@agenticprimitives/connect-auth 0.1.0-alpha.3 → 1.0.0-alpha.4

package/dist/csrf.d.ts

@@ -1,13 +1,77 @@
 /**
- * Produce a CSRF token bound to the given origin and the current timestamp.
+ * R5.11 — Optional bindings stamped into the CSRF token.
+ *
+ *   `method`     HTTP method (POST, PUT, ...) the token is bound to.
+ *   `path`       Request path the token is bound to. Use the URL pathname
+ *                (not the full URL); query string is excluded.
+ *   `sessionSid` Session id (typically `JwtClaims.sid` from the session
+ *                cookie) so a CSRF token is unusable with a different
+ *                session — defends against an attacker stealing the
+ *                CSRF token alone.
+ *
+ * Empty/undefined bindings on both sides match (legacy callers see no
+ * behavior change at the wire format level). When mint supplies a
+ * binding, verify MUST supply the same value or the token is rejected.
  */
-export declare function csrfTokenFor(origin: string): string;
+export interface CsrfBindings {
+    method?: string;
+    path?: string;
+    sessionSid?: string;
+}
+export interface CsrfMintOpts extends CsrfBindings {
+    origin: string;
+}
+export interface CsrfVerifyOpts extends CsrfBindings {
+    /**
+     * The ACTUAL request origin (from the inbound `Origin` header or the
+     * verified `Referer`). The verifier rejects unless
+     * `stamp.origin === actualOrigin AND actualOrigin ∈ allowedOrigins`.
+     * Pass an empty string only when the caller has explicitly chosen
+     * not to bind to the request origin (e.g. a server-to-server
+     * verifier in a test); in production that path THROWS unless
+     * `developmentMode: true` is set.
+     */
+    actualOrigin: string;
+    /** Exact-match allowlist of acceptable origins (defense in depth). */
+    allowedOrigins: string[];
+    /** Opt-out for tests / dev paths that intentionally lack an origin. */
+    developmentMode?: boolean;
+}
 /**
- * Verify a CSRF token.
- *   - origin (parsed exactly from the token) MUST be in allowedOrigins (exact-match).
- *   - HMAC must match.
- *   - Timestamp must be within the last CSRF_VALIDITY_SECONDS window.
- * Returns true iff all three hold.
+ * Mint a CSRF token bound to the supplied origin (and optionally to a
+ * method / path / session id). The HMAC covers all stamped fields, so
+ * any field tampering invalidates the token.
+ *
+ * R5.11 breaking change: the function signature now takes an opts
+ * object instead of a single `origin` positional arg. Pass
+ * `{ origin }` for the legacy origin-only behavior.
  */
-export declare function verifyCsrf(token: string, allowedOrigins: string[]): boolean;
+export declare function csrfTokenFor(opts: CsrfMintOpts): string;
+/**
+ * Verify a CSRF token. R5.11 breaking change: signature is now
+ * `verifyCsrf(token, opts: CsrfVerifyOpts)`.
+ *
+ *   1. HMAC must verify under `CSRF_SECRET`.
+ *   2. `stamp.ts` must be within the last `CSRF_VALIDITY_SECONDS` window
+ *      (with a small skew for future-ts).
+ *   3. `stamp.origin === opts.actualOrigin` (R5.11 / P1-2).
+ *   4. `opts.actualOrigin ∈ opts.allowedOrigins` (defense in depth).
+ *   5. When the mint side stamped a binding, the verify side MUST
+ *      supply the same value:
+ *        - `stamp.method === opts.method`
+ *        - `stamp.path === opts.path`
+ *        - `stamp.sessionSid === opts.sessionSid`
+ *      Empty / undefined matches empty / undefined. A token minted
+ *      WITHOUT bindings cannot be verified WITH bindings (and vice
+ *      versa) — the comparison is exact.
+ *
+ * Returns true iff all checks pass.
+ *
+ * **Production guard:** when `NODE_ENV=production` AND
+ * `developmentMode !== true`, the function THROWS if `actualOrigin`
+ * is an empty string. A silently-permissive `''` would re-open the
+ * audit finding; failing fast keeps production deploys honest. Tests
+ * / dev opt out via `developmentMode: true`.
+ */
+export declare function verifyCsrf(token: string, opts: CsrfVerifyOpts): boolean;
 //# sourceMappingURL=csrf.d.ts.map

package/dist/csrf.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"csrf.d.ts","sourceRoot":"","sources":["../src/csrf.ts"],"names":[],"mappings":"AA0CA;;GAEG;AACH,wBAAgB,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAOnD;AAED;;;;;;GAMG;AACH,wBAAgB,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,EAAE,GAAG,OAAO,CAyB3E"}
+{"version":3,"file":"csrf.d.ts","sourceRoot":"","sources":["../src/csrf.ts"],"names":[],"mappings":"AA2EA;;;;;;;;;;;;;;GAcG;AACH,MAAM,WAAW,YAAY;IAC3B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,YAAa,SAAQ,YAAY;IAChD,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,cAAe,SAAQ,YAAY;IAClD;;;;;;;;OAQG;IACH,YAAY,EAAE,MAAM,CAAC;IACrB,sEAAsE;IACtE,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,uEAAuE;IACvE,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B;AAUD;;;;;;;;GAQG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,YAAY,GAAG,MAAM,CAavD;AAED;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,wBAAgB,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,cAAc,GAAG,OAAO,CAkDvE"}

package/dist/csrf.js

@@ -1,7 +1,31 @@
-// CSRF tokens: HMAC-stamped origin + timestamp.
-// Token format: base64url(JSON.stringify({origin, ts})).base64url(hmac).
-// verifyCsrf checks: origin ∈ allowlist (exact match), ts ∈ recent window,
-// HMAC valid. Constant-time compare.
+// CSRF tokens: HMAC-stamped origin (+ optional method / path / session) +
+// timestamp.
+//
+// R5.11 / PKG-CONNECT-AUTH-004 (external audit P1-2):
+//
+//   Pre-R5.11 the verifier only checked the token's SIGNED origin
+//   against an allowlist. It never compared to the request's ACTUAL
+//   origin — so a token legitimately minted for `https://app.com`
+//   (signed, in allowlist) would pass even when the request itself
+//   came from `https://evil.com`. The double-submit cookie pattern
+//   helps but doesn't bind the verifier to the request origin.
+//
+//   Post-R5.11 `verifyCsrf` takes an explicit `actualOrigin` opt and
+//   rejects unless `stamp.origin === actualOrigin AND actualOrigin
+//   ∈ allowedOrigins`. The actual request origin is the load-bearing
+//   check; the allowlist is defense in depth.
+//
+//   Additionally, the audit row PKG-CONNECT-AUTH-004 also flagged
+//   that a token usable on `POST /transfer` is also usable on
+//   `POST /grant-admin` — no method/path/session binding. R5.11 adds
+//   optional `method` / `path` / `sessionSid` bindings: both mint
+//   and verify must agree on them, and when supplied they're stamped
+//   into the HMAC. Empty matches empty so legacy "origin only"
+//   callers keep working at the wire level.
+//
+// Token format (unchanged shape; new fields nullable):
+//   base64url(JSON.stringify({origin, ts, method?, path?, sessionSid?}))
+//     . base64url(hmac)
 import { hmac } from '@noble/hashes/hmac';
 import { sha256 } from '@noble/hashes/sha256';
 import { hexToBytes } from 'viem';
@@ -36,25 +60,76 @@ function constantTimeEqual(a, b) {
         diff |= (a[i] ?? 0) ^ (b[i] ?? 0);
     return diff === 0;
 }
+function isProduction(opts) {
+    if (opts?.developmentMode === true)
+        return false;
+    try {
+        return typeof process !== 'undefined' && process.env?.NODE_ENV === 'production';
+    }
+    catch {
+        return false;
+    }
+}
 /**
- * Produce a CSRF token bound to the given origin and the current timestamp.
+ * Mint a CSRF token bound to the supplied origin (and optionally to a
+ * method / path / session id). The HMAC covers all stamped fields, so
+ * any field tampering invalidates the token.
+ *
+ * R5.11 breaking change: the function signature now takes an opts
+ * object instead of a single `origin` positional arg. Pass
+ * `{ origin }` for the legacy origin-only behavior.
  */
-export function csrfTokenFor(origin) {
+export function csrfTokenFor(opts) {
     const secret = loadCsrfSecret();
     const ts = Math.floor(Date.now() / 1000);
-    const stamp = JSON.stringify({ origin, ts });
-    const stampEnc = base64urlEncode(stamp);
+    const stamp = { origin: opts.origin, ts };
+    // Only include binding fields when supplied — keeps the wire format
+    // tight for legacy callers + makes intent visible in audit logs.
+    if (opts.method !== undefined)
+        stamp.method = opts.method;
+    if (opts.path !== undefined)
+        stamp.path = opts.path;
+    if (opts.sessionSid !== undefined)
+        stamp.sessionSid = opts.sessionSid;
+    const stampEnc = base64urlEncode(JSON.stringify(stamp));
     const sig = hmac(sha256, secret, new TextEncoder().encode(stampEnc));
     return `${stampEnc}.${base64urlEncode(sig)}`;
 }
 /**
- * Verify a CSRF token.
- *   - origin (parsed exactly from the token) MUST be in allowedOrigins (exact-match).
- *   - HMAC must match.
- *   - Timestamp must be within the last CSRF_VALIDITY_SECONDS window.
- * Returns true iff all three hold.
+ * Verify a CSRF token. R5.11 breaking change: signature is now
+ * `verifyCsrf(token, opts: CsrfVerifyOpts)`.
+ *
+ *   1. HMAC must verify under `CSRF_SECRET`.
+ *   2. `stamp.ts` must be within the last `CSRF_VALIDITY_SECONDS` window
+ *      (with a small skew for future-ts).
+ *   3. `stamp.origin === opts.actualOrigin` (R5.11 / P1-2).
+ *   4. `opts.actualOrigin ∈ opts.allowedOrigins` (defense in depth).
+ *   5. When the mint side stamped a binding, the verify side MUST
+ *      supply the same value:
+ *        - `stamp.method === opts.method`
+ *        - `stamp.path === opts.path`
+ *        - `stamp.sessionSid === opts.sessionSid`
+ *      Empty / undefined matches empty / undefined. A token minted
+ *      WITHOUT bindings cannot be verified WITH bindings (and vice
+ *      versa) — the comparison is exact.
+ *
+ * Returns true iff all checks pass.
+ *
+ * **Production guard:** when `NODE_ENV=production` AND
+ * `developmentMode !== true`, the function THROWS if `actualOrigin`
+ * is an empty string. A silently-permissive `''` would re-open the
+ * audit finding; failing fast keeps production deploys honest. Tests
+ * / dev opt out via `developmentMode: true`.
  */
-export function verifyCsrf(token, allowedOrigins) {
+export function verifyCsrf(token, opts) {
+    if (isProduction(opts)) {
+        if (!opts.actualOrigin || opts.actualOrigin.length === 0) {
+            throw new Error('[connect-auth] verifyCsrf requires a non-empty `actualOrigin` in production. ' +
+                'Without it the request-origin binding is bypassed, re-opening the R5.11 / P1-2 ' +
+                'finding. Pass the inbound `Origin` header (or parsed `Referer`) as ' +
+                'opts.actualOrigin; for tests, pass `developmentMode: true`.');
+        }
+    }
     if (!token)
         return false;
     const parts = token.split('.');
@@ -70,9 +145,25 @@ export function verifyCsrf(token, allowedOrigins) {
     }
     if (typeof stamp.origin !== 'string' || typeof stamp.ts !== 'number')
         return false;
-    // Exact-match parsed URL allowlist (per spec §6) — origins are compared verbatim,
-    // never substring.
-    if (!allowedOrigins.includes(stamp.origin))
+    // R5.11 / P1-2: bind the verifier to the ACTUAL request origin.
+    // The verifier MUST be told the actual origin (we don't reach into
+    // an HTTP request here — that's the caller's concern). If actualOrigin
+    // is empty / missing, the check rejects (production gate above throws).
+    if (!opts.actualOrigin || stamp.origin !== opts.actualOrigin)
+        return false;
+    // Defense in depth: even when actualOrigin matches, it must be in
+    // the operator-curated allowlist. Catches a misconfigured caller
+    // that wires the wrong header into `actualOrigin`.
+    if (!opts.allowedOrigins.includes(opts.actualOrigin))
+        return false;
+    // R5.11: method / path / sessionSid bindings. Empty matches empty.
+    // The stamp has the value iff mint supplied it; the same applies to
+    // opts. A mismatched declaration on either side rejects.
+    if ((stamp.method ?? undefined) !== (opts.method ?? undefined))
+        return false;
+    if ((stamp.path ?? undefined) !== (opts.path ?? undefined))
+        return false;
+    if ((stamp.sessionSid ?? undefined) !== (opts.sessionSid ?? undefined))
         return false;
     const now = Math.floor(Date.now() / 1000);
     if (now - stamp.ts > CSRF_VALIDITY_SECONDS || now < stamp.ts)

package/dist/csrf.js.map

@@ -1 +1 @@
-{"version":3,"file":"csrf.js","sourceRoot":"","sources":["../src/csrf.ts"],"names":[],"mappings":"AAAA,gDAAgD;AAChD,yEAAyE;AACzE,2EAA2E;AAC3E,qCAAqC;AAErC,OAAO,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAC1C,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,UAAU,EAAE,MAAM,MAAM,CAAC;AAElC,MAAM,qBAAqB,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,SAAS;AAEhD,SAAS,cAAc;IACrB,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC;IACpC,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CAAC,iFAAiF,CAAC,CAAC;IACrG,CAAC;IACD,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAE,GAAqB,CAAC,CAAC,CAAE,KAAK,GAAG,EAAoB,CAAC,CAAC;IACxG,IAAI,KAAK,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;IAC3E,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,eAAe,CAAC,CAAsB;IAC7C,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACrE,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACjD,OAAO,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AACxE,CAAC;AAED,SAAS,eAAe,CAAC,CAAS;IAChC,IAAI,MAAM,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACrD,OAAO,MAAM,CAAC,MAAM,GAAG,CAAC;QAAE,MAAM,IAAI,GAAG,CAAC;IACxC,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;AACvD,CAAC;AAED,SAAS,iBAAiB,CAAC,CAAa,EAAE,CAAa;IACrD,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IACxC,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IACrE,OAAO,IAAI,KAAK,CAAC,CAAC;AACpB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,MAAc;IACzC,MAAM,MAAM,GAAG,cAAc,EAAE,CAAC;IAChC,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IACzC,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC;IAC7C,MAAM,QAAQ,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACxC,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;IACrE,OAAO,GAAG,QAAQ,IAAI,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC;AAC/C,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,UAAU,CAAC,KAAa,EAAE,cAAwB;IAChE,IAAI,CAAC,KAAK;QAAE,OAAO,KAAK,CAAC;IACzB,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACrC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,GAAG,KAAyB,CAAC;IAErD,IAAI,KAAuC,CAAC;IAC5C,IAAI,CAAC;QACH,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;IAC1E,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,OAAO,KAAK,CAAC,MAAM,KAAK,QAAQ,IAAI,OAAO,KAAK,CAAC,EAAE,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAEnF,kFAAkF;IAClF,mBAAmB;IACnB,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC;QAAE,OAAO,KAAK,CAAC;IAEzD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,IAAI,GAAG,GAAG,KAAK,CAAC,EAAE,GAAG,qBAAqB,IAAI,GAAG,GAAG,KAAK,CAAC,EAAE;QAAE,OAAO,KAAK,CAAC;IAE3E,MAAM,MAAM,GAAG,cAAc,EAAE,CAAC;IAChC,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC1E,MAAM,SAAS,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;IAC1C,OAAO,iBAAiB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;AAChD,CAAC"}
+{"version":3,"file":"csrf.js","sourceRoot":"","sources":["../src/csrf.ts"],"names":[],"mappings":"AAAA,0EAA0E;AAC1E,aAAa;AACb,EAAE;AACF,sDAAsD;AACtD,EAAE;AACF,kEAAkE;AAClE,oEAAoE;AACpE,kEAAkE;AAClE,mEAAmE;AACnE,mEAAmE;AACnE,+DAA+D;AAC/D,EAAE;AACF,qEAAqE;AACrE,mEAAmE;AACnE,qEAAqE;AACrE,8CAA8C;AAC9C,EAAE;AACF,kEAAkE;AAClE,8DAA8D;AAC9D,qEAAqE;AACrE,kEAAkE;AAClE,qEAAqE;AACrE,+DAA+D;AAC/D,4CAA4C;AAC5C,EAAE;AACF,uDAAuD;AACvD,yEAAyE;AACzE,wBAAwB;AAExB,OAAO,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAC1C,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,UAAU,EAAE,MAAM,MAAM,CAAC;AAElC,MAAM,qBAAqB,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,SAAS;AAEhD,SAAS,cAAc;IACrB,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC;IACpC,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CAAC,iFAAiF,CAAC,CAAC;IACrG,CAAC;IACD,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAE,GAAqB,CAAC,CAAC,CAAE,KAAK,GAAG,EAAoB,CAAC,CAAC;IACxG,IAAI,KAAK,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;IAC3E,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,eAAe,CAAC,CAAsB;IAC7C,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACrE,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACjD,OAAO,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AACxE,CAAC;AAED,SAAS,eAAe,CAAC,CAAS;IAChC,IAAI,MAAM,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACrD,OAAO,MAAM,CAAC,MAAM,GAAG,CAAC;QAAE,MAAM,IAAI,GAAG,CAAC;IACxC,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;AACvD,CAAC;AAED,SAAS,iBAAiB,CAAC,CAAa,EAAE,CAAa;IACrD,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IACxC,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IACrE,OAAO,IAAI,KAAK,CAAC,CAAC;AACpB,CAAC;AAED,SAAS,YAAY,CAAC,IAAoC;IACxD,IAAI,IAAI,EAAE,eAAe,KAAK,IAAI;QAAE,OAAO,KAAK,CAAC;IACjD,IAAI,CAAC;QACH,OAAO,OAAO,OAAO,KAAK,WAAW,IAAI,OAAO,CAAC,GAAG,EAAE,QAAQ,KAAK,YAAY,CAAC;IAClF,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAoDD;;;;;;;;GAQG;AACH,MAAM,UAAU,YAAY,CAAC,IAAkB;IAC7C,MAAM,MAAM,GAAG,cAAc,EAAE,CAAC;IAChC,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IACzC,MAAM,KAAK,GAAU,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,EAAE,EAAE,CAAC;IACjD,oEAAoE;IACpE,iEAAiE;IACjE,IAAI,IAAI,CAAC,MAAM,KAAK,SAAS;QAAE,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;IAC1D,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS;QAAE,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;IACpD,IAAI,IAAI,CAAC,UAAU,KAAK,SAAS;QAAE,KAAK,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC;IAEtE,MAAM,QAAQ,GAAG,eAAe,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;IACxD,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;IACrE,OAAO,GAAG,QAAQ,IAAI,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC;AAC/C,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,MAAM,UAAU,UAAU,CAAC,KAAa,EAAE,IAAoB;IAC5D,IAAI,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC;QACvB,IAAI,CAAC,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzD,MAAM,IAAI,KAAK,CACb,+EAA+E;gBAC7E,iFAAiF;gBACjF,qEAAqE;gBACrE,6DAA6D,CAChE,CAAC;QACJ,CAAC;IACH,CAAC;IAED,IAAI,CAAC,KAAK;QAAE,OAAO,KAAK,CAAC;IACzB,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACrC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,GAAG,KAAyB,CAAC;IAErD,IAAI,KAAqB,CAAC;IAC1B,IAAI,CAAC;QACH,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;IAC1E,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,OAAO,KAAK,CAAC,MAAM,KAAK,QAAQ,IAAI,OAAO,KAAK,CAAC,EAAE,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAEnF,gEAAgE;IAChE,mEAAmE;IACnE,uEAAuE;IACvE,wEAAwE;IACxE,IAAI,CAAC,IAAI,CAAC,YAAY,IAAI,KAAK,CAAC,MAAM,KAAK,IAAI,CAAC,YAAY;QAAE,OAAO,KAAK,CAAC;IAE3E,kEAAkE;IAClE,iEAAiE;IACjE,mDAAmD;IACnD,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC;QAAE,OAAO,KAAK,CAAC;IAEnE,mEAAmE;IACnE,oEAAoE;IACpE,yDAAyD;IACzD,IAAI,CAAC,KAAK,CAAC,MAAM,IAAI,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,IAAI,SAAS,CAAC;QAAE,OAAO,KAAK,CAAC;IAC7E,IAAI,CAAC,KAAK,CAAC,IAAI,IAAI,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,IAAI,SAAS,CAAC;QAAE,OAAO,KAAK,CAAC;IACzE,IAAI,CAAC,KAAK,CAAC,UAAU,IAAI,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,IAAI,SAAS,CAAC;QAAE,OAAO,KAAK,CAAC;IAErF,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,IAAI,GAAG,GAAG,KAAK,CAAC,EAAE,GAAG,qBAAqB,IAAI,GAAG,GAAG,KAAK,CAAC,EAAE;QAAE,OAAO,KAAK,CAAC;IAE3E,MAAM,MAAM,GAAG,cAAc,EAAE,CAAC;IAChC,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC1E,MAAM,SAAS,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;IAC1C,OAAO,iBAAiB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;AAChD,CAAC"}

package/dist/index.d.ts

@@ -1,5 +1,5 @@
-export { mintSession, verifySession, SESSION_COOKIE, SESSION_TTL_SECONDS } from './sessions';
-export { csrfTokenFor, verifyCsrf } from './csrf';
+export { mintSession, verifySession, SESSION_COOKIE, SESSION_TTL_SECONDS, DEFAULT_SESSION_CLOCK_SKEW_SEC, type VerifySessionOpts, } from './sessions';
+export { csrfTokenFor, verifyCsrf, type CsrfBindings, type CsrfMintOpts, type CsrfVerifyOpts, } from './csrf';
 export { deriveSaltFromLabel, deriveSaltFromEmail, type DeriveSaltFromEmailOpts } from './salt';
 export { ERC1271_MAGIC, ERC6492_MAGIC, universalSignatureValidatorAbi, verifyUserSignature, verifyUserSignatureView, isErc6492Wrapped, } from './verify-signature';
 export type { SignatureVerifyResult, VerifyUserSignatureArgs, UniversalValidatorClient, } from './verify-signature';

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,cAAc,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AAC7F,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAClD,OAAO,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,KAAK,uBAAuB,EAAE,MAAM,QAAQ,CAAC;AAChG,OAAO,EACL,aAAa,EACb,aAAa,EACb,8BAA8B,EAC9B,mBAAmB,EACnB,uBAAuB,EACvB,gBAAgB,GACjB,MAAM,oBAAoB,CAAC;AAC5B,YAAY,EACV,qBAAqB,EACrB,uBAAuB,EACvB,wBAAwB,GACzB,MAAM,oBAAoB,CAAC;AAK5B,OAAO,EACL,MAAM,EACN,eAAe,EACf,eAAe,EACf,iBAAiB,EACjB,aAAa,EACb,sBAAsB,EACtB,uBAAuB,EACvB,sBAAsB,EACtB,aAAa,GACd,MAAM,mBAAmB,CAAC;AAC3B,YAAY,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE9E,YAAY,EACV,OAAO,EACP,GAAG,EACH,UAAU,EACV,SAAS,EACT,iBAAiB,EACjB,eAAe,EACf,cAAc,EACd,MAAM,EACN,gBAAgB,EAChB,aAAa,EACb,SAAS,EACT,SAAS,GACV,MAAM,SAAS,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAIA,OAAO,EACL,WAAW,EACX,aAAa,EACb,cAAc,EACd,mBAAmB,EACnB,8BAA8B,EAC9B,KAAK,iBAAiB,GACvB,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,YAAY,EACZ,UAAU,EACV,KAAK,YAAY,EACjB,KAAK,YAAY,EACjB,KAAK,cAAc,GACpB,MAAM,QAAQ,CAAC;AAChB,OAAO,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,KAAK,uBAAuB,EAAE,MAAM,QAAQ,CAAC;AAChG,OAAO,EACL,aAAa,EACb,aAAa,EACb,8BAA8B,EAC9B,mBAAmB,EACnB,uBAAuB,EACvB,gBAAgB,GACjB,MAAM,oBAAoB,CAAC;AAC5B,YAAY,EACV,qBAAqB,EACrB,uBAAuB,EACvB,wBAAwB,GACzB,MAAM,oBAAoB,CAAC;AAK5B,OAAO,EACL,MAAM,EACN,eAAe,EACf,eAAe,EACf,iBAAiB,EACjB,aAAa,EACb,sBAAsB,EACtB,uBAAuB,EACvB,sBAAsB,EACtB,aAAa,GACd,MAAM,mBAAmB,CAAC;AAC3B,YAAY,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE9E,YAAY,EACV,OAAO,EACP,GAAG,EACH,UAAU,EACV,SAAS,EACT,iBAAiB,EACjB,eAAe,EACf,cAAc,EACd,MAAM,EACN,gBAAgB,EAChB,aAAa,EACb,SAAS,EACT,SAAS,GACV,MAAM,SAAS,CAAC"}

package/dist/index.js

@@ -1,8 +1,8 @@
 // @agenticprimitives/connect-auth — public API
 //
 // See ../../specs/200-connect-auth.md for the full contract.
-export { mintSession, verifySession, SESSION_COOKIE, SESSION_TTL_SECONDS } from './sessions';
-export { csrfTokenFor, verifyCsrf } from './csrf';
+export { mintSession, verifySession, SESSION_COOKIE, SESSION_TTL_SECONDS, DEFAULT_SESSION_CLOCK_SKEW_SEC, } from './sessions';
+export { csrfTokenFor, verifyCsrf, } from './csrf';
 export { deriveSaltFromLabel, deriveSaltFromEmail } from './salt';
 export { ERC1271_MAGIC, ERC6492_MAGIC, universalSignatureValidatorAbi, verifyUserSignature, verifyUserSignatureView, isErc6492Wrapped, } from './verify-signature';
 // WebAuthn ceremony helpers (preferred deep import:

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,+CAA+C;AAC/C,EAAE;AACF,6DAA6D;AAE7D,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,cAAc,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AAC7F,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAClD,OAAO,EAAE,mBAAmB,EAAE,mBAAmB,EAAgC,MAAM,QAAQ,CAAC;AAChG,OAAO,EACL,aAAa,EACb,aAAa,EACb,8BAA8B,EAC9B,mBAAmB,EACnB,uBAAuB,EACvB,gBAAgB,GACjB,MAAM,oBAAoB,CAAC;AAO5B,oDAAoD;AACpD,2EAA2E;AAC3E,6BAA6B;AAC7B,OAAO,EACL,MAAM,EACN,eAAe,EACf,eAAe,EACf,iBAAiB,EACjB,aAAa,EACb,sBAAsB,EACtB,uBAAuB,EACvB,sBAAsB,EACtB,aAAa,GACd,MAAM,mBAAmB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,+CAA+C;AAC/C,EAAE;AACF,6DAA6D;AAE7D,OAAO,EACL,WAAW,EACX,aAAa,EACb,cAAc,EACd,mBAAmB,EACnB,8BAA8B,GAE/B,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,YAAY,EACZ,UAAU,GAIX,MAAM,QAAQ,CAAC;AAChB,OAAO,EAAE,mBAAmB,EAAE,mBAAmB,EAAgC,MAAM,QAAQ,CAAC;AAChG,OAAO,EACL,aAAa,EACb,aAAa,EACb,8BAA8B,EAC9B,mBAAmB,EACnB,uBAAuB,EACvB,gBAAgB,GACjB,MAAM,oBAAoB,CAAC;AAO5B,oDAAoD;AACpD,2EAA2E;AAC3E,6BAA6B;AAC7B,OAAO,EACL,MAAM,EACN,eAAe,EACf,eAAe,EACf,iBAAiB,EACjB,aAAa,EACb,sBAAsB,EACtB,uBAAuB,EACvB,sBAAsB,EACtB,aAAa,GACd,MAAM,mBAAmB,CAAC"}

package/dist/sessions.d.ts

@@ -2,14 +2,72 @@ import type { JwtClaims } from './types';
 export declare const SESSION_COOKIE = "agentic-session";
 export declare const SESSION_TTL_SECONDS = 86400;
 /**
- * Mint a JWT session cookie value from claims. Adds iat/exp automatically.
- * Signs with the leftmost key in SESSION_JWT_SECRETS.
+ * R5.10 / PKG-CONNECT-AUTH-003 (external audit P1-1).
+ *
+ * Default clock-skew tolerance applied to `exp` (expiration) and `iat`
+ * (issued-at) checks. 30 s matches the OIDC reference + tolerates the
+ * typical cross-host NTP drift without opening a meaningful replay
+ * window. Override via `verifySession(..., { clockSkewSec })` when
+ * a deployment needs tighter or looser bounds.
  */
-export declare function mintSession(claims: Omit<JwtClaims, 'iat' | 'exp'>): string;
+export declare const DEFAULT_SESSION_CLOCK_SKEW_SEC = 30;
+export interface VerifySessionOpts {
+    /**
+     * Required for production deploys (R5.10 / P1-1). When provided,
+     * `claims.iss` MUST exactly match or the cookie is rejected. Prevents
+     * a sibling broker (same shape, different origin) from authenticating
+     * here. The production gate below throws if this is missing when
+     * `NODE_ENV=production` AND `developmentMode !== true`.
+     */
+    expectedIss?: string;
+    /**
+     * Required for production deploys (R5.10 / P1-1). When provided,
+     * verifies `expectedAud` appears in `claims.aud` (which may be a
+     * string or string[] per RFC 7519 §4.1.3). Stops a session minted
+     * for relying app A from being replayed at relying app B even when
+     * they share the broker.
+     */
+    expectedAud?: string;
+    /** Override default clock-skew tolerance (seconds). */
+    clockSkewSec?: number;
+    /**
+     * Opt out of the production gate (test code, dev-only flows). When
+     * unset, NODE_ENV=production triggers a throw if expectedIss/Aud are
+     * missing.
+     */
+    developmentMode?: boolean;
+}
 /**
- * Verify a JWT cookie value. Returns claims if valid + not expired, else null.
- * Tries every kid in SESSION_JWT_SECRETS — rotation-safe.
+ * Mint a JWT session cookie value from claims. Adds iat/exp + (if
+ * missing) sid automatically. Signs with the leftmost key in
+ * SESSION_JWT_SECRETS.
+ *
+ * R5.10 / PKG-CONNECT-AUTH-003 — `iss` + `aud` are required (no default).
+ * Pass the canonical broker URI as `iss` and the relying app's
+ * audience identifier(s) as `aud`. Without them the resulting session
+ * is unverifiable in production (see {@link verifySession}).
+ */
+export declare function mintSession(claims: Omit<JwtClaims, 'iat' | 'exp' | 'sid'> & {
+    sid?: string;
+}): string;
+/**
+ * Verify a JWT cookie value. Returns claims if valid, else null.
  * Constant-time comparison; no info-leak on which key matched.
+ *
+ * R5.10 / PKG-CONNECT-AUTH-003 (external audit P1-1) — verifies:
+ *   - HMAC signature against every kid in SESSION_JWT_SECRETS (rotation
+ *     tolerant; constant-time)
+ *   - `claims.exp + clockSkewSec >= now` (not expired)
+ *   - `claims.iat - clockSkewSec <= now` (rejects future-iat tokens
+ *     that could carry a wider replay window if a malicious mint server
+ *     issued one)
+ *   - `claims.iss === opts.expectedIss` when provided
+ *   - `opts.expectedAud` ∈ `claims.aud` when provided (claims.aud may
+ *     be a string or string[] per RFC 7519 §4.1.3)
+ *
+ * In `NODE_ENV=production` the helper THROWS if `expectedIss` /
+ * `expectedAud` are missing — they're required for any meaningful
+ * security boundary. Tests/dev opt out with `developmentMode: true`.
  */
-export declare function verifySession(cookieValue: string): JwtClaims | null;
+export declare function verifySession(cookieValue: string, opts?: VerifySessionOpts): JwtClaims | null;
 //# sourceMappingURL=sessions.d.ts.map

package/dist/sessions.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sessions.d.ts","sourceRoot":"","sources":["../src/sessions.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AAEzC,eAAO,MAAM,cAAc,oBAAoB,CAAC;AAChD,eAAO,MAAM,mBAAmB,QAAS,CAAC;AAyE1C;;;GAGG;AACH,wBAAgB,WAAW,CAAC,MAAM,EAAE,IAAI,CAAC,SAAS,EAAE,KAAK,GAAG,KAAK,CAAC,GAAG,MAAM,CAW1E;AAED;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,WAAW,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,CA2CnE"}
+{"version":3,"file":"sessions.d.ts","sourceRoot":"","sources":["../src/sessions.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AAEzC,eAAO,MAAM,cAAc,oBAAoB,CAAC;AAChD,eAAO,MAAM,mBAAmB,QAAS,CAAC;AAyE1C;;;;;;;;GAQG;AACH,eAAO,MAAM,8BAA8B,KAAK,CAAC;AAEjD,MAAM,WAAW,iBAAiB;IAChC;;;;;;OAMG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB;;;;;;OAMG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,uDAAuD;IACvD,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB;;;;OAIG;IACH,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B;AA8BD;;;;;;;;;GASG;AACH,wBAAgB,WAAW,CACzB,MAAM,EAAE,IAAI,CAAC,SAAS,EAAE,KAAK,GAAG,KAAK,GAAG,KAAK,CAAC,GAAG;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAChE,MAAM,CAgBR;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,aAAa,CAC3B,WAAW,EAAE,MAAM,EACnB,IAAI,CAAC,EAAE,iBAAiB,GACvB,SAAS,GAAG,IAAI,CAwFlB"}

package/dist/sessions.js

@@ -76,14 +76,66 @@ function constantTimeEqual(a, b) {
     return diff === 0;
 }
 /**
- * Mint a JWT session cookie value from claims. Adds iat/exp automatically.
- * Signs with the leftmost key in SESSION_JWT_SECRETS.
+ * R5.10 / PKG-CONNECT-AUTH-003 (external audit P1-1).
+ *
+ * Default clock-skew tolerance applied to `exp` (expiration) and `iat`
+ * (issued-at) checks. 30 s matches the OIDC reference + tolerates the
+ * typical cross-host NTP drift without opening a meaningful replay
+ * window. Override via `verifySession(..., { clockSkewSec })` when
+ * a deployment needs tighter or looser bounds.
+ */
+export const DEFAULT_SESSION_CLOCK_SKEW_SEC = 30;
+function isProduction(opts) {
+    if (opts?.developmentMode === true)
+        return false;
+    try {
+        return typeof process !== 'undefined' && process.env?.NODE_ENV === 'production';
+    }
+    catch {
+        /* SES / browsers may throw on process access */
+        return false;
+    }
+}
+function randomSid() {
+    // 128 bits is the canonical OAuth `state` / OIDC `nonce` size.
+    // Worker / Node 18+ / browsers all expose `crypto.getRandomValues`.
+    const bytes = new Uint8Array(16);
+    try {
+        crypto.getRandomValues(bytes);
+    }
+    catch {
+        // Fallback for environments without WebCrypto (vanishingly rare on
+        // the runtimes we support; Math.random is NOT a security boundary
+        // but the sid is one of multiple defense layers, so this is
+        // documentation-grade rather than load-bearing).
+        for (let i = 0; i < bytes.length; i++)
+            bytes[i] = Math.floor(Math.random() * 256);
+    }
+    let s = '';
+    for (const b of bytes)
+        s += b.toString(16).padStart(2, '0');
+    return s;
+}
+/**
+ * Mint a JWT session cookie value from claims. Adds iat/exp + (if
+ * missing) sid automatically. Signs with the leftmost key in
+ * SESSION_JWT_SECRETS.
+ *
+ * R5.10 / PKG-CONNECT-AUTH-003 — `iss` + `aud` are required (no default).
+ * Pass the canonical broker URI as `iss` and the relying app's
+ * audience identifier(s) as `aud`. Without them the resulting session
+ * is unverifiable in production (see {@link verifySession}).
  */
 export function mintSession(claims) {
     const keys = loadKeys();
     const signer = keys[0];
     const now = Math.floor(Date.now() / 1000);
-    const payload = { ...claims, iat: now, exp: now + SESSION_TTL_SECONDS };
+    const payload = {
+        ...claims,
+        sid: claims.sid ?? randomSid(),
+        iat: now,
+        exp: now + SESSION_TTL_SECONDS,
+    };
     const header = { ...JWT_HEADER, kid: signer.kid };
     const headerEnc = base64urlEncode(JSON.stringify(header));
     const payloadEnc = base64urlEncode(JSON.stringify(payload));
@@ -92,11 +144,39 @@ export function mintSession(claims) {
     return `${signingInput}.${base64urlEncode(sig)}`;
 }
 /**
- * Verify a JWT cookie value. Returns claims if valid + not expired, else null.
- * Tries every kid in SESSION_JWT_SECRETS — rotation-safe.
+ * Verify a JWT cookie value. Returns claims if valid, else null.
  * Constant-time comparison; no info-leak on which key matched.
+ *
+ * R5.10 / PKG-CONNECT-AUTH-003 (external audit P1-1) — verifies:
+ *   - HMAC signature against every kid in SESSION_JWT_SECRETS (rotation
+ *     tolerant; constant-time)
+ *   - `claims.exp + clockSkewSec >= now` (not expired)
+ *   - `claims.iat - clockSkewSec <= now` (rejects future-iat tokens
+ *     that could carry a wider replay window if a malicious mint server
+ *     issued one)
+ *   - `claims.iss === opts.expectedIss` when provided
+ *   - `opts.expectedAud` ∈ `claims.aud` when provided (claims.aud may
+ *     be a string or string[] per RFC 7519 §4.1.3)
+ *
+ * In `NODE_ENV=production` the helper THROWS if `expectedIss` /
+ * `expectedAud` are missing — they're required for any meaningful
+ * security boundary. Tests/dev opt out with `developmentMode: true`.
  */
-export function verifySession(cookieValue) {
+export function verifySession(cookieValue, opts) {
+    if (isProduction(opts)) {
+        if (!opts?.expectedIss) {
+            throw new Error('[connect-auth] verifySession requires `expectedIss` in production. ' +
+                'Without it any session cookie minted by any broker passes the iss check, ' +
+                'defeating the R5.10 / P1-1 closure. Pass the canonical broker URI as ' +
+                'opts.expectedIss; for tests, pass `developmentMode: true`.');
+        }
+        if (!opts?.expectedAud) {
+            throw new Error('[connect-auth] verifySession requires `expectedAud` in production. ' +
+                'Without it a session minted for relying app A can be replayed at ' +
+                'relying app B even when they share the broker. Pass the relying app ' +
+                'audience id as opts.expectedAud; for tests, pass `developmentMode: true`.');
+        }
+    }
     if (!cookieValue)
         return null;
     const parts = cookieValue.split('.');
@@ -136,8 +216,36 @@ export function verifySession(cookieValue) {
     if (!ok)
         return null;
     const now = Math.floor(Date.now() / 1000);
-    if (typeof claims.exp !== 'number' || claims.exp < now)
+    const skew = opts?.clockSkewSec ?? DEFAULT_SESSION_CLOCK_SKEW_SEC;
+    // Expiration check with skew (canonical RFC 7519 §4.1.4).
+    if (typeof claims.exp !== 'number' || claims.exp + skew < now)
         return null;
+    // R5.10: future-iat reject (defends against a misconfigured /
+    // malicious mint server emitting tokens with iat well in the future,
+    // which would otherwise outlive the TTL window).
+    if (typeof claims.iat !== 'number' || claims.iat - skew > now)
+        return null;
+    // R5.10: iss binding (when expected).
+    if (opts?.expectedIss !== undefined) {
+        if (typeof claims.iss !== 'string' || claims.iss !== opts.expectedIss)
+            return null;
+    }
+    // R5.10: aud binding (when expected). claims.aud may be a string or
+    // a string[]; expectedAud must appear (RFC 7519 §4.1.3).
+    if (opts?.expectedAud !== undefined) {
+        const aud = claims.aud;
+        if (typeof aud === 'string') {
+            if (aud !== opts.expectedAud)
+                return null;
+        }
+        else if (Array.isArray(aud)) {
+            if (!aud.includes(opts.expectedAud))
+                return null;
+        }
+        else {
+            return null;
+        }
+    }
     return claims;
 }
 //# sourceMappingURL=sessions.js.map

package/dist/sessions.js.map

@@ -1 +1 @@
-{"version":3,"file":"sessions.js","sourceRoot":"","sources":["../src/sessions.ts"],"names":[],"mappings":"AAAA,0CAA0C;AAC1C,EAAE;AACF,+EAA+E;AAC/E,kFAAkF;AAClF,0DAA0D;AAE1D,OAAO,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAC1C,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,UAAU,EAAE,MAAM,MAAM,CAAC;AAGlC,MAAM,CAAC,MAAM,cAAc,GAAG,iBAAiB,CAAC;AAChD,MAAM,CAAC,MAAM,mBAAmB,GAAG,MAAM,CAAC,CAAC,MAAM;AAEjD,MAAM,UAAU,GAAG,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;AAOhD,SAAS,QAAQ;IACf,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;IAC5C,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CACb,+GAA+G,CAChH,CAAC;IACJ,CAAC;IACD,MAAM,GAAG,GAAiB,EAAE,CAAC;IAC7B,KAAK,MAAM,KAAK,IAAI,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QACnC,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;QAC7B,IAAI,CAAC,OAAO;YAAE,SAAS;QACvB,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACjC,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,sDAAsD,OAAO,wBAAwB,CAAC,CAAC;QACzG,CAAC;QACD,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QAClC,IAAI,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;QACjC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC;YAAE,GAAG,GAAG,IAAI,GAAG,GAAG,CAAC;QAC5C,MAAM,MAAM,GAAG,UAAU,CAAC,GAAoB,CAAC,CAAC;QAChD,IAAI,MAAM,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC,0CAA0C,GAAG,+BAA+B,CAAC,CAAC;QAChG,CAAC;QACD,GAAG,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,CAAC,CAAC;IAC5B,CAAC;IACD,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrB,MAAM,IAAI,KAAK,CAAC,gEAAgE,CAAC,CAAC;IACpF,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,eAAe,CAAC,KAA0B;IACjD,MAAM,IAAI,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;IACjF,IAAI,CAAC,GAAG,EAAE,CAAC;IACX,sCAAsC;IACtC,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;QAClC,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC3C,CAAC;SAAM,CAAC;QACN,0DAA0D;QAC1D,IAAI,GAAG,GAAG,EAAE,CAAC;QACb,KAAK,MAAM,CAAC,IAAI,IAAI;YAAE,GAAG,IAAI,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACpD,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;IAChB,CAAC;IACD,OAAO,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AACtE,CAAC;AAED,SAAS,eAAe,CAAC,CAAS;IAChC,IAAI,MAAM,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACrD,OAAO,MAAM,CAAC,MAAM,GAAG,CAAC;QAAE,MAAM,IAAI,GAAG,CAAC;IACxC,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;QAClC,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;IACvD,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;IACzB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACvC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAChE,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,iBAAiB,CAAC,CAAa,EAAE,CAAa;IACrD,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IACxC,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IACrE,OAAO,IAAI,KAAK,CAAC,CAAC;AACpB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,WAAW,CAAC,MAAsC;IAChE,MAAM,IAAI,GAAG,QAAQ,EAAE,CAAC;IACxB,MAAM,MAAM,GAAG,IAAI,CAAC,CAAC,CAAE,CAAC;IACxB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,MAAM,OAAO,GAAc,EAAE,GAAG,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,GAAG,mBAAmB,EAAE,CAAC;IACnF,MAAM,MAAM,GAAG,EAAE,GAAG,UAAU,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,CAAC;IAClD,MAAM,SAAS,GAAG,eAAe,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IAC1D,MAAM,UAAU,GAAG,eAAe,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;IAC5D,MAAM,YAAY,GAAG,GAAG,SAAS,IAAI,UAAU,EAAE,CAAC;IAClD,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC;IAChF,OAAO,GAAG,YAAY,IAAI,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC;AACnD,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,WAAmB;IAC/C,IAAI,CAAC,WAAW;QAAE,OAAO,IAAI,CAAC;IAC9B,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACrC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACpC,MAAM,CAAC,SAAS,EAAE,UAAU,EAAE,MAAM,CAAC,GAAG,KAAiC,CAAC;IAE1E,IAAI,MAAsC,CAAC;IAC3C,IAAI,MAAiB,CAAC;IACtB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;QAC1E,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAC7E,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,MAAM,CAAC,GAAG,KAAK,OAAO;QAAE,OAAO,IAAI,CAAC;IAExC,MAAM,YAAY,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;IAC7C,MAAM,YAAY,GAAG,GAAG,SAAS,IAAI,UAAU,EAAE,CAAC;IAElD,IAAI,IAAkB,CAAC;IACvB,IAAI,CAAC;QACH,IAAI,GAAG,QAAQ,EAAE,CAAC;IACpB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IAED,yEAAyE;IACzE,MAAM,OAAO,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,MAAM,CAAC,GAAG,CAAC,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAE/H,IAAI,EAAE,GAAG,KAAK,CAAC;IACf,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC;QAChF,IAAI,iBAAiB,CAAC,QAAQ,EAAE,YAAY,CAAC,EAAE,CAAC;YAC9C,EAAE,GAAG,IAAI,CAAC;YACV,MAAM;QACR,CAAC;IACH,CAAC;IACD,IAAI,CAAC,EAAE;QAAE,OAAO,IAAI,CAAC;IAErB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,IAAI,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ,IAAI,MAAM,CAAC,GAAG,GAAG,GAAG;QAAE,OAAO,IAAI,CAAC;IAEpE,OAAO,MAAM,CAAC;AAChB,CAAC"}
+{"version":3,"file":"sessions.js","sourceRoot":"","sources":["../src/sessions.ts"],"names":[],"mappings":"AAAA,0CAA0C;AAC1C,EAAE;AACF,+EAA+E;AAC/E,kFAAkF;AAClF,0DAA0D;AAE1D,OAAO,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAC1C,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,UAAU,EAAE,MAAM,MAAM,CAAC;AAGlC,MAAM,CAAC,MAAM,cAAc,GAAG,iBAAiB,CAAC;AAChD,MAAM,CAAC,MAAM,mBAAmB,GAAG,MAAM,CAAC,CAAC,MAAM;AAEjD,MAAM,UAAU,GAAG,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;AAOhD,SAAS,QAAQ;IACf,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;IAC5C,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CACb,+GAA+G,CAChH,CAAC;IACJ,CAAC;IACD,MAAM,GAAG,GAAiB,EAAE,CAAC;IAC7B,KAAK,MAAM,KAAK,IAAI,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QACnC,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;QAC7B,IAAI,CAAC,OAAO;YAAE,SAAS;QACvB,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACjC,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,sDAAsD,OAAO,wBAAwB,CAAC,CAAC;QACzG,CAAC;QACD,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QAClC,IAAI,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;QACjC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC;YAAE,GAAG,GAAG,IAAI,GAAG,GAAG,CAAC;QAC5C,MAAM,MAAM,GAAG,UAAU,CAAC,GAAoB,CAAC,CAAC;QAChD,IAAI,MAAM,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC,0CAA0C,GAAG,+BAA+B,CAAC,CAAC;QAChG,CAAC;QACD,GAAG,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,CAAC,CAAC;IAC5B,CAAC;IACD,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrB,MAAM,IAAI,KAAK,CAAC,gEAAgE,CAAC,CAAC;IACpF,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,eAAe,CAAC,KAA0B;IACjD,MAAM,IAAI,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;IACjF,IAAI,CAAC,GAAG,EAAE,CAAC;IACX,sCAAsC;IACtC,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;QAClC,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC3C,CAAC;SAAM,CAAC;QACN,0DAA0D;QAC1D,IAAI,GAAG,GAAG,EAAE,CAAC;QACb,KAAK,MAAM,CAAC,IAAI,IAAI;YAAE,GAAG,IAAI,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACpD,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;IAChB,CAAC;IACD,OAAO,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AACtE,CAAC;AAED,SAAS,eAAe,CAAC,CAAS;IAChC,IAAI,MAAM,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACrD,OAAO,MAAM,CAAC,MAAM,GAAG,CAAC;QAAE,MAAM,IAAI,GAAG,CAAC;IACxC,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;QAClC,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;IACvD,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;IACzB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACvC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAChE,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,iBAAiB,CAAC,CAAa,EAAE,CAAa;IACrD,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IACxC,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IACrE,OAAO,IAAI,KAAK,CAAC,CAAC;AACpB,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,MAAM,8BAA8B,GAAG,EAAE,CAAC;AA6BjD,SAAS,YAAY,CAAC,IAAwB;IAC5C,IAAI,IAAI,EAAE,eAAe,KAAK,IAAI;QAAE,OAAO,KAAK,CAAC;IACjD,IAAI,CAAC;QACH,OAAO,OAAO,OAAO,KAAK,WAAW,IAAI,OAAO,CAAC,GAAG,EAAE,QAAQ,KAAK,YAAY,CAAC;IAClF,CAAC;IAAC,MAAM,CAAC;QACP,gDAAgD;QAChD,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAS,SAAS;IAChB,+DAA+D;IAC/D,oEAAoE;IACpE,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IACjC,IAAI,CAAC;QACH,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;IAChC,CAAC;IAAC,MAAM,CAAC;QACP,mEAAmE;QACnE,kEAAkE;QAClE,4DAA4D;QAC5D,iDAAiD;QACjD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE;YAAE,KAAK,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,GAAG,CAAC,CAAC;IACpF,CAAC;IACD,IAAI,CAAC,GAAG,EAAE,CAAC;IACX,KAAK,MAAM,CAAC,IAAI,KAAK;QAAE,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAC5D,OAAO,CAAC,CAAC;AACX,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,WAAW,CACzB,MAAiE;IAEjE,MAAM,IAAI,GAAG,QAAQ,EAAE,CAAC;IACxB,MAAM,MAAM,GAAG,IAAI,CAAC,CAAC,CAAE,CAAC;IACxB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,MAAM,OAAO,GAAc;QACzB,GAAG,MAAM;QACT,GAAG,EAAE,MAAM,CAAC,GAAG,IAAI,SAAS,EAAE;QAC9B,GAAG,EAAE,GAAG;QACR,GAAG,EAAE,GAAG,GAAG,mBAAmB;KAC/B,CAAC;IACF,MAAM,MAAM,GAAG,EAAE,GAAG,UAAU,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,CAAC;IAClD,MAAM,SAAS,GAAG,eAAe,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IAC1D,MAAM,UAAU,GAAG,eAAe,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;IAC5D,MAAM,YAAY,GAAG,GAAG,SAAS,IAAI,UAAU,EAAE,CAAC;IAClD,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC;IAChF,OAAO,GAAG,YAAY,IAAI,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC;AACnD,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,aAAa,CAC3B,WAAmB,EACnB,IAAwB;IAExB,IAAI,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC;QACvB,IAAI,CAAC,IAAI,EAAE,WAAW,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CACb,qEAAqE;gBACnE,2EAA2E;gBAC3E,uEAAuE;gBACvE,4DAA4D,CAC/D,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,IAAI,EAAE,WAAW,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CACb,qEAAqE;gBACnE,mEAAmE;gBACnE,sEAAsE;gBACtE,2EAA2E,CAC9E,CAAC;QACJ,CAAC;IACH,CAAC;IAED,IAAI,CAAC,WAAW;QAAE,OAAO,IAAI,CAAC;IAC9B,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACrC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACpC,MAAM,CAAC,SAAS,EAAE,UAAU,EAAE,MAAM,CAAC,GAAG,KAAiC,CAAC;IAE1E,IAAI,MAAsC,CAAC;IAC3C,IAAI,MAAiB,CAAC;IACtB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;QAC1E,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAC7E,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,MAAM,CAAC,GAAG,KAAK,OAAO;QAAE,OAAO,IAAI,CAAC;IAExC,MAAM,YAAY,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;IAC7C,MAAM,YAAY,GAAG,GAAG,SAAS,IAAI,UAAU,EAAE,CAAC;IAElD,IAAI,IAAkB,CAAC;IACvB,IAAI,CAAC;QACH,IAAI,GAAG,QAAQ,EAAE,CAAC;IACpB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IAED,yEAAyE;IACzE,MAAM,OAAO,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,MAAM,CAAC,GAAG,CAAC,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAE/H,IAAI,EAAE,GAAG,KAAK,CAAC;IACf,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC;QAChF,IAAI,iBAAiB,CAAC,QAAQ,EAAE,YAAY,CAAC,EAAE,CAAC;YAC9C,EAAE,GAAG,IAAI,CAAC;YACV,MAAM;QACR,CAAC;IACH,CAAC;IACD,IAAI,CAAC,EAAE;QAAE,OAAO,IAAI,CAAC;IAErB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,MAAM,IAAI,GAAG,IAAI,EAAE,YAAY,IAAI,8BAA8B,CAAC;IAElE,0DAA0D;IAC1D,IAAI,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ,IAAI,MAAM,CAAC,GAAG,GAAG,IAAI,GAAG,GAAG;QAAE,OAAO,IAAI,CAAC;IAE3E,8DAA8D;IAC9D,qEAAqE;IACrE,iDAAiD;IACjD,IAAI,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ,IAAI,MAAM,CAAC,GAAG,GAAG,IAAI,GAAG,GAAG;QAAE,OAAO,IAAI,CAAC;IAE3E,sCAAsC;IACtC,IAAI,IAAI,EAAE,WAAW,KAAK,SAAS,EAAE,CAAC;QACpC,IAAI,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ,IAAI,MAAM,CAAC,GAAG,KAAK,IAAI,CAAC,WAAW;YAAE,OAAO,IAAI,CAAC;IACrF,CAAC;IAED,oEAAoE;IACpE,yDAAyD;IACzD,IAAI,IAAI,EAAE,WAAW,KAAK,SAAS,EAAE,CAAC;QACpC,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC;QACvB,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,IAAI,GAAG,KAAK,IAAI,CAAC,WAAW;gBAAE,OAAO,IAAI,CAAC;QAC5C,CAAC;aAAM,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YAC9B,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC;gBAAE,OAAO,IAAI,CAAC;QACnD,CAAC;aAAM,CAAC;YACN,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/types.d.ts

@@ -11,6 +11,32 @@ export interface JwtClaims {
     kind: 'session' | 'session-grant';
     iat: number;
     exp: number;
+    /**
+     * R5.10 / PKG-CONNECT-AUTH-003 (external audit P1-1).
+     *
+     * `iss` (issuer) — the origin / canonical URI of the Connect broker
+     * that minted this session. Verifiers MUST cross-check
+     * `claims.iss === expectedIss` to prevent a cookie minted by a
+     * different broker (or a malicious broker on a sibling origin) from
+     * authenticating against this app.
+     *
+     * `aud` (audience) — the relying app(s) this cookie is valid for.
+     * May be a single origin/URI or an array. Verifiers MUST cross-check
+     * `expectedAud` is in `claims.aud` so a session minted for app A
+     * cannot be replayed at app B even when both share the broker.
+     *
+     * `sid` (session id) — a high-entropy id for this specific session.
+     * Lets the broker revoke a single session (by adding `sid` to a
+     * revocation list) without invalidating all sessions for `sub`.
+     * Auto-generated by `mintSession` when not supplied by the caller.
+     *
+     * `nonce` — optional OIDC-style replay nonce, threaded through from
+     * an upstream authorize request when this cookie carries one.
+     */
+    iss: string;
+    aud: string | string[];
+    sid: string;
+    nonce?: string;
 }
 export interface AuthenticatedUser {
     id: string;

package/dist/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,MAAM,0BAA0B,CAAC;AAE7D,YAAY,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC;AAE7B,MAAM,MAAM,UAAU,GAAG,SAAS,GAAG,MAAM,GAAG,QAAQ,CAAC;AAEvD,MAAM,WAAW,SAAS;IACxB,GAAG,EAAE,MAAM,CAAC;IACZ,aAAa,EAAE,OAAO,GAAG,IAAI,CAAC;IAC9B,mBAAmB,EAAE,OAAO,CAAC;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,GAAG,EAAE,UAAU,CAAC;IAChB,IAAI,EAAE,SAAS,GAAG,eAAe,CAAC;IAClC,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,iBAAiB;IAChC,EAAE,EAAE,MAAM,CAAC;IACX,aAAa,EAAE,OAAO,GAAG,IAAI,CAAC;IAC9B,mBAAmB,EAAE,OAAO,GAAG,IAAI,CAAC;IACpC,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,GAAG,EAAE,UAAU,CAAC;CACjB;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,IAAI,CAAC,EAAE,GAAG,CAAC;CACZ;AAED,MAAM,MAAM,cAAc,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,CAAC,CAAC,CAAC;AAEnF,MAAM,WAAW,MAAM;IACrB,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG;QAAE,GAAG,EAAE,GAAG,CAAA;KAAE,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;IACtD,aAAa,CAAC,IAAI,EAAE;QAClB,MAAM,EAAE,eAAe,CAAC;QACxB,KAAK,EAAE,cAAc,CAAC;QACtB,WAAW,EAAE,MAAM,CAAC;QACpB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KAClC,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;CAClB;AAED,MAAM,WAAW,gBAAgB;IAC/B,iBAAiB,EAAE,GAAG,CAAC;IACvB,cAAc,EAAE,GAAG,CAAC;IACpB,SAAS,EAAE,GAAG,CAAC;CAChB;AAED,MAAM,WAAW,aAAc,SAAQ,MAAM;IAC3C,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,MAAM,CAAC,SAAS,EAAE,GAAG,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;CACnD;AAED,MAAM,WAAW,SAAU,SAAQ,MAAM;CAExC;AAED,MAAM,WAAW,SAAU,SAAQ,MAAM;IACvC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,QAAQ,EAAE,WAAW,GAAG,SAAS,GAAG,SAAS,CAAC;CACxD"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,MAAM,0BAA0B,CAAC;AAE7D,YAAY,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC;AAE7B,MAAM,MAAM,UAAU,GAAG,SAAS,GAAG,MAAM,GAAG,QAAQ,CAAC;AAEvD,MAAM,WAAW,SAAS;IACxB,GAAG,EAAE,MAAM,CAAC;IACZ,aAAa,EAAE,OAAO,GAAG,IAAI,CAAC;IAC9B,mBAAmB,EAAE,OAAO,CAAC;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,GAAG,EAAE,UAAU,CAAC;IAChB,IAAI,EAAE,SAAS,GAAG,eAAe,CAAC;IAClC,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ;;;;;;;;;;;;;;;;;;;;;OAqBG;IACH,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACvB,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,iBAAiB;IAChC,EAAE,EAAE,MAAM,CAAC;IACX,aAAa,EAAE,OAAO,GAAG,IAAI,CAAC;IAC9B,mBAAmB,EAAE,OAAO,GAAG,IAAI,CAAC;IACpC,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,GAAG,EAAE,UAAU,CAAC;CACjB;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,IAAI,CAAC,EAAE,GAAG,CAAC;CACZ;AAED,MAAM,MAAM,cAAc,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,CAAC,CAAC,CAAC;AAEnF,MAAM,WAAW,MAAM;IACrB,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG;QAAE,GAAG,EAAE,GAAG,CAAA;KAAE,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;IACtD,aAAa,CAAC,IAAI,EAAE;QAClB,MAAM,EAAE,eAAe,CAAC;QACxB,KAAK,EAAE,cAAc,CAAC;QACtB,WAAW,EAAE,MAAM,CAAC;QACpB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KAClC,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;CAClB;AAED,MAAM,WAAW,gBAAgB;IAC/B,iBAAiB,EAAE,GAAG,CAAC;IACvB,cAAc,EAAE,GAAG,CAAC;IACpB,SAAS,EAAE,GAAG,CAAC;CAChB;AAED,MAAM,WAAW,aAAc,SAAQ,MAAM;IAC3C,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,MAAM,CAAC,SAAS,EAAE,GAAG,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;CACnD;AAED,MAAM,WAAW,SAAU,SAAQ,MAAM;CAExC;AAED,MAAM,WAAW,SAAU,SAAQ,MAAM;IACvC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,QAAQ,EAAE,WAAW,GAAG,SAAS,GAAG,SAAS,CAAC;CACxD"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agenticprimitives/connect-auth",
-  "version": "0.1.0-alpha.3",
+  "version": "1.0.0-alpha.4",
   "description": "User authentication (passkey + SIWE + Google OAuth), JWT sessions, and pluggable signer interfaces.",
   "license": "MIT",
   "repository": {
@@ -48,7 +48,7 @@
   },
   "peerDependencies": {
     "viem": "^2.50.0",
-    "@agenticprimitives/types": "0.1.0-alpha.3"
+    "@agenticprimitives/types": "1.0.0-alpha.4"
   },
   "devDependencies": {
     "vitest": "^2.1.0"