agents-chain 0.0.1

package/dist/memory/encrypted-store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"encrypted-store.js","sourceRoot":"","sources":["../../src/memory/encrypted-store.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAE5E,MAAM,SAAS,GAAG,aAAa,CAAC;AAChC,MAAM,QAAQ,GAAG,EAAE,CAAC,CAAM,8BAA8B;AACxD,MAAM,SAAS,GAAG,EAAE,CAAC,CAAK,0CAA0C;AAEpE,MAAM,OAAO,cAAc;IAIvB,YAAoB,GAAW;QAFd,UAAK,GAAG,IAAI,GAAG,EAAkB,CAAC;QAG/C,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;IACnB,CAAC;IAED;;;OAGG;IACH,MAAM,CAAC,MAAM,CAAC,MAAe;QACzB,IAAI,GAAW,CAAC;QAChB,IAAI,MAAM,EAAE,CAAC;YACT,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;gBACpC,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;YAClF,CAAC;YACD,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QACrC,CAAC;aAAM,CAAC;YACJ,GAAG,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;QAC1B,CAAC;QACD,OAAO,IAAI,cAAc,CAAC,GAAG,CAAC,CAAC;IACnC,CAAC;IAED,GAAG,CAAC,GAAW,EAAE,KAAc;QAC3B,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QACxC,MAAM,EAAE,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAC;QACjC,MAAM,MAAM,GAAG,cAAc,CAAC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACvD,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC;YAC5B,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC;YAChC,MAAM,CAAC,KAAK,EAAE;SACjB,CAAC,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAEhC,oDAAoD;QACpD,MAAM,OAAO,GAAG;YACZ,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC;YACrB,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC;YACtB,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC;SAC/B,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEZ,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IACjC,CAAC;IAED,GAAG,CAAI,GAAW;QACd,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACpC,IAAI,CAAC,OAAO;YAAE,OAAO,SAAS,CAAC;QAE/B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACjC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACrB,MAAM,IAAI,KAAK,CAAC,2CAA2C,GAAG,GAAG,CAAC,CAAC;QACvE,CAAC;QAED,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,EAAE,QAAQ,CAAC,CAAC;QAC5C,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,EAAE,QAAQ,CAAC,CAAC;QAC7C,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,EAAE,QAAQ,CAAC,CAAC;QAEpD,IAAI,EAAE,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,8CAA8C,GAAG,GAAG,CAAC,CAAC;QAC1E,CAAC;QACD,IAAI,GAAG,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CAAC,oDAAoD,GAAG,GAAG,CAAC,CAAC;QAChF,CAAC;QAED,MAAM,QAAQ,GAAG,gBAAgB,CAAC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAC3D,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QAEzB,IAAI,SAAiB,CAAC;QACtB,IAAI,CAAC;YACD,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,SAAS,EAAE,MAAM,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACxF,CAAC;QAAC,MAAM,CAAC;YACL,sDAAsD;YACtD,MAAM,IAAI,KAAK,CAAC,kDAAkD,GAAG,wBAAwB,CAAC,CAAC;QACnG,CAAC;QAED,OAAO,IAAI,CAAC,KAAK,CAAC,SAAS,CAAM,CAAC;IACtC,CAAC;IAGD,MAAM,CAAI,GAAW,EAAE,IAAO;QAC1B,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC1C,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpB,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IAC5B,CAAC;IAED,GAAG,CAAC,GAAW;QACX,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC;IAED,MAAM,CAAC,GAAW;QACd,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAED,IAAI,IAAI;QACJ,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC;IAC3B,CAAC;IAED,KAAK;QACD,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;IACvB,CAAC;CACJ"}

package/dist/memory/jti-cache.d.ts

@@ -0,0 +1,22 @@
+/**
+ * JtiCache — in-memory JWT ID replay protection.
+ *
+ * Security properties:
+ * - Every agent+jwt carries a unique `jti` (JWT ID).
+ * - Once seen, the jti is recorded for REPLAY_WINDOW_MS.
+ * - Any attempt to reuse the same jti within that window throws ChainAuthError.
+ * - This prevents replay attacks: an intercepted token cannot be reused.
+ * - TTL eviction is lazy (checked on insert) — no background timer needed.
+ *
+ * The window is 90 seconds to comfortably cover the 60-second token max TTL
+ * plus clock skew tolerance.
+ */
+export declare class JtiCache {
+    /** Map of "<agentId>:<jti>" → expiry timestamp (Unix ms) */
+    private readonly cache;
+    assert(agentId: string, jti: string): void;
+    /** Remove all entries whose expiry has passed. */
+    private evictExpired;
+    get size(): number;
+}
+//# sourceMappingURL=jti-cache.d.ts.map

package/dist/memory/jti-cache.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jti-cache.d.ts","sourceRoot":"","sources":["../../src/memory/jti-cache.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAMH,qBAAa,QAAQ;IACjB,4DAA4D;IAC5D,OAAO,CAAC,QAAQ,CAAC,KAAK,CAA6B;IAEnD,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,IAAI;IAgB1C,kDAAkD;IAClD,OAAO,CAAC,YAAY;IASpB,IAAI,IAAI,IAAI,MAAM,CAEjB;CACJ"}

package/dist/memory/jti-cache.js

@@ -0,0 +1,43 @@
+/**
+ * JtiCache — in-memory JWT ID replay protection.
+ *
+ * Security properties:
+ * - Every agent+jwt carries a unique `jti` (JWT ID).
+ * - Once seen, the jti is recorded for REPLAY_WINDOW_MS.
+ * - Any attempt to reuse the same jti within that window throws ChainAuthError.
+ * - This prevents replay attacks: an intercepted token cannot be reused.
+ * - TTL eviction is lazy (checked on insert) — no background timer needed.
+ *
+ * The window is 90 seconds to comfortably cover the 60-second token max TTL
+ * plus clock skew tolerance.
+ */
+import { ChainAuthError } from "../errors/chain-error.js";
+const REPLAY_WINDOW_MS = 90000; // 90 seconds
+export class JtiCache {
+    constructor() {
+        /** Map of "<agentId>:<jti>" → expiry timestamp (Unix ms) */
+        this.cache = new Map();
+    }
+    assert(agentId, jti) {
+        this.evictExpired();
+        const cacheKey = `${agentId}:${jti}`;
+        const existing = this.cache.get(cacheKey);
+        if (existing !== undefined) {
+            throw new ChainAuthError("token_replayed", `JWT has already been used (jti="${jti}") — replay attack detected`);
+        }
+        this.cache.set(cacheKey, Date.now() + REPLAY_WINDOW_MS);
+    }
+    /** Remove all entries whose expiry has passed. */
+    evictExpired() {
+        const now = Date.now();
+        for (const [key, expiry] of this.cache) {
+            if (expiry < now) {
+                this.cache.delete(key);
+            }
+        }
+    }
+    get size() {
+        return this.cache.size;
+    }
+}
+//# sourceMappingURL=jti-cache.js.map

package/dist/memory/jti-cache.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jti-cache.js","sourceRoot":"","sources":["../../src/memory/jti-cache.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAE1D,MAAM,gBAAgB,GAAG,KAAM,CAAC,CAAC,aAAa;AAE9C,MAAM,OAAO,QAAQ;IAArB;QACI,4DAA4D;QAC3C,UAAK,GAAG,IAAI,GAAG,EAAkB,CAAC;IA+BvD,CAAC;IA7BG,MAAM,CAAC,OAAe,EAAE,GAAW;QAC/B,IAAI,CAAC,YAAY,EAAE,CAAC;QAEpB,MAAM,QAAQ,GAAG,GAAG,OAAO,IAAI,GAAG,EAAE,CAAC;QACrC,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAE1C,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,IAAI,cAAc,CACpB,gBAAgB,EAChB,mCAAmC,GAAG,6BAA6B,CACtE,CAAC;QACN,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,gBAAgB,CAAC,CAAC;IAC5D,CAAC;IAED,kDAAkD;IAC1C,YAAY;QAChB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,KAAK,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACrC,IAAI,MAAM,GAAG,GAAG,EAAE,CAAC;gBACf,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC3B,CAAC;QACL,CAAC;IACL,CAAC;IAED,IAAI,IAAI;QACJ,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC;IAC3B,CAAC;CACJ"}

package/dist/types/audit.d.ts

@@ -0,0 +1,16 @@
+export type AuditResult = "success" | "denied" | "error";
+export type AuditEntry = {
+    id: string;
+    agentId: string;
+    agentName: string;
+    hostname: string;
+    capability: string;
+    args: Record<string, unknown>;
+    result: AuditResult;
+    denialReason?: string;
+    errorMessage?: string;
+    jti: string;
+    timestamp: number;
+    durationMs: number;
+};
+//# sourceMappingURL=audit.d.ts.map

package/dist/types/audit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.d.ts","sourceRoot":"","sources":["../../src/types/audit.ts"],"names":[],"mappings":"AACA,MAAM,MAAM,WAAW,GAAG,SAAS,GAAG,QAAQ,GAAG,OAAO,CAAC;AAEzD,MAAM,MAAM,UAAU,GAAG;IACrB,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC9B,MAAM,EAAE,WAAW,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,GAAG,EAAE,MAAM,CAAC;IACZ,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;CACtB,CAAC"}

package/dist/types/audit.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=audit.js.map

package/dist/types/audit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.js","sourceRoot":"","sources":["../../src/types/audit.ts"],"names":[],"mappings":""}

package/dist/types/chain.d.ts

@@ -0,0 +1,19 @@
+import type { AgentConfig } from "./identity.js";
+import type { AuditEntry } from "./audit.js";
+export type { AgentConfig };
+export type ChainStats = {
+    agentId: string;
+    agentName: string;
+    hostname: string;
+    totalCalls: number;
+    successfulCalls: number;
+    deniedCalls: number;
+    errorCalls: number;
+    registeredAt: number;
+};
+export type AuditSnapshot = {
+    agentId: string;
+    entries: AuditEntry[];
+    exportedAt: number;
+};
+//# sourceMappingURL=chain.d.ts.map

package/dist/types/chain.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"chain.d.ts","sourceRoot":"","sources":["../../src/types/chain.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AACjD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAE7C,YAAY,EAAE,WAAW,EAAE,CAAC;AAE5B,MAAM,MAAM,UAAU,GAAG;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,EAAE,MAAM,CAAC;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,aAAa,GAAG;IACxB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,UAAU,EAAE,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;CACtB,CAAC"}

package/dist/types/chain.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=chain.js.map

package/dist/types/chain.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"chain.js","sourceRoot":"","sources":["../../src/types/chain.ts"],"names":[],"mappings":""}

package/dist/types/identity.d.ts

@@ -0,0 +1,35 @@
+export type AgentConfig = {
+    agentName: string;
+    hostname: string;
+    capabilities: string[];
+    /**
+     * Optional AES-256-GCM encryption key (64 hex chars = 32 bytes).
+     * If omitted, a random key is generated per session.
+     * Provide this if you need to persist and reload audit logs.
+     */
+    encryptionKey?: string;
+};
+export type CapabilityGrant = {
+    capability: string;
+    grantedAt: number;
+    constraints?: CapabilityConstraints;
+};
+export type CapabilityConstraints = Record<string, ConstraintValue>;
+export type ConstraintPrimitive = string | number | boolean;
+export type ConstraintOperator = {
+    max?: number;
+    min?: number;
+    in?: ConstraintPrimitive[];
+    not_in?: ConstraintPrimitive[];
+};
+export type ConstraintValue = ConstraintPrimitive | ConstraintOperator;
+export type RegisteredAgent = {
+    agentId: string;
+    agentName: string;
+    hostname: string;
+    publicKeyJwk: JsonWebKey;
+    thumbprint: string;
+    capabilities: CapabilityGrant[];
+    registeredAt: number;
+};
+//# sourceMappingURL=identity.d.ts.map

package/dist/types/identity.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity.d.ts","sourceRoot":"","sources":["../../src/types/identity.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,WAAW,GAAG;IAEtB,SAAS,EAAE,MAAM,CAAC;IAElB,QAAQ,EAAE,MAAM,CAAC;IAEjB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB;;;;OAIG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;CAC1B,CAAC;AAEF,MAAM,MAAM,eAAe,GAAG;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,qBAAqB,CAAC;CACvC,CAAC;AAGF,MAAM,MAAM,qBAAqB,GAAG,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;AAEpE,MAAM,MAAM,mBAAmB,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;AAE5D,MAAM,MAAM,kBAAkB,GAAG;IAC7B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,EAAE,CAAC,EAAE,mBAAmB,EAAE,CAAC;IAC3B,MAAM,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAClC,CAAC;AAEF,MAAM,MAAM,eAAe,GAAG,mBAAmB,GAAG,kBAAkB,CAAC;AAEvE,MAAM,MAAM,eAAe,GAAG;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,UAAU,CAAC;IACzB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,eAAe,EAAE,CAAC;IAChC,YAAY,EAAE,MAAM,CAAC;CACxB,CAAC"}

package/dist/types/identity.js

@@ -0,0 +1,3 @@
+// ─── Agent Identity Types ─────────────────────────────────────────────────────
+export {};
+//# sourceMappingURL=identity.js.map

package/dist/types/identity.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity.js","sourceRoot":"","sources":["../../src/types/identity.ts"],"names":[],"mappings":"AAAA,iFAAiF"}

package/dist/wrappers/anthropic-wrapper.d.ts

@@ -0,0 +1,31 @@
+/**
+ * Anthropic SDK wrapper — intercepts calls and runs the auth + audit pipeline.
+ *
+ * Intercepted capability names (mapped from SDK method paths):
+ *   client.messages.create       → "message"
+ *   client.messages.stream       → "message.stream"
+ *   client.messages.countTokens  → "message.count_tokens"
+ *   client.completions.create    → "completion"  (legacy)
+ *   client.beta.messages.create  → "message.beta"
+ *
+ * Any other method path passes through without interception.
+ *
+ * Same Proxy approach as the OpenAI wrapper — no SDK monkey-patching.
+ */
+import type { TokenBuilder } from "../auth/token-builder.js";
+import type { TokenVerifier } from "../auth/token-verifier.js";
+import type { AuditLog } from "../audit/audit-log.js";
+import type { AgentIdentity } from "../identity/agent-identity.js";
+type InterceptContext = {
+    identity: AgentIdentity;
+    builder: TokenBuilder;
+    verifier: TokenVerifier;
+    log: AuditLog;
+};
+/**
+ * Wrap an Anthropic client instance.
+ * Returns a Proxy that enforces agent auth on every intercepted method.
+ */
+export declare function wrapAnthropic<T extends object>(client: T, ctx: InterceptContext): T;
+export {};
+//# sourceMappingURL=anthropic-wrapper.d.ts.map

package/dist/wrappers/anthropic-wrapper.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"anthropic-wrapper.d.ts","sourceRoot":"","sources":["../../src/wrappers/anthropic-wrapper.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAGH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,+BAA+B,CAAC;AAUnE,KAAK,gBAAgB,GAAG;IACpB,QAAQ,EAAE,aAAa,CAAC;IACxB,OAAO,EAAE,YAAY,CAAC;IACtB,QAAQ,EAAE,aAAa,CAAC;IACxB,GAAG,EAAE,QAAQ,CAAC;CACjB,CAAC;AAEF;;;GAGG;AACH,wBAAgB,aAAa,CAAC,CAAC,SAAS,MAAM,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,gBAAgB,GAAG,CAAC,CAEnF"}

package/dist/wrappers/anthropic-wrapper.js

@@ -0,0 +1,97 @@
+/**
+ * Anthropic SDK wrapper — intercepts calls and runs the auth + audit pipeline.
+ *
+ * Intercepted capability names (mapped from SDK method paths):
+ *   client.messages.create       → "message"
+ *   client.messages.stream       → "message.stream"
+ *   client.messages.countTokens  → "message.count_tokens"
+ *   client.completions.create    → "completion"  (legacy)
+ *   client.beta.messages.create  → "message.beta"
+ *
+ * Any other method path passes through without interception.
+ *
+ * Same Proxy approach as the OpenAI wrapper — no SDK monkey-patching.
+ */
+import { ChainAuthError } from "../errors/chain-error.js";
+const METHOD_CAPABILITY_MAP = {
+    "messages.create": "message",
+    "messages.stream": "message.stream",
+    "messages.countTokens": "message.count_tokens",
+    "completions.create": "completion",
+    "beta.messages.create": "message.beta",
+};
+/**
+ * Wrap an Anthropic client instance.
+ * Returns a Proxy that enforces agent auth on every intercepted method.
+ */
+export function wrapAnthropic(client, ctx) {
+    return buildProxy(client, ctx, []);
+}
+function buildProxy(target, ctx, path) {
+    return new Proxy(target, {
+        get(obj, prop) {
+            if (typeof prop !== "string")
+                return Reflect.get(obj, prop);
+            const nextPath = [...path, prop];
+            const pathKey = nextPath.join(".");
+            const capability = METHOD_CAPABILITY_MAP[pathKey];
+            const value = Reflect.get(obj, prop);
+            if (capability !== undefined && typeof value === "function") {
+                return createInterceptedMethod(value.bind(obj), capability, ctx);
+            }
+            if (typeof value === "object" && value !== null) {
+                return buildProxy(value, ctx, nextPath);
+            }
+            return value;
+        },
+    });
+}
+function createInterceptedMethod(originalFn, capability, ctx) {
+    return async (...args) => {
+        const callArgs = (args[0] ?? {});
+        let jti = "unknown";
+        try {
+            const { token, claims } = await ctx.builder.build(capability);
+            jti = claims.jti;
+            const verified = await ctx.verifier.verify(token, capability);
+            const start = Date.now();
+            let result;
+            try {
+                result = await Promise.resolve(originalFn(...args));
+            }
+            catch (sdkErr) {
+                ctx.log.recordCall({
+                    context: verified,
+                    args: callArgs,
+                    result: "error",
+                    durationMs: Date.now() - start,
+                    errorMessage: sdkErr instanceof Error ? sdkErr.message : String(sdkErr),
+                });
+                throw sdkErr;
+            }
+            ctx.log.recordCall({
+                context: verified,
+                args: callArgs,
+                result: "success",
+                durationMs: Date.now() - start,
+            });
+            return result;
+        }
+        catch (err) {
+            if (err instanceof ChainAuthError) {
+                ctx.log.recordDenied({
+                    agentId: ctx.identity.agentId,
+                    agentName: ctx.identity.registration.agentName,
+                    hostname: ctx.identity.registration.hostname,
+                    capability,
+                    args: callArgs,
+                    reason: err.message,
+                    jti,
+                });
+                throw err;
+            }
+            throw err;
+        }
+    };
+}
+//# sourceMappingURL=anthropic-wrapper.js.map

package/dist/wrappers/anthropic-wrapper.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"anthropic-wrapper.js","sourceRoot":"","sources":["../../src/wrappers/anthropic-wrapper.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAM1D,MAAM,qBAAqB,GAA2B;IAClD,iBAAiB,EAAE,SAAS;IAC5B,iBAAiB,EAAE,gBAAgB;IACnC,sBAAsB,EAAE,sBAAsB;IAC9C,oBAAoB,EAAE,YAAY;IAClC,sBAAsB,EAAE,cAAc;CACzC,CAAC;AASF;;;GAGG;AACH,MAAM,UAAU,aAAa,CAAmB,MAAS,EAAE,GAAqB;IAC5E,OAAO,UAAU,CAAC,MAAM,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;AACvC,CAAC;AAED,SAAS,UAAU,CACf,MAAS,EACT,GAAqB,EACrB,IAAc;IAEd,OAAO,IAAI,KAAK,CAAC,MAAM,EAAE;QACrB,GAAG,CAAC,GAAG,EAAE,IAAI;YACT,IAAI,OAAO,IAAI,KAAK,QAAQ;gBAAE,OAAO,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;YAE5D,MAAM,QAAQ,GAAG,CAAC,GAAG,IAAI,EAAE,IAAI,CAAC,CAAC;YACjC,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACnC,MAAM,UAAU,GAAG,qBAAqB,CAAC,OAAO,CAAC,CAAC;YAElD,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;YAErC,IAAI,UAAU,KAAK,SAAS,IAAI,OAAO,KAAK,KAAK,UAAU,EAAE,CAAC;gBAC1D,OAAO,uBAAuB,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC;YACrE,CAAC;YAED,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;gBAC9C,OAAO,UAAU,CAAC,KAAe,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;YACtD,CAAC;YAED,OAAO,KAAK,CAAC;QACjB,CAAC;KACJ,CAAM,CAAC;AACZ,CAAC;AAED,SAAS,uBAAuB,CAC5B,UAA2C,EAC3C,UAAkB,EAClB,GAAqB;IAErB,OAAO,KAAK,EAAE,GAAG,IAAe,EAAE,EAAE;QAChC,MAAM,QAAQ,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAA4B,CAAC;QAE5D,IAAI,GAAG,GAAG,SAAS,CAAC;QACpB,IAAI,CAAC;YACD,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;YAC9D,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC;YACjB,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;YAE9D,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACzB,IAAI,MAAe,CAAC;YACpB,IAAI,CAAC;gBACD,MAAM,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC;YACxD,CAAC;YAAC,OAAO,MAAM,EAAE,CAAC;gBACd,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC;oBACf,OAAO,EAAE,QAAQ;oBACjB,IAAI,EAAE,QAAQ;oBACd,MAAM,EAAE,OAAO;oBACf,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;oBAC9B,YAAY,EAAE,MAAM,YAAY,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC;iBAC1E,CAAC,CAAC;gBACH,MAAM,MAAM,CAAC;YACjB,CAAC;YAED,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC;gBACf,OAAO,EAAE,QAAQ;gBACjB,IAAI,EAAE,QAAQ;gBACd,MAAM,EAAE,SAAS;gBACjB,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;aACjC,CAAC,CAAC;YAEH,OAAO,MAAM,CAAC;QAClB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,IAAI,GAAG,YAAY,cAAc,EAAE,CAAC;gBAChC,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC;oBACjB,OAAO,EAAE,GAAG,CAAC,QAAQ,CAAC,OAAO;oBAC7B,SAAS,EAAE,GAAG,CAAC,QAAQ,CAAC,YAAY,CAAC,SAAS;oBAC9C,QAAQ,EAAE,GAAG,CAAC,QAAQ,CAAC,YAAY,CAAC,QAAQ;oBAC5C,UAAU;oBACV,IAAI,EAAE,QAAQ;oBACd,MAAM,EAAE,GAAG,CAAC,OAAO;oBACnB,GAAG;iBACN,CAAC,CAAC;gBACH,MAAM,GAAG,CAAC;YACd,CAAC;YACD,MAAM,GAAG,CAAC;QACd,CAAC;IACL,CAAC,CAAC;AACN,CAAC"}

package/dist/wrappers/openai-wrapper.d.ts

@@ -0,0 +1,34 @@
+/**
+ * OpenAI SDK wrapper — intercepts calls and runs the auth + audit pipeline.
+ *
+ * Intercepted capability names (mapped from SDK method paths):
+ *   client.chat.completions.create  → "chat.completion"
+ *   client.embeddings.create        → "embedding"
+ *   client.images.generate          → "image.generation"
+ *   client.audio.transcriptions.create → "audio.transcription"
+ *   client.audio.speech.create      → "audio.speech"
+ *   client.moderations.create       → "moderation"
+ *   client.responses.create         → "response"  (Responses API)
+ *
+ * Any other method path passes through without interception.
+ *
+ * The wrapper uses JavaScript Proxy so it does not modify the original
+ * client object and works with any OpenAI SDK version.
+ */
+import type { TokenBuilder } from "../auth/token-builder.js";
+import type { TokenVerifier } from "../auth/token-verifier.js";
+import type { AuditLog } from "../audit/audit-log.js";
+import type { AgentIdentity } from "../identity/agent-identity.js";
+type InterceptContext = {
+    identity: AgentIdentity;
+    builder: TokenBuilder;
+    verifier: TokenVerifier;
+    log: AuditLog;
+};
+/**
+ * Wrap an OpenAI client instance.
+ * Returns a Proxy that enforces agent auth on every intercepted method.
+ */
+export declare function wrapOpenAI<T extends object>(client: T, ctx: InterceptContext): T;
+export {};
+//# sourceMappingURL=openai-wrapper.d.ts.map

package/dist/wrappers/openai-wrapper.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"openai-wrapper.d.ts","sourceRoot":"","sources":["../../src/wrappers/openai-wrapper.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAGH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,+BAA+B,CAAC;AAanE,KAAK,gBAAgB,GAAG;IACpB,QAAQ,EAAE,aAAa,CAAC;IACxB,OAAO,EAAE,YAAY,CAAC;IACtB,QAAQ,EAAE,aAAa,CAAC;IACxB,GAAG,EAAE,QAAQ,CAAC;CACjB,CAAC;AAEF;;;GAGG;AACH,wBAAgB,UAAU,CAAC,CAAC,SAAS,MAAM,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,gBAAgB,GAAG,CAAC,CAEhF"}

package/dist/wrappers/openai-wrapper.js

@@ -0,0 +1,106 @@
+/**
+ * OpenAI SDK wrapper — intercepts calls and runs the auth + audit pipeline.
+ *
+ * Intercepted capability names (mapped from SDK method paths):
+ *   client.chat.completions.create  → "chat.completion"
+ *   client.embeddings.create        → "embedding"
+ *   client.images.generate          → "image.generation"
+ *   client.audio.transcriptions.create → "audio.transcription"
+ *   client.audio.speech.create      → "audio.speech"
+ *   client.moderations.create       → "moderation"
+ *   client.responses.create         → "response"  (Responses API)
+ *
+ * Any other method path passes through without interception.
+ *
+ * The wrapper uses JavaScript Proxy so it does not modify the original
+ * client object and works with any OpenAI SDK version.
+ */
+import { ChainAuthError } from "../errors/chain-error.js";
+/** Map from SDK method path (dot-joined) to capability name */
+const METHOD_CAPABILITY_MAP = {
+    "chat.completions.create": "chat.completion",
+    "embeddings.create": "embedding",
+    "images.generate": "image.generation",
+    "audio.transcriptions.create": "audio.transcription",
+    "audio.speech.create": "audio.speech",
+    "moderations.create": "moderation",
+    "responses.create": "response",
+};
+/**
+ * Wrap an OpenAI client instance.
+ * Returns a Proxy that enforces agent auth on every intercepted method.
+ */
+export function wrapOpenAI(client, ctx) {
+    return buildProxy(client, ctx, []);
+}
+function buildProxy(target, ctx, path) {
+    return new Proxy(target, {
+        get(obj, prop) {
+            if (typeof prop !== "string")
+                return Reflect.get(obj, prop);
+            const nextPath = [...path, prop];
+            const pathKey = nextPath.join(".");
+            const capability = METHOD_CAPABILITY_MAP[pathKey];
+            const value = Reflect.get(obj, prop);
+            // If this exact path maps to a known capability, intercept the function
+            if (capability !== undefined && typeof value === "function") {
+                return createInterceptedMethod(value.bind(obj), capability, ctx);
+            }
+            // If it's an object (namespace like client.chat), proxy it deeper
+            if (typeof value === "object" && value !== null) {
+                return buildProxy(value, ctx, nextPath);
+            }
+            return value;
+        },
+    });
+}
+function createInterceptedMethod(originalFn, capability, ctx) {
+    return async (...args) => {
+        const callArgs = (args[0] ?? {});
+        // Build + verify a fresh single-use token
+        let jti = "unknown";
+        try {
+            const { token, claims } = await ctx.builder.build(capability);
+            jti = claims.jti;
+            const verified = await ctx.verifier.verify(token, capability);
+            const start = Date.now();
+            let result;
+            try {
+                result = await Promise.resolve(originalFn(...args));
+            }
+            catch (sdkErr) {
+                ctx.log.recordCall({
+                    context: verified,
+                    args: callArgs,
+                    result: "error",
+                    durationMs: Date.now() - start,
+                    errorMessage: sdkErr instanceof Error ? sdkErr.message : String(sdkErr),
+                });
+                throw sdkErr;
+            }
+            ctx.log.recordCall({
+                context: verified,
+                args: callArgs,
+                result: "success",
+                durationMs: Date.now() - start,
+            });
+            return result;
+        }
+        catch (err) {
+            if (err instanceof ChainAuthError) {
+                ctx.log.recordDenied({
+                    agentId: ctx.identity.agentId,
+                    agentName: ctx.identity.registration.agentName,
+                    hostname: ctx.identity.registration.hostname,
+                    capability,
+                    args: callArgs,
+                    reason: err.message,
+                    jti,
+                });
+                throw err;
+            }
+            throw err;
+        }
+    };
+}
+//# sourceMappingURL=openai-wrapper.js.map

package/dist/wrappers/openai-wrapper.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"openai-wrapper.js","sourceRoot":"","sources":["../../src/wrappers/openai-wrapper.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAM1D,+DAA+D;AAC/D,MAAM,qBAAqB,GAA2B;IAClD,yBAAyB,EAAE,iBAAiB;IAC5C,mBAAmB,EAAE,WAAW;IAChC,iBAAiB,EAAE,kBAAkB;IACrC,6BAA6B,EAAE,qBAAqB;IACpD,qBAAqB,EAAE,cAAc;IACrC,oBAAoB,EAAE,YAAY;IAClC,kBAAkB,EAAE,UAAU;CACjC,CAAC;AASF;;;GAGG;AACH,MAAM,UAAU,UAAU,CAAmB,MAAS,EAAE,GAAqB;IACzE,OAAO,UAAU,CAAC,MAAM,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;AACvC,CAAC;AAED,SAAS,UAAU,CACf,MAAS,EACT,GAAqB,EACrB,IAAc;IAEd,OAAO,IAAI,KAAK,CAAC,MAAM,EAAE;QACrB,GAAG,CAAC,GAAG,EAAE,IAAI;YACT,IAAI,OAAO,IAAI,KAAK,QAAQ;gBAAE,OAAO,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;YAE5D,MAAM,QAAQ,GAAG,CAAC,GAAG,IAAI,EAAE,IAAI,CAAC,CAAC;YACjC,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACnC,MAAM,UAAU,GAAG,qBAAqB,CAAC,OAAO,CAAC,CAAC;YAElD,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;YAErC,wEAAwE;YACxE,IAAI,UAAU,KAAK,SAAS,IAAI,OAAO,KAAK,KAAK,UAAU,EAAE,CAAC;gBAC1D,OAAO,uBAAuB,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC;YACrE,CAAC;YAED,kEAAkE;YAClE,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;gBAC9C,OAAO,UAAU,CAAC,KAAe,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;YACtD,CAAC;YAED,OAAO,KAAK,CAAC;QACjB,CAAC;KACJ,CAAM,CAAC;AACZ,CAAC;AAED,SAAS,uBAAuB,CAC5B,UAA2C,EAC3C,UAAkB,EAClB,GAAqB;IAErB,OAAO,KAAK,EAAE,GAAG,IAAe,EAAE,EAAE;QAChC,MAAM,QAAQ,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAA4B,CAAC;QAE5D,0CAA0C;QAC1C,IAAI,GAAG,GAAG,SAAS,CAAC;QACpB,IAAI,CAAC;YACD,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;YAC9D,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC;YACjB,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;YAE9D,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACzB,IAAI,MAAe,CAAC;YACpB,IAAI,CAAC;gBACD,MAAM,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC;YACxD,CAAC;YAAC,OAAO,MAAM,EAAE,CAAC;gBACd,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC;oBACf,OAAO,EAAE,QAAQ;oBACjB,IAAI,EAAE,QAAQ;oBACd,MAAM,EAAE,OAAO;oBACf,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;oBAC9B,YAAY,EAAE,MAAM,YAAY,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC;iBAC1E,CAAC,CAAC;gBACH,MAAM,MAAM,CAAC;YACjB,CAAC;YAED,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC;gBACf,OAAO,EAAE,QAAQ;gBACjB,IAAI,EAAE,QAAQ;gBACd,MAAM,EAAE,SAAS;gBACjB,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;aACjC,CAAC,CAAC;YAEH,OAAO,MAAM,CAAC;QAClB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,IAAI,GAAG,YAAY,cAAc,EAAE,CAAC;gBAChC,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC;oBACjB,OAAO,EAAE,GAAG,CAAC,QAAQ,CAAC,OAAO;oBAC7B,SAAS,EAAE,GAAG,CAAC,QAAQ,CAAC,YAAY,CAAC,SAAS;oBAC9C,QAAQ,EAAE,GAAG,CAAC,QAAQ,CAAC,YAAY,CAAC,QAAQ;oBAC5C,UAAU;oBACV,IAAI,EAAE,QAAQ;oBACd,MAAM,EAAE,GAAG,CAAC,OAAO;oBACnB,GAAG;iBACN,CAAC,CAAC;gBACH,MAAM,GAAG,CAAC;YACd,CAAC;YACD,MAAM,GAAG,CAAC;QACd,CAAC;IACL,CAAC,CAAC;AACN,CAAC"}

package/package.json

@@ -0,0 +1,56 @@
+{
+  "name": "agents-chain",
+  "version": "0.0.1",
+  "description": "Lightweight identity, auth, and audit layer for AI agent SDKs (OpenAI, Anthropic)",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsc --watch",
+    "prepublishOnly": "pnpm run build",
+    "lint": "prettier --check .",
+    "format": "prettier --write .",
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "keywords": [
+    "ai",
+    "agents",
+    "openai",
+    "anthropic",
+    "auth",
+    "jwt",
+    "audit",
+    "identity",
+    "llm"
+  ],
+  "author": "Brian Mwangi (https://github.com/Brian-Mwangi-developer)",
+  "license": "MIT",
+  "type": "module",
+  "engines": {
+    "node": ">=18"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/Brian-Mwangi-developer/agentchain.git"
+  },
+  "bugs": {
+    "url": "https://github.com/Brian-Mwangi-developer/agentchain/issues"
+  },
+  "homepage": "https://github.com/Brian-Mwangi-developer/agentchain#readme",
+  "devDependencies": {
+    "@types/node": "^25.9.1",
+    "prettier": "^3.8.3",
+    "typescript": "^6.0.3"
+  }
+}