aira-sdk 1.0.0 → 2.4.0

package/dist/extras/openai-agents.d.ts

@@ -1,37 +1,69 @@
 /**
- * OpenAI Node SDK integration — guardrail that notarizes tool calls.
+ * OpenAI Agents SDK integration — pre-execution gate via tool wrapping.
  *
- * Requires: openai (peer dependency)
+ * Requires: @openai/agents (peer dependency)
  *
- * Usage:
- *   import { AiraGuardrail } from "aira-sdk/extras/openai-agents";
- *   const guardrail = new AiraGuardrail(aira, "my-agent");
- *   guardrail.onToolCall("search", { query: "test" });
+ * ---------------------------------------------------------------------------
+ * LIFECYCLE & DESIGN NOTES
+ * ---------------------------------------------------------------------------
+ *
+ * The OpenAI Agents SDK supports guardrails that run BEFORE the model produces
+ * output (`inputGuardrails`) and BEFORE a tool executes (via wrapping the
+ * tool's `execute` / function). Either path can throw to abort the run, so
+ * both qualify as a REAL authorization gate.
+ *
+ * `AiraGuardrail.wrapTool()` is the cleanest integration: it calls
+ * `aira.authorize()` before the tool runs. If the backend responds with:
+ *
+ *   - "authorized"         → the tool runs; `aira.notarize()` is called
+ *                            with outcome="completed" (or "failed" on throw).
+ *   - "pending_approval"   → we throw. The agent never sees the tool result;
+ *                            it handles the error like any other tool failure.
+ *   - AiraError POLICY_DENIED → rethrown. Tool is blocked entirely.
+ *
+ * Behavior on authorize network/5xx errors is controlled by `strict`:
+ *   - strict=false (default) → fail open with a warning. Tool runs, no receipt.
+ *   - strict=true            → fail closed. Tool throws.
  */
 import type { Aira } from "../client";
 import type { TrustPolicy, TrustContext } from "./trust";
 export type { TrustPolicy, TrustContext } from "./trust";
+export interface AiraGuardrailOptions {
+    modelId?: string;
+    trustPolicy?: TrustPolicy;
+    /** Fail closed if authorize() fails (network, 5xx). Default: false. */
+    strict?: boolean;
+}
 export declare class AiraGuardrail {
     private client;
     private agentId;
     private modelId?;
     private trustPolicy?;
-    constructor(client: Aira, agentId: string, options?: {
-        modelId?: string;
-        trustPolicy?: TrustPolicy;
-    });
+    private strict;
+    constructor(client: Aira, agentId: string, options?: AiraGuardrailOptions);
     /**
      * Check trust for a counterparty agent before interacting.
      * Advisory by default — only blocks on revoked VC or unregistered agent if configured.
      */
     checkTrust(counterpartyId: string): Promise<TrustContext>;
-    private notarize;
-    /** Call after a tool execution to notarize it. */
-    onToolCall(toolName: string, args?: Record<string, unknown>): void;
-    /** Call after a tool returns to notarize the result. */
-    onToolResult(toolName: string, result?: unknown): void;
     /**
-     * Wraps a tool function to auto-notarize calls and results.
+     * REAL GATE: call `authorize()` for a tool invocation.
+     *
+     * Returns the action_id on success, throws on POLICY_DENIED or
+     * pending_approval. Arg keys are logged (not values) to avoid leaking
+     * sensitive user input into audit trails.
+     */
+    authorizeToolCall(toolName: string, args?: Record<string, unknown>): Promise<string | null>;
+    /** Notarize the outcome of a previously authorized tool call. */
+    notarizeToolResult(actionId: string, toolName: string, outcome: "completed" | "failed", detail: string): Promise<void>;
+    /**
+     * REAL GATE: wraps a tool function to gate + notarize.
+     *
+     * Flow:
+     *   1. Call `aira.authorize()` — throws POLICY_DENIED or pending_approval.
+     *   2. Run the tool.
+     *   3. Call `aira.notarize()` with outcome="completed" or "failed".
+     *
      * No raw user data is sent — only tool name, arg keys, and output length.
      */
     wrapTool<T extends (...args: unknown[]) => unknown>(toolFn: T, toolName?: string): T;

package/dist/extras/openai-agents.js

@@ -1,13 +1,30 @@
 "use strict";
 /**
- * OpenAI Node SDK integration — guardrail that notarizes tool calls.
+ * OpenAI Agents SDK integration — pre-execution gate via tool wrapping.
  *
- * Requires: openai (peer dependency)
+ * Requires: @openai/agents (peer dependency)
  *
- * Usage:
- *   import { AiraGuardrail } from "aira-sdk/extras/openai-agents";
- *   const guardrail = new AiraGuardrail(aira, "my-agent");
- *   guardrail.onToolCall("search", { query: "test" });
+ * ---------------------------------------------------------------------------
+ * LIFECYCLE & DESIGN NOTES
+ * ---------------------------------------------------------------------------
+ *
+ * The OpenAI Agents SDK supports guardrails that run BEFORE the model produces
+ * output (`inputGuardrails`) and BEFORE a tool executes (via wrapping the
+ * tool's `execute` / function). Either path can throw to abort the run, so
+ * both qualify as a REAL authorization gate.
+ *
+ * `AiraGuardrail.wrapTool()` is the cleanest integration: it calls
+ * `aira.authorize()` before the tool runs. If the backend responds with:
+ *
+ *   - "authorized"         → the tool runs; `aira.notarize()` is called
+ *                            with outcome="completed" (or "failed" on throw).
+ *   - "pending_approval"   → we throw. The agent never sees the tool result;
+ *                            it handles the error like any other tool failure.
+ *   - AiraError POLICY_DENIED → rethrown. Tool is blocked entirely.
+ *
+ * Behavior on authorize network/5xx errors is controlled by `strict`:
+ *   - strict=false (default) → fail open with a warning. Tool runs, no receipt.
+ *   - strict=true            → fail closed. Tool throws.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.AiraGuardrail = void 0;
@@ -18,11 +35,13 @@ class AiraGuardrail {
     agentId;
     modelId;
     trustPolicy;
+    strict;
     constructor(client, agentId, options) {
         this.client = client;
         this.agentId = agentId;
         this.modelId = options?.modelId;
         this.trustPolicy = options?.trustPolicy;
+        this.strict = options?.strict ?? false;
     }
     /**
      * Check trust for a counterparty agent before interacting.
@@ -34,34 +53,61 @@ class AiraGuardrail {
         }
         return (0, trust_1.checkTrust)(this.client, this.trustPolicy, counterpartyId);
     }
-    notarize(actionType, details) {
+    /**
+     * REAL GATE: call `authorize()` for a tool invocation.
+     *
+     * Returns the action_id on success, throws on POLICY_DENIED or
+     * pending_approval. Arg keys are logged (not values) to avoid leaking
+     * sensitive user input into audit trails.
+     */
+    async authorizeToolCall(toolName, args) {
+        const argKeys = Object.keys(args ?? {});
         try {
-            const params = {
-                actionType,
-                details: details.slice(0, MAX_DETAILS),
+            const auth = await this.client.authorize({
+                actionType: "tool_call",
+                details: `Tool '${toolName}' called. Arg keys: [${argKeys.join(", ")}]`.slice(0, MAX_DETAILS),
                 agentId: this.agentId,
-            };
-            if (this.modelId)
-                params.modelId = this.modelId;
-            this.client.notarize(params).catch((e) => {
-                console.warn("Aira notarize failed (non-blocking):", e);
+                modelId: this.modelId,
             });
+            if (auth.status === "pending_approval") {
+                const err = new Error(`Aira: tool '${toolName}' is pending human approval (action_id=${auth.action_id}). Tool execution blocked.`);
+                err.code = "PENDING_APPROVAL";
+                throw err;
+            }
+            return auth.action_id;
         }
         catch (e) {
-            console.warn("Aira notarize failed (non-blocking):", e);
+            const err = e;
+            // Always propagate authorization-layer rejections.
+            if (err.code === "POLICY_DENIED" || err.code === "PENDING_APPROVAL")
+                throw e;
+            if (this.strict)
+                throw e;
+            console.warn("Aira authorize failed (fail-open):", err);
+            return null;
         }
     }
-    /** Call after a tool execution to notarize it. */
-    onToolCall(toolName, args) {
-        const argKeys = Object.keys(args ?? {});
-        this.notarize("tool_call", `Tool '${toolName}' called. Arg keys: [${argKeys.join(", ")}]`);
-    }
-    /** Call after a tool returns to notarize the result. */
-    onToolResult(toolName, result) {
-        this.notarize("tool_completed", `Tool '${toolName}' completed. Result length: ${String(result).length} chars`);
+    /** Notarize the outcome of a previously authorized tool call. */
+    async notarizeToolResult(actionId, toolName, outcome, detail) {
+        try {
+            await this.client.notarize({
+                actionId,
+                outcome,
+                outcomeDetails: `Tool '${toolName}' ${outcome}: ${detail}`.slice(0, MAX_DETAILS),
+            });
+        }
+        catch (e) {
+            console.warn("Aira notarize failed (non-blocking):", e);
+        }
     }
     /**
-     * Wraps a tool function to auto-notarize calls and results.
+     * REAL GATE: wraps a tool function to gate + notarize.
+     *
+     * Flow:
+     *   1. Call `aira.authorize()` — throws POLICY_DENIED or pending_approval.
+     *   2. Run the tool.
+     *   3. Call `aira.notarize()` with outcome="completed" or "failed".
+     *
      * No raw user data is sent — only tool name, arg keys, and output length.
      */
     wrapTool(toolFn, toolName) {
@@ -71,10 +117,20 @@ class AiraGuardrail {
             const kwargs = args.length > 0 && typeof args[0] === "object" && args[0]
                 ? args[0]
                 : undefined;
-            self.onToolCall(name, kwargs);
-            const result = await toolFn.apply(this, args);
-            self.onToolResult(name, result);
-            return result;
+            const actionId = await self.authorizeToolCall(name, kwargs);
+            try {
+                const result = await toolFn.apply(this, args);
+                if (actionId) {
+                    await self.notarizeToolResult(actionId, name, "completed", `result length ${String(result).length} chars`);
+                }
+                return result;
+            }
+            catch (err) {
+                if (actionId) {
+                    await self.notarizeToolResult(actionId, name, "failed", err?.message ?? String(err));
+                }
+                throw err;
+            }
         };
         return wrapped;
     }

package/dist/extras/vercel-ai.d.ts

@@ -1,48 +1,85 @@
 /**
- * Vercel AI SDK integration — middleware that notarizes tool calls and completions.
+ * Vercel AI SDK integration — pre-execution gate via tool wrapping.
  *
  * Requires: ai (Vercel AI SDK, peer dependency)
  *
- * Usage:
- *   import { AiraVercelMiddleware } from "aira-sdk/extras/vercel-ai";
- *   const middleware = new AiraVercelMiddleware(aira, "my-agent");
- *   // Use as wrap around tool calls or stream callbacks
+ * ---------------------------------------------------------------------------
+ * LIFECYCLE & DESIGN NOTES
+ * ---------------------------------------------------------------------------
+ *
+ * Vercel AI SDK exposes two integration points:
+ *
+ *   1. `onStepFinish` / `onFinish` callbacks on `generateText` / `streamText`
+ *      — these fire AFTER each step or after the whole generation completes.
+ *      They are post-hoc only; they cannot block a tool from running.
+ *
+ *   2. The per-tool `execute` function (user code) — this runs BEFORE the
+ *      model sees the tool result. Wrapping it is the only place where we
+ *      can synchronously gate execution.
+ *
+ * Therefore the `wrapTool()` method is the real authorization gate: it calls
+ * `aira.authorize()` before invoking the underlying tool and `aira.notarize()`
+ * after. If authorize returns `pending_approval` we throw so the tool does
+ * NOT run; the model will see the tool result as an error and react
+ * accordingly (typically by stopping or asking the user).
+ *
+ * The `onStepFinish` / `onFinish` helpers below are AUDIT-ONLY: they cannot
+ * gate execution (Vercel AI has no pre-step hook), and they run after the
+ * tool has already executed. They produce receipts for the overall
+ * generation as an audit trail, not as an authorization boundary.
  */
 import type { Aira } from "../client";
 import type { TrustPolicy, TrustContext } from "./trust";
 export type { TrustPolicy, TrustContext } from "./trust";
+export interface AiraVercelMiddlewareOptions {
+    modelId?: string;
+    trustPolicy?: TrustPolicy;
+    /** Fail closed if authorize() fails (network, 5xx). Default: false. */
+    strict?: boolean;
+}
 export declare class AiraVercelMiddleware {
     private client;
     private agentId;
     private modelId?;
     private trustPolicy?;
-    constructor(client: Aira, agentId: string, options?: {
-        modelId?: string;
-        trustPolicy?: TrustPolicy;
-    });
+    private strict;
+    constructor(client: Aira, agentId: string, options?: AiraVercelMiddlewareOptions);
     /**
      * Check trust for a counterparty agent before interacting.
      * Advisory by default — only blocks on revoked VC or unregistered agent if configured.
      */
     checkTrust(counterpartyId: string): Promise<TrustContext>;
-    private notarize;
-    /** Call after a tool execution to notarize it. */
-    onToolCall(toolName: string, argKeys?: string[]): void;
-    /** Call after a tool returns to notarize the result. */
-    onToolResult(toolName: string, resultLength: number): void;
-    /** Call when a text generation step completes. */
+    /**
+     * AUDIT-ONLY: log a post-hoc receipt for a generation step.
+     * Vercel AI has no pre-step hook; this cannot gate execution.
+     */
+    private auditFinish;
+    /**
+     * AUDIT-ONLY: called after a step finishes.
+     * Cannot block the step — it has already run.
+     */
     onStepFinish(stepType: string, tokenCount?: number): void;
-    /** Call when the full generation completes. */
+    /**
+     * AUDIT-ONLY: called after full generation finishes.
+     */
     onFinish(finishReason: string, totalTokens?: number): void;
     /**
      * Returns a Vercel AI SDK-compatible callbacks object for streamText/generateText.
+     * These callbacks are AUDIT-ONLY and cannot gate execution.
      *
      * Usage:
      *   const result = await streamText({ ...opts, ...middleware.asCallbacks() });
      */
     asCallbacks(): Record<string, (...args: unknown[]) => void>;
     /**
-     * Wraps a tool's execute function to auto-notarize calls and results.
+     * REAL GATE: wraps a tool's execute function so that:
+     *   1. `aira.authorize()` runs BEFORE the tool — throws on POLICY_DENIED
+     *      or pending_approval, which prevents the tool from executing.
+     *   2. If authorized, the tool runs.
+     *   3. `aira.notarize()` runs AFTER, with outcome "completed" or "failed".
+     *
+     * This is the recommended integration point for Vercel AI because it's
+     * the only place where pre-execution gating is possible.
      */
     wrapTool<T extends (...args: unknown[]) => unknown>(toolFn: T, toolName: string): T;
 }

package/dist/extras/vercel-ai.js

@@ -1,13 +1,33 @@
 "use strict";
 /**
- * Vercel AI SDK integration — middleware that notarizes tool calls and completions.
+ * Vercel AI SDK integration — pre-execution gate via tool wrapping.
  *
  * Requires: ai (Vercel AI SDK, peer dependency)
  *
- * Usage:
- *   import { AiraVercelMiddleware } from "aira-sdk/extras/vercel-ai";
- *   const middleware = new AiraVercelMiddleware(aira, "my-agent");
- *   // Use as wrap around tool calls or stream callbacks
+ * ---------------------------------------------------------------------------
+ * LIFECYCLE & DESIGN NOTES
+ * ---------------------------------------------------------------------------
+ *
+ * Vercel AI SDK exposes two integration points:
+ *
+ *   1. `onStepFinish` / `onFinish` callbacks on `generateText` / `streamText`
+ *      — these fire AFTER each step or after the whole generation completes.
+ *      They are post-hoc only; they cannot block a tool from running.
+ *
+ *   2. The per-tool `execute` function (user code) — this runs BEFORE the
+ *      model sees the tool result. Wrapping it is the only place where we
+ *      can synchronously gate execution.
+ *
+ * Therefore the `wrapTool()` method is the real authorization gate: it calls
+ * `aira.authorize()` before invoking the underlying tool and `aira.notarize()`
+ * after. If authorize returns `pending_approval` we throw so the tool does
+ * NOT run; the model will see the tool result as an error and react
+ * accordingly (typically by stopping or asking the user).
+ *
+ * The `onStepFinish` / `onFinish` helpers below are AUDIT-ONLY: they cannot
+ * gate execution (Vercel AI has no pre-step hook), and they run after the
+ * tool has already executed. They produce receipts for the overall
+ * generation as an audit trail, not as an authorization boundary.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.AiraVercelMiddleware = void 0;
@@ -18,11 +38,13 @@ class AiraVercelMiddleware {
     agentId;
     modelId;
     trustPolicy;
+    strict;
     constructor(client, agentId, options) {
         this.client = client;
         this.agentId = agentId;
         this.modelId = options?.modelId;
         this.trustPolicy = options?.trustPolicy;
+        this.strict = options?.strict ?? false;
     }
     /**
      * Check trust for a counterparty agent before interacting.
@@ -34,41 +56,43 @@ class AiraVercelMiddleware {
         }
         return (0, trust_1.checkTrust)(this.client, this.trustPolicy, counterpartyId);
     }
-    notarize(actionType, details) {
+    /**
+     * AUDIT-ONLY: log a post-hoc receipt for a generation step.
+     * Vercel AI has no pre-step hook; this cannot gate execution.
+     */
+    async auditFinish(actionType, details) {
         try {
-            const params = {
+            const auth = await this.client.authorize({
                 actionType,
                 details: details.slice(0, MAX_DETAILS),
                 agentId: this.agentId,
-            };
-            if (this.modelId)
-                params.modelId = this.modelId;
-            this.client.notarize(params).catch((e) => {
-                console.warn("Aira notarize failed (non-blocking):", e);
+                modelId: this.modelId,
             });
+            if (auth.status === "authorized") {
+                await this.client.notarize({ actionId: auth.action_id, outcome: "completed" });
+            }
+            // If pending_approval — just leave it; nothing to execute for audit-only.
         }
         catch (e) {
-            console.warn("Aira notarize failed (non-blocking):", e);
+            console.warn("Aira audit failed (non-blocking):", e);
         }
     }
-    /** Call after a tool execution to notarize it. */
-    onToolCall(toolName, argKeys = []) {
-        this.notarize("tool_call", `Tool '${toolName}' called. Arg keys: [${argKeys.join(", ")}]`);
-    }
-    /** Call after a tool returns to notarize the result. */
-    onToolResult(toolName, resultLength) {
-        this.notarize("tool_completed", `Tool '${toolName}' completed. Result length: ${resultLength} chars`);
-    }
-    /** Call when a text generation step completes. */
+    /**
+     * AUDIT-ONLY: called after a step finishes.
+     * Cannot block the step — it has already run.
+     */
     onStepFinish(stepType, tokenCount) {
-        this.notarize("step_completed", `Step '${stepType}' completed.${tokenCount != null ? ` Tokens: ${tokenCount}` : ""}`);
+        void this.auditFinish("step_completed", `Step '${stepType}' completed.${tokenCount != null ? ` Tokens: ${tokenCount}` : ""}`);
     }
-    /** Call when the full generation completes. */
+    /**
+     * AUDIT-ONLY: called after full generation finishes.
+     */
     onFinish(finishReason, totalTokens) {
-        this.notarize("generation_completed", `Generation completed. Reason: ${finishReason}.${totalTokens != null ? ` Total tokens: ${totalTokens}` : ""}`);
+        void this.auditFinish("generation_completed", `Generation completed. Reason: ${finishReason}.${totalTokens != null ? ` Total tokens: ${totalTokens}` : ""}`);
     }
     /**
      * Returns a Vercel AI SDK-compatible callbacks object for streamText/generateText.
+     * These callbacks are AUDIT-ONLY and cannot gate execution.
      *
      * Usage:
      *   const result = await streamText({ ...opts, ...middleware.asCallbacks() });
@@ -86,15 +110,65 @@ class AiraVercelMiddleware {
         };
     }
     /**
-     * Wraps a tool's execute function to auto-notarize calls and results.
+     * REAL GATE: wraps a tool's execute function so that:
+     *   1. `aira.authorize()` runs BEFORE the tool — throws on POLICY_DENIED
+     *      or pending_approval, which prevents the tool from executing.
+     *   2. If authorized, the tool runs.
+     *   3. `aira.notarize()` runs AFTER, with outcome "completed" or "failed".
+     *
+     * This is the recommended integration point for Vercel AI because it's
+     * the only place where pre-execution gating is possible.
      */
     wrapTool(toolFn, toolName) {
         const self = this;
         const wrapped = async function (...args) {
-            self.onToolCall(toolName, args.length > 0 && typeof args[0] === "object" && args[0] ? Object.keys(args[0]) : []);
-            const result = await toolFn.apply(this, args);
-            self.onToolResult(toolName, String(result).length);
-            return result;
+            const argKeys = args.length > 0 && typeof args[0] === "object" && args[0]
+                ? Object.keys(args[0])
+                : [];
+            let actionId = null;
+            try {
+                const auth = await self.client.authorize({
+                    actionType: "tool_call",
+                    details: `Tool '${toolName}' called. Arg keys: [${argKeys.join(", ")}]`.slice(0, MAX_DETAILS),
+                    agentId: self.agentId,
+                    modelId: self.modelId,
+                });
+                if (auth.status === "pending_approval") {
+                    const err = new Error(`Aira: tool '${toolName}' is pending human approval (action_id=${auth.action_id}). Tool execution blocked.`);
+                    err.code = "PENDING_APPROVAL";
+                    throw err;
+                }
+                actionId = auth.action_id;
+            }
+            catch (e) {
+                const err = e;
+                if (err.code === "POLICY_DENIED" || err.code === "PENDING_APPROVAL")
+                    throw e;
+                if (self.strict)
+                    throw e;
+                console.warn("Aira authorize failed (fail-open):", err);
+            }
+            try {
+                const result = await toolFn.apply(this, args);
+                if (actionId) {
+                    await self.client.notarize({
+                        actionId,
+                        outcome: "completed",
+                        outcomeDetails: `Tool '${toolName}' completed. Result length: ${String(result).length} chars`.slice(0, MAX_DETAILS),
+                    }).catch((e) => console.warn("Aira notarize failed (non-blocking):", e));
+                }
+                return result;
+            }
+            catch (err) {
+                if (actionId) {
+                    await self.client.notarize({
+                        actionId,
+                        outcome: "failed",
+                        outcomeDetails: `Tool '${toolName}' failed: ${err?.message ?? String(err)}`.slice(0, MAX_DETAILS),
+                    }).catch((e) => console.warn("Aira notarize failed (non-blocking):", e));
+                }
+                throw err;
+            }
         };
         return wrapped;
     }

package/dist/index.d.ts

@@ -3,4 +3,4 @@ export type { AiraOptions } from "./client";
 export { AiraSession } from "./session";
 export { OfflineQueue } from "./offline";
 export type { QueuedRequest } from "./offline";
-export { AiraError, type ActionReceipt, type ActionDetail, type AgentDetail, type AgentVersion, type EvidencePackage, type ComplianceSnapshot, type EscrowAccount, type EscrowTransaction, type VerifyResult, type PaginatedList, } from "./types";
+export { AiraError, FRAMEWORK_ANNEX_IV, FRAMEWORK_ART12, FRAMEWORK_ART9, FRAMEWORK_ART6, type Authorization, type ActionReceipt, type ActionDetail, type AgentDetail, type AgentVersion, type CosignResult, type EvidencePackage, type ComplianceSnapshot, type EscrowAccount, type EscrowTransaction, type VerifyResult, type PaginatedList, type ComplianceReport, type ComplianceReportListResponse, type ComplianceReportVerification, type ActionExplanation, type ExplanationEnvelope, type ExplanationVerification, type OutputPolicy, type OutputPolicyUpdate, type OutputScanFlags, type OutputScanHit, } from "./types";

package/dist/index.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.AiraError = exports.OfflineQueue = exports.AiraSession = exports.Aira = void 0;
+exports.FRAMEWORK_ART6 = exports.FRAMEWORK_ART9 = exports.FRAMEWORK_ART12 = exports.FRAMEWORK_ANNEX_IV = exports.AiraError = exports.OfflineQueue = exports.AiraSession = exports.Aira = void 0;
 var client_1 = require("./client");
 Object.defineProperty(exports, "Aira", { enumerable: true, get: function () { return client_1.Aira; } });
 var session_1 = require("./session");
@@ -9,3 +9,7 @@ var offline_1 = require("./offline");
 Object.defineProperty(exports, "OfflineQueue", { enumerable: true, get: function () { return offline_1.OfflineQueue; } });
 var types_1 = require("./types");
 Object.defineProperty(exports, "AiraError", { enumerable: true, get: function () { return types_1.AiraError; } });
+Object.defineProperty(exports, "FRAMEWORK_ANNEX_IV", { enumerable: true, get: function () { return types_1.FRAMEWORK_ANNEX_IV; } });
+Object.defineProperty(exports, "FRAMEWORK_ART12", { enumerable: true, get: function () { return types_1.FRAMEWORK_ART12; } });
+Object.defineProperty(exports, "FRAMEWORK_ART9", { enumerable: true, get: function () { return types_1.FRAMEWORK_ART9; } });
+Object.defineProperty(exports, "FRAMEWORK_ART6", { enumerable: true, get: function () { return types_1.FRAMEWORK_ART6; } });

package/dist/session.d.ts

@@ -1,22 +1,33 @@
 /**
- * AiraSession — scoped session with pre-filled defaults.
+ * AiraSession — scoped session with pre-filled defaults for `authorize()`.
+ *
+ * Under the two-step flow, only `authorize()` takes agent/model metadata;
+ * `notarize()` operates on an existing action_id. This session therefore
+ * merges defaults on `authorize()` only and provides a thin passthrough
+ * for `notarize()` so callers can use a single object end-to-end.
  */
 import type { Aira } from "./client";
-import type { ActionReceipt } from "./types";
+import type { Authorization, ActionReceipt } from "./types";
 export declare class AiraSession {
     private client;
     private defaults;
     constructor(client: Aira, agentId: string, defaults?: Record<string, unknown>);
-    notarize(params: {
+    authorize(params: {
         actionType: string;
         details: string;
+        instructionHash?: string;
         modelId?: string;
         modelVersion?: string;
-        instructionHash?: string;
         parentActionId?: string;
+        endpointUrl?: string;
         storeDetails?: boolean;
         idempotencyKey?: string;
         requireApproval?: boolean;
         approvers?: string[];
+    }): Promise<Authorization>;
+    notarize(params: {
+        actionId: string;
+        outcome?: "completed" | "failed";
+        outcomeDetails?: string;
     }): Promise<ActionReceipt>;
 }

package/dist/session.js

@@ -1,6 +1,11 @@
 "use strict";
 /**
- * AiraSession — scoped session with pre-filled defaults.
+ * AiraSession — scoped session with pre-filled defaults for `authorize()`.
+ *
+ * Under the two-step flow, only `authorize()` takes agent/model metadata;
+ * `notarize()` operates on an existing action_id. This session therefore
+ * merges defaults on `authorize()` only and provides a thin passthrough
+ * for `notarize()` so callers can use a single object end-to-end.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.AiraSession = void 0;
@@ -11,14 +16,17 @@ class AiraSession {
         this.client = client;
         this.defaults = { agentId, ...(defaults ?? {}) };
     }
-    async notarize(params) {
+    async authorize(params) {
         const merged = {
             agentId: this.defaults.agentId,
             ...(this.defaults.modelId ? { modelId: this.defaults.modelId } : {}),
             ...(this.defaults.agentVersion ? { agentVersion: this.defaults.agentVersion } : {}),
             ...params,
         };
-        return this.client.notarize(merged);
+        return this.client.authorize(merged);
+    }
+    async notarize(params) {
+        return this.client.notarize(params);
     }
 }
 exports.AiraSession = AiraSession;