agentfootprint 6.17.0 → 6.18.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,255 @@
1
+ /**
2
+ * auditExport — tamper-evident audit bundle (backlog #20, compliance
3
+ * wedge item 2; pairs with #19's `otelObservability` GenAI spans).
4
+ *
5
+ * Consumes the typed `agentfootprint.*` event stream and accumulates an
6
+ * append-only, HASH-CHAINED record log: every record carries the SHA-256
7
+ * of its own canonical serialization plus the hash of the previous
8
+ * record. Flipping a single byte anywhere in an exported bundle makes
9
+ * `verifyAuditBundle` name the exact record that broke — the
10
+ * record-keeping shape EU AI Act Art. 12 asks for (events the system
11
+ * logged, in order, demonstrably unmodified since capture).
12
+ *
13
+ * Pattern: Observability strategy (one purpose — chain accumulation)
14
+ * + pure offline verifier.
15
+ * Role: Outer ring (Hexagonal). Attach via
16
+ * `agent.enable.observability({ strategy: auditExport() })`.
17
+ * Emits: nothing — terminal sink.
18
+ *
19
+ * ## What lands in the chain
20
+ *
21
+ * One record per typed event, in dispatch order: decisions
22
+ * (`agent.route_decided`, `composition.route_decided` incl. decide()
23
+ * evidence), tool calls (`stream.tool_start/_end`), validation
24
+ * rejections (#9), permission verdicts and halts, credential lifecycle,
25
+ * costs, errors, skill/memory/context activity. Each new `meta.runId`
26
+ * is anchored by a GENESIS record (`audit.genesis`) carrying the runId,
27
+ * the agent identity, and library versions — runs chain back-to-back in
28
+ * one log, so silently DROPPING a whole run breaks the chain too.
29
+ *
30
+ * High-volume content deltas (`stream.token`, `stream.thinking_delta`)
31
+ * are excluded by default (`includeTokenEvents: true` to include).
32
+ *
33
+ * ## Record / bundle schema
34
+ *
35
+ * ```
36
+ * AuditRecord = { seq, timestamp, eventType, payload, meta, prevHash, hash }
37
+ * hash = SHA-256 hex over canonicalJson(record minus `hash`)
38
+ * prevHash = previous record's `hash` (ZERO_HASH at chain start)
39
+ * AuditBundle = { header, records, finalHash }
40
+ * header = { format, hashAlgorithm, canonicalization, chainHead,
41
+ * firstSeq, recordCount, exportedAt, library }
42
+ * ```
43
+ *
44
+ * Canonicalization is `afp-cjson/1` (see `lib/canonicalJson.ts` — those
45
+ * rules ARE the contract; the header names them so independent
46
+ * verifiers can re-implement byte-exactly).
47
+ *
48
+ * ## Persistence + long runs
49
+ *
50
+ * Persistence is the CONSUMER's job — the bundle is plain JSON
51
+ * (`JSON.stringify(strategy.bundle())`, store anywhere). For long runs,
52
+ * `drain()` returns the records accumulated since the last drain while
53
+ * keeping the chain intact ACROSS drains: each segment's
54
+ * `header.chainHead` equals the previous segment's `finalHash`, so
55
+ * `verifyAuditBundle([seg1, seg2, ...])` re-verifies the concatenation
56
+ * end-to-end.
57
+ *
58
+ * ## PII discipline (mirrors #19's otelObservability)
59
+ *
60
+ * Payloads enter records through a bounding layer — by default
61
+ * (`payloadMode: 'bounded'`) record payloads NEVER carry raw runtime
62
+ * values that can echo PII:
63
+ *
64
+ * - tool args → `'[keys: …]'` (top-level key NAMES only)
65
+ * - tool results → `'[type: …]'` (typeof only)
66
+ * - userPrompt / LLM content / thinking blocks / history
67
+ * → `'[N chars]'` / `'[N messages]'` markers
68
+ * - content PREVIEWS (`contentSummary` on context/memory events,
69
+ * `rawContent`, `resultSummary`, `droppedSummaries`) → markers
70
+ * (for short content a preview IS the content; `contentHash`
71
+ * stays — it links identical content without echoing it)
72
+ * - error MESSAGE strings (`error`, `errorMessage`, `lastError`,
73
+ * `rawOutput`) → `'[N chars]'` (messages can echo values)
74
+ * - free-form Records (`questionPayload`, `resumeInput`, risk/eval
75
+ * `evidence`, memory `scoreEvidence`) → `'[keys: …]'`
76
+ *
77
+ * Everything else is embedded as the registry payload (sanitized:
78
+ * strings capped at 256 chars, lists at 32 items, cycles broken) —
79
+ * those payloads are bounded by construction: identifiers, counts,
80
+ * enums, decide() evidence (engine-bounded + redaction-aware),
81
+ * validation issues (paths/TYPES per #9), credential events (no
82
+ * secrets by contract).
83
+ *
84
+ * `payloadMode: 'verbatim'` embeds full payloads (still
85
+ * JSON-sanitized). For Art. 12 completeness on an access-controlled
86
+ * store that is often the point — but the bundle then carries prompts,
87
+ * tool args/results and model output. Treat it as PII-bearing, and
88
+ * remember the Agent sets NO footprintjs RedactionPolicy by default
89
+ * (policies you do set redact the emit channel UPSTREAM of this
90
+ * strategy, so redacted events arrive here already redacted).
91
+ *
92
+ * ## Tamper-EVIDENT, not tamper-PROOF (honest threat model)
93
+ *
94
+ * The chain proves INTERNAL consistency: any partial modification —
95
+ * edit, insert, delete, reorder, drop-a-run — is detected and named.
96
+ * It does NOT prove provenance: an adversary holding the only copy can
97
+ * recompute every hash from the mutation onward and present a
98
+ * self-consistent forgery. For non-repudiation, anchor `finalHash`
99
+ * externally as part of your retention process (write-once/WORM store,
100
+ * signed log, RFC 3161 timestamping, or simply a second party) — then
101
+ * a whole-suffix recomputation no longer matches the anchor.
102
+ *
103
+ * ## Runtime requirements
104
+ *
105
+ * Hashing uses `node:crypto` (`createHash('sha256')`) — zero new
106
+ * dependencies, imported lazily at first use (same gating as the
107
+ * optional vendor SDKs in this folder, so merely importing this module
108
+ * stays browser-safe). `auditExport` and `verifyAuditBundle` therefore
109
+ * run anywhere `node:crypto` exists: Node ≥ 20, Bun, Deno,
110
+ * edge runtimes with Node compat (e.g. Cloudflare `nodejs_compat`).
111
+ * In a browser there is no SYNC SHA-256 (WebCrypto is async-only), so
112
+ * both throw a descriptive error — verify server-side, or re-implement
113
+ * verification from the documented contract (it is pure: recompute
114
+ * SHA-256 over `afp-cjson/1` canonicalization and walk the chain).
115
+ *
116
+ * @example Capture → export → verify
117
+ * ```ts
118
+ * import { auditExport, verifyAuditBundle } from 'agentfootprint/observability-providers';
119
+ *
120
+ * const audit = auditExport({ agent: 'loan-officer' });
121
+ * const stop = agent.enable.observability({ strategy: audit });
122
+ * await agent.run({ message: 'assess application A-17' });
123
+ * stop();
124
+ *
125
+ * const bundle = audit.bundle(); // JSON-serializable
126
+ * await fs.writeFile('run.audit.json', JSON.stringify(bundle));
127
+ *
128
+ * const check = verifyAuditBundle(bundle); // offline — no agent needed
129
+ * // check.valid === true; tamper with one byte → { valid: false, brokenAt: <seq> }
130
+ * ```
131
+ */
132
+ import { CANONICAL_JSON_VERSION } from '../../lib/canonicalJson.js';
133
+ import type { ObservabilityStrategy } from '../../strategies/types.js';
134
+ /** SHA-256 of "nothing" — the `prevHash` of the first record in a
135
+ * chain and the `chainHead` of a chain's first segment. */
136
+ export declare const AUDIT_ZERO_HASH: string;
137
+ /** `eventType` of the per-run genesis record. Deliberately OUTSIDE the
138
+ * `agentfootprint.*` registry namespace — it is a chain-level record,
139
+ * not a dispatched event (#20 ships zero new typed events). */
140
+ export declare const AUDIT_GENESIS_EVENT_TYPE = "audit.genesis";
141
+ /** Format identifier carried on every bundle header. */
142
+ export declare const AUDIT_BUNDLE_FORMAT = "agentfootprint.audit/1";
143
+ /**
144
+ * One link of the hash chain.
145
+ *
146
+ * `hash` = SHA-256 hex over `canonicalJson` of the record WITHOUT the
147
+ * `hash` field (i.e. `{ seq, timestamp, eventType, payload, meta,
148
+ * prevHash }` — canonical key order makes field order irrelevant).
149
+ * Because the preimage is "everything but `hash`", ADDING a field to a
150
+ * record is detected exactly like mutating one.
151
+ */
152
+ export interface AuditRecord {
153
+ /** 0-based position in the chain (monotonic across drains). */
154
+ readonly seq: number;
155
+ /** Wall-clock ms of the source event (`meta.wallClockMs`). */
156
+ readonly timestamp: number;
157
+ /** Registry event name verbatim, or {@link AUDIT_GENESIS_EVENT_TYPE}. */
158
+ readonly eventType: string;
159
+ /** Bounded / sanitized event payload (see module PII docs). */
160
+ readonly payload: unknown;
161
+ /** Sanitized event meta (runId, runtimeStageId, paths, indices). */
162
+ readonly meta: {
163
+ readonly runId: string;
164
+ } & Readonly<Record<string, unknown>>;
165
+ /** `hash` of the previous record ({@link AUDIT_ZERO_HASH} at chain start). */
166
+ readonly prevHash: string;
167
+ /** SHA-256 hex of this record's canonical preimage. */
168
+ readonly hash: string;
169
+ }
170
+ export interface AuditBundleHeader {
171
+ readonly format: typeof AUDIT_BUNDLE_FORMAT;
172
+ readonly hashAlgorithm: 'sha-256';
173
+ readonly canonicalization: typeof CANONICAL_JSON_VERSION;
174
+ /** `prevHash` of `records[0]` — {@link AUDIT_ZERO_HASH} for the first
175
+ * segment, the previous segment's `finalHash` after a `drain()`. */
176
+ readonly chainHead: string;
177
+ /** `seq` of `records[0]` (continues across drains). */
178
+ readonly firstSeq: number;
179
+ readonly recordCount: number;
180
+ /** Wall-clock ms when `bundle()` / `drain()` produced this export. */
181
+ readonly exportedAt: number;
182
+ readonly library: {
183
+ readonly name: 'agentfootprint';
184
+ readonly version: string;
185
+ };
186
+ }
187
+ /** JSON-serializable export of the chain (or one drained segment). */
188
+ export interface AuditBundle {
189
+ readonly header: AuditBundleHeader;
190
+ readonly records: readonly AuditRecord[];
191
+ /** `hash` of the last record (= `chainHead` when `records` is empty).
192
+ * The next drained segment's `chainHead` equals this value. */
193
+ readonly finalHash: string;
194
+ }
195
+ export interface AuditVerifyResult {
196
+ readonly valid: boolean;
197
+ /** Records whose hashes were recomputed and matched. */
198
+ readonly recordsChecked: number;
199
+ /** `seq` of the first record that fails (or the expected seq at the
200
+ * failure point, when the stored seq itself was tampered). */
201
+ readonly brokenAt?: number;
202
+ /** Human-readable cause — names the failed check. */
203
+ readonly reason?: string;
204
+ }
205
+ export interface AuditExportOptions {
206
+ /** Agent identity recorded in every run's genesis record (service /
207
+ * agent name as your compliance review knows it). */
208
+ readonly agent?: string;
209
+ /**
210
+ * `'bounded'` (default) — payloads pass the PII bounding layer (see
211
+ * module docs). `'verbatim'` — full payloads, JSON-sanitized only.
212
+ *
213
+ * @remarks Verbatim bundles carry prompts, tool args/results and
214
+ * model output. Treat the store as PII-bearing; the Agent applies NO
215
+ * RedactionPolicy by default.
216
+ */
217
+ readonly payloadMode?: 'bounded' | 'verbatim';
218
+ /** Include `stream.token` / `stream.thinking_delta` events (high
219
+ * volume; content still bounded under `payloadMode: 'bounded'`).
220
+ * Default `false`. */
221
+ readonly includeTokenEvents?: boolean;
222
+ /** Extra version pins for the genesis record (your app, model
223
+ * config revision, policy bundle hash, …). */
224
+ readonly versions?: Readonly<Record<string, string>>;
225
+ }
226
+ /** The strategy returned by {@link auditExport}. */
227
+ export interface AuditExportStrategy extends ObservabilityStrategy {
228
+ /** Snapshot the retained records WITHOUT draining. Safe mid-run. */
229
+ bundle(): AuditBundle;
230
+ /** Return the records accumulated since the last drain and clear
231
+ * them from memory. Chain state persists — consecutive drained
232
+ * segments re-verify end-to-end via `verifyAuditBundle([...])`. */
233
+ drain(): AuditBundle;
234
+ /** Records currently retained (since last drain). */
235
+ recordCount(): number;
236
+ }
237
+ export declare function auditExport(opts?: AuditExportOptions): AuditExportStrategy;
238
+ /**
239
+ * Recompute the hash chain of a bundle (or of consecutive drained
240
+ * segments, in order) and report the exact record where integrity
241
+ * breaks. Pure function over JSON data — runs offline, long after the
242
+ * run, with no agent and no strategy instance.
243
+ *
244
+ * Checks, in order, per segment:
245
+ * 1. header format / algorithm / canonicalization are supported
246
+ * 2. `recordCount` matches `records.length`
247
+ * 3. segment continuity (`chainHead`/`firstSeq` extend the previous
248
+ * segment's `finalHash`/seq range)
249
+ * 4. per record: `seq` is contiguous, `prevHash` links the previous
250
+ * record, and SHA-256 over the canonical preimage (the record
251
+ * minus `hash` — so ADDED fields are caught too) matches `hash`
252
+ * 5. `finalHash` equals the last record's hash
253
+ */
254
+ export declare function verifyAuditBundle(input: AuditBundle | readonly AuditBundle[]): AuditVerifyResult;
255
+ //# sourceMappingURL=audit.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"audit.d.ts","sourceRoot":"","sources":["../../../../src/adapters/observability/audit.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkIG;AAGH,OAAO,EAAiB,sBAAsB,EAAE,MAAM,4BAA4B,CAAC;AAEnF,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAIvE;4DAC4D;AAC5D,eAAO,MAAM,eAAe,QAAiB,CAAC;AAE9C;;gEAEgE;AAChE,eAAO,MAAM,wBAAwB,kBAAkB,CAAC;AAExD,wDAAwD;AACxD,eAAO,MAAM,mBAAmB,2BAA2B,CAAC;AAE5D;;;;;;;;GAQG;AACH,MAAM,WAAW,WAAW;IAC1B,+DAA+D;IAC/D,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,8DAA8D;IAC9D,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,yEAAyE;IACzE,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,+DAA+D;IAC/D,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,oEAAoE;IACpE,QAAQ,CAAC,IAAI,EAAE;QAAE,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAA;KAAE,GAAG,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IAC9E,8EAA8E;IAC9E,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,uDAAuD;IACvD,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,MAAM,EAAE,OAAO,mBAAmB,CAAC;IAC5C,QAAQ,CAAC,aAAa,EAAE,SAAS,CAAC;IAClC,QAAQ,CAAC,gBAAgB,EAAE,OAAO,sBAAsB,CAAC;IACzD;yEACqE;IACrE,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,uDAAuD;IACvD,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,sEAAsE;IACtE,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,OAAO,EAAE;QAAE,QAAQ,CAAC,IAAI,EAAE,gBAAgB,CAAC;QAAC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;CACjF;AAED,sEAAsE;AACtE,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,MAAM,EAAE,iBAAiB,CAAC;IACnC,QAAQ,CAAC,OAAO,EAAE,SAAS,WAAW,EAAE,CAAC;IACzC;oEACgE;IAChE,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;IACxB,wDAAwD;IACxD,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAChC;mEAC+D;IAC/D,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,qDAAqD;IACrD,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,kBAAkB;IACjC;0DACsD;IACtD,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IACxB;;;;;;;OAOG;IACH,QAAQ,CAAC,WAAW,CAAC,EAAE,SAAS,GAAG,UAAU,CAAC;IAC9C;;2BAEuB;IACvB,QAAQ,CAAC,kBAAkB,CAAC,EAAE,OAAO,CAAC;IACtC;mDAC+C;IAC/C,QAAQ,CAAC,QAAQ,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;CACtD;AAED,oDAAoD;AACpD,MAAM,WAAW,mBAAoB,SAAQ,qBAAqB;IAChE,oEAAoE;IACpE,MAAM,IAAI,WAAW,CAAC;IACtB;;wEAEoE;IACpE,KAAK,IAAI,WAAW,CAAC;IACrB,qDAAqD;IACrD,WAAW,IAAI,MAAM,CAAC;CACvB;AAgND,wBAAgB,WAAW,CAAC,IAAI,GAAE,kBAAuB,GAAG,mBAAmB,CAgI9E;AAID;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,WAAW,GAAG,SAAS,WAAW,EAAE,GAAG,iBAAiB,CAsIhG"}
@@ -10,7 +10,13 @@
10
10
  * stream.llm_start ↦ push leaf subsegment (model call)
11
11
  * stream.llm_end ↦ close llm subsegment
12
12
  * stream.tool_start ↦ push leaf subsegment (tool call)
13
- * stream.tool_end ↦ close tool subsegment
13
+ * stream.tool_end ↦ close tool subsegment (correlated
14
+ * by toolCallId — parallel-safe)
15
+ * error.fatal ↦ fault on root + close the whole
16
+ * tree (turn_end never arrives)
17
+ *
18
+ * Events are anchored on `meta.runId` (the dispatcher envelope),
19
+ * with a `payload.runId` fallback for hand-built events.
14
20
  *
15
21
  * The result in the X-Ray Trace Map: a hierarchical timeline of every
16
22
  * agent run — turn → iteration → llm-call/tool-call — queryable in
@@ -1 +1 @@
1
- {"version":3,"file":"xray.d.ts","sourceRoot":"","sources":["../../../../src/adapters/observability/xray.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsDG;AAIH,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAIvE,MAAM,WAAW,wBAAwB;IACvC,qEAAqE;IACrE,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB;iCAC6B;IAC7B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B;;oDAEgD;IAChD,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAC7B;;0CAEsC;IACtC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IACnC;yCACqC;IACrC,QAAQ,CAAC,eAAe,CAAC,EAAE,MAAM,CAAC;IAClC,2DAA2D;IAC3D,QAAQ,CAAC,OAAO,CAAC,EAAE,cAAc,CAAC;CACnC;AAID,MAAM,WAAW,cAAc;IAC7B,gBAAgB,CAAC,KAAK,EAAE;QAAE,qBAAqB,EAAE,aAAa,CAAC,MAAM,CAAC,CAAA;KAAE,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CAC7F;AA6BD,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,wBAAwB,GAAG,qBAAqB,CA2QvF"}
1
+ {"version":3,"file":"xray.d.ts","sourceRoot":"","sources":["../../../../src/adapters/observability/xray.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4DG;AAIH,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAIvE,MAAM,WAAW,wBAAwB;IACvC,qEAAqE;IACrE,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB;iCAC6B;IAC7B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B;;oDAEgD;IAChD,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAC7B;;0CAEsC;IACtC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IACnC;yCACqC;IACrC,QAAQ,CAAC,eAAe,CAAC,EAAE,MAAM,CAAC;IAClC,2DAA2D;IAC3D,QAAQ,CAAC,OAAO,CAAC,EAAE,cAAc,CAAC;CACnC;AAID,MAAM,WAAW,cAAc;IAC7B,gBAAgB,CAAC,KAAK,EAAE;QAAE,qBAAqB,EAAE,aAAa,CAAC,MAAM,CAAC,CAAA;KAAE,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CAC7F;AA6BD,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,wBAAwB,GAAG,qBAAqB,CA4WvF"}
@@ -0,0 +1,57 @@
1
+ /**
2
+ * canonicalJson — deterministic JSON serialization (`afp-cjson/1`).
3
+ *
4
+ * Pattern: Canonicalization function (RFC 8785 JCS-inspired, JS-native).
5
+ * Role: The byte contract under the tamper-evident audit chain
6
+ * (backlog #20). `AuditRecord.hash` = SHA-256 over the
7
+ * canonical serialization of the record — two parties that
8
+ * serialize the same VALUE must produce the same BYTES, or
9
+ * verification breaks. These rules ARE the contract; bump the
10
+ * identifier (`afp-cjson/2`) for ANY behavioral change.
11
+ *
12
+ * ## Canonicalization rules (`afp-cjson/1`)
13
+ *
14
+ * 1. **Objects** — own enumerable string-keyed properties only, keys
15
+ * sorted lexicographically by UTF-16 code unit (JavaScript's
16
+ * default `Array.prototype.sort()` comparison), serialized
17
+ * `{"k":v,...}` with no whitespace. Symbol keys are ignored.
18
+ * 2. **Arrays** — element order preserved, `[v,...]` no whitespace.
19
+ * 3. **Strings** — `JSON.stringify` escaping (deterministic per the
20
+ * ECMAScript spec: minimal escapes, lowercase `\uXXXX` hex).
21
+ * 4. **Numbers** — finite numbers via `JSON.stringify` (ECMAScript
22
+ * shortest round-trip formatting). `NaN` / `±Infinity` → `null`
23
+ * (JSON.stringify parity). `-0` serializes as `0`.
24
+ * 5. **`null`** → `null`. **`undefined`** — omitted as an object
25
+ * property, `null` as an array element or top-level value
26
+ * (JSON.stringify parity).
27
+ * 6. **Functions / symbols** — omitted as object properties, `null`
28
+ * in arrays (JSON.stringify parity).
29
+ * 7. **`toJSON`** — honored before serialization (so `Date` →
30
+ * ISO-8601 string, exactly like `JSON.stringify`).
31
+ * 8. **`bigint`** → `TypeError` (JSON.stringify parity). Sanitize
32
+ * upstream (the audit bounding layer converts bigint to string).
33
+ * 9. **Cycles** → `TypeError`. Canonicalization is defined over
34
+ * JSON-safe trees; the audit bounding layer breaks cycles first.
35
+ *
36
+ * The domain is "anything `JSON.parse` can produce" (the audit bundle
37
+ * is JSON); for other inputs the behavior mirrors `JSON.stringify`
38
+ * except that object keys are SORTED. Verification re-canonicalizes
39
+ * records that came through `JSON.parse(JSON.stringify(bundle))`, so
40
+ * round-tripping a bundle never changes its hashes.
41
+ *
42
+ * Browser-safe: no Node imports — pure computation.
43
+ */
44
+ /** Identifier of the canonicalization rules implemented by
45
+ * {@link canonicalJson}. Carried on `AuditBundleHeader.canonicalization`
46
+ * so offline verifiers can reject bundles produced under different
47
+ * rules instead of mis-verifying them. */
48
+ export declare const CANONICAL_JSON_VERSION = "afp-cjson/1";
49
+ /**
50
+ * Serialize `value` to canonical JSON (see module docs for the exact
51
+ * `afp-cjson/1` rules). Deterministic: equal values (after key
52
+ * reordering) always produce identical strings.
53
+ *
54
+ * @throws TypeError on circular references or bigint values.
55
+ */
56
+ export declare function canonicalJson(value: unknown): string;
57
+ //# sourceMappingURL=canonicalJson.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"canonicalJson.d.ts","sourceRoot":"","sources":["../../../src/lib/canonicalJson.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA0CG;AAEH;;;2CAG2C;AAC3C,eAAO,MAAM,sBAAsB,gBAAgB,CAAC;AAEpD;;;;;;GAMG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,CAMpD"}
@@ -42,4 +42,6 @@ export { agentcoreObservability, type AgentcoreObservabilityOptions, } from './a
42
42
  export { cloudwatchObservability, type CloudwatchObservabilityOptions, } from './adapters/observability/cloudwatch.js';
43
43
  export { xrayObservability, type XrayObservabilityOptions, type XRayLikeClient, } from './adapters/observability/xray.js';
44
44
  export { otelObservability, type OtelObservabilityOptions, type OtelObservabilityStrategy, type OtelDecisionEvidenceRecorder, type OtelTracerLike, type OtelSpanLike, type OtelSpanOptions, type OtelAttributeValue, } from './adapters/observability/otel.js';
45
+ export { auditExport, verifyAuditBundle, AUDIT_BUNDLE_FORMAT, AUDIT_GENESIS_EVENT_TYPE, AUDIT_ZERO_HASH, type AuditBundle, type AuditBundleHeader, type AuditExportOptions, type AuditExportStrategy, type AuditRecord, type AuditVerifyResult, } from './adapters/observability/audit.js';
46
+ export { canonicalJson, CANONICAL_JSON_VERSION } from './lib/canonicalJson.js';
45
47
  //# sourceMappingURL=observability-providers.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"observability-providers.d.ts","sourceRoot":"","sources":["../../src/observability-providers.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAuCG;AAEH,OAAO,EACL,sBAAsB,EACtB,KAAK,6BAA6B,GACnC,MAAM,uCAAuC,CAAC;AAC/C,OAAO,EACL,uBAAuB,EACvB,KAAK,8BAA8B,GACpC,MAAM,wCAAwC,CAAC;AAChD,OAAO,EACL,iBAAiB,EACjB,KAAK,wBAAwB,EAC7B,KAAK,cAAc,GACpB,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EACL,iBAAiB,EACjB,KAAK,wBAAwB,EAC7B,KAAK,yBAAyB,EAC9B,KAAK,4BAA4B,EACjC,KAAK,cAAc,EACnB,KAAK,YAAY,EACjB,KAAK,eAAe,EACpB,KAAK,kBAAkB,GACxB,MAAM,kCAAkC,CAAC"}
1
+ {"version":3,"file":"observability-providers.d.ts","sourceRoot":"","sources":["../../src/observability-providers.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAuCG;AAEH,OAAO,EACL,sBAAsB,EACtB,KAAK,6BAA6B,GACnC,MAAM,uCAAuC,CAAC;AAC/C,OAAO,EACL,uBAAuB,EACvB,KAAK,8BAA8B,GACpC,MAAM,wCAAwC,CAAC;AAChD,OAAO,EACL,iBAAiB,EACjB,KAAK,wBAAwB,EAC7B,KAAK,cAAc,GACpB,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EACL,iBAAiB,EACjB,KAAK,wBAAwB,EAC7B,KAAK,yBAAyB,EAC9B,KAAK,4BAA4B,EACjC,KAAK,cAAc,EACnB,KAAK,YAAY,EACjB,KAAK,eAAe,EACpB,KAAK,kBAAkB,GACxB,MAAM,kCAAkC,CAAC;AAI1C,OAAO,EACL,WAAW,EACX,iBAAiB,EACjB,mBAAmB,EACnB,wBAAwB,EACxB,eAAe,EACf,KAAK,WAAW,EAChB,KAAK,iBAAiB,EACtB,KAAK,kBAAkB,EACvB,KAAK,mBAAmB,EACxB,KAAK,WAAW,EAChB,KAAK,iBAAiB,GACvB,MAAM,mCAAmC,CAAC;AAC3C,OAAO,EAAE,aAAa,EAAE,sBAAsB,EAAE,MAAM,wBAAwB,CAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "agentfootprint",
3
- "version": "6.17.0",
3
+ "version": "6.18.0",
4
4
  "description": "The explainable agent framework — build AI agents you can explain, audit, and trust. Built on footprintjs.",
5
5
  "license": "MIT",
6
6
  "author": "Sanjay Krishna Anbalagan",
@@ -169,7 +169,8 @@
169
169
  "types": "./dist/types/status.d.ts",
170
170
  "import": "./dist/esm/status.js",
171
171
  "require": "./dist/status.js"
172
- }
172
+ },
173
+ "./package.json": "./package.json"
173
174
  },
174
175
  "sideEffects": [
175
176
  "**/cache/strategies/*.js",