life-as-api 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (303) hide show
  1. package/LICENSE +21 -0
  2. package/README.md +377 -0
  3. package/dist/agent/finance-agent.d.ts +44 -0
  4. package/dist/agent/finance-agent.js +75 -0
  5. package/dist/agent/finance-agent.js.map +1 -0
  6. package/dist/agent/legal-agent.d.ts +44 -0
  7. package/dist/agent/legal-agent.js +76 -0
  8. package/dist/agent/legal-agent.js.map +1 -0
  9. package/dist/agent/medical-agent.d.ts +44 -0
  10. package/dist/agent/medical-agent.js +75 -0
  11. package/dist/agent/medical-agent.js.map +1 -0
  12. package/dist/agent/trusted-agent-registry.d.ts +53 -0
  13. package/dist/agent/trusted-agent-registry.js +57 -0
  14. package/dist/agent/trusted-agent-registry.js.map +1 -0
  15. package/dist/audit/audit-chain-verifier.d.ts +10 -0
  16. package/dist/audit/audit-chain-verifier.js +67 -0
  17. package/dist/audit/audit-chain-verifier.js.map +1 -0
  18. package/dist/audit/audit-log.d.ts +48 -0
  19. package/dist/audit/audit-log.js +74 -0
  20. package/dist/audit/audit-log.js.map +1 -0
  21. package/dist/audit/sqlite-audit-log.d.ts +29 -0
  22. package/dist/audit/sqlite-audit-log.js +142 -0
  23. package/dist/audit/sqlite-audit-log.js.map +1 -0
  24. package/dist/auth/access-context-issuer.d.ts +18 -0
  25. package/dist/auth/access-context-issuer.js +88 -0
  26. package/dist/auth/access-context-issuer.js.map +1 -0
  27. package/dist/auth/assert-authorized-for-subject.d.ts +2 -0
  28. package/dist/auth/assert-authorized-for-subject.js +20 -0
  29. package/dist/auth/assert-authorized-for-subject.js.map +1 -0
  30. package/dist/auth/backend-context-minting-boundary.d.ts +23 -0
  31. package/dist/auth/backend-context-minting-boundary.js +281 -0
  32. package/dist/auth/backend-context-minting-boundary.js.map +1 -0
  33. package/dist/auth/default-authorization-policy.d.ts +7 -0
  34. package/dist/auth/default-authorization-policy.js +64 -0
  35. package/dist/auth/default-authorization-policy.js.map +1 -0
  36. package/dist/auth/fake-auth-adapter.d.ts +7 -0
  37. package/dist/auth/fake-auth-adapter.js +27 -0
  38. package/dist/auth/fake-auth-adapter.js.map +1 -0
  39. package/dist/auth/http-client.d.ts +12 -0
  40. package/dist/auth/http-client.js +7 -0
  41. package/dist/auth/http-client.js.map +1 -0
  42. package/dist/auth/in-memory-grant-resolver.d.ts +21 -0
  43. package/dist/auth/in-memory-grant-resolver.js +73 -0
  44. package/dist/auth/in-memory-grant-resolver.js.map +1 -0
  45. package/dist/auth/in-memory-tenant-boundary.d.ts +16 -0
  46. package/dist/auth/in-memory-tenant-boundary.js +37 -0
  47. package/dist/auth/in-memory-tenant-boundary.js.map +1 -0
  48. package/dist/auth/jwks-key-ring-auth-adapter.d.ts +38 -0
  49. package/dist/auth/jwks-key-ring-auth-adapter.js +123 -0
  50. package/dist/auth/jwks-key-ring-auth-adapter.js.map +1 -0
  51. package/dist/auth/jwks-key-ring.d.ts +25 -0
  52. package/dist/auth/jwks-key-ring.js +111 -0
  53. package/dist/auth/jwks-key-ring.js.map +1 -0
  54. package/dist/auth/jwt-auth-adapter.d.ts +15 -0
  55. package/dist/auth/jwt-auth-adapter.js +59 -0
  56. package/dist/auth/jwt-auth-adapter.js.map +1 -0
  57. package/dist/auth/jwt-core.d.ts +32 -0
  58. package/dist/auth/jwt-core.js +226 -0
  59. package/dist/auth/jwt-core.js.map +1 -0
  60. package/dist/auth/jwt-key-ring-auth-adapter.d.ts +16 -0
  61. package/dist/auth/jwt-key-ring-auth-adapter.js +58 -0
  62. package/dist/auth/jwt-key-ring-auth-adapter.js.map +1 -0
  63. package/dist/auth/oidc-discovery.d.ts +15 -0
  64. package/dist/auth/oidc-discovery.js +46 -0
  65. package/dist/auth/oidc-discovery.js.map +1 -0
  66. package/dist/auth/production-scoped-life-api.d.ts +58 -0
  67. package/dist/auth/production-scoped-life-api.js +802 -0
  68. package/dist/auth/production-scoped-life-api.js.map +1 -0
  69. package/dist/auth/proposal-scope-inspector.d.ts +3 -0
  70. package/dist/auth/proposal-scope-inspector.js +42 -0
  71. package/dist/auth/proposal-scope-inspector.js.map +1 -0
  72. package/dist/auth/proposal-scoped-life-api.d.ts +21 -0
  73. package/dist/auth/proposal-scoped-life-api.js +168 -0
  74. package/dist/auth/proposal-scoped-life-api.js.map +1 -0
  75. package/dist/auth/rate-limited-context-minting-boundary.d.ts +27 -0
  76. package/dist/auth/rate-limited-context-minting-boundary.js +77 -0
  77. package/dist/auth/rate-limited-context-minting-boundary.js.map +1 -0
  78. package/dist/auth/revocation-aware-auth-adapter.d.ts +21 -0
  79. package/dist/auth/revocation-aware-auth-adapter.js +88 -0
  80. package/dist/auth/revocation-aware-auth-adapter.js.map +1 -0
  81. package/dist/auth/sqlite-grant-resolver.d.ts +8 -0
  82. package/dist/auth/sqlite-grant-resolver.js +78 -0
  83. package/dist/auth/sqlite-grant-resolver.js.map +1 -0
  84. package/dist/auth/sqlite-tenant-boundary.d.ts +7 -0
  85. package/dist/auth/sqlite-tenant-boundary.js +41 -0
  86. package/dist/auth/sqlite-tenant-boundary.js.map +1 -0
  87. package/dist/auth/static-jwt-key-ring.d.ts +13 -0
  88. package/dist/auth/static-jwt-key-ring.js +73 -0
  89. package/dist/auth/static-jwt-key-ring.js.map +1 -0
  90. package/dist/auth/subject-scoped-life-api.d.ts +14 -0
  91. package/dist/auth/subject-scoped-life-api.js +51 -0
  92. package/dist/auth/subject-scoped-life-api.js.map +1 -0
  93. package/dist/auth/test-context-minting-boundary.d.ts +13 -0
  94. package/dist/auth/test-context-minting-boundary.js +74 -0
  95. package/dist/auth/test-context-minting-boundary.js.map +1 -0
  96. package/dist/auth/types.d.ts +77 -0
  97. package/dist/auth/types.js +16 -0
  98. package/dist/auth/types.js.map +1 -0
  99. package/dist/compliance/subject-data-report.d.ts +43 -0
  100. package/dist/compliance/subject-data-report.js +155 -0
  101. package/dist/compliance/subject-data-report.js.map +1 -0
  102. package/dist/consent/consent-guard.d.ts +4 -0
  103. package/dist/consent/consent-guard.js +37 -0
  104. package/dist/consent/consent-guard.js.map +1 -0
  105. package/dist/consent/grant-registry.d.ts +7 -0
  106. package/dist/consent/grant-registry.js +13 -0
  107. package/dist/consent/grant-registry.js.map +1 -0
  108. package/dist/consent/intersect-selector.d.ts +3 -0
  109. package/dist/consent/intersect-selector.js +66 -0
  110. package/dist/consent/intersect-selector.js.map +1 -0
  111. package/dist/contract/diagnostics.d.ts +32 -0
  112. package/dist/contract/diagnostics.js +112 -0
  113. package/dist/contract/diagnostics.js.map +1 -0
  114. package/dist/contract/project-contracts.d.ts +5 -0
  115. package/dist/contract/project-contracts.js +159 -0
  116. package/dist/contract/project-contracts.js.map +1 -0
  117. package/dist/contract/types.d.ts +32 -0
  118. package/dist/contract/types.js +5 -0
  119. package/dist/contract/types.js.map +1 -0
  120. package/dist/crypto/aes-gcm.d.ts +11 -0
  121. package/dist/crypto/aes-gcm.js +78 -0
  122. package/dist/crypto/aes-gcm.js.map +1 -0
  123. package/dist/crypto/claim-serializer.d.ts +26 -0
  124. package/dist/crypto/claim-serializer.js +59 -0
  125. package/dist/crypto/claim-serializer.js.map +1 -0
  126. package/dist/crypto/sha256.d.ts +12 -0
  127. package/dist/crypto/sha256.js +40 -0
  128. package/dist/crypto/sha256.js.map +1 -0
  129. package/dist/crypto/static-key.d.ts +11 -0
  130. package/dist/crypto/static-key.js +60 -0
  131. package/dist/crypto/static-key.js.map +1 -0
  132. package/dist/crypto/types.d.ts +20 -0
  133. package/dist/crypto/types.js +8 -0
  134. package/dist/crypto/types.js.map +1 -0
  135. package/dist/datasource/trusted-data-source-registry.d.ts +51 -0
  136. package/dist/datasource/trusted-data-source-registry.js +57 -0
  137. package/dist/datasource/trusted-data-source-registry.js.map +1 -0
  138. package/dist/erasure/tombstone.d.ts +13 -0
  139. package/dist/erasure/tombstone.js +20 -0
  140. package/dist/erasure/tombstone.js.map +1 -0
  141. package/dist/evidence/evidence-backed-claim-creator.d.ts +48 -0
  142. package/dist/evidence/evidence-backed-claim-creator.js +107 -0
  143. package/dist/evidence/evidence-backed-claim-creator.js.map +1 -0
  144. package/dist/evidence/in-memory-raw-document-store.d.ts +26 -0
  145. package/dist/evidence/in-memory-raw-document-store.js +84 -0
  146. package/dist/evidence/in-memory-raw-document-store.js.map +1 -0
  147. package/dist/evidence/raw-document-store.d.ts +12 -0
  148. package/dist/evidence/raw-document-store.js +8 -0
  149. package/dist/evidence/raw-document-store.js.map +1 -0
  150. package/dist/evidence/source-evidence-validator.d.ts +4 -0
  151. package/dist/evidence/source-evidence-validator.js +14 -0
  152. package/dist/evidence/source-evidence-validator.js.map +1 -0
  153. package/dist/evidence/sqlite-raw-document-store.d.ts +19 -0
  154. package/dist/evidence/sqlite-raw-document-store.js +122 -0
  155. package/dist/evidence/sqlite-raw-document-store.js.map +1 -0
  156. package/dist/guardian/guardian-registry.d.ts +96 -0
  157. package/dist/guardian/guardian-registry.js +95 -0
  158. package/dist/guardian/guardian-registry.js.map +1 -0
  159. package/dist/index.d.ts +44 -0
  160. package/dist/index.js +72 -0
  161. package/dist/index.js.map +1 -0
  162. package/dist/observability/health.d.ts +12 -0
  163. package/dist/observability/health.js +16 -0
  164. package/dist/observability/health.js.map +1 -0
  165. package/dist/observability/logger.d.ts +21 -0
  166. package/dist/observability/logger.js +40 -0
  167. package/dist/observability/logger.js.map +1 -0
  168. package/dist/observability/metrics.d.ts +15 -0
  169. package/dist/observability/metrics.js +52 -0
  170. package/dist/observability/metrics.js.map +1 -0
  171. package/dist/persistence/backup.d.ts +24 -0
  172. package/dist/persistence/backup.js +251 -0
  173. package/dist/persistence/backup.js.map +1 -0
  174. package/dist/persistence/decryptability-scan.d.ts +10 -0
  175. package/dist/persistence/decryptability-scan.js +144 -0
  176. package/dist/persistence/decryptability-scan.js.map +1 -0
  177. package/dist/persistence/in-memory-unit-of-work.d.ts +11 -0
  178. package/dist/persistence/in-memory-unit-of-work.js +32 -0
  179. package/dist/persistence/in-memory-unit-of-work.js.map +1 -0
  180. package/dist/persistence/key-availability.d.ts +9 -0
  181. package/dist/persistence/key-availability.js +125 -0
  182. package/dist/persistence/key-availability.js.map +1 -0
  183. package/dist/persistence/sqlite/migrations.d.ts +9 -0
  184. package/dist/persistence/sqlite/migrations.js +535 -0
  185. package/dist/persistence/sqlite/migrations.js.map +1 -0
  186. package/dist/persistence/sqlite/schema.d.ts +10 -0
  187. package/dist/persistence/sqlite/schema.js +101 -0
  188. package/dist/persistence/sqlite/schema.js.map +1 -0
  189. package/dist/persistence/sqlite/sqlite-fact-store.d.ts +24 -0
  190. package/dist/persistence/sqlite/sqlite-fact-store.js +207 -0
  191. package/dist/persistence/sqlite/sqlite-fact-store.js.map +1 -0
  192. package/dist/persistence/sqlite/sqlite-source-registry.d.ts +17 -0
  193. package/dist/persistence/sqlite/sqlite-source-registry.js +132 -0
  194. package/dist/persistence/sqlite/sqlite-source-registry.js.map +1 -0
  195. package/dist/persistence/sqlite/sqlite-unit-of-work.d.ts +8 -0
  196. package/dist/persistence/sqlite/sqlite-unit-of-work.js +41 -0
  197. package/dist/persistence/sqlite/sqlite-unit-of-work.js.map +1 -0
  198. package/dist/persistence/sqlite/types.d.ts +24 -0
  199. package/dist/persistence/sqlite/types.js +28 -0
  200. package/dist/persistence/sqlite/types.js.map +1 -0
  201. package/dist/persistence/unit-of-work.d.ts +6 -0
  202. package/dist/persistence/unit-of-work.js +15 -0
  203. package/dist/persistence/unit-of-work.js.map +1 -0
  204. package/dist/proposal/accepted-claim-appender.d.ts +7 -0
  205. package/dist/proposal/accepted-claim-appender.js +16 -0
  206. package/dist/proposal/accepted-claim-appender.js.map +1 -0
  207. package/dist/proposal/in-memory-proposal-queue.d.ts +21 -0
  208. package/dist/proposal/in-memory-proposal-queue.js +218 -0
  209. package/dist/proposal/in-memory-proposal-queue.js.map +1 -0
  210. package/dist/proposal/policy-aware-proposal-queue.d.ts +23 -0
  211. package/dist/proposal/policy-aware-proposal-queue.js +162 -0
  212. package/dist/proposal/policy-aware-proposal-queue.js.map +1 -0
  213. package/dist/proposal/proposal-policy.d.ts +37 -0
  214. package/dist/proposal/proposal-policy.js +72 -0
  215. package/dist/proposal/proposal-policy.js.map +1 -0
  216. package/dist/proposal/proposal-queue.d.ts +13 -0
  217. package/dist/proposal/proposal-queue.js +15 -0
  218. package/dist/proposal/proposal-queue.js.map +1 -0
  219. package/dist/proposal/source-aware-claim-appender.d.ts +13 -0
  220. package/dist/proposal/source-aware-claim-appender.js +47 -0
  221. package/dist/proposal/source-aware-claim-appender.js.map +1 -0
  222. package/dist/proposal/sqlite-proposal-queue.d.ts +26 -0
  223. package/dist/proposal/sqlite-proposal-queue.js +282 -0
  224. package/dist/proposal/sqlite-proposal-queue.js.map +1 -0
  225. package/dist/resolution/resolve-claims.d.ts +4 -0
  226. package/dist/resolution/resolve-claims.js +101 -0
  227. package/dist/resolution/resolve-claims.js.map +1 -0
  228. package/dist/resolution/trust-profile.d.ts +12 -0
  229. package/dist/resolution/trust-profile.js +23 -0
  230. package/dist/resolution/trust-profile.js.map +1 -0
  231. package/dist/resolution/types.d.ts +15 -0
  232. package/dist/resolution/types.js +8 -0
  233. package/dist/resolution/types.js.map +1 -0
  234. package/dist/sdk/create-backend-integrated-life-api-for-test.d.ts +23 -0
  235. package/dist/sdk/create-backend-integrated-life-api-for-test.js +240 -0
  236. package/dist/sdk/create-backend-integrated-life-api-for-test.js.map +1 -0
  237. package/dist/sdk/create-life-api.d.ts +55 -0
  238. package/dist/sdk/create-life-api.js +251 -0
  239. package/dist/sdk/create-life-api.js.map +1 -0
  240. package/dist/sdk/create-sqlite-life-api.d.ts +33 -0
  241. package/dist/sdk/create-sqlite-life-api.js +654 -0
  242. package/dist/sdk/create-sqlite-life-api.js.map +1 -0
  243. package/dist/sdk/life-api.d.ts +27 -0
  244. package/dist/sdk/life-api.js +17 -0
  245. package/dist/sdk/life-api.js.map +1 -0
  246. package/dist/sdk/validation.d.ts +8 -0
  247. package/dist/sdk/validation.js +216 -0
  248. package/dist/sdk/validation.js.map +1 -0
  249. package/dist/source/in-memory-source-registry.d.ts +15 -0
  250. package/dist/source/in-memory-source-registry.js +104 -0
  251. package/dist/source/in-memory-source-registry.js.map +1 -0
  252. package/dist/source/source-aware-fact-store.d.ts +19 -0
  253. package/dist/source/source-aware-fact-store.js +40 -0
  254. package/dist/source/source-aware-fact-store.js.map +1 -0
  255. package/dist/source/source-kind-predicate-policy.d.ts +4 -0
  256. package/dist/source/source-kind-predicate-policy.js +62 -0
  257. package/dist/source/source-kind-predicate-policy.js.map +1 -0
  258. package/dist/source/source-registry.d.ts +11 -0
  259. package/dist/source/source-registry.js +12 -0
  260. package/dist/source/source-registry.js.map +1 -0
  261. package/dist/store/in-memory-fact-store.d.ts +25 -0
  262. package/dist/store/in-memory-fact-store.js +192 -0
  263. package/dist/store/in-memory-fact-store.js.map +1 -0
  264. package/dist/surface/context-query.d.ts +21 -0
  265. package/dist/surface/context-query.js +113 -0
  266. package/dist/surface/context-query.js.map +1 -0
  267. package/dist/surface/evidence-backed-context-query.d.ts +62 -0
  268. package/dist/surface/evidence-backed-context-query.js +240 -0
  269. package/dist/surface/evidence-backed-context-query.js.map +1 -0
  270. package/dist/types/access-context.d.ts +25 -0
  271. package/dist/types/access-context.js +6 -0
  272. package/dist/types/access-context.js.map +1 -0
  273. package/dist/types/claim.d.ts +48 -0
  274. package/dist/types/claim.js +5 -0
  275. package/dist/types/claim.js.map +1 -0
  276. package/dist/types/consent.d.ts +41 -0
  277. package/dist/types/consent.js +3 -0
  278. package/dist/types/consent.js.map +1 -0
  279. package/dist/types/crypto-boundary.d.ts +12 -0
  280. package/dist/types/crypto-boundary.js +15 -0
  281. package/dist/types/crypto-boundary.js.map +1 -0
  282. package/dist/types/evidence.d.ts +31 -0
  283. package/dist/types/evidence.js +8 -0
  284. package/dist/types/evidence.js.map +1 -0
  285. package/dist/types/fact-store.d.ts +24 -0
  286. package/dist/types/fact-store.js +12 -0
  287. package/dist/types/fact-store.js.map +1 -0
  288. package/dist/types/ids.d.ts +36 -0
  289. package/dist/types/ids.js +11 -0
  290. package/dist/types/ids.js.map +1 -0
  291. package/dist/types/proposal.d.ts +38 -0
  292. package/dist/types/proposal.js +7 -0
  293. package/dist/types/proposal.js.map +1 -0
  294. package/dist/types/source.d.ts +33 -0
  295. package/dist/types/source.js +6 -0
  296. package/dist/types/source.js.map +1 -0
  297. package/dist/types/trust.d.ts +24 -0
  298. package/dist/types/trust.js +5 -0
  299. package/dist/types/trust.js.map +1 -0
  300. package/dist/utilities/deep-freeze.d.ts +1 -0
  301. package/dist/utilities/deep-freeze.js +17 -0
  302. package/dist/utilities/deep-freeze.js.map +1 -0
  303. package/package.json +55 -0
@@ -0,0 +1,240 @@
1
+ // TEST/DEV ONLY — createBackendIntegratedLifeApiForTest.
2
+ // Do NOT export from src/index.ts. Do NOT use in production.
3
+ //
4
+ // AUTH_FACTORY_OUTPUT_CONTEXT_MINTING_BOUNDARY_001: the returned `auth` is a
5
+ // ContextMintingBoundary (BackendContextMintingBoundary) — callers may not bypass it
6
+ // to reach AccessContextIssuer directly.
7
+ // AUTH_TEST_FACTORY_BACKEND_INTEGRATED_001: this factory uses BackendContextMintingBoundary
8
+ // (not TestContextMintingBoundary); TenantBoundary + GrantResolver backend checks fire
9
+ // for all mints.
10
+ import { InMemoryFactStore } from "../store/in-memory-fact-store.js";
11
+ import { InMemorySourceRegistry } from "../source/in-memory-source-registry.js";
12
+ import { SourceAwareFactStore } from "../source/source-aware-fact-store.js";
13
+ import { InMemoryRawDocumentStore } from "../evidence/in-memory-raw-document-store.js";
14
+ import { GrantRegistry } from "../consent/grant-registry.js";
15
+ import { InMemoryAuditLog } from "../audit/audit-log.js";
16
+ import { StaticTrustTable } from "../resolution/trust-profile.js";
17
+ import { AesGcmCryptoBoundary } from "../crypto/aes-gcm.js";
18
+ import { StaticKeyProvider } from "../crypto/static-key.js";
19
+ import { EvidenceBackedContextQueryService } from "../surface/evidence-backed-context-query.js";
20
+ import { EvidenceBackedClaimCreator } from "../evidence/evidence-backed-claim-creator.js";
21
+ import { InMemoryProposalQueue } from "../proposal/in-memory-proposal-queue.js";
22
+ import { SourceAwareClaimAppender } from "../proposal/source-aware-claim-appender.js";
23
+ import { InMemoryUnitOfWork } from "../persistence/in-memory-unit-of-work.js";
24
+ import { AccessContextIssuer } from "../auth/access-context-issuer.js";
25
+ import { DefaultAuthorizationPolicy } from "../auth/default-authorization-policy.js";
26
+ import { BackendContextMintingBoundary } from "../auth/backend-context-minting-boundary.js";
27
+ import { InMemoryTenantBoundary } from "../auth/in-memory-tenant-boundary.js";
28
+ import { InMemoryGrantResolver } from "../auth/in-memory-grant-resolver.js";
29
+ import { FakeAuthAdapter } from "../auth/fake-auth-adapter.js";
30
+ import { ERASURE_TOMBSTONE_PREDICATE, ERASURE_TOMBSTONE_PAYLOAD, SYSTEM_ERASURE_SOURCE_ID, } from "../erasure/tombstone.js";
31
+ import { asISOTime, asAuditId } from "../types/ids.js";
32
+ import { validateCreateGrantAdminInput, validateCreateSourceAdminInput, validateCreateClaimWithNewEvidenceInput, validateCreateClaimFromExistingEvidenceInput, validateCreateProposalInput, validateAcceptProposalInput, validateRejectProposalInput, validateQueryContractsInput, } from "./validation.js";
33
+ import { buildAuditEvent } from "../audit/audit-log.js";
34
+ // ─── Internal LifeApi implementation ─────────────────────────────────────────
35
+ // Duplicated from create-life-api.ts intentionally — avoids coupling this
36
+ // test/dev module to the production module's internals.
37
+ class BackendIntegratedLifeApiImpl {
38
+ _querySvc;
39
+ _claimCreator;
40
+ _proposalQueue;
41
+ _docStore;
42
+ _sourceRegistry;
43
+ _grantRegistry;
44
+ _issuer;
45
+ _factStore;
46
+ _auditLog;
47
+ constructor(_querySvc, _claimCreator, _proposalQueue, _docStore, _sourceRegistry, _grantRegistry, _issuer, _factStore, _auditLog) {
48
+ this._querySvc = _querySvc;
49
+ this._claimCreator = _claimCreator;
50
+ this._proposalQueue = _proposalQueue;
51
+ this._docStore = _docStore;
52
+ this._sourceRegistry = _sourceRegistry;
53
+ this._grantRegistry = _grantRegistry;
54
+ this._issuer = _issuer;
55
+ this._factStore = _factStore;
56
+ this._auditLog = _auditLog;
57
+ }
58
+ async queryContracts(ctx, input) {
59
+ this._issuer.assertTrusted(ctx);
60
+ validateQueryContractsInput(input);
61
+ return this._querySvc.queryContracts(ctx, input);
62
+ }
63
+ async createClaimWithNewEvidence(ctx, input) {
64
+ this._issuer.assertTrusted(ctx);
65
+ validateCreateClaimWithNewEvidenceInput(input);
66
+ return this._claimCreator.createClaimWithNewEvidence(ctx, input);
67
+ }
68
+ async createClaimFromExistingEvidence(ctx, input) {
69
+ this._issuer.assertTrusted(ctx);
70
+ validateCreateClaimFromExistingEvidenceInput(input);
71
+ return this._claimCreator.createClaimFromExistingEvidence(ctx, input);
72
+ }
73
+ async createProposal(ctx, input) {
74
+ this._issuer.assertTrusted(ctx);
75
+ validateCreateProposalInput(input);
76
+ return this._proposalQueue.createProposal(ctx, input);
77
+ }
78
+ async acceptProposal(ctx, proposalId, options) {
79
+ this._issuer.assertTrusted(ctx);
80
+ validateAcceptProposalInput(proposalId, options);
81
+ return this._proposalQueue.acceptProposal(ctx, proposalId, options);
82
+ }
83
+ async rejectProposal(ctx, proposalId, reason) {
84
+ this._issuer.assertTrusted(ctx);
85
+ validateRejectProposalInput(proposalId, reason);
86
+ return this._proposalQueue.rejectProposal(ctx, proposalId, reason);
87
+ }
88
+ getProposal(ctx, proposalId) {
89
+ this._issuer.assertTrusted(ctx);
90
+ return this._proposalQueue.getProposal(ctx, proposalId);
91
+ }
92
+ listProposals(ctx, filter) {
93
+ this._issuer.assertTrusted(ctx);
94
+ return this._proposalQueue.listProposals(ctx, filter);
95
+ }
96
+ getEvidenceRef(ctx, evidenceId) {
97
+ this._issuer.assertTrusted(ctx);
98
+ return this._docStore.getEvidenceRef(ctx, evidenceId);
99
+ }
100
+ listEvidenceRefs(ctx, filter) {
101
+ this._issuer.assertTrusted(ctx);
102
+ return this._docStore.listEvidenceRefs(ctx, filter);
103
+ }
104
+ createSourceAdmin(ctx, input) {
105
+ this._issuer.assertTrusted(ctx);
106
+ this._assertPrivileged(ctx);
107
+ validateCreateSourceAdminInput(input);
108
+ const evId = input.evidenceRef?.id;
109
+ if (evId !== undefined) {
110
+ const existing = this._docStore.getEvidenceRef(ctx, evId);
111
+ if (existing === undefined) {
112
+ throw new Error(`SDK_SOURCE_REGISTRATION_EVIDENCE_VALIDATED_001: evidenceRef.id "${evId}" ` +
113
+ `does not exist in the document store`);
114
+ }
115
+ }
116
+ return this._sourceRegistry.registerSource(ctx, input);
117
+ }
118
+ listSources(ctx, filter) {
119
+ this._issuer.assertTrusted(ctx);
120
+ return this._sourceRegistry.listSources(ctx, filter);
121
+ }
122
+ createGrantAdmin(ctx, grant) {
123
+ this._issuer.assertTrusted(ctx);
124
+ this._assertPrivileged(ctx);
125
+ validateCreateGrantAdminInput(grant);
126
+ this._grantRegistry.register(grant);
127
+ return grant;
128
+ }
129
+ async requestErasure(ctx, subject) {
130
+ this._issuer.assertTrusted(ctx);
131
+ if (ctx.kind !== "owner") {
132
+ throw Object.assign(new Error("ERASURE_REQUEST_DENIED_001: only OwnerContext may call requestErasure"), { code: "ERASURE_REQUEST_DENIED_001" });
133
+ }
134
+ const _SYSTEM_CTX = { kind: "system_projection" };
135
+ if (this._sourceRegistry.getSource(_SYSTEM_CTX, SYSTEM_ERASURE_SOURCE_ID) === undefined) {
136
+ this._sourceRegistry.registerSource(_SYSTEM_CTX, {
137
+ id: SYSTEM_ERASURE_SOURCE_ID,
138
+ kind: "user_manual",
139
+ label: "System erasure tombstone source",
140
+ });
141
+ }
142
+ const existing = await this._factStore.readClaims(ctx, {
143
+ subject,
144
+ predicates: [ERASURE_TOMBSTONE_PREDICATE],
145
+ });
146
+ if (existing.length > 0) {
147
+ throw Object.assign(new Error(`ERASURE_SUBJECT_ALREADY_ERASED_001: subject "${subject}" already has an erasure tombstone`), { code: "ERASURE_SUBJECT_ALREADY_ERASED_001" });
148
+ }
149
+ const now = asISOTime(new Date().toISOString());
150
+ const auditEvent = buildAuditEvent({
151
+ actor: `owner:${ctx.personId}`,
152
+ purpose: "erasure_request",
153
+ decision: "allow",
154
+ reasonCode: "ALLOWED",
155
+ selectorFingerprint: `erasure:subject:${subject}`,
156
+ resultCount: 0,
157
+ resultClaimIds: [],
158
+ now,
159
+ });
160
+ await this._auditLog.write(auditEvent);
161
+ await this._factStore.append({
162
+ subject,
163
+ predicate: ERASURE_TOMBSTONE_PREDICATE,
164
+ payload: ERASURE_TOMBSTONE_PAYLOAD,
165
+ sourceId: SYSTEM_ERASURE_SOURCE_ID,
166
+ validFrom: now,
167
+ }, ctx);
168
+ }
169
+ async getErasureStatus(ctx, subject) {
170
+ this._issuer.assertTrusted(ctx);
171
+ if (ctx.kind !== "owner") {
172
+ throw Object.assign(new Error("ERASURE_REQUEST_DENIED_001: only OwnerContext may call getErasureStatus"), { code: "ERASURE_REQUEST_DENIED_001" });
173
+ }
174
+ const tombstones = await this._factStore.readClaims(ctx, {
175
+ subject,
176
+ predicates: [ERASURE_TOMBSTONE_PREDICATE],
177
+ });
178
+ if (tombstones.length === 0)
179
+ return undefined;
180
+ const tombstone = tombstones[0];
181
+ const auditEvents = this._auditLog.readAll();
182
+ const erasureAudit = auditEvents.find(e => e.purpose === "erasure_request" &&
183
+ e.selectorFingerprint === `erasure:subject:${subject}`);
184
+ return {
185
+ subject,
186
+ recordedAt: tombstone.recordedAt,
187
+ auditEventId: erasureAudit?.id ?? asAuditId(`${tombstone.id}-audit`),
188
+ };
189
+ }
190
+ _assertPrivileged(ctx) {
191
+ const kind = ctx.kind;
192
+ if (kind !== "owner" && kind !== "system_projection" && kind !== "test") {
193
+ throw new Error(`SDK_PRIVILEGED_MUTATION_GUARDED_001: "${kind}" context cannot perform privileged SDK mutations`);
194
+ }
195
+ }
196
+ }
197
+ // ─── Public factory ───────────────────────────────────────────────────────────
198
+ /** @remarks TEST/DEV ONLY — not for production use. NOT exported from src/index.ts. */
199
+ export async function createBackendIntegratedLifeApiForTest(config) {
200
+ const keyProvider = await StaticKeyProvider.generate("backend-integrated-test-ephemeral");
201
+ const crypto = new AesGcmCryptoBoundary(keyProvider);
202
+ const rawStore = new InMemoryFactStore();
203
+ const sourceReg = new InMemorySourceRegistry();
204
+ const sourceStore = new SourceAwareFactStore(rawStore, sourceReg);
205
+ const docStore = new InMemoryRawDocumentStore(crypto);
206
+ const grantReg = new GrantRegistry();
207
+ const auditLog = new InMemoryAuditLog();
208
+ const trust = StaticTrustTable.empty();
209
+ const querySvc = new EvidenceBackedContextQueryService(sourceStore, grantReg, auditLog, sourceReg, docStore, trust);
210
+ const uow = new InMemoryUnitOfWork(docStore, sourceReg, rawStore);
211
+ const claimCreator = new EvidenceBackedClaimCreator(docStore, sourceReg, sourceStore, uow);
212
+ const appender = new SourceAwareClaimAppender(sourceStore, sourceReg, uow);
213
+ const proposalQueue = new InMemoryProposalQueue(appender, grantReg, sourceReg);
214
+ const issuer = new AccessContextIssuer();
215
+ const clock = config?.clock ?? { now: () => new Date().toISOString() };
216
+ const tenantBoundary = new InMemoryTenantBoundary(config?.memberships ?? []);
217
+ const grantResolver = new InMemoryGrantResolver(config?.grants ?? [], clock);
218
+ const defaultPrincipal = {
219
+ principalId: "test-principal",
220
+ principalType: "user",
221
+ tenantId: "test-tenant",
222
+ roles: ["owner"],
223
+ grantIds: [],
224
+ expiresAt: "2099-01-01T00:00:00Z",
225
+ issuedAt: "2020-01-01T00:00:00Z",
226
+ };
227
+ const adapter = config?.adapter ?? new FakeAuthAdapter(defaultPrincipal);
228
+ const policy = new DefaultAuthorizationPolicy(clock);
229
+ const auth = new BackendContextMintingBoundary({
230
+ adapter,
231
+ policy,
232
+ issuer,
233
+ clock,
234
+ tenantBoundary,
235
+ grantResolver,
236
+ });
237
+ const api = new BackendIntegratedLifeApiImpl(querySvc, claimCreator, proposalQueue, docStore, sourceReg, grantReg, issuer, sourceStore, auditLog);
238
+ return { api, auth, tenantBoundary, grantResolver };
239
+ }
240
+ //# sourceMappingURL=create-backend-integrated-life-api-for-test.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"create-backend-integrated-life-api-for-test.js","sourceRoot":"","sources":["../../src/sdk/create-backend-integrated-life-api-for-test.ts"],"names":[],"mappings":"AAAA,yDAAyD;AACzD,6DAA6D;AAC7D,EAAE;AACF,6EAA6E;AAC7E,uFAAuF;AACvF,2CAA2C;AAC3C,4FAA4F;AAC5F,yFAAyF;AACzF,mBAAmB;AAEnB,OAAO,EAAE,iBAAiB,EAAE,MAAoB,kCAAkC,CAAC;AACnF,OAAO,EAAE,sBAAsB,EAAE,MAAe,wCAAwC,CAAC;AACzF,OAAO,EAAE,oBAAoB,EAAE,MAAiB,sCAAsC,CAAC;AACvF,OAAO,EAAE,wBAAwB,EAAE,MAAa,6CAA6C,CAAC;AAC9F,OAAO,EAAE,aAAa,EAAE,MAAwB,8BAA8B,CAAC;AAC/E,OAAO,EAAE,gBAAgB,EAAE,MAAqB,uBAAuB,CAAC;AACxE,OAAO,EAAE,gBAAgB,EAAE,MAAqB,gCAAgC,CAAC;AACjF,OAAO,EAAE,oBAAoB,EAAE,MAAiB,sBAAsB,CAAC;AACvE,OAAO,EAAE,iBAAiB,EAAE,MAAoB,yBAAyB,CAAC;AAC1E,OAAO,EAAE,iCAAiC,EAAE,MAAM,6CAA6C,CAAC;AAChG,OAAO,EAAE,0BAA0B,EAAE,MAAW,8CAA8C,CAAC;AAC/F,OAAO,EAAE,qBAAqB,EAAE,MAAgB,yCAAyC,CAAC;AAC1F,OAAO,EAAE,wBAAwB,EAAE,MAAa,4CAA4C,CAAC;AAC7F,OAAO,EAAE,kBAAkB,EAAE,MAAmB,0CAA0C,CAAC;AAC3F,OAAO,EAAE,mBAAmB,EAAE,MAAkB,kCAAkC,CAAC;AACnF,OAAO,EAAE,0BAA0B,EAAE,MAAW,yCAAyC,CAAC;AAC1F,OAAO,EAAE,6BAA6B,EAAE,MAAQ,6CAA6C,CAAC;AAC9F,OAAO,EAAE,sBAAsB,EAAE,MAAe,sCAAsC,CAAC;AACvF,OAAO,EAAE,qBAAqB,EAAE,MAAgB,qCAAqC,CAAC;AACtF,OAAO,EAAE,eAAe,EAAE,MAAsB,8BAA8B,CAAC;AAC/E,OAAO,EACL,2BAA2B,EAC3B,yBAAyB,EACzB,wBAAwB,GACzB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,MAAiB,iBAAiB,CAAC;AAClE,OAAO,EACL,6BAA6B,EAC7B,8BAA8B,EAC9B,uCAAuC,EACvC,4CAA4C,EAC5C,2BAA2B,EAC3B,2BAA2B,EAC3B,2BAA2B,EAC3B,2BAA2B,GAC5B,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,eAAe,EAAE,MAAsB,uBAAuB,CAAC;AA2BxE,gFAAgF;AAChF,0EAA0E;AAC1E,wDAAwD;AAExD,MAAM,4BAA4B;IAEb;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IATnB,YACmB,SAAkD,EAClD,aAA2C,EAC3C,cAA8B,EAC9B,SAAiC,EACjC,eAA+B,EAC/B,cAA8B,EAC9B,OAAoC,EACpC,UAA0B,EAC1B,SAAyB;QARzB,cAAS,GAAT,SAAS,CAAyC;QAClD,kBAAa,GAAb,aAAa,CAA8B;QAC3C,mBAAc,GAAd,cAAc,CAAgB;QAC9B,cAAS,GAAT,SAAS,CAAwB;QACjC,oBAAe,GAAf,eAAe,CAAgB;QAC/B,mBAAc,GAAd,cAAc,CAAgB;QAC9B,YAAO,GAAP,OAAO,CAA6B;QACpC,eAAU,GAAV,UAAU,CAAgB;QAC1B,cAAS,GAAT,SAAS,CAAgB;IACzC,CAAC;IAEJ,KAAK,CAAC,cAAc,CAAC,GAAkB,EAAE,KAA0B;QACjE,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QAChC,2BAA2B,CAAC,KAAK,CAAC,CAAC;QACnC,OAAO,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IACnD,CAAC;IAED,KAAK,CAAC,0BAA0B,CAC9B,GAA2B,EAC3B,KAAsC;QAEtC,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QAChC,uCAAuC,CAAC,KAAK,CAAC,CAAC;QAC/C,OAAO,IAAI,CAAC,aAAa,CAAC,0BAA0B,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IACnE,CAAC;IAED,KAAK,CAAC,+BAA+B,CACnC,GAA2B,EAC3B,KAA2C;QAE3C,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QAChC,4CAA4C,CAAC,KAAK,CAAC,CAAC;QACpD,OAAO,IAAI,CAAC,aAAa,CAAC,+BAA+B,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IACxE,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,GAAwB,EAAE,KAAoB;QACjE,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QAChC,2BAA2B,CAAC,KAAK,CAAC,CAAC;QACnC,OAAO,IAAI,CAAC,cAAc,CAAC,cAAc,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IACxD,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,GAAoB,EAAE,UAAsB,EAAE,OAAsB;QACvF,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QAChC,2BAA2B,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QACjD,OAAO,IAAI,CAAC,cAAc,CAAC,cAAc,CAAC,GAAG,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC;IACtE,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,GAAoB,EAAE,UAAsB,EAAE,MAAc;QAC/E,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QAChC,2BAA2B,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QAChD,OAAO,IAAI,CAAC,cAAc,CAAC,cAAc,CAAC,GAAG,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;IACrE,CAAC;IAED,WAAW,CAAC,GAAkB,EAAE,UAAsB;QACpD,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QAChC,OAAO,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;IAC1D,CAAC;IAED,aAAa,CAAC,GAAkB,EAAE,MAAuB;QACvD,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QAChC,OAAO,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IACxD,CAAC;IAED,cAAc,CAAC,GAAkB,EAAE,UAAsB;QACvD,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QAChC,OAAO,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;IACxD,CAAC;IAED,gBAAgB,CAAC,GAAkB,EAAE,MAAuB;QAC1D,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QAChC,OAAO,IAAI,CAAC,SAAS,CAAC,gBAAgB,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IACtD,CAAC;IAED,iBAAiB,CAAC,GAAoB,EAAE,KAAkB;QACxD,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QAChC,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC;QAC5B,8BAA8B,CAAC,KAAK,CAAC,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;QACnC,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;YACvB,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,GAAoB,EAAE,IAAI,CAAC,CAAC;YAC3E,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;gBAC3B,MAAM,IAAI,KAAK,CACb,mEAAmE,IAAI,IAAI;oBAC3E,sCAAsC,CACvC,CAAC;YACJ,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC,eAAe,CAAC,cAAc,CAAC,GAAoB,EAAE,KAAK,CAAC,CAAC;IAC1E,CAAC;IAED,WAAW,CAAC,GAAkB,EAAE,MAAqB;QACnD,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QAChC,OAAO,IAAI,CAAC,eAAe,CAAC,WAAW,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IACvD,CAAC;IAED,gBAAgB,CAAC,GAAoB,EAAE,KAAmB;QACxD,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QAChC,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC;QAC5B,6BAA6B,CAAC,KAAK,CAAC,CAAC;QACrC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QACpC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,GAAiB,EAAE,OAAiB;QACvD,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QAChC,IAAK,GAAqB,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;YAC5C,MAAM,MAAM,CAAC,MAAM,CACjB,IAAI,KAAK,CAAC,uEAAuE,CAAC,EAClF,EAAE,IAAI,EAAE,4BAA4B,EAAE,CACvC,CAAC;QACJ,CAAC;QACD,MAAM,WAAW,GAAG,EAAE,IAAI,EAAE,mBAAmB,EAAW,CAAC;QAC3D,IAAI,IAAI,CAAC,eAAe,CAAC,SAAS,CAAC,WAAW,EAAE,wBAAwB,CAAC,KAAK,SAAS,EAAE,CAAC;YACxF,IAAI,CAAC,eAAe,CAAC,cAAc,CAAC,WAAW,EAAE;gBAC/C,EAAE,EAAK,wBAAwB;gBAC/B,IAAI,EAAG,aAAa;gBACpB,KAAK,EAAE,iCAAiC;aACzC,CAAC,CAAC;QACL,CAAC;QACD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,GAAG,EAAE;YACrD,OAAO;YACP,UAAU,EAAE,CAAC,2BAA2B,CAAC;SAC1C,CAAC,CAAC;QACH,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,MAAM,MAAM,CAAC,MAAM,CACjB,IAAI,KAAK,CAAC,gDAAgD,OAAO,oCAAoC,CAAC,EACtG,EAAE,IAAI,EAAE,oCAAoC,EAAE,CAC/C,CAAC;QACJ,CAAC;QACD,MAAM,GAAG,GAAG,SAAS,CAAC,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;QAChD,MAAM,UAAU,GAAG,eAAe,CAAC;YACjC,KAAK,EAAgB,SAAS,GAAG,CAAC,QAAQ,EAAE;YAC5C,OAAO,EAAc,iBAAiB;YACtC,QAAQ,EAAa,OAAO;YAC5B,UAAU,EAAW,SAAS;YAC9B,mBAAmB,EAAE,mBAAmB,OAAO,EAAE;YACjD,WAAW,EAAU,CAAC;YACtB,cAAc,EAAO,EAAE;YACvB,GAAG;SACJ,CAAC,CAAC;QACH,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QACvC,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,CAC1B;YACE,OAAO;YACP,SAAS,EAAE,2BAA2B;YACtC,OAAO,EAAI,yBAAyB;YACpC,QAAQ,EAAG,wBAAwB;YACnC,SAAS,EAAE,GAAG;SACf,EACD,GAAG,CACJ,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,GAAiB,EAAE,OAAiB;QACzD,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QAChC,IAAK,GAAqB,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;YAC5C,MAAM,MAAM,CAAC,MAAM,CACjB,IAAI,KAAK,CAAC,yEAAyE,CAAC,EACpF,EAAE,IAAI,EAAE,4BAA4B,EAAE,CACvC,CAAC;QACJ,CAAC;QACD,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,GAAG,EAAE;YACvD,OAAO;YACP,UAAU,EAAE,CAAC,2BAA2B,CAAC;SAC1C,CAAC,CAAC;QACH,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,SAAS,CAAC;QAC9C,MAAM,SAAS,GAAG,UAAU,CAAC,CAAC,CAAE,CAAC;QACjC,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;QAC7C,MAAM,YAAY,GAAG,WAAW,CAAC,IAAI,CACnC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,iBAAiB;YAC/B,CAAC,CAAC,mBAAmB,KAAK,mBAAmB,OAAO,EAAE,CAC5D,CAAC;QACF,OAAO;YACL,OAAO;YACP,UAAU,EAAI,SAAS,CAAC,UAAU;YAClC,YAAY,EAAE,YAAY,EAAE,EAAE,IAAI,SAAS,CAAC,GAAG,SAAS,CAAC,EAAE,QAAQ,CAAC;SACrE,CAAC;IACJ,CAAC;IAEO,iBAAiB,CAAC,GAAoB;QAC5C,MAAM,IAAI,GAAI,GAAqB,CAAC,IAAI,CAAC;QACzC,IAAI,IAAI,KAAK,OAAO,IAAI,IAAI,KAAK,mBAAmB,IAAI,IAAI,KAAK,MAAM,EAAE,CAAC;YACxE,MAAM,IAAI,KAAK,CACb,yCAAyC,IAAI,mDAAmD,CACjG,CAAC;QACJ,CAAC;IACH,CAAC;CACF;AAoBD,iFAAiF;AAEjF,uFAAuF;AACvF,MAAM,CAAC,KAAK,UAAU,qCAAqC,CACzD,MAA2C;IAE3C,MAAM,WAAW,GAAI,MAAM,iBAAiB,CAAC,QAAQ,CAAC,mCAAmC,CAAC,CAAC;IAC3F,MAAM,MAAM,GAAS,IAAI,oBAAoB,CAAC,WAAW,CAAC,CAAC;IAE3D,MAAM,QAAQ,GAAO,IAAI,iBAAiB,EAAE,CAAC;IAC7C,MAAM,SAAS,GAAM,IAAI,sBAAsB,EAAE,CAAC;IAClD,MAAM,WAAW,GAAI,IAAI,oBAAoB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IACnE,MAAM,QAAQ,GAAO,IAAI,wBAAwB,CAAC,MAAM,CAAC,CAAC;IAC1D,MAAM,QAAQ,GAAO,IAAI,aAAa,EAAE,CAAC;IACzC,MAAM,QAAQ,GAAO,IAAI,gBAAgB,EAAE,CAAC;IAC5C,MAAM,KAAK,GAAU,gBAAgB,CAAC,KAAK,EAAE,CAAC;IAE9C,MAAM,QAAQ,GAAO,IAAI,iCAAiC,CACxD,WAAW,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,KAAK,CAC5D,CAAC;IACF,MAAM,GAAG,GAAY,IAAI,kBAAkB,CAAC,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;IAC3E,MAAM,YAAY,GAAG,IAAI,0BAA0B,CAAC,QAAQ,EAAE,SAAS,EAAE,WAAW,EAAE,GAAG,CAAC,CAAC;IAC3F,MAAM,QAAQ,GAAO,IAAI,wBAAwB,CAAC,WAAW,EAAE,SAAS,EAAE,GAAG,CAAC,CAAC;IAC/E,MAAM,aAAa,GAAG,IAAI,qBAAqB,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;IAE/E,MAAM,MAAM,GAAG,IAAI,mBAAmB,EAAE,CAAC;IAEzC,MAAM,KAAK,GAAY,MAAM,EAAE,KAAK,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC;IAChF,MAAM,cAAc,GAAG,IAAI,sBAAsB,CAAC,MAAM,EAAE,WAAW,IAAI,EAAE,CAAC,CAAC;IAC7E,MAAM,aAAa,GAAI,IAAI,qBAAqB,CAAC,MAAM,EAAE,MAAM,IAAI,EAAE,EAAE,KAAK,CAAC,CAAC;IAE9E,MAAM,gBAAgB,GAAG;QACvB,WAAW,EAAI,gBAAgB;QAC/B,aAAa,EAAE,MAAe;QAC9B,QAAQ,EAAO,aAAa;QAC5B,KAAK,EAAU,CAAC,OAAO,CAAU;QACjC,QAAQ,EAAO,EAAc;QAC7B,SAAS,EAAM,sBAAsB;QACrC,QAAQ,EAAO,sBAAsB;KACtC,CAAC;IACF,MAAM,OAAO,GAAG,MAAM,EAAE,OAAO,IAAI,IAAI,eAAe,CAAC,gBAAgB,CAAC,CAAC;IAEzE,MAAM,MAAM,GAAG,IAAI,0BAA0B,CAAC,KAAK,CAAC,CAAC;IAErD,MAAM,IAAI,GAAG,IAAI,6BAA6B,CAAC;QAC7C,OAAO;QACP,MAAM;QACN,MAAM;QACN,KAAK;QACL,cAAc;QACd,aAAa;KACd,CAAC,CAAC;IAEH,MAAM,GAAG,GAAG,IAAI,4BAA4B,CAC1C,QAAQ,EAAE,YAAY,EAAE,aAAa,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,CACpG,CAAC;IAEF,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,cAAc,EAAE,aAAa,EAAE,CAAC;AACtD,CAAC"}
@@ -0,0 +1,55 @@
1
+ import { GrantRegistry } from "../consent/grant-registry.js";
2
+ import { EvidenceBackedContextQueryService } from "../surface/evidence-backed-context-query.js";
3
+ import { EvidenceBackedClaimCreator } from "../evidence/evidence-backed-claim-creator.js";
4
+ import { AccessContextIssuer } from "../auth/access-context-issuer.js";
5
+ import type { ProposalQueue } from "../proposal/proposal-queue.js";
6
+ import type { RawDocumentStore } from "../evidence/raw-document-store.js";
7
+ import type { SourceRegistry } from "../source/source-registry.js";
8
+ import type { FactStore } from "../types/fact-store.js";
9
+ import type { AuditLog } from "../audit/audit-log.js";
10
+ import type { AccessContext, AgentConsentContext, OwnerContext } from "../types/access-context.js";
11
+ import type { ConsentGrant } from "../types/consent.js";
12
+ import type { SdkAdminContext } from "./life-api.js";
13
+ import type { EvidenceId, PersonId, ProposalId } from "../types/ids.js";
14
+ import type { ErasureStatus } from "../erasure/tombstone.js";
15
+ import type { EvidenceFilter, EvidenceRef } from "../types/evidence.js";
16
+ import type { Source, SourceFilter, SourceInput } from "../types/source.js";
17
+ import type { AcceptOptions, Proposal, ProposalDecider, ProposalFilter, ProposalInput } from "../types/proposal.js";
18
+ import type { QueryContractsInput, ContextQueryResult } from "../surface/evidence-backed-context-query.js";
19
+ import type { EvidenceClaimCreator, CreateClaimWithNewEvidenceInput, CreateClaimFromExistingEvidenceInput, EvidenceBackedClaimResult, EvidenceBackedClaimWithNewEvidenceResult } from "../evidence/evidence-backed-claim-creator.js";
20
+ import type { LifeApi } from "./life-api.js";
21
+ export declare class LifeApiImpl implements LifeApi {
22
+ private readonly _querySvc;
23
+ private readonly _claimCreator;
24
+ private readonly _proposalQueue;
25
+ private readonly _docStore;
26
+ private readonly _sourceRegistry;
27
+ private readonly _grantRegistry;
28
+ private readonly _issuer;
29
+ private readonly _factStore;
30
+ private readonly _auditLog;
31
+ private readonly _erasureMutationAuditLog?;
32
+ constructor(_querySvc: EvidenceBackedContextQueryService, _claimCreator: EvidenceBackedClaimCreator, _proposalQueue: ProposalQueue, _docStore: RawDocumentStore, _sourceRegistry: SourceRegistry, _grantRegistry: GrantRegistry, _issuer: AccessContextIssuer, _factStore: FactStore, _auditLog: AuditLog, _erasureMutationAuditLog?: AuditLog | undefined);
33
+ queryContracts(ctx: AccessContext, input: QueryContractsInput): Promise<ContextQueryResult>;
34
+ createClaimWithNewEvidence(ctx: EvidenceClaimCreator, input: CreateClaimWithNewEvidenceInput): Promise<EvidenceBackedClaimWithNewEvidenceResult>;
35
+ createClaimFromExistingEvidence(ctx: EvidenceClaimCreator, input: CreateClaimFromExistingEvidenceInput): Promise<EvidenceBackedClaimResult>;
36
+ createProposal(ctx: AgentConsentContext, input: ProposalInput): Promise<Proposal>;
37
+ acceptProposal(ctx: ProposalDecider, proposalId: ProposalId, options: AcceptOptions): Promise<Proposal>;
38
+ rejectProposal(ctx: ProposalDecider, proposalId: ProposalId, reason: string): Promise<Proposal>;
39
+ getProposal(ctx: AccessContext, proposalId: ProposalId): Proposal | undefined;
40
+ listProposals(ctx: AccessContext, filter?: ProposalFilter): Proposal[];
41
+ getEvidenceRef(ctx: AccessContext, evidenceId: EvidenceId): EvidenceRef | undefined;
42
+ listEvidenceRefs(ctx: AccessContext, filter?: EvidenceFilter): EvidenceRef[];
43
+ createSourceAdmin(ctx: SdkAdminContext, input: SourceInput): Source;
44
+ listSources(ctx: AccessContext, filter?: SourceFilter): Source[];
45
+ createGrantAdmin(ctx: SdkAdminContext, grant: ConsentGrant): ConsentGrant;
46
+ requestErasure(ctx: OwnerContext, subject: PersonId): Promise<void>;
47
+ getErasureStatus(ctx: OwnerContext, subject: PersonId): Promise<ErasureStatus | undefined>;
48
+ private _assertPrivileged;
49
+ }
50
+ export interface LifeApiTestBundle {
51
+ readonly api: LifeApi;
52
+ readonly auth: AccessContextIssuer;
53
+ readonly auditLog: AuditLog;
54
+ }
55
+ export declare function createInMemoryLifeApiForTest(): Promise<LifeApiTestBundle>;
@@ -0,0 +1,251 @@
1
+ // SDK factory — Slice-13 / Slice-15 / Slice-15c.
2
+ //
3
+ // SDK_BOUNDARY_EXISTS_001: createInMemoryLifeApiForTest() is the approved test entry point.
4
+ // SDK_NO_INTERNAL_PATH_IMPORTS_001: LifeApiImpl is not exported from src/index.ts (public surface).
5
+ // It is accessible to other factory modules within src/sdk/ (e.g. create-sqlite-life-api.ts).
6
+ // Only factory functions are part of the public SDK API.
7
+ // AUTH_CONTEXT_SDK_ENFORCES_TRUSTED_CONTEXTS_001: every public LifeApi method calls
8
+ // this._issuer.assertTrusted() — scoped to the authority paired with this API instance.
9
+ // AUTH_CONTEXT_TRUST_IS_AUTHORITY_SCOPED_001: LifeApiImpl holds a reference to its own
10
+ // AccessContextIssuer; only contexts minted by that exact issuer are accepted.
11
+ // Internal wiring (stores, crypto, services) is hidden entirely behind LifeApi.
12
+ import { InMemoryFactStore } from "../store/in-memory-fact-store.js";
13
+ import { InMemorySourceRegistry } from "../source/in-memory-source-registry.js";
14
+ import { SourceAwareFactStore } from "../source/source-aware-fact-store.js";
15
+ import { InMemoryRawDocumentStore } from "../evidence/in-memory-raw-document-store.js";
16
+ import { GrantRegistry } from "../consent/grant-registry.js";
17
+ import { InMemoryAuditLog } from "../audit/audit-log.js";
18
+ import { StaticTrustTable } from "../resolution/trust-profile.js";
19
+ import { AesGcmCryptoBoundary } from "../crypto/aes-gcm.js";
20
+ import { StaticKeyProvider } from "../crypto/static-key.js";
21
+ import { EvidenceBackedContextQueryService } from "../surface/evidence-backed-context-query.js";
22
+ import { EvidenceBackedClaimCreator } from "../evidence/evidence-backed-claim-creator.js";
23
+ import { InMemoryProposalQueue } from "../proposal/in-memory-proposal-queue.js";
24
+ import { SourceAwareClaimAppender } from "../proposal/source-aware-claim-appender.js";
25
+ import { InMemoryUnitOfWork } from "../persistence/in-memory-unit-of-work.js";
26
+ import { AccessContextIssuer } from "../auth/access-context-issuer.js";
27
+ import { buildAuditEvent } from "../audit/audit-log.js";
28
+ import { ERASURE_TOMBSTONE_PREDICATE, ERASURE_TOMBSTONE_PAYLOAD, SYSTEM_ERASURE_SOURCE_ID, } from "../erasure/tombstone.js";
29
+ import { asISOTime, asAuditId } from "../types/ids.js";
30
+ import { validateCreateGrantAdminInput, validateCreateSourceAdminInput, validateCreateClaimWithNewEvidenceInput, validateCreateClaimFromExistingEvidenceInput, validateCreateProposalInput, validateAcceptProposalInput, validateRejectProposalInput, validateQueryContractsInput, } from "./validation.js";
31
+ // ─── Internal implementation ──────────────────────────────────────────────────
32
+ // Exported for use by production factory (create-sqlite-life-api.ts).
33
+ // NOT exported from src/index.ts — callers receive LifeApi only.
34
+ export class LifeApiImpl {
35
+ _querySvc;
36
+ _claimCreator;
37
+ _proposalQueue;
38
+ _docStore;
39
+ _sourceRegistry;
40
+ _grantRegistry;
41
+ _issuer;
42
+ _factStore;
43
+ _auditLog;
44
+ _erasureMutationAuditLog;
45
+ constructor(_querySvc, _claimCreator, _proposalQueue, _docStore, _sourceRegistry, _grantRegistry, _issuer, _factStore, _auditLog,
46
+ // PRODUCTION_AUDIT_REQUEST_ERASURE_AUDIT_ATOMIC_001 (C2b): when set, requestErasure
47
+ // writes the allow-path audit to this log and getErasureStatus reads from it.
48
+ // Both log and tombstone share config.db — they participate in the facade SAVEPOINT.
49
+ // Falls back to _auditLog when absent (in-memory tests, non-production paths).
50
+ _erasureMutationAuditLog) {
51
+ this._querySvc = _querySvc;
52
+ this._claimCreator = _claimCreator;
53
+ this._proposalQueue = _proposalQueue;
54
+ this._docStore = _docStore;
55
+ this._sourceRegistry = _sourceRegistry;
56
+ this._grantRegistry = _grantRegistry;
57
+ this._issuer = _issuer;
58
+ this._factStore = _factStore;
59
+ this._auditLog = _auditLog;
60
+ this._erasureMutationAuditLog = _erasureMutationAuditLog;
61
+ }
62
+ async queryContracts(ctx, input) {
63
+ this._issuer.assertTrusted(ctx);
64
+ validateQueryContractsInput(input);
65
+ return this._querySvc.queryContracts(ctx, input);
66
+ }
67
+ async createClaimWithNewEvidence(ctx, input) {
68
+ this._issuer.assertTrusted(ctx);
69
+ validateCreateClaimWithNewEvidenceInput(input);
70
+ return this._claimCreator.createClaimWithNewEvidence(ctx, input);
71
+ }
72
+ async createClaimFromExistingEvidence(ctx, input) {
73
+ this._issuer.assertTrusted(ctx);
74
+ validateCreateClaimFromExistingEvidenceInput(input);
75
+ return this._claimCreator.createClaimFromExistingEvidence(ctx, input);
76
+ }
77
+ async createProposal(ctx, input) {
78
+ this._issuer.assertTrusted(ctx);
79
+ validateCreateProposalInput(input);
80
+ return this._proposalQueue.createProposal(ctx, input);
81
+ }
82
+ async acceptProposal(ctx, proposalId, options) {
83
+ this._issuer.assertTrusted(ctx);
84
+ validateAcceptProposalInput(proposalId, options);
85
+ return this._proposalQueue.acceptProposal(ctx, proposalId, options);
86
+ }
87
+ async rejectProposal(ctx, proposalId, reason) {
88
+ this._issuer.assertTrusted(ctx);
89
+ validateRejectProposalInput(proposalId, reason);
90
+ return this._proposalQueue.rejectProposal(ctx, proposalId, reason);
91
+ }
92
+ getProposal(ctx, proposalId) {
93
+ this._issuer.assertTrusted(ctx);
94
+ return this._proposalQueue.getProposal(ctx, proposalId);
95
+ }
96
+ listProposals(ctx, filter) {
97
+ this._issuer.assertTrusted(ctx);
98
+ return this._proposalQueue.listProposals(ctx, filter);
99
+ }
100
+ getEvidenceRef(ctx, evidenceId) {
101
+ this._issuer.assertTrusted(ctx);
102
+ return this._docStore.getEvidenceRef(ctx, evidenceId);
103
+ }
104
+ listEvidenceRefs(ctx, filter) {
105
+ this._issuer.assertTrusted(ctx);
106
+ return this._docStore.listEvidenceRefs(ctx, filter);
107
+ }
108
+ createSourceAdmin(ctx, input) {
109
+ this._issuer.assertTrusted(ctx);
110
+ this._assertPrivileged(ctx);
111
+ validateCreateSourceAdminInput(input);
112
+ const evId = input.evidenceRef?.id;
113
+ if (evId !== undefined) {
114
+ const existing = this._docStore.getEvidenceRef(ctx, evId);
115
+ if (existing === undefined) {
116
+ throw new Error(`SDK_SOURCE_REGISTRATION_EVIDENCE_VALIDATED_001: evidenceRef.id "${evId}" ` +
117
+ `does not exist in the document store`);
118
+ }
119
+ }
120
+ return this._sourceRegistry.registerSource(ctx, input);
121
+ }
122
+ listSources(ctx, filter) {
123
+ this._issuer.assertTrusted(ctx);
124
+ return this._sourceRegistry.listSources(ctx, filter);
125
+ }
126
+ createGrantAdmin(ctx, grant) {
127
+ this._issuer.assertTrusted(ctx);
128
+ this._assertPrivileged(ctx);
129
+ validateCreateGrantAdminInput(grant);
130
+ this._grantRegistry.register(grant);
131
+ return grant;
132
+ }
133
+ // ── Erasure boundary — Slice-21a ──────────────────────────────────────────────
134
+ async requestErasure(ctx, subject) {
135
+ this._issuer.assertTrusted(ctx);
136
+ // ERASURE_TOMBSTONE_SELF_SUPPRESSION_CARVEOUT_001: runtime deny — type guarantees
137
+ // OwnerContext at compile time; this guard covers as-any bypasses.
138
+ if (ctx.kind !== "owner") {
139
+ throw Object.assign(new Error("ERASURE_REQUEST_DENIED_001: only OwnerContext may call requestErasure"), { code: "ERASURE_REQUEST_DENIED_001" });
140
+ }
141
+ // ERASURE_TOMBSTONE_PREDICATE_OPEN_UNION_001: lazy-register the system erasure source
142
+ // on first use. kind "user_manual" allows "system.erasure_request" (any predicate policy).
143
+ // SystemProjectionContext is the actor — not subject to owner restriction.
144
+ const _SYSTEM_CTX = { kind: "system_projection" };
145
+ if (this._sourceRegistry.getSource(_SYSTEM_CTX, SYSTEM_ERASURE_SOURCE_ID) === undefined) {
146
+ this._sourceRegistry.registerSource(_SYSTEM_CTX, {
147
+ id: SYSTEM_ERASURE_SOURCE_ID,
148
+ kind: "user_manual",
149
+ label: "System erasure tombstone source",
150
+ });
151
+ }
152
+ // Check for existing tombstone — ERASURE_TOMBSTONE_IMMUTABLE_001
153
+ const existing = await this._factStore.readClaims(ctx, {
154
+ subject,
155
+ predicates: [ERASURE_TOMBSTONE_PREDICATE],
156
+ });
157
+ if (existing.length > 0) {
158
+ throw Object.assign(new Error(`ERASURE_SUBJECT_ALREADY_ERASED_001: subject "${subject}" already has an erasure tombstone`), { code: "ERASURE_SUBJECT_ALREADY_ERASED_001" });
159
+ }
160
+ const now = asISOTime(new Date().toISOString());
161
+ // ERASURE_AUDIT_EVENT_FOR_ERASURE_001: audit written BEFORE tombstone.
162
+ // If this throws, tombstone is never appended.
163
+ // PRODUCTION_AUDIT_REQUEST_ERASURE_AUDIT_ATOMIC_001 (C2b): written to
164
+ // _erasureMutationAuditLog when set (config.db — participates in facade SAVEPOINT);
165
+ // falls back to _auditLog for non-production paths.
166
+ const auditEvent = buildAuditEvent({
167
+ actor: `owner:${ctx.personId}`,
168
+ purpose: "erasure_request",
169
+ decision: "allow",
170
+ reasonCode: "ALLOWED",
171
+ selectorFingerprint: `erasure:subject:${subject}`,
172
+ resultCount: 0,
173
+ resultClaimIds: [],
174
+ now,
175
+ });
176
+ await (this._erasureMutationAuditLog ?? this._auditLog).write(auditEvent);
177
+ // ERASURE_APPEND_ONLY_TOMBSTONE_MODEL_001: append tombstone — no DELETE, no UPDATE.
178
+ await this._factStore.append({
179
+ subject,
180
+ predicate: ERASURE_TOMBSTONE_PREDICATE,
181
+ payload: ERASURE_TOMBSTONE_PAYLOAD,
182
+ sourceId: SYSTEM_ERASURE_SOURCE_ID,
183
+ validFrom: now,
184
+ }, ctx);
185
+ }
186
+ async getErasureStatus(ctx, subject) {
187
+ this._issuer.assertTrusted(ctx);
188
+ if (ctx.kind !== "owner") {
189
+ throw Object.assign(new Error("ERASURE_REQUEST_DENIED_001: only OwnerContext may call getErasureStatus"), { code: "ERASURE_REQUEST_DENIED_001" });
190
+ }
191
+ // ERASURE_TOMBSTONE_SELF_SUPPRESSION_CARVEOUT_001: tombstone metadata only,
192
+ // never decrypted payload. readClaims returns ClaimMeta (no payload). ✓
193
+ const tombstones = await this._factStore.readClaims(ctx, {
194
+ subject,
195
+ predicates: [ERASURE_TOMBSTONE_PREDICATE],
196
+ });
197
+ if (tombstones.length === 0)
198
+ return undefined;
199
+ const tombstone = tombstones[0];
200
+ // PRODUCTION_AUDIT_REQUEST_ERASURE_STATUS_AUDIT_LOG_COHERENT_001 (C2b):
201
+ // Read from the same log that requestErasure writes to (_erasureMutationAuditLog).
202
+ // Legacy fallback: pre-C2b erasure records whose event lives in _auditLog remain resolvable.
203
+ const primaryAuditLog = this._erasureMutationAuditLog ?? this._auditLog;
204
+ const matchFn = (e) => e.purpose === "erasure_request" &&
205
+ e.selectorFingerprint === `erasure:subject:${subject}`;
206
+ let erasureAudit = primaryAuditLog.readAll().find(matchFn);
207
+ if (!erasureAudit && this._erasureMutationAuditLog) {
208
+ erasureAudit = this._auditLog.readAll().find(matchFn);
209
+ }
210
+ return {
211
+ subject,
212
+ recordedAt: tombstone.recordedAt,
213
+ auditEventId: erasureAudit?.id ?? asAuditId(`${tombstone.id}-audit`),
214
+ };
215
+ }
216
+ _assertPrivileged(ctx) {
217
+ const kind = ctx.kind;
218
+ if (kind !== "owner" && kind !== "system_projection" && kind !== "test") {
219
+ throw new Error(`SDK_PRIVILEGED_MUTATION_GUARDED_001: "${kind}" context cannot perform privileged SDK mutations`);
220
+ }
221
+ }
222
+ }
223
+ // ─── Public factory ───────────────────────────────────────────────────────────
224
+ export async function createInMemoryLifeApiForTest() {
225
+ const keyProvider = await StaticKeyProvider.generate("sdk-test-ephemeral");
226
+ const crypto = new AesGcmCryptoBoundary(keyProvider);
227
+ const rawStore = new InMemoryFactStore();
228
+ const sourceReg = new InMemorySourceRegistry();
229
+ const sourceStore = new SourceAwareFactStore(rawStore, sourceReg);
230
+ const docStore = new InMemoryRawDocumentStore(crypto);
231
+ const grantReg = new GrantRegistry();
232
+ const auditLog = new InMemoryAuditLog();
233
+ const trust = StaticTrustTable.empty();
234
+ const querySvc = new EvidenceBackedContextQueryService(sourceStore, grantReg, auditLog, sourceReg, docStore, trust);
235
+ // UNIT_OF_WORK_SDK_COMPOSITION_WIRED_001: all multi-write flows share one InMemoryUnitOfWork
236
+ // so createClaimWithNewEvidence and proposal accept are both all-or-none.
237
+ const uow = new InMemoryUnitOfWork(docStore, sourceReg, rawStore);
238
+ const claimCreator = new EvidenceBackedClaimCreator(docStore, sourceReg, sourceStore, uow);
239
+ const appender = new SourceAwareClaimAppender(sourceStore, sourceReg, uow);
240
+ const proposalQueue = new InMemoryProposalQueue(appender, grantReg, sourceReg);
241
+ // Each factory call produces a fresh AccessContextIssuer with its own private
242
+ // WeakSet — the returned `api` is paired exclusively with this `auth`.
243
+ // AUTH_CONTEXT_TRUST_IS_AUTHORITY_SCOPED_001
244
+ const auth = new AccessContextIssuer();
245
+ return {
246
+ api: new LifeApiImpl(querySvc, claimCreator, proposalQueue, docStore, sourceReg, grantReg, auth, sourceStore, auditLog),
247
+ auth,
248
+ auditLog,
249
+ };
250
+ }
251
+ //# sourceMappingURL=create-life-api.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"create-life-api.js","sourceRoot":"","sources":["../../src/sdk/create-life-api.ts"],"names":[],"mappings":"AAAA,iDAAiD;AACjD,EAAE;AACF,4FAA4F;AAC5F,oGAAoG;AACpG,gGAAgG;AAChG,2DAA2D;AAC3D,oFAAoF;AACpF,0FAA0F;AAC1F,uFAAuF;AACvF,iFAAiF;AACjF,gFAAgF;AAEhF,OAAO,EAAE,iBAAiB,EAAE,MAAoB,kCAAkC,CAAC;AACnF,OAAO,EAAE,sBAAsB,EAAE,MAAe,wCAAwC,CAAC;AACzF,OAAO,EAAE,oBAAoB,EAAE,MAAiB,sCAAsC,CAAC;AACvF,OAAO,EAAE,wBAAwB,EAAE,MAAa,6CAA6C,CAAC;AAC9F,OAAO,EAAE,aAAa,EAAE,MAAwB,8BAA8B,CAAC;AAC/E,OAAO,EAAE,gBAAgB,EAAE,MAAqB,uBAAuB,CAAC;AACxE,OAAO,EAAE,gBAAgB,EAAE,MAAqB,gCAAgC,CAAC;AACjF,OAAO,EAAE,oBAAoB,EAAE,MAAiB,sBAAsB,CAAC;AACvE,OAAO,EAAE,iBAAiB,EAAE,MAAoB,yBAAyB,CAAC;AAC1E,OAAO,EAAE,iCAAiC,EAAE,MAAM,6CAA6C,CAAC;AAChG,OAAO,EAAE,0BAA0B,EAAE,MAAW,8CAA8C,CAAC;AAC/F,OAAO,EAAE,qBAAqB,EAAE,MAAgB,yCAAyC,CAAC;AAC1F,OAAO,EAAE,wBAAwB,EAAE,MAAa,4CAA4C,CAAC;AAC7F,OAAO,EAAE,kBAAkB,EAAE,MAAmB,0CAA0C,CAAC;AAC3F,OAAO,EAAE,mBAAmB,EAAE,MAAkB,kCAAkC,CAAC;AACnF,OAAO,EAAE,eAAe,EAAE,MAAsB,uBAAuB,CAAC;AACxE,OAAO,EACL,2BAA2B,EAC3B,yBAAyB,EACzB,wBAAwB,GACzB,MAA+C,yBAAyB,CAAC;AAC1E,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,MAAkB,iBAAiB,CAAC;AACnE,OAAO,EACL,6BAA6B,EAC7B,8BAA8B,EAC9B,uCAAuC,EACvC,4CAA4C,EAC5C,2BAA2B,EAC3B,2BAA2B,EAC3B,2BAA2B,EAC3B,2BAA2B,GAC5B,MAAM,iBAAiB,CAAC;AAwBzB,iFAAiF;AACjF,sEAAsE;AACtE,iEAAiE;AAEjE,MAAM,OAAO,WAAW;IAEH;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IAKA;IAdnB,YACmB,SAA4D,EAC5D,aAAqD,EACrD,cAAwC,EACxC,SAA2C,EAC3C,eAAyC,EACzC,cAAwC,EACxC,OAA8C,EAC9C,UAAoC,EACpC,SAAmC;IACpD,oFAAoF;IACpF,8EAA8E;IAC9E,qFAAqF;IACrF,+EAA+E;IAC9D,wBAAmC;QAbnC,cAAS,GAAT,SAAS,CAAmD;QAC5D,kBAAa,GAAb,aAAa,CAAwC;QACrD,mBAAc,GAAd,cAAc,CAA0B;QACxC,cAAS,GAAT,SAAS,CAAkC;QAC3C,oBAAe,GAAf,eAAe,CAA0B;QACzC,mBAAc,GAAd,cAAc,CAA0B;QACxC,YAAO,GAAP,OAAO,CAAuC;QAC9C,eAAU,GAAV,UAAU,CAA0B;QACpC,cAAS,GAAT,SAAS,CAA0B;QAKnC,6BAAwB,GAAxB,wBAAwB,CAAW;IACnD,CAAC;IAEJ,KAAK,CAAC,cAAc,CAAC,GAAkB,EAAE,KAA0B;QACjE,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QAChC,2BAA2B,CAAC,KAAK,CAAC,CAAC;QACnC,OAAO,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IACnD,CAAC;IAED,KAAK,CAAC,0BAA0B,CAC9B,GAA2B,EAC3B,KAAsC;QAEtC,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QAChC,uCAAuC,CAAC,KAAK,CAAC,CAAC;QAC/C,OAAO,IAAI,CAAC,aAAa,CAAC,0BAA0B,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IACnE,CAAC;IAED,KAAK,CAAC,+BAA+B,CACnC,GAA2B,EAC3B,KAA2C;QAE3C,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QAChC,4CAA4C,CAAC,KAAK,CAAC,CAAC;QACpD,OAAO,IAAI,CAAC,aAAa,CAAC,+BAA+B,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IACxE,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,GAAwB,EAAE,KAAoB;QACjE,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QAChC,2BAA2B,CAAC,KAAK,CAAC,CAAC;QACnC,OAAO,IAAI,CAAC,cAAc,CAAC,cAAc,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IACxD,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,GAAoB,EAAE,UAAsB,EAAE,OAAsB;QACvF,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QAChC,2BAA2B,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QACjD,OAAO,IAAI,CAAC,cAAc,CAAC,cAAc,CAAC,GAAG,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC;IACtE,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,GAAoB,EAAE,UAAsB,EAAE,MAAc;QAC/E,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QAChC,2BAA2B,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QAChD,OAAO,IAAI,CAAC,cAAc,CAAC,cAAc,CAAC,GAAG,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;IACrE,CAAC;IAED,WAAW,CAAC,GAAkB,EAAE,UAAsB;QACpD,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QAChC,OAAO,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;IAC1D,CAAC;IAED,aAAa,CAAC,GAAkB,EAAE,MAAuB;QACvD,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QAChC,OAAO,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IACxD,CAAC;IAED,cAAc,CAAC,GAAkB,EAAE,UAAsB;QACvD,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QAChC,OAAO,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;IACxD,CAAC;IAED,gBAAgB,CAAC,GAAkB,EAAE,MAAuB;QAC1D,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QAChC,OAAO,IAAI,CAAC,SAAS,CAAC,gBAAgB,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IACtD,CAAC;IAED,iBAAiB,CAAC,GAAoB,EAAE,KAAkB;QACxD,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QAChC,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC;QAC5B,8BAA8B,CAAC,KAAK,CAAC,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;QACnC,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;YACvB,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,GAAoB,EAAE,IAAI,CAAC,CAAC;YAC3E,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;gBAC3B,MAAM,IAAI,KAAK,CACb,mEAAmE,IAAI,IAAI;oBAC3E,sCAAsC,CACvC,CAAC;YACJ,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC,eAAe,CAAC,cAAc,CAAC,GAAoB,EAAE,KAAK,CAAC,CAAC;IAC1E,CAAC;IAED,WAAW,CAAC,GAAkB,EAAE,MAAqB;QACnD,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QAChC,OAAO,IAAI,CAAC,eAAe,CAAC,WAAW,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IACvD,CAAC;IAED,gBAAgB,CAAC,GAAoB,EAAE,KAAmB;QACxD,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QAChC,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC;QAC5B,6BAA6B,CAAC,KAAK,CAAC,CAAC;QACrC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QACpC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,iFAAiF;IAEjF,KAAK,CAAC,cAAc,CAAC,GAAiB,EAAE,OAAiB;QACvD,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QAChC,kFAAkF;QAClF,mEAAmE;QACnE,IAAK,GAAqB,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;YAC5C,MAAM,MAAM,CAAC,MAAM,CACjB,IAAI,KAAK,CAAC,uEAAuE,CAAC,EAClF,EAAE,IAAI,EAAE,4BAA4B,EAAE,CACvC,CAAC;QACJ,CAAC;QAED,sFAAsF;QACtF,2FAA2F;QAC3F,2EAA2E;QAC3E,MAAM,WAAW,GAAG,EAAE,IAAI,EAAE,mBAAmB,EAAW,CAAC;QAC3D,IAAI,IAAI,CAAC,eAAe,CAAC,SAAS,CAAC,WAAW,EAAE,wBAAwB,CAAC,KAAK,SAAS,EAAE,CAAC;YACxF,IAAI,CAAC,eAAe,CAAC,cAAc,CAAC,WAAW,EAAE;gBAC/C,EAAE,EAAK,wBAAwB;gBAC/B,IAAI,EAAG,aAAa;gBACpB,KAAK,EAAE,iCAAiC;aACzC,CAAC,CAAC;QACL,CAAC;QAED,iEAAiE;QACjE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,GAAG,EAAE;YACrD,OAAO;YACP,UAAU,EAAE,CAAC,2BAA2B,CAAC;SAC1C,CAAC,CAAC;QACH,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,MAAM,MAAM,CAAC,MAAM,CACjB,IAAI,KAAK,CAAC,gDAAgD,OAAO,oCAAoC,CAAC,EACtG,EAAE,IAAI,EAAE,oCAAoC,EAAE,CAC/C,CAAC;QACJ,CAAC;QAED,MAAM,GAAG,GAAG,SAAS,CAAC,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;QAEhD,uEAAuE;QACvE,+CAA+C;QAC/C,sEAAsE;QACtE,oFAAoF;QACpF,oDAAoD;QACpD,MAAM,UAAU,GAAG,eAAe,CAAC;YACjC,KAAK,EAAgB,SAAS,GAAG,CAAC,QAAQ,EAAE;YAC5C,OAAO,EAAc,iBAAiB;YACtC,QAAQ,EAAa,OAAO;YAC5B,UAAU,EAAW,SAAS;YAC9B,mBAAmB,EAAE,mBAAmB,OAAO,EAAE;YACjD,WAAW,EAAU,CAAC;YACtB,cAAc,EAAO,EAAE;YACvB,GAAG;SACJ,CAAC,CAAC;QACH,MAAM,CAAC,IAAI,CAAC,wBAAwB,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QAE1E,oFAAoF;QACpF,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,CAC1B;YACE,OAAO;YACP,SAAS,EAAE,2BAA2B;YACtC,OAAO,EAAI,yBAAyB;YACpC,QAAQ,EAAG,wBAAwB;YACnC,SAAS,EAAE,GAAG;SACf,EACD,GAAG,CACJ,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,GAAiB,EAAE,OAAiB;QACzD,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QAChC,IAAK,GAAqB,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;YAC5C,MAAM,MAAM,CAAC,MAAM,CACjB,IAAI,KAAK,CAAC,yEAAyE,CAAC,EACpF,EAAE,IAAI,EAAE,4BAA4B,EAAE,CACvC,CAAC;QACJ,CAAC;QAED,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,GAAG,EAAE;YACvD,OAAO;YACP,UAAU,EAAE,CAAC,2BAA2B,CAAC;SAC1C,CAAC,CAAC;QAEH,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,SAAS,CAAC;QAE9C,MAAM,SAAS,GAAG,UAAU,CAAC,CAAC,CAAE,CAAC;QAEjC,wEAAwE;QACxE,mFAAmF;QACnF,6FAA6F;QAC7F,MAAM,eAAe,GAAG,IAAI,CAAC,wBAAwB,IAAI,IAAI,CAAC,SAAS,CAAC;QACxE,MAAM,OAAO,GAAG,CAAC,CAAqD,EAAE,EAAE,CACxE,CAAC,CAAC,OAAO,KAAK,iBAAiB;YAC/B,CAAC,CAAC,mBAAmB,KAAK,mBAAmB,OAAO,EAAE,CAAC;QACzD,IAAI,YAAY,GAAG,eAAe,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC3D,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,wBAAwB,EAAE,CAAC;YACnD,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACxD,CAAC;QAED,OAAO;YACL,OAAO;YACP,UAAU,EAAI,SAAS,CAAC,UAAU;YAClC,YAAY,EAAE,YAAY,EAAE,EAAE,IAAI,SAAS,CAAC,GAAG,SAAS,CAAC,EAAE,QAAQ,CAAC;SACrE,CAAC;IACJ,CAAC;IAEO,iBAAiB,CAAC,GAAoB;QAC5C,MAAM,IAAI,GAAI,GAAqB,CAAC,IAAI,CAAC;QACzC,IAAI,IAAI,KAAK,OAAO,IAAI,IAAI,KAAK,mBAAmB,IAAI,IAAI,KAAK,MAAM,EAAE,CAAC;YACxE,MAAM,IAAI,KAAK,CACb,yCAAyC,IAAI,mDAAmD,CACjG,CAAC;QACJ,CAAC;IACH,CAAC;CACF;AAcD,iFAAiF;AAEjF,MAAM,CAAC,KAAK,UAAU,4BAA4B;IAChD,MAAM,WAAW,GAAI,MAAM,iBAAiB,CAAC,QAAQ,CAAC,oBAAoB,CAAC,CAAC;IAC5E,MAAM,MAAM,GAAS,IAAI,oBAAoB,CAAC,WAAW,CAAC,CAAC;IAE3D,MAAM,QAAQ,GAAO,IAAI,iBAAiB,EAAE,CAAC;IAC7C,MAAM,SAAS,GAAM,IAAI,sBAAsB,EAAE,CAAC;IAClD,MAAM,WAAW,GAAI,IAAI,oBAAoB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IACnE,MAAM,QAAQ,GAAO,IAAI,wBAAwB,CAAC,MAAM,CAAC,CAAC;IAC1D,MAAM,QAAQ,GAAO,IAAI,aAAa,EAAE,CAAC;IACzC,MAAM,QAAQ,GAAO,IAAI,gBAAgB,EAAE,CAAC;IAC5C,MAAM,KAAK,GAAU,gBAAgB,CAAC,KAAK,EAAE,CAAC;IAE9C,MAAM,QAAQ,GAAO,IAAI,iCAAiC,CACxD,WAAW,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,KAAK,CAC5D,CAAC;IACF,6FAA6F;IAC7F,0EAA0E;IAC1E,MAAM,GAAG,GAAY,IAAI,kBAAkB,CAAC,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;IAC3E,MAAM,YAAY,GAAG,IAAI,0BAA0B,CAAC,QAAQ,EAAE,SAAS,EAAE,WAAW,EAAE,GAAG,CAAC,CAAC;IAE3F,MAAM,QAAQ,GAAQ,IAAI,wBAAwB,CAAC,WAAW,EAAE,SAAS,EAAE,GAAG,CAAC,CAAC;IAChF,MAAM,aAAa,GAAG,IAAI,qBAAqB,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;IAE/E,8EAA8E;IAC9E,uEAAuE;IACvE,6CAA6C;IAC7C,MAAM,IAAI,GAAG,IAAI,mBAAmB,EAAE,CAAC;IAEvC,OAAO;QACL,GAAG,EAAG,IAAI,WAAW,CAAC,QAAQ,EAAE,YAAY,EAAE,aAAa,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,CAAC;QACxH,IAAI;QACJ,QAAQ;KACT,CAAC;AACJ,CAAC"}
@@ -0,0 +1,33 @@
1
+ import type Database from "better-sqlite3";
2
+ import type { AuthAdapter, Clock, GrantResolver, TenantBoundary } from "../auth/types.js";
3
+ import type { TrustedAgentRegistry } from "../agent/trusted-agent-registry.js";
4
+ import type { GuardianRegistry } from "../guardian/guardian-registry.js";
5
+ import type { TrustedDataSourceRegistry } from "../datasource/trusted-data-source-registry.js";
6
+ import type { ProposalPolicy } from "../proposal/proposal-policy.js";
7
+ import type { FactoryCompatibleRawDocumentStore } from "../evidence/raw-document-store.js";
8
+ import type { FactoryCompatibleAuditLog } from "../audit/audit-log.js";
9
+ import type { ProductionApiBundle } from "../auth/production-scoped-life-api.js";
10
+ import type { Logger } from "../observability/logger.js";
11
+ import type { MetricsRecorder } from "../observability/metrics.js";
12
+ import type { KeyProvider } from "../crypto/types.js";
13
+ export interface ProductionFactoryConfig {
14
+ readonly db: Database.Database;
15
+ readonly encryptionKey?: {
16
+ readonly keyId: string;
17
+ readonly rawBytes: Uint8Array;
18
+ };
19
+ readonly keyProvider?: KeyProvider;
20
+ readonly authAdapter: AuthAdapter;
21
+ readonly tenantBoundary: TenantBoundary;
22
+ readonly grantResolver: GrantResolver;
23
+ readonly clock?: Clock;
24
+ readonly trustedAgentRegistry?: TrustedAgentRegistry;
25
+ readonly rawDocumentStore: FactoryCompatibleRawDocumentStore;
26
+ readonly auditLog: FactoryCompatibleAuditLog;
27
+ readonly logger?: Logger;
28
+ readonly metrics?: MetricsRecorder;
29
+ readonly trustedDataSourceRegistry?: TrustedDataSourceRegistry;
30
+ readonly proposalPolicy?: ProposalPolicy;
31
+ readonly guardianRegistry?: GuardianRegistry;
32
+ }
33
+ export declare function createSQLiteLifeApiForProduction(config: ProductionFactoryConfig): Promise<ProductionApiBundle>;