@atrib/verify 0.3.6 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +85 -4
- package/dist/ap2-vi-evidence.d.ts +141 -0
- package/dist/ap2-vi-evidence.d.ts.map +1 -0
- package/dist/ap2-vi-evidence.js +1244 -0
- package/dist/ap2-vi-evidence.js.map +1 -0
- package/dist/index.d.ts +5 -3
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +5 -5
- package/dist/index.js.map +1 -1
- package/dist/types.d.ts +58 -3
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js +1 -1
- package/dist/types.js.map +1 -1
- package/dist/verifier.d.ts +14 -1
- package/dist/verifier.d.ts.map +1 -1
- package/dist/verifier.js +29 -1
- package/dist/verifier.js.map +1 -1
- package/dist/verify-record.d.ts +22 -2
- package/dist/verify-record.d.ts.map +1 -1
- package/dist/verify-record.js +60 -13
- package/dist/verify-record.js.map +1 -1
- package/package.json +7 -4
package/README.md
CHANGED
|
@@ -65,11 +65,11 @@ Per the [§5.8](https://github.com/creatornader/atrib/blob/main/atrib-spec.md#58
|
|
|
65
65
|
| `resolveEndpoint` | `string` | `https://resolve.atrib.dev/v1` | Reserved for v2 remote calculation. |
|
|
66
66
|
| `merchantKey` | `string` | unset | Base64url Ed25519 32-byte seed. Optional. `verify()` works without it. |
|
|
67
67
|
|
|
68
|
-
### `verify(doc): Promise<VerificationResult>`
|
|
68
|
+
### `verify(doc, options): Promise<VerificationResult>`
|
|
69
69
|
|
|
70
70
|
Independently re-runs the [§4.6](https://github.com/creatornader/atrib/blob/main/atrib-spec.md#46-the-calculation-algorithm) calculation and verifies the document signature. Always returns a result object; never throws. Inspect `valid`, `signatureOk`, `calcMatch`, and `warnings` to understand the outcome.
|
|
71
71
|
|
|
72
|
-
This method operates on `RecommendationDocument` shapes (settlement-recommendation flow per spec [§5.5.2](https://github.com/creatornader/atrib/blob/main/atrib-spec.md#552-verify)). For verifying individual `AtribRecord`s, see `verifyRecord` below.
|
|
72
|
+
This method operates on `RecommendationDocument` shapes (settlement-recommendation flow per spec [§5.5.2](https://github.com/creatornader/atrib/blob/main/atrib-spec.md#552-verify)). When the caller supplies `ap2ViEvidence`, the verifier attaches the async AP2 / VI result as `ap2_vi_evidence`. That block is tiered and does not change the base recommendation signature or calculation checks. For verifying individual `AtribRecord`s, see `verifyRecord` below.
|
|
73
73
|
|
|
74
74
|
### `verifyRecord(record, options): Promise<RecordVerificationResult>`
|
|
75
75
|
|
|
@@ -82,6 +82,8 @@ const result = await verifyRecord(record, {
|
|
|
82
82
|
upstreamCandidate, // optional, for provenance_token resolution
|
|
83
83
|
informedByCandidates: [], // optional, for informed_by[] resolution
|
|
84
84
|
identityClaim, // optional, for capability_check (caller does directory lookup)
|
|
85
|
+
ap2ViEvidence, // optional, transaction-only AP2 / VI evidence bundle
|
|
86
|
+
ap2ViEvidenceOptions, // optional, passed to verifyAp2ViEvidenceAsync()
|
|
85
87
|
})
|
|
86
88
|
// result: {
|
|
87
89
|
// valid: boolean
|
|
@@ -90,6 +92,7 @@ const result = await verifyRecord(record, {
|
|
|
90
92
|
// provenance?: { token, upstream_record_hash, upstream_resolved }
|
|
91
93
|
// informed_by_resolution?: { resolved: string[], dangling: string[] }
|
|
92
94
|
// capability_check?: { envelope, in_envelope, mismatches, unresolvable }
|
|
95
|
+
// ap2_vi_evidence?: Ap2ViEvidenceVerification
|
|
93
96
|
// warnings: string[]
|
|
94
97
|
// }
|
|
95
98
|
```
|
|
@@ -100,7 +103,8 @@ const result = await verifyRecord(record, {
|
|
|
100
103
|
- `informed_by_resolution`: `{ resolved: string[], dangling: string[] }` per record carrying `informed_by` ([D041](https://github.com/creatornader/atrib/blob/main/DECISIONS.md#d041-informed_by-linking-primitive-and-informed_by-edge-type) / [§1.2.5](https://github.com/creatornader/atrib/blob/main/atrib-spec.md#125-informed_by)). Dangling references are flagged but do not fail verification: they signal "the verifier has not seen upstream context," not "the record is invalid."
|
|
101
104
|
- `posture`: `{ timestamp_granularity, timestamp_consistent, timestamp_granularity_explicit, args_commitment_form, result_commitment_form, tool_name_form }` ([D045](https://github.com/creatornader/atrib/blob/main/DECISIONS.md#d045-privacy-postures-normative-spec-section) / [D061](https://github.com/creatornader/atrib/blob/main/DECISIONS.md#d061-add-tool_name-args_hash-result_hash-fields-to-§121) / [§8.2](https://github.com/creatornader/atrib/blob/main/atrib-spec.md#82-opaque-name-posture) / [§8.3](https://github.com/creatornader/atrib/blob/main/atrib-spec.md#83-salted-commitment-posture) / [§8.4](https://github.com/creatornader/atrib/blob/main/atrib-spec.md#84-coarsened-timing-posture)). Always populated. Surfaces (a) the declared timing granularity, whether the timestamp value structurally matches the spec's trailing-zero invariant, and whether the field was explicitly set vs defaulted; (b) the structurally-detected `args_hash` / `result_hash` commitment scheme: `'salted-sha256'` when `args_salt` / `result_salt` is present, `'plain-sha256'` otherwise (the `'hmac-sha256'` variant from [§8.3](https://github.com/creatornader/atrib/blob/main/atrib-spec.md#83-salted-commitment-posture) is signaled out-of-band and is not structurally detectable); and (c) the [§8.2](https://github.com/creatornader/atrib/blob/main/atrib-spec.md#82-opaque-name-posture) `tool_name_form`: `'hashed'` when `tool_name` matches `^sha256:[0-9a-f]{64}$`, `'plain'` for any other present value, `null` when the field is absent. Per [D061](https://github.com/creatornader/atrib/blob/main/DECISIONS.md#d061-add-tool_name-args_hash-result_hash-fields-to-121) the [§8.2](https://github.com/creatornader/atrib/blob/main/atrib-spec.md#82-opaque-name-posture) verbatim-vs-opaque distinction is NOT structurally detectable, both surface as `'plain'`.
|
|
102
105
|
- `capability_check`: `{ envelope, in_envelope, mismatches, unresolvable }` ([D051](https://github.com/creatornader/atrib/blob/main/DECISIONS.md#d051-capability-scoped-records-via-directory-published-envelopes) / [§6.7](https://github.com/creatornader/atrib/blob/main/atrib-spec.md#67-capability-declarations)). Populated only when the caller passes a resolved `identityClaim` in options. Checks the record's `event_type` against the envelope's `event_types` allowlist and the record's `timestamp` against `expires_at`. `tool_names` (against tool_call records), `max_amount`, and `counterparties` (against transaction records) flag `unresolvable: true` because the constraints depend on data not yet on the standard record shape (`tool_name`) or out-of-band protocol events (payment amount + counterparty). Per [§6.7.3](https://github.com/creatornader/atrib/blob/main/atrib-spec.md#673-out-of-envelope-records) out-of-envelope is a signal, not invalidation: mismatches do not flip `valid` to false. The caller is responsible for fetching the active envelope at the record's timestamp via `@atrib/directory`'s `lookup()` (or a cached equivalent); `@atrib/verify` intentionally has no `@atrib/directory` dependency.
|
|
103
|
-
- `cross_attestation`: `{ signers_count, signers_valid, missing }` ([D052](https://github.com/creatornader/atrib/blob/main/DECISIONS.md#d052-cross-attestation-requirement-for-transaction-records) / [§1.7.6](https://github.com/creatornader/atrib/blob/main/atrib-spec.md#176-cross-attestation-requirement-for-transaction-records)). Populated only on transaction records (`event_type = transaction`). Each entry in `signers[]` is verified against the cross-attestation canonical bytes (JCS form with `signers: []` and the top-level `signature` field omitted, per [§1.7.6](https://github.com/creatornader/atrib/blob/main/atrib-spec.md#176-cross-attestation-requirement-for-transaction-records)). `missing: true` when fewer than 2 signers verify, atrib's normative minimum. Per [§1.7.6](https://github.com/creatornader/atrib/blob/main/atrib-spec.md#176-cross-attestation-requirement-for-transaction-records) missing is a
|
|
106
|
+
- `cross_attestation`: `{ signers_count, signers_valid, missing }` ([D052](https://github.com/creatornader/atrib/blob/main/DECISIONS.md#d052-cross-attestation-requirement-for-transaction-records) / [§1.7.6](https://github.com/creatornader/atrib/blob/main/atrib-spec.md#176-cross-attestation-requirement-for-transaction-records)). Populated only on transaction records (`event_type = transaction`). Each entry in `signers[]` is verified against the cross-attestation canonical bytes (JCS form with `signers: []` and the top-level `signature` field omitted, per [§1.7.6](https://github.com/creatornader/atrib/blob/main/atrib-spec.md#176-cross-attestation-requirement-for-transaction-records)). `signatureOk` requires a valid signer entry whose `creator_key` matches the record's top-level `creator_key`; unrelated counterparty signers do not validate the record on behalf of its creator. `missing: true` when fewer than 2 signers verify, atrib's normative minimum. Per [§1.7.6](https://github.com/creatornader/atrib/blob/main/atrib-spec.md#176-cross-attestation-requirement-for-transaction-records) missing is a signal, not invalidation: `valid` stays true if the underlying signature path holds. Agent-side Path 2 fallback records usually surface as `signers_count: 1, missing: true` until a counterparty signs the same bytes. Legacy single-signer transaction records (no `signers[]` array, only top-level `signature`) surface as `signers_count: 0, missing: true` so consumers can flag them while accepting the cryptographic validity.
|
|
107
|
+
- `ap2_vi_evidence`: the async AP2 / VI verifier result ([D094](https://github.com/creatornader/atrib/blob/main/DECISIONS.md#d094-ap2--vi-evidence-attaches-to-verifier-results-as-a-tiered-block) / [§5.5.4](https://github.com/creatornader/atrib/blob/main/atrib-spec.md#554-ap2--verifiable-intent-evidence-checks)). Populated only when the caller passes `ap2ViEvidence` for a transaction record. It does not alter `valid`, `signatureOk`, or `cross_attestation`; consumers inspect `ap2_vi_evidence.valid` for AP2 authorization evidence.
|
|
104
108
|
|
|
105
109
|
**Pending per-record annotations** (tracked as a Pending decision in [DECISIONS.md P005](https://github.com/creatornader/atrib/blob/main/DECISIONS.md#p005-reconcile-atribverify-readme-per-record-annotations-with-actual-code-surface)):
|
|
106
110
|
|
|
@@ -109,6 +113,79 @@ const result = await verifyRecord(record, {
|
|
|
109
113
|
|
|
110
114
|
Each pending annotation is its own ADR scope when external consumers need it.
|
|
111
115
|
|
|
116
|
+
### `verifyAp2ViEvidence(...)` and `verifyAp2ViEvidenceAsync(...)`
|
|
117
|
+
|
|
118
|
+
AP2 / Verifiable Intent evidence checking for merchants and auditors. This runs outside the transaction detector path. It does not alter the graph, the settlement calculation, or record validity. It answers a narrower question: did the AP2 receipts and VI mandate chain form a coherent evidence bundle?
|
|
119
|
+
|
|
120
|
+
```typescript
|
|
121
|
+
import { verifyAp2ViEvidence, verifyAp2ViEvidenceAsync } from '@atrib/verify'
|
|
122
|
+
|
|
123
|
+
const result = verifyAp2ViEvidence({
|
|
124
|
+
trustedIssuerKeys: [issuerJwk],
|
|
125
|
+
ap2: {
|
|
126
|
+
paymentReceipt,
|
|
127
|
+
checkoutReceipt,
|
|
128
|
+
closedPaymentMandate,
|
|
129
|
+
closedCheckoutMandate,
|
|
130
|
+
},
|
|
131
|
+
vi: {
|
|
132
|
+
credentials: [
|
|
133
|
+
{ layer: 'L1', sdJwt: issuerCredential },
|
|
134
|
+
{ layer: 'L2', sdJwt: userMandate },
|
|
135
|
+
{ layer: 'L3_PAYMENT', sdJwt: agentPaymentMandate, parentPresentation },
|
|
136
|
+
{ layer: 'L3_CHECKOUT', sdJwt: agentCheckoutMandate, parentPresentation },
|
|
137
|
+
],
|
|
138
|
+
},
|
|
139
|
+
})
|
|
140
|
+
```
|
|
141
|
+
|
|
142
|
+
Use the async verifier when AP2 receipts arrive as compact signed JWTs:
|
|
143
|
+
|
|
144
|
+
```typescript
|
|
145
|
+
const result = await verifyAp2ViEvidenceAsync(
|
|
146
|
+
{
|
|
147
|
+
receiptJwtIssuers: [
|
|
148
|
+
{
|
|
149
|
+
issuer: 'https://verifier.example',
|
|
150
|
+
audience: 'merchant:checkout',
|
|
151
|
+
metadataUrl: 'https://verifier.example/.well-known/ap2',
|
|
152
|
+
},
|
|
153
|
+
],
|
|
154
|
+
ap2: {
|
|
155
|
+
paymentReceiptJwt,
|
|
156
|
+
closedPaymentMandate,
|
|
157
|
+
},
|
|
158
|
+
},
|
|
159
|
+
{ receiptJwtPolicy: 'require' },
|
|
160
|
+
)
|
|
161
|
+
```
|
|
162
|
+
|
|
163
|
+
Checks performed when evidence is present:
|
|
164
|
+
|
|
165
|
+
- AP2 PaymentReceipt / CheckoutReceipt success, required fields, and `reference` binding to a closed mandate serialization or explicit closed-mandate hash.
|
|
166
|
+
- Compact AP2 receipt JWT verification with `jose`, using trusted local JWKS, `jwksUrl`, or verifier metadata containing inline `jwks` or `jwks_uri`.
|
|
167
|
+
- Receipt JWT hardening for unsupported `alg`, `alg: "none"`, missing `kid`, unexpected `crit`, malformed compact JWTs, unsupported JWKS keys, duplicate `kid`, metadata precedence, issuer key isolation, and clock-edge behavior.
|
|
168
|
+
- VI SD-JWT parsing for L1, L2, L3 payment, and L3 checkout credentials.
|
|
169
|
+
- Async VI SD-JWT / SD-JWT VC conformance with OpenWallet `@sd-jwt/core` and `@sd-jwt/sd-jwt-vc`.
|
|
170
|
+
- VI SD-JWT structural checks for duplicate disclosures, duplicate digest references, unused disclosures, unsupported `_sd_alg`, and future `nbf`.
|
|
171
|
+
- ES256 signatures: L1 via trusted issuer keys, L2 via L1 `cnf.jwk`, L3 via the L2 delegated agent key.
|
|
172
|
+
- `sd_hash` links, disclosure digest links, autonomous L2 `cnf.jwk` consistency, and final checkout/payment binding.
|
|
173
|
+
- Typed AP2 mandate constraints: merchant allowlists, checkout line items, payment amount ranges, allowed payees, allowed payment instruments, allowed PISPs, and execution windows.
|
|
174
|
+
|
|
175
|
+
The default signature policy is `require`. Missing keys or invalid signatures make `valid` false while still returning a structured result. Use `signaturePolicy: "best-effort"` for structural triage where issuer keys are not yet available.
|
|
176
|
+
|
|
177
|
+
The default receipt JWT policy is also `require`. Invalid receipt JWTs make `valid` false. Use `receiptJwtPolicy: "best-effort"` when decoded receipt objects are already available and JWT verification is an advisory signal.
|
|
178
|
+
|
|
179
|
+
The async verifier also defaults `sdJwtConformancePolicy` to `require` when VI credentials are present. Each credential result includes `sdJwtConformance.status`, `profile`, and an optional reason. Use `sdJwtConformancePolicy: "best-effort"` for advisory conformance checks, or `"off"` to keep the async result aligned with the decoded structural verifier. The default profile is `sd-jwt-vc`; callers may pass `sdJwtConformanceProfile: "sd-jwt"` for the core SD-JWT profile.
|
|
180
|
+
|
|
181
|
+
VC type metadata and status-list fetches are explicit. If a caller enables `sdJwtVc.loadTypeMetadata` or submits credentials with VC status references, it should provide `sdJwtVc.vctFetcher` or `sdJwtVc.statusListFetcher`. The verifier does not perform hidden network fetches for those checks.
|
|
182
|
+
|
|
183
|
+
The default constraint policy is `require`. Failed, unresolved, or unsupported disclosed AP2 constraints make `valid` false. Use `constraintPolicy: "best-effort"` to keep those findings advisory, or `"off"` to skip them. The lower-level `evaluateAp2ViConstraints(input, disclosures?)` helper is exported for decoded mandate material and fixture replay.
|
|
184
|
+
|
|
185
|
+
The local AP2 / VI evidence corpus lives under `packages/agent/test/fixtures/ap2/`. It includes signed immediate evidence, signed autonomous success evidence, a decoded constraint replay case, and a named autonomous negative matrix. The crypto conformance corpus lives under `spec/conformance/ap2-vi-crypto/`. It pins offline JOSE, JWKS, metadata, SD-JWT, and clock-edge cases for the async verifier.
|
|
186
|
+
|
|
187
|
+
The same evidence bundle can be passed to `verifyRecord(record, { ap2ViEvidence, ap2ViEvidenceOptions })` for transaction records or to `verifier.verify(doc, { ap2ViEvidence, ap2ViEvidenceOptions })` for settlement recommendation verification. Both APIs attach the result as `ap2_vi_evidence`; neither API fetches AP2 / VI material on its own.
|
|
188
|
+
|
|
112
189
|
### `calculate(options): Promise<RecommendationDocument>`
|
|
113
190
|
|
|
114
191
|
Post-hoc calculation when no agent SDK was present. Always returns a fully-shaped document, unsigned with a warning if the merchant key is missing.
|
|
@@ -122,6 +199,9 @@ For advanced use (custom calculators, alternative signing flows), the package al
|
|
|
122
199
|
- `isValidPolicy(doc)`: schema check for `PolicyDocument`
|
|
123
200
|
- `signRecommendation(unsigned, privateKey)`: JCS + Ed25519 signing
|
|
124
201
|
- `verifyRecommendationSignature(doc, publicKey)`: signature verification
|
|
202
|
+
- `evaluateAp2ViConstraints(input, disclosures?)`: decoded AP2 open-mandate constraint checking
|
|
203
|
+
- `verifyAp2ViEvidence(bundle, options?)`: decoded AP2 / VI receipt and mandate-chain evidence checking
|
|
204
|
+
- `verifyAp2ViEvidenceAsync(bundle, options?)`: compact AP2 receipt JWT verification, async VI SD-JWT / VC conformance, plus decoded evidence checks. `verifyRecord()` and `AtribVerifier.verify()` call this when supplied with `ap2ViEvidence`
|
|
125
205
|
- `recommendationSigningInput(doc)`: the canonical bytes that get signed
|
|
126
206
|
- `distributionsMatch(a, b)`: float-tolerant equality (within `1e-9` per recipient)
|
|
127
207
|
- `fetchGraph(endpoint, contextId, treeSize?)`, `fetchSessionPolicyRecord`, `fetchPolicyDocument`
|
|
@@ -149,7 +229,7 @@ The merchant's payment pipeline never crashes because of an atrib problem. It ju
|
|
|
149
229
|
|
|
150
230
|
## Test coverage
|
|
151
231
|
|
|
152
|
-
|
|
232
|
+
The test suite covers the [§4.6](https://github.com/creatornader/atrib/blob/main/atrib-spec.md#46-the-calculation-algorithm) calculation algorithm, graph endpoint client, JCS canonicalization, Ed25519 signing, settlement recommendations, policy templates, policy builder, calculation edge cases, property-based testing with fast-check, AP2 / VI evidence checking, AP2 / VI crypto conformance, tiered AP2 / VI verifier attachment, and full `verify()` / `calculate()` paths including [§5.8](https://github.com/creatornader/atrib/blob/main/atrib-spec.md#58-degradation-contract) degradation.
|
|
153
233
|
|
|
154
234
|
Run them with `pnpm --filter @atrib/verify test`.
|
|
155
235
|
|
|
@@ -162,6 +242,7 @@ Run them with `pnpm --filter @atrib/verify test`.
|
|
|
162
242
|
| [§4.6](https://github.com/creatornader/atrib/blob/main/atrib-spec.md#46-the-calculation-algorithm) | Pure calculation algorithm |
|
|
163
243
|
| [§4.7](https://github.com/creatornader/atrib/blob/main/atrib-spec.md#47-settlement-recommendation-document) | Recommendation document signing/verification |
|
|
164
244
|
| [§5.5](https://github.com/creatornader/atrib/blob/main/atrib-spec.md#55-atribverify-merchant-verification-library) | `AtribVerifier` class. `verify()` and `calculate()` |
|
|
245
|
+
| [§5.5.4](https://github.com/creatornader/atrib/blob/main/atrib-spec.md#554-ap2--verifiable-intent-evidence-checks) | AP2 / VI evidence checks |
|
|
165
246
|
| [§5.8](https://github.com/creatornader/atrib/blob/main/atrib-spec.md#58-degradation-contract) | Degradation contract; failures never break the host |
|
|
166
247
|
|
|
167
248
|
The full protocol spec is at [`atrib-spec.md`](https://github.com/creatornader/atrib/blob/main/atrib-spec.md).
|
|
@@ -0,0 +1,141 @@
|
|
|
1
|
+
import type { StatusListFetcher, StatusValidator, VcTFetcher } from '@sd-jwt/sd-jwt-vc';
|
|
2
|
+
export type ViCredentialLayer = 'L1' | 'L2' | 'L3_PAYMENT' | 'L3_CHECKOUT';
|
|
3
|
+
export type ViMode = 'immediate' | 'autonomous' | 'unknown';
|
|
4
|
+
export type SdJwtConformancePolicy = 'require' | 'best-effort' | 'off';
|
|
5
|
+
export type SdJwtConformanceProfile = 'sd-jwt' | 'sd-jwt-vc';
|
|
6
|
+
export type Ap2ConstraintPolicy = 'require' | 'best-effort' | 'off';
|
|
7
|
+
export type Ap2ConstraintDomain = 'checkout' | 'payment';
|
|
8
|
+
export type Ap2ConstraintCheckStatus = 'passed' | 'failed' | 'unresolved' | 'unsupported';
|
|
9
|
+
export type Ap2ConstraintEvaluationStatus = 'passed' | 'failed' | 'unresolved' | 'not_applicable' | 'not_checked';
|
|
10
|
+
export interface ViCredentialInput {
|
|
11
|
+
layer: ViCredentialLayer;
|
|
12
|
+
sdJwt: string;
|
|
13
|
+
parentPresentation?: string;
|
|
14
|
+
}
|
|
15
|
+
export interface Ap2EvidenceInput {
|
|
16
|
+
paymentReceipt?: unknown;
|
|
17
|
+
checkoutReceipt?: unknown;
|
|
18
|
+
paymentReceiptJwt?: string;
|
|
19
|
+
checkoutReceiptJwt?: string;
|
|
20
|
+
checkoutPayload?: unknown;
|
|
21
|
+
closedPaymentMandate?: string;
|
|
22
|
+
closedCheckoutMandate?: string;
|
|
23
|
+
closedPaymentMandateHash?: string;
|
|
24
|
+
closedCheckoutMandateHash?: string;
|
|
25
|
+
}
|
|
26
|
+
export interface Ap2ReceiptJwtIssuer {
|
|
27
|
+
issuer?: string;
|
|
28
|
+
audience?: string | string[];
|
|
29
|
+
jwks?: JsonWebKey[] | {
|
|
30
|
+
keys: JsonWebKey[];
|
|
31
|
+
};
|
|
32
|
+
jwksUrl?: string;
|
|
33
|
+
metadataUrl?: string;
|
|
34
|
+
}
|
|
35
|
+
export interface SdJwtVcConformanceOptions {
|
|
36
|
+
loadTypeMetadata?: boolean;
|
|
37
|
+
vctFetcher?: VcTFetcher;
|
|
38
|
+
statusListFetcher?: StatusListFetcher;
|
|
39
|
+
statusValidator?: StatusValidator;
|
|
40
|
+
maxVctExtendsDepth?: number;
|
|
41
|
+
}
|
|
42
|
+
export interface Ap2ViEvidenceBundle {
|
|
43
|
+
ap2?: Ap2EvidenceInput;
|
|
44
|
+
vi?: {
|
|
45
|
+
credentials?: ViCredentialInput[];
|
|
46
|
+
};
|
|
47
|
+
trustedIssuerKeys?: JsonWebKey[];
|
|
48
|
+
receiptJwtIssuers?: Ap2ReceiptJwtIssuer[];
|
|
49
|
+
}
|
|
50
|
+
export interface VerifyAp2ViEvidenceOptions {
|
|
51
|
+
trustedIssuerKeys?: JsonWebKey[];
|
|
52
|
+
receiptJwtIssuers?: Ap2ReceiptJwtIssuer[];
|
|
53
|
+
receiptJwtPolicy?: 'require' | 'best-effort';
|
|
54
|
+
signaturePolicy?: 'require' | 'best-effort';
|
|
55
|
+
sdJwtConformancePolicy?: SdJwtConformancePolicy;
|
|
56
|
+
sdJwtConformanceProfile?: SdJwtConformanceProfile;
|
|
57
|
+
constraintPolicy?: Ap2ConstraintPolicy;
|
|
58
|
+
sdJwtVc?: SdJwtVcConformanceOptions;
|
|
59
|
+
nowSeconds?: number;
|
|
60
|
+
clockSkewSeconds?: number;
|
|
61
|
+
fetch?: typeof fetch;
|
|
62
|
+
}
|
|
63
|
+
export interface SignatureCheck {
|
|
64
|
+
status: 'verified' | 'invalid' | 'not_checked';
|
|
65
|
+
reason?: string;
|
|
66
|
+
}
|
|
67
|
+
export interface SdJwtConformanceCheck {
|
|
68
|
+
status: 'verified' | 'invalid' | 'not_checked';
|
|
69
|
+
profile: SdJwtConformanceProfile | null;
|
|
70
|
+
reason?: string;
|
|
71
|
+
}
|
|
72
|
+
export interface ViCredentialCheck {
|
|
73
|
+
layer: ViCredentialLayer;
|
|
74
|
+
alg: string | null;
|
|
75
|
+
typ: string | null;
|
|
76
|
+
kid: string | null;
|
|
77
|
+
signature: SignatureCheck;
|
|
78
|
+
sdJwtConformance: SdJwtConformanceCheck;
|
|
79
|
+
sdHashOk: boolean | null;
|
|
80
|
+
disclosuresOk: boolean | null;
|
|
81
|
+
mandateVcts: string[];
|
|
82
|
+
}
|
|
83
|
+
export interface Ap2ReceiptCheck {
|
|
84
|
+
present: boolean;
|
|
85
|
+
status: string | null;
|
|
86
|
+
success: boolean;
|
|
87
|
+
reference: string | null;
|
|
88
|
+
referenceOk: boolean | null;
|
|
89
|
+
missingFields: string[];
|
|
90
|
+
jwt?: Ap2ReceiptJwtCheck;
|
|
91
|
+
}
|
|
92
|
+
export interface Ap2ReceiptJwtCheck {
|
|
93
|
+
present: boolean;
|
|
94
|
+
verified: boolean;
|
|
95
|
+
issuer: string | null;
|
|
96
|
+
kid: string | null;
|
|
97
|
+
alg: string | null;
|
|
98
|
+
jwksSource: 'static' | 'jwks_url' | 'metadata' | null;
|
|
99
|
+
error?: string;
|
|
100
|
+
}
|
|
101
|
+
export interface Ap2MandateConstraintCheck {
|
|
102
|
+
type: string;
|
|
103
|
+
domain: Ap2ConstraintDomain;
|
|
104
|
+
status: Ap2ConstraintCheckStatus;
|
|
105
|
+
reason?: string;
|
|
106
|
+
}
|
|
107
|
+
export interface Ap2MandateConstraintEvaluation {
|
|
108
|
+
status: Ap2ConstraintEvaluationStatus;
|
|
109
|
+
checks: Ap2MandateConstraintCheck[];
|
|
110
|
+
}
|
|
111
|
+
export interface Ap2MandateConstraintInput {
|
|
112
|
+
openCheckoutMandates?: unknown[];
|
|
113
|
+
closedCheckoutMandates?: unknown[];
|
|
114
|
+
openPaymentMandates?: unknown[];
|
|
115
|
+
closedPaymentMandates?: unknown[];
|
|
116
|
+
checkoutPayload?: unknown;
|
|
117
|
+
nowSeconds?: number;
|
|
118
|
+
}
|
|
119
|
+
export interface Ap2EvidenceCheck {
|
|
120
|
+
paymentReceipt?: Ap2ReceiptCheck;
|
|
121
|
+
checkoutReceipt?: Ap2ReceiptCheck;
|
|
122
|
+
}
|
|
123
|
+
export interface ViEvidenceCheck {
|
|
124
|
+
mode: ViMode;
|
|
125
|
+
credentials: ViCredentialCheck[];
|
|
126
|
+
delegationOk: boolean | null;
|
|
127
|
+
checkoutPaymentBindingOk: boolean | null;
|
|
128
|
+
constraints: Ap2MandateConstraintEvaluation;
|
|
129
|
+
}
|
|
130
|
+
export interface Ap2ViEvidenceVerification {
|
|
131
|
+
valid: boolean;
|
|
132
|
+
transactionAccepted: boolean;
|
|
133
|
+
ap2: Ap2EvidenceCheck;
|
|
134
|
+
vi: ViEvidenceCheck;
|
|
135
|
+
errors: string[];
|
|
136
|
+
warnings: string[];
|
|
137
|
+
}
|
|
138
|
+
export declare function evaluateAp2ViConstraints(input: Ap2MandateConstraintInput, disclosures?: Map<string, unknown>): Ap2MandateConstraintEvaluation;
|
|
139
|
+
export declare function verifyAp2ViEvidence(bundle: Ap2ViEvidenceBundle, options?: VerifyAp2ViEvidenceOptions): Ap2ViEvidenceVerification;
|
|
140
|
+
export declare function verifyAp2ViEvidenceAsync(bundle: Ap2ViEvidenceBundle, options?: VerifyAp2ViEvidenceOptions): Promise<Ap2ViEvidenceVerification>;
|
|
141
|
+
//# sourceMappingURL=ap2-vi-evidence.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ap2-vi-evidence.d.ts","sourceRoot":"","sources":["../src/ap2-vi-evidence.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAEV,iBAAiB,EACjB,eAAe,EACf,UAAU,EACX,MAAM,mBAAmB,CAAA;AAW1B,MAAM,MAAM,iBAAiB,GAAG,IAAI,GAAG,IAAI,GAAG,YAAY,GAAG,aAAa,CAAA;AAC1E,MAAM,MAAM,MAAM,GAAG,WAAW,GAAG,YAAY,GAAG,SAAS,CAAA;AAC3D,MAAM,MAAM,sBAAsB,GAAG,SAAS,GAAG,aAAa,GAAG,KAAK,CAAA;AACtE,MAAM,MAAM,uBAAuB,GAAG,QAAQ,GAAG,WAAW,CAAA;AAC5D,MAAM,MAAM,mBAAmB,GAAG,SAAS,GAAG,aAAa,GAAG,KAAK,CAAA;AACnE,MAAM,MAAM,mBAAmB,GAAG,UAAU,GAAG,SAAS,CAAA;AACxD,MAAM,MAAM,wBAAwB,GAAG,QAAQ,GAAG,QAAQ,GAAG,YAAY,GAAG,aAAa,CAAA;AACzF,MAAM,MAAM,6BAA6B,GACrC,QAAQ,GACR,QAAQ,GACR,YAAY,GACZ,gBAAgB,GAChB,aAAa,CAAA;AAEjB,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,iBAAiB,CAAA;IACxB,KAAK,EAAE,MAAM,CAAA;IACb,kBAAkB,CAAC,EAAE,MAAM,CAAA;CAC5B;AAED,MAAM,WAAW,gBAAgB;IAC/B,cAAc,CAAC,EAAE,OAAO,CAAA;IACxB,eAAe,CAAC,EAAE,OAAO,CAAA;IACzB,iBAAiB,CAAC,EAAE,MAAM,CAAA;IAC1B,kBAAkB,CAAC,EAAE,MAAM,CAAA;IAC3B,eAAe,CAAC,EAAE,OAAO,CAAA;IACzB,oBAAoB,CAAC,EAAE,MAAM,CAAA;IAC7B,qBAAqB,CAAC,EAAE,MAAM,CAAA;IAC9B,wBAAwB,CAAC,EAAE,MAAM,CAAA;IACjC,yBAAyB,CAAC,EAAE,MAAM,CAAA;CACnC;AAED,MAAM,WAAW,mBAAmB;IAClC,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAA;IAC5B,IAAI,CAAC,EAAE,UAAU,EAAE,GAAG;QAAE,IAAI,EAAE,UAAU,EAAE,CAAA;KAAE,CAAA;IAC5C,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,WAAW,CAAC,EAAE,MAAM,CAAA;CACrB;AAED,MAAM,WAAW,yBAAyB;IACxC,gBAAgB,CAAC,EAAE,OAAO,CAAA;IAC1B,UAAU,CAAC,EAAE,UAAU,CAAA;IACvB,iBAAiB,CAAC,EAAE,iBAAiB,CAAA;IACrC,eAAe,CAAC,EAAE,eAAe,CAAA;IACjC,kBAAkB,CAAC,EAAE,MAAM,CAAA;CAC5B;AAED,MAAM,WAAW,mBAAmB;IAClC,GAAG,CAAC,EAAE,gBAAgB,CAAA;IACtB,EAAE,CAAC,EAAE;QACH,WAAW,CAAC,EAAE,iBAAiB,EAAE,CAAA;KAClC,CAAA;IACD,iBAAiB,CAAC,EAAE,UAAU,EAAE,CAAA;IAChC,iBAAiB,CAAC,EAAE,mBAAmB,EAAE,CAAA;CAC1C;AAED,MAAM,WAAW,0BAA0B;IACzC,iBAAiB,CAAC,EAAE,UAAU,EAAE,CAAA;IAChC,iBAAiB,CAAC,EAAE,mBAAmB,EAAE,CAAA;IACzC,gBAAgB,CAAC,EAAE,SAAS,GAAG,aAAa,CAAA;IAC5C,eAAe,CAAC,EAAE,SAAS,GAAG,aAAa,CAAA;IAC3C,sBAAsB,CAAC,EAAE,sBAAsB,CAAA;IAC/C,uBAAuB,CAAC,EAAE,uBAAuB,CAAA;IACjD,gBAAgB,CAAC,EAAE,mBAAmB,CAAA;IACtC,OAAO,CAAC,EAAE,yBAAyB,CAAA;IACnC,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB,KAAK,CAAC,EAAE,OAAO,KAAK,CAAA;CACrB;AAED,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,UAAU,GAAG,SAAS,GAAG,aAAa,CAAA;IAC9C,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB;AAED,MAAM,WAAW,qBAAqB;IACpC,MAAM,EAAE,UAAU,GAAG,SAAS,GAAG,aAAa,CAAA;IAC9C,OAAO,EAAE,uBAAuB,GAAG,IAAI,CAAA;IACvC,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB;AAED,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,iBAAiB,CAAA;IACxB,GAAG,EAAE,MAAM,GAAG,IAAI,CAAA;IAClB,GAAG,EAAE,MAAM,GAAG,IAAI,CAAA;IAClB,GAAG,EAAE,MAAM,GAAG,IAAI,CAAA;IAClB,SAAS,EAAE,cAAc,CAAA;IACzB,gBAAgB,EAAE,qBAAqB,CAAA;IACvC,QAAQ,EAAE,OAAO,GAAG,IAAI,CAAA;IACxB,aAAa,EAAE,OAAO,GAAG,IAAI,CAAA;IAC7B,WAAW,EAAE,MAAM,EAAE,CAAA;CACtB;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,CAAA;IAChB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,OAAO,EAAE,OAAO,CAAA;IAChB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAA;IACxB,WAAW,EAAE,OAAO,GAAG,IAAI,CAAA;IAC3B,aAAa,EAAE,MAAM,EAAE,CAAA;IACvB,GAAG,CAAC,EAAE,kBAAkB,CAAA;CACzB;AAED,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,OAAO,CAAA;IAChB,QAAQ,EAAE,OAAO,CAAA;IACjB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,GAAG,EAAE,MAAM,GAAG,IAAI,CAAA;IAClB,GAAG,EAAE,MAAM,GAAG,IAAI,CAAA;IAClB,UAAU,EAAE,QAAQ,GAAG,UAAU,GAAG,UAAU,GAAG,IAAI,CAAA;IACrD,KAAK,CAAC,EAAE,MAAM,CAAA;CACf;AAED,MAAM,WAAW,yBAAyB;IACxC,IAAI,EAAE,MAAM,CAAA;IACZ,MAAM,EAAE,mBAAmB,CAAA;IAC3B,MAAM,EAAE,wBAAwB,CAAA;IAChC,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB;AAED,MAAM,WAAW,8BAA8B;IAC7C,MAAM,EAAE,6BAA6B,CAAA;IACrC,MAAM,EAAE,yBAAyB,EAAE,CAAA;CACpC;AAED,MAAM,WAAW,yBAAyB;IACxC,oBAAoB,CAAC,EAAE,OAAO,EAAE,CAAA;IAChC,sBAAsB,CAAC,EAAE,OAAO,EAAE,CAAA;IAClC,mBAAmB,CAAC,EAAE,OAAO,EAAE,CAAA;IAC/B,qBAAqB,CAAC,EAAE,OAAO,EAAE,CAAA;IACjC,eAAe,CAAC,EAAE,OAAO,CAAA;IACzB,UAAU,CAAC,EAAE,MAAM,CAAA;CACpB;AAED,MAAM,WAAW,gBAAgB;IAC/B,cAAc,CAAC,EAAE,eAAe,CAAA;IAChC,eAAe,CAAC,EAAE,eAAe,CAAA;CAClC;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAA;IACZ,WAAW,EAAE,iBAAiB,EAAE,CAAA;IAChC,YAAY,EAAE,OAAO,GAAG,IAAI,CAAA;IAC5B,wBAAwB,EAAE,OAAO,GAAG,IAAI,CAAA;IACxC,WAAW,EAAE,8BAA8B,CAAA;CAC5C;AAED,MAAM,WAAW,yBAAyB;IACxC,KAAK,EAAE,OAAO,CAAA;IACd,mBAAmB,EAAE,OAAO,CAAA;IAC5B,GAAG,EAAE,gBAAgB,CAAA;IACrB,EAAE,EAAE,eAAe,CAAA;IACnB,MAAM,EAAE,MAAM,EAAE,CAAA;IAChB,QAAQ,EAAE,MAAM,EAAE,CAAA;CACnB;AAyhBD,wBAAgB,wBAAwB,CACtC,KAAK,EAAE,yBAAyB,EAChC,WAAW,GAAE,GAAG,CAAC,MAAM,EAAE,OAAO,CAAa,GAC5C,8BAA8B,CAiDhC;AA8tBD,wBAAgB,mBAAmB,CACjC,MAAM,EAAE,mBAAmB,EAC3B,OAAO,GAAE,0BAA+B,GACvC,yBAAyB,CA+I3B;AAED,wBAAsB,wBAAwB,CAC5C,MAAM,EAAE,mBAAmB,EAC3B,OAAO,GAAE,0BAA+B,GACvC,OAAO,CAAC,yBAAyB,CAAC,CA2GpC"}
|