web-agent-bridge 3.4.0 → 3.9.0

package/server/routes/governance-saas.js

@@ -0,0 +1,203 @@
+// ═══════════════════════════════════════════════════════════════════════════
+// WAB Governance SaaS  (multi-tenant audit log + refusal exports)
+//
+//   POST  /api/governance/workspaces             — create workspace (admin)
+//   GET   /api/governance/workspaces/:id         — workspace metadata (member)
+//   POST  /api/governance/workspaces/:id/members — add member (owner/admin)
+//   POST  /api/governance/workspaces/:id/events  — ingest audit event (key-gated)
+//   GET   /api/governance/workspaces/:id/events  — query events (member)
+//   GET   /api/governance/workspaces/:id/export  — JSONL export (EU AI Act Art.12)
+//
+//   Plans: team (€99/mo · 5 seats · 90d retention)
+//          business (€499/mo · 25 seats · 365d retention)
+//          enterprise (sales · unlimited · 7y retention + DPA)
+//
+//   Authorization model:
+//     • workspace creation / admin endpoints — X-Admin-Token
+//     • event ingestion                      — X-API-Key with governance:write scope
+//                                              AND workspace.api_key_id == key.key_id
+//     • read/query/export                    — X-Workspace-Token (HMAC of workspace_id)
+//       (member tokens are issued at create time; rotated via admin endpoint)
+// ═══════════════════════════════════════════════════════════════════════════
+
+'use strict';
+
+const express = require('express');
+const crypto  = require('crypto');
+const { db }  = require('../models/db');
+const { hashKey } = require('../middleware/api-tier');
+
+const router = express.Router();
+
+const PLAN_DEFAULTS = {
+  team:       { max_members: 5,  retention_days: 90,  max_events_per_month: 100_000 },
+  business:   { max_members: 25, retention_days: 365, max_events_per_month: 2_000_000 },
+  enterprise: { max_members: 500,retention_days: 2555,max_events_per_month: 1_000_000_000 }
+};
+const EVENT_TYPES = new Set(['refusal','approval','override','policy','audit','custom']);
+const SEVERITIES  = new Set(['info','low','medium','high','critical']);
+
+function adminGate(req, res, next) {
+  const expected = process.env.WAB_GOVERNANCE_ADMIN_TOKEN || process.env.WAB_RING4_ADMIN_TOKEN;
+  if (!expected) return res.status(503).json({ error: 'admin_disabled' });
+  if ((req.headers['x-admin-token'] || '') !== expected) return res.status(401).json({ error: 'unauthorized' });
+  next();
+}
+
+function wsTokenSecret() { return process.env.WAB_WORKSPACE_TOKEN_SECRET || 'wab-default-ws-secret-change-me'; }
+function signWorkspaceToken(workspace_id) {
+  return crypto.createHmac('sha256', wsTokenSecret()).update(workspace_id).digest('base64url');
+}
+function verifyWorkspaceToken(workspace_id, token) {
+  if (!token) return false;
+  const expected = signWorkspaceToken(workspace_id);
+  const a = Buffer.from(expected); const b = Buffer.from(String(token));
+  return a.length === b.length && crypto.timingSafeEqual(a, b);
+}
+
+function memberGate(req, res, next) {
+  const ws = req.params.id;
+  const tok = req.headers['x-workspace-token'] || '';
+  if (!verifyWorkspaceToken(ws, tok)) return res.status(401).json({ error: 'unauthorized' });
+  next();
+}
+
+function clip(s, n) { return typeof s === 'string' ? s.slice(0, n) : ''; }
+
+// ─────────────────────────────────────────────────────────────────────────────
+router.post('/workspaces', adminGate, (req, res) => {
+  const b = req.body || {};
+  const display_name = clip(b.display_name, 120);
+  const owner_email  = String(b.owner_email || '').toLowerCase().trim();
+  const plan = String(b.plan || 'team').toLowerCase();
+  const region = String(b.region || 'eu').toLowerCase();
+  const api_key_id = b.api_key_id ? String(b.api_key_id) : null;
+  if (!display_name || !owner_email) return res.status(400).json({ error: 'display_name + owner_email required' });
+  if (!PLAN_DEFAULTS[plan])           return res.status(400).json({ error: 'invalid plan' });
+
+  if (api_key_id) {
+    const k = db.prepare(`SELECT scopes, status FROM wab_api_keys WHERE key_id = ?`).get(api_key_id);
+    if (!k || k.status !== 'active') return res.status(400).json({ error: 'api_key_invalid' });
+    try {
+      const sc = JSON.parse(k.scopes);
+      if (!sc.includes('governance:write')) return res.status(400).json({ error: 'api_key_missing_scope', required: 'governance:write' });
+    } catch { return res.status(400).json({ error: 'api_key_scopes_invalid' }); }
+  }
+
+  const d = PLAN_DEFAULTS[plan];
+  const workspace_id = 'ws_' + crypto.randomBytes(9).toString('base64url');
+  try {
+    db.prepare(`
+      INSERT INTO wab_governance_workspaces (workspace_id, display_name, plan, owner_email, retention_days, max_members, max_events_per_month, api_key_id, region)
+      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)
+    `).run(workspace_id, display_name, plan, owner_email, d.retention_days, d.max_members, d.max_events_per_month, api_key_id, region);
+    db.prepare(`INSERT INTO wab_governance_members (workspace_id, email, role, accepted_at) VALUES (?, ?, 'owner', datetime('now'))`).run(workspace_id, owner_email);
+  } catch (e) { return res.status(500).json({ error: 'create_failed', detail: e.message }); }
+
+  res.json({
+    ok: true,
+    workspace_id,
+    plan,
+    workspace_token: signWorkspaceToken(workspace_id),
+    notice: 'Store the workspace_token now — it grants read access to the audit log.'
+  });
+});
+
+// ─────────────────────────────────────────────────────────────────────────────
+router.get('/workspaces/:id', memberGate, (req, res) => {
+  const row = db.prepare(`SELECT workspace_id, display_name, plan, status, region, retention_days, max_members, max_events_per_month, created_at FROM wab_governance_workspaces WHERE workspace_id = ?`).get(req.params.id);
+  if (!row) return res.status(404).json({ error: 'not_found' });
+  const members = db.prepare(`SELECT email, role, accepted_at FROM wab_governance_members WHERE workspace_id = ? ORDER BY role`).all(req.params.id);
+  const month = new Date().toISOString().slice(0,7);
+  const counts = db.prepare(`SELECT COUNT(*) AS n FROM wab_governance_events WHERE workspace_id = ? AND created_at >= ?`).get(req.params.id, month + '-01');
+  res.json({ ...row, members, events_this_month: counts.n });
+});
+
+// ─────────────────────────────────────────────────────────────────────────────
+router.post('/workspaces/:id/members', memberGate, (req, res) => {
+  const b = req.body || {};
+  const email = String(b.email || '').toLowerCase().trim();
+  const role  = String(b.role  || 'viewer').toLowerCase();
+  if (!email || !['admin','reviewer','viewer'].includes(role)) return res.status(400).json({ error: 'email + valid role required' });
+  const ws = db.prepare(`SELECT max_members FROM wab_governance_workspaces WHERE workspace_id = ?`).get(req.params.id);
+  if (!ws) return res.status(404).json({ error: 'workspace_not_found' });
+  const count = db.prepare(`SELECT COUNT(*) AS n FROM wab_governance_members WHERE workspace_id = ?`).get(req.params.id);
+  if (count.n >= ws.max_members) return res.status(409).json({ error: 'seat_limit_reached', max: ws.max_members });
+  try {
+    db.prepare(`INSERT INTO wab_governance_members (workspace_id, email, role) VALUES (?, ?, ?)`).run(req.params.id, email, role);
+  } catch (e) {
+    if (String(e.message).includes('UNIQUE')) return res.status(409).json({ error: 'already_member' });
+    return res.status(500).json({ error: 'add_failed' });
+  }
+  res.json({ ok: true });
+});
+
+// ─────────────────────────────────────────────────────────────────────────────
+// Event ingestion — API-key gated; key must match workspace.api_key_id
+router.post('/workspaces/:id/events', (req, res) => {
+  const secret = (req.headers['x-api-key'] || '').toString();
+  if (!secret) return res.status(401).json({ error: 'missing X-API-Key' });
+  const k = db.prepare(`SELECT key_id, scopes, status FROM wab_api_keys WHERE key_hash = ?`).get(hashKey(secret));
+  if (!k || k.status !== 'active') return res.status(401).json({ error: 'invalid_api_key' });
+  try {
+    const sc = JSON.parse(k.scopes);
+    if (!sc.includes('governance:write')) return res.status(403).json({ error: 'scope_required', required: 'governance:write' });
+  } catch { return res.status(403).json({ error: 'scope_invalid' }); }
+
+  const ws = db.prepare(`SELECT api_key_id, max_events_per_month, status FROM wab_governance_workspaces WHERE workspace_id = ?`).get(req.params.id);
+  if (!ws) return res.status(404).json({ error: 'workspace_not_found' });
+  if (ws.status !== 'active') return res.status(403).json({ error: 'workspace_' + ws.status });
+  if (ws.api_key_id && ws.api_key_id !== k.key_id) return res.status(403).json({ error: 'api_key_not_bound_to_workspace' });
+
+  const month = new Date().toISOString().slice(0,7);
+  const cnt = db.prepare(`SELECT COUNT(*) AS n FROM wab_governance_events WHERE workspace_id = ? AND created_at >= ?`).get(req.params.id, month + '-01');
+  if (cnt.n >= ws.max_events_per_month) return res.status(402).json({ error: 'event_quota_exceeded', limit: ws.max_events_per_month });
+
+  const b = req.body || {};
+  const event_type = String(b.event_type || '').toLowerCase();
+  const severity   = String(b.severity   || 'info').toLowerCase();
+  if (!EVENT_TYPES.has(event_type)) return res.status(400).json({ error: 'invalid event_type' });
+  if (!SEVERITIES.has(severity))    return res.status(400).json({ error: 'invalid severity' });
+
+  const event_id = 'ev_' + crypto.randomBytes(10).toString('base64url');
+  try {
+    db.prepare(`
+      INSERT INTO wab_governance_events (event_id, workspace_id, source, event_type, severity, subject, article, outcome, detail, signature, signed_by_pk)
+      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+    `).run(
+      event_id, req.params.id,
+      clip(b.source, 120) || 'unknown',
+      event_type, severity,
+      clip(b.subject, 200),
+      clip(b.article, 60),
+      clip(b.outcome, 40),
+      clip(typeof b.detail === 'string' ? b.detail : JSON.stringify(b.detail || {}), 8000),
+      clip(b.signature, 200),
+      clip(b.signed_by_pk, 200)
+    );
+  } catch (e) { return res.status(500).json({ error: 'ingest_failed', detail: e.message }); }
+
+  res.json({ ok: true, event_id });
+});
+
+// ─────────────────────────────────────────────────────────────────────────────
+router.get('/workspaces/:id/events', memberGate, (req, res) => {
+  const limit = Math.min(500, Math.max(1, parseInt(req.query.limit, 10) || 100));
+  const event_type = req.query.event_type && EVENT_TYPES.has(String(req.query.event_type)) ? String(req.query.event_type) : null;
+  const sql = event_type
+    ? `SELECT event_id, source, event_type, severity, subject, article, outcome, created_at FROM wab_governance_events WHERE workspace_id = ? AND event_type = ? ORDER BY id DESC LIMIT ?`
+    : `SELECT event_id, source, event_type, severity, subject, article, outcome, created_at FROM wab_governance_events WHERE workspace_id = ? ORDER BY id DESC LIMIT ?`;
+  const rows = event_type ? db.prepare(sql).all(req.params.id, event_type, limit) : db.prepare(sql).all(req.params.id, limit);
+  res.json({ events: rows, total: rows.length });
+});
+
+// JSONL export — auditor-friendly, EU AI Act Article 12
+router.get('/workspaces/:id/export', memberGate, (req, res) => {
+  const rows = db.prepare(`SELECT event_id, source, event_type, severity, subject, article, outcome, detail, signature, signed_by_pk, created_at FROM wab_governance_events WHERE workspace_id = ? ORDER BY id ASC LIMIT 100000`).all(req.params.id);
+  res.set('Content-Type', 'application/x-ndjson');
+  res.set('Content-Disposition', `attachment; filename="wab-governance-${req.params.id}.jsonl"`);
+  for (const r of rows) res.write(JSON.stringify(r) + '\n');
+  res.end();
+});
+
+module.exports = router;

package/server/routes/governance.js

@@ -1,208 +1,208 @@
-/**
- * WAB Agent Governance Routes
- * Mounted at /api/governance
- *
- * Auth model:
- *   - Agent endpoints: Bearer <agent_token> in Authorization header
- *     OR ?agent_id=...&agent_token=... query params (for SDKs without headers)
- *   - Owner/human endpoints (kill, decide approval): same agent token works
- *     for the owner of that agent. (Future: owner-level user auth.)
- */
-
-'use strict';
-
-const express = require('express');
-const gov = require('../services/governance');
-
-const router = express.Router();
-
-// ───────────────────────── auth middleware ────
-function requireAgent(req, res, next) {
-  const auth = req.headers.authorization || '';
-  const headerToken = auth.startsWith('Bearer ') ? auth.slice(7).trim() : null;
-  const agentId = req.params.agentId || req.body?.agent_id || req.query?.agent_id;
-  const token   = headerToken || req.body?.agent_token || req.query?.agent_token;
-  const a = gov.authAgent(agentId, token);
-  if (!a) return res.status(401).json({ error: 'invalid_agent_credentials' });
-  req.agent = a;
-  next();
-}
-
-// ───────────────────────── lifecycle ────
-// Register a new agent. Returns the one-time token. Public — anyone can create
-// an agent identity for themselves; rate-limited by the parent app.
-router.post('/agents', (req, res) => {
-  try {
-    const { agent_id, owner_id, display_name, metadata } = req.body || {};
-    const out = gov.registerAgent({
-      agentId: agent_id, ownerId: owner_id,
-      displayName: display_name, metadata,
-    });
-    res.status(201).json({
-      agent_id: out.agentId,
-      agent_token: out.agentToken,   // shown ONCE — caller must store it
-      message: 'Save the agent_token now; it cannot be retrieved later.',
-    });
-  } catch (e) {
-    if (String(e.message).includes('UNIQUE')) {
-      return res.status(409).json({ error: 'agent_id_exists' });
-    }
-    res.status(500).json({ error: 'register_failed', detail: e.message });
-  }
-});
-
-router.get('/agents/:agentId/status', requireAgent, (req, res) => {
-  const s = gov.getStatus(req.agent.agent_id);
-  res.json(s);
-});
-
-// Kill switch — agent self-kill or external trigger with valid token.
-router.post('/agents/:agentId/kill', requireAgent, (req, res) => {
-  const reason = req.body?.reason || 'manual';
-  const ok = gov.killAgent(req.agent.agent_id, reason);
-  res.json({ ok, status: 'killed', reason });
-});
-
-router.post('/agents/:agentId/revive', requireAgent, (req, res) => {
-  const reason = req.body?.reason || 'manual_revive';
-  const ok = gov.reviveAgent(req.agent.agent_id, reason);
-  res.json({ ok, status: 'alive', reason });
-});
-
-// ───────────────────────── policies ────
-router.get('/agents/:agentId/policies', requireAgent, (req, res) => {
-  res.json({ policies: gov.listPolicies(req.agent.agent_id) });
-});
-
-router.post('/agents/:agentId/policies', requireAgent, (req, res) => {
-  const b = req.body || {};
-  if (!b.resource || !b.action) {
-    return res.status(400).json({ error: 'missing_fields', need: ['resource', 'action'] });
-  }
-  const r = gov.definePolicy({
-    agentId:        req.agent.agent_id,
-    resource:       String(b.resource),
-    action:         String(b.action),
-    scope:          b.scope || null,
-    maxAmount:      b.max_amount,
-    currency:       b.currency,
-    dailyCap:       b.daily_cap,
-    perCallRate:    b.per_call_rate,
-    requiresApproval: !!b.requires_approval,
-    effect:         b.effect === 'deny' ? 'deny' : 'allow',
-    expiresAt:      b.expires_at || null,
-  });
-  res.status(201).json({ ok: true, id: r.id });
-});
-
-router.delete('/agents/:agentId/policies/:id', requireAgent, (req, res) => {
-  const ok = gov.deletePolicy(req.agent.agent_id, Number(req.params.id));
-  res.json({ ok });
-});
-
-// ───────────────────────── core check ────
-// Pre-action authorisation. Agent calls this BEFORE executing.
-router.post('/agents/:agentId/check', requireAgent, (req, res) => {
-  const { resource, action, scope, amount, currency } = req.body || {};
-  if (!resource || !action) {
-    return res.status(400).json({ error: 'missing_fields', need: ['resource', 'action'] });
-  }
-  const r = gov.check({
-    agentId: req.agent.agent_id, resource, action, scope, amount, currency,
-  });
-  // Audit the check itself (no params persisted by default).
-  gov.appendAudit({
-    agentId: req.agent.agent_id, eventType: 'check',
-    resource, action, scope, amount, currency,
-    decision: r.decision, reason: r.reason,
-  });
-  res.json({
-    decision: r.decision,
-    reason:   r.reason,
-    policy_id: r.policy?.id || null,
-    extra: r.extra || null,
-  });
-});
-
-// Agent reports an executed action (for audit + spend tracking).
-router.post('/agents/:agentId/execute', requireAgent, (req, res) => {
-  const b = req.body || {};
-  if (!b.resource || !b.action) {
-    return res.status(400).json({ error: 'missing_fields', need: ['resource', 'action'] });
-  }
-  const audit = gov.appendAudit({
-    agentId: req.agent.agent_id, eventType: 'execute',
-    resource: b.resource, action: b.action, scope: b.scope,
-    amount: b.amount, currency: b.currency,
-    decision: b.decision || 'allow', reason: b.reason || null,
-    paramsJson: b.params ? JSON.stringify(gov._internals.redact(b.params)) : null,
-    resultJson: b.result ? JSON.stringify(gov._internals.redact(b.result)) : null,
-  });
-  if (b.amount && Number(b.amount) > 0) {
-    gov.recordSpend(req.agent.agent_id, b.resource, Number(b.amount),
-      b.currency || 'USD', String(audit.id));
-  }
-  res.json({ ok: true, audit_id: audit.id, hash: audit.hash });
-});
-
-// ───────────────────────── approvals ────
-router.post('/agents/:agentId/approvals', requireAgent, (req, res) => {
-  const b = req.body || {};
-  if (!b.resource || !b.action) {
-    return res.status(400).json({ error: 'missing_fields', need: ['resource', 'action'] });
-  }
-  const r = gov.requestApproval({
-    agentId: req.agent.agent_id,
-    resource: b.resource, action: b.action, scope: b.scope,
-    amount: b.amount, currency: b.currency,
-    params: b.params, reason: b.reason, ttlMs: b.ttl_ms,
-  });
-  res.status(201).json(r);
-});
-
-router.get('/agents/:agentId/approvals/pending', requireAgent, (req, res) => {
-  const limit = Math.min(500, Number(req.query.limit) || 100);
-  res.json({ pending: gov.listPendingApprovals(req.agent.agent_id, limit) });
-});
-
-router.get('/approvals/:requestId', (req, res) => {
-  const r = gov.getApproval(req.params.requestId);
-  if (!r) return res.status(404).json({ error: 'not_found' });
-  res.json(r);
-});
-
-// Human decision endpoint. Requires the agent's token (treated as owner-grade).
-// Future hardening: separate owner-level user auth.
-router.post('/approvals/:requestId/decide', (req, res) => {
-  const r = gov.getApproval(req.params.requestId);
-  if (!r) return res.status(404).json({ error: 'not_found' });
-  // Authenticate as the owner-of-the-agent.
-  const auth = req.headers.authorization || '';
-  const headerToken = auth.startsWith('Bearer ') ? auth.slice(7).trim() : null;
-  const token = headerToken || req.body?.agent_token || req.query?.agent_token;
-  const a = gov.authAgent(r.agent_id, token);
-  if (!a) return res.status(401).json({ error: 'invalid_credentials' });
-  const decision = req.body?.decision === 'approved' ? 'approved' : 'rejected';
-  const out = gov.decideApproval(req.params.requestId, {
-    decision, decidedBy: req.body?.decided_by || a.owner_id || null,
-    note: req.body?.note || null,
-  });
-  if (!out.ok) return res.status(409).json(out);
-  res.json(out);
-});
-
-// ───────────────────────── audit ────
-router.get('/agents/:agentId/audit', requireAgent, (req, res) => {
-  const limit = Math.min(1000, Number(req.query.limit) || 200);
-  const since = req.query.since || null;
-  const eventType = req.query.event || null;
-  res.json({
-    audit: gov.getAudit(req.agent.agent_id, { limit, since, eventType }),
-  });
-});
-
-router.get('/agents/:agentId/audit/verify', requireAgent, (req, res) => {
-  res.json(gov.verifyAuditChain(req.agent.agent_id));
-});
-
-module.exports = router;
+/**
+ * WAB Agent Governance Routes
+ * Mounted at /api/governance
+ *
+ * Auth model:
+ *   - Agent endpoints: Bearer <agent_token> in Authorization header
+ *     OR ?agent_id=...&agent_token=... query params (for SDKs without headers)
+ *   - Owner/human endpoints (kill, decide approval): same agent token works
+ *     for the owner of that agent. (Future: owner-level user auth.)
+ */
+
+'use strict';
+
+const express = require('express');
+const gov = require('../services/governance');
+
+const router = express.Router();
+
+// ───────────────────────── auth middleware ────
+function requireAgent(req, res, next) {
+  const auth = req.headers.authorization || '';
+  const headerToken = auth.startsWith('Bearer ') ? auth.slice(7).trim() : null;
+  const agentId = req.params.agentId || req.body?.agent_id || req.query?.agent_id;
+  const token   = headerToken || req.body?.agent_token || req.query?.agent_token;
+  const a = gov.authAgent(agentId, token);
+  if (!a) return res.status(401).json({ error: 'invalid_agent_credentials' });
+  req.agent = a;
+  next();
+}
+
+// ───────────────────────── lifecycle ────
+// Register a new agent. Returns the one-time token. Public — anyone can create
+// an agent identity for themselves; rate-limited by the parent app.
+router.post('/agents', (req, res) => {
+  try {
+    const { agent_id, owner_id, display_name, metadata } = req.body || {};
+    const out = gov.registerAgent({
+      agentId: agent_id, ownerId: owner_id,
+      displayName: display_name, metadata,
+    });
+    res.status(201).json({
+      agent_id: out.agentId,
+      agent_token: out.agentToken,   // shown ONCE — caller must store it
+      message: 'Save the agent_token now; it cannot be retrieved later.',
+    });
+  } catch (e) {
+    if (String(e.message).includes('UNIQUE')) {
+      return res.status(409).json({ error: 'agent_id_exists' });
+    }
+    res.status(500).json({ error: 'register_failed', detail: e.message });
+  }
+});
+
+router.get('/agents/:agentId/status', requireAgent, (req, res) => {
+  const s = gov.getStatus(req.agent.agent_id);
+  res.json(s);
+});
+
+// Kill switch — agent self-kill or external trigger with valid token.
+router.post('/agents/:agentId/kill', requireAgent, (req, res) => {
+  const reason = req.body?.reason || 'manual';
+  const ok = gov.killAgent(req.agent.agent_id, reason);
+  res.json({ ok, status: 'killed', reason });
+});
+
+router.post('/agents/:agentId/revive', requireAgent, (req, res) => {
+  const reason = req.body?.reason || 'manual_revive';
+  const ok = gov.reviveAgent(req.agent.agent_id, reason);
+  res.json({ ok, status: 'alive', reason });
+});
+
+// ───────────────────────── policies ────
+router.get('/agents/:agentId/policies', requireAgent, (req, res) => {
+  res.json({ policies: gov.listPolicies(req.agent.agent_id) });
+});
+
+router.post('/agents/:agentId/policies', requireAgent, (req, res) => {
+  const b = req.body || {};
+  if (!b.resource || !b.action) {
+    return res.status(400).json({ error: 'missing_fields', need: ['resource', 'action'] });
+  }
+  const r = gov.definePolicy({
+    agentId:        req.agent.agent_id,
+    resource:       String(b.resource),
+    action:         String(b.action),
+    scope:          b.scope || null,
+    maxAmount:      b.max_amount,
+    currency:       b.currency,
+    dailyCap:       b.daily_cap,
+    perCallRate:    b.per_call_rate,
+    requiresApproval: !!b.requires_approval,
+    effect:         b.effect === 'deny' ? 'deny' : 'allow',
+    expiresAt:      b.expires_at || null,
+  });
+  res.status(201).json({ ok: true, id: r.id });
+});
+
+router.delete('/agents/:agentId/policies/:id', requireAgent, (req, res) => {
+  const ok = gov.deletePolicy(req.agent.agent_id, Number(req.params.id));
+  res.json({ ok });
+});
+
+// ───────────────────────── core check ────
+// Pre-action authorisation. Agent calls this BEFORE executing.
+router.post('/agents/:agentId/check', requireAgent, (req, res) => {
+  const { resource, action, scope, amount, currency } = req.body || {};
+  if (!resource || !action) {
+    return res.status(400).json({ error: 'missing_fields', need: ['resource', 'action'] });
+  }
+  const r = gov.check({
+    agentId: req.agent.agent_id, resource, action, scope, amount, currency,
+  });
+  // Audit the check itself (no params persisted by default).
+  gov.appendAudit({
+    agentId: req.agent.agent_id, eventType: 'check',
+    resource, action, scope, amount, currency,
+    decision: r.decision, reason: r.reason,
+  });
+  res.json({
+    decision: r.decision,
+    reason:   r.reason,
+    policy_id: r.policy?.id || null,
+    extra: r.extra || null,
+  });
+});
+
+// Agent reports an executed action (for audit + spend tracking).
+router.post('/agents/:agentId/execute', requireAgent, (req, res) => {
+  const b = req.body || {};
+  if (!b.resource || !b.action) {
+    return res.status(400).json({ error: 'missing_fields', need: ['resource', 'action'] });
+  }
+  const audit = gov.appendAudit({
+    agentId: req.agent.agent_id, eventType: 'execute',
+    resource: b.resource, action: b.action, scope: b.scope,
+    amount: b.amount, currency: b.currency,
+    decision: b.decision || 'allow', reason: b.reason || null,
+    paramsJson: b.params ? JSON.stringify(gov._internals.redact(b.params)) : null,
+    resultJson: b.result ? JSON.stringify(gov._internals.redact(b.result)) : null,
+  });
+  if (b.amount && Number(b.amount) > 0) {
+    gov.recordSpend(req.agent.agent_id, b.resource, Number(b.amount),
+      b.currency || 'USD', String(audit.id));
+  }
+  res.json({ ok: true, audit_id: audit.id, hash: audit.hash });
+});
+
+// ───────────────────────── approvals ────
+router.post('/agents/:agentId/approvals', requireAgent, (req, res) => {
+  const b = req.body || {};
+  if (!b.resource || !b.action) {
+    return res.status(400).json({ error: 'missing_fields', need: ['resource', 'action'] });
+  }
+  const r = gov.requestApproval({
+    agentId: req.agent.agent_id,
+    resource: b.resource, action: b.action, scope: b.scope,
+    amount: b.amount, currency: b.currency,
+    params: b.params, reason: b.reason, ttlMs: b.ttl_ms,
+  });
+  res.status(201).json(r);
+});
+
+router.get('/agents/:agentId/approvals/pending', requireAgent, (req, res) => {
+  const limit = Math.min(500, Number(req.query.limit) || 100);
+  res.json({ pending: gov.listPendingApprovals(req.agent.agent_id, limit) });
+});
+
+router.get('/approvals/:requestId', (req, res) => {
+  const r = gov.getApproval(req.params.requestId);
+  if (!r) return res.status(404).json({ error: 'not_found' });
+  res.json(r);
+});
+
+// Human decision endpoint. Requires the agent's token (treated as owner-grade).
+// Future hardening: separate owner-level user auth.
+router.post('/approvals/:requestId/decide', (req, res) => {
+  const r = gov.getApproval(req.params.requestId);
+  if (!r) return res.status(404).json({ error: 'not_found' });
+  // Authenticate as the owner-of-the-agent.
+  const auth = req.headers.authorization || '';
+  const headerToken = auth.startsWith('Bearer ') ? auth.slice(7).trim() : null;
+  const token = headerToken || req.body?.agent_token || req.query?.agent_token;
+  const a = gov.authAgent(r.agent_id, token);
+  if (!a) return res.status(401).json({ error: 'invalid_credentials' });
+  const decision = req.body?.decision === 'approved' ? 'approved' : 'rejected';
+  const out = gov.decideApproval(req.params.requestId, {
+    decision, decidedBy: req.body?.decided_by || a.owner_id || null,
+    note: req.body?.note || null,
+  });
+  if (!out.ok) return res.status(409).json(out);
+  res.json(out);
+});
+
+// ───────────────────────── audit ────
+router.get('/agents/:agentId/audit', requireAgent, (req, res) => {
+  const limit = Math.min(1000, Number(req.query.limit) || 200);
+  const since = req.query.since || null;
+  const eventType = req.query.event || null;
+  res.json({
+    audit: gov.getAudit(req.agent.agent_id, { limit, since, eventType }),
+  });
+});
+
+router.get('/agents/:agentId/audit/verify', requireAgent, (req, res) => {
+  res.json(gov.verifyAuditChain(req.agent.agent_id));
+});
+
+module.exports = router;