloadTypeBytes.length +
+            middle.length +
+            payloadBytes.length;
+        const result = new Uint8Array(total);
+        let offset = 0;
+        result.set(prefix, offset);
+        offset += prefix.length;
+        result.set(payloadTypeBytes, offset);
+        offset += payloadTypeBytes.length;
+        result.set(middle, offset);
+        offset += middle.length;
+        result.set(payloadBytes, offset);
+        return result;
+    }
+    toDict() {
+        return {
+            payloadType: this.payloadType,
+            payload: this.payload,
+            signatures: this.signatures.map((s) => s.toDict()),
+        };
+    }
+    static fromDict(d) {
+        const sigs = (d.signatures ?? []).map(DsseSignature.fromDict);
+        return new DsseEnvelope(d.payloadType ?? exports.DSSE_PAYLOAD_TYPE, d.payload, sigs);
+    }
+    /** Create a new unsigned DSSE envelope from a payload object. */
+    static create(payload, payloadType = exports.DSSE_PAYLOAD_TYPE) {
+        const json = JSON.stringify(payload);
+        const payloadB64 = base64Encode(new TextEncoder().encode(json));
+        return new DsseEnvelope(payloadType, payloadB64, []);
+    }
+    /** Return a new envelope with an additional signature appended. */
+    withSignature(sig) {
+        return new DsseEnvelope(this.payloadType, this.payload, [
+            ...this.signatures,
+            sig,
+        ]);
+    }
+}
+exports.DsseEnvelope = DsseEnvelope;
+// ---------------------------------------------------------------------------
+// Base64 utilities (Node.js + browser compatible)
+// ---------------------------------------------------------------------------
+function base64Encode(bytes) {
+    if (typeof Buffer !== "undefined") {
+        return Buffer.from(bytes).toString("base64");
+    }
+    return btoa(String.fromCharCode(...bytes));
+}
+function base64Decode(b64) {
+    if (typeof Buffer !== "undefined") {
+        return new Uint8Array(Buffer.from(b64, "base64"));
+    }
+    const bin = atob(b64);
+    const bytes = new Uint8Array(bin.length);
+    for (let i = 0; i < bin.length; i++) {
+        bytes[i] = bin.charCodeAt(i);
+    }
+    return bytes;
+}

package/dist/pqc/index.d.ts

@@ -0,0 +1,11 @@
+/**
+ * AgentCheck PQC (Post-Quantum Cryptography) integration module.
+ *
+ * Provides DSSE envelope structures and ML-DSA-87 signature verification/signing.
+ * HMAC-SHA256 operations use the Web Crypto API (Node 18+, all modern browsers).
+ * ML-DSA-87 verification/signing is delegated to the fides-rs server.
+ */
+export { DSSE_PAYLOAD_TYPE, DsseEnvelope, DsseSignature } from "./dsse";
+export type { DsseEnvelopeData, DsseSignatureData } from "./dsse";
+export { PqcVerifier } from "./verifier";
+export { PqcSigner } from "./signer";

package/dist/pqc/index.js

@@ -0,0 +1,18 @@
+"use strict";
+/**
+ * AgentCheck PQC (Post-Quantum Cryptography) integration module.
+ *
+ * Provides DSSE envelope structures and ML-DSA-87 signature verification/signing.
+ * HMAC-SHA256 operations use the Web Crypto API (Node 18+, all modern browsers).
+ * ML-DSA-87 verification/signing is delegated to the fides-rs server.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PqcSigner = exports.PqcVerifier = exports.DsseSignature = exports.DsseEnvelope = exports.DSSE_PAYLOAD_TYPE = void 0;
+var dsse_1 = require("./dsse");
+Object.defineProperty(exports, "DSSE_PAYLOAD_TYPE", { enumerable: true, get: function () { return dsse_1.DSSE_PAYLOAD_TYPE; } });
+Object.defineProperty(exports, "DsseEnvelope", { enumerable: true, get: function () { return dsse_1.DsseEnvelope; } });
+Object.defineProperty(exports, "DsseSignature", { enumerable: true, get: function () { return dsse_1.DsseSignature; } });
+var verifier_1 = require("./verifier");
+Object.defineProperty(exports, "PqcVerifier", { enumerable: true, get: function () { return verifier_1.PqcVerifier; } });
+var signer_1 = require("./signer");
+Object.defineProperty(exports, "PqcSigner", { enumerable: true, get: function () { return signer_1.PqcSigner; } });

package/dist/pqc/signer.d.ts

@@ -0,0 +1,44 @@
+/**
+ * PQC signer for DSSE envelopes.
+ *
+ * Signs audit records with HMAC-SHA256 locally via Web Crypto API.
+ * ML-DSA-87 signing is delegated to the fides-rs server so that
+ * private keys never exist in JavaScript memory.
+ *
+ * Tier: Atom (be-atom-agentcheck-pqc-signer-ts) - single responsibility: signing.
+ */
+import { DsseEnvelope } from "./dsse";
+export declare class PqcSigner {
+    private readonly hmacKey;
+    private readonly serverUrl;
+    private readonly apiKey;
+    /**
+     * @param hmacKey Optional HMAC-SHA256 secret for local signing.
+     * @param serverUrl Optional fides-rs base URL for ML-DSA-87 server-side signing.
+     * @param apiKey Optional API key for authenticating with the signing server.
+     */
+    constructor(opts?: {
+        hmacKey?: string;
+        serverUrl?: string;
+        apiKey?: string;
+    });
+    /**
+     * Create a DSSE envelope with HMAC-SHA256 signature.
+     *
+     * If no hmacKey is configured, the envelope is returned unsigned.
+     *
+     * @param payload Object to sign and encode into the envelope.
+     * @param keyId Key identifier to embed in the signature.
+     * @returns Signed DsseEnvelope (or unsigned if no key).
+     */
+    signHmac(payload: Record<string, unknown>, keyId?: string): Promise<DsseEnvelope>;
+    /**
+     * Request ML-DSA-87 signing from the fides-rs server.
+     *
+     * Returns null if the server is unavailable or not configured.
+     *
+     * @param payload Object to sign with ML-DSA-87 on the server.
+     * @returns Signed DsseEnvelope, or null if server signing is unavailable.
+     */
+    signPqc(payload: Record<string, unknown>): Promise<DsseEnvelope | null>;
+}