network-ai 5.10.2 → 5.12.0

package/dist/esm/lib/auth-guardian.js

@@ -0,0 +1,692 @@
+"use strict";
+/**
+ * Universal permission wall for multi-agent systems.
+ *
+ * Evaluates permission requests using a weighted formula of justification
+ * quality (40%), agent trust level (30%), and risk score (30%).
+ * Resource types, risk profiles, trust levels, and restrictions are all
+ * configurable — works for coding, finance, DevOps, or any domain.
+ *
+ * @module AuthGuardian
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthGuardian = void 0;
+const fs_1 = require("fs");
+const path_1 = require("path");
+const crypto_1 = require("crypto");
+const security_1 = require("../security");
+const errors_1 = require("./errors");
+const orchestrator_types_1 = require("./orchestrator-types");
+/**
+ * Universal permission wall for multi-agent systems.
+ *
+ * Evaluates permission requests using a weighted formula of justification
+ * quality (40%), agent trust level (30%), and risk score (30%).
+ * Resource types, risk profiles, trust levels, and restrictions are all
+ * configurable — works for coding, finance, DevOps, or any domain.
+ *
+ * **Advisory tokens notice:** Grant tokens produced by `requestPermission()`
+ * are **advisory scoring outputs only**. The caller-supplied `agentId` is not
+ * cryptographically verified — any caller can claim any identity. Do **not**
+ * treat these tokens as authenticated credentials for PAYMENTS, DATABASE, or
+ * FILE_EXPORT operations without adding a separate identity-verification step
+ * (e.g. a platform auth layer or human approval gate).
+ *
+ * @example
+ * ```typescript
+ * const guardian = new AuthGuardian({
+ *   trustLevels: [{ agentId: 'analyst', trustLevel: 0.8 }],
+ *   resourceProfiles: { CUSTOM_API: { baseRisk: 0.5, defaultRestrictions: ['audit_required'] } },
+ * });
+ *
+ * const grant = await guardian.requestPermission(
+ *   'analyst', 'CUSTOM_API', 'Need to fetch Q4 revenue data for report', 'read'
+ * );
+ * if (grant.granted) {
+ *   // Use grant.grantToken to prove authorization
+ * }
+ * ```
+ */
+class AuthGuardian {
+    activeGrants = new Map();
+    agentTrustLevels = new Map();
+    agentTrustConfigs = new Map();
+    resourceProfiles = new Map();
+    auditLog = [];
+    auditLogPath;
+    trustConfigPath;
+    signingAlgorithm;
+    hmacSecret;
+    ed25519PrivateKey;
+    ed25519PublicKey;
+    /** Per-agent consecutive unsupported-claim counters (ClaimVerifier integration) */
+    _consecutiveClaims = new Map();
+    constructor(options) {
+        this.auditLogPath = options?.auditLogPath ?? orchestrator_types_1.CONFIG.auditLogPath;
+        this.trustConfigPath = (0, path_1.resolve)(options?.trustConfigPath ?? orchestrator_types_1.CONFIG.trustConfigPath);
+        this.signingAlgorithm = options?.algorithm ?? 'hmac-sha256';
+        if (this.signingAlgorithm === 'ed25519') {
+            const { publicKey, privateKey } = (0, crypto_1.generateKeyPairSync)('ed25519');
+            this.ed25519PrivateKey = privateKey;
+            this.ed25519PublicKey = publicKey;
+            this.hmacSecret = '';
+        }
+        else {
+            this.ed25519PrivateKey = null;
+            this.ed25519PublicKey = null;
+            this.hmacSecret = options?.hmacSecret ?? (0, crypto_1.randomUUID)();
+        }
+        // Load resource profiles (file → user-provided → defaults)
+        const fileProfiles = this.loadResourceProfilesFromDisk();
+        const profiles = { ...orchestrator_types_1.DEFAULT_RESOURCE_PROFILES, ...fileProfiles, ...(options?.resourceProfiles ?? {}) };
+        for (const [name, profile] of Object.entries(profiles)) {
+            this.resourceProfiles.set(name, profile);
+        }
+        // Load trust levels (try disk first, then user-provided, then defaults)
+        const trustConfigs = options?.trustLevels ?? this.loadTrustFromDisk() ?? orchestrator_types_1.DEFAULT_AGENT_TRUST;
+        for (const config of trustConfigs) {
+            this.agentTrustLevels.set(config.agentId, config.trustLevel);
+            this.agentTrustConfigs.set(config.agentId, config);
+        }
+        // Load existing audit log from disk
+        this.loadAuditFromDisk();
+    }
+    /**
+     * Register a new resource type at runtime.
+     * Makes the system extensible for any domain.
+     */
+    registerResourceType(name, profile) {
+        if (!name || typeof name !== 'string' || name.trim() === '') {
+            throw new errors_1.ValidationError('resource name must be a non-empty string');
+        }
+        if (!profile || typeof profile !== 'object' || typeof profile.baseRisk !== 'number') {
+            throw new errors_1.ValidationError('profile must be an object with a numeric baseRisk');
+        }
+        if (profile.baseRisk < 0 || profile.baseRisk > 1) {
+            throw new errors_1.ValidationError('profile.baseRisk must be between 0 and 1');
+        }
+        if (!Array.isArray(profile.defaultRestrictions)) {
+            throw new errors_1.ValidationError('profile.defaultRestrictions must be an array');
+        }
+        this.resourceProfiles.set(name, profile);
+    }
+    /**
+     * Register or update an agent's trust configuration at runtime.
+     */
+    registerAgentTrust(config) {
+        if (!config || typeof config !== 'object') {
+            throw new errors_1.ValidationError('config must be an object');
+        }
+        if (!config.agentId || typeof config.agentId !== 'string' || config.agentId.trim() === '') {
+            throw new errors_1.ValidationError('config.agentId must be a non-empty string');
+        }
+        if (typeof config.trustLevel !== 'number' || config.trustLevel < 0 || config.trustLevel > 1) {
+            throw new errors_1.ValidationError('config.trustLevel must be a number between 0 and 1');
+        }
+        this.agentTrustLevels.set(config.agentId, config.trustLevel);
+        this.agentTrustConfigs.set(config.agentId, config);
+        this.persistTrustToDisk();
+    }
+    /**
+     * Request permission to access a resource.
+     * resourceType is now a free string -- validated against registered profiles.
+     */
+    async requestPermission(agentId, resourceType, justification, scope) {
+        if (!agentId || typeof agentId !== 'string') {
+            throw new errors_1.ValidationError('agentId must be a non-empty string');
+        }
+        if (!resourceType || typeof resourceType !== 'string') {
+            throw new errors_1.ValidationError('resourceType must be a non-empty string');
+        }
+        if (!justification || typeof justification !== 'string') {
+            throw new errors_1.ValidationError('justification must be a non-empty string');
+        }
+        // Sanitize inputs
+        let safeAgentId;
+        let safeJustification;
+        try {
+            safeAgentId = security_1.InputSanitizer.sanitizeAgentId(agentId);
+            safeJustification = security_1.InputSanitizer.sanitizeString(justification, 2000);
+        }
+        catch {
+            safeAgentId = agentId.replace(/[^a-zA-Z0-9_-]/g, '').slice(0, 64) || 'unknown';
+            safeJustification = justification.slice(0, 2000);
+        }
+        this.log('permission_request', { agentId: safeAgentId, resourceType, justification: safeJustification, scope });
+        // Check if agent is allowed to access this resource type
+        const agentConfig = this.agentTrustConfigs.get(safeAgentId);
+        if (agentConfig && agentConfig.allowedResources && !agentConfig.allowedResources.includes('*')) {
+            if (!agentConfig.allowedResources.includes(resourceType)) {
+                this.log('permission_denied', { agentId: safeAgentId, resourceType, reason: 'resource_not_in_allowlist' });
+                return {
+                    granted: false,
+                    grantToken: null,
+                    expiresAt: null,
+                    restrictions: [],
+                    reason: `Agent '${safeAgentId}' is not authorized to access '${resourceType}'. Allowed: ${agentConfig.allowedResources.join(', ')}`,
+                };
+            }
+        }
+        // Evaluate the permission request
+        const evaluation = this.evaluateRequest(safeAgentId, resourceType, safeJustification, scope);
+        if (!evaluation.approved) {
+            this.log('permission_denied', { agentId: safeAgentId, resourceType, reason: evaluation.reason });
+            return {
+                granted: false,
+                grantToken: null,
+                expiresAt: null,
+                restrictions: [],
+                reason: evaluation.reason,
+            };
+        }
+        // Generate grant token
+        const grantToken = this.generateGrantToken();
+        const expiresAt = new Date(Date.now() + orchestrator_types_1.CONFIG.grantTokenTTL).toISOString();
+        const grant = {
+            grantToken,
+            resourceType,
+            agentId: safeAgentId,
+            expiresAt,
+            restrictions: evaluation.restrictions,
+            scope,
+        };
+        this.activeGrants.set(grantToken, grant);
+        this.log('permission_granted', { grantToken, agentId: safeAgentId, resourceType, expiresAt, restrictions: evaluation.restrictions });
+        return {
+            granted: true,
+            grantToken,
+            expiresAt,
+            restrictions: evaluation.restrictions,
+        };
+    }
+    /**
+     * Validate a grant token and return `true` if it is active and not expired.
+     *
+     * @param token - The grant token to validate
+     * @returns `true` if the token is valid, `false` otherwise
+     */
+    validateToken(token) {
+        if (!token || typeof token !== 'string')
+            return false;
+        const grant = this.activeGrants.get(token);
+        if (!grant)
+            return false;
+        if (new Date(grant.expiresAt) < new Date()) {
+            this.activeGrants.delete(token);
+            return false;
+        }
+        return true;
+    }
+    /**
+     * Validate a token and return the full grant object (including restrictions
+     * and scope) for point-of-use enforcement.
+     *
+     * @param token - The grant token to validate
+     * @returns The grant details, or `null` if invalid/expired
+     */
+    validateTokenWithGrant(token) {
+        if (!token || typeof token !== 'string')
+            return null;
+        const grant = this.activeGrants.get(token);
+        if (!grant)
+            return null;
+        if (new Date(grant.expiresAt) < new Date()) {
+            this.activeGrants.delete(token);
+            return null;
+        }
+        return grant;
+    }
+    /**
+     * Enforce restrictions on an operation. Returns an error string if
+     * the operation violates any restriction, or `null` if all restrictions pass.
+     *
+     * @param grantToken  - The grant token authorizing the operation
+     * @param operation   - Description of the operation to check against restrictions
+     * @returns Error message string if a restriction is violated, or `null` if allowed
+     */
+    enforceRestrictions(grantToken, operation) {
+        if (!grantToken || typeof grantToken !== 'string') {
+            return 'Invalid or expired grant token';
+        }
+        const grant = this.validateTokenWithGrant(grantToken);
+        if (!grant)
+            return 'Invalid or expired grant token';
+        for (const restriction of grant.restrictions) {
+            // Enforce read_only
+            if (restriction === 'read_only' && operation.type && operation.type !== 'read') {
+                return `Restriction 'read_only' violated: attempted '${operation.type}'`;
+            }
+            // Enforce max_records
+            const maxRecordsMatch = restriction.match(/^max_records:(\d+)$/);
+            if (maxRecordsMatch && operation.recordCount) {
+                const max = parseInt(maxRecordsMatch[1], 10);
+                if (operation.recordCount > max) {
+                    return `Restriction '${restriction}' violated: requested ${operation.recordCount} records`;
+                }
+            }
+            // Enforce sandbox_only
+            if (restriction === 'sandbox_only' && operation.targetPath) {
+                if (/^\/|^[A-Z]:\\(?:Windows|Program)/i.test(operation.targetPath)) {
+                    return `Restriction 'sandbox_only' violated: path '${operation.targetPath}' is outside sandbox`;
+                }
+            }
+            // Enforce no_sudo
+            if (restriction === 'no_sudo' && operation.command) {
+                if (/\bsudo\b/i.test(operation.command)) {
+                    return `Restriction 'no_sudo' violated: command contains sudo`;
+                }
+            }
+            // Enforce workspace_only
+            if (restriction === 'workspace_only' && operation.targetPath) {
+                if (/\.\.[/\\]/.test(operation.targetPath)) {
+                    return `Restriction 'workspace_only' violated: path traversal detected`;
+                }
+            }
+            // Enforce no_system_dirs
+            if (restriction === 'no_system_dirs' && operation.targetPath) {
+                if (/(?:\/etc|\/usr|\/var|\\Windows|\\System32)/i.test(operation.targetPath)) {
+                    return `Restriction 'no_system_dirs' violated: system directory access`;
+                }
+            }
+            // Enforce no_attachments
+            if (restriction === 'no_attachments' && operation.hasAttachments) {
+                return `Restriction 'no_attachments' violated`;
+            }
+        }
+        return null; // All restrictions passed
+    }
+    /**
+     * Revoke a grant token, immediately invalidating it.
+     * Silently no-ops if the token doesn't exist.
+     *
+     * @param token - The grant token to revoke
+     */
+    revokeToken(token) {
+        this.activeGrants.delete(token);
+        this.log('permission_revoked', { token });
+    }
+    /**
+     * Return the scoring breakdown for a hypothetical permission request without
+     * issuing a token. Useful for `--why` diagnostics in the CLI.
+     *
+     * @param agentId - The agent requesting the permission
+     * @param resourceType - The resource type being requested
+     * @param justification - The justification text
+     * @param scope - Optional scope string
+     * @returns Scoring breakdown and approval verdict
+     */
+    scoreRequest(agentId, resourceType, justification, scope) {
+        const justificationScore = this.scoreJustification(justification, resourceType);
+        const trustScore = this.agentTrustLevels.get(agentId) ?? 0.5;
+        const riskScore = this.assessRisk(resourceType, scope);
+        const weightedScore = (justificationScore * 0.4) + (trustScore * 0.3) + ((1 - riskScore) * 0.3);
+        let approved = weightedScore >= 0.5;
+        let reason;
+        if (justificationScore < 0.3) {
+            approved = false;
+            reason = 'Justification is insufficient. Please provide specific task context.';
+        }
+        else if (trustScore < 0.4) {
+            approved = false;
+            reason = 'Agent trust level is below threshold. Escalate to human operator.';
+        }
+        else if (riskScore > 0.8) {
+            approved = false;
+            reason = 'Risk assessment exceeds acceptable threshold. Narrow the requested scope.';
+        }
+        else if (!approved) {
+            reason = 'Combined evaluation score below threshold.';
+        }
+        return { justificationScore, trustScore, riskScore, weightedScore, approved, reason };
+    }
+    evaluateRequest(agentId, resourceType, justification, scope) {
+        // 1. Justification Quality (40% weight) -- now includes resource-relevance
+        const justificationScore = this.scoreJustification(justification, resourceType);
+        if (justificationScore < 0.3) {
+            return {
+                approved: false,
+                reason: 'Justification is insufficient. Please provide specific task context.',
+                restrictions: [],
+            };
+        }
+        // 2. Agent Trust Level (30% weight)
+        const trustLevel = this.agentTrustLevels.get(agentId) ?? 0.5;
+        if (trustLevel < 0.4) {
+            return {
+                approved: false,
+                reason: 'Agent trust level is below threshold. Escalate to human operator.',
+                restrictions: [],
+            };
+        }
+        // 3. Risk Assessment (30% weight)
+        const riskScore = this.assessRisk(resourceType, scope);
+        if (riskScore > 0.8) {
+            return {
+                approved: false,
+                reason: 'Risk assessment exceeds acceptable threshold. Narrow the requested scope.',
+                restrictions: [],
+            };
+        }
+        // Get restrictions from resource profile (data-driven, not hardcoded)
+        const profile = this.resourceProfiles.get(resourceType);
+        const restrictions = profile
+            ? [...profile.defaultRestrictions]
+            : ['audit_required']; // Unknown resources get audited by default
+        // Calculate weighted approval
+        const weightedScore = (justificationScore * 0.4) + (trustLevel * 0.3) + ((1 - riskScore) * 0.3);
+        const approved = weightedScore >= 0.5;
+        return {
+            approved,
+            reason: approved ? undefined : 'Combined evaluation score below threshold.',
+            restrictions,
+        };
+    }
+    /**
+     * Improved justification scoring with resource-relevance checking.
+     * Prevents trivial gaming by verifying the justification mentions
+     * concepts relevant to the requested resource.
+     */
+    scoreJustification(justification, resourceType) {
+        let score = 0;
+        // Length scoring
+        if (justification.length > 20)
+            score += 0.15;
+        if (justification.length > 50)
+            score += 0.15;
+        // Intent keywords
+        if (/task|purpose|need|require|generate|analyze|process|build|deploy|test|review/i.test(justification))
+            score += 0.15;
+        // Specificity keywords
+        if (/specific|particular|exact|for\s+the|in\s+order\s+to|because|so\s+that/i.test(justification))
+            score += 0.15;
+        // Penalty for vague/test phrasing
+        if (/^test$|^debug$|^try$|^just\s+testing/i.test(justification.trim()))
+            score -= 0.3;
+        // Resource-relevance check: does the justification mention anything related
+        // to the requested resource? (+0.2 bonus for relevant context)
+        if (resourceType) {
+            const relevancePatterns = {
+                SAP_API: /sap|erp|invoice|procurement|purchase|material|vendor/i,
+                FINANCIAL_API: /financ|revenue|budget|accounting|payment|ledger|balance/i,
+                DATA_EXPORT: /export|report|csv|download|extract|migrate/i,
+                FILE_SYSTEM: /file|read|write|save|load|path|directory|workspace/i,
+                SHELL_EXEC: /command|script|compile|build|run|execute|terminal/i,
+                GIT: /git|commit|branch|merge|pull|push|repository|diff/i,
+                PACKAGE_MANAGER: /package|install|dependency|npm|pip|cargo|module/i,
+                BUILD_TOOL: /build|compile|webpack|tsc|make|gradle|cargo/i,
+                DOCKER: /container|docker|image|deploy|service|compose/i,
+                CLOUD_DEPLOY: /deploy|cloud|staging|production|release|infrastructure/i,
+                DATABASE: /database|query|sql|table|record|schema|migration/i,
+                EXTERNAL_SERVICE: /api|service|endpoint|webhook|request|fetch/i,
+                EMAIL: /email|mail|send|notification|alert|message/i,
+                WEBHOOK: /webhook|callback|notification|event|dispatch/i,
+            };
+            const pattern = relevancePatterns[resourceType];
+            if (pattern && pattern.test(justification)) {
+                score += 0.2;
+            }
+            else if (pattern && !pattern.test(justification)) {
+                // Justification doesn't mention anything relevant -- small penalty
+                score -= 0.1;
+            }
+        }
+        // Bonus for mentioning a task/ticket ID
+        if (/(?:task|ticket|issue|jira|pr|bug)[_\-#]?\s*\d+/i.test(justification))
+            score += 0.1;
+        return Math.max(0, Math.min(score, 1));
+    }
+    assessRisk(resourceType, scope) {
+        // Look up base risk from registered profile (not hardcoded)
+        const profile = this.resourceProfiles.get(resourceType);
+        let risk = profile?.baseRisk ?? 0.5; // Unknown resources get medium risk
+        // Broad scopes increase risk
+        if (!scope || scope === '*' || scope === 'all') {
+            risk += 0.2;
+        }
+        // Write/delete operations increase risk
+        if (scope && /write|delete|update|modify|execute|deploy/i.test(scope)) {
+            risk += 0.2;
+        }
+        return Math.min(risk, 1);
+    }
+    generateGrantToken() {
+        const id = (0, crypto_1.randomUUID)().replace(/-/g, '');
+        const payload = `grant_${id}`;
+        if (this.signingAlgorithm === 'ed25519' && this.ed25519PrivateKey) {
+            const sig = (0, crypto_1.sign)(null, Buffer.from(payload), this.ed25519PrivateKey).toString('base64url');
+            return `${payload}.${sig}`;
+        }
+        // HMAC: append signature so tokens are tamper-evident
+        const sig = (0, crypto_1.createHmac)('sha256', this.hmacSecret).update(payload).digest('base64url');
+        return `${payload}.${sig}`;
+    }
+    // --------------------------------------------------------------------------
+    // Claim-verifier trust decay integration
+    // --------------------------------------------------------------------------
+    /**
+     * Record one unsupported-claim violation for an agent.
+     * After `threshold` consecutive violations the agent's trust is decremented
+     * by `decayStep`. Below 0.4 trust, requestPermission() will deny high-risk
+     * resources and the agent is effectively forced into ApprovalGate territory.
+     *
+     * Call this from ClaimVerifier after each UNSUPPORTED_CLAIM violation.
+     * The consecutive counter resets when a corroborated turn is recorded.
+     *
+     * @param agentId    - The lying/hallucinating agent
+     * @param threshold  - Consecutive misses before decay (default: 3)
+     * @param decayStep  - Trust reduction per threshold breach (default: 0.1)
+     */
+    recordClaimViolation(agentId, threshold = 3, decayStep = 0.1) {
+        const count = (this._consecutiveClaims.get(agentId) ?? 0) + 1;
+        this._consecutiveClaims.set(agentId, count);
+        if (count >= threshold) {
+            const current = this.agentTrustLevels.get(agentId) ?? 0.5;
+            const next = Math.max(0, +(current - decayStep).toFixed(4));
+            this.registerAgentTrust({ agentId, trustLevel: next });
+            this.log('trust_decay', { agentId, previousTrust: current, newTrust: next, consecutiveViolations: count });
+            this._consecutiveClaims.set(agentId, 0); // reset after decay fires
+        }
+    }
+    /**
+     * Reset the consecutive unsupported-claim counter for an agent.
+     * Call this when the agent produces a fully corroborated turn.
+     */
+    resetClaimViolations(agentId) {
+        this._consecutiveClaims.set(agentId, 0);
+    }
+    /** Current consecutive unsupported-claim count for an agent. */
+    getClaimViolationCount(agentId) {
+        return this._consecutiveClaims.get(agentId) ?? 0;
+    }
+    /**
+     * Get the current trust level for an agent (0–1).
+     * Returns 0.5 (the default) for unknown agents.
+     */
+    getTrustLevel(agentId) {
+        return this.agentTrustLevels.get(agentId) ?? 0.5;
+    }
+    /**
+     * Verify a grant token's cryptographic signature.
+     * For Ed25519 tokens, this can be done by any party holding the public key.
+     * For HMAC tokens, only the issuing AuthGuardian can verify.
+     *
+     * @param token - The grant token to verify
+     * @returns `true` if the signature is valid
+     */
+    verifyTokenSignature(token) {
+        const dotIndex = token.lastIndexOf('.');
+        if (dotIndex === -1)
+            return false;
+        const payload = token.slice(0, dotIndex);
+        const sig = token.slice(dotIndex + 1);
+        if (this.signingAlgorithm === 'ed25519' && this.ed25519PublicKey) {
+            try {
+                return (0, crypto_1.verify)(null, Buffer.from(payload), this.ed25519PublicKey, Buffer.from(sig, 'base64url'));
+            }
+            catch {
+                return false;
+            }
+        }
+        const expected = (0, crypto_1.createHmac)('sha256', this.hmacSecret).update(payload).digest('base64url');
+        // Constant-time comparison
+        if (expected.length !== sig.length)
+            return false;
+        let result = 0;
+        for (let i = 0; i < expected.length; i++) {
+            result |= expected.charCodeAt(i) ^ sig.charCodeAt(i);
+        }
+        return result === 0;
+    }
+    /**
+     * Get the signing algorithm used by this AuthGuardian instance.
+     */
+    getSigningAlgorithm() {
+        return this.signingAlgorithm;
+    }
+    /**
+     * Export the Ed25519 public key in PEM format for third-party verification.
+     * Returns `null` if the instance uses HMAC signing.
+     */
+    exportPublicKey() {
+        if (!this.ed25519PublicKey)
+            return null;
+        return this.ed25519PublicKey.export({ type: 'spki', format: 'pem' });
+    }
+    log(action, details) {
+        const entry = {
+            timestamp: new Date().toISOString(),
+            action,
+            details,
+        };
+        this.auditLog.push(entry);
+        // Persist to disk (non-blocking — in-memory array is the source of truth)
+        try {
+            const dir = (0, path_1.join)('.', 'data');
+            if (!(0, fs_1.existsSync)(dir)) {
+                (0, fs_1.mkdirSync)(dir, { recursive: true });
+            }
+            (0, fs_1.appendFile)(this.auditLogPath, JSON.stringify(entry) + '\n', () => { });
+        }
+        catch {
+            // Non-fatal -- log is also in memory
+        }
+    }
+    /**
+     * Get all active (non-expired) permission grants.
+     * Automatically cleans up expired grants before returning.
+     */
+    getActiveGrants() {
+        // Clean expired grants
+        const now = new Date();
+        for (const [token, grant] of this.activeGrants.entries()) {
+            if (new Date(grant.expiresAt) < now) {
+                this.activeGrants.delete(token);
+            }
+        }
+        return Array.from(this.activeGrants.values());
+    }
+    /**
+     * Get the full audit log of permission decisions.
+     * Returns a defensive copy.
+     */
+    getAuditLog() {
+        return [...this.auditLog];
+    }
+    /**
+     * Get all registered resource profiles.
+     */
+    getResourceProfiles() {
+        return Object.fromEntries(this.resourceProfiles);
+    }
+    /**
+     * Get the allowed namespaces for an agent (used by blackboard scoping).
+     */
+    getAgentNamespaces(agentId) {
+        if (!agentId || typeof agentId !== 'string')
+            return ['task:'];
+        const config = this.agentTrustConfigs.get(agentId);
+        return config?.allowedNamespaces ?? ['task:'];
+    }
+    // ---- Persistence helpers ----
+    /** Path for the resource profiles policy file. */
+    get resourceProfilesPath() {
+        return (0, path_1.join)('.', 'data', 'resource-profiles.json');
+    }
+    /**
+     * Load resource profiles from `data/resource-profiles.json` if it exists.
+     * Expected format: `{ "PROFILE_NAME": { baseRisk, defaultRestrictions, description? } }`
+     */
+    loadResourceProfilesFromDisk() {
+        try {
+            if ((0, fs_1.existsSync)(this.resourceProfilesPath)) {
+                const raw = (0, fs_1.readFileSync)(this.resourceProfilesPath, 'utf-8');
+                const parsed = JSON.parse(raw);
+                if (parsed && typeof parsed === 'object' && !Array.isArray(parsed)) {
+                    return parsed;
+                }
+            }
+        }
+        catch { /* ignore — fall back to defaults */ }
+        return null;
+    }
+    /**
+     * Persist the current resource profiles to `data/resource-profiles.json`.
+     * Useful after calling registerResourceType() at runtime.
+     */
+    persistResourceProfiles() {
+        try {
+            const dir = (0, path_1.join)('.', 'data');
+            if (!(0, fs_1.existsSync)(dir)) {
+                (0, fs_1.mkdirSync)(dir, { recursive: true });
+            }
+            const profiles = {};
+            for (const [name, profile] of this.resourceProfiles) {
+                profiles[name] = profile;
+            }
+            (0, fs_1.writeFile)(this.resourceProfilesPath, JSON.stringify(profiles, null, 2), () => { });
+        }
+        catch {
+            // Non-fatal
+        }
+    }
+    loadTrustFromDisk() {
+        try {
+            if ((0, fs_1.existsSync)(this.trustConfigPath)) {
+                const raw = (0, fs_1.readFileSync)(this.trustConfigPath, 'utf-8');
+                return JSON.parse(raw);
+            }
+        }
+        catch { /* ignore */ }
+        return null;
+    }
+    persistTrustToDisk() {
+        try {
+            const dir = (0, path_1.join)('.', 'data');
+            if (!(0, fs_1.existsSync)(dir)) {
+                (0, fs_1.mkdirSync)(dir, { recursive: true });
+            }
+            const configs = Array.from(this.agentTrustConfigs.values());
+            (0, fs_1.writeFile)(this.trustConfigPath, JSON.stringify(configs, null, 2), () => { });
+        }
+        catch {
+            // Non-fatal
+        }
+    }
+    loadAuditFromDisk() {
+        try {
+            if ((0, fs_1.existsSync)(this.auditLogPath)) {
+                const raw = (0, fs_1.readFileSync)(this.auditLogPath, 'utf-8');
+                const lines = raw.trim().split('\n').filter(l => l);
+                for (const line of lines) {
+                    try {
+                        this.auditLog.push(JSON.parse(line));
+                    }
+                    catch { /* skip malformed */ }
+                }
+            }
+        }
+        catch { /* ignore */ }
+    }
+}
+exports.AuthGuardian = AuthGuardian;
+//# sourceMappingURL=auth-guardian.js.map