@kya-os/contracts 1.3.2 → 1.3.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (82) hide show
  1. package/README.md +1 -1
  2. package/dist/agentshield-api/endpoints.d.ts +21 -0
  3. package/dist/agentshield-api/endpoints.js +20 -0
  4. package/dist/agentshield-api/index.d.ts +5 -0
  5. package/dist/agentshield-api/index.js +27 -0
  6. package/dist/agentshield-api/schemas.d.ts +9846 -0
  7. package/dist/agentshield-api/schemas.js +92 -0
  8. package/dist/agentshield-api/types.d.ts +92 -0
  9. package/dist/agentshield-api/types.js +12 -0
  10. package/dist/cli.d.ts +3 -6
  11. package/dist/cli.js +3 -10
  12. package/dist/config/base.d.ts +19 -0
  13. package/dist/config/base.js +2 -0
  14. package/dist/config/delegation.d.ts +46 -0
  15. package/dist/config/delegation.js +2 -0
  16. package/dist/config/identity.d.ts +22 -0
  17. package/dist/config/identity.js +2 -0
  18. package/dist/config/index.d.ts +17 -0
  19. package/dist/config/index.js +2 -0
  20. package/dist/config/proofing.d.ts +26 -0
  21. package/dist/config/proofing.js +2 -0
  22. package/dist/config/tool-protection.d.ts +36 -0
  23. package/dist/config/tool-protection.js +2 -0
  24. package/dist/delegation/constraints.d.ts +0 -266
  25. package/dist/delegation/constraints.js +3 -110
  26. package/dist/delegation/index.d.ts +0 -6
  27. package/dist/delegation/index.js +0 -6
  28. package/dist/delegation/schemas.d.ts +174 -514
  29. package/dist/delegation/schemas.js +3 -247
  30. package/dist/did/index.d.ts +0 -6
  31. package/dist/did/index.js +0 -6
  32. package/dist/did/resolve-contract.d.ts +0 -167
  33. package/dist/did/resolve-contract.js +0 -20
  34. package/dist/did/schemas.d.ts +0 -80
  35. package/dist/did/schemas.js +4 -97
  36. package/dist/did/types.d.ts +0 -126
  37. package/dist/did/types.js +0 -34
  38. package/dist/env/constants.d.ts +0 -45
  39. package/dist/env/constants.js +0 -45
  40. package/dist/env/index.d.ts +0 -4
  41. package/dist/env/index.js +0 -4
  42. package/dist/handshake.d.ts +0 -21
  43. package/dist/handshake.js +3 -11
  44. package/dist/index.d.ts +0 -15
  45. package/dist/index.js +0 -25
  46. package/dist/proof/index.d.ts +0 -7
  47. package/dist/proof/index.js +0 -7
  48. package/dist/proof/proof-record.d.ts +62 -172
  49. package/dist/proof/proof-record.js +0 -74
  50. package/dist/proof/signing-spec.d.ts +12 -86
  51. package/dist/proof/signing-spec.js +0 -71
  52. package/dist/proof.d.ts +16 -38
  53. package/dist/proof.js +3 -26
  54. package/dist/registry.d.ts +10 -27
  55. package/dist/registry.js +9 -30
  56. package/dist/runtime/errors.d.ts +0 -169
  57. package/dist/runtime/errors.js +0 -69
  58. package/dist/runtime/headers.d.ts +0 -50
  59. package/dist/runtime/headers.js +0 -30
  60. package/dist/runtime/index.d.ts +0 -4
  61. package/dist/runtime/index.js +0 -4
  62. package/dist/test.d.ts +0 -37
  63. package/dist/test.js +0 -37
  64. package/dist/tlkrc/index.d.ts +0 -4
  65. package/dist/tlkrc/index.js +0 -4
  66. package/dist/tlkrc/rotation.d.ts +12 -90
  67. package/dist/tlkrc/rotation.js +0 -72
  68. package/dist/tool-protection/index.d.ts +129 -0
  69. package/dist/tool-protection/index.js +80 -0
  70. package/dist/utils/validation.d.ts +0 -17
  71. package/dist/utils/validation.js +0 -14
  72. package/dist/vc/index.d.ts +0 -6
  73. package/dist/vc/index.js +0 -6
  74. package/dist/vc/schemas.d.ts +0 -596
  75. package/dist/vc/schemas.js +2 -111
  76. package/dist/vc/statuslist.d.ts +0 -202
  77. package/dist/vc/statuslist.js +1 -73
  78. package/dist/verifier.d.ts +9 -13
  79. package/dist/verifier.js +0 -8
  80. package/dist/well-known/index.d.ts +248 -0
  81. package/dist/well-known/index.js +104 -0
  82. package/package.json +27 -5
package/dist/delegation/constraints.d.ts CHANGED
@@ -1,32 +1,10 @@
1
- /**
2
- * CRISP Delegation Constraints
3
- *
4
- * Types and schemas for CRISP (Constrained Resource Intent Specification Protocol)
5
- * constraints on delegations. CRISP enables fine-grained authorization control.
6
- *
7
- * Related Spec: MCP-I §4.2
8
- * Python Reference: Delegation-Documentation.md
9
- */
10
1
  import { z } from 'zod';
11
- /**
12
- * Currency types for CRISP budgets
13
- */
14
2
  export declare const CurrencySchema: z.ZodEnum<["USD", "ops", "points"]>;
15
3
  export type Currency = z.infer<typeof CurrencySchema>;
16
- /**
17
- * Window kind for budget enforcement
18
- */
19
4
  export declare const WindowKindSchema: z.ZodEnum<["rolling", "fixed"]>;
20
5
  export type WindowKind = z.infer<typeof WindowKindSchema>;
21
- /**
22
- * Budget Window Schema
23
- *
24
- * Defines the time window for budget enforcement
25
- */
26
6
  export declare const BudgetWindowSchema: z.ZodObject<{
27
- /** Type of window (rolling or fixed) */
28
7
  kind: z.ZodEnum<["rolling", "fixed"]>;
29
- /** Duration in seconds */
30
8
  durationSec: z.ZodNumber;
31
9
  }, "strip", z.ZodTypeAny, {
32
10
  kind: "rolling" | "fixed";
@@ -36,21 +14,11 @@ export declare const BudgetWindowSchema: z.ZodObject<{
36
14
  durationSec: number;
37
15
  }>;
38
16
  export type BudgetWindow = z.infer<typeof BudgetWindowSchema>;
39
- /**
40
- * CRISP Budget Schema
41
- *
42
- * Defines spending/usage limits for a delegation
43
- */
44
17
  export declare const CrispBudgetSchema: z.ZodObject<{
45
- /** Unit of the budget */
46
18
  unit: z.ZodEnum<["USD", "ops", "points"]>;
47
- /** Cap/limit for the budget */
48
19
  cap: z.ZodNumber;
49
- /** Optional time window for the budget */
50
20
  window: z.ZodOptional<z.ZodObject<{
51
- /** Type of window (rolling or fixed) */
52
21
  kind: z.ZodEnum<["rolling", "fixed"]>;
53
- /** Duration in seconds */
54
22
  durationSec: z.ZodNumber;
55
23
  }, "strip", z.ZodTypeAny, {
56
24
  kind: "rolling" | "fixed";
@@ -75,22 +43,11 @@ export declare const CrispBudgetSchema: z.ZodObject<{
75
43
  } | undefined;
76
44
  }>;
77
45
  export type CrispBudget = z.infer<typeof CrispBudgetSchema>;
78
- /**
79
- * Scope matcher types
80
- */
81
46
  export declare const ScopeMatcherSchema: z.ZodEnum<["exact", "prefix", "regex"]>;
82
47
  export type ScopeMatcher = z.infer<typeof ScopeMatcherSchema>;
83
- /**
84
- * CRISP Scope Schema
85
- *
86
- * Defines what resources/actions are allowed in a delegation
87
- */
88
48
  export declare const CrispScopeSchema: z.ZodObject<{
89
- /** Resource identifier (e.g., "api:users", "data:emails") */
90
49
  resource: z.ZodString;
91
- /** How to match the resource */
92
50
  matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
93
- /** Optional additional constraints on this scope */
94
51
  constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
95
52
  }, "strip", z.ZodTypeAny, {
96
53
  resource: string;
@@ -102,31 +59,16 @@ export declare const CrispScopeSchema: z.ZodObject<{
102
59
  constraints?: Record<string, any> | undefined;
103
60
  }>;
104
61
  export type CrispScope = z.infer<typeof CrispScopeSchema>;
105
- /**
106
- * Delegation Constraints Schema (CRISP)
107
- *
108
- * Complete constraint specification for a delegation
109
- */
110
62
  export declare const DelegationConstraintsSchema: z.ZodObject<{
111
- /** Not valid before (Unix timestamp in seconds) */
112
63
  notBefore: z.ZodOptional<z.ZodNumber>;
113
- /** Not valid after (Unix timestamp in seconds) */
114
64
  notAfter: z.ZodOptional<z.ZodNumber>;
115
- /** Simple scopes array (for Phase 1 bouncer - simplified model) */
116
65
  scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
117
- /** CRISP-specific constraints (full model) */
118
66
  crisp: z.ZodOptional<z.ZodObject<{
119
- /** Optional budget constraint */
120
67
  budget: z.ZodOptional<z.ZodObject<{
121
- /** Unit of the budget */
122
68
  unit: z.ZodEnum<["USD", "ops", "points"]>;
123
- /** Cap/limit for the budget */
124
69
  cap: z.ZodNumber;
125
- /** Optional time window for the budget */
126
70
  window: z.ZodOptional<z.ZodObject<{
127
- /** Type of window (rolling or fixed) */
128
71
  kind: z.ZodEnum<["rolling", "fixed"]>;
129
- /** Duration in seconds */
130
72
  durationSec: z.ZodNumber;
131
73
  }, "strip", z.ZodTypeAny, {
132
74
  kind: "rolling" | "fixed";
@@ -150,13 +92,9 @@ export declare const DelegationConstraintsSchema: z.ZodObject<{
150
92
  durationSec: number;
151
93
  } | undefined;
152
94
  }>>;
153
- /** Required: at least one scope */
154
95
  scopes: z.ZodArray<z.ZodObject<{
155
- /** Resource identifier (e.g., "api:users", "data:emails") */
156
96
  resource: z.ZodString;
157
- /** How to match the resource */
158
97
  matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
159
- /** Optional additional constraints on this scope */
160
98
  constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
161
99
  }, "strip", z.ZodTypeAny, {
162
100
  resource: string;
@@ -168,17 +106,11 @@ export declare const DelegationConstraintsSchema: z.ZodObject<{
168
106
  constraints?: Record<string, any> | undefined;
169
107
  }>, "many">;
170
108
  }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
171
- /** Optional budget constraint */
172
109
  budget: z.ZodOptional<z.ZodObject<{
173
- /** Unit of the budget */
174
110
  unit: z.ZodEnum<["USD", "ops", "points"]>;
175
- /** Cap/limit for the budget */
176
111
  cap: z.ZodNumber;
177
- /** Optional time window for the budget */
178
112
  window: z.ZodOptional<z.ZodObject<{
179
- /** Type of window (rolling or fixed) */
180
113
  kind: z.ZodEnum<["rolling", "fixed"]>;
181
- /** Duration in seconds */
182
114
  durationSec: z.ZodNumber;
183
115
  }, "strip", z.ZodTypeAny, {
184
116
  kind: "rolling" | "fixed";
@@ -202,13 +134,9 @@ export declare const DelegationConstraintsSchema: z.ZodObject<{
202
134
  durationSec: number;
203
135
  } | undefined;
204
136
  }>>;
205
- /** Required: at least one scope */
206
137
  scopes: z.ZodArray<z.ZodObject<{
207
- /** Resource identifier (e.g., "api:users", "data:emails") */
208
138
  resource: z.ZodString;
209
- /** How to match the resource */
210
139
  matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
211
- /** Optional additional constraints on this scope */
212
140
  constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
213
141
  }, "strip", z.ZodTypeAny, {
214
142
  resource: string;
@@ -220,17 +148,11 @@ export declare const DelegationConstraintsSchema: z.ZodObject<{
220
148
  constraints?: Record<string, any> | undefined;
221
149
  }>, "many">;
222
150
  }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
223
- /** Optional budget constraint */
224
151
  budget: z.ZodOptional<z.ZodObject<{
225
- /** Unit of the budget */
226
152
  unit: z.ZodEnum<["USD", "ops", "points"]>;
227
- /** Cap/limit for the budget */
228
153
  cap: z.ZodNumber;
229
- /** Optional time window for the budget */
230
154
  window: z.ZodOptional<z.ZodObject<{
231
- /** Type of window (rolling or fixed) */
232
155
  kind: z.ZodEnum<["rolling", "fixed"]>;
233
- /** Duration in seconds */
234
156
  durationSec: z.ZodNumber;
235
157
  }, "strip", z.ZodTypeAny, {
236
158
  kind: "rolling" | "fixed";
@@ -254,13 +176,9 @@ export declare const DelegationConstraintsSchema: z.ZodObject<{
254
176
  durationSec: number;
255
177
  } | undefined;
256
178
  }>>;
257
- /** Required: at least one scope */
258
179
  scopes: z.ZodArray<z.ZodObject<{
259
- /** Resource identifier (e.g., "api:users", "data:emails") */
260
180
  resource: z.ZodString;
261
- /** How to match the resource */
262
181
  matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
263
- /** Optional additional constraints on this scope */
264
182
  constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
265
183
  }, "strip", z.ZodTypeAny, {
266
184
  resource: string;
@@ -273,25 +191,15 @@ export declare const DelegationConstraintsSchema: z.ZodObject<{
273
191
  }>, "many">;
274
192
  }, z.ZodTypeAny, "passthrough">>>;
275
193
  }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
276
- /** Not valid before (Unix timestamp in seconds) */
277
194
  notBefore: z.ZodOptional<z.ZodNumber>;
278
- /** Not valid after (Unix timestamp in seconds) */
279
195
  notAfter: z.ZodOptional<z.ZodNumber>;
280
- /** Simple scopes array (for Phase 1 bouncer - simplified model) */
281
196
  scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
282
- /** CRISP-specific constraints (full model) */
283
197
  crisp: z.ZodOptional<z.ZodObject<{
284
- /** Optional budget constraint */
285
198
  budget: z.ZodOptional<z.ZodObject<{
286
- /** Unit of the budget */
287
199
  unit: z.ZodEnum<["USD", "ops", "points"]>;
288
- /** Cap/limit for the budget */
289
200
  cap: z.ZodNumber;
290
- /** Optional time window for the budget */
291
201
  window: z.ZodOptional<z.ZodObject<{
292
- /** Type of window (rolling or fixed) */
293
202
  kind: z.ZodEnum<["rolling", "fixed"]>;
294
- /** Duration in seconds */
295
203
  durationSec: z.ZodNumber;
296
204
  }, "strip", z.ZodTypeAny, {
297
205
  kind: "rolling" | "fixed";
@@ -315,13 +223,9 @@ export declare const DelegationConstraintsSchema: z.ZodObject<{
315
223
  durationSec: number;
316
224
  } | undefined;
317
225
  }>>;
318
- /** Required: at least one scope */
319
226
  scopes: z.ZodArray<z.ZodObject<{
320
- /** Resource identifier (e.g., "api:users", "data:emails") */
321
227
  resource: z.ZodString;
322
- /** How to match the resource */
323
228
  matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
324
- /** Optional additional constraints on this scope */
325
229
  constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
326
230
  }, "strip", z.ZodTypeAny, {
327
231
  resource: string;
@@ -333,17 +237,11 @@ export declare const DelegationConstraintsSchema: z.ZodObject<{
333
237
  constraints?: Record<string, any> | undefined;
334
238
  }>, "many">;
335
239
  }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
336
- /** Optional budget constraint */
337
240
  budget: z.ZodOptional<z.ZodObject<{
338
- /** Unit of the budget */
339
241
  unit: z.ZodEnum<["USD", "ops", "points"]>;
340
- /** Cap/limit for the budget */
341
242
  cap: z.ZodNumber;
342
- /** Optional time window for the budget */
343
243
  window: z.ZodOptional<z.ZodObject<{
344
- /** Type of window (rolling or fixed) */
345
244
  kind: z.ZodEnum<["rolling", "fixed"]>;
346
- /** Duration in seconds */
347
245
  durationSec: z.ZodNumber;
348
246
  }, "strip", z.ZodTypeAny, {
349
247
  kind: "rolling" | "fixed";
@@ -367,13 +265,9 @@ export declare const DelegationConstraintsSchema: z.ZodObject<{
367
265
  durationSec: number;
368
266
  } | undefined;
369
267
  }>>;
370
- /** Required: at least one scope */
371
268
  scopes: z.ZodArray<z.ZodObject<{
372
- /** Resource identifier (e.g., "api:users", "data:emails") */
373
269
  resource: z.ZodString;
374
- /** How to match the resource */
375
270
  matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
376
- /** Optional additional constraints on this scope */
377
271
  constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
378
272
  }, "strip", z.ZodTypeAny, {
379
273
  resource: string;
@@ -385,17 +279,11 @@ export declare const DelegationConstraintsSchema: z.ZodObject<{
385
279
  constraints?: Record<string, any> | undefined;
386
280
  }>, "many">;
387
281
  }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
388
- /** Optional budget constraint */
389
282
  budget: z.ZodOptional<z.ZodObject<{
390
- /** Unit of the budget */
391
283
  unit: z.ZodEnum<["USD", "ops", "points"]>;
392
- /** Cap/limit for the budget */
393
284
  cap: z.ZodNumber;
394
- /** Optional time window for the budget */
395
285
  window: z.ZodOptional<z.ZodObject<{
396
- /** Type of window (rolling or fixed) */
397
286
  kind: z.ZodEnum<["rolling", "fixed"]>;
398
- /** Duration in seconds */
399
287
  durationSec: z.ZodNumber;
400
288
  }, "strip", z.ZodTypeAny, {
401
289
  kind: "rolling" | "fixed";
@@ -419,13 +307,9 @@ export declare const DelegationConstraintsSchema: z.ZodObject<{
419
307
  durationSec: number;
420
308
  } | undefined;
421
309
  }>>;
422
- /** Required: at least one scope */
423
310
  scopes: z.ZodArray<z.ZodObject<{
424
- /** Resource identifier (e.g., "api:users", "data:emails") */
425
311
  resource: z.ZodString;
426
- /** How to match the resource */
427
312
  matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
428
- /** Optional additional constraints on this scope */
429
313
  constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
430
314
  }, "strip", z.ZodTypeAny, {
431
315
  resource: string;
@@ -438,25 +322,15 @@ export declare const DelegationConstraintsSchema: z.ZodObject<{
438
322
  }>, "many">;
439
323
  }, z.ZodTypeAny, "passthrough">>>;
440
324
  }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
441
- /** Not valid before (Unix timestamp in seconds) */
442
325
  notBefore: z.ZodOptional<z.ZodNumber>;
443
- /** Not valid after (Unix timestamp in seconds) */
444
326
  notAfter: z.ZodOptional<z.ZodNumber>;
445
- /** Simple scopes array (for Phase 1 bouncer - simplified model) */
446
327
  scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
447
- /** CRISP-specific constraints (full model) */
448
328
  crisp: z.ZodOptional<z.ZodObject<{
449
- /** Optional budget constraint */
450
329
  budget: z.ZodOptional<z.ZodObject<{
451
- /** Unit of the budget */
452
330
  unit: z.ZodEnum<["USD", "ops", "points"]>;
453
- /** Cap/limit for the budget */
454
331
  cap: z.ZodNumber;
455
- /** Optional time window for the budget */
456
332
  window: z.ZodOptional<z.ZodObject<{
457
- /** Type of window (rolling or fixed) */
458
333
  kind: z.ZodEnum<["rolling", "fixed"]>;
459
- /** Duration in seconds */
460
334
  durationSec: z.ZodNumber;
461
335
  }, "strip", z.ZodTypeAny, {
462
336
  kind: "rolling" | "fixed";
@@ -480,13 +354,9 @@ export declare const DelegationConstraintsSchema: z.ZodObject<{
480
354
  durationSec: number;
481
355
  } | undefined;
482
356
  }>>;
483
- /** Required: at least one scope */
484
357
  scopes: z.ZodArray<z.ZodObject<{
485
- /** Resource identifier (e.g., "api:users", "data:emails") */
486
358
  resource: z.ZodString;
487
- /** How to match the resource */
488
359
  matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
489
- /** Optional additional constraints on this scope */
490
360
  constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
491
361
  }, "strip", z.ZodTypeAny, {
492
362
  resource: string;
@@ -498,17 +368,11 @@ export declare const DelegationConstraintsSchema: z.ZodObject<{
498
368
  constraints?: Record<string, any> | undefined;
499
369
  }>, "many">;
500
370
  }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
501
- /** Optional budget constraint */
502
371
  budget: z.ZodOptional<z.ZodObject<{
503
- /** Unit of the budget */
504
372
  unit: z.ZodEnum<["USD", "ops", "points"]>;
505
- /** Cap/limit for the budget */
506
373
  cap: z.ZodNumber;
507
- /** Optional time window for the budget */
508
374
  window: z.ZodOptional<z.ZodObject<{
509
- /** Type of window (rolling or fixed) */
510
375
  kind: z.ZodEnum<["rolling", "fixed"]>;
511
- /** Duration in seconds */
512
376
  durationSec: z.ZodNumber;
513
377
  }, "strip", z.ZodTypeAny, {
514
378
  kind: "rolling" | "fixed";
@@ -532,13 +396,9 @@ export declare const DelegationConstraintsSchema: z.ZodObject<{
532
396
  durationSec: number;
533
397
  } | undefined;
534
398
  }>>;
535
- /** Required: at least one scope */
536
399
  scopes: z.ZodArray<z.ZodObject<{
537
- /** Resource identifier (e.g., "api:users", "data:emails") */
538
400
  resource: z.ZodString;
539
- /** How to match the resource */
540
401
  matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
541
- /** Optional additional constraints on this scope */
542
402
  constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
543
403
  }, "strip", z.ZodTypeAny, {
544
404
  resource: string;
@@ -550,17 +410,11 @@ export declare const DelegationConstraintsSchema: z.ZodObject<{
550
410
  constraints?: Record<string, any> | undefined;
551
411
  }>, "many">;
552
412
  }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
553
- /** Optional budget constraint */
554
413
  budget: z.ZodOptional<z.ZodObject<{
555
- /** Unit of the budget */
556
414
  unit: z.ZodEnum<["USD", "ops", "points"]>;
557
- /** Cap/limit for the budget */
558
415
  cap: z.ZodNumber;
559
- /** Optional time window for the budget */
560
416
  window: z.ZodOptional<z.ZodObject<{
561
- /** Type of window (rolling or fixed) */
562
417
  kind: z.ZodEnum<["rolling", "fixed"]>;
563
- /** Duration in seconds */
564
418
  durationSec: z.ZodNumber;
565
419
  }, "strip", z.ZodTypeAny, {
566
420
  kind: "rolling" | "fixed";
@@ -584,13 +438,9 @@ export declare const DelegationConstraintsSchema: z.ZodObject<{
584
438
  durationSec: number;
585
439
  } | undefined;
586
440
  }>>;
587
- /** Required: at least one scope */
588
441
  scopes: z.ZodArray<z.ZodObject<{
589
- /** Resource identifier (e.g., "api:users", "data:emails") */
590
442
  resource: z.ZodString;
591
- /** How to match the resource */
592
443
  matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
593
- /** Optional additional constraints on this scope */
594
444
  constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
595
445
  }, "strip", z.ZodTypeAny, {
596
446
  resource: string;
@@ -604,35 +454,16 @@ export declare const DelegationConstraintsSchema: z.ZodObject<{
604
454
  }, z.ZodTypeAny, "passthrough">>>;
605
455
  }, z.ZodTypeAny, "passthrough">>;
606
456
  export type DelegationConstraints = z.infer<typeof DelegationConstraintsSchema>;
607
- /**
608
- * Validation Helpers
609
- */
610
- /**
611
- * Validate delegation constraints
612
- *
613
- * @param constraints - The constraints to validate
614
- * @returns Validation result
615
- */
616
457
  export declare function validateDelegationConstraints(constraints: unknown): z.SafeParseReturnType<z.objectInputType<{
617
- /** Not valid before (Unix timestamp in seconds) */
618
458
  notBefore: z.ZodOptional<z.ZodNumber>;
619
- /** Not valid after (Unix timestamp in seconds) */
620
459
  notAfter: z.ZodOptional<z.ZodNumber>;
621
- /** Simple scopes array (for Phase 1 bouncer - simplified model) */
622
460
  scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
623
- /** CRISP-specific constraints (full model) */
624
461
  crisp: z.ZodOptional<z.ZodObject<{
625
- /** Optional budget constraint */
626
462
  budget: z.ZodOptional<z.ZodObject<{
627
- /** Unit of the budget */
628
463
  unit: z.ZodEnum<["USD", "ops", "points"]>;
629
- /** Cap/limit for the budget */
630
464
  cap: z.ZodNumber;
631
- /** Optional time window for the budget */
632
465
  window: z.ZodOptional<z.ZodObject<{
633
- /** Type of window (rolling or fixed) */
634
466
  kind: z.ZodEnum<["rolling", "fixed"]>;
635
- /** Duration in seconds */
636
467
  durationSec: z.ZodNumber;
637
468
  }, "strip", z.ZodTypeAny, {
638
469
  kind: "rolling" | "fixed";
@@ -656,13 +487,9 @@ export declare function validateDelegationConstraints(constraints: unknown): z.S
656
487
  durationSec: number;
657
488
  } | undefined;
658
489
  }>>;
659
- /** Required: at least one scope */
660
490
  scopes: z.ZodArray<z.ZodObject<{
661
- /** Resource identifier (e.g., "api:users", "data:emails") */
662
491
  resource: z.ZodString;
663
- /** How to match the resource */
664
492
  matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
665
- /** Optional additional constraints on this scope */
666
493
  constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
667
494
  }, "strip", z.ZodTypeAny, {
668
495
  resource: string;
@@ -674,17 +501,11 @@ export declare function validateDelegationConstraints(constraints: unknown): z.S
674
501
  constraints?: Record<string, any> | undefined;
675
502
  }>, "many">;
676
503
  }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
677
- /** Optional budget constraint */
678
504
  budget: z.ZodOptional<z.ZodObject<{
679
- /** Unit of the budget */
680
505
  unit: z.ZodEnum<["USD", "ops", "points"]>;
681
- /** Cap/limit for the budget */
682
506
  cap: z.ZodNumber;
683
- /** Optional time window for the budget */
684
507
  window: z.ZodOptional<z.ZodObject<{
685
- /** Type of window (rolling or fixed) */
686
508
  kind: z.ZodEnum<["rolling", "fixed"]>;
687
- /** Duration in seconds */
688
509
  durationSec: z.ZodNumber;
689
510
  }, "strip", z.ZodTypeAny, {
690
511
  kind: "rolling" | "fixed";
@@ -708,13 +529,9 @@ export declare function validateDelegationConstraints(constraints: unknown): z.S
708
529
  durationSec: number;
709
530
  } | undefined;
710
531
  }>>;
711
- /** Required: at least one scope */
712
532
  scopes: z.ZodArray<z.ZodObject<{
713
- /** Resource identifier (e.g., "api:users", "data:emails") */
714
533
  resource: z.ZodString;
715
- /** How to match the resource */
716
534
  matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
717
- /** Optional additional constraints on this scope */
718
535
  constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
719
536
  }, "strip", z.ZodTypeAny, {
720
537
  resource: string;
@@ -726,17 +543,11 @@ export declare function validateDelegationConstraints(constraints: unknown): z.S
726
543
  constraints?: Record<string, any> | undefined;
727
544
  }>, "many">;
728
545
  }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
729
- /** Optional budget constraint */
730
546
  budget: z.ZodOptional<z.ZodObject<{
731
- /** Unit of the budget */
732
547
  unit: z.ZodEnum<["USD", "ops", "points"]>;
733
- /** Cap/limit for the budget */
734
548
  cap: z.ZodNumber;
735
- /** Optional time window for the budget */
736
549
  window: z.ZodOptional<z.ZodObject<{
737
- /** Type of window (rolling or fixed) */
738
550
  kind: z.ZodEnum<["rolling", "fixed"]>;
739
- /** Duration in seconds */
740
551
  durationSec: z.ZodNumber;
741
552
  }, "strip", z.ZodTypeAny, {
742
553
  kind: "rolling" | "fixed";
@@ -760,13 +571,9 @@ export declare function validateDelegationConstraints(constraints: unknown): z.S
760
571
  durationSec: number;
761
572
  } | undefined;
762
573
  }>>;
763
- /** Required: at least one scope */
764
574
  scopes: z.ZodArray<z.ZodObject<{
765
- /** Resource identifier (e.g., "api:users", "data:emails") */
766
575
  resource: z.ZodString;
767
- /** How to match the resource */
768
576
  matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
769
- /** Optional additional constraints on this scope */
770
577
  constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
771
578
  }, "strip", z.ZodTypeAny, {
772
579
  resource: string;
@@ -779,25 +586,15 @@ export declare function validateDelegationConstraints(constraints: unknown): z.S
779
586
  }>, "many">;
780
587
  }, z.ZodTypeAny, "passthrough">>>;
781
588
  }, z.ZodTypeAny, "passthrough">, z.objectOutputType<{
782
- /** Not valid before (Unix timestamp in seconds) */
783
589
  notBefore: z.ZodOptional<z.ZodNumber>;
784
- /** Not valid after (Unix timestamp in seconds) */
785
590
  notAfter: z.ZodOptional<z.ZodNumber>;
786
- /** Simple scopes array (for Phase 1 bouncer - simplified model) */
787
591
  scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
788
- /** CRISP-specific constraints (full model) */
789
592
  crisp: z.ZodOptional<z.ZodObject<{
790
- /** Optional budget constraint */
791
593
  budget: z.ZodOptional<z.ZodObject<{
792
- /** Unit of the budget */
793
594
  unit: z.ZodEnum<["USD", "ops", "points"]>;
794
- /** Cap/limit for the budget */
795
595
  cap: z.ZodNumber;
796
- /** Optional time window for the budget */
797
596
  window: z.ZodOptional<z.ZodObject<{
798
- /** Type of window (rolling or fixed) */
799
597
  kind: z.ZodEnum<["rolling", "fixed"]>;
800
- /** Duration in seconds */
801
598
  durationSec: z.ZodNumber;
802
599
  }, "strip", z.ZodTypeAny, {
803
600
  kind: "rolling" | "fixed";
@@ -821,13 +618,9 @@ export declare function validateDelegationConstraints(constraints: unknown): z.S
821
618
  durationSec: number;
822
619
  } | undefined;
823
620
  }>>;
824
- /** Required: at least one scope */
825
621
  scopes: z.ZodArray<z.ZodObject<{
826
- /** Resource identifier (e.g., "api:users", "data:emails") */
827
622
  resource: z.ZodString;
828
- /** How to match the resource */
829
623
  matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
830
- /** Optional additional constraints on this scope */
831
624
  constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
832
625
  }, "strip", z.ZodTypeAny, {
833
626
  resource: string;
@@ -839,17 +632,11 @@ export declare function validateDelegationConstraints(constraints: unknown): z.S
839
632
  constraints?: Record<string, any> | undefined;
840
633
  }>, "many">;
841
634
  }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
842
- /** Optional budget constraint */
843
635
  budget: z.ZodOptional<z.ZodObject<{
844
- /** Unit of the budget */
845
636
  unit: z.ZodEnum<["USD", "ops", "points"]>;
846
- /** Cap/limit for the budget */
847
637
  cap: z.ZodNumber;
848
- /** Optional time window for the budget */
849
638
  window: z.ZodOptional<z.ZodObject<{
850
- /** Type of window (rolling or fixed) */
851
639
  kind: z.ZodEnum<["rolling", "fixed"]>;
852
- /** Duration in seconds */
853
640
  durationSec: z.ZodNumber;
854
641
  }, "strip", z.ZodTypeAny, {
855
642
  kind: "rolling" | "fixed";
@@ -873,13 +660,9 @@ export declare function validateDelegationConstraints(constraints: unknown): z.S
873
660
  durationSec: number;
874
661
  } | undefined;
875
662
  }>>;
876
- /** Required: at least one scope */
877
663
  scopes: z.ZodArray<z.ZodObject<{
878
- /** Resource identifier (e.g., "api:users", "data:emails") */
879
664
  resource: z.ZodString;
880
- /** How to match the resource */
881
665
  matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
882
- /** Optional additional constraints on this scope */
883
666
  constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
884
667
  }, "strip", z.ZodTypeAny, {
885
668
  resource: string;
@@ -891,17 +674,11 @@ export declare function validateDelegationConstraints(constraints: unknown): z.S
891
674
  constraints?: Record<string, any> | undefined;
892
675
  }>, "many">;
893
676
  }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
894
- /** Optional budget constraint */
895
677
  budget: z.ZodOptional<z.ZodObject<{
896
- /** Unit of the budget */
897
678
  unit: z.ZodEnum<["USD", "ops", "points"]>;
898
- /** Cap/limit for the budget */
899
679
  cap: z.ZodNumber;
900
- /** Optional time window for the budget */
901
680
  window: z.ZodOptional<z.ZodObject<{
902
- /** Type of window (rolling or fixed) */
903
681
  kind: z.ZodEnum<["rolling", "fixed"]>;
904
- /** Duration in seconds */
905
682
  durationSec: z.ZodNumber;
906
683
  }, "strip", z.ZodTypeAny, {
907
684
  kind: "rolling" | "fixed";
@@ -925,13 +702,9 @@ export declare function validateDelegationConstraints(constraints: unknown): z.S
925
702
  durationSec: number;
926
703
  } | undefined;
927
704
  }>>;
928
- /** Required: at least one scope */
929
705
  scopes: z.ZodArray<z.ZodObject<{
930
- /** Resource identifier (e.g., "api:users", "data:emails") */
931
706
  resource: z.ZodString;
932
- /** How to match the resource */
933
707
  matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
934
- /** Optional additional constraints on this scope */
935
708
  constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
936
709
  }, "strip", z.ZodTypeAny, {
937
710
  resource: string;
@@ -944,49 +717,10 @@ export declare function validateDelegationConstraints(constraints: unknown): z.S
944
717
  }>, "many">;
945
718
  }, z.ZodTypeAny, "passthrough">>>;
946
719
  }, z.ZodTypeAny, "passthrough">>;
947
- /**
948
- * Check if constraints have a valid time range
949
- *
950
- * @param constraints - The constraints to check
951
- * @returns true if time range is valid or no time range specified
952
- */
953
720
  export declare function hasValidTimeRange(constraints: DelegationConstraints): boolean;
954
- /**
955
- * Check if child constraints are within parent constraints
956
- *
957
- * This performs basic structural checks. Full chain validation
958
- * requires runtime implementation.
959
- *
960
- * @param parent - Parent delegation constraints
961
- * @param child - Child delegation constraints
962
- * @returns true if child is within parent bounds
963
- */
964
721
  export declare function areChildConstraintsValid(parent: DelegationConstraints, child: DelegationConstraints): boolean;
965
- /**
966
- * Check if a resource matches a scope
967
- *
968
- * @param resource - The resource to check
969
- * @param scope - The scope to match against
970
- * @returns true if resource matches scope
971
- */
972
722
  export declare function doesResourceMatchScope(resource: string, scope: CrispScope): boolean;
973
- /**
974
- * Constants
975
- */
976
- /**
977
- * Supported currency types
978
- */
979
723
  export declare const SUPPORTED_CURRENCIES: Currency[];
980
- /**
981
- * Supported scope matchers
982
- */
983
724
  export declare const SUPPORTED_MATCHERS: ScopeMatcher[];
984
- /**
985
- * Maximum reasonable budget cap (for validation)
986
- */
987
725
  export declare const MAX_BUDGET_CAP: number;
988
- /**
989
- * Maximum reasonable window duration (10 years in seconds)
990
- */
991
726
  export declare const MAX_WINDOW_DURATION_SEC: number;
992
- //# sourceMappingURL=constraints.d.ts.map