@kya-os/contracts 1.7.15 → 1.7.17
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/agentshield-api/schemas.d.ts +279 -195
- package/dist/agentshield-api/schemas.js +8 -1
- package/dist/agentshield-api/types.d.ts +5 -1
- package/dist/audit/index.d.ts +21 -21
- package/dist/dashboard-config/schemas.d.ts +3355 -2307
- package/dist/delegation/schemas.d.ts +1090 -245
- package/dist/delegation/schemas.js +114 -4
- package/dist/handshake.d.ts +30 -30
- package/dist/handshake.js +11 -2
- package/dist/tool-protection/index.d.ts +204 -30
- package/dist/tool-protection/index.js +24 -0
- package/package.json +2 -2
|
@@ -1724,12 +1724,15 @@ export declare const DelegationChainEntrySchema: z.ZodObject<{
|
|
|
1724
1724
|
/** Status */
|
|
1725
1725
|
status: z.ZodEnum<["active", "revoked", "expired"]>;
|
|
1726
1726
|
}, "strip", z.ZodTypeAny, {
|
|
1727
|
+
issuerDid: string;
|
|
1728
|
+
subjectDid: string;
|
|
1729
|
+
vcId: string;
|
|
1727
1730
|
status: "active" | "revoked" | "expired";
|
|
1728
1731
|
constraints: {
|
|
1729
|
-
scopes?: string[] | undefined;
|
|
1730
|
-
audience?: string | string[] | undefined;
|
|
1731
1732
|
notBefore?: number | undefined;
|
|
1732
1733
|
notAfter?: number | undefined;
|
|
1734
|
+
scopes?: string[] | undefined;
|
|
1735
|
+
audience?: string | string[] | undefined;
|
|
1733
1736
|
crisp?: z.objectOutputType<{
|
|
1734
1737
|
budget: z.ZodOptional<z.ZodObject<{
|
|
1735
1738
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -1776,18 +1779,18 @@ export declare const DelegationChainEntrySchema: z.ZodObject<{
|
|
|
1776
1779
|
} & {
|
|
1777
1780
|
[k: string]: unknown;
|
|
1778
1781
|
};
|
|
1779
|
-
issuerDid: string;
|
|
1780
|
-
subjectDid: string;
|
|
1781
|
-
vcId: string;
|
|
1782
1782
|
delegationId: string;
|
|
1783
1783
|
depth: number;
|
|
1784
1784
|
}, {
|
|
1785
|
+
issuerDid: string;
|
|
1786
|
+
subjectDid: string;
|
|
1787
|
+
vcId: string;
|
|
1785
1788
|
status: "active" | "revoked" | "expired";
|
|
1786
1789
|
constraints: {
|
|
1787
|
-
scopes?: string[] | undefined;
|
|
1788
|
-
audience?: string | string[] | undefined;
|
|
1789
1790
|
notBefore?: number | undefined;
|
|
1790
1791
|
notAfter?: number | undefined;
|
|
1792
|
+
scopes?: string[] | undefined;
|
|
1793
|
+
audience?: string | string[] | undefined;
|
|
1791
1794
|
crisp?: z.objectInputType<{
|
|
1792
1795
|
budget: z.ZodOptional<z.ZodObject<{
|
|
1793
1796
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -1834,9 +1837,6 @@ export declare const DelegationChainEntrySchema: z.ZodObject<{
|
|
|
1834
1837
|
} & {
|
|
1835
1838
|
[k: string]: unknown;
|
|
1836
1839
|
};
|
|
1837
|
-
issuerDid: string;
|
|
1838
|
-
subjectDid: string;
|
|
1839
|
-
vcId: string;
|
|
1840
1840
|
delegationId: string;
|
|
1841
1841
|
depth: number;
|
|
1842
1842
|
}>;
|
|
@@ -2264,12 +2264,15 @@ export declare const DelegationChainSchema: z.ZodObject<{
|
|
|
2264
2264
|
/** Status */
|
|
2265
2265
|
status: z.ZodEnum<["active", "revoked", "expired"]>;
|
|
2266
2266
|
}, "strip", z.ZodTypeAny, {
|
|
2267
|
+
issuerDid: string;
|
|
2268
|
+
subjectDid: string;
|
|
2269
|
+
vcId: string;
|
|
2267
2270
|
status: "active" | "revoked" | "expired";
|
|
2268
2271
|
constraints: {
|
|
2269
|
-
scopes?: string[] | undefined;
|
|
2270
|
-
audience?: string | string[] | undefined;
|
|
2271
2272
|
notBefore?: number | undefined;
|
|
2272
2273
|
notAfter?: number | undefined;
|
|
2274
|
+
scopes?: string[] | undefined;
|
|
2275
|
+
audience?: string | string[] | undefined;
|
|
2273
2276
|
crisp?: z.objectOutputType<{
|
|
2274
2277
|
budget: z.ZodOptional<z.ZodObject<{
|
|
2275
2278
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -2316,18 +2319,18 @@ export declare const DelegationChainSchema: z.ZodObject<{
|
|
|
2316
2319
|
} & {
|
|
2317
2320
|
[k: string]: unknown;
|
|
2318
2321
|
};
|
|
2319
|
-
issuerDid: string;
|
|
2320
|
-
subjectDid: string;
|
|
2321
|
-
vcId: string;
|
|
2322
2322
|
delegationId: string;
|
|
2323
2323
|
depth: number;
|
|
2324
2324
|
}, {
|
|
2325
|
+
issuerDid: string;
|
|
2326
|
+
subjectDid: string;
|
|
2327
|
+
vcId: string;
|
|
2325
2328
|
status: "active" | "revoked" | "expired";
|
|
2326
2329
|
constraints: {
|
|
2327
|
-
scopes?: string[] | undefined;
|
|
2328
|
-
audience?: string | string[] | undefined;
|
|
2329
2330
|
notBefore?: number | undefined;
|
|
2330
2331
|
notAfter?: number | undefined;
|
|
2332
|
+
scopes?: string[] | undefined;
|
|
2333
|
+
audience?: string | string[] | undefined;
|
|
2331
2334
|
crisp?: z.objectInputType<{
|
|
2332
2335
|
budget: z.ZodOptional<z.ZodObject<{
|
|
2333
2336
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -2374,9 +2377,6 @@ export declare const DelegationChainSchema: z.ZodObject<{
|
|
|
2374
2377
|
} & {
|
|
2375
2378
|
[k: string]: unknown;
|
|
2376
2379
|
};
|
|
2377
|
-
issuerDid: string;
|
|
2378
|
-
subjectDid: string;
|
|
2379
|
-
vcId: string;
|
|
2380
2380
|
delegationId: string;
|
|
2381
2381
|
depth: number;
|
|
2382
2382
|
}>, "many">;
|
|
@@ -2392,12 +2392,15 @@ export declare const DelegationChainSchema: z.ZodObject<{
|
|
|
2392
2392
|
rootIssuer: string;
|
|
2393
2393
|
leafSubject: string;
|
|
2394
2394
|
chain: {
|
|
2395
|
+
issuerDid: string;
|
|
2396
|
+
subjectDid: string;
|
|
2397
|
+
vcId: string;
|
|
2395
2398
|
status: "active" | "revoked" | "expired";
|
|
2396
2399
|
constraints: {
|
|
2397
|
-
scopes?: string[] | undefined;
|
|
2398
|
-
audience?: string | string[] | undefined;
|
|
2399
2400
|
notBefore?: number | undefined;
|
|
2400
2401
|
notAfter?: number | undefined;
|
|
2402
|
+
scopes?: string[] | undefined;
|
|
2403
|
+
audience?: string | string[] | undefined;
|
|
2401
2404
|
crisp?: z.objectOutputType<{
|
|
2402
2405
|
budget: z.ZodOptional<z.ZodObject<{
|
|
2403
2406
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -2444,9 +2447,6 @@ export declare const DelegationChainSchema: z.ZodObject<{
|
|
|
2444
2447
|
} & {
|
|
2445
2448
|
[k: string]: unknown;
|
|
2446
2449
|
};
|
|
2447
|
-
issuerDid: string;
|
|
2448
|
-
subjectDid: string;
|
|
2449
|
-
vcId: string;
|
|
2450
2450
|
delegationId: string;
|
|
2451
2451
|
depth: number;
|
|
2452
2452
|
}[];
|
|
@@ -2457,12 +2457,15 @@ export declare const DelegationChainSchema: z.ZodObject<{
|
|
|
2457
2457
|
rootIssuer: string;
|
|
2458
2458
|
leafSubject: string;
|
|
2459
2459
|
chain: {
|
|
2460
|
+
issuerDid: string;
|
|
2461
|
+
subjectDid: string;
|
|
2462
|
+
vcId: string;
|
|
2460
2463
|
status: "active" | "revoked" | "expired";
|
|
2461
2464
|
constraints: {
|
|
2462
|
-
scopes?: string[] | undefined;
|
|
2463
|
-
audience?: string | string[] | undefined;
|
|
2464
2465
|
notBefore?: number | undefined;
|
|
2465
2466
|
notAfter?: number | undefined;
|
|
2467
|
+
scopes?: string[] | undefined;
|
|
2468
|
+
audience?: string | string[] | undefined;
|
|
2466
2469
|
crisp?: z.objectInputType<{
|
|
2467
2470
|
budget: z.ZodOptional<z.ZodObject<{
|
|
2468
2471
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -2509,9 +2512,6 @@ export declare const DelegationChainSchema: z.ZodObject<{
|
|
|
2509
2512
|
} & {
|
|
2510
2513
|
[k: string]: unknown;
|
|
2511
2514
|
};
|
|
2512
|
-
issuerDid: string;
|
|
2513
|
-
subjectDid: string;
|
|
2514
|
-
vcId: string;
|
|
2515
2515
|
delegationId: string;
|
|
2516
2516
|
depth: number;
|
|
2517
2517
|
}[];
|
|
@@ -2933,11 +2933,13 @@ export declare const DelegationCreationRequestSchema: z.ZodObject<{
|
|
|
2933
2933
|
/** Optional VC ID (if not provided, will be created) */
|
|
2934
2934
|
vcId: z.ZodOptional<z.ZodString>;
|
|
2935
2935
|
}, "strip", z.ZodTypeAny, {
|
|
2936
|
+
issuerDid: string;
|
|
2937
|
+
subjectDid: string;
|
|
2936
2938
|
constraints: {
|
|
2937
|
-
scopes?: string[] | undefined;
|
|
2938
|
-
audience?: string | string[] | undefined;
|
|
2939
2939
|
notBefore?: number | undefined;
|
|
2940
2940
|
notAfter?: number | undefined;
|
|
2941
|
+
scopes?: string[] | undefined;
|
|
2942
|
+
audience?: string | string[] | undefined;
|
|
2941
2943
|
crisp?: z.objectOutputType<{
|
|
2942
2944
|
budget: z.ZodOptional<z.ZodObject<{
|
|
2943
2945
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -2984,17 +2986,17 @@ export declare const DelegationCreationRequestSchema: z.ZodObject<{
|
|
|
2984
2986
|
} & {
|
|
2985
2987
|
[k: string]: unknown;
|
|
2986
2988
|
};
|
|
2987
|
-
issuerDid: string;
|
|
2988
|
-
subjectDid: string;
|
|
2989
2989
|
controller?: string | undefined;
|
|
2990
2990
|
vcId?: string | undefined;
|
|
2991
2991
|
parentId?: string | undefined;
|
|
2992
2992
|
}, {
|
|
2993
|
+
issuerDid: string;
|
|
2994
|
+
subjectDid: string;
|
|
2993
2995
|
constraints: {
|
|
2994
|
-
scopes?: string[] | undefined;
|
|
2995
|
-
audience?: string | string[] | undefined;
|
|
2996
2996
|
notBefore?: number | undefined;
|
|
2997
2997
|
notAfter?: number | undefined;
|
|
2998
|
+
scopes?: string[] | undefined;
|
|
2999
|
+
audience?: string | string[] | undefined;
|
|
2998
3000
|
crisp?: z.objectInputType<{
|
|
2999
3001
|
budget: z.ZodOptional<z.ZodObject<{
|
|
3000
3002
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -3041,13 +3043,262 @@ export declare const DelegationCreationRequestSchema: z.ZodObject<{
|
|
|
3041
3043
|
} & {
|
|
3042
3044
|
[k: string]: unknown;
|
|
3043
3045
|
};
|
|
3044
|
-
issuerDid: string;
|
|
3045
|
-
subjectDid: string;
|
|
3046
3046
|
controller?: string | undefined;
|
|
3047
3047
|
vcId?: string | undefined;
|
|
3048
3048
|
parentId?: string | undefined;
|
|
3049
3049
|
}>;
|
|
3050
3050
|
export type DelegationCreationRequest = z.infer<typeof DelegationCreationRequestSchema>;
|
|
3051
|
+
/**
|
|
3052
|
+
* Authorization Info Schema
|
|
3053
|
+
*
|
|
3054
|
+
* Captures HOW the user verified their identity during consent.
|
|
3055
|
+
* This is runtime verification metadata, separate from tool requirements.
|
|
3056
|
+
*
|
|
3057
|
+
* Note: This schema describes authorization info in verification results,
|
|
3058
|
+
* not tool protection requirements (which use AuthorizationRequirementSchema).
|
|
3059
|
+
*/
|
|
3060
|
+
export declare const AuthorizationInfoSchema: z.ZodObject<{
|
|
3061
|
+
/**
|
|
3062
|
+
* The authorization method used during consent
|
|
3063
|
+
*
|
|
3064
|
+
* - 'oauth2': OAuth 2.0 provider authentication (canonical)
|
|
3065
|
+
* - 'oauth': Deprecated, use 'oauth2' (will be removed in v2.0.0)
|
|
3066
|
+
* - 'password': Password/credential authentication
|
|
3067
|
+
* - 'credential': Deprecated, use 'verifiable_credential' (will be removed in v2.0.0)
|
|
3068
|
+
* - 'verifiable_credential': W3C Verifiable Credential
|
|
3069
|
+
* - 'mdl': Mobile Driver's License
|
|
3070
|
+
* - 'idv': Identity Verification
|
|
3071
|
+
* - 'webauthn': WebAuthn/Passkey authentication
|
|
3072
|
+
* - 'siwe': Sign-In with Ethereum (EIP-4361)
|
|
3073
|
+
* - 'none': Consent-only (no authentication)
|
|
3074
|
+
*/
|
|
3075
|
+
type: z.ZodEnum<["oauth", "oauth2", "password", "credential", "verifiable_credential", "mdl", "idv", "webauthn", "siwe", "none"]>;
|
|
3076
|
+
/** OAuth/Password/IDV provider name (e.g., 'github', 'google', 'credentials') */
|
|
3077
|
+
provider: z.ZodOptional<z.ZodString>;
|
|
3078
|
+
/** Credential type for verifiable_credential or mdl auth */
|
|
3079
|
+
credentialType: z.ZodOptional<z.ZodString>;
|
|
3080
|
+
/** MDL issuer DID or identifier */
|
|
3081
|
+
issuer: z.ZodOptional<z.ZodString>;
|
|
3082
|
+
/** IDV verification level */
|
|
3083
|
+
verificationLevel: z.ZodOptional<z.ZodEnum<["basic", "enhanced", "loa3"]>>;
|
|
3084
|
+
/** WebAuthn Relying Party ID */
|
|
3085
|
+
rpId: z.ZodOptional<z.ZodString>;
|
|
3086
|
+
/** WebAuthn user verification level */
|
|
3087
|
+
userVerification: z.ZodOptional<z.ZodEnum<["required", "preferred", "discouraged"]>>;
|
|
3088
|
+
/** SIWE Ethereum chain ID */
|
|
3089
|
+
chainId: z.ZodOptional<z.ZodNumber>;
|
|
3090
|
+
/** SIWE domain */
|
|
3091
|
+
domain: z.ZodOptional<z.ZodString>;
|
|
3092
|
+
/** Timestamp when authorization was verified (milliseconds since epoch) */
|
|
3093
|
+
verifiedAt: z.ZodOptional<z.ZodNumber>;
|
|
3094
|
+
}, "strip", z.ZodTypeAny, {
|
|
3095
|
+
type: "oauth" | "oauth2" | "password" | "credential" | "verifiable_credential" | "mdl" | "idv" | "webauthn" | "siwe" | "none";
|
|
3096
|
+
provider?: string | undefined;
|
|
3097
|
+
credentialType?: string | undefined;
|
|
3098
|
+
issuer?: string | undefined;
|
|
3099
|
+
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
3100
|
+
rpId?: string | undefined;
|
|
3101
|
+
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
3102
|
+
chainId?: number | undefined;
|
|
3103
|
+
domain?: string | undefined;
|
|
3104
|
+
verifiedAt?: number | undefined;
|
|
3105
|
+
}, {
|
|
3106
|
+
type: "oauth" | "oauth2" | "password" | "credential" | "verifiable_credential" | "mdl" | "idv" | "webauthn" | "siwe" | "none";
|
|
3107
|
+
provider?: string | undefined;
|
|
3108
|
+
credentialType?: string | undefined;
|
|
3109
|
+
issuer?: string | undefined;
|
|
3110
|
+
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
3111
|
+
rpId?: string | undefined;
|
|
3112
|
+
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
3113
|
+
chainId?: number | undefined;
|
|
3114
|
+
domain?: string | undefined;
|
|
3115
|
+
verifiedAt?: number | undefined;
|
|
3116
|
+
}>;
|
|
3117
|
+
export type AuthorizationInfo = z.infer<typeof AuthorizationInfoSchema>;
|
|
3118
|
+
/**
|
|
3119
|
+
* Delegation Verification Details Schema
|
|
3120
|
+
*
|
|
3121
|
+
* Typed details object for verification results
|
|
3122
|
+
*/
|
|
3123
|
+
export declare const DelegationVerificationDetailsSchema: z.ZodObject<{
|
|
3124
|
+
/** Authorization info - how identity was verified during consent */
|
|
3125
|
+
authorization: z.ZodOptional<z.ZodObject<{
|
|
3126
|
+
/**
|
|
3127
|
+
* The authorization method used during consent
|
|
3128
|
+
*
|
|
3129
|
+
* - 'oauth2': OAuth 2.0 provider authentication (canonical)
|
|
3130
|
+
* - 'oauth': Deprecated, use 'oauth2' (will be removed in v2.0.0)
|
|
3131
|
+
* - 'password': Password/credential authentication
|
|
3132
|
+
* - 'credential': Deprecated, use 'verifiable_credential' (will be removed in v2.0.0)
|
|
3133
|
+
* - 'verifiable_credential': W3C Verifiable Credential
|
|
3134
|
+
* - 'mdl': Mobile Driver's License
|
|
3135
|
+
* - 'idv': Identity Verification
|
|
3136
|
+
* - 'webauthn': WebAuthn/Passkey authentication
|
|
3137
|
+
* - 'siwe': Sign-In with Ethereum (EIP-4361)
|
|
3138
|
+
* - 'none': Consent-only (no authentication)
|
|
3139
|
+
*/
|
|
3140
|
+
type: z.ZodEnum<["oauth", "oauth2", "password", "credential", "verifiable_credential", "mdl", "idv", "webauthn", "siwe", "none"]>;
|
|
3141
|
+
/** OAuth/Password/IDV provider name (e.g., 'github', 'google', 'credentials') */
|
|
3142
|
+
provider: z.ZodOptional<z.ZodString>;
|
|
3143
|
+
/** Credential type for verifiable_credential or mdl auth */
|
|
3144
|
+
credentialType: z.ZodOptional<z.ZodString>;
|
|
3145
|
+
/** MDL issuer DID or identifier */
|
|
3146
|
+
issuer: z.ZodOptional<z.ZodString>;
|
|
3147
|
+
/** IDV verification level */
|
|
3148
|
+
verificationLevel: z.ZodOptional<z.ZodEnum<["basic", "enhanced", "loa3"]>>;
|
|
3149
|
+
/** WebAuthn Relying Party ID */
|
|
3150
|
+
rpId: z.ZodOptional<z.ZodString>;
|
|
3151
|
+
/** WebAuthn user verification level */
|
|
3152
|
+
userVerification: z.ZodOptional<z.ZodEnum<["required", "preferred", "discouraged"]>>;
|
|
3153
|
+
/** SIWE Ethereum chain ID */
|
|
3154
|
+
chainId: z.ZodOptional<z.ZodNumber>;
|
|
3155
|
+
/** SIWE domain */
|
|
3156
|
+
domain: z.ZodOptional<z.ZodString>;
|
|
3157
|
+
/** Timestamp when authorization was verified (milliseconds since epoch) */
|
|
3158
|
+
verifiedAt: z.ZodOptional<z.ZodNumber>;
|
|
3159
|
+
}, "strip", z.ZodTypeAny, {
|
|
3160
|
+
type: "oauth" | "oauth2" | "password" | "credential" | "verifiable_credential" | "mdl" | "idv" | "webauthn" | "siwe" | "none";
|
|
3161
|
+
provider?: string | undefined;
|
|
3162
|
+
credentialType?: string | undefined;
|
|
3163
|
+
issuer?: string | undefined;
|
|
3164
|
+
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
3165
|
+
rpId?: string | undefined;
|
|
3166
|
+
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
3167
|
+
chainId?: number | undefined;
|
|
3168
|
+
domain?: string | undefined;
|
|
3169
|
+
verifiedAt?: number | undefined;
|
|
3170
|
+
}, {
|
|
3171
|
+
type: "oauth" | "oauth2" | "password" | "credential" | "verifiable_credential" | "mdl" | "idv" | "webauthn" | "siwe" | "none";
|
|
3172
|
+
provider?: string | undefined;
|
|
3173
|
+
credentialType?: string | undefined;
|
|
3174
|
+
issuer?: string | undefined;
|
|
3175
|
+
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
3176
|
+
rpId?: string | undefined;
|
|
3177
|
+
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
3178
|
+
chainId?: number | undefined;
|
|
3179
|
+
domain?: string | undefined;
|
|
3180
|
+
verifiedAt?: number | undefined;
|
|
3181
|
+
}>>;
|
|
3182
|
+
}, "passthrough", z.ZodTypeAny, z.objectOutputType<{
|
|
3183
|
+
/** Authorization info - how identity was verified during consent */
|
|
3184
|
+
authorization: z.ZodOptional<z.ZodObject<{
|
|
3185
|
+
/**
|
|
3186
|
+
* The authorization method used during consent
|
|
3187
|
+
*
|
|
3188
|
+
* - 'oauth2': OAuth 2.0 provider authentication (canonical)
|
|
3189
|
+
* - 'oauth': Deprecated, use 'oauth2' (will be removed in v2.0.0)
|
|
3190
|
+
* - 'password': Password/credential authentication
|
|
3191
|
+
* - 'credential': Deprecated, use 'verifiable_credential' (will be removed in v2.0.0)
|
|
3192
|
+
* - 'verifiable_credential': W3C Verifiable Credential
|
|
3193
|
+
* - 'mdl': Mobile Driver's License
|
|
3194
|
+
* - 'idv': Identity Verification
|
|
3195
|
+
* - 'webauthn': WebAuthn/Passkey authentication
|
|
3196
|
+
* - 'siwe': Sign-In with Ethereum (EIP-4361)
|
|
3197
|
+
* - 'none': Consent-only (no authentication)
|
|
3198
|
+
*/
|
|
3199
|
+
type: z.ZodEnum<["oauth", "oauth2", "password", "credential", "verifiable_credential", "mdl", "idv", "webauthn", "siwe", "none"]>;
|
|
3200
|
+
/** OAuth/Password/IDV provider name (e.g., 'github', 'google', 'credentials') */
|
|
3201
|
+
provider: z.ZodOptional<z.ZodString>;
|
|
3202
|
+
/** Credential type for verifiable_credential or mdl auth */
|
|
3203
|
+
credentialType: z.ZodOptional<z.ZodString>;
|
|
3204
|
+
/** MDL issuer DID or identifier */
|
|
3205
|
+
issuer: z.ZodOptional<z.ZodString>;
|
|
3206
|
+
/** IDV verification level */
|
|
3207
|
+
verificationLevel: z.ZodOptional<z.ZodEnum<["basic", "enhanced", "loa3"]>>;
|
|
3208
|
+
/** WebAuthn Relying Party ID */
|
|
3209
|
+
rpId: z.ZodOptional<z.ZodString>;
|
|
3210
|
+
/** WebAuthn user verification level */
|
|
3211
|
+
userVerification: z.ZodOptional<z.ZodEnum<["required", "preferred", "discouraged"]>>;
|
|
3212
|
+
/** SIWE Ethereum chain ID */
|
|
3213
|
+
chainId: z.ZodOptional<z.ZodNumber>;
|
|
3214
|
+
/** SIWE domain */
|
|
3215
|
+
domain: z.ZodOptional<z.ZodString>;
|
|
3216
|
+
/** Timestamp when authorization was verified (milliseconds since epoch) */
|
|
3217
|
+
verifiedAt: z.ZodOptional<z.ZodNumber>;
|
|
3218
|
+
}, "strip", z.ZodTypeAny, {
|
|
3219
|
+
type: "oauth" | "oauth2" | "password" | "credential" | "verifiable_credential" | "mdl" | "idv" | "webauthn" | "siwe" | "none";
|
|
3220
|
+
provider?: string | undefined;
|
|
3221
|
+
credentialType?: string | undefined;
|
|
3222
|
+
issuer?: string | undefined;
|
|
3223
|
+
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
3224
|
+
rpId?: string | undefined;
|
|
3225
|
+
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
3226
|
+
chainId?: number | undefined;
|
|
3227
|
+
domain?: string | undefined;
|
|
3228
|
+
verifiedAt?: number | undefined;
|
|
3229
|
+
}, {
|
|
3230
|
+
type: "oauth" | "oauth2" | "password" | "credential" | "verifiable_credential" | "mdl" | "idv" | "webauthn" | "siwe" | "none";
|
|
3231
|
+
provider?: string | undefined;
|
|
3232
|
+
credentialType?: string | undefined;
|
|
3233
|
+
issuer?: string | undefined;
|
|
3234
|
+
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
3235
|
+
rpId?: string | undefined;
|
|
3236
|
+
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
3237
|
+
chainId?: number | undefined;
|
|
3238
|
+
domain?: string | undefined;
|
|
3239
|
+
verifiedAt?: number | undefined;
|
|
3240
|
+
}>>;
|
|
3241
|
+
}, z.ZodTypeAny, "passthrough">, z.objectInputType<{
|
|
3242
|
+
/** Authorization info - how identity was verified during consent */
|
|
3243
|
+
authorization: z.ZodOptional<z.ZodObject<{
|
|
3244
|
+
/**
|
|
3245
|
+
* The authorization method used during consent
|
|
3246
|
+
*
|
|
3247
|
+
* - 'oauth2': OAuth 2.0 provider authentication (canonical)
|
|
3248
|
+
* - 'oauth': Deprecated, use 'oauth2' (will be removed in v2.0.0)
|
|
3249
|
+
* - 'password': Password/credential authentication
|
|
3250
|
+
* - 'credential': Deprecated, use 'verifiable_credential' (will be removed in v2.0.0)
|
|
3251
|
+
* - 'verifiable_credential': W3C Verifiable Credential
|
|
3252
|
+
* - 'mdl': Mobile Driver's License
|
|
3253
|
+
* - 'idv': Identity Verification
|
|
3254
|
+
* - 'webauthn': WebAuthn/Passkey authentication
|
|
3255
|
+
* - 'siwe': Sign-In with Ethereum (EIP-4361)
|
|
3256
|
+
* - 'none': Consent-only (no authentication)
|
|
3257
|
+
*/
|
|
3258
|
+
type: z.ZodEnum<["oauth", "oauth2", "password", "credential", "verifiable_credential", "mdl", "idv", "webauthn", "siwe", "none"]>;
|
|
3259
|
+
/** OAuth/Password/IDV provider name (e.g., 'github', 'google', 'credentials') */
|
|
3260
|
+
provider: z.ZodOptional<z.ZodString>;
|
|
3261
|
+
/** Credential type for verifiable_credential or mdl auth */
|
|
3262
|
+
credentialType: z.ZodOptional<z.ZodString>;
|
|
3263
|
+
/** MDL issuer DID or identifier */
|
|
3264
|
+
issuer: z.ZodOptional<z.ZodString>;
|
|
3265
|
+
/** IDV verification level */
|
|
3266
|
+
verificationLevel: z.ZodOptional<z.ZodEnum<["basic", "enhanced", "loa3"]>>;
|
|
3267
|
+
/** WebAuthn Relying Party ID */
|
|
3268
|
+
rpId: z.ZodOptional<z.ZodString>;
|
|
3269
|
+
/** WebAuthn user verification level */
|
|
3270
|
+
userVerification: z.ZodOptional<z.ZodEnum<["required", "preferred", "discouraged"]>>;
|
|
3271
|
+
/** SIWE Ethereum chain ID */
|
|
3272
|
+
chainId: z.ZodOptional<z.ZodNumber>;
|
|
3273
|
+
/** SIWE domain */
|
|
3274
|
+
domain: z.ZodOptional<z.ZodString>;
|
|
3275
|
+
/** Timestamp when authorization was verified (milliseconds since epoch) */
|
|
3276
|
+
verifiedAt: z.ZodOptional<z.ZodNumber>;
|
|
3277
|
+
}, "strip", z.ZodTypeAny, {
|
|
3278
|
+
type: "oauth" | "oauth2" | "password" | "credential" | "verifiable_credential" | "mdl" | "idv" | "webauthn" | "siwe" | "none";
|
|
3279
|
+
provider?: string | undefined;
|
|
3280
|
+
credentialType?: string | undefined;
|
|
3281
|
+
issuer?: string | undefined;
|
|
3282
|
+
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
3283
|
+
rpId?: string | undefined;
|
|
3284
|
+
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
3285
|
+
chainId?: number | undefined;
|
|
3286
|
+
domain?: string | undefined;
|
|
3287
|
+
verifiedAt?: number | undefined;
|
|
3288
|
+
}, {
|
|
3289
|
+
type: "oauth" | "oauth2" | "password" | "credential" | "verifiable_credential" | "mdl" | "idv" | "webauthn" | "siwe" | "none";
|
|
3290
|
+
provider?: string | undefined;
|
|
3291
|
+
credentialType?: string | undefined;
|
|
3292
|
+
issuer?: string | undefined;
|
|
3293
|
+
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
3294
|
+
rpId?: string | undefined;
|
|
3295
|
+
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
3296
|
+
chainId?: number | undefined;
|
|
3297
|
+
domain?: string | undefined;
|
|
3298
|
+
verifiedAt?: number | undefined;
|
|
3299
|
+
}>>;
|
|
3300
|
+
}, z.ZodTypeAny, "passthrough">>;
|
|
3301
|
+
export type DelegationVerificationDetails = z.infer<typeof DelegationVerificationDetailsSchema>;
|
|
3051
3302
|
/**
|
|
3052
3303
|
* Delegation Verification Result
|
|
3053
3304
|
*
|
|
@@ -3068,26 +3319,321 @@ export declare const DelegationVerificationResultSchema: z.ZodObject<{
|
|
|
3068
3319
|
chainValid: z.ZodOptional<z.ZodBoolean>;
|
|
3069
3320
|
/** Timestamp of verification */
|
|
3070
3321
|
verifiedAt: z.ZodNumber;
|
|
3071
|
-
/**
|
|
3072
|
-
details: z.ZodOptional<z.
|
|
3322
|
+
/** Verification details including authorization info */
|
|
3323
|
+
details: z.ZodOptional<z.ZodObject<{
|
|
3324
|
+
/** Authorization info - how identity was verified during consent */
|
|
3325
|
+
authorization: z.ZodOptional<z.ZodObject<{
|
|
3326
|
+
/**
|
|
3327
|
+
* The authorization method used during consent
|
|
3328
|
+
*
|
|
3329
|
+
* - 'oauth2': OAuth 2.0 provider authentication (canonical)
|
|
3330
|
+
* - 'oauth': Deprecated, use 'oauth2' (will be removed in v2.0.0)
|
|
3331
|
+
* - 'password': Password/credential authentication
|
|
3332
|
+
* - 'credential': Deprecated, use 'verifiable_credential' (will be removed in v2.0.0)
|
|
3333
|
+
* - 'verifiable_credential': W3C Verifiable Credential
|
|
3334
|
+
* - 'mdl': Mobile Driver's License
|
|
3335
|
+
* - 'idv': Identity Verification
|
|
3336
|
+
* - 'webauthn': WebAuthn/Passkey authentication
|
|
3337
|
+
* - 'siwe': Sign-In with Ethereum (EIP-4361)
|
|
3338
|
+
* - 'none': Consent-only (no authentication)
|
|
3339
|
+
*/
|
|
3340
|
+
type: z.ZodEnum<["oauth", "oauth2", "password", "credential", "verifiable_credential", "mdl", "idv", "webauthn", "siwe", "none"]>;
|
|
3341
|
+
/** OAuth/Password/IDV provider name (e.g., 'github', 'google', 'credentials') */
|
|
3342
|
+
provider: z.ZodOptional<z.ZodString>;
|
|
3343
|
+
/** Credential type for verifiable_credential or mdl auth */
|
|
3344
|
+
credentialType: z.ZodOptional<z.ZodString>;
|
|
3345
|
+
/** MDL issuer DID or identifier */
|
|
3346
|
+
issuer: z.ZodOptional<z.ZodString>;
|
|
3347
|
+
/** IDV verification level */
|
|
3348
|
+
verificationLevel: z.ZodOptional<z.ZodEnum<["basic", "enhanced", "loa3"]>>;
|
|
3349
|
+
/** WebAuthn Relying Party ID */
|
|
3350
|
+
rpId: z.ZodOptional<z.ZodString>;
|
|
3351
|
+
/** WebAuthn user verification level */
|
|
3352
|
+
userVerification: z.ZodOptional<z.ZodEnum<["required", "preferred", "discouraged"]>>;
|
|
3353
|
+
/** SIWE Ethereum chain ID */
|
|
3354
|
+
chainId: z.ZodOptional<z.ZodNumber>;
|
|
3355
|
+
/** SIWE domain */
|
|
3356
|
+
domain: z.ZodOptional<z.ZodString>;
|
|
3357
|
+
/** Timestamp when authorization was verified (milliseconds since epoch) */
|
|
3358
|
+
verifiedAt: z.ZodOptional<z.ZodNumber>;
|
|
3359
|
+
}, "strip", z.ZodTypeAny, {
|
|
3360
|
+
type: "oauth" | "oauth2" | "password" | "credential" | "verifiable_credential" | "mdl" | "idv" | "webauthn" | "siwe" | "none";
|
|
3361
|
+
provider?: string | undefined;
|
|
3362
|
+
credentialType?: string | undefined;
|
|
3363
|
+
issuer?: string | undefined;
|
|
3364
|
+
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
3365
|
+
rpId?: string | undefined;
|
|
3366
|
+
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
3367
|
+
chainId?: number | undefined;
|
|
3368
|
+
domain?: string | undefined;
|
|
3369
|
+
verifiedAt?: number | undefined;
|
|
3370
|
+
}, {
|
|
3371
|
+
type: "oauth" | "oauth2" | "password" | "credential" | "verifiable_credential" | "mdl" | "idv" | "webauthn" | "siwe" | "none";
|
|
3372
|
+
provider?: string | undefined;
|
|
3373
|
+
credentialType?: string | undefined;
|
|
3374
|
+
issuer?: string | undefined;
|
|
3375
|
+
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
3376
|
+
rpId?: string | undefined;
|
|
3377
|
+
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
3378
|
+
chainId?: number | undefined;
|
|
3379
|
+
domain?: string | undefined;
|
|
3380
|
+
verifiedAt?: number | undefined;
|
|
3381
|
+
}>>;
|
|
3382
|
+
}, "passthrough", z.ZodTypeAny, z.objectOutputType<{
|
|
3383
|
+
/** Authorization info - how identity was verified during consent */
|
|
3384
|
+
authorization: z.ZodOptional<z.ZodObject<{
|
|
3385
|
+
/**
|
|
3386
|
+
* The authorization method used during consent
|
|
3387
|
+
*
|
|
3388
|
+
* - 'oauth2': OAuth 2.0 provider authentication (canonical)
|
|
3389
|
+
* - 'oauth': Deprecated, use 'oauth2' (will be removed in v2.0.0)
|
|
3390
|
+
* - 'password': Password/credential authentication
|
|
3391
|
+
* - 'credential': Deprecated, use 'verifiable_credential' (will be removed in v2.0.0)
|
|
3392
|
+
* - 'verifiable_credential': W3C Verifiable Credential
|
|
3393
|
+
* - 'mdl': Mobile Driver's License
|
|
3394
|
+
* - 'idv': Identity Verification
|
|
3395
|
+
* - 'webauthn': WebAuthn/Passkey authentication
|
|
3396
|
+
* - 'siwe': Sign-In with Ethereum (EIP-4361)
|
|
3397
|
+
* - 'none': Consent-only (no authentication)
|
|
3398
|
+
*/
|
|
3399
|
+
type: z.ZodEnum<["oauth", "oauth2", "password", "credential", "verifiable_credential", "mdl", "idv", "webauthn", "siwe", "none"]>;
|
|
3400
|
+
/** OAuth/Password/IDV provider name (e.g., 'github', 'google', 'credentials') */
|
|
3401
|
+
provider: z.ZodOptional<z.ZodString>;
|
|
3402
|
+
/** Credential type for verifiable_credential or mdl auth */
|
|
3403
|
+
credentialType: z.ZodOptional<z.ZodString>;
|
|
3404
|
+
/** MDL issuer DID or identifier */
|
|
3405
|
+
issuer: z.ZodOptional<z.ZodString>;
|
|
3406
|
+
/** IDV verification level */
|
|
3407
|
+
verificationLevel: z.ZodOptional<z.ZodEnum<["basic", "enhanced", "loa3"]>>;
|
|
3408
|
+
/** WebAuthn Relying Party ID */
|
|
3409
|
+
rpId: z.ZodOptional<z.ZodString>;
|
|
3410
|
+
/** WebAuthn user verification level */
|
|
3411
|
+
userVerification: z.ZodOptional<z.ZodEnum<["required", "preferred", "discouraged"]>>;
|
|
3412
|
+
/** SIWE Ethereum chain ID */
|
|
3413
|
+
chainId: z.ZodOptional<z.ZodNumber>;
|
|
3414
|
+
/** SIWE domain */
|
|
3415
|
+
domain: z.ZodOptional<z.ZodString>;
|
|
3416
|
+
/** Timestamp when authorization was verified (milliseconds since epoch) */
|
|
3417
|
+
verifiedAt: z.ZodOptional<z.ZodNumber>;
|
|
3418
|
+
}, "strip", z.ZodTypeAny, {
|
|
3419
|
+
type: "oauth" | "oauth2" | "password" | "credential" | "verifiable_credential" | "mdl" | "idv" | "webauthn" | "siwe" | "none";
|
|
3420
|
+
provider?: string | undefined;
|
|
3421
|
+
credentialType?: string | undefined;
|
|
3422
|
+
issuer?: string | undefined;
|
|
3423
|
+
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
3424
|
+
rpId?: string | undefined;
|
|
3425
|
+
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
3426
|
+
chainId?: number | undefined;
|
|
3427
|
+
domain?: string | undefined;
|
|
3428
|
+
verifiedAt?: number | undefined;
|
|
3429
|
+
}, {
|
|
3430
|
+
type: "oauth" | "oauth2" | "password" | "credential" | "verifiable_credential" | "mdl" | "idv" | "webauthn" | "siwe" | "none";
|
|
3431
|
+
provider?: string | undefined;
|
|
3432
|
+
credentialType?: string | undefined;
|
|
3433
|
+
issuer?: string | undefined;
|
|
3434
|
+
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
3435
|
+
rpId?: string | undefined;
|
|
3436
|
+
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
3437
|
+
chainId?: number | undefined;
|
|
3438
|
+
domain?: string | undefined;
|
|
3439
|
+
verifiedAt?: number | undefined;
|
|
3440
|
+
}>>;
|
|
3441
|
+
}, z.ZodTypeAny, "passthrough">, z.objectInputType<{
|
|
3442
|
+
/** Authorization info - how identity was verified during consent */
|
|
3443
|
+
authorization: z.ZodOptional<z.ZodObject<{
|
|
3444
|
+
/**
|
|
3445
|
+
* The authorization method used during consent
|
|
3446
|
+
*
|
|
3447
|
+
* - 'oauth2': OAuth 2.0 provider authentication (canonical)
|
|
3448
|
+
* - 'oauth': Deprecated, use 'oauth2' (will be removed in v2.0.0)
|
|
3449
|
+
* - 'password': Password/credential authentication
|
|
3450
|
+
* - 'credential': Deprecated, use 'verifiable_credential' (will be removed in v2.0.0)
|
|
3451
|
+
* - 'verifiable_credential': W3C Verifiable Credential
|
|
3452
|
+
* - 'mdl': Mobile Driver's License
|
|
3453
|
+
* - 'idv': Identity Verification
|
|
3454
|
+
* - 'webauthn': WebAuthn/Passkey authentication
|
|
3455
|
+
* - 'siwe': Sign-In with Ethereum (EIP-4361)
|
|
3456
|
+
* - 'none': Consent-only (no authentication)
|
|
3457
|
+
*/
|
|
3458
|
+
type: z.ZodEnum<["oauth", "oauth2", "password", "credential", "verifiable_credential", "mdl", "idv", "webauthn", "siwe", "none"]>;
|
|
3459
|
+
/** OAuth/Password/IDV provider name (e.g., 'github', 'google', 'credentials') */
|
|
3460
|
+
provider: z.ZodOptional<z.ZodString>;
|
|
3461
|
+
/** Credential type for verifiable_credential or mdl auth */
|
|
3462
|
+
credentialType: z.ZodOptional<z.ZodString>;
|
|
3463
|
+
/** MDL issuer DID or identifier */
|
|
3464
|
+
issuer: z.ZodOptional<z.ZodString>;
|
|
3465
|
+
/** IDV verification level */
|
|
3466
|
+
verificationLevel: z.ZodOptional<z.ZodEnum<["basic", "enhanced", "loa3"]>>;
|
|
3467
|
+
/** WebAuthn Relying Party ID */
|
|
3468
|
+
rpId: z.ZodOptional<z.ZodString>;
|
|
3469
|
+
/** WebAuthn user verification level */
|
|
3470
|
+
userVerification: z.ZodOptional<z.ZodEnum<["required", "preferred", "discouraged"]>>;
|
|
3471
|
+
/** SIWE Ethereum chain ID */
|
|
3472
|
+
chainId: z.ZodOptional<z.ZodNumber>;
|
|
3473
|
+
/** SIWE domain */
|
|
3474
|
+
domain: z.ZodOptional<z.ZodString>;
|
|
3475
|
+
/** Timestamp when authorization was verified (milliseconds since epoch) */
|
|
3476
|
+
verifiedAt: z.ZodOptional<z.ZodNumber>;
|
|
3477
|
+
}, "strip", z.ZodTypeAny, {
|
|
3478
|
+
type: "oauth" | "oauth2" | "password" | "credential" | "verifiable_credential" | "mdl" | "idv" | "webauthn" | "siwe" | "none";
|
|
3479
|
+
provider?: string | undefined;
|
|
3480
|
+
credentialType?: string | undefined;
|
|
3481
|
+
issuer?: string | undefined;
|
|
3482
|
+
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
3483
|
+
rpId?: string | undefined;
|
|
3484
|
+
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
3485
|
+
chainId?: number | undefined;
|
|
3486
|
+
domain?: string | undefined;
|
|
3487
|
+
verifiedAt?: number | undefined;
|
|
3488
|
+
}, {
|
|
3489
|
+
type: "oauth" | "oauth2" | "password" | "credential" | "verifiable_credential" | "mdl" | "idv" | "webauthn" | "siwe" | "none";
|
|
3490
|
+
provider?: string | undefined;
|
|
3491
|
+
credentialType?: string | undefined;
|
|
3492
|
+
issuer?: string | undefined;
|
|
3493
|
+
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
3494
|
+
rpId?: string | undefined;
|
|
3495
|
+
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
3496
|
+
chainId?: number | undefined;
|
|
3497
|
+
domain?: string | undefined;
|
|
3498
|
+
verifiedAt?: number | undefined;
|
|
3499
|
+
}>>;
|
|
3500
|
+
}, z.ZodTypeAny, "passthrough">>>;
|
|
3073
3501
|
}, "strip", z.ZodTypeAny, {
|
|
3074
3502
|
valid: boolean;
|
|
3075
3503
|
status: "active" | "revoked" | "expired";
|
|
3076
|
-
verifiedAt: number;
|
|
3077
3504
|
delegationId: string;
|
|
3078
|
-
|
|
3505
|
+
verifiedAt: number;
|
|
3079
3506
|
reason?: string | undefined;
|
|
3080
3507
|
credentialValid?: boolean | undefined;
|
|
3081
3508
|
chainValid?: boolean | undefined;
|
|
3509
|
+
details?: z.objectOutputType<{
|
|
3510
|
+
/** Authorization info - how identity was verified during consent */
|
|
3511
|
+
authorization: z.ZodOptional<z.ZodObject<{
|
|
3512
|
+
/**
|
|
3513
|
+
* The authorization method used during consent
|
|
3514
|
+
*
|
|
3515
|
+
* - 'oauth2': OAuth 2.0 provider authentication (canonical)
|
|
3516
|
+
* - 'oauth': Deprecated, use 'oauth2' (will be removed in v2.0.0)
|
|
3517
|
+
* - 'password': Password/credential authentication
|
|
3518
|
+
* - 'credential': Deprecated, use 'verifiable_credential' (will be removed in v2.0.0)
|
|
3519
|
+
* - 'verifiable_credential': W3C Verifiable Credential
|
|
3520
|
+
* - 'mdl': Mobile Driver's License
|
|
3521
|
+
* - 'idv': Identity Verification
|
|
3522
|
+
* - 'webauthn': WebAuthn/Passkey authentication
|
|
3523
|
+
* - 'siwe': Sign-In with Ethereum (EIP-4361)
|
|
3524
|
+
* - 'none': Consent-only (no authentication)
|
|
3525
|
+
*/
|
|
3526
|
+
type: z.ZodEnum<["oauth", "oauth2", "password", "credential", "verifiable_credential", "mdl", "idv", "webauthn", "siwe", "none"]>;
|
|
3527
|
+
/** OAuth/Password/IDV provider name (e.g., 'github', 'google', 'credentials') */
|
|
3528
|
+
provider: z.ZodOptional<z.ZodString>;
|
|
3529
|
+
/** Credential type for verifiable_credential or mdl auth */
|
|
3530
|
+
credentialType: z.ZodOptional<z.ZodString>;
|
|
3531
|
+
/** MDL issuer DID or identifier */
|
|
3532
|
+
issuer: z.ZodOptional<z.ZodString>;
|
|
3533
|
+
/** IDV verification level */
|
|
3534
|
+
verificationLevel: z.ZodOptional<z.ZodEnum<["basic", "enhanced", "loa3"]>>;
|
|
3535
|
+
/** WebAuthn Relying Party ID */
|
|
3536
|
+
rpId: z.ZodOptional<z.ZodString>;
|
|
3537
|
+
/** WebAuthn user verification level */
|
|
3538
|
+
userVerification: z.ZodOptional<z.ZodEnum<["required", "preferred", "discouraged"]>>;
|
|
3539
|
+
/** SIWE Ethereum chain ID */
|
|
3540
|
+
chainId: z.ZodOptional<z.ZodNumber>;
|
|
3541
|
+
/** SIWE domain */
|
|
3542
|
+
domain: z.ZodOptional<z.ZodString>;
|
|
3543
|
+
/** Timestamp when authorization was verified (milliseconds since epoch) */
|
|
3544
|
+
verifiedAt: z.ZodOptional<z.ZodNumber>;
|
|
3545
|
+
}, "strip", z.ZodTypeAny, {
|
|
3546
|
+
type: "oauth" | "oauth2" | "password" | "credential" | "verifiable_credential" | "mdl" | "idv" | "webauthn" | "siwe" | "none";
|
|
3547
|
+
provider?: string | undefined;
|
|
3548
|
+
credentialType?: string | undefined;
|
|
3549
|
+
issuer?: string | undefined;
|
|
3550
|
+
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
3551
|
+
rpId?: string | undefined;
|
|
3552
|
+
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
3553
|
+
chainId?: number | undefined;
|
|
3554
|
+
domain?: string | undefined;
|
|
3555
|
+
verifiedAt?: number | undefined;
|
|
3556
|
+
}, {
|
|
3557
|
+
type: "oauth" | "oauth2" | "password" | "credential" | "verifiable_credential" | "mdl" | "idv" | "webauthn" | "siwe" | "none";
|
|
3558
|
+
provider?: string | undefined;
|
|
3559
|
+
credentialType?: string | undefined;
|
|
3560
|
+
issuer?: string | undefined;
|
|
3561
|
+
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
3562
|
+
rpId?: string | undefined;
|
|
3563
|
+
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
3564
|
+
chainId?: number | undefined;
|
|
3565
|
+
domain?: string | undefined;
|
|
3566
|
+
verifiedAt?: number | undefined;
|
|
3567
|
+
}>>;
|
|
3568
|
+
}, z.ZodTypeAny, "passthrough"> | undefined;
|
|
3082
3569
|
}, {
|
|
3083
3570
|
valid: boolean;
|
|
3084
3571
|
status: "active" | "revoked" | "expired";
|
|
3085
|
-
verifiedAt: number;
|
|
3086
3572
|
delegationId: string;
|
|
3087
|
-
|
|
3573
|
+
verifiedAt: number;
|
|
3088
3574
|
reason?: string | undefined;
|
|
3089
3575
|
credentialValid?: boolean | undefined;
|
|
3090
3576
|
chainValid?: boolean | undefined;
|
|
3577
|
+
details?: z.objectInputType<{
|
|
3578
|
+
/** Authorization info - how identity was verified during consent */
|
|
3579
|
+
authorization: z.ZodOptional<z.ZodObject<{
|
|
3580
|
+
/**
|
|
3581
|
+
* The authorization method used during consent
|
|
3582
|
+
*
|
|
3583
|
+
* - 'oauth2': OAuth 2.0 provider authentication (canonical)
|
|
3584
|
+
* - 'oauth': Deprecated, use 'oauth2' (will be removed in v2.0.0)
|
|
3585
|
+
* - 'password': Password/credential authentication
|
|
3586
|
+
* - 'credential': Deprecated, use 'verifiable_credential' (will be removed in v2.0.0)
|
|
3587
|
+
* - 'verifiable_credential': W3C Verifiable Credential
|
|
3588
|
+
* - 'mdl': Mobile Driver's License
|
|
3589
|
+
* - 'idv': Identity Verification
|
|
3590
|
+
* - 'webauthn': WebAuthn/Passkey authentication
|
|
3591
|
+
* - 'siwe': Sign-In with Ethereum (EIP-4361)
|
|
3592
|
+
* - 'none': Consent-only (no authentication)
|
|
3593
|
+
*/
|
|
3594
|
+
type: z.ZodEnum<["oauth", "oauth2", "password", "credential", "verifiable_credential", "mdl", "idv", "webauthn", "siwe", "none"]>;
|
|
3595
|
+
/** OAuth/Password/IDV provider name (e.g., 'github', 'google', 'credentials') */
|
|
3596
|
+
provider: z.ZodOptional<z.ZodString>;
|
|
3597
|
+
/** Credential type for verifiable_credential or mdl auth */
|
|
3598
|
+
credentialType: z.ZodOptional<z.ZodString>;
|
|
3599
|
+
/** MDL issuer DID or identifier */
|
|
3600
|
+
issuer: z.ZodOptional<z.ZodString>;
|
|
3601
|
+
/** IDV verification level */
|
|
3602
|
+
verificationLevel: z.ZodOptional<z.ZodEnum<["basic", "enhanced", "loa3"]>>;
|
|
3603
|
+
/** WebAuthn Relying Party ID */
|
|
3604
|
+
rpId: z.ZodOptional<z.ZodString>;
|
|
3605
|
+
/** WebAuthn user verification level */
|
|
3606
|
+
userVerification: z.ZodOptional<z.ZodEnum<["required", "preferred", "discouraged"]>>;
|
|
3607
|
+
/** SIWE Ethereum chain ID */
|
|
3608
|
+
chainId: z.ZodOptional<z.ZodNumber>;
|
|
3609
|
+
/** SIWE domain */
|
|
3610
|
+
domain: z.ZodOptional<z.ZodString>;
|
|
3611
|
+
/** Timestamp when authorization was verified (milliseconds since epoch) */
|
|
3612
|
+
verifiedAt: z.ZodOptional<z.ZodNumber>;
|
|
3613
|
+
}, "strip", z.ZodTypeAny, {
|
|
3614
|
+
type: "oauth" | "oauth2" | "password" | "credential" | "verifiable_credential" | "mdl" | "idv" | "webauthn" | "siwe" | "none";
|
|
3615
|
+
provider?: string | undefined;
|
|
3616
|
+
credentialType?: string | undefined;
|
|
3617
|
+
issuer?: string | undefined;
|
|
3618
|
+
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
3619
|
+
rpId?: string | undefined;
|
|
3620
|
+
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
3621
|
+
chainId?: number | undefined;
|
|
3622
|
+
domain?: string | undefined;
|
|
3623
|
+
verifiedAt?: number | undefined;
|
|
3624
|
+
}, {
|
|
3625
|
+
type: "oauth" | "oauth2" | "password" | "credential" | "verifiable_credential" | "mdl" | "idv" | "webauthn" | "siwe" | "none";
|
|
3626
|
+
provider?: string | undefined;
|
|
3627
|
+
credentialType?: string | undefined;
|
|
3628
|
+
issuer?: string | undefined;
|
|
3629
|
+
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
3630
|
+
rpId?: string | undefined;
|
|
3631
|
+
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
3632
|
+
chainId?: number | undefined;
|
|
3633
|
+
domain?: string | undefined;
|
|
3634
|
+
verifiedAt?: number | undefined;
|
|
3635
|
+
}>>;
|
|
3636
|
+
}, z.ZodTypeAny, "passthrough"> | undefined;
|
|
3091
3637
|
}>;
|
|
3092
3638
|
export type DelegationVerificationResult = z.infer<typeof DelegationVerificationResultSchema>;
|
|
3093
3639
|
/**
|
|
@@ -3958,12 +4504,15 @@ export declare function validateDelegationChain(chain: unknown): z.SafeParseRetu
|
|
|
3958
4504
|
rootIssuer: string;
|
|
3959
4505
|
leafSubject: string;
|
|
3960
4506
|
chain: {
|
|
4507
|
+
issuerDid: string;
|
|
4508
|
+
subjectDid: string;
|
|
4509
|
+
vcId: string;
|
|
3961
4510
|
status: "active" | "revoked" | "expired";
|
|
3962
4511
|
constraints: {
|
|
3963
|
-
scopes?: string[] | undefined;
|
|
3964
|
-
audience?: string | string[] | undefined;
|
|
3965
4512
|
notBefore?: number | undefined;
|
|
3966
4513
|
notAfter?: number | undefined;
|
|
4514
|
+
scopes?: string[] | undefined;
|
|
4515
|
+
audience?: string | string[] | undefined;
|
|
3967
4516
|
crisp?: z.objectInputType<{
|
|
3968
4517
|
budget: z.ZodOptional<z.ZodObject<{
|
|
3969
4518
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -4010,9 +4559,6 @@ export declare function validateDelegationChain(chain: unknown): z.SafeParseRetu
|
|
|
4010
4559
|
} & {
|
|
4011
4560
|
[k: string]: unknown;
|
|
4012
4561
|
};
|
|
4013
|
-
issuerDid: string;
|
|
4014
|
-
subjectDid: string;
|
|
4015
|
-
vcId: string;
|
|
4016
4562
|
delegationId: string;
|
|
4017
4563
|
depth: number;
|
|
4018
4564
|
}[];
|
|
@@ -4023,12 +4569,15 @@ export declare function validateDelegationChain(chain: unknown): z.SafeParseRetu
|
|
|
4023
4569
|
rootIssuer: string;
|
|
4024
4570
|
leafSubject: string;
|
|
4025
4571
|
chain: {
|
|
4572
|
+
issuerDid: string;
|
|
4573
|
+
subjectDid: string;
|
|
4574
|
+
vcId: string;
|
|
4026
4575
|
status: "active" | "revoked" | "expired";
|
|
4027
4576
|
constraints: {
|
|
4028
|
-
scopes?: string[] | undefined;
|
|
4029
|
-
audience?: string | string[] | undefined;
|
|
4030
4577
|
notBefore?: number | undefined;
|
|
4031
4578
|
notAfter?: number | undefined;
|
|
4579
|
+
scopes?: string[] | undefined;
|
|
4580
|
+
audience?: string | string[] | undefined;
|
|
4032
4581
|
crisp?: z.objectOutputType<{
|
|
4033
4582
|
budget: z.ZodOptional<z.ZodObject<{
|
|
4034
4583
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -4075,9 +4624,6 @@ export declare function validateDelegationChain(chain: unknown): z.SafeParseRetu
|
|
|
4075
4624
|
} & {
|
|
4076
4625
|
[k: string]: unknown;
|
|
4077
4626
|
};
|
|
4078
|
-
issuerDid: string;
|
|
4079
|
-
subjectDid: string;
|
|
4080
|
-
vcId: string;
|
|
4081
4627
|
delegationId: string;
|
|
4082
4628
|
depth: number;
|
|
4083
4629
|
}[];
|
|
@@ -4134,6 +4680,9 @@ export declare const DELEGATION_CREDENTIAL_CONTEXT: "https://schemas.kya-os.ai/x
|
|
|
4134
4680
|
*
|
|
4135
4681
|
* Per Python POC (Delegation-Service.md:136-146), delegations are issued AS
|
|
4136
4682
|
* W3C VCs, with the delegation data embedded in the credentialSubject.
|
|
4683
|
+
*
|
|
4684
|
+
* Phase 7 Update: Added userDid, userIdentifier, sessionId, and scopes
|
|
4685
|
+
* to support Agent Shield VC-JWT tokens and MCP session tracking.
|
|
4137
4686
|
*/
|
|
4138
4687
|
export declare const DelegationCredentialSubjectSchema: z.ZodObject<{
|
|
4139
4688
|
/** Subject DID (delegatee) */
|
|
@@ -4146,6 +4695,38 @@ export declare const DelegationCredentialSubjectSchema: z.ZodObject<{
|
|
|
4146
4695
|
issuerDid: z.ZodString;
|
|
4147
4696
|
/** DID of the delegatee (subject, e.g., agent) */
|
|
4148
4697
|
subjectDid: z.ZodString;
|
|
4698
|
+
/**
|
|
4699
|
+
* DID of the user who granted the delegation.
|
|
4700
|
+
*
|
|
4701
|
+
* This is the authorizing user's identity. In simple cases, this equals
|
|
4702
|
+
* issuerDid. In delegated scenarios (e.g., AgentShield issuing on behalf
|
|
4703
|
+
* of a user), userDid identifies the actual user who consented.
|
|
4704
|
+
*
|
|
4705
|
+
* Required by Agent Shield API for user-scoped delegations.
|
|
4706
|
+
* @see delegationCredentialSchema in agentshield-api/schemas.ts
|
|
4707
|
+
*/
|
|
4708
|
+
userDid: z.ZodOptional<z.ZodString>;
|
|
4709
|
+
/**
|
|
4710
|
+
* Human-readable identifier for the user (e.g., email, OAuth subject).
|
|
4711
|
+
*
|
|
4712
|
+
* Used for backward compatibility and display purposes.
|
|
4713
|
+
* Should not be used for cryptographic identity verification.
|
|
4714
|
+
*/
|
|
4715
|
+
userIdentifier: z.ZodOptional<z.ZodString>;
|
|
4716
|
+
/**
|
|
4717
|
+
* MCP session ID for session tracking and integration.
|
|
4718
|
+
*
|
|
4719
|
+
* Links the delegation to a specific MCP session, enabling
|
|
4720
|
+
* session-scoped token caching and audit trails.
|
|
4721
|
+
*/
|
|
4722
|
+
sessionId: z.ZodOptional<z.ZodString>;
|
|
4723
|
+
/**
|
|
4724
|
+
* Authorized scopes for this delegation.
|
|
4725
|
+
*
|
|
4726
|
+
* Array of scope strings (e.g., ['tool:execute', 'resource:read']).
|
|
4727
|
+
* When present, defines what actions the delegatee is authorized to perform.
|
|
4728
|
+
*/
|
|
4729
|
+
scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
4149
4730
|
/** Optional controller (user account ID or DID) */
|
|
4150
4731
|
controller: z.ZodOptional<z.ZodString>;
|
|
4151
4732
|
/** Optional parent delegation ID for chain tracking */
|
|
@@ -4555,13 +5136,15 @@ export declare const DelegationCredentialSubjectSchema: z.ZodObject<{
|
|
|
4555
5136
|
/** Optional metadata */
|
|
4556
5137
|
metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
|
|
4557
5138
|
}, "strip", z.ZodTypeAny, {
|
|
4558
|
-
status: "active" | "revoked" | "expired";
|
|
4559
5139
|
id: string;
|
|
5140
|
+
issuerDid: string;
|
|
5141
|
+
subjectDid: string;
|
|
5142
|
+
status: "active" | "revoked" | "expired";
|
|
4560
5143
|
constraints: {
|
|
4561
|
-
scopes?: string[] | undefined;
|
|
4562
|
-
audience?: string | string[] | undefined;
|
|
4563
5144
|
notBefore?: number | undefined;
|
|
4564
5145
|
notAfter?: number | undefined;
|
|
5146
|
+
scopes?: string[] | undefined;
|
|
5147
|
+
audience?: string | string[] | undefined;
|
|
4565
5148
|
crisp?: z.objectOutputType<{
|
|
4566
5149
|
budget: z.ZodOptional<z.ZodObject<{
|
|
4567
5150
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -4608,19 +5191,23 @@ export declare const DelegationCredentialSubjectSchema: z.ZodObject<{
|
|
|
4608
5191
|
} & {
|
|
4609
5192
|
[k: string]: unknown;
|
|
4610
5193
|
};
|
|
4611
|
-
issuerDid: string;
|
|
4612
|
-
subjectDid: string;
|
|
4613
|
-
metadata?: Record<string, any> | undefined;
|
|
4614
|
-
createdAt?: number | undefined;
|
|
4615
5194
|
controller?: string | undefined;
|
|
4616
5195
|
parentId?: string | undefined;
|
|
5196
|
+
scopes?: string[] | undefined;
|
|
5197
|
+
createdAt?: number | undefined;
|
|
5198
|
+
metadata?: Record<string, any> | undefined;
|
|
5199
|
+
userDid?: string | undefined;
|
|
5200
|
+
userIdentifier?: string | undefined;
|
|
5201
|
+
sessionId?: string | undefined;
|
|
4617
5202
|
}, {
|
|
4618
5203
|
id: string;
|
|
5204
|
+
issuerDid: string;
|
|
5205
|
+
subjectDid: string;
|
|
4619
5206
|
constraints: {
|
|
4620
|
-
scopes?: string[] | undefined;
|
|
4621
|
-
audience?: string | string[] | undefined;
|
|
4622
5207
|
notBefore?: number | undefined;
|
|
4623
5208
|
notAfter?: number | undefined;
|
|
5209
|
+
scopes?: string[] | undefined;
|
|
5210
|
+
audience?: string | string[] | undefined;
|
|
4624
5211
|
crisp?: z.objectInputType<{
|
|
4625
5212
|
budget: z.ZodOptional<z.ZodObject<{
|
|
4626
5213
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -4667,23 +5254,28 @@ export declare const DelegationCredentialSubjectSchema: z.ZodObject<{
|
|
|
4667
5254
|
} & {
|
|
4668
5255
|
[k: string]: unknown;
|
|
4669
5256
|
};
|
|
4670
|
-
issuerDid: string;
|
|
4671
|
-
subjectDid: string;
|
|
4672
|
-
status?: "active" | "revoked" | "expired" | undefined;
|
|
4673
|
-
metadata?: Record<string, any> | undefined;
|
|
4674
|
-
createdAt?: number | undefined;
|
|
4675
5257
|
controller?: string | undefined;
|
|
4676
5258
|
parentId?: string | undefined;
|
|
5259
|
+
status?: "active" | "revoked" | "expired" | undefined;
|
|
5260
|
+
scopes?: string[] | undefined;
|
|
5261
|
+
createdAt?: number | undefined;
|
|
5262
|
+
metadata?: Record<string, any> | undefined;
|
|
5263
|
+
userDid?: string | undefined;
|
|
5264
|
+
userIdentifier?: string | undefined;
|
|
5265
|
+
sessionId?: string | undefined;
|
|
4677
5266
|
}>;
|
|
4678
5267
|
}, "strip", z.ZodTypeAny, {
|
|
5268
|
+
id: string;
|
|
4679
5269
|
delegation: {
|
|
4680
|
-
status: "active" | "revoked" | "expired";
|
|
4681
5270
|
id: string;
|
|
5271
|
+
issuerDid: string;
|
|
5272
|
+
subjectDid: string;
|
|
5273
|
+
status: "active" | "revoked" | "expired";
|
|
4682
5274
|
constraints: {
|
|
4683
|
-
scopes?: string[] | undefined;
|
|
4684
|
-
audience?: string | string[] | undefined;
|
|
4685
5275
|
notBefore?: number | undefined;
|
|
4686
5276
|
notAfter?: number | undefined;
|
|
5277
|
+
scopes?: string[] | undefined;
|
|
5278
|
+
audience?: string | string[] | undefined;
|
|
4687
5279
|
crisp?: z.objectOutputType<{
|
|
4688
5280
|
budget: z.ZodOptional<z.ZodObject<{
|
|
4689
5281
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -4730,22 +5322,26 @@ export declare const DelegationCredentialSubjectSchema: z.ZodObject<{
|
|
|
4730
5322
|
} & {
|
|
4731
5323
|
[k: string]: unknown;
|
|
4732
5324
|
};
|
|
4733
|
-
issuerDid: string;
|
|
4734
|
-
subjectDid: string;
|
|
4735
|
-
metadata?: Record<string, any> | undefined;
|
|
4736
|
-
createdAt?: number | undefined;
|
|
4737
5325
|
controller?: string | undefined;
|
|
4738
5326
|
parentId?: string | undefined;
|
|
5327
|
+
scopes?: string[] | undefined;
|
|
5328
|
+
createdAt?: number | undefined;
|
|
5329
|
+
metadata?: Record<string, any> | undefined;
|
|
5330
|
+
userDid?: string | undefined;
|
|
5331
|
+
userIdentifier?: string | undefined;
|
|
5332
|
+
sessionId?: string | undefined;
|
|
4739
5333
|
};
|
|
4740
|
-
id: string;
|
|
4741
5334
|
}, {
|
|
5335
|
+
id: string;
|
|
4742
5336
|
delegation: {
|
|
4743
5337
|
id: string;
|
|
5338
|
+
issuerDid: string;
|
|
5339
|
+
subjectDid: string;
|
|
4744
5340
|
constraints: {
|
|
4745
|
-
scopes?: string[] | undefined;
|
|
4746
|
-
audience?: string | string[] | undefined;
|
|
4747
5341
|
notBefore?: number | undefined;
|
|
4748
5342
|
notAfter?: number | undefined;
|
|
5343
|
+
scopes?: string[] | undefined;
|
|
5344
|
+
audience?: string | string[] | undefined;
|
|
4749
5345
|
crisp?: z.objectInputType<{
|
|
4750
5346
|
budget: z.ZodOptional<z.ZodObject<{
|
|
4751
5347
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -4792,15 +5388,16 @@ export declare const DelegationCredentialSubjectSchema: z.ZodObject<{
|
|
|
4792
5388
|
} & {
|
|
4793
5389
|
[k: string]: unknown;
|
|
4794
5390
|
};
|
|
4795
|
-
issuerDid: string;
|
|
4796
|
-
subjectDid: string;
|
|
4797
|
-
status?: "active" | "revoked" | "expired" | undefined;
|
|
4798
|
-
metadata?: Record<string, any> | undefined;
|
|
4799
|
-
createdAt?: number | undefined;
|
|
4800
5391
|
controller?: string | undefined;
|
|
4801
5392
|
parentId?: string | undefined;
|
|
5393
|
+
status?: "active" | "revoked" | "expired" | undefined;
|
|
5394
|
+
scopes?: string[] | undefined;
|
|
5395
|
+
createdAt?: number | undefined;
|
|
5396
|
+
metadata?: Record<string, any> | undefined;
|
|
5397
|
+
userDid?: string | undefined;
|
|
5398
|
+
userIdentifier?: string | undefined;
|
|
5399
|
+
sessionId?: string | undefined;
|
|
4802
5400
|
};
|
|
4803
|
-
id: string;
|
|
4804
5401
|
}>;
|
|
4805
5402
|
export type DelegationCredentialSubject = z.infer<typeof DelegationCredentialSubjectSchema>;
|
|
4806
5403
|
/**
|
|
@@ -4851,6 +5448,38 @@ export declare const DelegationCredentialSchema: z.ZodObject<{
|
|
|
4851
5448
|
issuerDid: z.ZodString;
|
|
4852
5449
|
/** DID of the delegatee (subject, e.g., agent) */
|
|
4853
5450
|
subjectDid: z.ZodString;
|
|
5451
|
+
/**
|
|
5452
|
+
* DID of the user who granted the delegation.
|
|
5453
|
+
*
|
|
5454
|
+
* This is the authorizing user's identity. In simple cases, this equals
|
|
5455
|
+
* issuerDid. In delegated scenarios (e.g., AgentShield issuing on behalf
|
|
5456
|
+
* of a user), userDid identifies the actual user who consented.
|
|
5457
|
+
*
|
|
5458
|
+
* Required by Agent Shield API for user-scoped delegations.
|
|
5459
|
+
* @see delegationCredentialSchema in agentshield-api/schemas.ts
|
|
5460
|
+
*/
|
|
5461
|
+
userDid: z.ZodOptional<z.ZodString>;
|
|
5462
|
+
/**
|
|
5463
|
+
* Human-readable identifier for the user (e.g., email, OAuth subject).
|
|
5464
|
+
*
|
|
5465
|
+
* Used for backward compatibility and display purposes.
|
|
5466
|
+
* Should not be used for cryptographic identity verification.
|
|
5467
|
+
*/
|
|
5468
|
+
userIdentifier: z.ZodOptional<z.ZodString>;
|
|
5469
|
+
/**
|
|
5470
|
+
* MCP session ID for session tracking and integration.
|
|
5471
|
+
*
|
|
5472
|
+
* Links the delegation to a specific MCP session, enabling
|
|
5473
|
+
* session-scoped token caching and audit trails.
|
|
5474
|
+
*/
|
|
5475
|
+
sessionId: z.ZodOptional<z.ZodString>;
|
|
5476
|
+
/**
|
|
5477
|
+
* Authorized scopes for this delegation.
|
|
5478
|
+
*
|
|
5479
|
+
* Array of scope strings (e.g., ['tool:execute', 'resource:read']).
|
|
5480
|
+
* When present, defines what actions the delegatee is authorized to perform.
|
|
5481
|
+
*/
|
|
5482
|
+
scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
4854
5483
|
/** Optional controller (user account ID or DID) */
|
|
4855
5484
|
controller: z.ZodOptional<z.ZodString>;
|
|
4856
5485
|
/** Optional parent delegation ID for chain tracking */
|
|
@@ -5260,13 +5889,15 @@ export declare const DelegationCredentialSchema: z.ZodObject<{
|
|
|
5260
5889
|
/** Optional metadata */
|
|
5261
5890
|
metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
|
|
5262
5891
|
}, "strip", z.ZodTypeAny, {
|
|
5263
|
-
status: "active" | "revoked" | "expired";
|
|
5264
5892
|
id: string;
|
|
5893
|
+
issuerDid: string;
|
|
5894
|
+
subjectDid: string;
|
|
5895
|
+
status: "active" | "revoked" | "expired";
|
|
5265
5896
|
constraints: {
|
|
5266
|
-
scopes?: string[] | undefined;
|
|
5267
|
-
audience?: string | string[] | undefined;
|
|
5268
5897
|
notBefore?: number | undefined;
|
|
5269
5898
|
notAfter?: number | undefined;
|
|
5899
|
+
scopes?: string[] | undefined;
|
|
5900
|
+
audience?: string | string[] | undefined;
|
|
5270
5901
|
crisp?: z.objectOutputType<{
|
|
5271
5902
|
budget: z.ZodOptional<z.ZodObject<{
|
|
5272
5903
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -5313,19 +5944,23 @@ export declare const DelegationCredentialSchema: z.ZodObject<{
|
|
|
5313
5944
|
} & {
|
|
5314
5945
|
[k: string]: unknown;
|
|
5315
5946
|
};
|
|
5316
|
-
issuerDid: string;
|
|
5317
|
-
subjectDid: string;
|
|
5318
|
-
metadata?: Record<string, any> | undefined;
|
|
5319
|
-
createdAt?: number | undefined;
|
|
5320
5947
|
controller?: string | undefined;
|
|
5321
5948
|
parentId?: string | undefined;
|
|
5949
|
+
scopes?: string[] | undefined;
|
|
5950
|
+
createdAt?: number | undefined;
|
|
5951
|
+
metadata?: Record<string, any> | undefined;
|
|
5952
|
+
userDid?: string | undefined;
|
|
5953
|
+
userIdentifier?: string | undefined;
|
|
5954
|
+
sessionId?: string | undefined;
|
|
5322
5955
|
}, {
|
|
5323
5956
|
id: string;
|
|
5957
|
+
issuerDid: string;
|
|
5958
|
+
subjectDid: string;
|
|
5324
5959
|
constraints: {
|
|
5325
|
-
scopes?: string[] | undefined;
|
|
5326
|
-
audience?: string | string[] | undefined;
|
|
5327
5960
|
notBefore?: number | undefined;
|
|
5328
5961
|
notAfter?: number | undefined;
|
|
5962
|
+
scopes?: string[] | undefined;
|
|
5963
|
+
audience?: string | string[] | undefined;
|
|
5329
5964
|
crisp?: z.objectInputType<{
|
|
5330
5965
|
budget: z.ZodOptional<z.ZodObject<{
|
|
5331
5966
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -5372,23 +6007,28 @@ export declare const DelegationCredentialSchema: z.ZodObject<{
|
|
|
5372
6007
|
} & {
|
|
5373
6008
|
[k: string]: unknown;
|
|
5374
6009
|
};
|
|
5375
|
-
issuerDid: string;
|
|
5376
|
-
subjectDid: string;
|
|
5377
|
-
status?: "active" | "revoked" | "expired" | undefined;
|
|
5378
|
-
metadata?: Record<string, any> | undefined;
|
|
5379
|
-
createdAt?: number | undefined;
|
|
5380
6010
|
controller?: string | undefined;
|
|
5381
6011
|
parentId?: string | undefined;
|
|
6012
|
+
status?: "active" | "revoked" | "expired" | undefined;
|
|
6013
|
+
scopes?: string[] | undefined;
|
|
6014
|
+
createdAt?: number | undefined;
|
|
6015
|
+
metadata?: Record<string, any> | undefined;
|
|
6016
|
+
userDid?: string | undefined;
|
|
6017
|
+
userIdentifier?: string | undefined;
|
|
6018
|
+
sessionId?: string | undefined;
|
|
5382
6019
|
}>;
|
|
5383
6020
|
}, "strip", z.ZodTypeAny, {
|
|
6021
|
+
id: string;
|
|
5384
6022
|
delegation: {
|
|
5385
|
-
status: "active" | "revoked" | "expired";
|
|
5386
6023
|
id: string;
|
|
6024
|
+
issuerDid: string;
|
|
6025
|
+
subjectDid: string;
|
|
6026
|
+
status: "active" | "revoked" | "expired";
|
|
5387
6027
|
constraints: {
|
|
5388
|
-
scopes?: string[] | undefined;
|
|
5389
|
-
audience?: string | string[] | undefined;
|
|
5390
6028
|
notBefore?: number | undefined;
|
|
5391
6029
|
notAfter?: number | undefined;
|
|
6030
|
+
scopes?: string[] | undefined;
|
|
6031
|
+
audience?: string | string[] | undefined;
|
|
5392
6032
|
crisp?: z.objectOutputType<{
|
|
5393
6033
|
budget: z.ZodOptional<z.ZodObject<{
|
|
5394
6034
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -5435,22 +6075,26 @@ export declare const DelegationCredentialSchema: z.ZodObject<{
|
|
|
5435
6075
|
} & {
|
|
5436
6076
|
[k: string]: unknown;
|
|
5437
6077
|
};
|
|
5438
|
-
issuerDid: string;
|
|
5439
|
-
subjectDid: string;
|
|
5440
|
-
metadata?: Record<string, any> | undefined;
|
|
5441
|
-
createdAt?: number | undefined;
|
|
5442
6078
|
controller?: string | undefined;
|
|
5443
6079
|
parentId?: string | undefined;
|
|
6080
|
+
scopes?: string[] | undefined;
|
|
6081
|
+
createdAt?: number | undefined;
|
|
6082
|
+
metadata?: Record<string, any> | undefined;
|
|
6083
|
+
userDid?: string | undefined;
|
|
6084
|
+
userIdentifier?: string | undefined;
|
|
6085
|
+
sessionId?: string | undefined;
|
|
5444
6086
|
};
|
|
5445
|
-
id: string;
|
|
5446
6087
|
}, {
|
|
6088
|
+
id: string;
|
|
5447
6089
|
delegation: {
|
|
5448
6090
|
id: string;
|
|
6091
|
+
issuerDid: string;
|
|
6092
|
+
subjectDid: string;
|
|
5449
6093
|
constraints: {
|
|
5450
|
-
scopes?: string[] | undefined;
|
|
5451
|
-
audience?: string | string[] | undefined;
|
|
5452
6094
|
notBefore?: number | undefined;
|
|
5453
6095
|
notAfter?: number | undefined;
|
|
6096
|
+
scopes?: string[] | undefined;
|
|
6097
|
+
audience?: string | string[] | undefined;
|
|
5454
6098
|
crisp?: z.objectInputType<{
|
|
5455
6099
|
budget: z.ZodOptional<z.ZodObject<{
|
|
5456
6100
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -5497,15 +6141,16 @@ export declare const DelegationCredentialSchema: z.ZodObject<{
|
|
|
5497
6141
|
} & {
|
|
5498
6142
|
[k: string]: unknown;
|
|
5499
6143
|
};
|
|
5500
|
-
issuerDid: string;
|
|
5501
|
-
subjectDid: string;
|
|
5502
|
-
status?: "active" | "revoked" | "expired" | undefined;
|
|
5503
|
-
metadata?: Record<string, any> | undefined;
|
|
5504
|
-
createdAt?: number | undefined;
|
|
5505
6144
|
controller?: string | undefined;
|
|
5506
6145
|
parentId?: string | undefined;
|
|
6146
|
+
status?: "active" | "revoked" | "expired" | undefined;
|
|
6147
|
+
scopes?: string[] | undefined;
|
|
6148
|
+
createdAt?: number | undefined;
|
|
6149
|
+
metadata?: Record<string, any> | undefined;
|
|
6150
|
+
userDid?: string | undefined;
|
|
6151
|
+
userIdentifier?: string | undefined;
|
|
6152
|
+
sessionId?: string | undefined;
|
|
5507
6153
|
};
|
|
5508
|
-
id: string;
|
|
5509
6154
|
}>;
|
|
5510
6155
|
credentialStatus: z.ZodOptional<z.ZodObject<{
|
|
5511
6156
|
id: z.ZodString;
|
|
@@ -5514,14 +6159,14 @@ export declare const DelegationCredentialSchema: z.ZodObject<{
|
|
|
5514
6159
|
statusListIndex: z.ZodString;
|
|
5515
6160
|
statusListCredential: z.ZodString;
|
|
5516
6161
|
}, "strip", z.ZodTypeAny, {
|
|
5517
|
-
type: "StatusList2021Entry";
|
|
5518
6162
|
id: string;
|
|
6163
|
+
type: "StatusList2021Entry";
|
|
5519
6164
|
statusPurpose: "revocation" | "suspension";
|
|
5520
6165
|
statusListIndex: string;
|
|
5521
6166
|
statusListCredential: string;
|
|
5522
6167
|
}, {
|
|
5523
|
-
type: "StatusList2021Entry";
|
|
5524
6168
|
id: string;
|
|
6169
|
+
type: "StatusList2021Entry";
|
|
5525
6170
|
statusPurpose: "revocation" | "suspension";
|
|
5526
6171
|
statusListIndex: string;
|
|
5527
6172
|
statusListCredential: string;
|
|
@@ -5567,6 +6212,38 @@ export declare const DelegationCredentialSchema: z.ZodObject<{
|
|
|
5567
6212
|
issuerDid: z.ZodString;
|
|
5568
6213
|
/** DID of the delegatee (subject, e.g., agent) */
|
|
5569
6214
|
subjectDid: z.ZodString;
|
|
6215
|
+
/**
|
|
6216
|
+
* DID of the user who granted the delegation.
|
|
6217
|
+
*
|
|
6218
|
+
* This is the authorizing user's identity. In simple cases, this equals
|
|
6219
|
+
* issuerDid. In delegated scenarios (e.g., AgentShield issuing on behalf
|
|
6220
|
+
* of a user), userDid identifies the actual user who consented.
|
|
6221
|
+
*
|
|
6222
|
+
* Required by Agent Shield API for user-scoped delegations.
|
|
6223
|
+
* @see delegationCredentialSchema in agentshield-api/schemas.ts
|
|
6224
|
+
*/
|
|
6225
|
+
userDid: z.ZodOptional<z.ZodString>;
|
|
6226
|
+
/**
|
|
6227
|
+
* Human-readable identifier for the user (e.g., email, OAuth subject).
|
|
6228
|
+
*
|
|
6229
|
+
* Used for backward compatibility and display purposes.
|
|
6230
|
+
* Should not be used for cryptographic identity verification.
|
|
6231
|
+
*/
|
|
6232
|
+
userIdentifier: z.ZodOptional<z.ZodString>;
|
|
6233
|
+
/**
|
|
6234
|
+
* MCP session ID for session tracking and integration.
|
|
6235
|
+
*
|
|
6236
|
+
* Links the delegation to a specific MCP session, enabling
|
|
6237
|
+
* session-scoped token caching and audit trails.
|
|
6238
|
+
*/
|
|
6239
|
+
sessionId: z.ZodOptional<z.ZodString>;
|
|
6240
|
+
/**
|
|
6241
|
+
* Authorized scopes for this delegation.
|
|
6242
|
+
*
|
|
6243
|
+
* Array of scope strings (e.g., ['tool:execute', 'resource:read']).
|
|
6244
|
+
* When present, defines what actions the delegatee is authorized to perform.
|
|
6245
|
+
*/
|
|
6246
|
+
scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
5570
6247
|
/** Optional controller (user account ID or DID) */
|
|
5571
6248
|
controller: z.ZodOptional<z.ZodString>;
|
|
5572
6249
|
/** Optional parent delegation ID for chain tracking */
|
|
@@ -5976,13 +6653,15 @@ export declare const DelegationCredentialSchema: z.ZodObject<{
|
|
|
5976
6653
|
/** Optional metadata */
|
|
5977
6654
|
metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
|
|
5978
6655
|
}, "strip", z.ZodTypeAny, {
|
|
5979
|
-
status: "active" | "revoked" | "expired";
|
|
5980
6656
|
id: string;
|
|
6657
|
+
issuerDid: string;
|
|
6658
|
+
subjectDid: string;
|
|
6659
|
+
status: "active" | "revoked" | "expired";
|
|
5981
6660
|
constraints: {
|
|
5982
|
-
scopes?: string[] | undefined;
|
|
5983
|
-
audience?: string | string[] | undefined;
|
|
5984
6661
|
notBefore?: number | undefined;
|
|
5985
6662
|
notAfter?: number | undefined;
|
|
6663
|
+
scopes?: string[] | undefined;
|
|
6664
|
+
audience?: string | string[] | undefined;
|
|
5986
6665
|
crisp?: z.objectOutputType<{
|
|
5987
6666
|
budget: z.ZodOptional<z.ZodObject<{
|
|
5988
6667
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -6029,19 +6708,23 @@ export declare const DelegationCredentialSchema: z.ZodObject<{
|
|
|
6029
6708
|
} & {
|
|
6030
6709
|
[k: string]: unknown;
|
|
6031
6710
|
};
|
|
6032
|
-
issuerDid: string;
|
|
6033
|
-
subjectDid: string;
|
|
6034
|
-
metadata?: Record<string, any> | undefined;
|
|
6035
|
-
createdAt?: number | undefined;
|
|
6036
6711
|
controller?: string | undefined;
|
|
6037
6712
|
parentId?: string | undefined;
|
|
6713
|
+
scopes?: string[] | undefined;
|
|
6714
|
+
createdAt?: number | undefined;
|
|
6715
|
+
metadata?: Record<string, any> | undefined;
|
|
6716
|
+
userDid?: string | undefined;
|
|
6717
|
+
userIdentifier?: string | undefined;
|
|
6718
|
+
sessionId?: string | undefined;
|
|
6038
6719
|
}, {
|
|
6039
6720
|
id: string;
|
|
6721
|
+
issuerDid: string;
|
|
6722
|
+
subjectDid: string;
|
|
6040
6723
|
constraints: {
|
|
6041
|
-
scopes?: string[] | undefined;
|
|
6042
|
-
audience?: string | string[] | undefined;
|
|
6043
6724
|
notBefore?: number | undefined;
|
|
6044
6725
|
notAfter?: number | undefined;
|
|
6726
|
+
scopes?: string[] | undefined;
|
|
6727
|
+
audience?: string | string[] | undefined;
|
|
6045
6728
|
crisp?: z.objectInputType<{
|
|
6046
6729
|
budget: z.ZodOptional<z.ZodObject<{
|
|
6047
6730
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -6088,23 +6771,28 @@ export declare const DelegationCredentialSchema: z.ZodObject<{
|
|
|
6088
6771
|
} & {
|
|
6089
6772
|
[k: string]: unknown;
|
|
6090
6773
|
};
|
|
6091
|
-
issuerDid: string;
|
|
6092
|
-
subjectDid: string;
|
|
6093
|
-
status?: "active" | "revoked" | "expired" | undefined;
|
|
6094
|
-
metadata?: Record<string, any> | undefined;
|
|
6095
|
-
createdAt?: number | undefined;
|
|
6096
6774
|
controller?: string | undefined;
|
|
6097
6775
|
parentId?: string | undefined;
|
|
6776
|
+
status?: "active" | "revoked" | "expired" | undefined;
|
|
6777
|
+
scopes?: string[] | undefined;
|
|
6778
|
+
createdAt?: number | undefined;
|
|
6779
|
+
metadata?: Record<string, any> | undefined;
|
|
6780
|
+
userDid?: string | undefined;
|
|
6781
|
+
userIdentifier?: string | undefined;
|
|
6782
|
+
sessionId?: string | undefined;
|
|
6098
6783
|
}>;
|
|
6099
6784
|
}, "strip", z.ZodTypeAny, {
|
|
6785
|
+
id: string;
|
|
6100
6786
|
delegation: {
|
|
6101
|
-
status: "active" | "revoked" | "expired";
|
|
6102
6787
|
id: string;
|
|
6788
|
+
issuerDid: string;
|
|
6789
|
+
subjectDid: string;
|
|
6790
|
+
status: "active" | "revoked" | "expired";
|
|
6103
6791
|
constraints: {
|
|
6104
|
-
scopes?: string[] | undefined;
|
|
6105
|
-
audience?: string | string[] | undefined;
|
|
6106
6792
|
notBefore?: number | undefined;
|
|
6107
6793
|
notAfter?: number | undefined;
|
|
6794
|
+
scopes?: string[] | undefined;
|
|
6795
|
+
audience?: string | string[] | undefined;
|
|
6108
6796
|
crisp?: z.objectOutputType<{
|
|
6109
6797
|
budget: z.ZodOptional<z.ZodObject<{
|
|
6110
6798
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -6151,22 +6839,26 @@ export declare const DelegationCredentialSchema: z.ZodObject<{
|
|
|
6151
6839
|
} & {
|
|
6152
6840
|
[k: string]: unknown;
|
|
6153
6841
|
};
|
|
6154
|
-
issuerDid: string;
|
|
6155
|
-
subjectDid: string;
|
|
6156
|
-
metadata?: Record<string, any> | undefined;
|
|
6157
|
-
createdAt?: number | undefined;
|
|
6158
6842
|
controller?: string | undefined;
|
|
6159
6843
|
parentId?: string | undefined;
|
|
6844
|
+
scopes?: string[] | undefined;
|
|
6845
|
+
createdAt?: number | undefined;
|
|
6846
|
+
metadata?: Record<string, any> | undefined;
|
|
6847
|
+
userDid?: string | undefined;
|
|
6848
|
+
userIdentifier?: string | undefined;
|
|
6849
|
+
sessionId?: string | undefined;
|
|
6160
6850
|
};
|
|
6161
|
-
id: string;
|
|
6162
6851
|
}, {
|
|
6852
|
+
id: string;
|
|
6163
6853
|
delegation: {
|
|
6164
6854
|
id: string;
|
|
6855
|
+
issuerDid: string;
|
|
6856
|
+
subjectDid: string;
|
|
6165
6857
|
constraints: {
|
|
6166
|
-
scopes?: string[] | undefined;
|
|
6167
|
-
audience?: string | string[] | undefined;
|
|
6168
6858
|
notBefore?: number | undefined;
|
|
6169
6859
|
notAfter?: number | undefined;
|
|
6860
|
+
scopes?: string[] | undefined;
|
|
6861
|
+
audience?: string | string[] | undefined;
|
|
6170
6862
|
crisp?: z.objectInputType<{
|
|
6171
6863
|
budget: z.ZodOptional<z.ZodObject<{
|
|
6172
6864
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -6213,15 +6905,16 @@ export declare const DelegationCredentialSchema: z.ZodObject<{
|
|
|
6213
6905
|
} & {
|
|
6214
6906
|
[k: string]: unknown;
|
|
6215
6907
|
};
|
|
6216
|
-
issuerDid: string;
|
|
6217
|
-
subjectDid: string;
|
|
6218
|
-
status?: "active" | "revoked" | "expired" | undefined;
|
|
6219
|
-
metadata?: Record<string, any> | undefined;
|
|
6220
|
-
createdAt?: number | undefined;
|
|
6221
6908
|
controller?: string | undefined;
|
|
6222
6909
|
parentId?: string | undefined;
|
|
6910
|
+
status?: "active" | "revoked" | "expired" | undefined;
|
|
6911
|
+
scopes?: string[] | undefined;
|
|
6912
|
+
createdAt?: number | undefined;
|
|
6913
|
+
metadata?: Record<string, any> | undefined;
|
|
6914
|
+
userDid?: string | undefined;
|
|
6915
|
+
userIdentifier?: string | undefined;
|
|
6916
|
+
sessionId?: string | undefined;
|
|
6223
6917
|
};
|
|
6224
|
-
id: string;
|
|
6225
6918
|
}>;
|
|
6226
6919
|
credentialStatus: z.ZodOptional<z.ZodObject<{
|
|
6227
6920
|
id: z.ZodString;
|
|
@@ -6230,14 +6923,14 @@ export declare const DelegationCredentialSchema: z.ZodObject<{
|
|
|
6230
6923
|
statusListIndex: z.ZodString;
|
|
6231
6924
|
statusListCredential: z.ZodString;
|
|
6232
6925
|
}, "strip", z.ZodTypeAny, {
|
|
6233
|
-
type: "StatusList2021Entry";
|
|
6234
6926
|
id: string;
|
|
6927
|
+
type: "StatusList2021Entry";
|
|
6235
6928
|
statusPurpose: "revocation" | "suspension";
|
|
6236
6929
|
statusListIndex: string;
|
|
6237
6930
|
statusListCredential: string;
|
|
6238
6931
|
}, {
|
|
6239
|
-
type: "StatusList2021Entry";
|
|
6240
6932
|
id: string;
|
|
6933
|
+
type: "StatusList2021Entry";
|
|
6241
6934
|
statusPurpose: "revocation" | "suspension";
|
|
6242
6935
|
statusListIndex: string;
|
|
6243
6936
|
statusListCredential: string;
|
|
@@ -6283,6 +6976,38 @@ export declare const DelegationCredentialSchema: z.ZodObject<{
|
|
|
6283
6976
|
issuerDid: z.ZodString;
|
|
6284
6977
|
/** DID of the delegatee (subject, e.g., agent) */
|
|
6285
6978
|
subjectDid: z.ZodString;
|
|
6979
|
+
/**
|
|
6980
|
+
* DID of the user who granted the delegation.
|
|
6981
|
+
*
|
|
6982
|
+
* This is the authorizing user's identity. In simple cases, this equals
|
|
6983
|
+
* issuerDid. In delegated scenarios (e.g., AgentShield issuing on behalf
|
|
6984
|
+
* of a user), userDid identifies the actual user who consented.
|
|
6985
|
+
*
|
|
6986
|
+
* Required by Agent Shield API for user-scoped delegations.
|
|
6987
|
+
* @see delegationCredentialSchema in agentshield-api/schemas.ts
|
|
6988
|
+
*/
|
|
6989
|
+
userDid: z.ZodOptional<z.ZodString>;
|
|
6990
|
+
/**
|
|
6991
|
+
* Human-readable identifier for the user (e.g., email, OAuth subject).
|
|
6992
|
+
*
|
|
6993
|
+
* Used for backward compatibility and display purposes.
|
|
6994
|
+
* Should not be used for cryptographic identity verification.
|
|
6995
|
+
*/
|
|
6996
|
+
userIdentifier: z.ZodOptional<z.ZodString>;
|
|
6997
|
+
/**
|
|
6998
|
+
* MCP session ID for session tracking and integration.
|
|
6999
|
+
*
|
|
7000
|
+
* Links the delegation to a specific MCP session, enabling
|
|
7001
|
+
* session-scoped token caching and audit trails.
|
|
7002
|
+
*/
|
|
7003
|
+
sessionId: z.ZodOptional<z.ZodString>;
|
|
7004
|
+
/**
|
|
7005
|
+
* Authorized scopes for this delegation.
|
|
7006
|
+
*
|
|
7007
|
+
* Array of scope strings (e.g., ['tool:execute', 'resource:read']).
|
|
7008
|
+
* When present, defines what actions the delegatee is authorized to perform.
|
|
7009
|
+
*/
|
|
7010
|
+
scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
6286
7011
|
/** Optional controller (user account ID or DID) */
|
|
6287
7012
|
controller: z.ZodOptional<z.ZodString>;
|
|
6288
7013
|
/** Optional parent delegation ID for chain tracking */
|
|
@@ -6692,13 +7417,15 @@ export declare const DelegationCredentialSchema: z.ZodObject<{
|
|
|
6692
7417
|
/** Optional metadata */
|
|
6693
7418
|
metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
|
|
6694
7419
|
}, "strip", z.ZodTypeAny, {
|
|
6695
|
-
status: "active" | "revoked" | "expired";
|
|
6696
7420
|
id: string;
|
|
7421
|
+
issuerDid: string;
|
|
7422
|
+
subjectDid: string;
|
|
7423
|
+
status: "active" | "revoked" | "expired";
|
|
6697
7424
|
constraints: {
|
|
6698
|
-
scopes?: string[] | undefined;
|
|
6699
|
-
audience?: string | string[] | undefined;
|
|
6700
7425
|
notBefore?: number | undefined;
|
|
6701
7426
|
notAfter?: number | undefined;
|
|
7427
|
+
scopes?: string[] | undefined;
|
|
7428
|
+
audience?: string | string[] | undefined;
|
|
6702
7429
|
crisp?: z.objectOutputType<{
|
|
6703
7430
|
budget: z.ZodOptional<z.ZodObject<{
|
|
6704
7431
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -6745,19 +7472,23 @@ export declare const DelegationCredentialSchema: z.ZodObject<{
|
|
|
6745
7472
|
} & {
|
|
6746
7473
|
[k: string]: unknown;
|
|
6747
7474
|
};
|
|
6748
|
-
issuerDid: string;
|
|
6749
|
-
subjectDid: string;
|
|
6750
|
-
metadata?: Record<string, any> | undefined;
|
|
6751
|
-
createdAt?: number | undefined;
|
|
6752
7475
|
controller?: string | undefined;
|
|
6753
7476
|
parentId?: string | undefined;
|
|
7477
|
+
scopes?: string[] | undefined;
|
|
7478
|
+
createdAt?: number | undefined;
|
|
7479
|
+
metadata?: Record<string, any> | undefined;
|
|
7480
|
+
userDid?: string | undefined;
|
|
7481
|
+
userIdentifier?: string | undefined;
|
|
7482
|
+
sessionId?: string | undefined;
|
|
6754
7483
|
}, {
|
|
6755
7484
|
id: string;
|
|
7485
|
+
issuerDid: string;
|
|
7486
|
+
subjectDid: string;
|
|
6756
7487
|
constraints: {
|
|
6757
|
-
scopes?: string[] | undefined;
|
|
6758
|
-
audience?: string | string[] | undefined;
|
|
6759
7488
|
notBefore?: number | undefined;
|
|
6760
7489
|
notAfter?: number | undefined;
|
|
7490
|
+
scopes?: string[] | undefined;
|
|
7491
|
+
audience?: string | string[] | undefined;
|
|
6761
7492
|
crisp?: z.objectInputType<{
|
|
6762
7493
|
budget: z.ZodOptional<z.ZodObject<{
|
|
6763
7494
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -6804,23 +7535,28 @@ export declare const DelegationCredentialSchema: z.ZodObject<{
|
|
|
6804
7535
|
} & {
|
|
6805
7536
|
[k: string]: unknown;
|
|
6806
7537
|
};
|
|
6807
|
-
issuerDid: string;
|
|
6808
|
-
subjectDid: string;
|
|
6809
|
-
status?: "active" | "revoked" | "expired" | undefined;
|
|
6810
|
-
metadata?: Record<string, any> | undefined;
|
|
6811
|
-
createdAt?: number | undefined;
|
|
6812
7538
|
controller?: string | undefined;
|
|
6813
7539
|
parentId?: string | undefined;
|
|
7540
|
+
status?: "active" | "revoked" | "expired" | undefined;
|
|
7541
|
+
scopes?: string[] | undefined;
|
|
7542
|
+
createdAt?: number | undefined;
|
|
7543
|
+
metadata?: Record<string, any> | undefined;
|
|
7544
|
+
userDid?: string | undefined;
|
|
7545
|
+
userIdentifier?: string | undefined;
|
|
7546
|
+
sessionId?: string | undefined;
|
|
6814
7547
|
}>;
|
|
6815
7548
|
}, "strip", z.ZodTypeAny, {
|
|
7549
|
+
id: string;
|
|
6816
7550
|
delegation: {
|
|
6817
|
-
status: "active" | "revoked" | "expired";
|
|
6818
7551
|
id: string;
|
|
7552
|
+
issuerDid: string;
|
|
7553
|
+
subjectDid: string;
|
|
7554
|
+
status: "active" | "revoked" | "expired";
|
|
6819
7555
|
constraints: {
|
|
6820
|
-
scopes?: string[] | undefined;
|
|
6821
|
-
audience?: string | string[] | undefined;
|
|
6822
7556
|
notBefore?: number | undefined;
|
|
6823
7557
|
notAfter?: number | undefined;
|
|
7558
|
+
scopes?: string[] | undefined;
|
|
7559
|
+
audience?: string | string[] | undefined;
|
|
6824
7560
|
crisp?: z.objectOutputType<{
|
|
6825
7561
|
budget: z.ZodOptional<z.ZodObject<{
|
|
6826
7562
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -6867,22 +7603,26 @@ export declare const DelegationCredentialSchema: z.ZodObject<{
|
|
|
6867
7603
|
} & {
|
|
6868
7604
|
[k: string]: unknown;
|
|
6869
7605
|
};
|
|
6870
|
-
issuerDid: string;
|
|
6871
|
-
subjectDid: string;
|
|
6872
|
-
metadata?: Record<string, any> | undefined;
|
|
6873
|
-
createdAt?: number | undefined;
|
|
6874
7606
|
controller?: string | undefined;
|
|
6875
7607
|
parentId?: string | undefined;
|
|
7608
|
+
scopes?: string[] | undefined;
|
|
7609
|
+
createdAt?: number | undefined;
|
|
7610
|
+
metadata?: Record<string, any> | undefined;
|
|
7611
|
+
userDid?: string | undefined;
|
|
7612
|
+
userIdentifier?: string | undefined;
|
|
7613
|
+
sessionId?: string | undefined;
|
|
6876
7614
|
};
|
|
6877
|
-
id: string;
|
|
6878
7615
|
}, {
|
|
7616
|
+
id: string;
|
|
6879
7617
|
delegation: {
|
|
6880
7618
|
id: string;
|
|
7619
|
+
issuerDid: string;
|
|
7620
|
+
subjectDid: string;
|
|
6881
7621
|
constraints: {
|
|
6882
|
-
scopes?: string[] | undefined;
|
|
6883
|
-
audience?: string | string[] | undefined;
|
|
6884
7622
|
notBefore?: number | undefined;
|
|
6885
7623
|
notAfter?: number | undefined;
|
|
7624
|
+
scopes?: string[] | undefined;
|
|
7625
|
+
audience?: string | string[] | undefined;
|
|
6886
7626
|
crisp?: z.objectInputType<{
|
|
6887
7627
|
budget: z.ZodOptional<z.ZodObject<{
|
|
6888
7628
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -6929,15 +7669,16 @@ export declare const DelegationCredentialSchema: z.ZodObject<{
|
|
|
6929
7669
|
} & {
|
|
6930
7670
|
[k: string]: unknown;
|
|
6931
7671
|
};
|
|
6932
|
-
issuerDid: string;
|
|
6933
|
-
subjectDid: string;
|
|
6934
|
-
status?: "active" | "revoked" | "expired" | undefined;
|
|
6935
|
-
metadata?: Record<string, any> | undefined;
|
|
6936
|
-
createdAt?: number | undefined;
|
|
6937
7672
|
controller?: string | undefined;
|
|
6938
7673
|
parentId?: string | undefined;
|
|
7674
|
+
status?: "active" | "revoked" | "expired" | undefined;
|
|
7675
|
+
scopes?: string[] | undefined;
|
|
7676
|
+
createdAt?: number | undefined;
|
|
7677
|
+
metadata?: Record<string, any> | undefined;
|
|
7678
|
+
userDid?: string | undefined;
|
|
7679
|
+
userIdentifier?: string | undefined;
|
|
7680
|
+
sessionId?: string | undefined;
|
|
6939
7681
|
};
|
|
6940
|
-
id: string;
|
|
6941
7682
|
}>;
|
|
6942
7683
|
credentialStatus: z.ZodOptional<z.ZodObject<{
|
|
6943
7684
|
id: z.ZodString;
|
|
@@ -6946,14 +7687,14 @@ export declare const DelegationCredentialSchema: z.ZodObject<{
|
|
|
6946
7687
|
statusListIndex: z.ZodString;
|
|
6947
7688
|
statusListCredential: z.ZodString;
|
|
6948
7689
|
}, "strip", z.ZodTypeAny, {
|
|
6949
|
-
type: "StatusList2021Entry";
|
|
6950
7690
|
id: string;
|
|
7691
|
+
type: "StatusList2021Entry";
|
|
6951
7692
|
statusPurpose: "revocation" | "suspension";
|
|
6952
7693
|
statusListIndex: string;
|
|
6953
7694
|
statusListCredential: string;
|
|
6954
7695
|
}, {
|
|
6955
|
-
type: "StatusList2021Entry";
|
|
6956
7696
|
id: string;
|
|
7697
|
+
type: "StatusList2021Entry";
|
|
6957
7698
|
statusPurpose: "revocation" | "suspension";
|
|
6958
7699
|
statusListIndex: string;
|
|
6959
7700
|
statusListCredential: string;
|
|
@@ -7007,6 +7748,38 @@ export declare function validateDelegationCredential(credential: unknown): z.Saf
|
|
|
7007
7748
|
issuerDid: z.ZodString;
|
|
7008
7749
|
/** DID of the delegatee (subject, e.g., agent) */
|
|
7009
7750
|
subjectDid: z.ZodString;
|
|
7751
|
+
/**
|
|
7752
|
+
* DID of the user who granted the delegation.
|
|
7753
|
+
*
|
|
7754
|
+
* This is the authorizing user's identity. In simple cases, this equals
|
|
7755
|
+
* issuerDid. In delegated scenarios (e.g., AgentShield issuing on behalf
|
|
7756
|
+
* of a user), userDid identifies the actual user who consented.
|
|
7757
|
+
*
|
|
7758
|
+
* Required by Agent Shield API for user-scoped delegations.
|
|
7759
|
+
* @see delegationCredentialSchema in agentshield-api/schemas.ts
|
|
7760
|
+
*/
|
|
7761
|
+
userDid: z.ZodOptional<z.ZodString>;
|
|
7762
|
+
/**
|
|
7763
|
+
* Human-readable identifier for the user (e.g., email, OAuth subject).
|
|
7764
|
+
*
|
|
7765
|
+
* Used for backward compatibility and display purposes.
|
|
7766
|
+
* Should not be used for cryptographic identity verification.
|
|
7767
|
+
*/
|
|
7768
|
+
userIdentifier: z.ZodOptional<z.ZodString>;
|
|
7769
|
+
/**
|
|
7770
|
+
* MCP session ID for session tracking and integration.
|
|
7771
|
+
*
|
|
7772
|
+
* Links the delegation to a specific MCP session, enabling
|
|
7773
|
+
* session-scoped token caching and audit trails.
|
|
7774
|
+
*/
|
|
7775
|
+
sessionId: z.ZodOptional<z.ZodString>;
|
|
7776
|
+
/**
|
|
7777
|
+
* Authorized scopes for this delegation.
|
|
7778
|
+
*
|
|
7779
|
+
* Array of scope strings (e.g., ['tool:execute', 'resource:read']).
|
|
7780
|
+
* When present, defines what actions the delegatee is authorized to perform.
|
|
7781
|
+
*/
|
|
7782
|
+
scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
7010
7783
|
/** Optional controller (user account ID or DID) */
|
|
7011
7784
|
controller: z.ZodOptional<z.ZodString>;
|
|
7012
7785
|
/** Optional parent delegation ID for chain tracking */
|
|
@@ -7416,13 +8189,15 @@ export declare function validateDelegationCredential(credential: unknown): z.Saf
|
|
|
7416
8189
|
/** Optional metadata */
|
|
7417
8190
|
metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
|
|
7418
8191
|
}, "strip", z.ZodTypeAny, {
|
|
7419
|
-
status: "active" | "revoked" | "expired";
|
|
7420
8192
|
id: string;
|
|
8193
|
+
issuerDid: string;
|
|
8194
|
+
subjectDid: string;
|
|
8195
|
+
status: "active" | "revoked" | "expired";
|
|
7421
8196
|
constraints: {
|
|
7422
|
-
scopes?: string[] | undefined;
|
|
7423
|
-
audience?: string | string[] | undefined;
|
|
7424
8197
|
notBefore?: number | undefined;
|
|
7425
8198
|
notAfter?: number | undefined;
|
|
8199
|
+
scopes?: string[] | undefined;
|
|
8200
|
+
audience?: string | string[] | undefined;
|
|
7426
8201
|
crisp?: z.objectOutputType<{
|
|
7427
8202
|
budget: z.ZodOptional<z.ZodObject<{
|
|
7428
8203
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -7469,19 +8244,23 @@ export declare function validateDelegationCredential(credential: unknown): z.Saf
|
|
|
7469
8244
|
} & {
|
|
7470
8245
|
[k: string]: unknown;
|
|
7471
8246
|
};
|
|
7472
|
-
issuerDid: string;
|
|
7473
|
-
subjectDid: string;
|
|
7474
|
-
metadata?: Record<string, any> | undefined;
|
|
7475
|
-
createdAt?: number | undefined;
|
|
7476
8247
|
controller?: string | undefined;
|
|
7477
8248
|
parentId?: string | undefined;
|
|
8249
|
+
scopes?: string[] | undefined;
|
|
8250
|
+
createdAt?: number | undefined;
|
|
8251
|
+
metadata?: Record<string, any> | undefined;
|
|
8252
|
+
userDid?: string | undefined;
|
|
8253
|
+
userIdentifier?: string | undefined;
|
|
8254
|
+
sessionId?: string | undefined;
|
|
7478
8255
|
}, {
|
|
7479
8256
|
id: string;
|
|
8257
|
+
issuerDid: string;
|
|
8258
|
+
subjectDid: string;
|
|
7480
8259
|
constraints: {
|
|
7481
|
-
scopes?: string[] | undefined;
|
|
7482
|
-
audience?: string | string[] | undefined;
|
|
7483
8260
|
notBefore?: number | undefined;
|
|
7484
8261
|
notAfter?: number | undefined;
|
|
8262
|
+
scopes?: string[] | undefined;
|
|
8263
|
+
audience?: string | string[] | undefined;
|
|
7485
8264
|
crisp?: z.objectInputType<{
|
|
7486
8265
|
budget: z.ZodOptional<z.ZodObject<{
|
|
7487
8266
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -7528,23 +8307,28 @@ export declare function validateDelegationCredential(credential: unknown): z.Saf
|
|
|
7528
8307
|
} & {
|
|
7529
8308
|
[k: string]: unknown;
|
|
7530
8309
|
};
|
|
7531
|
-
issuerDid: string;
|
|
7532
|
-
subjectDid: string;
|
|
7533
|
-
status?: "active" | "revoked" | "expired" | undefined;
|
|
7534
|
-
metadata?: Record<string, any> | undefined;
|
|
7535
|
-
createdAt?: number | undefined;
|
|
7536
8310
|
controller?: string | undefined;
|
|
7537
8311
|
parentId?: string | undefined;
|
|
8312
|
+
status?: "active" | "revoked" | "expired" | undefined;
|
|
8313
|
+
scopes?: string[] | undefined;
|
|
8314
|
+
createdAt?: number | undefined;
|
|
8315
|
+
metadata?: Record<string, any> | undefined;
|
|
8316
|
+
userDid?: string | undefined;
|
|
8317
|
+
userIdentifier?: string | undefined;
|
|
8318
|
+
sessionId?: string | undefined;
|
|
7538
8319
|
}>;
|
|
7539
8320
|
}, "strip", z.ZodTypeAny, {
|
|
8321
|
+
id: string;
|
|
7540
8322
|
delegation: {
|
|
7541
|
-
status: "active" | "revoked" | "expired";
|
|
7542
8323
|
id: string;
|
|
8324
|
+
issuerDid: string;
|
|
8325
|
+
subjectDid: string;
|
|
8326
|
+
status: "active" | "revoked" | "expired";
|
|
7543
8327
|
constraints: {
|
|
7544
|
-
scopes?: string[] | undefined;
|
|
7545
|
-
audience?: string | string[] | undefined;
|
|
7546
8328
|
notBefore?: number | undefined;
|
|
7547
8329
|
notAfter?: number | undefined;
|
|
8330
|
+
scopes?: string[] | undefined;
|
|
8331
|
+
audience?: string | string[] | undefined;
|
|
7548
8332
|
crisp?: z.objectOutputType<{
|
|
7549
8333
|
budget: z.ZodOptional<z.ZodObject<{
|
|
7550
8334
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -7591,22 +8375,26 @@ export declare function validateDelegationCredential(credential: unknown): z.Saf
|
|
|
7591
8375
|
} & {
|
|
7592
8376
|
[k: string]: unknown;
|
|
7593
8377
|
};
|
|
7594
|
-
issuerDid: string;
|
|
7595
|
-
subjectDid: string;
|
|
7596
|
-
metadata?: Record<string, any> | undefined;
|
|
7597
|
-
createdAt?: number | undefined;
|
|
7598
8378
|
controller?: string | undefined;
|
|
7599
8379
|
parentId?: string | undefined;
|
|
8380
|
+
scopes?: string[] | undefined;
|
|
8381
|
+
createdAt?: number | undefined;
|
|
8382
|
+
metadata?: Record<string, any> | undefined;
|
|
8383
|
+
userDid?: string | undefined;
|
|
8384
|
+
userIdentifier?: string | undefined;
|
|
8385
|
+
sessionId?: string | undefined;
|
|
7600
8386
|
};
|
|
7601
|
-
id: string;
|
|
7602
8387
|
}, {
|
|
8388
|
+
id: string;
|
|
7603
8389
|
delegation: {
|
|
7604
8390
|
id: string;
|
|
8391
|
+
issuerDid: string;
|
|
8392
|
+
subjectDid: string;
|
|
7605
8393
|
constraints: {
|
|
7606
|
-
scopes?: string[] | undefined;
|
|
7607
|
-
audience?: string | string[] | undefined;
|
|
7608
8394
|
notBefore?: number | undefined;
|
|
7609
8395
|
notAfter?: number | undefined;
|
|
8396
|
+
scopes?: string[] | undefined;
|
|
8397
|
+
audience?: string | string[] | undefined;
|
|
7610
8398
|
crisp?: z.objectInputType<{
|
|
7611
8399
|
budget: z.ZodOptional<z.ZodObject<{
|
|
7612
8400
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -7653,15 +8441,16 @@ export declare function validateDelegationCredential(credential: unknown): z.Saf
|
|
|
7653
8441
|
} & {
|
|
7654
8442
|
[k: string]: unknown;
|
|
7655
8443
|
};
|
|
7656
|
-
issuerDid: string;
|
|
7657
|
-
subjectDid: string;
|
|
7658
|
-
status?: "active" | "revoked" | "expired" | undefined;
|
|
7659
|
-
metadata?: Record<string, any> | undefined;
|
|
7660
|
-
createdAt?: number | undefined;
|
|
7661
8444
|
controller?: string | undefined;
|
|
7662
8445
|
parentId?: string | undefined;
|
|
8446
|
+
status?: "active" | "revoked" | "expired" | undefined;
|
|
8447
|
+
scopes?: string[] | undefined;
|
|
8448
|
+
createdAt?: number | undefined;
|
|
8449
|
+
metadata?: Record<string, any> | undefined;
|
|
8450
|
+
userDid?: string | undefined;
|
|
8451
|
+
userIdentifier?: string | undefined;
|
|
8452
|
+
sessionId?: string | undefined;
|
|
7663
8453
|
};
|
|
7664
|
-
id: string;
|
|
7665
8454
|
}>;
|
|
7666
8455
|
credentialStatus: z.ZodOptional<z.ZodObject<{
|
|
7667
8456
|
id: z.ZodString;
|
|
@@ -7670,14 +8459,14 @@ export declare function validateDelegationCredential(credential: unknown): z.Saf
|
|
|
7670
8459
|
statusListIndex: z.ZodString;
|
|
7671
8460
|
statusListCredential: z.ZodString;
|
|
7672
8461
|
}, "strip", z.ZodTypeAny, {
|
|
7673
|
-
type: "StatusList2021Entry";
|
|
7674
8462
|
id: string;
|
|
8463
|
+
type: "StatusList2021Entry";
|
|
7675
8464
|
statusPurpose: "revocation" | "suspension";
|
|
7676
8465
|
statusListIndex: string;
|
|
7677
8466
|
statusListCredential: string;
|
|
7678
8467
|
}, {
|
|
7679
|
-
type: "StatusList2021Entry";
|
|
7680
8468
|
id: string;
|
|
8469
|
+
type: "StatusList2021Entry";
|
|
7681
8470
|
statusPurpose: "revocation" | "suspension";
|
|
7682
8471
|
statusListIndex: string;
|
|
7683
8472
|
statusListCredential: string;
|
|
@@ -7723,6 +8512,38 @@ export declare function validateDelegationCredential(credential: unknown): z.Saf
|
|
|
7723
8512
|
issuerDid: z.ZodString;
|
|
7724
8513
|
/** DID of the delegatee (subject, e.g., agent) */
|
|
7725
8514
|
subjectDid: z.ZodString;
|
|
8515
|
+
/**
|
|
8516
|
+
* DID of the user who granted the delegation.
|
|
8517
|
+
*
|
|
8518
|
+
* This is the authorizing user's identity. In simple cases, this equals
|
|
8519
|
+
* issuerDid. In delegated scenarios (e.g., AgentShield issuing on behalf
|
|
8520
|
+
* of a user), userDid identifies the actual user who consented.
|
|
8521
|
+
*
|
|
8522
|
+
* Required by Agent Shield API for user-scoped delegations.
|
|
8523
|
+
* @see delegationCredentialSchema in agentshield-api/schemas.ts
|
|
8524
|
+
*/
|
|
8525
|
+
userDid: z.ZodOptional<z.ZodString>;
|
|
8526
|
+
/**
|
|
8527
|
+
* Human-readable identifier for the user (e.g., email, OAuth subject).
|
|
8528
|
+
*
|
|
8529
|
+
* Used for backward compatibility and display purposes.
|
|
8530
|
+
* Should not be used for cryptographic identity verification.
|
|
8531
|
+
*/
|
|
8532
|
+
userIdentifier: z.ZodOptional<z.ZodString>;
|
|
8533
|
+
/**
|
|
8534
|
+
* MCP session ID for session tracking and integration.
|
|
8535
|
+
*
|
|
8536
|
+
* Links the delegation to a specific MCP session, enabling
|
|
8537
|
+
* session-scoped token caching and audit trails.
|
|
8538
|
+
*/
|
|
8539
|
+
sessionId: z.ZodOptional<z.ZodString>;
|
|
8540
|
+
/**
|
|
8541
|
+
* Authorized scopes for this delegation.
|
|
8542
|
+
*
|
|
8543
|
+
* Array of scope strings (e.g., ['tool:execute', 'resource:read']).
|
|
8544
|
+
* When present, defines what actions the delegatee is authorized to perform.
|
|
8545
|
+
*/
|
|
8546
|
+
scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
7726
8547
|
/** Optional controller (user account ID or DID) */
|
|
7727
8548
|
controller: z.ZodOptional<z.ZodString>;
|
|
7728
8549
|
/** Optional parent delegation ID for chain tracking */
|
|
@@ -8132,13 +8953,15 @@ export declare function validateDelegationCredential(credential: unknown): z.Saf
|
|
|
8132
8953
|
/** Optional metadata */
|
|
8133
8954
|
metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
|
|
8134
8955
|
}, "strip", z.ZodTypeAny, {
|
|
8135
|
-
status: "active" | "revoked" | "expired";
|
|
8136
8956
|
id: string;
|
|
8957
|
+
issuerDid: string;
|
|
8958
|
+
subjectDid: string;
|
|
8959
|
+
status: "active" | "revoked" | "expired";
|
|
8137
8960
|
constraints: {
|
|
8138
|
-
scopes?: string[] | undefined;
|
|
8139
|
-
audience?: string | string[] | undefined;
|
|
8140
8961
|
notBefore?: number | undefined;
|
|
8141
8962
|
notAfter?: number | undefined;
|
|
8963
|
+
scopes?: string[] | undefined;
|
|
8964
|
+
audience?: string | string[] | undefined;
|
|
8142
8965
|
crisp?: z.objectOutputType<{
|
|
8143
8966
|
budget: z.ZodOptional<z.ZodObject<{
|
|
8144
8967
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -8185,19 +9008,23 @@ export declare function validateDelegationCredential(credential: unknown): z.Saf
|
|
|
8185
9008
|
} & {
|
|
8186
9009
|
[k: string]: unknown;
|
|
8187
9010
|
};
|
|
8188
|
-
issuerDid: string;
|
|
8189
|
-
subjectDid: string;
|
|
8190
|
-
metadata?: Record<string, any> | undefined;
|
|
8191
|
-
createdAt?: number | undefined;
|
|
8192
9011
|
controller?: string | undefined;
|
|
8193
9012
|
parentId?: string | undefined;
|
|
9013
|
+
scopes?: string[] | undefined;
|
|
9014
|
+
createdAt?: number | undefined;
|
|
9015
|
+
metadata?: Record<string, any> | undefined;
|
|
9016
|
+
userDid?: string | undefined;
|
|
9017
|
+
userIdentifier?: string | undefined;
|
|
9018
|
+
sessionId?: string | undefined;
|
|
8194
9019
|
}, {
|
|
8195
9020
|
id: string;
|
|
9021
|
+
issuerDid: string;
|
|
9022
|
+
subjectDid: string;
|
|
8196
9023
|
constraints: {
|
|
8197
|
-
scopes?: string[] | undefined;
|
|
8198
|
-
audience?: string | string[] | undefined;
|
|
8199
9024
|
notBefore?: number | undefined;
|
|
8200
9025
|
notAfter?: number | undefined;
|
|
9026
|
+
scopes?: string[] | undefined;
|
|
9027
|
+
audience?: string | string[] | undefined;
|
|
8201
9028
|
crisp?: z.objectInputType<{
|
|
8202
9029
|
budget: z.ZodOptional<z.ZodObject<{
|
|
8203
9030
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -8244,23 +9071,28 @@ export declare function validateDelegationCredential(credential: unknown): z.Saf
|
|
|
8244
9071
|
} & {
|
|
8245
9072
|
[k: string]: unknown;
|
|
8246
9073
|
};
|
|
8247
|
-
issuerDid: string;
|
|
8248
|
-
subjectDid: string;
|
|
8249
|
-
status?: "active" | "revoked" | "expired" | undefined;
|
|
8250
|
-
metadata?: Record<string, any> | undefined;
|
|
8251
|
-
createdAt?: number | undefined;
|
|
8252
9074
|
controller?: string | undefined;
|
|
8253
9075
|
parentId?: string | undefined;
|
|
9076
|
+
status?: "active" | "revoked" | "expired" | undefined;
|
|
9077
|
+
scopes?: string[] | undefined;
|
|
9078
|
+
createdAt?: number | undefined;
|
|
9079
|
+
metadata?: Record<string, any> | undefined;
|
|
9080
|
+
userDid?: string | undefined;
|
|
9081
|
+
userIdentifier?: string | undefined;
|
|
9082
|
+
sessionId?: string | undefined;
|
|
8254
9083
|
}>;
|
|
8255
9084
|
}, "strip", z.ZodTypeAny, {
|
|
9085
|
+
id: string;
|
|
8256
9086
|
delegation: {
|
|
8257
|
-
status: "active" | "revoked" | "expired";
|
|
8258
9087
|
id: string;
|
|
9088
|
+
issuerDid: string;
|
|
9089
|
+
subjectDid: string;
|
|
9090
|
+
status: "active" | "revoked" | "expired";
|
|
8259
9091
|
constraints: {
|
|
8260
|
-
scopes?: string[] | undefined;
|
|
8261
|
-
audience?: string | string[] | undefined;
|
|
8262
9092
|
notBefore?: number | undefined;
|
|
8263
9093
|
notAfter?: number | undefined;
|
|
9094
|
+
scopes?: string[] | undefined;
|
|
9095
|
+
audience?: string | string[] | undefined;
|
|
8264
9096
|
crisp?: z.objectOutputType<{
|
|
8265
9097
|
budget: z.ZodOptional<z.ZodObject<{
|
|
8266
9098
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -8307,22 +9139,26 @@ export declare function validateDelegationCredential(credential: unknown): z.Saf
|
|
|
8307
9139
|
} & {
|
|
8308
9140
|
[k: string]: unknown;
|
|
8309
9141
|
};
|
|
8310
|
-
issuerDid: string;
|
|
8311
|
-
subjectDid: string;
|
|
8312
|
-
metadata?: Record<string, any> | undefined;
|
|
8313
|
-
createdAt?: number | undefined;
|
|
8314
9142
|
controller?: string | undefined;
|
|
8315
9143
|
parentId?: string | undefined;
|
|
9144
|
+
scopes?: string[] | undefined;
|
|
9145
|
+
createdAt?: number | undefined;
|
|
9146
|
+
metadata?: Record<string, any> | undefined;
|
|
9147
|
+
userDid?: string | undefined;
|
|
9148
|
+
userIdentifier?: string | undefined;
|
|
9149
|
+
sessionId?: string | undefined;
|
|
8316
9150
|
};
|
|
8317
|
-
id: string;
|
|
8318
9151
|
}, {
|
|
9152
|
+
id: string;
|
|
8319
9153
|
delegation: {
|
|
8320
9154
|
id: string;
|
|
9155
|
+
issuerDid: string;
|
|
9156
|
+
subjectDid: string;
|
|
8321
9157
|
constraints: {
|
|
8322
|
-
scopes?: string[] | undefined;
|
|
8323
|
-
audience?: string | string[] | undefined;
|
|
8324
9158
|
notBefore?: number | undefined;
|
|
8325
9159
|
notAfter?: number | undefined;
|
|
9160
|
+
scopes?: string[] | undefined;
|
|
9161
|
+
audience?: string | string[] | undefined;
|
|
8326
9162
|
crisp?: z.objectInputType<{
|
|
8327
9163
|
budget: z.ZodOptional<z.ZodObject<{
|
|
8328
9164
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -8369,15 +9205,16 @@ export declare function validateDelegationCredential(credential: unknown): z.Saf
|
|
|
8369
9205
|
} & {
|
|
8370
9206
|
[k: string]: unknown;
|
|
8371
9207
|
};
|
|
8372
|
-
issuerDid: string;
|
|
8373
|
-
subjectDid: string;
|
|
8374
|
-
status?: "active" | "revoked" | "expired" | undefined;
|
|
8375
|
-
metadata?: Record<string, any> | undefined;
|
|
8376
|
-
createdAt?: number | undefined;
|
|
8377
9208
|
controller?: string | undefined;
|
|
8378
9209
|
parentId?: string | undefined;
|
|
9210
|
+
status?: "active" | "revoked" | "expired" | undefined;
|
|
9211
|
+
scopes?: string[] | undefined;
|
|
9212
|
+
createdAt?: number | undefined;
|
|
9213
|
+
metadata?: Record<string, any> | undefined;
|
|
9214
|
+
userDid?: string | undefined;
|
|
9215
|
+
userIdentifier?: string | undefined;
|
|
9216
|
+
sessionId?: string | undefined;
|
|
8379
9217
|
};
|
|
8380
|
-
id: string;
|
|
8381
9218
|
}>;
|
|
8382
9219
|
credentialStatus: z.ZodOptional<z.ZodObject<{
|
|
8383
9220
|
id: z.ZodString;
|
|
@@ -8386,14 +9223,14 @@ export declare function validateDelegationCredential(credential: unknown): z.Saf
|
|
|
8386
9223
|
statusListIndex: z.ZodString;
|
|
8387
9224
|
statusListCredential: z.ZodString;
|
|
8388
9225
|
}, "strip", z.ZodTypeAny, {
|
|
8389
|
-
type: "StatusList2021Entry";
|
|
8390
9226
|
id: string;
|
|
9227
|
+
type: "StatusList2021Entry";
|
|
8391
9228
|
statusPurpose: "revocation" | "suspension";
|
|
8392
9229
|
statusListIndex: string;
|
|
8393
9230
|
statusListCredential: string;
|
|
8394
9231
|
}, {
|
|
8395
|
-
type: "StatusList2021Entry";
|
|
8396
9232
|
id: string;
|
|
9233
|
+
type: "StatusList2021Entry";
|
|
8397
9234
|
statusPurpose: "revocation" | "suspension";
|
|
8398
9235
|
statusListIndex: string;
|
|
8399
9236
|
statusListCredential: string;
|
|
@@ -8432,7 +9269,7 @@ export declare function extractDelegationFromVC(vc: DelegationCredential): Deleg
|
|
|
8432
9269
|
* The caller must sign this to create a valid DelegationCredential.
|
|
8433
9270
|
*
|
|
8434
9271
|
* @param delegation - The delegation record
|
|
8435
|
-
* @param options - Optional VC options (id, issuanceDate, etc.)
|
|
9272
|
+
* @param options - Optional VC options (id, issuanceDate, userDid, sessionId, etc.)
|
|
8436
9273
|
* @returns Unsigned DelegationCredential
|
|
8437
9274
|
*/
|
|
8438
9275
|
export declare function wrapDelegationAsVC(delegation: DelegationRecord, options?: {
|
|
@@ -8440,6 +9277,14 @@ export declare function wrapDelegationAsVC(delegation: DelegationRecord, options
|
|
|
8440
9277
|
issuanceDate?: string;
|
|
8441
9278
|
expirationDate?: string;
|
|
8442
9279
|
credentialStatus?: z.infer<typeof CredentialStatusSchema>;
|
|
9280
|
+
/** User DID who granted the delegation (if different from issuer) */
|
|
9281
|
+
userDid?: string;
|
|
9282
|
+
/** Human-readable user identifier */
|
|
9283
|
+
userIdentifier?: string;
|
|
9284
|
+
/** MCP session ID for session tracking */
|
|
9285
|
+
sessionId?: string;
|
|
9286
|
+
/** Authorized scopes */
|
|
9287
|
+
scopes?: string[];
|
|
8443
9288
|
}): Omit<DelegationCredential, 'proof'>;
|
|
8444
9289
|
/**
|
|
8445
9290
|
* Check if a delegation credential is expired
|