life-as-api 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (303) hide show
  1. package/LICENSE +21 -0
  2. package/README.md +377 -0
  3. package/dist/agent/finance-agent.d.ts +44 -0
  4. package/dist/agent/finance-agent.js +75 -0
  5. package/dist/agent/finance-agent.js.map +1 -0
  6. package/dist/agent/legal-agent.d.ts +44 -0
  7. package/dist/agent/legal-agent.js +76 -0
  8. package/dist/agent/legal-agent.js.map +1 -0
  9. package/dist/agent/medical-agent.d.ts +44 -0
  10. package/dist/agent/medical-agent.js +75 -0
  11. package/dist/agent/medical-agent.js.map +1 -0
  12. package/dist/agent/trusted-agent-registry.d.ts +53 -0
  13. package/dist/agent/trusted-agent-registry.js +57 -0
  14. package/dist/agent/trusted-agent-registry.js.map +1 -0
  15. package/dist/audit/audit-chain-verifier.d.ts +10 -0
  16. package/dist/audit/audit-chain-verifier.js +67 -0
  17. package/dist/audit/audit-chain-verifier.js.map +1 -0
  18. package/dist/audit/audit-log.d.ts +48 -0
  19. package/dist/audit/audit-log.js +74 -0
  20. package/dist/audit/audit-log.js.map +1 -0
  21. package/dist/audit/sqlite-audit-log.d.ts +29 -0
  22. package/dist/audit/sqlite-audit-log.js +142 -0
  23. package/dist/audit/sqlite-audit-log.js.map +1 -0
  24. package/dist/auth/access-context-issuer.d.ts +18 -0
  25. package/dist/auth/access-context-issuer.js +88 -0
  26. package/dist/auth/access-context-issuer.js.map +1 -0
  27. package/dist/auth/assert-authorized-for-subject.d.ts +2 -0
  28. package/dist/auth/assert-authorized-for-subject.js +20 -0
  29. package/dist/auth/assert-authorized-for-subject.js.map +1 -0
  30. package/dist/auth/backend-context-minting-boundary.d.ts +23 -0
  31. package/dist/auth/backend-context-minting-boundary.js +281 -0
  32. package/dist/auth/backend-context-minting-boundary.js.map +1 -0
  33. package/dist/auth/default-authorization-policy.d.ts +7 -0
  34. package/dist/auth/default-authorization-policy.js +64 -0
  35. package/dist/auth/default-authorization-policy.js.map +1 -0
  36. package/dist/auth/fake-auth-adapter.d.ts +7 -0
  37. package/dist/auth/fake-auth-adapter.js +27 -0
  38. package/dist/auth/fake-auth-adapter.js.map +1 -0
  39. package/dist/auth/http-client.d.ts +12 -0
  40. package/dist/auth/http-client.js +7 -0
  41. package/dist/auth/http-client.js.map +1 -0
  42. package/dist/auth/in-memory-grant-resolver.d.ts +21 -0
  43. package/dist/auth/in-memory-grant-resolver.js +73 -0
  44. package/dist/auth/in-memory-grant-resolver.js.map +1 -0
  45. package/dist/auth/in-memory-tenant-boundary.d.ts +16 -0
  46. package/dist/auth/in-memory-tenant-boundary.js +37 -0
  47. package/dist/auth/in-memory-tenant-boundary.js.map +1 -0
  48. package/dist/auth/jwks-key-ring-auth-adapter.d.ts +38 -0
  49. package/dist/auth/jwks-key-ring-auth-adapter.js +123 -0
  50. package/dist/auth/jwks-key-ring-auth-adapter.js.map +1 -0
  51. package/dist/auth/jwks-key-ring.d.ts +25 -0
  52. package/dist/auth/jwks-key-ring.js +111 -0
  53. package/dist/auth/jwks-key-ring.js.map +1 -0
  54. package/dist/auth/jwt-auth-adapter.d.ts +15 -0
  55. package/dist/auth/jwt-auth-adapter.js +59 -0
  56. package/dist/auth/jwt-auth-adapter.js.map +1 -0
  57. package/dist/auth/jwt-core.d.ts +32 -0
  58. package/dist/auth/jwt-core.js +226 -0
  59. package/dist/auth/jwt-core.js.map +1 -0
  60. package/dist/auth/jwt-key-ring-auth-adapter.d.ts +16 -0
  61. package/dist/auth/jwt-key-ring-auth-adapter.js +58 -0
  62. package/dist/auth/jwt-key-ring-auth-adapter.js.map +1 -0
  63. package/dist/auth/oidc-discovery.d.ts +15 -0
  64. package/dist/auth/oidc-discovery.js +46 -0
  65. package/dist/auth/oidc-discovery.js.map +1 -0
  66. package/dist/auth/production-scoped-life-api.d.ts +58 -0
  67. package/dist/auth/production-scoped-life-api.js +802 -0
  68. package/dist/auth/production-scoped-life-api.js.map +1 -0
  69. package/dist/auth/proposal-scope-inspector.d.ts +3 -0
  70. package/dist/auth/proposal-scope-inspector.js +42 -0
  71. package/dist/auth/proposal-scope-inspector.js.map +1 -0
  72. package/dist/auth/proposal-scoped-life-api.d.ts +21 -0
  73. package/dist/auth/proposal-scoped-life-api.js +168 -0
  74. package/dist/auth/proposal-scoped-life-api.js.map +1 -0
  75. package/dist/auth/rate-limited-context-minting-boundary.d.ts +27 -0
  76. package/dist/auth/rate-limited-context-minting-boundary.js +77 -0
  77. package/dist/auth/rate-limited-context-minting-boundary.js.map +1 -0
  78. package/dist/auth/revocation-aware-auth-adapter.d.ts +21 -0
  79. package/dist/auth/revocation-aware-auth-adapter.js +88 -0
  80. package/dist/auth/revocation-aware-auth-adapter.js.map +1 -0
  81. package/dist/auth/sqlite-grant-resolver.d.ts +8 -0
  82. package/dist/auth/sqlite-grant-resolver.js +78 -0
  83. package/dist/auth/sqlite-grant-resolver.js.map +1 -0
  84. package/dist/auth/sqlite-tenant-boundary.d.ts +7 -0
  85. package/dist/auth/sqlite-tenant-boundary.js +41 -0
  86. package/dist/auth/sqlite-tenant-boundary.js.map +1 -0
  87. package/dist/auth/static-jwt-key-ring.d.ts +13 -0
  88. package/dist/auth/static-jwt-key-ring.js +73 -0
  89. package/dist/auth/static-jwt-key-ring.js.map +1 -0
  90. package/dist/auth/subject-scoped-life-api.d.ts +14 -0
  91. package/dist/auth/subject-scoped-life-api.js +51 -0
  92. package/dist/auth/subject-scoped-life-api.js.map +1 -0
  93. package/dist/auth/test-context-minting-boundary.d.ts +13 -0
  94. package/dist/auth/test-context-minting-boundary.js +74 -0
  95. package/dist/auth/test-context-minting-boundary.js.map +1 -0
  96. package/dist/auth/types.d.ts +77 -0
  97. package/dist/auth/types.js +16 -0
  98. package/dist/auth/types.js.map +1 -0
  99. package/dist/compliance/subject-data-report.d.ts +43 -0
  100. package/dist/compliance/subject-data-report.js +155 -0
  101. package/dist/compliance/subject-data-report.js.map +1 -0
  102. package/dist/consent/consent-guard.d.ts +4 -0
  103. package/dist/consent/consent-guard.js +37 -0
  104. package/dist/consent/consent-guard.js.map +1 -0
  105. package/dist/consent/grant-registry.d.ts +7 -0
  106. package/dist/consent/grant-registry.js +13 -0
  107. package/dist/consent/grant-registry.js.map +1 -0
  108. package/dist/consent/intersect-selector.d.ts +3 -0
  109. package/dist/consent/intersect-selector.js +66 -0
  110. package/dist/consent/intersect-selector.js.map +1 -0
  111. package/dist/contract/diagnostics.d.ts +32 -0
  112. package/dist/contract/diagnostics.js +112 -0
  113. package/dist/contract/diagnostics.js.map +1 -0
  114. package/dist/contract/project-contracts.d.ts +5 -0
  115. package/dist/contract/project-contracts.js +159 -0
  116. package/dist/contract/project-contracts.js.map +1 -0
  117. package/dist/contract/types.d.ts +32 -0
  118. package/dist/contract/types.js +5 -0
  119. package/dist/contract/types.js.map +1 -0
  120. package/dist/crypto/aes-gcm.d.ts +11 -0
  121. package/dist/crypto/aes-gcm.js +78 -0
  122. package/dist/crypto/aes-gcm.js.map +1 -0
  123. package/dist/crypto/claim-serializer.d.ts +26 -0
  124. package/dist/crypto/claim-serializer.js +59 -0
  125. package/dist/crypto/claim-serializer.js.map +1 -0
  126. package/dist/crypto/sha256.d.ts +12 -0
  127. package/dist/crypto/sha256.js +40 -0
  128. package/dist/crypto/sha256.js.map +1 -0
  129. package/dist/crypto/static-key.d.ts +11 -0
  130. package/dist/crypto/static-key.js +60 -0
  131. package/dist/crypto/static-key.js.map +1 -0
  132. package/dist/crypto/types.d.ts +20 -0
  133. package/dist/crypto/types.js +8 -0
  134. package/dist/crypto/types.js.map +1 -0
  135. package/dist/datasource/trusted-data-source-registry.d.ts +51 -0
  136. package/dist/datasource/trusted-data-source-registry.js +57 -0
  137. package/dist/datasource/trusted-data-source-registry.js.map +1 -0
  138. package/dist/erasure/tombstone.d.ts +13 -0
  139. package/dist/erasure/tombstone.js +20 -0
  140. package/dist/erasure/tombstone.js.map +1 -0
  141. package/dist/evidence/evidence-backed-claim-creator.d.ts +48 -0
  142. package/dist/evidence/evidence-backed-claim-creator.js +107 -0
  143. package/dist/evidence/evidence-backed-claim-creator.js.map +1 -0
  144. package/dist/evidence/in-memory-raw-document-store.d.ts +26 -0
  145. package/dist/evidence/in-memory-raw-document-store.js +84 -0
  146. package/dist/evidence/in-memory-raw-document-store.js.map +1 -0
  147. package/dist/evidence/raw-document-store.d.ts +12 -0
  148. package/dist/evidence/raw-document-store.js +8 -0
  149. package/dist/evidence/raw-document-store.js.map +1 -0
  150. package/dist/evidence/source-evidence-validator.d.ts +4 -0
  151. package/dist/evidence/source-evidence-validator.js +14 -0
  152. package/dist/evidence/source-evidence-validator.js.map +1 -0
  153. package/dist/evidence/sqlite-raw-document-store.d.ts +19 -0
  154. package/dist/evidence/sqlite-raw-document-store.js +122 -0
  155. package/dist/evidence/sqlite-raw-document-store.js.map +1 -0
  156. package/dist/guardian/guardian-registry.d.ts +96 -0
  157. package/dist/guardian/guardian-registry.js +95 -0
  158. package/dist/guardian/guardian-registry.js.map +1 -0
  159. package/dist/index.d.ts +44 -0
  160. package/dist/index.js +72 -0
  161. package/dist/index.js.map +1 -0
  162. package/dist/observability/health.d.ts +12 -0
  163. package/dist/observability/health.js +16 -0
  164. package/dist/observability/health.js.map +1 -0
  165. package/dist/observability/logger.d.ts +21 -0
  166. package/dist/observability/logger.js +40 -0
  167. package/dist/observability/logger.js.map +1 -0
  168. package/dist/observability/metrics.d.ts +15 -0
  169. package/dist/observability/metrics.js +52 -0
  170. package/dist/observability/metrics.js.map +1 -0
  171. package/dist/persistence/backup.d.ts +24 -0
  172. package/dist/persistence/backup.js +251 -0
  173. package/dist/persistence/backup.js.map +1 -0
  174. package/dist/persistence/decryptability-scan.d.ts +10 -0
  175. package/dist/persistence/decryptability-scan.js +144 -0
  176. package/dist/persistence/decryptability-scan.js.map +1 -0
  177. package/dist/persistence/in-memory-unit-of-work.d.ts +11 -0
  178. package/dist/persistence/in-memory-unit-of-work.js +32 -0
  179. package/dist/persistence/in-memory-unit-of-work.js.map +1 -0
  180. package/dist/persistence/key-availability.d.ts +9 -0
  181. package/dist/persistence/key-availability.js +125 -0
  182. package/dist/persistence/key-availability.js.map +1 -0
  183. package/dist/persistence/sqlite/migrations.d.ts +9 -0
  184. package/dist/persistence/sqlite/migrations.js +535 -0
  185. package/dist/persistence/sqlite/migrations.js.map +1 -0
  186. package/dist/persistence/sqlite/schema.d.ts +10 -0
  187. package/dist/persistence/sqlite/schema.js +101 -0
  188. package/dist/persistence/sqlite/schema.js.map +1 -0
  189. package/dist/persistence/sqlite/sqlite-fact-store.d.ts +24 -0
  190. package/dist/persistence/sqlite/sqlite-fact-store.js +207 -0
  191. package/dist/persistence/sqlite/sqlite-fact-store.js.map +1 -0
  192. package/dist/persistence/sqlite/sqlite-source-registry.d.ts +17 -0
  193. package/dist/persistence/sqlite/sqlite-source-registry.js +132 -0
  194. package/dist/persistence/sqlite/sqlite-source-registry.js.map +1 -0
  195. package/dist/persistence/sqlite/sqlite-unit-of-work.d.ts +8 -0
  196. package/dist/persistence/sqlite/sqlite-unit-of-work.js +41 -0
  197. package/dist/persistence/sqlite/sqlite-unit-of-work.js.map +1 -0
  198. package/dist/persistence/sqlite/types.d.ts +24 -0
  199. package/dist/persistence/sqlite/types.js +28 -0
  200. package/dist/persistence/sqlite/types.js.map +1 -0
  201. package/dist/persistence/unit-of-work.d.ts +6 -0
  202. package/dist/persistence/unit-of-work.js +15 -0
  203. package/dist/persistence/unit-of-work.js.map +1 -0
  204. package/dist/proposal/accepted-claim-appender.d.ts +7 -0
  205. package/dist/proposal/accepted-claim-appender.js +16 -0
  206. package/dist/proposal/accepted-claim-appender.js.map +1 -0
  207. package/dist/proposal/in-memory-proposal-queue.d.ts +21 -0
  208. package/dist/proposal/in-memory-proposal-queue.js +218 -0
  209. package/dist/proposal/in-memory-proposal-queue.js.map +1 -0
  210. package/dist/proposal/policy-aware-proposal-queue.d.ts +23 -0
  211. package/dist/proposal/policy-aware-proposal-queue.js +162 -0
  212. package/dist/proposal/policy-aware-proposal-queue.js.map +1 -0
  213. package/dist/proposal/proposal-policy.d.ts +37 -0
  214. package/dist/proposal/proposal-policy.js +72 -0
  215. package/dist/proposal/proposal-policy.js.map +1 -0
  216. package/dist/proposal/proposal-queue.d.ts +13 -0
  217. package/dist/proposal/proposal-queue.js +15 -0
  218. package/dist/proposal/proposal-queue.js.map +1 -0
  219. package/dist/proposal/source-aware-claim-appender.d.ts +13 -0
  220. package/dist/proposal/source-aware-claim-appender.js +47 -0
  221. package/dist/proposal/source-aware-claim-appender.js.map +1 -0
  222. package/dist/proposal/sqlite-proposal-queue.d.ts +26 -0
  223. package/dist/proposal/sqlite-proposal-queue.js +282 -0
  224. package/dist/proposal/sqlite-proposal-queue.js.map +1 -0
  225. package/dist/resolution/resolve-claims.d.ts +4 -0
  226. package/dist/resolution/resolve-claims.js +101 -0
  227. package/dist/resolution/resolve-claims.js.map +1 -0
  228. package/dist/resolution/trust-profile.d.ts +12 -0
  229. package/dist/resolution/trust-profile.js +23 -0
  230. package/dist/resolution/trust-profile.js.map +1 -0
  231. package/dist/resolution/types.d.ts +15 -0
  232. package/dist/resolution/types.js +8 -0
  233. package/dist/resolution/types.js.map +1 -0
  234. package/dist/sdk/create-backend-integrated-life-api-for-test.d.ts +23 -0
  235. package/dist/sdk/create-backend-integrated-life-api-for-test.js +240 -0
  236. package/dist/sdk/create-backend-integrated-life-api-for-test.js.map +1 -0
  237. package/dist/sdk/create-life-api.d.ts +55 -0
  238. package/dist/sdk/create-life-api.js +251 -0
  239. package/dist/sdk/create-life-api.js.map +1 -0
  240. package/dist/sdk/create-sqlite-life-api.d.ts +33 -0
  241. package/dist/sdk/create-sqlite-life-api.js +654 -0
  242. package/dist/sdk/create-sqlite-life-api.js.map +1 -0
  243. package/dist/sdk/life-api.d.ts +27 -0
  244. package/dist/sdk/life-api.js +17 -0
  245. package/dist/sdk/life-api.js.map +1 -0
  246. package/dist/sdk/validation.d.ts +8 -0
  247. package/dist/sdk/validation.js +216 -0
  248. package/dist/sdk/validation.js.map +1 -0
  249. package/dist/source/in-memory-source-registry.d.ts +15 -0
  250. package/dist/source/in-memory-source-registry.js +104 -0
  251. package/dist/source/in-memory-source-registry.js.map +1 -0
  252. package/dist/source/source-aware-fact-store.d.ts +19 -0
  253. package/dist/source/source-aware-fact-store.js +40 -0
  254. package/dist/source/source-aware-fact-store.js.map +1 -0
  255. package/dist/source/source-kind-predicate-policy.d.ts +4 -0
  256. package/dist/source/source-kind-predicate-policy.js +62 -0
  257. package/dist/source/source-kind-predicate-policy.js.map +1 -0
  258. package/dist/source/source-registry.d.ts +11 -0
  259. package/dist/source/source-registry.js +12 -0
  260. package/dist/source/source-registry.js.map +1 -0
  261. package/dist/store/in-memory-fact-store.d.ts +25 -0
  262. package/dist/store/in-memory-fact-store.js +192 -0
  263. package/dist/store/in-memory-fact-store.js.map +1 -0
  264. package/dist/surface/context-query.d.ts +21 -0
  265. package/dist/surface/context-query.js +113 -0
  266. package/dist/surface/context-query.js.map +1 -0
  267. package/dist/surface/evidence-backed-context-query.d.ts +62 -0
  268. package/dist/surface/evidence-backed-context-query.js +240 -0
  269. package/dist/surface/evidence-backed-context-query.js.map +1 -0
  270. package/dist/types/access-context.d.ts +25 -0
  271. package/dist/types/access-context.js +6 -0
  272. package/dist/types/access-context.js.map +1 -0
  273. package/dist/types/claim.d.ts +48 -0
  274. package/dist/types/claim.js +5 -0
  275. package/dist/types/claim.js.map +1 -0
  276. package/dist/types/consent.d.ts +41 -0
  277. package/dist/types/consent.js +3 -0
  278. package/dist/types/consent.js.map +1 -0
  279. package/dist/types/crypto-boundary.d.ts +12 -0
  280. package/dist/types/crypto-boundary.js +15 -0
  281. package/dist/types/crypto-boundary.js.map +1 -0
  282. package/dist/types/evidence.d.ts +31 -0
  283. package/dist/types/evidence.js +8 -0
  284. package/dist/types/evidence.js.map +1 -0
  285. package/dist/types/fact-store.d.ts +24 -0
  286. package/dist/types/fact-store.js +12 -0
  287. package/dist/types/fact-store.js.map +1 -0
  288. package/dist/types/ids.d.ts +36 -0
  289. package/dist/types/ids.js +11 -0
  290. package/dist/types/ids.js.map +1 -0
  291. package/dist/types/proposal.d.ts +38 -0
  292. package/dist/types/proposal.js +7 -0
  293. package/dist/types/proposal.js.map +1 -0
  294. package/dist/types/source.d.ts +33 -0
  295. package/dist/types/source.js +6 -0
  296. package/dist/types/source.js.map +1 -0
  297. package/dist/types/trust.d.ts +24 -0
  298. package/dist/types/trust.js +5 -0
  299. package/dist/types/trust.js.map +1 -0
  300. package/dist/utilities/deep-freeze.d.ts +1 -0
  301. package/dist/utilities/deep-freeze.js +17 -0
  302. package/dist/utilities/deep-freeze.js.map +1 -0
  303. package/package.json +55 -0
@@ -0,0 +1,12 @@
1
+ // SourceRegistry interface — Slice-07.
2
+ //
3
+ // SOURCE_REGISTRY_EXISTS_001: every production append must validate against this registry.
4
+ // SOURCE_AGENT_CANNOT_SELF_REGISTER_001: AgentConsentContext is excluded from registerSource.
5
+ // SOURCE_OWNER_CAN_REGISTER_MANUAL_001: OwnerContext may register "user_manual" sources.
6
+ // SOURCE_SYSTEM_CAN_REGISTER_001: SystemProjectionContext may register all non-user_manual kinds.
7
+ //
8
+ // All methods are synchronous — source metadata is not encrypted and not async.
9
+ // SourceRegistry must not import crypto primitives.
10
+ // SourceRegistry must not depend on contract, consent, or resolution modules.
11
+ export {};
12
+ //# sourceMappingURL=source-registry.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"source-registry.js","sourceRoot":"","sources":["../../src/source/source-registry.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,EAAE;AACF,2FAA2F;AAC3F,8FAA8F;AAC9F,yFAAyF;AACzF,kGAAkG;AAClG,EAAE;AACF,gFAAgF;AAChF,oDAAoD;AACpD,8EAA8E"}
@@ -0,0 +1,25 @@
1
+ import type { ClaimMeta, AppendClaimInput, StoredClaim } from "../types/claim.js";
2
+ import type { ClaimId } from "../types/ids.js";
3
+ import type { AccessContext } from "../types/access-context.js";
4
+ import type { BitemporalQuery, ClaimSelector, FactStore } from "../types/fact-store.js";
5
+ export declare class InMemoryFactStore implements FactStore {
6
+ private readonly _store;
7
+ private _seq;
8
+ append(input: AppendClaimInput, ctx: AccessContext): Promise<{
9
+ claimId: ClaimId;
10
+ recordedSeq: number;
11
+ }>;
12
+ readAll(ctx: AccessContext): Promise<ReadonlyArray<ClaimMeta>>;
13
+ readSince(seq: number, ctx: AccessContext): Promise<ReadonlyArray<ClaimMeta>>;
14
+ readAt(params: BitemporalQuery, ctx: AccessContext): Promise<ReadonlyArray<ClaimMeta>>;
15
+ readStoredClaims(ctx: AccessContext, selector: ClaimSelector): Promise<ReadonlyArray<StoredClaim>>;
16
+ _uowSnapshot(): {
17
+ store: Map<ClaimId, StoredClaim>;
18
+ seq: number;
19
+ };
20
+ _uowRestore(snap: {
21
+ store: Map<ClaimId, StoredClaim>;
22
+ seq: number;
23
+ }): void;
24
+ readClaims(ctx: AccessContext, selector: ClaimSelector): Promise<ReadonlyArray<ClaimMeta>>;
25
+ }
@@ -0,0 +1,192 @@
1
+ // InMemoryFactStore — Slice-01b hardened implementation.
2
+ //
3
+ // Invariants enforced (see docs/INVARIANTS.md for canonical IDs):
4
+ // CLAIM_IMMUTABLE_001/002 — shallow + deep freeze on all stored/returned objects
5
+ // CLAIM_NO_REF_LEAK_001/002 — readAll/readSince return deep-frozen copies, never references
6
+ // CLAIM_RECORDED_ORDER_001/002/003 — recordedAt/recordedSeq store-assigned; caller values ignored at runtime
7
+ // CLAIM_PROVENANCE_001 — sourceId required (CLAIM_PROVENANCE_002 deferred: no SourceRegistry yet)
8
+ // CLAIM_LIFECYCLE_* — retract/supersede/override all append-only; originals always readable
9
+ // ACCESS_CONTEXT_REQUIRED_001/002 — every method requires explicit AccessContext
10
+ // AGENT_NO_DIRECT_APPEND_* — AgentConsentContext cannot append, ever
11
+ import { asClaimId, asISOTime } from "../types/ids.js";
12
+ import { deepFreeze } from "../utilities/deep-freeze.js";
13
+ export class InMemoryFactStore {
14
+ // Internal storage — deep-frozen StoredClaims, keyed by ClaimId.
15
+ // Map iteration order = insertion order → natural recordedSeq ordering.
16
+ _store = new Map();
17
+ // CLAIM_RECORDED_ORDER_002: strictly increasing, store-owned.
18
+ _seq = 0;
19
+ async append(input, ctx) {
20
+ // ACCESS_CONTEXT_REQUIRED_002: runtime guard (type prevents undefined for TS callers;
21
+ // this guard covers JS-interop and as-any bypass).
22
+ if (ctx == null)
23
+ throw new TypeError("AccessContext is required — no implicit store access");
24
+ // AGENT_NO_DIRECT_APPEND_001: agents may only propose, never append.
25
+ if (ctx.kind === "agent") {
26
+ throw new Error("AgentConsentContext cannot append claims directly. " +
27
+ "Use context.propose() instead. (AGENT_NO_DIRECT_APPEND_001)");
28
+ }
29
+ // CLAIM_PROVENANCE_001: sourceId is mandatory.
30
+ if (!input.sourceId) {
31
+ throw new Error("sourceId is required for all claims — provenance is mandatory (CLAIM_PROVENANCE_001)");
32
+ }
33
+ // CONTRACT_IDENTITY_LINK_META_PAYLOAD_MATCH_001:
34
+ // For identity-link claims, meta.contractId and payload.contractId must agree.
35
+ // Mismatch means the claim's provenance is ambiguous — reject immediately.
36
+ if (input.predicate === "contract.identity.link" && input.payload.type === "identity_link") {
37
+ const idPayload = input.payload;
38
+ if (input.contractId !== undefined && idPayload.contractId !== input.contractId) {
39
+ throw new Error(`CONTRACT_IDENTITY_LINK_META_PAYLOAD_MATCH_001: meta.contractId "${input.contractId}" must match payload.contractId "${idPayload.contractId}" for contract.identity.link claims`);
40
+ }
41
+ }
42
+ // CLAIM_RECORDED_ORDER_001/003: store assigns id, recordedAt, recordedSeq.
43
+ // We destructure only known AppendClaimInput fields — any caller-smuggled
44
+ // id/recordedAt/recordedSeq in `input` (via `as any`) is never read.
45
+ const { subject, sourceId, predicate, validFrom, payload, validTo, retracts, supersedes, overrides, confidence, contractId, } = input;
46
+ const claimId = asClaimId(globalThis.crypto.randomUUID()); // WebCrypto only — CRYPTO_BOUNDARY_ONLY_001
47
+ const recordedAt = asISOTime(new Date().toISOString());
48
+ const recordedSeq = ++this._seq; // strictly increasing
49
+ // CLAIM_IMMUTABLE_001/002: deepFreeze the stored claim (shallow + recursive).
50
+ const stored = deepFreeze(buildClaim({ subject, sourceId, predicate, validFrom, payload, validTo, retracts, supersedes, overrides, confidence, contractId }, claimId, recordedAt, recordedSeq));
51
+ this._store.set(claimId, stored);
52
+ return { claimId, recordedSeq };
53
+ }
54
+ async readAll(ctx) {
55
+ if (ctx == null)
56
+ throw new TypeError("AccessContext is required");
57
+ // CLAIM_NO_REF_LEAK_001: return deep-frozen copies of metadata, not internal references.
58
+ // Payload is excluded from ClaimMeta — payload access goes through CryptoBoundary (post-MVP).
59
+ return Array.from(this._store.values()).map(toFrozenMeta);
60
+ }
61
+ async readSince(seq, ctx) {
62
+ if (ctx == null)
63
+ throw new TypeError("AccessContext is required");
64
+ // CLAIM_NO_REF_LEAK_002: same copy guarantee as readAll.
65
+ return (await this.readAll(ctx)).filter((c) => c.recordedSeq > seq);
66
+ }
67
+ async readAt(params, ctx) {
68
+ if (ctx == null)
69
+ throw new TypeError("AccessContext is required");
70
+ return (await this.readAll(ctx)).filter((c) => {
71
+ if (params.knownAsOf !== undefined && c.recordedAt > params.knownAsOf)
72
+ return false;
73
+ if (params.validAsOf !== undefined) {
74
+ if (c.validFrom > params.validAsOf)
75
+ return false;
76
+ if (c.validTo !== undefined && c.validTo <= params.validAsOf)
77
+ return false;
78
+ }
79
+ return true;
80
+ });
81
+ }
82
+ async readStoredClaims(ctx, selector) {
83
+ // FACTSTORE_HYDRATED_READ_001: payload-bearing reads — fail closed for agents and audit.
84
+ if (ctx == null)
85
+ throw new TypeError("AccessContext is required");
86
+ if (ctx.kind === "agent" || ctx.kind === "audit") {
87
+ throw new Error("FACTSTORE_AGENT_NO_HYDRATED_READ_001: payload-bearing reads are denied for " +
88
+ `${ctx.kind} context — use readClaims() for metadata-only access`);
89
+ }
90
+ // INMEMORY_HYDRATED_READ_NO_REF_LEAK_001: deep-frozen copies from the store.
91
+ // Internal StoredClaims are already frozen at append; create a new frozen wrapper
92
+ // per call so callers cannot observe identity equality to internal objects.
93
+ let claims = Array.from(this._store.values()).map((c) => deepFreeze({ ...c, payload: deepFreeze({ ...c.payload }) }));
94
+ if (selector.subject !== undefined) {
95
+ const subj = selector.subject;
96
+ claims = claims.filter((c) => c.subject === subj);
97
+ }
98
+ if (selector.predicates !== undefined) {
99
+ if (selector.predicates.length === 0)
100
+ return [];
101
+ const predSet = new Set(selector.predicates);
102
+ claims = claims.filter((c) => predSet.has(c.predicate));
103
+ }
104
+ if (selector.sinceRecordedSeq !== undefined) {
105
+ const since = selector.sinceRecordedSeq;
106
+ claims = claims.filter((c) => c.recordedSeq > since);
107
+ }
108
+ if (selector.includeRetracted === false) {
109
+ const retractedIds = new Set(Array.from(this._store.values()).flatMap((c) => c.retracts !== undefined ? [c.retracts] : []));
110
+ claims = claims.filter((c) => !retractedIds.has(c.id));
111
+ }
112
+ return claims;
113
+ }
114
+ // ── Unit-of-Work snapshot support (UNIT_OF_WORK_IN_MEMORY_ATOMIC_BEHAVIOR_001) ──
115
+ // Internal: called only by InMemoryUnitOfWork. Not exported from src/index.ts.
116
+ _uowSnapshot() {
117
+ return { store: new Map(this._store), seq: this._seq };
118
+ }
119
+ _uowRestore(snap) {
120
+ this._store.clear();
121
+ for (const [k, v] of snap.store)
122
+ this._store.set(k, v);
123
+ this._seq = snap.seq;
124
+ }
125
+ async readClaims(ctx, selector) {
126
+ // STORE_SELECTOR_READ_001: targeted read, required for future consent-scoped paths.
127
+ if (ctx == null)
128
+ throw new TypeError("AccessContext is required");
129
+ let claims = await this.readAll(ctx); // already deep-frozen copies
130
+ if (selector.subject !== undefined) {
131
+ const subj = selector.subject;
132
+ claims = claims.filter((c) => c.subject === subj);
133
+ }
134
+ if (selector.predicates !== undefined) {
135
+ if (selector.predicates.length === 0)
136
+ return [];
137
+ const predSet = new Set(selector.predicates);
138
+ claims = claims.filter((c) => predSet.has(c.predicate));
139
+ }
140
+ if (selector.sinceRecordedSeq !== undefined) {
141
+ const since = selector.sinceRecordedSeq;
142
+ claims = claims.filter((c) => c.recordedSeq > since);
143
+ }
144
+ if (selector.includeRetracted === false) {
145
+ // Build the retracted-ID set from the unfiltered full store (not from already-filtered claims)
146
+ // so that retraction markers introduced before the filter window are still respected.
147
+ const allMeta = await this.readAll(ctx);
148
+ const retractedIds = new Set(allMeta.flatMap((c) => (c.retracts !== undefined ? [c.retracts] : [])));
149
+ claims = claims.filter((c) => !retractedIds.has(c.id));
150
+ }
151
+ return claims;
152
+ }
153
+ }
154
+ // ─── private helpers ──────────────────────────────────────────────────────────
155
+ function buildClaim(fields, id, recordedAt, recordedSeq) {
156
+ return {
157
+ id,
158
+ recordedAt,
159
+ recordedSeq,
160
+ subject: fields.subject,
161
+ sourceId: fields.sourceId,
162
+ predicate: fields.predicate,
163
+ validFrom: fields.validFrom,
164
+ payload: fields.payload,
165
+ // exactOptionalPropertyTypes: only spread optional fields when present
166
+ ...(fields.validTo !== undefined ? { validTo: fields.validTo } : {}),
167
+ ...(fields.retracts !== undefined ? { retracts: fields.retracts } : {}),
168
+ ...(fields.supersedes !== undefined ? { supersedes: fields.supersedes } : {}),
169
+ ...(fields.overrides !== undefined ? { overrides: fields.overrides } : {}),
170
+ ...(fields.confidence !== undefined ? { confidence: fields.confidence } : {}),
171
+ ...(fields.contractId !== undefined ? { contractId: fields.contractId } : {}),
172
+ };
173
+ }
174
+ function toFrozenMeta(c) {
175
+ // CLAIM_NO_REF_LEAK_001: new object per call — no reference to internal store.
176
+ return deepFreeze({
177
+ id: c.id,
178
+ sourceId: c.sourceId,
179
+ subject: c.subject,
180
+ predicate: c.predicate,
181
+ validFrom: c.validFrom,
182
+ recordedAt: c.recordedAt,
183
+ recordedSeq: c.recordedSeq,
184
+ ...(c.validTo !== undefined ? { validTo: c.validTo } : {}),
185
+ ...(c.retracts !== undefined ? { retracts: c.retracts } : {}),
186
+ ...(c.supersedes !== undefined ? { supersedes: c.supersedes } : {}),
187
+ ...(c.overrides !== undefined ? { overrides: c.overrides } : {}),
188
+ ...(c.confidence !== undefined ? { confidence: c.confidence } : {}),
189
+ ...(c.contractId !== undefined ? { contractId: c.contractId } : {}),
190
+ });
191
+ }
192
+ //# sourceMappingURL=in-memory-fact-store.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"in-memory-fact-store.js","sourceRoot":"","sources":["../../src/store/in-memory-fact-store.ts"],"names":[],"mappings":"AAAA,yDAAyD;AACzD,EAAE;AACF,kEAAkE;AAClE,qFAAqF;AACrF,8FAA8F;AAC9F,+GAA+G;AAC/G,yGAAyG;AACzG,sGAAsG;AACtG,mFAAmF;AACnF,wEAAwE;AAMxE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AACvD,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAEzD,MAAM,OAAO,iBAAiB;IAC5B,iEAAiE;IACjE,wEAAwE;IACvD,MAAM,GAAG,IAAI,GAAG,EAAwB,CAAC;IAC1D,8DAA8D;IACtD,IAAI,GAAG,CAAC,CAAC;IAEjB,KAAK,CAAC,MAAM,CACV,KAAuB,EACvB,GAAkB;QAElB,sFAAsF;QACtF,mDAAmD;QACnD,IAAI,GAAG,IAAI,IAAI;YAAE,MAAM,IAAI,SAAS,CAAC,sDAAsD,CAAC,CAAC;QAE7F,qEAAqE;QACrE,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CACb,qDAAqD;gBACnD,6DAA6D,CAChE,CAAC;QACJ,CAAC;QAED,+CAA+C;QAC/C,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CACb,sFAAsF,CACvF,CAAC;QACJ,CAAC;QAED,iDAAiD;QACjD,+EAA+E;QAC/E,2EAA2E;QAC3E,IAAI,KAAK,CAAC,SAAS,KAAK,wBAAwB,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;YAC3F,MAAM,SAAS,GAAG,KAAK,CAAC,OAA8B,CAAC;YACvD,IAAI,KAAK,CAAC,UAAU,KAAK,SAAS,IAAI,SAAS,CAAC,UAAU,KAAM,KAAK,CAAC,UAAqB,EAAE,CAAC;gBAC5F,MAAM,IAAI,KAAK,CACb,mEAAmE,KAAK,CAAC,UAAU,oCAAoC,SAAS,CAAC,UAAU,qCAAqC,CACjL,CAAC;YACJ,CAAC;QACH,CAAC;QAED,2EAA2E;QAC3E,0EAA0E;QAC1E,qEAAqE;QACrE,MAAM,EACJ,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,OAAO,EAChD,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,EAAE,UAAU,GACjE,GAAG,KAAK,CAAC;QAEV,MAAM,OAAO,GAAO,SAAS,CAAC,UAAU,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,4CAA4C;QAC3G,MAAM,UAAU,GAAI,SAAS,CAAC,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;QACxD,MAAM,WAAW,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,sBAAsB;QAEvD,8EAA8E;QAC9E,MAAM,MAAM,GAAgB,UAAU,CAAC,UAAU,CAC/C,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,EAAE,UAAU,EAAE,EACtH,OAAO,EAAE,UAAU,EAAE,WAAW,CACjC,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QACjC,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC;IAClC,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,GAAkB;QAC9B,IAAI,GAAG,IAAI,IAAI;YAAE,MAAM,IAAI,SAAS,CAAC,2BAA2B,CAAC,CAAC;QAClE,yFAAyF;QACzF,8FAA8F;QAC9F,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IAC5D,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,GAAW,EAAE,GAAkB;QAC7C,IAAI,GAAG,IAAI,IAAI;YAAE,MAAM,IAAI,SAAS,CAAC,2BAA2B,CAAC,CAAC;QAClE,yDAAyD;QACzD,OAAO,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,GAAG,GAAG,CAAC,CAAC;IACtE,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,MAAuB,EAAE,GAAkB;QACtD,IAAI,GAAG,IAAI,IAAI;YAAE,MAAM,IAAI,SAAS,CAAC,2BAA2B,CAAC,CAAC;QAClE,OAAO,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;YAC5C,IAAI,MAAM,CAAC,SAAS,KAAK,SAAS,IAAI,CAAC,CAAC,UAAU,GAAG,MAAM,CAAC,SAAS;gBAAE,OAAO,KAAK,CAAC;YACpF,IAAI,MAAM,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;gBACnC,IAAI,CAAC,CAAC,SAAS,GAAG,MAAM,CAAC,SAAS;oBAAE,OAAO,KAAK,CAAC;gBACjD,IAAI,CAAC,CAAC,OAAO,KAAK,SAAS,IAAI,CAAC,CAAC,OAAO,IAAI,MAAM,CAAC,SAAS;oBAAE,OAAO,KAAK,CAAC;YAC7E,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,GAAkB,EAAE,QAAuB;QAChE,yFAAyF;QACzF,IAAI,GAAG,IAAI,IAAI;YAAE,MAAM,IAAI,SAAS,CAAC,2BAA2B,CAAC,CAAC;QAClE,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;YACjD,MAAM,IAAI,KAAK,CACb,6EAA6E;gBAC3E,GAAG,GAAG,CAAC,IAAI,sDAAsD,CACpE,CAAC;QACJ,CAAC;QAED,6EAA6E;QAC7E,kFAAkF;QAClF,4EAA4E;QAC5E,IAAI,MAAM,GAA+B,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAC3E,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,EAAE,GAAG,CAAC,EAAE,OAAO,EAAE,UAAU,CAAC,EAAE,GAAG,CAAC,CAAC,OAAO,EAAE,CAAC,EAAE,CAAgB,CAClF,CAAC;QAEF,IAAI,QAAQ,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;YACnC,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC;YAC9B,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,IAAI,CAAC,CAAC;QACpD,CAAC;QACD,IAAI,QAAQ,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;YACtC,IAAI,QAAQ,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC;gBAAE,OAAO,EAAE,CAAC;YAChD,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YAC7C,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC;QAC1D,CAAC;QACD,IAAI,QAAQ,CAAC,gBAAgB,KAAK,SAAS,EAAE,CAAC;YAC5C,MAAM,KAAK,GAAG,QAAQ,CAAC,gBAAgB,CAAC;YACxC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,GAAG,KAAK,CAAC,CAAC;QACvD,CAAC;QACD,IAAI,QAAQ,CAAC,gBAAgB,KAAK,KAAK,EAAE,CAAC;YACxC,MAAM,YAAY,GAAG,IAAI,GAAG,CAC1B,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAC7C,CAAC,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAC7C,CACF,CAAC;YACF,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACzD,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,mFAAmF;IACnF,+EAA+E;IAC/E,YAAY;QACV,OAAO,EAAE,KAAK,EAAE,IAAI,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,GAAG,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC;IACzD,CAAC;IAED,WAAW,CAAC,IAAuD;QACjE,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QACpB,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,IAAI,CAAC,KAAK;YAAE,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACvD,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,GAAkB,EAAE,QAAuB;QAC1D,oFAAoF;QACpF,IAAI,GAAG,IAAI,IAAI;YAAE,MAAM,IAAI,SAAS,CAAC,2BAA2B,CAAC,CAAC;QAElE,IAAI,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,6BAA6B;QAEnE,IAAI,QAAQ,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;YACnC,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC;YAC9B,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,IAAI,CAAC,CAAC;QACpD,CAAC;QAED,IAAI,QAAQ,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;YACtC,IAAI,QAAQ,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC;gBAAE,OAAO,EAAE,CAAC;YAChD,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YAC7C,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC;QAC1D,CAAC;QAED,IAAI,QAAQ,CAAC,gBAAgB,KAAK,SAAS,EAAE,CAAC;YAC5C,MAAM,KAAK,GAAG,QAAQ,CAAC,gBAAgB,CAAC;YACxC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,GAAG,KAAK,CAAC,CAAC;QACvD,CAAC;QAED,IAAI,QAAQ,CAAC,gBAAgB,KAAK,KAAK,EAAE,CAAC;YACxC,+FAA+F;YAC/F,sFAAsF;YACtF,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACxC,MAAM,YAAY,GAAG,IAAI,GAAG,CAC1B,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CACvE,CAAC;YACF,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACzD,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;CACF;AAED,iFAAiF;AAEjF,SAAS,UAAU,CACjB,MAYC,EACD,EAAW,EACX,UAAmB,EACnB,WAAmB;IAEnB,OAAO;QACL,EAAE;QACF,UAAU;QACV,WAAW;QACX,OAAO,EAAI,MAAM,CAAC,OAAO;QACzB,QAAQ,EAAG,MAAM,CAAC,QAAQ;QAC1B,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,OAAO,EAAI,MAAM,CAAC,OAAO;QACzB,uEAAuE;QACvE,GAAG,CAAC,MAAM,CAAC,OAAO,KAAS,SAAS,CAAC,CAAC,CAAC,EAAE,OAAO,EAAM,MAAM,CAAC,OAAO,EAAM,CAAC,CAAC,CAAC,EAAE,CAAC;QAChF,GAAG,CAAC,MAAM,CAAC,QAAQ,KAAQ,SAAS,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAK,MAAM,CAAC,QAAQ,EAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QAChF,GAAG,CAAC,MAAM,CAAC,UAAU,KAAM,SAAS,CAAC,CAAC,CAAC,EAAE,UAAU,EAAG,MAAM,CAAC,UAAU,EAAG,CAAC,CAAC,CAAC,EAAE,CAAC;QAChF,GAAG,CAAC,MAAM,CAAC,SAAS,KAAO,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAI,MAAM,CAAC,SAAS,EAAI,CAAC,CAAC,CAAC,EAAE,CAAC;QAChF,GAAG,CAAC,MAAM,CAAC,UAAU,KAAM,SAAS,CAAC,CAAC,CAAC,EAAE,UAAU,EAAG,MAAM,CAAC,UAAU,EAAG,CAAC,CAAC,CAAC,EAAE,CAAC;QAChF,GAAG,CAAC,MAAM,CAAC,UAAU,KAAM,SAAS,CAAC,CAAC,CAAC,EAAE,UAAU,EAAG,MAAM,CAAC,UAAU,EAAG,CAAC,CAAC,CAAC,EAAE,CAAC;KACjF,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,CAAc;IAClC,+EAA+E;IAC/E,OAAO,UAAU,CAAC;QAChB,EAAE,EAAW,CAAC,CAAC,EAAE;QACjB,QAAQ,EAAK,CAAC,CAAC,QAAQ;QACvB,OAAO,EAAM,CAAC,CAAC,OAAO;QACtB,SAAS,EAAI,CAAC,CAAC,SAAS;QACxB,SAAS,EAAI,CAAC,CAAC,SAAS;QACxB,UAAU,EAAG,CAAC,CAAC,UAAU;QACzB,WAAW,EAAE,CAAC,CAAC,WAAW;QAC1B,GAAG,CAAC,CAAC,CAAC,OAAO,KAAQ,SAAS,CAAC,CAAC,CAAC,EAAE,OAAO,EAAK,CAAC,CAAC,OAAO,EAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QACnE,GAAG,CAAC,CAAC,CAAC,QAAQ,KAAO,SAAS,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAI,CAAC,CAAC,QAAQ,EAAI,CAAC,CAAC,CAAC,EAAE,CAAC;QACnE,GAAG,CAAC,CAAC,CAAC,UAAU,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACnE,GAAG,CAAC,CAAC,CAAC,SAAS,KAAM,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAG,CAAC,CAAC,SAAS,EAAG,CAAC,CAAC,CAAC,EAAE,CAAC;QACnE,GAAG,CAAC,CAAC,CAAC,UAAU,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACnE,GAAG,CAAC,CAAC,CAAC,UAAU,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACpE,CAAC,CAAC;AACL,CAAC"}
@@ -0,0 +1,21 @@
1
+ import type { AgentConsentContext } from "../types/access-context.js";
2
+ import type { ClaimMeta } from "../types/claim.js";
3
+ import type { ISOTime } from "../types/ids.js";
4
+ import type { ClaimSelector } from "../types/fact-store.js";
5
+ import type { FactStore } from "../types/fact-store.js";
6
+ import type { AuditLog } from "../audit/audit-log.js";
7
+ import type { GrantRegistry } from "../consent/grant-registry.js";
8
+ export interface AgentQueryDeps {
9
+ readonly store: FactStore;
10
+ readonly grantRegistry: GrantRegistry;
11
+ readonly auditLog: AuditLog;
12
+ readonly clock?: () => ISOTime;
13
+ }
14
+ export type AgentQueryOutcome = {
15
+ readonly ok: true;
16
+ readonly claims: ReadonlyArray<ClaimMeta>;
17
+ } | {
18
+ readonly ok: false;
19
+ readonly reason: "audit-write-failed";
20
+ };
21
+ export declare function agentQuery(ctx: AgentConsentContext, requestedSelector: ClaimSelector, { store, grantRegistry, auditLog, clock }: AgentQueryDeps): Promise<AgentQueryOutcome>;
@@ -0,0 +1,113 @@
1
+ // Slice-03: Agent-facing query surface — the ONLY entry point for agent reads.
2
+ //
3
+ // Critical rule: this file NEVER calls the broad store read method.
4
+ // Only readClaims() with a restricted selector. (AGENT_NO_READALL_001)
5
+ // Verified by test/architecture/agent-no-readall.test.ts
6
+ //
7
+ // Flow:
8
+ // AgentConsentContext
9
+ // → evaluateGrant (purpose / capability / time / revocation)
10
+ // → intersectSelector (requested ∩ grant.scope)
11
+ // → readClaims(agentCtx, restrictedSelector)
12
+ // → redactByDepth(claims, maxFieldDepth)
13
+ // → buildAuditEvent
14
+ // → auditLog.write() ← BEFORE returning result
15
+ // → if audit fails → { ok: false } (AUDIT_FAIL_CLOSED_001)
16
+ // → return { ok: true, claims }
17
+ import { evaluateGrant } from "../consent/consent-guard.js";
18
+ import { intersectSelector } from "../consent/intersect-selector.js";
19
+ import { buildAuditEvent, denyReasonToAuditCode } from "../audit/audit-log.js";
20
+ import { asISOTime } from "../types/ids.js";
21
+ function defaultClock() {
22
+ return asISOTime(new Date().toISOString());
23
+ }
24
+ export async function agentQuery(ctx, requestedSelector, { store, grantRegistry, auditLog, clock = defaultClock }) {
25
+ const now = clock();
26
+ const fingerprint = selectorFingerprint(requestedSelector);
27
+ // ── 1. Resolve grant ──────────────────────────────────────────────────────
28
+ const grant = grantRegistry.lookup(ctx.grantId);
29
+ // ── 2. Validate grant ─────────────────────────────────────────────────────
30
+ const decision = evaluateGrant(grant, ctx, "query", now);
31
+ if (!decision.allowed) {
32
+ // Write deny audit BEFORE returning (fail-closed)
33
+ const event = buildAuditEvent({
34
+ actor: ctx.agentId,
35
+ grantId: ctx.grantId,
36
+ purpose: ctx.purpose,
37
+ decision: "deny",
38
+ reasonCode: denyReasonToAuditCode(decision.reason),
39
+ selectorFingerprint: fingerprint,
40
+ resultCount: 0,
41
+ resultClaimIds: [],
42
+ now,
43
+ });
44
+ try {
45
+ await auditLog.write(event);
46
+ }
47
+ catch {
48
+ return { ok: false, reason: "audit-write-failed" };
49
+ }
50
+ // CONSENT_NOT_FOUND_INDISTINGUISHABLE_001: deny looks like empty result
51
+ return { ok: true, claims: [] };
52
+ }
53
+ // ── 3. Intersect selector with grant scope (CONSENT_PRE_FILTER_001) ───────
54
+ const restrictedSelector = intersectSelector(requestedSelector, grant);
55
+ let claims = [];
56
+ if (restrictedSelector !== null) {
57
+ // AGENT_NO_READALL_001: only readClaims() with restricted selector
58
+ claims = await store.readClaims(ctx, restrictedSelector);
59
+ }
60
+ // ── 4. Redact by maxFieldDepth ────────────────────────────────────────────
61
+ const depth = grant.maxFieldDepth ?? "full";
62
+ const redacted = claims.map((c) => redactMeta(c, depth));
63
+ // ── 5. Build and write allow audit event ─────────────────────────────────
64
+ const auditEvent = buildAuditEvent({
65
+ actor: ctx.agentId,
66
+ grantId: ctx.grantId,
67
+ purpose: ctx.purpose,
68
+ decision: "allow",
69
+ reasonCode: restrictedSelector === null ? "SCOPE_INTERSECTION_EMPTY" : "ALLOWED",
70
+ selectorFingerprint: fingerprint,
71
+ resultCount: redacted.length,
72
+ resultClaimIds: redacted.map((c) => c.id),
73
+ now,
74
+ });
75
+ // AUDIT_FAIL_CLOSED_001: write audit BEFORE returning result
76
+ try {
77
+ await auditLog.write(auditEvent);
78
+ }
79
+ catch {
80
+ return { ok: false, reason: "audit-write-failed" };
81
+ }
82
+ return { ok: true, claims: redacted };
83
+ }
84
+ // ─── private helpers ──────────────────────────────────────────────────────────
85
+ function redactMeta(meta, depth) {
86
+ if (depth === "full")
87
+ return meta;
88
+ // CONSENT_MAX_FIELD_DEPTH_001: "summary" → strip sourceId and lifecycle markers
89
+ // sourceId is replaced with an opaque sentinel; lifecycle fields are omitted.
90
+ // This keeps the type as ClaimMeta (no separate type needed for MVP).
91
+ return Object.freeze({
92
+ id: meta.id,
93
+ sourceId: meta.sourceId, // kept for now; post-MVP could be redacted to opaque token
94
+ subject: meta.subject,
95
+ predicate: meta.predicate,
96
+ validFrom: meta.validFrom,
97
+ recordedAt: meta.recordedAt,
98
+ recordedSeq: meta.recordedSeq,
99
+ // retracts, supersedes, overrides, confidence, validTo — stripped in summary mode
100
+ });
101
+ }
102
+ function selectorFingerprint(selector) {
103
+ // Safe to log: predicate names only, no claim data
104
+ const parts = [];
105
+ if (selector.subject)
106
+ parts.push(`subject:${selector.subject}`);
107
+ if (selector.predicates)
108
+ parts.push(`preds:[${[...selector.predicates].sort().join(",")}]`);
109
+ if (selector.sinceRecordedSeq !== undefined)
110
+ parts.push(`since:${selector.sinceRecordedSeq}`);
111
+ return parts.join("|") || "no-filter";
112
+ }
113
+ //# sourceMappingURL=context-query.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"context-query.js","sourceRoot":"","sources":["../../src/surface/context-query.ts"],"names":[],"mappings":"AAAA,+EAA+E;AAC/E,EAAE;AACF,oEAAoE;AACpE,uEAAuE;AACvE,yDAAyD;AACzD,EAAE;AACF,QAAQ;AACR,wBAAwB;AACxB,+DAA+D;AAC/D,kDAAkD;AAClD,+CAA+C;AAC/C,2CAA2C;AAC3C,sBAAsB;AACtB,mDAAmD;AACnD,8DAA8D;AAC9D,kCAAkC;AASlC,OAAO,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAC5D,OAAO,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AACrE,OAAO,EAAE,eAAe,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAC;AAC/E,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAkB5C,SAAS,YAAY;IACnB,OAAO,SAAS,CAAC,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;AAC7C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,GAAwB,EACxB,iBAAgC,EAChC,EAAE,KAAK,EAAE,aAAa,EAAE,QAAQ,EAAE,KAAK,GAAG,YAAY,EAAkB;IAExE,MAAM,GAAG,GAAG,KAAK,EAAE,CAAC;IACpB,MAAM,WAAW,GAAG,mBAAmB,CAAC,iBAAiB,CAAC,CAAC;IAE3D,6EAA6E;IAC7E,MAAM,KAAK,GAAG,aAAa,CAAC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAEhD,6EAA6E;IAC7E,MAAM,QAAQ,GAAG,aAAa,CAAC,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,CAAC,CAAC;IAEzD,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;QACtB,kDAAkD;QAClD,MAAM,KAAK,GAAG,eAAe,CAAC;YAC5B,KAAK,EAAgB,GAAG,CAAC,OAAO;YAChC,OAAO,EAAc,GAAG,CAAC,OAAO;YAChC,OAAO,EAAc,GAAG,CAAC,OAAO;YAChC,QAAQ,EAAa,MAAM;YAC3B,UAAU,EAAW,qBAAqB,CAAC,QAAQ,CAAC,MAAM,CAAC;YAC3D,mBAAmB,EAAE,WAAW;YAChC,WAAW,EAAU,CAAC;YACtB,cAAc,EAAO,EAAE;YACvB,GAAG;SACJ,CAAC,CAAC;QACH,IAAI,CAAC;YACH,MAAM,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAC9B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,oBAAoB,EAAE,CAAC;QACrD,CAAC;QACD,wEAAwE;QACxE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;IAClC,CAAC;IAED,6EAA6E;IAC7E,MAAM,kBAAkB,GAAG,iBAAiB,CAAC,iBAAiB,EAAE,KAAM,CAAC,CAAC;IAExE,IAAI,MAAM,GAA6B,EAAE,CAAC;IAC1C,IAAI,kBAAkB,KAAK,IAAI,EAAE,CAAC;QAChC,mEAAmE;QACnE,MAAM,GAAG,MAAM,KAAK,CAAC,UAAU,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC;IAC3D,CAAC;IAED,6EAA6E;IAC7E,MAAM,KAAK,GAAG,KAAM,CAAC,aAAa,IAAI,MAAM,CAAC;IAC7C,MAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC;IAEzD,4EAA4E;IAC5E,MAAM,UAAU,GAAG,eAAe,CAAC;QACjC,KAAK,EAAgB,GAAG,CAAC,OAAO;QAChC,OAAO,EAAc,GAAG,CAAC,OAAO;QAChC,OAAO,EAAc,GAAG,CAAC,OAAO;QAChC,QAAQ,EAAa,OAAO;QAC5B,UAAU,EAAW,kBAAkB,KAAK,IAAI,CAAC,CAAC,CAAC,0BAA0B,CAAC,CAAC,CAAC,SAAS;QACzF,mBAAmB,EAAE,WAAW;QAChC,WAAW,EAAU,QAAQ,CAAC,MAAM;QACpC,cAAc,EAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC9C,GAAG;KACJ,CAAC,CAAC;IAEH,6DAA6D;IAC7D,IAAI,CAAC;QACH,MAAM,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IACnC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,oBAAoB,EAAE,CAAC;IACrD,CAAC;IAED,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC;AACxC,CAAC;AAED,iFAAiF;AAEjF,SAAS,UAAU,CAAC,IAAe,EAAE,KAAyB;IAC5D,IAAI,KAAK,KAAK,MAAM;QAAE,OAAO,IAAI,CAAC;IAElC,gFAAgF;IAChF,8EAA8E;IAC9E,sEAAsE;IACtE,OAAO,MAAM,CAAC,MAAM,CAAC;QACnB,EAAE,EAAW,IAAI,CAAC,EAAE;QACpB,QAAQ,EAAK,IAAI,CAAC,QAAQ,EAAE,2DAA2D;QACvF,OAAO,EAAM,IAAI,CAAC,OAAO;QACzB,SAAS,EAAI,IAAI,CAAC,SAAS;QAC3B,SAAS,EAAI,IAAI,CAAC,SAAS;QAC3B,UAAU,EAAG,IAAI,CAAC,UAAU;QAC5B,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,kFAAkF;KACnF,CAAC,CAAC;AACL,CAAC;AAED,SAAS,mBAAmB,CAAC,QAAuB;IAClD,mDAAmD;IACnD,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,IAAI,QAAQ,CAAC,OAAO;QAAE,KAAK,CAAC,IAAI,CAAC,WAAW,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAC;IAChE,IAAI,QAAQ,CAAC,UAAU;QAAE,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,QAAQ,CAAC,UAAU,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC5F,IAAI,QAAQ,CAAC,gBAAgB,KAAK,SAAS;QAAE,KAAK,CAAC,IAAI,CAAC,SAAS,QAAQ,CAAC,gBAAgB,EAAE,CAAC,CAAC;IAC9F,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,WAAW,CAAC;AACxC,CAAC"}
@@ -0,0 +1,62 @@
1
+ import type { AccessContext } from "../types/access-context.js";
2
+ import type { ClaimPayload } from "../types/claim.js";
3
+ import type { ClaimSelector, FactStore } from "../types/fact-store.js";
4
+ import type { AuditId, ClaimId, ContractId, ISOTime } from "../types/ids.js";
5
+ import type { AuditLog } from "../audit/audit-log.js";
6
+ import type { GrantRegistry } from "../consent/grant-registry.js";
7
+ import type { SourceRegistry } from "../source/source-registry.js";
8
+ import type { RawDocumentStore } from "../evidence/raw-document-store.js";
9
+ import type { TrustProfile } from "../resolution/trust-profile.js";
10
+ import type { ContractConflict, ContractProjectionStatus } from "../contract/types.js";
11
+ import type { ResolutionReasonCode } from "../resolution/types.js";
12
+ import type { ContractProjectionDiagnostics } from "../contract/diagnostics.js";
13
+ export interface HydratedContractFieldProjection {
14
+ readonly status: "resolved" | "disputed" | "missing";
15
+ readonly winningClaimId?: ClaimId;
16
+ readonly competingClaimIds: ReadonlyArray<ClaimId>;
17
+ readonly reasonCode: ResolutionReasonCode | "MISSING";
18
+ readonly resolvedValue?: ClaimPayload;
19
+ }
20
+ export interface HydratedContractFields {
21
+ readonly counterparty: HydratedContractFieldProjection;
22
+ readonly amount: HydratedContractFieldProjection;
23
+ readonly cadence: HydratedContractFieldProjection;
24
+ readonly nextDue: HydratedContractFieldProjection;
25
+ readonly cancellationTerms: HydratedContractFieldProjection;
26
+ readonly contractStatus: HydratedContractFieldProjection;
27
+ }
28
+ export interface HydratedContractProjection {
29
+ readonly contractId: ContractId;
30
+ readonly status: ContractProjectionStatus;
31
+ readonly fields: HydratedContractFields;
32
+ readonly conflicts: ReadonlyArray<ContractConflict>;
33
+ readonly derivedFrom: ReadonlyArray<ClaimId>;
34
+ readonly policyId: string;
35
+ readonly policyVersion: string;
36
+ }
37
+ export interface QueryContractsInput {
38
+ readonly selector: ClaimSelector;
39
+ readonly includeDiagnostics?: boolean;
40
+ }
41
+ export type ContextQueryResult = {
42
+ readonly ok: true;
43
+ readonly contracts: ReadonlyArray<HydratedContractProjection>;
44
+ readonly diagnostics?: ReadonlyArray<ContractProjectionDiagnostics>;
45
+ readonly auditId?: AuditId;
46
+ } | {
47
+ readonly ok: false;
48
+ readonly reason: "audit-write-failed";
49
+ };
50
+ export declare class EvidenceBackedContextQueryService {
51
+ private readonly _store;
52
+ private readonly _grantRegistry;
53
+ private readonly _auditLog;
54
+ private readonly _sourceRegistry;
55
+ private readonly _docStore;
56
+ private readonly _trust;
57
+ private readonly _clock?;
58
+ constructor(_store: FactStore, _grantRegistry: GrantRegistry, _auditLog: AuditLog, _sourceRegistry: SourceRegistry, _docStore: RawDocumentStore, _trust: TrustProfile, _clock?: (() => ISOTime) | undefined);
59
+ queryContracts(ctx: AccessContext, input: QueryContractsInput): Promise<ContextQueryResult>;
60
+ private _queryAsAgent;
61
+ private _queryAsPrivileged;
62
+ }