@kya-os/consent 0.1.37 → 0.1.39

package/dist/schemas/capabilities.schemas.d.ts

@@ -0,0 +1,186 @@
+/**
+ * Capability + Agent Metadata + Cedar Schemas
+ *
+ * Runtime validation for capability metadata, the agent identity tile, and
+ * Cedar policy fragments. Cedar fragments are validated only for shape here;
+ * full grammar validation is performed by the dashboard's existing
+ * `compile-policy.ts` before persistence.
+ *
+ * @module @kya-os/consent/schemas/capabilities
+ */
+import { z } from "zod";
+/**
+ * Risk classification.
+ */
+export declare const RiskLevelSchema: z.ZodEnum<["low", "medium", "high", "critical"]>;
+/**
+ * Allowlist of icon tokens recognized by `<consent-capability-card>`.
+ */
+export declare const CapabilityIconSchema: z.ZodEnum<["search", "cart", "card", "pin", "pin-new", "shield", "key", "tools", "user", "calendar", "lock", "eye", "send", "package", "neutral"]>;
+/**
+ * Cedar policy fragment shape check. Full grammar validation runs in the
+ * dashboard's compile-policy.ts; here we only enforce a length cap and confirm
+ * the fragment opens with the `permit` or `forbid` keyword (the only two valid
+ * Cedar effects).
+ */
+export declare const CedarPolicySchema: z.ZodEffects<z.ZodString, string, string>;
+/**
+ * A single capability row.
+ */
+export declare const CapabilitySchema: z.ZodObject<{
+    id: z.ZodString;
+    label: z.ZodString;
+    description: z.ZodString;
+    icon: z.ZodEnum<["search", "cart", "card", "pin", "pin-new", "shield", "key", "tools", "user", "calendar", "lock", "eye", "send", "package", "neutral"]>;
+    riskLevel: z.ZodEnum<["low", "medium", "high", "critical"]>;
+    defaultOn: z.ZodBoolean;
+    cedar: z.ZodEffects<z.ZodString, string, string>;
+    scopes: z.ZodArray<z.ZodString, "many">;
+    category: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    id: string;
+    label: string;
+    description: string;
+    icon: "search" | "cart" | "card" | "pin" | "pin-new" | "shield" | "key" | "tools" | "user" | "calendar" | "lock" | "eye" | "send" | "package" | "neutral";
+    riskLevel: "low" | "medium" | "high" | "critical";
+    defaultOn: boolean;
+    cedar: string;
+    scopes: string[];
+    category?: string | undefined;
+}, {
+    id: string;
+    label: string;
+    description: string;
+    icon: "search" | "cart" | "card" | "pin" | "pin-new" | "shield" | "key" | "tools" | "user" | "calendar" | "lock" | "eye" | "send" | "package" | "neutral";
+    riskLevel: "low" | "medium" | "high" | "critical";
+    defaultOn: boolean;
+    cedar: string;
+    scopes: string[];
+    category?: string | undefined;
+}>;
+export type CapabilitySchemaType = z.infer<typeof CapabilitySchema>;
+/**
+ * Capability group (optional clustering).
+ */
+export declare const CapabilityGroupSchema: z.ZodObject<{
+    id: z.ZodString;
+    label: z.ZodString;
+    capabilities: z.ZodArray<z.ZodObject<{
+        id: z.ZodString;
+        label: z.ZodString;
+        description: z.ZodString;
+        icon: z.ZodEnum<["search", "cart", "card", "pin", "pin-new", "shield", "key", "tools", "user", "calendar", "lock", "eye", "send", "package", "neutral"]>;
+        riskLevel: z.ZodEnum<["low", "medium", "high", "critical"]>;
+        defaultOn: z.ZodBoolean;
+        cedar: z.ZodEffects<z.ZodString, string, string>;
+        scopes: z.ZodArray<z.ZodString, "many">;
+        category: z.ZodOptional<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        id: string;
+        label: string;
+        description: string;
+        icon: "search" | "cart" | "card" | "pin" | "pin-new" | "shield" | "key" | "tools" | "user" | "calendar" | "lock" | "eye" | "send" | "package" | "neutral";
+        riskLevel: "low" | "medium" | "high" | "critical";
+        defaultOn: boolean;
+        cedar: string;
+        scopes: string[];
+        category?: string | undefined;
+    }, {
+        id: string;
+        label: string;
+        description: string;
+        icon: "search" | "cart" | "card" | "pin" | "pin-new" | "shield" | "key" | "tools" | "user" | "calendar" | "lock" | "eye" | "send" | "package" | "neutral";
+        riskLevel: "low" | "medium" | "high" | "critical";
+        defaultOn: boolean;
+        cedar: string;
+        scopes: string[];
+        category?: string | undefined;
+    }>, "many">;
+}, "strip", z.ZodTypeAny, {
+    id: string;
+    label: string;
+    capabilities: {
+        id: string;
+        label: string;
+        description: string;
+        icon: "search" | "cart" | "card" | "pin" | "pin-new" | "shield" | "key" | "tools" | "user" | "calendar" | "lock" | "eye" | "send" | "package" | "neutral";
+        riskLevel: "low" | "medium" | "high" | "critical";
+        defaultOn: boolean;
+        cedar: string;
+        scopes: string[];
+        category?: string | undefined;
+    }[];
+}, {
+    id: string;
+    label: string;
+    capabilities: {
+        id: string;
+        label: string;
+        description: string;
+        icon: "search" | "cart" | "card" | "pin" | "pin-new" | "shield" | "key" | "tools" | "user" | "calendar" | "lock" | "eye" | "send" | "package" | "neutral";
+        riskLevel: "low" | "medium" | "high" | "critical";
+        defaultOn: boolean;
+        cedar: string;
+        scopes: string[];
+        category?: string | undefined;
+    }[];
+}>;
+export type CapabilityGroupSchemaType = z.infer<typeof CapabilityGroupSchema>;
+/**
+ * Agent identity tile data.
+ */
+export declare const AgentMetadataSchema: z.ZodObject<{
+    name: z.ZodString;
+    did: z.ZodString;
+    vendor: z.ZodOptional<z.ZodString>;
+    surfaceLabel: z.ZodOptional<z.ZodString>;
+    verified: z.ZodBoolean;
+    logoUrl: z.ZodOptional<z.ZodString>;
+    connectedAt: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    name: string;
+    did: string;
+    verified: boolean;
+    logoUrl?: string | undefined;
+    vendor?: string | undefined;
+    surfaceLabel?: string | undefined;
+    connectedAt?: string | undefined;
+}, {
+    name: string;
+    did: string;
+    verified: boolean;
+    logoUrl?: string | undefined;
+    vendor?: string | undefined;
+    surfaceLabel?: string | undefined;
+    connectedAt?: string | undefined;
+}>;
+export type AgentMetadataSchemaType = z.infer<typeof AgentMetadataSchema>;
+/**
+ * Theme selection.
+ */
+export declare const ConsentThemeSchema: z.ZodEnum<["light", "dark"]>;
+export type ConsentThemeSchemaType = z.infer<typeof ConsentThemeSchema>;
+/**
+ * Cedar template context bound at compile time.
+ */
+export declare const CedarTemplateContextSchema: z.ZodObject<{
+    agent_did: z.ZodString;
+    user_did: z.ZodString;
+    org: z.ZodString;
+    deployment: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    agent_did: string;
+    user_did: string;
+    org: string;
+    deployment: string;
+}, {
+    agent_did: string;
+    user_did: string;
+    org: string;
+    deployment: string;
+}>;
+export type CedarTemplateContextSchemaType = z.infer<typeof CedarTemplateContextSchema>;
+export declare function validateCapability(value: unknown): z.SafeParseReturnType<unknown, CapabilitySchemaType>;
+export declare function validateCapabilityGroup(value: unknown): z.SafeParseReturnType<unknown, CapabilityGroupSchemaType>;
+export declare function validateAgentMetadata(value: unknown): z.SafeParseReturnType<unknown, AgentMetadataSchemaType>;
+//# sourceMappingURL=capabilities.schemas.d.ts.map

package/dist/schemas/capabilities.schemas.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"capabilities.schemas.d.ts","sourceRoot":"","sources":["../../src/schemas/capabilities.schemas.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB;;GAEG;AACH,eAAO,MAAM,eAAe,kDAAgD,CAAC;AAE7E;;GAEG;AACH,eAAO,MAAM,oBAAoB,oJAgB/B,CAAC;AAEH;;;;;GAKG;AACH,eAAO,MAAM,iBAAiB,2CAO3B,CAAC;AAEJ;;GAEG;AACH,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA0B3B,CAAC;AAEH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAEpE;;GAEG;AACH,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAWhC,CAAC;AAEH,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAE9E;;GAEG;AACH,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;EAQ9B,CAAC;AAEH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAE1E;;GAEG;AACH,eAAO,MAAM,kBAAkB,8BAA4B,CAAC;AAE5D,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAExE;;GAEG;AACH,eAAO,MAAM,0BAA0B;;;;;;;;;;;;;;;EAKrC,CAAC;AAEH,MAAM,MAAM,8BAA8B,GAAG,CAAC,CAAC,KAAK,CAClD,OAAO,0BAA0B,CAClC,CAAC;AAEF,wBAAgB,kBAAkB,CAChC,KAAK,EAAE,OAAO,GACb,CAAC,CAAC,mBAAmB,CAAC,OAAO,EAAE,oBAAoB,CAAC,CAEtD;AAED,wBAAgB,uBAAuB,CACrC,KAAK,EAAE,OAAO,GACb,CAAC,CAAC,mBAAmB,CAAC,OAAO,EAAE,yBAAyB,CAAC,CAE3D;AAED,wBAAgB,qBAAqB,CACnC,KAAK,EAAE,OAAO,GACb,CAAC,CAAC,mBAAmB,CAAC,OAAO,EAAE,uBAAuB,CAAC,CAEzD"}

package/dist/schemas/capabilities.schemas.js

@@ -0,0 +1,123 @@
+/**
+ * Capability + Agent Metadata + Cedar Schemas
+ *
+ * Runtime validation for capability metadata, the agent identity tile, and
+ * Cedar policy fragments. Cedar fragments are validated only for shape here;
+ * full grammar validation is performed by the dashboard's existing
+ * `compile-policy.ts` before persistence.
+ *
+ * @module @kya-os/consent/schemas/capabilities
+ */
+import { z } from "zod";
+/**
+ * Risk classification.
+ */
+export const RiskLevelSchema = z.enum(["low", "medium", "high", "critical"]);
+/**
+ * Allowlist of icon tokens recognized by `<consent-capability-card>`.
+ */
+export const CapabilityIconSchema = z.enum([
+    "search",
+    "cart",
+    "card",
+    "pin",
+    "pin-new",
+    "shield",
+    "key",
+    "tools",
+    "user",
+    "calendar",
+    "lock",
+    "eye",
+    "send",
+    "package",
+    "neutral",
+]);
+/**
+ * Cedar policy fragment shape check. Full grammar validation runs in the
+ * dashboard's compile-policy.ts; here we only enforce a length cap and confirm
+ * the fragment opens with the `permit` or `forbid` keyword (the only two valid
+ * Cedar effects).
+ */
+export const CedarPolicySchema = z
+    .string()
+    .min(1, "Cedar fragment cannot be empty")
+    .max(8000, "Cedar fragment must be 8000 characters or less")
+    .refine((value) => /^\s*(permit|forbid)\s*\(/.test(value), "Cedar fragment must begin with `permit (` or `forbid (`");
+/**
+ * A single capability row.
+ */
+export const CapabilitySchema = z.object({
+    id: z
+        .string()
+        .min(1, "Capability id is required")
+        .max(64, "Capability id must be 64 characters or less")
+        .regex(/^[a-z][a-z0-9._-]*$/, "Capability id must be lowercase alphanumeric with `.`, `_`, or `-`"),
+    label: z
+        .string()
+        .min(1, "Capability label is required")
+        .max(80, "Capability label must be 80 characters or less"),
+    description: z
+        .string()
+        .min(1, "Capability description is required")
+        .max(280, "Capability description must be 280 characters or less"),
+    icon: CapabilityIconSchema,
+    riskLevel: RiskLevelSchema,
+    defaultOn: z.boolean(),
+    cedar: CedarPolicySchema,
+    scopes: z
+        .array(z.string().min(1).max(120))
+        .min(1, "At least one scope is required")
+        .max(20, "At most 20 scopes per capability"),
+    category: z.string().max(80).optional(),
+});
+/**
+ * Capability group (optional clustering).
+ */
+export const CapabilityGroupSchema = z.object({
+    id: z
+        .string()
+        .min(1)
+        .max(64)
+        .regex(/^[a-z][a-z0-9._-]*$/, "Group id must be lowercase alphanumeric"),
+    label: z.string().min(1).max(80),
+    capabilities: z
+        .array(CapabilitySchema)
+        .min(1, "Group must contain at least one capability")
+        .max(20, "At most 20 capabilities per group"),
+});
+/**
+ * Agent identity tile data.
+ */
+export const AgentMetadataSchema = z.object({
+    name: z.string().min(1).max(80),
+    did: z.string().min(1).max(500),
+    vendor: z.string().max(80).optional(),
+    surfaceLabel: z.string().max(40).optional(),
+    verified: z.boolean(),
+    logoUrl: z.string().url().optional(),
+    connectedAt: z.string().datetime().optional(),
+});
+/**
+ * Theme selection.
+ */
+export const ConsentThemeSchema = z.enum(["light", "dark"]);
+/**
+ * Cedar template context bound at compile time.
+ */
+export const CedarTemplateContextSchema = z.object({
+    agent_did: z.string().min(1).max(500),
+    user_did: z.string().min(1).max(500),
+    org: z.string().min(1).max(120),
+    deployment: z.string().min(1).max(120),
+});
+export function validateCapability(value) {
+    return CapabilitySchema.safeParse(value);
+}
+export function validateCapabilityGroup(value) {
+    return CapabilityGroupSchema.safeParse(value);
+}
+export function validateAgentMetadata(value) {
+    return AgentMetadataSchema.safeParse(value);
+}
+//# sourceMappingURL=capabilities.schemas.js.map

package/dist/schemas/capabilities.schemas.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"capabilities.schemas.js","sourceRoot":"","sources":["../../src/schemas/capabilities.schemas.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB;;GAEG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC,CAAC;AAE7E;;GAEG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,CAAC,IAAI,CAAC;IACzC,QAAQ;IACR,MAAM;IACN,MAAM;IACN,KAAK;IACL,SAAS;IACT,QAAQ;IACR,KAAK;IACL,OAAO;IACP,MAAM;IACN,UAAU;IACV,MAAM;IACN,KAAK;IACL,MAAM;IACN,SAAS;IACT,SAAS;CACV,CAAC,CAAC;AAEH;;;;;GAKG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC;KAC/B,MAAM,EAAE;KACR,GAAG,CAAC,CAAC,EAAE,gCAAgC,CAAC;KACxC,GAAG,CAAC,IAAI,EAAE,gDAAgD,CAAC;KAC3D,MAAM,CACL,CAAC,KAAK,EAAE,EAAE,CAAC,0BAA0B,CAAC,IAAI,CAAC,KAAK,CAAC,EACjD,yDAAyD,CAC1D,CAAC;AAEJ;;GAEG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,EAAE,EAAE,CAAC;SACF,MAAM,EAAE;SACR,GAAG,CAAC,CAAC,EAAE,2BAA2B,CAAC;SACnC,GAAG,CAAC,EAAE,EAAE,6CAA6C,CAAC;SACtD,KAAK,CACJ,qBAAqB,EACrB,oEAAoE,CACrE;IACH,KAAK,EAAE,CAAC;SACL,MAAM,EAAE;SACR,GAAG,CAAC,CAAC,EAAE,8BAA8B,CAAC;SACtC,GAAG,CAAC,EAAE,EAAE,gDAAgD,CAAC;IAC5D,WAAW,EAAE,CAAC;SACX,MAAM,EAAE;SACR,GAAG,CAAC,CAAC,EAAE,oCAAoC,CAAC;SAC5C,GAAG,CAAC,GAAG,EAAE,uDAAuD,CAAC;IACpE,IAAI,EAAE,oBAAoB;IAC1B,SAAS,EAAE,eAAe;IAC1B,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE;IACtB,KAAK,EAAE,iBAAiB;IACxB,MAAM,EAAE,CAAC;SACN,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;SACjC,GAAG,CAAC,CAAC,EAAE,gCAAgC,CAAC;SACxC,GAAG,CAAC,EAAE,EAAE,kCAAkC,CAAC;IAC9C,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,QAAQ,EAAE;CACxC,CAAC,CAAC;AAIH;;GAEG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC5C,EAAE,EAAE,CAAC;SACF,MAAM,EAAE;SACR,GAAG,CAAC,CAAC,CAAC;SACN,GAAG,CAAC,EAAE,CAAC;SACP,KAAK,CAAC,qBAAqB,EAAE,yCAAyC,CAAC;IAC1E,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;IAChC,YAAY,EAAE,CAAC;SACZ,KAAK,CAAC,gBAAgB,CAAC;SACvB,GAAG,CAAC,CAAC,EAAE,4CAA4C,CAAC;SACpD,GAAG,CAAC,EAAE,EAAE,mCAAmC,CAAC;CAChD,CAAC,CAAC;AAIH;;GAEG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC1C,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;IAC/B,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC;IAC/B,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrC,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC3C,QAAQ,EAAE,CAAC,CAAC,OAAO,EAAE;IACrB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IACpC,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;CAC9C,CAAC,CAAC;AAIH;;GAEG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC;AAI5D;;GAEG;AACH,MAAM,CAAC,MAAM,0BAA0B,GAAG,CAAC,CAAC,MAAM,CAAC;IACjD,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC;IACrC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC;IACpC,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC;IAC/B,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC;CACvC,CAAC,CAAC;AAMH,MAAM,UAAU,kBAAkB,CAChC,KAAc;IAEd,OAAO,gBAAgB,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;AAC3C,CAAC;AAED,MAAM,UAAU,uBAAuB,CACrC,KAAc;IAEd,OAAO,qBAAqB,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;AAChD,CAAC;AAED,MAAM,UAAU,qBAAqB,CACnC,KAAc;IAEd,OAAO,mBAAmB,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;AAC9C,CAAC"}