@kya-os/contracts 1.3.4 → 1.3.5

package/dist/test.js

@@ -0,0 +1,83 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TEST_ERROR_CODES = exports.TEST_KEY_IDS = exports.TEST_DIDS = exports.LocalVerificationResultSchema = exports.MockIdentityProviderConfigSchema = exports.MockKTAFailureTypeSchema = exports.MockDelegationStatusSchema = exports.MockIdentitySchema = exports.TestEnvironmentSchema = void 0;
+exports.isTestEnvironment = isTestEnvironment;
+exports.getTestSeed = getTestSeed;
+const zod_1 = require("zod");
+exports.TestEnvironmentSchema = zod_1.z.object({
+    mode: zod_1.z.literal("test"),
+    seed: zod_1.z.string().optional(),
+    deterministicKeys: zod_1.z.boolean().default(true),
+    skipKTACalls: zod_1.z.boolean().default(true),
+});
+exports.MockIdentitySchema = zod_1.z.object({
+    did: zod_1.z.string(),
+    kid: zod_1.z.string(),
+    privateKey: zod_1.z.string().regex(/^[A-Za-z0-9+/]{43}=$/, "Must be a valid base64-encoded Ed25519 private key (44 characters)"),
+    publicKey: zod_1.z.string().regex(/^[A-Za-z0-9+/]{43}=$/, "Must be a valid base64-encoded Ed25519 public key (44 characters)"),
+    createdAt: zod_1.z.string(),
+    lastRotated: zod_1.z.string().optional(),
+});
+exports.MockDelegationStatusSchema = zod_1.z.enum([
+    "active",
+    "revoked",
+    "pending",
+]);
+exports.MockKTAFailureTypeSchema = zod_1.z.enum([
+    "network",
+    "auth",
+    "invalid",
+    "timeout",
+]);
+exports.MockIdentityProviderConfigSchema = zod_1.z.object({
+    identities: zod_1.z.record(zod_1.z.string(), exports.MockIdentitySchema),
+    delegations: zod_1.z.record(zod_1.z.string(), exports.MockDelegationStatusSchema),
+    ktaFailures: zod_1.z.array(exports.MockKTAFailureTypeSchema).default([]),
+    deterministicSeed: zod_1.z.string().optional(),
+});
+exports.LocalVerificationResultSchema = zod_1.z.object({
+    valid: zod_1.z.boolean(),
+    did: zod_1.z.string().optional(),
+    kid: zod_1.z.string().optional(),
+    signature: zod_1.z.object({
+        valid: zod_1.z.boolean(),
+        algorithm: zod_1.z.string(),
+        error: zod_1.z.string().optional(),
+    }),
+    proof: zod_1.z.object({
+        valid: zod_1.z.boolean(),
+        structure: zod_1.z.boolean(),
+        timestamps: zod_1.z.boolean(),
+        hashes: zod_1.z.boolean(),
+        error: zod_1.z.string().optional(),
+    }),
+    session: zod_1.z.object({
+        valid: zod_1.z.boolean(),
+        expired: zod_1.z.boolean(),
+        error: zod_1.z.string().optional(),
+    }),
+    errors: zod_1.z.array(zod_1.z.string()).default([]),
+    warnings: zod_1.z.array(zod_1.z.string()).default([]),
+});
+exports.TEST_DIDS = {
+    AGENT_1: "did:test:agent-1",
+    AGENT_2: "did:test:agent-2",
+    VERIFIER_1: "did:test:verifier-1",
+};
+exports.TEST_KEY_IDS = {
+    KEY_TEST_1: "key-test-1",
+    KEY_TEST_2: "key-test-2",
+    KEY_VERIFIER_1: "key-verifier-1",
+};
+function isTestEnvironment() {
+    return process.env.XMCP_ENV === "test";
+}
+function getTestSeed(testName) {
+    return process.env.XMCP_TEST_SEED || testName || "default-test-seed";
+}
+exports.TEST_ERROR_CODES = {
+    MOCK_KTA_FAILURE: "XMCP_I_TEST_MOCK_KTA_FAILURE",
+    DETERMINISTIC_KEY_GENERATION_FAILED: "XMCP_I_TEST_DETERMINISTIC_KEY_FAILED",
+    LOCAL_VERIFICATION_FAILED: "XMCP_I_TEST_LOCAL_VERIFICATION_FAILED",
+    INVALID_TEST_CONFIGURATION: "XMCP_I_TEST_INVALID_CONFIG",
+};

package/dist/utils/validation.d.ts

@@ -0,0 +1,14 @@
+import { z } from "zod";
+export interface ValidationResult<T = any> {
+    valid: boolean;
+    data?: T;
+    errors: string[];
+}
+export declare function validateInput<T>(schema: z.ZodSchema<T>, data: unknown, context?: string): ValidationResult<T>;
+export declare function hasRequiredProperties(obj: any, properties: string[], context?: string): ValidationResult;
+export declare const StringValidators: {
+    did: (value: string) => boolean;
+    kid: (value: string) => boolean;
+    url: (value: string) => boolean;
+    projectName: (value: string) => boolean;
+};

package/dist/utils/validation.js

@@ -0,0 +1,56 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.StringValidators = void 0;
+exports.validateInput = validateInput;
+exports.hasRequiredProperties = hasRequiredProperties;
+function validateInput(schema, data, context) {
+    const result = schema.safeParse(data);
+    if (result.success) {
+        return {
+            valid: true,
+            data: result.data,
+            errors: [],
+        };
+    }
+    const errors = result.error.errors.map((err) => {
+        const path = err.path.length > 0 ? ` at ${err.path.join(".")}` : "";
+        const contextStr = context ? ` (${context})` : "";
+        return `${err.message}${path}${contextStr}`;
+    });
+    return {
+        valid: false,
+        errors,
+    };
+}
+function hasRequiredProperties(obj, properties, context) {
+    if (typeof obj !== "object" || obj === null) {
+        return {
+            valid: false,
+            errors: [`Expected object${context ? ` for ${context}` : ""}`],
+        };
+    }
+    const missing = properties.filter((prop) => !(prop in obj));
+    if (missing.length > 0) {
+        return {
+            valid: false,
+            errors: [
+                `Missing required properties: ${missing.join(", ")}${context ? ` in ${context}` : ""}`,
+            ],
+        };
+    }
+    return { valid: true, errors: [] };
+}
+exports.StringValidators = {
+    did: (value) => /^did:[a-z0-9]+:[a-zA-Z0-9._-]+$/.test(value),
+    kid: (value) => /^[a-zA-Z0-9._-]+$/.test(value),
+    url: (value) => {
+        try {
+            new URL(value);
+            return true;
+        }
+        catch {
+            return false;
+        }
+    },
+    projectName: (value) => /^[a-z0-9-]+$/.test(value) && value.length >= 1 && value.length <= 214,
+};

package/dist/verifier.d.ts

@@ -0,0 +1,202 @@
+import { z } from "zod";
+export declare const AgentContextSchema: z.ZodObject<{
+    did: z.ZodString;
+    kid: z.ZodString;
+    subject: z.ZodOptional<z.ZodString>;
+    scopes: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
+    session: z.ZodString;
+    confidence: z.ZodLiteral<"verified">;
+    delegationRef: z.ZodOptional<z.ZodString>;
+    registry: z.ZodString;
+    verifiedAt: z.ZodNumber;
+}, "strip", z.ZodTypeAny, {
+    did: string;
+    kid: string;
+    session: string;
+    scopes: string[];
+    confidence: "verified";
+    registry: string;
+    verifiedAt: number;
+    delegationRef?: string | undefined;
+    subject?: string | undefined;
+}, {
+    did: string;
+    kid: string;
+    session: string;
+    confidence: "verified";
+    registry: string;
+    verifiedAt: number;
+    delegationRef?: string | undefined;
+    subject?: string | undefined;
+    scopes?: string[] | undefined;
+}>;
+export declare const VerifierResultSchema: z.ZodObject<{
+    success: z.ZodBoolean;
+    headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
+    agentContext: z.ZodOptional<z.ZodObject<{
+        did: z.ZodString;
+        kid: z.ZodString;
+        subject: z.ZodOptional<z.ZodString>;
+        scopes: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
+        session: z.ZodString;
+        confidence: z.ZodLiteral<"verified">;
+        delegationRef: z.ZodOptional<z.ZodString>;
+        registry: z.ZodString;
+        verifiedAt: z.ZodNumber;
+    }, "strip", z.ZodTypeAny, {
+        did: string;
+        kid: string;
+        session: string;
+        scopes: string[];
+        confidence: "verified";
+        registry: string;
+        verifiedAt: number;
+        delegationRef?: string | undefined;
+        subject?: string | undefined;
+    }, {
+        did: string;
+        kid: string;
+        session: string;
+        confidence: "verified";
+        registry: string;
+        verifiedAt: number;
+        delegationRef?: string | undefined;
+        subject?: string | undefined;
+        scopes?: string[] | undefined;
+    }>>;
+    error: z.ZodOptional<z.ZodObject<{
+        code: z.ZodString;
+        message: z.ZodString;
+        details: z.ZodOptional<z.ZodAny>;
+        httpStatus: z.ZodNumber;
+    }, "strip", z.ZodTypeAny, {
+        code: string;
+        message: string;
+        httpStatus: number;
+        details?: any;
+    }, {
+        code: string;
+        message: string;
+        httpStatus: number;
+        details?: any;
+    }>>;
+}, "strip", z.ZodTypeAny, {
+    success: boolean;
+    error?: {
+        code: string;
+        message: string;
+        httpStatus: number;
+        details?: any;
+    } | undefined;
+    headers?: Record<string, string> | undefined;
+    agentContext?: {
+        did: string;
+        kid: string;
+        session: string;
+        scopes: string[];
+        confidence: "verified";
+        registry: string;
+        verifiedAt: number;
+        delegationRef?: string | undefined;
+        subject?: string | undefined;
+    } | undefined;
+}, {
+    success: boolean;
+    error?: {
+        code: string;
+        message: string;
+        httpStatus: number;
+        details?: any;
+    } | undefined;
+    headers?: Record<string, string> | undefined;
+    agentContext?: {
+        did: string;
+        kid: string;
+        session: string;
+        confidence: "verified";
+        registry: string;
+        verifiedAt: number;
+        delegationRef?: string | undefined;
+        subject?: string | undefined;
+        scopes?: string[] | undefined;
+    } | undefined;
+}>;
+export declare const StructuredErrorSchema: z.ZodObject<{
+    code: z.ZodString;
+    message: z.ZodString;
+    httpStatus: z.ZodNumber;
+    details: z.ZodOptional<z.ZodObject<{
+        reason: z.ZodOptional<z.ZodString>;
+        expected: z.ZodOptional<z.ZodAny>;
+        received: z.ZodOptional<z.ZodAny>;
+        remediation: z.ZodOptional<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        expected?: any;
+        received?: any;
+        reason?: string | undefined;
+        remediation?: string | undefined;
+    }, {
+        expected?: any;
+        received?: any;
+        reason?: string | undefined;
+        remediation?: string | undefined;
+    }>>;
+}, "strip", z.ZodTypeAny, {
+    code: string;
+    message: string;
+    httpStatus: number;
+    details?: {
+        expected?: any;
+        received?: any;
+        reason?: string | undefined;
+        remediation?: string | undefined;
+    } | undefined;
+}, {
+    code: string;
+    message: string;
+    httpStatus: number;
+    details?: {
+        expected?: any;
+        received?: any;
+        reason?: string | undefined;
+        remediation?: string | undefined;
+    } | undefined;
+}>;
+export type AgentContext = z.infer<typeof AgentContextSchema>;
+export type VerifierResult = z.infer<typeof VerifierResultSchema>;
+export type StructuredError = z.infer<typeof StructuredErrorSchema>;
+export declare const AGENT_HEADERS: {
+    readonly DID: "X-Agent-DID";
+    readonly KEY_ID: "X-Agent-KeyId";
+    readonly SUBJECT: "X-Agent-Subject";
+    readonly SCOPES: "X-Agent-Scopes";
+    readonly SESSION: "X-Agent-Session";
+    readonly CONFIDENCE: "X-Agent-Confidence";
+    readonly DELEGATION_REF: "X-Agent-Delegation-Ref";
+    readonly REGISTRY: "X-Agent-Registry";
+    readonly VERIFIED_AT: "X-Agent-Verified-At";
+};
+export declare const VERIFIER_ERROR_CODES: {
+    readonly PROOF_INVALID_TS: "XMCP_I_PROOF_INVALID_TS";
+    readonly PROOF_FUTURE_TS: "XMCP_I_PROOF_FUTURE_TS";
+    readonly PROOF_TOO_OLD: "XMCP_I_PROOF_TOO_OLD";
+    readonly PROOF_SKEW_EXCEEDED: "XMCP_I_PROOF_SKEW_EXCEEDED";
+    readonly SESSION_IDLE_EXPIRED: "XMCP_I_SESSION_IDLE_EXPIRED";
+    readonly SERVER_TIME_INVALID: "XMCP_I_SERVER_TIME_INVALID";
+};
+export declare const ERROR_HTTP_STATUS: {
+    readonly XMCP_I_EBADPROOF: 403;
+    readonly XMCP_I_ENOIDENTITY: 500;
+    readonly XMCP_I_EMIRRORPENDING: 200;
+    readonly XMCP_I_EHANDSHAKE: 401;
+    readonly XMCP_I_ESESSION: 401;
+    readonly XMCP_I_ECLAIM: 400;
+    readonly XMCP_I_ECONFIG: 500;
+    readonly XMCP_I_ERUNTIME: 500;
+    readonly XMCP_I_PROOF_INVALID_TS: 403;
+    readonly XMCP_I_PROOF_FUTURE_TS: 403;
+    readonly XMCP_I_PROOF_TOO_OLD: 403;
+    readonly XMCP_I_PROOF_SKEW_EXCEEDED: 401;
+    readonly XMCP_I_SESSION_IDLE_EXPIRED: 401;
+    readonly XMCP_I_SERVER_TIME_INVALID: 500;
+};

package/dist/verifier.js

@@ -0,0 +1,76 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ERROR_HTTP_STATUS = exports.VERIFIER_ERROR_CODES = exports.AGENT_HEADERS = exports.StructuredErrorSchema = exports.VerifierResultSchema = exports.AgentContextSchema = void 0;
+const zod_1 = require("zod");
+exports.AgentContextSchema = zod_1.z.object({
+    did: zod_1.z.string().min(1),
+    kid: zod_1.z.string().min(1),
+    subject: zod_1.z.string().optional(),
+    scopes: zod_1.z.array(zod_1.z.string()).default([]),
+    session: zod_1.z.string().min(1),
+    confidence: zod_1.z.literal("verified"),
+    delegationRef: zod_1.z.string().optional(),
+    registry: zod_1.z.string().url(),
+    verifiedAt: zod_1.z.number().int().positive(),
+});
+exports.VerifierResultSchema = zod_1.z.object({
+    success: zod_1.z.boolean(),
+    headers: zod_1.z.record(zod_1.z.string()).optional(),
+    agentContext: exports.AgentContextSchema.optional(),
+    error: zod_1.z
+        .object({
+        code: zod_1.z.string(),
+        message: zod_1.z.string(),
+        details: zod_1.z.any().optional(),
+        httpStatus: zod_1.z.number().int().min(400).max(599),
+    })
+        .optional(),
+});
+exports.StructuredErrorSchema = zod_1.z.object({
+    code: zod_1.z.string(),
+    message: zod_1.z.string(),
+    httpStatus: zod_1.z.number().int().min(400).max(599),
+    details: zod_1.z
+        .object({
+        reason: zod_1.z.string().optional(),
+        expected: zod_1.z.any().optional(),
+        received: zod_1.z.any().optional(),
+        remediation: zod_1.z.string().optional(),
+    })
+        .optional(),
+});
+exports.AGENT_HEADERS = {
+    DID: "X-Agent-DID",
+    KEY_ID: "X-Agent-KeyId",
+    SUBJECT: "X-Agent-Subject",
+    SCOPES: "X-Agent-Scopes",
+    SESSION: "X-Agent-Session",
+    CONFIDENCE: "X-Agent-Confidence",
+    DELEGATION_REF: "X-Agent-Delegation-Ref",
+    REGISTRY: "X-Agent-Registry",
+    VERIFIED_AT: "X-Agent-Verified-At",
+};
+exports.VERIFIER_ERROR_CODES = {
+    PROOF_INVALID_TS: "XMCP_I_PROOF_INVALID_TS",
+    PROOF_FUTURE_TS: "XMCP_I_PROOF_FUTURE_TS",
+    PROOF_TOO_OLD: "XMCP_I_PROOF_TOO_OLD",
+    PROOF_SKEW_EXCEEDED: "XMCP_I_PROOF_SKEW_EXCEEDED",
+    SESSION_IDLE_EXPIRED: "XMCP_I_SESSION_IDLE_EXPIRED",
+    SERVER_TIME_INVALID: "XMCP_I_SERVER_TIME_INVALID",
+};
+exports.ERROR_HTTP_STATUS = {
+    XMCP_I_EBADPROOF: 403,
+    XMCP_I_ENOIDENTITY: 500,
+    XMCP_I_EMIRRORPENDING: 200,
+    XMCP_I_EHANDSHAKE: 401,
+    XMCP_I_ESESSION: 401,
+    XMCP_I_ECLAIM: 400,
+    XMCP_I_ECONFIG: 500,
+    XMCP_I_ERUNTIME: 500,
+    [exports.VERIFIER_ERROR_CODES.PROOF_INVALID_TS]: 403,
+    [exports.VERIFIER_ERROR_CODES.PROOF_FUTURE_TS]: 403,
+    [exports.VERIFIER_ERROR_CODES.PROOF_TOO_OLD]: 403,
+    [exports.VERIFIER_ERROR_CODES.PROOF_SKEW_EXCEEDED]: 401,
+    [exports.VERIFIER_ERROR_CODES.SESSION_IDLE_EXPIRED]: 401,
+    [exports.VERIFIER_ERROR_CODES.SERVER_TIME_INVALID]: 500,
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@kya-os/contracts",
-  "version": "1.3.4",
+  "version": "1.3.5",
   "description": "Shared types and schemas for XMCP-I ecosystem",
   "type": "commonjs",
   "sideEffects": false,