@aria-cli/tools 1.0.9 → 1.0.11

package/src/network-runtime/node-store-contract.ts

@@ -1,46 +0,0 @@
-import { z } from "zod";
-import {
-  NodeIdSchema,
-  RuntimeIdSchema,
-  RuntimeOwnerRecordSchema,
-  type RuntimeOwnerRecord,
-} from "./address-types.js";
-
-const NonEmptyStringSchema = z.string().trim().min(1);
-const RecordSchema = z.record(z.string(), z.unknown());
-
-export { RuntimeOwnerRecordSchema } from "./address-types.js";
-export type { RuntimeOwnerRecord } from "./address-types.js";
-
-export const RuntimeEventKindSchema = z.enum([
-  "client_attached",
-  "client_detached",
-  "runtime_started",
-  "runtime_stopped",
-  "runtime_stale",
-  "runtime_restarted",
-  "pair_proposed",
-  "proof_committed",
-  "continuity_bound",
-  "revocation_committed",
-  "ingress_accepted",
-  "ingress_rejected",
-  "durable_send_queued",
-  "durable_send_dispatching",
-  "durable_send_acked",
-  "durable_send_expired",
-]);
-export type RuntimeEventKind = z.infer<typeof RuntimeEventKindSchema>;
-
-export const RuntimeEventSchema = z
-  .object({
-    eventId: NonEmptyStringSchema,
-    nodeId: NodeIdSchema,
-    runtimeId: RuntimeIdSchema,
-    kind: RuntimeEventKindSchema,
-    revision: z.number().int().nonnegative().optional(),
-    recordedAt: NonEmptyStringSchema,
-    payload: RecordSchema,
-  })
-  .strict();
-export type RuntimeEvent = z.infer<typeof RuntimeEventSchema>;

package/src/network-runtime/pair-route-contract.ts

@@ -1,97 +0,0 @@
-import { z } from "zod";
-import {
-  ControlEndpointAdvertisementSchema,
-  NodeIdSchema,
-  PrincipalFingerprintSchema,
-  SigningPublicKeySchema,
-  TransportEndpointAdvertisementSchema,
-} from "./address-types.js";
-import { SignedContinuityBindSchema } from "./protocol-schemas.js";
-
-const NonEmptyStringSchema = z.string().trim().min(1);
-
-function toFastifyBodyJsonSchema(schema: z.ZodTypeAny): Record<string, unknown> {
-  const jsonSchema = z.toJSONSchema(schema) as Record<string, unknown>;
-  delete jsonSchema.$schema;
-  return jsonSchema;
-}
-
-export const PairRequestRouteBodySchema = z
-  .object({
-    displayNameSnapshot: NonEmptyStringSchema,
-    nodeId: NodeIdSchema,
-    signingPublicKey: SigningPublicKeySchema,
-    port: z.number().int().min(1).max(65535),
-    ephemeralPublicKey: z.string().max(512),
-    ephemeralKeySignature: z.string().max(512),
-    caCert: z.string().max(4096).optional(),
-    protocolVersion: z.number().min(1).max(100).optional(),
-    wait: z.boolean().optional(),
-  })
-  .strict();
-export type PairRequestRouteBody = z.infer<typeof PairRequestRouteBodySchema>;
-export const PairRequestRouteBodyJsonSchema = toFastifyBodyJsonSchema(PairRequestRouteBodySchema);
-
-export const AcceptInviteRequestSchema = z
-  .object({
-    inviteToken: NonEmptyStringSchema,
-    nodeId: NodeIdSchema,
-    displayNameSnapshot: NonEmptyStringSchema.optional(),
-    transportEndpoint: TransportEndpointAdvertisementSchema,
-    controlEndpoint: ControlEndpointAdvertisementSchema,
-    continuity: SignedContinuityBindSchema.optional(),
-  })
-  .strict();
-export type AcceptInviteRequest = z.infer<typeof AcceptInviteRequestSchema>;
-export const AcceptInviteRequestBodyJsonSchema = toFastifyBodyJsonSchema(AcceptInviteRequestSchema);
-
-export const PairRelayRouteBodySchema = z
-  .object({
-    targetNodeId: NodeIdSchema,
-    displayNameSnapshot: NonEmptyStringSchema,
-    nodeId: NodeIdSchema,
-    signingPublicKey: SigningPublicKeySchema,
-    port: z.number().int().min(1).max(65535),
-    ephemeralPublicKey: z.string().max(512),
-    ephemeralKeySignature: z.string().max(512),
-    caCert: z.string().max(4096).optional(),
-  })
-  .strict();
-export type PairRelayRouteBody = z.infer<typeof PairRelayRouteBodySchema>;
-export const PairRelayRouteBodyJsonSchema = toFastifyBodyJsonSchema(PairRelayRouteBodySchema);
-
-export const RelayPendingQuerySchema = z
-  .object({
-    targetNodeId: NodeIdSchema,
-    signingPublicKey: SigningPublicKeySchema,
-    signature: NonEmptyStringSchema.max(512),
-    timestamp: NonEmptyStringSchema.max(20),
-  })
-  .strict();
-export type RelayPendingQuery = z.infer<typeof RelayPendingQuerySchema>;
-export const RelayPendingQueryJsonSchema = toFastifyBodyJsonSchema(RelayPendingQuerySchema);
-
-export const RelayPendingRequestSchema = z
-  .object({
-    id: NonEmptyStringSchema,
-    nodeId: NodeIdSchema,
-    displayNameSnapshot: NonEmptyStringSchema.optional(),
-    principalFingerprint: PrincipalFingerprintSchema,
-    signingPublicKey: SigningPublicKeySchema,
-    port: z.number().int().min(1).max(65535),
-    ingressHost: NonEmptyStringSchema,
-    responderControlHostHint: NonEmptyStringSchema.optional(),
-    ephemeralPublicKey: z.string().max(512).optional(),
-    ephemeralKeySignature: z.string().max(512).optional(),
-    caCert: z.string().max(4096).optional(),
-    expiresAt: z.number().int().nonnegative(),
-  })
-  .strict();
-export type RelayPendingRequest = z.infer<typeof RelayPendingRequestSchema>;
-
-export const RelayPendingResponseSchema = z
-  .object({
-    requests: RelayPendingRequestSchema.array(),
-  })
-  .strict();
-export type RelayPendingResponse = z.infer<typeof RelayPendingResponseSchema>;

package/src/network-runtime/peer-capabilities.ts

@@ -1,48 +0,0 @@
-import type { PeerIdentityState, PeerTransportState } from "./peer-state-machine.js";
-
-export function canRecordPendingPair(identityState: PeerIdentityState): boolean {
-  return identityState === "invited" || identityState === "joining";
-}
-
-export function canCommitVerifiedPair(
-  identityState: PeerIdentityState,
-  proof: { proofValid: boolean },
-): boolean {
-  return identityState === "paired_unverified" && proof.proofValid;
-}
-
-export function canRefreshEndpoint(identityState: PeerIdentityState): boolean {
-  return (
-    identityState === "joining" ||
-    identityState === "paired_unverified" ||
-    identityState === "verified"
-  );
-}
-
-export function canHeartbeat(identityState: PeerIdentityState): boolean {
-  return identityState === "paired_unverified" || identityState === "verified";
-}
-
-export function canAttemptBestEffortTransport(
-  identityState: PeerIdentityState,
-  transportState: PeerTransportState,
-): boolean {
-  if (identityState === "revoked") return false;
-  return (
-    transportState === "endpoint_known" ||
-    transportState === "connecting" ||
-    transportState === "connected" ||
-    transportState === "degraded"
-  );
-}
-
-export function canAttemptDurableDelivery(
-  identityState: PeerIdentityState,
-  transportState: PeerTransportState,
-): boolean {
-  return identityState === "verified" && transportState === "connected";
-}
-
-export function canMutateTrustedState(identityState: PeerIdentityState): boolean {
-  return identityState === "verified";
-}

package/src/network-runtime/peer-principal-ref.ts

@@ -1,20 +0,0 @@
-import { z } from "zod";
-import {
-  BindingGenerationSchema,
-  NodeIdSchema,
-  PrincipalFingerprintSchema,
-  PeerTransportIdSchema,
-} from "./address-types.js";
-
-const NonEmptyStringSchema = z.string().trim().min(1);
-
-export const NodePrincipalBindingRefSchema = z
-  .object({
-    nodeId: NodeIdSchema,
-    principalFingerprint: PrincipalFingerprintSchema,
-    transportPublicKey: PeerTransportIdSchema,
-    bindingGeneration: BindingGenerationSchema,
-    displayNameSnapshot: NonEmptyStringSchema.optional(),
-  })
-  .strict();
-export type NodePrincipalBindingRef = z.infer<typeof NodePrincipalBindingRefSchema>;

package/src/network-runtime/peer-state-machine.ts

@@ -1,160 +0,0 @@
-import { z } from "zod";
-
-export const LegacyPeerRegistryStatusSchema = z.enum([
-  "active",
-  "pending",
-  "pending_tunnel",
-  "pending_verification",
-  "revoked",
-]);
-export type LegacyPeerRegistryStatus = z.infer<typeof LegacyPeerRegistryStatusSchema>;
-
-export const PeerIdentityStateSchema = z.enum([
-  "invited",
-  "joining",
-  "paired_unverified",
-  "verified",
-  "revoked",
-]);
-export type PeerIdentityState = z.infer<typeof PeerIdentityStateSchema>;
-
-export const PeerTransportStateSchema = z.enum([
-  "unknown",
-  "endpoint_known",
-  "connecting",
-  "connected",
-  "degraded",
-  "disconnected",
-]);
-export type PeerTransportState = z.infer<typeof PeerTransportStateSchema>;
-
-export const PeerMutationKindSchema = z.enum(["repair", "continuity", "revocation"]);
-export type PeerMutationKind = z.infer<typeof PeerMutationKindSchema>;
-
-export const LegacyPeerRuntimeShapeSchema = z.object({
-  status: LegacyPeerRegistryStatusSchema,
-  endpointHost: z.string().nullable().optional(),
-  endpointPort: z.number().int().nullable().optional(),
-  lastHandshake: z.number().int().nullable().optional(),
-});
-export type LegacyPeerRuntimeShape = z.infer<typeof LegacyPeerRuntimeShapeSchema>;
-
-const VALID_TRANSPORT_BY_IDENTITY: Record<PeerIdentityState, readonly PeerTransportState[]> = {
-  invited: ["unknown", "endpoint_known"],
-  joining: ["unknown", "endpoint_known", "connecting"],
-  paired_unverified: [
-    "unknown",
-    "endpoint_known",
-    "connecting",
-    "connected",
-    "degraded",
-    "disconnected",
-  ],
-  verified: ["unknown", "endpoint_known", "connecting", "connected", "degraded", "disconnected"],
-  revoked: ["unknown", "disconnected"],
-};
-
-export function isValidPeerStateCombination(
-  identityState: PeerIdentityState,
-  transportState: PeerTransportState,
-): boolean {
-  return VALID_TRANSPORT_BY_IDENTITY[identityState].includes(transportState);
-}
-
-export const PeerStateSnapshotSchema = z
-  .object({
-    identityState: PeerIdentityStateSchema,
-    transportState: PeerTransportStateSchema,
-  })
-  .superRefine((value, ctx) => {
-    if (!isValidPeerStateCombination(value.identityState, value.transportState)) {
-      ctx.addIssue({
-        code: z.ZodIssueCode.custom,
-        message: `invalid peer state combination: ${value.identityState}/${value.transportState}`,
-      });
-    }
-  });
-export type PeerStateSnapshot = z.infer<typeof PeerStateSnapshotSchema>;
-
-export function derivePeerStateFromLegacyStatus(input: LegacyPeerRuntimeShape): PeerStateSnapshot {
-  const legacy = LegacyPeerRuntimeShapeSchema.parse(input);
-  const hasEndpoint = Boolean(legacy.endpointHost && legacy.endpointPort);
-  const hasHandshake =
-    typeof legacy.lastHandshake === "number" &&
-    Number.isFinite(legacy.lastHandshake) &&
-    legacy.lastHandshake > 0;
-
-  const identityState: PeerIdentityState =
-    legacy.status === "pending"
-      ? "invited"
-      : legacy.status === "revoked"
-        ? "revoked"
-        : legacy.status === "active"
-          ? "verified"
-          : "paired_unverified";
-
-  const transportState: PeerTransportState = (() => {
-    switch (legacy.status) {
-      case "active":
-        return hasHandshake ? "connected" : hasEndpoint ? "endpoint_known" : "disconnected";
-      case "pending_tunnel":
-        return hasHandshake ? "connected" : hasEndpoint ? "connecting" : "unknown";
-      case "pending_verification":
-        return hasHandshake ? "connected" : hasEndpoint ? "endpoint_known" : "unknown";
-      case "pending":
-        return hasEndpoint ? "endpoint_known" : "unknown";
-      case "revoked":
-        return hasEndpoint ? "disconnected" : "unknown";
-    }
-  })();
-
-  return PeerStateSnapshotSchema.parse({ identityState, transportState });
-}
-
-const IDENTITY_TRANSITIONS: Record<PeerIdentityState, readonly PeerIdentityState[]> = {
-  invited: ["invited", "joining", "revoked"],
-  joining: ["joining", "paired_unverified", "revoked"],
-  paired_unverified: ["paired_unverified", "verified", "revoked"],
-  verified: ["verified", "revoked"],
-  revoked: ["revoked"],
-};
-
-export function isValidPeerIdentityTransition(
-  from: PeerIdentityState,
-  to: PeerIdentityState,
-  options: { viaContinuity?: boolean } = {},
-): boolean {
-  if (from === "verified" && to === "paired_unverified") {
-    return options.viaContinuity === true;
-  }
-  return IDENTITY_TRANSITIONS[from].includes(to);
-}
-
-const TRANSPORT_TRANSITIONS: Record<PeerTransportState, readonly PeerTransportState[]> = {
-  unknown: ["unknown", "endpoint_known"],
-  endpoint_known: ["endpoint_known", "connecting", "disconnected"],
-  connecting: ["connecting", "connected", "endpoint_known", "disconnected"],
-  connected: ["connected", "degraded", "disconnected"],
-  degraded: ["degraded", "connected", "disconnected"],
-  disconnected: ["disconnected", "endpoint_known"],
-};
-
-export function isValidPeerTransportTransition(
-  from: PeerTransportState,
-  to: PeerTransportState,
-): boolean {
-  return TRANSPORT_TRANSITIONS[from].includes(to);
-}
-
-const MUTATION_PRECEDENCE: Record<PeerMutationKind, number> = {
-  repair: 0,
-  continuity: 1,
-  revocation: 2,
-};
-
-export function comparePeerMutationPrecedence(
-  left: PeerMutationKind,
-  right: PeerMutationKind,
-): number {
-  return MUTATION_PRECEDENCE[left] - MUTATION_PRECEDENCE[right];
-}

package/src/network-runtime/protocol-schemas.ts

@@ -1,265 +0,0 @@
-import { z } from "zod";
-import {
-  BindingGenerationSchema,
-  ControlEndpointAdvertisementSchema,
-  EndpointRevisionSchema,
-  NodeAdvertisementSchema,
-  NodeIdSchema,
-  PeerTransportIdSchema,
-  PublicationRevisionSchema,
-  PrincipalFingerprintSchema,
-  RevocationGenerationSchema,
-  SigningPublicKeySchema,
-  TransportEndpointAdvertisementSchema,
-} from "./address-types.js";
-export {
-  RuntimeEventKindSchema,
-  RuntimeEventSchema,
-  type RuntimeEventKind,
-  type RuntimeEvent,
-} from "./node-store-contract.js";
-import { NodePrincipalBindingRefSchema } from "./peer-principal-ref.js";
-
-const NonEmptyStringSchema = z.string().trim().min(1);
-// Signed transport invite tokens must preserve PEM bytes verbatim; trimming
-// a trailing newline changes the signed payload and breaks verification.
-const NonBlankVerbatimStringSchema = z
-  .string()
-  .min(1)
-  .refine((value) => value.trim().length > 0);
-const RecordSchema = z.record(z.string(), z.unknown());
-
-function toFastifyBodyJsonSchema(schema: z.ZodTypeAny): Record<string, unknown> {
-  const jsonSchema = z.toJSONSchema(schema) as Record<string, unknown>;
-  delete jsonSchema.$schema;
-  return jsonSchema;
-}
-
-export const NETWORK_RUNTIME_PROTOCOL_VERSION = 1 as const;
-export const NetworkRuntimeProtocolVersionSchema = z.literal(NETWORK_RUNTIME_PROTOCOL_VERSION);
-export type NetworkRuntimeProtocolVersion = z.infer<typeof NetworkRuntimeProtocolVersionSchema>;
-
-export function isSupportedNetworkRuntimeProtocolVersion(
-  version: number | undefined,
-): version is NetworkRuntimeProtocolVersion {
-  return version === NETWORK_RUNTIME_PROTOCOL_VERSION;
-}
-
-export function assertSupportedNetworkRuntimeProtocolVersion(
-  version: number | undefined,
-  context = "network runtime",
-): NetworkRuntimeProtocolVersion {
-  if (!isSupportedNetworkRuntimeProtocolVersion(version)) {
-    throw new Error(
-      `Unsupported ${context} protocol version ${String(version)}. Supported: ${NETWORK_RUNTIME_PROTOCOL_VERSION}`,
-    );
-  }
-  return version;
-}
-
-/**
- * Shared delivery-ack wire contract.
- * Durable settlement is keyed by stable peer identity, not display-name strings.
- */
-export const DeliveryAckSchema = z
-  .object({
-    protocolVersion: NetworkRuntimeProtocolVersionSchema,
-    messageId: NonEmptyStringSchema,
-    senderNodeId: NodeIdSchema,
-    recipientNodeId: NodeIdSchema,
-    storedAt: z.number().int().nonnegative(),
-  })
-  .strict();
-export type DeliveryAck = z.infer<typeof DeliveryAckSchema>;
-
-export const TransportInviteTokenSchema = z
-  .object({
-    nodeId: NodeIdSchema,
-    audienceNodeId: NodeIdSchema.optional(),
-    publicKey: PeerTransportIdSchema,
-    leaderDisplayNameSnapshot: NonEmptyStringSchema.optional(),
-    host: NonEmptyStringSchema,
-    port: z.number().int().min(1).max(65535),
-    controlEndpoint: ControlEndpointAdvertisementSchema.optional(),
-    psk: NonEmptyStringSchema,
-    displayNameSnapshot: NonEmptyStringSchema.optional(),
-    signingPublicKey: SigningPublicKeySchema.optional(),
-    caCert: NonBlankVerbatimStringSchema.optional(),
-    createdAt: z.number().int().nonnegative(),
-    expiresAt: z.number().int().nonnegative(),
-    tokenNonce: NonEmptyStringSchema,
-    coordinationUrl: NonEmptyStringSchema.optional(),
-    networkId: NonEmptyStringSchema.optional(),
-  })
-  .strict();
-export type TransportInviteToken = z.infer<typeof TransportInviteTokenSchema>;
-
-export const JoinRequestSchema = z
-  .object({
-    protocolVersion: NetworkRuntimeProtocolVersionSchema,
-    nodeId: NodeIdSchema,
-    principalFingerprint: PrincipalFingerprintSchema,
-    peerPublicKey: PeerTransportIdSchema,
-    signingPublicKey: SigningPublicKeySchema,
-    transportEndpoint: TransportEndpointAdvertisementSchema,
-    controlEndpoint: ControlEndpointAdvertisementSchema.optional(),
-    displayNameSnapshot: NonEmptyStringSchema.optional(),
-    inviteTokenNonce: NonEmptyStringSchema,
-  })
-  .strict();
-export type JoinRequest = z.infer<typeof JoinRequestSchema>;
-
-export const JoinRouteBodySchema = JoinRequestSchema.extend({
-  proofOfWork: NonEmptyStringSchema,
-}).strict();
-export type JoinRouteBody = z.infer<typeof JoinRouteBodySchema>;
-export const JoinRouteBodyJsonSchema = toFastifyBodyJsonSchema(JoinRouteBodySchema);
-
-export const RuntimeIngressEnvelopeSchema = z.union([
-  z
-    .object({
-      protocolVersion: NetworkRuntimeProtocolVersionSchema,
-      deliveryAck: DeliveryAckSchema,
-    })
-    .strict(),
-  z
-    .object({
-      protocolVersion: NetworkRuntimeProtocolVersionSchema,
-      ariaMessage: z.unknown(),
-    })
-    .strict(),
-  z
-    .object({
-      protocolVersion: NetworkRuntimeProtocolVersionSchema,
-      joinRequest: JoinRequestSchema,
-    })
-    .strict(),
-]);
-export type RuntimeIngressEnvelope = z.infer<typeof RuntimeIngressEnvelopeSchema>;
-
-export const RuntimeNodeAdvertisementSchema = NodeAdvertisementSchema.extend({
-  protocolVersion: NetworkRuntimeProtocolVersionSchema,
-  publicationRevision: PublicationRevisionSchema,
-  signingPublicKey: SigningPublicKeySchema,
-  transportEndpoint: TransportEndpointAdvertisementSchema,
-  advertisedHosts: z.array(NonEmptyStringSchema).min(1).optional(),
-}).strict();
-export type RuntimeNodeAdvertisement = z.infer<typeof RuntimeNodeAdvertisementSchema>;
-
-export const RuntimeDiscoveryAdvertisementSchema = z
-  .object({
-    protocolVersion: NetworkRuntimeProtocolVersionSchema,
-    nodeId: NodeIdSchema,
-    displayNameSnapshot: NonEmptyStringSchema,
-    principalFingerprint: PrincipalFingerprintSchema,
-    controlPort: z.number().int().min(1).max(65535),
-    advertisedHosts: z.array(NonEmptyStringSchema).min(1),
-    tlsCaFingerprint: z.string().trim().min(1).optional(),
-  })
-  .strict();
-export type RuntimeDiscoveryAdvertisement = z.infer<typeof RuntimeDiscoveryAdvertisementSchema>;
-
-export const RuntimeRegisterRequestSchema = z
-  .object({
-    protocolVersion: NetworkRuntimeProtocolVersionSchema,
-    nodeId: NodeIdSchema,
-    transportPublicKey: PeerTransportIdSchema,
-    principalFingerprint: PrincipalFingerprintSchema,
-    endpointRevision: EndpointRevisionSchema,
-    controlEndpoint: ControlEndpointAdvertisementSchema.optional(),
-    displayNameSnapshot: NonEmptyStringSchema.optional(),
-  })
-  .strict();
-export type RuntimeRegisterRequest = z.infer<typeof RuntimeRegisterRequestSchema>;
-
-export const PairProposalSchema = z
-  .object({
-    protocolVersion: NetworkRuntimeProtocolVersionSchema,
-    nodeId: NodeIdSchema,
-    principalFingerprint: PrincipalFingerprintSchema,
-    transportPublicKey: PeerTransportIdSchema,
-    controlEndpoint: ControlEndpointAdvertisementSchema.optional(),
-    displayNameSnapshot: NonEmptyStringSchema.optional(),
-    presharedKey: NonEmptyStringSchema,
-  })
-  .strict();
-export type PairProposal = z.infer<typeof PairProposalSchema>;
-
-/**
- * Canonical statement of a continuity bind transition.
- * This is the byte-exact payload that both parties sign.
- */
-export const ContinuityStatementSchema = z
-  .object({
-    nodeId: NodeIdSchema,
-    previousPrincipalFingerprint: PrincipalFingerprintSchema,
-    newPrincipalFingerprint: PrincipalFingerprintSchema,
-    newTransportPublicKey: PeerTransportIdSchema.optional(),
-    bindingGeneration: BindingGenerationSchema,
-    revocationGeneration: RevocationGenerationSchema.optional(),
-    createdAt: NonEmptyStringSchema,
-  })
-  .strict();
-export type ContinuityStatement = z.infer<typeof ContinuityStatementSchema>;
-
-/**
- * Dual-signed continuity bind: delegation (previous principal) + acceptance
- * (new principal). Both public keys are included for independent verification.
- */
-export const SignedContinuityBindSchema = z
-  .object({
-    statement: ContinuityStatementSchema,
-    delegationSignature: NonEmptyStringSchema,
-    acceptanceSignature: NonEmptyStringSchema,
-    previousPublicKey: NonEmptyStringSchema,
-    newPublicKey: NonEmptyStringSchema,
-  })
-  .strict();
-export type SignedContinuityBind = z.infer<typeof SignedContinuityBindSchema>;
-
-export const MutationOperationSchema = z.enum([
-  "network.register",
-  "network.revoke",
-  "network.list_peers",
-  "pair.direct",
-  "pair.relay",
-  "pair.relay_response",
-  "peer.update_capabilities",
-  "peer.update_trust_tier",
-]);
-export type MutationOperation = z.infer<typeof MutationOperationSchema>;
-
-export const MutationEnvelopeSchema = z
-  .object({
-    version: NetworkRuntimeProtocolVersionSchema,
-    id: NonEmptyStringSchema,
-    operation: MutationOperationSchema,
-    principal: NodePrincipalBindingRefSchema,
-    target: NodePrincipalBindingRefSchema,
-    namespace: NonEmptyStringSchema,
-    policyEpoch: z.number().int().nonnegative(),
-    nonce: NonEmptyStringSchema,
-    timestamp: z.number().int().nonnegative(),
-    ttl: z.number().int().positive(),
-    contextHash: NonEmptyStringSchema,
-    payload: RecordSchema,
-    signature: NonEmptyStringSchema,
-    method: NonEmptyStringSchema.optional(),
-    path: NonEmptyStringSchema.optional(),
-    metadata: RecordSchema.optional(),
-    reason: NonEmptyStringSchema.optional(),
-    parentEnvelopeId: NonEmptyStringSchema.optional(),
-  })
-  .strict();
-export type MutationEnvelope = z.infer<typeof MutationEnvelopeSchema>;
-
-export const NetworkRouteRevokeRequestSchema = z
-  .object({
-    nodeId: NodeIdSchema,
-    envelope: MutationEnvelopeSchema,
-  })
-  .strict();
-export type NetworkRouteRevokeRequest = z.infer<typeof NetworkRouteRevokeRequestSchema>;
-export const NetworkRouteRevokeRequestJsonSchema = toFastifyBodyJsonSchema(
-  NetworkRouteRevokeRequestSchema,
-);