kavachos 0.0.1 → 0.0.3

package/README.md

@@ -0,0 +1,69 @@
+# kavachos
+
+Auth OS for AI agents. Identity, permissions, delegation, and audit.
+
+[![npm](https://img.shields.io/npm/v/kavachos)](https://www.npmjs.com/package/kavachos)
+[![license](https://img.shields.io/badge/license-MIT-blue)](https://github.com/kavachos/kavachos/blob/main/LICENSE)
+
+## Install
+
+```bash
+npm install kavachos
+# or
+pnpm add kavachos
+```
+
+## Quick start
+
+```typescript
+import { createKavach } from 'kavachos';
+
+const kavach = createKavach({
+  database: { provider: 'sqlite', url: 'kavach.db' },
+});
+
+// Create an agent with scoped permissions
+const agent = await kavach.agent.create({
+  ownerId: 'user-123',
+  name: 'github-reader',
+  type: 'autonomous',
+  permissions: [
+    { resource: 'mcp:github:*', actions: ['read'] },
+    {
+      resource: 'mcp:deploy:production',
+      actions: ['execute'],
+      constraints: { requireApproval: true },
+    },
+  ],
+});
+
+// Authorize an action
+const result = await kavach.authorize(agent.id, {
+  action: 'read',
+  resource: 'mcp:github:repos',
+});
+// { allowed: true, auditId: 'aud_...' }
+
+// Query the audit trail
+const logs = await kavach.audit.query({ agentId: agent.id });
+```
+
+## What's included
+
+- **Agent identity** - create, scope, revoke, and rotate agent credentials. Each agent gets an opaque bearer token (`kv_...`) and a permanent audit identity.
+- **Permission engine** - resource-based access control with colon-separated hierarchies (`mcp:github:*`) and wildcard matching. Constraints support rate limits, time windows, and human-in-the-loop approval gates.
+- **Delegation chains** - an orchestrator can delegate a subset of its permissions to a sub-agent, with depth limits and expiry. Chains are auditable and revocable at any point.
+- **Audit trail** - every authorization decision is written to an immutable log. Export as JSON or CSV for EU AI Act Article 12, SOC 2 CC6.1-CC7.2, and ISO 42001 compliance.
+- **MCP OAuth 2.1** - spec-compliant authorization server for the Model Context Protocol, with PKCE (S256), Protected Resource Metadata (RFC 9728), and Resource Indicators (RFC 8707).
+
+## Full docs
+
+[kavachos.com/docs](https://kavachos.com/docs)
+
+## Source
+
+[github.com/kavachos/kavachos](https://github.com/kavachos/kavachos)
+
+## License
+
+MIT

package/dist/agent/index.d.ts

@@ -1,8 +1,8 @@
-import { D as Database, C as CreateAgentInput, A as AgentIdentity, d as AgentFilter, U as UpdateAgentInput } from '../types-fHHAt3tt.js';
-export { j as AgentConfig } from '../types-fHHAt3tt.js';
+import { D as Database, C as CreateAgentInput, g as AgentIdentity, h as AgentFilter, U as UpdateAgentInput } from '../types-Xk83hv4O.js';
+export { L as AgentConfig } from '../types-Xk83hv4O.js';
 import 'drizzle-orm/better-sqlite3';
 import 'drizzle-orm/sqlite-core';
-import '../types-C5htunW6.js';
+import '../types-mwupB57A.js';
 import 'zod';
 
 interface AgentModuleConfig {

package/dist/agent/index.js

@@ -1,5 +1,5 @@
-export { createAgentModule } from '../chunk-DTCKF26N.js';
-import '../chunk-XSYYQH75.js';
+export { createAgentModule } from '../chunk-5DT4DN4Y.js';
+import '../chunk-V66UUIA7.js';
 import '../chunk-PZ5AY32C.js';
 //# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map

package/dist/audit/index.d.ts

@@ -1,7 +1,7 @@
-import { D as Database, g as AuditFilter, h as AuditEntry, i as AuditExportOptions } from '../types-fHHAt3tt.js';
+import { D as Database, k as AuditFilter, l as AuditEntry, m as AuditExportOptions } from '../types-Xk83hv4O.js';
 import 'drizzle-orm/better-sqlite3';
 import 'drizzle-orm/sqlite-core';
-import '../types-C5htunW6.js';
+import '../types-mwupB57A.js';
 import 'zod';
 
 interface AuditModuleConfig {
@@ -14,6 +14,11 @@ interface AuditModuleConfig {
 declare function createAuditModule(config: AuditModuleConfig): {
     query: (filter: AuditFilter) => Promise<AuditEntry[]>;
     export: (options: AuditExportOptions) => Promise<string>;
+    cleanup: (options: {
+        retentionDays: number;
+    }) => Promise<{
+        deleted: number;
+    }>;
 };
 
 export { AuditEntry, AuditExportOptions, AuditFilter, createAuditModule };

package/dist/audit/index.js

@@ -1,5 +1,5 @@
-export { createAuditModule } from '../chunk-XW2X3O53.js';
-import '../chunk-XSYYQH75.js';
+export { createAuditModule } from '../chunk-SJGSPIAD.js';
+import '../chunk-V66UUIA7.js';
 import '../chunk-PZ5AY32C.js';
 //# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map