@adcp/sdk 8.1.0-beta.13 → 8.1.0-beta.14
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/bin/adcp-registry.js +2 -2
- package/dist/lib/canonical-references/index.d.ts +107 -0
- package/dist/lib/canonical-references/index.d.ts.map +1 -0
- package/dist/lib/canonical-references/index.js +551 -0
- package/dist/lib/canonical-references/index.js.map +1 -0
- package/dist/lib/core/ConversationTypes.d.ts +7 -0
- package/dist/lib/core/ConversationTypes.d.ts.map +1 -1
- package/dist/lib/core/ProtocolResponseParser.d.ts +10 -0
- package/dist/lib/core/ProtocolResponseParser.d.ts.map +1 -1
- package/dist/lib/core/ProtocolResponseParser.js +110 -0
- package/dist/lib/core/ProtocolResponseParser.js.map +1 -1
- package/dist/lib/core/ResponseValidator.d.ts +2 -0
- package/dist/lib/core/ResponseValidator.d.ts.map +1 -1
- package/dist/lib/core/ResponseValidator.js +3 -3
- package/dist/lib/core/ResponseValidator.js.map +1 -1
- package/dist/lib/core/TaskExecutor.d.ts +2 -0
- package/dist/lib/core/TaskExecutor.d.ts.map +1 -1
- package/dist/lib/core/TaskExecutor.js +32 -8
- package/dist/lib/core/TaskExecutor.js.map +1 -1
- package/dist/lib/index.d.ts +5 -4
- package/dist/lib/index.d.ts.map +1 -1
- package/dist/lib/index.js +27 -11
- package/dist/lib/index.js.map +1 -1
- package/dist/lib/mock-server/creative-ad-server/server.d.ts +2 -0
- package/dist/lib/mock-server/creative-ad-server/server.d.ts.map +1 -1
- package/dist/lib/mock-server/creative-ad-server/server.js +37 -1
- package/dist/lib/mock-server/creative-ad-server/server.js.map +1 -1
- package/dist/lib/mock-server/creative-template/server.d.ts +2 -0
- package/dist/lib/mock-server/creative-template/server.d.ts.map +1 -1
- package/dist/lib/mock-server/creative-template/server.js +29 -2
- package/dist/lib/mock-server/creative-template/server.js.map +1 -1
- package/dist/lib/mock-server/index.d.ts +10 -1
- package/dist/lib/mock-server/index.d.ts.map +1 -1
- package/dist/lib/mock-server/index.js +38 -8
- package/dist/lib/mock-server/index.js.map +1 -1
- package/dist/lib/mock-server/sales-guaranteed/server.d.ts +2 -0
- package/dist/lib/mock-server/sales-guaranteed/server.d.ts.map +1 -1
- package/dist/lib/mock-server/sales-guaranteed/server.js +64 -7
- package/dist/lib/mock-server/sales-guaranteed/server.js.map +1 -1
- package/dist/lib/mock-server/sales-non-guaranteed/server.d.ts +2 -0
- package/dist/lib/mock-server/sales-non-guaranteed/server.d.ts.map +1 -1
- package/dist/lib/mock-server/sales-non-guaranteed/server.js +44 -1
- package/dist/lib/mock-server/sales-non-guaranteed/server.js.map +1 -1
- package/dist/lib/mock-server/sales-social/server.d.ts +2 -0
- package/dist/lib/mock-server/sales-social/server.d.ts.map +1 -1
- package/dist/lib/mock-server/sales-social/server.js +64 -4
- package/dist/lib/mock-server/sales-social/server.js.map +1 -1
- package/dist/lib/mock-server/scenario.d.ts +97 -0
- package/dist/lib/mock-server/scenario.d.ts.map +1 -0
- package/dist/lib/mock-server/scenario.js +464 -0
- package/dist/lib/mock-server/scenario.js.map +1 -0
- package/dist/lib/mock-server/signal-marketplace/server.d.ts +2 -0
- package/dist/lib/mock-server/signal-marketplace/server.d.ts.map +1 -1
- package/dist/lib/mock-server/signal-marketplace/server.js +29 -1
- package/dist/lib/mock-server/signal-marketplace/server.js.map +1 -1
- package/dist/lib/mock-server/sponsored-intelligence/server.d.ts +2 -0
- package/dist/lib/mock-server/sponsored-intelligence/server.d.ts.map +1 -1
- package/dist/lib/mock-server/sponsored-intelligence/server.js +47 -9
- package/dist/lib/mock-server/sponsored-intelligence/server.js.map +1 -1
- package/dist/lib/protocols/index.d.ts +4 -2
- package/dist/lib/protocols/index.d.ts.map +1 -1
- package/dist/lib/protocols/index.js +10 -3
- package/dist/lib/protocols/index.js.map +1 -1
- package/dist/lib/registry/index.d.ts +42 -16
- package/dist/lib/registry/index.d.ts.map +1 -1
- package/dist/lib/registry/index.js +191 -24
- package/dist/lib/registry/index.js.map +1 -1
- package/dist/lib/registry/types.d.ts +39 -8
- package/dist/lib/registry/types.d.ts.map +1 -1
- package/dist/lib/registry/types.generated.d.ts +2873 -699
- package/dist/lib/registry/types.generated.d.ts.map +1 -1
- package/dist/lib/registry/types.generated.js +2 -2
- package/dist/lib/registry/types.generated.js.map +1 -1
- package/dist/lib/schemas-data/v2.5/_provenance.json +1 -1
- package/dist/lib/server/a2a-adapter.d.ts +3 -1
- package/dist/lib/server/a2a-adapter.d.ts.map +1 -1
- package/dist/lib/server/a2a-adapter.js +11 -2
- package/dist/lib/server/a2a-adapter.js.map +1 -1
- package/dist/lib/server/adcp-server.js +32 -0
- package/dist/lib/server/adcp-server.js.map +1 -1
- package/dist/lib/server/create-adcp-server.d.ts +12 -6
- package/dist/lib/server/create-adcp-server.d.ts.map +1 -1
- package/dist/lib/server/create-adcp-server.js +72 -11
- package/dist/lib/server/create-adcp-server.js.map +1 -1
- package/dist/lib/server/decisioning/account.d.ts +17 -17
- package/dist/lib/server/decisioning/account.d.ts.map +1 -1
- package/dist/lib/server/decisioning/account.js.map +1 -1
- package/dist/lib/server/decisioning/buyer-agent.d.ts +27 -10
- package/dist/lib/server/decisioning/buyer-agent.d.ts.map +1 -1
- package/dist/lib/server/decisioning/buyer-agent.js +25 -7
- package/dist/lib/server/decisioning/buyer-agent.js.map +1 -1
- package/dist/lib/server/decisioning/capabilities.d.ts +35 -7
- package/dist/lib/server/decisioning/capabilities.d.ts.map +1 -1
- package/dist/lib/server/decisioning/errors-typed.d.ts +18 -16
- package/dist/lib/server/decisioning/errors-typed.d.ts.map +1 -1
- package/dist/lib/server/decisioning/errors-typed.js +26 -24
- package/dist/lib/server/decisioning/errors-typed.js.map +1 -1
- package/dist/lib/server/decisioning/index.d.ts +1 -1
- package/dist/lib/server/decisioning/index.d.ts.map +1 -1
- package/dist/lib/server/decisioning/index.js +4 -2
- package/dist/lib/server/decisioning/index.js.map +1 -1
- package/dist/lib/server/decisioning/platform-helpers.d.ts +3 -2
- package/dist/lib/server/decisioning/platform-helpers.d.ts.map +1 -1
- package/dist/lib/server/decisioning/platform-helpers.js +3 -2
- package/dist/lib/server/decisioning/platform-helpers.js.map +1 -1
- package/dist/lib/server/decisioning/platform.d.ts +27 -10
- package/dist/lib/server/decisioning/platform.d.ts.map +1 -1
- package/dist/lib/server/decisioning/platform.js.map +1 -1
- package/dist/lib/server/decisioning/runtime/from-platform.d.ts +14 -10
- package/dist/lib/server/decisioning/runtime/from-platform.d.ts.map +1 -1
- package/dist/lib/server/decisioning/runtime/from-platform.js +374 -59
- package/dist/lib/server/decisioning/runtime/from-platform.js.map +1 -1
- package/dist/lib/server/decisioning/runtime/validate-platform.d.ts.map +1 -1
- package/dist/lib/server/decisioning/runtime/validate-platform.js +3 -8
- package/dist/lib/server/decisioning/runtime/validate-platform.js.map +1 -1
- package/dist/lib/server/decisioning/specialisms/sponsored-intelligence.d.ts +9 -11
- package/dist/lib/server/decisioning/specialisms/sponsored-intelligence.d.ts.map +1 -1
- package/dist/lib/server/decisioning/specialisms/sponsored-intelligence.js +9 -11
- package/dist/lib/server/decisioning/specialisms/sponsored-intelligence.js.map +1 -1
- package/dist/lib/server/operational-platform.d.ts +6 -8
- package/dist/lib/server/operational-platform.d.ts.map +1 -1
- package/dist/lib/server/operational-platform.js +4 -6
- package/dist/lib/server/operational-platform.js.map +1 -1
- package/dist/lib/server/test-controller-bridge.d.ts +14 -14
- package/dist/lib/server/test-controller-bridge.d.ts.map +1 -1
- package/dist/lib/server/test-controller-bridge.js +16 -16
- package/dist/lib/server/test-controller-bridge.js.map +1 -1
- package/dist/lib/server/test-controller.d.ts +31 -9
- package/dist/lib/server/test-controller.d.ts.map +1 -1
- package/dist/lib/server/test-controller.js +106 -54
- package/dist/lib/server/test-controller.js.map +1 -1
- package/dist/lib/signing/canonicalize.d.ts +0 -53
- package/dist/lib/signing/canonicalize.d.ts.map +1 -1
- package/dist/lib/signing/canonicalize.js +1 -33
- package/dist/lib/signing/canonicalize.js.map +1 -1
- package/dist/lib/signing/client.d.ts +5 -5
- package/dist/lib/signing/client.d.ts.map +1 -1
- package/dist/lib/signing/client.js +1 -10
- package/dist/lib/signing/client.js.map +1 -1
- package/dist/lib/signing/errors.d.ts +0 -11
- package/dist/lib/signing/errors.d.ts.map +1 -1
- package/dist/lib/signing/errors.js +1 -11
- package/dist/lib/signing/errors.js.map +1 -1
- package/dist/lib/signing/jwks-helpers.d.ts +2 -4
- package/dist/lib/signing/jwks-helpers.d.ts.map +1 -1
- package/dist/lib/signing/jwks-helpers.js +9 -0
- package/dist/lib/signing/jwks-helpers.js.map +1 -1
- package/dist/lib/signing/provider.d.ts +11 -10
- package/dist/lib/signing/provider.d.ts.map +1 -1
- package/dist/lib/signing/request-context.d.ts +8 -11
- package/dist/lib/signing/request-context.d.ts.map +1 -1
- package/dist/lib/signing/request-context.js +7 -10
- package/dist/lib/signing/request-context.js.map +1 -1
- package/dist/lib/signing/server.d.ts +3 -4
- package/dist/lib/signing/server.d.ts.map +1 -1
- package/dist/lib/signing/server.js +1 -9
- package/dist/lib/signing/server.js.map +1 -1
- package/dist/lib/signing/signer-async.d.ts +2 -8
- package/dist/lib/signing/signer-async.d.ts.map +1 -1
- package/dist/lib/signing/signer-async.js +0 -12
- package/dist/lib/signing/signer-async.js.map +1 -1
- package/dist/lib/signing/signer.d.ts +4 -111
- package/dist/lib/signing/signer.d.ts.map +1 -1
- package/dist/lib/signing/signer.js +2 -98
- package/dist/lib/signing/signer.js.map +1 -1
- package/dist/lib/signing/testing.d.ts +10 -10
- package/dist/lib/signing/testing.d.ts.map +1 -1
- package/dist/lib/signing/testing.js +6 -13
- package/dist/lib/signing/testing.js.map +1 -1
- package/dist/lib/signing/types.d.ts +0 -36
- package/dist/lib/signing/types.d.ts.map +1 -1
- package/dist/lib/signing/types.js +1 -37
- package/dist/lib/signing/types.js.map +1 -1
- package/dist/lib/testing/agent-tester.d.ts +1 -0
- package/dist/lib/testing/agent-tester.d.ts.map +1 -1
- package/dist/lib/testing/agent-tester.js.map +1 -1
- package/dist/lib/testing/client.d.ts +1 -1
- package/dist/lib/testing/client.d.ts.map +1 -1
- package/dist/lib/testing/client.js +4 -2
- package/dist/lib/testing/client.js.map +1 -1
- package/dist/lib/testing/compliance/comply.d.ts +8 -0
- package/dist/lib/testing/compliance/comply.d.ts.map +1 -1
- package/dist/lib/testing/compliance/comply.js +98 -7
- package/dist/lib/testing/compliance/comply.js.map +1 -1
- package/dist/lib/testing/compliance/spec-conformance.d.ts +6 -6
- package/dist/lib/testing/compliance/spec-conformance.d.ts.map +1 -1
- package/dist/lib/testing/compliance/spec-conformance.js +6 -6
- package/dist/lib/testing/compliance/spec-conformance.js.map +1 -1
- package/dist/lib/testing/compliance/summary.d.ts +5 -0
- package/dist/lib/testing/compliance/summary.d.ts.map +1 -1
- package/dist/lib/testing/compliance/summary.js +17 -0
- package/dist/lib/testing/compliance/summary.js.map +1 -1
- package/dist/lib/testing/comply-controller.d.ts +19 -0
- package/dist/lib/testing/comply-controller.d.ts.map +1 -1
- package/dist/lib/testing/comply-controller.js +11 -8
- package/dist/lib/testing/comply-controller.js.map +1 -1
- package/dist/lib/testing/index.d.ts +4 -3
- package/dist/lib/testing/index.d.ts.map +1 -1
- package/dist/lib/testing/index.js +13 -1
- package/dist/lib/testing/index.js.map +1 -1
- package/dist/lib/testing/storyboard/canonical-format-satisfaction.d.ts +4 -0
- package/dist/lib/testing/storyboard/canonical-format-satisfaction.d.ts.map +1 -0
- package/dist/lib/testing/storyboard/canonical-format-satisfaction.js +881 -0
- package/dist/lib/testing/storyboard/canonical-format-satisfaction.js.map +1 -0
- package/dist/lib/testing/storyboard/compliance.d.ts +6 -0
- package/dist/lib/testing/storyboard/compliance.d.ts.map +1 -1
- package/dist/lib/testing/storyboard/compliance.js +8 -4
- package/dist/lib/testing/storyboard/compliance.js.map +1 -1
- package/dist/lib/testing/storyboard/index.d.ts +2 -1
- package/dist/lib/testing/storyboard/index.d.ts.map +1 -1
- package/dist/lib/testing/storyboard/index.js +9 -1
- package/dist/lib/testing/storyboard/index.js.map +1 -1
- package/dist/lib/testing/storyboard/loader.d.ts +3 -2
- package/dist/lib/testing/storyboard/loader.d.ts.map +1 -1
- package/dist/lib/testing/storyboard/loader.js +73 -2
- package/dist/lib/testing/storyboard/loader.js.map +1 -1
- package/dist/lib/testing/storyboard/path.d.ts +21 -0
- package/dist/lib/testing/storyboard/path.d.ts.map +1 -1
- package/dist/lib/testing/storyboard/path.js +86 -0
- package/dist/lib/testing/storyboard/path.js.map +1 -1
- package/dist/lib/testing/storyboard/rate-limit-trip.d.ts +92 -0
- package/dist/lib/testing/storyboard/rate-limit-trip.d.ts.map +1 -0
- package/dist/lib/testing/storyboard/rate-limit-trip.js +276 -0
- package/dist/lib/testing/storyboard/rate-limit-trip.js.map +1 -0
- package/dist/lib/testing/storyboard/runner.d.ts.map +1 -1
- package/dist/lib/testing/storyboard/runner.js +361 -28
- package/dist/lib/testing/storyboard/runner.js.map +1 -1
- package/dist/lib/testing/storyboard/seeding.d.ts +5 -4
- package/dist/lib/testing/storyboard/seeding.d.ts.map +1 -1
- package/dist/lib/testing/storyboard/seeding.js +23 -3
- package/dist/lib/testing/storyboard/seeding.js.map +1 -1
- package/dist/lib/testing/storyboard/types.d.ts +108 -20
- package/dist/lib/testing/storyboard/types.d.ts.map +1 -1
- package/dist/lib/testing/storyboard/types.js +1 -0
- package/dist/lib/testing/storyboard/types.js.map +1 -1
- package/dist/lib/testing/storyboard/validations.d.ts +18 -0
- package/dist/lib/testing/storyboard/validations.d.ts.map +1 -1
- package/dist/lib/testing/storyboard/validations.js +238 -33
- package/dist/lib/testing/storyboard/validations.js.map +1 -1
- package/dist/lib/testing/test-controller.d.ts +17 -25
- package/dist/lib/testing/test-controller.d.ts.map +1 -1
- package/dist/lib/testing/test-controller.js.map +1 -1
- package/dist/lib/testing/types.d.ts +13 -1
- package/dist/lib/testing/types.d.ts.map +1 -1
- package/dist/lib/types/check-governance.d.ts +1 -1
- package/dist/lib/types/comply-test-controller.d.ts +243 -3
- package/dist/lib/types/core.generated.d.ts +261 -21
- package/dist/lib/types/core.generated.d.ts.map +1 -1
- package/dist/lib/types/core.generated.js +1 -1
- package/dist/lib/types/create-media-buy.d.ts +107 -3
- package/dist/lib/types/error-codes.d.ts +2 -2
- package/dist/lib/types/get-adcp-capabilities.d.ts +1 -1
- package/dist/lib/types/get-media-buys.d.ts +107 -3
- package/dist/lib/types/get-plan-audit-logs.d.ts +1 -1
- package/dist/lib/types/get-products.d.ts +104 -3
- package/dist/lib/types/inline-enums.generated.d.ts +27 -17
- package/dist/lib/types/inline-enums.generated.d.ts.map +1 -1
- package/dist/lib/types/inline-enums.generated.js +39 -28
- package/dist/lib/types/inline-enums.generated.js.map +1 -1
- package/dist/lib/types/manifest.generated.d.ts +7 -4
- package/dist/lib/types/manifest.generated.d.ts.map +1 -1
- package/dist/lib/types/manifest.generated.js +2 -2
- package/dist/lib/types/manifest.generated.js.map +1 -1
- package/dist/lib/types/report-plan-outcome.d.ts +1 -1
- package/dist/lib/types/schemas.generated.d.ts +714 -193
- package/dist/lib/types/schemas.generated.d.ts.map +1 -1
- package/dist/lib/types/schemas.generated.js +194 -79
- package/dist/lib/types/schemas.generated.js.map +1 -1
- package/dist/lib/types/sync-plans.d.ts +1 -1
- package/dist/lib/types/tools.generated.d.ts +331 -28
- package/dist/lib/types/tools.generated.d.ts.map +1 -1
- package/dist/lib/types/update-media-buy.d.ts +107 -3
- package/dist/lib/types/v3-1-beta/tools.generated.d.ts +20 -0
- package/dist/lib/types/v3-1-beta/tools.generated.d.ts.map +1 -1
- package/dist/lib/upstream-recorder/constants.d.ts +2 -0
- package/dist/lib/upstream-recorder/constants.d.ts.map +1 -0
- package/dist/lib/upstream-recorder/constants.js +5 -0
- package/dist/lib/upstream-recorder/constants.js.map +1 -0
- package/dist/lib/upstream-recorder/index.d.ts +20 -10
- package/dist/lib/upstream-recorder/index.d.ts.map +1 -1
- package/dist/lib/upstream-recorder/index.js +21 -10
- package/dist/lib/upstream-recorder/index.js.map +1 -1
- package/dist/lib/upstream-recorder/recorder.d.ts +65 -0
- package/dist/lib/upstream-recorder/recorder.d.ts.map +1 -1
- package/dist/lib/upstream-recorder/recorder.js +500 -47
- package/dist/lib/upstream-recorder/recorder.js.map +1 -1
- package/dist/lib/upstream-recorder/types.d.ts +109 -13
- package/dist/lib/upstream-recorder/types.d.ts.map +1 -1
- package/dist/lib/upstream-recorder/types.js.map +1 -1
- package/dist/lib/utils/adcp-version-config.d.ts +1 -0
- package/dist/lib/utils/adcp-version-config.d.ts.map +1 -1
- package/dist/lib/utils/adcp-version-config.js +21 -0
- package/dist/lib/utils/adcp-version-config.js.map +1 -1
- package/dist/lib/utils/capability-rollups.d.ts +5 -5
- package/dist/lib/utils/capability-rollups.d.ts.map +1 -1
- package/dist/lib/utils/capability-rollups.js +1 -1
- package/dist/lib/utils/capability-rollups.js.map +1 -1
- package/dist/lib/utils/json-depth.d.ts +2 -0
- package/dist/lib/utils/json-depth.d.ts.map +1 -0
- package/dist/lib/utils/json-depth.js +5 -0
- package/dist/lib/utils/json-depth.js.map +1 -0
- package/dist/lib/utils/media-buy-delivery-notification-builders.d.ts +1 -1
- package/dist/lib/utils/media-buy-delivery-notification-builders.d.ts.map +1 -1
- package/dist/lib/utils/preview-creative-builders.d.ts +1 -1
- package/dist/lib/utils/preview-creative-builders.d.ts.map +1 -1
- package/dist/lib/utils/redact-secrets.d.ts +13 -2
- package/dist/lib/utils/redact-secrets.d.ts.map +1 -1
- package/dist/lib/utils/redact-secrets.js +40 -13
- package/dist/lib/utils/redact-secrets.js.map +1 -1
- package/dist/lib/utils/response-schemas.d.ts +1 -0
- package/dist/lib/utils/response-schemas.d.ts.map +1 -1
- package/dist/lib/utils/response-schemas.js +15 -0
- package/dist/lib/utils/response-schemas.js.map +1 -1
- package/dist/lib/utils/response-unwrapper.d.ts +2 -1
- package/dist/lib/utils/response-unwrapper.d.ts.map +1 -1
- package/dist/lib/utils/response-unwrapper.js +11 -3
- package/dist/lib/utils/response-unwrapper.js.map +1 -1
- package/dist/lib/utils/tool-request-schemas.d.ts +31 -1
- package/dist/lib/utils/tool-request-schemas.d.ts.map +1 -1
- package/dist/lib/v2/format-schema/fetch.d.ts +13 -5
- package/dist/lib/v2/format-schema/fetch.d.ts.map +1 -1
- package/dist/lib/v2/format-schema/fetch.js +27 -16
- package/dist/lib/v2/format-schema/fetch.js.map +1 -1
- package/dist/lib/v2/format-schema/index.d.ts +13 -11
- package/dist/lib/v2/format-schema/index.d.ts.map +1 -1
- package/dist/lib/v2/format-schema/index.js +19 -12
- package/dist/lib/v2/format-schema/index.js.map +1 -1
- package/dist/lib/v2/format-schema/resolver.d.ts +71 -0
- package/dist/lib/v2/format-schema/resolver.d.ts.map +1 -0
- package/dist/lib/v2/format-schema/resolver.js +284 -0
- package/dist/lib/v2/format-schema/resolver.js.map +1 -0
- package/dist/lib/v2/format-schema/sandbox-refs.d.ts +6 -0
- package/dist/lib/v2/format-schema/sandbox-refs.d.ts.map +1 -1
- package/dist/lib/v2/format-schema/sandbox-refs.js +36 -15
- package/dist/lib/v2/format-schema/sandbox-refs.js.map +1 -1
- package/dist/lib/validation/schema-loader.d.ts.map +1 -1
- package/dist/lib/validation/schema-loader.js +48 -3
- package/dist/lib/validation/schema-loader.js.map +1 -1
- package/dist/lib/version.d.ts +3 -3
- package/dist/lib/version.js +3 -3
- package/docs/guides/BUILD-AN-AGENT.md +7 -7
- package/docs/guides/CANONICAL-REFERENCE-RESOLVER.md +75 -0
- package/docs/llms.txt +37 -8
- package/examples/README.md +29 -16
- package/examples/hello_creative_adapter_ad_server.ts +8 -2
- package/examples/hello_seller_adapter_guaranteed.ts +26 -18
- package/examples/hello_seller_adapter_multi_tenant.ts +6 -6
- package/examples/hello_seller_adapter_social.ts +80 -4
- package/examples/hello_si_adapter_brand.ts +10 -21
- package/examples/hello_signals_adapter_marketplace.ts +184 -9
- package/examples/proxy-seller-snap/README.md +47 -0
- package/examples/proxy-seller-snap/index.ts +321 -0
- package/package.json +19 -4
- package/skills/build-creative-agent/SKILL.md +1 -15
- package/skills/build-decisioning-platform/SKILL.md +6 -1
- package/skills/build-seller-agent/SKILL.md +5 -2
- package/skills/build-si-agent/SKILL.md +2 -2
- package/skills/call-adcp-agent/SKILL.md +4 -1
- package/dist/lib/signing/response-verifier.d.ts +0 -105
- package/dist/lib/signing/response-verifier.d.ts.map +0 -1
- package/dist/lib/signing/response-verifier.js +0 -271
- package/dist/lib/signing/response-verifier.js.map +0 -1
|
@@ -6,18 +6,18 @@
|
|
|
6
6
|
* Paired with `@adcp/sdk/signing/server` (verifier / middleware / stores).
|
|
7
7
|
* The aggregate `@adcp/sdk/signing` barrel re-exports both for back-compat.
|
|
8
8
|
*/
|
|
9
|
-
export {
|
|
9
|
+
export { buildSignatureBase, canonicalAuthority, canonicalMethod, canonicalTargetUri, formatSignatureParams, getHeaderValue, type RequestLike, type SignatureParams, } from './canonicalize';
|
|
10
10
|
export { computeContentDigest, contentDigestMatches, parseContentDigest } from './content-digest';
|
|
11
11
|
export { requestContextFromExpress, requestContextFromFetch, requestContextFromLambda, type ExpressRequestLike, type FetchRequestLike, type LambdaRequestEvent, type RequestContextFromExpressOptions, type RequestContextFromLambdaOptions, } from './request-context';
|
|
12
|
-
export { finalizeRequestSignature,
|
|
13
|
-
export { signRequestAsync,
|
|
12
|
+
export { finalizeRequestSignature, prepareRequestSignature, prepareWebhookSignature, signRequest, signWebhook, type PreparedRequestSignature, type SignatureIdentity, type SignedRequest, type SignerKey, type SignRequestOptions, type SignWebhookOptions, } from './signer';
|
|
13
|
+
export { signRequestAsync, signWebhookAsync } from './signer-async';
|
|
14
14
|
export { derEcdsaToP1363 } from './ecdsa-encoding';
|
|
15
15
|
export { WEBHOOK_MANDATORY_COMPONENTS, WEBHOOK_SIGNING_TAG } from './webhook-verifier';
|
|
16
16
|
export { createSigningFetch, type CoverContentDigestPredicate, type SigningFetchOptions } from './fetch';
|
|
17
17
|
export { createSigningFetchAsync } from './fetch-async';
|
|
18
18
|
export type { SigningProvider } from './provider';
|
|
19
|
-
export { RequestSignatureError, type RequestSignatureErrorCode,
|
|
20
|
-
export { ALLOWED_ALGS, CLOCK_SKEW_TOLERANCE_SECONDS, MANDATORY_COMPONENTS, MAX_SIGNATURE_WINDOW_SECONDS, REQUEST_SIGNING_TAG,
|
|
19
|
+
export { RequestSignatureError, type RequestSignatureErrorCode, SigningProviderAlgorithmMismatchError, type SigningProviderErrorCode, WebhookSignatureError, type WebhookSignatureErrorCode, } from './errors';
|
|
20
|
+
export { ALLOWED_ALGS, CLOCK_SKEW_TOLERANCE_SECONDS, MANDATORY_COMPONENTS, MAX_SIGNATURE_WINDOW_SECONDS, REQUEST_SIGNING_TAG, type AdcpJsonWebKey, type AdcpSignAlg, type ContentDigestPolicy, type VerifierCapability, } from './types';
|
|
21
21
|
export { CapabilityCache, buildCapabilityCacheKey, defaultCapabilityCache, type CachedCapability, type CapabilityCacheOptions, } from './capability-cache';
|
|
22
22
|
export { buildAgentSigningFetch, createAgentSignedFetch, extractAdcpOperation, isInlineSigningConfig, isProviderSigningConfig, resolveCoverContentDigest, shouldSignOperation, toSignerKey, type BuildAgentSigningFetchOptions, type CreateAgentSignedFetchOptions, } from './agent-fetch';
|
|
23
23
|
export { buildAgentSigningContext, signingContextStorage, type AgentSigningContext, type AgentSigningIdentitySnapshot, } from './agent-context';
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../../src/lib/signing/client.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,OAAO,EACL,
|
|
1
|
+
{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../../src/lib/signing/client.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,OAAO,EACL,kBAAkB,EAClB,kBAAkB,EAClB,eAAe,EACf,kBAAkB,EAClB,qBAAqB,EACrB,cAAc,EACd,KAAK,WAAW,EAChB,KAAK,eAAe,GACrB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AAClG,OAAO,EACL,yBAAyB,EACzB,uBAAuB,EACvB,wBAAwB,EACxB,KAAK,kBAAkB,EACvB,KAAK,gBAAgB,EACrB,KAAK,kBAAkB,EACvB,KAAK,gCAAgC,EACrC,KAAK,+BAA+B,GACrC,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,wBAAwB,EACxB,uBAAuB,EACvB,uBAAuB,EACvB,WAAW,EACX,WAAW,EACX,KAAK,wBAAwB,EAC7B,KAAK,iBAAiB,EACtB,KAAK,aAAa,EAClB,KAAK,SAAS,EACd,KAAK,kBAAkB,EACvB,KAAK,kBAAkB,GACxB,MAAM,UAAU,CAAC;AAClB,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AACpE,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAE,4BAA4B,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AACvF,OAAO,EAAE,kBAAkB,EAAE,KAAK,2BAA2B,EAAE,KAAK,mBAAmB,EAAE,MAAM,SAAS,CAAC;AACzG,OAAO,EAAE,uBAAuB,EAAE,MAAM,eAAe,CAAC;AACxD,YAAY,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAClD,OAAO,EACL,qBAAqB,EACrB,KAAK,yBAAyB,EAC9B,qCAAqC,EACrC,KAAK,wBAAwB,EAC7B,qBAAqB,EACrB,KAAK,yBAAyB,GAC/B,MAAM,UAAU,CAAC;AAClB,OAAO,EACL,YAAY,EACZ,4BAA4B,EAC5B,oBAAoB,EACpB,4BAA4B,EAC5B,mBAAmB,EACnB,KAAK,cAAc,EACnB,KAAK,WAAW,EAChB,KAAK,mBAAmB,EACxB,KAAK,kBAAkB,GACxB,MAAM,SAAS,CAAC;AACjB,OAAO,EACL,eAAe,EACf,uBAAuB,EACvB,sBAAsB,EACtB,KAAK,gBAAgB,EACrB,KAAK,sBAAsB,GAC5B,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,sBAAsB,EACtB,sBAAsB,EACtB,oBAAoB,EACpB,qBAAqB,EACrB,uBAAuB,EACvB,yBAAyB,EACzB,mBAAmB,EACnB,WAAW,EACX,KAAK,6BAA6B,EAClC,KAAK,6BAA6B,GACnC,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,wBAAwB,EACxB,qBAAqB,EACrB,KAAK,mBAAmB,EACxB,KAAK,4BAA4B,GAClC,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,sBAAsB,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAC7E,OAAO,EAAE,YAAY,EAAE,KAAK,OAAO,EAAE,KAAK,mBAAmB,EAAE,MAAM,gBAAgB,CAAC"}
|
|
@@ -1,7 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.
|
|
4
|
-
exports.pemToAdcpJwk = exports.CAPABILITY_OP = exports.ensureCapabilityLoaded = exports.signingContextStorage = exports.buildAgentSigningContext = exports.toSignerKey = void 0;
|
|
3
|
+
exports.pemToAdcpJwk = exports.CAPABILITY_OP = exports.ensureCapabilityLoaded = exports.signingContextStorage = exports.buildAgentSigningContext = exports.toSignerKey = exports.shouldSignOperation = exports.resolveCoverContentDigest = exports.isProviderSigningConfig = exports.isInlineSigningConfig = exports.extractAdcpOperation = exports.createAgentSignedFetch = exports.buildAgentSigningFetch = exports.defaultCapabilityCache = exports.buildCapabilityCacheKey = exports.CapabilityCache = exports.REQUEST_SIGNING_TAG = exports.MAX_SIGNATURE_WINDOW_SECONDS = exports.MANDATORY_COMPONENTS = exports.CLOCK_SKEW_TOLERANCE_SECONDS = exports.ALLOWED_ALGS = exports.WebhookSignatureError = exports.SigningProviderAlgorithmMismatchError = exports.RequestSignatureError = exports.createSigningFetchAsync = exports.createSigningFetch = exports.WEBHOOK_SIGNING_TAG = exports.WEBHOOK_MANDATORY_COMPONENTS = exports.derEcdsaToP1363 = exports.signWebhookAsync = exports.signRequestAsync = exports.signWebhook = exports.signRequest = exports.prepareWebhookSignature = exports.prepareRequestSignature = exports.finalizeRequestSignature = exports.requestContextFromLambda = exports.requestContextFromFetch = exports.requestContextFromExpress = exports.parseContentDigest = exports.contentDigestMatches = exports.computeContentDigest = exports.getHeaderValue = exports.formatSignatureParams = exports.canonicalTargetUri = exports.canonicalMethod = exports.canonicalAuthority = exports.buildSignatureBase = void 0;
|
|
5
4
|
/**
|
|
6
5
|
* Client-side signing surface: what a buyer needs to sign outbound AdCP
|
|
7
6
|
* requests per RFC 9421 — signer, canonicalization helpers, fetch wrapper,
|
|
@@ -11,7 +10,6 @@ exports.pemToAdcpJwk = exports.CAPABILITY_OP = exports.ensureCapabilityLoaded =
|
|
|
11
10
|
* The aggregate `@adcp/sdk/signing` barrel re-exports both for back-compat.
|
|
12
11
|
*/
|
|
13
12
|
var canonicalize_1 = require("./canonicalize");
|
|
14
|
-
Object.defineProperty(exports, "buildResponseSignatureBase", { enumerable: true, get: function () { return canonicalize_1.buildResponseSignatureBase; } });
|
|
15
13
|
Object.defineProperty(exports, "buildSignatureBase", { enumerable: true, get: function () { return canonicalize_1.buildSignatureBase; } });
|
|
16
14
|
Object.defineProperty(exports, "canonicalAuthority", { enumerable: true, get: function () { return canonicalize_1.canonicalAuthority; } });
|
|
17
15
|
Object.defineProperty(exports, "canonicalMethod", { enumerable: true, get: function () { return canonicalize_1.canonicalMethod; } });
|
|
@@ -28,16 +26,12 @@ Object.defineProperty(exports, "requestContextFromFetch", { enumerable: true, ge
|
|
|
28
26
|
Object.defineProperty(exports, "requestContextFromLambda", { enumerable: true, get: function () { return request_context_1.requestContextFromLambda; } });
|
|
29
27
|
var signer_1 = require("./signer");
|
|
30
28
|
Object.defineProperty(exports, "finalizeRequestSignature", { enumerable: true, get: function () { return signer_1.finalizeRequestSignature; } });
|
|
31
|
-
Object.defineProperty(exports, "finalizeResponseSignature", { enumerable: true, get: function () { return signer_1.finalizeResponseSignature; } });
|
|
32
29
|
Object.defineProperty(exports, "prepareRequestSignature", { enumerable: true, get: function () { return signer_1.prepareRequestSignature; } });
|
|
33
|
-
Object.defineProperty(exports, "prepareResponseSignature", { enumerable: true, get: function () { return signer_1.prepareResponseSignature; } });
|
|
34
30
|
Object.defineProperty(exports, "prepareWebhookSignature", { enumerable: true, get: function () { return signer_1.prepareWebhookSignature; } });
|
|
35
31
|
Object.defineProperty(exports, "signRequest", { enumerable: true, get: function () { return signer_1.signRequest; } });
|
|
36
|
-
Object.defineProperty(exports, "signResponse", { enumerable: true, get: function () { return signer_1.signResponse; } });
|
|
37
32
|
Object.defineProperty(exports, "signWebhook", { enumerable: true, get: function () { return signer_1.signWebhook; } });
|
|
38
33
|
var signer_async_1 = require("./signer-async");
|
|
39
34
|
Object.defineProperty(exports, "signRequestAsync", { enumerable: true, get: function () { return signer_async_1.signRequestAsync; } });
|
|
40
|
-
Object.defineProperty(exports, "signResponseAsync", { enumerable: true, get: function () { return signer_async_1.signResponseAsync; } });
|
|
41
35
|
Object.defineProperty(exports, "signWebhookAsync", { enumerable: true, get: function () { return signer_async_1.signWebhookAsync; } });
|
|
42
36
|
var ecdsa_encoding_1 = require("./ecdsa-encoding");
|
|
43
37
|
Object.defineProperty(exports, "derEcdsaToP1363", { enumerable: true, get: function () { return ecdsa_encoding_1.derEcdsaToP1363; } });
|
|
@@ -50,7 +44,6 @@ var fetch_async_1 = require("./fetch-async");
|
|
|
50
44
|
Object.defineProperty(exports, "createSigningFetchAsync", { enumerable: true, get: function () { return fetch_async_1.createSigningFetchAsync; } });
|
|
51
45
|
var errors_1 = require("./errors");
|
|
52
46
|
Object.defineProperty(exports, "RequestSignatureError", { enumerable: true, get: function () { return errors_1.RequestSignatureError; } });
|
|
53
|
-
Object.defineProperty(exports, "ResponseSignatureError", { enumerable: true, get: function () { return errors_1.ResponseSignatureError; } });
|
|
54
47
|
Object.defineProperty(exports, "SigningProviderAlgorithmMismatchError", { enumerable: true, get: function () { return errors_1.SigningProviderAlgorithmMismatchError; } });
|
|
55
48
|
Object.defineProperty(exports, "WebhookSignatureError", { enumerable: true, get: function () { return errors_1.WebhookSignatureError; } });
|
|
56
49
|
var types_1 = require("./types");
|
|
@@ -59,8 +52,6 @@ Object.defineProperty(exports, "CLOCK_SKEW_TOLERANCE_SECONDS", { enumerable: tru
|
|
|
59
52
|
Object.defineProperty(exports, "MANDATORY_COMPONENTS", { enumerable: true, get: function () { return types_1.MANDATORY_COMPONENTS; } });
|
|
60
53
|
Object.defineProperty(exports, "MAX_SIGNATURE_WINDOW_SECONDS", { enumerable: true, get: function () { return types_1.MAX_SIGNATURE_WINDOW_SECONDS; } });
|
|
61
54
|
Object.defineProperty(exports, "REQUEST_SIGNING_TAG", { enumerable: true, get: function () { return types_1.REQUEST_SIGNING_TAG; } });
|
|
62
|
-
Object.defineProperty(exports, "RESPONSE_MANDATORY_COMPONENTS", { enumerable: true, get: function () { return types_1.RESPONSE_MANDATORY_COMPONENTS; } });
|
|
63
|
-
Object.defineProperty(exports, "RESPONSE_SIGNING_TAG", { enumerable: true, get: function () { return types_1.RESPONSE_SIGNING_TAG; } });
|
|
64
55
|
var capability_cache_1 = require("./capability-cache");
|
|
65
56
|
Object.defineProperty(exports, "CapabilityCache", { enumerable: true, get: function () { return capability_cache_1.CapabilityCache; } });
|
|
66
57
|
Object.defineProperty(exports, "buildCapabilityCacheKey", { enumerable: true, get: function () { return capability_cache_1.buildCapabilityCacheKey; } });
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client.js","sourceRoot":"","sources":["../../../src/lib/signing/client.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"client.js","sourceRoot":"","sources":["../../../src/lib/signing/client.ts"],"names":[],"mappings":";;;AAAA;;;;;;;GAOG;AACH,+CASwB;AARtB,kHAAA,kBAAkB,OAAA;AAClB,kHAAA,kBAAkB,OAAA;AAClB,+GAAA,eAAe,OAAA;AACf,kHAAA,kBAAkB,OAAA;AAClB,qHAAA,qBAAqB,OAAA;AACrB,8GAAA,cAAc,OAAA;AAIhB,mDAAkG;AAAzF,sHAAA,oBAAoB,OAAA;AAAE,sHAAA,oBAAoB,OAAA;AAAE,oHAAA,kBAAkB,OAAA;AACvE,qDAS2B;AARzB,4HAAA,yBAAyB,OAAA;AACzB,0HAAA,uBAAuB,OAAA;AACvB,2HAAA,wBAAwB,OAAA;AAO1B,mCAYkB;AAXhB,kHAAA,wBAAwB,OAAA;AACxB,iHAAA,uBAAuB,OAAA;AACvB,iHAAA,uBAAuB,OAAA;AACvB,qGAAA,WAAW,OAAA;AACX,qGAAA,WAAW,OAAA;AAQb,+CAAoE;AAA3D,gHAAA,gBAAgB,OAAA;AAAE,gHAAA,gBAAgB,OAAA;AAC3C,mDAAmD;AAA1C,iHAAA,eAAe,OAAA;AACxB,uDAAuF;AAA9E,gIAAA,4BAA4B,OAAA;AAAE,uHAAA,mBAAmB,OAAA;AAC1D,iCAAyG;AAAhG,2GAAA,kBAAkB,OAAA;AAC3B,6CAAwD;AAA/C,sHAAA,uBAAuB,OAAA;AAEhC,mCAOkB;AANhB,+GAAA,qBAAqB,OAAA;AAErB,+HAAA,qCAAqC,OAAA;AAErC,+GAAA,qBAAqB,OAAA;AAGvB,iCAUiB;AATf,qGAAA,YAAY,OAAA;AACZ,qHAAA,4BAA4B,OAAA;AAC5B,6GAAA,oBAAoB,OAAA;AACpB,qHAAA,4BAA4B,OAAA;AAC5B,4GAAA,mBAAmB,OAAA;AAMrB,uDAM4B;AAL1B,mHAAA,eAAe,OAAA;AACf,2HAAA,uBAAuB,OAAA;AACvB,0HAAA,sBAAsB,OAAA;AAIxB,6CAWuB;AAVrB,qHAAA,sBAAsB,OAAA;AACtB,qHAAA,sBAAsB,OAAA;AACtB,mHAAA,oBAAoB,OAAA;AACpB,oHAAA,qBAAqB,OAAA;AACrB,sHAAA,uBAAuB,OAAA;AACvB,wHAAA,yBAAyB,OAAA;AACzB,kHAAA,mBAAmB,OAAA;AACnB,0GAAA,WAAW,OAAA;AAIb,iDAKyB;AAJvB,yHAAA,wBAAwB,OAAA;AACxB,sHAAA,qBAAqB,OAAA;AAIvB,2DAA6E;AAApE,4HAAA,sBAAsB,OAAA;AAAE,mHAAA,aAAa,OAAA;AAC9C,+CAAsF;AAA7E,4GAAA,YAAY,OAAA"}
|
|
@@ -23,17 +23,6 @@ export declare class WebhookSignatureError extends ADCPError {
|
|
|
23
23
|
readonly failedStep: number;
|
|
24
24
|
constructor(code: WebhookSignatureErrorCode, failedStep: number, message: string, details?: unknown);
|
|
25
25
|
}
|
|
26
|
-
/**
|
|
27
|
-
* Error codes for the RFC 9421 response-signing surface. Parallel to the
|
|
28
|
-
* request- and webhook-signing taxonomies. Verifier ships in #1826; signer
|
|
29
|
-
* gate (`*_key_purpose_invalid`) ships in #1825.
|
|
30
|
-
*/
|
|
31
|
-
export type ResponseSignatureErrorCode = 'response_signature_header_malformed' | 'response_signature_params_incomplete' | 'response_signature_tag_invalid' | 'response_signature_alg_not_allowed' | 'response_signature_window_invalid' | 'response_signature_components_incomplete' | 'response_target_uri_malformed' | 'response_signature_key_unknown' | 'response_signature_key_purpose_invalid' | 'response_mode_mismatch' | 'response_signature_key_revoked' | 'response_signature_revocation_stale' | 'response_signature_rate_abuse' | 'response_signature_invalid' | 'response_signature_digest_mismatch' | 'response_signature_replayed';
|
|
32
|
-
export declare class ResponseSignatureError extends ADCPError {
|
|
33
|
-
readonly code: ResponseSignatureErrorCode;
|
|
34
|
-
readonly failedStep: number;
|
|
35
|
-
constructor(code: ResponseSignatureErrorCode, failedStep: number, message: string, details?: unknown);
|
|
36
|
-
}
|
|
37
26
|
/**
|
|
38
27
|
* SDK-side error codes for the `SigningProvider` integration path. Distinct
|
|
39
28
|
* namespace from `RequestSignatureErrorCode` / `WebhookSignatureErrorCode`
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../../src/lib/signing/errors.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAEtC,MAAM,MAAM,yBAAyB,GACjC,4BAA4B,GAC5B,oCAAoC,GACpC,qCAAqC,GACrC,+BAA+B,GAC/B,mCAAmC,GACnC,kCAAkC,GAClC,yCAAyC,GACzC,yCAAyC,GACzC,+BAA+B,GAC/B,uCAAuC,GACvC,+BAA+B,GAC/B,2BAA2B,GAC3B,mCAAmC,GACnC,4BAA4B,GAC5B,8BAA8B,GAC9B,oCAAoC,CAAC;AAEzC,qBAAa,qBAAsB,SAAQ,SAAS;IAClD,QAAQ,CAAC,IAAI,EAAE,yBAAyB,CAAC;IACzC,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;gBAEhB,IAAI,EAAE,yBAAyB,EAAE,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,OAAO;CAKpG;AAED;;;;GAIG;AACH;;;;;;GAMG;AACH,MAAM,MAAM,yBAAyB,GACjC,oCAAoC,GACpC,qCAAqC,GACrC,+BAA+B,GAC/B,mCAAmC,GACnC,kCAAkC,GAClC,yCAAyC,GAKzC,8BAA8B,GAC9B,+BAA+B,GAI/B,uCAAuC,GAKvC,uBAAuB,GACvB,+BAA+B,GAC/B,oCAAoC,GACpC,8BAA8B,GAC9B,2BAA2B,GAC3B,mCAAmC,GACnC,4BAA4B,CAAC;AAEjC,qBAAa,qBAAsB,SAAQ,SAAS;IAClD,QAAQ,CAAC,IAAI,EAAE,yBAAyB,CAAC;IACzC,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;gBAEhB,IAAI,EAAE,yBAAyB,EAAE,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,OAAO;CAKpG;AAED
|
|
1
|
+
{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../../src/lib/signing/errors.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAEtC,MAAM,MAAM,yBAAyB,GACjC,4BAA4B,GAC5B,oCAAoC,GACpC,qCAAqC,GACrC,+BAA+B,GAC/B,mCAAmC,GACnC,kCAAkC,GAClC,yCAAyC,GACzC,yCAAyC,GACzC,+BAA+B,GAC/B,uCAAuC,GACvC,+BAA+B,GAC/B,2BAA2B,GAC3B,mCAAmC,GACnC,4BAA4B,GAC5B,8BAA8B,GAC9B,oCAAoC,CAAC;AAEzC,qBAAa,qBAAsB,SAAQ,SAAS;IAClD,QAAQ,CAAC,IAAI,EAAE,yBAAyB,CAAC;IACzC,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;gBAEhB,IAAI,EAAE,yBAAyB,EAAE,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,OAAO;CAKpG;AAED;;;;GAIG;AACH;;;;;;GAMG;AACH,MAAM,MAAM,yBAAyB,GACjC,oCAAoC,GACpC,qCAAqC,GACrC,+BAA+B,GAC/B,mCAAmC,GACnC,kCAAkC,GAClC,yCAAyC,GAKzC,8BAA8B,GAC9B,+BAA+B,GAI/B,uCAAuC,GAKvC,uBAAuB,GACvB,+BAA+B,GAC/B,oCAAoC,GACpC,8BAA8B,GAC9B,2BAA2B,GAC3B,mCAAmC,GACnC,4BAA4B,CAAC;AAEjC,qBAAa,qBAAsB,SAAQ,SAAS;IAClD,QAAQ,CAAC,IAAI,EAAE,yBAAyB,CAAC;IACzC,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;gBAEhB,IAAI,EAAE,yBAAyB,EAAE,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,OAAO;CAKpG;AAED;;;;;GAKG;AACH,MAAM,MAAM,wBAAwB,GAAG,qCAAqC,CAAC;AAE7E;;;;;;;;GAQG;AACH,qBAAa,qCAAsC,SAAQ,SAAS;IAClE,QAAQ,CAAC,IAAI,EAAE,wBAAwB,CAAyC;IAChF,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;gBAEjB,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM;CASlE"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.SigningProviderAlgorithmMismatchError = exports.
|
|
3
|
+
exports.SigningProviderAlgorithmMismatchError = exports.WebhookSignatureError = exports.RequestSignatureError = void 0;
|
|
4
4
|
const errors_1 = require("../errors");
|
|
5
5
|
class RequestSignatureError extends errors_1.ADCPError {
|
|
6
6
|
code;
|
|
@@ -22,16 +22,6 @@ class WebhookSignatureError extends errors_1.ADCPError {
|
|
|
22
22
|
}
|
|
23
23
|
}
|
|
24
24
|
exports.WebhookSignatureError = WebhookSignatureError;
|
|
25
|
-
class ResponseSignatureError extends errors_1.ADCPError {
|
|
26
|
-
code;
|
|
27
|
-
failedStep;
|
|
28
|
-
constructor(code, failedStep, message, details) {
|
|
29
|
-
super(message, details);
|
|
30
|
-
this.code = code;
|
|
31
|
-
this.failedStep = failedStep;
|
|
32
|
-
}
|
|
33
|
-
}
|
|
34
|
-
exports.ResponseSignatureError = ResponseSignatureError;
|
|
35
25
|
/**
|
|
36
26
|
* Adapter-side error thrown when a `SigningProvider`'s declared `algorithm`
|
|
37
27
|
* doesn't match the algorithm of the underlying key material.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"errors.js","sourceRoot":"","sources":["../../../src/lib/signing/errors.ts"],"names":[],"mappings":";;;AAAA,sCAAsC;AAoBtC,MAAa,qBAAsB,SAAQ,kBAAS;IACzC,IAAI,CAA4B;IAChC,UAAU,CAAS;IAE5B,YAAY,IAA+B,EAAE,UAAkB,EAAE,OAAe,EAAE,OAAiB;QACjG,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACxB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;IAC/B,CAAC;CACF;AATD,sDASC;AA2CD,MAAa,qBAAsB,SAAQ,kBAAS;IACzC,IAAI,CAA4B;IAChC,UAAU,CAAS;IAE5B,YAAY,IAA+B,EAAE,UAAkB,EAAE,OAAe,EAAE,OAAiB;QACjG,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACxB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;IAC/B,CAAC;CACF;AATD,sDASC;
|
|
1
|
+
{"version":3,"file":"errors.js","sourceRoot":"","sources":["../../../src/lib/signing/errors.ts"],"names":[],"mappings":";;;AAAA,sCAAsC;AAoBtC,MAAa,qBAAsB,SAAQ,kBAAS;IACzC,IAAI,CAA4B;IAChC,UAAU,CAAS;IAE5B,YAAY,IAA+B,EAAE,UAAkB,EAAE,OAAe,EAAE,OAAiB;QACjG,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACxB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;IAC/B,CAAC;CACF;AATD,sDASC;AA2CD,MAAa,qBAAsB,SAAQ,kBAAS;IACzC,IAAI,CAA4B;IAChC,UAAU,CAAS;IAE5B,YAAY,IAA+B,EAAE,UAAkB,EAAE,OAAe,EAAE,OAAiB;QACjG,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACxB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;IAC/B,CAAC;CACF;AATD,sDASC;AAUD;;;;;;;;GAQG;AACH,MAAa,qCAAsC,SAAQ,kBAAS;IACzD,IAAI,GAA6B,qCAAqC,CAAC;IACvE,QAAQ,CAAS;IACjB,MAAM,CAAS;IACf,WAAW,CAAS;IAE7B,YAAY,QAAgB,EAAE,MAAc,EAAE,WAAmB;QAC/D,KAAK,CACH,uCAAuC,QAAQ,4BAA4B,MAAM,WAAW,WAAW,MAAM;YAC3G,wGAAwG,CAC3G,CAAC;QACF,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;IACjC,CAAC;CACF;AAfD,sFAeC"}
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import type { AdcpJsonWebKey, AdcpSignAlg } from './types';
|
|
2
|
-
export type AdcpUse = 'request-signing' | 'webhook-signing' | '
|
|
2
|
+
export type AdcpUse = 'request-signing' | 'webhook-signing' | 'governance-signing';
|
|
3
|
+
export declare function assertAdcpUse(value: unknown, helperName: string): asserts value is AdcpUse;
|
|
3
4
|
export interface PemToAdcpJwkOptions {
|
|
4
5
|
/** `kid` to embed in the JWK — must match the value published in `Signature-Input`. */
|
|
5
6
|
kid: string;
|
|
@@ -9,9 +10,6 @@ export interface PemToAdcpJwkOptions {
|
|
|
9
10
|
* Purpose binding, enforced by AdCP verifiers at step 8.
|
|
10
11
|
* - `'request-signing'` — for JWKs published at the buyer's `jwks_uri`.
|
|
11
12
|
* - `'webhook-signing'` — for JWKs used to sign outbound webhook callbacks.
|
|
12
|
-
* - `'response-signing'` — for JWKs used to sign outbound responses
|
|
13
|
-
* (RFC 9421 §2.2.9 response signing). Verifier surface is a follow-up;
|
|
14
|
-
* the value is reserved here so signer-side JWKs can declare it now.
|
|
15
13
|
* - `'governance-signing'` — for JWKs used to sign governance context
|
|
16
14
|
* (JWS-signed, not RFC 9421). Declared on JWKs published in a tenant's
|
|
17
15
|
* aggregated JWKS so JSON-typed consumers (e.g., third-party verifiers
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jwks-helpers.d.ts","sourceRoot":"","sources":["../../../src/lib/signing/jwks-helpers.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAkB3D,MAAM,MAAM,OAAO,GAAG,iBAAiB,GAAG,iBAAiB,GAAG,
|
|
1
|
+
{"version":3,"file":"jwks-helpers.d.ts","sourceRoot":"","sources":["../../../src/lib/signing/jwks-helpers.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAkB3D,MAAM,MAAM,OAAO,GAAG,iBAAiB,GAAG,iBAAiB,GAAG,oBAAoB,CAAC;AAInF,wBAAgB,aAAa,CAAC,KAAK,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,KAAK,IAAI,OAAO,CAO1F;AAED,MAAM,WAAW,mBAAmB;IAClC,uFAAuF;IACvF,GAAG,EAAE,MAAM,CAAC;IACZ,6EAA6E;IAC7E,SAAS,EAAE,WAAW,CAAC;IACvB;;;;;;;;;;;OAWG;IACH,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,wBAAgB,YAAY,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,mBAAmB,GAAG,cAAc,CA6CtF"}
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.assertAdcpUse = assertAdcpUse;
|
|
3
4
|
exports.pemToAdcpJwk = pemToAdcpJwk;
|
|
4
5
|
const node_crypto_1 = require("node:crypto");
|
|
5
6
|
/**
|
|
@@ -17,6 +18,13 @@ const WIRE_ALG_TO_JOSE = {
|
|
|
17
18
|
ed25519: 'EdDSA',
|
|
18
19
|
'ecdsa-p256-sha256': 'ES256',
|
|
19
20
|
};
|
|
21
|
+
const ADCP_USE_VALUES = new Set(['request-signing', 'webhook-signing', 'governance-signing']);
|
|
22
|
+
function assertAdcpUse(value, helperName) {
|
|
23
|
+
if (typeof value !== 'string' || !ADCP_USE_VALUES.has(value)) {
|
|
24
|
+
throw new TypeError(`${helperName}: unsupported adcp_use '${String(value)}'. ` +
|
|
25
|
+
`Supported: ${Array.from(ADCP_USE_VALUES).join(', ')}.`);
|
|
26
|
+
}
|
|
27
|
+
}
|
|
20
28
|
/**
|
|
21
29
|
* Convert a public-key PEM (SPKI / `BEGIN PUBLIC KEY` format) to an AdCP JWK
|
|
22
30
|
* with the correct fields for publication at `/.well-known/jwks.json`.
|
|
@@ -50,6 +58,7 @@ const WIRE_ALG_TO_JOSE = {
|
|
|
50
58
|
* ```
|
|
51
59
|
*/
|
|
52
60
|
function pemToAdcpJwk(pem, options) {
|
|
61
|
+
assertAdcpUse(options.adcp_use, 'pemToAdcpJwk');
|
|
53
62
|
// Anchored to the BEGIN line so a public-key PEM that mentions "PRIVATE
|
|
54
63
|
// KEY" in surrounding metadata or comments doesn't false-positive. RFC
|
|
55
64
|
// 7468 mandates exact uppercase between dashes; matching all standard
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jwks-helpers.js","sourceRoot":"","sources":["../../../src/lib/signing/jwks-helpers.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"jwks-helpers.js","sourceRoot":"","sources":["../../../src/lib/signing/jwks-helpers.ts"],"names":[],"mappings":";;AAuBA,sCAOC;AAsDD,oCA6CC;AAjID,6CAA8C;AAG9C;;;;;;;;;;GAUG;AACH,MAAM,gBAAgB,GAAgC;IACpD,OAAO,EAAE,OAAO;IAChB,mBAAmB,EAAE,OAAO;CAC7B,CAAC;AAIF,MAAM,eAAe,GAAG,IAAI,GAAG,CAAU,CAAC,iBAAiB,EAAE,iBAAiB,EAAE,oBAAoB,CAAC,CAAC,CAAC;AAEvG,SAAgB,aAAa,CAAC,KAAc,EAAE,UAAkB;IAC9D,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,KAAgB,CAAC,EAAE,CAAC;QACxE,MAAM,IAAI,SAAS,CACjB,GAAG,UAAU,2BAA2B,MAAM,CAAC,KAAK,CAAC,KAAK;YACxD,cAAc,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAC1D,CAAC;IACJ,CAAC;AACH,CAAC;AAsBD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,SAAgB,YAAY,CAAC,GAAW,EAAE,OAA4B;IACpE,aAAa,CAAC,OAAO,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;IAEhD,wEAAwE;IACxE,uEAAuE;IACvE,sEAAsE;IACtE,uEAAuE;IACvE,iBAAiB;IACjB,IAAI,kCAAkC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACjD,MAAM,IAAI,SAAS,CACjB,2CAA2C;YACzC,gEAAgE;YAChE,wDAAwD,CAC3D,CAAC;IACJ,CAAC;IAED,IAAI,MAAM,CAAC;IACX,IAAI,CAAC;QACH,MAAM,GAAG,IAAA,6BAAe,EAAC,EAAE,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;IACxD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,SAAS,CACjB,sDAAsD;YACpD,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI;YACvD,4CAA4C,CAC/C,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAAG,gBAAgB,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IACpD,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,SAAS,CACjB,wCAAwC,OAAO,CAAC,SAAS,KAAK;YAC5D,cAAc,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAC5D,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,CAA4B,CAAC;IAE7E,OAAO;QACL,GAAG,QAAQ;QACX,GAAG,EAAE,OAAO,CAAC,GAAG;QAChB,GAAG,EAAE,OAAO;QACZ,GAAG,EAAE,KAAK;QACV,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,OAAO,EAAE,CAAC,QAAQ,CAAC;KACF,CAAC;AACtB,CAAC"}
|
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
import type { AdcpUse } from './jwks-helpers';
|
|
2
1
|
import type { AdcpSignAlg } from './types';
|
|
3
2
|
/**
|
|
4
3
|
* Pluggable signer that the AdCP request- and webhook-signing paths route
|
|
@@ -55,19 +54,21 @@ export interface SigningProvider {
|
|
|
55
54
|
/**
|
|
56
55
|
* Purpose binding for the underlying key, parallel to the sync-path
|
|
57
56
|
* `SignerKey.privateKey.adcp_use` gate. When set, the async helpers
|
|
58
|
-
* (`signRequestAsync`, `signWebhookAsync
|
|
59
|
-
*
|
|
60
|
-
*
|
|
57
|
+
* (`signRequestAsync`, `signWebhookAsync`) refuse keys whose `adcpUse`
|
|
58
|
+
* doesn't match the helper, with the same error codes the verifier raises
|
|
59
|
+
* at step 8.
|
|
61
60
|
*
|
|
62
61
|
* **Optional and backward-compatible.** Existing providers that omit
|
|
63
62
|
* `adcpUse` skip the gate (no breakage, but no defense-in-depth either).
|
|
64
|
-
*
|
|
65
|
-
*
|
|
66
|
-
*
|
|
67
|
-
*
|
|
68
|
-
*
|
|
63
|
+
* When present, it is intentionally typed as a raw string so retired or
|
|
64
|
+
* unknown purpose values still fail closed instead of being erased before
|
|
65
|
+
* the signer-side gate runs. Adapter authors who care about catching IAM
|
|
66
|
+
* misconfig at the signer rather than the verifier should set this — KMS is
|
|
67
|
+
* exactly where one IAM mistake silently grants a single key cross-purpose
|
|
68
|
+
* access, and `request-signing` / `webhook-signing` keys MUST stay distinct
|
|
69
|
+
* per AdCP step-8 purpose-binding.
|
|
69
70
|
*/
|
|
70
|
-
readonly adcpUse?:
|
|
71
|
+
readonly adcpUse?: string;
|
|
71
72
|
/**
|
|
72
73
|
* Stable opaque identifier disambiguating this signer from others
|
|
73
74
|
* advertising the same `kid`. Used as input to the SDK's transport- and
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"provider.d.ts","sourceRoot":"","sources":["../../../src/lib/signing/provider.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,
|
|
1
|
+
{"version":3,"file":"provider.d.ts","sourceRoot":"","sources":["../../../src/lib/signing/provider.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAE3C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AACH,MAAM,WAAW,eAAe;IAC9B;;;;OAIG;IACH,IAAI,CAAC,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IAE/C;;;OAGG;IACH,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IAEvB;;OAEG;IACH,QAAQ,CAAC,SAAS,EAAE,WAAW,CAAC;IAEhC;;;;;;;;;;;;;;;;OAgBG;IACH,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAE1B;;;;;;;;;;;;;;;;;;;;;;;;OAwBG;IACH,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;CAC9B"}
|
|
@@ -1,12 +1,10 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* Adapter helpers that construct the `{ method, url }` shape
|
|
3
|
-
*
|
|
4
|
-
* components back to an originating request) requires.
|
|
2
|
+
* Adapter helpers that construct the `{ method, url }` shape used when
|
|
3
|
+
* binding RFC 9421 derived components to an inbound request.
|
|
5
4
|
*
|
|
6
|
-
* Why this exists:
|
|
7
|
-
*
|
|
8
|
-
*
|
|
9
|
-
* as path-only, so adopters reconstruct via
|
|
5
|
+
* Why this exists: RFC 9421 `@authority` / `@target-uri` canonicalization
|
|
6
|
+
* requires an absolute URL. Express handlers ship `req.url` /
|
|
7
|
+
* `req.originalUrl` as path-only, so adopters reconstruct via
|
|
10
8
|
* `${req.protocol}://${req.get('host')}${req.originalUrl}`. But `req.protocol`
|
|
11
9
|
* lies behind a TLS-terminating proxy unless `trust proxy` is set, and
|
|
12
10
|
* `req.get('host')` is attacker-controllable absent a Host allowlist. A
|
|
@@ -14,10 +12,9 @@
|
|
|
14
12
|
* `attacker.example.com` while the operator believes they're signing for
|
|
15
13
|
* `seller.example.com`.
|
|
16
14
|
*
|
|
17
|
-
* The library can warn (JSDoc on `ResponseLike.request`) but can't enforce.
|
|
18
15
|
* These helpers make the safe path the default path — pass them an inbound
|
|
19
|
-
* request handle from your platform and they emit a hardened
|
|
20
|
-
*
|
|
16
|
+
* request handle from your platform and they emit a hardened `{ method, url }`
|
|
17
|
+
* shape for request or webhook verification.
|
|
21
18
|
*/
|
|
22
19
|
/**
|
|
23
20
|
* Minimal Express request shape this helper consumes. Kept narrow so
|
|
@@ -46,7 +43,7 @@ export interface RequestContextFromExpressOptions {
|
|
|
46
43
|
hostAllowlist?: ReadonlyArray<string>;
|
|
47
44
|
/**
|
|
48
45
|
* When `true` (default), the helper throws if the reconstructed URL
|
|
49
|
-
* scheme is not `https`. AdCP
|
|
46
|
+
* scheme is not `https`. AdCP request / webhook signatures bound to
|
|
50
47
|
* `http://` will fail strict-HTTPS verifier profiles, so this catches
|
|
51
48
|
* the misconfig at construction time. Disable only for local dev /
|
|
52
49
|
* loopback mock servers.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"request-context.d.ts","sourceRoot":"","sources":["../../../src/lib/signing/request-context.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"request-context.d.ts","sourceRoot":"","sources":["../../../src/lib/signing/request-context.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH;;;;;GAKG;AACH,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,sDAAsD;IACtD,GAAG,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC;CACvC;AAED,MAAM,WAAW,gCAAgC;IAC/C;;;;;;;;;OASG;IACH,aAAa,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IAEtC;;;;;;OAMG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,yBAAyB,CACvC,GAAG,EAAE,kBAAkB,EACvB,OAAO,GAAE,gCAAqC,GAC7C;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,CAgCjC;AAED;;;;GAIG;AACH,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;CACtB;AAED;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CAAC,OAAO,EAAE,gBAAgB,GAAG;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,CAoBlG;AAED;;;;GAIG;AACH,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,cAAc,EAAE;QACvB,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;QAC7B,QAAQ,CAAC,IAAI,CAAC,EAAE;YAAE,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAA;SAAE,CAAC;QAC7C,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;KAC9B,CAAC;IACF,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,cAAc,CAAC,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,qBAAqB,CAAC,EAAE;QAAE,QAAQ,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAA;KAAE,CAAC;CACjF;AAED,MAAM,WAAW,+BAA+B;IAC9C;;;;;;;OAOG;IACH,aAAa,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;CACvC;AAED;;;;;;;;GAQG;AACH,wBAAgB,wBAAwB,CACtC,KAAK,EAAE,kBAAkB,EACzB,OAAO,GAAE,+BAAoC,GAC5C;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,CAoCjC"}
|
|
@@ -1,13 +1,11 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
/**
|
|
3
|
-
* Adapter helpers that construct the `{ method, url }` shape
|
|
4
|
-
*
|
|
5
|
-
* components back to an originating request) requires.
|
|
3
|
+
* Adapter helpers that construct the `{ method, url }` shape used when
|
|
4
|
+
* binding RFC 9421 derived components to an inbound request.
|
|
6
5
|
*
|
|
7
|
-
* Why this exists:
|
|
8
|
-
*
|
|
9
|
-
*
|
|
10
|
-
* as path-only, so adopters reconstruct via
|
|
6
|
+
* Why this exists: RFC 9421 `@authority` / `@target-uri` canonicalization
|
|
7
|
+
* requires an absolute URL. Express handlers ship `req.url` /
|
|
8
|
+
* `req.originalUrl` as path-only, so adopters reconstruct via
|
|
11
9
|
* `${req.protocol}://${req.get('host')}${req.originalUrl}`. But `req.protocol`
|
|
12
10
|
* lies behind a TLS-terminating proxy unless `trust proxy` is set, and
|
|
13
11
|
* `req.get('host')` is attacker-controllable absent a Host allowlist. A
|
|
@@ -15,10 +13,9 @@
|
|
|
15
13
|
* `attacker.example.com` while the operator believes they're signing for
|
|
16
14
|
* `seller.example.com`.
|
|
17
15
|
*
|
|
18
|
-
* The library can warn (JSDoc on `ResponseLike.request`) but can't enforce.
|
|
19
16
|
* These helpers make the safe path the default path — pass them an inbound
|
|
20
|
-
* request handle from your platform and they emit a hardened
|
|
21
|
-
*
|
|
17
|
+
* request handle from your platform and they emit a hardened `{ method, url }`
|
|
18
|
+
* shape for request or webhook verification.
|
|
22
19
|
*/
|
|
23
20
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
24
21
|
exports.requestContextFromExpress = requestContextFromExpress;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"request-context.js","sourceRoot":"","sources":["../../../src/lib/signing/request-context.ts"],"names":[],"mappings":";AAAA
|
|
1
|
+
{"version":3,"file":"request-context.js","sourceRoot":"","sources":["../../../src/lib/signing/request-context.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;GAiBG;;AAsDH,8DAmCC;AAmBD,0DAoBC;AAyCD,4DAuCC;AAzKD;;;;;;;;;;;;;;GAcG;AACH,SAAgB,yBAAyB,CACvC,GAAuB,EACvB,UAA4C,EAAE;IAE9C,MAAM,IAAI,GAAG,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC;IAC5C,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,IAAI,SAAS,CACjB,qDAAqD;YACnD,wGAAwG,CAC3G,CAAC;IACJ,CAAC;IACD,IAAI,OAAO,CAAC,aAAa,IAAI,CAAC,oBAAoB,CAAC,IAAI,EAAE,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC;QAChF,MAAM,IAAI,SAAS,CACjB,oCAAoC,IAAI,6BAA6B;YACnE,0FAA0F;YAC1F,+EAA+E,CAClF,CAAC;IACJ,CAAC;IACD,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC;IAC9B,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,KAAK,KAAK,CAAC;IAChD,IAAI,UAAU,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;QACvC,MAAM,IAAI,SAAS,CACjB,2CAA2C,QAAQ,kBAAkB;YACnE,gFAAgF;YAChF,2EAA2E,CAC9E,CAAC;IACJ,CAAC;IACD,2EAA2E;IAC3E,yEAAyE;IACzE,2EAA2E;IAC3E,uEAAuE;IACvE,IAAI,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;QACpD,MAAM,IAAI,SAAS,CAAC,0EAA0E,CAAC,CAAC;IAClG,CAAC;IACD,OAAO,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,GAAG,EAAE,GAAG,QAAQ,MAAM,IAAI,GAAG,GAAG,CAAC,WAAW,EAAE,EAAE,CAAC;AAChF,CAAC;AAYD;;;;;;GAMG;AACH,SAAgB,uBAAuB,CAAC,OAAyB;IAC/D,wEAAwE;IACxE,oEAAoE;IACpE,mEAAmE;IACnE,sEAAsE;IACtE,mEAAmE;IACnE,gCAAgC;IAChC,IAAI,MAAW,CAAC;IAChB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAChC,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,SAAS,CAAC,yCAAyC,OAAO,CAAC,GAAG,2BAA2B,CAAC,CAAC;IACvG,CAAC;IACD,IAAI,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACvC,MAAM,IAAI,SAAS,CACjB,gEAAgE;YAC9D,4FAA4F,CAC/F,CAAC;IACJ,CAAC;IACD,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC;AACtD,CAAC;AAgCD;;;;;;;;GAQG;AACH,SAAgB,wBAAwB,CACtC,KAAyB,EACzB,UAA2C,EAAE;IAE7C,MAAM,UAAU,GAAG,KAAK,CAAC,cAAc,CAAC,UAAU,CAAC;IACnD,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,IAAI,SAAS,CACjB,wEAAwE;YACtE,wDAAwD;YACxD,2CAA2C,CAC9C,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,GAAG,aAAa,CAAC,UAAU,CAAC,CAAC;IACvC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,IAAI,SAAS,CAAC,oEAAoE,CAAC,CAAC;IAC5F,CAAC;IACD,IAAI,OAAO,CAAC,aAAa,IAAI,CAAC,oBAAoB,CAAC,IAAI,EAAE,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC;QAChF,MAAM,IAAI,SAAS,CACjB,yCAAyC,IAAI,6BAA6B;YACxE,sFAAsF,CACzF,CAAC;IACJ,CAAC;IACD,MAAM,MAAM,GAAG,KAAK,CAAC,cAAc,CAAC,IAAI,EAAE,MAAM,IAAI,KAAK,CAAC,cAAc,CAAC,UAAU,IAAI,KAAK,CAAC,UAAU,CAAC;IACxG,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,SAAS,CAAC,kEAAkE,CAAC,CAAC;IAC1F,CAAC;IACD,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,IAAI,KAAK,CAAC,IAAI,IAAI,GAAG,CAAC;IAChD,0EAA0E;IAC1E,yEAAyE;IACzE,IAAI,GAAG,GAAG,WAAW,IAAI,GAAG,IAAI,EAAE,CAAC;IACnC,IAAI,KAAK,CAAC,cAAc,EAAE,CAAC;QACzB,GAAG,IAAI,IAAI,KAAK,CAAC,cAAc,EAAE,CAAC;IACpC,CAAC;SAAM,IAAI,KAAK,CAAC,qBAAqB,EAAE,CAAC;QACvC,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,qBAAqB,CAAC;aACvD,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,SAAS,CAAC;aAClC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,kBAAkB,CAAC,CAAC,CAAC,IAAI,kBAAkB,CAAC,CAAW,CAAC,EAAE,CAAC,CAAC;QAClF,IAAI,MAAM,CAAC,MAAM;YAAE,GAAG,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;IACnD,CAAC;IACD,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;AACzB,CAAC;AAED;;;;;;GAMG;AACH,SAAS,aAAa,CAAC,GAAuB;IAC5C,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,CAAC;IACpB,IAAI,CAAC,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACjC,mEAAmE;IACnE,yDAAyD;IACzD,IAAI,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAC5D,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,oBAAoB,CAAC,IAAY,EAAE,SAAgC;IAC1E,OAAO,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,aAAa,CAAC,KAAK,CAAC,KAAK,IAAI,CAAC,CAAC;AAChE,CAAC"}
|
|
@@ -8,11 +8,11 @@
|
|
|
8
8
|
* capability cache). The aggregate `@adcp/sdk/signing` barrel re-exports
|
|
9
9
|
* both for back-compat.
|
|
10
10
|
*/
|
|
11
|
-
export {
|
|
11
|
+
export { buildSignatureBase, canonicalAuthority, canonicalMethod, canonicalTargetUri, formatSignatureParams, getHeaderValue, type RequestLike, type SignatureParams, } from './canonicalize';
|
|
12
12
|
export { computeContentDigest, contentDigestMatches, parseContentDigest } from './content-digest';
|
|
13
13
|
export { requestContextFromExpress, requestContextFromFetch, requestContextFromLambda, type ExpressRequestLike, type FetchRequestLike, type LambdaRequestEvent, type RequestContextFromExpressOptions, type RequestContextFromLambdaOptions, } from './request-context';
|
|
14
14
|
export { jwkToPublicKey, verifySignature } from './crypto';
|
|
15
|
-
export { RequestSignatureError, type RequestSignatureErrorCode,
|
|
15
|
+
export { RequestSignatureError, type RequestSignatureErrorCode, WebhookSignatureError, type WebhookSignatureErrorCode, } from './errors';
|
|
16
16
|
export { StaticJwksResolver, type JwksResolver } from './jwks';
|
|
17
17
|
export { HttpsJwksResolver, type HttpsJwksResolverOptions } from './jwks-https';
|
|
18
18
|
export { BrandJsonJwksResolver, BrandJsonResolverError, type BrandAgentType, type BrandJsonJwksResolverOptions, type BrandJsonResolverErrorCode, } from './brand-jwks';
|
|
@@ -22,9 +22,8 @@ export { PostgresReplayStore, REPLAY_CACHE_MIGRATION, getReplayStoreMigration, s
|
|
|
22
22
|
export { RedisReplayStore, type RedisReplayStoreOptions, type ReplayRedisBackendClient, type ReplayRedisLikeClient, } from './redis-replay-store';
|
|
23
23
|
export { InMemoryRevocationStore, type RevocationStore } from './revocation';
|
|
24
24
|
export { HttpsRevocationStore, type HttpsRevocationStoreOptions } from './revocation-https';
|
|
25
|
-
export { ALLOWED_ALGS, CLOCK_SKEW_TOLERANCE_SECONDS, MANDATORY_COMPONENTS, MAX_SIGNATURE_WINDOW_SECONDS, REQUEST_SIGNING_TAG,
|
|
25
|
+
export { ALLOWED_ALGS, CLOCK_SKEW_TOLERANCE_SECONDS, MANDATORY_COMPONENTS, MAX_SIGNATURE_WINDOW_SECONDS, REQUEST_SIGNING_TAG, type AdcpJsonWebKey, type ContentDigestPolicy, type RevocationSnapshot, type VerifiedSigner, type VerifierCapability, type VerifyResult, } from './types';
|
|
26
26
|
export { verifyRequestSignature, type VerifyRequestOptions } from './verifier';
|
|
27
|
-
export { createResponseVerifier, verifyResponseSignature, type CreateResponseVerifierOptions, type VerifyResponseOptions, type VerifyResponseResult, } from './response-verifier';
|
|
28
27
|
export { createWebhookVerifier, verifyWebhookSignature, WEBHOOK_MANDATORY_COMPONENTS, WEBHOOK_SIGNING_TAG, type CreateWebhookVerifierOptions, type VerifyWebhookOptions, type VerifyWebhookResult, } from './webhook-verifier';
|
|
29
28
|
export { createExpressVerifier, type ExpressLike, type ExpressMiddlewareOptions } from './middleware';
|
|
30
29
|
export { resolveAgent, getAgentJwks, createAgentJwksSet, AgentResolverError, attackerInfluencedFields, ATTACKER_INFLUENCED, readBrandJsonUrl, readIdentityPosture, type AgentResolution, type AgentProtocol, type AgentResolverErrorCode, type AgentResolverErrorDetail, type AgentEntry, type AgentJwksResult, type CapabilitiesWithBrandJsonUrl, type CreateAgentJwksSetOptions, type FetchCapabilitiesFn, type GetAgentJwksOptions, type IdentityKeyOriginPurpose, type IdentityKeyOrigins, type IdentityPosture, type ResolveAgentOptions, type TraceStep, } from './agent-resolver';
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../../src/lib/signing/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,OAAO,EACL,
|
|
1
|
+
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../../src/lib/signing/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,OAAO,EACL,kBAAkB,EAClB,kBAAkB,EAClB,eAAe,EACf,kBAAkB,EAClB,qBAAqB,EACrB,cAAc,EACd,KAAK,WAAW,EAChB,KAAK,eAAe,GACrB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AAClG,OAAO,EACL,yBAAyB,EACzB,uBAAuB,EACvB,wBAAwB,EACxB,KAAK,kBAAkB,EACvB,KAAK,gBAAgB,EACrB,KAAK,kBAAkB,EACvB,KAAK,gCAAgC,EACrC,KAAK,+BAA+B,GACrC,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAC3D,OAAO,EACL,qBAAqB,EACrB,KAAK,yBAAyB,EAC9B,qBAAqB,EACrB,KAAK,yBAAyB,GAC/B,MAAM,UAAU,CAAC;AAClB,OAAO,EAAE,kBAAkB,EAAE,KAAK,YAAY,EAAE,MAAM,QAAQ,CAAC;AAC/D,OAAO,EAAE,iBAAiB,EAAE,KAAK,wBAAwB,EAAE,MAAM,cAAc,CAAC;AAChF,OAAO,EACL,qBAAqB,EACrB,sBAAsB,EACtB,KAAK,cAAc,EACnB,KAAK,4BAA4B,EACjC,KAAK,0BAA0B,GAChC,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,cAAc,EAAE,mBAAmB,EAAE,KAAK,eAAe,EAAE,KAAK,oBAAoB,EAAE,MAAM,UAAU,CAAC;AAChH,OAAO,EACL,mBAAmB,EACnB,KAAK,0BAA0B,EAC/B,KAAK,kBAAkB,EACvB,KAAK,WAAW,GACjB,MAAM,UAAU,CAAC;AAClB,OAAO,EACL,mBAAmB,EACnB,sBAAsB,EACtB,uBAAuB,EACvB,mBAAmB,EACnB,KAAK,0BAA0B,EAC/B,KAAK,0BAA0B,GAChC,MAAM,yBAAyB,CAAC;AACjC,OAAO,EACL,gBAAgB,EAChB,KAAK,uBAAuB,EAC5B,KAAK,wBAAwB,EAC7B,KAAK,qBAAqB,GAC3B,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,uBAAuB,EAAE,KAAK,eAAe,EAAE,MAAM,cAAc,CAAC;AAC7E,OAAO,EAAE,oBAAoB,EAAE,KAAK,2BAA2B,EAAE,MAAM,oBAAoB,CAAC;AAC5F,OAAO,EACL,YAAY,EACZ,4BAA4B,EAC5B,oBAAoB,EACpB,4BAA4B,EAC5B,mBAAmB,EACnB,KAAK,cAAc,EACnB,KAAK,mBAAmB,EACxB,KAAK,kBAAkB,EACvB,KAAK,cAAc,EACnB,KAAK,kBAAkB,EACvB,KAAK,YAAY,GAClB,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,sBAAsB,EAAE,KAAK,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAC/E,OAAO,EACL,qBAAqB,EACrB,sBAAsB,EACtB,4BAA4B,EAC5B,mBAAmB,EACnB,KAAK,4BAA4B,EACjC,KAAK,oBAAoB,EACzB,KAAK,mBAAmB,GACzB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,qBAAqB,EAAE,KAAK,WAAW,EAAE,KAAK,wBAAwB,EAAE,MAAM,cAAc,CAAC;AACtG,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,kBAAkB,EAClB,kBAAkB,EAClB,wBAAwB,EACxB,mBAAmB,EACnB,gBAAgB,EAChB,mBAAmB,EACnB,KAAK,eAAe,EACpB,KAAK,aAAa,EAClB,KAAK,sBAAsB,EAC3B,KAAK,wBAAwB,EAC7B,KAAK,UAAU,EACf,KAAK,eAAe,EACpB,KAAK,4BAA4B,EACjC,KAAK,yBAAyB,EAC9B,KAAK,mBAAmB,EACxB,KAAK,mBAAmB,EACxB,KAAK,wBAAwB,EAC7B,KAAK,kBAAkB,EACvB,KAAK,eAAe,EACpB,KAAK,mBAAmB,EACxB,KAAK,SAAS,GACf,MAAM,kBAAkB,CAAC"}
|
|
@@ -1,7 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.
|
|
4
|
-
exports.readIdentityPosture = exports.readBrandJsonUrl = exports.ATTACKER_INFLUENCED = exports.attackerInfluencedFields = exports.AgentResolverError = void 0;
|
|
3
|
+
exports.readIdentityPosture = exports.readBrandJsonUrl = exports.ATTACKER_INFLUENCED = exports.attackerInfluencedFields = exports.AgentResolverError = exports.createAgentJwksSet = exports.getAgentJwks = exports.resolveAgent = exports.createExpressVerifier = exports.WEBHOOK_SIGNING_TAG = exports.WEBHOOK_MANDATORY_COMPONENTS = exports.verifyWebhookSignature = exports.createWebhookVerifier = exports.verifyRequestSignature = exports.REQUEST_SIGNING_TAG = exports.MAX_SIGNATURE_WINDOW_SECONDS = exports.MANDATORY_COMPONENTS = exports.CLOCK_SKEW_TOLERANCE_SECONDS = exports.ALLOWED_ALGS = exports.HttpsRevocationStore = exports.InMemoryRevocationStore = exports.RedisReplayStore = exports.sweepExpiredReplays = exports.getReplayStoreMigration = exports.REPLAY_CACHE_MIGRATION = exports.PostgresReplayStore = exports.InMemoryReplayStore = exports.parseSignatureInput = exports.parseSignature = exports.BrandJsonResolverError = exports.BrandJsonJwksResolver = exports.HttpsJwksResolver = exports.StaticJwksResolver = exports.WebhookSignatureError = exports.RequestSignatureError = exports.verifySignature = exports.jwkToPublicKey = exports.requestContextFromLambda = exports.requestContextFromFetch = exports.requestContextFromExpress = exports.parseContentDigest = exports.contentDigestMatches = exports.computeContentDigest = exports.getHeaderValue = exports.formatSignatureParams = exports.canonicalTargetUri = exports.canonicalMethod = exports.canonicalAuthority = exports.buildSignatureBase = void 0;
|
|
5
4
|
/**
|
|
6
5
|
* Server-side signing surface: what a seller running an AdCP agent needs to
|
|
7
6
|
* verify inbound RFC 9421 signatures — verifier pipeline, Express-shaped
|
|
@@ -13,7 +12,6 @@ exports.readIdentityPosture = exports.readBrandJsonUrl = exports.ATTACKER_INFLUE
|
|
|
13
12
|
* both for back-compat.
|
|
14
13
|
*/
|
|
15
14
|
var canonicalize_1 = require("./canonicalize");
|
|
16
|
-
Object.defineProperty(exports, "buildResponseSignatureBase", { enumerable: true, get: function () { return canonicalize_1.buildResponseSignatureBase; } });
|
|
17
15
|
Object.defineProperty(exports, "buildSignatureBase", { enumerable: true, get: function () { return canonicalize_1.buildSignatureBase; } });
|
|
18
16
|
Object.defineProperty(exports, "canonicalAuthority", { enumerable: true, get: function () { return canonicalize_1.canonicalAuthority; } });
|
|
19
17
|
Object.defineProperty(exports, "canonicalMethod", { enumerable: true, get: function () { return canonicalize_1.canonicalMethod; } });
|
|
@@ -33,7 +31,6 @@ Object.defineProperty(exports, "jwkToPublicKey", { enumerable: true, get: functi
|
|
|
33
31
|
Object.defineProperty(exports, "verifySignature", { enumerable: true, get: function () { return crypto_1.verifySignature; } });
|
|
34
32
|
var errors_1 = require("./errors");
|
|
35
33
|
Object.defineProperty(exports, "RequestSignatureError", { enumerable: true, get: function () { return errors_1.RequestSignatureError; } });
|
|
36
|
-
Object.defineProperty(exports, "ResponseSignatureError", { enumerable: true, get: function () { return errors_1.ResponseSignatureError; } });
|
|
37
34
|
Object.defineProperty(exports, "WebhookSignatureError", { enumerable: true, get: function () { return errors_1.WebhookSignatureError; } });
|
|
38
35
|
var jwks_1 = require("./jwks");
|
|
39
36
|
Object.defineProperty(exports, "StaticJwksResolver", { enumerable: true, get: function () { return jwks_1.StaticJwksResolver; } });
|
|
@@ -64,13 +61,8 @@ Object.defineProperty(exports, "CLOCK_SKEW_TOLERANCE_SECONDS", { enumerable: tru
|
|
|
64
61
|
Object.defineProperty(exports, "MANDATORY_COMPONENTS", { enumerable: true, get: function () { return types_1.MANDATORY_COMPONENTS; } });
|
|
65
62
|
Object.defineProperty(exports, "MAX_SIGNATURE_WINDOW_SECONDS", { enumerable: true, get: function () { return types_1.MAX_SIGNATURE_WINDOW_SECONDS; } });
|
|
66
63
|
Object.defineProperty(exports, "REQUEST_SIGNING_TAG", { enumerable: true, get: function () { return types_1.REQUEST_SIGNING_TAG; } });
|
|
67
|
-
Object.defineProperty(exports, "RESPONSE_MANDATORY_COMPONENTS", { enumerable: true, get: function () { return types_1.RESPONSE_MANDATORY_COMPONENTS; } });
|
|
68
|
-
Object.defineProperty(exports, "RESPONSE_SIGNING_TAG", { enumerable: true, get: function () { return types_1.RESPONSE_SIGNING_TAG; } });
|
|
69
64
|
var verifier_1 = require("./verifier");
|
|
70
65
|
Object.defineProperty(exports, "verifyRequestSignature", { enumerable: true, get: function () { return verifier_1.verifyRequestSignature; } });
|
|
71
|
-
var response_verifier_1 = require("./response-verifier");
|
|
72
|
-
Object.defineProperty(exports, "createResponseVerifier", { enumerable: true, get: function () { return response_verifier_1.createResponseVerifier; } });
|
|
73
|
-
Object.defineProperty(exports, "verifyResponseSignature", { enumerable: true, get: function () { return response_verifier_1.verifyResponseSignature; } });
|
|
74
66
|
var webhook_verifier_1 = require("./webhook-verifier");
|
|
75
67
|
Object.defineProperty(exports, "createWebhookVerifier", { enumerable: true, get: function () { return webhook_verifier_1.createWebhookVerifier; } });
|
|
76
68
|
Object.defineProperty(exports, "verifyWebhookSignature", { enumerable: true, get: function () { return webhook_verifier_1.verifyWebhookSignature; } });
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.js","sourceRoot":"","sources":["../../../src/lib/signing/server.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"server.js","sourceRoot":"","sources":["../../../src/lib/signing/server.ts"],"names":[],"mappings":";;;AAAA;;;;;;;;;GASG;AACH,+CASwB;AARtB,kHAAA,kBAAkB,OAAA;AAClB,kHAAA,kBAAkB,OAAA;AAClB,+GAAA,eAAe,OAAA;AACf,kHAAA,kBAAkB,OAAA;AAClB,qHAAA,qBAAqB,OAAA;AACrB,8GAAA,cAAc,OAAA;AAIhB,mDAAkG;AAAzF,sHAAA,oBAAoB,OAAA;AAAE,sHAAA,oBAAoB,OAAA;AAAE,oHAAA,kBAAkB,OAAA;AACvE,qDAS2B;AARzB,4HAAA,yBAAyB,OAAA;AACzB,0HAAA,uBAAuB,OAAA;AACvB,2HAAA,wBAAwB,OAAA;AAO1B,mCAA2D;AAAlD,wGAAA,cAAc,OAAA;AAAE,yGAAA,eAAe,OAAA;AACxC,mCAKkB;AAJhB,+GAAA,qBAAqB,OAAA;AAErB,+GAAA,qBAAqB,OAAA;AAGvB,+BAA+D;AAAtD,0GAAA,kBAAkB,OAAA;AAC3B,2CAAgF;AAAvE,+GAAA,iBAAiB,OAAA;AAC1B,2CAMsB;AALpB,mHAAA,qBAAqB,OAAA;AACrB,oHAAA,sBAAsB,OAAA;AAKxB,mCAAgH;AAAvG,wGAAA,cAAc,OAAA;AAAE,6GAAA,mBAAmB,OAAA;AAC5C,mCAKkB;AAJhB,6GAAA,mBAAmB,OAAA;AAKrB,iEAOiC;AAN/B,4HAAA,mBAAmB,OAAA;AACnB,+HAAA,sBAAsB,OAAA;AACtB,gIAAA,uBAAuB,OAAA;AACvB,4HAAA,mBAAmB,OAAA;AAIrB,2DAK8B;AAJ5B,sHAAA,gBAAgB,OAAA;AAKlB,2CAA6E;AAApE,qHAAA,uBAAuB,OAAA;AAChC,uDAA4F;AAAnF,wHAAA,oBAAoB,OAAA;AAC7B,iCAYiB;AAXf,qGAAA,YAAY,OAAA;AACZ,qHAAA,4BAA4B,OAAA;AAC5B,6GAAA,oBAAoB,OAAA;AACpB,qHAAA,4BAA4B,OAAA;AAC5B,4GAAA,mBAAmB,OAAA;AAQrB,uCAA+E;AAAtE,kHAAA,sBAAsB,OAAA;AAC/B,uDAQ4B;AAP1B,yHAAA,qBAAqB,OAAA;AACrB,0HAAA,sBAAsB,OAAA;AACtB,gIAAA,4BAA4B,OAAA;AAC5B,uHAAA,mBAAmB,OAAA;AAKrB,2CAAsG;AAA7F,mHAAA,qBAAqB,OAAA;AAC9B,mDAwB0B;AAvBxB,8GAAA,YAAY,OAAA;AACZ,8GAAA,YAAY,OAAA;AACZ,oHAAA,kBAAkB,OAAA;AAClB,oHAAA,kBAAkB,OAAA;AAClB,0HAAA,wBAAwB,OAAA;AACxB,qHAAA,mBAAmB,OAAA;AACnB,kHAAA,gBAAgB,OAAA;AAChB,qHAAA,mBAAmB,OAAA"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import type { RequestLike
|
|
1
|
+
import type { RequestLike } from './canonicalize';
|
|
2
2
|
import type { SigningProvider } from './provider';
|
|
3
|
-
import type { SignedRequest,
|
|
3
|
+
import type { SignedRequest, SignRequestOptions, SignWebhookOptions } from './signer';
|
|
4
4
|
/**
|
|
5
5
|
* Async variant of `signRequest` that delegates the actual signature
|
|
6
6
|
* production to a {@link SigningProvider}. Reuses
|
|
@@ -21,10 +21,4 @@ export declare function signRequestAsync(request: RequestLike, provider: Signing
|
|
|
21
21
|
* `Content-Digest` header stay in lockstep.
|
|
22
22
|
*/
|
|
23
23
|
export declare function signWebhookAsync(request: RequestLike, provider: SigningProvider, options?: SignWebhookOptions): Promise<SignedRequest>;
|
|
24
|
-
/**
|
|
25
|
-
* Async variant of `signResponse`. Reuses {@link prepareResponseSignature}
|
|
26
|
-
* and {@link finalizeResponseSignature} from the sync path so canonicalization
|
|
27
|
-
* stays identical — `provider.sign(payload)` is the only difference.
|
|
28
|
-
*/
|
|
29
|
-
export declare function signResponseAsync(response: ResponseLike, provider: SigningProvider, options?: SignResponseOptions): Promise<SignedResponse>;
|
|
30
24
|
//# sourceMappingURL=signer-async.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"signer-async.d.ts","sourceRoot":"","sources":["../../../src/lib/signing/signer-async.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,
|
|
1
|
+
{"version":3,"file":"signer-async.d.ts","sourceRoot":"","sources":["../../../src/lib/signing/signer-async.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAClD,OAAO,KAAK,EAAE,aAAa,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,MAAM,UAAU,CAAC;AAQtF;;;;;;;;;;;GAWG;AACH,wBAAsB,gBAAgB,CACpC,OAAO,EAAE,WAAW,EACpB,QAAQ,EAAE,eAAe,EACzB,OAAO,GAAE,kBAAuB,GAC/B,OAAO,CAAC,aAAa,CAAC,CAKxB;AAED;;;;;GAKG;AACH,wBAAsB,gBAAgB,CACpC,OAAO,EAAE,WAAW,EACpB,QAAQ,EAAE,eAAe,EACzB,OAAO,GAAE,kBAAuB,GAC/B,OAAO,CAAC,aAAa,CAAC,CAKxB"}
|
|
@@ -2,7 +2,6 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.signRequestAsync = signRequestAsync;
|
|
4
4
|
exports.signWebhookAsync = signWebhookAsync;
|
|
5
|
-
exports.signResponseAsync = signResponseAsync;
|
|
6
5
|
const signer_1 = require("./signer");
|
|
7
6
|
/**
|
|
8
7
|
* Async variant of `signRequest` that delegates the actual signature
|
|
@@ -34,15 +33,4 @@ async function signWebhookAsync(request, provider, options = {}) {
|
|
|
34
33
|
const signature = await provider.sign(Buffer.from(prepared.base, 'utf8'));
|
|
35
34
|
return (0, signer_1.finalizeRequestSignature)(prepared, signature);
|
|
36
35
|
}
|
|
37
|
-
/**
|
|
38
|
-
* Async variant of `signResponse`. Reuses {@link prepareResponseSignature}
|
|
39
|
-
* and {@link finalizeResponseSignature} from the sync path so canonicalization
|
|
40
|
-
* stays identical — `provider.sign(payload)` is the only difference.
|
|
41
|
-
*/
|
|
42
|
-
async function signResponseAsync(response, provider, options = {}) {
|
|
43
|
-
(0, signer_1.assertProviderPurpose)(provider, 'response-signing');
|
|
44
|
-
const prepared = (0, signer_1.prepareResponseSignature)(response, { keyid: provider.keyid, alg: provider.algorithm }, options);
|
|
45
|
-
const signature = await provider.sign(Buffer.from(prepared.base, 'utf8'));
|
|
46
|
-
return (0, signer_1.finalizeResponseSignature)(prepared, signature);
|
|
47
|
-
}
|
|
48
36
|
//# sourceMappingURL=signer-async.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"signer-async.js","sourceRoot":"","sources":["../../../src/lib/signing/signer-async.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"signer-async.js","sourceRoot":"","sources":["../../../src/lib/signing/signer-async.ts"],"names":[],"mappings":";;AAsBA,4CASC;AAQD,4CASC;AA7CD,qCAKkB;AAElB;;;;;;;;;;;GAWG;AACI,KAAK,UAAU,gBAAgB,CACpC,OAAoB,EACpB,QAAyB,EACzB,UAA8B,EAAE;IAEhC,IAAA,8BAAqB,EAAC,QAAQ,EAAE,iBAAiB,CAAC,CAAC;IACnD,MAAM,QAAQ,GAAG,IAAA,gCAAuB,EAAC,OAAO,EAAE,EAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,EAAE,GAAG,EAAE,QAAQ,CAAC,SAAS,EAAE,EAAE,OAAO,CAAC,CAAC;IAC/G,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC;IAC1E,OAAO,IAAA,iCAAwB,EAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;AACvD,CAAC;AAED;;;;;GAKG;AACI,KAAK,UAAU,gBAAgB,CACpC,OAAoB,EACpB,QAAyB,EACzB,UAA8B,EAAE;IAEhC,IAAA,8BAAqB,EAAC,QAAQ,EAAE,iBAAiB,CAAC,CAAC;IACnD,MAAM,QAAQ,GAAG,IAAA,gCAAuB,EAAC,OAAO,EAAE,EAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,EAAE,GAAG,EAAE,QAAQ,CAAC,SAAS,EAAE,EAAE,OAAO,CAAC,CAAC;IAC/G,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC;IAC1E,OAAO,IAAA,iCAAwB,EAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;AACvD,CAAC"}
|