npm - @hlos-ai/schemas - Versions diffs - 0.6.0 → 0.7.1 - Mend

@hlos-ai/schemas 0.6.0 → 0.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md CHANGED Viewed

@@ -54,7 +54,7 @@ import {
   SETTLEMENT_AUTHORITY,
   type CrossingSettledReceipt, CrossingSettledReceiptSchema,
-  // Family W — Privacy-Preserving Proofs
+  // Privacy-Preserving Proofs
   W_RPID_DOMAIN, W_TXCTX_DOMAIN,
   type RPID, RPIDSchema,
   type TransactionContext, TransactionContextSchema,

package/dist/index.cjs CHANGED Viewed

@@ -64,7 +64,16 @@ __export(src_exports, {
   KernelErrorCodeSchema: () => KernelErrorCodeSchema2,
   KernelErrorSchema: () => KernelErrorSchema,
   KernelOkSchema: () => KernelOkSchema,
+  LIABILITY_WAIVER_TERMS_TYPE_URI: () => LIABILITY_WAIVER_TERMS_TYPE_URI,
+  LIABILITY_WAIVER_TERMS_VERSION: () => LIABILITY_WAIVER_TERMS_VERSION,
   LiabilityAttestationContentSchema: () => LiabilityAttestationContentSchema,
+  LiabilityDispositionSchema: () => LiabilityDispositionSchema,
+  LiabilityWaiverTermsConditionsSchema: () => LiabilityWaiverTermsConditionsSchema,
+  LiabilityWaiverTermsHashInputSchema: () => LiabilityWaiverTermsHashInputSchema,
+  LiabilityWaiverTermsPartiesSchema: () => LiabilityWaiverTermsPartiesSchema,
+  LiabilityWaiverTermsRefV0Schema: () => LiabilityWaiverTermsRefV0Schema,
+  LiabilityWaiverTermsScopeSchema: () => LiabilityWaiverTermsScopeSchema,
+  LiabilityWaiverTermsV0Schema: () => LiabilityWaiverTermsV0Schema,
   LogInclusionProofSchema: () => LogInclusionProofSchema,
   NA_ID_PREFIX: () => NA_ID_PREFIX,
   NotarizeResponseSchema: () => NotarizeResponseSchema,
@@ -91,6 +100,10 @@ __export(src_exports, {
   SRR_REJECTION_DOMAIN: () => SRR_REJECTION_DOMAIN,
   SRR_SIGNATURE_ALGORITHM: () => SRR_SIGNATURE_ALGORITHM,
   SRR_TYPE_URI: () => SRR_TYPE_URI,
+  SRR_V1_REJECTION_DOMAIN: () => SRR_V1_REJECTION_DOMAIN,
+  SRR_V1_SIGNATURE_ALGORITHM: () => SRR_V1_SIGNATURE_ALGORITHM,
+  SRR_V1_TYPE_URI: () => SRR_V1_TYPE_URI,
+  SRR_V1_VERSION: () => SRR_V1_VERSION,
   SRR_VERSION: () => SRR_VERSION,
   SURFACES: () => SURFACES,
   SettlementAnchorContentSchema: () => SettlementAnchorContentSchema,
@@ -101,6 +114,7 @@ __export(src_exports, {
   SignedReceiptV0LooseSchema: () => SignedReceiptV0LooseSchema,
   SignedReceiptV0Schema: () => SignedReceiptV0Schema,
   SignedRejectionReceiptV0Schema: () => SignedRejectionReceiptV0Schema,
+  SignedRejectionReceiptV1Schema: () => SignedRejectionReceiptV1Schema,
   StackConnectionSchema: () => StackConnectionSchema,
   StackProviderSchema: () => StackProviderSchema,
   StackSchema: () => StackSchema,
@@ -118,6 +132,7 @@ __export(src_exports, {
   base64urlToBytes: () => base64urlToBytes,
   bytesToBase64url: () => bytesToBase64url,
   computeContentHash: () => computeContentHash,
+  computeLiabilityWaiverTermsHash: () => computeLiabilityWaiverTermsHash,
   computeReceiptHash: () => computeReceiptHash,
   computeSrrDigest: () => computeSrrDigest,
   computeSrrSigningPayload: () => computeSrrSigningPayload,
@@ -141,6 +156,7 @@ __export(src_exports, {
   kernelError: () => kernelError,
   kernelOk: () => kernelOk,
   success: () => success,
+  toLiabilityWaiverTermsHashInput: () => toLiabilityWaiverTermsHashInput,
   validateTimeWindow: () => validateTimeWindow,
   verifyAAR: () => verifyAAR,
   verifyDetachedEd25519: () => verifyDetachedEd25519,
@@ -1499,9 +1515,57 @@ var SignedRejectionReceiptV0Schema = import_zod15.z.object({
   signature: Base64urlEd25519SigSchema
 }).strict();
-// src/srr-signing.ts
-var textEncoder = new TextEncoder();
-var DOMAIN_BYTES = textEncoder.encode(SRR_REJECTION_DOMAIN);
+// src/liability-waiver-terms-v0.ts
+var import_zod16 = require("zod");
+var LIABILITY_WAIVER_TERMS_TYPE_URI = "https://hlos.ai/schema/LiabilityWaiverTermsV0";
+var LIABILITY_WAIVER_TERMS_VERSION = 0;
+var LiabilityDispositionSchema = import_zod16.z.enum([
+  "ABSORB",
+  "RELEASE",
+  "TRANSFER",
+  "DISPUTE"
+]);
+var LiabilityWaiverTermsPartiesSchema = import_zod16.z.object({
+  offered_by: import_zod16.z.string().min(1).optional(),
+  offered_to: import_zod16.z.string().min(1).optional(),
+  beneficiary: import_zod16.z.string().min(1).optional(),
+  burdened_party: import_zod16.z.string().min(1).optional()
+}).strict();
+var LiabilityWaiverTermsScopeSchema = import_zod16.z.object({
+  crossing_id: import_zod16.z.string().min(1).optional(),
+  commitment_hash: Base64urlSha256Schema.optional(),
+  claim_scope: import_zod16.z.string().min(1).optional()
+}).strict();
+var LiabilityWaiverTermsConditionsSchema = import_zod16.z.object({
+  effective_if: import_zod16.z.record(import_zod16.z.unknown()).optional(),
+  expires_at: import_zod16.z.string().datetime().optional(),
+  jurisdiction: import_zod16.z.string().min(1).optional()
+}).strict();
+var LiabilityWaiverTermsHashInputSchema = import_zod16.z.object({
+  parties: LiabilityWaiverTermsPartiesSchema,
+  liability_effect: LiabilityDispositionSchema,
+  scope: LiabilityWaiverTermsScopeSchema,
+  conditions: LiabilityWaiverTermsConditionsSchema.optional(),
+  canonical_terms: import_zod16.z.record(import_zod16.z.unknown()).optional()
+}).strict();
+var LiabilityWaiverTermsRefV0Schema = import_zod16.z.object({
+  waiver_id: import_zod16.z.string().min(1).optional(),
+  terms_hash: Base64urlSha256Schema,
+  type: import_zod16.z.literal(LIABILITY_WAIVER_TERMS_TYPE_URI),
+  version: import_zod16.z.literal(LIABILITY_WAIVER_TERMS_VERSION)
+}).strict();
+var LiabilityWaiverTermsV0Schema = import_zod16.z.object({
+  "@type": import_zod16.z.literal(LIABILITY_WAIVER_TERMS_TYPE_URI),
+  version: import_zod16.z.literal(LIABILITY_WAIVER_TERMS_VERSION),
+  waiver_id: import_zod16.z.string().min(1),
+  terms_hash: Base64urlSha256Schema,
+  parties: LiabilityWaiverTermsPartiesSchema,
+  liability_effect: LiabilityDispositionSchema,
+  scope: LiabilityWaiverTermsScopeSchema,
+  conditions: LiabilityWaiverTermsConditionsSchema.optional(),
+  human_readable_summary: import_zod16.z.string().min(1).optional(),
+  canonical_terms: import_zod16.z.record(import_zod16.z.unknown()).optional()
+}).strict();
 var cachedSha2562 = null;
 function loadSha2562() {
   if (cachedSha2562) return cachedSha2562;
@@ -1517,24 +1581,104 @@ function loadSha2562() {
       sha256 = _require("@noble/hashes/sha2").sha256;
     } catch {
       throw new Error(
-        "SRR signing requires @noble/hashes as a peer dependency. Install it: npm install @noble/hashes"
+        "Liability waiver hashing requires @noble/hashes as a peer dependency. Install it: npm install @noble/hashes"
       );
     }
   }
   cachedSha2562 = sha256;
   return sha256;
 }
-function computeSrrSigningPayload(unsignedSrr) {
+function toLiabilityWaiverTermsHashInput(terms) {
+  return {
+    parties: terms.parties,
+    liability_effect: terms.liability_effect,
+    scope: terms.scope,
+    ...terms.conditions !== void 0 ? { conditions: terms.conditions } : {},
+    ...terms.canonical_terms !== void 0 ? { canonical_terms: terms.canonical_terms } : {}
+  };
+}
+function computeLiabilityWaiverTermsHash(input) {
   const sha256 = loadSha2562();
+  const canonical = jcsCanonicalize(input);
+  const digest = sha256(new TextEncoder().encode(canonical));
+  return bytesToBase64url(digest);
+}
+// src/srr-v1.ts
+var import_zod17 = require("zod");
+var SRR_V1_TYPE_URI = "https://hlos.ai/schema/SignedRejectionReceiptV1";
+var SRR_V1_VERSION = 1;
+var SRR_V1_REJECTION_DOMAIN = "kernel:u:rejection:v1";
+var SRR_V1_SIGNATURE_ALGORITHM = SRR_SIGNATURE_ALGORITHM;
+var SignedRejectionReceiptV1Schema = import_zod17.z.object({
+  "@type": import_zod17.z.literal(SRR_V1_TYPE_URI),
+  version: import_zod17.z.literal(SRR_V1_VERSION),
+  receipt_id: import_zod17.z.string().regex(
+    /^srr_[0-9A-HJKMNP-TV-Z]{26}$/i,
+    "receipt_id must be srr_ + 26-char ULID"
+  ),
+  crossing_id: import_zod17.z.string().min(1),
+  reason_code: import_zod17.z.string().regex(REASON_CODE_PATTERN, "reason_code must be UPPER_SNAKE_CASE, 3-64 chars"),
+  reason_message: import_zod17.z.string().min(1),
+  details: import_zod17.z.record(import_zod17.z.unknown()).optional(),
+  commitment_hash: Base64urlSha256Schema.optional(),
+  issuer_id: import_zod17.z.string().min(1),
+  rejected_at: import_zod17.z.string().datetime(),
+  issuer_public_key_ref: import_zod17.z.string().min(1),
+  signature_algorithm: import_zod17.z.literal(SRR_V1_SIGNATURE_ALGORITHM),
+  liability_disposition: LiabilityDispositionSchema,
+  waiver_terms_ref: LiabilityWaiverTermsRefV0Schema.optional(),
+  signature: Base64urlEd25519SigSchema
+}).strict().superRefine((value, ctx) => {
+  if ((value.liability_disposition === "RELEASE" || value.liability_disposition === "TRANSFER") && value.waiver_terms_ref === void 0) {
+    ctx.addIssue({
+      code: import_zod17.z.ZodIssueCode.custom,
+      path: ["waiver_terms_ref"],
+      message: "waiver_terms_ref is required for RELEASE and TRANSFER"
+    });
+  }
+});
+// src/srr-signing.ts
+var textEncoder = new TextEncoder();
+var DOMAIN_BYTES_V0 = textEncoder.encode(SRR_REJECTION_DOMAIN);
+var DOMAIN_BYTES_V1 = textEncoder.encode(SRR_V1_REJECTION_DOMAIN);
+var cachedSha2563 = null;
+function loadSha2563() {
+  if (cachedSha2563) return cachedSha2563;
+  const moduleApi = typeof process.getBuiltinModule === "function" ? process.getBuiltinModule("module") : require("module");
+  const createRequire = moduleApi.createRequire;
+  const requireBase = typeof __filename === "string" ? __filename : `${process.cwd()}/package.json`;
+  const _require = createRequire(requireBase);
+  let sha256;
+  try {
+    sha256 = _require("@noble/hashes/sha2.js").sha256;
+  } catch {
+    try {
+      sha256 = _require("@noble/hashes/sha2").sha256;
+    } catch {
+      throw new Error(
+        "SRR signing requires @noble/hashes as a peer dependency. Install it: npm install @noble/hashes"
+      );
+    }
+  }
+  cachedSha2563 = sha256;
+  return sha256;
+}
+function computeSrrSigningPayload(unsignedSrr) {
+  const sha256 = loadSha2563();
   const canonical = jcsCanonicalize(unsignedSrr);
   const digest = sha256(textEncoder.encode(canonical));
-  const payload = new Uint8Array(DOMAIN_BYTES.length + digest.length);
-  payload.set(DOMAIN_BYTES, 0);
-  payload.set(digest, DOMAIN_BYTES.length);
+  const domainBytes = unsignedSrr["@type"] === SRR_V1_TYPE_URI ? DOMAIN_BYTES_V1 : unsignedSrr["@type"] === SRR_TYPE_URI ? DOMAIN_BYTES_V0 : (() => {
+    throw new Error("Unsupported SRR type for signing payload construction");
+  })();
+  const payload = new Uint8Array(domainBytes.length + digest.length);
+  payload.set(domainBytes, 0);
+  payload.set(digest, domainBytes.length);
   return payload;
 }
 function computeSrrDigest(signedSrr) {
-  const sha256 = loadSha2562();
+  const sha256 = loadSha2563();
   const canonical = jcsCanonicalize(signedSrr);
   return bytesToBase64url(sha256(textEncoder.encode(canonical)));
 }
@@ -1590,23 +1734,28 @@ async function verifySignedRejectionReceipt(params) {
   if (!srr || typeof srr !== "object") {
     return { valid: false, reason: "SCHEMA_VIOLATION" };
   }
-  if (srr.signature_algorithm !== SRR_SIGNATURE_ALGORITHM) {
+  if (typeof srr.signature_algorithm === "string" && srr.signature_algorithm !== SRR_SIGNATURE_ALGORITHM) {
     return { valid: false, reason: "UNSUPPORTED_ALGORITHM" };
   }
-  const parseResult = SignedRejectionReceiptV0Schema.safeParse(srr);
+  const wireType = srr["@type"];
+  if (wireType !== SRR_V1_TYPE_URI && wireType !== SRR_TYPE_URI) {
+    return { valid: false, reason: "SCHEMA_VIOLATION" };
+  }
+  const parseResult = wireType === SRR_V1_TYPE_URI ? SignedRejectionReceiptV1Schema.safeParse(srr) : SignedRejectionReceiptV0Schema.safeParse(srr);
   if (!parseResult.success) {
     return { valid: false, reason: "SCHEMA_VIOLATION" };
   }
+  const parsedSrr = parseResult.data;
   let signingPayload;
   try {
-    const { signature, ...unsignedFields } = srr;
+    const { signature, ...unsignedFields } = parsedSrr;
     signingPayload = computeSrrSigningPayload(unsignedFields);
   } catch {
     return { valid: false, reason: "PAYLOAD_CONSTRUCTION_ERROR" };
   }
   let signatureBytes;
   try {
-    signatureBytes = base64urlToBytes(srr.signature);
+    signatureBytes = base64urlToBytes(parsedSrr.signature);
   } catch {
     return { valid: false, reason: "INVALID_SIGNATURE" };
   }
@@ -1663,7 +1812,16 @@ async function verifySignedRejectionReceipt(params) {
   KernelErrorCodeSchema,
   KernelErrorSchema,
   KernelOkSchema,
+  LIABILITY_WAIVER_TERMS_TYPE_URI,
+  LIABILITY_WAIVER_TERMS_VERSION,
   LiabilityAttestationContentSchema,
+  LiabilityDispositionSchema,
+  LiabilityWaiverTermsConditionsSchema,
+  LiabilityWaiverTermsHashInputSchema,
+  LiabilityWaiverTermsPartiesSchema,
+  LiabilityWaiverTermsRefV0Schema,
+  LiabilityWaiverTermsScopeSchema,
+  LiabilityWaiverTermsV0Schema,
   LogInclusionProofSchema,
   NA_ID_PREFIX,
   NotarizeResponseSchema,
@@ -1690,6 +1848,10 @@ async function verifySignedRejectionReceipt(params) {
   SRR_REJECTION_DOMAIN,
   SRR_SIGNATURE_ALGORITHM,
   SRR_TYPE_URI,
+  SRR_V1_REJECTION_DOMAIN,
+  SRR_V1_SIGNATURE_ALGORITHM,
+  SRR_V1_TYPE_URI,
+  SRR_V1_VERSION,
   SRR_VERSION,
   SURFACES,
   SettlementAnchorContentSchema,
@@ -1700,6 +1862,7 @@ async function verifySignedRejectionReceipt(params) {
   SignedReceiptV0LooseSchema,
   SignedReceiptV0Schema,
   SignedRejectionReceiptV0Schema,
+  SignedRejectionReceiptV1Schema,
   StackConnectionSchema,
   StackProviderSchema,
   StackSchema,
@@ -1717,6 +1880,7 @@ async function verifySignedRejectionReceipt(params) {
   base64urlToBytes,
   bytesToBase64url,
   computeContentHash,
+  computeLiabilityWaiverTermsHash,
   computeReceiptHash,
   computeSrrDigest,
   computeSrrSigningPayload,
@@ -1740,6 +1904,7 @@ async function verifySignedRejectionReceipt(params) {
   kernelError,
   kernelOk,
   success,
+  toLiabilityWaiverTermsHashInput,
   validateTimeWindow,
   verifyAAR,
   verifyDetachedEd25519,