life-as-api 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +377 -0
- package/dist/agent/finance-agent.d.ts +44 -0
- package/dist/agent/finance-agent.js +75 -0
- package/dist/agent/finance-agent.js.map +1 -0
- package/dist/agent/legal-agent.d.ts +44 -0
- package/dist/agent/legal-agent.js +76 -0
- package/dist/agent/legal-agent.js.map +1 -0
- package/dist/agent/medical-agent.d.ts +44 -0
- package/dist/agent/medical-agent.js +75 -0
- package/dist/agent/medical-agent.js.map +1 -0
- package/dist/agent/trusted-agent-registry.d.ts +53 -0
- package/dist/agent/trusted-agent-registry.js +57 -0
- package/dist/agent/trusted-agent-registry.js.map +1 -0
- package/dist/audit/audit-chain-verifier.d.ts +10 -0
- package/dist/audit/audit-chain-verifier.js +67 -0
- package/dist/audit/audit-chain-verifier.js.map +1 -0
- package/dist/audit/audit-log.d.ts +48 -0
- package/dist/audit/audit-log.js +74 -0
- package/dist/audit/audit-log.js.map +1 -0
- package/dist/audit/sqlite-audit-log.d.ts +29 -0
- package/dist/audit/sqlite-audit-log.js +142 -0
- package/dist/audit/sqlite-audit-log.js.map +1 -0
- package/dist/auth/access-context-issuer.d.ts +18 -0
- package/dist/auth/access-context-issuer.js +88 -0
- package/dist/auth/access-context-issuer.js.map +1 -0
- package/dist/auth/assert-authorized-for-subject.d.ts +2 -0
- package/dist/auth/assert-authorized-for-subject.js +20 -0
- package/dist/auth/assert-authorized-for-subject.js.map +1 -0
- package/dist/auth/backend-context-minting-boundary.d.ts +23 -0
- package/dist/auth/backend-context-minting-boundary.js +281 -0
- package/dist/auth/backend-context-minting-boundary.js.map +1 -0
- package/dist/auth/default-authorization-policy.d.ts +7 -0
- package/dist/auth/default-authorization-policy.js +64 -0
- package/dist/auth/default-authorization-policy.js.map +1 -0
- package/dist/auth/fake-auth-adapter.d.ts +7 -0
- package/dist/auth/fake-auth-adapter.js +27 -0
- package/dist/auth/fake-auth-adapter.js.map +1 -0
- package/dist/auth/http-client.d.ts +12 -0
- package/dist/auth/http-client.js +7 -0
- package/dist/auth/http-client.js.map +1 -0
- package/dist/auth/in-memory-grant-resolver.d.ts +21 -0
- package/dist/auth/in-memory-grant-resolver.js +73 -0
- package/dist/auth/in-memory-grant-resolver.js.map +1 -0
- package/dist/auth/in-memory-tenant-boundary.d.ts +16 -0
- package/dist/auth/in-memory-tenant-boundary.js +37 -0
- package/dist/auth/in-memory-tenant-boundary.js.map +1 -0
- package/dist/auth/jwks-key-ring-auth-adapter.d.ts +38 -0
- package/dist/auth/jwks-key-ring-auth-adapter.js +123 -0
- package/dist/auth/jwks-key-ring-auth-adapter.js.map +1 -0
- package/dist/auth/jwks-key-ring.d.ts +25 -0
- package/dist/auth/jwks-key-ring.js +111 -0
- package/dist/auth/jwks-key-ring.js.map +1 -0
- package/dist/auth/jwt-auth-adapter.d.ts +15 -0
- package/dist/auth/jwt-auth-adapter.js +59 -0
- package/dist/auth/jwt-auth-adapter.js.map +1 -0
- package/dist/auth/jwt-core.d.ts +32 -0
- package/dist/auth/jwt-core.js +226 -0
- package/dist/auth/jwt-core.js.map +1 -0
- package/dist/auth/jwt-key-ring-auth-adapter.d.ts +16 -0
- package/dist/auth/jwt-key-ring-auth-adapter.js +58 -0
- package/dist/auth/jwt-key-ring-auth-adapter.js.map +1 -0
- package/dist/auth/oidc-discovery.d.ts +15 -0
- package/dist/auth/oidc-discovery.js +46 -0
- package/dist/auth/oidc-discovery.js.map +1 -0
- package/dist/auth/production-scoped-life-api.d.ts +58 -0
- package/dist/auth/production-scoped-life-api.js +802 -0
- package/dist/auth/production-scoped-life-api.js.map +1 -0
- package/dist/auth/proposal-scope-inspector.d.ts +3 -0
- package/dist/auth/proposal-scope-inspector.js +42 -0
- package/dist/auth/proposal-scope-inspector.js.map +1 -0
- package/dist/auth/proposal-scoped-life-api.d.ts +21 -0
- package/dist/auth/proposal-scoped-life-api.js +168 -0
- package/dist/auth/proposal-scoped-life-api.js.map +1 -0
- package/dist/auth/rate-limited-context-minting-boundary.d.ts +27 -0
- package/dist/auth/rate-limited-context-minting-boundary.js +77 -0
- package/dist/auth/rate-limited-context-minting-boundary.js.map +1 -0
- package/dist/auth/revocation-aware-auth-adapter.d.ts +21 -0
- package/dist/auth/revocation-aware-auth-adapter.js +88 -0
- package/dist/auth/revocation-aware-auth-adapter.js.map +1 -0
- package/dist/auth/sqlite-grant-resolver.d.ts +8 -0
- package/dist/auth/sqlite-grant-resolver.js +78 -0
- package/dist/auth/sqlite-grant-resolver.js.map +1 -0
- package/dist/auth/sqlite-tenant-boundary.d.ts +7 -0
- package/dist/auth/sqlite-tenant-boundary.js +41 -0
- package/dist/auth/sqlite-tenant-boundary.js.map +1 -0
- package/dist/auth/static-jwt-key-ring.d.ts +13 -0
- package/dist/auth/static-jwt-key-ring.js +73 -0
- package/dist/auth/static-jwt-key-ring.js.map +1 -0
- package/dist/auth/subject-scoped-life-api.d.ts +14 -0
- package/dist/auth/subject-scoped-life-api.js +51 -0
- package/dist/auth/subject-scoped-life-api.js.map +1 -0
- package/dist/auth/test-context-minting-boundary.d.ts +13 -0
- package/dist/auth/test-context-minting-boundary.js +74 -0
- package/dist/auth/test-context-minting-boundary.js.map +1 -0
- package/dist/auth/types.d.ts +77 -0
- package/dist/auth/types.js +16 -0
- package/dist/auth/types.js.map +1 -0
- package/dist/compliance/subject-data-report.d.ts +43 -0
- package/dist/compliance/subject-data-report.js +155 -0
- package/dist/compliance/subject-data-report.js.map +1 -0
- package/dist/consent/consent-guard.d.ts +4 -0
- package/dist/consent/consent-guard.js +37 -0
- package/dist/consent/consent-guard.js.map +1 -0
- package/dist/consent/grant-registry.d.ts +7 -0
- package/dist/consent/grant-registry.js +13 -0
- package/dist/consent/grant-registry.js.map +1 -0
- package/dist/consent/intersect-selector.d.ts +3 -0
- package/dist/consent/intersect-selector.js +66 -0
- package/dist/consent/intersect-selector.js.map +1 -0
- package/dist/contract/diagnostics.d.ts +32 -0
- package/dist/contract/diagnostics.js +112 -0
- package/dist/contract/diagnostics.js.map +1 -0
- package/dist/contract/project-contracts.d.ts +5 -0
- package/dist/contract/project-contracts.js +159 -0
- package/dist/contract/project-contracts.js.map +1 -0
- package/dist/contract/types.d.ts +32 -0
- package/dist/contract/types.js +5 -0
- package/dist/contract/types.js.map +1 -0
- package/dist/crypto/aes-gcm.d.ts +11 -0
- package/dist/crypto/aes-gcm.js +78 -0
- package/dist/crypto/aes-gcm.js.map +1 -0
- package/dist/crypto/claim-serializer.d.ts +26 -0
- package/dist/crypto/claim-serializer.js +59 -0
- package/dist/crypto/claim-serializer.js.map +1 -0
- package/dist/crypto/sha256.d.ts +12 -0
- package/dist/crypto/sha256.js +40 -0
- package/dist/crypto/sha256.js.map +1 -0
- package/dist/crypto/static-key.d.ts +11 -0
- package/dist/crypto/static-key.js +60 -0
- package/dist/crypto/static-key.js.map +1 -0
- package/dist/crypto/types.d.ts +20 -0
- package/dist/crypto/types.js +8 -0
- package/dist/crypto/types.js.map +1 -0
- package/dist/datasource/trusted-data-source-registry.d.ts +51 -0
- package/dist/datasource/trusted-data-source-registry.js +57 -0
- package/dist/datasource/trusted-data-source-registry.js.map +1 -0
- package/dist/erasure/tombstone.d.ts +13 -0
- package/dist/erasure/tombstone.js +20 -0
- package/dist/erasure/tombstone.js.map +1 -0
- package/dist/evidence/evidence-backed-claim-creator.d.ts +48 -0
- package/dist/evidence/evidence-backed-claim-creator.js +107 -0
- package/dist/evidence/evidence-backed-claim-creator.js.map +1 -0
- package/dist/evidence/in-memory-raw-document-store.d.ts +26 -0
- package/dist/evidence/in-memory-raw-document-store.js +84 -0
- package/dist/evidence/in-memory-raw-document-store.js.map +1 -0
- package/dist/evidence/raw-document-store.d.ts +12 -0
- package/dist/evidence/raw-document-store.js +8 -0
- package/dist/evidence/raw-document-store.js.map +1 -0
- package/dist/evidence/source-evidence-validator.d.ts +4 -0
- package/dist/evidence/source-evidence-validator.js +14 -0
- package/dist/evidence/source-evidence-validator.js.map +1 -0
- package/dist/evidence/sqlite-raw-document-store.d.ts +19 -0
- package/dist/evidence/sqlite-raw-document-store.js +122 -0
- package/dist/evidence/sqlite-raw-document-store.js.map +1 -0
- package/dist/guardian/guardian-registry.d.ts +96 -0
- package/dist/guardian/guardian-registry.js +95 -0
- package/dist/guardian/guardian-registry.js.map +1 -0
- package/dist/index.d.ts +44 -0
- package/dist/index.js +72 -0
- package/dist/index.js.map +1 -0
- package/dist/observability/health.d.ts +12 -0
- package/dist/observability/health.js +16 -0
- package/dist/observability/health.js.map +1 -0
- package/dist/observability/logger.d.ts +21 -0
- package/dist/observability/logger.js +40 -0
- package/dist/observability/logger.js.map +1 -0
- package/dist/observability/metrics.d.ts +15 -0
- package/dist/observability/metrics.js +52 -0
- package/dist/observability/metrics.js.map +1 -0
- package/dist/persistence/backup.d.ts +24 -0
- package/dist/persistence/backup.js +251 -0
- package/dist/persistence/backup.js.map +1 -0
- package/dist/persistence/decryptability-scan.d.ts +10 -0
- package/dist/persistence/decryptability-scan.js +144 -0
- package/dist/persistence/decryptability-scan.js.map +1 -0
- package/dist/persistence/in-memory-unit-of-work.d.ts +11 -0
- package/dist/persistence/in-memory-unit-of-work.js +32 -0
- package/dist/persistence/in-memory-unit-of-work.js.map +1 -0
- package/dist/persistence/key-availability.d.ts +9 -0
- package/dist/persistence/key-availability.js +125 -0
- package/dist/persistence/key-availability.js.map +1 -0
- package/dist/persistence/sqlite/migrations.d.ts +9 -0
- package/dist/persistence/sqlite/migrations.js +535 -0
- package/dist/persistence/sqlite/migrations.js.map +1 -0
- package/dist/persistence/sqlite/schema.d.ts +10 -0
- package/dist/persistence/sqlite/schema.js +101 -0
- package/dist/persistence/sqlite/schema.js.map +1 -0
- package/dist/persistence/sqlite/sqlite-fact-store.d.ts +24 -0
- package/dist/persistence/sqlite/sqlite-fact-store.js +207 -0
- package/dist/persistence/sqlite/sqlite-fact-store.js.map +1 -0
- package/dist/persistence/sqlite/sqlite-source-registry.d.ts +17 -0
- package/dist/persistence/sqlite/sqlite-source-registry.js +132 -0
- package/dist/persistence/sqlite/sqlite-source-registry.js.map +1 -0
- package/dist/persistence/sqlite/sqlite-unit-of-work.d.ts +8 -0
- package/dist/persistence/sqlite/sqlite-unit-of-work.js +41 -0
- package/dist/persistence/sqlite/sqlite-unit-of-work.js.map +1 -0
- package/dist/persistence/sqlite/types.d.ts +24 -0
- package/dist/persistence/sqlite/types.js +28 -0
- package/dist/persistence/sqlite/types.js.map +1 -0
- package/dist/persistence/unit-of-work.d.ts +6 -0
- package/dist/persistence/unit-of-work.js +15 -0
- package/dist/persistence/unit-of-work.js.map +1 -0
- package/dist/proposal/accepted-claim-appender.d.ts +7 -0
- package/dist/proposal/accepted-claim-appender.js +16 -0
- package/dist/proposal/accepted-claim-appender.js.map +1 -0
- package/dist/proposal/in-memory-proposal-queue.d.ts +21 -0
- package/dist/proposal/in-memory-proposal-queue.js +218 -0
- package/dist/proposal/in-memory-proposal-queue.js.map +1 -0
- package/dist/proposal/policy-aware-proposal-queue.d.ts +23 -0
- package/dist/proposal/policy-aware-proposal-queue.js +162 -0
- package/dist/proposal/policy-aware-proposal-queue.js.map +1 -0
- package/dist/proposal/proposal-policy.d.ts +37 -0
- package/dist/proposal/proposal-policy.js +72 -0
- package/dist/proposal/proposal-policy.js.map +1 -0
- package/dist/proposal/proposal-queue.d.ts +13 -0
- package/dist/proposal/proposal-queue.js +15 -0
- package/dist/proposal/proposal-queue.js.map +1 -0
- package/dist/proposal/source-aware-claim-appender.d.ts +13 -0
- package/dist/proposal/source-aware-claim-appender.js +47 -0
- package/dist/proposal/source-aware-claim-appender.js.map +1 -0
- package/dist/proposal/sqlite-proposal-queue.d.ts +26 -0
- package/dist/proposal/sqlite-proposal-queue.js +282 -0
- package/dist/proposal/sqlite-proposal-queue.js.map +1 -0
- package/dist/resolution/resolve-claims.d.ts +4 -0
- package/dist/resolution/resolve-claims.js +101 -0
- package/dist/resolution/resolve-claims.js.map +1 -0
- package/dist/resolution/trust-profile.d.ts +12 -0
- package/dist/resolution/trust-profile.js +23 -0
- package/dist/resolution/trust-profile.js.map +1 -0
- package/dist/resolution/types.d.ts +15 -0
- package/dist/resolution/types.js +8 -0
- package/dist/resolution/types.js.map +1 -0
- package/dist/sdk/create-backend-integrated-life-api-for-test.d.ts +23 -0
- package/dist/sdk/create-backend-integrated-life-api-for-test.js +240 -0
- package/dist/sdk/create-backend-integrated-life-api-for-test.js.map +1 -0
- package/dist/sdk/create-life-api.d.ts +55 -0
- package/dist/sdk/create-life-api.js +251 -0
- package/dist/sdk/create-life-api.js.map +1 -0
- package/dist/sdk/create-sqlite-life-api.d.ts +33 -0
- package/dist/sdk/create-sqlite-life-api.js +654 -0
- package/dist/sdk/create-sqlite-life-api.js.map +1 -0
- package/dist/sdk/life-api.d.ts +27 -0
- package/dist/sdk/life-api.js +17 -0
- package/dist/sdk/life-api.js.map +1 -0
- package/dist/sdk/validation.d.ts +8 -0
- package/dist/sdk/validation.js +216 -0
- package/dist/sdk/validation.js.map +1 -0
- package/dist/source/in-memory-source-registry.d.ts +15 -0
- package/dist/source/in-memory-source-registry.js +104 -0
- package/dist/source/in-memory-source-registry.js.map +1 -0
- package/dist/source/source-aware-fact-store.d.ts +19 -0
- package/dist/source/source-aware-fact-store.js +40 -0
- package/dist/source/source-aware-fact-store.js.map +1 -0
- package/dist/source/source-kind-predicate-policy.d.ts +4 -0
- package/dist/source/source-kind-predicate-policy.js +62 -0
- package/dist/source/source-kind-predicate-policy.js.map +1 -0
- package/dist/source/source-registry.d.ts +11 -0
- package/dist/source/source-registry.js +12 -0
- package/dist/source/source-registry.js.map +1 -0
- package/dist/store/in-memory-fact-store.d.ts +25 -0
- package/dist/store/in-memory-fact-store.js +192 -0
- package/dist/store/in-memory-fact-store.js.map +1 -0
- package/dist/surface/context-query.d.ts +21 -0
- package/dist/surface/context-query.js +113 -0
- package/dist/surface/context-query.js.map +1 -0
- package/dist/surface/evidence-backed-context-query.d.ts +62 -0
- package/dist/surface/evidence-backed-context-query.js +240 -0
- package/dist/surface/evidence-backed-context-query.js.map +1 -0
- package/dist/types/access-context.d.ts +25 -0
- package/dist/types/access-context.js +6 -0
- package/dist/types/access-context.js.map +1 -0
- package/dist/types/claim.d.ts +48 -0
- package/dist/types/claim.js +5 -0
- package/dist/types/claim.js.map +1 -0
- package/dist/types/consent.d.ts +41 -0
- package/dist/types/consent.js +3 -0
- package/dist/types/consent.js.map +1 -0
- package/dist/types/crypto-boundary.d.ts +12 -0
- package/dist/types/crypto-boundary.js +15 -0
- package/dist/types/crypto-boundary.js.map +1 -0
- package/dist/types/evidence.d.ts +31 -0
- package/dist/types/evidence.js +8 -0
- package/dist/types/evidence.js.map +1 -0
- package/dist/types/fact-store.d.ts +24 -0
- package/dist/types/fact-store.js +12 -0
- package/dist/types/fact-store.js.map +1 -0
- package/dist/types/ids.d.ts +36 -0
- package/dist/types/ids.js +11 -0
- package/dist/types/ids.js.map +1 -0
- package/dist/types/proposal.d.ts +38 -0
- package/dist/types/proposal.js +7 -0
- package/dist/types/proposal.js.map +1 -0
- package/dist/types/source.d.ts +33 -0
- package/dist/types/source.js +6 -0
- package/dist/types/source.js.map +1 -0
- package/dist/types/trust.d.ts +24 -0
- package/dist/types/trust.js +5 -0
- package/dist/types/trust.js.map +1 -0
- package/dist/utilities/deep-freeze.d.ts +1 -0
- package/dist/utilities/deep-freeze.js +17 -0
- package/dist/utilities/deep-freeze.js.map +1 -0
- package/package.json +55 -0
|
@@ -0,0 +1,240 @@
|
|
|
1
|
+
// Slice-12b: Evidence-backed Context Query Surface — Scoped Hydrated Projection.
|
|
2
|
+
//
|
|
3
|
+
// CONTEXT_QUERY_SURFACE_EXISTS_001: single entry point for contract context queries.
|
|
4
|
+
// CONTEXT_QUERY_CONSENT_BEFORE_PROJECTION_001: consent validated and selector restricted
|
|
5
|
+
// BEFORE any claim read or projection. Never filter post-read.
|
|
6
|
+
// CONTEXT_QUERY_SCOPED_HYDRATED_READ_001: agent flow reads hydrated claims with SystemProjectionContext
|
|
7
|
+
// ONLY after selector restriction has been applied.
|
|
8
|
+
// CONTEXT_QUERY_NO_BROAD_HYDRATION_001: the broad requested selector is never passed to
|
|
9
|
+
// readStoredClaims(); only the intersected restrictedSelector is used.
|
|
10
|
+
// CONTEXT_QUERY_ALLOWED_PAYLOAD_VALUES_RETURNED_001: resolved field values for in-scope predicates
|
|
11
|
+
// are returned to the caller via HydratedContractProjection.fields[f].resolvedValue.
|
|
12
|
+
// CONTEXT_QUERY_OUT_OF_SCOPE_PAYLOAD_REDACTED_001: fields whose winning claim was not in the
|
|
13
|
+
// restricted selector have resolvedValue absent from the response.
|
|
14
|
+
// CONTEXT_QUERY_AUDIT_NO_PAYLOAD_VALUES_001: audit events never contain payload values.
|
|
15
|
+
// CONTEXT_QUERY_AGENT_SCOPE_BOUND_001: agent sees only intersection of requested + granted scope.
|
|
16
|
+
// CONTEXT_QUERY_AGENT_NO_RAW_BYTES_001: no getDocument() calls; diagnostics are metadata-only.
|
|
17
|
+
// CONTEXT_QUERY_EVIDENCE_DIAGNOSTICS_INCLUDED_001: diagnostics attached when requested.
|
|
18
|
+
// CONTEXT_QUERY_AUDIT_EVERY_REQUEST_001: every attempt (allow or deny) writes an AuditEvent.
|
|
19
|
+
// CONTEXT_QUERY_AUDIT_FAIL_CLOSED_001: audit write failure returns {ok:false} before any data.
|
|
20
|
+
// CONTEXT_QUERY_OWNER_FULL_ALLOWED_001: OwnerContext uses full requested selector, no grant needed.
|
|
21
|
+
// CONTEXT_QUERY_DETERMINISTIC_001: same inputs produce identical output.
|
|
22
|
+
import { ERASURE_TOMBSTONE_PREDICATE } from "../erasure/tombstone.js";
|
|
23
|
+
import { evaluateGrant } from "../consent/consent-guard.js";
|
|
24
|
+
import { intersectSelector } from "../consent/intersect-selector.js";
|
|
25
|
+
import { buildAuditEvent, denyReasonToAuditCode } from "../audit/audit-log.js";
|
|
26
|
+
import { asISOTime } from "../types/ids.js";
|
|
27
|
+
import { projectContracts } from "../contract/project-contracts.js";
|
|
28
|
+
import { diagnoseContractProjections } from "../contract/diagnostics.js";
|
|
29
|
+
// Internal SystemProjectionContext used for hydrated reads after consent restriction.
|
|
30
|
+
// MUST only be used with the restrictedSelector — never with the raw requested selector.
|
|
31
|
+
const _INTERNAL_PROJ_CTX = { kind: "system_projection" };
|
|
32
|
+
export class EvidenceBackedContextQueryService {
|
|
33
|
+
_store;
|
|
34
|
+
_grantRegistry;
|
|
35
|
+
_auditLog;
|
|
36
|
+
_sourceRegistry;
|
|
37
|
+
_docStore;
|
|
38
|
+
_trust;
|
|
39
|
+
_clock;
|
|
40
|
+
constructor(_store, _grantRegistry, _auditLog, _sourceRegistry, _docStore, _trust, _clock) {
|
|
41
|
+
this._store = _store;
|
|
42
|
+
this._grantRegistry = _grantRegistry;
|
|
43
|
+
this._auditLog = _auditLog;
|
|
44
|
+
this._sourceRegistry = _sourceRegistry;
|
|
45
|
+
this._docStore = _docStore;
|
|
46
|
+
this._trust = _trust;
|
|
47
|
+
this._clock = _clock;
|
|
48
|
+
}
|
|
49
|
+
async queryContracts(ctx, input) {
|
|
50
|
+
const now = this._clock ? this._clock() : asISOTime(new Date().toISOString());
|
|
51
|
+
if (ctx.kind === "audit") {
|
|
52
|
+
return { ok: true, contracts: [] };
|
|
53
|
+
}
|
|
54
|
+
// ERASURE_QUERY_SUPPRESSION_DEFINED_001: tombstone check before any query output.
|
|
55
|
+
// ERASURE_TOMBSTONE_LOOKUP_PERF_DEFERRED_001: O(n) scan acceptable for Slice-21a.
|
|
56
|
+
const tombstones = await this._store.readClaims(_INTERNAL_PROJ_CTX, {
|
|
57
|
+
predicates: [ERASURE_TOMBSTONE_PREDICATE],
|
|
58
|
+
});
|
|
59
|
+
const erasedSubjects = new Set(tombstones.map(t => t.subject));
|
|
60
|
+
if (ctx.kind === "agent") {
|
|
61
|
+
return this._queryAsAgent(ctx, input, now, erasedSubjects);
|
|
62
|
+
}
|
|
63
|
+
return this._queryAsPrivileged(ctx, input, now, erasedSubjects);
|
|
64
|
+
}
|
|
65
|
+
async _queryAsAgent(ctx, input, now, erasedSubjects) {
|
|
66
|
+
const fingerprint = selectorFingerprint(input.selector);
|
|
67
|
+
// 1. Resolve + validate grant — CONTEXT_QUERY_CONSENT_BEFORE_PROJECTION_001
|
|
68
|
+
const grant = this._grantRegistry.lookup(ctx.grantId);
|
|
69
|
+
const decision = evaluateGrant(grant, ctx, "query", now);
|
|
70
|
+
if (!decision.allowed) {
|
|
71
|
+
const event = buildAuditEvent({
|
|
72
|
+
actor: ctx.agentId,
|
|
73
|
+
grantId: ctx.grantId,
|
|
74
|
+
purpose: ctx.purpose,
|
|
75
|
+
decision: "deny",
|
|
76
|
+
reasonCode: denyReasonToAuditCode(decision.reason),
|
|
77
|
+
selectorFingerprint: fingerprint,
|
|
78
|
+
resultCount: 0,
|
|
79
|
+
resultClaimIds: [],
|
|
80
|
+
now,
|
|
81
|
+
});
|
|
82
|
+
try {
|
|
83
|
+
await this._auditLog.write(event);
|
|
84
|
+
}
|
|
85
|
+
catch {
|
|
86
|
+
return { ok: false, reason: "audit-write-failed" };
|
|
87
|
+
}
|
|
88
|
+
return { ok: true, contracts: [] };
|
|
89
|
+
}
|
|
90
|
+
// 2. Restrict selector BEFORE any read — CONTEXT_QUERY_CONSENT_BEFORE_PROJECTION_001
|
|
91
|
+
const restrictedSelector = intersectSelector(input.selector, grant);
|
|
92
|
+
// 3. CONTEXT_QUERY_SCOPED_HYDRATED_READ_001: hydrated read with SystemProjectionContext
|
|
93
|
+
// and the ALREADY-RESTRICTED selector. The broad requested selector is never used here.
|
|
94
|
+
let rawClaims = [];
|
|
95
|
+
if (restrictedSelector !== null) {
|
|
96
|
+
rawClaims = await this._store.readStoredClaims(_INTERNAL_PROJ_CTX, restrictedSelector);
|
|
97
|
+
}
|
|
98
|
+
// ERASURE_QUERY_SUPPRESSION_DEFINED_001: suppress claims for erased subjects.
|
|
99
|
+
// ERASURE_TOMBSTONE_SELF_SUPPRESSION_CARVEOUT_001: tombstone lookup is separate;
|
|
100
|
+
// tombstone predicate is never in restrictedSelector here.
|
|
101
|
+
const storedClaims = erasedSubjects.size > 0
|
|
102
|
+
? rawClaims.filter(c => !erasedSubjects.has(c.subject))
|
|
103
|
+
: rawClaims;
|
|
104
|
+
// 4. Project from in-scope claims only. StoredClaim satisfies ClaimMeta structurally.
|
|
105
|
+
// erasedSubjects passed for defense-in-depth; storedClaims is already pre-filtered.
|
|
106
|
+
const projections = projectContracts(storedClaims, this._trust, erasedSubjects);
|
|
107
|
+
// 5. Hydrate projections with payload values for in-scope resolved fields.
|
|
108
|
+
// CONTEXT_QUERY_OUT_OF_SCOPE_PAYLOAD_REDACTED_001: storedClaimMap only contains
|
|
109
|
+
// claims from restrictedSelector — out-of-scope winning claims yield no resolvedValue.
|
|
110
|
+
const storedClaimMap = new Map(storedClaims.map((c) => [c.id, c]));
|
|
111
|
+
const hydratedProjections = hydrateProjections(projections, storedClaimMap);
|
|
112
|
+
// 6. Optionally attach diagnostics — CONTEXT_QUERY_EVIDENCE_DIAGNOSTICS_INCLUDED_001
|
|
113
|
+
const claimMap = new Map(storedClaims.map((c) => [c.id, c]));
|
|
114
|
+
const diagnostics = input.includeDiagnostics
|
|
115
|
+
? diagnoseContractProjections(projections, claimMap, this._sourceRegistry, this._docStore, ctx)
|
|
116
|
+
: undefined;
|
|
117
|
+
// 7. Build + write allow audit — CONTEXT_QUERY_AUDIT_NO_PAYLOAD_VALUES_001
|
|
118
|
+
// Audit stores only contractIds (metadata), never payload values.
|
|
119
|
+
const contractIds = projections.map((p) => p.contractId);
|
|
120
|
+
const auditEvent = buildAuditEvent({
|
|
121
|
+
actor: ctx.agentId,
|
|
122
|
+
grantId: ctx.grantId,
|
|
123
|
+
purpose: ctx.purpose,
|
|
124
|
+
decision: "allow",
|
|
125
|
+
reasonCode: restrictedSelector === null ? "SCOPE_INTERSECTION_EMPTY" : "ALLOWED",
|
|
126
|
+
selectorFingerprint: fingerprint,
|
|
127
|
+
resultCount: projections.length,
|
|
128
|
+
resultClaimIds: storedClaims.map((c) => c.id),
|
|
129
|
+
contractIds,
|
|
130
|
+
now,
|
|
131
|
+
});
|
|
132
|
+
// CONTEXT_QUERY_AUDIT_FAIL_CLOSED_001: write BEFORE returning contract data
|
|
133
|
+
try {
|
|
134
|
+
await this._auditLog.write(auditEvent);
|
|
135
|
+
}
|
|
136
|
+
catch {
|
|
137
|
+
return { ok: false, reason: "audit-write-failed" };
|
|
138
|
+
}
|
|
139
|
+
return {
|
|
140
|
+
ok: true,
|
|
141
|
+
contracts: hydratedProjections,
|
|
142
|
+
auditId: auditEvent.id,
|
|
143
|
+
...(diagnostics !== undefined ? { diagnostics } : {}),
|
|
144
|
+
};
|
|
145
|
+
}
|
|
146
|
+
async _queryAsPrivileged(ctx, input, now, erasedSubjects) {
|
|
147
|
+
const fingerprint = selectorFingerprint(input.selector);
|
|
148
|
+
// CONTEXT_QUERY_OWNER_FULL_ALLOWED_001: no grant needed; full hydrated read
|
|
149
|
+
const rawClaims = await this._store.readStoredClaims(ctx, input.selector);
|
|
150
|
+
// ERASURE_QUERY_SUPPRESSION_DEFINED_001: suppress claims for erased subjects.
|
|
151
|
+
const storedClaims = erasedSubjects.size > 0
|
|
152
|
+
? rawClaims.filter(c => !erasedSubjects.has(c.subject))
|
|
153
|
+
: rawClaims;
|
|
154
|
+
// erasedSubjects passed for defense-in-depth; storedClaims is already pre-filtered.
|
|
155
|
+
const projections = projectContracts(storedClaims, this._trust, erasedSubjects);
|
|
156
|
+
const storedClaimMap = new Map(storedClaims.map((c) => [c.id, c]));
|
|
157
|
+
const hydratedProjections = hydrateProjections(projections, storedClaimMap);
|
|
158
|
+
const claimMap = new Map(storedClaims.map((c) => [c.id, c]));
|
|
159
|
+
const diagnostics = input.includeDiagnostics
|
|
160
|
+
? diagnoseContractProjections(projections, claimMap, this._sourceRegistry, this._docStore, ctx)
|
|
161
|
+
: undefined;
|
|
162
|
+
const contractIds = projections.map((p) => p.contractId);
|
|
163
|
+
const auditEvent = buildAuditEvent({
|
|
164
|
+
actor: actorLabel(ctx),
|
|
165
|
+
decision: "allow",
|
|
166
|
+
reasonCode: "ALLOWED",
|
|
167
|
+
selectorFingerprint: fingerprint,
|
|
168
|
+
resultCount: projections.length,
|
|
169
|
+
resultClaimIds: storedClaims.map((c) => c.id),
|
|
170
|
+
contractIds,
|
|
171
|
+
now,
|
|
172
|
+
});
|
|
173
|
+
// CONTEXT_QUERY_AUDIT_FAIL_CLOSED_001
|
|
174
|
+
try {
|
|
175
|
+
await this._auditLog.write(auditEvent);
|
|
176
|
+
}
|
|
177
|
+
catch {
|
|
178
|
+
return { ok: false, reason: "audit-write-failed" };
|
|
179
|
+
}
|
|
180
|
+
return {
|
|
181
|
+
ok: true,
|
|
182
|
+
contracts: hydratedProjections,
|
|
183
|
+
auditId: auditEvent.id,
|
|
184
|
+
...(diagnostics !== undefined ? { diagnostics } : {}),
|
|
185
|
+
};
|
|
186
|
+
}
|
|
187
|
+
}
|
|
188
|
+
// ─── Hydration helpers ────────────────────────────────────────────────────────
|
|
189
|
+
function hydrateField(field, storedClaimMap) {
|
|
190
|
+
const stored = field.winningClaimId !== undefined
|
|
191
|
+
? storedClaimMap.get(field.winningClaimId)
|
|
192
|
+
: undefined;
|
|
193
|
+
return {
|
|
194
|
+
status: field.status,
|
|
195
|
+
competingClaimIds: field.competingClaimIds,
|
|
196
|
+
reasonCode: field.reasonCode,
|
|
197
|
+
...(field.winningClaimId !== undefined ? { winningClaimId: field.winningClaimId } : {}),
|
|
198
|
+
...(stored !== undefined ? { resolvedValue: stored.payload } : {}),
|
|
199
|
+
};
|
|
200
|
+
}
|
|
201
|
+
function hydrateProjection(proj, storedClaimMap) {
|
|
202
|
+
return {
|
|
203
|
+
contractId: proj.contractId,
|
|
204
|
+
status: proj.status,
|
|
205
|
+
conflicts: proj.conflicts,
|
|
206
|
+
derivedFrom: proj.derivedFrom,
|
|
207
|
+
policyId: proj.policyId,
|
|
208
|
+
policyVersion: proj.policyVersion,
|
|
209
|
+
fields: {
|
|
210
|
+
counterparty: hydrateField(proj.fields.counterparty, storedClaimMap),
|
|
211
|
+
amount: hydrateField(proj.fields.amount, storedClaimMap),
|
|
212
|
+
cadence: hydrateField(proj.fields.cadence, storedClaimMap),
|
|
213
|
+
nextDue: hydrateField(proj.fields.nextDue, storedClaimMap),
|
|
214
|
+
cancellationTerms: hydrateField(proj.fields.cancellationTerms, storedClaimMap),
|
|
215
|
+
contractStatus: hydrateField(proj.fields.contractStatus, storedClaimMap),
|
|
216
|
+
},
|
|
217
|
+
};
|
|
218
|
+
}
|
|
219
|
+
function hydrateProjections(projections, storedClaimMap) {
|
|
220
|
+
return projections.map((p) => hydrateProjection(p, storedClaimMap));
|
|
221
|
+
}
|
|
222
|
+
// ─── Utilities ────────────────────────────────────────────────────────────────
|
|
223
|
+
function actorLabel(ctx) {
|
|
224
|
+
if (ctx.kind === "owner")
|
|
225
|
+
return `owner:${ctx.personId}`;
|
|
226
|
+
if (ctx.kind === "system_projection")
|
|
227
|
+
return "system_projection";
|
|
228
|
+
return `test:${ctx.label}`;
|
|
229
|
+
}
|
|
230
|
+
function selectorFingerprint(selector) {
|
|
231
|
+
const parts = [];
|
|
232
|
+
if (selector.subject)
|
|
233
|
+
parts.push(`subject:${selector.subject}`);
|
|
234
|
+
if (selector.predicates)
|
|
235
|
+
parts.push(`preds:[${[...selector.predicates].sort().join(",")}]`);
|
|
236
|
+
if (selector.sinceRecordedSeq !== undefined)
|
|
237
|
+
parts.push(`since:${selector.sinceRecordedSeq}`);
|
|
238
|
+
return parts.join("|") || "no-filter";
|
|
239
|
+
}
|
|
240
|
+
//# sourceMappingURL=evidence-backed-context-query.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"evidence-backed-context-query.js","sourceRoot":"","sources":["../../src/surface/evidence-backed-context-query.ts"],"names":[],"mappings":"AAAA,iFAAiF;AACjF,EAAE;AACF,qFAAqF;AACrF,yFAAyF;AACzF,iEAAiE;AACjE,wGAAwG;AACxG,sDAAsD;AACtD,wFAAwF;AACxF,yEAAyE;AACzE,mGAAmG;AACnG,uFAAuF;AACvF,6FAA6F;AAC7F,qEAAqE;AACrE,wFAAwF;AACxF,kGAAkG;AAClG,+FAA+F;AAC/F,wFAAwF;AACxF,6FAA6F;AAC7F,+FAA+F;AAC/F,oGAAoG;AACpG,yEAAyE;AAMzE,OAAO,EAAE,2BAA2B,EAAE,MAAM,yBAAyB,CAAC;AAStE,OAAO,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAC5D,OAAO,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AACrE,OAAO,EAAE,eAAe,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAC;AAC/E,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,gBAAgB,EAAE,MAAM,kCAAkC,CAAC;AACpE,OAAO,EAAE,2BAA2B,EAAE,MAAM,4BAA4B,CAAC;AAEzE,sFAAsF;AACtF,yFAAyF;AACzF,MAAM,kBAAkB,GAA4B,EAAE,IAAI,EAAE,mBAAmB,EAAE,CAAC;AA8ClF,MAAM,OAAO,iCAAiC;IAEzB;IACA;IACA;IACA;IACA;IACA;IACA;IAPnB,YACmB,MAA0B,EAC1B,cAA8B,EAC9B,SAAyB,EACzB,eAA+B,EAC/B,SAAiC,EACjC,MAA6B,EAC7B,MAA8B;QAN9B,WAAM,GAAN,MAAM,CAAoB;QAC1B,mBAAc,GAAd,cAAc,CAAgB;QAC9B,cAAS,GAAT,SAAS,CAAgB;QACzB,oBAAe,GAAf,eAAe,CAAgB;QAC/B,cAAS,GAAT,SAAS,CAAwB;QACjC,WAAM,GAAN,MAAM,CAAuB;QAC7B,WAAM,GAAN,MAAM,CAAwB;IAC9C,CAAC;IAEJ,KAAK,CAAC,cAAc,CAAC,GAAkB,EAAE,KAA0B;QACjE,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;QAE9E,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;YACzB,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC;QACrC,CAAC;QAED,kFAAkF;QAClF,kFAAkF;QAClF,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,kBAAkB,EAAE;YAClE,UAAU,EAAE,CAAC,2BAA2B,CAAC;SAC1C,CAAC,CAAC;QACH,MAAM,cAAc,GAA0B,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;QAEtF,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;YACzB,OAAO,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,cAAc,CAAC,CAAC;QAC7D,CAAC;QAED,OAAO,IAAI,CAAC,kBAAkB,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,cAAc,CAAC,CAAC;IAClE,CAAC;IAEO,KAAK,CAAC,aAAa,CACzB,GAAmC,EACnC,KAAmC,EACnC,GAAuB,EACvB,cAAqC;QAErC,MAAM,WAAW,GAAG,mBAAmB,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QAExD,4EAA4E;QAC5E,MAAM,KAAK,GAAM,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACzD,MAAM,QAAQ,GAAG,aAAa,CAAC,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,CAAC,CAAC;QAEzD,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;YACtB,MAAM,KAAK,GAAG,eAAe,CAAC;gBAC5B,KAAK,EAAgB,GAAG,CAAC,OAAO;gBAChC,OAAO,EAAc,GAAG,CAAC,OAAO;gBAChC,OAAO,EAAc,GAAG,CAAC,OAAO;gBAChC,QAAQ,EAAa,MAAM;gBAC3B,UAAU,EAAW,qBAAqB,CAAC,QAAQ,CAAC,MAAM,CAAC;gBAC3D,mBAAmB,EAAE,WAAW;gBAChC,WAAW,EAAU,CAAC;gBACtB,cAAc,EAAO,EAAE;gBACvB,GAAG;aACJ,CAAC,CAAC;YACH,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACpC,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,oBAAoB,EAAE,CAAC;YACrD,CAAC;YACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC;QACrC,CAAC;QAED,qFAAqF;QACrF,MAAM,kBAAkB,GAAG,iBAAiB,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAM,CAAC,CAAC;QAErE,wFAAwF;QACxF,2FAA2F;QAC3F,IAAI,SAAS,GAA+B,EAAE,CAAC;QAC/C,IAAI,kBAAkB,KAAK,IAAI,EAAE,CAAC;YAChC,SAAS,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,kBAAkB,EAAE,kBAAkB,CAAC,CAAC;QACzF,CAAC;QAED,8EAA8E;QAC9E,iFAAiF;QACjF,6DAA6D;QAC7D,MAAM,YAAY,GAAG,cAAc,CAAC,IAAI,GAAG,CAAC;YAC1C,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;YACvD,CAAC,CAAC,SAAS,CAAC;QAEd,sFAAsF;QACtF,oFAAoF;QACpF,MAAM,WAAW,GAAG,gBAAgB,CAAC,YAAY,EAAE,IAAI,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;QAEhF,2EAA2E;QAC3E,mFAAmF;QACnF,0FAA0F;QAC1F,MAAM,cAAc,GAAG,IAAI,GAAG,CAAuB,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QACzF,MAAM,mBAAmB,GAAG,kBAAkB,CAAC,WAAW,EAAE,cAAc,CAAC,CAAC;QAE5E,qFAAqF;QACrF,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAqB,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QACjF,MAAM,WAAW,GAAG,KAAK,CAAC,kBAAkB;YAC1C,CAAC,CAAC,2BAA2B,CAAC,WAAW,EAAE,QAAQ,EAAE,IAAI,CAAC,eAAe,EAAE,IAAI,CAAC,SAAS,EAAE,GAAG,CAAC;YAC/F,CAAC,CAAC,SAAS,CAAC;QAEd,2EAA2E;QAC3E,qEAAqE;QACrE,MAAM,WAAW,GAA8B,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;QACpF,MAAM,UAAU,GAAG,eAAe,CAAC;YACjC,KAAK,EAAgB,GAAG,CAAC,OAAO;YAChC,OAAO,EAAc,GAAG,CAAC,OAAO;YAChC,OAAO,EAAc,GAAG,CAAC,OAAO;YAChC,QAAQ,EAAa,OAAO;YAC5B,UAAU,EAAW,kBAAkB,KAAK,IAAI,CAAC,CAAC,CAAC,0BAA0B,CAAC,CAAC,CAAC,SAAS;YACzF,mBAAmB,EAAE,WAAW;YAChC,WAAW,EAAU,WAAW,CAAC,MAAM;YACvC,cAAc,EAAO,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAClD,WAAW;YACX,GAAG;SACJ,CAAC,CAAC;QAEH,4EAA4E;QAC5E,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QACzC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,oBAAoB,EAAE,CAAC;QACrD,CAAC;QAED,OAAO;YACL,EAAE,EAAS,IAAI;YACf,SAAS,EAAE,mBAAmB;YAC9B,OAAO,EAAI,UAAU,CAAC,EAAE;YACxB,GAAG,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACtD,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAC9B,GAAoE,EACpE,KAAmC,EACnC,GAAuB,EACvB,cAAqC;QAErC,MAAM,WAAW,GAAG,mBAAmB,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QAExD,4EAA4E;QAC5E,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,GAAG,EAAE,KAAK,CAAC,QAAQ,CAAC,CAAC;QAE1E,8EAA8E;QAC9E,MAAM,YAAY,GAAG,cAAc,CAAC,IAAI,GAAG,CAAC;YAC1C,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;YACvD,CAAC,CAAC,SAAS,CAAC;QAEd,oFAAoF;QACpF,MAAM,WAAW,GAAG,gBAAgB,CAAC,YAAY,EAAE,IAAI,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;QAEhF,MAAM,cAAc,GAAG,IAAI,GAAG,CAAuB,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QACzF,MAAM,mBAAmB,GAAG,kBAAkB,CAAC,WAAW,EAAE,cAAc,CAAC,CAAC;QAE5E,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAqB,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QACjF,MAAM,WAAW,GAAG,KAAK,CAAC,kBAAkB;YAC1C,CAAC,CAAC,2BAA2B,CAAC,WAAW,EAAE,QAAQ,EAAE,IAAI,CAAC,eAAe,EAAE,IAAI,CAAC,SAAS,EAAE,GAAG,CAAC;YAC/F,CAAC,CAAC,SAAS,CAAC;QAEd,MAAM,WAAW,GAA8B,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;QACpF,MAAM,UAAU,GAAG,eAAe,CAAC;YACjC,KAAK,EAAgB,UAAU,CAAC,GAAG,CAAC;YACpC,QAAQ,EAAa,OAAO;YAC5B,UAAU,EAAW,SAAS;YAC9B,mBAAmB,EAAE,WAAW;YAChC,WAAW,EAAU,WAAW,CAAC,MAAM;YACvC,cAAc,EAAO,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAClD,WAAW;YACX,GAAG;SACJ,CAAC,CAAC;QAEH,sCAAsC;QACtC,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QACzC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,oBAAoB,EAAE,CAAC;QACrD,CAAC;QAED,OAAO;YACL,EAAE,EAAS,IAAI;YACf,SAAS,EAAE,mBAAmB;YAC9B,OAAO,EAAI,UAAU,CAAC,EAAE;YACxB,GAAG,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACtD,CAAC;IACJ,CAAC;CACF;AAED,iFAAiF;AAEjF,SAAS,YAAY,CACnB,KAAkL,EAClL,cAAiD;IAEjD,MAAM,MAAM,GACV,KAAK,CAAC,cAAc,KAAK,SAAS;QAChC,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,cAAc,CAAC;QAC1C,CAAC,CAAC,SAAS,CAAC;IAEhB,OAAO;QACL,MAAM,EAAa,KAAK,CAAC,MAAM;QAC/B,iBAAiB,EAAE,KAAK,CAAC,iBAAiB;QAC1C,UAAU,EAAS,KAAK,CAAC,UAAU;QACnC,GAAG,CAAC,KAAK,CAAC,cAAc,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,KAAK,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACvF,GAAG,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACnE,CAAC;AACJ,CAAC;AAED,SAAS,iBAAiB,CACxB,IAAkC,EAClC,cAAiD;IAEjD,OAAO;QACL,UAAU,EAAK,IAAI,CAAC,UAAU;QAC9B,MAAM,EAAS,IAAI,CAAC,MAAM;QAC1B,SAAS,EAAM,IAAI,CAAC,SAAS;QAC7B,WAAW,EAAI,IAAI,CAAC,WAAW;QAC/B,QAAQ,EAAO,IAAI,CAAC,QAAQ;QAC5B,aAAa,EAAE,IAAI,CAAC,aAAa;QACjC,MAAM,EAAE;YACN,YAAY,EAAO,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,EAAO,cAAc,CAAC;YAC9E,MAAM,EAAa,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,EAAa,cAAc,CAAC;YAC9E,OAAO,EAAY,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAY,cAAc,CAAC;YAC9E,OAAO,EAAY,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAY,cAAc,CAAC;YAC9E,iBAAiB,EAAE,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,iBAAiB,EAAE,cAAc,CAAC;YAC9E,cAAc,EAAK,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,EAAK,cAAc,CAAC;SAC/E;KACF,CAAC;AACJ,CAAC;AAED,SAAS,kBAAkB,CACzB,WAAiD,EACjD,cAAiD;IAEjD,OAAO,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC,CAAC;AACtE,CAAC;AAED,iFAAiF;AAEjF,SAAS,UAAU,CAAC,GAAyD;IAC3E,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO;QAAc,OAAO,SAAS,GAAG,CAAC,QAAQ,EAAE,CAAC;IACrE,IAAI,GAAG,CAAC,IAAI,KAAK,mBAAmB;QAAE,OAAO,mBAAmB,CAAC;IACjE,OAAO,QAAQ,GAAG,CAAC,KAAK,EAAE,CAAC;AAC7B,CAAC;AAED,SAAS,mBAAmB,CAAC,QAAuB;IAClD,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,IAAI,QAAQ,CAAC,OAAO;QAAyB,KAAK,CAAC,IAAI,CAAC,WAAW,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAC;IACvF,IAAI,QAAQ,CAAC,UAAU;QAAsB,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,QAAQ,CAAC,UAAU,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAChH,IAAI,QAAQ,CAAC,gBAAgB,KAAK,SAAS;QAAE,KAAK,CAAC,IAAI,CAAC,SAAS,QAAQ,CAAC,gBAAgB,EAAE,CAAC,CAAC;IAC9F,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,WAAW,CAAC;AACxC,CAAC"}
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
import type { PersonId, GrantId } from "./ids.js";
|
|
2
|
+
export type AccessContext = OwnerContext | AgentConsentContext | SystemProjectionContext | AuditContext | TestContext;
|
|
3
|
+
export interface OwnerContext {
|
|
4
|
+
readonly kind: "owner";
|
|
5
|
+
readonly personId: PersonId;
|
|
6
|
+
}
|
|
7
|
+
export interface AgentConsentContext {
|
|
8
|
+
readonly kind: "agent";
|
|
9
|
+
readonly grantId: GrantId;
|
|
10
|
+
readonly agentId: string;
|
|
11
|
+
readonly purpose: PurposeTag;
|
|
12
|
+
readonly notAfter: string;
|
|
13
|
+
}
|
|
14
|
+
export interface SystemProjectionContext {
|
|
15
|
+
readonly kind: "system_projection";
|
|
16
|
+
}
|
|
17
|
+
export interface AuditContext {
|
|
18
|
+
readonly kind: "audit";
|
|
19
|
+
readonly personId: PersonId;
|
|
20
|
+
}
|
|
21
|
+
export interface TestContext {
|
|
22
|
+
readonly kind: "test";
|
|
23
|
+
readonly label: string;
|
|
24
|
+
}
|
|
25
|
+
export type PurposeTag = "obligation_review" | "cancellation_assist" | "budget_analysis" | "b2b_verification" | "proposal_submission" | "erasure_request" | "emergency_access" | "diagnosis" | "treatment" | "emergency" | "tax" | "credit_check" | "insurance_claim" | "account_overview" | "notary" | "contract_review" | "evidence_preservation" | "court_filing";
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
// ADR-004 + GPT-5.5 correction:
|
|
2
|
+
// "No store read without AccessContext" — not just ConsentContext.
|
|
3
|
+
// Projection rebuilds, audits, owner actions, and tests each get a typed context.
|
|
4
|
+
// External agents ONLY receive AgentConsentContext — never OwnerContext or SystemContext.
|
|
5
|
+
export {};
|
|
6
|
+
//# sourceMappingURL=access-context.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"access-context.js","sourceRoot":"","sources":["../../src/types/access-context.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,mEAAmE;AACnE,kFAAkF;AAClF,0FAA0F"}
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
import type { ClaimId, ContractId, SourceId, PersonId, ISOTime } from "./ids.js";
|
|
2
|
+
export interface ClaimMeta {
|
|
3
|
+
readonly id: ClaimId;
|
|
4
|
+
readonly sourceId: SourceId;
|
|
5
|
+
readonly subject: PersonId;
|
|
6
|
+
readonly predicate: ClaimPredicate;
|
|
7
|
+
readonly validFrom: ISOTime;
|
|
8
|
+
readonly validTo?: ISOTime;
|
|
9
|
+
readonly recordedAt: ISOTime;
|
|
10
|
+
readonly recordedSeq: number;
|
|
11
|
+
readonly retracts?: ClaimId;
|
|
12
|
+
readonly supersedes?: ClaimId;
|
|
13
|
+
readonly overrides?: ClaimId;
|
|
14
|
+
readonly contractId?: ContractId;
|
|
15
|
+
readonly confidence?: number;
|
|
16
|
+
}
|
|
17
|
+
export interface Claim<P extends ClaimPayload = ClaimPayload> extends ClaimMeta {
|
|
18
|
+
readonly payload: P;
|
|
19
|
+
}
|
|
20
|
+
export type AppendClaimInput = Omit<Claim, "id" | "recordedAt" | "recordedSeq">;
|
|
21
|
+
export type StoredClaim = Readonly<Claim>;
|
|
22
|
+
export type ClaimPredicate = "person.name" | "person.email" | "contract.exists" | "contract.counterparty" | "contract.amount" | "contract.cadence" | "contract.next_due" | "contract.cancellation_terms" | "contract.identity.link" | (string & Record<never, never>);
|
|
23
|
+
export type ClaimPayload = StringPayload | MoneyPayload | CadencePayload | DatePayload | IdentityLinkPayload;
|
|
24
|
+
export interface StringPayload {
|
|
25
|
+
readonly type: "string";
|
|
26
|
+
readonly value: string;
|
|
27
|
+
}
|
|
28
|
+
export interface MoneyPayload {
|
|
29
|
+
readonly type: "money";
|
|
30
|
+
readonly currency: string;
|
|
31
|
+
readonly minorUnits: number;
|
|
32
|
+
}
|
|
33
|
+
export interface CadencePayload {
|
|
34
|
+
readonly type: "cadence";
|
|
35
|
+
readonly rrule: string;
|
|
36
|
+
}
|
|
37
|
+
export interface DatePayload {
|
|
38
|
+
readonly type: "date";
|
|
39
|
+
readonly value: ISOTime;
|
|
40
|
+
}
|
|
41
|
+
export interface IdentityLinkPayload {
|
|
42
|
+
readonly type: "identity_link";
|
|
43
|
+
readonly contractId: string;
|
|
44
|
+
readonly observedAlias: string;
|
|
45
|
+
readonly normalizedAlias: string;
|
|
46
|
+
readonly normalizerVersion: string;
|
|
47
|
+
readonly matchMethod: "manual" | "auto_high_confidence" | "proposal_accepted";
|
|
48
|
+
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"claim.js","sourceRoot":"","sources":["../../src/types/claim.ts"],"names":[],"mappings":"AAAA,sCAAsC;AACtC,+EAA+E;AAC/E,uEAAuE"}
|
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
import type { GrantId, PersonId, ISOTime } from "./ids.js";
|
|
2
|
+
import type { ClaimPredicate } from "./claim.js";
|
|
3
|
+
import type { PurposeTag } from "./access-context.js";
|
|
4
|
+
export interface ConsentGrant {
|
|
5
|
+
readonly id: GrantId;
|
|
6
|
+
readonly grantedTo: AgentIdentity;
|
|
7
|
+
readonly purpose: PurposeTag;
|
|
8
|
+
readonly scope: Scope;
|
|
9
|
+
readonly capabilities: ReadonlyArray<Capability>;
|
|
10
|
+
readonly notBefore: ISOTime;
|
|
11
|
+
readonly notAfter: ISOTime;
|
|
12
|
+
readonly maxFieldDepth?: "summary" | "full";
|
|
13
|
+
readonly revokedAt?: ISOTime;
|
|
14
|
+
readonly createdAt: ISOTime;
|
|
15
|
+
}
|
|
16
|
+
export interface AgentIdentity {
|
|
17
|
+
readonly agentId: string;
|
|
18
|
+
readonly displayName: string;
|
|
19
|
+
}
|
|
20
|
+
export interface Scope {
|
|
21
|
+
readonly predicates: ReadonlyArray<ClaimPredicate>;
|
|
22
|
+
readonly subjects?: ReadonlyArray<PersonId>;
|
|
23
|
+
readonly contractIds?: ReadonlyArray<string>;
|
|
24
|
+
readonly excludePredicates?: ReadonlyArray<ClaimPredicate>;
|
|
25
|
+
}
|
|
26
|
+
export type Capability = "query" | "propose";
|
|
27
|
+
export type ConsentDecision = {
|
|
28
|
+
allowed: true;
|
|
29
|
+
scopedPredicates: ReadonlyArray<ClaimPredicate>;
|
|
30
|
+
maxFieldDepth: "summary" | "full";
|
|
31
|
+
} | {
|
|
32
|
+
allowed: false;
|
|
33
|
+
reason: ConsentDenyReason;
|
|
34
|
+
};
|
|
35
|
+
export type ConsentDenyReason = "grant_not_found" | "grant_expired" | "grant_not_yet_active" | "grant_revoked" | "purpose_mismatch" | "capability_not_granted" | "scope_empty" | "subject_not_granted";
|
|
36
|
+
export type ScopedQueryResult<T> = {
|
|
37
|
+
found: true;
|
|
38
|
+
data: T;
|
|
39
|
+
} | {
|
|
40
|
+
found: false;
|
|
41
|
+
};
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"consent.js","sourceRoot":"","sources":["../../src/types/consent.ts"],"names":[],"mappings":"AAAA,yCAAyC"}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
export interface CryptoBoundary {
|
|
2
|
+
encryptPayload(plaintext: string): Promise<EncryptedBlob>;
|
|
3
|
+
decryptPayload(blob: EncryptedBlob): Promise<string>;
|
|
4
|
+
encryptDocument(plaintext: Uint8Array): Promise<EncryptedBlob>;
|
|
5
|
+
decryptDocument(blob: EncryptedBlob): Promise<Uint8Array>;
|
|
6
|
+
}
|
|
7
|
+
export interface EncryptedBlob {
|
|
8
|
+
readonly ciphertext: string;
|
|
9
|
+
readonly iv: string;
|
|
10
|
+
readonly authTag: string;
|
|
11
|
+
readonly keyRef: string;
|
|
12
|
+
}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
// ADR-005 — CryptoBoundary interface
|
|
2
|
+
// Exactly ONE layer between domain (plaintext) and persistence (ciphertext).
|
|
3
|
+
// No domain module may import crypto primitives directly (enforced by architecture tests).
|
|
4
|
+
export {};
|
|
5
|
+
// What is encrypted at rest (ADR-005, field-level list):
|
|
6
|
+
// - Claim.payload (value field)
|
|
7
|
+
// - raw source documents (PDF, email body)
|
|
8
|
+
//
|
|
9
|
+
// What remains plaintext metadata (explicitly accepted risk for MVP):
|
|
10
|
+
// - ContractId, ClaimId, SourceId, predicate names
|
|
11
|
+
// - recordedAt, validFrom/validTo, confidence
|
|
12
|
+
// - Consent scope structure
|
|
13
|
+
// Risk: allows traffic analysis ("user has N contracts")
|
|
14
|
+
// Accepted: no real PII in MVP 0.1. Post-MVP: metadata encryption.
|
|
15
|
+
//# sourceMappingURL=crypto-boundary.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"crypto-boundary.js","sourceRoot":"","sources":["../../src/types/crypto-boundary.ts"],"names":[],"mappings":"AAAA,qCAAqC;AACrC,6EAA6E;AAC7E,2FAA2F;;AAuB3F,yDAAyD;AACzD,gCAAgC;AAChC,2CAA2C;AAC3C,EAAE;AACF,sEAAsE;AACtE,mDAAmD;AACnD,8CAA8C;AAC9C,4BAA4B;AAC5B,yDAAyD;AACzD,mEAAmE"}
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
import type { EvidenceId, ISOTime } from "./ids.js";
|
|
2
|
+
import type { OwnerContext, SystemProjectionContext, TestContext } from "./access-context.js";
|
|
3
|
+
export type EvidenceWriter = OwnerContext | SystemProjectionContext | TestContext;
|
|
4
|
+
export interface EvidenceRef {
|
|
5
|
+
readonly id: EvidenceId;
|
|
6
|
+
readonly uri: string;
|
|
7
|
+
readonly mimeType: string;
|
|
8
|
+
readonly byteLength: number;
|
|
9
|
+
readonly encrypted: true;
|
|
10
|
+
readonly createdAt: ISOTime;
|
|
11
|
+
readonly label?: string;
|
|
12
|
+
}
|
|
13
|
+
export interface RawDocument {
|
|
14
|
+
readonly id: EvidenceId;
|
|
15
|
+
readonly mimeType: string;
|
|
16
|
+
readonly byteLength: number;
|
|
17
|
+
readonly createdAt: ISOTime;
|
|
18
|
+
readonly createdBy: EvidenceWriter;
|
|
19
|
+
readonly label?: string;
|
|
20
|
+
readonly metadata?: Readonly<Record<string, unknown>>;
|
|
21
|
+
readonly plainBytes: Uint8Array;
|
|
22
|
+
}
|
|
23
|
+
export interface RawDocumentInput {
|
|
24
|
+
readonly mimeType: string;
|
|
25
|
+
readonly bytes: Uint8Array;
|
|
26
|
+
readonly label?: string;
|
|
27
|
+
readonly metadata?: Record<string, unknown>;
|
|
28
|
+
}
|
|
29
|
+
export interface EvidenceFilter {
|
|
30
|
+
readonly mimeType?: string;
|
|
31
|
+
}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
// Evidence types — Slice-09 encrypted RawDocument / EvidenceRef store.
|
|
2
|
+
//
|
|
3
|
+
// RAW_DOCUMENT_STORE_EXISTS_001: RawDocumentStore is the only durable home for raw bytes.
|
|
4
|
+
// RAW_DOCUMENT_BYTES_ENCRYPTED_AT_REST_001: only EncryptedBlob is persisted, never plaintext.
|
|
5
|
+
// RAW_DOCUMENT_IMMUTABLE_001: documents have no update/delete path.
|
|
6
|
+
// RAW_DOCUMENT_ACCESS_BOUND_001: only Owner/System/Test may write or read raw bytes.
|
|
7
|
+
export {};
|
|
8
|
+
//# sourceMappingURL=evidence.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"evidence.js","sourceRoot":"","sources":["../../src/types/evidence.ts"],"names":[],"mappings":"AAAA,uEAAuE;AACvE,EAAE;AACF,0FAA0F;AAC1F,8FAA8F;AAC9F,oEAAoE;AACpE,qFAAqF"}
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
import type { ClaimId, PersonId, ISOTime } from "./ids.js";
|
|
2
|
+
import type { AppendClaimInput, ClaimMeta, ClaimPredicate, StoredClaim } from "./claim.js";
|
|
3
|
+
import type { AccessContext } from "./access-context.js";
|
|
4
|
+
export interface FactStore {
|
|
5
|
+
append(input: AppendClaimInput, ctx: AccessContext): Promise<{
|
|
6
|
+
claimId: ClaimId;
|
|
7
|
+
recordedSeq: number;
|
|
8
|
+
}>;
|
|
9
|
+
readAll(ctx: AccessContext): Promise<ReadonlyArray<ClaimMeta>>;
|
|
10
|
+
readSince(seq: number, ctx: AccessContext): Promise<ReadonlyArray<ClaimMeta>>;
|
|
11
|
+
readAt(params: BitemporalQuery, ctx: AccessContext): Promise<ReadonlyArray<ClaimMeta>>;
|
|
12
|
+
readClaims(ctx: AccessContext, selector: ClaimSelector): Promise<ReadonlyArray<ClaimMeta>>;
|
|
13
|
+
readStoredClaims(ctx: AccessContext, selector: ClaimSelector): Promise<ReadonlyArray<StoredClaim>>;
|
|
14
|
+
}
|
|
15
|
+
export interface BitemporalQuery {
|
|
16
|
+
validAsOf?: ISOTime;
|
|
17
|
+
knownAsOf?: ISOTime;
|
|
18
|
+
}
|
|
19
|
+
export interface ClaimSelector {
|
|
20
|
+
readonly subject?: PersonId;
|
|
21
|
+
readonly predicates?: ReadonlyArray<ClaimPredicate>;
|
|
22
|
+
readonly sinceRecordedSeq?: number;
|
|
23
|
+
readonly includeRetracted?: boolean;
|
|
24
|
+
}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
// FactStore interface — the only write+read primitive.
|
|
2
|
+
// ALL reads require an AccessContext. No implicit read-all. (ADR-004, GPT-5.5)
|
|
3
|
+
//
|
|
4
|
+
// Two read tiers (Slice-06b):
|
|
5
|
+
// Metadata reads — readAll / readClaims / readSince / readAt → ClaimMeta[]
|
|
6
|
+
// Safe for AgentConsentContext and AuditContext.
|
|
7
|
+
// Hydrated reads — readStoredClaims → StoredClaim[] (includes decrypted payload)
|
|
8
|
+
// FACTSTORE_HYDRATED_READ_ACCESS_BOUND_001:
|
|
9
|
+
// Only OwnerContext, SystemProjectionContext, TestContext are allowed.
|
|
10
|
+
// AgentConsentContext and AuditContext are denied — fail closed.
|
|
11
|
+
export {};
|
|
12
|
+
//# sourceMappingURL=fact-store.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"fact-store.js","sourceRoot":"","sources":["../../src/types/fact-store.ts"],"names":[],"mappings":"AAAA,uDAAuD;AACvD,+EAA+E;AAC/E,EAAE;AACF,8BAA8B;AAC9B,8EAA8E;AAC9E,qEAAqE;AACrE,oFAAoF;AACpF,gEAAgE;AAChE,2FAA2F;AAC3F,qFAAqF"}
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
export type PersonId = string & {
|
|
2
|
+
readonly __brand: "PersonId";
|
|
3
|
+
};
|
|
4
|
+
export type SourceId = string & {
|
|
5
|
+
readonly __brand: "SourceId";
|
|
6
|
+
};
|
|
7
|
+
export type ClaimId = string & {
|
|
8
|
+
readonly __brand: "ClaimId";
|
|
9
|
+
};
|
|
10
|
+
export type ContractId = string & {
|
|
11
|
+
readonly __brand: "ContractId";
|
|
12
|
+
};
|
|
13
|
+
export type GrantId = string & {
|
|
14
|
+
readonly __brand: "GrantId";
|
|
15
|
+
};
|
|
16
|
+
export type ProposalId = string & {
|
|
17
|
+
readonly __brand: "ProposalId";
|
|
18
|
+
};
|
|
19
|
+
export type AuditId = string & {
|
|
20
|
+
readonly __brand: "AuditId";
|
|
21
|
+
};
|
|
22
|
+
export type ISOTime = string & {
|
|
23
|
+
readonly __brand: "ISOTime";
|
|
24
|
+
};
|
|
25
|
+
export type EvidenceId = string & {
|
|
26
|
+
readonly __brand: "EvidenceId";
|
|
27
|
+
};
|
|
28
|
+
export declare function asPersonId(s: string): PersonId;
|
|
29
|
+
export declare function asSourceId(s: string): SourceId;
|
|
30
|
+
export declare function asClaimId(s: string): ClaimId;
|
|
31
|
+
export declare function asContractId(s: string): ContractId;
|
|
32
|
+
export declare function asGrantId(s: string): GrantId;
|
|
33
|
+
export declare function asProposalId(s: string): ProposalId;
|
|
34
|
+
export declare function asAuditId(s: string): AuditId;
|
|
35
|
+
export declare function asISOTime(s: string): ISOTime;
|
|
36
|
+
export declare function asEvidenceId(s: string): EvidenceId;
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
// Branded IDs — prevent mixing ClaimId where ContractId is expected at compile time
|
|
2
|
+
export function asPersonId(s) { return s; }
|
|
3
|
+
export function asSourceId(s) { return s; }
|
|
4
|
+
export function asClaimId(s) { return s; }
|
|
5
|
+
export function asContractId(s) { return s; }
|
|
6
|
+
export function asGrantId(s) { return s; }
|
|
7
|
+
export function asProposalId(s) { return s; }
|
|
8
|
+
export function asAuditId(s) { return s; }
|
|
9
|
+
export function asISOTime(s) { return s; }
|
|
10
|
+
export function asEvidenceId(s) { return s; }
|
|
11
|
+
//# sourceMappingURL=ids.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ids.js","sourceRoot":"","sources":["../../src/types/ids.ts"],"names":[],"mappings":"AAAA,oFAAoF;AAYpF,MAAM,UAAU,UAAU,CAAC,CAAS,IAAkB,OAAO,CAAa,CAAC,CAAC,CAAC;AAC7E,MAAM,UAAU,UAAU,CAAC,CAAS,IAAkB,OAAO,CAAa,CAAC,CAAC,CAAC;AAC7E,MAAM,UAAU,SAAS,CAAC,CAAS,IAAmB,OAAO,CAAY,CAAC,CAAC,CAAC;AAC5E,MAAM,UAAU,YAAY,CAAC,CAAS,IAAgB,OAAO,CAAe,CAAC,CAAC,CAAC;AAC/E,MAAM,UAAU,SAAS,CAAC,CAAS,IAAmB,OAAO,CAAY,CAAC,CAAC,CAAC;AAC5E,MAAM,UAAU,YAAY,CAAC,CAAS,IAAgB,OAAO,CAAe,CAAC,CAAC,CAAC;AAC/E,MAAM,UAAU,SAAS,CAAC,CAAS,IAAmB,OAAO,CAAY,CAAC,CAAC,CAAC;AAC5E,MAAM,UAAU,SAAS,CAAC,CAAS,IAAmB,OAAO,CAAY,CAAC,CAAC,CAAC;AAC5E,MAAM,UAAU,YAAY,CAAC,CAAS,IAAgB,OAAO,CAAe,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
import type { ClaimId, GrantId, ISOTime, ProposalId, SourceId } from "./ids.js";
|
|
2
|
+
import type { OwnerContext, SystemProjectionContext, TestContext } from "./access-context.js";
|
|
3
|
+
import type { AppendClaimInput } from "./claim.js";
|
|
4
|
+
export type ProposalStatus = "pending" | "accepted" | "rejected" | "expired";
|
|
5
|
+
export interface ProposalAuthor {
|
|
6
|
+
readonly agentId: string;
|
|
7
|
+
readonly grantId: GrantId;
|
|
8
|
+
readonly purpose: string;
|
|
9
|
+
}
|
|
10
|
+
export interface Proposal {
|
|
11
|
+
readonly id: ProposalId;
|
|
12
|
+
readonly proposedBy: ProposalAuthor;
|
|
13
|
+
readonly underGrant: GrantId;
|
|
14
|
+
readonly candidateClaims: ReadonlyArray<AppendClaimInput>;
|
|
15
|
+
readonly rationale?: string;
|
|
16
|
+
readonly status: ProposalStatus;
|
|
17
|
+
readonly createdAt: ISOTime;
|
|
18
|
+
readonly decidedAt?: ISOTime;
|
|
19
|
+
readonly decidedBy?: OwnerContext | SystemProjectionContext | TestContext;
|
|
20
|
+
readonly resultingClaimIds?: ReadonlyArray<ClaimId>;
|
|
21
|
+
readonly rejectionReason?: string;
|
|
22
|
+
}
|
|
23
|
+
export interface ProposalInput {
|
|
24
|
+
readonly candidateClaims: ReadonlyArray<AppendClaimInput>;
|
|
25
|
+
readonly rationale?: string;
|
|
26
|
+
}
|
|
27
|
+
export interface ProposalFilter {
|
|
28
|
+
readonly status?: ProposalStatus;
|
|
29
|
+
readonly proposedByAgent?: string;
|
|
30
|
+
readonly underGrant?: GrantId;
|
|
31
|
+
}
|
|
32
|
+
export interface AcceptOptions {
|
|
33
|
+
readonly sourceId: SourceId;
|
|
34
|
+
}
|
|
35
|
+
export interface RejectOptions {
|
|
36
|
+
readonly reason: string;
|
|
37
|
+
}
|
|
38
|
+
export type ProposalDecider = OwnerContext | SystemProjectionContext | TestContext;
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
// Proposal model — Slice-08.
|
|
2
|
+
//
|
|
3
|
+
// PROPOSAL_QUEUE_EXISTS_001: ProposalQueue is the sole mechanism for agent-authored claim proposals.
|
|
4
|
+
// PROPOSAL_CANDIDATE_CLAIMS_NOT_LOGGED_BEFORE_ACCEPT_001: candidateClaims never reach FactStore until accept.
|
|
5
|
+
// PROPOSAL_STATUS_IMMUTABLE_AFTER_DECISION_001: once accepted/rejected, no further transitions allowed.
|
|
6
|
+
export {};
|
|
7
|
+
//# sourceMappingURL=proposal.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"proposal.js","sourceRoot":"","sources":["../../src/types/proposal.ts"],"names":[],"mappings":"AAAA,6BAA6B;AAC7B,EAAE;AACF,qGAAqG;AACrG,8GAA8G;AAC9G,wGAAwG"}
|