agents-chain 0.0.2 → 0.0.3

package/dist/types/capabilities.d.ts

@@ -0,0 +1,64 @@
+/**
+ * Capability types — define what an app exposes and how agents interact with it.
+ *
+ * A Capability is a named, schema-described, executable function.
+ * When agents-chain wraps an app, every method call is mapped to a Capability
+ * and gated by the agent's CapabilityGrants.
+ */
+export type JsonSchemaType = "object" | "array" | "string" | "number" | "boolean" | "null";
+export type JsonSchemaObject = {
+    type?: JsonSchemaType | JsonSchemaType[];
+    properties?: Record<string, JsonSchemaObject>;
+    items?: JsonSchemaObject;
+    required?: string[];
+    description?: string;
+    enum?: unknown[];
+    [key: string]: unknown;
+};
+export type ConstraintPrimitive = string | number | boolean;
+export type ConstraintOperator = {
+    max?: number;
+    min?: number;
+    in?: ConstraintPrimitive[];
+    not_in?: ConstraintPrimitive[];
+};
+export type ConstraintValue = ConstraintPrimitive | ConstraintOperator;
+/**
+ * Per-capability argument constraints.
+ * Key = argument field name.
+ * Value = primitive (exact match) or operator (range/whitelist/blacklist).
+ *
+ * Example:
+ *   { amount: { max: 1000 }, currency: { in: ["USD", "EUR"] } }
+ */
+export type GrantConstraints = Record<string, ConstraintValue>;
+/**
+ * Context passed to every Capability.execute() call.
+ * Tells the capability who is calling and what they are allowed to do.
+ */
+export type AgentContext = {
+    agentId: string;
+    hostId: string;
+    permissions: string[];
+    metadata?: Record<string, string[]>;
+};
+/**
+ * A named, schema-described, executable function exposed by an app.
+ *
+ * Usage:
+ *   const cap: Capability<{ userId: string }, { balance: number }> = {
+ *     name: "get_balance",
+ *     description: "Get the current account balance for a user",
+ *     inputSchema: { type: "object", required: ["userId"], properties: { userId: { type: "string" } } },
+ *     outputSchema: { type: "object", properties: { balance: { type: "number" } } },
+ *     execute: async ({ userId }, ctx) => accountService.getBalance(userId),
+ *   };
+ */
+export type Capability<TInput = unknown, TOutput = unknown> = {
+    name: string;
+    description: string;
+    inputSchema: JsonSchemaObject;
+    outputSchema: JsonSchemaObject;
+    execute: (params: TInput, context: AgentContext) => Promise<TOutput>;
+};
+//# sourceMappingURL=capabilities.d.ts.map

package/dist/types/capabilities.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"capabilities.d.ts","sourceRoot":"","sources":["../../src/types/capabilities.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,MAAM,MAAM,cAAc,GAAG,QAAQ,GAAG,OAAO,GAAG,QAAQ,GAAG,QAAQ,GAAG,SAAS,GAAG,MAAM,CAAC;AAE3F,MAAM,MAAM,gBAAgB,GAAG;IAC3B,IAAI,CAAC,EAAE,cAAc,GAAG,cAAc,EAAE,CAAC;IACzC,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;IAC9C,KAAK,CAAC,EAAE,gBAAgB,CAAC;IACzB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,OAAO,EAAE,CAAC;IACjB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CAC1B,CAAC;AAIF,MAAM,MAAM,mBAAmB,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;AAE5D,MAAM,MAAM,kBAAkB,GAAG;IAC7B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,EAAE,CAAC,EAAE,mBAAmB,EAAE,CAAC;IAC3B,MAAM,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAClC,CAAC;AAEF,MAAM,MAAM,eAAe,GAAG,mBAAmB,GAAG,kBAAkB,CAAC;AAEvE;;;;;;;GAOG;AACH,MAAM,MAAM,gBAAgB,GAAG,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;AAI/D;;;GAGG;AACH,MAAM,MAAM,YAAY,GAAG;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;CACvC,CAAC;AAIF;;;;;;;;;;;GAWG;AACH,MAAM,MAAM,UAAU,CAAC,MAAM,GAAG,OAAO,EAAE,OAAO,GAAG,OAAO,IAAI;IAC1D,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,gBAAgB,CAAC;IAC9B,YAAY,EAAE,gBAAgB,CAAC;IAC/B,OAAO,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,YAAY,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;CACxE,CAAC"}

package/dist/types/capabilities.js

@@ -0,0 +1,9 @@
+/**
+ * Capability types — define what an app exposes and how agents interact with it.
+ *
+ * A Capability is a named, schema-described, executable function.
+ * When agents-chain wraps an app, every method call is mapped to a Capability
+ * and gated by the agent's CapabilityGrants.
+ */
+export {};
+//# sourceMappingURL=capabilities.js.map

package/dist/types/capabilities.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"capabilities.js","sourceRoot":"","sources":["../../src/types/capabilities.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG"}

package/dist/types/chain.d.ts

@@ -1,6 +1,56 @@
-import type { AgentConfig } from "./identity.js";
+import type { AuditExporter } from "../audit/audit-exporter.js";
+import type { VerifierConfig } from "../auth/token-verifier.js";
+import type { HostConfig } from "../host/host-identity.js";
+import type { JtiPersistenceAdapter } from "../memory/jti-cache.js";
 import type { AuditEntry } from "./audit.js";
+import type { Capability } from "./capabilities.js";
+import type { AgentConfig } from "./identity.js";
 export type { AgentConfig };
+export type AppChainConfig = {
+    /**
+     * Short name for this app, e.g. "billing-service", "github".
+     * Used in well-known config as provider_name.
+     */
+    providerName: string;
+    /**
+     * The base URL of this server, e.g. "https://billing.mycompany.com".
+     * Used in well-known config as issuer and in Host JWT aud claim.
+     */
+    issuer: string;
+    /**
+     * The capabilities this app exposes.
+     * Registered in the CapabilityRegistry at chain creation.
+     */
+    capabilities: Capability[];
+    /**
+     * Optional AES-256-GCM encryption key (64 hex chars = 32 bytes).
+     * If omitted, a random key is generated per session.
+     */
+    encryptionKey?: string;
+    /**
+     * Optional Host identity config. If provided, a HostIdentity is created
+     * with this config so the chain can sign Host JWTs.
+     * Defaults to { name: providerName, issuerUrl: issuer }.
+     */
+    host?: Partial<HostConfig>;
+    /**
+     * Optional JTI persistence adapter (e.g. Redis).
+     * If omitted, JTI cache is in-memory (resets on process restart).
+     */
+    jtiAdapter?: JtiPersistenceAdapter;
+    /**
+     * Optional audit exporter for auto-draining entries on drain().
+     * Default: ConsoleAuditExporter (logs to stdout).
+     */
+    auditExporter?: AuditExporter;
+    /**
+     * Optional external grant resolver.
+     * If provided, grants are resolved from this function instead of
+     * the grants passed to chain.wrap().
+     * Useful for looking up grants from your DB/Redis.
+     */
+    grantResolver?: VerifierConfig["grantResolver"];
+};
 export type ChainStats = {
     agentId: string;
     agentName: string;

package/dist/types/chain.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"chain.d.ts","sourceRoot":"","sources":["../../src/types/chain.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AACjD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAE7C,YAAY,EAAE,WAAW,EAAE,CAAC;AAE5B,MAAM,MAAM,UAAU,GAAG;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,EAAE,MAAM,CAAC;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,aAAa,GAAG;IACxB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,UAAU,EAAE,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;CACtB,CAAC"}
+{"version":3,"file":"chain.d.ts","sourceRoot":"","sources":["../../src/types/chain.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAChE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAChE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAC;AAC3D,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AACpE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAC7C,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAEjD,YAAY,EAAE,WAAW,EAAE,CAAC;AAE5B,MAAM,MAAM,cAAc,GAAG;IACzB;;;OAGG;IACH,YAAY,EAAE,MAAM,CAAC;IAErB;;;OAGG;IACH,MAAM,EAAE,MAAM,CAAC;IAEf;;;OAGG;IACH,YAAY,EAAE,UAAU,EAAE,CAAC;IAE3B;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB;;;;OAIG;IACH,IAAI,CAAC,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;IAE3B;;;OAGG;IACH,UAAU,CAAC,EAAE,qBAAqB,CAAC;IAEnC;;;OAGG;IACH,aAAa,CAAC,EAAE,aAAa,CAAC;IAE9B;;;;;OAKG;IACH,aAAa,CAAC,EAAE,cAAc,CAAC,eAAe,CAAC,CAAC;CACnD,CAAC;AAEF,MAAM,MAAM,UAAU,GAAG;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,EAAE,MAAM,CAAC;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,aAAa,GAAG;IACxB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,UAAU,EAAE,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;CACtB,CAAC"}

package/dist/types/protocol.d.ts

@@ -0,0 +1,61 @@
+/**
+ * Protocol types — the wire format shared between agents-chain and any
+ * compliant agent-auth server.
+ *
+ * These mirror the types in agent-auth/src/types/protocol.ts so that
+ * agents-chain can participate in the same Host → Agent → CapabilityGrant
+ * protocol without coupling to the server implementation.
+ */
+import type { GrantConstraints } from "./capabilities.js";
+/**
+ * Claims carried in a host+jwt — signed by the Host's private key.
+ * Used for management operations: registering agents, revoking, rotating keys.
+ */
+export type HostJwtClaims = {
+    iss: string;
+    aud: string;
+    iat: number;
+    exp: number;
+    jti: string;
+    host_public_key?: JsonWebKey;
+    agent_public_key?: JsonWebKey;
+};
+/**
+ * Claims carried in an agent+jwt — signed by the Agent's private key.
+ * Used for capability execution.
+ */
+export type AgentJwtClaims = {
+    iss: string;
+    sub: string;
+    aud: string;
+    iat: number;
+    exp: number;
+    jti: string;
+    capabilities?: string[];
+};
+/**
+ * The response shape for GET /.well-known/agent-configuration.
+ * Tells agents what capabilities are available and where the endpoints are.
+ */
+export type AgentConfiguration = {
+    version: string;
+    provider_name: string;
+    issuer: string;
+    algorithms: string[];
+    modes: string[];
+    approval_methods: string[];
+    endpoints: Record<string, string>;
+    default_capabilities: string[];
+};
+export type GrantStatus = "active" | "pending" | "denied";
+/**
+ * A resolved capability grant — what an agent is allowed (or not) to do.
+ * Returned by a grantResolver or held in-memory after registration.
+ */
+export type ResolvedGrant = {
+    capability: string;
+    status: GrantStatus;
+    constraints?: GrantConstraints;
+    expiresAt?: number;
+};
+//# sourceMappingURL=protocol.d.ts.map

package/dist/types/protocol.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"protocol.d.ts","sourceRoot":"","sources":["../../src/types/protocol.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AAI1D;;;GAGG;AACH,MAAM,MAAM,aAAa,GAAG;IACxB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,eAAe,CAAC,EAAE,UAAU,CAAC;IAC7B,gBAAgB,CAAC,EAAE,UAAU,CAAC;CACjC,CAAC;AAEF;;;GAGG;AACH,MAAM,MAAM,cAAc,GAAG;IACzB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;CAC3B,CAAC;AAIF;;;GAGG;AACH,MAAM,MAAM,kBAAkB,GAAG;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,MAAM,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAClC,oBAAoB,EAAE,MAAM,EAAE,CAAC;CAClC,CAAC;AAIF,MAAM,MAAM,WAAW,GAAG,QAAQ,GAAG,SAAS,GAAG,QAAQ,CAAC;AAE1D;;;GAGG;AACH,MAAM,MAAM,aAAa,GAAG;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,WAAW,CAAC;IACpB,WAAW,CAAC,EAAE,gBAAgB,CAAC;IAC/B,SAAS,CAAC,EAAE,MAAM,CAAC;CACtB,CAAC"}

package/dist/types/protocol.js

@@ -0,0 +1,10 @@
+/**
+ * Protocol types — the wire format shared between agents-chain and any
+ * compliant agent-auth server.
+ *
+ * These mirror the types in agent-auth/src/types/protocol.ts so that
+ * agents-chain can participate in the same Host → Agent → CapabilityGrant
+ * protocol without coupling to the server implementation.
+ */
+export {};
+//# sourceMappingURL=protocol.js.map

package/dist/types/protocol.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"protocol.js","sourceRoot":"","sources":["../../src/types/protocol.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agents-chain",
-  "version": "0.0.2",
+  "version": "0.0.3",
   "description": "Lightweight identity, auth, and audit layer for AI agent SDKs (OpenAI, Anthropic)",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",