@aep-foundation/agent 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,276 @@
1
+ import { EnrollResponse, AepGrantType, AepBuiltInGrantResponse, AepSigningAlgorithm, InspectDocument, AepHttpCommand, RevokeResponse, StatusResponse, AepClientAssertionClaims, AepAuthenticatedCommand, AepProblemDetails, AepImportableJoseKey } from '@aep-foundation/core';
2
+ import { PlatformDiscoveryDocument, PlatformAgentIdentity } from '@aep-foundation/platform';
3
+
4
+ type Awaitable<T> = T | Promise<T>;
5
+ interface AepClientAssertionSignerContext {
6
+ command: AepAuthenticatedCommand;
7
+ serviceDid: string;
8
+ signingAlgorithms: AepSigningAlgorithm[];
9
+ }
10
+ type AepClientAssertionSigner = (claims: AepClientAssertionClaims, context: AepClientAssertionSignerContext) => Awaitable<string>;
11
+ interface AepAgentOptions {
12
+ assertionClock?: () => Date;
13
+ assertionJti?: () => string;
14
+ assertionTtlSeconds?: number;
15
+ credentialStore?: AgentCredentialStore;
16
+ identityProvider: AgentIdentityProvider;
17
+ identityStore?: AgentIdentityStore;
18
+ idempotencyKeys?: AgentIdempotencyKeyProvider;
19
+ inspectCache?: AgentInspectCache;
20
+ }
21
+ interface InspectServiceOptions {
22
+ serviceUrl: string | URL;
23
+ }
24
+ interface InspectServiceResult {
25
+ document: InspectDocument;
26
+ inspectUrl: URL;
27
+ commandUrl(command: AepHttpCommand): URL;
28
+ cacheControl?: string;
29
+ etag?: string;
30
+ }
31
+ interface DiscoverPlatformOptions {
32
+ platformUrl: string | URL;
33
+ }
34
+ interface DiscoverPlatformResult {
35
+ document: PlatformDiscoveryDocument;
36
+ discoveryUrl: URL;
37
+ endpointUrl(endpoint: keyof PlatformDiscoveryDocument["endpoints"]): URL;
38
+ }
39
+ interface ProvisionPlatformIdentityOptions {
40
+ authorization?: string;
41
+ discovery?: DiscoverPlatformResult;
42
+ idempotencyKey: string;
43
+ platformUrl: string | URL;
44
+ serviceDid: string;
45
+ }
46
+ type ProvisionPlatformIdentityResult = AepCommandResult<PlatformAgentIdentity>;
47
+ interface PlatformDelegatedSignerOptions {
48
+ authorization?: string;
49
+ discovery?: DiscoverPlatformResult;
50
+ identity: PlatformAgentIdentity;
51
+ platformUrl: string | URL;
52
+ }
53
+ interface AepCommandResult<TBody> {
54
+ body: TBody;
55
+ commandUrl: URL;
56
+ status: number;
57
+ }
58
+ interface AepCommandOptions {
59
+ agentDid?: string;
60
+ assertionClock?: () => Date;
61
+ assertionJti?: () => string;
62
+ assertionTtlSeconds?: number;
63
+ clientAssertion?: string;
64
+ clientAssertionSigner?: AepClientAssertionSigner;
65
+ inspect?: InspectServiceResult;
66
+ serviceUrl: string | URL;
67
+ }
68
+ interface EnrollServiceOptions extends AepCommandOptions {
69
+ agentDid: string;
70
+ claims?: Record<string, unknown>;
71
+ idempotencyKey: string;
72
+ }
73
+ type EnrollServiceResult = AepCommandResult<EnrollResponse>;
74
+ interface GrantServiceOptions extends AepCommandOptions {
75
+ grantType: AepGrantType;
76
+ idempotencyKey: string;
77
+ parameters?: Record<string, unknown>;
78
+ requestedScopes?: string[];
79
+ }
80
+ type GrantServiceResult = AepCommandResult<AepBuiltInGrantResponse | Record<string, unknown>>;
81
+ type RevokeServiceSelector = {
82
+ allGrantTypes: true;
83
+ credentialId?: never;
84
+ grantType?: never;
85
+ } | {
86
+ allGrantTypes?: never;
87
+ credentialId: string;
88
+ grantType?: never;
89
+ } | {
90
+ allGrantTypes?: never;
91
+ credentialId?: never;
92
+ grantType: AepGrantType;
93
+ };
94
+ type RevokeServiceOptions = AepCommandOptions & RevokeServiceSelector & {
95
+ idempotencyKey: string;
96
+ parameters?: Record<string, unknown>;
97
+ };
98
+ type RevokeServiceResult = AepCommandResult<RevokeResponse>;
99
+ type AgentRevokeServiceOptions = RevokeServiceOptions;
100
+ type StatusServiceOptions = AepCommandOptions;
101
+ type StatusServiceResult = AepCommandResult<StatusResponse>;
102
+ interface BuildClientAssertionClaimsOptions {
103
+ agentDid: string;
104
+ command: AepAuthenticatedCommand;
105
+ clock?: () => Date;
106
+ jti?: string | (() => string);
107
+ serviceDid: string;
108
+ ttlSeconds?: number;
109
+ }
110
+ interface SignClientAssertionOptions extends BuildClientAssertionClaimsOptions {
111
+ signer: AepClientAssertionSigner;
112
+ signingAlgorithms?: AepSigningAlgorithm[];
113
+ }
114
+ interface JwtClientAssertionSignerOptions {
115
+ alg?: AepSigningAlgorithm;
116
+ key: AepImportableJoseKey;
117
+ kid?: string;
118
+ typ?: string;
119
+ }
120
+ interface ClientAssertionAuthenticationHeadersOptions extends Omit<SignClientAssertionOptions, "command" | "serviceDid" | "signingAlgorithms"> {
121
+ command?: AepAuthenticatedCommand;
122
+ inspect?: InspectDocument | InspectServiceResult;
123
+ serviceDid?: string;
124
+ signingAlgorithms?: AepSigningAlgorithm[];
125
+ }
126
+ type ProtectedResourceAuthenticationHeadersOptions = {
127
+ credential: AepBuiltInGrantResponse;
128
+ } | ClientAssertionAuthenticationHeadersOptions;
129
+ interface SelectGrantTypeOptions {
130
+ preferredGrantTypes?: AepGrantType[];
131
+ }
132
+ interface AepSessionCredentialRecord {
133
+ credential: AepBuiltInGrantResponse | Record<string, unknown>;
134
+ credentialId: string;
135
+ expiresAt?: string;
136
+ grantType: AepGrantType;
137
+ issuedAt: string;
138
+ serviceDid: string;
139
+ serviceUrl?: string;
140
+ }
141
+ type AgentCredentialRecord = AepSessionCredentialRecord;
142
+ interface AgentCredentialStore {
143
+ deleteCredential(serviceDid: string, credentialId: string): Awaitable<void>;
144
+ findCredential(serviceDid: string, credentialId: string): Awaitable<AgentCredentialRecord | undefined>;
145
+ findUsableCredential(serviceDid: string, now?: Date): Awaitable<AgentCredentialRecord | undefined>;
146
+ listCredentials(serviceDid: string): Awaitable<AgentCredentialRecord[]>;
147
+ saveCredential(record: AgentCredentialRecord): Awaitable<AgentCredentialRecord>;
148
+ }
149
+ type AepSessionCredentialStore = AgentCredentialStore;
150
+ interface AgentServiceIdentity {
151
+ agentDid: string;
152
+ identityKind: "platform-hosted" | "sovereign";
153
+ metadata?: Record<string, unknown>;
154
+ serviceDid: string;
155
+ signingAlgorithms: AepSigningAlgorithm[];
156
+ }
157
+ interface AgentIdentityProviderGetOrCreateInput {
158
+ inspect: InspectDocument;
159
+ serviceDid: string;
160
+ serviceUrl: string;
161
+ }
162
+ interface AgentIdentityProvider {
163
+ getOrCreateIdentity(input: AgentIdentityProviderGetOrCreateInput): Awaitable<AgentServiceIdentity>;
164
+ signerFor(identity: AgentServiceIdentity): Awaitable<AepClientAssertionSigner>;
165
+ }
166
+ interface AgentIdentityStore {
167
+ findByServiceDid(serviceDid: string): Awaitable<AgentServiceIdentity | undefined>;
168
+ saveIdentity(identity: AgentServiceIdentity): Awaitable<AgentServiceIdentity>;
169
+ }
170
+ interface AgentOperationKey {
171
+ command: AepAuthenticatedCommand;
172
+ credentialId?: string;
173
+ grantType?: AepGrantType;
174
+ serviceDid: string;
175
+ serviceUrl: string;
176
+ }
177
+ interface AgentIdempotencyKeyProvider {
178
+ createKey(operation: AgentOperationKey): Awaitable<string>;
179
+ }
180
+ interface CachedInspectServiceResult extends InspectServiceResult {
181
+ cachedAt: string;
182
+ }
183
+ interface AgentInspectCache {
184
+ get(serviceUrl: string): Awaitable<CachedInspectServiceResult | undefined>;
185
+ set(serviceUrl: string, result: CachedInspectServiceResult): Awaitable<void>;
186
+ }
187
+ interface CreatePlatformIdentityProviderOptions {
188
+ authorization?: string;
189
+ idempotencyKey?: string | ((input: AgentIdentityProviderGetOrCreateInput) => string);
190
+ platformUrl: string | URL;
191
+ }
192
+ interface AgentServiceSessionOptions {
193
+ serviceUrl: string | URL;
194
+ }
195
+ interface AgentEnrollSessionOptions {
196
+ claims?: Record<string, unknown>;
197
+ idempotencyKey?: string;
198
+ }
199
+ interface AgentGrantSessionOptions {
200
+ grantType?: AepGrantType;
201
+ idempotencyKey?: string;
202
+ parameters?: Record<string, unknown>;
203
+ preferredGrantTypes?: AepGrantType[];
204
+ requestedScopes?: string[];
205
+ }
206
+ type AgentRevokeSessionOptions = RevokeServiceSelector & {
207
+ idempotencyKey?: string;
208
+ parameters?: Record<string, unknown>;
209
+ };
210
+ interface AgentAuthenticationHeadersOptions {
211
+ preferCredential?: boolean;
212
+ }
213
+ interface AepServiceSession {
214
+ authenticationHeaders(options?: AgentAuthenticationHeadersOptions): Promise<Record<string, string>>;
215
+ enroll(options?: AgentEnrollSessionOptions): Promise<EnrollServiceResult>;
216
+ grant(options?: AgentGrantSessionOptions): Promise<GrantServiceResult>;
217
+ identity(): Promise<AgentServiceIdentity>;
218
+ inspect(): Promise<InspectServiceResult>;
219
+ revoke(options: AgentRevokeSessionOptions): Promise<RevokeServiceResult>;
220
+ status(): Promise<StatusServiceResult>;
221
+ }
222
+ type FetchLike = (input: URL | string, init?: RequestInit) => Promise<ResponseLike>;
223
+ interface ResponseLike {
224
+ ok: boolean;
225
+ status: number;
226
+ statusText?: string;
227
+ headers: HeadersLike;
228
+ json(): Promise<unknown>;
229
+ }
230
+ interface HeadersLike {
231
+ get(name: string): string | null;
232
+ }
233
+ declare class AepInspectError extends Error {
234
+ readonly status?: number;
235
+ constructor(message: string, status?: number);
236
+ }
237
+ declare class AepCommandError extends Error {
238
+ readonly problem?: AepProblemDetails;
239
+ readonly status: number;
240
+ constructor(message: string, status: number, problem?: AepProblemDetails);
241
+ }
242
+ interface AepAgent {
243
+ serviceSession(options: AgentServiceSessionOptions): AepServiceSession;
244
+ }
245
+ declare function createAepAgent(options: AepAgentOptions): AepAgent;
246
+ declare function buildClientAssertionClaims(options: BuildClientAssertionClaimsOptions): AepClientAssertionClaims;
247
+ declare function signClientAssertion(options: SignClientAssertionOptions): Promise<string>;
248
+ declare function createJwtClientAssertionSigner(options: JwtClientAssertionSignerOptions): AepClientAssertionSigner;
249
+ declare function discoverPlatform(options: DiscoverPlatformOptions): Promise<DiscoverPlatformResult>;
250
+ declare function provisionPlatformIdentity(options: ProvisionPlatformIdentityOptions): Promise<ProvisionPlatformIdentityResult>;
251
+ declare function createPlatformDelegatedSigner(options: PlatformDelegatedSignerOptions): AepClientAssertionSigner;
252
+ declare function createPlatformIdentityProvider(options: CreatePlatformIdentityProviderOptions): AgentIdentityProvider;
253
+ declare function selectGrantType(inspect: InspectDocument | InspectServiceResult, options?: SelectGrantTypeOptions): AepGrantType;
254
+ declare function createInMemorySessionCredentialStore(records?: AepSessionCredentialRecord[]): AepSessionCredentialStore;
255
+ declare function createInMemoryAgentIdentityStore(records?: AgentServiceIdentity[]): AgentIdentityStore;
256
+ declare function createRandomIdempotencyKeyProvider(generator?: () => string): AgentIdempotencyKeyProvider;
257
+ declare function createInMemoryInspectCache(records?: Array<{
258
+ result: CachedInspectServiceResult;
259
+ serviceUrl: string;
260
+ }>): AgentInspectCache;
261
+ declare function sessionCredentialRecordFromGrantResult(result: GrantServiceResult, options: {
262
+ clock?: () => Date;
263
+ grantType: AepGrantType;
264
+ inspect: InspectDocument | InspectServiceResult;
265
+ serviceUrl?: string | URL;
266
+ }): AepSessionCredentialRecord;
267
+ declare function credentialPresentationHeaders(credential: AepBuiltInGrantResponse): Record<string, string>;
268
+ declare function clientAssertionAuthenticationHeaders(options: ClientAssertionAuthenticationHeadersOptions): Promise<Record<string, string>>;
269
+ declare function protectedResourceAuthenticationHeaders(options: ProtectedResourceAuthenticationHeadersOptions): Promise<Record<string, string>>;
270
+ declare function inspectService(options: InspectServiceOptions): Promise<InspectServiceResult>;
271
+ declare function enrollService(options: EnrollServiceOptions): Promise<EnrollServiceResult>;
272
+ declare function grantService(options: GrantServiceOptions): Promise<GrantServiceResult>;
273
+ declare function revokeService(options: RevokeServiceOptions): Promise<RevokeServiceResult>;
274
+ declare function statusService(options: StatusServiceOptions): Promise<StatusServiceResult>;
275
+
276
+ export { type AepAgent, type AepAgentOptions, type AepClientAssertionSigner, type AepClientAssertionSignerContext, AepCommandError, type AepCommandOptions, type AepCommandResult, AepInspectError, type AepServiceSession, type AepSessionCredentialRecord, type AepSessionCredentialStore, type AgentAuthenticationHeadersOptions, type AgentCredentialRecord, type AgentCredentialStore, type AgentEnrollSessionOptions, type AgentGrantSessionOptions, type AgentIdempotencyKeyProvider, type AgentIdentityProvider, type AgentIdentityProviderGetOrCreateInput, type AgentIdentityStore, type AgentInspectCache, type AgentOperationKey, type AgentRevokeServiceOptions, type AgentRevokeSessionOptions, type AgentServiceIdentity, type AgentServiceSessionOptions, type Awaitable, type BuildClientAssertionClaimsOptions, type CachedInspectServiceResult, type ClientAssertionAuthenticationHeadersOptions, type CreatePlatformIdentityProviderOptions, type DiscoverPlatformOptions, type DiscoverPlatformResult, type EnrollServiceOptions, type EnrollServiceResult, type FetchLike, type GrantServiceOptions, type GrantServiceResult, type HeadersLike, type InspectServiceOptions, type InspectServiceResult, type JwtClientAssertionSignerOptions, type PlatformDelegatedSignerOptions, type ProtectedResourceAuthenticationHeadersOptions, type ProvisionPlatformIdentityOptions, type ProvisionPlatformIdentityResult, type ResponseLike, type RevokeServiceOptions, type RevokeServiceResult, type SelectGrantTypeOptions, type SignClientAssertionOptions, type StatusServiceOptions, type StatusServiceResult, buildClientAssertionClaims, clientAssertionAuthenticationHeaders, createAepAgent, createInMemoryAgentIdentityStore, createInMemoryInspectCache, createInMemorySessionCredentialStore, createJwtClientAssertionSigner, createPlatformDelegatedSigner, createPlatformIdentityProvider, createRandomIdempotencyKeyProvider, credentialPresentationHeaders, discoverPlatform, enrollService, grantService, inspectService, protectedResourceAuthenticationHeaders, provisionPlatformIdentity, revokeService, selectGrantType, sessionCredentialRecordFromGrantResult, signClientAssertion, statusService };