1id 0.4.1 → 0.7.0

package/README.md

@@ -42,13 +42,13 @@ console.log(`I am ${me.handle} (tier: ${me.trust_tier})`);
 
 ## Trust Tiers
 
+RFC: `draft-drake-email-hardware-attestation-00` Section 3.
+
 | Tier | Hardware | Sybil Resistant | Trust Level |
 |------|----------|-----------------|-------------|
 | `sovereign` | TPM (Intel, AMD, Infineon) with valid cert | Yes | Highest |
-| `sovereign-portable` | YubiKey / Nitrokey / Feitian with attestation | Yes | Highest |
-| `legacy` | Hardware TPM or security key with expired cert | Yes | High |
+| `portable` | YubiKey / Nitrokey / Feitian with PIV attestation | Yes | High |
 | `virtual` | VMware / Hyper-V / QEMU vTPM | No | Verified Hardware |
-| `enclave` | Apple Secure Enclave (TOFU) | No | Verified Hardware |
 | `declared` | None (software keys) | No | Software |
 
 **CRITICAL**: `request_tier` is a REQUIREMENT, not a preference. You get exactly what you ask for, or an exception. No silent fallbacks.

package/dist/auth.d.ts

@@ -1,31 +1,32 @@
 /**
  * OAuth2 token management for the 1id.com Node.js SDK.
  *
- * After enrollment, agents authenticate using standard OAuth2
- * client_credentials grant. No TPM operations needed for daily use.
- *
- * This module handles:
- * - Token acquisition (client_credentials grant)
- * - Token caching (in-memory, with expiry awareness)
- * - Token refresh
- * - Authorization header formatting
+ * After enrollment, agents authenticate via hardware challenge-response
+ * (TPM for sovereign/virtual, PIV for portable) or OAuth2 client_credentials
+ * grant (declared tier only).
+ *
+ * SECURITY RULE: Hardware-tier identities NEVER fall back to bare
+ * client_credentials. If the hardware device is absent, get_token() throws
+ * HardwareDeviceNotPresentError. This is intentional: a stolen
+ * credentials.json is useless without the physical device.
  */
 import { type StoredCredentials } from "./credentials.js";
 import type { Token } from "./identity.js";
 /**
  * Get a valid OAuth2 access token, refreshing if needed.
  *
- * This is the primary authentication method for daily use. It uses
- * the OAuth2 client_credentials grant with the credentials stored
- * during enrollment.
+ * For hardware-backed tiers (sovereign, portable, virtual), this invokes
+ * the hardware challenge-response flow via the Go binary. The physical
+ * device must be present. If it is absent, HardwareDeviceNotPresentError
+ * is thrown -- there is NO fallback to bare client_credentials.
  *
- * Tokens are cached in memory and automatically refreshed when they
- * are within 60s of expiry.
+ * For declared tier, the standard OAuth2 client_credentials grant is used.
  *
  * @param force_refresh If true, always fetch a new token even if cached.
  * @param credentials Optional pre-loaded credentials.
  * @returns A valid Token object.
  * @throws NotEnrolledError if no credentials file exists.
+ * @throws HardwareDeviceNotPresentError if hardware tier and device is absent.
  * @throws AuthenticationError if the token request fails.
  * @throws NetworkError if the token endpoint cannot be reached.
  */
@@ -52,4 +53,11 @@ export declare function clear_cached_token(): void;
  * @returns A valid Token object.
  */
 export declare function authenticate_with_tpm(identity_id?: string | null, ak_handle?: string | null, api_base_url?: string | null, credentials?: StoredCredentials | null): Promise<Token>;
+/**
+ * Authenticate using a PIV device (YubiKey) -- passwordless sign-in.
+ *
+ * Same challenge-response flow as TPM but uses PIV slot 9a ECDSA signing.
+ * No PIN, no elevation, no human interaction required.
+ */
+export declare function authenticate_with_piv(identity_id?: string | null, api_base_url?: string | null, credentials?: StoredCredentials | null): Promise<Token>;
 //# sourceMappingURL=auth.d.ts.map

package/dist/auth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,KAAK,iBAAiB,EAAoB,MAAM,kBAAkB,CAAC;AAE5E,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,eAAe,CAAC;AAU3C;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAsB,SAAS,CAC7B,aAAa,GAAE,OAAe,EAC9B,WAAW,CAAC,EAAE,iBAAiB,GAAG,IAAI,GACrC,OAAO,CAAC,KAAK,CAAC,CAmBhB;AA0CD;;;;GAIG;AACH,wBAAgB,kBAAkB,IAAI,IAAI,CAEzC;AAMD;;;;;;;;;;;;;;GAcG;AACH,wBAAsB,qBAAqB,CACzC,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,EAC3B,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,EACzB,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,EAC5B,WAAW,CAAC,EAAE,iBAAiB,GAAG,IAAI,GACrC,OAAO,CAAC,KAAK,CAAC,CA2FhB"}
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,KAAK,iBAAiB,EAAoB,MAAM,kBAAkB,CAAC;AAE5E,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,eAAe,CAAC;AAY3C;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAsB,SAAS,CAC7B,aAAa,GAAE,OAAe,EAC9B,WAAW,CAAC,EAAE,iBAAiB,GAAG,IAAI,GACrC,OAAO,CAAC,KAAK,CAAC,CAqBhB;AA2ED;;;;GAIG;AACH,wBAAgB,kBAAkB,IAAI,IAAI,CAEzC;AAMD;;;;;;;;;;;;;;GAcG;AACH,wBAAsB,qBAAqB,CACzC,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,EAC3B,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,EACzB,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,EAC5B,WAAW,CAAC,EAAE,iBAAiB,GAAG,IAAI,GACrC,OAAO,CAAC,KAAK,CAAC,CA2FhB;AAGD;;;;;GAKG;AACH,wBAAsB,qBAAqB,CACzC,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,EAC3B,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,EAC5B,WAAW,CAAC,EAAE,iBAAiB,GAAG,IAAI,GACrC,OAAO,CAAC,KAAK,CAAC,CA4EhB"}

package/dist/auth.js

@@ -1,57 +1,91 @@
 /**
  * OAuth2 token management for the 1id.com Node.js SDK.
  *
- * After enrollment, agents authenticate using standard OAuth2
- * client_credentials grant. No TPM operations needed for daily use.
+ * After enrollment, agents authenticate via hardware challenge-response
+ * (TPM for sovereign/virtual, PIV for portable) or OAuth2 client_credentials
+ * grant (declared tier only).
  *
- * This module handles:
- * - Token acquisition (client_credentials grant)
- * - Token caching (in-memory, with expiry awareness)
- * - Token refresh
- * - Authorization header formatting
+ * SECURITY RULE: Hardware-tier identities NEVER fall back to bare
+ * client_credentials. If the hardware device is absent, get_token() throws
+ * HardwareDeviceNotPresentError. This is intentional: a stolen
+ * credentials.json is useless without the physical device.
  */
 import { load_credentials } from "./credentials.js";
-import { AuthenticationError, NetworkError } from "./exceptions.js";
+import { AuthenticationError, HardwareDeviceNotPresentError, NetworkError } from "./exceptions.js";
 import { OneIDAPIClient } from "./client.js";
-// -- Configuration --
-const TOKEN_REFRESH_MARGIN_MILLISECONDS = 60_000; // Refresh tokens 60s before expiry
+const TOKEN_REFRESH_MARGIN_MILLISECONDS = 60_000;
 const TOKEN_REQUEST_TIMEOUT_MILLISECONDS = 15_000;
-// -- Module-level token cache --
+const TIERS_REQUIRING_HARDWARE_AUTH = new Set(["sovereign", "portable", "virtual"]);
+const TIERS_USING_TPM = new Set(["sovereign", "virtual"]);
+const TIERS_USING_PIV = new Set(["portable"]);
 let cached_token = null;
 /**
  * Get a valid OAuth2 access token, refreshing if needed.
  *
- * This is the primary authentication method for daily use. It uses
- * the OAuth2 client_credentials grant with the credentials stored
- * during enrollment.
+ * For hardware-backed tiers (sovereign, portable, virtual), this invokes
+ * the hardware challenge-response flow via the Go binary. The physical
+ * device must be present. If it is absent, HardwareDeviceNotPresentError
+ * is thrown -- there is NO fallback to bare client_credentials.
  *
- * Tokens are cached in memory and automatically refreshed when they
- * are within 60s of expiry.
+ * For declared tier, the standard OAuth2 client_credentials grant is used.
  *
  * @param force_refresh If true, always fetch a new token even if cached.
  * @param credentials Optional pre-loaded credentials.
  * @returns A valid Token object.
  * @throws NotEnrolledError if no credentials file exists.
+ * @throws HardwareDeviceNotPresentError if hardware tier and device is absent.
  * @throws AuthenticationError if the token request fails.
  * @throws NetworkError if the token endpoint cannot be reached.
  */
 export async function get_token(force_refresh = false, credentials) {
-    // Check if cached token is still valid (with margin)
     if (!force_refresh && cached_token != null) {
         const margin_adjusted_expiry = new Date(cached_token.expires_at.getTime() - TOKEN_REFRESH_MARGIN_MILLISECONDS);
         if (new Date() < margin_adjusted_expiry) {
             return cached_token;
         }
     }
-    // Load credentials
     if (credentials == null) {
         credentials = load_credentials();
     }
-    // Request a new token
+    if (TIERS_REQUIRING_HARDWARE_AUTH.has(credentials.trust_tier)) {
+        const token = await authenticate_with_hardware_challenge_response(credentials);
+        cached_token = token;
+        return token;
+    }
     const token = await request_token_from_keycloak(credentials);
     cached_token = token;
     return token;
 }
+async function authenticate_with_hardware_challenge_response(credentials) {
+    if (TIERS_USING_TPM.has(credentials.trust_tier)) {
+        try {
+            return await authenticate_with_tpm(null, null, null, credentials);
+        }
+        catch (error) {
+            if (error instanceof HardwareDeviceNotPresentError) {
+                throw error;
+            }
+            throw new HardwareDeviceNotPresentError(`TPM authentication failed and hardware is required for ` +
+                `${credentials.trust_tier} tier. Device may be absent or ` +
+                `inaccessible: ${error instanceof Error ? error.message : String(error)}`);
+        }
+    }
+    if (TIERS_USING_PIV.has(credentials.trust_tier)) {
+        try {
+            return await authenticate_with_piv(null, null, credentials);
+        }
+        catch (error) {
+            if (error instanceof HardwareDeviceNotPresentError) {
+                throw error;
+            }
+            throw new HardwareDeviceNotPresentError(`PIV authentication failed and hardware is required for ` +
+                `${credentials.trust_tier} tier. YubiKey may be absent or ` +
+                `inaccessible: ${error instanceof Error ? error.message : String(error)}`);
+        }
+    }
+    throw new HardwareDeviceNotPresentError(`Trust tier '${credentials.trust_tier}' requires hardware but no ` +
+        `supported authentication method is available.`);
+}
 /**
  * Request a new access token from Keycloak using client_credentials grant.
  */
@@ -185,4 +219,77 @@ export async function authenticate_with_tpm(identity_id, ak_handle, api_base_url
             "The Keycloak token endpoint may be unavailable.");
     }
 }
+/**
+ * Authenticate using a PIV device (YubiKey) -- passwordless sign-in.
+ *
+ * Same challenge-response flow as TPM but uses PIV slot 9a ECDSA signing.
+ * No PIN, no elevation, no human interaction required.
+ */
+export async function authenticate_with_piv(identity_id, api_base_url, credentials) {
+    if (credentials == null) {
+        credentials = load_credentials();
+    }
+    if (identity_id == null) {
+        identity_id = credentials.client_id;
+    }
+    if (api_base_url == null) {
+        api_base_url = credentials.api_base_url;
+    }
+    const api_client = new OneIDAPIClient(api_base_url, TOKEN_REQUEST_TIMEOUT_MILLISECONDS);
+    let challenge_data;
+    try {
+        challenge_data = await api_client["_make_request"]("POST", "/api/v1/auth/challenge", {
+            identity_id,
+        });
+    }
+    catch (error) {
+        if (error instanceof NetworkError) {
+            throw error;
+        }
+        throw new AuthenticationError(`Challenge request failed: ${error instanceof Error ? error.message : String(error)}`);
+    }
+    const challenge_id = challenge_data.challenge_id;
+    const nonce_b64 = challenge_data.nonce_b64;
+    if (!challenge_id || !nonce_b64) {
+        throw new AuthenticationError("Server returned incomplete challenge response");
+    }
+    const { sign_challenge_with_piv } = await import("./helper.js");
+    const sign_result = await sign_challenge_with_piv(nonce_b64);
+    const signature_b64 = sign_result.signature_b64 ?? "";
+    if (!signature_b64) {
+        throw new AuthenticationError("PIV signing returned empty signature");
+    }
+    let verify_data;
+    try {
+        verify_data = await api_client["_make_request"]("POST", "/api/v1/auth/verify", {
+            challenge_id,
+            signature_b64,
+        });
+    }
+    catch (error) {
+        if (error instanceof NetworkError) {
+            throw error;
+        }
+        throw new AuthenticationError(`PIV authentication failed: ${error instanceof Error ? error.message : String(error)}`);
+    }
+    if (!verify_data.authenticated) {
+        throw new AuthenticationError("Server did not confirm PIV authentication");
+    }
+    const tokens = verify_data.tokens;
+    if (tokens?.access_token) {
+        const expires_in_seconds = tokens.expires_in ?? 3600;
+        const token = {
+            access_token: tokens.access_token,
+            token_type: tokens.token_type ?? "Bearer",
+            expires_at: new Date(Date.now() + expires_in_seconds * 1000),
+            refresh_token: tokens.refresh_token ?? null,
+        };
+        cached_token = token;
+        return token;
+    }
+    else {
+        throw new AuthenticationError("PIV signature verified but no tokens were issued. " +
+            "The Keycloak token endpoint may be unavailable.");
+    }
+}
 //# sourceMappingURL=auth.js.map

package/dist/auth.js.map

@@ -1 +1 @@
-{"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAA0B,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAC5E,OAAO,EAAE,mBAAmB,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAEpE,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAE7C,sBAAsB;AACtB,MAAM,iCAAiC,GAAG,MAAM,CAAC,CAAC,mCAAmC;AACrF,MAAM,kCAAkC,GAAG,MAAM,CAAC;AAElD,iCAAiC;AACjC,IAAI,YAAY,GAAiB,IAAI,CAAC;AAEtC;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,gBAAyB,KAAK,EAC9B,WAAsC;IAEtC,qDAAqD;IACrD,IAAI,CAAC,aAAa,IAAI,YAAY,IAAI,IAAI,EAAE,CAAC;QAC3C,MAAM,sBAAsB,GAAG,IAAI,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,OAAO,EAAE,GAAG,iCAAiC,CAAC,CAAC;QAC/G,IAAI,IAAI,IAAI,EAAE,GAAG,sBAAsB,EAAE,CAAC;YACxC,OAAO,YAAY,CAAC;QACtB,CAAC;IACH,CAAC;IAED,mBAAmB;IACnB,IAAI,WAAW,IAAI,IAAI,EAAE,CAAC;QACxB,WAAW,GAAG,gBAAgB,EAAE,CAAC;IACnC,CAAC;IAED,sBAAsB;IACtB,MAAM,KAAK,GAAG,MAAM,2BAA2B,CAAC,WAAW,CAAC,CAAC;IAC7D,YAAY,GAAG,KAAK,CAAC;IAErB,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,2BAA2B,CAAC,WAA8B;IACvE,MAAM,UAAU,GAAG,IAAI,cAAc,CACnC,WAAW,CAAC,YAAY,EACxB,kCAAkC,CACnC,CAAC;IAEF,IAAI,cAAuC,CAAC;IAC5C,IAAI,CAAC;QACH,cAAc,GAAG,MAAM,UAAU,CAAC,iCAAiC,CACjE,WAAW,CAAC,SAAS,EACrB,WAAW,CAAC,aAAa,CAC1B,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,YAAY,IAAI,KAAK,YAAY,mBAAmB,EAAE,CAAC;YAC1E,MAAM,KAAK,CAAC;QACd,CAAC;QACD,MAAM,IAAI,mBAAmB,CAC3B,yBAAyB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAClF,CAAC;IACJ,CAAC;IAED,MAAM,YAAY,GAAG,cAAc,CAAC,YAAsB,CAAC;IAC3D,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,IAAI,mBAAmB,CAAC,6CAA6C,CAAC,CAAC;IAC/E,CAAC;IAED,MAAM,kBAAkB,GAAI,cAAc,CAAC,UAAqB,IAAI,IAAI,CAAC;IACzE,MAAM,UAAU,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,kBAAkB,GAAG,IAAI,CAAC,CAAC;IAEpE,OAAO;QACL,YAAY;QACZ,UAAU,EAAG,cAAc,CAAC,UAAqB,IAAI,QAAQ;QAC7D,UAAU;QACV,aAAa,EAAG,cAAc,CAAC,aAAwB,IAAI,IAAI;KAChE,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,kBAAkB;IAChC,YAAY,GAAG,IAAI,CAAC;AACtB,CAAC;AAED,8EAA8E;AAC9E,kEAAkE;AAClE,8EAA8E;AAE9E;;;;;;;;;;;;;;GAcG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,WAA2B,EAC3B,SAAyB,EACzB,YAA4B,EAC5B,WAAsC;IAEtC,mCAAmC;IACnC,IAAI,WAAW,IAAI,IAAI,EAAE,CAAC;QACxB,WAAW,GAAG,gBAAgB,EAAE,CAAC;IACnC,CAAC;IAED,IAAI,WAAW,IAAI,IAAI,EAAE,CAAC;QACxB,WAAW,GAAG,WAAW,CAAC,SAAS,CAAC;IACtC,CAAC;IAED,IAAI,SAAS,IAAI,IAAI,EAAE,CAAC;QACtB,SAAS,GAAG,WAAW,CAAC,iBAAiB,IAAI,IAAI,CAAC;QAClD,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,mBAAmB,CAC3B,iEAAiE;gBACjE,oDAAoD,CACrD,CAAC;QACJ,CAAC;IACH,CAAC;IAED,IAAI,YAAY,IAAI,IAAI,EAAE,CAAC;QACzB,YAAY,GAAG,WAAW,CAAC,YAAY,CAAC;IAC1C,CAAC;IAED,oDAAoD;IACpD,MAAM,UAAU,GAAG,IAAI,cAAc,CAAC,YAAY,EAAE,kCAAkC,CAAC,CAAC;IAExF,IAAI,cAAuC,CAAC;IAC5C,IAAI,CAAC;QACH,cAAc,GAAG,MAAM,UAAU,CAAC,eAAe,CAAC,CAAC,MAAM,EAAE,wBAAwB,EAAE;YACnF,WAAW;SACZ,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,YAAY,EAAE,CAAC;YAAC,MAAM,KAAK,CAAC;QAAC,CAAC;QACnD,MAAM,IAAI,mBAAmB,CAC3B,6BAA6B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACtF,CAAC;IACJ,CAAC;IAED,MAAM,YAAY,GAAG,cAAc,CAAC,YAAsB,CAAC;IAC3D,MAAM,SAAS,GAAG,cAAc,CAAC,SAAmB,CAAC;IAErD,IAAI,CAAC,YAAY,IAAI,CAAC,SAAS,EAAE,CAAC;QAChC,MAAM,IAAI,mBAAmB,CAAC,+CAA+C,CAAC,CAAC;IACjF,CAAC;IAED,+DAA+D;IAC/D,MAAM,EAAE,uBAAuB,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;IAChE,MAAM,WAAW,GAAG,MAAM,uBAAuB,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;IACxE,MAAM,aAAa,GAAG,WAAW,CAAC,aAAa,IAAI,EAAE,CAAC;IAEtD,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,IAAI,mBAAmB,CAAC,sCAAsC,CAAC,CAAC;IACxE,CAAC;IAED,4DAA4D;IAC5D,IAAI,WAAoC,CAAC;IACzC,IAAI,CAAC;QACH,WAAW,GAAG,MAAM,UAAU,CAAC,eAAe,CAAC,CAAC,MAAM,EAAE,qBAAqB,EAAE;YAC7E,YAAY;YACZ,aAAa;SACd,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,YAAY,EAAE,CAAC;YAAC,MAAM,KAAK,CAAC;QAAC,CAAC;QACnD,MAAM,IAAI,mBAAmB,CAC3B,8BAA8B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACvF,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC;QAC/B,MAAM,IAAI,mBAAmB,CAAC,uCAAuC,CAAC,CAAC;IACzE,CAAC;IAED,8BAA8B;IAC9B,MAAM,MAAM,GAAG,WAAW,CAAC,MAA6C,CAAC;IACzE,IAAI,MAAM,EAAE,YAAY,EAAE,CAAC;QACzB,MAAM,kBAAkB,GAAI,MAAM,CAAC,UAAqB,IAAI,IAAI,CAAC;QACjE,MAAM,KAAK,GAAU;YACnB,YAAY,EAAE,MAAM,CAAC,YAAsB;YAC3C,UAAU,EAAG,MAAM,CAAC,UAAqB,IAAI,QAAQ;YACrD,UAAU,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,kBAAkB,GAAG,IAAI,CAAC;YAC5D,aAAa,EAAG,MAAM,CAAC,aAAwB,IAAI,IAAI;SACxD,CAAC;QACF,YAAY,GAAG,KAAK,CAAC;QACrB,OAAO,KAAK,CAAC;IACf,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,mBAAmB,CAC3B,oDAAoD;YACpD,iDAAiD,CAClD,CAAC;IACJ,CAAC;AACH,CAAC"}
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAA0B,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAC5E,OAAO,EAAE,mBAAmB,EAAE,6BAA6B,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAEnG,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAE7C,MAAM,iCAAiC,GAAG,MAAM,CAAC;AACjD,MAAM,kCAAkC,GAAG,MAAM,CAAC;AAElD,MAAM,6BAA6B,GAAG,IAAI,GAAG,CAAC,CAAC,WAAW,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC,CAAC;AACpF,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC,CAAC;AAC1D,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC;AAE9C,IAAI,YAAY,GAAiB,IAAI,CAAC;AAEtC;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,gBAAyB,KAAK,EAC9B,WAAsC;IAEtC,IAAI,CAAC,aAAa,IAAI,YAAY,IAAI,IAAI,EAAE,CAAC;QAC3C,MAAM,sBAAsB,GAAG,IAAI,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,OAAO,EAAE,GAAG,iCAAiC,CAAC,CAAC;QAC/G,IAAI,IAAI,IAAI,EAAE,GAAG,sBAAsB,EAAE,CAAC;YACxC,OAAO,YAAY,CAAC;QACtB,CAAC;IACH,CAAC;IAED,IAAI,WAAW,IAAI,IAAI,EAAE,CAAC;QACxB,WAAW,GAAG,gBAAgB,EAAE,CAAC;IACnC,CAAC;IAED,IAAI,6BAA6B,CAAC,GAAG,CAAC,WAAW,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9D,MAAM,KAAK,GAAG,MAAM,6CAA6C,CAAC,WAAW,CAAC,CAAC;QAC/E,YAAY,GAAG,KAAK,CAAC;QACrB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,2BAA2B,CAAC,WAAW,CAAC,CAAC;IAC7D,YAAY,GAAG,KAAK,CAAC;IACrB,OAAO,KAAK,CAAC;AACf,CAAC;AAED,KAAK,UAAU,6CAA6C,CAAC,WAA8B;IACzF,IAAI,eAAe,CAAC,GAAG,CAAC,WAAW,CAAC,UAAU,CAAC,EAAE,CAAC;QAChD,IAAI,CAAC;YACH,OAAO,MAAM,qBAAqB,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC;QACpE,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,6BAA6B,EAAE,CAAC;gBAAC,MAAM,KAAK,CAAC;YAAC,CAAC;YACpE,MAAM,IAAI,6BAA6B,CACrC,yDAAyD;gBACzD,GAAG,WAAW,CAAC,UAAU,iCAAiC;gBAC1D,iBAAiB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAC1E,CAAC;QACJ,CAAC;IACH,CAAC;IAED,IAAI,eAAe,CAAC,GAAG,CAAC,WAAW,CAAC,UAAU,CAAC,EAAE,CAAC;QAChD,IAAI,CAAC;YACH,OAAO,MAAM,qBAAqB,CAAC,IAAI,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC;QAC9D,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,6BAA6B,EAAE,CAAC;gBAAC,MAAM,KAAK,CAAC;YAAC,CAAC;YACpE,MAAM,IAAI,6BAA6B,CACrC,yDAAyD;gBACzD,GAAG,WAAW,CAAC,UAAU,kCAAkC;gBAC3D,iBAAiB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAC1E,CAAC;QACJ,CAAC;IACH,CAAC;IAED,MAAM,IAAI,6BAA6B,CACrC,eAAe,WAAW,CAAC,UAAU,6BAA6B;QAClE,+CAA+C,CAChD,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,2BAA2B,CAAC,WAA8B;IACvE,MAAM,UAAU,GAAG,IAAI,cAAc,CACnC,WAAW,CAAC,YAAY,EACxB,kCAAkC,CACnC,CAAC;IAEF,IAAI,cAAuC,CAAC;IAC5C,IAAI,CAAC;QACH,cAAc,GAAG,MAAM,UAAU,CAAC,iCAAiC,CACjE,WAAW,CAAC,SAAS,EACrB,WAAW,CAAC,aAAa,CAC1B,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,YAAY,IAAI,KAAK,YAAY,mBAAmB,EAAE,CAAC;YAC1E,MAAM,KAAK,CAAC;QACd,CAAC;QACD,MAAM,IAAI,mBAAmB,CAC3B,yBAAyB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAClF,CAAC;IACJ,CAAC;IAED,MAAM,YAAY,GAAG,cAAc,CAAC,YAAsB,CAAC;IAC3D,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,IAAI,mBAAmB,CAAC,6CAA6C,CAAC,CAAC;IAC/E,CAAC;IAED,MAAM,kBAAkB,GAAI,cAAc,CAAC,UAAqB,IAAI,IAAI,CAAC;IACzE,MAAM,UAAU,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,kBAAkB,GAAG,IAAI,CAAC,CAAC;IAEpE,OAAO;QACL,YAAY;QACZ,UAAU,EAAG,cAAc,CAAC,UAAqB,IAAI,QAAQ;QAC7D,UAAU;QACV,aAAa,EAAG,cAAc,CAAC,aAAwB,IAAI,IAAI;KAChE,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,kBAAkB;IAChC,YAAY,GAAG,IAAI,CAAC;AACtB,CAAC;AAED,8EAA8E;AAC9E,kEAAkE;AAClE,8EAA8E;AAE9E;;;;;;;;;;;;;;GAcG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,WAA2B,EAC3B,SAAyB,EACzB,YAA4B,EAC5B,WAAsC;IAEtC,mCAAmC;IACnC,IAAI,WAAW,IAAI,IAAI,EAAE,CAAC;QACxB,WAAW,GAAG,gBAAgB,EAAE,CAAC;IACnC,CAAC;IAED,IAAI,WAAW,IAAI,IAAI,EAAE,CAAC;QACxB,WAAW,GAAG,WAAW,CAAC,SAAS,CAAC;IACtC,CAAC;IAED,IAAI,SAAS,IAAI,IAAI,EAAE,CAAC;QACtB,SAAS,GAAG,WAAW,CAAC,iBAAiB,IAAI,IAAI,CAAC;QAClD,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,mBAAmB,CAC3B,iEAAiE;gBACjE,oDAAoD,CACrD,CAAC;QACJ,CAAC;IACH,CAAC;IAED,IAAI,YAAY,IAAI,IAAI,EAAE,CAAC;QACzB,YAAY,GAAG,WAAW,CAAC,YAAY,CAAC;IAC1C,CAAC;IAED,oDAAoD;IACpD,MAAM,UAAU,GAAG,IAAI,cAAc,CAAC,YAAY,EAAE,kCAAkC,CAAC,CAAC;IAExF,IAAI,cAAuC,CAAC;IAC5C,IAAI,CAAC;QACH,cAAc,GAAG,MAAM,UAAU,CAAC,eAAe,CAAC,CAAC,MAAM,EAAE,wBAAwB,EAAE;YACnF,WAAW;SACZ,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,YAAY,EAAE,CAAC;YAAC,MAAM,KAAK,CAAC;QAAC,CAAC;QACnD,MAAM,IAAI,mBAAmB,CAC3B,6BAA6B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACtF,CAAC;IACJ,CAAC;IAED,MAAM,YAAY,GAAG,cAAc,CAAC,YAAsB,CAAC;IAC3D,MAAM,SAAS,GAAG,cAAc,CAAC,SAAmB,CAAC;IAErD,IAAI,CAAC,YAAY,IAAI,CAAC,SAAS,EAAE,CAAC;QAChC,MAAM,IAAI,mBAAmB,CAAC,+CAA+C,CAAC,CAAC;IACjF,CAAC;IAED,+DAA+D;IAC/D,MAAM,EAAE,uBAAuB,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;IAChE,MAAM,WAAW,GAAG,MAAM,uBAAuB,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;IACxE,MAAM,aAAa,GAAG,WAAW,CAAC,aAAa,IAAI,EAAE,CAAC;IAEtD,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,IAAI,mBAAmB,CAAC,sCAAsC,CAAC,CAAC;IACxE,CAAC;IAED,4DAA4D;IAC5D,IAAI,WAAoC,CAAC;IACzC,IAAI,CAAC;QACH,WAAW,GAAG,MAAM,UAAU,CAAC,eAAe,CAAC,CAAC,MAAM,EAAE,qBAAqB,EAAE;YAC7E,YAAY;YACZ,aAAa;SACd,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,YAAY,EAAE,CAAC;YAAC,MAAM,KAAK,CAAC;QAAC,CAAC;QACnD,MAAM,IAAI,mBAAmB,CAC3B,8BAA8B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACvF,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC;QAC/B,MAAM,IAAI,mBAAmB,CAAC,uCAAuC,CAAC,CAAC;IACzE,CAAC;IAED,8BAA8B;IAC9B,MAAM,MAAM,GAAG,WAAW,CAAC,MAA6C,CAAC;IACzE,IAAI,MAAM,EAAE,YAAY,EAAE,CAAC;QACzB,MAAM,kBAAkB,GAAI,MAAM,CAAC,UAAqB,IAAI,IAAI,CAAC;QACjE,MAAM,KAAK,GAAU;YACnB,YAAY,EAAE,MAAM,CAAC,YAAsB;YAC3C,UAAU,EAAG,MAAM,CAAC,UAAqB,IAAI,QAAQ;YACrD,UAAU,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,kBAAkB,GAAG,IAAI,CAAC;YAC5D,aAAa,EAAG,MAAM,CAAC,aAAwB,IAAI,IAAI;SACxD,CAAC;QACF,YAAY,GAAG,KAAK,CAAC;QACrB,OAAO,KAAK,CAAC;IACf,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,mBAAmB,CAC3B,oDAAoD;YACpD,iDAAiD,CAClD,CAAC;IACJ,CAAC;AACH,CAAC;AAGD;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,WAA2B,EAC3B,YAA4B,EAC5B,WAAsC;IAEtC,IAAI,WAAW,IAAI,IAAI,EAAE,CAAC;QACxB,WAAW,GAAG,gBAAgB,EAAE,CAAC;IACnC,CAAC;IAED,IAAI,WAAW,IAAI,IAAI,EAAE,CAAC;QACxB,WAAW,GAAG,WAAW,CAAC,SAAS,CAAC;IACtC,CAAC;IAED,IAAI,YAAY,IAAI,IAAI,EAAE,CAAC;QACzB,YAAY,GAAG,WAAW,CAAC,YAAY,CAAC;IAC1C,CAAC;IAED,MAAM,UAAU,GAAG,IAAI,cAAc,CAAC,YAAY,EAAE,kCAAkC,CAAC,CAAC;IAExF,IAAI,cAAuC,CAAC;IAC5C,IAAI,CAAC;QACH,cAAc,GAAG,MAAM,UAAU,CAAC,eAAe,CAAC,CAAC,MAAM,EAAE,wBAAwB,EAAE;YACnF,WAAW;SACZ,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,YAAY,EAAE,CAAC;YAAC,MAAM,KAAK,CAAC;QAAC,CAAC;QACnD,MAAM,IAAI,mBAAmB,CAC3B,6BAA6B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACtF,CAAC;IACJ,CAAC;IAED,MAAM,YAAY,GAAG,cAAc,CAAC,YAAsB,CAAC;IAC3D,MAAM,SAAS,GAAG,cAAc,CAAC,SAAmB,CAAC;IAErD,IAAI,CAAC,YAAY,IAAI,CAAC,SAAS,EAAE,CAAC;QAChC,MAAM,IAAI,mBAAmB,CAAC,+CAA+C,CAAC,CAAC;IACjF,CAAC;IAED,MAAM,EAAE,uBAAuB,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;IAChE,MAAM,WAAW,GAAG,MAAM,uBAAuB,CAAC,SAAS,CAAC,CAAC;IAC7D,MAAM,aAAa,GAAG,WAAW,CAAC,aAAa,IAAI,EAAE,CAAC;IAEtD,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,IAAI,mBAAmB,CAAC,sCAAsC,CAAC,CAAC;IACxE,CAAC;IAED,IAAI,WAAoC,CAAC;IACzC,IAAI,CAAC;QACH,WAAW,GAAG,MAAM,UAAU,CAAC,eAAe,CAAC,CAAC,MAAM,EAAE,qBAAqB,EAAE;YAC7E,YAAY;YACZ,aAAa;SACd,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,YAAY,EAAE,CAAC;YAAC,MAAM,KAAK,CAAC;QAAC,CAAC;QACnD,MAAM,IAAI,mBAAmB,CAC3B,8BAA8B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACvF,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC;QAC/B,MAAM,IAAI,mBAAmB,CAAC,2CAA2C,CAAC,CAAC;IAC7E,CAAC;IAED,MAAM,MAAM,GAAG,WAAW,CAAC,MAA6C,CAAC;IACzE,IAAI,MAAM,EAAE,YAAY,EAAE,CAAC;QACzB,MAAM,kBAAkB,GAAI,MAAM,CAAC,UAAqB,IAAI,IAAI,CAAC;QACjE,MAAM,KAAK,GAAU;YACnB,YAAY,EAAE,MAAM,CAAC,YAAsB;YAC3C,UAAU,EAAG,MAAM,CAAC,UAAqB,IAAI,QAAQ;YACrD,UAAU,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,kBAAkB,GAAG,IAAI,CAAC;YAC5D,aAAa,EAAG,MAAM,CAAC,aAAwB,IAAI,IAAI;SACxD,CAAC;QACF,YAAY,GAAG,KAAK,CAAC;QACrB,OAAO,KAAK,CAAC;IACf,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,mBAAmB,CAC3B,oDAAoD;YACpD,iDAAiD,CAClD,CAAC;IACJ,CAAC;AACH,CAAC"}

package/dist/cli.js

@@ -16,7 +16,7 @@
 import { credentials_exist, load_credentials, get_credentials_file_path, delete_credentials } from "./credentials.js";
 import { enroll } from "./enroll.js";
 import { get_token } from "./auth.js";
-const VERSION = "0.2.0";
+const VERSION = "0.5.0";
 function print_help() {
     console.log(`oneid ${VERSION} -- 1id.com identity for AI agents
 

package/dist/client.d.ts

@@ -32,11 +32,11 @@ export declare class OneIDAPIClient {
      */
     enroll_declared(software_key_pem: string, key_algorithm: string, operator_email?: string | null, requested_handle?: string | null): Promise<Record<string, unknown>>;
     /**
-     * Begin TPM/HSM-based enrollment (sovereign/sovereign-portable tiers).
+     * Begin TPM/HSM-based enrollment (sovereign/virtual tiers).
      */
     enroll_begin(ek_certificate_pem: string, ak_public_key_pem: string, ak_tpmt_public_b64?: string, ek_public_key_pem?: string, ek_certificate_chain_pem?: string[], hsm_type?: string, operator_email?: string | null, requested_handle?: string | null): Promise<Record<string, unknown>>;
     /**
-     * Begin PIV-based enrollment (sovereign-portable tier).
+     * Begin PIV-based enrollment (portable tier).
      *
      * Sends the PIV attestation certificate, chain, and signing public key
      * to the PIV-specific server endpoint. The server validates the chain
@@ -62,5 +62,10 @@ export declare class OneIDAPIClient {
      * Check whether a vanity handle is available.
      */
     check_handle_availability(handle_name: string): Promise<Record<string, unknown>>;
+    /**
+     * Make an authenticated API request with a Bearer token.
+     * Used by world/status, devices, lock-hardware, and operator-email endpoints.
+     */
+    make_authenticated_request(method: string, api_path: string, access_token: string, json_body?: Record<string, unknown> | null): Promise<Record<string, unknown>>;
 }
 //# sourceMappingURL=client.d.ts.map

package/dist/client.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AA6FH;;;;;GAKG;AACH,qBAAa,cAAc;IACzB,SAAgB,YAAY,EAAE,MAAM,CAAC;IACrC,SAAgB,oBAAoB,EAAE,MAAM,CAAC;gBAG3C,YAAY,GAAE,MAA6B,EAC3C,oBAAoB,GAAE,MAA0C;IAMlE;;OAEG;YACW,aAAa;IAyB3B;;OAEG;IACG,eAAe,CACnB,gBAAgB,EAAE,MAAM,EACxB,aAAa,EAAE,MAAM,EACrB,cAAc,CAAC,EAAE,MAAM,GAAG,IAAI,EAC9B,gBAAgB,CAAC,EAAE,MAAM,GAAG,IAAI,GAC/B,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAWnC;;OAEG;IACG,YAAY,CAChB,kBAAkB,EAAE,MAAM,EAC1B,iBAAiB,EAAE,MAAM,EACzB,kBAAkB,GAAE,MAAW,EAC/B,iBAAiB,GAAE,MAAW,EAC9B,wBAAwB,CAAC,EAAE,MAAM,EAAE,EACnC,QAAQ,GAAE,MAAc,EACxB,cAAc,CAAC,EAAE,MAAM,GAAG,IAAI,EAC9B,gBAAgB,CAAC,EAAE,MAAM,GAAG,IAAI,GAC/B,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAenC;;;;;;;OAOG;IACG,gBAAgB,CACpB,oBAAoB,EAAE,MAAM,EAC5B,qBAAqB,EAAE,MAAM,EAAE,EAC/B,sBAAsB,EAAE,MAAM,EAC9B,QAAQ,GAAE,MAAkB,EAC5B,cAAc,CAAC,EAAE,MAAM,GAAG,IAAI,EAC9B,gBAAgB,CAAC,EAAE,MAAM,GAAG,IAAI,GAC/B,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAanC;;OAEG;IACG,eAAe,CACnB,qBAAqB,EAAE,MAAM,EAC7B,oBAAoB,EAAE,MAAM,GAC3B,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAOnC;;OAEG;IACG,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAItE;;;;OAIG;IACG,iCAAiC,CACrC,SAAS,EAAE,MAAM,EACjB,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAuEnC;;OAEG;IACG,yBAAyB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAGvF"}
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AA6FH;;;;;GAKG;AACH,qBAAa,cAAc;IACzB,SAAgB,YAAY,EAAE,MAAM,CAAC;IACrC,SAAgB,oBAAoB,EAAE,MAAM,CAAC;gBAG3C,YAAY,GAAE,MAA6B,EAC3C,oBAAoB,GAAE,MAA0C;IAMlE;;OAEG;YACW,aAAa;IAyB3B;;OAEG;IACG,eAAe,CACnB,gBAAgB,EAAE,MAAM,EACxB,aAAa,EAAE,MAAM,EACrB,cAAc,CAAC,EAAE,MAAM,GAAG,IAAI,EAC9B,gBAAgB,CAAC,EAAE,MAAM,GAAG,IAAI,GAC/B,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAWnC;;OAEG;IACG,YAAY,CAChB,kBAAkB,EAAE,MAAM,EAC1B,iBAAiB,EAAE,MAAM,EACzB,kBAAkB,GAAE,MAAW,EAC/B,iBAAiB,GAAE,MAAW,EAC9B,wBAAwB,CAAC,EAAE,MAAM,EAAE,EACnC,QAAQ,GAAE,MAAc,EACxB,cAAc,CAAC,EAAE,MAAM,GAAG,IAAI,EAC9B,gBAAgB,CAAC,EAAE,MAAM,GAAG,IAAI,GAC/B,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAenC;;;;;;;OAOG;IACG,gBAAgB,CACpB,oBAAoB,EAAE,MAAM,EAC5B,qBAAqB,EAAE,MAAM,EAAE,EAC/B,sBAAsB,EAAE,MAAM,EAC9B,QAAQ,GAAE,MAAkB,EAC5B,cAAc,CAAC,EAAE,MAAM,GAAG,IAAI,EAC9B,gBAAgB,CAAC,EAAE,MAAM,GAAG,IAAI,GAC/B,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAanC;;OAEG;IACG,eAAe,CACnB,qBAAqB,EAAE,MAAM,EAC7B,oBAAoB,EAAE,MAAM,GAC3B,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAOnC;;OAEG;IACG,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAItE;;;;OAIG;IACG,iCAAiC,CACrC,SAAS,EAAE,MAAM,EACjB,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAuEnC;;OAEG;IACG,yBAAyB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAItF;;;OAGG;IACG,0BAA0B,CAC9B,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,EACpB,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,GACzC,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAKpC"}

package/dist/client.js

@@ -19,7 +19,7 @@ import { DEFAULT_API_BASE_URL } from "./credentials.js";
 import { EnrollmentError, NetworkError, raise_from_server_error_response, } from "./exceptions.js";
 // -- HTTP client configuration --
 const DEFAULT_HTTP_TIMEOUT_MILLISECONDS = 30_000;
-const USER_AGENT = "oneid-sdk-node/0.3.0";
+const USER_AGENT = "oneid-sdk-node/0.5.0";
 /**
  * Make a raw HTTP(S) request and return the parsed JSON body.
  * Uses only Node.js built-in modules.
@@ -119,7 +119,7 @@ export class OneIDAPIClient {
         return this._make_request("POST", "/api/v1/enroll/declared", request_body);
     }
     /**
-     * Begin TPM/HSM-based enrollment (sovereign/sovereign-portable tiers).
+     * Begin TPM/HSM-based enrollment (sovereign/virtual tiers).
      */
     async enroll_begin(ek_certificate_pem, ak_public_key_pem, ak_tpmt_public_b64 = "", ek_public_key_pem = "", ek_certificate_chain_pem, hsm_type = "tpm", operator_email, requested_handle) {
         const request_body = {
@@ -141,7 +141,7 @@ export class OneIDAPIClient {
         return this._make_request("POST", "/api/v1/enroll/begin", request_body);
     }
     /**
-     * Begin PIV-based enrollment (sovereign-portable tier).
+     * Begin PIV-based enrollment (portable tier).
      *
      * Sends the PIV attestation certificate, chain, and signing public key
      * to the PIV-specific server endpoint. The server validates the chain
@@ -243,5 +243,14 @@ export class OneIDAPIClient {
     async check_handle_availability(handle_name) {
         return this._make_request("GET", `/api/v1/handle/${handle_name}`);
     }
+    /**
+     * Make an authenticated API request with a Bearer token.
+     * Used by world/status, devices, lock-hardware, and operator-email endpoints.
+     */
+    async make_authenticated_request(method, api_path, access_token, json_body) {
+        return this._make_request(method, api_path, json_body, {
+            "Authorization": `Bearer ${access_token}`,
+        });
+    }
 }
 //# sourceMappingURL=client.js.map

package/dist/client.js.map

@@ -1 +1 @@
-{"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,KAAK,KAAK,MAAM,YAAY,CAAC;AACpC,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AACxD,OAAO,EACL,eAAe,EACf,YAAY,EACZ,gCAAgC,GACjC,MAAM,iBAAiB,CAAC;AAEzB,kCAAkC;AAClC,MAAM,iCAAiC,GAAG,MAAM,CAAC;AACjD,MAAM,UAAU,GAAG,sBAAsB,CAAC;AAS1C;;;GAGG;AACH,SAAS,iBAAiB,CACxB,QAAgB,EAChB,OAAuB,EACvB,oBAA4B;IAE5B,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QAC5C,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ,KAAK,QAAQ,CAAC;QAC3C,MAAM,SAAS,GAAG,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;QAE1C,MAAM,eAAe,GAA2B;YAC9C,YAAY,EAAE,UAAU;YACxB,QAAQ,EAAE,kBAAkB;YAC5B,GAAG,OAAO,CAAC,OAAO;SACnB,CAAC;QAEF,IAAI,mBAAuC,CAAC;QAC5C,IAAI,OAAO,CAAC,SAAS,IAAI,IAAI,EAAE,CAAC;YAC9B,mBAAmB,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YACxD,eAAe,CAAC,cAAc,CAAC,GAAG,kBAAkB,CAAC;YACrD,eAAe,CAAC,gBAAgB,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,mBAAmB,CAAC,CAAC,QAAQ,EAAE,CAAC;QACxF,CAAC;QAED,MAAM,GAAG,GAAG,SAAS,CAAC,OAAO,CAC3B;YACE,QAAQ,EAAE,GAAG,CAAC,QAAQ;YACtB,IAAI,EAAE,GAAG,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YACvC,IAAI,EAAE,GAAG,CAAC,QAAQ,GAAG,GAAG,CAAC,MAAM;YAC/B,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,OAAO,EAAE,eAAe;YACxB,OAAO,EAAE,oBAAoB;SAC9B,EACD,CAAC,GAAG,EAAE,EAAE;YACN,MAAM,MAAM,GAAa,EAAE,CAAC;YAC5B,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC3D,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;gBACjB,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;gBACzD,IAAI,CAAC;oBACH,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;oBACzC,OAAO,CAAC,EAAE,WAAW,EAAE,GAAG,CAAC,UAAU,IAAI,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,CAAC;gBACnE,CAAC;gBAAC,MAAM,CAAC;oBACP,MAAM,CAAC,IAAI,YAAY,CACrB,8BAA8B,GAAG,CAAC,IAAI,UAAU,GAAG,CAAC,UAAU,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAC7F,CAAC,CAAC;gBACL,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC,CACF,CAAC;QAEF,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,KAAY,EAAE,EAAE;YAC/B,MAAM,CAAC,IAAI,YAAY,CAAC,wBAAwB,QAAQ,KAAK,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;QACjF,CAAC,CAAC,CAAC;QAEH,GAAG,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE;YACrB,GAAG,CAAC,OAAO,EAAE,CAAC;YACd,MAAM,CAAC,IAAI,YAAY,CACrB,cAAc,GAAG,CAAC,IAAI,oBAAoB,oBAAoB,IAAI,CACnE,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,IAAI,mBAAmB,IAAI,IAAI,EAAE,CAAC;YAChC,GAAG,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC;QACjC,CAAC;QACD,GAAG,CAAC,GAAG,EAAE,CAAC;IACZ,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;;GAKG;AACH,MAAM,OAAO,cAAc;IACT,YAAY,CAAS;IACrB,oBAAoB,CAAS;IAE7C,YACE,eAAuB,oBAAoB,EAC3C,uBAA+B,iCAAiC;QAEhE,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QACrD,IAAI,CAAC,oBAAoB,GAAG,oBAAoB,CAAC;IACnD,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,aAAa,CACzB,MAAc,EACd,QAAgB,EAChB,SAA0C,EAC1C,OAAgC;QAEhC,MAAM,QAAQ,GAAG,MAAM,iBAAiB,CACtC,IAAI,CAAC,YAAY,EACjB,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,EAC9C,IAAI,CAAC,oBAAoB,CAC1B,CAAC;QAEF,MAAM,aAAa,GAAG,QAAQ,CAAC,IAA+B,CAAC;QAE/D,4CAA4C;QAC5C,IAAI,CAAC,aAAa,EAAE,EAAE,EAAE,CAAC;YACvB,MAAM,UAAU,GAAG,CAAC,aAAa,EAAE,KAAK,IAAI,EAAE,CAA2B,CAAC;YAC1E,MAAM,UAAU,GAAG,UAAU,CAAC,IAAI,IAAI,eAAe,CAAC;YACtD,MAAM,aAAa,GAAG,UAAU,CAAC,OAAO,IAAI,wBAAwB,QAAQ,CAAC,WAAW,EAAE,CAAC;YAC3F,gCAAgC,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;QAC9D,CAAC;QAED,OAAO,CAAC,aAAa,CAAC,IAAI,IAAI,EAAE,CAA4B,CAAC;IAC/D,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CACnB,gBAAwB,EACxB,aAAqB,EACrB,cAA8B,EAC9B,gBAAgC;QAEhC,MAAM,YAAY,GAA4B;YAC5C,gBAAgB;YAChB,aAAa;SACd,CAAC;QACF,IAAI,cAAc,IAAI,IAAI,EAAE,CAAC;YAAC,YAAY,CAAC,gBAAgB,CAAC,GAAG,cAAc,CAAC;QAAC,CAAC;QAChF,IAAI,gBAAgB,IAAI,IAAI,EAAE,CAAC;YAAC,YAAY,CAAC,kBAAkB,CAAC,GAAG,gBAAgB,CAAC;QAAC,CAAC;QAEtF,OAAO,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,yBAAyB,EAAE,YAAY,CAAC,CAAC;IAC7E,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CAChB,kBAA0B,EAC1B,iBAAyB,EACzB,qBAA6B,EAAE,EAC/B,oBAA4B,EAAE,EAC9B,wBAAmC,EACnC,WAAmB,KAAK,EACxB,cAA8B,EAC9B,gBAAgC;QAEhC,MAAM,YAAY,GAA4B;YAC5C,kBAAkB;YAClB,iBAAiB;YACjB,iBAAiB;YACjB,kBAAkB;YAClB,QAAQ;SACT,CAAC;QACF,IAAI,wBAAwB,EAAE,CAAC;YAAC,YAAY,CAAC,0BAA0B,CAAC,GAAG,wBAAwB,CAAC;QAAC,CAAC;QACtG,IAAI,cAAc,IAAI,IAAI,EAAE,CAAC;YAAC,YAAY,CAAC,gBAAgB,CAAC,GAAG,cAAc,CAAC;QAAC,CAAC;QAChF,IAAI,gBAAgB,IAAI,IAAI,EAAE,CAAC;YAAC,YAAY,CAAC,kBAAkB,CAAC,GAAG,gBAAgB,CAAC;QAAC,CAAC;QAEtF,OAAO,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,sBAAsB,EAAE,YAAY,CAAC,CAAC;IAC1E,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,gBAAgB,CACpB,oBAA4B,EAC5B,qBAA+B,EAC/B,sBAA8B,EAC9B,WAAmB,SAAS,EAC5B,cAA8B,EAC9B,gBAAgC;QAEhC,MAAM,YAAY,GAA4B;YAC5C,oBAAoB;YACpB,qBAAqB;YACrB,sBAAsB;YACtB,QAAQ;SACT,CAAC;QACF,IAAI,cAAc,IAAI,IAAI,EAAE,CAAC;YAAC,YAAY,CAAC,gBAAgB,CAAC,GAAG,cAAc,CAAC;QAAC,CAAC;QAChF,IAAI,gBAAgB,IAAI,IAAI,EAAE,CAAC;YAAC,YAAY,CAAC,kBAAkB,CAAC,GAAG,gBAAgB,CAAC;QAAC,CAAC;QAEtF,OAAO,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,0BAA0B,EAAE,YAAY,CAAC,CAAC;IAC9E,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CACnB,qBAA6B,EAC7B,oBAA4B;QAE5B,OAAO,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,yBAAyB,EAAE;YAC3D,qBAAqB;YACrB,oBAAoB;SACrB,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CAAC,QAAgB;QACjC,OAAO,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,oBAAoB,QAAQ,EAAE,CAAC,CAAC;IACnE,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,iCAAiC,CACrC,SAAiB,EACjB,aAAqB;QAErB,MAAM,UAAU,GAAG,8CAA8C,CAAC;QAClE,MAAM,SAAS,GAAG,IAAI,eAAe,CAAC;YACpC,UAAU,EAAE,oBAAoB;YAChC,SAAS;YACT,aAAa;SACd,CAAC,CAAC,QAAQ,EAAE,CAAC;QAEd,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,UAAU,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;YACnD,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ,KAAK,QAAQ,CAAC;YAC3C,MAAM,SAAS,GAAG,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;YAE1C,MAAM,GAAG,GAAG,SAAS,CAAC,OAAO,CAC3B;gBACE,QAAQ,EAAE,GAAG,CAAC,QAAQ;gBACtB,IAAI,EAAE,GAAG,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBACvC,IAAI,EAAE,GAAG,CAAC,QAAQ;gBAClB,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,mCAAmC;oBACnD,gBAAgB,EAAE,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,QAAQ,EAAE;oBACzD,YAAY,EAAE,UAAU;iBACzB;gBACD,OAAO,EAAE,IAAI,CAAC,oBAAoB;aACnC,EACD,CAAC,GAAG,EAAE,EAAE;gBACN,MAAM,MAAM,GAAa,EAAE,CAAC;gBAC5B,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC3D,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;oBACjB,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;oBACzD,IAAI,CAAC;wBACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAA4B,CAAC;wBAC/D,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;4BAC3B,MAAM,iBAAiB,GACpB,MAAM,CAAC,iBAA4B;gCACnC,MAAM,CAAC,KAAgB;gCACxB,QAAQ,GAAG,CAAC,UAAU,EAAE,CAAC;4BAC3B,MAAM,CAAC,IAAI,eAAe,CACxB,8BAA8B,GAAG,CAAC,UAAU,MAAM,iBAAiB,EAAE,CACtE,CAAC,CAAC;4BACH,OAAO;wBACT,CAAC;wBACD,OAAO,CAAC,MAAM,CAAC,CAAC;oBAClB,CAAC;oBAAC,MAAM,CAAC;wBACP,MAAM,CAAC,IAAI,YAAY,CACrB,0CAA0C,GAAG,CAAC,UAAU,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CACvF,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC,CAAC,CAAC;YACL,CAAC,CACF,CAAC;YAEF,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,KAAY,EAAE,EAAE;gBAC/B,MAAM,CAAC,IAAI,YAAY,CACrB,uCAAuC,GAAG,CAAC,IAAI,KAAK,KAAK,CAAC,OAAO,EAAE,CACpE,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;YAEH,GAAG,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE;gBACrB,GAAG,CAAC,OAAO,EAAE,CAAC;gBACd,MAAM,CAAC,IAAI,YAAY,CACrB,oBAAoB,GAAG,CAAC,IAAI,oBAAoB,IAAI,CAAC,oBAAoB,IAAI,CAC9E,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;YAEH,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;YACrB,GAAG,CAAC,GAAG,EAAE,CAAC;QACZ,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,yBAAyB,CAAC,WAAmB;QACjD,OAAO,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,kBAAkB,WAAW,EAAE,CAAC,CAAC;IACpE,CAAC;CACF"}
+{"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,KAAK,KAAK,MAAM,YAAY,CAAC;AACpC,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AACxD,OAAO,EACL,eAAe,EACf,YAAY,EACZ,gCAAgC,GACjC,MAAM,iBAAiB,CAAC;AAEzB,kCAAkC;AAClC,MAAM,iCAAiC,GAAG,MAAM,CAAC;AACjD,MAAM,UAAU,GAAG,sBAAsB,CAAC;AAS1C;;;GAGG;AACH,SAAS,iBAAiB,CACxB,QAAgB,EAChB,OAAuB,EACvB,oBAA4B;IAE5B,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QAC5C,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ,KAAK,QAAQ,CAAC;QAC3C,MAAM,SAAS,GAAG,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;QAE1C,MAAM,eAAe,GAA2B;YAC9C,YAAY,EAAE,UAAU;YACxB,QAAQ,EAAE,kBAAkB;YAC5B,GAAG,OAAO,CAAC,OAAO;SACnB,CAAC;QAEF,IAAI,mBAAuC,CAAC;QAC5C,IAAI,OAAO,CAAC,SAAS,IAAI,IAAI,EAAE,CAAC;YAC9B,mBAAmB,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YACxD,eAAe,CAAC,cAAc,CAAC,GAAG,kBAAkB,CAAC;YACrD,eAAe,CAAC,gBAAgB,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,mBAAmB,CAAC,CAAC,QAAQ,EAAE,CAAC;QACxF,CAAC;QAED,MAAM,GAAG,GAAG,SAAS,CAAC,OAAO,CAC3B;YACE,QAAQ,EAAE,GAAG,CAAC,QAAQ;YACtB,IAAI,EAAE,GAAG,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YACvC,IAAI,EAAE,GAAG,CAAC,QAAQ,GAAG,GAAG,CAAC,MAAM;YAC/B,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,OAAO,EAAE,eAAe;YACxB,OAAO,EAAE,oBAAoB;SAC9B,EACD,CAAC,GAAG,EAAE,EAAE;YACN,MAAM,MAAM,GAAa,EAAE,CAAC;YAC5B,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC3D,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;gBACjB,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;gBACzD,IAAI,CAAC;oBACH,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;oBACzC,OAAO,CAAC,EAAE,WAAW,EAAE,GAAG,CAAC,UAAU,IAAI,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,CAAC;gBACnE,CAAC;gBAAC,MAAM,CAAC;oBACP,MAAM,CAAC,IAAI,YAAY,CACrB,8BAA8B,GAAG,CAAC,IAAI,UAAU,GAAG,CAAC,UAAU,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAC7F,CAAC,CAAC;gBACL,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC,CACF,CAAC;QAEF,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,KAAY,EAAE,EAAE;YAC/B,MAAM,CAAC,IAAI,YAAY,CAAC,wBAAwB,QAAQ,KAAK,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;QACjF,CAAC,CAAC,CAAC;QAEH,GAAG,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE;YACrB,GAAG,CAAC,OAAO,EAAE,CAAC;YACd,MAAM,CAAC,IAAI,YAAY,CACrB,cAAc,GAAG,CAAC,IAAI,oBAAoB,oBAAoB,IAAI,CACnE,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,IAAI,mBAAmB,IAAI,IAAI,EAAE,CAAC;YAChC,GAAG,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC;QACjC,CAAC;QACD,GAAG,CAAC,GAAG,EAAE,CAAC;IACZ,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;;GAKG;AACH,MAAM,OAAO,cAAc;IACT,YAAY,CAAS;IACrB,oBAAoB,CAAS;IAE7C,YACE,eAAuB,oBAAoB,EAC3C,uBAA+B,iCAAiC;QAEhE,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QACrD,IAAI,CAAC,oBAAoB,GAAG,oBAAoB,CAAC;IACnD,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,aAAa,CACzB,MAAc,EACd,QAAgB,EAChB,SAA0C,EAC1C,OAAgC;QAEhC,MAAM,QAAQ,GAAG,MAAM,iBAAiB,CACtC,IAAI,CAAC,YAAY,EACjB,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,EAC9C,IAAI,CAAC,oBAAoB,CAC1B,CAAC;QAEF,MAAM,aAAa,GAAG,QAAQ,CAAC,IAA+B,CAAC;QAE/D,4CAA4C;QAC5C,IAAI,CAAC,aAAa,EAAE,EAAE,EAAE,CAAC;YACvB,MAAM,UAAU,GAAG,CAAC,aAAa,EAAE,KAAK,IAAI,EAAE,CAA2B,CAAC;YAC1E,MAAM,UAAU,GAAG,UAAU,CAAC,IAAI,IAAI,eAAe,CAAC;YACtD,MAAM,aAAa,GAAG,UAAU,CAAC,OAAO,IAAI,wBAAwB,QAAQ,CAAC,WAAW,EAAE,CAAC;YAC3F,gCAAgC,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;QAC9D,CAAC;QAED,OAAO,CAAC,aAAa,CAAC,IAAI,IAAI,EAAE,CAA4B,CAAC;IAC/D,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CACnB,gBAAwB,EACxB,aAAqB,EACrB,cAA8B,EAC9B,gBAAgC;QAEhC,MAAM,YAAY,GAA4B;YAC5C,gBAAgB;YAChB,aAAa;SACd,CAAC;QACF,IAAI,cAAc,IAAI,IAAI,EAAE,CAAC;YAAC,YAAY,CAAC,gBAAgB,CAAC,GAAG,cAAc,CAAC;QAAC,CAAC;QAChF,IAAI,gBAAgB,IAAI,IAAI,EAAE,CAAC;YAAC,YAAY,CAAC,kBAAkB,CAAC,GAAG,gBAAgB,CAAC;QAAC,CAAC;QAEtF,OAAO,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,yBAAyB,EAAE,YAAY,CAAC,CAAC;IAC7E,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CAChB,kBAA0B,EAC1B,iBAAyB,EACzB,qBAA6B,EAAE,EAC/B,oBAA4B,EAAE,EAC9B,wBAAmC,EACnC,WAAmB,KAAK,EACxB,cAA8B,EAC9B,gBAAgC;QAEhC,MAAM,YAAY,GAA4B;YAC5C,kBAAkB;YAClB,iBAAiB;YACjB,iBAAiB;YACjB,kBAAkB;YAClB,QAAQ;SACT,CAAC;QACF,IAAI,wBAAwB,EAAE,CAAC;YAAC,YAAY,CAAC,0BAA0B,CAAC,GAAG,wBAAwB,CAAC;QAAC,CAAC;QACtG,IAAI,cAAc,IAAI,IAAI,EAAE,CAAC;YAAC,YAAY,CAAC,gBAAgB,CAAC,GAAG,cAAc,CAAC;QAAC,CAAC;QAChF,IAAI,gBAAgB,IAAI,IAAI,EAAE,CAAC;YAAC,YAAY,CAAC,kBAAkB,CAAC,GAAG,gBAAgB,CAAC;QAAC,CAAC;QAEtF,OAAO,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,sBAAsB,EAAE,YAAY,CAAC,CAAC;IAC1E,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,gBAAgB,CACpB,oBAA4B,EAC5B,qBAA+B,EAC/B,sBAA8B,EAC9B,WAAmB,SAAS,EAC5B,cAA8B,EAC9B,gBAAgC;QAEhC,MAAM,YAAY,GAA4B;YAC5C,oBAAoB;YACpB,qBAAqB;YACrB,sBAAsB;YACtB,QAAQ;SACT,CAAC;QACF,IAAI,cAAc,IAAI,IAAI,EAAE,CAAC;YAAC,YAAY,CAAC,gBAAgB,CAAC,GAAG,cAAc,CAAC;QAAC,CAAC;QAChF,IAAI,gBAAgB,IAAI,IAAI,EAAE,CAAC;YAAC,YAAY,CAAC,kBAAkB,CAAC,GAAG,gBAAgB,CAAC;QAAC,CAAC;QAEtF,OAAO,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,0BAA0B,EAAE,YAAY,CAAC,CAAC;IAC9E,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CACnB,qBAA6B,EAC7B,oBAA4B;QAE5B,OAAO,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,yBAAyB,EAAE;YAC3D,qBAAqB;YACrB,oBAAoB;SACrB,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CAAC,QAAgB;QACjC,OAAO,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,oBAAoB,QAAQ,EAAE,CAAC,CAAC;IACnE,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,iCAAiC,CACrC,SAAiB,EACjB,aAAqB;QAErB,MAAM,UAAU,GAAG,8CAA8C,CAAC;QAClE,MAAM,SAAS,GAAG,IAAI,eAAe,CAAC;YACpC,UAAU,EAAE,oBAAoB;YAChC,SAAS;YACT,aAAa;SACd,CAAC,CAAC,QAAQ,EAAE,CAAC;QAEd,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,UAAU,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;YACnD,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ,KAAK,QAAQ,CAAC;YAC3C,MAAM,SAAS,GAAG,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;YAE1C,MAAM,GAAG,GAAG,SAAS,CAAC,OAAO,CAC3B;gBACE,QAAQ,EAAE,GAAG,CAAC,QAAQ;gBACtB,IAAI,EAAE,GAAG,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBACvC,IAAI,EAAE,GAAG,CAAC,QAAQ;gBAClB,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,mCAAmC;oBACnD,gBAAgB,EAAE,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,QAAQ,EAAE;oBACzD,YAAY,EAAE,UAAU;iBACzB;gBACD,OAAO,EAAE,IAAI,CAAC,oBAAoB;aACnC,EACD,CAAC,GAAG,EAAE,EAAE;gBACN,MAAM,MAAM,GAAa,EAAE,CAAC;gBAC5B,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC3D,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;oBACjB,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;oBACzD,IAAI,CAAC;wBACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAA4B,CAAC;wBAC/D,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;4BAC3B,MAAM,iBAAiB,GACpB,MAAM,CAAC,iBAA4B;gCACnC,MAAM,CAAC,KAAgB;gCACxB,QAAQ,GAAG,CAAC,UAAU,EAAE,CAAC;4BAC3B,MAAM,CAAC,IAAI,eAAe,CACxB,8BAA8B,GAAG,CAAC,UAAU,MAAM,iBAAiB,EAAE,CACtE,CAAC,CAAC;4BACH,OAAO;wBACT,CAAC;wBACD,OAAO,CAAC,MAAM,CAAC,CAAC;oBAClB,CAAC;oBAAC,MAAM,CAAC;wBACP,MAAM,CAAC,IAAI,YAAY,CACrB,0CAA0C,GAAG,CAAC,UAAU,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CACvF,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC,CAAC,CAAC;YACL,CAAC,CACF,CAAC;YAEF,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,KAAY,EAAE,EAAE;gBAC/B,MAAM,CAAC,IAAI,YAAY,CACrB,uCAAuC,GAAG,CAAC,IAAI,KAAK,KAAK,CAAC,OAAO,EAAE,CACpE,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;YAEH,GAAG,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE;gBACrB,GAAG,CAAC,OAAO,EAAE,CAAC;gBACd,MAAM,CAAC,IAAI,YAAY,CACrB,oBAAoB,GAAG,CAAC,IAAI,oBAAoB,IAAI,CAAC,oBAAoB,IAAI,CAC9E,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;YAEH,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;YACrB,GAAG,CAAC,GAAG,EAAE,CAAC;QACZ,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,yBAAyB,CAAC,WAAmB;QACjD,OAAO,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,kBAAkB,WAAW,EAAE,CAAC,CAAC;IACpE,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,0BAA0B,CAC9B,MAAc,EACd,QAAgB,EAChB,YAAoB,EACpB,SAA0C;QAE1C,OAAO,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE;YACrD,eAAe,EAAE,UAAU,YAAY,EAAE;SAC1C,CAAC,CAAC;IACL,CAAC;CACF"}

package/dist/credentials.d.ts

@@ -44,6 +44,14 @@ export interface StoredCredentials {
     enrolled_at?: string | null;
     /** Friendly name chosen by the agent (e.g., "Clawdia", "Sparky"). */
     display_name?: string | null;
+    /** Agent Identity URN (e.g., 'urn:aid:1id.com:1id-a7b3c9d2'), or null if not yet assigned. */
+    agent_identity_urn?: string | null;
+    /** ISO 8601 timestamp of when the user consented to privacy implications. */
+    privacy_consent_given_at?: string | null;
+    /** The user's chosen default attestation mode: 'sd-jwt' or 'direct'. */
+    default_attestation_mode?: string | null;
+    /** Full PEM-encoded certificate chain (leaf -> intermediate -> root) issued during enrollment. */
+    identity_certificate_chain_pem?: string | null;
 }
 /**
  * Return the platform-appropriate directory for storing credentials.

package/dist/credentials.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"credentials.d.ts","sourceRoot":"","sources":["../src/credentials.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAQH,eAAO,MAAM,oBAAoB,oBAAoB,CAAC;AACtD,eAAO,MAAM,sBAAsB,gEAAgE,CAAC;AAKpG;;;;;GAKG;AACH,MAAM,WAAW,iBAAiB;IAChC,4EAA4E;IAC5E,SAAS,EAAE,MAAM,CAAC;IAClB,+CAA+C;IAC/C,aAAa,EAAE,MAAM,CAAC;IACtB,+CAA+C;IAC/C,cAAc,EAAE,MAAM,CAAC;IACvB,+CAA+C;IAC/C,YAAY,EAAE,MAAM,CAAC;IACrB,6CAA6C;IAC7C,UAAU,EAAE,MAAM,CAAC;IACnB,kDAAkD;IAClD,aAAa,EAAE,MAAM,CAAC;IACtB,mEAAmE;IACnE,eAAe,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC,qFAAqF;IACrF,iBAAiB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAClC,wCAAwC;IACxC,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,qEAAqE;IACrE,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC9B;AAED;;;;;;GAMG;AACH,wBAAgB,yBAAyB,IAAI,MAAM,CAelD;AAED;;GAEG;AACH,wBAAgB,yBAAyB,IAAI,MAAM,CAElD;AAgBD;;;;;;;GAOG;AACH,wBAAgB,gBAAgB,CAAC,WAAW,EAAE,iBAAiB,GAAG,MAAM,CA+BvE;AAED;;;;;GAKG;AACH,wBAAgB,gBAAgB,IAAI,iBAAiB,CAmCpD;AAED;;GAEG;AACH,wBAAgB,iBAAiB,IAAI,OAAO,CAE3C;AAED;;;;GAIG;AACH,wBAAgB,kBAAkB,IAAI,OAAO,CAO5C"}
+{"version":3,"file":"credentials.d.ts","sourceRoot":"","sources":["../src/credentials.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAQH,eAAO,MAAM,oBAAoB,oBAAoB,CAAC;AACtD,eAAO,MAAM,sBAAsB,gEAAgE,CAAC;AAKpG;;;;;GAKG;AACH,MAAM,WAAW,iBAAiB;IAChC,4EAA4E;IAC5E,SAAS,EAAE,MAAM,CAAC;IAClB,+CAA+C;IAC/C,aAAa,EAAE,MAAM,CAAC;IACtB,+CAA+C;IAC/C,cAAc,EAAE,MAAM,CAAC;IACvB,+CAA+C;IAC/C,YAAY,EAAE,MAAM,CAAC;IACrB,6CAA6C;IAC7C,UAAU,EAAE,MAAM,CAAC;IACnB,kDAAkD;IAClD,aAAa,EAAE,MAAM,CAAC;IACtB,mEAAmE;IACnE,eAAe,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC,qFAAqF;IACrF,iBAAiB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAClC,wCAAwC;IACxC,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,qEAAqE;IACrE,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,8FAA8F;IAC9F,kBAAkB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,6EAA6E;IAC7E,wBAAwB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzC,wEAAwE;IACxE,wBAAwB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzC,kGAAkG;IAClG,8BAA8B,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAChD;AAED;;;;;;GAMG;AACH,wBAAgB,yBAAyB,IAAI,MAAM,CAelD;AAED;;GAEG;AACH,wBAAgB,yBAAyB,IAAI,MAAM,CAElD;AAgBD;;;;;;;GAOG;AACH,wBAAgB,gBAAgB,CAAC,WAAW,EAAE,iBAAiB,GAAG,MAAM,CA2CvE;AAED;;;;;GAKG;AACH,wBAAgB,gBAAgB,IAAI,iBAAiB,CAuCpD;AAED;;GAEG;AACH,wBAAgB,iBAAiB,IAAI,OAAO,CAE3C;AAED;;;;GAIG;AACH,wBAAgB,kBAAkB,IAAI,OAAO,CAO5C"}

package/dist/credentials.js

@@ -99,6 +99,18 @@ export function save_credentials(credentials) {
     if (credentials.display_name != null) {
         credentials_dict["display_name"] = credentials.display_name;
     }
+    if (credentials.agent_identity_urn != null) {
+        credentials_dict["agent_identity_urn"] = credentials.agent_identity_urn;
+    }
+    if (credentials.privacy_consent_given_at != null) {
+        credentials_dict["privacy_consent_given_at"] = credentials.privacy_consent_given_at;
+    }
+    if (credentials.default_attestation_mode != null) {
+        credentials_dict["default_attestation_mode"] = credentials.default_attestation_mode;
+    }
+    if (credentials.identity_certificate_chain_pem != null) {
+        credentials_dict["identity_certificate_chain_pem"] = credentials.identity_certificate_chain_pem;
+    }
     fs.writeFileSync(credentials_file_path, JSON.stringify(credentials_dict, null, 2) + "\n", "utf-8");
     set_owner_only_permissions(credentials_file_path);
     return credentials_file_path;
@@ -135,6 +147,10 @@ export function load_credentials() {
         hsm_key_reference: credentials_dict["hsm_key_reference"] ?? null,
         enrolled_at: credentials_dict["enrolled_at"] ?? null,
         display_name: credentials_dict["display_name"] ?? null,
+        agent_identity_urn: credentials_dict["agent_identity_urn"] ?? null,
+        privacy_consent_given_at: credentials_dict["privacy_consent_given_at"] ?? null,
+        default_attestation_mode: credentials_dict["default_attestation_mode"] ?? null,
+        identity_certificate_chain_pem: credentials_dict["identity_certificate_chain_pem"] ?? null,
     };
 }
 /**

package/dist/credentials.js.map

@@ -1 +1 @@
-{"version":3,"file":"credentials.js","sourceRoot":"","sources":["../src/credentials.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,gBAAgB,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAE/D,iCAAiC;AACjC,MAAM,CAAC,MAAM,oBAAoB,GAAG,iBAAiB,CAAC;AACtD,MAAM,CAAC,MAAM,sBAAsB,GAAG,6DAA6D,CAAC;AAEpG,6BAA6B;AAC7B,MAAM,oBAAoB,GAAG,kBAAkB,CAAC;AA+BhD;;;;;;GAMG;AACH,MAAM,UAAU,yBAAyB;IACvC,MAAM,eAAe,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC;IACtC,IAAI,eAAe,KAAK,OAAO,EAAE,CAAC;QAChC,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QACvC,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACrC,CAAC;QACD,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;IAChE,CAAC;SAAM,CAAC;QACN,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;QACvD,IAAI,eAAe,EAAE,CAAC;YACpB,OAAO,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC;QAC7C,CAAC;QACD,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;IACrD,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,yBAAyB;IACvC,OAAO,IAAI,CAAC,IAAI,CAAC,yBAAyB,EAAE,EAAE,oBAAoB,CAAC,CAAC;AACtE,CAAC;AAED;;;GAGG;AACH,SAAS,0BAA0B,CAAC,SAAiB;IACnD,IAAI,EAAE,CAAC,QAAQ,EAAE,KAAK,OAAO,EAAE,CAAC;QAC9B,IAAI,CAAC;YACH,EAAE,CAAC,SAAS,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;QACjC,CAAC;QAAC,MAAM,CAAC;YACP,+CAA+C;QACjD,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,gBAAgB,CAAC,WAA8B;IAC7D,MAAM,qBAAqB,GAAG,yBAAyB,EAAE,CAAC;IAC1D,EAAE,CAAC,SAAS,CAAC,qBAAqB,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAEzD,MAAM,qBAAqB,GAAG,IAAI,CAAC,IAAI,CAAC,qBAAqB,EAAE,oBAAoB,CAAC,CAAC;IAErF,gEAAgE;IAChE,MAAM,gBAAgB,GAA4B;QAChD,SAAS,EAAE,WAAW,CAAC,SAAS;QAChC,aAAa,EAAE,WAAW,CAAC,aAAa;QACxC,cAAc,EAAE,WAAW,CAAC,cAAc;QAC1C,YAAY,EAAE,WAAW,CAAC,YAAY;QACtC,UAAU,EAAE,WAAW,CAAC,UAAU;QAClC,aAAa,EAAE,WAAW,CAAC,aAAa;QACxC,WAAW,EAAE,WAAW,CAAC,WAAW,IAAI,IAAI;KAC7C,CAAC;IAEF,IAAI,WAAW,CAAC,eAAe,IAAI,IAAI,EAAE,CAAC;QACxC,gBAAgB,CAAC,iBAAiB,CAAC,GAAG,WAAW,CAAC,eAAe,CAAC;IACpE,CAAC;IACD,IAAI,WAAW,CAAC,iBAAiB,IAAI,IAAI,EAAE,CAAC;QAC1C,gBAAgB,CAAC,mBAAmB,CAAC,GAAG,WAAW,CAAC,iBAAiB,CAAC;IACxE,CAAC;IACD,IAAI,WAAW,CAAC,YAAY,IAAI,IAAI,EAAE,CAAC;QACrC,gBAAgB,CAAC,cAAc,CAAC,GAAG,WAAW,CAAC,YAAY,CAAC;IAC9D,CAAC;IAED,EAAE,CAAC,aAAa,CAAC,qBAAqB,EAAE,IAAI,CAAC,SAAS,CAAC,gBAAgB,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC,CAAC;IACnG,0BAA0B,CAAC,qBAAqB,CAAC,CAAC;IAElD,OAAO,qBAAqB,CAAC;AAC/B,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB;IAC9B,MAAM,qBAAqB,GAAG,yBAAyB,EAAE,CAAC;IAE1D,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,qBAAqB,CAAC,EAAE,CAAC;QAC1C,MAAM,IAAI,gBAAgB,CACxB,gCAAgC,qBAAqB,IAAI;YACzD,kDAAkD,CACnD,CAAC;IACJ,CAAC;IAED,IAAI,aAAqB,CAAC;IAC1B,IAAI,gBAAyC,CAAC;IAE9C,IAAI,CAAC;QACH,aAAa,GAAG,EAAE,CAAC,YAAY,CAAC,qBAAqB,EAAE,OAAO,CAAC,CAAC;QAChE,gBAAgB,GAAG,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;IAC/C,CAAC;IAAC,OAAO,UAAU,EAAE,CAAC;QACpB,MAAM,IAAI,UAAU,CAClB,uBAAuB,qBAAqB,gCAAgC,UAAU,EAAE,EACxF,uBAAuB,CACxB,CAAC;IACJ,CAAC;IAED,OAAO;QACL,SAAS,EAAE,gBAAgB,CAAC,WAAW,CAAW;QAClD,aAAa,EAAE,gBAAgB,CAAC,eAAe,CAAW;QAC1D,cAAc,EAAE,gBAAgB,CAAC,gBAAgB,CAAW;QAC5D,YAAY,EAAE,gBAAgB,CAAC,cAAc,CAAW;QACxD,UAAU,EAAG,gBAAgB,CAAC,YAAY,CAAY,IAAI,UAAU;QACpE,aAAa,EAAG,gBAAgB,CAAC,eAAe,CAAY,IAAI,SAAS;QACzE,eAAe,EAAG,gBAAgB,CAAC,iBAAiB,CAAY,IAAI,IAAI;QACxE,iBAAiB,EAAG,gBAAgB,CAAC,mBAAmB,CAAY,IAAI,IAAI;QAC5E,WAAW,EAAG,gBAAgB,CAAC,aAAa,CAAY,IAAI,IAAI;QAChE,YAAY,EAAG,gBAAgB,CAAC,cAAc,CAAY,IAAI,IAAI;KACnE,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB;IAC/B,OAAO,EAAE,CAAC,UAAU,CAAC,yBAAyB,EAAE,CAAC,CAAC;AACpD,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,kBAAkB;IAChC,MAAM,qBAAqB,GAAG,yBAAyB,EAAE,CAAC;IAC1D,IAAI,EAAE,CAAC,UAAU,CAAC,qBAAqB,CAAC,EAAE,CAAC;QACzC,EAAE,CAAC,UAAU,CAAC,qBAAqB,CAAC,CAAC;QACrC,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}
+{"version":3,"file":"credentials.js","sourceRoot":"","sources":["../src/credentials.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,gBAAgB,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAE/D,iCAAiC;AACjC,MAAM,CAAC,MAAM,oBAAoB,GAAG,iBAAiB,CAAC;AACtD,MAAM,CAAC,MAAM,sBAAsB,GAAG,6DAA6D,CAAC;AAEpG,6BAA6B;AAC7B,MAAM,oBAAoB,GAAG,kBAAkB,CAAC;AAuChD;;;;;;GAMG;AACH,MAAM,UAAU,yBAAyB;IACvC,MAAM,eAAe,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC;IACtC,IAAI,eAAe,KAAK,OAAO,EAAE,CAAC;QAChC,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QACvC,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACrC,CAAC;QACD,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;IAChE,CAAC;SAAM,CAAC;QACN,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;QACvD,IAAI,eAAe,EAAE,CAAC;YACpB,OAAO,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC;QAC7C,CAAC;QACD,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;IACrD,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,yBAAyB;IACvC,OAAO,IAAI,CAAC,IAAI,CAAC,yBAAyB,EAAE,EAAE,oBAAoB,CAAC,CAAC;AACtE,CAAC;AAED;;;GAGG;AACH,SAAS,0BAA0B,CAAC,SAAiB;IACnD,IAAI,EAAE,CAAC,QAAQ,EAAE,KAAK,OAAO,EAAE,CAAC;QAC9B,IAAI,CAAC;YACH,EAAE,CAAC,SAAS,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;QACjC,CAAC;QAAC,MAAM,CAAC;YACP,+CAA+C;QACjD,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,gBAAgB,CAAC,WAA8B;IAC7D,MAAM,qBAAqB,GAAG,yBAAyB,EAAE,CAAC;IAC1D,EAAE,CAAC,SAAS,CAAC,qBAAqB,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAEzD,MAAM,qBAAqB,GAAG,IAAI,CAAC,IAAI,CAAC,qBAAqB,EAAE,oBAAoB,CAAC,CAAC;IAErF,gEAAgE;IAChE,MAAM,gBAAgB,GAA4B;QAChD,SAAS,EAAE,WAAW,CAAC,SAAS;QAChC,aAAa,EAAE,WAAW,CAAC,aAAa;QACxC,cAAc,EAAE,WAAW,CAAC,cAAc;QAC1C,YAAY,EAAE,WAAW,CAAC,YAAY;QACtC,UAAU,EAAE,WAAW,CAAC,UAAU;QAClC,aAAa,EAAE,WAAW,CAAC,aAAa;QACxC,WAAW,EAAE,WAAW,CAAC,WAAW,IAAI,IAAI;KAC7C,CAAC;IAEF,IAAI,WAAW,CAAC,eAAe,IAAI,IAAI,EAAE,CAAC;QACxC,gBAAgB,CAAC,iBAAiB,CAAC,GAAG,WAAW,CAAC,eAAe,CAAC;IACpE,CAAC;IACD,IAAI,WAAW,CAAC,iBAAiB,IAAI,IAAI,EAAE,CAAC;QAC1C,gBAAgB,CAAC,mBAAmB,CAAC,GAAG,WAAW,CAAC,iBAAiB,CAAC;IACxE,CAAC;IACD,IAAI,WAAW,CAAC,YAAY,IAAI,IAAI,EAAE,CAAC;QACrC,gBAAgB,CAAC,cAAc,CAAC,GAAG,WAAW,CAAC,YAAY,CAAC;IAC9D,CAAC;IACD,IAAI,WAAW,CAAC,kBAAkB,IAAI,IAAI,EAAE,CAAC;QAC3C,gBAAgB,CAAC,oBAAoB,CAAC,GAAG,WAAW,CAAC,kBAAkB,CAAC;IAC1E,CAAC;IACD,IAAI,WAAW,CAAC,wBAAwB,IAAI,IAAI,EAAE,CAAC;QACjD,gBAAgB,CAAC,0BAA0B,CAAC,GAAG,WAAW,CAAC,wBAAwB,CAAC;IACtF,CAAC;IACD,IAAI,WAAW,CAAC,wBAAwB,IAAI,IAAI,EAAE,CAAC;QACjD,gBAAgB,CAAC,0BAA0B,CAAC,GAAG,WAAW,CAAC,wBAAwB,CAAC;IACtF,CAAC;IACD,IAAI,WAAW,CAAC,8BAA8B,IAAI,IAAI,EAAE,CAAC;QACvD,gBAAgB,CAAC,gCAAgC,CAAC,GAAG,WAAW,CAAC,8BAA8B,CAAC;IAClG,CAAC;IAED,EAAE,CAAC,aAAa,CAAC,qBAAqB,EAAE,IAAI,CAAC,SAAS,CAAC,gBAAgB,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC,CAAC;IACnG,0BAA0B,CAAC,qBAAqB,CAAC,CAAC;IAElD,OAAO,qBAAqB,CAAC;AAC/B,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB;IAC9B,MAAM,qBAAqB,GAAG,yBAAyB,EAAE,CAAC;IAE1D,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,qBAAqB,CAAC,EAAE,CAAC;QAC1C,MAAM,IAAI,gBAAgB,CACxB,gCAAgC,qBAAqB,IAAI;YACzD,kDAAkD,CACnD,CAAC;IACJ,CAAC;IAED,IAAI,aAAqB,CAAC;IAC1B,IAAI,gBAAyC,CAAC;IAE9C,IAAI,CAAC;QACH,aAAa,GAAG,EAAE,CAAC,YAAY,CAAC,qBAAqB,EAAE,OAAO,CAAC,CAAC;QAChE,gBAAgB,GAAG,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;IAC/C,CAAC;IAAC,OAAO,UAAU,EAAE,CAAC;QACpB,MAAM,IAAI,UAAU,CAClB,uBAAuB,qBAAqB,gCAAgC,UAAU,EAAE,EACxF,uBAAuB,CACxB,CAAC;IACJ,CAAC;IAED,OAAO;QACL,SAAS,EAAE,gBAAgB,CAAC,WAAW,CAAW;QAClD,aAAa,EAAE,gBAAgB,CAAC,eAAe,CAAW;QAC1D,cAAc,EAAE,gBAAgB,CAAC,gBAAgB,CAAW;QAC5D,YAAY,EAAE,gBAAgB,CAAC,cAAc,CAAW;QACxD,UAAU,EAAG,gBAAgB,CAAC,YAAY,CAAY,IAAI,UAAU;QACpE,aAAa,EAAG,gBAAgB,CAAC,eAAe,CAAY,IAAI,SAAS;QACzE,eAAe,EAAG,gBAAgB,CAAC,iBAAiB,CAAY,IAAI,IAAI;QACxE,iBAAiB,EAAG,gBAAgB,CAAC,mBAAmB,CAAY,IAAI,IAAI;QAC5E,WAAW,EAAG,gBAAgB,CAAC,aAAa,CAAY,IAAI,IAAI;QAChE,YAAY,EAAG,gBAAgB,CAAC,cAAc,CAAY,IAAI,IAAI;QAClE,kBAAkB,EAAG,gBAAgB,CAAC,oBAAoB,CAAY,IAAI,IAAI;QAC9E,wBAAwB,EAAG,gBAAgB,CAAC,0BAA0B,CAAY,IAAI,IAAI;QAC1F,wBAAwB,EAAG,gBAAgB,CAAC,0BAA0B,CAAY,IAAI,IAAI;QAC1F,8BAA8B,EAAG,gBAAgB,CAAC,gCAAgC,CAAY,IAAI,IAAI;KACvG,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB;IAC/B,OAAO,EAAE,CAAC,UAAU,CAAC,yBAAyB,EAAE,CAAC,CAAC;AACpD,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,kBAAkB;IAChC,MAAM,qBAAqB,GAAG,yBAAyB,EAAE,CAAC;IAC1D,IAAI,EAAE,CAAC,UAAU,CAAC,qBAAqB,CAAC,EAAE,CAAC;QACzC,EAAE,CAAC,UAAU,CAAC,qBAAqB,CAAC,CAAC;QACrC,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/devices.d.ts

@@ -0,0 +1,76 @@
+/**
+ * Device management and hardware lock for the 1id.com Node.js SDK.
+ *
+ * Provides:
+ *   listDevices()   -- List all devices (active and burned) bound to this identity
+ *   lockHardware()  -- Permanently lock identity to its single hardware device (irreversible)
+ *
+ * Usage:
+ *   import { listDevices, lockHardware } from "1id/devices";
+ *
+ *   const result = await listDevices();
+ *   for (const d of result.devices) { console.log(`${d.device_type} [${d.device_status}]`); }
+ *
+ *   const lock = await lockHardware();
+ *   console.log(`Locked: ${lock.hardware_locked}`);
+ */
+import { type StoredCredentials } from "./credentials.js";
+export interface DeviceInfo {
+    device_type: string;
+    device_fingerprint: string;
+    device_status: string;
+    trust_tier: string | null;
+    tpm_manufacturer: string | null;
+    piv_serial: string | null;
+    bound_at: string | null;
+    burned_at: string | null;
+    burn_reason: string | null;
+}
+export interface DeviceListResult {
+    identity_internal_id: string;
+    total_device_count: number;
+    active_device_count: number;
+    burned_device_count: number;
+    devices: DeviceInfo[];
+}
+export interface HardwareLockResult {
+    identity_internal_id: string;
+    hardware_locked: boolean;
+    trust_tier: string;
+    active_device_count: number;
+}
+/**
+ * List all devices (active and burned) bound to this identity.
+ *
+ * @param credentials Optional pre-loaded credentials.
+ * @returns DeviceListResult with all device details.
+ */
+export declare function listDevices(credentials?: StoredCredentials | null): Promise<DeviceListResult>;
+/**
+ * Permanently lock this identity to its single active hardware device.
+ *
+ * This is an IRREVERSIBLE operation. Once locked:
+ *   - No new devices can be added
+ *   - The existing device cannot be burned
+ *   - The identity is permanently bound to one physical chip
+ *
+ * Preconditions enforced server-side:
+ *   - Identity must be hardware-tier (sovereign, portable, or virtual)
+ *   - Identity must have exactly 1 active device
+ *
+ * @param credentials Optional pre-loaded credentials.
+ * @returns HardwareLockResult with confirmation details.
+ * @throws Error with code DECLARED_TIER_CANNOT_LOCK if identity is declared-tier.
+ * @throws Error with code ALREADY_LOCKED if already locked (idempotent-safe).
+ * @throws Error with code TOO_MANY_ACTIVE_DEVICES if identity has != 1 active device.
+ */
+export declare function lockHardware(credentials?: StoredCredentials | null): Promise<HardwareLockResult>;
+/**
+ * Register or update the human operator email for this identity.
+ *
+ * @param operator_email_address The email address to register.
+ * @param credentials Optional pre-loaded credentials.
+ * @returns True if the email was registered successfully.
+ */
+export declare function registerOperatorEmail(operator_email_address: string, credentials?: StoredCredentials | null): Promise<boolean>;
+//# sourceMappingURL=devices.d.ts.map

package/dist/devices.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"devices.d.ts","sourceRoot":"","sources":["../src/devices.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAoB,KAAK,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAK5E,MAAM,WAAW,UAAU;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;CAC5B;AAED,MAAM,WAAW,gBAAgB;IAC/B,oBAAoB,EAAE,MAAM,CAAC;IAC7B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,OAAO,EAAE,UAAU,EAAE,CAAC;CACvB;AAED,MAAM,WAAW,kBAAkB;IACjC,oBAAoB,EAAE,MAAM,CAAC;IAC7B,eAAe,EAAE,OAAO,CAAC;IACzB,UAAU,EAAE,MAAM,CAAC;IACnB,mBAAmB,EAAE,MAAM,CAAC;CAC7B;AAED;;;;;GAKG;AACH,wBAAsB,WAAW,CAC/B,WAAW,CAAC,EAAE,iBAAiB,GAAG,IAAI,GACrC,OAAO,CAAC,gBAAgB,CAAC,CAiC3B;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAsB,YAAY,CAChC,WAAW,CAAC,EAAE,iBAAiB,GAAG,IAAI,GACrC,OAAO,CAAC,kBAAkB,CAAC,CAuB7B;AAED;;;;;;GAMG;AACH,wBAAsB,qBAAqB,CACzC,sBAAsB,EAAE,MAAM,EAC9B,WAAW,CAAC,EAAE,iBAAiB,GAAG,IAAI,GACrC,OAAO,CAAC,OAAO,CAAC,CAkBlB"}