@fidacy/mcp 0.1.4 → 0.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,51 +0,0 @@
1
- import fs from "node:fs";
2
- import { sha256 } from "./signing.js";
3
- import { stableStringify } from "./util.js";
4
- // Durable append-only, hash-chained audit log. One JSON record per line.
5
- // Real persistence (survives restart). Production swaps this for the Supabase
6
- // append-only table behind HttpFidacyCore; the shape is identical.
7
- export class FileAuditStore {
8
- path;
9
- chain = [];
10
- constructor(path) {
11
- this.path = path;
12
- this.load();
13
- }
14
- load() {
15
- if (!fs.existsSync(this.path))
16
- return;
17
- const lines = fs.readFileSync(this.path, "utf8").split("\n").filter((l) => l.trim());
18
- for (const line of lines)
19
- this.chain.push(JSON.parse(line));
20
- if (!this.intact())
21
- throw new Error(`audit chain integrity broken at ${this.path}`);
22
- }
23
- head() {
24
- return this.chain.length ? this.chain[this.chain.length - 1].hash : "GENESIS";
25
- }
26
- append(decision) {
27
- const prevHash = this.head();
28
- const seq = this.chain.length;
29
- const ts = decision.ts;
30
- const digest = sha256(stableStringify({ decisionId: decision.decisionId, status: decision.status, request: decision.request, violatedRule: decision.violatedRule ?? null }));
31
- const hash = sha256(`${prevHash}|${digest}|${seq}|${ts}`);
32
- const record = { seq, decisionId: decision.decisionId, status: decision.status, subject: decision.subject, digest, prevHash, hash, ts };
33
- fs.appendFileSync(this.path, JSON.stringify(record) + "\n");
34
- this.chain.push(record);
35
- return record;
36
- }
37
- find(decisionId) {
38
- return this.chain.find((r) => r.decisionId === decisionId);
39
- }
40
- intact() {
41
- let prev = "GENESIS";
42
- for (const r of this.chain) {
43
- const expected = sha256(`${prev}|${r.digest}|${r.seq}|${r.ts}`);
44
- if (expected !== r.hash || r.prevHash !== prev)
45
- return false;
46
- prev = r.hash;
47
- }
48
- return true;
49
- }
50
- }
51
- //# sourceMappingURL=audit-store.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"audit-store.js","sourceRoot":"","sources":["../src/audit-store.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,SAAS,CAAC;AAEzB,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AACtC,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAE5C,yEAAyE;AACzE,8EAA8E;AAC9E,mEAAmE;AACnE,MAAM,OAAO,cAAc;IAEL;IADZ,KAAK,GAAkB,EAAE,CAAC;IAClC,YAAoB,IAAY;QAAZ,SAAI,GAAJ,IAAI,CAAQ;QAC9B,IAAI,CAAC,IAAI,EAAE,CAAC;IACd,CAAC;IAEO,IAAI;QACV,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,OAAO;QACtC,MAAM,KAAK,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QACrF,KAAK,MAAM,IAAI,IAAI,KAAK;YAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAgB,CAAC,CAAC;QAC3E,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,mCAAmC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IACtF,CAAC;IAEO,IAAI;QACV,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;IAChF,CAAC;IAED,MAAM,CAAC,QAAkB;QACvB,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC7B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;QAC9B,MAAM,EAAE,GAAG,QAAQ,CAAC,EAAE,CAAC;QACvB,MAAM,MAAM,GAAG,MAAM,CAAC,eAAe,CAAC,EAAE,UAAU,EAAE,QAAQ,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,OAAO,EAAE,QAAQ,CAAC,OAAO,EAAE,YAAY,EAAE,QAAQ,CAAC,YAAY,IAAI,IAAI,EAAE,CAAC,CAAC,CAAC;QAC7K,MAAM,IAAI,GAAG,MAAM,CAAC,GAAG,QAAQ,IAAI,MAAM,IAAI,GAAG,IAAI,EAAE,EAAE,CAAC,CAAC;QAC1D,MAAM,MAAM,GAAgB,EAAE,GAAG,EAAE,UAAU,EAAE,QAAQ,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,OAAO,EAAE,QAAQ,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;QACrJ,EAAE,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC;QAC5D,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACxB,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,IAAI,CAAC,UAAkB;QACrB,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,UAAU,CAAC,CAAC;IAC7D,CAAC;IAED,MAAM;QACJ,IAAI,IAAI,GAAG,SAAS,CAAC;QACrB,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC3B,MAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,IAAI,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAChE,IAAI,QAAQ,KAAK,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,QAAQ,KAAK,IAAI;gBAAE,OAAO,KAAK,CAAC;YAC7D,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC;QAChB,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;CACF"}
package/dist/core.d.ts DELETED
@@ -1,34 +0,0 @@
1
- import { Mandate, PaymentRequest, Decision, AuditProof } from "./types.js";
2
- export interface FidacyCore {
3
- getMandate(subject: string): Promise<Mandate>;
4
- decide(req: PaymentRequest, subject: string): Promise<Decision>;
5
- getProof(decisionId: string): Promise<AuditProof | null>;
6
- publicKey(): string;
7
- }
8
- export declare function evaluate(mandate: Mandate, req: PaymentRequest, spentSoFar: number): string | null;
9
- export declare class DevFidacyCore implements FidacyCore {
10
- private priv;
11
- private pubPem;
12
- private mandate;
13
- private store;
14
- private spent;
15
- private claimedInvoices;
16
- constructor();
17
- private loadMandate;
18
- getMandate(): Promise<Mandate>;
19
- decide(req: PaymentRequest, subject: string): Promise<Decision>;
20
- getProof(decisionId: string): Promise<AuditProof | null>;
21
- publicKey(): string;
22
- }
23
- export declare class HttpFidacyCore implements FidacyCore {
24
- private baseUrl;
25
- private apiKey;
26
- private subjectPub;
27
- constructor(baseUrl: string, apiKey: string, subjectPub?: string);
28
- private call;
29
- getMandate(subject: string): Promise<Mandate>;
30
- decide(req: PaymentRequest, subject: string): Promise<Decision>;
31
- getProof(decisionId: string): Promise<AuditProof | null>;
32
- publicKey(): string;
33
- }
34
- export declare function makeCore(): FidacyCore;
package/dist/core.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"core.js","sourceRoot":"","sources":["../src/core.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAa,MAAM,aAAa,CAAC;AAEpD,OAAO,EAAE,qBAAqB,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,cAAc,CAAC;AACzE,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAC5C,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAYlD,gFAAgF;AAChF,MAAM,UAAU,QAAQ,CAAC,OAAgB,EAAE,GAAmB,EAAE,UAAkB;IAChF,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,IAAI,OAAO,CAAC,OAAO;QAAE,OAAO,iBAAiB,CAAC;IAC9C,IAAI,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC;QAAE,OAAO,uBAAuB,CAAC;IAC/E,IAAI,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC;QAAE,OAAO,sBAAsB,CAAC;IAC7E,IAAI,GAAG,CAAC,QAAQ,KAAK,OAAO,CAAC,KAAK,CAAC,QAAQ;QAAE,OAAO,wBAAwB,GAAG,CAAC,QAAQ,EAAE,CAAC;IAC3F,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC;QAAE,OAAO,qBAAqB,CAAC;IAClD,IAAI,GAAG,CAAC,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,QAAQ;QAAE,OAAO,uBAAuB,GAAG,CAAC,MAAM,IAAI,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;IAC9G,IAAI,UAAU,GAAG,GAAG,CAAC,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,QAAQ;QAAE,OAAO,sBAAsB,UAAU,GAAG,GAAG,CAAC,MAAM,IAAI,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;IACvI,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAC/F,IAAI,CAAC,OAAO;QAAE,OAAO,0BAA0B,GAAG,CAAC,KAAK,EAAE,CAAC;IAC3D,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACxG,IAAI,CAAC,KAAK;QAAE,OAAO,wBAAwB,GAAG,CAAC,QAAQ,EAAE,CAAC;IAC1D,OAAO,IAAI,CAAC;AACd,CAAC;AAED,iFAAiF;AACjF,gFAAgF;AAChF,MAAM,OAAO,aAAa;IAChB,IAAI,CAAY;IAChB,MAAM,CAAS;IACf,OAAO,CAAU;IACjB,KAAK,CAAiB;IACtB,KAAK,GAAG,CAAC,CAAC;IACV,eAAe,GAAG,IAAI,GAAG,EAAU,CAAC;IAE5C;QACE,MAAM,EAAE,GAAG,qBAAqB,EAAE,CAAC;QACnC,IAAI,CAAC,IAAI,GAAG,EAAE,CAAC,UAAU,CAAC;QAC1B,IAAI,CAAC,MAAM,GAAG,YAAY,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC;QACzC,IAAI,EAAE,CAAC,SAAS;YAAE,OAAO,CAAC,KAAK,CAAC,oFAAoF,CAAC,CAAC;QACtH,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QAClC,IAAI,CAAC,KAAK,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,oBAAoB,CAAC,CAAC;IACzF,CAAC;IAEO,WAAW;QACjB,IAAI,OAAO,CAAC,GAAG,CAAC,mBAAmB;YAAE,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAY,CAAC;QACnG,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,YAAY,CAAC;QAC3D,OAAO;YACL,EAAE,EAAE,cAAc;YAClB,OAAO;YACP,OAAO,EAAE,YAAY;YACrB,KAAK,EAAE;gBACL,MAAM,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,+BAA+B,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC;gBACvF,UAAU,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,IAAI,sBAAsB,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC;gBACtF,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,KAAK;gBAC9C,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,KAAK,CAAC;gBACvD,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,IAAI,CAAC;aACxD;YACD,MAAM,EAAE;gBACN,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC,CAAC,WAAW,EAAE;gBACzF,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,SAAS,CAAC,CAAC,WAAW,EAAE;aAC9F;YACD,OAAO,EAAE,KAAK;SACf,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,UAAU;QACd,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,GAAmB,EAAE,OAAe;QAC/C,MAAM,UAAU,GAAG,UAAU,EAAE,CAAC;QAChC,MAAM,EAAE,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC;QAEzD,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,QAAQ,GAAa,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,EAAE,GAAG,EAAE,YAAY,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;YACzI,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAC5B,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,+EAA+E;QAC/E,+EAA+E;QAC/E,4EAA4E;QAC5E,iFAAiF;QACjF,IAAI,GAAG,CAAC,UAAU,EAAE,CAAC;YACnB,MAAM,CAAC,GAAG,GAAG,OAAO,IAAI,GAAG,CAAC,UAAU,EAAE,CAAC;YACzC,IAAI,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBAChC,MAAM,QAAQ,GAAa,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,EAAE,GAAG,EAAE,YAAY,EAAE,qBAAqB,GAAG,CAAC,UAAU,EAAE,EAAE,EAAE,EAAE,CAAC;gBACtK,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;gBAC5B,OAAO,QAAQ,CAAC;YAClB,CAAC;YACD,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QAC9B,CAAC;QAED,MAAM,YAAY,GAAG,EAAE,UAAU,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,EAAE,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;QACjM,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAC3F,MAAM,KAAK,GAAG,GAAG,SAAS,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,EAAE,CAAC;QAC3D,MAAM,QAAQ,GAAa,EAAE,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;QACzH,IAAI,CAAC,KAAK,IAAI,GAAG,CAAC,MAAM,CAAC;QACzB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC5B,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,UAAkB;QAC/B,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC3C,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QACzB,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,EAAE,wBAAwB,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC;IAC7F,CAAC;IAED,SAAS;QACP,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;CACF;AAED,wEAAwE;AACxE,qEAAqE;AACrE,MAAM,OAAO,cAAc;IACL;IAAyB;IAAwB;IAArE,YAAoB,OAAe,EAAU,MAAc,EAAU,aAAa,EAAE;QAAhE,YAAO,GAAP,OAAO,CAAQ;QAAU,WAAM,GAAN,MAAM,CAAQ;QAAU,eAAU,GAAV,UAAU,CAAK;IAAG,CAAC;IAEhF,KAAK,CAAC,IAAI,CAAI,IAAY,EAAE,IAAa;QAC/C,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,GAAG,IAAI,EAAE,EAAE;YAChD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,aAAa,EAAE,UAAU,IAAI,CAAC,MAAM,EAAE,EAAE;YACvF,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;SAC3B,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,eAAe,IAAI,OAAO,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QACrE,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAM,CAAC;IACjC,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,OAAe;QAC9B,OAAO,IAAI,CAAC,IAAI,CAAU,iBAAiB,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;IAC5D,CAAC;IACD,KAAK,CAAC,MAAM,CAAC,GAAmB,EAAE,OAAe;QAC/C,OAAO,IAAI,CAAC,IAAI,CAAW,YAAY,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC;IAC7D,CAAC;IACD,KAAK,CAAC,QAAQ,CAAC,UAAkB;QAC/B,OAAO,IAAI,CAAC,IAAI,CAAoB,iBAAiB,EAAE,EAAE,UAAU,EAAE,CAAC,CAAC;IACzE,CAAC;IACD,SAAS;QACP,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;CACF;AAED,MAAM,UAAU,QAAQ;IACtB,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,KAAK,CAAC,KAAK,MAAM,EAAE,CAAC;QAClD,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;QACvC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;QACvC,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG;YAAE,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAC;QACjG,OAAO,IAAI,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,EAAE,CAAC,CAAC;IAC/E,CAAC;IACD,OAAO,IAAI,aAAa,EAAE,CAAC;AAC7B,CAAC"}
@@ -1,30 +0,0 @@
1
- import { PaymentRequest } from "./types.js";
2
- export interface Rail {
3
- execute(req: PaymentRequest): Promise<{
4
- railRef: string;
5
- }>;
6
- }
7
- export declare class ReferenceRail implements Rail {
8
- settlements: Array<PaymentRequest & {
9
- railRef: string;
10
- at: string;
11
- }>;
12
- execute(req: PaymentRequest): Promise<{
13
- railRef: string;
14
- }>;
15
- }
16
- export type ExecResult = {
17
- status: "EXECUTED";
18
- railRef: string;
19
- decisionId: string;
20
- } | {
21
- status: "REFUSED";
22
- reason: string;
23
- };
24
- export declare class GrantEnforcingExecutor {
25
- private rail;
26
- private used;
27
- private pub;
28
- constructor(publicKeyPem: string, rail: Rail);
29
- execute(req: PaymentRequest, grant: string | undefined): Promise<ExecResult>;
30
- }
package/dist/executor.js DELETED
@@ -1,64 +0,0 @@
1
- import { createPublicKey } from "node:crypto";
2
- import { randomUUID } from "node:crypto";
3
- import { verify } from "./signing.js";
4
- export class ReferenceRail {
5
- settlements = [];
6
- async execute(req) {
7
- const railRef = "ref_" + randomUUID();
8
- this.settlements.push({ ...req, railRef, at: new Date().toISOString() });
9
- return { railRef };
10
- }
11
- }
12
- // The enforcement point. It runs at the payment boundary and refuses any action
13
- // not backed by a valid, unexpired, unused Fidacy grant bound to THIS exact
14
- // request. This is what makes the firewall non-bypassable: even a correct deny
15
- // is meaningless unless the executor requires the grant, and this one does.
16
- export class GrantEnforcingExecutor {
17
- rail;
18
- used = new Set();
19
- pub;
20
- constructor(publicKeyPem, rail) {
21
- this.rail = rail;
22
- this.pub = createPublicKey(publicKeyPem);
23
- }
24
- async execute(req, grant) {
25
- if (!grant)
26
- return { status: "REFUSED", reason: "missing_grant" };
27
- const dot = grant.indexOf(".");
28
- if (dot < 0)
29
- return { status: "REFUSED", reason: "malformed_grant" };
30
- const body = grant.slice(0, dot);
31
- const sig = grant.slice(dot + 1);
32
- if (!verify(this.pub, body, sig))
33
- return { status: "REFUSED", reason: "invalid_signature" };
34
- let p;
35
- try {
36
- p = JSON.parse(Buffer.from(body, "base64url").toString("utf8"));
37
- }
38
- catch {
39
- return { status: "REFUSED", reason: "undecodable_grant" };
40
- }
41
- if (Date.now() > p.exp)
42
- return { status: "REFUSED", reason: "grant_expired" };
43
- if (this.used.has(p.decisionId))
44
- return { status: "REFUSED", reason: "grant_replayed" };
45
- if (p.payee !== req.payee)
46
- return { status: "REFUSED", reason: "payee_mismatch" };
47
- if (p.amount !== req.amount)
48
- return { status: "REFUSED", reason: "amount_mismatch" };
49
- if (p.currency !== req.currency)
50
- return { status: "REFUSED", reason: "currency_mismatch" };
51
- // Bind settlement to the invoice the grant authorized. The grant is the signed,
52
- // authoritative source of the invoice, so a caller need NOT repeat invoiceRef to
53
- // settle; but if it DOES pass one, it must match the grant. This refuses a grant
54
- // for invoice X being settled while the caller claims invoice Y, without forcing
55
- // every execute_payment to echo the invoiceRef.
56
- if (req.invoiceRef != null && req.invoiceRef !== (p.invoiceRef ?? null)) {
57
- return { status: "REFUSED", reason: "invoice_mismatch" };
58
- }
59
- this.used.add(p.decisionId);
60
- const { railRef } = await this.rail.execute(req);
61
- return { status: "EXECUTED", railRef, decisionId: p.decisionId };
62
- }
63
- }
64
- //# sourceMappingURL=executor.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"executor.js","sourceRoot":"","sources":["../src/executor.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAStC,MAAM,OAAO,aAAa;IACjB,WAAW,GAA4D,EAAE,CAAC;IACjF,KAAK,CAAC,OAAO,CAAC,GAAmB;QAC/B,MAAM,OAAO,GAAG,MAAM,GAAG,UAAU,EAAE,CAAC;QACtC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,GAAG,GAAG,EAAE,OAAO,EAAE,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;QACzE,OAAO,EAAE,OAAO,EAAE,CAAC;IACrB,CAAC;CACF;AAMD,gFAAgF;AAChF,4EAA4E;AAC5E,+EAA+E;AAC/E,4EAA4E;AAC5E,MAAM,OAAO,sBAAsB;IAGS;IAFlC,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IACzB,GAAG,CAAC;IACZ,YAAY,YAAoB,EAAU,IAAU;QAAV,SAAI,GAAJ,IAAI,CAAM;QAClD,IAAI,CAAC,GAAG,GAAG,eAAe,CAAC,YAAY,CAAC,CAAC;IAC3C,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,GAAmB,EAAE,KAAyB;QAC1D,IAAI,CAAC,KAAK;YAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;QAClE,MAAM,GAAG,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,GAAG,GAAG,CAAC;YAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC;QACrE,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QACjC,MAAM,GAAG,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;QACjC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,CAAC;YAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;QAE5F,IAAI,CAA4G,CAAC;QACjH,IAAI,CAAC;YACH,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;QAClE,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;QAC5D,CAAC;QAED,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,GAAG;YAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;QAC9E,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,CAAC;YAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;QACxF,IAAI,CAAC,CAAC,KAAK,KAAK,GAAG,CAAC,KAAK;YAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;QAClF,IAAI,CAAC,CAAC,MAAM,KAAK,GAAG,CAAC,MAAM;YAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC;QACrF,IAAI,CAAC,CAAC,QAAQ,KAAK,GAAG,CAAC,QAAQ;YAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;QAC3F,gFAAgF;QAChF,iFAAiF;QACjF,iFAAiF;QACjF,iFAAiF;QACjF,gDAAgD;QAChD,IAAI,GAAG,CAAC,UAAU,IAAI,IAAI,IAAI,GAAG,CAAC,UAAU,KAAK,CAAC,CAAC,CAAC,UAAU,IAAI,IAAI,CAAC,EAAE,CAAC;YACxE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC;QAC3D,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;QAC5B,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACjD,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,UAAU,EAAE,CAAC,CAAC,UAAU,EAAE,CAAC;IACnE,CAAC;CACF"}
package/dist/grant.d.ts DELETED
@@ -1,20 +0,0 @@
1
- export interface GrantPayload {
2
- decisionId: string;
3
- subject: string;
4
- payee: string;
5
- amount: number;
6
- currency: string;
7
- exp: number;
8
- invoiceRef?: string;
9
- }
10
- export interface GrantCheck {
11
- valid: boolean;
12
- reason?: string;
13
- payload?: GrantPayload;
14
- }
15
- export declare function verifyGrant(publicKeyPem: string, grant: string, expected: {
16
- payee: string;
17
- amount: number;
18
- currency: string;
19
- invoiceRef?: string;
20
- }): GrantCheck;
package/dist/grant.js DELETED
@@ -1,41 +0,0 @@
1
- import crypto from "node:crypto";
2
- import { verify } from "./signing.js";
3
- // The non-bypass gate. A payment executor MUST call this before moving funds.
4
- // It verifies the Ed25519 signature against Fidacy's pinned public key, checks
5
- // expiry, and (critically) that the grant matches the payment actually about to
6
- // be executed. A hallucinated or swapped payment has no valid grant and is
7
- // rejected here.
8
- export function verifyGrant(publicKeyPem, grant, expected) {
9
- const parts = grant.split(".");
10
- if (parts.length !== 2 || !parts[0] || !parts[1])
11
- return { valid: false, reason: "malformed_grant" };
12
- const [body, sig] = parts;
13
- let pub;
14
- try {
15
- pub = crypto.createPublicKey(publicKeyPem);
16
- }
17
- catch {
18
- return { valid: false, reason: "bad_public_key" };
19
- }
20
- if (!verify(pub, body, sig))
21
- return { valid: false, reason: "invalid_signature" };
22
- let payload;
23
- try {
24
- payload = JSON.parse(Buffer.from(body, "base64url").toString("utf8"));
25
- }
26
- catch {
27
- return { valid: false, reason: "undecodable_payload" };
28
- }
29
- if (Date.now() > payload.exp)
30
- return { valid: false, reason: "grant_expired" };
31
- if (payload.payee !== expected.payee)
32
- return { valid: false, reason: `payee_mismatch:${payload.payee}!=${expected.payee}` };
33
- if (payload.amount !== expected.amount)
34
- return { valid: false, reason: `amount_mismatch:${payload.amount}!=${expected.amount}` };
35
- if (payload.currency !== expected.currency)
36
- return { valid: false, reason: `currency_mismatch` };
37
- if ((payload.invoiceRef ?? null) !== (expected.invoiceRef ?? null))
38
- return { valid: false, reason: `invoice_mismatch:${payload.invoiceRef ?? "none"}!=${expected.invoiceRef ?? "none"}` };
39
- return { valid: true, payload };
40
- }
41
- //# sourceMappingURL=grant.js.map
package/dist/grant.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"grant.js","sourceRoot":"","sources":["../src/grant.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAC;AACjC,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAkBtC,8EAA8E;AAC9E,+EAA+E;AAC/E,gFAAgF;AAChF,2EAA2E;AAC3E,iBAAiB;AACjB,MAAM,UAAU,WAAW,CACzB,YAAoB,EACpB,KAAa,EACb,QAAkF;IAElF,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;QAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC;IACrG,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,GAAG,KAAK,CAAC;IAE1B,IAAI,GAAqB,CAAC;IAC1B,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,CAAC,eAAe,CAAC,YAAY,CAAC,CAAC;IAC7C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;IACpD,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,CAAC;QAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;IAElF,IAAI,OAAqB,CAAC;IAC1B,IAAI,CAAC;QACH,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAiB,CAAC;IACxF,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,qBAAqB,EAAE,CAAC;IACzD,CAAC;IAED,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,GAAG;QAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;IAC/E,IAAI,OAAO,CAAC,KAAK,KAAK,QAAQ,CAAC,KAAK;QAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,kBAAkB,OAAO,CAAC,KAAK,KAAK,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC;IAC5H,IAAI,OAAO,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM;QAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,mBAAmB,OAAO,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC;IACjI,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ,CAAC,QAAQ;QAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;IACjG,IAAI,CAAC,OAAO,CAAC,UAAU,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,IAAI,IAAI,CAAC;QAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,oBAAoB,OAAO,CAAC,UAAU,IAAI,MAAM,KAAK,QAAQ,CAAC,UAAU,IAAI,MAAM,EAAE,EAAE,CAAC;IAE1L,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;AAClC,CAAC"}
package/dist/index.d.ts DELETED
@@ -1,2 +0,0 @@
1
- #!/usr/bin/env node
2
- export {};
package/dist/index.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AAErC,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAExD,MAAM,IAAI,GAAG,QAAQ,EAAE,CAAC;AACxB,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,YAAY,CAAC;AAE3D,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC;AAEnE,yEAAyE;AACzE,+EAA+E;AAC/E,mEAAmE;AACnE,8EAA8E;AAC9E,oCAAoC;AACpC,MAAM,CAAC,YAAY,CACjB,iBAAiB,EACjB;IACE,KAAK,EAAE,+BAA+B;IACtC,WAAW,EACT,2OAA2O;IAC7O,WAAW,EAAE;QACX,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,kBAAkB,CAAC;QAC9C,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,gCAAgC,CAAC;QACxE,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,wBAAwB,CAAC;QACjE,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,wBAAwB,CAAC;QACtD,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,mDAAmD,CAAC;QAClF,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,iCAAiC,CAAC;QACtE,UAAU,EAAE,CAAC;aACV,MAAM,EAAE;aACR,QAAQ,CACP,kJAAkJ,CACnJ;aACA,QAAQ,EAAE;KACd;IACD,YAAY,EAAE;QACZ,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QACjC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE;QACtB,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAC5B,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;KACpC;IACD,WAAW,EAAE,EAAE,YAAY,EAAE,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE;CACxG,EACD,KAAK,EAAE,IAAI,EAAE,EAAE;IACb,MAAM,GAAG,GAAmB,IAAsB,CAAC;IACnD,MAAM,CAAC,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IAC1C,MAAM,GAAG,GAAG,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,UAAU,EAAE,CAAC,CAAC,UAAU,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK,EAAE,YAAY,EAAE,CAAC,CAAC,YAAY,EAAE,CAAC;IACzG,4EAA4E;IAC5E,8EAA8E;IAC9E,2EAA2E;IAC3E,0DAA0D;IAC1D,MAAM,KAAK,GACT,CAAC,CAAC,MAAM,KAAK,OAAO;QAClB,CAAC,CAAC,mBAAmB,CAAC,CAAC,UAAU,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,gBAAgB,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,+IAA+I,CAAC,CAAC,KAAK,EAAE;QACnP,CAAC,CAAC,kBAAkB,CAAC,CAAC,UAAU,qBAAqB,CAAC,CAAC,YAAY,2JAA2J,CAAC,CAAC,UAAU,qCAAqC,CAAC;IACpR,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,EAAE,iBAAiB,EAAE,GAAG,EAAE,CAAC;AAC9E,CAAC,CACF,CAAC;AAEF,gFAAgF;AAChF,kDAAkD;AAClD,MAAM,CAAC,YAAY,CACjB,gBAAgB,EAChB;IACE,KAAK,EAAE,uBAAuB;IAC9B,WAAW,EAAE,kJAAkJ;IAC/J,WAAW,EAAE,EAAE;IACf,WAAW,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE;CACxG,EACD,KAAK,IAAI,EAAE;IACT,MAAM,CAAC,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IACzC,MAAM,OAAO,GAAG,EAAE,OAAO,EAAE,CAAC,EAAE,eAAe,EAAE,IAAI,CAAC,SAAS,EAAE,EAAE,CAAC;IAClE,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,iBAAiB,EAAE,OAAO,EAAE,CAAC;AAC7G,CAAC,CACF,CAAC;AAEF,8EAA8E;AAC9E,+CAA+C;AAC/C,MAAM,CAAC,YAAY,CACjB,iBAAiB,EACjB;IACE,KAAK,EAAE,iBAAiB;IACxB,WAAW,EAAE,2IAA2I;IACxJ,WAAW,EAAE,EAAE,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,yCAAyC,CAAC,EAAE;IAC3F,WAAW,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE;CACxG,EACD,KAAK,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE;IACvB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;IAC9C,IAAI,CAAC,KAAK;QAAE,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,sBAAsB,UAAU,EAAE,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC5G,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,iBAAiB,EAAE,KAAK,EAAE,CAAC;AACzG,CAAC,CACF,CAAC;AAEF,6EAA6E;AAC7E,gFAAgF;AAChF,gFAAgF;AAChF,8EAA8E;AAC9E,mEAAmE;AACnE,EAAE;AACF,gFAAgF;AAChF,8EAA8E;AAC9E,MAAM,CAAC,YAAY,CACjB,eAAe,EACf;IACE,KAAK,EAAE,sCAAsC;IAC7C,WAAW,EACT,4hBAA4hB;IAC9hB,WAAW,EAAE;QACX,IAAI,EAAE,CAAC;aACJ,IAAI,CAAC,CAAC,aAAa,EAAE,cAAc,EAAE,YAAY,EAAE,QAAQ,EAAE,gBAAgB,CAAC,CAAC;aAC/E,QAAQ,EAAE;QACb,OAAO,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;QAC9B,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAClC,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QACrC,eAAe,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;QACjD,GAAG,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,QAAQ,EAAE;KAClD;IACD,WAAW,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE;CACvG,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,eAAe,EAAE,GAAG,EAAE,EAAE,EAAE;IAC7E,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,wBAAwB,CAAC;IAC5E,MAAM,MAAM,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IAChE,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO;YACL,OAAO,EAAE;gBACP;oBACE,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,gIAAgI;iBACvI;aACF;YACD,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC;IACD,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,MAAM,YAAY,CAC1B,EAAE,IAAI,EAAE,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,eAAe,EAAE,GAAG,EAAE,EACpE,EAAE,SAAS,EAAE,MAAM,EAAE,CACtB,CAAC;QACF,OAAO;YACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC,QAAQ,WAAW,CAAC,CAAC,KAAK,eAAe,CAAC,CAAC,YAAY,EAAE,EAAE,CAAC;YACjG,iBAAiB,EAAE,CAAC;SACrB,CAAC;IACJ,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,IAAI,CAAC,YAAY,WAAW,EAAE,CAAC;YAC7B,MAAM,OAAO,GAAG,CAAC,CAAC,iBAAiB,EAAE,MAAM;gBACzC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG;gBAC9D,CAAC,CAAC,EAAE,CAAC;YACP,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,IAAI,GAAG,OAAO,EAAE,EAAE,CAAC;gBAC5E,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;QACD,OAAO;YACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,iCAAiC,EAAE,CAAC;YACpE,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC;AACH,CAAC,CACF,CAAC;AAEF,KAAK,UAAU,IAAI;IACjB,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAChC,OAAO,CAAC,KAAK,CAAC,2CAA2C,CAAC,CAAC;AAC7D,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;IACjB,OAAO,CAAC,KAAK,CAAC,iBAAiB,EAAE,CAAC,CAAC,CAAC;IACpC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
package/dist/lib.d.ts DELETED
@@ -1,4 +0,0 @@
1
- export * from "./types.js";
2
- export * from "./core.js";
3
- export * from "./executor.js";
4
- export * from "./signing.js";
package/dist/lib.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"lib.js","sourceRoot":"","sources":["../src/lib.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,cAAc,WAAW,CAAC;AAC1B,cAAc,eAAe,CAAC;AAC9B,cAAc,cAAc,CAAC"}
package/dist/signing.d.ts DELETED
@@ -1,10 +0,0 @@
1
- import { KeyObject } from "node:crypto";
2
- export declare function loadOrGenerateKeyPair(): {
3
- privateKey: KeyObject;
4
- publicKey: KeyObject;
5
- ephemeral: boolean;
6
- };
7
- export declare function publicKeyPem(publicKey: KeyObject): string;
8
- export declare function sign(privateKey: KeyObject, message: string): string;
9
- export declare function verify(publicKey: KeyObject, message: string, signatureB64url: string): boolean;
10
- export declare function sha256(input: string): string;
package/dist/signing.js DELETED
@@ -1,32 +0,0 @@
1
- import crypto from "node:crypto";
2
- // Ed25519 keypair for the co-signature (the "grant"). Non-custodial: this key
3
- // authorizes actions, it never touches funds.
4
- export function loadOrGenerateKeyPair() {
5
- const b64 = process.env.FIDACY_SIGNING_KEY_B64;
6
- if (b64) {
7
- const pem = Buffer.from(b64, "base64").toString("utf8");
8
- const privateKey = crypto.createPrivateKey(pem);
9
- const publicKey = crypto.createPublicKey(privateKey);
10
- return { privateKey, publicKey, ephemeral: false };
11
- }
12
- const { privateKey, publicKey } = crypto.generateKeyPairSync("ed25519");
13
- return { privateKey, publicKey, ephemeral: true };
14
- }
15
- export function publicKeyPem(publicKey) {
16
- return publicKey.export({ type: "spki", format: "pem" }).toString();
17
- }
18
- export function sign(privateKey, message) {
19
- return crypto.sign(null, Buffer.from(message, "utf8"), privateKey).toString("base64url");
20
- }
21
- export function verify(publicKey, message, signatureB64url) {
22
- try {
23
- return crypto.verify(null, Buffer.from(message, "utf8"), publicKey, Buffer.from(signatureB64url, "base64url"));
24
- }
25
- catch {
26
- return false;
27
- }
28
- }
29
- export function sha256(input) {
30
- return crypto.createHash("sha256").update(input).digest("hex");
31
- }
32
- //# sourceMappingURL=signing.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"signing.js","sourceRoot":"","sources":["../src/signing.ts"],"names":[],"mappings":"AAAA,OAAO,MAAqB,MAAM,aAAa,CAAC;AAEhD,8EAA8E;AAC9E,8CAA8C;AAC9C,MAAM,UAAU,qBAAqB;IACnC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC;IAC/C,IAAI,GAAG,EAAE,CAAC;QACR,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACxD,MAAM,UAAU,GAAG,MAAM,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC;QAChD,MAAM,SAAS,GAAG,MAAM,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC;QACrD,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC;IACrD,CAAC;IACD,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAC;IACxE,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;AACpD,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,SAAoB;IAC/C,OAAO,SAAS,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;AACtE,CAAC;AAED,MAAM,UAAU,IAAI,CAAC,UAAqB,EAAE,OAAe;IACzD,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,EAAE,UAAU,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AAC3F,CAAC;AAED,MAAM,UAAU,MAAM,CAAC,SAAoB,EAAE,OAAe,EAAE,eAAuB;IACnF,IAAI,CAAC;QACH,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,EAAE,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,WAAW,CAAC,CAAC,CAAC;IACjH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,MAAM,UAAU,MAAM,CAAC,KAAa;IAClC,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACjE,CAAC"}
package/dist/types.d.ts DELETED
@@ -1,52 +0,0 @@
1
- export type Mandate = {
2
- id: string;
3
- subject: string;
4
- version: string;
5
- allow: {
6
- payees: string[];
7
- categories: string[];
8
- currency: string;
9
- maxTotal: number;
10
- perTxMax: number;
11
- };
12
- window: {
13
- notBefore: string;
14
- notAfter: string;
15
- };
16
- revoked: boolean;
17
- };
18
- export type PaymentRequest = {
19
- payee: string;
20
- amount: number;
21
- currency: string;
22
- purpose: string;
23
- category: string;
24
- idempotencyKey: string;
25
- invoiceRef?: string;
26
- };
27
- export type DecisionStatus = "ALLOW" | "DENY";
28
- export type Decision = {
29
- decisionId: string;
30
- status: DecisionStatus;
31
- subject: string;
32
- mandateId: string;
33
- request: PaymentRequest;
34
- violatedRule?: string;
35
- grant?: string;
36
- ts: string;
37
- };
38
- export type AuditRecord = {
39
- seq: number;
40
- decisionId: string;
41
- status: DecisionStatus;
42
- subject: string;
43
- digest: string;
44
- prevHash: string;
45
- hash: string;
46
- ts: string;
47
- };
48
- export type AuditProof = {
49
- record: AuditRecord;
50
- chainIntact: boolean;
51
- verifiedAgainstPublicKey: string;
52
- };
package/dist/types.js DELETED
@@ -1,2 +0,0 @@
1
- export {};
2
- //# sourceMappingURL=types.js.map
package/dist/types.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":""}
package/dist/util.d.ts DELETED
@@ -1 +0,0 @@
1
- export declare function stableStringify(obj: unknown): string;
package/dist/util.js DELETED
@@ -1,9 +0,0 @@
1
- export function stableStringify(obj) {
2
- if (obj === null || typeof obj !== "object")
3
- return JSON.stringify(obj);
4
- if (Array.isArray(obj))
5
- return "[" + obj.map(stableStringify).join(",") + "]";
6
- const keys = Object.keys(obj).sort();
7
- return "{" + keys.map((k) => JSON.stringify(k) + ":" + stableStringify(obj[k])).join(",") + "}";
8
- }
9
- //# sourceMappingURL=util.js.map
package/dist/util.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"util.js","sourceRoot":"","sources":["../src/util.ts"],"names":[],"mappings":"AAAA,MAAM,UAAU,eAAe,CAAC,GAAY;IAC1C,IAAI,GAAG,KAAK,IAAI,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IACxE,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC;QAAE,OAAO,GAAG,GAAG,GAAG,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;IAC9E,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,GAA8B,CAAC,CAAC,IAAI,EAAE,CAAC;IAChE,OAAO,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,eAAe,CAAE,GAA+B,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;AAC/H,CAAC"}