@kya-os/contracts 1.3.2 → 1.3.4

package/dist/test.d.ts

@@ -1,252 +0,0 @@
-/**
- * Test infrastructure types and schemas for XMCP-I
- *
- * This module provides types and utilities for testing XMCP-I applications
- * without hitting external services like KTA.
- */
-import { z } from "zod";
-/**
- * Test environment configuration
- */
-export declare const TestEnvironmentSchema: z.ZodObject<{
-    mode: z.ZodLiteral<"test">;
-    seed: z.ZodOptional<z.ZodString>;
-    deterministicKeys: z.ZodDefault<z.ZodBoolean>;
-    skipKTACalls: z.ZodDefault<z.ZodBoolean>;
-}, "strip", z.ZodTypeAny, {
-    mode: "test";
-    deterministicKeys: boolean;
-    skipKTACalls: boolean;
-    seed?: string | undefined;
-}, {
-    mode: "test";
-    seed?: string | undefined;
-    deterministicKeys?: boolean | undefined;
-    skipKTACalls?: boolean | undefined;
-}>;
-export type TestEnvironment = z.infer<typeof TestEnvironmentSchema>;
-/**
- * Mock identity configuration for testing
- */
-export declare const MockIdentitySchema: z.ZodObject<{
-    did: z.ZodString;
-    kid: z.ZodString;
-    privateKey: z.ZodString;
-    publicKey: z.ZodString;
-    createdAt: z.ZodString;
-    lastRotated: z.ZodOptional<z.ZodString>;
-}, "strip", z.ZodTypeAny, {
-    did: string;
-    kid: string;
-    privateKey: string;
-    publicKey: string;
-    createdAt: string;
-    lastRotated?: string | undefined;
-}, {
-    did: string;
-    kid: string;
-    privateKey: string;
-    publicKey: string;
-    createdAt: string;
-    lastRotated?: string | undefined;
-}>;
-export type MockIdentity = z.infer<typeof MockIdentitySchema>;
-/**
- * Mock delegation status for testing
- */
-export declare const MockDelegationStatusSchema: z.ZodEnum<["active", "revoked", "pending"]>;
-export type MockDelegationStatus = z.infer<typeof MockDelegationStatusSchema>;
-/**
- * Mock KTA failure scenarios for testing
- */
-export declare const MockKTAFailureTypeSchema: z.ZodEnum<["network", "auth", "invalid", "timeout"]>;
-export type MockKTAFailureType = z.infer<typeof MockKTAFailureTypeSchema>;
-/**
- * Mock identity provider configuration
- */
-export declare const MockIdentityProviderConfigSchema: z.ZodObject<{
-    identities: z.ZodRecord<z.ZodString, z.ZodObject<{
-        did: z.ZodString;
-        kid: z.ZodString;
-        privateKey: z.ZodString;
-        publicKey: z.ZodString;
-        createdAt: z.ZodString;
-        lastRotated: z.ZodOptional<z.ZodString>;
-    }, "strip", z.ZodTypeAny, {
-        did: string;
-        kid: string;
-        privateKey: string;
-        publicKey: string;
-        createdAt: string;
-        lastRotated?: string | undefined;
-    }, {
-        did: string;
-        kid: string;
-        privateKey: string;
-        publicKey: string;
-        createdAt: string;
-        lastRotated?: string | undefined;
-    }>>;
-    delegations: z.ZodRecord<z.ZodString, z.ZodEnum<["active", "revoked", "pending"]>>;
-    ktaFailures: z.ZodDefault<z.ZodArray<z.ZodEnum<["network", "auth", "invalid", "timeout"]>, "many">>;
-    deterministicSeed: z.ZodOptional<z.ZodString>;
-}, "strip", z.ZodTypeAny, {
-    identities: Record<string, {
-        did: string;
-        kid: string;
-        privateKey: string;
-        publicKey: string;
-        createdAt: string;
-        lastRotated?: string | undefined;
-    }>;
-    delegations: Record<string, "pending" | "active" | "revoked">;
-    ktaFailures: ("network" | "auth" | "invalid" | "timeout")[];
-    deterministicSeed?: string | undefined;
-}, {
-    identities: Record<string, {
-        did: string;
-        kid: string;
-        privateKey: string;
-        publicKey: string;
-        createdAt: string;
-        lastRotated?: string | undefined;
-    }>;
-    delegations: Record<string, "pending" | "active" | "revoked">;
-    ktaFailures?: ("network" | "auth" | "invalid" | "timeout")[] | undefined;
-    deterministicSeed?: string | undefined;
-}>;
-export type MockIdentityProviderConfig = z.infer<typeof MockIdentityProviderConfigSchema>;
-/**
- * Local verification result for offline testing
- */
-export declare const LocalVerificationResultSchema: z.ZodObject<{
-    valid: z.ZodBoolean;
-    did: z.ZodOptional<z.ZodString>;
-    kid: z.ZodOptional<z.ZodString>;
-    signature: z.ZodObject<{
-        valid: z.ZodBoolean;
-        algorithm: z.ZodString;
-        error: z.ZodOptional<z.ZodString>;
-    }, "strip", z.ZodTypeAny, {
-        valid: boolean;
-        algorithm: string;
-        error?: string | undefined;
-    }, {
-        valid: boolean;
-        algorithm: string;
-        error?: string | undefined;
-    }>;
-    proof: z.ZodObject<{
-        valid: z.ZodBoolean;
-        structure: z.ZodBoolean;
-        timestamps: z.ZodBoolean;
-        hashes: z.ZodBoolean;
-        error: z.ZodOptional<z.ZodString>;
-    }, "strip", z.ZodTypeAny, {
-        valid: boolean;
-        structure: boolean;
-        timestamps: boolean;
-        hashes: boolean;
-        error?: string | undefined;
-    }, {
-        valid: boolean;
-        structure: boolean;
-        timestamps: boolean;
-        hashes: boolean;
-        error?: string | undefined;
-    }>;
-    session: z.ZodObject<{
-        valid: z.ZodBoolean;
-        expired: z.ZodBoolean;
-        error: z.ZodOptional<z.ZodString>;
-    }, "strip", z.ZodTypeAny, {
-        valid: boolean;
-        expired: boolean;
-        error?: string | undefined;
-    }, {
-        valid: boolean;
-        expired: boolean;
-        error?: string | undefined;
-    }>;
-    errors: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
-    warnings: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
-}, "strip", z.ZodTypeAny, {
-    valid: boolean;
-    warnings: string[];
-    session: {
-        valid: boolean;
-        expired: boolean;
-        error?: string | undefined;
-    };
-    signature: {
-        valid: boolean;
-        algorithm: string;
-        error?: string | undefined;
-    };
-    proof: {
-        valid: boolean;
-        structure: boolean;
-        timestamps: boolean;
-        hashes: boolean;
-        error?: string | undefined;
-    };
-    errors: string[];
-    did?: string | undefined;
-    kid?: string | undefined;
-}, {
-    valid: boolean;
-    session: {
-        valid: boolean;
-        expired: boolean;
-        error?: string | undefined;
-    };
-    signature: {
-        valid: boolean;
-        algorithm: string;
-        error?: string | undefined;
-    };
-    proof: {
-        valid: boolean;
-        structure: boolean;
-        timestamps: boolean;
-        hashes: boolean;
-        error?: string | undefined;
-    };
-    did?: string | undefined;
-    kid?: string | undefined;
-    warnings?: string[] | undefined;
-    errors?: string[] | undefined;
-}>;
-export type LocalVerificationResult = z.infer<typeof LocalVerificationResultSchema>;
-/**
- * Test DID and Key ID constants
- */
-export declare const TEST_DIDS: {
-    readonly AGENT_1: "did:test:agent-1";
-    readonly AGENT_2: "did:test:agent-2";
-    readonly VERIFIER_1: "did:test:verifier-1";
-};
-export declare const TEST_KEY_IDS: {
-    readonly KEY_TEST_1: "key-test-1";
-    readonly KEY_TEST_2: "key-test-2";
-    readonly KEY_VERIFIER_1: "key-verifier-1";
-};
-/**
- * Test environment detection
- */
-export declare function isTestEnvironment(): boolean;
-/**
- * Get test seed from environment or test name
- */
-export declare function getTestSeed(testName?: string): string;
-/**
- * Error codes for test infrastructure
- */
-export declare const TEST_ERROR_CODES: {
-    readonly MOCK_KTA_FAILURE: "XMCP_I_TEST_MOCK_KTA_FAILURE";
-    readonly DETERMINISTIC_KEY_GENERATION_FAILED: "XMCP_I_TEST_DETERMINISTIC_KEY_FAILED";
-    readonly LOCAL_VERIFICATION_FAILED: "XMCP_I_TEST_LOCAL_VERIFICATION_FAILED";
-    readonly INVALID_TEST_CONFIGURATION: "XMCP_I_TEST_INVALID_CONFIG";
-};
-export type TestErrorCode = (typeof TEST_ERROR_CODES)[keyof typeof TEST_ERROR_CODES];
-//# sourceMappingURL=test.d.ts.map

package/dist/test.js

@@ -1,120 +0,0 @@
-"use strict";
-/**
- * Test infrastructure types and schemas for XMCP-I
- *
- * This module provides types and utilities for testing XMCP-I applications
- * without hitting external services like KTA.
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.TEST_ERROR_CODES = exports.TEST_KEY_IDS = exports.TEST_DIDS = exports.LocalVerificationResultSchema = exports.MockIdentityProviderConfigSchema = exports.MockKTAFailureTypeSchema = exports.MockDelegationStatusSchema = exports.MockIdentitySchema = exports.TestEnvironmentSchema = void 0;
-exports.isTestEnvironment = isTestEnvironment;
-exports.getTestSeed = getTestSeed;
-const zod_1 = require("zod");
-/**
- * Test environment configuration
- */
-exports.TestEnvironmentSchema = zod_1.z.object({
-    mode: zod_1.z.literal("test"),
-    seed: zod_1.z.string().optional(),
-    deterministicKeys: zod_1.z.boolean().default(true),
-    skipKTACalls: zod_1.z.boolean().default(true),
-});
-/**
- * Mock identity configuration for testing
- */
-exports.MockIdentitySchema = zod_1.z.object({
-    did: zod_1.z.string(),
-    kid: zod_1.z.string(),
-    privateKey: zod_1.z.string().regex(/^[A-Za-z0-9+/]{43}=$/, "Must be a valid base64-encoded Ed25519 private key (44 characters)"),
-    publicKey: zod_1.z.string().regex(/^[A-Za-z0-9+/]{43}=$/, "Must be a valid base64-encoded Ed25519 public key (44 characters)"),
-    createdAt: zod_1.z.string(),
-    lastRotated: zod_1.z.string().optional(),
-});
-/**
- * Mock delegation status for testing
- */
-exports.MockDelegationStatusSchema = zod_1.z.enum([
-    "active",
-    "revoked",
-    "pending",
-]);
-/**
- * Mock KTA failure scenarios for testing
- */
-exports.MockKTAFailureTypeSchema = zod_1.z.enum([
-    "network",
-    "auth",
-    "invalid",
-    "timeout",
-]);
-/**
- * Mock identity provider configuration
- */
-exports.MockIdentityProviderConfigSchema = zod_1.z.object({
-    identities: zod_1.z.record(zod_1.z.string(), exports.MockIdentitySchema),
-    delegations: zod_1.z.record(zod_1.z.string(), exports.MockDelegationStatusSchema),
-    ktaFailures: zod_1.z.array(exports.MockKTAFailureTypeSchema).default([]),
-    deterministicSeed: zod_1.z.string().optional(),
-});
-/**
- * Local verification result for offline testing
- */
-exports.LocalVerificationResultSchema = zod_1.z.object({
-    valid: zod_1.z.boolean(),
-    did: zod_1.z.string().optional(),
-    kid: zod_1.z.string().optional(),
-    signature: zod_1.z.object({
-        valid: zod_1.z.boolean(),
-        algorithm: zod_1.z.string(),
-        error: zod_1.z.string().optional(),
-    }),
-    proof: zod_1.z.object({
-        valid: zod_1.z.boolean(),
-        structure: zod_1.z.boolean(),
-        timestamps: zod_1.z.boolean(),
-        hashes: zod_1.z.boolean(),
-        error: zod_1.z.string().optional(),
-    }),
-    session: zod_1.z.object({
-        valid: zod_1.z.boolean(),
-        expired: zod_1.z.boolean(),
-        error: zod_1.z.string().optional(),
-    }),
-    errors: zod_1.z.array(zod_1.z.string()).default([]),
-    warnings: zod_1.z.array(zod_1.z.string()).default([]),
-});
-/**
- * Test DID and Key ID constants
- */
-exports.TEST_DIDS = {
-    AGENT_1: "did:test:agent-1",
-    AGENT_2: "did:test:agent-2",
-    VERIFIER_1: "did:test:verifier-1",
-};
-exports.TEST_KEY_IDS = {
-    KEY_TEST_1: "key-test-1",
-    KEY_TEST_2: "key-test-2",
-    KEY_VERIFIER_1: "key-verifier-1",
-};
-/**
- * Test environment detection
- */
-function isTestEnvironment() {
-    return process.env.XMCP_ENV === "test";
-}
-/**
- * Get test seed from environment or test name
- */
-function getTestSeed(testName) {
-    return process.env.XMCP_TEST_SEED || testName || "default-test-seed";
-}
-/**
- * Error codes for test infrastructure
- */
-exports.TEST_ERROR_CODES = {
-    MOCK_KTA_FAILURE: "XMCP_I_TEST_MOCK_KTA_FAILURE",
-    DETERMINISTIC_KEY_GENERATION_FAILED: "XMCP_I_TEST_DETERMINISTIC_KEY_FAILED",
-    LOCAL_VERIFICATION_FAILED: "XMCP_I_TEST_LOCAL_VERIFICATION_FAILED",
-    INVALID_TEST_CONFIGURATION: "XMCP_I_TEST_INVALID_CONFIG",
-};
-//# sourceMappingURL=test.js.map

package/dist/tlkrc/index.d.ts

@@ -1,5 +0,0 @@
-/**
- * TLKRC Module Exports
- */
-export * from './rotation.js';
-//# sourceMappingURL=index.d.ts.map

package/dist/tlkrc/index.js

@@ -1,21 +0,0 @@
-"use strict";
-/**
- * TLKRC Module Exports
- */
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __exportStar = (this && this.__exportStar) || function(m, exports) {
-    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-__exportStar(require("./rotation.js"), exports);
-//# sourceMappingURL=index.js.map

package/dist/tlkrc/rotation.d.ts

@@ -1,246 +0,0 @@
-/**
- * TLKRC (Transparent Log Key Rotation Contract)
- *
- * Types for key rotation events in a transparent, auditable manner
- *
- * Related Spec: MCP-I Core
- * Python Reference: Core-Documentation.md
- */
-import { z } from 'zod';
-/**
- * Rotation Event Schema
- *
- * Represents a key rotation event in a transparent log.
- * Events form a hash-linked chain for auditability.
- *
- * **Dual-Key Grace Window:**
- * During rotation, both `prevKeyId` and `nextKeyId` are valid
- * from `effectiveAt` until `effectiveAt + grace period`.
- */
-export declare const RotationEventSchema: z.ZodEffects<z.ZodObject<{
-    /** DID of the issuer performing the rotation */
-    issuerDid: z.ZodString;
-    /** Previous key ID being rotated out */
-    prevKeyId: z.ZodString;
-    /** New key ID being rotated in */
-    nextKeyId: z.ZodString;
-    /** Timestamp when new key becomes effective (Unix seconds) */
-    effectiveAt: z.ZodNumber;
-    /** Timestamp when event was issued (Unix seconds) */
-    issuedAt: z.ZodNumber;
-    /** Sequence number (monotonically increasing) */
-    seq: z.ZodNumber;
-    /** Hash of previous rotation event (null for first rotation) */
-    prevEventHash: z.ZodOptional<z.ZodString>;
-    /** Signature over the event (using prevKeyId) */
-    signature: z.ZodString;
-    /** Optional metadata */
-    metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
-}, "strip", z.ZodTypeAny, {
-    issuerDid: string;
-    signature: string;
-    prevKeyId: string;
-    nextKeyId: string;
-    effectiveAt: number;
-    issuedAt: number;
-    seq: number;
-    metadata?: Record<string, any> | undefined;
-    prevEventHash?: string | undefined;
-}, {
-    issuerDid: string;
-    signature: string;
-    prevKeyId: string;
-    nextKeyId: string;
-    effectiveAt: number;
-    issuedAt: number;
-    seq: number;
-    metadata?: Record<string, any> | undefined;
-    prevEventHash?: string | undefined;
-}>, {
-    issuerDid: string;
-    signature: string;
-    prevKeyId: string;
-    nextKeyId: string;
-    effectiveAt: number;
-    issuedAt: number;
-    seq: number;
-    metadata?: Record<string, any> | undefined;
-    prevEventHash?: string | undefined;
-}, {
-    issuerDid: string;
-    signature: string;
-    prevKeyId: string;
-    nextKeyId: string;
-    effectiveAt: number;
-    issuedAt: number;
-    seq: number;
-    metadata?: Record<string, any> | undefined;
-    prevEventHash?: string | undefined;
-}>;
-export type RotationEvent = z.infer<typeof RotationEventSchema>;
-/**
- * Rotation Chain
- *
- * Represents a chain of rotation events
- */
-export declare const RotationChainSchema: z.ZodObject<{
-    /** Issuer DID */
-    issuerDid: z.ZodString;
-    /** All rotation events in order */
-    events: z.ZodArray<z.ZodEffects<z.ZodObject<{
-        /** DID of the issuer performing the rotation */
-        issuerDid: z.ZodString;
-        /** Previous key ID being rotated out */
-        prevKeyId: z.ZodString;
-        /** New key ID being rotated in */
-        nextKeyId: z.ZodString;
-        /** Timestamp when new key becomes effective (Unix seconds) */
-        effectiveAt: z.ZodNumber;
-        /** Timestamp when event was issued (Unix seconds) */
-        issuedAt: z.ZodNumber;
-        /** Sequence number (monotonically increasing) */
-        seq: z.ZodNumber;
-        /** Hash of previous rotation event (null for first rotation) */
-        prevEventHash: z.ZodOptional<z.ZodString>;
-        /** Signature over the event (using prevKeyId) */
-        signature: z.ZodString;
-        /** Optional metadata */
-        metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
-    }, "strip", z.ZodTypeAny, {
-        issuerDid: string;
-        signature: string;
-        prevKeyId: string;
-        nextKeyId: string;
-        effectiveAt: number;
-        issuedAt: number;
-        seq: number;
-        metadata?: Record<string, any> | undefined;
-        prevEventHash?: string | undefined;
-    }, {
-        issuerDid: string;
-        signature: string;
-        prevKeyId: string;
-        nextKeyId: string;
-        effectiveAt: number;
-        issuedAt: number;
-        seq: number;
-        metadata?: Record<string, any> | undefined;
-        prevEventHash?: string | undefined;
-    }>, {
-        issuerDid: string;
-        signature: string;
-        prevKeyId: string;
-        nextKeyId: string;
-        effectiveAt: number;
-        issuedAt: number;
-        seq: number;
-        metadata?: Record<string, any> | undefined;
-        prevEventHash?: string | undefined;
-    }, {
-        issuerDid: string;
-        signature: string;
-        prevKeyId: string;
-        nextKeyId: string;
-        effectiveAt: number;
-        issuedAt: number;
-        seq: number;
-        metadata?: Record<string, any> | undefined;
-        prevEventHash?: string | undefined;
-    }>, "many">;
-    /** Current active key ID */
-    currentKeyId: z.ZodString;
-    /** Whether chain is valid */
-    valid: z.ZodBoolean;
-    /** Optional validation errors */
-    errors: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
-}, "strip", z.ZodTypeAny, {
-    valid: boolean;
-    issuerDid: string;
-    events: {
-        issuerDid: string;
-        signature: string;
-        prevKeyId: string;
-        nextKeyId: string;
-        effectiveAt: number;
-        issuedAt: number;
-        seq: number;
-        metadata?: Record<string, any> | undefined;
-        prevEventHash?: string | undefined;
-    }[];
-    currentKeyId: string;
-    errors?: string[] | undefined;
-}, {
-    valid: boolean;
-    issuerDid: string;
-    events: {
-        issuerDid: string;
-        signature: string;
-        prevKeyId: string;
-        nextKeyId: string;
-        effectiveAt: number;
-        issuedAt: number;
-        seq: number;
-        metadata?: Record<string, any> | undefined;
-        prevEventHash?: string | undefined;
-    }[];
-    currentKeyId: string;
-    errors?: string[] | undefined;
-}>;
-export type RotationChain = z.infer<typeof RotationChainSchema>;
-/**
- * Validation Helpers
- */
-/**
- * Validate a rotation event
- *
- * @param event - The event to validate
- * @returns Validation result
- */
-export declare function validateRotationEvent(event: unknown): z.SafeParseReturnType<{
-    issuerDid: string;
-    signature: string;
-    prevKeyId: string;
-    nextKeyId: string;
-    effectiveAt: number;
-    issuedAt: number;
-    seq: number;
-    metadata?: Record<string, any> | undefined;
-    prevEventHash?: string | undefined;
-}, {
-    issuerDid: string;
-    signature: string;
-    prevKeyId: string;
-    nextKeyId: string;
-    effectiveAt: number;
-    issuedAt: number;
-    seq: number;
-    metadata?: Record<string, any> | undefined;
-    prevEventHash?: string | undefined;
-}>;
-/**
- * Validate rotation chain integrity
- *
- * @param chain - The chain to validate
- * @returns true if chain is valid
- */
-export declare function isRotationChainValid(chain: RotationChain): boolean;
-/**
- * Get active key at a specific timestamp
- *
- * @param chain - The rotation chain
- * @param timestamp - Timestamp in seconds
- * @returns Active key ID at that time, or null if none
- */
-export declare function getActiveKeyAt(chain: RotationChain, timestamp: number): string | null;
-/**
- * Constants
- */
-/**
- * Default grace period for dual-key validity (24 hours)
- */
-export declare const DEFAULT_GRACE_PERIOD_SEC: number;
-/**
- * Maximum reasonable grace period (30 days)
- */
-export declare const MAX_GRACE_PERIOD_SEC: number;
-//# sourceMappingURL=rotation.d.ts.map