@kya-os/contracts 1.7.15 → 1.7.16
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/agentshield-api/schemas.d.ts +267 -183
- package/dist/agentshield-api/schemas.js +8 -1
- package/dist/agentshield-api/types.d.ts +5 -1
- package/dist/dashboard-config/schemas.d.ts +3229 -2181
- package/dist/delegation/schemas.d.ts +790 -244
- package/dist/delegation/schemas.js +68 -3
- package/dist/tool-protection/index.d.ts +204 -30
- package/dist/tool-protection/index.js +24 -0
- package/package.json +1 -1
|
@@ -15,7 +15,7 @@
|
|
|
15
15
|
* Python Reference: Delegation-Documentation.md, Delegation-Service.md
|
|
16
16
|
*/
|
|
17
17
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
18
|
-
exports.DelegationCredentialSchema = exports.DelegationCredentialSubjectSchema = exports.DELEGATION_CREDENTIAL_CONTEXT = exports.DELEGATION_STATUSES = exports.DEFAULT_DELEGATION_STATUS = exports.MAX_DELEGATION_CHAIN_DEPTH = exports.DelegationVerificationResultSchema = exports.DelegationCreationRequestSchema = exports.DelegationChainSchema = exports.DelegationChainEntrySchema = exports.DelegationRecordSchema = exports.DelegationStatusSchema = void 0;
|
|
18
|
+
exports.DelegationCredentialSchema = exports.DelegationCredentialSubjectSchema = exports.DELEGATION_CREDENTIAL_CONTEXT = exports.DELEGATION_STATUSES = exports.DEFAULT_DELEGATION_STATUS = exports.MAX_DELEGATION_CHAIN_DEPTH = exports.DelegationVerificationResultSchema = exports.DelegationVerificationDetailsSchema = exports.AuthorizationInfoSchema = exports.DelegationCreationRequestSchema = exports.DelegationChainSchema = exports.DelegationChainEntrySchema = exports.DelegationRecordSchema = exports.DelegationStatusSchema = void 0;
|
|
19
19
|
exports.validateDelegationRecord = validateDelegationRecord;
|
|
20
20
|
exports.validateDelegationChain = validateDelegationChain;
|
|
21
21
|
exports.isDelegationExpired = isDelegationExpired;
|
|
@@ -136,6 +136,71 @@ exports.DelegationCreationRequestSchema = zod_1.z.object({
|
|
|
136
136
|
/** Optional VC ID (if not provided, will be created) */
|
|
137
137
|
vcId: zod_1.z.string().optional(),
|
|
138
138
|
});
|
|
139
|
+
/**
|
|
140
|
+
* Authorization Info Schema
|
|
141
|
+
*
|
|
142
|
+
* Captures HOW the user verified their identity during consent.
|
|
143
|
+
* This is runtime verification metadata, separate from tool requirements.
|
|
144
|
+
*
|
|
145
|
+
* Note: This schema describes authorization info in verification results,
|
|
146
|
+
* not tool protection requirements (which use AuthorizationRequirementSchema).
|
|
147
|
+
*/
|
|
148
|
+
exports.AuthorizationInfoSchema = zod_1.z.object({
|
|
149
|
+
/**
|
|
150
|
+
* The authorization method used during consent
|
|
151
|
+
*
|
|
152
|
+
* - 'oauth2': OAuth 2.0 provider authentication (canonical)
|
|
153
|
+
* - 'oauth': Deprecated, use 'oauth2' (will be removed in v2.0.0)
|
|
154
|
+
* - 'password': Password/credential authentication
|
|
155
|
+
* - 'credential': Deprecated, use 'verifiable_credential' (will be removed in v2.0.0)
|
|
156
|
+
* - 'verifiable_credential': W3C Verifiable Credential
|
|
157
|
+
* - 'mdl': Mobile Driver's License
|
|
158
|
+
* - 'idv': Identity Verification
|
|
159
|
+
* - 'webauthn': WebAuthn/Passkey authentication
|
|
160
|
+
* - 'siwe': Sign-In with Ethereum (EIP-4361)
|
|
161
|
+
* - 'none': Consent-only (no authentication)
|
|
162
|
+
*/
|
|
163
|
+
type: zod_1.z.enum([
|
|
164
|
+
'oauth',
|
|
165
|
+
'oauth2',
|
|
166
|
+
'password',
|
|
167
|
+
'credential',
|
|
168
|
+
'verifiable_credential',
|
|
169
|
+
'mdl',
|
|
170
|
+
'idv',
|
|
171
|
+
'webauthn',
|
|
172
|
+
'siwe',
|
|
173
|
+
'none',
|
|
174
|
+
]),
|
|
175
|
+
/** OAuth/Password/IDV provider name (e.g., 'github', 'google', 'credentials') */
|
|
176
|
+
provider: zod_1.z.string().optional(),
|
|
177
|
+
/** Credential type for verifiable_credential or mdl auth */
|
|
178
|
+
credentialType: zod_1.z.string().optional(),
|
|
179
|
+
/** MDL issuer DID or identifier */
|
|
180
|
+
issuer: zod_1.z.string().optional(),
|
|
181
|
+
/** IDV verification level */
|
|
182
|
+
verificationLevel: zod_1.z.enum(['basic', 'enhanced', 'loa3']).optional(),
|
|
183
|
+
/** WebAuthn Relying Party ID */
|
|
184
|
+
rpId: zod_1.z.string().optional(),
|
|
185
|
+
/** WebAuthn user verification level */
|
|
186
|
+
userVerification: zod_1.z.enum(['required', 'preferred', 'discouraged']).optional(),
|
|
187
|
+
/** SIWE Ethereum chain ID */
|
|
188
|
+
chainId: zod_1.z.number().optional(),
|
|
189
|
+
/** SIWE domain */
|
|
190
|
+
domain: zod_1.z.string().optional(),
|
|
191
|
+
/** Timestamp when authorization was verified (milliseconds since epoch) */
|
|
192
|
+
verifiedAt: zod_1.z.number().int().positive().optional(),
|
|
193
|
+
});
|
|
194
|
+
/**
|
|
195
|
+
* Delegation Verification Details Schema
|
|
196
|
+
*
|
|
197
|
+
* Typed details object for verification results
|
|
198
|
+
*/
|
|
199
|
+
exports.DelegationVerificationDetailsSchema = zod_1.z.object({
|
|
200
|
+
/** Authorization info - how identity was verified during consent */
|
|
201
|
+
authorization: exports.AuthorizationInfoSchema.optional(),
|
|
202
|
+
/** Additional metadata fields (extensible) */
|
|
203
|
+
}).passthrough();
|
|
139
204
|
/**
|
|
140
205
|
* Delegation Verification Result
|
|
141
206
|
*
|
|
@@ -156,8 +221,8 @@ exports.DelegationVerificationResultSchema = zod_1.z.object({
|
|
|
156
221
|
chainValid: zod_1.z.boolean().optional(),
|
|
157
222
|
/** Timestamp of verification */
|
|
158
223
|
verifiedAt: zod_1.z.number().int().positive(),
|
|
159
|
-
/**
|
|
160
|
-
details:
|
|
224
|
+
/** Verification details including authorization info */
|
|
225
|
+
details: exports.DelegationVerificationDetailsSchema.optional(),
|
|
161
226
|
});
|
|
162
227
|
/**
|
|
163
228
|
* Validation Helpers
|
|
@@ -51,6 +51,16 @@ export type AuthorizationRequirement = {
|
|
|
51
51
|
type: 'credential';
|
|
52
52
|
credentialType: string;
|
|
53
53
|
issuer?: string;
|
|
54
|
+
} | {
|
|
55
|
+
/** WebAuthn/Passkey authentication */
|
|
56
|
+
type: 'webauthn';
|
|
57
|
+
rpId?: string;
|
|
58
|
+
userVerification?: 'required' | 'preferred' | 'discouraged';
|
|
59
|
+
} | {
|
|
60
|
+
/** Sign-In with Ethereum (EIP-4361) */
|
|
61
|
+
type: 'siwe';
|
|
62
|
+
chainId?: number;
|
|
63
|
+
domain?: string;
|
|
54
64
|
} | {
|
|
55
65
|
type: 'none';
|
|
56
66
|
};
|
|
@@ -64,6 +74,10 @@ export declare const AUTHORIZATION_TYPES: {
|
|
|
64
74
|
readonly MDL: "mdl";
|
|
65
75
|
readonly IDV: "idv";
|
|
66
76
|
readonly VERIFIABLE_CREDENTIAL: "verifiable_credential";
|
|
77
|
+
/** WebAuthn/Passkey authentication */
|
|
78
|
+
readonly WEBAUTHN: "webauthn";
|
|
79
|
+
/** Sign-In with Ethereum (EIP-4361) */
|
|
80
|
+
readonly SIWE: "siwe";
|
|
67
81
|
readonly NONE: "none";
|
|
68
82
|
};
|
|
69
83
|
export type AuthorizationType = (typeof AUTHORIZATION_TYPES)[keyof typeof AUTHORIZATION_TYPES];
|
|
@@ -279,6 +293,30 @@ export declare const AuthorizationRequirementSchema: z.ZodDiscriminatedUnion<"ty
|
|
|
279
293
|
type: "credential";
|
|
280
294
|
credentialType: string;
|
|
281
295
|
issuer?: string | undefined;
|
|
296
|
+
}>, z.ZodObject<{
|
|
297
|
+
type: z.ZodLiteral<"webauthn">;
|
|
298
|
+
rpId: z.ZodOptional<z.ZodString>;
|
|
299
|
+
userVerification: z.ZodOptional<z.ZodEnum<["required", "preferred", "discouraged"]>>;
|
|
300
|
+
}, "strip", z.ZodTypeAny, {
|
|
301
|
+
type: "webauthn";
|
|
302
|
+
rpId?: string | undefined;
|
|
303
|
+
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
304
|
+
}, {
|
|
305
|
+
type: "webauthn";
|
|
306
|
+
rpId?: string | undefined;
|
|
307
|
+
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
308
|
+
}>, z.ZodObject<{
|
|
309
|
+
type: z.ZodLiteral<"siwe">;
|
|
310
|
+
chainId: z.ZodOptional<z.ZodNumber>;
|
|
311
|
+
domain: z.ZodOptional<z.ZodString>;
|
|
312
|
+
}, "strip", z.ZodTypeAny, {
|
|
313
|
+
type: "siwe";
|
|
314
|
+
chainId?: number | undefined;
|
|
315
|
+
domain?: string | undefined;
|
|
316
|
+
}, {
|
|
317
|
+
type: "siwe";
|
|
318
|
+
chainId?: number | undefined;
|
|
319
|
+
domain?: string | undefined;
|
|
282
320
|
}>, z.ZodObject<{
|
|
283
321
|
type: z.ZodLiteral<"none">;
|
|
284
322
|
}, "strip", z.ZodTypeAny, {
|
|
@@ -372,6 +410,30 @@ export declare const ToolProtectionSchema: z.ZodObject<{
|
|
|
372
410
|
type: "credential";
|
|
373
411
|
credentialType: string;
|
|
374
412
|
issuer?: string | undefined;
|
|
413
|
+
}>, z.ZodObject<{
|
|
414
|
+
type: z.ZodLiteral<"webauthn">;
|
|
415
|
+
rpId: z.ZodOptional<z.ZodString>;
|
|
416
|
+
userVerification: z.ZodOptional<z.ZodEnum<["required", "preferred", "discouraged"]>>;
|
|
417
|
+
}, "strip", z.ZodTypeAny, {
|
|
418
|
+
type: "webauthn";
|
|
419
|
+
rpId?: string | undefined;
|
|
420
|
+
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
421
|
+
}, {
|
|
422
|
+
type: "webauthn";
|
|
423
|
+
rpId?: string | undefined;
|
|
424
|
+
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
425
|
+
}>, z.ZodObject<{
|
|
426
|
+
type: z.ZodLiteral<"siwe">;
|
|
427
|
+
chainId: z.ZodOptional<z.ZodNumber>;
|
|
428
|
+
domain: z.ZodOptional<z.ZodString>;
|
|
429
|
+
}, "strip", z.ZodTypeAny, {
|
|
430
|
+
type: "siwe";
|
|
431
|
+
chainId?: number | undefined;
|
|
432
|
+
domain?: string | undefined;
|
|
433
|
+
}, {
|
|
434
|
+
type: "siwe";
|
|
435
|
+
chainId?: number | undefined;
|
|
436
|
+
domain?: string | undefined;
|
|
375
437
|
}>, z.ZodObject<{
|
|
376
438
|
type: z.ZodLiteral<"none">;
|
|
377
439
|
}, "strip", z.ZodTypeAny, {
|
|
@@ -380,10 +442,8 @@ export declare const ToolProtectionSchema: z.ZodObject<{
|
|
|
380
442
|
type: "none";
|
|
381
443
|
}>]>>;
|
|
382
444
|
}, "strip", z.ZodTypeAny, {
|
|
383
|
-
requiredScopes: string[];
|
|
384
445
|
requiresDelegation: boolean;
|
|
385
|
-
|
|
386
|
-
oauthProvider?: string | undefined;
|
|
446
|
+
requiredScopes: string[];
|
|
387
447
|
authorization?: {
|
|
388
448
|
type: "oauth";
|
|
389
449
|
provider: string;
|
|
@@ -411,14 +471,22 @@ export declare const ToolProtectionSchema: z.ZodObject<{
|
|
|
411
471
|
type: "credential";
|
|
412
472
|
credentialType: string;
|
|
413
473
|
issuer?: string | undefined;
|
|
474
|
+
} | {
|
|
475
|
+
type: "webauthn";
|
|
476
|
+
rpId?: string | undefined;
|
|
477
|
+
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
478
|
+
} | {
|
|
479
|
+
type: "siwe";
|
|
480
|
+
chainId?: number | undefined;
|
|
481
|
+
domain?: string | undefined;
|
|
414
482
|
} | {
|
|
415
483
|
type: "none";
|
|
416
484
|
} | undefined;
|
|
417
|
-
}, {
|
|
418
|
-
requiredScopes: string[];
|
|
419
|
-
requiresDelegation: boolean;
|
|
420
485
|
riskLevel?: "low" | "medium" | "high" | "critical" | undefined;
|
|
421
486
|
oauthProvider?: string | undefined;
|
|
487
|
+
}, {
|
|
488
|
+
requiresDelegation: boolean;
|
|
489
|
+
requiredScopes: string[];
|
|
422
490
|
authorization?: {
|
|
423
491
|
type: "oauth";
|
|
424
492
|
provider: string;
|
|
@@ -446,9 +514,19 @@ export declare const ToolProtectionSchema: z.ZodObject<{
|
|
|
446
514
|
type: "credential";
|
|
447
515
|
credentialType: string;
|
|
448
516
|
issuer?: string | undefined;
|
|
517
|
+
} | {
|
|
518
|
+
type: "webauthn";
|
|
519
|
+
rpId?: string | undefined;
|
|
520
|
+
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
521
|
+
} | {
|
|
522
|
+
type: "siwe";
|
|
523
|
+
chainId?: number | undefined;
|
|
524
|
+
domain?: string | undefined;
|
|
449
525
|
} | {
|
|
450
526
|
type: "none";
|
|
451
527
|
} | undefined;
|
|
528
|
+
riskLevel?: "low" | "medium" | "high" | "critical" | undefined;
|
|
529
|
+
oauthProvider?: string | undefined;
|
|
452
530
|
}>;
|
|
453
531
|
export declare const ToolProtectionMapSchema: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
454
532
|
requiresDelegation: z.ZodBoolean;
|
|
@@ -536,6 +614,30 @@ export declare const ToolProtectionMapSchema: z.ZodRecord<z.ZodString, z.ZodObje
|
|
|
536
614
|
type: "credential";
|
|
537
615
|
credentialType: string;
|
|
538
616
|
issuer?: string | undefined;
|
|
617
|
+
}>, z.ZodObject<{
|
|
618
|
+
type: z.ZodLiteral<"webauthn">;
|
|
619
|
+
rpId: z.ZodOptional<z.ZodString>;
|
|
620
|
+
userVerification: z.ZodOptional<z.ZodEnum<["required", "preferred", "discouraged"]>>;
|
|
621
|
+
}, "strip", z.ZodTypeAny, {
|
|
622
|
+
type: "webauthn";
|
|
623
|
+
rpId?: string | undefined;
|
|
624
|
+
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
625
|
+
}, {
|
|
626
|
+
type: "webauthn";
|
|
627
|
+
rpId?: string | undefined;
|
|
628
|
+
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
629
|
+
}>, z.ZodObject<{
|
|
630
|
+
type: z.ZodLiteral<"siwe">;
|
|
631
|
+
chainId: z.ZodOptional<z.ZodNumber>;
|
|
632
|
+
domain: z.ZodOptional<z.ZodString>;
|
|
633
|
+
}, "strip", z.ZodTypeAny, {
|
|
634
|
+
type: "siwe";
|
|
635
|
+
chainId?: number | undefined;
|
|
636
|
+
domain?: string | undefined;
|
|
637
|
+
}, {
|
|
638
|
+
type: "siwe";
|
|
639
|
+
chainId?: number | undefined;
|
|
640
|
+
domain?: string | undefined;
|
|
539
641
|
}>, z.ZodObject<{
|
|
540
642
|
type: z.ZodLiteral<"none">;
|
|
541
643
|
}, "strip", z.ZodTypeAny, {
|
|
@@ -544,10 +646,8 @@ export declare const ToolProtectionMapSchema: z.ZodRecord<z.ZodString, z.ZodObje
|
|
|
544
646
|
type: "none";
|
|
545
647
|
}>]>>;
|
|
546
648
|
}, "strip", z.ZodTypeAny, {
|
|
547
|
-
requiredScopes: string[];
|
|
548
649
|
requiresDelegation: boolean;
|
|
549
|
-
|
|
550
|
-
oauthProvider?: string | undefined;
|
|
650
|
+
requiredScopes: string[];
|
|
551
651
|
authorization?: {
|
|
552
652
|
type: "oauth";
|
|
553
653
|
provider: string;
|
|
@@ -575,14 +675,22 @@ export declare const ToolProtectionMapSchema: z.ZodRecord<z.ZodString, z.ZodObje
|
|
|
575
675
|
type: "credential";
|
|
576
676
|
credentialType: string;
|
|
577
677
|
issuer?: string | undefined;
|
|
678
|
+
} | {
|
|
679
|
+
type: "webauthn";
|
|
680
|
+
rpId?: string | undefined;
|
|
681
|
+
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
682
|
+
} | {
|
|
683
|
+
type: "siwe";
|
|
684
|
+
chainId?: number | undefined;
|
|
685
|
+
domain?: string | undefined;
|
|
578
686
|
} | {
|
|
579
687
|
type: "none";
|
|
580
688
|
} | undefined;
|
|
581
|
-
}, {
|
|
582
|
-
requiredScopes: string[];
|
|
583
|
-
requiresDelegation: boolean;
|
|
584
689
|
riskLevel?: "low" | "medium" | "high" | "critical" | undefined;
|
|
585
690
|
oauthProvider?: string | undefined;
|
|
691
|
+
}, {
|
|
692
|
+
requiresDelegation: boolean;
|
|
693
|
+
requiredScopes: string[];
|
|
586
694
|
authorization?: {
|
|
587
695
|
type: "oauth";
|
|
588
696
|
provider: string;
|
|
@@ -610,9 +718,19 @@ export declare const ToolProtectionMapSchema: z.ZodRecord<z.ZodString, z.ZodObje
|
|
|
610
718
|
type: "credential";
|
|
611
719
|
credentialType: string;
|
|
612
720
|
issuer?: string | undefined;
|
|
721
|
+
} | {
|
|
722
|
+
type: "webauthn";
|
|
723
|
+
rpId?: string | undefined;
|
|
724
|
+
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
725
|
+
} | {
|
|
726
|
+
type: "siwe";
|
|
727
|
+
chainId?: number | undefined;
|
|
728
|
+
domain?: string | undefined;
|
|
613
729
|
} | {
|
|
614
730
|
type: "none";
|
|
615
731
|
} | undefined;
|
|
732
|
+
riskLevel?: "low" | "medium" | "high" | "critical" | undefined;
|
|
733
|
+
oauthProvider?: string | undefined;
|
|
616
734
|
}>>;
|
|
617
735
|
export declare const ToolProtectionResponseSchema: z.ZodObject<{
|
|
618
736
|
toolProtections: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
@@ -701,6 +819,30 @@ export declare const ToolProtectionResponseSchema: z.ZodObject<{
|
|
|
701
819
|
type: "credential";
|
|
702
820
|
credentialType: string;
|
|
703
821
|
issuer?: string | undefined;
|
|
822
|
+
}>, z.ZodObject<{
|
|
823
|
+
type: z.ZodLiteral<"webauthn">;
|
|
824
|
+
rpId: z.ZodOptional<z.ZodString>;
|
|
825
|
+
userVerification: z.ZodOptional<z.ZodEnum<["required", "preferred", "discouraged"]>>;
|
|
826
|
+
}, "strip", z.ZodTypeAny, {
|
|
827
|
+
type: "webauthn";
|
|
828
|
+
rpId?: string | undefined;
|
|
829
|
+
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
830
|
+
}, {
|
|
831
|
+
type: "webauthn";
|
|
832
|
+
rpId?: string | undefined;
|
|
833
|
+
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
834
|
+
}>, z.ZodObject<{
|
|
835
|
+
type: z.ZodLiteral<"siwe">;
|
|
836
|
+
chainId: z.ZodOptional<z.ZodNumber>;
|
|
837
|
+
domain: z.ZodOptional<z.ZodString>;
|
|
838
|
+
}, "strip", z.ZodTypeAny, {
|
|
839
|
+
type: "siwe";
|
|
840
|
+
chainId?: number | undefined;
|
|
841
|
+
domain?: string | undefined;
|
|
842
|
+
}, {
|
|
843
|
+
type: "siwe";
|
|
844
|
+
chainId?: number | undefined;
|
|
845
|
+
domain?: string | undefined;
|
|
704
846
|
}>, z.ZodObject<{
|
|
705
847
|
type: z.ZodLiteral<"none">;
|
|
706
848
|
}, "strip", z.ZodTypeAny, {
|
|
@@ -709,10 +851,8 @@ export declare const ToolProtectionResponseSchema: z.ZodObject<{
|
|
|
709
851
|
type: "none";
|
|
710
852
|
}>]>>;
|
|
711
853
|
}, "strip", z.ZodTypeAny, {
|
|
712
|
-
requiredScopes: string[];
|
|
713
854
|
requiresDelegation: boolean;
|
|
714
|
-
|
|
715
|
-
oauthProvider?: string | undefined;
|
|
855
|
+
requiredScopes: string[];
|
|
716
856
|
authorization?: {
|
|
717
857
|
type: "oauth";
|
|
718
858
|
provider: string;
|
|
@@ -740,14 +880,22 @@ export declare const ToolProtectionResponseSchema: z.ZodObject<{
|
|
|
740
880
|
type: "credential";
|
|
741
881
|
credentialType: string;
|
|
742
882
|
issuer?: string | undefined;
|
|
883
|
+
} | {
|
|
884
|
+
type: "webauthn";
|
|
885
|
+
rpId?: string | undefined;
|
|
886
|
+
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
887
|
+
} | {
|
|
888
|
+
type: "siwe";
|
|
889
|
+
chainId?: number | undefined;
|
|
890
|
+
domain?: string | undefined;
|
|
743
891
|
} | {
|
|
744
892
|
type: "none";
|
|
745
893
|
} | undefined;
|
|
746
|
-
}, {
|
|
747
|
-
requiredScopes: string[];
|
|
748
|
-
requiresDelegation: boolean;
|
|
749
894
|
riskLevel?: "low" | "medium" | "high" | "critical" | undefined;
|
|
750
895
|
oauthProvider?: string | undefined;
|
|
896
|
+
}, {
|
|
897
|
+
requiresDelegation: boolean;
|
|
898
|
+
requiredScopes: string[];
|
|
751
899
|
authorization?: {
|
|
752
900
|
type: "oauth";
|
|
753
901
|
provider: string;
|
|
@@ -775,29 +923,37 @@ export declare const ToolProtectionResponseSchema: z.ZodObject<{
|
|
|
775
923
|
type: "credential";
|
|
776
924
|
credentialType: string;
|
|
777
925
|
issuer?: string | undefined;
|
|
926
|
+
} | {
|
|
927
|
+
type: "webauthn";
|
|
928
|
+
rpId?: string | undefined;
|
|
929
|
+
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
930
|
+
} | {
|
|
931
|
+
type: "siwe";
|
|
932
|
+
chainId?: number | undefined;
|
|
933
|
+
domain?: string | undefined;
|
|
778
934
|
} | {
|
|
779
935
|
type: "none";
|
|
780
936
|
} | undefined;
|
|
937
|
+
riskLevel?: "low" | "medium" | "high" | "critical" | undefined;
|
|
938
|
+
oauthProvider?: string | undefined;
|
|
781
939
|
}>>;
|
|
782
940
|
metadata: z.ZodOptional<z.ZodObject<{
|
|
783
941
|
lastUpdated: z.ZodOptional<z.ZodString>;
|
|
784
942
|
version: z.ZodOptional<z.ZodString>;
|
|
785
943
|
source: z.ZodOptional<z.ZodString>;
|
|
786
944
|
}, "strip", z.ZodTypeAny, {
|
|
787
|
-
lastUpdated?: string | undefined;
|
|
788
945
|
version?: string | undefined;
|
|
789
946
|
source?: string | undefined;
|
|
790
|
-
}, {
|
|
791
947
|
lastUpdated?: string | undefined;
|
|
948
|
+
}, {
|
|
792
949
|
version?: string | undefined;
|
|
793
950
|
source?: string | undefined;
|
|
951
|
+
lastUpdated?: string | undefined;
|
|
794
952
|
}>>;
|
|
795
953
|
}, "strip", z.ZodTypeAny, {
|
|
796
954
|
toolProtections: Record<string, {
|
|
797
|
-
requiredScopes: string[];
|
|
798
955
|
requiresDelegation: boolean;
|
|
799
|
-
|
|
800
|
-
oauthProvider?: string | undefined;
|
|
956
|
+
requiredScopes: string[];
|
|
801
957
|
authorization?: {
|
|
802
958
|
type: "oauth";
|
|
803
959
|
provider: string;
|
|
@@ -825,21 +981,29 @@ export declare const ToolProtectionResponseSchema: z.ZodObject<{
|
|
|
825
981
|
type: "credential";
|
|
826
982
|
credentialType: string;
|
|
827
983
|
issuer?: string | undefined;
|
|
984
|
+
} | {
|
|
985
|
+
type: "webauthn";
|
|
986
|
+
rpId?: string | undefined;
|
|
987
|
+
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
988
|
+
} | {
|
|
989
|
+
type: "siwe";
|
|
990
|
+
chainId?: number | undefined;
|
|
991
|
+
domain?: string | undefined;
|
|
828
992
|
} | {
|
|
829
993
|
type: "none";
|
|
830
994
|
} | undefined;
|
|
995
|
+
riskLevel?: "low" | "medium" | "high" | "critical" | undefined;
|
|
996
|
+
oauthProvider?: string | undefined;
|
|
831
997
|
}>;
|
|
832
998
|
metadata?: {
|
|
833
|
-
lastUpdated?: string | undefined;
|
|
834
999
|
version?: string | undefined;
|
|
835
1000
|
source?: string | undefined;
|
|
1001
|
+
lastUpdated?: string | undefined;
|
|
836
1002
|
} | undefined;
|
|
837
1003
|
}, {
|
|
838
1004
|
toolProtections: Record<string, {
|
|
839
|
-
requiredScopes: string[];
|
|
840
1005
|
requiresDelegation: boolean;
|
|
841
|
-
|
|
842
|
-
oauthProvider?: string | undefined;
|
|
1006
|
+
requiredScopes: string[];
|
|
843
1007
|
authorization?: {
|
|
844
1008
|
type: "oauth";
|
|
845
1009
|
provider: string;
|
|
@@ -867,14 +1031,24 @@ export declare const ToolProtectionResponseSchema: z.ZodObject<{
|
|
|
867
1031
|
type: "credential";
|
|
868
1032
|
credentialType: string;
|
|
869
1033
|
issuer?: string | undefined;
|
|
1034
|
+
} | {
|
|
1035
|
+
type: "webauthn";
|
|
1036
|
+
rpId?: string | undefined;
|
|
1037
|
+
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
1038
|
+
} | {
|
|
1039
|
+
type: "siwe";
|
|
1040
|
+
chainId?: number | undefined;
|
|
1041
|
+
domain?: string | undefined;
|
|
870
1042
|
} | {
|
|
871
1043
|
type: "none";
|
|
872
1044
|
} | undefined;
|
|
1045
|
+
riskLevel?: "low" | "medium" | "high" | "critical" | undefined;
|
|
1046
|
+
oauthProvider?: string | undefined;
|
|
873
1047
|
}>;
|
|
874
1048
|
metadata?: {
|
|
875
|
-
lastUpdated?: string | undefined;
|
|
876
1049
|
version?: string | undefined;
|
|
877
1050
|
source?: string | undefined;
|
|
1051
|
+
lastUpdated?: string | undefined;
|
|
878
1052
|
} | undefined;
|
|
879
1053
|
}>;
|
|
880
1054
|
export declare const DelegationRequiredErrorDataSchema: z.ZodObject<{
|
|
@@ -886,15 +1060,15 @@ export declare const DelegationRequiredErrorDataSchema: z.ZodObject<{
|
|
|
886
1060
|
}, "strip", z.ZodTypeAny, {
|
|
887
1061
|
requiredScopes: string[];
|
|
888
1062
|
toolName: string;
|
|
1063
|
+
reason?: string | undefined;
|
|
889
1064
|
consentUrl?: string | undefined;
|
|
890
1065
|
authorizationUrl?: string | undefined;
|
|
891
|
-
reason?: string | undefined;
|
|
892
1066
|
}, {
|
|
893
1067
|
requiredScopes: string[];
|
|
894
1068
|
toolName: string;
|
|
1069
|
+
reason?: string | undefined;
|
|
895
1070
|
consentUrl?: string | undefined;
|
|
896
1071
|
authorizationUrl?: string | undefined;
|
|
897
|
-
reason?: string | undefined;
|
|
898
1072
|
}>;
|
|
899
1073
|
/**
|
|
900
1074
|
* Type Guards
|
|
@@ -43,6 +43,10 @@ exports.AUTHORIZATION_TYPES = {
|
|
|
43
43
|
MDL: 'mdl',
|
|
44
44
|
IDV: 'idv',
|
|
45
45
|
VERIFIABLE_CREDENTIAL: 'verifiable_credential',
|
|
46
|
+
/** WebAuthn/Passkey authentication */
|
|
47
|
+
WEBAUTHN: 'webauthn',
|
|
48
|
+
/** Sign-In with Ethereum (EIP-4361) */
|
|
49
|
+
SIWE: 'siwe',
|
|
46
50
|
NONE: 'none',
|
|
47
51
|
};
|
|
48
52
|
/**
|
|
@@ -88,6 +92,18 @@ exports.AuthorizationRequirementSchema = zod_1.z.discriminatedUnion('type', [
|
|
|
88
92
|
credentialType: zod_1.z.string(),
|
|
89
93
|
issuer: zod_1.z.string().optional(),
|
|
90
94
|
}),
|
|
95
|
+
// WebAuthn/Passkey authentication
|
|
96
|
+
zod_1.z.object({
|
|
97
|
+
type: zod_1.z.literal('webauthn'),
|
|
98
|
+
rpId: zod_1.z.string().optional(),
|
|
99
|
+
userVerification: zod_1.z.enum(['required', 'preferred', 'discouraged']).optional(),
|
|
100
|
+
}),
|
|
101
|
+
// Sign-In with Ethereum (EIP-4361)
|
|
102
|
+
zod_1.z.object({
|
|
103
|
+
type: zod_1.z.literal('siwe'),
|
|
104
|
+
chainId: zod_1.z.number().optional(),
|
|
105
|
+
domain: zod_1.z.string().optional(),
|
|
106
|
+
}),
|
|
91
107
|
zod_1.z.object({
|
|
92
108
|
type: zod_1.z.literal('none'),
|
|
93
109
|
}),
|
|
@@ -317,6 +333,10 @@ function getAuthorizationTypeLabel(auth) {
|
|
|
317
333
|
case 'credential':
|
|
318
334
|
// Deprecated: treat as verifiable_credential
|
|
319
335
|
return auth.credentialType || 'Verifiable Credential';
|
|
336
|
+
case 'webauthn':
|
|
337
|
+
return 'Passkey / WebAuthn';
|
|
338
|
+
case 'siwe':
|
|
339
|
+
return 'Sign-In with Ethereum';
|
|
320
340
|
case 'none':
|
|
321
341
|
return 'Consent Only';
|
|
322
342
|
default:
|
|
@@ -346,6 +366,10 @@ function getAuthorizationTypeKey(auth) {
|
|
|
346
366
|
case 'credential':
|
|
347
367
|
// Deprecated: treat as verifiable_credential
|
|
348
368
|
return `vc:${auth.issuer || 'any'}:${auth.credentialType}`;
|
|
369
|
+
case 'webauthn':
|
|
370
|
+
return `webauthn:${auth.rpId || 'default'}`;
|
|
371
|
+
case 'siwe':
|
|
372
|
+
return `siwe:${auth.chainId || 1}:${auth.domain || 'any'}`;
|
|
349
373
|
case 'none':
|
|
350
374
|
return 'none';
|
|
351
375
|
default:
|