npm - arkna-sdk - Versions diffs - 0.1.0 - Mend

arkna-sdk 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (37) hide show

package/dist/cli.d.ts +20 -0
package/dist/cli.d.ts.map +1 -0
package/dist/cli.js +562 -0
package/dist/cli.js.map +1 -0
package/dist/client.d.ts +257 -0
package/dist/client.d.ts.map +1 -0
package/dist/client.js +948 -0
package/dist/client.js.map +1 -0
package/dist/enforcement.d.ts +67 -0
package/dist/enforcement.d.ts.map +1 -0
package/dist/enforcement.js +303 -0
package/dist/enforcement.js.map +1 -0
package/dist/index.d.ts +26 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +32 -0
package/dist/index.js.map +1 -0
package/dist/init.d.ts +74 -0
package/dist/init.d.ts.map +1 -0
package/dist/init.js +333 -0
package/dist/init.js.map +1 -0
package/dist/instrumentations/langchain.d.ts +79 -0
package/dist/instrumentations/langchain.d.ts.map +1 -0
package/dist/instrumentations/langchain.js +398 -0
package/dist/instrumentations/langchain.js.map +1 -0
package/dist/instrumentations/vercel-ai.d.ts +40 -0
package/dist/instrumentations/vercel-ai.d.ts.map +1 -0
package/dist/instrumentations/vercel-ai.js +212 -0
package/dist/instrumentations/vercel-ai.js.map +1 -0
package/dist/license.d.ts +89 -0
package/dist/license.d.ts.map +1 -0
package/dist/license.js +198 -0
package/dist/license.js.map +1 -0
package/dist/types.d.ts +402 -0
package/dist/types.d.ts.map +1 -0
package/dist/types.js +8 -0
package/dist/types.js.map +1 -0
package/package.json +41 -0

package/dist/instrumentations/vercel-ai.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"vercel-ai.js","sourceRoot":"","sources":["../../src/instrumentations/vercel-ai.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;AA4BH,oCA4MC;AArND;;;;;;;;GAQG;AACH,SAAgB,YAAY,CAC1B,MAAmB,EACnB,OAA6B;IAE7B,MAAM,SAAS,GAAG,OAAO,EAAE,SAAS,CAAC;IACrC,MAAM,OAAO,GAAG,OAAO,EAAE,OAAO,IAAI,WAAW,CAAC;IAChD,MAAM,IAAI,GAAG,OAAO,EAAE,QAAQ,IAAI,EAAE,CAAC;IAErC,KAAK,UAAU,IAAI,CAAC,IAAY,EAAE,IAAa;QAC7C,OAAQ,MAAc,CAAC,gBAAgB,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;IAC9D,CAAC;IAED,KAAK,UAAU,KAAK,CAAC,IAAY,EAAE,IAAa;QAC9C,OAAQ,MAAc,CAAC,gBAAgB,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;IAC/D,CAAC;IAED,KAAK,UAAU,mBAAmB,CAAC,MAAW;QAC5C,gDAAgD;QAChD,MAAM,EAAE,YAAY,EAAE,oBAAoB,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;QAE7D,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,EAAE,OAAO,IAAI,MAAM,CAAC,KAAK,EAAE,WAAW,EAAE,IAAI,IAAI,SAAS,CAAC;QACtF,IAAI,KAAK,GAAkB,IAAI,CAAC;QAEhC,IAAI,CAAC;YACH,YAAY;YACZ,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,EAAE;gBAClC,KAAK,EAAE,OAAO,MAAM,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,MAAM,CAAC;gBAC3G,YAAY,EAAE,OAAO;gBACrB,UAAU,EAAE,SAAS;gBACrB,QAAQ,EAAE,EAAE,GAAG,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,IAAI,EAAE,UAAU,EAAE;aAChF,CAAC,CAAC;YACH,KAAK,GAAG,OAAO,CAAC,MAAM,CAAC;QACzB,CAAC;QAAC,MAAM,CAAC;YACP,kEAAkE;YAClE,OAAO,oBAAoB,CAAC,MAAM,CAAC,CAAC;QACtC,CAAC;QAED,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,oBAAoB,CAAC,MAAM,CAAC,CAAC;YAElD,kBAAkB;YAClB,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,KAAK,QAAQ,EAAE;oBAClD,SAAS,EAAE,WAAW;oBACtB,KAAK,EAAE,OAAO,MAAM,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,MAAM,CAAC;oBAC3G,MAAM,EAAE,MAAM,CAAC,IAAI;oBACnB,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,SAAS;oBACxC,WAAW,EAAE,MAAM,CAAC,KAAK,EAAE,WAAW,IAAI,SAAS;oBACnD,QAAQ,EAAE;wBACR,KAAK,EAAE,OAAO;wBACd,aAAa,EAAE,MAAM,CAAC,KAAK,EAAE,YAAY;wBACzC,iBAAiB,EAAE,MAAM,CAAC,KAAK,EAAE,gBAAgB;wBACjD,aAAa,EAAE,MAAM,CAAC,YAAY;qBACnC;iBACF,CAAC,CAAC;gBAEH,2BAA2B;gBAC3B,IAAI,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACpD,KAAK,MAAM,EAAE,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;wBAClC,MAAM,IAAI,CAAC,SAAS,KAAK,QAAQ,EAAE;4BACjC,OAAO,EAAE,QAAQ,CAAC,OAAO;4BACzB,SAAS,EAAE,EAAE,CAAC,QAAQ;4BACtB,SAAS,EAAE,EAAE,CAAC,IAAI,IAAI,EAAE;yBACzB,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;oBACrB,CAAC;gBACH,CAAC;gBAED,oCAAoC;gBACpC,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;oBACjB,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;wBAChC,IAAI,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,CAAC;4BAC3B,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,SAAS,KAAK,QAAQ,EAAE;gCAC/C,SAAS,EAAE,QAAQ;gCACnB,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;gCAC3F,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,WAAW,IAAI,EAAE,CAAC;6BAC/C,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;4BAErB,IAAI,KAAK,EAAE,CAAC;gCACV,KAAK,MAAM,EAAE,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;oCAChC,MAAM,IAAI,CAAC,SAAS,KAAK,QAAQ,EAAE;wCACjC,OAAO,EAAE,KAAK,CAAC,OAAO;wCACtB,SAAS,EAAE,EAAE,CAAC,QAAQ;wCACtB,SAAS,EAAE,EAAE,CAAC,IAAI,IAAI,EAAE;qCACzB,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;gCACrB,CAAC;4BACH,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,eAAe;YACjB,CAAC;YAED,eAAe;YACf,MAAM,KAAK,CAAC,SAAS,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;YAE5F,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,WAAW;YACX,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,KAAK,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;gBAClE,MAAM,KAAK,CAAC,SAAS,KAAK,EAAE,EAAE;oBAC5B,MAAM,EAAE,QAAQ;oBAChB,UAAU,EAAE,KAAK,CAAC,IAAI,IAAI,OAAO;oBACjC,aAAa,EAAE,KAAK,CAAC,OAAO;iBAC7B,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;YACrB,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAED,KAAK,UAAU,iBAAiB,CAAC,MAAW;QAC1C,MAAM,EAAE,UAAU,EAAE,kBAAkB,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;QAEzD,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,EAAE,OAAO,IAAI,MAAM,CAAC,KAAK,EAAE,WAAW,EAAE,IAAI,IAAI,SAAS,CAAC;QACtF,IAAI,KAAK,GAAkB,IAAI,CAAC;QAEhC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,EAAE;gBAClC,KAAK,EAAE,OAAO,MAAM,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,MAAM,CAAC;gBAC3G,YAAY,EAAE,OAAO;gBACrB,UAAU,EAAE,SAAS;gBACrB,QAAQ,EAAE,EAAE,GAAG,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,IAAI,EAAE,QAAQ,EAAE;aAC9E,CAAC,CAAC;YACH,KAAK,GAAG,OAAO,CAAC,MAAM,CAAC;QACzB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,kBAAkB,CAAC,MAAM,CAAC,CAAC;QACpC,CAAC;QAED,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,MAAM,CAAC,CAAC;YAEhD,+DAA+D;YAC/D,yCAAyC;YACzC,MAAM,aAAa,GAAG,KAAK,CAAC;YAE5B,uDAAuD;YACvD,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,OAAO,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;gBACnE,yEAAyE;gBACzE,OAAO,MAAM,CAAC;YAChB,CAAC;YACD,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,SAAc,EAAE,EAAE;gBAC5C,IAAI,CAAC;oBACH,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC;oBACjC,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC;oBAC/B,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC;oBAEnC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,aAAa,QAAQ,EAAE;wBAC1D,SAAS,EAAE,WAAW;wBACtB,MAAM,EAAE,IAAI;wBACZ,WAAW,EAAE,KAAK,EAAE,WAAW,IAAI,SAAS;wBAC5C,QAAQ,EAAE;4BACR,KAAK,EAAE,OAAO;4BACd,aAAa,EAAE,KAAK,EAAE,YAAY;4BAClC,iBAAiB,EAAE,KAAK,EAAE,gBAAgB;4BAC1C,SAAS,EAAE,IAAI;yBAChB;qBACF,CAAC,CAAC;oBAEH,4CAA4C;oBAC5C,IAAI,SAAS,EAAE,CAAC;wBACd,MAAM,aAAa,GAAG,MAAM,SAAS,CAAC;wBACtC,IAAI,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC;4BACjC,KAAK,MAAM,EAAE,IAAI,aAAa,EAAE,CAAC;gCAC/B,MAAM,IAAI,CAAC,SAAS,aAAa,QAAQ,EAAE;oCACzC,OAAO,EAAE,QAAQ,CAAC,OAAO;oCACzB,SAAS,EAAE,EAAE,CAAC,QAAQ;oCACtB,SAAS,EAAE,EAAE,CAAC,IAAI,IAAI,EAAE;iCACzB,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;4BACrB,CAAC;wBACH,CAAC;oBACH,CAAC;oBAED,MAAM,KAAK,CAAC,SAAS,aAAa,EAAE,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;gBAC/F,CAAC;gBAAC,MAAM,CAAC;oBACP,eAAe;gBACjB,CAAC;YACH,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,EAAE,GAAY,EAAE,EAAE;gBAC9B,MAAM,KAAK,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;gBAClE,MAAM,KAAK,CAAC,SAAS,aAAa,EAAE,EAAE;oBACpC,MAAM,EAAE,QAAQ;oBAChB,UAAU,EAAE,KAAK,CAAC,IAAI,IAAI,OAAO;oBACjC,aAAa,EAAE,KAAK,CAAC,OAAO;iBAC7B,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;YACrB,CAAC,CAAC,CAAC;YAEH,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,KAAK,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;gBAClE,MAAM,KAAK,CAAC,SAAS,KAAK,EAAE,EAAE;oBAC5B,MAAM,EAAE,QAAQ;oBAChB,UAAU,EAAE,KAAK,CAAC,IAAI,IAAI,OAAO;oBACjC,aAAa,EAAE,KAAK,CAAC,OAAO;iBAC7B,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;YACrB,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAED,OAAO;QACL,YAAY,EAAE,mBAAmB;QACjC,UAAU,EAAE,iBAAiB;KAC9B,CAAC;AACJ,CAAC"}

package/dist/license.d.ts ADDED Viewed

@@ -0,0 +1,89 @@
+/**
+ * ARKNA SDK License Manager
+ *
+ * Agent-side compiled license evaluation + stamp generation.
+ * Fetches license on first execute (lazy), caches with TTL from expires_at.
+ * Evaluates tool against rules (glob match, O(n) n=5-20).
+ * Generates HMAC stamp if covered.
+ * Refreshes on heartbeat if version hash changed.
+ */
+export interface LicenseRule {
+    tool_pattern: string;
+    decision: 'allow' | 'escalate' | 'deny';
+    constraints?: {
+        max_per_hour?: number;
+        max_per_day?: number;
+        max_recipients?: number;
+        external_allowed?: boolean;
+        allowed_channels?: string[];
+        max_amount_usd?: number;
+        [key: string]: unknown;
+    };
+    reason?: string;
+}
+export interface AgentLicense {
+    version: '1.0';
+    license_id: string;
+    agent_id: string;
+    tenant_id: string;
+    issued_at: string;
+    expires_at: string;
+    license_hash: string;
+    rules: LicenseRule[];
+    global_constraints: {
+        max_actions_per_hour: number;
+        max_cost_per_day_usd: number | null;
+        blocked_domains: string[];
+    };
+    trust_gradient: Record<string, number>;
+    signature: string;
+    signature_alg: 'ed25519';
+    public_key: string;
+}
+export interface PermitStamp {
+    license_id: string;
+    tool: string;
+    params_hash: string;
+    timestamp: number;
+    stamp: string;
+}
+export declare class LicenseManager {
+    private license;
+    private stampSecret;
+    private expiresAt;
+    private hourlyCounters;
+    /**
+     * Set the license and stamp secret (called after fetching from gateway).
+     * Verifies ed25519 signature before accepting the license.
+     */
+    setLicense(license: AgentLicense, stampSecret: string): void;
+    /**
+     * Check if the license is valid and not expired.
+     */
+    get isValid(): boolean;
+    /**
+     * Get the current license hash (for change detection on heartbeat).
+     */
+    get licenseHash(): string | null;
+    /**
+     * Evaluate whether a tool action is covered by the license.
+     * Returns the matching rule's decision, or null if no license.
+     */
+    evaluate(toolName: string, parameters: Record<string, unknown>): {
+        decision: 'allow' | 'escalate' | 'deny';
+        rule?: LicenseRule;
+    } | null;
+    /**
+     * Check if an action is licensed (decision = 'allow').
+     */
+    isLicensed(toolName: string, parameters: Record<string, unknown>): boolean;
+    /**
+     * Generate a permit stamp for an action covered by the license.
+     * Returns base64-encoded JSON stamp string suitable for X-Arkna-Stamp header.
+     */
+    generateStamp(toolName: string, parameters: Record<string, unknown>): string | null;
+    private incrementCounter;
+    private getToolHourlyCount;
+    private getGlobalHourlyCount;
+}
+//# sourceMappingURL=license.d.ts.map

package/dist/license.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"license.d.ts","sourceRoot":"","sources":["../src/license.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAMH,MAAM,WAAW,WAAW;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,OAAO,GAAG,UAAU,GAAG,MAAM,CAAC;IACxC,WAAW,CAAC,EAAE;QACZ,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,gBAAgB,CAAC,EAAE,OAAO,CAAC;QAC3B,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;QAC5B,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;KACxB,CAAC;IACF,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,KAAK,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE,WAAW,EAAE,CAAC;IACrB,kBAAkB,EAAE;QAClB,oBAAoB,EAAE,MAAM,CAAC;QAC7B,oBAAoB,EAAE,MAAM,GAAG,IAAI,CAAC;QACpC,eAAe,EAAE,MAAM,EAAE,CAAC;KAC3B,CAAC;IACF,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACvC,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,SAAS,CAAC;IACzB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,WAAW;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;CACf;AAqBD,qBAAa,cAAc;IACzB,OAAO,CAAC,OAAO,CAA6B;IAC5C,OAAO,CAAC,WAAW,CAAuB;IAC1C,OAAO,CAAC,SAAS,CAAa;IAG9B,OAAO,CAAC,cAAc,CAA+B;IAErD;;;OAGG;IACH,UAAU,CAAC,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,GAAG,IAAI;IA6B5D;;OAEG;IACH,IAAI,OAAO,IAAI,OAAO,CAErB;IAED;;OAEG;IACH,IAAI,WAAW,IAAI,MAAM,GAAG,IAAI,CAE/B;IAED;;;OAGG;IACH,QAAQ,CAAC,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG;QAAE,QAAQ,EAAE,OAAO,GAAG,UAAU,GAAG,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,WAAW,CAAA;KAAE,GAAG,IAAI;IA2BvI;;OAEG;IACH,UAAU,CAAC,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO;IAK1E;;;OAGG;IACH,aAAa,CAAC,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,GAAG,IAAI;IA8BnF,OAAO,CAAC,gBAAgB;IAYxB,OAAO,CAAC,kBAAkB;IAO1B,OAAO,CAAC,oBAAoB;CAG7B"}

package/dist/license.js ADDED Viewed

@@ -0,0 +1,198 @@
+"use strict";
+/**
+ * ARKNA SDK License Manager
+ *
+ * Agent-side compiled license evaluation + stamp generation.
+ * Fetches license on first execute (lazy), caches with TTL from expires_at.
+ * Evaluates tool against rules (glob match, O(n) n=5-20).
+ * Generates HMAC stamp if covered.
+ * Refreshes on heartbeat if version hash changed.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LicenseManager = void 0;
+const crypto = __importStar(require("crypto"));
+// ── Glob Matching ────────────────────────────────────────────
+/**
+ * Simple glob match: supports `*` wildcard.
+ * e.g. "email.*" matches "email.send", "email.list"
+ *      "*" matches everything
+ */
+function globMatch(pattern, value) {
+    if (pattern === '*')
+        return true;
+    if (!pattern.includes('*'))
+        return pattern === value;
+    const regex = new RegExp('^' + pattern.replace(/\./g, '\\.').replace(/\*/g, '.*') + '$');
+    return regex.test(value);
+}
+// ── License Manager ──────────────────────────────────────────
+class LicenseManager {
+    license = null;
+    stampSecret = null;
+    expiresAt = 0;
+    // Hourly counters for local constraint tracking
+    hourlyCounters = new Map();
+    /**
+     * Set the license and stamp secret (called after fetching from gateway).
+     * Verifies ed25519 signature before accepting the license.
+     */
+    setLicense(license, stampSecret) {
+        // Verify ed25519 signature if public key is provided
+        if (license.signature && license.public_key && license.signature_alg === 'ed25519') {
+            try {
+                // Build the canonical payload that was signed (license minus signature fields)
+                const { signature, signature_alg, public_key, ...payload } = license;
+                const data = Buffer.from(JSON.stringify(payload));
+                const sig = Buffer.from(signature, 'base64');
+                const keyObj = crypto.createPublicKey({
+                    key: public_key,
+                    format: 'pem',
+                    type: 'spki',
+                });
+                const valid = crypto.verify(null, data, keyObj, sig);
+                if (!valid) {
+                    // Invalid signature — reject the license silently (fall through to full pipeline)
+                    return;
+                }
+            }
+            catch {
+                // Verification failed (key format, algorithm mismatch, etc.) — reject
+                return;
+            }
+        }
+        this.license = license;
+        this.stampSecret = stampSecret;
+        this.expiresAt = new Date(license.expires_at).getTime();
+    }
+    /**
+     * Check if the license is valid and not expired.
+     */
+    get isValid() {
+        return this.license !== null && Date.now() < this.expiresAt;
+    }
+    /**
+     * Get the current license hash (for change detection on heartbeat).
+     */
+    get licenseHash() {
+        return this.license?.license_hash ?? null;
+    }
+    /**
+     * Evaluate whether a tool action is covered by the license.
+     * Returns the matching rule's decision, or null if no license.
+     */
+    evaluate(toolName, parameters) {
+        if (!this.isValid || !this.license)
+            return null;
+        // Check global constraints
+        const hourlyTotal = this.getGlobalHourlyCount();
+        if (hourlyTotal >= this.license.global_constraints.max_actions_per_hour) {
+            return { decision: 'escalate' };
+        }
+        // Find first matching rule
+        for (const rule of this.license.rules) {
+            if (globMatch(rule.tool_pattern, toolName)) {
+                // Check per-tool hourly constraint
+                if (rule.constraints?.max_per_hour) {
+                    const toolCount = this.getToolHourlyCount(toolName);
+                    if (toolCount >= rule.constraints.max_per_hour) {
+                        return { decision: 'escalate', rule };
+                    }
+                }
+                return { decision: rule.decision, rule };
+            }
+        }
+        // No rule matched — escalate
+        return { decision: 'escalate' };
+    }
+    /**
+     * Check if an action is licensed (decision = 'allow').
+     */
+    isLicensed(toolName, parameters) {
+        const result = this.evaluate(toolName, parameters);
+        return result?.decision === 'allow';
+    }
+    /**
+     * Generate a permit stamp for an action covered by the license.
+     * Returns base64-encoded JSON stamp string suitable for X-Arkna-Stamp header.
+     */
+    generateStamp(toolName, parameters) {
+        if (!this.license || !this.stampSecret)
+            return null;
+        const paramsHash = crypto.createHash('sha256')
+            .update(JSON.stringify(parameters))
+            .digest('hex');
+        const timestamp = Math.floor(Date.now() / 1000);
+        const payload = `${this.license.license_id}:${toolName}:${paramsHash}:${timestamp}`;
+        const stamp = crypto.createHmac('sha256', this.stampSecret)
+            .update(payload)
+            .digest('hex');
+        const permitStamp = {
+            license_id: this.license.license_id,
+            tool: toolName,
+            params_hash: paramsHash,
+            timestamp,
+            stamp,
+        };
+        // Track for local constraint counters
+        this.incrementCounter(toolName);
+        this.incrementCounter('__global__');
+        return Buffer.from(JSON.stringify(permitStamp)).toString('base64');
+    }
+    // ── Counter helpers ────────────────────────────────────
+    incrementCounter(key) {
+        let entries = this.hourlyCounters.get(key);
+        if (!entries) {
+            entries = [];
+            this.hourlyCounters.set(key, entries);
+        }
+        entries.push(Date.now());
+        // Prune old entries
+        const cutoff = Date.now() - 3600_000;
+        this.hourlyCounters.set(key, entries.filter(t => t > cutoff));
+    }
+    getToolHourlyCount(tool) {
+        const entries = this.hourlyCounters.get(tool);
+        if (!entries)
+            return 0;
+        const cutoff = Date.now() - 3600_000;
+        return entries.filter(t => t > cutoff).length;
+    }
+    getGlobalHourlyCount() {
+        return this.getToolHourlyCount('__global__');
+    }
+}
+exports.LicenseManager = LicenseManager;
+//# sourceMappingURL=license.js.map

package/dist/license.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"license.js","sourceRoot":"","sources":["../src/license.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,+CAAiC;AA+CjC,gEAAgE;AAEhE;;;;GAIG;AACH,SAAS,SAAS,CAAC,OAAe,EAAE,KAAa;IAC/C,IAAI,OAAO,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IACjC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,OAAO,KAAK,KAAK,CAAC;IAErD,MAAM,KAAK,GAAG,IAAI,MAAM,CACtB,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,GAAG,CAC/D,CAAC;IACF,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAC3B,CAAC;AAED,gEAAgE;AAEhE,MAAa,cAAc;IACjB,OAAO,GAAwB,IAAI,CAAC;IACpC,WAAW,GAAkB,IAAI,CAAC;IAClC,SAAS,GAAW,CAAC,CAAC;IAE9B,gDAAgD;IACxC,cAAc,GAAG,IAAI,GAAG,EAAoB,CAAC;IAErD;;;OAGG;IACH,UAAU,CAAC,OAAqB,EAAE,WAAmB;QACnD,qDAAqD;QACrD,IAAI,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,aAAa,KAAK,SAAS,EAAE,CAAC;YACnF,IAAI,CAAC;gBACH,+EAA+E;gBAC/E,MAAM,EAAE,SAAS,EAAE,aAAa,EAAE,UAAU,EAAE,GAAG,OAAO,EAAE,GAAG,OAAO,CAAC;gBACrE,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;gBAClD,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;gBAC7C,MAAM,MAAM,GAAG,MAAM,CAAC,eAAe,CAAC;oBACpC,GAAG,EAAE,UAAU;oBACf,MAAM,EAAE,KAAK;oBACb,IAAI,EAAE,MAAM;iBACb,CAAC,CAAC;gBACH,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC;gBACrD,IAAI,CAAC,KAAK,EAAE,CAAC;oBACX,kFAAkF;oBAClF,OAAO;gBACT,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,sEAAsE;gBACtE,OAAO;YACT,CAAC;QACH,CAAC;QAED,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;QAC/B,IAAI,CAAC,SAAS,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,OAAO,EAAE,CAAC;IAC1D,CAAC;IAED;;OAEG;IACH,IAAI,OAAO;QACT,OAAO,IAAI,CAAC,OAAO,KAAK,IAAI,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC;IAC9D,CAAC;IAED;;OAEG;IACH,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,OAAO,EAAE,YAAY,IAAI,IAAI,CAAC;IAC5C,CAAC;IAED;;;OAGG;IACH,QAAQ,CAAC,QAAgB,EAAE,UAAmC;QAC5D,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,OAAO,IAAI,CAAC;QAEhD,2BAA2B;QAC3B,MAAM,WAAW,GAAG,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAChD,IAAI,WAAW,IAAI,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,oBAAoB,EAAE,CAAC;YACxE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;QAClC,CAAC;QAED,2BAA2B;QAC3B,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;YACtC,IAAI,SAAS,CAAC,IAAI,CAAC,YAAY,EAAE,QAAQ,CAAC,EAAE,CAAC;gBAC3C,mCAAmC;gBACnC,IAAI,IAAI,CAAC,WAAW,EAAE,YAAY,EAAE,CAAC;oBACnC,MAAM,SAAS,GAAG,IAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;oBACpD,IAAI,SAAS,IAAI,IAAI,CAAC,WAAW,CAAC,YAAY,EAAE,CAAC;wBAC/C,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;oBACxC,CAAC;gBACH,CAAC;gBACD,OAAO,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC;YAC3C,CAAC;QACH,CAAC;QAED,6BAA6B;QAC7B,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;IAClC,CAAC;IAED;;OAEG;IACH,UAAU,CAAC,QAAgB,EAAE,UAAmC;QAC9D,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;QACnD,OAAO,MAAM,EAAE,QAAQ,KAAK,OAAO,CAAC;IACtC,CAAC;IAED;;;OAGG;IACH,aAAa,CAAC,QAAgB,EAAE,UAAmC;QACjE,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,WAAW;YAAE,OAAO,IAAI,CAAC;QAEpD,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC;aAC3C,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;aAClC,MAAM,CAAC,KAAK,CAAC,CAAC;QACjB,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAEhD,MAAM,OAAO,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,IAAI,QAAQ,IAAI,UAAU,IAAI,SAAS,EAAE,CAAC;QACpF,MAAM,KAAK,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAC;aACxD,MAAM,CAAC,OAAO,CAAC;aACf,MAAM,CAAC,KAAK,CAAC,CAAC;QAEjB,MAAM,WAAW,GAAgB;YAC/B,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU;YACnC,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,UAAU;YACvB,SAAS;YACT,KAAK;SACN,CAAC;QAEF,sCAAsC;QACtC,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QAChC,IAAI,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC;QAEpC,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACrE,CAAC;IAED,0DAA0D;IAElD,gBAAgB,CAAC,GAAW;QAClC,IAAI,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC3C,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;QACxC,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;QACzB,oBAAoB;QACpB,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC;QACrC,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC;IAChE,CAAC;IAEO,kBAAkB,CAAC,IAAY;QACrC,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC9C,IAAI,CAAC,OAAO;YAAE,OAAO,CAAC,CAAC;QACvB,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC;QACrC,OAAO,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,MAAM,CAAC;IAChD,CAAC;IAEO,oBAAoB;QAC1B,OAAO,IAAI,CAAC,kBAAkB,CAAC,YAAY,CAAC,CAAC;IAC/C,CAAC;CACF;AAtJD,wCAsJC"}