@dupecom/botcha-cloudflare 0.16.0 → 0.18.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (31) hide show
  1. package/dist/dashboard/layout.d.ts +12 -0
  2. package/dist/dashboard/layout.d.ts.map +1 -1
  3. package/dist/dashboard/layout.js +11 -4
  4. package/dist/dashboard/showcase.d.ts.map +1 -1
  5. package/dist/dashboard/showcase.js +2 -1
  6. package/dist/dashboard/whitepaper.d.ts.map +1 -1
  7. package/dist/dashboard/whitepaper.js +2 -2
  8. package/dist/index.d.ts.map +1 -1
  9. package/dist/index.js +44 -1
  10. package/dist/static.d.ts +541 -1
  11. package/dist/static.d.ts.map +1 -1
  12. package/dist/static.js +353 -3
  13. package/dist/tap-attestation-routes.d.ts +204 -0
  14. package/dist/tap-attestation-routes.d.ts.map +1 -0
  15. package/dist/tap-attestation-routes.js +396 -0
  16. package/dist/tap-attestation.d.ts +178 -0
  17. package/dist/tap-attestation.d.ts.map +1 -0
  18. package/dist/tap-attestation.js +416 -0
  19. package/dist/tap-delegation-routes.d.ts +236 -0
  20. package/dist/tap-delegation-routes.d.ts.map +1 -0
  21. package/dist/tap-delegation-routes.js +378 -0
  22. package/dist/tap-delegation.d.ts +127 -0
  23. package/dist/tap-delegation.d.ts.map +1 -0
  24. package/dist/tap-delegation.js +490 -0
  25. package/dist/tap-reputation-routes.d.ts +154 -0
  26. package/dist/tap-reputation-routes.d.ts.map +1 -0
  27. package/dist/tap-reputation-routes.js +341 -0
  28. package/dist/tap-reputation.d.ts +136 -0
  29. package/dist/tap-reputation.d.ts.map +1 -0
  30. package/dist/tap-reputation.js +346 -0
  31. package/package.json +1 -1
package/dist/static.js CHANGED
@@ -110,6 +110,35 @@ curl https://botcha.ai/agent-only -H "Authorization: Bearer <token>"
110
110
  |--------|------|-------------|
111
111
  | \`POST\` | \`/v1/verify/consumer\` | Verify Agentic Consumer (Layer 2) |
112
112
  | \`POST\` | \`/v1/verify/payment\` | Verify Agentic Payment Container (Layer 3) |
113
+ | \`POST\` | \`/v1/verify/delegation\` | Verify delegation chain validity |
114
+ | \`POST\` | \`/v1/verify/attestation\` | Verify attestation token + check capability |
115
+
116
+ ### Delegation Chains
117
+
118
+ | Method | Path | Description |
119
+ |--------|------|-------------|
120
+ | \`POST\` | \`/v1/delegations\` | Create delegation (grantor→grantee) |
121
+ | \`GET\` | \`/v1/delegations/:id\` | Get delegation details |
122
+ | \`GET\` | \`/v1/delegations\` | List delegations for agent |
123
+ | \`POST\` | \`/v1/delegations/:id/revoke\` | Revoke delegation (cascades) |
124
+
125
+ ### Capability Attestation
126
+
127
+ | Method | Path | Description |
128
+ |--------|------|-------------|
129
+ | \`POST\` | \`/v1/attestations\` | Issue attestation token (can/cannot rules) |
130
+ | \`GET\` | \`/v1/attestations/:id\` | Get attestation details |
131
+ | \`GET\` | \`/v1/attestations\` | List attestations for agent |
132
+ | \`POST\` | \`/v1/attestations/:id/revoke\` | Revoke attestation |
133
+
134
+ ### Agent Reputation Scoring
135
+
136
+ | Method | Path | Description |
137
+ |--------|------|-------------|
138
+ | \`GET\` | \`/v1/reputation/:agent_id\` | Get agent reputation score |
139
+ | \`POST\` | \`/v1/reputation/events\` | Record a reputation event |
140
+ | \`GET\` | \`/v1/reputation/:agent_id/events\` | List reputation events |
141
+ | \`POST\` | \`/v1/reputation/:agent_id/reset\` | Reset reputation (admin) |
113
142
 
114
143
  ### Challenges
115
144
 
@@ -383,6 +412,26 @@ Endpoint: POST https://botcha.ai/v1/invoices/:id/verify-iou - Verify Browsing IO
383
412
  Endpoint: POST https://botcha.ai/v1/verify/consumer - Verify Agentic Consumer object (Layer 2)
384
413
  Endpoint: POST https://botcha.ai/v1/verify/payment - Verify Agentic Payment Container (Layer 3)
385
414
 
415
+ # TAP Delegation Chains (v0.17.0)
416
+ Endpoint: POST https://botcha.ai/v1/delegations - Create delegation (grantor→grantee with capability subset)
417
+ Endpoint: GET https://botcha.ai/v1/delegations/:id - Get delegation details
418
+ Endpoint: GET https://botcha.ai/v1/delegations - List delegations for agent (?agent_id=&direction=in|out|both)
419
+ Endpoint: POST https://botcha.ai/v1/delegations/:id/revoke - Revoke delegation (cascades to sub-delegations)
420
+ Endpoint: POST https://botcha.ai/v1/verify/delegation - Verify entire delegation chain
421
+
422
+ # TAP Capability Attestation (v0.17.0)
423
+ Endpoint: POST https://botcha.ai/v1/attestations - Issue capability attestation token (can/cannot rules with action:resource patterns)
424
+ Endpoint: GET https://botcha.ai/v1/attestations/:id - Get attestation details
425
+ Endpoint: GET https://botcha.ai/v1/attestations - List attestations for agent (?agent_id=)
426
+ Endpoint: POST https://botcha.ai/v1/attestations/:id/revoke - Revoke attestation (token rejected on future verification)
427
+ Endpoint: POST https://botcha.ai/v1/verify/attestation - Verify attestation token + optionally check specific capability
428
+
429
+ # Agent Reputation Scoring (v0.18.0)
430
+ Endpoint: GET https://botcha.ai/v1/reputation/:agent_id - Get agent reputation score (0-1000, 5 tiers)
431
+ Endpoint: POST https://botcha.ai/v1/reputation/events - Record a reputation event (18 action types, 6 categories)
432
+ Endpoint: GET https://botcha.ai/v1/reputation/:agent_id/events - List reputation events (?category=&limit=)
433
+ Endpoint: POST https://botcha.ai/v1/reputation/:agent_id/reset - Reset reputation to default (admin action)
434
+
386
435
  # Legacy Endpoints
387
436
  Endpoint: GET https://botcha.ai/api/challenge - Generate standard challenge
388
437
  Endpoint: POST https://botcha.ai/api/challenge - Verify standard challenge
@@ -461,8 +510,8 @@ TAP-Session-Get: GET /v1/sessions/:id/tap — includes time_remaining
461
510
  TAP-Get-Agent: GET /v1/agents/:id/tap — includes public_key for verification
462
511
  TAP-List-Agents: GET /v1/agents/tap?app_id=...&tap_only=true
463
512
  TAP-Middleware-Modes: tap, signature-only, challenge-only, flexible
464
- TAP-SDK-TS: registerTAPAgent(options), getTAPAgent(agentId), listTAPAgents(tapOnly?), createTAPSession(options), getTAPSession(sessionId), getJWKS(), getKeyById(keyId), rotateAgentKey(agentId), createInvoice(data), getInvoice(id), verifyBrowsingIOU(invoiceId, token)
465
- TAP-SDK-Python: register_tap_agent(name, ...), get_tap_agent(agent_id), list_tap_agents(tap_only?), create_tap_session(agent_id, user_context, intent), get_tap_session(session_id), get_jwks(), get_key_by_id(key_id), rotate_agent_key(agent_id), create_invoice(data), get_invoice(id), verify_browsing_iou(invoice_id, token)
513
+ TAP-SDK-TS: registerTAPAgent(options), getTAPAgent(agentId), listTAPAgents(tapOnly?), createTAPSession(options), getTAPSession(sessionId), getJWKS(), getKeyById(keyId), rotateAgentKey(agentId), createInvoice(data), getInvoice(id), verifyBrowsingIOU(invoiceId, token), createDelegation(options), getDelegation(id), listDelegations(agentId, options?), revokeDelegation(id, reason?), verifyDelegationChain(id), issueAttestation(options), getAttestation(id), listAttestations(agentId), revokeAttestation(id, reason?), verifyAttestation(token, action?, resource?), getReputation(agentId), recordReputationEvent(options), listReputationEvents(agentId, options?), resetReputation(agentId)
514
+ TAP-SDK-Python: register_tap_agent(name, ...), get_tap_agent(agent_id), list_tap_agents(tap_only?), create_tap_session(agent_id, user_context, intent), get_tap_session(session_id), get_jwks(), get_key_by_id(key_id), rotate_agent_key(agent_id), create_invoice(data), get_invoice(id), verify_browsing_iou(invoice_id, token), create_delegation(grantor_id, grantee_id, capabilities, ...), get_delegation(id), list_delegations(agent_id, ...), revoke_delegation(id, reason?), verify_delegation_chain(id), issue_attestation(agent_id, can, cannot?, ...), get_attestation(id), list_attestations(agent_id), revoke_attestation(id, reason?), verify_attestation(token, action?, resource?), get_reputation(agent_id), record_reputation_event(agent_id, category, action, ...), list_reputation_events(agent_id, category?, limit?), reset_reputation(agent_id)
466
515
  TAP-Middleware-Import: import { createTAPVerifyMiddleware } from '@dupecom/botcha/middleware'
467
516
 
468
517
  # TAP FULL SPEC v0.16.0
@@ -476,6 +525,10 @@ TAP-Key-Rotation: POST /v1/agents/:id/tap/rotate-key — rotate keys, invalidate
476
525
  TAP-402-Flow: POST /v1/invoices → GET /v1/invoices/:id → POST /v1/invoices/:id/verify-iou
477
526
  TAP-Edge-Verify: createTAPEdgeMiddleware for Cloudflare Workers CDN edge verification
478
527
  TAP-Visa-Federation: Trust keys from https://mcp.visa.com/.well-known/jwks (3-tier cache: memory → KV → HTTP)
528
+ TAP-Delegation: POST /v1/delegations → GET /v1/delegations/:id → POST /v1/delegations/:id/revoke → POST /v1/verify/delegation
529
+ TAP-Attestation: POST /v1/attestations → GET /v1/attestations/:id → POST /v1/attestations/:id/revoke → POST /v1/verify/attestation
530
+ TAP-Attestation-Patterns: action:resource format with wildcards (*:*, read:*, *:invoices), deny takes precedence over allow
531
+ TAP-Attestation-Middleware: requireCapability('read:invoices') — Hono middleware, extracts token from X-Botcha-Attestation or Authorization: Bearer
479
532
 
480
533
  # EMBEDDED CHALLENGE (for bots visiting HTML pages)
481
534
  Embedded-Challenge: <script type="application/botcha+json">
@@ -682,7 +735,7 @@ MCP gives agents tools. A2A lets agents communicate. TAP proves identity and sco
682
735
 
683
736
  **Shipped:** Challenge types, JWT tokens, multi-tenant apps, agent registry, TAP, dashboard, SDKs (TS/Python), CLI, LangChain, discovery standards.
684
737
 
685
- **Planned:** Delegation chains, capability attestation, agent reputation scoring, Agent SSO (cross-service verification), IETF RFC contribution.
738
+ **Planned:** Agent SSO (cross-service verification), IETF RFC contribution.
686
739
 
687
740
  ---
688
741
 
@@ -1752,6 +1805,303 @@ export function getOpenApiSpec(version) {
1752
1805
  "400": { description: "Invalid payment container" }
1753
1806
  }
1754
1807
  }
1808
+ },
1809
+ "/v1/delegations": {
1810
+ post: {
1811
+ summary: "Create delegation",
1812
+ description: "Create a delegation from one agent to another. Grants a subset of the grantor's capabilities to the grantee.",
1813
+ operationId: "createDelegation",
1814
+ parameters: [{ name: "app_id", in: "query", required: true, schema: { type: "string" } }],
1815
+ requestBody: {
1816
+ required: true,
1817
+ content: {
1818
+ "application/json": {
1819
+ schema: {
1820
+ type: "object",
1821
+ required: ["grantor_id", "grantee_id", "capabilities"],
1822
+ properties: {
1823
+ "grantor_id": { type: "string", description: "Agent granting capabilities" },
1824
+ "grantee_id": { type: "string", description: "Agent receiving capabilities" },
1825
+ "capabilities": { type: "array", items: { type: "object" }, description: "Capabilities to delegate (subset of grantor's)" },
1826
+ "duration_seconds": { type: "integer", description: "Duration in seconds (default: 3600)" },
1827
+ "max_depth": { type: "integer", description: "Max sub-delegation depth (default: 3)" },
1828
+ "parent_delegation_id": { type: "string", description: "Parent delegation ID for sub-delegation" },
1829
+ "metadata": { type: "object", description: "Optional context metadata" }
1830
+ }
1831
+ }
1832
+ }
1833
+ }
1834
+ },
1835
+ responses: {
1836
+ "201": { description: "Delegation created" },
1837
+ "400": { description: "Invalid request or capability escalation" },
1838
+ "403": { description: "Insufficient capabilities or depth limit" },
1839
+ "409": { description: "Cycle detected in chain" }
1840
+ }
1841
+ },
1842
+ get: {
1843
+ summary: "List delegations",
1844
+ description: "List delegations for an agent.",
1845
+ operationId: "listDelegations",
1846
+ parameters: [
1847
+ { name: "app_id", in: "query", required: true, schema: { type: "string" } },
1848
+ { name: "agent_id", in: "query", required: true, schema: { type: "string" } },
1849
+ { name: "direction", in: "query", schema: { type: "string", enum: ["in", "out", "both"] } },
1850
+ { name: "include_revoked", in: "query", schema: { type: "boolean" } },
1851
+ { name: "include_expired", in: "query", schema: { type: "boolean" } }
1852
+ ],
1853
+ responses: {
1854
+ "200": { description: "Delegation list" }
1855
+ }
1856
+ }
1857
+ },
1858
+ "/v1/delegations/{id}": {
1859
+ get: {
1860
+ summary: "Get delegation details",
1861
+ operationId: "getDelegation",
1862
+ parameters: [{ name: "id", in: "path", required: true, schema: { type: "string" } }],
1863
+ responses: {
1864
+ "200": { description: "Delegation details" },
1865
+ "404": { description: "Delegation not found or expired" }
1866
+ }
1867
+ }
1868
+ },
1869
+ "/v1/delegations/{id}/revoke": {
1870
+ post: {
1871
+ summary: "Revoke delegation",
1872
+ description: "Revoke a delegation and cascade to all sub-delegations.",
1873
+ operationId: "revokeDelegation",
1874
+ parameters: [
1875
+ { name: "id", in: "path", required: true, schema: { type: "string" } },
1876
+ { name: "app_id", in: "query", required: true, schema: { type: "string" } }
1877
+ ],
1878
+ requestBody: {
1879
+ content: {
1880
+ "application/json": {
1881
+ schema: {
1882
+ type: "object",
1883
+ properties: {
1884
+ "reason": { type: "string", description: "Revocation reason" }
1885
+ }
1886
+ }
1887
+ }
1888
+ }
1889
+ },
1890
+ responses: {
1891
+ "200": { description: "Delegation revoked" },
1892
+ "404": { description: "Delegation not found" }
1893
+ }
1894
+ }
1895
+ },
1896
+ "/v1/verify/delegation": {
1897
+ post: {
1898
+ summary: "Verify delegation chain",
1899
+ description: "Verify an entire delegation chain is valid (not revoked, not expired, capabilities are valid subsets).",
1900
+ operationId: "verifyDelegationChain",
1901
+ requestBody: {
1902
+ required: true,
1903
+ content: {
1904
+ "application/json": {
1905
+ schema: {
1906
+ type: "object",
1907
+ required: ["delegation_id"],
1908
+ properties: {
1909
+ "delegation_id": { type: "string", description: "The leaf delegation to verify" }
1910
+ }
1911
+ }
1912
+ }
1913
+ }
1914
+ },
1915
+ responses: {
1916
+ "200": { description: "Chain is valid — returns chain and effective capabilities" },
1917
+ "400": { description: "Chain is invalid — returns error reason" }
1918
+ }
1919
+ }
1920
+ },
1921
+ "/v1/attestations": {
1922
+ post: {
1923
+ summary: "Issue attestation",
1924
+ description: "Issue a capability attestation token for an agent. Grants fine-grained action:resource permissions with explicit deny.",
1925
+ operationId: "issueAttestation",
1926
+ requestBody: {
1927
+ required: true,
1928
+ content: {
1929
+ "application/json": {
1930
+ schema: {
1931
+ type: "object",
1932
+ required: ["agent_id", "can"],
1933
+ properties: {
1934
+ "agent_id": { type: "string", description: "Agent to issue attestation for" },
1935
+ "can": { type: "array", items: { type: "string" }, description: "Allowed capability patterns (action:resource)" },
1936
+ "cannot": { type: "array", items: { type: "string" }, description: "Denied capability patterns (overrides can)" },
1937
+ "restrictions": { type: "object", description: "Optional restrictions (max_amount, rate_limit)" },
1938
+ "duration_seconds": { type: "integer", description: "Attestation lifetime (default: 3600)" },
1939
+ "delegation_id": { type: "string", description: "Optional link to delegation chain" },
1940
+ "metadata": { type: "object", description: "Optional context metadata" }
1941
+ }
1942
+ }
1943
+ }
1944
+ }
1945
+ },
1946
+ responses: {
1947
+ "201": { description: "Attestation issued — includes signed JWT token" },
1948
+ "400": { description: "Invalid request" },
1949
+ "403": { description: "Agent does not belong to app" },
1950
+ "404": { description: "Agent not found" }
1951
+ }
1952
+ },
1953
+ get: {
1954
+ summary: "List attestations",
1955
+ description: "List attestations for an agent.",
1956
+ operationId: "listAttestations",
1957
+ parameters: [
1958
+ { name: "app_id", in: "query", required: true, schema: { type: "string" } },
1959
+ { name: "agent_id", in: "query", required: true, schema: { type: "string" } }
1960
+ ],
1961
+ responses: {
1962
+ "200": { description: "Attestation list" }
1963
+ }
1964
+ }
1965
+ },
1966
+ "/v1/attestations/{id}": {
1967
+ get: {
1968
+ summary: "Get attestation details",
1969
+ operationId: "getAttestation",
1970
+ parameters: [{ name: "id", in: "path", required: true, schema: { type: "string" } }],
1971
+ responses: {
1972
+ "200": { description: "Attestation details" },
1973
+ "404": { description: "Attestation not found or expired" }
1974
+ }
1975
+ }
1976
+ },
1977
+ "/v1/attestations/{id}/revoke": {
1978
+ post: {
1979
+ summary: "Revoke attestation",
1980
+ description: "Revoke an attestation. Token will be rejected on future verification.",
1981
+ operationId: "revokeAttestation",
1982
+ parameters: [
1983
+ { name: "id", in: "path", required: true, schema: { type: "string" } },
1984
+ { name: "app_id", in: "query", required: true, schema: { type: "string" } }
1985
+ ],
1986
+ requestBody: {
1987
+ content: {
1988
+ "application/json": {
1989
+ schema: {
1990
+ type: "object",
1991
+ properties: {
1992
+ "reason": { type: "string", description: "Revocation reason" }
1993
+ }
1994
+ }
1995
+ }
1996
+ }
1997
+ },
1998
+ responses: {
1999
+ "200": { description: "Attestation revoked" },
2000
+ "404": { description: "Attestation not found" }
2001
+ }
2002
+ }
2003
+ },
2004
+ "/v1/verify/attestation": {
2005
+ post: {
2006
+ summary: "Verify attestation token",
2007
+ description: "Verify an attestation JWT token and optionally check a specific capability.",
2008
+ operationId: "verifyAttestation",
2009
+ requestBody: {
2010
+ required: true,
2011
+ content: {
2012
+ "application/json": {
2013
+ schema: {
2014
+ type: "object",
2015
+ required: ["token"],
2016
+ properties: {
2017
+ "token": { type: "string", description: "Attestation JWT token" },
2018
+ "action": { type: "string", description: "Optional capability action to check (e.g. read)" },
2019
+ "resource": { type: "string", description: "Optional capability resource to check (e.g. invoices)" }
2020
+ }
2021
+ }
2022
+ }
2023
+ }
2024
+ },
2025
+ responses: {
2026
+ "200": { description: "Token valid — returns payload or capability check result" },
2027
+ "401": { description: "Invalid or expired token" },
2028
+ "403": { description: "Capability denied" }
2029
+ }
2030
+ }
2031
+ },
2032
+ "/v1/reputation/{agent_id}": {
2033
+ get: {
2034
+ summary: "Get agent reputation",
2035
+ description: "Get the reputation score for an agent. Returns score (0-1000), tier, event counts, and category breakdown.",
2036
+ operationId: "getReputation",
2037
+ parameters: [
2038
+ { name: "agent_id", in: "path", required: true, schema: { type: "string" }, description: "Agent ID" },
2039
+ { name: "app_id", in: "query", schema: { type: "string" }, description: "App ID for authentication" }
2040
+ ],
2041
+ responses: {
2042
+ "200": { description: "Reputation score with tier and category breakdown" },
2043
+ "404": { description: "Agent not found" }
2044
+ }
2045
+ }
2046
+ },
2047
+ "/v1/reputation/events": {
2048
+ post: {
2049
+ summary: "Record reputation event",
2050
+ description: "Record a behavioral event that affects an agent's reputation score. 18 action types across 6 categories.",
2051
+ operationId: "recordReputationEvent",
2052
+ requestBody: {
2053
+ required: true,
2054
+ content: {
2055
+ "application/json": {
2056
+ schema: {
2057
+ type: "object",
2058
+ required: ["agent_id", "category", "action"],
2059
+ properties: {
2060
+ "agent_id": { type: "string", description: "Agent to record event for" },
2061
+ "category": { type: "string", enum: ["verification", "attestation", "delegation", "session", "violation", "endorsement"], description: "Event category" },
2062
+ "action": { type: "string", description: "Event action (e.g. challenge_solved, abuse_detected)" },
2063
+ "source_agent_id": { type: "string", description: "Source agent for endorsements" },
2064
+ "metadata": { type: "object", additionalProperties: { type: "string" }, description: "Optional key/value metadata" }
2065
+ }
2066
+ }
2067
+ }
2068
+ }
2069
+ },
2070
+ responses: {
2071
+ "201": { description: "Event recorded — returns event details and updated score" },
2072
+ "400": { description: "Invalid category/action or self-endorsement" },
2073
+ "404": { description: "Agent not found" }
2074
+ }
2075
+ }
2076
+ },
2077
+ "/v1/reputation/{agent_id}/events": {
2078
+ get: {
2079
+ summary: "List reputation events",
2080
+ description: "List reputation events for an agent with optional category filter.",
2081
+ operationId: "listReputationEvents",
2082
+ parameters: [
2083
+ { name: "agent_id", in: "path", required: true, schema: { type: "string" }, description: "Agent ID" },
2084
+ { name: "category", in: "query", schema: { type: "string" }, description: "Filter by category" },
2085
+ { name: "limit", in: "query", schema: { type: "integer", maximum: 100 }, description: "Max events (default: 50, max: 100)" }
2086
+ ],
2087
+ responses: {
2088
+ "200": { description: "List of reputation events" }
2089
+ }
2090
+ }
2091
+ },
2092
+ "/v1/reputation/{agent_id}/reset": {
2093
+ post: {
2094
+ summary: "Reset reputation",
2095
+ description: "Reset an agent's reputation to default (500 neutral). Admin action — clears all event history.",
2096
+ operationId: "resetReputation",
2097
+ parameters: [
2098
+ { name: "agent_id", in: "path", required: true, schema: { type: "string" }, description: "Agent ID" }
2099
+ ],
2100
+ responses: {
2101
+ "200": { description: "Reputation reset to default" },
2102
+ "404": { description: "Agent not found" }
2103
+ }
2104
+ }
1755
2105
  }
1756
2106
  },
1757
2107
  components: {
package/dist/tap-attestation-routes.d.ts ADDED
@@ -0,0 +1,204 @@
1
+ /**
2
+ * TAP Capability Attestation API Routes
3
+ *
4
+ * Endpoints for issuing, retrieving, revoking, and verifying
5
+ * capability attestation tokens for TAP agents.
6
+ *
7
+ * Routes:
8
+ * POST /v1/attestations — Issue attestation token
9
+ * GET /v1/attestations/:id — Get attestation details
10
+ * GET /v1/attestations — List attestations for agent
11
+ * POST /v1/attestations/:id/revoke — Revoke attestation
12
+ * POST /v1/verify/attestation — Verify attestation + check capability
13
+ */
14
+ import type { Context } from 'hono';
15
+ /**
16
+ * POST /v1/attestations
17
+ * Issue a capability attestation token for an agent
18
+ */
19
+ export declare function issueAttestationRoute(c: Context): Promise<(Response & import("hono").TypedResponse<{
20
+ success: false;
21
+ error: string | undefined;
22
+ message: string;
23
+ }, 401, "json">) | (Response & import("hono").TypedResponse<{
24
+ success: false;
25
+ error: string;
26
+ message: string | undefined;
27
+ }, any, "json">) | (Response & import("hono").TypedResponse<{
28
+ success: true;
29
+ attestation_id: string;
30
+ agent_id: string;
31
+ app_id: string;
32
+ token: string;
33
+ can: string[];
34
+ cannot: string[];
35
+ restrictions: {
36
+ [x: string]: any;
37
+ max_amount?: number | undefined;
38
+ rate_limit?: number | undefined;
39
+ } | null;
40
+ delegation_id: string | null;
41
+ metadata: {
42
+ [x: string]: string;
43
+ } | null;
44
+ created_at: string;
45
+ expires_at: string;
46
+ }, 201, "json">)>;
47
+ /**
48
+ * GET /v1/attestations/:id
49
+ * Get attestation details
50
+ */
51
+ export declare function getAttestationRoute(c: Context): Promise<(Response & import("hono").TypedResponse<{
52
+ success: false;
53
+ error: string;
54
+ message: string;
55
+ }, 400, "json">) | (Response & import("hono").TypedResponse<{
56
+ success: false;
57
+ error: string;
58
+ message: string;
59
+ }, 404, "json">) | (Response & import("hono").TypedResponse<{
60
+ success: true;
61
+ attestation_id: string;
62
+ agent_id: string;
63
+ app_id: string;
64
+ can: string[];
65
+ cannot: string[];
66
+ restrictions: {
67
+ [x: string]: any;
68
+ max_amount?: number | undefined;
69
+ rate_limit?: number | undefined;
70
+ } | null;
71
+ delegation_id: string | null;
72
+ metadata: {
73
+ [x: string]: string;
74
+ } | null;
75
+ created_at: string;
76
+ expires_at: string;
77
+ revoked: boolean;
78
+ revoked_at: string | null;
79
+ revocation_reason: string | null;
80
+ time_remaining: number;
81
+ }, import("hono/utils/http-status").ContentfulStatusCode, "json">) | (Response & import("hono").TypedResponse<{
82
+ success: false;
83
+ error: string;
84
+ message: string;
85
+ }, 500, "json">)>;
86
+ /**
87
+ * GET /v1/attestations
88
+ * List attestations for an agent
89
+ *
90
+ * Query params:
91
+ * agent_id — required, the agent to list attestations for
92
+ */
93
+ export declare function listAttestationsRoute(c: Context): Promise<(Response & import("hono").TypedResponse<{
94
+ success: false;
95
+ error: string | undefined;
96
+ message: string;
97
+ }, 401, "json">) | (Response & import("hono").TypedResponse<{
98
+ success: false;
99
+ error: string;
100
+ message: string;
101
+ }, 400, "json">) | (Response & import("hono").TypedResponse<{
102
+ success: true;
103
+ attestations: any[];
104
+ count: number;
105
+ agent_id: string;
106
+ }, import("hono/utils/http-status").ContentfulStatusCode, "json">) | (Response & import("hono").TypedResponse<{
107
+ success: false;
108
+ error: string;
109
+ message: string;
110
+ }, 500, "json">)>;
111
+ /**
112
+ * POST /v1/attestations/:id/revoke
113
+ * Revoke an attestation
114
+ */
115
+ export declare function revokeAttestationRoute(c: Context): Promise<(Response & import("hono").TypedResponse<{
116
+ success: false;
117
+ error: string;
118
+ message: string;
119
+ }, 400, "json">) | (Response & import("hono").TypedResponse<{
120
+ success: false;
121
+ error: string | undefined;
122
+ message: string;
123
+ }, 401, "json">) | (Response & import("hono").TypedResponse<{
124
+ success: false;
125
+ error: string;
126
+ message: string;
127
+ }, 404, "json">) | (Response & import("hono").TypedResponse<{
128
+ success: false;
129
+ error: string;
130
+ message: string;
131
+ }, 403, "json">) | (Response & import("hono").TypedResponse<{
132
+ success: false;
133
+ error: string;
134
+ message: string | undefined;
135
+ }, 500, "json">) | (Response & import("hono").TypedResponse<{
136
+ success: true;
137
+ attestation_id: string;
138
+ revoked: true;
139
+ revoked_at: string | null;
140
+ revocation_reason: string | null;
141
+ message: string;
142
+ }, import("hono/utils/http-status").ContentfulStatusCode, "json">)>;
143
+ /**
144
+ * POST /v1/verify/attestation
145
+ * Verify an attestation token and optionally check a specific capability
146
+ *
147
+ * Body:
148
+ * token — required, the attestation JWT token
149
+ * action — optional, capability action to check (e.g. "read")
150
+ * resource — optional, capability resource to check (e.g. "invoices")
151
+ */
152
+ export declare function verifyAttestationRoute(c: Context): Promise<(Response & import("hono").TypedResponse<{
153
+ success: false;
154
+ error: string;
155
+ message: string;
156
+ }, 400, "json">) | (Response & import("hono").TypedResponse<{
157
+ success: false;
158
+ valid: false;
159
+ allowed: false;
160
+ agent_id: string | null;
161
+ error: string | undefined;
162
+ matched_rule: string | null;
163
+ checked_capability: any;
164
+ }, 401 | 403, "json">) | (Response & import("hono").TypedResponse<{
165
+ success: true;
166
+ valid: true;
167
+ allowed: true;
168
+ agent_id: string | undefined;
169
+ reason: string | undefined;
170
+ matched_rule: string | undefined;
171
+ checked_capability: any;
172
+ }, import("hono/utils/http-status").ContentfulStatusCode, "json">) | (Response & import("hono").TypedResponse<{
173
+ success: false;
174
+ valid: false;
175
+ error: string | undefined;
176
+ }, 401, "json">) | (Response & import("hono").TypedResponse<{
177
+ success: true;
178
+ valid: true;
179
+ agent_id: string;
180
+ issuer: string;
181
+ can: string[];
182
+ cannot: string[];
183
+ restrictions: {
184
+ [x: string]: any;
185
+ max_amount?: number | undefined;
186
+ rate_limit?: number | undefined;
187
+ } | null;
188
+ delegation_id: string | null;
189
+ issued_at: string;
190
+ expires_at: string;
191
+ }, import("hono/utils/http-status").ContentfulStatusCode, "json">) | (Response & import("hono").TypedResponse<{
192
+ success: false;
193
+ error: string;
194
+ message: string;
195
+ }, 500, "json">)>;
196
+ declare const _default: {
197
+ issueAttestationRoute: typeof issueAttestationRoute;
198
+ getAttestationRoute: typeof getAttestationRoute;
199
+ listAttestationsRoute: typeof listAttestationsRoute;
200
+ revokeAttestationRoute: typeof revokeAttestationRoute;
201
+ verifyAttestationRoute: typeof verifyAttestationRoute;
202
+ };
203
+ export default _default;
204
+ //# sourceMappingURL=tap-attestation-routes.d.ts.map
package/dist/tap-attestation-routes.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"tap-attestation-routes.d.ts","sourceRoot":"","sources":["../src/tap-attestation-routes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AA4CpC;;;GAGG;AACH,wBAAsB,qBAAqB,CAAC,CAAC,EAAE,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;kBA4GrD;AAED;;;GAGG;AACH,wBAAsB,mBAAmB,CAAC,CAAC,EAAE,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBAiDnD;AAED;;;;;;GAMG;AACH,wBAAsB,qBAAqB,CAAC,CAAC,EAAE,OAAO;;;;;;;;;;;;;;;;;kBA8DrD;AAED;;;GAGG;AACH,wBAAsB,sBAAsB,CAAC,CAAC,EAAE,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;oEAsEtD;AAED;;;;;;;;GAQG;AACH,wBAAsB,sBAAsB,CAAC,CAAC,EAAE,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBAmFtD;;;;;;;;AAED,wBAME"}