@kya-os/contracts 1.3.2 → 1.3.3

package/dist/delegation/constraints.js

@@ -1,13 +1,4 @@
 "use strict";
-/**
- * CRISP Delegation Constraints
- *
- * Types and schemas for CRISP (Constrained Resource Intent Specification Protocol)
- * constraints on delegations. CRISP enables fine-grained authorization control.
- *
- * Related Spec: MCP-I §4.2
- * Python Reference: Delegation-Documentation.md
- */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.MAX_WINDOW_DURATION_SEC = exports.MAX_BUDGET_CAP = exports.SUPPORTED_MATCHERS = exports.SUPPORTED_CURRENCIES = exports.DelegationConstraintsSchema = exports.CrispScopeSchema = exports.ScopeMatcherSchema = exports.CrispBudgetSchema = exports.BudgetWindowSchema = exports.WindowKindSchema = exports.CurrencySchema = void 0;
 exports.validateDelegationConstraints = validateDelegationConstraints;
@@ -15,94 +6,35 @@ exports.hasValidTimeRange = hasValidTimeRange;
 exports.areChildConstraintsValid = areChildConstraintsValid;
 exports.doesResourceMatchScope = doesResourceMatchScope;
 const zod_1 = require("zod");
-/**
- * Currency types for CRISP budgets
- */
 exports.CurrencySchema = zod_1.z.enum(['USD', 'ops', 'points']);
-/**
- * Window kind for budget enforcement
- */
 exports.WindowKindSchema = zod_1.z.enum(['rolling', 'fixed']);
-/**
- * Budget Window Schema
- *
- * Defines the time window for budget enforcement
- */
 exports.BudgetWindowSchema = zod_1.z.object({
-    /** Type of window (rolling or fixed) */
     kind: exports.WindowKindSchema,
-    /** Duration in seconds */
     durationSec: zod_1.z.number().int().positive(),
 });
-/**
- * CRISP Budget Schema
- *
- * Defines spending/usage limits for a delegation
- */
 exports.CrispBudgetSchema = zod_1.z.object({
-    /** Unit of the budget */
     unit: exports.CurrencySchema,
-    /** Cap/limit for the budget */
     cap: zod_1.z.number().nonnegative(),
-    /** Optional time window for the budget */
     window: exports.BudgetWindowSchema.optional(),
 });
-/**
- * Scope matcher types
- */
 exports.ScopeMatcherSchema = zod_1.z.enum(['exact', 'prefix', 'regex']);
-/**
- * CRISP Scope Schema
- *
- * Defines what resources/actions are allowed in a delegation
- */
 exports.CrispScopeSchema = zod_1.z.object({
-    /** Resource identifier (e.g., "api:users", "data:emails") */
     resource: zod_1.z.string().min(1),
-    /** How to match the resource */
     matcher: exports.ScopeMatcherSchema,
-    /** Optional additional constraints on this scope */
     constraints: zod_1.z.record(zod_1.z.any()).optional(),
 });
-/**
- * Delegation Constraints Schema (CRISP)
- *
- * Complete constraint specification for a delegation
- */
 exports.DelegationConstraintsSchema = zod_1.z.object({
-    /** Not valid before (Unix timestamp in seconds) */
     notBefore: zod_1.z.number().int().optional(),
-    /** Not valid after (Unix timestamp in seconds) */
     notAfter: zod_1.z.number().int().optional(),
-    /** Simple scopes array (for Phase 1 bouncer - simplified model) */
     scopes: zod_1.z.array(zod_1.z.string()).optional(),
-    /** CRISP-specific constraints (full model) */
     crisp: zod_1.z.object({
-        /** Optional budget constraint */
         budget: exports.CrispBudgetSchema.optional(),
-        /** Required: at least one scope */
         scopes: zod_1.z.array(exports.CrispScopeSchema).min(1),
-        /** Optional additional CRISP fields */
     }).passthrough().optional(),
-}).passthrough(); // Allow extensibility
-/**
- * Validation Helpers
- */
-/**
- * Validate delegation constraints
- *
- * @param constraints - The constraints to validate
- * @returns Validation result
- */
+}).passthrough();
 function validateDelegationConstraints(constraints) {
     return exports.DelegationConstraintsSchema.safeParse(constraints);
 }
-/**
- * Check if constraints have a valid time range
- *
- * @param constraints - The constraints to check
- * @returns true if time range is valid or no time range specified
- */
 function hasValidTimeRange(constraints) {
     if (constraints.notBefore === undefined && constraints.notAfter === undefined) {
         return true;
@@ -112,18 +44,7 @@ function hasValidTimeRange(constraints) {
     }
     return true;
 }
-/**
- * Check if child constraints are within parent constraints
- *
- * This performs basic structural checks. Full chain validation
- * requires runtime implementation.
- *
- * @param parent - Parent delegation constraints
- * @param child - Child delegation constraints
- * @returns true if child is within parent bounds
- */
 function areChildConstraintsValid(parent, child) {
-    // Time bounds: child must be within parent
     if (parent.notBefore !== undefined && child.notBefore !== undefined) {
         if (child.notBefore < parent.notBefore) {
             return false;
@@ -134,7 +55,6 @@ function areChildConstraintsValid(parent, child) {
             return false;
         }
     }
-    // Budget: child must be ≤ parent (if same unit)
     if (parent.crisp?.budget &&
         child.crisp?.budget &&
         parent.crisp.budget.unit === child.crisp.budget.unit) {
@@ -142,12 +62,9 @@ function areChildConstraintsValid(parent, child) {
             return false;
         }
     }
-    // Scopes: child scopes must be subset of parent scopes
-    // This is a simplified check - full validation is complex
     if (parent.crisp && child.crisp) {
         const parentResources = new Set(parent.crisp.scopes.map((s) => s.resource));
         const allChildResourcesInParent = child.crisp.scopes.every((childScope) => {
-            // Check if child resource matches any parent resource
             return parent.crisp.scopes.some((parentScope) => {
                 if (parentScope.matcher === 'exact') {
                     return parentScope.resource === childScope.resource;
@@ -155,21 +72,13 @@ function areChildConstraintsValid(parent, child) {
                 if (parentScope.matcher === 'prefix') {
                     return childScope.resource.startsWith(parentScope.resource);
                 }
-                // regex matching would require runtime regex evaluation
-                return true; // Can't validate regex at type level
+                return true;
             });
         });
         return allChildResourcesInParent;
     }
-    return true; // Can't validate if crisp is not present
+    return true;
 }
-/**
- * Check if a resource matches a scope
- *
- * @param resource - The resource to check
- * @param scope - The scope to match against
- * @returns true if resource matches scope
- */
 function doesResourceMatchScope(resource, scope) {
     switch (scope.matcher) {
         case 'exact':
@@ -188,23 +97,7 @@ function doesResourceMatchScope(resource, scope) {
             return false;
     }
 }
-/**
- * Constants
- */
-/**
- * Supported currency types
- */
 exports.SUPPORTED_CURRENCIES = ['USD', 'ops', 'points'];
-/**
- * Supported scope matchers
- */
 exports.SUPPORTED_MATCHERS = ['exact', 'prefix', 'regex'];
-/**
- * Maximum reasonable budget cap (for validation)
- */
 exports.MAX_BUDGET_CAP = Number.MAX_SAFE_INTEGER;
-/**
- * Maximum reasonable window duration (10 years in seconds)
- */
 exports.MAX_WINDOW_DURATION_SEC = 10 * 365 * 24 * 60 * 60;
-//# sourceMappingURL=constraints.js.map

package/dist/delegation/index.d.ts

@@ -1,8 +1,2 @@
-/**
- * Delegation Module Exports
- *
- * Types and schemas for delegation records and CRISP constraints
- */
 export * from './schemas.js';
 export * from './constraints.js';
-//# sourceMappingURL=index.d.ts.map

package/dist/delegation/index.js

@@ -1,9 +1,4 @@
 "use strict";
-/**
- * Delegation Module Exports
- *
- * Types and schemas for delegation records and CRISP constraints
- */
 var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
     if (k2 === undefined) k2 = k;
     var desc = Object.getOwnPropertyDescriptor(m, k);
@@ -21,4 +16,3 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
 Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./schemas.js"), exports);
 __exportStar(require("./constraints.js"), exports);
-//# sourceMappingURL=index.js.map