@kya-os/contracts 1.5.2-canary.2 → 1.5.2-canary.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (97) hide show
  1. package/package.json +5 -5
  2. package/dist/agentshield-api/endpoints.d.ts +0 -51
  3. package/dist/agentshield-api/endpoints.js +0 -47
  4. package/dist/agentshield-api/index.d.ts +0 -13
  5. package/dist/agentshield-api/index.js +0 -37
  6. package/dist/agentshield-api/schemas.d.ts +0 -9985
  7. package/dist/agentshield-api/schemas.js +0 -164
  8. package/dist/agentshield-api/types.d.ts +0 -169
  9. package/dist/agentshield-api/types.js +0 -26
  10. package/dist/cli.d.ts +0 -388
  11. package/dist/cli.js +0 -121
  12. package/dist/config/base.d.ts +0 -96
  13. package/dist/config/base.js +0 -11
  14. package/dist/config/builder.d.ts +0 -34
  15. package/dist/config/builder.js +0 -75
  16. package/dist/config/delegation.d.ts +0 -194
  17. package/dist/config/delegation.js +0 -10
  18. package/dist/config/identity.d.ts +0 -117
  19. package/dist/config/identity.js +0 -11
  20. package/dist/config/index.d.ts +0 -35
  21. package/dist/config/index.js +0 -15
  22. package/dist/config/proofing.d.ts +0 -120
  23. package/dist/config/proofing.js +0 -10
  24. package/dist/config/tool-protection.d.ts +0 -139
  25. package/dist/config/tool-protection.js +0 -10
  26. package/dist/consent/index.d.ts +0 -6
  27. package/dist/consent/index.js +0 -22
  28. package/dist/consent/schemas.d.ts +0 -738
  29. package/dist/consent/schemas.js +0 -186
  30. package/dist/consent/types.d.ts +0 -155
  31. package/dist/consent/types.js +0 -10
  32. package/dist/dashboard-config/default-config.d.ts +0 -50
  33. package/dist/dashboard-config/default-config.js +0 -241
  34. package/dist/dashboard-config/index.d.ts +0 -11
  35. package/dist/dashboard-config/index.js +0 -36
  36. package/dist/dashboard-config/schemas.d.ts +0 -5905
  37. package/dist/dashboard-config/schemas.js +0 -255
  38. package/dist/dashboard-config/types.d.ts +0 -338
  39. package/dist/dashboard-config/types.js +0 -11
  40. package/dist/delegation/constraints.d.ts +0 -1022
  41. package/dist/delegation/constraints.js +0 -219
  42. package/dist/delegation/index.d.ts +0 -7
  43. package/dist/delegation/index.js +0 -24
  44. package/dist/delegation/schemas.d.ts +0 -8458
  45. package/dist/delegation/schemas.js +0 -476
  46. package/dist/did/index.d.ts +0 -8
  47. package/dist/did/index.js +0 -24
  48. package/dist/did/resolve-contract.d.ts +0 -219
  49. package/dist/did/resolve-contract.js +0 -31
  50. package/dist/did/schemas.d.ts +0 -112
  51. package/dist/did/schemas.js +0 -172
  52. package/dist/did/types.d.ts +0 -163
  53. package/dist/did/types.js +0 -70
  54. package/dist/env/constants.d.ts +0 -57
  55. package/dist/env/constants.js +0 -59
  56. package/dist/env/index.d.ts +0 -4
  57. package/dist/env/index.js +0 -20
  58. package/dist/handshake.d.ts +0 -167
  59. package/dist/handshake.js +0 -60
  60. package/dist/index.d.ts +0 -25
  61. package/dist/index.js +0 -55
  62. package/dist/proof/index.d.ts +0 -8
  63. package/dist/proof/index.js +0 -24
  64. package/dist/proof/proof-record.d.ts +0 -837
  65. package/dist/proof/proof-record.js +0 -133
  66. package/dist/proof/signing-spec.d.ts +0 -146
  67. package/dist/proof/signing-spec.js +0 -122
  68. package/dist/proof.d.ts +0 -415
  69. package/dist/proof.js +0 -83
  70. package/dist/registry.d.ts +0 -342
  71. package/dist/registry.js +0 -118
  72. package/dist/runtime/errors.d.ts +0 -347
  73. package/dist/runtime/errors.js +0 -119
  74. package/dist/runtime/headers.d.ts +0 -83
  75. package/dist/runtime/headers.js +0 -81
  76. package/dist/runtime/index.d.ts +0 -5
  77. package/dist/runtime/index.js +0 -21
  78. package/dist/test.d.ts +0 -251
  79. package/dist/test.js +0 -119
  80. package/dist/tlkrc/index.d.ts +0 -4
  81. package/dist/tlkrc/index.js +0 -20
  82. package/dist/tlkrc/rotation.d.ts +0 -245
  83. package/dist/tlkrc/rotation.js +0 -126
  84. package/dist/tool-protection/index.d.ts +0 -227
  85. package/dist/tool-protection/index.js +0 -113
  86. package/dist/utils/validation.d.ts +0 -30
  87. package/dist/utils/validation.js +0 -69
  88. package/dist/vc/index.d.ts +0 -7
  89. package/dist/vc/index.js +0 -23
  90. package/dist/vc/schemas.d.ts +0 -2483
  91. package/dist/vc/schemas.js +0 -224
  92. package/dist/vc/statuslist.d.ts +0 -493
  93. package/dist/vc/statuslist.js +0 -132
  94. package/dist/verifier.d.ts +0 -205
  95. package/dist/verifier.js +0 -83
  96. package/dist/well-known/index.d.ts +0 -308
  97. package/dist/well-known/index.js +0 -134
package/dist/delegation/constraints.d.ts DELETED
@@ -1,1022 +0,0 @@
1
- /**
2
- * CRISP Delegation Constraints
3
- *
4
- * Types and schemas for CRISP (Constrained Resource Intent Specification Protocol)
5
- * constraints on delegations. CRISP enables fine-grained authorization control.
6
- *
7
- * Related Spec: MCP-I §4.2
8
- * Python Reference: Delegation-Documentation.md
9
- */
10
- import { z } from 'zod';
11
- /**
12
- * Currency types for CRISP budgets
13
- */
14
- export declare const CurrencySchema: z.ZodEnum<["USD", "ops", "points"]>;
15
- export type Currency = z.infer<typeof CurrencySchema>;
16
- /**
17
- * Window kind for budget enforcement
18
- */
19
- export declare const WindowKindSchema: z.ZodEnum<["rolling", "fixed"]>;
20
- export type WindowKind = z.infer<typeof WindowKindSchema>;
21
- /**
22
- * Budget Window Schema
23
- *
24
- * Defines the time window for budget enforcement
25
- */
26
- export declare const BudgetWindowSchema: z.ZodObject<{
27
- /** Type of window (rolling or fixed) */
28
- kind: z.ZodEnum<["rolling", "fixed"]>;
29
- /** Duration in seconds */
30
- durationSec: z.ZodNumber;
31
- }, "strip", z.ZodTypeAny, {
32
- kind: "rolling" | "fixed";
33
- durationSec: number;
34
- }, {
35
- kind: "rolling" | "fixed";
36
- durationSec: number;
37
- }>;
38
- export type BudgetWindow = z.infer<typeof BudgetWindowSchema>;
39
- /**
40
- * CRISP Budget Schema
41
- *
42
- * Defines spending/usage limits for a delegation
43
- */
44
- export declare const CrispBudgetSchema: z.ZodObject<{
45
- /** Unit of the budget */
46
- unit: z.ZodEnum<["USD", "ops", "points"]>;
47
- /** Cap/limit for the budget */
48
- cap: z.ZodNumber;
49
- /** Optional time window for the budget */
50
- window: z.ZodOptional<z.ZodObject<{
51
- /** Type of window (rolling or fixed) */
52
- kind: z.ZodEnum<["rolling", "fixed"]>;
53
- /** Duration in seconds */
54
- durationSec: z.ZodNumber;
55
- }, "strip", z.ZodTypeAny, {
56
- kind: "rolling" | "fixed";
57
- durationSec: number;
58
- }, {
59
- kind: "rolling" | "fixed";
60
- durationSec: number;
61
- }>>;
62
- }, "strip", z.ZodTypeAny, {
63
- unit: "USD" | "ops" | "points";
64
- cap: number;
65
- window?: {
66
- kind: "rolling" | "fixed";
67
- durationSec: number;
68
- } | undefined;
69
- }, {
70
- unit: "USD" | "ops" | "points";
71
- cap: number;
72
- window?: {
73
- kind: "rolling" | "fixed";
74
- durationSec: number;
75
- } | undefined;
76
- }>;
77
- export type CrispBudget = z.infer<typeof CrispBudgetSchema>;
78
- /**
79
- * Scope matcher types
80
- */
81
- export declare const ScopeMatcherSchema: z.ZodEnum<["exact", "prefix", "regex"]>;
82
- export type ScopeMatcher = z.infer<typeof ScopeMatcherSchema>;
83
- /**
84
- * CRISP Scope Schema
85
- *
86
- * Defines what resources/actions are allowed in a delegation
87
- */
88
- export declare const CrispScopeSchema: z.ZodObject<{
89
- /** Resource identifier (e.g., "api:users", "data:emails") */
90
- resource: z.ZodString;
91
- /** How to match the resource */
92
- matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
93
- /** Optional additional constraints on this scope */
94
- constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
95
- }, "strip", z.ZodTypeAny, {
96
- resource: string;
97
- matcher: "exact" | "prefix" | "regex";
98
- constraints?: Record<string, any> | undefined;
99
- }, {
100
- resource: string;
101
- matcher: "exact" | "prefix" | "regex";
102
- constraints?: Record<string, any> | undefined;
103
- }>;
104
- export type CrispScope = z.infer<typeof CrispScopeSchema>;
105
- /**
106
- * Delegation Constraints Schema (CRISP)
107
- *
108
- * Complete constraint specification for a delegation
109
- */
110
- export declare const DelegationConstraintsSchema: z.ZodObject<{
111
- /** Not valid before (Unix timestamp in seconds) */
112
- notBefore: z.ZodOptional<z.ZodNumber>;
113
- /** Not valid after (Unix timestamp in seconds) */
114
- notAfter: z.ZodOptional<z.ZodNumber>;
115
- /** Simple scopes array (for Phase 1 bouncer - simplified model) */
116
- scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
117
- /**
118
- * Optional target server DID(s) for this delegation
119
- * If omitted, delegation is valid on any server accepting the scopes
120
- * If specified, delegation is only valid on the specified server(s)
121
- */
122
- audience: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>>;
123
- /** CRISP-specific constraints (full model) */
124
- crisp: z.ZodOptional<z.ZodObject<{
125
- /** Optional budget constraint */
126
- budget: z.ZodOptional<z.ZodObject<{
127
- /** Unit of the budget */
128
- unit: z.ZodEnum<["USD", "ops", "points"]>;
129
- /** Cap/limit for the budget */
130
- cap: z.ZodNumber;
131
- /** Optional time window for the budget */
132
- window: z.ZodOptional<z.ZodObject<{
133
- /** Type of window (rolling or fixed) */
134
- kind: z.ZodEnum<["rolling", "fixed"]>;
135
- /** Duration in seconds */
136
- durationSec: z.ZodNumber;
137
- }, "strip", z.ZodTypeAny, {
138
- kind: "rolling" | "fixed";
139
- durationSec: number;
140
- }, {
141
- kind: "rolling" | "fixed";
142
- durationSec: number;
143
- }>>;
144
- }, "strip", z.ZodTypeAny, {
145
- unit: "USD" | "ops" | "points";
146
- cap: number;
147
- window?: {
148
- kind: "rolling" | "fixed";
149
- durationSec: number;
150
- } | undefined;
151
- }, {
152
- unit: "USD" | "ops" | "points";
153
- cap: number;
154
- window?: {
155
- kind: "rolling" | "fixed";
156
- durationSec: number;
157
- } | undefined;
158
- }>>;
159
- /** Required: at least one scope */
160
- scopes: z.ZodArray<z.ZodObject<{
161
- /** Resource identifier (e.g., "api:users", "data:emails") */
162
- resource: z.ZodString;
163
- /** How to match the resource */
164
- matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
165
- /** Optional additional constraints on this scope */
166
- constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
167
- }, "strip", z.ZodTypeAny, {
168
- resource: string;
169
- matcher: "exact" | "prefix" | "regex";
170
- constraints?: Record<string, any> | undefined;
171
- }, {
172
- resource: string;
173
- matcher: "exact" | "prefix" | "regex";
174
- constraints?: Record<string, any> | undefined;
175
- }>, "many">;
176
- }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
177
- /** Optional budget constraint */
178
- budget: z.ZodOptional<z.ZodObject<{
179
- /** Unit of the budget */
180
- unit: z.ZodEnum<["USD", "ops", "points"]>;
181
- /** Cap/limit for the budget */
182
- cap: z.ZodNumber;
183
- /** Optional time window for the budget */
184
- window: z.ZodOptional<z.ZodObject<{
185
- /** Type of window (rolling or fixed) */
186
- kind: z.ZodEnum<["rolling", "fixed"]>;
187
- /** Duration in seconds */
188
- durationSec: z.ZodNumber;
189
- }, "strip", z.ZodTypeAny, {
190
- kind: "rolling" | "fixed";
191
- durationSec: number;
192
- }, {
193
- kind: "rolling" | "fixed";
194
- durationSec: number;
195
- }>>;
196
- }, "strip", z.ZodTypeAny, {
197
- unit: "USD" | "ops" | "points";
198
- cap: number;
199
- window?: {
200
- kind: "rolling" | "fixed";
201
- durationSec: number;
202
- } | undefined;
203
- }, {
204
- unit: "USD" | "ops" | "points";
205
- cap: number;
206
- window?: {
207
- kind: "rolling" | "fixed";
208
- durationSec: number;
209
- } | undefined;
210
- }>>;
211
- /** Required: at least one scope */
212
- scopes: z.ZodArray<z.ZodObject<{
213
- /** Resource identifier (e.g., "api:users", "data:emails") */
214
- resource: z.ZodString;
215
- /** How to match the resource */
216
- matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
217
- /** Optional additional constraints on this scope */
218
- constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
219
- }, "strip", z.ZodTypeAny, {
220
- resource: string;
221
- matcher: "exact" | "prefix" | "regex";
222
- constraints?: Record<string, any> | undefined;
223
- }, {
224
- resource: string;
225
- matcher: "exact" | "prefix" | "regex";
226
- constraints?: Record<string, any> | undefined;
227
- }>, "many">;
228
- }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
229
- /** Optional budget constraint */
230
- budget: z.ZodOptional<z.ZodObject<{
231
- /** Unit of the budget */
232
- unit: z.ZodEnum<["USD", "ops", "points"]>;
233
- /** Cap/limit for the budget */
234
- cap: z.ZodNumber;
235
- /** Optional time window for the budget */
236
- window: z.ZodOptional<z.ZodObject<{
237
- /** Type of window (rolling or fixed) */
238
- kind: z.ZodEnum<["rolling", "fixed"]>;
239
- /** Duration in seconds */
240
- durationSec: z.ZodNumber;
241
- }, "strip", z.ZodTypeAny, {
242
- kind: "rolling" | "fixed";
243
- durationSec: number;
244
- }, {
245
- kind: "rolling" | "fixed";
246
- durationSec: number;
247
- }>>;
248
- }, "strip", z.ZodTypeAny, {
249
- unit: "USD" | "ops" | "points";
250
- cap: number;
251
- window?: {
252
- kind: "rolling" | "fixed";
253
- durationSec: number;
254
- } | undefined;
255
- }, {
256
- unit: "USD" | "ops" | "points";
257
- cap: number;
258
- window?: {
259
- kind: "rolling" | "fixed";
260
- durationSec: number;
261
- } | undefined;
262
- }>>;
263
- /** Required: at least one scope */
264
- scopes: z.ZodArray<z.ZodObject<{
265
- /** Resource identifier (e.g., "api:users", "data:emails") */
266
- resource: z.ZodString;
267
- /** How to match the resource */
268
- matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
269
- /** Optional additional constraints on this scope */
270
- constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
271
- }, "strip", z.ZodTypeAny, {
272
- resource: string;
273
- matcher: "exact" | "prefix" | "regex";
274
- constraints?: Record<string, any> | undefined;
275
- }, {
276
- resource: string;
277
- matcher: "exact" | "prefix" | "regex";
278
- constraints?: Record<string, any> | undefined;
279
- }>, "many">;
280
- }, z.ZodTypeAny, "passthrough">>>;
281
- }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
282
- /** Not valid before (Unix timestamp in seconds) */
283
- notBefore: z.ZodOptional<z.ZodNumber>;
284
- /** Not valid after (Unix timestamp in seconds) */
285
- notAfter: z.ZodOptional<z.ZodNumber>;
286
- /** Simple scopes array (for Phase 1 bouncer - simplified model) */
287
- scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
288
- /**
289
- * Optional target server DID(s) for this delegation
290
- * If omitted, delegation is valid on any server accepting the scopes
291
- * If specified, delegation is only valid on the specified server(s)
292
- */
293
- audience: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>>;
294
- /** CRISP-specific constraints (full model) */
295
- crisp: z.ZodOptional<z.ZodObject<{
296
- /** Optional budget constraint */
297
- budget: z.ZodOptional<z.ZodObject<{
298
- /** Unit of the budget */
299
- unit: z.ZodEnum<["USD", "ops", "points"]>;
300
- /** Cap/limit for the budget */
301
- cap: z.ZodNumber;
302
- /** Optional time window for the budget */
303
- window: z.ZodOptional<z.ZodObject<{
304
- /** Type of window (rolling or fixed) */
305
- kind: z.ZodEnum<["rolling", "fixed"]>;
306
- /** Duration in seconds */
307
- durationSec: z.ZodNumber;
308
- }, "strip", z.ZodTypeAny, {
309
- kind: "rolling" | "fixed";
310
- durationSec: number;
311
- }, {
312
- kind: "rolling" | "fixed";
313
- durationSec: number;
314
- }>>;
315
- }, "strip", z.ZodTypeAny, {
316
- unit: "USD" | "ops" | "points";
317
- cap: number;
318
- window?: {
319
- kind: "rolling" | "fixed";
320
- durationSec: number;
321
- } | undefined;
322
- }, {
323
- unit: "USD" | "ops" | "points";
324
- cap: number;
325
- window?: {
326
- kind: "rolling" | "fixed";
327
- durationSec: number;
328
- } | undefined;
329
- }>>;
330
- /** Required: at least one scope */
331
- scopes: z.ZodArray<z.ZodObject<{
332
- /** Resource identifier (e.g., "api:users", "data:emails") */
333
- resource: z.ZodString;
334
- /** How to match the resource */
335
- matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
336
- /** Optional additional constraints on this scope */
337
- constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
338
- }, "strip", z.ZodTypeAny, {
339
- resource: string;
340
- matcher: "exact" | "prefix" | "regex";
341
- constraints?: Record<string, any> | undefined;
342
- }, {
343
- resource: string;
344
- matcher: "exact" | "prefix" | "regex";
345
- constraints?: Record<string, any> | undefined;
346
- }>, "many">;
347
- }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
348
- /** Optional budget constraint */
349
- budget: z.ZodOptional<z.ZodObject<{
350
- /** Unit of the budget */
351
- unit: z.ZodEnum<["USD", "ops", "points"]>;
352
- /** Cap/limit for the budget */
353
- cap: z.ZodNumber;
354
- /** Optional time window for the budget */
355
- window: z.ZodOptional<z.ZodObject<{
356
- /** Type of window (rolling or fixed) */
357
- kind: z.ZodEnum<["rolling", "fixed"]>;
358
- /** Duration in seconds */
359
- durationSec: z.ZodNumber;
360
- }, "strip", z.ZodTypeAny, {
361
- kind: "rolling" | "fixed";
362
- durationSec: number;
363
- }, {
364
- kind: "rolling" | "fixed";
365
- durationSec: number;
366
- }>>;
367
- }, "strip", z.ZodTypeAny, {
368
- unit: "USD" | "ops" | "points";
369
- cap: number;
370
- window?: {
371
- kind: "rolling" | "fixed";
372
- durationSec: number;
373
- } | undefined;
374
- }, {
375
- unit: "USD" | "ops" | "points";
376
- cap: number;
377
- window?: {
378
- kind: "rolling" | "fixed";
379
- durationSec: number;
380
- } | undefined;
381
- }>>;
382
- /** Required: at least one scope */
383
- scopes: z.ZodArray<z.ZodObject<{
384
- /** Resource identifier (e.g., "api:users", "data:emails") */
385
- resource: z.ZodString;
386
- /** How to match the resource */
387
- matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
388
- /** Optional additional constraints on this scope */
389
- constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
390
- }, "strip", z.ZodTypeAny, {
391
- resource: string;
392
- matcher: "exact" | "prefix" | "regex";
393
- constraints?: Record<string, any> | undefined;
394
- }, {
395
- resource: string;
396
- matcher: "exact" | "prefix" | "regex";
397
- constraints?: Record<string, any> | undefined;
398
- }>, "many">;
399
- }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
400
- /** Optional budget constraint */
401
- budget: z.ZodOptional<z.ZodObject<{
402
- /** Unit of the budget */
403
- unit: z.ZodEnum<["USD", "ops", "points"]>;
404
- /** Cap/limit for the budget */
405
- cap: z.ZodNumber;
406
- /** Optional time window for the budget */
407
- window: z.ZodOptional<z.ZodObject<{
408
- /** Type of window (rolling or fixed) */
409
- kind: z.ZodEnum<["rolling", "fixed"]>;
410
- /** Duration in seconds */
411
- durationSec: z.ZodNumber;
412
- }, "strip", z.ZodTypeAny, {
413
- kind: "rolling" | "fixed";
414
- durationSec: number;
415
- }, {
416
- kind: "rolling" | "fixed";
417
- durationSec: number;
418
- }>>;
419
- }, "strip", z.ZodTypeAny, {
420
- unit: "USD" | "ops" | "points";
421
- cap: number;
422
- window?: {
423
- kind: "rolling" | "fixed";
424
- durationSec: number;
425
- } | undefined;
426
- }, {
427
- unit: "USD" | "ops" | "points";
428
- cap: number;
429
- window?: {
430
- kind: "rolling" | "fixed";
431
- durationSec: number;
432
- } | undefined;
433
- }>>;
434
- /** Required: at least one scope */
435
- scopes: z.ZodArray<z.ZodObject<{
436
- /** Resource identifier (e.g., "api:users", "data:emails") */
437
- resource: z.ZodString;
438
- /** How to match the resource */
439
- matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
440
- /** Optional additional constraints on this scope */
441
- constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
442
- }, "strip", z.ZodTypeAny, {
443
- resource: string;
444
- matcher: "exact" | "prefix" | "regex";
445
- constraints?: Record<string, any> | undefined;
446
- }, {
447
- resource: string;
448
- matcher: "exact" | "prefix" | "regex";
449
- constraints?: Record<string, any> | undefined;
450
- }>, "many">;
451
- }, z.ZodTypeAny, "passthrough">>>;
452
- }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
453
- /** Not valid before (Unix timestamp in seconds) */
454
- notBefore: z.ZodOptional<z.ZodNumber>;
455
- /** Not valid after (Unix timestamp in seconds) */
456
- notAfter: z.ZodOptional<z.ZodNumber>;
457
- /** Simple scopes array (for Phase 1 bouncer - simplified model) */
458
- scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
459
- /**
460
- * Optional target server DID(s) for this delegation
461
- * If omitted, delegation is valid on any server accepting the scopes
462
- * If specified, delegation is only valid on the specified server(s)
463
- */
464
- audience: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>>;
465
- /** CRISP-specific constraints (full model) */
466
- crisp: z.ZodOptional<z.ZodObject<{
467
- /** Optional budget constraint */
468
- budget: z.ZodOptional<z.ZodObject<{
469
- /** Unit of the budget */
470
- unit: z.ZodEnum<["USD", "ops", "points"]>;
471
- /** Cap/limit for the budget */
472
- cap: z.ZodNumber;
473
- /** Optional time window for the budget */
474
- window: z.ZodOptional<z.ZodObject<{
475
- /** Type of window (rolling or fixed) */
476
- kind: z.ZodEnum<["rolling", "fixed"]>;
477
- /** Duration in seconds */
478
- durationSec: z.ZodNumber;
479
- }, "strip", z.ZodTypeAny, {
480
- kind: "rolling" | "fixed";
481
- durationSec: number;
482
- }, {
483
- kind: "rolling" | "fixed";
484
- durationSec: number;
485
- }>>;
486
- }, "strip", z.ZodTypeAny, {
487
- unit: "USD" | "ops" | "points";
488
- cap: number;
489
- window?: {
490
- kind: "rolling" | "fixed";
491
- durationSec: number;
492
- } | undefined;
493
- }, {
494
- unit: "USD" | "ops" | "points";
495
- cap: number;
496
- window?: {
497
- kind: "rolling" | "fixed";
498
- durationSec: number;
499
- } | undefined;
500
- }>>;
501
- /** Required: at least one scope */
502
- scopes: z.ZodArray<z.ZodObject<{
503
- /** Resource identifier (e.g., "api:users", "data:emails") */
504
- resource: z.ZodString;
505
- /** How to match the resource */
506
- matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
507
- /** Optional additional constraints on this scope */
508
- constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
509
- }, "strip", z.ZodTypeAny, {
510
- resource: string;
511
- matcher: "exact" | "prefix" | "regex";
512
- constraints?: Record<string, any> | undefined;
513
- }, {
514
- resource: string;
515
- matcher: "exact" | "prefix" | "regex";
516
- constraints?: Record<string, any> | undefined;
517
- }>, "many">;
518
- }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
519
- /** Optional budget constraint */
520
- budget: z.ZodOptional<z.ZodObject<{
521
- /** Unit of the budget */
522
- unit: z.ZodEnum<["USD", "ops", "points"]>;
523
- /** Cap/limit for the budget */
524
- cap: z.ZodNumber;
525
- /** Optional time window for the budget */
526
- window: z.ZodOptional<z.ZodObject<{
527
- /** Type of window (rolling or fixed) */
528
- kind: z.ZodEnum<["rolling", "fixed"]>;
529
- /** Duration in seconds */
530
- durationSec: z.ZodNumber;
531
- }, "strip", z.ZodTypeAny, {
532
- kind: "rolling" | "fixed";
533
- durationSec: number;
534
- }, {
535
- kind: "rolling" | "fixed";
536
- durationSec: number;
537
- }>>;
538
- }, "strip", z.ZodTypeAny, {
539
- unit: "USD" | "ops" | "points";
540
- cap: number;
541
- window?: {
542
- kind: "rolling" | "fixed";
543
- durationSec: number;
544
- } | undefined;
545
- }, {
546
- unit: "USD" | "ops" | "points";
547
- cap: number;
548
- window?: {
549
- kind: "rolling" | "fixed";
550
- durationSec: number;
551
- } | undefined;
552
- }>>;
553
- /** Required: at least one scope */
554
- scopes: z.ZodArray<z.ZodObject<{
555
- /** Resource identifier (e.g., "api:users", "data:emails") */
556
- resource: z.ZodString;
557
- /** How to match the resource */
558
- matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
559
- /** Optional additional constraints on this scope */
560
- constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
561
- }, "strip", z.ZodTypeAny, {
562
- resource: string;
563
- matcher: "exact" | "prefix" | "regex";
564
- constraints?: Record<string, any> | undefined;
565
- }, {
566
- resource: string;
567
- matcher: "exact" | "prefix" | "regex";
568
- constraints?: Record<string, any> | undefined;
569
- }>, "many">;
570
- }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
571
- /** Optional budget constraint */
572
- budget: z.ZodOptional<z.ZodObject<{
573
- /** Unit of the budget */
574
- unit: z.ZodEnum<["USD", "ops", "points"]>;
575
- /** Cap/limit for the budget */
576
- cap: z.ZodNumber;
577
- /** Optional time window for the budget */
578
- window: z.ZodOptional<z.ZodObject<{
579
- /** Type of window (rolling or fixed) */
580
- kind: z.ZodEnum<["rolling", "fixed"]>;
581
- /** Duration in seconds */
582
- durationSec: z.ZodNumber;
583
- }, "strip", z.ZodTypeAny, {
584
- kind: "rolling" | "fixed";
585
- durationSec: number;
586
- }, {
587
- kind: "rolling" | "fixed";
588
- durationSec: number;
589
- }>>;
590
- }, "strip", z.ZodTypeAny, {
591
- unit: "USD" | "ops" | "points";
592
- cap: number;
593
- window?: {
594
- kind: "rolling" | "fixed";
595
- durationSec: number;
596
- } | undefined;
597
- }, {
598
- unit: "USD" | "ops" | "points";
599
- cap: number;
600
- window?: {
601
- kind: "rolling" | "fixed";
602
- durationSec: number;
603
- } | undefined;
604
- }>>;
605
- /** Required: at least one scope */
606
- scopes: z.ZodArray<z.ZodObject<{
607
- /** Resource identifier (e.g., "api:users", "data:emails") */
608
- resource: z.ZodString;
609
- /** How to match the resource */
610
- matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
611
- /** Optional additional constraints on this scope */
612
- constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
613
- }, "strip", z.ZodTypeAny, {
614
- resource: string;
615
- matcher: "exact" | "prefix" | "regex";
616
- constraints?: Record<string, any> | undefined;
617
- }, {
618
- resource: string;
619
- matcher: "exact" | "prefix" | "regex";
620
- constraints?: Record<string, any> | undefined;
621
- }>, "many">;
622
- }, z.ZodTypeAny, "passthrough">>>;
623
- }, z.ZodTypeAny, "passthrough">>;
624
- export type DelegationConstraints = z.infer<typeof DelegationConstraintsSchema>;
625
- /**
626
- * Validation Helpers
627
- */
628
- /**
629
- * Validate delegation constraints
630
- *
631
- * @param constraints - The constraints to validate
632
- * @returns Validation result
633
- */
634
- export declare function validateDelegationConstraints(constraints: unknown): z.SafeParseReturnType<z.objectInputType<{
635
- /** Not valid before (Unix timestamp in seconds) */
636
- notBefore: z.ZodOptional<z.ZodNumber>;
637
- /** Not valid after (Unix timestamp in seconds) */
638
- notAfter: z.ZodOptional<z.ZodNumber>;
639
- /** Simple scopes array (for Phase 1 bouncer - simplified model) */
640
- scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
641
- /**
642
- * Optional target server DID(s) for this delegation
643
- * If omitted, delegation is valid on any server accepting the scopes
644
- * If specified, delegation is only valid on the specified server(s)
645
- */
646
- audience: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>>;
647
- /** CRISP-specific constraints (full model) */
648
- crisp: z.ZodOptional<z.ZodObject<{
649
- /** Optional budget constraint */
650
- budget: z.ZodOptional<z.ZodObject<{
651
- /** Unit of the budget */
652
- unit: z.ZodEnum<["USD", "ops", "points"]>;
653
- /** Cap/limit for the budget */
654
- cap: z.ZodNumber;
655
- /** Optional time window for the budget */
656
- window: z.ZodOptional<z.ZodObject<{
657
- /** Type of window (rolling or fixed) */
658
- kind: z.ZodEnum<["rolling", "fixed"]>;
659
- /** Duration in seconds */
660
- durationSec: z.ZodNumber;
661
- }, "strip", z.ZodTypeAny, {
662
- kind: "rolling" | "fixed";
663
- durationSec: number;
664
- }, {
665
- kind: "rolling" | "fixed";
666
- durationSec: number;
667
- }>>;
668
- }, "strip", z.ZodTypeAny, {
669
- unit: "USD" | "ops" | "points";
670
- cap: number;
671
- window?: {
672
- kind: "rolling" | "fixed";
673
- durationSec: number;
674
- } | undefined;
675
- }, {
676
- unit: "USD" | "ops" | "points";
677
- cap: number;
678
- window?: {
679
- kind: "rolling" | "fixed";
680
- durationSec: number;
681
- } | undefined;
682
- }>>;
683
- /** Required: at least one scope */
684
- scopes: z.ZodArray<z.ZodObject<{
685
- /** Resource identifier (e.g., "api:users", "data:emails") */
686
- resource: z.ZodString;
687
- /** How to match the resource */
688
- matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
689
- /** Optional additional constraints on this scope */
690
- constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
691
- }, "strip", z.ZodTypeAny, {
692
- resource: string;
693
- matcher: "exact" | "prefix" | "regex";
694
- constraints?: Record<string, any> | undefined;
695
- }, {
696
- resource: string;
697
- matcher: "exact" | "prefix" | "regex";
698
- constraints?: Record<string, any> | undefined;
699
- }>, "many">;
700
- }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
701
- /** Optional budget constraint */
702
- budget: z.ZodOptional<z.ZodObject<{
703
- /** Unit of the budget */
704
- unit: z.ZodEnum<["USD", "ops", "points"]>;
705
- /** Cap/limit for the budget */
706
- cap: z.ZodNumber;
707
- /** Optional time window for the budget */
708
- window: z.ZodOptional<z.ZodObject<{
709
- /** Type of window (rolling or fixed) */
710
- kind: z.ZodEnum<["rolling", "fixed"]>;
711
- /** Duration in seconds */
712
- durationSec: z.ZodNumber;
713
- }, "strip", z.ZodTypeAny, {
714
- kind: "rolling" | "fixed";
715
- durationSec: number;
716
- }, {
717
- kind: "rolling" | "fixed";
718
- durationSec: number;
719
- }>>;
720
- }, "strip", z.ZodTypeAny, {
721
- unit: "USD" | "ops" | "points";
722
- cap: number;
723
- window?: {
724
- kind: "rolling" | "fixed";
725
- durationSec: number;
726
- } | undefined;
727
- }, {
728
- unit: "USD" | "ops" | "points";
729
- cap: number;
730
- window?: {
731
- kind: "rolling" | "fixed";
732
- durationSec: number;
733
- } | undefined;
734
- }>>;
735
- /** Required: at least one scope */
736
- scopes: z.ZodArray<z.ZodObject<{
737
- /** Resource identifier (e.g., "api:users", "data:emails") */
738
- resource: z.ZodString;
739
- /** How to match the resource */
740
- matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
741
- /** Optional additional constraints on this scope */
742
- constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
743
- }, "strip", z.ZodTypeAny, {
744
- resource: string;
745
- matcher: "exact" | "prefix" | "regex";
746
- constraints?: Record<string, any> | undefined;
747
- }, {
748
- resource: string;
749
- matcher: "exact" | "prefix" | "regex";
750
- constraints?: Record<string, any> | undefined;
751
- }>, "many">;
752
- }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
753
- /** Optional budget constraint */
754
- budget: z.ZodOptional<z.ZodObject<{
755
- /** Unit of the budget */
756
- unit: z.ZodEnum<["USD", "ops", "points"]>;
757
- /** Cap/limit for the budget */
758
- cap: z.ZodNumber;
759
- /** Optional time window for the budget */
760
- window: z.ZodOptional<z.ZodObject<{
761
- /** Type of window (rolling or fixed) */
762
- kind: z.ZodEnum<["rolling", "fixed"]>;
763
- /** Duration in seconds */
764
- durationSec: z.ZodNumber;
765
- }, "strip", z.ZodTypeAny, {
766
- kind: "rolling" | "fixed";
767
- durationSec: number;
768
- }, {
769
- kind: "rolling" | "fixed";
770
- durationSec: number;
771
- }>>;
772
- }, "strip", z.ZodTypeAny, {
773
- unit: "USD" | "ops" | "points";
774
- cap: number;
775
- window?: {
776
- kind: "rolling" | "fixed";
777
- durationSec: number;
778
- } | undefined;
779
- }, {
780
- unit: "USD" | "ops" | "points";
781
- cap: number;
782
- window?: {
783
- kind: "rolling" | "fixed";
784
- durationSec: number;
785
- } | undefined;
786
- }>>;
787
- /** Required: at least one scope */
788
- scopes: z.ZodArray<z.ZodObject<{
789
- /** Resource identifier (e.g., "api:users", "data:emails") */
790
- resource: z.ZodString;
791
- /** How to match the resource */
792
- matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
793
- /** Optional additional constraints on this scope */
794
- constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
795
- }, "strip", z.ZodTypeAny, {
796
- resource: string;
797
- matcher: "exact" | "prefix" | "regex";
798
- constraints?: Record<string, any> | undefined;
799
- }, {
800
- resource: string;
801
- matcher: "exact" | "prefix" | "regex";
802
- constraints?: Record<string, any> | undefined;
803
- }>, "many">;
804
- }, z.ZodTypeAny, "passthrough">>>;
805
- }, z.ZodTypeAny, "passthrough">, z.objectOutputType<{
806
- /** Not valid before (Unix timestamp in seconds) */
807
- notBefore: z.ZodOptional<z.ZodNumber>;
808
- /** Not valid after (Unix timestamp in seconds) */
809
- notAfter: z.ZodOptional<z.ZodNumber>;
810
- /** Simple scopes array (for Phase 1 bouncer - simplified model) */
811
- scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
812
- /**
813
- * Optional target server DID(s) for this delegation
814
- * If omitted, delegation is valid on any server accepting the scopes
815
- * If specified, delegation is only valid on the specified server(s)
816
- */
817
- audience: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>>;
818
- /** CRISP-specific constraints (full model) */
819
- crisp: z.ZodOptional<z.ZodObject<{
820
- /** Optional budget constraint */
821
- budget: z.ZodOptional<z.ZodObject<{
822
- /** Unit of the budget */
823
- unit: z.ZodEnum<["USD", "ops", "points"]>;
824
- /** Cap/limit for the budget */
825
- cap: z.ZodNumber;
826
- /** Optional time window for the budget */
827
- window: z.ZodOptional<z.ZodObject<{
828
- /** Type of window (rolling or fixed) */
829
- kind: z.ZodEnum<["rolling", "fixed"]>;
830
- /** Duration in seconds */
831
- durationSec: z.ZodNumber;
832
- }, "strip", z.ZodTypeAny, {
833
- kind: "rolling" | "fixed";
834
- durationSec: number;
835
- }, {
836
- kind: "rolling" | "fixed";
837
- durationSec: number;
838
- }>>;
839
- }, "strip", z.ZodTypeAny, {
840
- unit: "USD" | "ops" | "points";
841
- cap: number;
842
- window?: {
843
- kind: "rolling" | "fixed";
844
- durationSec: number;
845
- } | undefined;
846
- }, {
847
- unit: "USD" | "ops" | "points";
848
- cap: number;
849
- window?: {
850
- kind: "rolling" | "fixed";
851
- durationSec: number;
852
- } | undefined;
853
- }>>;
854
- /** Required: at least one scope */
855
- scopes: z.ZodArray<z.ZodObject<{
856
- /** Resource identifier (e.g., "api:users", "data:emails") */
857
- resource: z.ZodString;
858
- /** How to match the resource */
859
- matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
860
- /** Optional additional constraints on this scope */
861
- constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
862
- }, "strip", z.ZodTypeAny, {
863
- resource: string;
864
- matcher: "exact" | "prefix" | "regex";
865
- constraints?: Record<string, any> | undefined;
866
- }, {
867
- resource: string;
868
- matcher: "exact" | "prefix" | "regex";
869
- constraints?: Record<string, any> | undefined;
870
- }>, "many">;
871
- }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
872
- /** Optional budget constraint */
873
- budget: z.ZodOptional<z.ZodObject<{
874
- /** Unit of the budget */
875
- unit: z.ZodEnum<["USD", "ops", "points"]>;
876
- /** Cap/limit for the budget */
877
- cap: z.ZodNumber;
878
- /** Optional time window for the budget */
879
- window: z.ZodOptional<z.ZodObject<{
880
- /** Type of window (rolling or fixed) */
881
- kind: z.ZodEnum<["rolling", "fixed"]>;
882
- /** Duration in seconds */
883
- durationSec: z.ZodNumber;
884
- }, "strip", z.ZodTypeAny, {
885
- kind: "rolling" | "fixed";
886
- durationSec: number;
887
- }, {
888
- kind: "rolling" | "fixed";
889
- durationSec: number;
890
- }>>;
891
- }, "strip", z.ZodTypeAny, {
892
- unit: "USD" | "ops" | "points";
893
- cap: number;
894
- window?: {
895
- kind: "rolling" | "fixed";
896
- durationSec: number;
897
- } | undefined;
898
- }, {
899
- unit: "USD" | "ops" | "points";
900
- cap: number;
901
- window?: {
902
- kind: "rolling" | "fixed";
903
- durationSec: number;
904
- } | undefined;
905
- }>>;
906
- /** Required: at least one scope */
907
- scopes: z.ZodArray<z.ZodObject<{
908
- /** Resource identifier (e.g., "api:users", "data:emails") */
909
- resource: z.ZodString;
910
- /** How to match the resource */
911
- matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
912
- /** Optional additional constraints on this scope */
913
- constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
914
- }, "strip", z.ZodTypeAny, {
915
- resource: string;
916
- matcher: "exact" | "prefix" | "regex";
917
- constraints?: Record<string, any> | undefined;
918
- }, {
919
- resource: string;
920
- matcher: "exact" | "prefix" | "regex";
921
- constraints?: Record<string, any> | undefined;
922
- }>, "many">;
923
- }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
924
- /** Optional budget constraint */
925
- budget: z.ZodOptional<z.ZodObject<{
926
- /** Unit of the budget */
927
- unit: z.ZodEnum<["USD", "ops", "points"]>;
928
- /** Cap/limit for the budget */
929
- cap: z.ZodNumber;
930
- /** Optional time window for the budget */
931
- window: z.ZodOptional<z.ZodObject<{
932
- /** Type of window (rolling or fixed) */
933
- kind: z.ZodEnum<["rolling", "fixed"]>;
934
- /** Duration in seconds */
935
- durationSec: z.ZodNumber;
936
- }, "strip", z.ZodTypeAny, {
937
- kind: "rolling" | "fixed";
938
- durationSec: number;
939
- }, {
940
- kind: "rolling" | "fixed";
941
- durationSec: number;
942
- }>>;
943
- }, "strip", z.ZodTypeAny, {
944
- unit: "USD" | "ops" | "points";
945
- cap: number;
946
- window?: {
947
- kind: "rolling" | "fixed";
948
- durationSec: number;
949
- } | undefined;
950
- }, {
951
- unit: "USD" | "ops" | "points";
952
- cap: number;
953
- window?: {
954
- kind: "rolling" | "fixed";
955
- durationSec: number;
956
- } | undefined;
957
- }>>;
958
- /** Required: at least one scope */
959
- scopes: z.ZodArray<z.ZodObject<{
960
- /** Resource identifier (e.g., "api:users", "data:emails") */
961
- resource: z.ZodString;
962
- /** How to match the resource */
963
- matcher: z.ZodEnum<["exact", "prefix", "regex"]>;
964
- /** Optional additional constraints on this scope */
965
- constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
966
- }, "strip", z.ZodTypeAny, {
967
- resource: string;
968
- matcher: "exact" | "prefix" | "regex";
969
- constraints?: Record<string, any> | undefined;
970
- }, {
971
- resource: string;
972
- matcher: "exact" | "prefix" | "regex";
973
- constraints?: Record<string, any> | undefined;
974
- }>, "many">;
975
- }, z.ZodTypeAny, "passthrough">>>;
976
- }, z.ZodTypeAny, "passthrough">>;
977
- /**
978
- * Check if constraints have a valid time range
979
- *
980
- * @param constraints - The constraints to check
981
- * @returns true if time range is valid or no time range specified
982
- */
983
- export declare function hasValidTimeRange(constraints: DelegationConstraints): boolean;
984
- /**
985
- * Check if child constraints are within parent constraints
986
- *
987
- * This performs basic structural checks. Full chain validation
988
- * requires runtime implementation.
989
- *
990
- * @param parent - Parent delegation constraints
991
- * @param child - Child delegation constraints
992
- * @returns true if child is within parent bounds
993
- */
994
- export declare function areChildConstraintsValid(parent: DelegationConstraints, child: DelegationConstraints): boolean;
995
- /**
996
- * Check if a resource matches a scope
997
- *
998
- * @param resource - The resource to check
999
- * @param scope - The scope to match against
1000
- * @returns true if resource matches scope
1001
- */
1002
- export declare function doesResourceMatchScope(resource: string, scope: CrispScope): boolean;
1003
- /**
1004
- * Constants
1005
- */
1006
- /**
1007
- * Supported currency types
1008
- */
1009
- export declare const SUPPORTED_CURRENCIES: Currency[];
1010
- /**
1011
- * Supported scope matchers
1012
- */
1013
- export declare const SUPPORTED_MATCHERS: ScopeMatcher[];
1014
- /**
1015
- * Maximum reasonable budget cap (for validation)
1016
- */
1017
- export declare const MAX_BUDGET_CAP: number;
1018
- /**
1019
- * Maximum reasonable window duration (10 years in seconds)
1020
- */
1021
- export declare const MAX_WINDOW_DURATION_SEC: number;
1022
- //# sourceMappingURL=constraints.d.ts.map