@kya-os/contracts 1.3.2 → 1.3.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (58) hide show
  1. package/package.json +28 -5
  2. package/README.md +0 -130
  3. package/dist/cli.d.ts +0 -378
  4. package/dist/cli.js +0 -116
  5. package/dist/delegation/constraints.d.ts +0 -992
  6. package/dist/delegation/constraints.js +0 -210
  7. package/dist/delegation/index.d.ts +0 -8
  8. package/dist/delegation/index.js +0 -24
  9. package/dist/delegation/schemas.d.ts +0 -8382
  10. package/dist/delegation/schemas.js +0 -476
  11. package/dist/did/index.d.ts +0 -9
  12. package/dist/did/index.js +0 -25
  13. package/dist/did/resolve-contract.d.ts +0 -220
  14. package/dist/did/resolve-contract.js +0 -32
  15. package/dist/did/schemas.d.ts +0 -113
  16. package/dist/did/schemas.js +0 -173
  17. package/dist/did/types.d.ts +0 -164
  18. package/dist/did/types.js +0 -71
  19. package/dist/env/constants.d.ts +0 -58
  20. package/dist/env/constants.js +0 -60
  21. package/dist/env/index.d.ts +0 -5
  22. package/dist/env/index.js +0 -21
  23. package/dist/handshake.d.ts +0 -159
  24. package/dist/handshake.js +0 -58
  25. package/dist/index.d.ts +0 -26
  26. package/dist/index.js +0 -53
  27. package/dist/proof/index.d.ts +0 -9
  28. package/dist/proof/index.js +0 -25
  29. package/dist/proof/proof-record.d.ts +0 -838
  30. package/dist/proof/proof-record.js +0 -134
  31. package/dist/proof/signing-spec.d.ts +0 -147
  32. package/dist/proof/signing-spec.js +0 -123
  33. package/dist/proof.d.ts +0 -400
  34. package/dist/proof.js +0 -82
  35. package/dist/registry.d.ts +0 -343
  36. package/dist/registry.js +0 -119
  37. package/dist/runtime/errors.d.ts +0 -348
  38. package/dist/runtime/errors.js +0 -120
  39. package/dist/runtime/headers.d.ts +0 -84
  40. package/dist/runtime/headers.js +0 -82
  41. package/dist/runtime/index.d.ts +0 -6
  42. package/dist/runtime/index.js +0 -22
  43. package/dist/test.d.ts +0 -252
  44. package/dist/test.js +0 -120
  45. package/dist/tlkrc/index.d.ts +0 -5
  46. package/dist/tlkrc/index.js +0 -21
  47. package/dist/tlkrc/rotation.d.ts +0 -246
  48. package/dist/tlkrc/rotation.js +0 -127
  49. package/dist/utils/validation.d.ts +0 -31
  50. package/dist/utils/validation.js +0 -70
  51. package/dist/vc/index.d.ts +0 -8
  52. package/dist/vc/index.js +0 -24
  53. package/dist/vc/schemas.d.ts +0 -2484
  54. package/dist/vc/schemas.js +0 -225
  55. package/dist/vc/statuslist.d.ts +0 -494
  56. package/dist/vc/statuslist.js +0 -133
  57. package/dist/verifier.d.ts +0 -206
  58. package/dist/verifier.js +0 -84
package/dist/delegation/constraints.d.ts DELETED
@@ -1,992 +0,0 @@
1
- /**
2
- * CRISP Delegation Constraints
3
- *
4
- * Types and schemas for CRISP (Constrained Resource Intent Specification Protocol)
5
- * constraints on delegations. CRISP enables fine-grained authorization control.
6
- *
7
- * Related Spec: MCP-I §4.2
8
- * Python Reference: Delegation-Documentation.md
9
- */
10
- import { z } from 'zod';
11
- /**
12
- * Currency types for CRISP budgets
13
- */
14
- export declare const CurrencySchema: z.ZodEnum<["USD", "ops", "points"]>;
15
- export type Currency = z.infer<typeof CurrencySchema>;
16
- /**
17
- * Window kind for budget enforcement
18
- */
19
- export declare const WindowKindSchema: z.ZodEnum<["rolling", "fixed"]>;
20
- export type WindowKind = z.infer<typeof WindowKindSchema>;
21
- /**
22
- * Budget Window Schema
23
- *
24
- * Defines the time window for budget enforcement
25
- */
26
- export declare const BudgetWindowSchema: z.ZodObject<{
27
- /** Type of window (rolling or fixed) */
28
- kind: z.ZodEnum<["rolling", "fixed"]>;
29
- /** Duration in seconds */
30
- durationSec: z.ZodNumber;
31
- }, "strip", z.ZodTypeAny, {
32
- kind: "rolling" | "fixed";
33
- durationSec: number;
34
- }, {
35
- kind: "rolling" | "fixed";
36
- durationSec: number;
37
- }>;
38
- export type BudgetWindow = z.infer<typeof BudgetWindowSchema>;
39
- /**
40
- * CRISP Budget Schema
41
- *
42
- * Defines spending/usage limits for a delegation
43
- */
44
- export declare const CrispBudgetSchema: z.ZodObject<{
45
- /** Unit of the budget */
46
- unit: z.ZodEnum<["USD", "ops", "points"]>;
47
- /** Cap/limit for the budget */
48
- cap: z.ZodNumber;
49
- /** Optional time window for the budget */
50
- window: z.ZodOptional<z.ZodObject<{
51
- /** Type of window (rolling or fixed) */
52
- kind: z.ZodEnum<["rolling", "fixed"]>;
53
- /** Duration in seconds */
54
- durationSec: z.ZodNumber;
55
- }, "strip", z.ZodTypeAny, {
56
- kind: "rolling" | "fixed";
57
- durationSec: number;
58
- }, {
59
- kind: "rolling" | "fixed";
60
- durationSec: number;
61
- }>>;
62
- }, "strip", z.ZodTypeAny, {
63
- unit: "USD" | "ops" | "points";
64
- cap: number;
65
- window?: {
66
- kind: "rolling" | "fixed";
67
- durationSec: number;
68
- } | undefined;
69
- }, {
70
- unit: "USD" | "ops" | "points";
71
- cap: number;
72
- window?: {
73
- kind: "rolling" | "fixed";
74
- durationSec: number;
75
- } | undefined;
76
- }>;
77
- export type CrispBudget = z.infer<typeof CrispBudgetSchema>;
78
- /**
79
- * Scope matcher types
80
- */
81
- export declare const ScopeMatcherSchema: z.ZodEnum<["exact", "prefix", "regex"]>;
82
- export type ScopeMatcher = z.infer<typeof ScopeMatcherSchema>;
83
- /**
84
- * CRISP Scope Schema
85
- *
86
- * Defines what resources/actions are allowed in a delegation
87
- */
88
- export declare const CrispScopeSchema: z.ZodObject<{
89
- /** Resource identifier (e.g., "api:users", "data:emails") */
90
- resource: z.ZodString;
91
- /** How to match the resource */
92
- matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
93
- /** Optional additional constraints on this scope */
94
- constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
95
- }, "strip", z.ZodTypeAny, {
96
- resource: string;
97
- matcher: "exact" | "prefix" | "regex";
98
- constraints?: Record<string, any> | undefined;
99
- }, {
100
- resource: string;
101
- matcher: "exact" | "prefix" | "regex";
102
- constraints?: Record<string, any> | undefined;
103
- }>;
104
- export type CrispScope = z.infer<typeof CrispScopeSchema>;
105
- /**
106
- * Delegation Constraints Schema (CRISP)
107
- *
108
- * Complete constraint specification for a delegation
109
- */
110
- export declare const DelegationConstraintsSchema: z.ZodObject<{
111
- /** Not valid before (Unix timestamp in seconds) */
112
- notBefore: z.ZodOptional<z.ZodNumber>;
113
- /** Not valid after (Unix timestamp in seconds) */
114
- notAfter: z.ZodOptional<z.ZodNumber>;
115
- /** Simple scopes array (for Phase 1 bouncer - simplified model) */
116
- scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
117
- /** CRISP-specific constraints (full model) */
118
- crisp: z.ZodOptional<z.ZodObject<{
119
- /** Optional budget constraint */
120
- budget: z.ZodOptional<z.ZodObject<{
121
- /** Unit of the budget */
122
- unit: z.ZodEnum<["USD", "ops", "points"]>;
123
- /** Cap/limit for the budget */
124
- cap: z.ZodNumber;
125
- /** Optional time window for the budget */
126
- window: z.ZodOptional<z.ZodObject<{
127
- /** Type of window (rolling or fixed) */
128
- kind: z.ZodEnum<["rolling", "fixed"]>;
129
- /** Duration in seconds */
130
- durationSec: z.ZodNumber;
131
- }, "strip", z.ZodTypeAny, {
132
- kind: "rolling" | "fixed";
133
- durationSec: number;
134
- }, {
135
- kind: "rolling" | "fixed";
136
- durationSec: number;
137
- }>>;
138
- }, "strip", z.ZodTypeAny, {
139
- unit: "USD" | "ops" | "points";
140
- cap: number;
141
- window?: {
142
- kind: "rolling" | "fixed";
143
- durationSec: number;
144
- } | undefined;
145
- }, {
146
- unit: "USD" | "ops" | "points";
147
- cap: number;
148
- window?: {
149
- kind: "rolling" | "fixed";
150
- durationSec: number;
151
- } | undefined;
152
- }>>;
153
- /** Required: at least one scope */
154
- scopes: z.ZodArray<z.ZodObject<{
155
- /** Resource identifier (e.g., "api:users", "data:emails") */
156
- resource: z.ZodString;
157
- /** How to match the resource */
158
- matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
159
- /** Optional additional constraints on this scope */
160
- constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
161
- }, "strip", z.ZodTypeAny, {
162
- resource: string;
163
- matcher: "exact" | "prefix" | "regex";
164
- constraints?: Record<string, any> | undefined;
165
- }, {
166
- resource: string;
167
- matcher: "exact" | "prefix" | "regex";
168
- constraints?: Record<string, any> | undefined;
169
- }>, "many">;
170
- }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
171
- /** Optional budget constraint */
172
- budget: z.ZodOptional<z.ZodObject<{
173
- /** Unit of the budget */
174
- unit: z.ZodEnum<["USD", "ops", "points"]>;
175
- /** Cap/limit for the budget */
176
- cap: z.ZodNumber;
177
- /** Optional time window for the budget */
178
- window: z.ZodOptional<z.ZodObject<{
179
- /** Type of window (rolling or fixed) */
180
- kind: z.ZodEnum<["rolling", "fixed"]>;
181
- /** Duration in seconds */
182
- durationSec: z.ZodNumber;
183
- }, "strip", z.ZodTypeAny, {
184
- kind: "rolling" | "fixed";
185
- durationSec: number;
186
- }, {
187
- kind: "rolling" | "fixed";
188
- durationSec: number;
189
- }>>;
190
- }, "strip", z.ZodTypeAny, {
191
- unit: "USD" | "ops" | "points";
192
- cap: number;
193
- window?: {
194
- kind: "rolling" | "fixed";
195
- durationSec: number;
196
- } | undefined;
197
- }, {
198
- unit: "USD" | "ops" | "points";
199
- cap: number;
200
- window?: {
201
- kind: "rolling" | "fixed";
202
- durationSec: number;
203
- } | undefined;
204
- }>>;
205
- /** Required: at least one scope */
206
- scopes: z.ZodArray<z.ZodObject<{
207
- /** Resource identifier (e.g., "api:users", "data:emails") */
208
- resource: z.ZodString;
209
- /** How to match the resource */
210
- matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
211
- /** Optional additional constraints on this scope */
212
- constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
213
- }, "strip", z.ZodTypeAny, {
214
- resource: string;
215
- matcher: "exact" | "prefix" | "regex";
216
- constraints?: Record<string, any> | undefined;
217
- }, {
218
- resource: string;
219
- matcher: "exact" | "prefix" | "regex";
220
- constraints?: Record<string, any> | undefined;
221
- }>, "many">;
222
- }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
223
- /** Optional budget constraint */
224
- budget: z.ZodOptional<z.ZodObject<{
225
- /** Unit of the budget */
226
- unit: z.ZodEnum<["USD", "ops", "points"]>;
227
- /** Cap/limit for the budget */
228
- cap: z.ZodNumber;
229
- /** Optional time window for the budget */
230
- window: z.ZodOptional<z.ZodObject<{
231
- /** Type of window (rolling or fixed) */
232
- kind: z.ZodEnum<["rolling", "fixed"]>;
233
- /** Duration in seconds */
234
- durationSec: z.ZodNumber;
235
- }, "strip", z.ZodTypeAny, {
236
- kind: "rolling" | "fixed";
237
- durationSec: number;
238
- }, {
239
- kind: "rolling" | "fixed";
240
- durationSec: number;
241
- }>>;
242
- }, "strip", z.ZodTypeAny, {
243
- unit: "USD" | "ops" | "points";
244
- cap: number;
245
- window?: {
246
- kind: "rolling" | "fixed";
247
- durationSec: number;
248
- } | undefined;
249
- }, {
250
- unit: "USD" | "ops" | "points";
251
- cap: number;
252
- window?: {
253
- kind: "rolling" | "fixed";
254
- durationSec: number;
255
- } | undefined;
256
- }>>;
257
- /** Required: at least one scope */
258
- scopes: z.ZodArray<z.ZodObject<{
259
- /** Resource identifier (e.g., "api:users", "data:emails") */
260
- resource: z.ZodString;
261
- /** How to match the resource */
262
- matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
263
- /** Optional additional constraints on this scope */
264
- constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
265
- }, "strip", z.ZodTypeAny, {
266
- resource: string;
267
- matcher: "exact" | "prefix" | "regex";
268
- constraints?: Record<string, any> | undefined;
269
- }, {
270
- resource: string;
271
- matcher: "exact" | "prefix" | "regex";
272
- constraints?: Record<string, any> | undefined;
273
- }>, "many">;
274
- }, z.ZodTypeAny, "passthrough">>>;
275
- }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
276
- /** Not valid before (Unix timestamp in seconds) */
277
- notBefore: z.ZodOptional<z.ZodNumber>;
278
- /** Not valid after (Unix timestamp in seconds) */
279
- notAfter: z.ZodOptional<z.ZodNumber>;
280
- /** Simple scopes array (for Phase 1 bouncer - simplified model) */
281
- scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
282
- /** CRISP-specific constraints (full model) */
283
- crisp: z.ZodOptional<z.ZodObject<{
284
- /** Optional budget constraint */
285
- budget: z.ZodOptional<z.ZodObject<{
286
- /** Unit of the budget */
287
- unit: z.ZodEnum<["USD", "ops", "points"]>;
288
- /** Cap/limit for the budget */
289
- cap: z.ZodNumber;
290
- /** Optional time window for the budget */
291
- window: z.ZodOptional<z.ZodObject<{
292
- /** Type of window (rolling or fixed) */
293
- kind: z.ZodEnum<["rolling", "fixed"]>;
294
- /** Duration in seconds */
295
- durationSec: z.ZodNumber;
296
- }, "strip", z.ZodTypeAny, {
297
- kind: "rolling" | "fixed";
298
- durationSec: number;
299
- }, {
300
- kind: "rolling" | "fixed";
301
- durationSec: number;
302
- }>>;
303
- }, "strip", z.ZodTypeAny, {
304
- unit: "USD" | "ops" | "points";
305
- cap: number;
306
- window?: {
307
- kind: "rolling" | "fixed";
308
- durationSec: number;
309
- } | undefined;
310
- }, {
311
- unit: "USD" | "ops" | "points";
312
- cap: number;
313
- window?: {
314
- kind: "rolling" | "fixed";
315
- durationSec: number;
316
- } | undefined;
317
- }>>;
318
- /** Required: at least one scope */
319
- scopes: z.ZodArray<z.ZodObject<{
320
- /** Resource identifier (e.g., "api:users", "data:emails") */
321
- resource: z.ZodString;
322
- /** How to match the resource */
323
- matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
324
- /** Optional additional constraints on this scope */
325
- constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
326
- }, "strip", z.ZodTypeAny, {
327
- resource: string;
328
- matcher: "exact" | "prefix" | "regex";
329
- constraints?: Record<string, any> | undefined;
330
- }, {
331
- resource: string;
332
- matcher: "exact" | "prefix" | "regex";
333
- constraints?: Record<string, any> | undefined;
334
- }>, "many">;
335
- }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
336
- /** Optional budget constraint */
337
- budget: z.ZodOptional<z.ZodObject<{
338
- /** Unit of the budget */
339
- unit: z.ZodEnum<["USD", "ops", "points"]>;
340
- /** Cap/limit for the budget */
341
- cap: z.ZodNumber;
342
- /** Optional time window for the budget */
343
- window: z.ZodOptional<z.ZodObject<{
344
- /** Type of window (rolling or fixed) */
345
- kind: z.ZodEnum<["rolling", "fixed"]>;
346
- /** Duration in seconds */
347
- durationSec: z.ZodNumber;
348
- }, "strip", z.ZodTypeAny, {
349
- kind: "rolling" | "fixed";
350
- durationSec: number;
351
- }, {
352
- kind: "rolling" | "fixed";
353
- durationSec: number;
354
- }>>;
355
- }, "strip", z.ZodTypeAny, {
356
- unit: "USD" | "ops" | "points";
357
- cap: number;
358
- window?: {
359
- kind: "rolling" | "fixed";
360
- durationSec: number;
361
- } | undefined;
362
- }, {
363
- unit: "USD" | "ops" | "points";
364
- cap: number;
365
- window?: {
366
- kind: "rolling" | "fixed";
367
- durationSec: number;
368
- } | undefined;
369
- }>>;
370
- /** Required: at least one scope */
371
- scopes: z.ZodArray<z.ZodObject<{
372
- /** Resource identifier (e.g., "api:users", "data:emails") */
373
- resource: z.ZodString;
374
- /** How to match the resource */
375
- matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
376
- /** Optional additional constraints on this scope */
377
- constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
378
- }, "strip", z.ZodTypeAny, {
379
- resource: string;
380
- matcher: "exact" | "prefix" | "regex";
381
- constraints?: Record<string, any> | undefined;
382
- }, {
383
- resource: string;
384
- matcher: "exact" | "prefix" | "regex";
385
- constraints?: Record<string, any> | undefined;
386
- }>, "many">;
387
- }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
388
- /** Optional budget constraint */
389
- budget: z.ZodOptional<z.ZodObject<{
390
- /** Unit of the budget */
391
- unit: z.ZodEnum<["USD", "ops", "points"]>;
392
- /** Cap/limit for the budget */
393
- cap: z.ZodNumber;
394
- /** Optional time window for the budget */
395
- window: z.ZodOptional<z.ZodObject<{
396
- /** Type of window (rolling or fixed) */
397
- kind: z.ZodEnum<["rolling", "fixed"]>;
398
- /** Duration in seconds */
399
- durationSec: z.ZodNumber;
400
- }, "strip", z.ZodTypeAny, {
401
- kind: "rolling" | "fixed";
402
- durationSec: number;
403
- }, {
404
- kind: "rolling" | "fixed";
405
- durationSec: number;
406
- }>>;
407
- }, "strip", z.ZodTypeAny, {
408
- unit: "USD" | "ops" | "points";
409
- cap: number;
410
- window?: {
411
- kind: "rolling" | "fixed";
412
- durationSec: number;
413
- } | undefined;
414
- }, {
415
- unit: "USD" | "ops" | "points";
416
- cap: number;
417
- window?: {
418
- kind: "rolling" | "fixed";
419
- durationSec: number;
420
- } | undefined;
421
- }>>;
422
- /** Required: at least one scope */
423
- scopes: z.ZodArray<z.ZodObject<{
424
- /** Resource identifier (e.g., "api:users", "data:emails") */
425
- resource: z.ZodString;
426
- /** How to match the resource */
427
- matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
428
- /** Optional additional constraints on this scope */
429
- constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
430
- }, "strip", z.ZodTypeAny, {
431
- resource: string;
432
- matcher: "exact" | "prefix" | "regex";
433
- constraints?: Record<string, any> | undefined;
434
- }, {
435
- resource: string;
436
- matcher: "exact" | "prefix" | "regex";
437
- constraints?: Record<string, any> | undefined;
438
- }>, "many">;
439
- }, z.ZodTypeAny, "passthrough">>>;
440
- }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
441
- /** Not valid before (Unix timestamp in seconds) */
442
- notBefore: z.ZodOptional<z.ZodNumber>;
443
- /** Not valid after (Unix timestamp in seconds) */
444
- notAfter: z.ZodOptional<z.ZodNumber>;
445
- /** Simple scopes array (for Phase 1 bouncer - simplified model) */
446
- scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
447
- /** CRISP-specific constraints (full model) */
448
- crisp: z.ZodOptional<z.ZodObject<{
449
- /** Optional budget constraint */
450
- budget: z.ZodOptional<z.ZodObject<{
451
- /** Unit of the budget */
452
- unit: z.ZodEnum<["USD", "ops", "points"]>;
453
- /** Cap/limit for the budget */
454
- cap: z.ZodNumber;
455
- /** Optional time window for the budget */
456
- window: z.ZodOptional<z.ZodObject<{
457
- /** Type of window (rolling or fixed) */
458
- kind: z.ZodEnum<["rolling", "fixed"]>;
459
- /** Duration in seconds */
460
- durationSec: z.ZodNumber;
461
- }, "strip", z.ZodTypeAny, {
462
- kind: "rolling" | "fixed";
463
- durationSec: number;
464
- }, {
465
- kind: "rolling" | "fixed";
466
- durationSec: number;
467
- }>>;
468
- }, "strip", z.ZodTypeAny, {
469
- unit: "USD" | "ops" | "points";
470
- cap: number;
471
- window?: {
472
- kind: "rolling" | "fixed";
473
- durationSec: number;
474
- } | undefined;
475
- }, {
476
- unit: "USD" | "ops" | "points";
477
- cap: number;
478
- window?: {
479
- kind: "rolling" | "fixed";
480
- durationSec: number;
481
- } | undefined;
482
- }>>;
483
- /** Required: at least one scope */
484
- scopes: z.ZodArray<z.ZodObject<{
485
- /** Resource identifier (e.g., "api:users", "data:emails") */
486
- resource: z.ZodString;
487
- /** How to match the resource */
488
- matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
489
- /** Optional additional constraints on this scope */
490
- constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
491
- }, "strip", z.ZodTypeAny, {
492
- resource: string;
493
- matcher: "exact" | "prefix" | "regex";
494
- constraints?: Record<string, any> | undefined;
495
- }, {
496
- resource: string;
497
- matcher: "exact" | "prefix" | "regex";
498
- constraints?: Record<string, any> | undefined;
499
- }>, "many">;
500
- }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
501
- /** Optional budget constraint */
502
- budget: z.ZodOptional<z.ZodObject<{
503
- /** Unit of the budget */
504
- unit: z.ZodEnum<["USD", "ops", "points"]>;
505
- /** Cap/limit for the budget */
506
- cap: z.ZodNumber;
507
- /** Optional time window for the budget */
508
- window: z.ZodOptional<z.ZodObject<{
509
- /** Type of window (rolling or fixed) */
510
- kind: z.ZodEnum<["rolling", "fixed"]>;
511
- /** Duration in seconds */
512
- durationSec: z.ZodNumber;
513
- }, "strip", z.ZodTypeAny, {
514
- kind: "rolling" | "fixed";
515
- durationSec: number;
516
- }, {
517
- kind: "rolling" | "fixed";
518
- durationSec: number;
519
- }>>;
520
- }, "strip", z.ZodTypeAny, {
521
- unit: "USD" | "ops" | "points";
522
- cap: number;
523
- window?: {
524
- kind: "rolling" | "fixed";
525
- durationSec: number;
526
- } | undefined;
527
- }, {
528
- unit: "USD" | "ops" | "points";
529
- cap: number;
530
- window?: {
531
- kind: "rolling" | "fixed";
532
- durationSec: number;
533
- } | undefined;
534
- }>>;
535
- /** Required: at least one scope */
536
- scopes: z.ZodArray<z.ZodObject<{
537
- /** Resource identifier (e.g., "api:users", "data:emails") */
538
- resource: z.ZodString;
539
- /** How to match the resource */
540
- matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
541
- /** Optional additional constraints on this scope */
542
- constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
543
- }, "strip", z.ZodTypeAny, {
544
- resource: string;
545
- matcher: "exact" | "prefix" | "regex";
546
- constraints?: Record<string, any> | undefined;
547
- }, {
548
- resource: string;
549
- matcher: "exact" | "prefix" | "regex";
550
- constraints?: Record<string, any> | undefined;
551
- }>, "many">;
552
- }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
553
- /** Optional budget constraint */
554
- budget: z.ZodOptional<z.ZodObject<{
555
- /** Unit of the budget */
556
- unit: z.ZodEnum<["USD", "ops", "points"]>;
557
- /** Cap/limit for the budget */
558
- cap: z.ZodNumber;
559
- /** Optional time window for the budget */
560
- window: z.ZodOptional<z.ZodObject<{
561
- /** Type of window (rolling or fixed) */
562
- kind: z.ZodEnum<["rolling", "fixed"]>;
563
- /** Duration in seconds */
564
- durationSec: z.ZodNumber;
565
- }, "strip", z.ZodTypeAny, {
566
- kind: "rolling" | "fixed";
567
- durationSec: number;
568
- }, {
569
- kind: "rolling" | "fixed";
570
- durationSec: number;
571
- }>>;
572
- }, "strip", z.ZodTypeAny, {
573
- unit: "USD" | "ops" | "points";
574
- cap: number;
575
- window?: {
576
- kind: "rolling" | "fixed";
577
- durationSec: number;
578
- } | undefined;
579
- }, {
580
- unit: "USD" | "ops" | "points";
581
- cap: number;
582
- window?: {
583
- kind: "rolling" | "fixed";
584
- durationSec: number;
585
- } | undefined;
586
- }>>;
587
- /** Required: at least one scope */
588
- scopes: z.ZodArray<z.ZodObject<{
589
- /** Resource identifier (e.g., "api:users", "data:emails") */
590
- resource: z.ZodString;
591
- /** How to match the resource */
592
- matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
593
- /** Optional additional constraints on this scope */
594
- constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
595
- }, "strip", z.ZodTypeAny, {
596
- resource: string;
597
- matcher: "exact" | "prefix" | "regex";
598
- constraints?: Record<string, any> | undefined;
599
- }, {
600
- resource: string;
601
- matcher: "exact" | "prefix" | "regex";
602
- constraints?: Record<string, any> | undefined;
603
- }>, "many">;
604
- }, z.ZodTypeAny, "passthrough">>>;
605
- }, z.ZodTypeAny, "passthrough">>;
606
- export type DelegationConstraints = z.infer<typeof DelegationConstraintsSchema>;
607
- /**
608
- * Validation Helpers
609
- */
610
- /**
611
- * Validate delegation constraints
612
- *
613
- * @param constraints - The constraints to validate
614
- * @returns Validation result
615
- */
616
- export declare function validateDelegationConstraints(constraints: unknown): z.SafeParseReturnType<z.objectInputType<{
617
- /** Not valid before (Unix timestamp in seconds) */
618
- notBefore: z.ZodOptional<z.ZodNumber>;
619
- /** Not valid after (Unix timestamp in seconds) */
620
- notAfter: z.ZodOptional<z.ZodNumber>;
621
- /** Simple scopes array (for Phase 1 bouncer - simplified model) */
622
- scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
623
- /** CRISP-specific constraints (full model) */
624
- crisp: z.ZodOptional<z.ZodObject<{
625
- /** Optional budget constraint */
626
- budget: z.ZodOptional<z.ZodObject<{
627
- /** Unit of the budget */
628
- unit: z.ZodEnum<["USD", "ops", "points"]>;
629
- /** Cap/limit for the budget */
630
- cap: z.ZodNumber;
631
- /** Optional time window for the budget */
632
- window: z.ZodOptional<z.ZodObject<{
633
- /** Type of window (rolling or fixed) */
634
- kind: z.ZodEnum<["rolling", "fixed"]>;
635
- /** Duration in seconds */
636
- durationSec: z.ZodNumber;
637
- }, "strip", z.ZodTypeAny, {
638
- kind: "rolling" | "fixed";
639
- durationSec: number;
640
- }, {
641
- kind: "rolling" | "fixed";
642
- durationSec: number;
643
- }>>;
644
- }, "strip", z.ZodTypeAny, {
645
- unit: "USD" | "ops" | "points";
646
- cap: number;
647
- window?: {
648
- kind: "rolling" | "fixed";
649
- durationSec: number;
650
- } | undefined;
651
- }, {
652
- unit: "USD" | "ops" | "points";
653
- cap: number;
654
- window?: {
655
- kind: "rolling" | "fixed";
656
- durationSec: number;
657
- } | undefined;
658
- }>>;
659
- /** Required: at least one scope */
660
- scopes: z.ZodArray<z.ZodObject<{
661
- /** Resource identifier (e.g., "api:users", "data:emails") */
662
- resource: z.ZodString;
663
- /** How to match the resource */
664
- matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
665
- /** Optional additional constraints on this scope */
666
- constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
667
- }, "strip", z.ZodTypeAny, {
668
- resource: string;
669
- matcher: "exact" | "prefix" | "regex";
670
- constraints?: Record<string, any> | undefined;
671
- }, {
672
- resource: string;
673
- matcher: "exact" | "prefix" | "regex";
674
- constraints?: Record<string, any> | undefined;
675
- }>, "many">;
676
- }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
677
- /** Optional budget constraint */
678
- budget: z.ZodOptional<z.ZodObject<{
679
- /** Unit of the budget */
680
- unit: z.ZodEnum<["USD", "ops", "points"]>;
681
- /** Cap/limit for the budget */
682
- cap: z.ZodNumber;
683
- /** Optional time window for the budget */
684
- window: z.ZodOptional<z.ZodObject<{
685
- /** Type of window (rolling or fixed) */
686
- kind: z.ZodEnum<["rolling", "fixed"]>;
687
- /** Duration in seconds */
688
- durationSec: z.ZodNumber;
689
- }, "strip", z.ZodTypeAny, {
690
- kind: "rolling" | "fixed";
691
- durationSec: number;
692
- }, {
693
- kind: "rolling" | "fixed";
694
- durationSec: number;
695
- }>>;
696
- }, "strip", z.ZodTypeAny, {
697
- unit: "USD" | "ops" | "points";
698
- cap: number;
699
- window?: {
700
- kind: "rolling" | "fixed";
701
- durationSec: number;
702
- } | undefined;
703
- }, {
704
- unit: "USD" | "ops" | "points";
705
- cap: number;
706
- window?: {
707
- kind: "rolling" | "fixed";
708
- durationSec: number;
709
- } | undefined;
710
- }>>;
711
- /** Required: at least one scope */
712
- scopes: z.ZodArray<z.ZodObject<{
713
- /** Resource identifier (e.g., "api:users", "data:emails") */
714
- resource: z.ZodString;
715
- /** How to match the resource */
716
- matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
717
- /** Optional additional constraints on this scope */
718
- constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
719
- }, "strip", z.ZodTypeAny, {
720
- resource: string;
721
- matcher: "exact" | "prefix" | "regex";
722
- constraints?: Record<string, any> | undefined;
723
- }, {
724
- resource: string;
725
- matcher: "exact" | "prefix" | "regex";
726
- constraints?: Record<string, any> | undefined;
727
- }>, "many">;
728
- }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
729
- /** Optional budget constraint */
730
- budget: z.ZodOptional<z.ZodObject<{
731
- /** Unit of the budget */
732
- unit: z.ZodEnum<["USD", "ops", "points"]>;
733
- /** Cap/limit for the budget */
734
- cap: z.ZodNumber;
735
- /** Optional time window for the budget */
736
- window: z.ZodOptional<z.ZodObject<{
737
- /** Type of window (rolling or fixed) */
738
- kind: z.ZodEnum<["rolling", "fixed"]>;
739
- /** Duration in seconds */
740
- durationSec: z.ZodNumber;
741
- }, "strip", z.ZodTypeAny, {
742
- kind: "rolling" | "fixed";
743
- durationSec: number;
744
- }, {
745
- kind: "rolling" | "fixed";
746
- durationSec: number;
747
- }>>;
748
- }, "strip", z.ZodTypeAny, {
749
- unit: "USD" | "ops" | "points";
750
- cap: number;
751
- window?: {
752
- kind: "rolling" | "fixed";
753
- durationSec: number;
754
- } | undefined;
755
- }, {
756
- unit: "USD" | "ops" | "points";
757
- cap: number;
758
- window?: {
759
- kind: "rolling" | "fixed";
760
- durationSec: number;
761
- } | undefined;
762
- }>>;
763
- /** Required: at least one scope */
764
- scopes: z.ZodArray<z.ZodObject<{
765
- /** Resource identifier (e.g., "api:users", "data:emails") */
766
- resource: z.ZodString;
767
- /** How to match the resource */
768
- matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
769
- /** Optional additional constraints on this scope */
770
- constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
771
- }, "strip", z.ZodTypeAny, {
772
- resource: string;
773
- matcher: "exact" | "prefix" | "regex";
774
- constraints?: Record<string, any> | undefined;
775
- }, {
776
- resource: string;
777
- matcher: "exact" | "prefix" | "regex";
778
- constraints?: Record<string, any> | undefined;
779
- }>, "many">;
780
- }, z.ZodTypeAny, "passthrough">>>;
781
- }, z.ZodTypeAny, "passthrough">, z.objectOutputType<{
782
- /** Not valid before (Unix timestamp in seconds) */
783
- notBefore: z.ZodOptional<z.ZodNumber>;
784
- /** Not valid after (Unix timestamp in seconds) */
785
- notAfter: z.ZodOptional<z.ZodNumber>;
786
- /** Simple scopes array (for Phase 1 bouncer - simplified model) */
787
- scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
788
- /** CRISP-specific constraints (full model) */
789
- crisp: z.ZodOptional<z.ZodObject<{
790
- /** Optional budget constraint */
791
- budget: z.ZodOptional<z.ZodObject<{
792
- /** Unit of the budget */
793
- unit: z.ZodEnum<["USD", "ops", "points"]>;
794
- /** Cap/limit for the budget */
795
- cap: z.ZodNumber;
796
- /** Optional time window for the budget */
797
- window: z.ZodOptional<z.ZodObject<{
798
- /** Type of window (rolling or fixed) */
799
- kind: z.ZodEnum<["rolling", "fixed"]>;
800
- /** Duration in seconds */
801
- durationSec: z.ZodNumber;
802
- }, "strip", z.ZodTypeAny, {
803
- kind: "rolling" | "fixed";
804
- durationSec: number;
805
- }, {
806
- kind: "rolling" | "fixed";
807
- durationSec: number;
808
- }>>;
809
- }, "strip", z.ZodTypeAny, {
810
- unit: "USD" | "ops" | "points";
811
- cap: number;
812
- window?: {
813
- kind: "rolling" | "fixed";
814
- durationSec: number;
815
- } | undefined;
816
- }, {
817
- unit: "USD" | "ops" | "points";
818
- cap: number;
819
- window?: {
820
- kind: "rolling" | "fixed";
821
- durationSec: number;
822
- } | undefined;
823
- }>>;
824
- /** Required: at least one scope */
825
- scopes: z.ZodArray<z.ZodObject<{
826
- /** Resource identifier (e.g., "api:users", "data:emails") */
827
- resource: z.ZodString;
828
- /** How to match the resource */
829
- matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
830
- /** Optional additional constraints on this scope */
831
- constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
832
- }, "strip", z.ZodTypeAny, {
833
- resource: string;
834
- matcher: "exact" | "prefix" | "regex";
835
- constraints?: Record<string, any> | undefined;
836
- }, {
837
- resource: string;
838
- matcher: "exact" | "prefix" | "regex";
839
- constraints?: Record<string, any> | undefined;
840
- }>, "many">;
841
- }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
842
- /** Optional budget constraint */
843
- budget: z.ZodOptional<z.ZodObject<{
844
- /** Unit of the budget */
845
- unit: z.ZodEnum<["USD", "ops", "points"]>;
846
- /** Cap/limit for the budget */
847
- cap: z.ZodNumber;
848
- /** Optional time window for the budget */
849
- window: z.ZodOptional<z.ZodObject<{
850
- /** Type of window (rolling or fixed) */
851
- kind: z.ZodEnum<["rolling", "fixed"]>;
852
- /** Duration in seconds */
853
- durationSec: z.ZodNumber;
854
- }, "strip", z.ZodTypeAny, {
855
- kind: "rolling" | "fixed";
856
- durationSec: number;
857
- }, {
858
- kind: "rolling" | "fixed";
859
- durationSec: number;
860
- }>>;
861
- }, "strip", z.ZodTypeAny, {
862
- unit: "USD" | "ops" | "points";
863
- cap: number;
864
- window?: {
865
- kind: "rolling" | "fixed";
866
- durationSec: number;
867
- } | undefined;
868
- }, {
869
- unit: "USD" | "ops" | "points";
870
- cap: number;
871
- window?: {
872
- kind: "rolling" | "fixed";
873
- durationSec: number;
874
- } | undefined;
875
- }>>;
876
- /** Required: at least one scope */
877
- scopes: z.ZodArray<z.ZodObject<{
878
- /** Resource identifier (e.g., "api:users", "data:emails") */
879
- resource: z.ZodString;
880
- /** How to match the resource */
881
- matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
882
- /** Optional additional constraints on this scope */
883
- constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
884
- }, "strip", z.ZodTypeAny, {
885
- resource: string;
886
- matcher: "exact" | "prefix" | "regex";
887
- constraints?: Record<string, any> | undefined;
888
- }, {
889
- resource: string;
890
- matcher: "exact" | "prefix" | "regex";
891
- constraints?: Record<string, any> | undefined;
892
- }>, "many">;
893
- }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
894
- /** Optional budget constraint */
895
- budget: z.ZodOptional<z.ZodObject<{
896
- /** Unit of the budget */
897
- unit: z.ZodEnum<["USD", "ops", "points"]>;
898
- /** Cap/limit for the budget */
899
- cap: z.ZodNumber;
900
- /** Optional time window for the budget */
901
- window: z.ZodOptional<z.ZodObject<{
902
- /** Type of window (rolling or fixed) */
903
- kind: z.ZodEnum<["rolling", "fixed"]>;
904
- /** Duration in seconds */
905
- durationSec: z.ZodNumber;
906
- }, "strip", z.ZodTypeAny, {
907
- kind: "rolling" | "fixed";
908
- durationSec: number;
909
- }, {
910
- kind: "rolling" | "fixed";
911
- durationSec: number;
912
- }>>;
913
- }, "strip", z.ZodTypeAny, {
914
- unit: "USD" | "ops" | "points";
915
- cap: number;
916
- window?: {
917
- kind: "rolling" | "fixed";
918
- durationSec: number;
919
- } | undefined;
920
- }, {
921
- unit: "USD" | "ops" | "points";
922
- cap: number;
923
- window?: {
924
- kind: "rolling" | "fixed";
925
- durationSec: number;
926
- } | undefined;
927
- }>>;
928
- /** Required: at least one scope */
929
- scopes: z.ZodArray<z.ZodObject<{
930
- /** Resource identifier (e.g., "api:users", "data:emails") */
931
- resource: z.ZodString;
932
- /** How to match the resource */
933
- matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
934
- /** Optional additional constraints on this scope */
935
- constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
936
- }, "strip", z.ZodTypeAny, {
937
- resource: string;
938
- matcher: "exact" | "prefix" | "regex";
939
- constraints?: Record<string, any> | undefined;
940
- }, {
941
- resource: string;
942
- matcher: "exact" | "prefix" | "regex";
943
- constraints?: Record<string, any> | undefined;
944
- }>, "many">;
945
- }, z.ZodTypeAny, "passthrough">>>;
946
- }, z.ZodTypeAny, "passthrough">>;
947
- /**
948
- * Check if constraints have a valid time range
949
- *
950
- * @param constraints - The constraints to check
951
- * @returns true if time range is valid or no time range specified
952
- */
953
- export declare function hasValidTimeRange(constraints: DelegationConstraints): boolean;
954
- /**
955
- * Check if child constraints are within parent constraints
956
- *
957
- * This performs basic structural checks. Full chain validation
958
- * requires runtime implementation.
959
- *
960
- * @param parent - Parent delegation constraints
961
- * @param child - Child delegation constraints
962
- * @returns true if child is within parent bounds
963
- */
964
- export declare function areChildConstraintsValid(parent: DelegationConstraints, child: DelegationConstraints): boolean;
965
- /**
966
- * Check if a resource matches a scope
967
- *
968
- * @param resource - The resource to check
969
- * @param scope - The scope to match against
970
- * @returns true if resource matches scope
971
- */
972
- export declare function doesResourceMatchScope(resource: string, scope: CrispScope): boolean;
973
- /**
974
- * Constants
975
- */
976
- /**
977
- * Supported currency types
978
- */
979
- export declare const SUPPORTED_CURRENCIES: Currency[];
980
- /**
981
- * Supported scope matchers
982
- */
983
- export declare const SUPPORTED_MATCHERS: ScopeMatcher[];
984
- /**
985
- * Maximum reasonable budget cap (for validation)
986
- */
987
- export declare const MAX_BUDGET_CAP: number;
988
- /**
989
- * Maximum reasonable window duration (10 years in seconds)
990
- */
991
- export declare const MAX_WINDOW_DURATION_SEC: number;
992
- //# sourceMappingURL=constraints.d.ts.map