@id-wispera/core 0.1.0

package/dist/policy.js

@@ -0,0 +1,392 @@
+/**
+ * ID Wispera Policy Engine
+ * Cedar-inspired declarative policy evaluation
+ */
+import { PolicyError, } from './types.js';
+// ============================================================================
+// Built-in Policy Rules
+// ============================================================================
+/**
+ * Default policy rules for credential governance
+ */
+export const DEFAULT_POLICY_RULES = [
+    {
+        id: 'require-human-owner',
+        name: 'Require Human Owner',
+        description: 'All passports must have a human owner for accountability',
+        condition: {
+            requireHumanOwner: true,
+        },
+        effect: 'deny',
+        priority: 100,
+        enabled: true,
+    },
+    {
+        id: 'max-validity-90-days',
+        name: 'Maximum Validity Period',
+        description: 'Credentials should not be valid for more than 90 days',
+        condition: {
+            maxValidityDays: 90,
+        },
+        effect: 'deny',
+        priority: 90,
+        enabled: true,
+    },
+    {
+        id: 'max-delegation-depth-3',
+        name: 'Maximum Delegation Depth',
+        description: 'Credentials should not be delegated more than 3 levels deep',
+        condition: {
+            maxDelegationDepth: 3,
+        },
+        effect: 'deny',
+        priority: 80,
+        enabled: true,
+    },
+    {
+        id: 'privilege-visa-requires-approval',
+        name: 'Privileged Access Requires Approval',
+        description: 'Credentials with privilege visa type require approval',
+        condition: {
+            visaTypes: ['privilege'],
+        },
+        effect: 'require-approval',
+        priority: 70,
+        enabled: true,
+    },
+];
+// ============================================================================
+// Policy Evaluation
+// ============================================================================
+/**
+ * Check if a condition matches a passport
+ */
+function conditionMatches(passport, condition) {
+    // Visa types filter
+    if (condition.visaTypes && condition.visaTypes.length > 0) {
+        if (!condition.visaTypes.includes(passport.visaType)) {
+            return false;
+        }
+    }
+    // Platforms filter
+    if (condition.platforms && condition.platforms.length > 0) {
+        if (!passport.platforms.some((p) => condition.platforms.includes(p))) {
+            return false;
+        }
+    }
+    // Scopes filter
+    if (condition.scopes && condition.scopes.length > 0) {
+        if (!passport.scope.some((s) => condition.scopes.includes(s))) {
+            return false;
+        }
+    }
+    // Credential types filter
+    if (condition.credentialTypes && condition.credentialTypes.length > 0) {
+        if (!condition.credentialTypes.includes(passport.credentialType)) {
+            return false;
+        }
+    }
+    // Tags filter
+    if (condition.tags && condition.tags.length > 0) {
+        if (!passport.tags.some((t) => condition.tags.includes(t))) {
+            return false;
+        }
+    }
+    // Violation-based conditions: match only when violated
+    let hasViolationCondition = false;
+    let hasViolation = false;
+    // Human owner check
+    if (condition.requireHumanOwner) {
+        hasViolationCondition = true;
+        if (!passport.humanOwner || passport.humanOwner.trim() === '') {
+            hasViolation = true;
+        }
+    }
+    // Delegation depth check
+    if (condition.maxDelegationDepth !== undefined) {
+        hasViolationCondition = true;
+        const depth = passport.delegationChain?.length ?? 0;
+        if (depth > condition.maxDelegationDepth) {
+            hasViolation = true;
+        }
+    }
+    // Validity period check
+    if (condition.maxValidityDays !== undefined && passport.validUntil) {
+        hasViolationCondition = true;
+        const validFrom = new Date(passport.validFrom);
+        const validUntil = new Date(passport.validUntil);
+        const days = (validUntil.getTime() - validFrom.getTime()) / (1000 * 60 * 60 * 24);
+        if (days > condition.maxValidityDays) {
+            hasViolation = true;
+        }
+    }
+    // Custom condition
+    if (condition.custom) {
+        return condition.custom(passport);
+    }
+    // If rule has violation conditions, only match when a violation was found
+    if (hasViolationCondition) {
+        return hasViolation;
+    }
+    return true;
+}
+/**
+ * Evaluate a policy rule against a passport
+ */
+function evaluateRule(passport, rule) {
+    if (rule.enabled === false) {
+        return false; // Rule is disabled
+    }
+    return conditionMatches(passport, rule.condition);
+}
+/**
+ * Evaluate policies for a passport and action
+ * Returns the policy decision
+ */
+export function evaluatePolicy(passport, action, rules = DEFAULT_POLICY_RULES) {
+    // Sort rules by priority (higher first)
+    const sortedRules = [...rules].sort((a, b) => (b.priority ?? 0) - (a.priority ?? 0));
+    const matchedRules = [];
+    let finalEffect = 'allow';
+    const reasons = [];
+    for (const rule of sortedRules) {
+        if (evaluateRule(passport, rule)) {
+            matchedRules.push(rule);
+            // First matching deny or require-approval takes precedence
+            if (rule.effect === 'deny' && finalEffect !== 'deny') {
+                finalEffect = 'deny';
+                reasons.push(`${rule.name}: ${rule.description}`);
+            }
+            else if (rule.effect === 'require-approval' && finalEffect === 'allow') {
+                finalEffect = 'require-approval';
+                reasons.push(`${rule.name}: ${rule.description}`);
+            }
+        }
+    }
+    return {
+        allowed: finalEffect === 'allow',
+        effect: finalEffect,
+        matchedRules,
+        reason: reasons.length > 0
+            ? reasons.join('; ')
+            : `Action "${action}" is allowed by default policy`,
+    };
+}
+/**
+ * Validate a passport against all policy rules
+ * Returns list of violations
+ */
+export function validatePassport(passport, rules = DEFAULT_POLICY_RULES) {
+    const violations = [];
+    for (const rule of rules) {
+        if (rule.enabled === false)
+            continue;
+        // Check specific conditions that indicate violations
+        const condition = rule.condition;
+        // Human owner check
+        if (condition.requireHumanOwner) {
+            if (!passport.humanOwner || passport.humanOwner.trim() === '') {
+                violations.push({
+                    rule,
+                    violation: 'Passport is missing a human owner',
+                    severity: rule.effect === 'deny' ? 'error' : 'warning',
+                });
+            }
+        }
+        // Delegation depth check
+        if (condition.maxDelegationDepth !== undefined) {
+            const depth = passport.delegationChain?.length ?? 0;
+            if (depth > condition.maxDelegationDepth) {
+                violations.push({
+                    rule,
+                    violation: `Delegation depth (${depth}) exceeds maximum (${condition.maxDelegationDepth})`,
+                    severity: rule.effect === 'deny' ? 'error' : 'warning',
+                });
+            }
+        }
+        // Validity period check
+        if (condition.maxValidityDays !== undefined && passport.validUntil) {
+            const validFrom = new Date(passport.validFrom);
+            const validUntil = new Date(passport.validUntil);
+            const days = (validUntil.getTime() - validFrom.getTime()) / (1000 * 60 * 60 * 24);
+            if (days > condition.maxValidityDays) {
+                violations.push({
+                    rule,
+                    violation: `Validity period (${Math.round(days)} days) exceeds maximum (${condition.maxValidityDays} days)`,
+                    severity: rule.effect === 'deny' ? 'error' : 'warning',
+                });
+            }
+        }
+        // Visa type restrictions
+        if (condition.visaTypes && condition.visaTypes.includes(passport.visaType)) {
+            if (rule.effect === 'require-approval') {
+                violations.push({
+                    rule,
+                    violation: `Visa type "${passport.visaType}" requires approval`,
+                    severity: 'warning',
+                });
+            }
+        }
+    }
+    return violations;
+}
+// ============================================================================
+// Policy Management
+// ============================================================================
+/**
+ * Create a custom policy rule
+ */
+export function createPolicyRule(input) {
+    return {
+        id: input.id ?? `rule-${Date.now()}`,
+        name: input.name,
+        description: input.description,
+        condition: input.condition,
+        effect: input.effect,
+        priority: input.priority ?? 50,
+        enabled: input.enabled ?? true,
+    };
+}
+/**
+ * Merge policy rules, with later rules overriding earlier ones by ID
+ */
+export function mergePolicyRules(...ruleSets) {
+    const rulesById = new Map();
+    for (const ruleSet of ruleSets) {
+        for (const rule of ruleSet) {
+            rulesById.set(rule.id, rule);
+        }
+    }
+    return Array.from(rulesById.values());
+}
+/**
+ * Filter rules by enabled status
+ */
+export function getEnabledRules(rules) {
+    return rules.filter((r) => r.enabled !== false);
+}
+// ============================================================================
+// Policy Predicates (for advanced use)
+// ============================================================================
+/**
+ * Check if passport has valid human owner
+ */
+export function hasValidHumanOwner(passport) {
+    return !!passport.humanOwner && passport.humanOwner.trim() !== '';
+}
+/**
+ * Check if passport is within validity period
+ */
+export function isWithinValidityPeriod(passport) {
+    const now = new Date();
+    const validFrom = new Date(passport.validFrom);
+    const validUntil = passport.validUntil ? new Date(passport.validUntil) : null;
+    if (now < validFrom)
+        return false;
+    if (validUntil && now > validUntil)
+        return false;
+    return true;
+}
+/**
+ * Check if passport has excessive delegation
+ */
+export function hasExcessiveDelegation(passport, maxDepth = 3) {
+    return (passport.delegationChain?.length ?? 0) > maxDepth;
+}
+/**
+ * Check if passport scope is too broad
+ */
+export function hasBroadScope(passport, maxScopes = 10) {
+    return passport.scope.length > maxScopes;
+}
+/**
+ * Check if passport has privileged access
+ */
+export function hasPrivilegedAccess(passport) {
+    return passport.visaType === 'privilege';
+}
+// ============================================================================
+// Policy DSL Helpers
+// ============================================================================
+/**
+ * Builder for creating policy rules fluently
+ */
+export class PolicyBuilder {
+    rule = {
+        condition: {},
+        effect: 'allow',
+        enabled: true,
+    };
+    constructor(id) {
+        this.rule.id = id;
+    }
+    name(name) {
+        this.rule.name = name;
+        return this;
+    }
+    description(description) {
+        this.rule.description = description;
+        return this;
+    }
+    forVisaTypes(...types) {
+        this.rule.condition.visaTypes = types;
+        return this;
+    }
+    forPlatforms(...platforms) {
+        this.rule.condition.platforms = platforms;
+        return this;
+    }
+    forCredentialTypes(...types) {
+        this.rule.condition.credentialTypes = types;
+        return this;
+    }
+    requireHumanOwner() {
+        this.rule.condition.requireHumanOwner = true;
+        return this;
+    }
+    maxDelegationDepth(depth) {
+        this.rule.condition.maxDelegationDepth = depth;
+        return this;
+    }
+    maxValidityDays(days) {
+        this.rule.condition.maxValidityDays = days;
+        return this;
+    }
+    withCustomCondition(fn) {
+        this.rule.condition.custom = fn;
+        return this;
+    }
+    deny() {
+        this.rule.effect = 'deny';
+        return this;
+    }
+    requireApproval() {
+        this.rule.effect = 'require-approval';
+        return this;
+    }
+    allow() {
+        this.rule.effect = 'allow';
+        return this;
+    }
+    priority(priority) {
+        this.rule.priority = priority;
+        return this;
+    }
+    disabled() {
+        this.rule.enabled = false;
+        return this;
+    }
+    build() {
+        if (!this.rule.id || !this.rule.name || !this.rule.description) {
+            throw new PolicyError('Policy rule requires id, name, and description', 'INVALID_RULE');
+        }
+        return this.rule;
+    }
+}
+/**
+ * Start building a policy rule
+ */
+export function policy(id) {
+    return new PolicyBuilder(id);
+}
+//# sourceMappingURL=policy.js.map

package/dist/policy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy.js","sourceRoot":"","sources":["../src/policy.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAOL,WAAW,GACZ,MAAM,YAAY,CAAC;AAEpB,+EAA+E;AAC/E,wBAAwB;AACxB,+EAA+E;AAE/E;;GAEG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAiB;IAChD;QACE,EAAE,EAAE,qBAAqB;QACzB,IAAI,EAAE,qBAAqB;QAC3B,WAAW,EAAE,0DAA0D;QACvE,SAAS,EAAE;YACT,iBAAiB,EAAE,IAAI;SACxB;QACD,MAAM,EAAE,MAAM;QACd,QAAQ,EAAE,GAAG;QACb,OAAO,EAAE,IAAI;KACd;IACD;QACE,EAAE,EAAE,sBAAsB;QAC1B,IAAI,EAAE,yBAAyB;QAC/B,WAAW,EAAE,uDAAuD;QACpE,SAAS,EAAE;YACT,eAAe,EAAE,EAAE;SACpB;QACD,MAAM,EAAE,MAAM;QACd,QAAQ,EAAE,EAAE;QACZ,OAAO,EAAE,IAAI;KACd;IACD;QACE,EAAE,EAAE,wBAAwB;QAC5B,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,6DAA6D;QAC1E,SAAS,EAAE;YACT,kBAAkB,EAAE,CAAC;SACtB;QACD,MAAM,EAAE,MAAM;QACd,QAAQ,EAAE,EAAE;QACZ,OAAO,EAAE,IAAI;KACd;IACD;QACE,EAAE,EAAE,kCAAkC;QACtC,IAAI,EAAE,qCAAqC;QAC3C,WAAW,EAAE,uDAAuD;QACpE,SAAS,EAAE;YACT,SAAS,EAAE,CAAC,WAAW,CAAC;SACzB;QACD,MAAM,EAAE,kBAAkB;QAC1B,QAAQ,EAAE,EAAE;QACZ,OAAO,EAAE,IAAI;KACd;CACF,CAAC;AAEF,+EAA+E;AAC/E,oBAAoB;AACpB,+EAA+E;AAE/E;;GAEG;AACH,SAAS,gBAAgB,CAAC,QAAkB,EAAE,SAA0B;IACtE,oBAAoB;IACpB,IAAI,SAAS,CAAC,SAAS,IAAI,SAAS,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YACrD,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,mBAAmB;IACnB,IAAI,SAAS,CAAC,SAAS,IAAI,SAAS,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,SAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACtE,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,gBAAgB;IAChB,IAAI,SAAS,CAAC,MAAM,IAAI,SAAS,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpD,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,MAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC/D,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,0BAA0B;IAC1B,IAAI,SAAS,CAAC,eAAe,IAAI,SAAS,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtE,IAAI,CAAC,SAAS,CAAC,eAAe,CAAC,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;YACjE,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,cAAc;IACd,IAAI,SAAS,CAAC,IAAI,IAAI,SAAS,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChD,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,IAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC5D,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,uDAAuD;IACvD,IAAI,qBAAqB,GAAG,KAAK,CAAC;IAClC,IAAI,YAAY,GAAG,KAAK,CAAC;IAEzB,oBAAoB;IACpB,IAAI,SAAS,CAAC,iBAAiB,EAAE,CAAC;QAChC,qBAAqB,GAAG,IAAI,CAAC;QAC7B,IAAI,CAAC,QAAQ,CAAC,UAAU,IAAI,QAAQ,CAAC,UAAU,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YAC9D,YAAY,GAAG,IAAI,CAAC;QACtB,CAAC;IACH,CAAC;IAED,yBAAyB;IACzB,IAAI,SAAS,CAAC,kBAAkB,KAAK,SAAS,EAAE,CAAC;QAC/C,qBAAqB,GAAG,IAAI,CAAC;QAC7B,MAAM,KAAK,GAAG,QAAQ,CAAC,eAAe,EAAE,MAAM,IAAI,CAAC,CAAC;QACpD,IAAI,KAAK,GAAG,SAAS,CAAC,kBAAkB,EAAE,CAAC;YACzC,YAAY,GAAG,IAAI,CAAC;QACtB,CAAC;IACH,CAAC;IAED,wBAAwB;IACxB,IAAI,SAAS,CAAC,eAAe,KAAK,SAAS,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;QACnE,qBAAqB,GAAG,IAAI,CAAC;QAC7B,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;QAC/C,MAAM,UAAU,GAAG,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;QACjD,MAAM,IAAI,GAAG,CAAC,UAAU,CAAC,OAAO,EAAE,GAAG,SAAS,CAAC,OAAO,EAAE,CAAC,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;QAClF,IAAI,IAAI,GAAG,SAAS,CAAC,eAAe,EAAE,CAAC;YACrC,YAAY,GAAG,IAAI,CAAC;QACtB,CAAC;IACH,CAAC;IAED,mBAAmB;IACnB,IAAI,SAAS,CAAC,MAAM,EAAE,CAAC;QACrB,OAAO,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACpC,CAAC;IAED,0EAA0E;IAC1E,IAAI,qBAAqB,EAAE,CAAC;QAC1B,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,QAAkB,EAAE,IAAgB;IACxD,IAAI,IAAI,CAAC,OAAO,KAAK,KAAK,EAAE,CAAC;QAC3B,OAAO,KAAK,CAAC,CAAC,mBAAmB;IACnC,CAAC;IACD,OAAO,gBAAgB,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;AACpD,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,cAAc,CAC5B,QAAkB,EAClB,MAAc,EACd,QAAsB,oBAAoB;IAE1C,wCAAwC;IACxC,MAAM,WAAW,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC,CAAC;IAErF,MAAM,YAAY,GAAiB,EAAE,CAAC;IACtC,IAAI,WAAW,GAAiB,OAAO,CAAC;IACxC,MAAM,OAAO,GAAa,EAAE,CAAC;IAE7B,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;QAC/B,IAAI,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,EAAE,CAAC;YACjC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAExB,2DAA2D;YAC3D,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM,IAAI,WAAW,KAAK,MAAM,EAAE,CAAC;gBACrD,WAAW,GAAG,MAAM,CAAC;gBACrB,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;YACpD,CAAC;iBAAM,IAAI,IAAI,CAAC,MAAM,KAAK,kBAAkB,IAAI,WAAW,KAAK,OAAO,EAAE,CAAC;gBACzE,WAAW,GAAG,kBAAkB,CAAC;gBACjC,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;YACpD,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,OAAO,EAAE,WAAW,KAAK,OAAO;QAChC,MAAM,EAAE,WAAW;QACnB,YAAY;QACZ,MAAM,EACJ,OAAO,CAAC,MAAM,GAAG,CAAC;YAChB,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;YACpB,CAAC,CAAC,WAAW,MAAM,gCAAgC;KACxD,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAC9B,QAAkB,EAClB,QAAsB,oBAAoB;IAE1C,MAAM,UAAU,GAAuB,EAAE,CAAC;IAE1C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,IAAI,CAAC,OAAO,KAAK,KAAK;YAAE,SAAS;QAErC,qDAAqD;QACrD,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;QAEjC,oBAAoB;QACpB,IAAI,SAAS,CAAC,iBAAiB,EAAE,CAAC;YAChC,IAAI,CAAC,QAAQ,CAAC,UAAU,IAAI,QAAQ,CAAC,UAAU,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;gBAC9D,UAAU,CAAC,IAAI,CAAC;oBACd,IAAI;oBACJ,SAAS,EAAE,mCAAmC;oBAC9C,QAAQ,EAAE,IAAI,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;iBACvD,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,yBAAyB;QACzB,IAAI,SAAS,CAAC,kBAAkB,KAAK,SAAS,EAAE,CAAC;YAC/C,MAAM,KAAK,GAAG,QAAQ,CAAC,eAAe,EAAE,MAAM,IAAI,CAAC,CAAC;YACpD,IAAI,KAAK,GAAG,SAAS,CAAC,kBAAkB,EAAE,CAAC;gBACzC,UAAU,CAAC,IAAI,CAAC;oBACd,IAAI;oBACJ,SAAS,EAAE,qBAAqB,KAAK,sBAAsB,SAAS,CAAC,kBAAkB,GAAG;oBAC1F,QAAQ,EAAE,IAAI,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;iBACvD,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,wBAAwB;QACxB,IAAI,SAAS,CAAC,eAAe,KAAK,SAAS,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;YACnE,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;YAC/C,MAAM,UAAU,GAAG,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YACjD,MAAM,IAAI,GAAG,CAAC,UAAU,CAAC,OAAO,EAAE,GAAG,SAAS,CAAC,OAAO,EAAE,CAAC,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;YAClF,IAAI,IAAI,GAAG,SAAS,CAAC,eAAe,EAAE,CAAC;gBACrC,UAAU,CAAC,IAAI,CAAC;oBACd,IAAI;oBACJ,SAAS,EAAE,oBAAoB,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,2BAA2B,SAAS,CAAC,eAAe,QAAQ;oBAC3G,QAAQ,EAAE,IAAI,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;iBACvD,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,yBAAyB;QACzB,IAAI,SAAS,CAAC,SAAS,IAAI,SAAS,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC3E,IAAI,IAAI,CAAC,MAAM,KAAK,kBAAkB,EAAE,CAAC;gBACvC,UAAU,CAAC,IAAI,CAAC;oBACd,IAAI;oBACJ,SAAS,EAAE,cAAc,QAAQ,CAAC,QAAQ,qBAAqB;oBAC/D,QAAQ,EAAE,SAAS;iBACpB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,+EAA+E;AAC/E,oBAAoB;AACpB,+EAA+E;AAE/E;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAC9B,KAA+C;IAE/C,OAAO;QACL,EAAE,EAAE,KAAK,CAAC,EAAE,IAAI,QAAQ,IAAI,CAAC,GAAG,EAAE,EAAE;QACpC,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,WAAW,EAAE,KAAK,CAAC,WAAW;QAC9B,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,MAAM,EAAE,KAAK,CAAC,MAAM;QACpB,QAAQ,EAAE,KAAK,CAAC,QAAQ,IAAI,EAAE;QAC9B,OAAO,EAAE,KAAK,CAAC,OAAO,IAAI,IAAI;KAC/B,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,GAAG,QAAwB;IAC1D,MAAM,SAAS,GAAG,IAAI,GAAG,EAAsB,CAAC;IAEhD,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,KAAK,MAAM,IAAI,IAAI,OAAO,EAAE,CAAC;YAC3B,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC;AACxC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,KAAmB;IACjD,OAAO,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,KAAK,CAAC,CAAC;AAClD,CAAC;AAED,+EAA+E;AAC/E,uCAAuC;AACvC,+EAA+E;AAE/E;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,QAAkB;IACnD,OAAO,CAAC,CAAC,QAAQ,CAAC,UAAU,IAAI,QAAQ,CAAC,UAAU,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC;AACpE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB,CAAC,QAAkB;IACvD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;IAC/C,MAAM,UAAU,GAAG,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAE9E,IAAI,GAAG,GAAG,SAAS;QAAE,OAAO,KAAK,CAAC;IAClC,IAAI,UAAU,IAAI,GAAG,GAAG,UAAU;QAAE,OAAO,KAAK,CAAC;IACjD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB,CAAC,QAAkB,EAAE,WAAmB,CAAC;IAC7E,OAAO,CAAC,QAAQ,CAAC,eAAe,EAAE,MAAM,IAAI,CAAC,CAAC,GAAG,QAAQ,CAAC;AAC5D,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,QAAkB,EAAE,YAAoB,EAAE;IACtE,OAAO,QAAQ,CAAC,KAAK,CAAC,MAAM,GAAG,SAAS,CAAC;AAC3C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,QAAkB;IACpD,OAAO,QAAQ,CAAC,QAAQ,KAAK,WAAW,CAAC;AAC3C,CAAC;AAED,+EAA+E;AAC/E,qBAAqB;AACrB,+EAA+E;AAE/E;;GAEG;AACH,MAAM,OAAO,aAAa;IAChB,IAAI,GAAwB;QAClC,SAAS,EAAE,EAAE;QACb,MAAM,EAAE,OAAO;QACf,OAAO,EAAE,IAAI;KACd,CAAC;IAEF,YAAY,EAAU;QACpB,IAAI,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC;IACpB,CAAC;IAED,IAAI,CAAC,IAAY;QACf,IAAI,CAAC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACtB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,WAAW,CAAC,WAAmB;QAC7B,IAAI,CAAC,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;QACpC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,YAAY,CAAC,GAAG,KAAe;QAC7B,IAAI,CAAC,IAAI,CAAC,SAAU,CAAC,SAAS,GAAG,KAAc,CAAC;QAChD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,YAAY,CAAC,GAAG,SAAmB;QACjC,IAAI,CAAC,IAAI,CAAC,SAAU,CAAC,SAAS,GAAG,SAAkB,CAAC;QACpD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,kBAAkB,CAAC,GAAG,KAAe;QACnC,IAAI,CAAC,IAAI,CAAC,SAAU,CAAC,eAAe,GAAG,KAAc,CAAC;QACtD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,iBAAiB;QACf,IAAI,CAAC,IAAI,CAAC,SAAU,CAAC,iBAAiB,GAAG,IAAI,CAAC;QAC9C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,kBAAkB,CAAC,KAAa;QAC9B,IAAI,CAAC,IAAI,CAAC,SAAU,CAAC,kBAAkB,GAAG,KAAK,CAAC;QAChD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,eAAe,CAAC,IAAY;QAC1B,IAAI,CAAC,IAAI,CAAC,SAAU,CAAC,eAAe,GAAG,IAAI,CAAC;QAC5C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,mBAAmB,CAAC,EAAmC;QACrD,IAAI,CAAC,IAAI,CAAC,SAAU,CAAC,MAAM,GAAG,EAAE,CAAC;QACjC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI;QACF,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAC1B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,eAAe;QACb,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,kBAAkB,CAAC;QACtC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK;QACH,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC;QAC3B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,QAAQ,CAAC,QAAgB;QACvB,IAAI,CAAC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAC9B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,QAAQ;QACN,IAAI,CAAC,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC;QAC1B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK;QACH,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YAC/D,MAAM,IAAI,WAAW,CACnB,gDAAgD,EAChD,cAAc,CACf,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC,IAAkB,CAAC;IACjC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,MAAM,CAAC,EAAU;IAC/B,OAAO,IAAI,aAAa,CAAC,EAAE,CAAC,CAAC;AAC/B,CAAC"}

package/dist/providers/openclaw.d.ts

@@ -0,0 +1,80 @@
+/**
+ * ID Wispera OpenClaw Provider
+ * Specialized scanner for OpenClaw credential locations
+ */
+import { DiscoveredCredential, LocationScanResult } from '../locations.js';
+import { CreatePassportInput } from '../types.js';
+export declare const OPENCLAW_BASE_PATH: string;
+export declare const OPENCLAW_PATHS: {
+    /** Base OpenClaw directory */
+    base: string;
+    /** WhatsApp credentials directory */
+    whatsapp: string;
+    /** Main credentials directory */
+    credentials: string;
+    /** Agents directory */
+    agents: string;
+    /** Main config file */
+    config: string;
+    /** OAuth tokens */
+    oauth: string;
+};
+/**
+ * Check if OpenClaw is installed
+ */
+export declare function isOpenClawInstalled(): Promise<boolean>;
+/**
+ * Check file permissions and return warning if insecure
+ */
+export declare function checkFilePermissions(filePath: string): Promise<string | undefined>;
+/**
+ * Check directory permissions
+ */
+export declare function checkDirectoryPermissions(dirPath: string): Promise<string | undefined>;
+/**
+ * Scan result with OpenClaw-specific metadata
+ */
+export interface OpenClawScanResult {
+    /** Whether OpenClaw is installed */
+    installed: boolean;
+    /** Path to OpenClaw installation */
+    installPath: string;
+    /** All discovered credentials */
+    credentials: DiscoveredCredential[];
+    /** Scan results by location */
+    locationResults: LocationScanResult[];
+    /** Summary statistics */
+    summary: {
+        total: number;
+        governed: number;
+        criticalCount: number;
+        highCount: number;
+        mediumCount: number;
+        lowCount: number;
+    };
+    /** Permission warnings for OpenClaw directory */
+    permissionWarnings: string[];
+    /** Unreadable paths */
+    unreadablePaths: {
+        path: string;
+        error: string;
+    }[];
+}
+/**
+ * Scan all OpenClaw credential locations
+ */
+export declare function scanOpenClaw(): Promise<OpenClawScanResult>;
+/**
+ * Convert discovered credential to passport input
+ */
+export declare function toPassportInput(cred: DiscoveredCredential, humanOwner: string, agentId?: string): CreatePassportInput;
+/**
+ * Format credential for table display
+ */
+export declare function formatCredentialRow(cred: DiscoveredCredential): {
+    credential: string;
+    type: string;
+    visaType: string;
+    riskLevel: string;
+};
+//# sourceMappingURL=openclaw.d.ts.map

package/dist/providers/openclaw.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"openclaw.d.ts","sourceRoot":"","sources":["../../src/providers/openclaw.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,OAAO,EACL,oBAAoB,EACpB,kBAAkB,EAInB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAsC,mBAAmB,EAAiB,MAAM,aAAa,CAAC;AAMrG,eAAO,MAAM,kBAAkB,QAA+B,CAAC;AAE/D,eAAO,MAAM,cAAc;IACzB,8BAA8B;;IAE9B,qCAAqC;;IAErC,iCAAiC;;IAEjC,uBAAuB;;IAEvB,uBAAuB;;IAEvB,mBAAmB;;CAEpB,CAAC;AAMF;;GAEG;AACH,wBAAsB,mBAAmB,IAAI,OAAO,CAAC,OAAO,CAAC,CAQ5D;AAED;;GAEG;AACH,wBAAsB,oBAAoB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAqBxF;AAED;;GAEG;AACH,wBAAsB,yBAAyB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAiB5F;AAMD;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,oCAAoC;IACpC,SAAS,EAAE,OAAO,CAAC;IACnB,oCAAoC;IACpC,WAAW,EAAE,MAAM,CAAC;IACpB,iCAAiC;IACjC,WAAW,EAAE,oBAAoB,EAAE,CAAC;IACpC,+BAA+B;IAC/B,eAAe,EAAE,kBAAkB,EAAE,CAAC;IACtC,yBAAyB;IACzB,OAAO,EAAE;QACP,KAAK,EAAE,MAAM,CAAC;QACd,QAAQ,EAAE,MAAM,CAAC;QACjB,aAAa,EAAE,MAAM,CAAC;QACtB,SAAS,EAAE,MAAM,CAAC;QAClB,WAAW,EAAE,MAAM,CAAC;QACpB,QAAQ,EAAE,MAAM,CAAC;KAClB,CAAC;IACF,iDAAiD;IACjD,kBAAkB,EAAE,MAAM,EAAE,CAAC;IAC7B,uBAAuB;IACvB,eAAe,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;CACpD;AAED;;GAEG;AACH,wBAAsB,YAAY,IAAI,OAAO,CAAC,kBAAkB,CAAC,CAgEhE;AA+iBD;;GAEG;AACH,wBAAgB,eAAe,CAC7B,IAAI,EAAE,oBAAoB,EAC1B,UAAU,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE,MAAM,GACf,mBAAmB,CAmCrB;AAMD;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,oBAAoB,GAAG;IAC/D,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;CACnB,CAOA"}