npm - triage-ows - Versions diffs - 1.0.0 - Mend

triage-ows 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (91) hide show

package/README.md +786 -0
package/bin/triage-ows.js +218 -0
package/bin/triage-policy.js +66 -0
package/bin/triage-server.js +4 -0
package/dashboard-dist/assets/index-Dnhi_dJQ.css +2 -0
package/dashboard-dist/assets/index-g_2MwC-o.js +9 -0
package/dashboard-dist/favicon.svg +7 -0
package/dashboard-dist/index.html +16 -0
package/dist/config.d.ts +32 -0
package/dist/config.d.ts.map +1 -0
package/dist/config.js +61 -0
package/dist/config.js.map +1 -0
package/dist/emitter.d.ts +7 -0
package/dist/emitter.d.ts.map +1 -0
package/dist/emitter.js +41 -0
package/dist/emitter.js.map +1 -0
package/dist/index.d.ts +17 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +55 -0
package/dist/index.js.map +1 -0
package/dist/scoring/behavior.d.ts +3 -0
package/dist/scoring/behavior.d.ts.map +1 -0
package/dist/scoring/behavior.js +13 -0
package/dist/scoring/behavior.js.map +1 -0
package/dist/scoring/compliance.d.ts +3 -0
package/dist/scoring/compliance.d.ts.map +1 -0
package/dist/scoring/compliance.js +11 -0
package/dist/scoring/compliance.js.map +1 -0
package/dist/scoring/identity.d.ts +3 -0
package/dist/scoring/identity.d.ts.map +1 -0
package/dist/scoring/identity.js +16 -0
package/dist/scoring/identity.js.map +1 -0
package/dist/scoring/index.d.ts +10 -0
package/dist/scoring/index.d.ts.map +1 -0
package/dist/scoring/index.js +35 -0
package/dist/scoring/index.js.map +1 -0
package/dist/scoring/limits.d.ts +7 -0
package/dist/scoring/limits.d.ts.map +1 -0
package/dist/scoring/limits.js +9 -0
package/dist/scoring/limits.js.map +1 -0
package/dist/scoring/network.d.ts +3 -0
package/dist/scoring/network.d.ts.map +1 -0
package/dist/scoring/network.js +16 -0
package/dist/scoring/network.js.map +1 -0
package/dist/scoring/onchain.d.ts +4 -0
package/dist/scoring/onchain.d.ts.map +1 -0
package/dist/scoring/onchain.js +35 -0
package/dist/scoring/onchain.js.map +1 -0
package/dist/scoring/risk.d.ts +3 -0
package/dist/scoring/risk.d.ts.map +1 -0
package/dist/scoring/risk.js +22 -0
package/dist/scoring/risk.js.map +1 -0
package/dist/server.d.ts +6 -0
package/dist/server.d.ts.map +1 -0
package/dist/server.js +405 -0
package/dist/server.js.map +1 -0
package/dist/store.d.ts +13 -0
package/dist/store.d.ts.map +1 -0
package/dist/store.js +177 -0
package/dist/store.js.map +1 -0
package/dist/types.d.ts +107 -0
package/dist/types.d.ts.map +1 -0
package/dist/types.js +26 -0
package/dist/types.js.map +1 -0
package/dist/webbotauth.d.ts +38 -0
package/dist/webbotauth.d.ts.map +1 -0
package/dist/webbotauth.js +120 -0
package/dist/webbotauth.js.map +1 -0
package/dist/xmtp.d.ts +6 -0
package/dist/xmtp.d.ts.map +1 -0
package/dist/xmtp.js +161 -0
package/dist/xmtp.js.map +1 -0
package/package.json +58 -0
package/policy-template.json +14 -0
package/src/config.ts +86 -0
package/src/emitter.ts +40 -0
package/src/index.ts +18 -0
package/src/scoring/behavior.ts +15 -0
package/src/scoring/compliance.ts +12 -0
package/src/scoring/identity.ts +12 -0
package/src/scoring/index.ts +31 -0
package/src/scoring/limits.ts +10 -0
package/src/scoring/network.ts +18 -0
package/src/scoring/onchain.ts +44 -0
package/src/scoring/risk.ts +25 -0
package/src/server.ts +410 -0
package/src/store.ts +197 -0
package/src/types.ts +137 -0
package/src/webbotauth.ts +128 -0
package/src/xmtp.ts +188 -0
package/triage.config.example.json +22 -0

package/dist/types.d.ts ADDED Viewed

@@ -0,0 +1,107 @@
+export interface PolicyContext {
+    chain_id: string;
+    wallet_id: string;
+    api_key_id: string;
+    transaction: {
+        to: string;
+        value: string;
+        raw_hex: string;
+        data: string;
+    };
+    spending: {
+        daily_total: string;
+        date: string;
+    };
+    timestamp: string;
+    policy_config?: Record<string, unknown>;
+}
+export interface PolicyResult {
+    allow: boolean;
+    reason?: string;
+}
+export interface TrustBreakdown {
+    identity: number;
+    onChain: number;
+    behavior: number;
+    compliance: number;
+    network: number;
+    risk: number;
+    total: number;
+}
+export interface SpendingTier {
+    name: 'Sovereign' | 'Trusted' | 'Building' | 'Cautious' | 'Restricted' | 'Frozen';
+    color: string;
+    dailyLimit: number;
+    perTxLimit: number;
+    minScore: number;
+}
+export interface AgentProfile {
+    address: string;
+    walletId?: string;
+    apiKeyId?: string;
+    chainId?: string;
+    isOWSWallet: boolean;
+    worldIdVerified: boolean;
+    webBotAuthVerified: boolean;
+    nullifierHash?: string;
+    trustScore: number;
+    breakdown: TrustBreakdown;
+    tier: string;
+    totalRequests: number;
+    successfulRequests: number;
+    failedRequests: number;
+    dailySpent: number;
+    dailyDate: string;
+    consecutiveApprovals: number;
+    consecutiveDenials: number;
+    totalApproved: number;
+    totalDenied: number;
+    humanOverrides: number;
+    counterparties: string[];
+    pendingOverride?: {
+        tx: PolicyContext['transaction'];
+        amount: number;
+        createdAt: number;
+    };
+    lastOnChainRefresh?: number;
+    requestTimestamps: number[];
+    lastActive: number;
+    consecutiveCleanDays: number;
+    cleanDayDate: string;
+    createdAt: number;
+}
+export interface PolicyDecisionEvent {
+    type: 'POLICY_DECISION';
+    agent: string;
+    amount: number;
+    trustScore: number;
+    tier: string;
+    decision: 'APPROVE' | 'DENY' | 'OVERRIDE';
+    reason: string;
+    dailyLimit: number;
+    dailySpent: number;
+    timestamp: number;
+}
+export interface TrustChangeEvent {
+    type: 'TRUST_CHANGE';
+    agent: string;
+    oldScore: number;
+    newScore: number;
+    oldTier: string;
+    newTier: string;
+    reason: string;
+    timestamp: number;
+}
+export interface BudgetWarningEvent {
+    type: 'BUDGET_WARNING';
+    agent: string;
+    spent: number;
+    limit: number;
+    percentage: number;
+    timestamp: number;
+}
+export type TriageEvent = PolicyDecisionEvent | TrustChangeEvent | BudgetWarningEvent;
+export declare let SPENDING_TIERS: SpendingTier[];
+export declare function updateSpendingTiers(tiers: SpendingTier[]): void;
+export declare function getTierForScore(score: number): SpendingTier;
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,MAAM,CAAA;IAChB,SAAS,EAAE,MAAM,CAAA;IACjB,UAAU,EAAE,MAAM,CAAA;IAClB,WAAW,EAAE;QACX,EAAE,EAAE,MAAM,CAAA;QACV,KAAK,EAAE,MAAM,CAAA;QACb,OAAO,EAAE,MAAM,CAAA;QACf,IAAI,EAAE,MAAM,CAAA;KACb,CAAA;IACD,QAAQ,EAAE;QACR,WAAW,EAAE,MAAM,CAAA;QACnB,IAAI,EAAE,MAAM,CAAA;KACb,CAAA;IACD,SAAS,EAAE,MAAM,CAAA;IACjB,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CACxC;AAED,MAAM,WAAW,YAAY;IAC3B,KAAK,EAAE,OAAO,CAAA;IACd,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB;AAID,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,MAAM,CAAA;IAChB,OAAO,EAAE,MAAM,CAAA;IACf,QAAQ,EAAE,MAAM,CAAA;IAChB,UAAU,EAAE,MAAM,CAAA;IAClB,OAAO,EAAE,MAAM,CAAA;IACf,IAAI,EAAE,MAAM,CAAA;IACZ,KAAK,EAAE,MAAM,CAAA;CACd;AAED,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,WAAW,GAAG,SAAS,GAAG,UAAU,GAAG,UAAU,GAAG,YAAY,GAAG,QAAQ,CAAA;IACjF,KAAK,EAAE,MAAM,CAAA;IACb,UAAU,EAAE,MAAM,CAAA;IAClB,UAAU,EAAE,MAAM,CAAA;IAClB,QAAQ,EAAE,MAAM,CAAA;CACjB;AAID,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,MAAM,CAAA;IACf,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,WAAW,EAAE,OAAO,CAAA;IACpB,eAAe,EAAE,OAAO,CAAA;IACxB,kBAAkB,EAAE,OAAO,CAAA;IAC3B,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,UAAU,EAAE,MAAM,CAAA;IAClB,SAAS,EAAE,cAAc,CAAA;IACzB,IAAI,EAAE,MAAM,CAAA;IACZ,aAAa,EAAE,MAAM,CAAA;IACrB,kBAAkB,EAAE,MAAM,CAAA;IAC1B,cAAc,EAAE,MAAM,CAAA;IACtB,UAAU,EAAE,MAAM,CAAA;IAClB,SAAS,EAAE,MAAM,CAAA;IACjB,oBAAoB,EAAE,MAAM,CAAA;IAC5B,kBAAkB,EAAE,MAAM,CAAA;IAC1B,aAAa,EAAE,MAAM,CAAA;IACrB,WAAW,EAAE,MAAM,CAAA;IACnB,cAAc,EAAE,MAAM,CAAA;IACtB,cAAc,EAAE,MAAM,EAAE,CAAA;IACxB,eAAe,CAAC,EAAE;QAAE,EAAE,EAAE,aAAa,CAAC,aAAa,CAAC,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAA;IACzF,kBAAkB,CAAC,EAAE,MAAM,CAAA;IAC3B,iBAAiB,EAAE,MAAM,EAAE,CAAA;IAC3B,UAAU,EAAE,MAAM,CAAA;IAClB,oBAAoB,EAAE,MAAM,CAAA;IAC5B,YAAY,EAAE,MAAM,CAAA;IACpB,SAAS,EAAE,MAAM,CAAA;CAClB;AAID,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,iBAAiB,CAAA;IACvB,KAAK,EAAE,MAAM,CAAA;IACb,MAAM,EAAE,MAAM,CAAA;IACd,UAAU,EAAE,MAAM,CAAA;IAClB,IAAI,EAAE,MAAM,CAAA;IACZ,QAAQ,EAAE,SAAS,GAAG,MAAM,GAAG,UAAU,CAAA;IACzC,MAAM,EAAE,MAAM,CAAA;IACd,UAAU,EAAE,MAAM,CAAA;IAClB,UAAU,EAAE,MAAM,CAAA;IAClB,SAAS,EAAE,MAAM,CAAA;CAClB;AAED,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,cAAc,CAAA;IACpB,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,EAAE,MAAM,CAAA;IAChB,OAAO,EAAE,MAAM,CAAA;IACf,OAAO,EAAE,MAAM,CAAA;IACf,MAAM,EAAE,MAAM,CAAA;IACd,SAAS,EAAE,MAAM,CAAA;CAClB;AAED,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,gBAAgB,CAAA;IACtB,KAAK,EAAE,MAAM,CAAA;IACb,KAAK,EAAE,MAAM,CAAA;IACb,KAAK,EAAE,MAAM,CAAA;IACb,UAAU,EAAE,MAAM,CAAA;IAClB,SAAS,EAAE,MAAM,CAAA;CAClB;AAED,MAAM,MAAM,WAAW,GAAG,mBAAmB,GAAG,gBAAgB,GAAG,kBAAkB,CAAA;AAIrF,eAAO,IAAI,cAAc,EAAE,YAAY,EAOtC,CAAA;AAED,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,YAAY,EAAE,GAAG,IAAI,CAE/D;AAED,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,YAAY,CAK3D"}

package/dist/types.js ADDED Viewed

@@ -0,0 +1,26 @@
+"use strict";
+// --- OWS Policy Types ---
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SPENDING_TIERS = void 0;
+exports.updateSpendingTiers = updateSpendingTiers;
+exports.getTierForScore = getTierForScore;
+// --- Spending Tiers ---
+exports.SPENDING_TIERS = [
+    { name: 'Sovereign', color: '#fff8e1', dailyLimit: 1000, perTxLimit: 500, minScore: 80 },
+    { name: 'Trusted', color: '#ffd700', dailyLimit: 200, perTxLimit: 100, minScore: 60 },
+    { name: 'Building', color: '#4caf50', dailyLimit: 50, perTxLimit: 25, minScore: 40 },
+    { name: 'Cautious', color: '#00bcd4', dailyLimit: 10, perTxLimit: 5, minScore: 20 },
+    { name: 'Restricted', color: '#2196f3', dailyLimit: 2, perTxLimit: 1, minScore: 1 },
+    { name: 'Frozen', color: '#1a1a4e', dailyLimit: 0, perTxLimit: 0, minScore: 0 },
+];
+function updateSpendingTiers(tiers) {
+    exports.SPENDING_TIERS = tiers;
+}
+function getTierForScore(score) {
+    for (const tier of exports.SPENDING_TIERS) {
+        if (score >= tier.minScore)
+            return tier;
+    }
+    return exports.SPENDING_TIERS[exports.SPENDING_TIERS.length - 1];
+}
+//# sourceMappingURL=types.js.map

package/dist/types.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":";AAAA,2BAA2B;;;AA+H3B,kDAEC;AAED,0CAKC;AApBD,yBAAyB;AAEd,QAAA,cAAc,GAAmB;IAC1C,EAAE,IAAI,EAAE,WAAW,EAAI,KAAK,EAAE,SAAS,EAAE,UAAU,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,EAAE,QAAQ,EAAE,EAAE,EAAE;IAC1F,EAAE,IAAI,EAAE,SAAS,EAAM,KAAK,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,EAAG,UAAU,EAAE,GAAG,EAAE,QAAQ,EAAE,EAAE,EAAE;IAC1F,EAAE,IAAI,EAAE,UAAU,EAAK,KAAK,EAAE,SAAS,EAAE,UAAU,EAAE,EAAE,EAAI,UAAU,EAAE,EAAE,EAAG,QAAQ,EAAE,EAAE,EAAE;IAC1F,EAAE,IAAI,EAAE,UAAU,EAAK,KAAK,EAAE,SAAS,EAAE,UAAU,EAAE,EAAE,EAAI,UAAU,EAAE,CAAC,EAAI,QAAQ,EAAE,EAAE,EAAE;IAC1F,EAAE,IAAI,EAAE,YAAY,EAAG,KAAK,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC,EAAK,UAAU,EAAE,CAAC,EAAI,QAAQ,EAAE,CAAC,EAAG;IAC1F,EAAE,IAAI,EAAE,QAAQ,EAAO,KAAK,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC,EAAK,UAAU,EAAE,CAAC,EAAI,QAAQ,EAAE,CAAC,EAAG;CAC3F,CAAA;AAED,SAAgB,mBAAmB,CAAC,KAAqB;IACvD,sBAAc,GAAG,KAAK,CAAA;AACxB,CAAC;AAED,SAAgB,eAAe,CAAC,KAAa;IAC3C,KAAK,MAAM,IAAI,IAAI,sBAAc,EAAE,CAAC;QAClC,IAAI,KAAK,IAAI,IAAI,CAAC,QAAQ;YAAE,OAAO,IAAI,CAAA;IACzC,CAAC;IACD,OAAO,sBAAc,CAAC,sBAAc,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;AAClD,CAAC"}

package/dist/webbotauth.d.ts ADDED Viewed

@@ -0,0 +1,38 @@
+export interface SignatureComponents {
+    signatureInput: string;
+    signature: string;
+}
+/**
+ * Parse RFC 9421 Signature-Input header.
+ * Format: sig1=("@method" "@authority" "@path"); keyid="agent-key"; alg="ed25519"; created=1234567890
+ */
+export declare function parseSignatureInput(input: string): {
+    label: string;
+    components: string[];
+    params: Record<string, string>;
+} | null;
+/**
+ * Build the RFC 9421 signature base string from request components.
+ */
+export declare function buildSignatureBase(components: string[], request: {
+    method: string;
+    url: string;
+    headers: Record<string, string>;
+}, signatureInputValue: string, label: string): string;
+/**
+ * Verify an Ed25519 signature.
+ * Returns true if the signature is valid for the given public key and data.
+ */
+export declare function verifyEd25519Signature(publicKeyBase64: string, signatureBase64: string, data: string): boolean;
+export declare function registerAgentPublicKey(agentKey: string, publicKeyBase64: string): void;
+export declare function getAgentPublicKey(agentKey: string): string | undefined;
+/**
+ * Full Web Bot Auth verification.
+ * Checks Signature-Input + Signature headers against agent's registered public key.
+ */
+export declare function verifyWebBotAuth(headers: Record<string, string>, request: {
+    method: string;
+    url: string;
+    headers: Record<string, string>;
+}, agentKey: string): boolean;
+//# sourceMappingURL=webbotauth.d.ts.map

package/dist/webbotauth.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"webbotauth.d.ts","sourceRoot":"","sources":["../src/webbotauth.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,mBAAmB;IAClC,cAAc,EAAE,MAAM,CAAA;IACtB,SAAS,EAAE,MAAM,CAAA;CAClB;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,MAAM,GAAG;IAClD,KAAK,EAAE,MAAM,CAAA;IACb,UAAU,EAAE,MAAM,EAAE,CAAA;IACpB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CAC/B,GAAG,IAAI,CAeP;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAChC,UAAU,EAAE,MAAM,EAAE,EACpB,OAAO,EAAE;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,GAAG,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CAAE,EACzE,mBAAmB,EAAE,MAAM,EAC3B,KAAK,EAAE,MAAM,GACZ,MAAM,CAaR;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CACpC,eAAe,EAAE,MAAM,EACvB,eAAe,EAAE,MAAM,EACvB,IAAI,EAAE,MAAM,GACX,OAAO,CAiBT;AAKD,wBAAgB,sBAAsB,CAAC,QAAQ,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,GAAG,IAAI,CAEtF;AAED,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAEtE;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,CAC9B,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC/B,OAAO,EAAE;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,GAAG,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CAAE,EACzE,QAAQ,EAAE,MAAM,GACf,OAAO,CA0BT"}

package/dist/webbotauth.js ADDED Viewed

@@ -0,0 +1,120 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.parseSignatureInput = parseSignatureInput;
+exports.buildSignatureBase = buildSignatureBase;
+exports.verifyEd25519Signature = verifyEd25519Signature;
+exports.registerAgentPublicKey = registerAgentPublicKey;
+exports.getAgentPublicKey = getAgentPublicKey;
+exports.verifyWebBotAuth = verifyWebBotAuth;
+const crypto_1 = __importDefault(require("crypto"));
+/**
+ * Parse RFC 9421 Signature-Input header.
+ * Format: sig1=("@method" "@authority" "@path"); keyid="agent-key"; alg="ed25519"; created=1234567890
+ */
+function parseSignatureInput(input) {
+    try {
+        const match = input.match(/^(\w+)=\(([^)]*)\);\s*(.+)$/);
+        if (!match)
+            return null;
+        const [, label, componentStr, paramStr] = match;
+        const components = componentStr.match(/"([^"]+)"/g)?.map(s => s.replace(/"/g, '')) ?? [];
+        const params = {};
+        for (const part of paramStr.split(';')) {
+            const [k, v] = part.trim().split('=');
+            if (k && v)
+                params[k.trim()] = v.replace(/"/g, '').trim();
+        }
+        return { label, components, params };
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Build the RFC 9421 signature base string from request components.
+ */
+function buildSignatureBase(components, request, signatureInputValue, label) {
+    const lines = [];
+    const url = new URL(request.url, 'http://localhost');
+    for (const comp of components) {
+        if (comp === '@method')
+            lines.push(`"@method": ${request.method.toUpperCase()}`);
+        else if (comp === '@authority')
+            lines.push(`"@authority": ${url.host}`);
+        else if (comp === '@path')
+            lines.push(`"@path": ${url.pathname}`);
+        else if (comp === '@query')
+            lines.push(`"@query": ?${url.search.slice(1)}`);
+        else if (comp.startsWith('@'))
+            lines.push(`"${comp}": `);
+        else
+            lines.push(`"${comp}": ${request.headers[comp.toLowerCase()] ?? ''}`);
+    }
+    lines.push(`"@signature-params": ${signatureInputValue.split('=').slice(1).join('=')}`);
+    return lines.join('\n');
+}
+/**
+ * Verify an Ed25519 signature.
+ * Returns true if the signature is valid for the given public key and data.
+ */
+function verifyEd25519Signature(publicKeyBase64, signatureBase64, data) {
+    try {
+        const pubKeyBuffer = Buffer.from(publicKeyBase64, 'base64');
+        const sigBuffer = Buffer.from(signatureBase64, 'base64');
+        const key = crypto_1.default.createPublicKey({
+            key: Buffer.concat([
+                // Ed25519 DER prefix
+                Buffer.from('302a300506032b6570032100', 'hex'),
+                pubKeyBuffer
+            ]),
+            format: 'der',
+            type: 'spki'
+        });
+        return crypto_1.default.verify(null, Buffer.from(data), key, sigBuffer);
+    }
+    catch {
+        return false;
+    }
+}
+// Public key cache: agentKey -> base64 public key
+const keyCache = new Map();
+function registerAgentPublicKey(agentKey, publicKeyBase64) {
+    keyCache.set(agentKey, publicKeyBase64);
+}
+function getAgentPublicKey(agentKey) {
+    return keyCache.get(agentKey);
+}
+/**
+ * Full Web Bot Auth verification.
+ * Checks Signature-Input + Signature headers against agent's registered public key.
+ */
+function verifyWebBotAuth(headers, request, agentKey) {
+    const signatureInput = headers['signature-input'];
+    const signature = headers['signature'];
+    if (!signatureInput || !signature)
+        return false;
+    const parsed = parseSignatureInput(signatureInput);
+    if (!parsed)
+        return false;
+    // Check algorithm is ed25519
+    if (parsed.params.alg && parsed.params.alg !== 'ed25519')
+        return false;
+    // Check expiry
+    if (parsed.params.expires && Number(parsed.params.expires) < Date.now() / 1000)
+        return false;
+    // Get public key
+    const pubKey = getAgentPublicKey(agentKey) || getAgentPublicKey(parsed.params.keyid);
+    if (!pubKey)
+        return false;
+    // Build signature base and verify
+    const base = buildSignatureBase(parsed.components, request, signatureInput, parsed.label);
+    // Extract signature value (format: sig1=:base64:)
+    const sigMatch = signature.match(new RegExp(`${parsed.label}=:([^:]+):`));
+    if (!sigMatch)
+        return false;
+    return verifyEd25519Signature(pubKey, sigMatch[1], base);
+}
+//# sourceMappingURL=webbotauth.js.map

package/dist/webbotauth.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"webbotauth.js","sourceRoot":"","sources":["../src/webbotauth.ts"],"names":[],"mappings":";;;;;AAWA,kDAmBC;AAKD,gDAkBC;AAMD,wDAqBC;AAKD,wDAEC;AAED,8CAEC;AAMD,4CA8BC;AA/HD,oDAA2B;AAO3B;;;GAGG;AACH,SAAgB,mBAAmB,CAAC,KAAa;IAK/C,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,6BAA6B,CAAC,CAAA;QACxD,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAA;QACvB,MAAM,CAAC,EAAE,KAAK,EAAE,YAAY,EAAE,QAAQ,CAAC,GAAG,KAAK,CAAA;QAC/C,MAAM,UAAU,GAAG,YAAY,CAAC,KAAK,CAAC,YAAY,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAA;QACxF,MAAM,MAAM,GAA2B,EAAE,CAAA;QACzC,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;YACvC,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;YACrC,IAAI,CAAC,IAAI,CAAC;gBAAE,MAAM,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAA;QAC3D,CAAC;QACD,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,CAAA;IACtC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,kBAAkB,CAChC,UAAoB,EACpB,OAAyE,EACzE,mBAA2B,EAC3B,KAAa;IAEb,MAAM,KAAK,GAAa,EAAE,CAAA;IAC1B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAA;IACpD,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;QAC9B,IAAI,IAAI,KAAK,SAAS;YAAE,KAAK,CAAC,IAAI,CAAC,cAAc,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE,EAAE,CAAC,CAAA;aAC3E,IAAI,IAAI,KAAK,YAAY;YAAE,KAAK,CAAC,IAAI,CAAC,iBAAiB,GAAG,CAAC,IAAI,EAAE,CAAC,CAAA;aAClE,IAAI,IAAI,KAAK,OAAO;YAAE,KAAK,CAAC,IAAI,CAAC,YAAY,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAA;aAC5D,IAAI,IAAI,KAAK,QAAQ;YAAE,KAAK,CAAC,IAAI,CAAC,cAAc,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAA;aACtE,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,KAAK,CAAC,IAAI,CAAC,IAAI,IAAI,KAAK,CAAC,CAAA;;YACnD,KAAK,CAAC,IAAI,CAAC,IAAI,IAAI,MAAM,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,CAAA;IAC5E,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,wBAAwB,mBAAmB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;IACvF,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AACzB,CAAC;AAED;;;GAGG;AACH,SAAgB,sBAAsB,CACpC,eAAuB,EACvB,eAAuB,EACvB,IAAY;IAEZ,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAA;QAC3D,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAA;QACxD,MAAM,GAAG,GAAG,gBAAM,CAAC,eAAe,CAAC;YACjC,GAAG,EAAE,MAAM,CAAC,MAAM,CAAC;gBACjB,qBAAqB;gBACrB,MAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE,KAAK,CAAC;gBAC9C,YAAY;aACb,CAAC;YACF,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,MAAM;SACb,CAAC,CAAA;QACF,OAAO,gBAAM,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,SAAS,CAAC,CAAA;IAC/D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAA;IACd,CAAC;AACH,CAAC;AAED,kDAAkD;AAClD,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAkB,CAAA;AAE1C,SAAgB,sBAAsB,CAAC,QAAgB,EAAE,eAAuB;IAC9E,QAAQ,CAAC,GAAG,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAA;AACzC,CAAC;AAED,SAAgB,iBAAiB,CAAC,QAAgB;IAChD,OAAO,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;AAC/B,CAAC;AAED;;;GAGG;AACH,SAAgB,gBAAgB,CAC9B,OAA+B,EAC/B,OAAyE,EACzE,QAAgB;IAEhB,MAAM,cAAc,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAA;IACjD,MAAM,SAAS,GAAG,OAAO,CAAC,WAAW,CAAC,CAAA;IACtC,IAAI,CAAC,cAAc,IAAI,CAAC,SAAS;QAAE,OAAO,KAAK,CAAA;IAE/C,MAAM,MAAM,GAAG,mBAAmB,CAAC,cAAc,CAAC,CAAA;IAClD,IAAI,CAAC,MAAM;QAAE,OAAO,KAAK,CAAA;IAEzB,6BAA6B;IAC7B,IAAI,MAAM,CAAC,MAAM,CAAC,GAAG,IAAI,MAAM,CAAC,MAAM,CAAC,GAAG,KAAK,SAAS;QAAE,OAAO,KAAK,CAAA;IAEtE,eAAe;IACf,IAAI,MAAM,CAAC,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI;QAAE,OAAO,KAAK,CAAA;IAE5F,iBAAiB;IACjB,MAAM,MAAM,GAAG,iBAAiB,CAAC,QAAQ,CAAC,IAAI,iBAAiB,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;IACpF,IAAI,CAAC,MAAM;QAAE,OAAO,KAAK,CAAA;IAEzB,kCAAkC;IAClC,MAAM,IAAI,GAAG,kBAAkB,CAAC,MAAM,CAAC,UAAU,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,CAAC,KAAK,CAAC,CAAA;IAEzF,kDAAkD;IAClD,MAAM,QAAQ,GAAG,SAAS,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,GAAG,MAAM,CAAC,KAAK,YAAY,CAAC,CAAC,CAAA;IACzE,IAAI,CAAC,QAAQ;QAAE,OAAO,KAAK,CAAA;IAE3B,OAAO,sBAAsB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAA;AAC1D,CAAC"}

package/dist/xmtp.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+export declare function initXMTP(): Promise<void>;
+export declare function notifyDenial(agent: string, amount: number, trustScore: number, tier: string, dailyLimit: number, dailySpent: number, reason: string, txTo: string): Promise<void>;
+export declare function notifyTrustChange(agent: string, oldScore: number, newScore: number, oldTier: string, newTier: string, reason: string): Promise<void>;
+export declare function notifyBudgetWarning(agent: string, spent: number, limit: number): Promise<void>;
+export declare function notifyAnomaly(agent: string, pattern: string, action: string, riskPenalty: number, oldScore: number, newScore: number): Promise<void>;
+//# sourceMappingURL=xmtp.d.ts.map

package/dist/xmtp.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"xmtp.d.ts","sourceRoot":"","sources":["../src/xmtp.ts"],"names":[],"mappings":"AAoEA,wBAAsB,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC,CA0C9C;AAED,wBAAsB,YAAY,CAChC,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,MAAM,EAClB,IAAI,EAAE,MAAM,EACZ,UAAU,EAAE,MAAM,EAClB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM,GACX,OAAO,CAAC,IAAI,CAAC,CAcf;AAED,wBAAsB,iBAAiB,CACrC,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,IAAI,CAAC,CAQf;AAED,wBAAsB,mBAAmB,CACvC,KAAK,EAAE,MAAM,EACb,KAAK,EAAE,MAAM,EACb,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,IAAI,CAAC,CAUf;AAED,wBAAsB,aAAa,CACjC,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,IAAI,CAAC,CAUf"}

package/dist/xmtp.js ADDED Viewed

@@ -0,0 +1,161 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.initXMTP = initXMTP;
+exports.notifyDenial = notifyDenial;
+exports.notifyTrustChange = notifyTrustChange;
+exports.notifyBudgetWarning = notifyBudgetWarning;
+exports.notifyAnomaly = notifyAnomaly;
+const node_sdk_1 = require("@xmtp/node-sdk");
+const accounts_1 = require("viem/accounts");
+const viem_1 = require("viem");
+const config_1 = require("./config");
+const HUMAN_ADDRESS = process.env.HUMAN_XMTP_ADDRESS || '';
+// Module-level state
+let xmtpClient = null;
+let humanDm = null;
+let lastDeniedAgent = '';
+function humanIdentifier() {
+    return {
+        identifier: HUMAN_ADDRESS.toLowerCase(),
+        identifierKind: 0 /* IdentifierKind.Ethereum */,
+    };
+}
+// ----------------------------------------------------------------
+// Incoming message listener — detects "override" replies
+// ----------------------------------------------------------------
+async function startMessageListener() {
+    if (!xmtpClient)
+        return;
+    try {
+        const stream = await xmtpClient.conversations.streamAllMessages();
+        for await (const message of stream) {
+            try {
+                const text = typeof message.content === 'string' ? message.content.trim().toLowerCase() : '';
+                if (text.startsWith('override') && lastDeniedAgent) {
+                    const port = process.env.PORT || '4021';
+                    const agentToOverride = lastDeniedAgent;
+                    lastDeniedAgent = '';
+                    const res = await fetch(`http://localhost:${port}/api/override/${agentToOverride}`, { method: 'POST' });
+                    if (res.ok) {
+                        console.log(`[XMTP] Override accepted for agent: ${agentToOverride}`);
+                    }
+                }
+            }
+            catch (err) {
+                console.error('[XMTP] Error processing message:', err);
+            }
+        }
+    }
+    catch (err) {
+        console.error('[XMTP] Message stream error:', err);
+    }
+}
+// ----------------------------------------------------------------
+// Send helper — finds or creates DM with human, caches it
+// ----------------------------------------------------------------
+async function sendToHuman(text) {
+    if (!xmtpClient)
+        return;
+    try {
+        if (!humanDm) {
+            humanDm = await xmtpClient.conversations.createDmWithIdentifier(humanIdentifier());
+        }
+        await humanDm.sendText(text);
+    }
+    catch (err) {
+        console.error('[XMTP] Send error:', err);
+        humanDm = null; // reset so next call retries
+    }
+}
+// ----------------------------------------------------------------
+// Exported functions
+// ----------------------------------------------------------------
+async function initXMTP() {
+    if (!(0, config_1.getConfig)().xmtp?.enabled) {
+        console.log('[XMTP] Disabled by config');
+        return;
+    }
+    const privateKey = process.env.XMTP_PRIVATE_KEY;
+    if (!privateKey || !HUMAN_ADDRESS) {
+        console.log('[XMTP] Not configured — notifications disabled');
+        return;
+    }
+    try {
+        const account = (0, accounts_1.privateKeyToAccount)(privateKey);
+        const signer = {
+            type: 'EOA',
+            getIdentifier: () => ({
+                identifier: account.address.toLowerCase(),
+                identifierKind: 0 /* IdentifierKind.Ethereum */,
+            }),
+            signMessage: async (message) => {
+                const sig = await account.signMessage({ message });
+                return (0, viem_1.hexToBytes)(sig);
+            },
+        };
+        // `as any` required: ClientOptions is a union type that doesn't survive
+        // Omit<> in Client.create's signature — SDK types collapse the union.
+        xmtpClient = await node_sdk_1.Client.create(signer, { env: 'production' });
+        // Warm up the DM channel
+        humanDm = await xmtpClient.conversations.createDmWithIdentifier(humanIdentifier());
+        // Start listening for override replies (fire and forget)
+        startMessageListener().catch((err) => {
+            console.error('[XMTP] Listener startup error:', err);
+        });
+        console.log('[XMTP] Initialized — notifications enabled');
+    }
+    catch (err) {
+        console.error('[XMTP] Init failed:', err);
+    }
+}
+async function notifyDenial(agent, amount, trustScore, tier, dailyLimit, dailySpent, reason, txTo) {
+    if (!xmtpClient)
+        return;
+    lastDeniedAgent = agent;
+    const msg = [
+        `⚠️ Transaction denied`,
+        `Agent: ${agent}`,
+        `Amount: $${amount.toFixed(2)} USDC → ${txTo}`,
+        `Trust score: ${trustScore} (${tier} tier)`,
+        `Daily limit: $${dailyLimit} | Spent today: $${dailySpent.toFixed(2)}`,
+        `Reason: ${reason}`,
+        ``,
+        `Reply "override" to approve this transaction.`,
+    ].join('\n');
+    await sendToHuman(msg);
+}
+async function notifyTrustChange(agent, oldScore, newScore, oldTier, newTier, reason) {
+    if (!xmtpClient)
+        return;
+    const msg = [
+        `📊 Trust update: ${agent}`,
+        `Score: ${oldScore} → ${newScore} | Tier: ${oldTier} → ${newTier}`,
+        `Reason: ${reason}`,
+    ].join('\n');
+    await sendToHuman(msg);
+}
+async function notifyBudgetWarning(agent, spent, limit) {
+    if (!xmtpClient)
+        return;
+    const percentage = Math.round((spent / limit) * 100);
+    const remaining = limit - spent;
+    const msg = [
+        `💰 Budget alert: ${agent}`,
+        `Daily spend: $${spent.toFixed(2)} / $${limit} (${percentage}%)`,
+        `Remaining: $${remaining.toFixed(2)}`,
+    ].join('\n');
+    await sendToHuman(msg);
+}
+async function notifyAnomaly(agent, pattern, action, riskPenalty, oldScore, newScore) {
+    if (!xmtpClient)
+        return;
+    const msg = [
+        `🚨 Anomaly: ${agent}`,
+        `Pattern: ${pattern}`,
+        `Action: ${action}`,
+        `Risk penalty: -${riskPenalty}`,
+        `Trust score: ${oldScore} → ${newScore}`,
+    ].join('\n');
+    await sendToHuman(msg);
+}
+//# sourceMappingURL=xmtp.js.map

package/dist/xmtp.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"xmtp.js","sourceRoot":"","sources":["../src/xmtp.ts"],"names":[],"mappings":";;AAoEA,4BA0CC;AAED,oCAuBC;AAED,8CAeC;AAED,kDAcC;AAED,sCAiBC;AA3LD,6CAAuD;AAEvD,4CAAmD;AACnD,+BAAiC;AACjC,qCAAoC;AAEpC,MAAM,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,IAAI,EAAE,CAAA;AAE1D,qBAAqB;AACrB,IAAI,UAAU,GAAkB,IAAI,CAAA;AACpC,IAAI,OAAO,GAAc,IAAI,CAAA;AAC7B,IAAI,eAAe,GAAG,EAAE,CAAA;AAExB,SAAS,eAAe;IACtB,OAAO;QACL,UAAU,EAAE,aAAa,CAAC,WAAW,EAAE;QACvC,cAAc,iCAAyB;KACxC,CAAA;AACH,CAAC;AAED,mEAAmE;AACnE,yDAAyD;AACzD,mEAAmE;AACnE,KAAK,UAAU,oBAAoB;IACjC,IAAI,CAAC,UAAU;QAAE,OAAM;IACvB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,aAAa,CAAC,iBAAiB,EAAE,CAAA;QACjE,IAAI,KAAK,EAAE,MAAM,OAAO,IAAI,MAAM,EAAE,CAAC;YACnC,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,OAAO,OAAO,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAA;gBAC5F,IAAI,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,eAAe,EAAE,CAAC;oBACnD,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,MAAM,CAAA;oBACvC,MAAM,eAAe,GAAG,eAAe,CAAA;oBACvC,eAAe,GAAG,EAAE,CAAA;oBACpB,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,oBAAoB,IAAI,iBAAiB,eAAe,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAA;oBACvG,IAAI,GAAG,CAAC,EAAE,EAAE,CAAC;wBACX,OAAO,CAAC,GAAG,CAAC,uCAAuC,eAAe,EAAE,CAAC,CAAA;oBACvE,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,CAAC,KAAK,CAAC,kCAAkC,EAAE,GAAG,CAAC,CAAA;YACxD,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,8BAA8B,EAAE,GAAG,CAAC,CAAA;IACpD,CAAC;AACH,CAAC;AAED,mEAAmE;AACnE,0DAA0D;AAC1D,mEAAmE;AACnE,KAAK,UAAU,WAAW,CAAC,IAAY;IACrC,IAAI,CAAC,UAAU;QAAE,OAAM;IACvB,IAAI,CAAC;QACH,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,GAAG,MAAM,UAAU,CAAC,aAAa,CAAC,sBAAsB,CAAC,eAAe,EAAE,CAAC,CAAA;QACpF,CAAC;QACD,MAAM,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;IAC9B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,oBAAoB,EAAE,GAAG,CAAC,CAAA;QACxC,OAAO,GAAG,IAAI,CAAA,CAAC,6BAA6B;IAC9C,CAAC;AACH,CAAC;AAED,mEAAmE;AACnE,qBAAqB;AACrB,mEAAmE;AAE5D,KAAK,UAAU,QAAQ;IAC5B,IAAI,CAAC,IAAA,kBAAS,GAAE,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC;QAC/B,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAA;QACxC,OAAM;IACR,CAAC;IACD,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAA;IAC/C,IAAI,CAAC,UAAU,IAAI,CAAC,aAAa,EAAE,CAAC;QAClC,OAAO,CAAC,GAAG,CAAC,gDAAgD,CAAC,CAAA;QAC7D,OAAM;IACR,CAAC;IAED,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,IAAA,8BAAmB,EAAC,UAA2B,CAAC,CAAA;QAEhE,MAAM,MAAM,GAAW;YACrB,IAAI,EAAE,KAAK;YACX,aAAa,EAAE,GAAe,EAAE,CAAC,CAAC;gBAChC,UAAU,EAAE,OAAO,CAAC,OAAO,CAAC,WAAW,EAAE;gBACzC,cAAc,iCAAyB;aACxC,CAAC;YACF,WAAW,EAAE,KAAK,EAAE,OAAe,EAAuB,EAAE;gBAC1D,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,EAAE,OAAO,EAAE,CAAC,CAAA;gBAClD,OAAO,IAAA,iBAAU,EAAC,GAAG,CAAC,CAAA;YACxB,CAAC;SACF,CAAA;QAED,wEAAwE;QACxE,sEAAsE;QACtE,UAAU,GAAG,MAAM,iBAAM,CAAC,MAAM,CAAC,MAAM,EAAE,EAAE,GAAG,EAAE,YAAY,EAAS,CAAC,CAAA;QAEtE,yBAAyB;QACzB,OAAO,GAAG,MAAM,UAAU,CAAC,aAAa,CAAC,sBAAsB,CAAC,eAAe,EAAE,CAAC,CAAA;QAElF,yDAAyD;QACzD,oBAAoB,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACnC,OAAO,CAAC,KAAK,CAAC,gCAAgC,EAAE,GAAG,CAAC,CAAA;QACtD,CAAC,CAAC,CAAA;QAEF,OAAO,CAAC,GAAG,CAAC,4CAA4C,CAAC,CAAA;IAC3D,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,qBAAqB,EAAE,GAAG,CAAC,CAAA;IAC3C,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,YAAY,CAChC,KAAa,EACb,MAAc,EACd,UAAkB,EAClB,IAAY,EACZ,UAAkB,EAClB,UAAkB,EAClB,MAAc,EACd,IAAY;IAEZ,IAAI,CAAC,UAAU;QAAE,OAAM;IACvB,eAAe,GAAG,KAAK,CAAA;IACvB,MAAM,GAAG,GAAG;QACV,uBAAuB;QACvB,UAAU,KAAK,EAAE;QACjB,YAAY,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,IAAI,EAAE;QAC9C,gBAAgB,UAAU,KAAK,IAAI,QAAQ;QAC3C,iBAAiB,UAAU,oBAAoB,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE;QACtE,WAAW,MAAM,EAAE;QACnB,EAAE;QACF,+CAA+C;KAChD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IACZ,MAAM,WAAW,CAAC,GAAG,CAAC,CAAA;AACxB,CAAC;AAEM,KAAK,UAAU,iBAAiB,CACrC,KAAa,EACb,QAAgB,EAChB,QAAgB,EAChB,OAAe,EACf,OAAe,EACf,MAAc;IAEd,IAAI,CAAC,UAAU;QAAE,OAAM;IACvB,MAAM,GAAG,GAAG;QACV,oBAAoB,KAAK,EAAE;QAC3B,UAAU,QAAQ,MAAM,QAAQ,YAAY,OAAO,MAAM,OAAO,EAAE;QAClE,WAAW,MAAM,EAAE;KACpB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IACZ,MAAM,WAAW,CAAC,GAAG,CAAC,CAAA;AACxB,CAAC;AAEM,KAAK,UAAU,mBAAmB,CACvC,KAAa,EACb,KAAa,EACb,KAAa;IAEb,IAAI,CAAC,UAAU;QAAE,OAAM;IACvB,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,KAAK,GAAG,KAAK,CAAC,GAAG,GAAG,CAAC,CAAA;IACpD,MAAM,SAAS,GAAG,KAAK,GAAG,KAAK,CAAA;IAC/B,MAAM,GAAG,GAAG;QACV,oBAAoB,KAAK,EAAE;QAC3B,iBAAiB,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,KAAK,KAAK,UAAU,IAAI;QAChE,eAAe,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE;KACtC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IACZ,MAAM,WAAW,CAAC,GAAG,CAAC,CAAA;AACxB,CAAC;AAEM,KAAK,UAAU,aAAa,CACjC,KAAa,EACb,OAAe,EACf,MAAc,EACd,WAAmB,EACnB,QAAgB,EAChB,QAAgB;IAEhB,IAAI,CAAC,UAAU;QAAE,OAAM;IACvB,MAAM,GAAG,GAAG;QACV,eAAe,KAAK,EAAE;QACtB,YAAY,OAAO,EAAE;QACrB,WAAW,MAAM,EAAE;QACnB,kBAAkB,WAAW,EAAE;QAC/B,gBAAgB,QAAQ,MAAM,QAAQ,EAAE;KACzC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IACZ,MAAM,WAAW,CAAC,GAAG,CAAC,CAAA;AACxB,CAAC"}

package/package.json ADDED Viewed

@@ -0,0 +1,58 @@
+{
+  "name": "triage-ows",
+  "version": "1.0.0",
+  "description": "Reputation-gated spending policies for OWS agent wallets",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "bin": {
+    "triage-ows": "./bin/triage-ows.js",
+    "triage-policy": "./bin/triage-policy.js"
+  },
+  "files": [
+    "bin/",
+    "src/",
+    "dist/",
+    "dashboard-dist/",
+    "triage.config.example.json",
+    "policy-template.json",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "prepublishOnly": "npm run build",
+    "seed": "npx tsx scripts/seed-demo.ts",
+    "simulate": "npx tsx scripts/simulate.ts"
+  },
+  "peerDependencies": {
+    "hono": ">=4.0.0"
+  },
+  "dependencies": {
+    "@hono/node-server": "^1.19.12",
+    "@worldcoin/idkit-server": "^1.0.0",
+    "@xmtp/node-sdk": "^6.0.0",
+    "viem": "^2.47.6",
+    "ws": "^8.0.0"
+  },
+  "devDependencies": {
+    "@types/node": "^22.0.0",
+    "@types/ws": "^8.0.0",
+    "hono": "^4.12.0",
+    "typescript": "^5.0.0"
+  },
+  "keywords": [
+    "ows",
+    "open-wallet-standard",
+    "policy",
+    "trust",
+    "reputation",
+    "agent",
+    "spending-governance",
+    "hono"
+  ],
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/ioannisCC/triage-hackathon"
+  },
+  "homepage": "https://github.com/ioannisCC/triage-hackathon#readme"
+}

package/policy-template.json ADDED Viewed

@@ -0,0 +1,14 @@
+{
+  "id": "triage-trust",
+  "name": "Triage Reputation-Gated Policy",
+  "version": 1,
+  "created_at": "2026-04-04T00:00:00Z",
+  "rules": [
+    { "type": "allowed_chains", "chain_ids": ["eip155:84532"] }
+  ],
+  "executable": "./node_modules/.bin/triage-policy",
+  "config": {
+    "scoring_server": "http://localhost:4021"
+  },
+  "action": "deny"
+}

package/src/config.ts ADDED Viewed

@@ -0,0 +1,86 @@
+import { readFileSync } from 'fs'
+import { join } from 'path'
+import type { SpendingTier } from './types'
+import { updateSpendingTiers } from './types'
+export interface TriageConfig {
+  scoreBands?: Array<{
+    name: string
+    min: number
+    dailyLimit: number
+    perTxLimit: number
+    color?: string
+  }>
+  warningThreshold?: number
+  xmtp?: { enabled: boolean }
+  worldId?: { enabled: boolean }
+  webBotAuth?: { enabled: boolean }
+  networkScore?: { enabled: boolean }
+  scoring?: {
+    overrideBoost?: number
+    maxFrequencyPenalty?: number
+    inactivityDecayRate?: number
+  }
+  port?: number
+  dashboardEnabled?: boolean
+}
+const DEFAULT_CONFIG: Required<TriageConfig> = {
+  scoreBands: [
+    { name: 'Sovereign',  min: 80, dailyLimit: 1000, perTxLimit: 500, color: '#fff8e1' },
+    { name: 'Trusted',    min: 60, dailyLimit: 200,  perTxLimit: 100, color: '#ffd700' },
+    { name: 'Building',   min: 40, dailyLimit: 50,   perTxLimit: 25,  color: '#4caf50' },
+    { name: 'Cautious',   min: 20, dailyLimit: 10,   perTxLimit: 5,   color: '#00bcd4' },
+    { name: 'Restricted', min: 1,  dailyLimit: 2,    perTxLimit: 1,   color: '#2196f3' },
+    { name: 'Frozen',     min: 0,  dailyLimit: 0,    perTxLimit: 0,   color: '#1a1a4e' },
+  ],
+  warningThreshold: 0.8,
+  xmtp: { enabled: true },
+  worldId: { enabled: true },
+  webBotAuth: { enabled: true },
+  networkScore: { enabled: true },
+  scoring: { overrideBoost: 3, maxFrequencyPenalty: 10, inactivityDecayRate: 0.5 },
+  port: 4021,
+  dashboardEnabled: true,
+}
+let _config: Required<TriageConfig> = { ...DEFAULT_CONFIG }
+export function loadConfig(configPath?: string): Required<TriageConfig> {
+  const path = configPath || process.env.TRIAGE_CONFIG_PATH || join(process.cwd(), 'triage.config.json')
+  try {
+    const raw = readFileSync(path, 'utf-8')
+    const parsed = JSON.parse(raw) as TriageConfig
+    _config = {
+      ...DEFAULT_CONFIG,
+      ...parsed,
+      xmtp: { ...DEFAULT_CONFIG.xmtp, ...parsed.xmtp },
+      worldId: { ...DEFAULT_CONFIG.worldId, ...parsed.worldId },
+      webBotAuth: { ...DEFAULT_CONFIG.webBotAuth, ...parsed.webBotAuth },
+      networkScore: { ...DEFAULT_CONFIG.networkScore, ...parsed.networkScore },
+      scoring: { ...DEFAULT_CONFIG.scoring, ...parsed.scoring },
+    }
+    if (parsed.scoreBands) {
+      _config.scoreBands = parsed.scoreBands
+      updateSpendingTiers(parsed.scoreBands.map(b => ({
+        name: b.name as SpendingTier['name'],
+        color: b.color || '#666',
+        dailyLimit: b.dailyLimit,
+        perTxLimit: b.perTxLimit,
+        minScore: b.min,
+      })))
+    }
+    console.log(`[Config] Loaded from ${path}`)
+  } catch {
+    console.log('[Config] No triage.config.json found — using defaults')
+  }
+  return _config
+}
+export function getConfig(): Required<TriageConfig> {
+  return _config
+}