@aep-foundation/core 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,392 @@
1
+ import { CryptoKey, JWK, KeyObject, JWTHeaderParameters, FlattenedJWSInput, JWTVerifyOptions } from 'jose';
2
+
3
+ declare const AEP_VERSION = "1.0";
4
+ declare const AEP_MEDIA_TYPE = "application/aep+json";
5
+ declare const AEP_PROBLEM_MEDIA_TYPE = "application/problem+json";
6
+ declare const AEP_AUTH_SCHEME = "AEP";
7
+ declare const AEP_WELL_KNOWN_PATH = "/.well-known/aep";
8
+ declare const DEFAULT_HTTP_ENDPOINT_BASE = "/aep/";
9
+ declare const AEP_COMMANDS: readonly ["inspect", "enroll", "grant", "revoke", "status"];
10
+ declare const AEP_AUTHENTICATED_COMMANDS: readonly ["enroll", "grant", "revoke", "status"];
11
+ declare const AEP_BINDINGS: readonly ["http"];
12
+ declare const AEP_SIGNING_ALGORITHMS: readonly ["EdDSA", "ES256"];
13
+ declare const AEP_IDENTITY_METHOD_DID_WEB = "did:web";
14
+ declare const AEP_GRANT_TYPE_OAUTH_BEARER = "oauth-bearer";
15
+ declare const AEP_GRANT_TYPE_API_KEY = "api-key";
16
+ declare const AEP_GRANT_TYPE_BASIC = "basic";
17
+ declare const AEP_BUILT_IN_GRANT_TYPES: readonly ["oauth-bearer", "api-key", "basic"];
18
+
19
+ type AepCommand = (typeof AEP_COMMANDS)[number];
20
+ type AepBinding = (typeof AEP_BINDINGS)[number];
21
+ type AepExtensibleString<TValue extends string> = TValue | (string & Record<never, never>);
22
+ type AepSigningAlgorithm = AepExtensibleString<(typeof AEP_SIGNING_ALGORITHMS)[number]>;
23
+ type AepBuiltInGrantType = (typeof AEP_BUILT_IN_GRANT_TYPES)[number];
24
+ type AepGrantType = AepExtensibleString<AepBuiltInGrantType>;
25
+ type AepIdentityMethod = string;
26
+ type AepAuthenticatedCommand = Exclude<AepCommand, "inspect">;
27
+ type AepEnrollmentStatus = "active" | "pending" | "rejected";
28
+ type AepAgentStatus = AepEnrollmentStatus | "suspended" | "terminated" | "unavailable";
29
+ interface InspectDocument {
30
+ aep_version: string;
31
+ bindings: {
32
+ supported: AepBinding[];
33
+ [key: string]: unknown;
34
+ };
35
+ claims?: {
36
+ required?: string[];
37
+ preferred?: string[];
38
+ optional?: string[];
39
+ [key: string]: unknown;
40
+ };
41
+ commands: {
42
+ supported: AepCommand[];
43
+ grant_types?: AepGrantType[];
44
+ grant_types_config?: Record<string, unknown>;
45
+ [key: string]: unknown;
46
+ };
47
+ core: {
48
+ signing_algorithms?: AepSigningAlgorithm[];
49
+ [key: string]: unknown;
50
+ };
51
+ extensions?: {
52
+ supported?: string[];
53
+ [key: string]: unknown;
54
+ };
55
+ http: {
56
+ endpoint_base: string;
57
+ [key: string]: unknown;
58
+ };
59
+ identity: {
60
+ methods: AepIdentityMethod[];
61
+ [key: string]: unknown;
62
+ };
63
+ service: {
64
+ did: string;
65
+ [key: string]: unknown;
66
+ };
67
+ [key: string]: unknown;
68
+ }
69
+ interface AepProblemDetails {
70
+ type: string;
71
+ title: string;
72
+ status: number;
73
+ detail?: string;
74
+ instance?: string;
75
+ code: AepExtensibleString<AepErrorCode>;
76
+ [key: string]: unknown;
77
+ }
78
+ type AepErrorCode = "invalid_request" | "not_recognized" | "identity_suspended" | "identity_terminated" | "identity_unavailable" | "verification_pending" | "unsupported_grant_type" | "idempotency_conflict";
79
+ interface EnrollRequest {
80
+ agent_did: string;
81
+ claims?: Record<string, unknown>;
82
+ idempotency_key: string;
83
+ [key: string]: unknown;
84
+ }
85
+ interface EnrollResponse {
86
+ status: AepEnrollmentStatus;
87
+ owner_action_required?: "true" | "false";
88
+ requirements_pending?: string[];
89
+ [key: string]: unknown;
90
+ }
91
+ interface StatusResponse {
92
+ status: AepAgentStatus;
93
+ owner_action_required?: "true" | "false";
94
+ requirements_pending?: string[];
95
+ since?: string;
96
+ [key: string]: unknown;
97
+ }
98
+ interface GrantRequest {
99
+ grant_type: AepGrantType;
100
+ requested_scopes?: string[];
101
+ [key: string]: unknown;
102
+ }
103
+ type RevokeRequest = {
104
+ grant_type: AepGrantType;
105
+ credential_id?: string;
106
+ all_grant_types?: never;
107
+ [key: string]: unknown;
108
+ } | {
109
+ credential_id: string;
110
+ grant_type?: AepGrantType;
111
+ all_grant_types?: never;
112
+ [key: string]: unknown;
113
+ } | {
114
+ all_grant_types: "true";
115
+ credential_id?: string;
116
+ grant_type?: AepGrantType;
117
+ [key: string]: unknown;
118
+ };
119
+ type RevokeResponse = Record<string, never>;
120
+ interface AepClientAssertionClaims {
121
+ aud: string;
122
+ exp: number;
123
+ iat: number;
124
+ iss: string;
125
+ jti: string;
126
+ op: AepAuthenticatedCommand;
127
+ sub: string;
128
+ [key: string]: unknown;
129
+ }
130
+ interface OAuthBearerGrantResponse {
131
+ access_token: string;
132
+ credential_id: string;
133
+ expires_at: string;
134
+ scopes: string[];
135
+ token_type: "Bearer";
136
+ [key: string]: unknown;
137
+ }
138
+ interface ApiKeyGrantResponse {
139
+ api_key: string;
140
+ credential_id: string;
141
+ expires_at: string;
142
+ header: string;
143
+ scopes: string[];
144
+ [key: string]: unknown;
145
+ }
146
+ interface BasicGrantResponse {
147
+ credential_id: string;
148
+ expires_at: string;
149
+ password: string;
150
+ realm?: string;
151
+ scopes: string[];
152
+ username: string;
153
+ [key: string]: unknown;
154
+ }
155
+ type AepBuiltInGrantResponse = OAuthBearerGrantResponse | ApiKeyGrantResponse | BasicGrantResponse;
156
+ interface ValidationIssue {
157
+ path: string;
158
+ message: string;
159
+ }
160
+ type ValidationResult<T> = {
161
+ ok: true;
162
+ value: T;
163
+ issues: [];
164
+ } | {
165
+ ok: false;
166
+ issues: ValidationIssue[];
167
+ };
168
+
169
+ type AepJoseKey = CryptoKey | JWK | KeyObject | Uint8Array;
170
+ type AepPemKeyFormat = "pkcs8" | "spki" | "x509";
171
+ interface AepPemKey {
172
+ format: AepPemKeyFormat;
173
+ pem: string;
174
+ }
175
+ type AepImportableJoseKey = AepJoseKey | AepPemKey;
176
+ type AepJwtVerifyKeyResolver = (protectedHeader: JWTHeaderParameters, token: FlattenedJWSInput) => AepImportableJoseKey | Promise<AepImportableJoseKey>;
177
+ interface SignClientAssertionJwtOptions {
178
+ alg: AepSigningAlgorithm;
179
+ key: AepImportableJoseKey;
180
+ kid?: string;
181
+ typ?: string;
182
+ }
183
+ interface VerifyClientAssertionJwtOptions {
184
+ algorithms?: AepSigningAlgorithm[];
185
+ audience?: string;
186
+ clockTolerance?: JWTVerifyOptions["clockTolerance"];
187
+ currentDate?: Date;
188
+ issuer?: string;
189
+ key: AepImportableJoseKey | AepJwtVerifyKeyResolver;
190
+ subject?: string;
191
+ }
192
+ interface DecodedJwtParts {
193
+ header: Record<string, unknown>;
194
+ payload: Record<string, unknown>;
195
+ }
196
+ declare function signClientAssertionJwt(claims: AepClientAssertionClaims, options: SignClientAssertionJwtOptions): Promise<string>;
197
+ declare function verifyClientAssertionJwt(clientAssertion: string, options: VerifyClientAssertionJwtOptions): Promise<AepClientAssertionClaims>;
198
+ declare function importJoseKey(key: AepImportableJoseKey, alg?: string): Promise<AepJoseKey>;
199
+ declare function importJwkJoseKey(jwk: JWK, alg?: string): Promise<AepJoseKey>;
200
+ declare function decodeJwtUnverified(token: string): DecodedJwtParts;
201
+
202
+ type DidWebFetchLike = (input: URL | string, init?: RequestInit) => Promise<Response>;
203
+ interface ResolveDidWebPublicKeyOptions {
204
+ did: string;
205
+ fetch?: DidWebFetchLike;
206
+ kid?: string;
207
+ }
208
+ declare function didWebDocumentUrl(did: string): URL;
209
+ declare function resolveDidWebPublicKey(options: ResolveDidWebPublicKeyOptions): Promise<AepImportableJoseKey>;
210
+
211
+ declare class AepValidationError extends Error {
212
+ readonly issues: ValidationIssue[];
213
+ constructor(message: string, issues: ValidationIssue[]);
214
+ }
215
+ declare function createProblemDetails(input: {
216
+ code: AepExtensibleString<AepErrorCode>;
217
+ title: string;
218
+ status: number;
219
+ detail?: string;
220
+ instance?: string;
221
+ type?: string;
222
+ }): AepProblemDetails;
223
+
224
+ type AepHttpCommand = Exclude<AepCommand, "inspect">;
225
+ declare function normalizeEndpointBase(endpointBase?: string): string;
226
+ declare function commandPath(command: AepHttpCommand, endpointBase?: string): string;
227
+ declare function commandPathFromInspect(document: InspectDocument, command: AepHttpCommand): string;
228
+
229
+ declare function validateInspectDocument(value: unknown): ValidationResult<InspectDocument>;
230
+ declare function isInspectDocument(value: unknown): value is InspectDocument;
231
+ declare function parseInspectDocument(value: unknown): InspectDocument;
232
+
233
+ declare function validateEnrollRequest(value: unknown): ValidationResult<EnrollRequest>;
234
+ declare function parseEnrollRequest(value: unknown): EnrollRequest;
235
+ declare function validateEnrollResponse(value: unknown): ValidationResult<EnrollResponse>;
236
+ declare function parseEnrollResponse(value: unknown): EnrollResponse;
237
+ declare function validateStatusResponse(value: unknown): ValidationResult<StatusResponse>;
238
+ declare function parseStatusResponse(value: unknown): StatusResponse;
239
+ declare function validateGrantRequest(value: unknown): ValidationResult<GrantRequest>;
240
+ declare function parseGrantRequest(value: unknown): GrantRequest;
241
+ declare function validateRevokeRequest(value: unknown): ValidationResult<RevokeRequest>;
242
+ declare function parseRevokeRequest(value: unknown): RevokeRequest;
243
+ declare function validateRevokeResponse(value: unknown): ValidationResult<RevokeResponse>;
244
+ declare function parseRevokeResponse(value: unknown): RevokeResponse;
245
+ declare function validateClientAssertionClaims(value: unknown): ValidationResult<AepClientAssertionClaims>;
246
+ declare function parseClientAssertionClaims(value: unknown): AepClientAssertionClaims;
247
+ declare function validateProblemDetails(value: unknown): ValidationResult<AepProblemDetails>;
248
+ declare function parseProblemDetails(value: unknown): AepProblemDetails;
249
+ declare function validateOAuthBearerGrantResponse(value: unknown): ValidationResult<OAuthBearerGrantResponse>;
250
+ declare function validateApiKeyGrantResponse(value: unknown): ValidationResult<ApiKeyGrantResponse>;
251
+ declare function validateBasicGrantResponse(value: unknown): ValidationResult<BasicGrantResponse>;
252
+ declare function validateBuiltInGrantResponse(grantType: string, value: unknown): ValidationResult<AepBuiltInGrantResponse>;
253
+ declare function parseBuiltInGrantResponse(grantType: string, value: unknown): AepBuiltInGrantResponse;
254
+
255
+ declare const inspectDocumentSchema: {
256
+ readonly $schema: "https://json-schema.org/draft/2020-12/schema";
257
+ readonly $id: "https://www.aep.foundation/schemas/inspect-document.schema.json";
258
+ readonly title: "AEP Inspect Document";
259
+ readonly type: "object";
260
+ readonly required: readonly ["aep_version", "bindings", "commands", "core", "http", "identity", "service"];
261
+ readonly additionalProperties: true;
262
+ readonly properties: {
263
+ readonly aep_version: {
264
+ readonly type: "string";
265
+ readonly pattern: "^[0-9]+\\.[0-9]+$";
266
+ };
267
+ readonly bindings: {
268
+ readonly type: "object";
269
+ readonly required: readonly ["supported"];
270
+ readonly additionalProperties: true;
271
+ readonly properties: {
272
+ readonly supported: {
273
+ readonly type: "array";
274
+ readonly minItems: 1;
275
+ readonly items: {
276
+ readonly type: "string";
277
+ readonly enum: readonly ["http"];
278
+ };
279
+ };
280
+ };
281
+ };
282
+ readonly claims: {
283
+ readonly type: "object";
284
+ readonly additionalProperties: true;
285
+ readonly properties: {
286
+ readonly required: {
287
+ readonly type: "array";
288
+ readonly items: {
289
+ readonly type: "string";
290
+ };
291
+ };
292
+ readonly preferred: {
293
+ readonly type: "array";
294
+ readonly items: {
295
+ readonly type: "string";
296
+ };
297
+ };
298
+ readonly optional: {
299
+ readonly type: "array";
300
+ readonly items: {
301
+ readonly type: "string";
302
+ };
303
+ };
304
+ };
305
+ };
306
+ readonly commands: {
307
+ readonly type: "object";
308
+ readonly required: readonly ["supported"];
309
+ readonly additionalProperties: true;
310
+ readonly properties: {
311
+ readonly supported: {
312
+ readonly type: "array";
313
+ readonly minItems: 1;
314
+ readonly items: {
315
+ readonly type: "string";
316
+ readonly enum: readonly ["inspect", "enroll", "grant", "revoke", "status"];
317
+ };
318
+ };
319
+ readonly grant_types: {
320
+ readonly type: "array";
321
+ readonly items: {
322
+ readonly type: "string";
323
+ };
324
+ };
325
+ };
326
+ };
327
+ readonly core: {
328
+ readonly type: "object";
329
+ readonly additionalProperties: true;
330
+ readonly properties: {
331
+ readonly signing_algorithms: {
332
+ readonly type: "array";
333
+ readonly minItems: 1;
334
+ readonly items: {
335
+ readonly type: "string";
336
+ };
337
+ };
338
+ };
339
+ };
340
+ readonly extensions: {
341
+ readonly type: "object";
342
+ readonly additionalProperties: true;
343
+ readonly properties: {
344
+ readonly supported: {
345
+ readonly type: "array";
346
+ readonly items: {
347
+ readonly type: "string";
348
+ };
349
+ };
350
+ };
351
+ };
352
+ readonly http: {
353
+ readonly type: "object";
354
+ readonly required: readonly ["endpoint_base"];
355
+ readonly additionalProperties: true;
356
+ readonly properties: {
357
+ readonly endpoint_base: {
358
+ readonly type: "string";
359
+ readonly pattern: "^/";
360
+ };
361
+ };
362
+ };
363
+ readonly identity: {
364
+ readonly type: "object";
365
+ readonly required: readonly ["methods"];
366
+ readonly additionalProperties: true;
367
+ readonly properties: {
368
+ readonly methods: {
369
+ readonly type: "array";
370
+ readonly minItems: 1;
371
+ readonly items: {
372
+ readonly type: "string";
373
+ readonly pattern: "^[a-z0-9]+(?::[a-z0-9]+)*(?:-[a-z0-9]+)*$";
374
+ };
375
+ };
376
+ };
377
+ };
378
+ readonly service: {
379
+ readonly type: "object";
380
+ readonly required: readonly ["did"];
381
+ readonly additionalProperties: true;
382
+ readonly properties: {
383
+ readonly did: {
384
+ readonly type: "string";
385
+ readonly pattern: "^did:";
386
+ };
387
+ };
388
+ };
389
+ };
390
+ };
391
+
392
+ export { AEP_AUTHENTICATED_COMMANDS, AEP_AUTH_SCHEME, AEP_BINDINGS, AEP_BUILT_IN_GRANT_TYPES, AEP_COMMANDS, AEP_GRANT_TYPE_API_KEY, AEP_GRANT_TYPE_BASIC, AEP_GRANT_TYPE_OAUTH_BEARER, AEP_IDENTITY_METHOD_DID_WEB, AEP_MEDIA_TYPE, AEP_PROBLEM_MEDIA_TYPE, AEP_SIGNING_ALGORITHMS, AEP_VERSION, AEP_WELL_KNOWN_PATH, type AepAgentStatus, type AepAuthenticatedCommand, type AepBinding, type AepBuiltInGrantResponse, type AepBuiltInGrantType, type AepClientAssertionClaims, type AepCommand, type AepEnrollmentStatus, type AepErrorCode, type AepExtensibleString, type AepGrantType, type AepHttpCommand, type AepIdentityMethod, type AepImportableJoseKey, type AepJoseKey, type AepJwtVerifyKeyResolver, type AepPemKey, type AepPemKeyFormat, type AepProblemDetails, type AepSigningAlgorithm, AepValidationError, type ApiKeyGrantResponse, type BasicGrantResponse, DEFAULT_HTTP_ENDPOINT_BASE, type DecodedJwtParts, type DidWebFetchLike, type EnrollRequest, type EnrollResponse, type GrantRequest, type InspectDocument, type OAuthBearerGrantResponse, type ResolveDidWebPublicKeyOptions, type RevokeRequest, type RevokeResponse, type SignClientAssertionJwtOptions, type StatusResponse, type ValidationIssue, type ValidationResult, type VerifyClientAssertionJwtOptions, commandPath, commandPathFromInspect, createProblemDetails, decodeJwtUnverified, didWebDocumentUrl, importJoseKey, importJwkJoseKey, inspectDocumentSchema, isInspectDocument, normalizeEndpointBase, parseBuiltInGrantResponse, parseClientAssertionClaims, parseEnrollRequest, parseEnrollResponse, parseGrantRequest, parseInspectDocument, parseProblemDetails, parseRevokeRequest, parseRevokeResponse, parseStatusResponse, resolveDidWebPublicKey, signClientAssertionJwt, validateApiKeyGrantResponse, validateBasicGrantResponse, validateBuiltInGrantResponse, validateClientAssertionClaims, validateEnrollRequest, validateEnrollResponse, validateGrantRequest, validateInspectDocument, validateOAuthBearerGrantResponse, validateProblemDetails, validateRevokeRequest, validateRevokeResponse, validateStatusResponse, verifyClientAssertionJwt };