@cofhe/sdk 0.0.0-alpha-20260409113701

package/permits/validation.test.ts

@@ -0,0 +1,361 @@
+import { describe, it, expect } from 'vitest';
+import {
+  ValidationUtils,
+  validateSelfPermitOptions,
+  validateSharingPermitOptions,
+  validateImportPermitOptions,
+  validateSelfPermit,
+  validateSharingPermit,
+  validateImportPermit,
+  type Permit,
+  type CreateSelfPermitOptions,
+  type CreateSharingPermitOptions,
+  type ImportSharedPermitOptions,
+} from './index.js';
+import { createMockPermit } from './test-utils.js';
+
+describe('Validation Tests', () => {
+  describe('validateSelfPermitOptions', () => {
+    it('should validate valid self permit options', () => {
+      const options: CreateSelfPermitOptions = {
+        type: 'self',
+        issuer: '0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266', // Bob's address
+        name: 'Test Permit',
+      };
+
+      expect(() => validateSelfPermitOptions(options)).not.toThrow();
+      const result = validateSelfPermitOptions(options);
+      expect(result).toBeDefined();
+    });
+
+    it('should reject invalid address', () => {
+      const options: CreateSelfPermitOptions = {
+        type: 'self',
+        issuer: 'invalid-address',
+        name: 'Test Permit',
+      };
+
+      expect(() => validateSelfPermitOptions(options)).toThrow();
+    });
+
+    it('should reject zero address', () => {
+      const options: CreateSelfPermitOptions = {
+        type: 'self',
+        issuer: '0x0000000000000000000000000000000000000000',
+        name: 'Test Permit',
+      };
+
+      expect(() => validateSelfPermitOptions(options)).toThrow();
+    });
+  });
+
+  describe('validateSharingPermitOptions', () => {
+    it('should validate valid sharing permit options', () => {
+      const options: CreateSharingPermitOptions = {
+        type: 'sharing',
+        issuer: '0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266', // Bob's address
+        recipient: '0x70997970C51812dc3A010C7d01b50e0d17dc79C8', // Alice's address
+        name: 'Sharing Permit',
+      };
+
+      expect(() => validateSharingPermitOptions(options)).not.toThrow();
+    });
+
+    it('should reject sharing permit with zero recipient', () => {
+      const options: CreateSharingPermitOptions = {
+        type: 'sharing',
+        issuer: '0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266', // Bob's address
+        recipient: '0x0000000000000000000000000000000000000000',
+        name: 'Sharing Permit',
+      };
+
+      expect(() => validateSharingPermitOptions(options)).toThrow();
+    });
+
+    it('should reject sharing permit with invalid recipient', () => {
+      const options: CreateSharingPermitOptions = {
+        type: 'sharing',
+        issuer: '0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266', // Bob's address
+        recipient: 'invalid-address',
+        name: 'Sharing Permit',
+      };
+
+      expect(() => validateSharingPermitOptions(options)).toThrow();
+    });
+  });
+
+  describe('validateImportPermitOptions', () => {
+    it('should validate valid import permit options', () => {
+      const options: ImportSharedPermitOptions = {
+        issuer: '0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266', // Bob's address
+        expiration: Math.floor(Date.now() / 1000) + 3600, // 1 hour from now
+        recipient: '0x70997970C51812dc3A010C7d01b50e0d17dc79C8', // Alice's address
+        issuerSignature: '0x1234567890abcdef',
+        name: 'Import Permit',
+      };
+
+      expect(() => validateImportPermitOptions(options)).not.toThrow();
+    });
+
+    it('should reject import permit with missing expiration', () => {
+      const options = {
+        issuer: '0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266', // Bob's address
+        recipient: '0x70997970C51812dc3A010C7d01b50e0d17dc79C8', // Alice's address
+        issuerSignature: '0x1234567890abcdef',
+        name: 'Import Permit',
+      };
+      expect(() => validateImportPermitOptions(options)).toThrow();
+    });
+
+    it('should reject import permit with empty signature', () => {
+      const options: ImportSharedPermitOptions = {
+        issuer: '0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266', // Bob's address
+        expiration: Math.floor(Date.now() / 1000) + 3600, // 1 hour from now
+        recipient: '0x70997970C51812dc3A010C7d01b50e0d17dc79C8', // Alice's address
+        issuerSignature: '0x',
+        name: 'Import Permit',
+      };
+
+      expect(() => validateImportPermitOptions(options)).toThrow();
+    });
+
+    it('should reject import permit with invalid signature', () => {
+      const options: ImportSharedPermitOptions = {
+        issuer: '0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266', // Bob's address
+        expiration: Math.floor(Date.now() / 1000) + 3600, // 1 hour from now
+        recipient: '0x70997970C51812dc3A010C7d01b50e0d17dc79C8', // Alice's address
+        issuerSignature: '0x',
+        name: 'Import Permit',
+      };
+
+      expect(() => validateImportPermitOptions(options)).toThrow();
+    });
+  });
+
+  describe('validateSelfPermit', () => {
+    it('should validate valid self permit', async () => {
+      const permit = await createMockPermit();
+      permit.type = 'self';
+      permit.issuerSignature = '0x1234567890abcdef';
+
+      expect(() => validateSelfPermit(permit)).not.toThrow();
+    });
+
+    it('should reject self permit with missing sealing pair', async () => {
+      const permit = { ...(await createMockPermit()), sealingPair: undefined };
+      permit.type = 'self';
+      expect(() => validateSelfPermit(permit as unknown as Permit)).toThrow();
+    });
+  });
+
+  describe('validateSharingPermit', () => {
+    it('should validate valid sharing permit', async () => {
+      const permit = await createMockPermit();
+      permit.type = 'sharing';
+      permit.issuerSignature = '0x1234567890abcdef';
+      permit.recipient = '0x70997970C51812dc3A010C7d01b50e0d17dc79C8'; // Alice's address
+
+      expect(() => validateSharingPermit(permit)).not.toThrow();
+    });
+
+    it('should reject sharing permit with zero recipient', async () => {
+      const permit = await createMockPermit();
+      permit.type = 'sharing';
+      permit.issuerSignature = '0x1234567890abcdef';
+      permit.recipient = '0x0000000000000000000000000000000000000000';
+
+      expect(() => validateSharingPermit(permit)).toThrow();
+    });
+  });
+
+  describe('validateImportPermit', () => {
+    it('should validate valid import permit', async () => {
+      const permit = await createMockPermit();
+      permit.type = 'recipient';
+      permit.issuerSignature = '0x1234567890abcdef';
+      permit.recipient = '0x70997970C51812dc3A010C7d01b50e0d17dc79C8'; // Alice's address
+      permit.recipientSignature = '0xabcdef1234567890';
+
+      expect(() => validateImportPermit(permit)).not.toThrow();
+    });
+
+    it('should reject import permit with empty recipient signature', async () => {
+      const permit = await createMockPermit();
+      permit.type = 'recipient';
+      permit.issuerSignature = '0x1234567890abcdef';
+      permit.recipient = '0x70997970C51812dc3A010C7d01b50e0d17dc79C8'; // Alice's address
+      permit.recipientSignature = '0x';
+
+      expect(() => validateImportPermit(permit)).toThrow();
+    });
+  });
+
+  describe('ValidationUtils', () => {
+    describe('isExpired', () => {
+      it('should return true for expired permit', async () => {
+        const permit = {
+          ...(await createMockPermit()),
+          expiration: Math.floor(Date.now() / 1000) - 3600, // 1 hour ago
+        };
+        expect(ValidationUtils.isExpired(permit)).toBe(true);
+      });
+
+      it('should return false for non-expired permit', async () => {
+        const permit = {
+          ...(await createMockPermit()),
+          expiration: Math.floor(Date.now() / 1000) + 3600, // 1 hour from now
+        };
+        expect(ValidationUtils.isExpired(permit)).toBe(false);
+      });
+    });
+
+    describe('isSigned', () => {
+      it('should return true for signed self permit', async () => {
+        const permit = {
+          ...(await createMockPermit()),
+          type: 'self' as const,
+          issuerSignature: '0x1234567890abcdef' as `0x${string}`,
+        };
+        expect(ValidationUtils.isSigned(permit)).toBe(true);
+      });
+
+      it('should return false for unsigned self permit', async () => {
+        const permit = {
+          ...(await createMockPermit()),
+          type: 'self' as const,
+          issuerSignature: '0x' as `0x${string}`,
+        };
+        expect(ValidationUtils.isSigned(permit)).toBe(false);
+      });
+
+      it('should return true for signed recipient permit', async () => {
+        const permit = {
+          ...(await createMockPermit()),
+          type: 'recipient' as const,
+          recipientSignature: '0x1234567890abcdef' as `0x${string}`,
+        };
+        expect(ValidationUtils.isSigned(permit)).toBe(true);
+      });
+
+      it('should return false for unsigned recipient permit', async () => {
+        const permit = {
+          ...(await createMockPermit()),
+          type: 'recipient' as const,
+          recipientSignature: '0x' as `0x${string}`,
+        };
+        expect(ValidationUtils.isSigned(permit)).toBe(false);
+      });
+    });
+
+    describe('isSignedAndNotExpired', () => {
+      it('should return valid for valid permit', async () => {
+        const permit = {
+          ...(await createMockPermit()),
+          expiration: Math.floor(Date.now() / 1000) + 3600,
+          issuerSignature: '0x1234567890abcdef' as `0x${string}`,
+        };
+        const result = ValidationUtils.isSignedAndNotExpired(permit);
+        expect(result.valid).toBe(true);
+        expect(result.error).toBeNull();
+      });
+
+      it('should return invalid for expired permit', async () => {
+        const permit = {
+          ...(await createMockPermit()),
+          expiration: Math.floor(Date.now() / 1000) - 3600,
+          issuerSignature: '0x1234567890abcdef' as `0x${string}`,
+        };
+        const result = ValidationUtils.isSignedAndNotExpired(permit);
+        expect(result.valid).toBe(false);
+        expect(result.error).toBe('expired');
+      });
+
+      it('should return invalid for unsigned permit', async () => {
+        const permit = {
+          ...(await createMockPermit()),
+          expiration: Math.floor(Date.now() / 1000) + 3600,
+          issuerSignature: '0x' as `0x${string}`,
+        };
+        const result = ValidationUtils.isSignedAndNotExpired(permit);
+        expect(result.valid).toBe(false);
+        expect(result.error).toBe('not-signed');
+      });
+    });
+
+    describe('assertSignedAndNotExpired', () => {
+      it('should not throw for valid permit', async () => {
+        const permit = {
+          ...(await createMockPermit()),
+          expiration: Math.floor(Date.now() / 1000) + 3600,
+          issuerSignature: '0x1234567890abcdef' as `0x${string}`,
+        };
+        expect(() => ValidationUtils.assertSignedAndNotExpired(permit)).not.toThrow();
+      });
+
+      it('should throw for expired permit', async () => {
+        const permit = {
+          ...(await createMockPermit()),
+          expiration: Math.floor(Date.now() / 1000) - 3600,
+          issuerSignature: '0x1234567890abcdef' as `0x${string}`,
+        };
+        expect(() => ValidationUtils.assertSignedAndNotExpired(permit)).toThrow('Permit is expired');
+      });
+
+      it('should throw for unsigned permit', async () => {
+        const permit = {
+          ...(await createMockPermit()),
+          expiration: Math.floor(Date.now() / 1000) + 3600,
+          issuerSignature: '0x' as `0x${string}`,
+        };
+        expect(() => ValidationUtils.assertSignedAndNotExpired(permit)).toThrow('Permit is not signed');
+      });
+    });
+
+    describe('isValid', () => {
+      it('should return invalid-schema for schema-invalid permit', async () => {
+        const permit = {
+          ...(await createMockPermit()),
+          type: 'self' as const,
+          expiration: Math.floor(Date.now() / 1000) + 3600,
+          issuerSignature: '0x1234567890abcdef' as `0x${string}`,
+          // Self permits must have recipient == zeroAddress per schema.
+          recipient: '0x70997970C51812dc3A010C7d01b50e0d17dc79C8' as `0x${string}`,
+        };
+
+        const result = ValidationUtils.isValid(permit as unknown as Permit);
+        expect(result.valid).toBe(false);
+        expect(result.error).toBe('invalid-schema');
+      });
+
+      it('should return expired for expired but otherwise schema-valid permit', async () => {
+        const permit = {
+          ...(await createMockPermit()),
+          type: 'self' as const,
+          expiration: Math.floor(Date.now() / 1000) - 3600,
+          issuerSignature: '0x1234567890abcdef' as `0x${string}`,
+          recipient: '0x0000000000000000000000000000000000000000' as `0x${string}`,
+          recipientSignature: '0x' as `0x${string}`,
+        };
+
+        const result = ValidationUtils.isValid(permit as unknown as Permit);
+        expect(result.valid).toBe(false);
+        expect(result.error).toBe('expired');
+      });
+
+      it('should return valid for schema-valid, signed, non-expired permit', async () => {
+        const permit = {
+          ...(await createMockPermit()),
+          type: 'self' as const,
+          expiration: Math.floor(Date.now() / 1000) + 3600,
+          issuerSignature: '0x1234567890abcdef' as `0x${string}`,
+          recipient: '0x0000000000000000000000000000000000000000' as `0x${string}`,
+          recipientSignature: '0x' as `0x${string}`,
+        };
+
+        const result = ValidationUtils.isValid(permit as unknown as Permit);
+        expect(result.valid).toBe(true);
+        expect(result.error).toBeNull();
+      });
+    });
+  });
+});

package/permits/validation.ts

@@ -0,0 +1,327 @@
+import { z } from 'zod';
+import { getAddress, isAddress, isHex, zeroAddress, type Hex } from 'viem';
+import type { Permit, ValidationResult } from './types.js';
+
+const SerializedSealingPair = z.object({
+  privateKey: z.string(),
+  publicKey: z.string(),
+});
+
+export const addressSchema = z
+  .string()
+  .refine((val) => isAddress(val), {
+    error: 'Invalid address',
+  })
+  .transform((val): Hex => getAddress(val));
+
+export const addressNotZeroSchema = addressSchema.refine((val) => val !== zeroAddress, {
+  error: 'Must not be zeroAddress',
+});
+
+export const bytesSchema = z.custom<Hex>(
+  (val) => {
+    return typeof val === 'string' && isHex(val);
+  },
+  {
+    message: 'Invalid hex value',
+  }
+);
+
+export const bytesNotEmptySchema = bytesSchema.refine((val) => val !== '0x', {
+  error: 'Must not be empty',
+});
+
+const DEFAULT_EXPIRATION_FN = () => Math.round(Date.now() / 1000) + 7 * 24 * 60 * 60; // 7 days from now
+
+const zPermitWithDefaults = z.object({
+  name: z.string().optional().default('Unnamed Permit'),
+  type: z.enum(['self', 'sharing', 'recipient']),
+  issuer: addressNotZeroSchema,
+  expiration: z.int().optional().default(DEFAULT_EXPIRATION_FN),
+  recipient: addressSchema.optional().default(zeroAddress),
+  validatorId: z.int().optional().default(0),
+  validatorContract: addressSchema.optional().default(zeroAddress),
+  issuerSignature: bytesSchema.optional().default('0x'),
+  recipientSignature: bytesSchema.optional().default('0x'),
+});
+
+const zPermitWithSealingPair = zPermitWithDefaults.extend({
+  sealingPair: SerializedSealingPair.optional(),
+});
+
+type zPermitType = z.infer<typeof zPermitWithDefaults>;
+
+/**
+ * Permits allow a hook into an optional external validator contract,
+ * this check ensures that IF an external validator is applied, that both `validatorId` and `validatorContract` are populated,
+ * ELSE ensures that both `validatorId` and `validatorContract` are empty
+ */
+const ExternalValidatorRefinement = [
+  (data: zPermitType) =>
+    (data.validatorId !== 0 && data.validatorContract !== zeroAddress) ||
+    (data.validatorId === 0 && data.validatorContract === zeroAddress),
+  {
+    error: 'Permit external validator :: validatorId and validatorContract must either both be set or both be unset.',
+    path: ['validatorId', 'validatorContract'] as string[],
+  },
+] as const;
+
+/**
+ * Prevents sharable permit from having the same issuer and recipient
+ */
+const RecipientRefinement = [
+  (data: zPermitType) => data.issuer !== data.recipient,
+  {
+    error: 'Sharing permit :: issuer and recipient must not be the same',
+    path: ['issuer', 'recipient'] as string[],
+  },
+] as const;
+
+// ============================================================================
+// SELF PERMIT VALIDATORS
+// ============================================================================
+
+/**
+ * Validator for self permit creation options
+ */
+export const SelfPermitOptionsValidator = z
+  .object({
+    type: z.literal('self').optional().default('self'),
+    issuer: addressNotZeroSchema,
+    name: z.string().optional().default('Unnamed Permit'),
+    expiration: z.int().optional().default(DEFAULT_EXPIRATION_FN),
+    recipient: addressSchema.optional().default(zeroAddress),
+    validatorId: z.int().optional().default(0),
+    validatorContract: addressSchema.optional().default(zeroAddress),
+    issuerSignature: bytesSchema.optional().default('0x'),
+    recipientSignature: bytesSchema.optional().default('0x'),
+  })
+  .refine(...ExternalValidatorRefinement);
+
+/**
+ * Validator for fully formed self permits
+ */
+export const SelfPermitValidator = zPermitWithSealingPair
+  .refine((data) => data.type === 'self', {
+    error: "Type must be 'self'",
+  })
+  .refine((data) => data.recipient === zeroAddress, {
+    error: 'Recipient must be zeroAddress',
+  })
+  .refine((data) => data.issuerSignature !== '0x', {
+    error: 'IssuerSignature must be populated',
+  })
+  .refine((data) => data.recipientSignature === '0x', {
+    error: 'RecipientSignature must be empty',
+  })
+  .refine(...ExternalValidatorRefinement);
+
+// ============================================================================
+// SHARING PERMIT VALIDATORS
+// ============================================================================
+
+/**
+ * Validator for sharing permit creation options
+ */
+export const SharingPermitOptionsValidator = z
+  .object({
+    type: z.literal('sharing').optional().default('sharing'),
+    issuer: addressNotZeroSchema,
+    recipient: addressNotZeroSchema,
+    name: z.string().optional().default('Unnamed Permit'),
+    expiration: z.int().optional().default(DEFAULT_EXPIRATION_FN),
+    validatorId: z.int().optional().default(0),
+    validatorContract: addressSchema.optional().default(zeroAddress),
+    issuerSignature: bytesSchema.optional().default('0x'),
+    recipientSignature: bytesSchema.optional().default('0x'),
+  })
+  .refine(...RecipientRefinement)
+  .refine(...ExternalValidatorRefinement);
+
+/**
+ * Validator for fully formed sharing permits
+ */
+export const SharingPermitValidator = zPermitWithSealingPair
+  .refine((data) => data.type === 'sharing', {
+    error: "Type must be 'sharing'",
+  })
+  .refine((data) => data.recipient !== zeroAddress, {
+    error: 'Recipient must not be zeroAddress',
+  })
+  .refine((data) => data.issuerSignature !== '0x', {
+    error: 'IssuerSignature must be populated',
+  })
+  .refine((data) => data.recipientSignature === '0x', {
+    error: 'RecipientSignature must be empty',
+  })
+  .refine(...ExternalValidatorRefinement);
+
+// ============================================================================
+// IMPORT/RECIPIENT PERMIT VALIDATORS
+// ============================================================================
+
+/**
+ * Validator for import permit creation options (recipient receiving shared permit)
+ */
+export const ImportPermitOptionsValidator = z
+  .object({
+    type: z.literal('recipient').optional().default('recipient'),
+    issuer: addressNotZeroSchema,
+    recipient: addressNotZeroSchema,
+    name: z.string().optional().default('Unnamed Permit'),
+    expiration: z.int(),
+    validatorId: z.int().optional().default(0),
+    validatorContract: addressSchema.optional().default(zeroAddress),
+    issuerSignature: bytesNotEmptySchema,
+    recipientSignature: bytesSchema.optional().default('0x'),
+  })
+  .refine(...ExternalValidatorRefinement);
+
+/**
+ * Validator for fully formed import/recipient permits
+ */
+export const ImportPermitValidator = zPermitWithSealingPair
+  .refine((data) => data.type === 'recipient', {
+    error: "Type must be 'recipient'",
+  })
+  .refine((data) => data.recipient !== zeroAddress, {
+    error: 'Recipient must not be zeroAddress',
+  })
+  .refine((data) => data.issuerSignature !== '0x', {
+    error: 'IssuerSignature must be populated',
+  })
+  .refine((data) => data.recipientSignature !== '0x', {
+    error: 'RecipientSignature must be populated',
+  })
+  .refine(...ExternalValidatorRefinement);
+
+// ============================================================================
+// VALIDATION FUNCTIONS
+// ============================================================================
+
+const safeParseAndThrowFormatted = <T extends z.ZodTypeAny>(schema: T, data: unknown, message: string): z.output<T> => {
+  const result = schema.safeParse(data);
+  if (!result.success) {
+    throw new Error(`${message}: ${z.prettifyError(result.error)}`, { cause: result.error });
+  }
+  return result.data;
+};
+
+/**
+ * Validates self permit creation options
+ */
+export const validateSelfPermitOptions = (options: any) => {
+  return safeParseAndThrowFormatted(SelfPermitOptionsValidator, options, 'Invalid self permit options');
+};
+/**
+ * Validates sharing permit creation options
+ */
+export const validateSharingPermitOptions = (options: any) => {
+  return safeParseAndThrowFormatted(SharingPermitOptionsValidator, options, 'Invalid sharing permit options');
+};
+
+/**
+ * Validates import permit creation options
+ */
+export const validateImportPermitOptions = (options: any) => {
+  return safeParseAndThrowFormatted(ImportPermitOptionsValidator, options, 'Invalid import permit options');
+};
+
+/**
+ * Validates a fully formed self permit
+ */
+export const validateSelfPermit = (permit: any) => {
+  return safeParseAndThrowFormatted(SelfPermitValidator, permit, 'Invalid self permit');
+};
+
+/**
+ * Validates a fully formed sharing permit
+ */
+export const validateSharingPermit = (permit: any) => {
+  return safeParseAndThrowFormatted(SharingPermitValidator, permit, 'Invalid sharing permit');
+};
+
+/**
+ * Validates a fully formed import/recipient permit
+ */
+export const validateImportPermit = (permit: any) => {
+  return safeParseAndThrowFormatted(ImportPermitValidator, permit, 'Invalid import permit');
+};
+
+/**
+ * Simple validation functions for common checks
+ */
+export const ValidationUtils = {
+  /**
+   * Check if permit is expired
+   */
+  isExpired: (permit: Permit): boolean => {
+    return permit.expiration < Math.floor(Date.now() / 1000);
+  },
+
+  /**
+   * Check if permit is signed by the active party
+   */
+  isSigned: (permit: Permit): boolean => {
+    if (permit.type === 'self' || permit.type === 'sharing') {
+      return permit.issuerSignature !== '0x';
+    }
+    if (permit.type === 'recipient') {
+      return permit.recipientSignature !== '0x';
+    }
+    return false;
+  },
+
+  /**
+   * Checks that a permit is signed and not expired.
+   */
+  isSignedAndNotExpired: (permit: Permit): ValidationResult => {
+    if (ValidationUtils.isExpired(permit)) {
+      return { valid: false, error: 'expired' };
+    }
+    if (!ValidationUtils.isSigned(permit)) {
+      return { valid: false, error: 'not-signed' };
+    }
+    return { valid: true, error: null };
+  },
+
+  /**
+   * Asserts that a permit is signed and not expired.
+   *
+   * Throws `Error` with message:
+   * - `Permit is expired`
+   * - `Permit is not signed`
+   */
+  assertSignedAndNotExpired: (permit: Permit): void => {
+    const result = ValidationUtils.isSignedAndNotExpired(permit);
+    if (result.valid) return;
+
+    if (result.error === 'expired') {
+      throw new Error('Permit is expired');
+    }
+    if (result.error === 'not-signed') {
+      throw new Error('Permit is not signed');
+    }
+
+    // Should be unreachable, but keeps this future-proof.
+    throw new Error('Permit is invalid');
+  },
+
+  isValid: (permit: Permit): ValidationResult => {
+    const schema =
+      permit.type === 'self'
+        ? SelfPermitValidator
+        : permit.type === 'sharing'
+          ? SharingPermitValidator
+          : permit.type === 'recipient'
+            ? ImportPermitValidator
+            : null;
+
+    if (schema == null) return { valid: false, error: 'invalid-schema' };
+
+    const schemaResult = schema.safeParse(permit);
+    if (!schemaResult.success) return { valid: false, error: 'invalid-schema' };
+
+    return ValidationUtils.isSignedAndNotExpired(permit);
+  },
+};