@fidacy/mcp 0.1.4 → 0.1.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/assess.js +110 -129
- package/dist/core.js +406 -147
- package/dist/index.js +719 -103
- package/dist/lib.js +527 -5
- package/package.json +19 -11
- package/dist/assess.d.ts +0 -78
- package/dist/assess.js.map +0 -1
- package/dist/audit-store.d.ts +0 -11
- package/dist/audit-store.js +0 -51
- package/dist/audit-store.js.map +0 -1
- package/dist/core.d.ts +0 -34
- package/dist/core.js.map +0 -1
- package/dist/executor.d.ts +0 -30
- package/dist/executor.js +0 -64
- package/dist/executor.js.map +0 -1
- package/dist/grant.d.ts +0 -20
- package/dist/grant.js +0 -41
- package/dist/grant.js.map +0 -1
- package/dist/index.d.ts +0 -2
- package/dist/index.js.map +0 -1
- package/dist/lib.d.ts +0 -4
- package/dist/lib.js.map +0 -1
- package/dist/signing.d.ts +0 -10
- package/dist/signing.js +0 -32
- package/dist/signing.js.map +0 -1
- package/dist/types.d.ts +0 -52
- package/dist/types.js +0 -2
- package/dist/types.js.map +0 -1
- package/dist/util.d.ts +0 -1
- package/dist/util.js +0 -9
- package/dist/util.js.map +0 -1
package/dist/audit-store.js
DELETED
|
@@ -1,51 +0,0 @@
|
|
|
1
|
-
import fs from "node:fs";
|
|
2
|
-
import { sha256 } from "./signing.js";
|
|
3
|
-
import { stableStringify } from "./util.js";
|
|
4
|
-
// Durable append-only, hash-chained audit log. One JSON record per line.
|
|
5
|
-
// Real persistence (survives restart). Production swaps this for the Supabase
|
|
6
|
-
// append-only table behind HttpFidacyCore; the shape is identical.
|
|
7
|
-
export class FileAuditStore {
|
|
8
|
-
path;
|
|
9
|
-
chain = [];
|
|
10
|
-
constructor(path) {
|
|
11
|
-
this.path = path;
|
|
12
|
-
this.load();
|
|
13
|
-
}
|
|
14
|
-
load() {
|
|
15
|
-
if (!fs.existsSync(this.path))
|
|
16
|
-
return;
|
|
17
|
-
const lines = fs.readFileSync(this.path, "utf8").split("\n").filter((l) => l.trim());
|
|
18
|
-
for (const line of lines)
|
|
19
|
-
this.chain.push(JSON.parse(line));
|
|
20
|
-
if (!this.intact())
|
|
21
|
-
throw new Error(`audit chain integrity broken at ${this.path}`);
|
|
22
|
-
}
|
|
23
|
-
head() {
|
|
24
|
-
return this.chain.length ? this.chain[this.chain.length - 1].hash : "GENESIS";
|
|
25
|
-
}
|
|
26
|
-
append(decision) {
|
|
27
|
-
const prevHash = this.head();
|
|
28
|
-
const seq = this.chain.length;
|
|
29
|
-
const ts = decision.ts;
|
|
30
|
-
const digest = sha256(stableStringify({ decisionId: decision.decisionId, status: decision.status, request: decision.request, violatedRule: decision.violatedRule ?? null }));
|
|
31
|
-
const hash = sha256(`${prevHash}|${digest}|${seq}|${ts}`);
|
|
32
|
-
const record = { seq, decisionId: decision.decisionId, status: decision.status, subject: decision.subject, digest, prevHash, hash, ts };
|
|
33
|
-
fs.appendFileSync(this.path, JSON.stringify(record) + "\n");
|
|
34
|
-
this.chain.push(record);
|
|
35
|
-
return record;
|
|
36
|
-
}
|
|
37
|
-
find(decisionId) {
|
|
38
|
-
return this.chain.find((r) => r.decisionId === decisionId);
|
|
39
|
-
}
|
|
40
|
-
intact() {
|
|
41
|
-
let prev = "GENESIS";
|
|
42
|
-
for (const r of this.chain) {
|
|
43
|
-
const expected = sha256(`${prev}|${r.digest}|${r.seq}|${r.ts}`);
|
|
44
|
-
if (expected !== r.hash || r.prevHash !== prev)
|
|
45
|
-
return false;
|
|
46
|
-
prev = r.hash;
|
|
47
|
-
}
|
|
48
|
-
return true;
|
|
49
|
-
}
|
|
50
|
-
}
|
|
51
|
-
//# sourceMappingURL=audit-store.js.map
|
package/dist/audit-store.js.map
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"audit-store.js","sourceRoot":"","sources":["../src/audit-store.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,SAAS,CAAC;AAEzB,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AACtC,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAE5C,yEAAyE;AACzE,8EAA8E;AAC9E,mEAAmE;AACnE,MAAM,OAAO,cAAc;IAEL;IADZ,KAAK,GAAkB,EAAE,CAAC;IAClC,YAAoB,IAAY;QAAZ,SAAI,GAAJ,IAAI,CAAQ;QAC9B,IAAI,CAAC,IAAI,EAAE,CAAC;IACd,CAAC;IAEO,IAAI;QACV,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,OAAO;QACtC,MAAM,KAAK,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QACrF,KAAK,MAAM,IAAI,IAAI,KAAK;YAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAgB,CAAC,CAAC;QAC3E,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,mCAAmC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IACtF,CAAC;IAEO,IAAI;QACV,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;IAChF,CAAC;IAED,MAAM,CAAC,QAAkB;QACvB,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC7B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;QAC9B,MAAM,EAAE,GAAG,QAAQ,CAAC,EAAE,CAAC;QACvB,MAAM,MAAM,GAAG,MAAM,CAAC,eAAe,CAAC,EAAE,UAAU,EAAE,QAAQ,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,OAAO,EAAE,QAAQ,CAAC,OAAO,EAAE,YAAY,EAAE,QAAQ,CAAC,YAAY,IAAI,IAAI,EAAE,CAAC,CAAC,CAAC;QAC7K,MAAM,IAAI,GAAG,MAAM,CAAC,GAAG,QAAQ,IAAI,MAAM,IAAI,GAAG,IAAI,EAAE,EAAE,CAAC,CAAC;QAC1D,MAAM,MAAM,GAAgB,EAAE,GAAG,EAAE,UAAU,EAAE,QAAQ,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,OAAO,EAAE,QAAQ,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;QACrJ,EAAE,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC;QAC5D,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACxB,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,IAAI,CAAC,UAAkB;QACrB,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,UAAU,CAAC,CAAC;IAC7D,CAAC;IAED,MAAM;QACJ,IAAI,IAAI,GAAG,SAAS,CAAC;QACrB,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC3B,MAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,IAAI,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAChE,IAAI,QAAQ,KAAK,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,QAAQ,KAAK,IAAI;gBAAE,OAAO,KAAK,CAAC;YAC7D,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC;QAChB,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;CACF"}
|
package/dist/core.d.ts
DELETED
|
@@ -1,34 +0,0 @@
|
|
|
1
|
-
import { Mandate, PaymentRequest, Decision, AuditProof } from "./types.js";
|
|
2
|
-
export interface FidacyCore {
|
|
3
|
-
getMandate(subject: string): Promise<Mandate>;
|
|
4
|
-
decide(req: PaymentRequest, subject: string): Promise<Decision>;
|
|
5
|
-
getProof(decisionId: string): Promise<AuditProof | null>;
|
|
6
|
-
publicKey(): string;
|
|
7
|
-
}
|
|
8
|
-
export declare function evaluate(mandate: Mandate, req: PaymentRequest, spentSoFar: number): string | null;
|
|
9
|
-
export declare class DevFidacyCore implements FidacyCore {
|
|
10
|
-
private priv;
|
|
11
|
-
private pubPem;
|
|
12
|
-
private mandate;
|
|
13
|
-
private store;
|
|
14
|
-
private spent;
|
|
15
|
-
private claimedInvoices;
|
|
16
|
-
constructor();
|
|
17
|
-
private loadMandate;
|
|
18
|
-
getMandate(): Promise<Mandate>;
|
|
19
|
-
decide(req: PaymentRequest, subject: string): Promise<Decision>;
|
|
20
|
-
getProof(decisionId: string): Promise<AuditProof | null>;
|
|
21
|
-
publicKey(): string;
|
|
22
|
-
}
|
|
23
|
-
export declare class HttpFidacyCore implements FidacyCore {
|
|
24
|
-
private baseUrl;
|
|
25
|
-
private apiKey;
|
|
26
|
-
private subjectPub;
|
|
27
|
-
constructor(baseUrl: string, apiKey: string, subjectPub?: string);
|
|
28
|
-
private call;
|
|
29
|
-
getMandate(subject: string): Promise<Mandate>;
|
|
30
|
-
decide(req: PaymentRequest, subject: string): Promise<Decision>;
|
|
31
|
-
getProof(decisionId: string): Promise<AuditProof | null>;
|
|
32
|
-
publicKey(): string;
|
|
33
|
-
}
|
|
34
|
-
export declare function makeCore(): FidacyCore;
|
package/dist/core.js.map
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"core.js","sourceRoot":"","sources":["../src/core.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAa,MAAM,aAAa,CAAC;AAEpD,OAAO,EAAE,qBAAqB,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,cAAc,CAAC;AACzE,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAC5C,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAYlD,gFAAgF;AAChF,MAAM,UAAU,QAAQ,CAAC,OAAgB,EAAE,GAAmB,EAAE,UAAkB;IAChF,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,IAAI,OAAO,CAAC,OAAO;QAAE,OAAO,iBAAiB,CAAC;IAC9C,IAAI,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC;QAAE,OAAO,uBAAuB,CAAC;IAC/E,IAAI,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC;QAAE,OAAO,sBAAsB,CAAC;IAC7E,IAAI,GAAG,CAAC,QAAQ,KAAK,OAAO,CAAC,KAAK,CAAC,QAAQ;QAAE,OAAO,wBAAwB,GAAG,CAAC,QAAQ,EAAE,CAAC;IAC3F,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC;QAAE,OAAO,qBAAqB,CAAC;IAClD,IAAI,GAAG,CAAC,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,QAAQ;QAAE,OAAO,uBAAuB,GAAG,CAAC,MAAM,IAAI,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;IAC9G,IAAI,UAAU,GAAG,GAAG,CAAC,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,QAAQ;QAAE,OAAO,sBAAsB,UAAU,GAAG,GAAG,CAAC,MAAM,IAAI,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;IACvI,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAC/F,IAAI,CAAC,OAAO;QAAE,OAAO,0BAA0B,GAAG,CAAC,KAAK,EAAE,CAAC;IAC3D,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACxG,IAAI,CAAC,KAAK;QAAE,OAAO,wBAAwB,GAAG,CAAC,QAAQ,EAAE,CAAC;IAC1D,OAAO,IAAI,CAAC;AACd,CAAC;AAED,iFAAiF;AACjF,gFAAgF;AAChF,MAAM,OAAO,aAAa;IAChB,IAAI,CAAY;IAChB,MAAM,CAAS;IACf,OAAO,CAAU;IACjB,KAAK,CAAiB;IACtB,KAAK,GAAG,CAAC,CAAC;IACV,eAAe,GAAG,IAAI,GAAG,EAAU,CAAC;IAE5C;QACE,MAAM,EAAE,GAAG,qBAAqB,EAAE,CAAC;QACnC,IAAI,CAAC,IAAI,GAAG,EAAE,CAAC,UAAU,CAAC;QAC1B,IAAI,CAAC,MAAM,GAAG,YAAY,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC;QACzC,IAAI,EAAE,CAAC,SAAS;YAAE,OAAO,CAAC,KAAK,CAAC,oFAAoF,CAAC,CAAC;QACtH,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QAClC,IAAI,CAAC,KAAK,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,oBAAoB,CAAC,CAAC;IACzF,CAAC;IAEO,WAAW;QACjB,IAAI,OAAO,CAAC,GAAG,CAAC,mBAAmB;YAAE,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAY,CAAC;QACnG,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,YAAY,CAAC;QAC3D,OAAO;YACL,EAAE,EAAE,cAAc;YAClB,OAAO;YACP,OAAO,EAAE,YAAY;YACrB,KAAK,EAAE;gBACL,MAAM,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,+BAA+B,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC;gBACvF,UAAU,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,IAAI,sBAAsB,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC;gBACtF,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,KAAK;gBAC9C,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,KAAK,CAAC;gBACvD,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,IAAI,CAAC;aACxD;YACD,MAAM,EAAE;gBACN,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC,CAAC,WAAW,EAAE;gBACzF,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,SAAS,CAAC,CAAC,WAAW,EAAE;aAC9F;YACD,OAAO,EAAE,KAAK;SACf,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,UAAU;QACd,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,GAAmB,EAAE,OAAe;QAC/C,MAAM,UAAU,GAAG,UAAU,EAAE,CAAC;QAChC,MAAM,EAAE,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC;QAEzD,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,QAAQ,GAAa,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,EAAE,GAAG,EAAE,YAAY,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;YACzI,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAC5B,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,+EAA+E;QAC/E,+EAA+E;QAC/E,4EAA4E;QAC5E,iFAAiF;QACjF,IAAI,GAAG,CAAC,UAAU,EAAE,CAAC;YACnB,MAAM,CAAC,GAAG,GAAG,OAAO,IAAI,GAAG,CAAC,UAAU,EAAE,CAAC;YACzC,IAAI,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBAChC,MAAM,QAAQ,GAAa,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,EAAE,GAAG,EAAE,YAAY,EAAE,qBAAqB,GAAG,CAAC,UAAU,EAAE,EAAE,EAAE,EAAE,CAAC;gBACtK,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;gBAC5B,OAAO,QAAQ,CAAC;YAClB,CAAC;YACD,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QAC9B,CAAC;QAED,MAAM,YAAY,GAAG,EAAE,UAAU,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,EAAE,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;QACjM,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAC3F,MAAM,KAAK,GAAG,GAAG,SAAS,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,EAAE,CAAC;QAC3D,MAAM,QAAQ,GAAa,EAAE,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;QACzH,IAAI,CAAC,KAAK,IAAI,GAAG,CAAC,MAAM,CAAC;QACzB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC5B,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,UAAkB;QAC/B,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC3C,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QACzB,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,EAAE,wBAAwB,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC;IAC7F,CAAC;IAED,SAAS;QACP,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;CACF;AAED,wEAAwE;AACxE,qEAAqE;AACrE,MAAM,OAAO,cAAc;IACL;IAAyB;IAAwB;IAArE,YAAoB,OAAe,EAAU,MAAc,EAAU,aAAa,EAAE;QAAhE,YAAO,GAAP,OAAO,CAAQ;QAAU,WAAM,GAAN,MAAM,CAAQ;QAAU,eAAU,GAAV,UAAU,CAAK;IAAG,CAAC;IAEhF,KAAK,CAAC,IAAI,CAAI,IAAY,EAAE,IAAa;QAC/C,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,GAAG,IAAI,EAAE,EAAE;YAChD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,aAAa,EAAE,UAAU,IAAI,CAAC,MAAM,EAAE,EAAE;YACvF,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;SAC3B,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,eAAe,IAAI,OAAO,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QACrE,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAM,CAAC;IACjC,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,OAAe;QAC9B,OAAO,IAAI,CAAC,IAAI,CAAU,iBAAiB,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;IAC5D,CAAC;IACD,KAAK,CAAC,MAAM,CAAC,GAAmB,EAAE,OAAe;QAC/C,OAAO,IAAI,CAAC,IAAI,CAAW,YAAY,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC;IAC7D,CAAC;IACD,KAAK,CAAC,QAAQ,CAAC,UAAkB;QAC/B,OAAO,IAAI,CAAC,IAAI,CAAoB,iBAAiB,EAAE,EAAE,UAAU,EAAE,CAAC,CAAC;IACzE,CAAC;IACD,SAAS;QACP,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;CACF;AAED,MAAM,UAAU,QAAQ;IACtB,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,KAAK,CAAC,KAAK,MAAM,EAAE,CAAC;QAClD,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;QACvC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;QACvC,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG;YAAE,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAC;QACjG,OAAO,IAAI,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,EAAE,CAAC,CAAC;IAC/E,CAAC;IACD,OAAO,IAAI,aAAa,EAAE,CAAC;AAC7B,CAAC"}
|
package/dist/executor.d.ts
DELETED
|
@@ -1,30 +0,0 @@
|
|
|
1
|
-
import { PaymentRequest } from "./types.js";
|
|
2
|
-
export interface Rail {
|
|
3
|
-
execute(req: PaymentRequest): Promise<{
|
|
4
|
-
railRef: string;
|
|
5
|
-
}>;
|
|
6
|
-
}
|
|
7
|
-
export declare class ReferenceRail implements Rail {
|
|
8
|
-
settlements: Array<PaymentRequest & {
|
|
9
|
-
railRef: string;
|
|
10
|
-
at: string;
|
|
11
|
-
}>;
|
|
12
|
-
execute(req: PaymentRequest): Promise<{
|
|
13
|
-
railRef: string;
|
|
14
|
-
}>;
|
|
15
|
-
}
|
|
16
|
-
export type ExecResult = {
|
|
17
|
-
status: "EXECUTED";
|
|
18
|
-
railRef: string;
|
|
19
|
-
decisionId: string;
|
|
20
|
-
} | {
|
|
21
|
-
status: "REFUSED";
|
|
22
|
-
reason: string;
|
|
23
|
-
};
|
|
24
|
-
export declare class GrantEnforcingExecutor {
|
|
25
|
-
private rail;
|
|
26
|
-
private used;
|
|
27
|
-
private pub;
|
|
28
|
-
constructor(publicKeyPem: string, rail: Rail);
|
|
29
|
-
execute(req: PaymentRequest, grant: string | undefined): Promise<ExecResult>;
|
|
30
|
-
}
|
package/dist/executor.js
DELETED
|
@@ -1,64 +0,0 @@
|
|
|
1
|
-
import { createPublicKey } from "node:crypto";
|
|
2
|
-
import { randomUUID } from "node:crypto";
|
|
3
|
-
import { verify } from "./signing.js";
|
|
4
|
-
export class ReferenceRail {
|
|
5
|
-
settlements = [];
|
|
6
|
-
async execute(req) {
|
|
7
|
-
const railRef = "ref_" + randomUUID();
|
|
8
|
-
this.settlements.push({ ...req, railRef, at: new Date().toISOString() });
|
|
9
|
-
return { railRef };
|
|
10
|
-
}
|
|
11
|
-
}
|
|
12
|
-
// The enforcement point. It runs at the payment boundary and refuses any action
|
|
13
|
-
// not backed by a valid, unexpired, unused Fidacy grant bound to THIS exact
|
|
14
|
-
// request. This is what makes the firewall non-bypassable: even a correct deny
|
|
15
|
-
// is meaningless unless the executor requires the grant, and this one does.
|
|
16
|
-
export class GrantEnforcingExecutor {
|
|
17
|
-
rail;
|
|
18
|
-
used = new Set();
|
|
19
|
-
pub;
|
|
20
|
-
constructor(publicKeyPem, rail) {
|
|
21
|
-
this.rail = rail;
|
|
22
|
-
this.pub = createPublicKey(publicKeyPem);
|
|
23
|
-
}
|
|
24
|
-
async execute(req, grant) {
|
|
25
|
-
if (!grant)
|
|
26
|
-
return { status: "REFUSED", reason: "missing_grant" };
|
|
27
|
-
const dot = grant.indexOf(".");
|
|
28
|
-
if (dot < 0)
|
|
29
|
-
return { status: "REFUSED", reason: "malformed_grant" };
|
|
30
|
-
const body = grant.slice(0, dot);
|
|
31
|
-
const sig = grant.slice(dot + 1);
|
|
32
|
-
if (!verify(this.pub, body, sig))
|
|
33
|
-
return { status: "REFUSED", reason: "invalid_signature" };
|
|
34
|
-
let p;
|
|
35
|
-
try {
|
|
36
|
-
p = JSON.parse(Buffer.from(body, "base64url").toString("utf8"));
|
|
37
|
-
}
|
|
38
|
-
catch {
|
|
39
|
-
return { status: "REFUSED", reason: "undecodable_grant" };
|
|
40
|
-
}
|
|
41
|
-
if (Date.now() > p.exp)
|
|
42
|
-
return { status: "REFUSED", reason: "grant_expired" };
|
|
43
|
-
if (this.used.has(p.decisionId))
|
|
44
|
-
return { status: "REFUSED", reason: "grant_replayed" };
|
|
45
|
-
if (p.payee !== req.payee)
|
|
46
|
-
return { status: "REFUSED", reason: "payee_mismatch" };
|
|
47
|
-
if (p.amount !== req.amount)
|
|
48
|
-
return { status: "REFUSED", reason: "amount_mismatch" };
|
|
49
|
-
if (p.currency !== req.currency)
|
|
50
|
-
return { status: "REFUSED", reason: "currency_mismatch" };
|
|
51
|
-
// Bind settlement to the invoice the grant authorized. The grant is the signed,
|
|
52
|
-
// authoritative source of the invoice, so a caller need NOT repeat invoiceRef to
|
|
53
|
-
// settle; but if it DOES pass one, it must match the grant. This refuses a grant
|
|
54
|
-
// for invoice X being settled while the caller claims invoice Y, without forcing
|
|
55
|
-
// every execute_payment to echo the invoiceRef.
|
|
56
|
-
if (req.invoiceRef != null && req.invoiceRef !== (p.invoiceRef ?? null)) {
|
|
57
|
-
return { status: "REFUSED", reason: "invoice_mismatch" };
|
|
58
|
-
}
|
|
59
|
-
this.used.add(p.decisionId);
|
|
60
|
-
const { railRef } = await this.rail.execute(req);
|
|
61
|
-
return { status: "EXECUTED", railRef, decisionId: p.decisionId };
|
|
62
|
-
}
|
|
63
|
-
}
|
|
64
|
-
//# sourceMappingURL=executor.js.map
|
package/dist/executor.js.map
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"executor.js","sourceRoot":"","sources":["../src/executor.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAStC,MAAM,OAAO,aAAa;IACjB,WAAW,GAA4D,EAAE,CAAC;IACjF,KAAK,CAAC,OAAO,CAAC,GAAmB;QAC/B,MAAM,OAAO,GAAG,MAAM,GAAG,UAAU,EAAE,CAAC;QACtC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,GAAG,GAAG,EAAE,OAAO,EAAE,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;QACzE,OAAO,EAAE,OAAO,EAAE,CAAC;IACrB,CAAC;CACF;AAMD,gFAAgF;AAChF,4EAA4E;AAC5E,+EAA+E;AAC/E,4EAA4E;AAC5E,MAAM,OAAO,sBAAsB;IAGS;IAFlC,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IACzB,GAAG,CAAC;IACZ,YAAY,YAAoB,EAAU,IAAU;QAAV,SAAI,GAAJ,IAAI,CAAM;QAClD,IAAI,CAAC,GAAG,GAAG,eAAe,CAAC,YAAY,CAAC,CAAC;IAC3C,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,GAAmB,EAAE,KAAyB;QAC1D,IAAI,CAAC,KAAK;YAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;QAClE,MAAM,GAAG,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,GAAG,GAAG,CAAC;YAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC;QACrE,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QACjC,MAAM,GAAG,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;QACjC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,CAAC;YAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;QAE5F,IAAI,CAA4G,CAAC;QACjH,IAAI,CAAC;YACH,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;QAClE,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;QAC5D,CAAC;QAED,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,GAAG;YAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;QAC9E,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,CAAC;YAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;QACxF,IAAI,CAAC,CAAC,KAAK,KAAK,GAAG,CAAC,KAAK;YAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;QAClF,IAAI,CAAC,CAAC,MAAM,KAAK,GAAG,CAAC,MAAM;YAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC;QACrF,IAAI,CAAC,CAAC,QAAQ,KAAK,GAAG,CAAC,QAAQ;YAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;QAC3F,gFAAgF;QAChF,iFAAiF;QACjF,iFAAiF;QACjF,iFAAiF;QACjF,gDAAgD;QAChD,IAAI,GAAG,CAAC,UAAU,IAAI,IAAI,IAAI,GAAG,CAAC,UAAU,KAAK,CAAC,CAAC,CAAC,UAAU,IAAI,IAAI,CAAC,EAAE,CAAC;YACxE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC;QAC3D,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;QAC5B,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACjD,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,UAAU,EAAE,CAAC,CAAC,UAAU,EAAE,CAAC;IACnE,CAAC;CACF"}
|
package/dist/grant.d.ts
DELETED
|
@@ -1,20 +0,0 @@
|
|
|
1
|
-
export interface GrantPayload {
|
|
2
|
-
decisionId: string;
|
|
3
|
-
subject: string;
|
|
4
|
-
payee: string;
|
|
5
|
-
amount: number;
|
|
6
|
-
currency: string;
|
|
7
|
-
exp: number;
|
|
8
|
-
invoiceRef?: string;
|
|
9
|
-
}
|
|
10
|
-
export interface GrantCheck {
|
|
11
|
-
valid: boolean;
|
|
12
|
-
reason?: string;
|
|
13
|
-
payload?: GrantPayload;
|
|
14
|
-
}
|
|
15
|
-
export declare function verifyGrant(publicKeyPem: string, grant: string, expected: {
|
|
16
|
-
payee: string;
|
|
17
|
-
amount: number;
|
|
18
|
-
currency: string;
|
|
19
|
-
invoiceRef?: string;
|
|
20
|
-
}): GrantCheck;
|
package/dist/grant.js
DELETED
|
@@ -1,41 +0,0 @@
|
|
|
1
|
-
import crypto from "node:crypto";
|
|
2
|
-
import { verify } from "./signing.js";
|
|
3
|
-
// The non-bypass gate. A payment executor MUST call this before moving funds.
|
|
4
|
-
// It verifies the Ed25519 signature against Fidacy's pinned public key, checks
|
|
5
|
-
// expiry, and (critically) that the grant matches the payment actually about to
|
|
6
|
-
// be executed. A hallucinated or swapped payment has no valid grant and is
|
|
7
|
-
// rejected here.
|
|
8
|
-
export function verifyGrant(publicKeyPem, grant, expected) {
|
|
9
|
-
const parts = grant.split(".");
|
|
10
|
-
if (parts.length !== 2 || !parts[0] || !parts[1])
|
|
11
|
-
return { valid: false, reason: "malformed_grant" };
|
|
12
|
-
const [body, sig] = parts;
|
|
13
|
-
let pub;
|
|
14
|
-
try {
|
|
15
|
-
pub = crypto.createPublicKey(publicKeyPem);
|
|
16
|
-
}
|
|
17
|
-
catch {
|
|
18
|
-
return { valid: false, reason: "bad_public_key" };
|
|
19
|
-
}
|
|
20
|
-
if (!verify(pub, body, sig))
|
|
21
|
-
return { valid: false, reason: "invalid_signature" };
|
|
22
|
-
let payload;
|
|
23
|
-
try {
|
|
24
|
-
payload = JSON.parse(Buffer.from(body, "base64url").toString("utf8"));
|
|
25
|
-
}
|
|
26
|
-
catch {
|
|
27
|
-
return { valid: false, reason: "undecodable_payload" };
|
|
28
|
-
}
|
|
29
|
-
if (Date.now() > payload.exp)
|
|
30
|
-
return { valid: false, reason: "grant_expired" };
|
|
31
|
-
if (payload.payee !== expected.payee)
|
|
32
|
-
return { valid: false, reason: `payee_mismatch:${payload.payee}!=${expected.payee}` };
|
|
33
|
-
if (payload.amount !== expected.amount)
|
|
34
|
-
return { valid: false, reason: `amount_mismatch:${payload.amount}!=${expected.amount}` };
|
|
35
|
-
if (payload.currency !== expected.currency)
|
|
36
|
-
return { valid: false, reason: `currency_mismatch` };
|
|
37
|
-
if ((payload.invoiceRef ?? null) !== (expected.invoiceRef ?? null))
|
|
38
|
-
return { valid: false, reason: `invoice_mismatch:${payload.invoiceRef ?? "none"}!=${expected.invoiceRef ?? "none"}` };
|
|
39
|
-
return { valid: true, payload };
|
|
40
|
-
}
|
|
41
|
-
//# sourceMappingURL=grant.js.map
|
package/dist/grant.js.map
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"grant.js","sourceRoot":"","sources":["../src/grant.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAC;AACjC,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAkBtC,8EAA8E;AAC9E,+EAA+E;AAC/E,gFAAgF;AAChF,2EAA2E;AAC3E,iBAAiB;AACjB,MAAM,UAAU,WAAW,CACzB,YAAoB,EACpB,KAAa,EACb,QAAkF;IAElF,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;QAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC;IACrG,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,GAAG,KAAK,CAAC;IAE1B,IAAI,GAAqB,CAAC;IAC1B,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,CAAC,eAAe,CAAC,YAAY,CAAC,CAAC;IAC7C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;IACpD,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,CAAC;QAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;IAElF,IAAI,OAAqB,CAAC;IAC1B,IAAI,CAAC;QACH,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAiB,CAAC;IACxF,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,qBAAqB,EAAE,CAAC;IACzD,CAAC;IAED,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,GAAG;QAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;IAC/E,IAAI,OAAO,CAAC,KAAK,KAAK,QAAQ,CAAC,KAAK;QAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,kBAAkB,OAAO,CAAC,KAAK,KAAK,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC;IAC5H,IAAI,OAAO,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM;QAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,mBAAmB,OAAO,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC;IACjI,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ,CAAC,QAAQ;QAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;IACjG,IAAI,CAAC,OAAO,CAAC,UAAU,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,IAAI,IAAI,CAAC;QAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,oBAAoB,OAAO,CAAC,UAAU,IAAI,MAAM,KAAK,QAAQ,CAAC,UAAU,IAAI,MAAM,EAAE,EAAE,CAAC;IAE1L,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;AAClC,CAAC"}
|
package/dist/index.d.ts
DELETED
package/dist/index.js.map
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AAErC,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAExD,MAAM,IAAI,GAAG,QAAQ,EAAE,CAAC;AACxB,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,YAAY,CAAC;AAE3D,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC;AAEnE,yEAAyE;AACzE,+EAA+E;AAC/E,mEAAmE;AACnE,8EAA8E;AAC9E,oCAAoC;AACpC,MAAM,CAAC,YAAY,CACjB,iBAAiB,EACjB;IACE,KAAK,EAAE,+BAA+B;IACtC,WAAW,EACT,2OAA2O;IAC7O,WAAW,EAAE;QACX,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,kBAAkB,CAAC;QAC9C,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,gCAAgC,CAAC;QACxE,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,wBAAwB,CAAC;QACjE,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,wBAAwB,CAAC;QACtD,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,mDAAmD,CAAC;QAClF,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,iCAAiC,CAAC;QACtE,UAAU,EAAE,CAAC;aACV,MAAM,EAAE;aACR,QAAQ,CACP,kJAAkJ,CACnJ;aACA,QAAQ,EAAE;KACd;IACD,YAAY,EAAE;QACZ,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QACjC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE;QACtB,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAC5B,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;KACpC;IACD,WAAW,EAAE,EAAE,YAAY,EAAE,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE;CACxG,EACD,KAAK,EAAE,IAAI,EAAE,EAAE;IACb,MAAM,GAAG,GAAmB,IAAsB,CAAC;IACnD,MAAM,CAAC,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IAC1C,MAAM,GAAG,GAAG,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,UAAU,EAAE,CAAC,CAAC,UAAU,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK,EAAE,YAAY,EAAE,CAAC,CAAC,YAAY,EAAE,CAAC;IACzG,4EAA4E;IAC5E,8EAA8E;IAC9E,2EAA2E;IAC3E,0DAA0D;IAC1D,MAAM,KAAK,GACT,CAAC,CAAC,MAAM,KAAK,OAAO;QAClB,CAAC,CAAC,mBAAmB,CAAC,CAAC,UAAU,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,gBAAgB,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,+IAA+I,CAAC,CAAC,KAAK,EAAE;QACnP,CAAC,CAAC,kBAAkB,CAAC,CAAC,UAAU,qBAAqB,CAAC,CAAC,YAAY,2JAA2J,CAAC,CAAC,UAAU,qCAAqC,CAAC;IACpR,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,EAAE,iBAAiB,EAAE,GAAG,EAAE,CAAC;AAC9E,CAAC,CACF,CAAC;AAEF,gFAAgF;AAChF,kDAAkD;AAClD,MAAM,CAAC,YAAY,CACjB,gBAAgB,EAChB;IACE,KAAK,EAAE,uBAAuB;IAC9B,WAAW,EAAE,kJAAkJ;IAC/J,WAAW,EAAE,EAAE;IACf,WAAW,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE;CACxG,EACD,KAAK,IAAI,EAAE;IACT,MAAM,CAAC,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IACzC,MAAM,OAAO,GAAG,EAAE,OAAO,EAAE,CAAC,EAAE,eAAe,EAAE,IAAI,CAAC,SAAS,EAAE,EAAE,CAAC;IAClE,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,iBAAiB,EAAE,OAAO,EAAE,CAAC;AAC7G,CAAC,CACF,CAAC;AAEF,8EAA8E;AAC9E,+CAA+C;AAC/C,MAAM,CAAC,YAAY,CACjB,iBAAiB,EACjB;IACE,KAAK,EAAE,iBAAiB;IACxB,WAAW,EAAE,2IAA2I;IACxJ,WAAW,EAAE,EAAE,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,yCAAyC,CAAC,EAAE;IAC3F,WAAW,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE;CACxG,EACD,KAAK,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE;IACvB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;IAC9C,IAAI,CAAC,KAAK;QAAE,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,sBAAsB,UAAU,EAAE,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC5G,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,iBAAiB,EAAE,KAAK,EAAE,CAAC;AACzG,CAAC,CACF,CAAC;AAEF,6EAA6E;AAC7E,gFAAgF;AAChF,gFAAgF;AAChF,8EAA8E;AAC9E,mEAAmE;AACnE,EAAE;AACF,gFAAgF;AAChF,8EAA8E;AAC9E,MAAM,CAAC,YAAY,CACjB,eAAe,EACf;IACE,KAAK,EAAE,sCAAsC;IAC7C,WAAW,EACT,4hBAA4hB;IAC9hB,WAAW,EAAE;QACX,IAAI,EAAE,CAAC;aACJ,IAAI,CAAC,CAAC,aAAa,EAAE,cAAc,EAAE,YAAY,EAAE,QAAQ,EAAE,gBAAgB,CAAC,CAAC;aAC/E,QAAQ,EAAE;QACb,OAAO,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;QAC9B,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAClC,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QACrC,eAAe,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;QACjD,GAAG,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,QAAQ,EAAE;KAClD;IACD,WAAW,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE;CACvG,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,eAAe,EAAE,GAAG,EAAE,EAAE,EAAE;IAC7E,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,wBAAwB,CAAC;IAC5E,MAAM,MAAM,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IAChE,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO;YACL,OAAO,EAAE;gBACP;oBACE,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,gIAAgI;iBACvI;aACF;YACD,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC;IACD,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,MAAM,YAAY,CAC1B,EAAE,IAAI,EAAE,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,eAAe,EAAE,GAAG,EAAE,EACpE,EAAE,SAAS,EAAE,MAAM,EAAE,CACtB,CAAC;QACF,OAAO;YACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC,QAAQ,WAAW,CAAC,CAAC,KAAK,eAAe,CAAC,CAAC,YAAY,EAAE,EAAE,CAAC;YACjG,iBAAiB,EAAE,CAAC;SACrB,CAAC;IACJ,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,IAAI,CAAC,YAAY,WAAW,EAAE,CAAC;YAC7B,MAAM,OAAO,GAAG,CAAC,CAAC,iBAAiB,EAAE,MAAM;gBACzC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG;gBAC9D,CAAC,CAAC,EAAE,CAAC;YACP,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,IAAI,GAAG,OAAO,EAAE,EAAE,CAAC;gBAC5E,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;QACD,OAAO;YACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,iCAAiC,EAAE,CAAC;YACpE,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC;AACH,CAAC,CACF,CAAC;AAEF,KAAK,UAAU,IAAI;IACjB,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAChC,OAAO,CAAC,KAAK,CAAC,2CAA2C,CAAC,CAAC;AAC7D,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;IACjB,OAAO,CAAC,KAAK,CAAC,iBAAiB,EAAE,CAAC,CAAC,CAAC;IACpC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
|
package/dist/lib.d.ts
DELETED
package/dist/lib.js.map
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"lib.js","sourceRoot":"","sources":["../src/lib.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,cAAc,WAAW,CAAC;AAC1B,cAAc,eAAe,CAAC;AAC9B,cAAc,cAAc,CAAC"}
|
package/dist/signing.d.ts
DELETED
|
@@ -1,10 +0,0 @@
|
|
|
1
|
-
import { KeyObject } from "node:crypto";
|
|
2
|
-
export declare function loadOrGenerateKeyPair(): {
|
|
3
|
-
privateKey: KeyObject;
|
|
4
|
-
publicKey: KeyObject;
|
|
5
|
-
ephemeral: boolean;
|
|
6
|
-
};
|
|
7
|
-
export declare function publicKeyPem(publicKey: KeyObject): string;
|
|
8
|
-
export declare function sign(privateKey: KeyObject, message: string): string;
|
|
9
|
-
export declare function verify(publicKey: KeyObject, message: string, signatureB64url: string): boolean;
|
|
10
|
-
export declare function sha256(input: string): string;
|
package/dist/signing.js
DELETED
|
@@ -1,32 +0,0 @@
|
|
|
1
|
-
import crypto from "node:crypto";
|
|
2
|
-
// Ed25519 keypair for the co-signature (the "grant"). Non-custodial: this key
|
|
3
|
-
// authorizes actions, it never touches funds.
|
|
4
|
-
export function loadOrGenerateKeyPair() {
|
|
5
|
-
const b64 = process.env.FIDACY_SIGNING_KEY_B64;
|
|
6
|
-
if (b64) {
|
|
7
|
-
const pem = Buffer.from(b64, "base64").toString("utf8");
|
|
8
|
-
const privateKey = crypto.createPrivateKey(pem);
|
|
9
|
-
const publicKey = crypto.createPublicKey(privateKey);
|
|
10
|
-
return { privateKey, publicKey, ephemeral: false };
|
|
11
|
-
}
|
|
12
|
-
const { privateKey, publicKey } = crypto.generateKeyPairSync("ed25519");
|
|
13
|
-
return { privateKey, publicKey, ephemeral: true };
|
|
14
|
-
}
|
|
15
|
-
export function publicKeyPem(publicKey) {
|
|
16
|
-
return publicKey.export({ type: "spki", format: "pem" }).toString();
|
|
17
|
-
}
|
|
18
|
-
export function sign(privateKey, message) {
|
|
19
|
-
return crypto.sign(null, Buffer.from(message, "utf8"), privateKey).toString("base64url");
|
|
20
|
-
}
|
|
21
|
-
export function verify(publicKey, message, signatureB64url) {
|
|
22
|
-
try {
|
|
23
|
-
return crypto.verify(null, Buffer.from(message, "utf8"), publicKey, Buffer.from(signatureB64url, "base64url"));
|
|
24
|
-
}
|
|
25
|
-
catch {
|
|
26
|
-
return false;
|
|
27
|
-
}
|
|
28
|
-
}
|
|
29
|
-
export function sha256(input) {
|
|
30
|
-
return crypto.createHash("sha256").update(input).digest("hex");
|
|
31
|
-
}
|
|
32
|
-
//# sourceMappingURL=signing.js.map
|
package/dist/signing.js.map
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"signing.js","sourceRoot":"","sources":["../src/signing.ts"],"names":[],"mappings":"AAAA,OAAO,MAAqB,MAAM,aAAa,CAAC;AAEhD,8EAA8E;AAC9E,8CAA8C;AAC9C,MAAM,UAAU,qBAAqB;IACnC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC;IAC/C,IAAI,GAAG,EAAE,CAAC;QACR,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACxD,MAAM,UAAU,GAAG,MAAM,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC;QAChD,MAAM,SAAS,GAAG,MAAM,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC;QACrD,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC;IACrD,CAAC;IACD,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAC;IACxE,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;AACpD,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,SAAoB;IAC/C,OAAO,SAAS,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;AACtE,CAAC;AAED,MAAM,UAAU,IAAI,CAAC,UAAqB,EAAE,OAAe;IACzD,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,EAAE,UAAU,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AAC3F,CAAC;AAED,MAAM,UAAU,MAAM,CAAC,SAAoB,EAAE,OAAe,EAAE,eAAuB;IACnF,IAAI,CAAC;QACH,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,EAAE,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,WAAW,CAAC,CAAC,CAAC;IACjH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,MAAM,UAAU,MAAM,CAAC,KAAa;IAClC,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACjE,CAAC"}
|
package/dist/types.d.ts
DELETED
|
@@ -1,52 +0,0 @@
|
|
|
1
|
-
export type Mandate = {
|
|
2
|
-
id: string;
|
|
3
|
-
subject: string;
|
|
4
|
-
version: string;
|
|
5
|
-
allow: {
|
|
6
|
-
payees: string[];
|
|
7
|
-
categories: string[];
|
|
8
|
-
currency: string;
|
|
9
|
-
maxTotal: number;
|
|
10
|
-
perTxMax: number;
|
|
11
|
-
};
|
|
12
|
-
window: {
|
|
13
|
-
notBefore: string;
|
|
14
|
-
notAfter: string;
|
|
15
|
-
};
|
|
16
|
-
revoked: boolean;
|
|
17
|
-
};
|
|
18
|
-
export type PaymentRequest = {
|
|
19
|
-
payee: string;
|
|
20
|
-
amount: number;
|
|
21
|
-
currency: string;
|
|
22
|
-
purpose: string;
|
|
23
|
-
category: string;
|
|
24
|
-
idempotencyKey: string;
|
|
25
|
-
invoiceRef?: string;
|
|
26
|
-
};
|
|
27
|
-
export type DecisionStatus = "ALLOW" | "DENY";
|
|
28
|
-
export type Decision = {
|
|
29
|
-
decisionId: string;
|
|
30
|
-
status: DecisionStatus;
|
|
31
|
-
subject: string;
|
|
32
|
-
mandateId: string;
|
|
33
|
-
request: PaymentRequest;
|
|
34
|
-
violatedRule?: string;
|
|
35
|
-
grant?: string;
|
|
36
|
-
ts: string;
|
|
37
|
-
};
|
|
38
|
-
export type AuditRecord = {
|
|
39
|
-
seq: number;
|
|
40
|
-
decisionId: string;
|
|
41
|
-
status: DecisionStatus;
|
|
42
|
-
subject: string;
|
|
43
|
-
digest: string;
|
|
44
|
-
prevHash: string;
|
|
45
|
-
hash: string;
|
|
46
|
-
ts: string;
|
|
47
|
-
};
|
|
48
|
-
export type AuditProof = {
|
|
49
|
-
record: AuditRecord;
|
|
50
|
-
chainIntact: boolean;
|
|
51
|
-
verifiedAgainstPublicKey: string;
|
|
52
|
-
};
|
package/dist/types.js
DELETED
package/dist/types.js.map
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":""}
|
package/dist/util.d.ts
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
export declare function stableStringify(obj: unknown): string;
|
package/dist/util.js
DELETED
|
@@ -1,9 +0,0 @@
|
|
|
1
|
-
export function stableStringify(obj) {
|
|
2
|
-
if (obj === null || typeof obj !== "object")
|
|
3
|
-
return JSON.stringify(obj);
|
|
4
|
-
if (Array.isArray(obj))
|
|
5
|
-
return "[" + obj.map(stableStringify).join(",") + "]";
|
|
6
|
-
const keys = Object.keys(obj).sort();
|
|
7
|
-
return "{" + keys.map((k) => JSON.stringify(k) + ":" + stableStringify(obj[k])).join(",") + "}";
|
|
8
|
-
}
|
|
9
|
-
//# sourceMappingURL=util.js.map
|
package/dist/util.js.map
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"util.js","sourceRoot":"","sources":["../src/util.ts"],"names":[],"mappings":"AAAA,MAAM,UAAU,eAAe,CAAC,GAAY;IAC1C,IAAI,GAAG,KAAK,IAAI,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IACxE,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC;QAAE,OAAO,GAAG,GAAG,GAAG,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;IAC9E,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,GAA8B,CAAC,CAAC,IAAI,EAAE,CAAC;IAChE,OAAO,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,eAAe,CAAE,GAA+B,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;AAC/H,CAAC"}
|