@kya-os/contracts 1.7.16 → 1.7.18
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/agentshield-api/schemas.d.ts +132 -132
- package/dist/consent/schemas.d.ts +30 -8
- package/dist/consent/schemas.js +20 -0
- package/dist/dashboard-config/schemas.d.ts +1919 -1919
- package/dist/delegation/schemas.d.ts +601 -302
- package/dist/delegation/schemas.js +46 -1
- package/dist/handshake.js +11 -2
- package/dist/tool-protection/index.d.ts +6 -6
- package/dist/tool-protection/index.js +10 -7
- package/dist/verifier.d.ts +6 -6
- package/package.json +2 -2
|
@@ -1724,15 +1724,12 @@ export declare const DelegationChainEntrySchema: z.ZodObject<{
|
|
|
1724
1724
|
/** Status */
|
|
1725
1725
|
status: z.ZodEnum<["active", "revoked", "expired"]>;
|
|
1726
1726
|
}, "strip", z.ZodTypeAny, {
|
|
1727
|
-
issuerDid: string;
|
|
1728
|
-
subjectDid: string;
|
|
1729
|
-
vcId: string;
|
|
1730
1727
|
status: "active" | "revoked" | "expired";
|
|
1731
1728
|
constraints: {
|
|
1732
|
-
notBefore?: number | undefined;
|
|
1733
|
-
notAfter?: number | undefined;
|
|
1734
1729
|
scopes?: string[] | undefined;
|
|
1735
1730
|
audience?: string | string[] | undefined;
|
|
1731
|
+
notBefore?: number | undefined;
|
|
1732
|
+
notAfter?: number | undefined;
|
|
1736
1733
|
crisp?: z.objectOutputType<{
|
|
1737
1734
|
budget: z.ZodOptional<z.ZodObject<{
|
|
1738
1735
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -1779,18 +1776,18 @@ export declare const DelegationChainEntrySchema: z.ZodObject<{
|
|
|
1779
1776
|
} & {
|
|
1780
1777
|
[k: string]: unknown;
|
|
1781
1778
|
};
|
|
1782
|
-
delegationId: string;
|
|
1783
|
-
depth: number;
|
|
1784
|
-
}, {
|
|
1785
1779
|
issuerDid: string;
|
|
1786
1780
|
subjectDid: string;
|
|
1787
1781
|
vcId: string;
|
|
1782
|
+
delegationId: string;
|
|
1783
|
+
depth: number;
|
|
1784
|
+
}, {
|
|
1788
1785
|
status: "active" | "revoked" | "expired";
|
|
1789
1786
|
constraints: {
|
|
1790
|
-
notBefore?: number | undefined;
|
|
1791
|
-
notAfter?: number | undefined;
|
|
1792
1787
|
scopes?: string[] | undefined;
|
|
1793
1788
|
audience?: string | string[] | undefined;
|
|
1789
|
+
notBefore?: number | undefined;
|
|
1790
|
+
notAfter?: number | undefined;
|
|
1794
1791
|
crisp?: z.objectInputType<{
|
|
1795
1792
|
budget: z.ZodOptional<z.ZodObject<{
|
|
1796
1793
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -1837,6 +1834,9 @@ export declare const DelegationChainEntrySchema: z.ZodObject<{
|
|
|
1837
1834
|
} & {
|
|
1838
1835
|
[k: string]: unknown;
|
|
1839
1836
|
};
|
|
1837
|
+
issuerDid: string;
|
|
1838
|
+
subjectDid: string;
|
|
1839
|
+
vcId: string;
|
|
1840
1840
|
delegationId: string;
|
|
1841
1841
|
depth: number;
|
|
1842
1842
|
}>;
|
|
@@ -2264,15 +2264,12 @@ export declare const DelegationChainSchema: z.ZodObject<{
|
|
|
2264
2264
|
/** Status */
|
|
2265
2265
|
status: z.ZodEnum<["active", "revoked", "expired"]>;
|
|
2266
2266
|
}, "strip", z.ZodTypeAny, {
|
|
2267
|
-
issuerDid: string;
|
|
2268
|
-
subjectDid: string;
|
|
2269
|
-
vcId: string;
|
|
2270
2267
|
status: "active" | "revoked" | "expired";
|
|
2271
2268
|
constraints: {
|
|
2272
|
-
notBefore?: number | undefined;
|
|
2273
|
-
notAfter?: number | undefined;
|
|
2274
2269
|
scopes?: string[] | undefined;
|
|
2275
2270
|
audience?: string | string[] | undefined;
|
|
2271
|
+
notBefore?: number | undefined;
|
|
2272
|
+
notAfter?: number | undefined;
|
|
2276
2273
|
crisp?: z.objectOutputType<{
|
|
2277
2274
|
budget: z.ZodOptional<z.ZodObject<{
|
|
2278
2275
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -2319,18 +2316,18 @@ export declare const DelegationChainSchema: z.ZodObject<{
|
|
|
2319
2316
|
} & {
|
|
2320
2317
|
[k: string]: unknown;
|
|
2321
2318
|
};
|
|
2322
|
-
delegationId: string;
|
|
2323
|
-
depth: number;
|
|
2324
|
-
}, {
|
|
2325
2319
|
issuerDid: string;
|
|
2326
2320
|
subjectDid: string;
|
|
2327
2321
|
vcId: string;
|
|
2322
|
+
delegationId: string;
|
|
2323
|
+
depth: number;
|
|
2324
|
+
}, {
|
|
2328
2325
|
status: "active" | "revoked" | "expired";
|
|
2329
2326
|
constraints: {
|
|
2330
|
-
notBefore?: number | undefined;
|
|
2331
|
-
notAfter?: number | undefined;
|
|
2332
2327
|
scopes?: string[] | undefined;
|
|
2333
2328
|
audience?: string | string[] | undefined;
|
|
2329
|
+
notBefore?: number | undefined;
|
|
2330
|
+
notAfter?: number | undefined;
|
|
2334
2331
|
crisp?: z.objectInputType<{
|
|
2335
2332
|
budget: z.ZodOptional<z.ZodObject<{
|
|
2336
2333
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -2377,6 +2374,9 @@ export declare const DelegationChainSchema: z.ZodObject<{
|
|
|
2377
2374
|
} & {
|
|
2378
2375
|
[k: string]: unknown;
|
|
2379
2376
|
};
|
|
2377
|
+
issuerDid: string;
|
|
2378
|
+
subjectDid: string;
|
|
2379
|
+
vcId: string;
|
|
2380
2380
|
delegationId: string;
|
|
2381
2381
|
depth: number;
|
|
2382
2382
|
}>, "many">;
|
|
@@ -2392,15 +2392,12 @@ export declare const DelegationChainSchema: z.ZodObject<{
|
|
|
2392
2392
|
rootIssuer: string;
|
|
2393
2393
|
leafSubject: string;
|
|
2394
2394
|
chain: {
|
|
2395
|
-
issuerDid: string;
|
|
2396
|
-
subjectDid: string;
|
|
2397
|
-
vcId: string;
|
|
2398
2395
|
status: "active" | "revoked" | "expired";
|
|
2399
2396
|
constraints: {
|
|
2400
|
-
notBefore?: number | undefined;
|
|
2401
|
-
notAfter?: number | undefined;
|
|
2402
2397
|
scopes?: string[] | undefined;
|
|
2403
2398
|
audience?: string | string[] | undefined;
|
|
2399
|
+
notBefore?: number | undefined;
|
|
2400
|
+
notAfter?: number | undefined;
|
|
2404
2401
|
crisp?: z.objectOutputType<{
|
|
2405
2402
|
budget: z.ZodOptional<z.ZodObject<{
|
|
2406
2403
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -2447,6 +2444,9 @@ export declare const DelegationChainSchema: z.ZodObject<{
|
|
|
2447
2444
|
} & {
|
|
2448
2445
|
[k: string]: unknown;
|
|
2449
2446
|
};
|
|
2447
|
+
issuerDid: string;
|
|
2448
|
+
subjectDid: string;
|
|
2449
|
+
vcId: string;
|
|
2450
2450
|
delegationId: string;
|
|
2451
2451
|
depth: number;
|
|
2452
2452
|
}[];
|
|
@@ -2457,15 +2457,12 @@ export declare const DelegationChainSchema: z.ZodObject<{
|
|
|
2457
2457
|
rootIssuer: string;
|
|
2458
2458
|
leafSubject: string;
|
|
2459
2459
|
chain: {
|
|
2460
|
-
issuerDid: string;
|
|
2461
|
-
subjectDid: string;
|
|
2462
|
-
vcId: string;
|
|
2463
2460
|
status: "active" | "revoked" | "expired";
|
|
2464
2461
|
constraints: {
|
|
2465
|
-
notBefore?: number | undefined;
|
|
2466
|
-
notAfter?: number | undefined;
|
|
2467
2462
|
scopes?: string[] | undefined;
|
|
2468
2463
|
audience?: string | string[] | undefined;
|
|
2464
|
+
notBefore?: number | undefined;
|
|
2465
|
+
notAfter?: number | undefined;
|
|
2469
2466
|
crisp?: z.objectInputType<{
|
|
2470
2467
|
budget: z.ZodOptional<z.ZodObject<{
|
|
2471
2468
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -2512,6 +2509,9 @@ export declare const DelegationChainSchema: z.ZodObject<{
|
|
|
2512
2509
|
} & {
|
|
2513
2510
|
[k: string]: unknown;
|
|
2514
2511
|
};
|
|
2512
|
+
issuerDid: string;
|
|
2513
|
+
subjectDid: string;
|
|
2514
|
+
vcId: string;
|
|
2515
2515
|
delegationId: string;
|
|
2516
2516
|
depth: number;
|
|
2517
2517
|
}[];
|
|
@@ -2933,13 +2933,11 @@ export declare const DelegationCreationRequestSchema: z.ZodObject<{
|
|
|
2933
2933
|
/** Optional VC ID (if not provided, will be created) */
|
|
2934
2934
|
vcId: z.ZodOptional<z.ZodString>;
|
|
2935
2935
|
}, "strip", z.ZodTypeAny, {
|
|
2936
|
-
issuerDid: string;
|
|
2937
|
-
subjectDid: string;
|
|
2938
2936
|
constraints: {
|
|
2939
|
-
notBefore?: number | undefined;
|
|
2940
|
-
notAfter?: number | undefined;
|
|
2941
2937
|
scopes?: string[] | undefined;
|
|
2942
2938
|
audience?: string | string[] | undefined;
|
|
2939
|
+
notBefore?: number | undefined;
|
|
2940
|
+
notAfter?: number | undefined;
|
|
2943
2941
|
crisp?: z.objectOutputType<{
|
|
2944
2942
|
budget: z.ZodOptional<z.ZodObject<{
|
|
2945
2943
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -2986,17 +2984,17 @@ export declare const DelegationCreationRequestSchema: z.ZodObject<{
|
|
|
2986
2984
|
} & {
|
|
2987
2985
|
[k: string]: unknown;
|
|
2988
2986
|
};
|
|
2987
|
+
issuerDid: string;
|
|
2988
|
+
subjectDid: string;
|
|
2989
2989
|
controller?: string | undefined;
|
|
2990
2990
|
vcId?: string | undefined;
|
|
2991
2991
|
parentId?: string | undefined;
|
|
2992
2992
|
}, {
|
|
2993
|
-
issuerDid: string;
|
|
2994
|
-
subjectDid: string;
|
|
2995
2993
|
constraints: {
|
|
2996
|
-
notBefore?: number | undefined;
|
|
2997
|
-
notAfter?: number | undefined;
|
|
2998
2994
|
scopes?: string[] | undefined;
|
|
2999
2995
|
audience?: string | string[] | undefined;
|
|
2996
|
+
notBefore?: number | undefined;
|
|
2997
|
+
notAfter?: number | undefined;
|
|
3000
2998
|
crisp?: z.objectInputType<{
|
|
3001
2999
|
budget: z.ZodOptional<z.ZodObject<{
|
|
3002
3000
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -3043,6 +3041,8 @@ export declare const DelegationCreationRequestSchema: z.ZodObject<{
|
|
|
3043
3041
|
} & {
|
|
3044
3042
|
[k: string]: unknown;
|
|
3045
3043
|
};
|
|
3044
|
+
issuerDid: string;
|
|
3045
|
+
subjectDid: string;
|
|
3046
3046
|
controller?: string | undefined;
|
|
3047
3047
|
vcId?: string | undefined;
|
|
3048
3048
|
parentId?: string | undefined;
|
|
@@ -3092,27 +3092,27 @@ export declare const AuthorizationInfoSchema: z.ZodObject<{
|
|
|
3092
3092
|
/** Timestamp when authorization was verified (milliseconds since epoch) */
|
|
3093
3093
|
verifiedAt: z.ZodOptional<z.ZodNumber>;
|
|
3094
3094
|
}, "strip", z.ZodTypeAny, {
|
|
3095
|
-
type: "
|
|
3095
|
+
type: "oauth2" | "credential" | "oauth" | "password" | "verifiable_credential" | "mdl" | "idv" | "webauthn" | "siwe" | "none";
|
|
3096
3096
|
provider?: string | undefined;
|
|
3097
|
-
|
|
3097
|
+
verifiedAt?: number | undefined;
|
|
3098
3098
|
issuer?: string | undefined;
|
|
3099
|
+
credentialType?: string | undefined;
|
|
3099
3100
|
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
3100
3101
|
rpId?: string | undefined;
|
|
3101
3102
|
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
3102
3103
|
chainId?: number | undefined;
|
|
3103
3104
|
domain?: string | undefined;
|
|
3104
|
-
verifiedAt?: number | undefined;
|
|
3105
3105
|
}, {
|
|
3106
|
-
type: "
|
|
3106
|
+
type: "oauth2" | "credential" | "oauth" | "password" | "verifiable_credential" | "mdl" | "idv" | "webauthn" | "siwe" | "none";
|
|
3107
3107
|
provider?: string | undefined;
|
|
3108
|
-
|
|
3108
|
+
verifiedAt?: number | undefined;
|
|
3109
3109
|
issuer?: string | undefined;
|
|
3110
|
+
credentialType?: string | undefined;
|
|
3110
3111
|
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
3111
3112
|
rpId?: string | undefined;
|
|
3112
3113
|
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
3113
3114
|
chainId?: number | undefined;
|
|
3114
3115
|
domain?: string | undefined;
|
|
3115
|
-
verifiedAt?: number | undefined;
|
|
3116
3116
|
}>;
|
|
3117
3117
|
export type AuthorizationInfo = z.infer<typeof AuthorizationInfoSchema>;
|
|
3118
3118
|
/**
|
|
@@ -3157,27 +3157,27 @@ export declare const DelegationVerificationDetailsSchema: z.ZodObject<{
|
|
|
3157
3157
|
/** Timestamp when authorization was verified (milliseconds since epoch) */
|
|
3158
3158
|
verifiedAt: z.ZodOptional<z.ZodNumber>;
|
|
3159
3159
|
}, "strip", z.ZodTypeAny, {
|
|
3160
|
-
type: "
|
|
3160
|
+
type: "oauth2" | "credential" | "oauth" | "password" | "verifiable_credential" | "mdl" | "idv" | "webauthn" | "siwe" | "none";
|
|
3161
3161
|
provider?: string | undefined;
|
|
3162
|
-
|
|
3162
|
+
verifiedAt?: number | undefined;
|
|
3163
3163
|
issuer?: string | undefined;
|
|
3164
|
+
credentialType?: string | undefined;
|
|
3164
3165
|
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
3165
3166
|
rpId?: string | undefined;
|
|
3166
3167
|
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
3167
3168
|
chainId?: number | undefined;
|
|
3168
3169
|
domain?: string | undefined;
|
|
3169
|
-
verifiedAt?: number | undefined;
|
|
3170
3170
|
}, {
|
|
3171
|
-
type: "
|
|
3171
|
+
type: "oauth2" | "credential" | "oauth" | "password" | "verifiable_credential" | "mdl" | "idv" | "webauthn" | "siwe" | "none";
|
|
3172
3172
|
provider?: string | undefined;
|
|
3173
|
-
|
|
3173
|
+
verifiedAt?: number | undefined;
|
|
3174
3174
|
issuer?: string | undefined;
|
|
3175
|
+
credentialType?: string | undefined;
|
|
3175
3176
|
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
3176
3177
|
rpId?: string | undefined;
|
|
3177
3178
|
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
3178
3179
|
chainId?: number | undefined;
|
|
3179
3180
|
domain?: string | undefined;
|
|
3180
|
-
verifiedAt?: number | undefined;
|
|
3181
3181
|
}>>;
|
|
3182
3182
|
}, "passthrough", z.ZodTypeAny, z.objectOutputType<{
|
|
3183
3183
|
/** Authorization info - how identity was verified during consent */
|
|
@@ -3216,27 +3216,27 @@ export declare const DelegationVerificationDetailsSchema: z.ZodObject<{
|
|
|
3216
3216
|
/** Timestamp when authorization was verified (milliseconds since epoch) */
|
|
3217
3217
|
verifiedAt: z.ZodOptional<z.ZodNumber>;
|
|
3218
3218
|
}, "strip", z.ZodTypeAny, {
|
|
3219
|
-
type: "
|
|
3219
|
+
type: "oauth2" | "credential" | "oauth" | "password" | "verifiable_credential" | "mdl" | "idv" | "webauthn" | "siwe" | "none";
|
|
3220
3220
|
provider?: string | undefined;
|
|
3221
|
-
|
|
3221
|
+
verifiedAt?: number | undefined;
|
|
3222
3222
|
issuer?: string | undefined;
|
|
3223
|
+
credentialType?: string | undefined;
|
|
3223
3224
|
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
3224
3225
|
rpId?: string | undefined;
|
|
3225
3226
|
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
3226
3227
|
chainId?: number | undefined;
|
|
3227
3228
|
domain?: string | undefined;
|
|
3228
|
-
verifiedAt?: number | undefined;
|
|
3229
3229
|
}, {
|
|
3230
|
-
type: "
|
|
3230
|
+
type: "oauth2" | "credential" | "oauth" | "password" | "verifiable_credential" | "mdl" | "idv" | "webauthn" | "siwe" | "none";
|
|
3231
3231
|
provider?: string | undefined;
|
|
3232
|
-
|
|
3232
|
+
verifiedAt?: number | undefined;
|
|
3233
3233
|
issuer?: string | undefined;
|
|
3234
|
+
credentialType?: string | undefined;
|
|
3234
3235
|
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
3235
3236
|
rpId?: string | undefined;
|
|
3236
3237
|
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
3237
3238
|
chainId?: number | undefined;
|
|
3238
3239
|
domain?: string | undefined;
|
|
3239
|
-
verifiedAt?: number | undefined;
|
|
3240
3240
|
}>>;
|
|
3241
3241
|
}, z.ZodTypeAny, "passthrough">, z.objectInputType<{
|
|
3242
3242
|
/** Authorization info - how identity was verified during consent */
|
|
@@ -3275,27 +3275,27 @@ export declare const DelegationVerificationDetailsSchema: z.ZodObject<{
|
|
|
3275
3275
|
/** Timestamp when authorization was verified (milliseconds since epoch) */
|
|
3276
3276
|
verifiedAt: z.ZodOptional<z.ZodNumber>;
|
|
3277
3277
|
}, "strip", z.ZodTypeAny, {
|
|
3278
|
-
type: "
|
|
3278
|
+
type: "oauth2" | "credential" | "oauth" | "password" | "verifiable_credential" | "mdl" | "idv" | "webauthn" | "siwe" | "none";
|
|
3279
3279
|
provider?: string | undefined;
|
|
3280
|
-
|
|
3280
|
+
verifiedAt?: number | undefined;
|
|
3281
3281
|
issuer?: string | undefined;
|
|
3282
|
+
credentialType?: string | undefined;
|
|
3282
3283
|
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
3283
3284
|
rpId?: string | undefined;
|
|
3284
3285
|
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
3285
3286
|
chainId?: number | undefined;
|
|
3286
3287
|
domain?: string | undefined;
|
|
3287
|
-
verifiedAt?: number | undefined;
|
|
3288
3288
|
}, {
|
|
3289
|
-
type: "
|
|
3289
|
+
type: "oauth2" | "credential" | "oauth" | "password" | "verifiable_credential" | "mdl" | "idv" | "webauthn" | "siwe" | "none";
|
|
3290
3290
|
provider?: string | undefined;
|
|
3291
|
-
|
|
3291
|
+
verifiedAt?: number | undefined;
|
|
3292
3292
|
issuer?: string | undefined;
|
|
3293
|
+
credentialType?: string | undefined;
|
|
3293
3294
|
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
3294
3295
|
rpId?: string | undefined;
|
|
3295
3296
|
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
3296
3297
|
chainId?: number | undefined;
|
|
3297
3298
|
domain?: string | undefined;
|
|
3298
|
-
verifiedAt?: number | undefined;
|
|
3299
3299
|
}>>;
|
|
3300
3300
|
}, z.ZodTypeAny, "passthrough">>;
|
|
3301
3301
|
export type DelegationVerificationDetails = z.infer<typeof DelegationVerificationDetailsSchema>;
|
|
@@ -3357,27 +3357,27 @@ export declare const DelegationVerificationResultSchema: z.ZodObject<{
|
|
|
3357
3357
|
/** Timestamp when authorization was verified (milliseconds since epoch) */
|
|
3358
3358
|
verifiedAt: z.ZodOptional<z.ZodNumber>;
|
|
3359
3359
|
}, "strip", z.ZodTypeAny, {
|
|
3360
|
-
type: "
|
|
3360
|
+
type: "oauth2" | "credential" | "oauth" | "password" | "verifiable_credential" | "mdl" | "idv" | "webauthn" | "siwe" | "none";
|
|
3361
3361
|
provider?: string | undefined;
|
|
3362
|
-
|
|
3362
|
+
verifiedAt?: number | undefined;
|
|
3363
3363
|
issuer?: string | undefined;
|
|
3364
|
+
credentialType?: string | undefined;
|
|
3364
3365
|
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
3365
3366
|
rpId?: string | undefined;
|
|
3366
3367
|
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
3367
3368
|
chainId?: number | undefined;
|
|
3368
3369
|
domain?: string | undefined;
|
|
3369
|
-
verifiedAt?: number | undefined;
|
|
3370
3370
|
}, {
|
|
3371
|
-
type: "
|
|
3371
|
+
type: "oauth2" | "credential" | "oauth" | "password" | "verifiable_credential" | "mdl" | "idv" | "webauthn" | "siwe" | "none";
|
|
3372
3372
|
provider?: string | undefined;
|
|
3373
|
-
|
|
3373
|
+
verifiedAt?: number | undefined;
|
|
3374
3374
|
issuer?: string | undefined;
|
|
3375
|
+
credentialType?: string | undefined;
|
|
3375
3376
|
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
3376
3377
|
rpId?: string | undefined;
|
|
3377
3378
|
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
3378
3379
|
chainId?: number | undefined;
|
|
3379
3380
|
domain?: string | undefined;
|
|
3380
|
-
verifiedAt?: number | undefined;
|
|
3381
3381
|
}>>;
|
|
3382
3382
|
}, "passthrough", z.ZodTypeAny, z.objectOutputType<{
|
|
3383
3383
|
/** Authorization info - how identity was verified during consent */
|
|
@@ -3416,27 +3416,27 @@ export declare const DelegationVerificationResultSchema: z.ZodObject<{
|
|
|
3416
3416
|
/** Timestamp when authorization was verified (milliseconds since epoch) */
|
|
3417
3417
|
verifiedAt: z.ZodOptional<z.ZodNumber>;
|
|
3418
3418
|
}, "strip", z.ZodTypeAny, {
|
|
3419
|
-
type: "
|
|
3419
|
+
type: "oauth2" | "credential" | "oauth" | "password" | "verifiable_credential" | "mdl" | "idv" | "webauthn" | "siwe" | "none";
|
|
3420
3420
|
provider?: string | undefined;
|
|
3421
|
-
|
|
3421
|
+
verifiedAt?: number | undefined;
|
|
3422
3422
|
issuer?: string | undefined;
|
|
3423
|
+
credentialType?: string | undefined;
|
|
3423
3424
|
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
3424
3425
|
rpId?: string | undefined;
|
|
3425
3426
|
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
3426
3427
|
chainId?: number | undefined;
|
|
3427
3428
|
domain?: string | undefined;
|
|
3428
|
-
verifiedAt?: number | undefined;
|
|
3429
3429
|
}, {
|
|
3430
|
-
type: "
|
|
3430
|
+
type: "oauth2" | "credential" | "oauth" | "password" | "verifiable_credential" | "mdl" | "idv" | "webauthn" | "siwe" | "none";
|
|
3431
3431
|
provider?: string | undefined;
|
|
3432
|
-
|
|
3432
|
+
verifiedAt?: number | undefined;
|
|
3433
3433
|
issuer?: string | undefined;
|
|
3434
|
+
credentialType?: string | undefined;
|
|
3434
3435
|
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
3435
3436
|
rpId?: string | undefined;
|
|
3436
3437
|
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
3437
3438
|
chainId?: number | undefined;
|
|
3438
3439
|
domain?: string | undefined;
|
|
3439
|
-
verifiedAt?: number | undefined;
|
|
3440
3440
|
}>>;
|
|
3441
3441
|
}, z.ZodTypeAny, "passthrough">, z.objectInputType<{
|
|
3442
3442
|
/** Authorization info - how identity was verified during consent */
|
|
@@ -3475,37 +3475,34 @@ export declare const DelegationVerificationResultSchema: z.ZodObject<{
|
|
|
3475
3475
|
/** Timestamp when authorization was verified (milliseconds since epoch) */
|
|
3476
3476
|
verifiedAt: z.ZodOptional<z.ZodNumber>;
|
|
3477
3477
|
}, "strip", z.ZodTypeAny, {
|
|
3478
|
-
type: "
|
|
3478
|
+
type: "oauth2" | "credential" | "oauth" | "password" | "verifiable_credential" | "mdl" | "idv" | "webauthn" | "siwe" | "none";
|
|
3479
3479
|
provider?: string | undefined;
|
|
3480
|
-
|
|
3480
|
+
verifiedAt?: number | undefined;
|
|
3481
3481
|
issuer?: string | undefined;
|
|
3482
|
+
credentialType?: string | undefined;
|
|
3482
3483
|
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
3483
3484
|
rpId?: string | undefined;
|
|
3484
3485
|
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
3485
3486
|
chainId?: number | undefined;
|
|
3486
3487
|
domain?: string | undefined;
|
|
3487
|
-
verifiedAt?: number | undefined;
|
|
3488
3488
|
}, {
|
|
3489
|
-
type: "
|
|
3489
|
+
type: "oauth2" | "credential" | "oauth" | "password" | "verifiable_credential" | "mdl" | "idv" | "webauthn" | "siwe" | "none";
|
|
3490
3490
|
provider?: string | undefined;
|
|
3491
|
-
|
|
3491
|
+
verifiedAt?: number | undefined;
|
|
3492
3492
|
issuer?: string | undefined;
|
|
3493
|
+
credentialType?: string | undefined;
|
|
3493
3494
|
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
3494
3495
|
rpId?: string | undefined;
|
|
3495
3496
|
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
3496
3497
|
chainId?: number | undefined;
|
|
3497
3498
|
domain?: string | undefined;
|
|
3498
|
-
verifiedAt?: number | undefined;
|
|
3499
3499
|
}>>;
|
|
3500
3500
|
}, z.ZodTypeAny, "passthrough">>>;
|
|
3501
3501
|
}, "strip", z.ZodTypeAny, {
|
|
3502
3502
|
valid: boolean;
|
|
3503
3503
|
status: "active" | "revoked" | "expired";
|
|
3504
|
-
delegationId: string;
|
|
3505
3504
|
verifiedAt: number;
|
|
3506
|
-
|
|
3507
|
-
credentialValid?: boolean | undefined;
|
|
3508
|
-
chainValid?: boolean | undefined;
|
|
3505
|
+
delegationId: string;
|
|
3509
3506
|
details?: z.objectOutputType<{
|
|
3510
3507
|
/** Authorization info - how identity was verified during consent */
|
|
3511
3508
|
authorization: z.ZodOptional<z.ZodObject<{
|
|
@@ -3543,37 +3540,37 @@ export declare const DelegationVerificationResultSchema: z.ZodObject<{
|
|
|
3543
3540
|
/** Timestamp when authorization was verified (milliseconds since epoch) */
|
|
3544
3541
|
verifiedAt: z.ZodOptional<z.ZodNumber>;
|
|
3545
3542
|
}, "strip", z.ZodTypeAny, {
|
|
3546
|
-
type: "
|
|
3543
|
+
type: "oauth2" | "credential" | "oauth" | "password" | "verifiable_credential" | "mdl" | "idv" | "webauthn" | "siwe" | "none";
|
|
3547
3544
|
provider?: string | undefined;
|
|
3548
|
-
|
|
3545
|
+
verifiedAt?: number | undefined;
|
|
3549
3546
|
issuer?: string | undefined;
|
|
3547
|
+
credentialType?: string | undefined;
|
|
3550
3548
|
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
3551
3549
|
rpId?: string | undefined;
|
|
3552
3550
|
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
3553
3551
|
chainId?: number | undefined;
|
|
3554
3552
|
domain?: string | undefined;
|
|
3555
|
-
verifiedAt?: number | undefined;
|
|
3556
3553
|
}, {
|
|
3557
|
-
type: "
|
|
3554
|
+
type: "oauth2" | "credential" | "oauth" | "password" | "verifiable_credential" | "mdl" | "idv" | "webauthn" | "siwe" | "none";
|
|
3558
3555
|
provider?: string | undefined;
|
|
3559
|
-
|
|
3556
|
+
verifiedAt?: number | undefined;
|
|
3560
3557
|
issuer?: string | undefined;
|
|
3558
|
+
credentialType?: string | undefined;
|
|
3561
3559
|
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
3562
3560
|
rpId?: string | undefined;
|
|
3563
3561
|
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
3564
3562
|
chainId?: number | undefined;
|
|
3565
3563
|
domain?: string | undefined;
|
|
3566
|
-
verifiedAt?: number | undefined;
|
|
3567
3564
|
}>>;
|
|
3568
3565
|
}, z.ZodTypeAny, "passthrough"> | undefined;
|
|
3566
|
+
reason?: string | undefined;
|
|
3567
|
+
credentialValid?: boolean | undefined;
|
|
3568
|
+
chainValid?: boolean | undefined;
|
|
3569
3569
|
}, {
|
|
3570
3570
|
valid: boolean;
|
|
3571
3571
|
status: "active" | "revoked" | "expired";
|
|
3572
|
-
delegationId: string;
|
|
3573
3572
|
verifiedAt: number;
|
|
3574
|
-
|
|
3575
|
-
credentialValid?: boolean | undefined;
|
|
3576
|
-
chainValid?: boolean | undefined;
|
|
3573
|
+
delegationId: string;
|
|
3577
3574
|
details?: z.objectInputType<{
|
|
3578
3575
|
/** Authorization info - how identity was verified during consent */
|
|
3579
3576
|
authorization: z.ZodOptional<z.ZodObject<{
|
|
@@ -3611,29 +3608,32 @@ export declare const DelegationVerificationResultSchema: z.ZodObject<{
|
|
|
3611
3608
|
/** Timestamp when authorization was verified (milliseconds since epoch) */
|
|
3612
3609
|
verifiedAt: z.ZodOptional<z.ZodNumber>;
|
|
3613
3610
|
}, "strip", z.ZodTypeAny, {
|
|
3614
|
-
type: "
|
|
3611
|
+
type: "oauth2" | "credential" | "oauth" | "password" | "verifiable_credential" | "mdl" | "idv" | "webauthn" | "siwe" | "none";
|
|
3615
3612
|
provider?: string | undefined;
|
|
3616
|
-
|
|
3613
|
+
verifiedAt?: number | undefined;
|
|
3617
3614
|
issuer?: string | undefined;
|
|
3615
|
+
credentialType?: string | undefined;
|
|
3618
3616
|
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
3619
3617
|
rpId?: string | undefined;
|
|
3620
3618
|
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
3621
3619
|
chainId?: number | undefined;
|
|
3622
3620
|
domain?: string | undefined;
|
|
3623
|
-
verifiedAt?: number | undefined;
|
|
3624
3621
|
}, {
|
|
3625
|
-
type: "
|
|
3622
|
+
type: "oauth2" | "credential" | "oauth" | "password" | "verifiable_credential" | "mdl" | "idv" | "webauthn" | "siwe" | "none";
|
|
3626
3623
|
provider?: string | undefined;
|
|
3627
|
-
|
|
3624
|
+
verifiedAt?: number | undefined;
|
|
3628
3625
|
issuer?: string | undefined;
|
|
3626
|
+
credentialType?: string | undefined;
|
|
3629
3627
|
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
3630
3628
|
rpId?: string | undefined;
|
|
3631
3629
|
userVerification?: "required" | "preferred" | "discouraged" | undefined;
|
|
3632
3630
|
chainId?: number | undefined;
|
|
3633
3631
|
domain?: string | undefined;
|
|
3634
|
-
verifiedAt?: number | undefined;
|
|
3635
3632
|
}>>;
|
|
3636
3633
|
}, z.ZodTypeAny, "passthrough"> | undefined;
|
|
3634
|
+
reason?: string | undefined;
|
|
3635
|
+
credentialValid?: boolean | undefined;
|
|
3636
|
+
chainValid?: boolean | undefined;
|
|
3637
3637
|
}>;
|
|
3638
3638
|
export type DelegationVerificationResult = z.infer<typeof DelegationVerificationResultSchema>;
|
|
3639
3639
|
/**
|
|
@@ -4504,15 +4504,12 @@ export declare function validateDelegationChain(chain: unknown): z.SafeParseRetu
|
|
|
4504
4504
|
rootIssuer: string;
|
|
4505
4505
|
leafSubject: string;
|
|
4506
4506
|
chain: {
|
|
4507
|
-
issuerDid: string;
|
|
4508
|
-
subjectDid: string;
|
|
4509
|
-
vcId: string;
|
|
4510
4507
|
status: "active" | "revoked" | "expired";
|
|
4511
4508
|
constraints: {
|
|
4512
|
-
notBefore?: number | undefined;
|
|
4513
|
-
notAfter?: number | undefined;
|
|
4514
4509
|
scopes?: string[] | undefined;
|
|
4515
4510
|
audience?: string | string[] | undefined;
|
|
4511
|
+
notBefore?: number | undefined;
|
|
4512
|
+
notAfter?: number | undefined;
|
|
4516
4513
|
crisp?: z.objectInputType<{
|
|
4517
4514
|
budget: z.ZodOptional<z.ZodObject<{
|
|
4518
4515
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -4559,6 +4556,9 @@ export declare function validateDelegationChain(chain: unknown): z.SafeParseRetu
|
|
|
4559
4556
|
} & {
|
|
4560
4557
|
[k: string]: unknown;
|
|
4561
4558
|
};
|
|
4559
|
+
issuerDid: string;
|
|
4560
|
+
subjectDid: string;
|
|
4561
|
+
vcId: string;
|
|
4562
4562
|
delegationId: string;
|
|
4563
4563
|
depth: number;
|
|
4564
4564
|
}[];
|
|
@@ -4569,15 +4569,12 @@ export declare function validateDelegationChain(chain: unknown): z.SafeParseRetu
|
|
|
4569
4569
|
rootIssuer: string;
|
|
4570
4570
|
leafSubject: string;
|
|
4571
4571
|
chain: {
|
|
4572
|
-
issuerDid: string;
|
|
4573
|
-
subjectDid: string;
|
|
4574
|
-
vcId: string;
|
|
4575
4572
|
status: "active" | "revoked" | "expired";
|
|
4576
4573
|
constraints: {
|
|
4577
|
-
notBefore?: number | undefined;
|
|
4578
|
-
notAfter?: number | undefined;
|
|
4579
4574
|
scopes?: string[] | undefined;
|
|
4580
4575
|
audience?: string | string[] | undefined;
|
|
4576
|
+
notBefore?: number | undefined;
|
|
4577
|
+
notAfter?: number | undefined;
|
|
4581
4578
|
crisp?: z.objectOutputType<{
|
|
4582
4579
|
budget: z.ZodOptional<z.ZodObject<{
|
|
4583
4580
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -4624,6 +4621,9 @@ export declare function validateDelegationChain(chain: unknown): z.SafeParseRetu
|
|
|
4624
4621
|
} & {
|
|
4625
4622
|
[k: string]: unknown;
|
|
4626
4623
|
};
|
|
4624
|
+
issuerDid: string;
|
|
4625
|
+
subjectDid: string;
|
|
4626
|
+
vcId: string;
|
|
4627
4627
|
delegationId: string;
|
|
4628
4628
|
depth: number;
|
|
4629
4629
|
}[];
|
|
@@ -4680,6 +4680,9 @@ export declare const DELEGATION_CREDENTIAL_CONTEXT: "https://schemas.kya-os.ai/x
|
|
|
4680
4680
|
*
|
|
4681
4681
|
* Per Python POC (Delegation-Service.md:136-146), delegations are issued AS
|
|
4682
4682
|
* W3C VCs, with the delegation data embedded in the credentialSubject.
|
|
4683
|
+
*
|
|
4684
|
+
* Phase 7 Update: Added userDid, userIdentifier, sessionId, and scopes
|
|
4685
|
+
* to support Agent Shield VC-JWT tokens and MCP session tracking.
|
|
4683
4686
|
*/
|
|
4684
4687
|
export declare const DelegationCredentialSubjectSchema: z.ZodObject<{
|
|
4685
4688
|
/** Subject DID (delegatee) */
|
|
@@ -4692,6 +4695,38 @@ export declare const DelegationCredentialSubjectSchema: z.ZodObject<{
|
|
|
4692
4695
|
issuerDid: z.ZodString;
|
|
4693
4696
|
/** DID of the delegatee (subject, e.g., agent) */
|
|
4694
4697
|
subjectDid: z.ZodString;
|
|
4698
|
+
/**
|
|
4699
|
+
* DID of the user who granted the delegation.
|
|
4700
|
+
*
|
|
4701
|
+
* This is the authorizing user's identity. In simple cases, this equals
|
|
4702
|
+
* issuerDid. In delegated scenarios (e.g., AgentShield issuing on behalf
|
|
4703
|
+
* of a user), userDid identifies the actual user who consented.
|
|
4704
|
+
*
|
|
4705
|
+
* Required by Agent Shield API for user-scoped delegations.
|
|
4706
|
+
* @see delegationCredentialSchema in agentshield-api/schemas.ts
|
|
4707
|
+
*/
|
|
4708
|
+
userDid: z.ZodOptional<z.ZodString>;
|
|
4709
|
+
/**
|
|
4710
|
+
* Human-readable identifier for the user (e.g., email, OAuth subject).
|
|
4711
|
+
*
|
|
4712
|
+
* Used for backward compatibility and display purposes.
|
|
4713
|
+
* Should not be used for cryptographic identity verification.
|
|
4714
|
+
*/
|
|
4715
|
+
userIdentifier: z.ZodOptional<z.ZodString>;
|
|
4716
|
+
/**
|
|
4717
|
+
* MCP session ID for session tracking and integration.
|
|
4718
|
+
*
|
|
4719
|
+
* Links the delegation to a specific MCP session, enabling
|
|
4720
|
+
* session-scoped token caching and audit trails.
|
|
4721
|
+
*/
|
|
4722
|
+
sessionId: z.ZodOptional<z.ZodString>;
|
|
4723
|
+
/**
|
|
4724
|
+
* Authorized scopes for this delegation.
|
|
4725
|
+
*
|
|
4726
|
+
* Array of scope strings (e.g., ['tool:execute', 'resource:read']).
|
|
4727
|
+
* When present, defines what actions the delegatee is authorized to perform.
|
|
4728
|
+
*/
|
|
4729
|
+
scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
4695
4730
|
/** Optional controller (user account ID or DID) */
|
|
4696
4731
|
controller: z.ZodOptional<z.ZodString>;
|
|
4697
4732
|
/** Optional parent delegation ID for chain tracking */
|
|
@@ -5101,15 +5136,13 @@ export declare const DelegationCredentialSubjectSchema: z.ZodObject<{
|
|
|
5101
5136
|
/** Optional metadata */
|
|
5102
5137
|
metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
|
|
5103
5138
|
}, "strip", z.ZodTypeAny, {
|
|
5104
|
-
id: string;
|
|
5105
|
-
issuerDid: string;
|
|
5106
|
-
subjectDid: string;
|
|
5107
5139
|
status: "active" | "revoked" | "expired";
|
|
5140
|
+
id: string;
|
|
5108
5141
|
constraints: {
|
|
5109
|
-
notBefore?: number | undefined;
|
|
5110
|
-
notAfter?: number | undefined;
|
|
5111
5142
|
scopes?: string[] | undefined;
|
|
5112
5143
|
audience?: string | string[] | undefined;
|
|
5144
|
+
notBefore?: number | undefined;
|
|
5145
|
+
notAfter?: number | undefined;
|
|
5113
5146
|
crisp?: z.objectOutputType<{
|
|
5114
5147
|
budget: z.ZodOptional<z.ZodObject<{
|
|
5115
5148
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -5156,19 +5189,23 @@ export declare const DelegationCredentialSubjectSchema: z.ZodObject<{
|
|
|
5156
5189
|
} & {
|
|
5157
5190
|
[k: string]: unknown;
|
|
5158
5191
|
};
|
|
5192
|
+
issuerDid: string;
|
|
5193
|
+
subjectDid: string;
|
|
5194
|
+
scopes?: string[] | undefined;
|
|
5195
|
+
metadata?: Record<string, any> | undefined;
|
|
5196
|
+
createdAt?: number | undefined;
|
|
5197
|
+
sessionId?: string | undefined;
|
|
5198
|
+
userDid?: string | undefined;
|
|
5159
5199
|
controller?: string | undefined;
|
|
5160
5200
|
parentId?: string | undefined;
|
|
5161
|
-
|
|
5162
|
-
metadata?: Record<string, any> | undefined;
|
|
5201
|
+
userIdentifier?: string | undefined;
|
|
5163
5202
|
}, {
|
|
5164
5203
|
id: string;
|
|
5165
|
-
issuerDid: string;
|
|
5166
|
-
subjectDid: string;
|
|
5167
5204
|
constraints: {
|
|
5168
|
-
notBefore?: number | undefined;
|
|
5169
|
-
notAfter?: number | undefined;
|
|
5170
5205
|
scopes?: string[] | undefined;
|
|
5171
5206
|
audience?: string | string[] | undefined;
|
|
5207
|
+
notBefore?: number | undefined;
|
|
5208
|
+
notAfter?: number | undefined;
|
|
5172
5209
|
crisp?: z.objectInputType<{
|
|
5173
5210
|
budget: z.ZodOptional<z.ZodObject<{
|
|
5174
5211
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -5215,24 +5252,27 @@ export declare const DelegationCredentialSubjectSchema: z.ZodObject<{
|
|
|
5215
5252
|
} & {
|
|
5216
5253
|
[k: string]: unknown;
|
|
5217
5254
|
};
|
|
5218
|
-
|
|
5219
|
-
|
|
5255
|
+
issuerDid: string;
|
|
5256
|
+
subjectDid: string;
|
|
5220
5257
|
status?: "active" | "revoked" | "expired" | undefined;
|
|
5221
|
-
|
|
5258
|
+
scopes?: string[] | undefined;
|
|
5222
5259
|
metadata?: Record<string, any> | undefined;
|
|
5260
|
+
createdAt?: number | undefined;
|
|
5261
|
+
sessionId?: string | undefined;
|
|
5262
|
+
userDid?: string | undefined;
|
|
5263
|
+
controller?: string | undefined;
|
|
5264
|
+
parentId?: string | undefined;
|
|
5265
|
+
userIdentifier?: string | undefined;
|
|
5223
5266
|
}>;
|
|
5224
5267
|
}, "strip", z.ZodTypeAny, {
|
|
5225
|
-
id: string;
|
|
5226
5268
|
delegation: {
|
|
5227
|
-
id: string;
|
|
5228
|
-
issuerDid: string;
|
|
5229
|
-
subjectDid: string;
|
|
5230
5269
|
status: "active" | "revoked" | "expired";
|
|
5270
|
+
id: string;
|
|
5231
5271
|
constraints: {
|
|
5232
|
-
notBefore?: number | undefined;
|
|
5233
|
-
notAfter?: number | undefined;
|
|
5234
5272
|
scopes?: string[] | undefined;
|
|
5235
5273
|
audience?: string | string[] | undefined;
|
|
5274
|
+
notBefore?: number | undefined;
|
|
5275
|
+
notAfter?: number | undefined;
|
|
5236
5276
|
crisp?: z.objectOutputType<{
|
|
5237
5277
|
budget: z.ZodOptional<z.ZodObject<{
|
|
5238
5278
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -5279,22 +5319,26 @@ export declare const DelegationCredentialSubjectSchema: z.ZodObject<{
|
|
|
5279
5319
|
} & {
|
|
5280
5320
|
[k: string]: unknown;
|
|
5281
5321
|
};
|
|
5322
|
+
issuerDid: string;
|
|
5323
|
+
subjectDid: string;
|
|
5324
|
+
scopes?: string[] | undefined;
|
|
5325
|
+
metadata?: Record<string, any> | undefined;
|
|
5326
|
+
createdAt?: number | undefined;
|
|
5327
|
+
sessionId?: string | undefined;
|
|
5328
|
+
userDid?: string | undefined;
|
|
5282
5329
|
controller?: string | undefined;
|
|
5283
5330
|
parentId?: string | undefined;
|
|
5284
|
-
|
|
5285
|
-
metadata?: Record<string, any> | undefined;
|
|
5331
|
+
userIdentifier?: string | undefined;
|
|
5286
5332
|
};
|
|
5287
|
-
}, {
|
|
5288
5333
|
id: string;
|
|
5334
|
+
}, {
|
|
5289
5335
|
delegation: {
|
|
5290
5336
|
id: string;
|
|
5291
|
-
issuerDid: string;
|
|
5292
|
-
subjectDid: string;
|
|
5293
5337
|
constraints: {
|
|
5294
|
-
notBefore?: number | undefined;
|
|
5295
|
-
notAfter?: number | undefined;
|
|
5296
5338
|
scopes?: string[] | undefined;
|
|
5297
5339
|
audience?: string | string[] | undefined;
|
|
5340
|
+
notBefore?: number | undefined;
|
|
5341
|
+
notAfter?: number | undefined;
|
|
5298
5342
|
crisp?: z.objectInputType<{
|
|
5299
5343
|
budget: z.ZodOptional<z.ZodObject<{
|
|
5300
5344
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -5341,12 +5385,19 @@ export declare const DelegationCredentialSubjectSchema: z.ZodObject<{
|
|
|
5341
5385
|
} & {
|
|
5342
5386
|
[k: string]: unknown;
|
|
5343
5387
|
};
|
|
5344
|
-
|
|
5345
|
-
|
|
5346
|
-
status?: "active" | "revoked" | "expired" | undefined;
|
|
5347
|
-
|
|
5388
|
+
issuerDid: string;
|
|
5389
|
+
subjectDid: string;
|
|
5390
|
+
status?: "active" | "revoked" | "expired" | undefined;
|
|
5391
|
+
scopes?: string[] | undefined;
|
|
5348
5392
|
metadata?: Record<string, any> | undefined;
|
|
5393
|
+
createdAt?: number | undefined;
|
|
5394
|
+
sessionId?: string | undefined;
|
|
5395
|
+
userDid?: string | undefined;
|
|
5396
|
+
controller?: string | undefined;
|
|
5397
|
+
parentId?: string | undefined;
|
|
5398
|
+
userIdentifier?: string | undefined;
|
|
5349
5399
|
};
|
|
5400
|
+
id: string;
|
|
5350
5401
|
}>;
|
|
5351
5402
|
export type DelegationCredentialSubject = z.infer<typeof DelegationCredentialSubjectSchema>;
|
|
5352
5403
|
/**
|
|
@@ -5397,6 +5448,38 @@ export declare const DelegationCredentialSchema: z.ZodObject<{
|
|
|
5397
5448
|
issuerDid: z.ZodString;
|
|
5398
5449
|
/** DID of the delegatee (subject, e.g., agent) */
|
|
5399
5450
|
subjectDid: z.ZodString;
|
|
5451
|
+
/**
|
|
5452
|
+
* DID of the user who granted the delegation.
|
|
5453
|
+
*
|
|
5454
|
+
* This is the authorizing user's identity. In simple cases, this equals
|
|
5455
|
+
* issuerDid. In delegated scenarios (e.g., AgentShield issuing on behalf
|
|
5456
|
+
* of a user), userDid identifies the actual user who consented.
|
|
5457
|
+
*
|
|
5458
|
+
* Required by Agent Shield API for user-scoped delegations.
|
|
5459
|
+
* @see delegationCredentialSchema in agentshield-api/schemas.ts
|
|
5460
|
+
*/
|
|
5461
|
+
userDid: z.ZodOptional<z.ZodString>;
|
|
5462
|
+
/**
|
|
5463
|
+
* Human-readable identifier for the user (e.g., email, OAuth subject).
|
|
5464
|
+
*
|
|
5465
|
+
* Used for backward compatibility and display purposes.
|
|
5466
|
+
* Should not be used for cryptographic identity verification.
|
|
5467
|
+
*/
|
|
5468
|
+
userIdentifier: z.ZodOptional<z.ZodString>;
|
|
5469
|
+
/**
|
|
5470
|
+
* MCP session ID for session tracking and integration.
|
|
5471
|
+
*
|
|
5472
|
+
* Links the delegation to a specific MCP session, enabling
|
|
5473
|
+
* session-scoped token caching and audit trails.
|
|
5474
|
+
*/
|
|
5475
|
+
sessionId: z.ZodOptional<z.ZodString>;
|
|
5476
|
+
/**
|
|
5477
|
+
* Authorized scopes for this delegation.
|
|
5478
|
+
*
|
|
5479
|
+
* Array of scope strings (e.g., ['tool:execute', 'resource:read']).
|
|
5480
|
+
* When present, defines what actions the delegatee is authorized to perform.
|
|
5481
|
+
*/
|
|
5482
|
+
scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
5400
5483
|
/** Optional controller (user account ID or DID) */
|
|
5401
5484
|
controller: z.ZodOptional<z.ZodString>;
|
|
5402
5485
|
/** Optional parent delegation ID for chain tracking */
|
|
@@ -5806,15 +5889,13 @@ export declare const DelegationCredentialSchema: z.ZodObject<{
|
|
|
5806
5889
|
/** Optional metadata */
|
|
5807
5890
|
metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
|
|
5808
5891
|
}, "strip", z.ZodTypeAny, {
|
|
5809
|
-
id: string;
|
|
5810
|
-
issuerDid: string;
|
|
5811
|
-
subjectDid: string;
|
|
5812
5892
|
status: "active" | "revoked" | "expired";
|
|
5893
|
+
id: string;
|
|
5813
5894
|
constraints: {
|
|
5814
|
-
notBefore?: number | undefined;
|
|
5815
|
-
notAfter?: number | undefined;
|
|
5816
5895
|
scopes?: string[] | undefined;
|
|
5817
5896
|
audience?: string | string[] | undefined;
|
|
5897
|
+
notBefore?: number | undefined;
|
|
5898
|
+
notAfter?: number | undefined;
|
|
5818
5899
|
crisp?: z.objectOutputType<{
|
|
5819
5900
|
budget: z.ZodOptional<z.ZodObject<{
|
|
5820
5901
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -5861,19 +5942,23 @@ export declare const DelegationCredentialSchema: z.ZodObject<{
|
|
|
5861
5942
|
} & {
|
|
5862
5943
|
[k: string]: unknown;
|
|
5863
5944
|
};
|
|
5945
|
+
issuerDid: string;
|
|
5946
|
+
subjectDid: string;
|
|
5947
|
+
scopes?: string[] | undefined;
|
|
5948
|
+
metadata?: Record<string, any> | undefined;
|
|
5949
|
+
createdAt?: number | undefined;
|
|
5950
|
+
sessionId?: string | undefined;
|
|
5951
|
+
userDid?: string | undefined;
|
|
5864
5952
|
controller?: string | undefined;
|
|
5865
5953
|
parentId?: string | undefined;
|
|
5866
|
-
|
|
5867
|
-
metadata?: Record<string, any> | undefined;
|
|
5954
|
+
userIdentifier?: string | undefined;
|
|
5868
5955
|
}, {
|
|
5869
5956
|
id: string;
|
|
5870
|
-
issuerDid: string;
|
|
5871
|
-
subjectDid: string;
|
|
5872
5957
|
constraints: {
|
|
5873
|
-
notBefore?: number | undefined;
|
|
5874
|
-
notAfter?: number | undefined;
|
|
5875
5958
|
scopes?: string[] | undefined;
|
|
5876
5959
|
audience?: string | string[] | undefined;
|
|
5960
|
+
notBefore?: number | undefined;
|
|
5961
|
+
notAfter?: number | undefined;
|
|
5877
5962
|
crisp?: z.objectInputType<{
|
|
5878
5963
|
budget: z.ZodOptional<z.ZodObject<{
|
|
5879
5964
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -5920,24 +6005,27 @@ export declare const DelegationCredentialSchema: z.ZodObject<{
|
|
|
5920
6005
|
} & {
|
|
5921
6006
|
[k: string]: unknown;
|
|
5922
6007
|
};
|
|
5923
|
-
|
|
5924
|
-
|
|
6008
|
+
issuerDid: string;
|
|
6009
|
+
subjectDid: string;
|
|
5925
6010
|
status?: "active" | "revoked" | "expired" | undefined;
|
|
5926
|
-
|
|
6011
|
+
scopes?: string[] | undefined;
|
|
5927
6012
|
metadata?: Record<string, any> | undefined;
|
|
6013
|
+
createdAt?: number | undefined;
|
|
6014
|
+
sessionId?: string | undefined;
|
|
6015
|
+
userDid?: string | undefined;
|
|
6016
|
+
controller?: string | undefined;
|
|
6017
|
+
parentId?: string | undefined;
|
|
6018
|
+
userIdentifier?: string | undefined;
|
|
5928
6019
|
}>;
|
|
5929
6020
|
}, "strip", z.ZodTypeAny, {
|
|
5930
|
-
id: string;
|
|
5931
6021
|
delegation: {
|
|
5932
|
-
id: string;
|
|
5933
|
-
issuerDid: string;
|
|
5934
|
-
subjectDid: string;
|
|
5935
6022
|
status: "active" | "revoked" | "expired";
|
|
6023
|
+
id: string;
|
|
5936
6024
|
constraints: {
|
|
5937
|
-
notBefore?: number | undefined;
|
|
5938
|
-
notAfter?: number | undefined;
|
|
5939
6025
|
scopes?: string[] | undefined;
|
|
5940
6026
|
audience?: string | string[] | undefined;
|
|
6027
|
+
notBefore?: number | undefined;
|
|
6028
|
+
notAfter?: number | undefined;
|
|
5941
6029
|
crisp?: z.objectOutputType<{
|
|
5942
6030
|
budget: z.ZodOptional<z.ZodObject<{
|
|
5943
6031
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -5984,22 +6072,26 @@ export declare const DelegationCredentialSchema: z.ZodObject<{
|
|
|
5984
6072
|
} & {
|
|
5985
6073
|
[k: string]: unknown;
|
|
5986
6074
|
};
|
|
6075
|
+
issuerDid: string;
|
|
6076
|
+
subjectDid: string;
|
|
6077
|
+
scopes?: string[] | undefined;
|
|
6078
|
+
metadata?: Record<string, any> | undefined;
|
|
6079
|
+
createdAt?: number | undefined;
|
|
6080
|
+
sessionId?: string | undefined;
|
|
6081
|
+
userDid?: string | undefined;
|
|
5987
6082
|
controller?: string | undefined;
|
|
5988
6083
|
parentId?: string | undefined;
|
|
5989
|
-
|
|
5990
|
-
metadata?: Record<string, any> | undefined;
|
|
6084
|
+
userIdentifier?: string | undefined;
|
|
5991
6085
|
};
|
|
5992
|
-
}, {
|
|
5993
6086
|
id: string;
|
|
6087
|
+
}, {
|
|
5994
6088
|
delegation: {
|
|
5995
6089
|
id: string;
|
|
5996
|
-
issuerDid: string;
|
|
5997
|
-
subjectDid: string;
|
|
5998
6090
|
constraints: {
|
|
5999
|
-
notBefore?: number | undefined;
|
|
6000
|
-
notAfter?: number | undefined;
|
|
6001
6091
|
scopes?: string[] | undefined;
|
|
6002
6092
|
audience?: string | string[] | undefined;
|
|
6093
|
+
notBefore?: number | undefined;
|
|
6094
|
+
notAfter?: number | undefined;
|
|
6003
6095
|
crisp?: z.objectInputType<{
|
|
6004
6096
|
budget: z.ZodOptional<z.ZodObject<{
|
|
6005
6097
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -6046,12 +6138,19 @@ export declare const DelegationCredentialSchema: z.ZodObject<{
|
|
|
6046
6138
|
} & {
|
|
6047
6139
|
[k: string]: unknown;
|
|
6048
6140
|
};
|
|
6049
|
-
|
|
6050
|
-
|
|
6141
|
+
issuerDid: string;
|
|
6142
|
+
subjectDid: string;
|
|
6051
6143
|
status?: "active" | "revoked" | "expired" | undefined;
|
|
6052
|
-
|
|
6144
|
+
scopes?: string[] | undefined;
|
|
6053
6145
|
metadata?: Record<string, any> | undefined;
|
|
6146
|
+
createdAt?: number | undefined;
|
|
6147
|
+
sessionId?: string | undefined;
|
|
6148
|
+
userDid?: string | undefined;
|
|
6149
|
+
controller?: string | undefined;
|
|
6150
|
+
parentId?: string | undefined;
|
|
6151
|
+
userIdentifier?: string | undefined;
|
|
6054
6152
|
};
|
|
6153
|
+
id: string;
|
|
6055
6154
|
}>;
|
|
6056
6155
|
credentialStatus: z.ZodOptional<z.ZodObject<{
|
|
6057
6156
|
id: z.ZodString;
|
|
@@ -6060,14 +6159,14 @@ export declare const DelegationCredentialSchema: z.ZodObject<{
|
|
|
6060
6159
|
statusListIndex: z.ZodString;
|
|
6061
6160
|
statusListCredential: z.ZodString;
|
|
6062
6161
|
}, "strip", z.ZodTypeAny, {
|
|
6063
|
-
id: string;
|
|
6064
6162
|
type: "StatusList2021Entry";
|
|
6163
|
+
id: string;
|
|
6065
6164
|
statusPurpose: "revocation" | "suspension";
|
|
6066
6165
|
statusListIndex: string;
|
|
6067
6166
|
statusListCredential: string;
|
|
6068
6167
|
}, {
|
|
6069
|
-
id: string;
|
|
6070
6168
|
type: "StatusList2021Entry";
|
|
6169
|
+
id: string;
|
|
6071
6170
|
statusPurpose: "revocation" | "suspension";
|
|
6072
6171
|
statusListIndex: string;
|
|
6073
6172
|
statusListCredential: string;
|
|
@@ -6113,6 +6212,38 @@ export declare const DelegationCredentialSchema: z.ZodObject<{
|
|
|
6113
6212
|
issuerDid: z.ZodString;
|
|
6114
6213
|
/** DID of the delegatee (subject, e.g., agent) */
|
|
6115
6214
|
subjectDid: z.ZodString;
|
|
6215
|
+
/**
|
|
6216
|
+
* DID of the user who granted the delegation.
|
|
6217
|
+
*
|
|
6218
|
+
* This is the authorizing user's identity. In simple cases, this equals
|
|
6219
|
+
* issuerDid. In delegated scenarios (e.g., AgentShield issuing on behalf
|
|
6220
|
+
* of a user), userDid identifies the actual user who consented.
|
|
6221
|
+
*
|
|
6222
|
+
* Required by Agent Shield API for user-scoped delegations.
|
|
6223
|
+
* @see delegationCredentialSchema in agentshield-api/schemas.ts
|
|
6224
|
+
*/
|
|
6225
|
+
userDid: z.ZodOptional<z.ZodString>;
|
|
6226
|
+
/**
|
|
6227
|
+
* Human-readable identifier for the user (e.g., email, OAuth subject).
|
|
6228
|
+
*
|
|
6229
|
+
* Used for backward compatibility and display purposes.
|
|
6230
|
+
* Should not be used for cryptographic identity verification.
|
|
6231
|
+
*/
|
|
6232
|
+
userIdentifier: z.ZodOptional<z.ZodString>;
|
|
6233
|
+
/**
|
|
6234
|
+
* MCP session ID for session tracking and integration.
|
|
6235
|
+
*
|
|
6236
|
+
* Links the delegation to a specific MCP session, enabling
|
|
6237
|
+
* session-scoped token caching and audit trails.
|
|
6238
|
+
*/
|
|
6239
|
+
sessionId: z.ZodOptional<z.ZodString>;
|
|
6240
|
+
/**
|
|
6241
|
+
* Authorized scopes for this delegation.
|
|
6242
|
+
*
|
|
6243
|
+
* Array of scope strings (e.g., ['tool:execute', 'resource:read']).
|
|
6244
|
+
* When present, defines what actions the delegatee is authorized to perform.
|
|
6245
|
+
*/
|
|
6246
|
+
scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
6116
6247
|
/** Optional controller (user account ID or DID) */
|
|
6117
6248
|
controller: z.ZodOptional<z.ZodString>;
|
|
6118
6249
|
/** Optional parent delegation ID for chain tracking */
|
|
@@ -6522,15 +6653,13 @@ export declare const DelegationCredentialSchema: z.ZodObject<{
|
|
|
6522
6653
|
/** Optional metadata */
|
|
6523
6654
|
metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
|
|
6524
6655
|
}, "strip", z.ZodTypeAny, {
|
|
6525
|
-
id: string;
|
|
6526
|
-
issuerDid: string;
|
|
6527
|
-
subjectDid: string;
|
|
6528
6656
|
status: "active" | "revoked" | "expired";
|
|
6657
|
+
id: string;
|
|
6529
6658
|
constraints: {
|
|
6530
|
-
notBefore?: number | undefined;
|
|
6531
|
-
notAfter?: number | undefined;
|
|
6532
6659
|
scopes?: string[] | undefined;
|
|
6533
6660
|
audience?: string | string[] | undefined;
|
|
6661
|
+
notBefore?: number | undefined;
|
|
6662
|
+
notAfter?: number | undefined;
|
|
6534
6663
|
crisp?: z.objectOutputType<{
|
|
6535
6664
|
budget: z.ZodOptional<z.ZodObject<{
|
|
6536
6665
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -6577,19 +6706,23 @@ export declare const DelegationCredentialSchema: z.ZodObject<{
|
|
|
6577
6706
|
} & {
|
|
6578
6707
|
[k: string]: unknown;
|
|
6579
6708
|
};
|
|
6709
|
+
issuerDid: string;
|
|
6710
|
+
subjectDid: string;
|
|
6711
|
+
scopes?: string[] | undefined;
|
|
6712
|
+
metadata?: Record<string, any> | undefined;
|
|
6713
|
+
createdAt?: number | undefined;
|
|
6714
|
+
sessionId?: string | undefined;
|
|
6715
|
+
userDid?: string | undefined;
|
|
6580
6716
|
controller?: string | undefined;
|
|
6581
6717
|
parentId?: string | undefined;
|
|
6582
|
-
|
|
6583
|
-
metadata?: Record<string, any> | undefined;
|
|
6718
|
+
userIdentifier?: string | undefined;
|
|
6584
6719
|
}, {
|
|
6585
6720
|
id: string;
|
|
6586
|
-
issuerDid: string;
|
|
6587
|
-
subjectDid: string;
|
|
6588
6721
|
constraints: {
|
|
6589
|
-
notBefore?: number | undefined;
|
|
6590
|
-
notAfter?: number | undefined;
|
|
6591
6722
|
scopes?: string[] | undefined;
|
|
6592
6723
|
audience?: string | string[] | undefined;
|
|
6724
|
+
notBefore?: number | undefined;
|
|
6725
|
+
notAfter?: number | undefined;
|
|
6593
6726
|
crisp?: z.objectInputType<{
|
|
6594
6727
|
budget: z.ZodOptional<z.ZodObject<{
|
|
6595
6728
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -6636,24 +6769,27 @@ export declare const DelegationCredentialSchema: z.ZodObject<{
|
|
|
6636
6769
|
} & {
|
|
6637
6770
|
[k: string]: unknown;
|
|
6638
6771
|
};
|
|
6639
|
-
|
|
6640
|
-
|
|
6772
|
+
issuerDid: string;
|
|
6773
|
+
subjectDid: string;
|
|
6641
6774
|
status?: "active" | "revoked" | "expired" | undefined;
|
|
6642
|
-
|
|
6775
|
+
scopes?: string[] | undefined;
|
|
6643
6776
|
metadata?: Record<string, any> | undefined;
|
|
6777
|
+
createdAt?: number | undefined;
|
|
6778
|
+
sessionId?: string | undefined;
|
|
6779
|
+
userDid?: string | undefined;
|
|
6780
|
+
controller?: string | undefined;
|
|
6781
|
+
parentId?: string | undefined;
|
|
6782
|
+
userIdentifier?: string | undefined;
|
|
6644
6783
|
}>;
|
|
6645
6784
|
}, "strip", z.ZodTypeAny, {
|
|
6646
|
-
id: string;
|
|
6647
6785
|
delegation: {
|
|
6648
|
-
id: string;
|
|
6649
|
-
issuerDid: string;
|
|
6650
|
-
subjectDid: string;
|
|
6651
6786
|
status: "active" | "revoked" | "expired";
|
|
6787
|
+
id: string;
|
|
6652
6788
|
constraints: {
|
|
6653
|
-
notBefore?: number | undefined;
|
|
6654
|
-
notAfter?: number | undefined;
|
|
6655
6789
|
scopes?: string[] | undefined;
|
|
6656
6790
|
audience?: string | string[] | undefined;
|
|
6791
|
+
notBefore?: number | undefined;
|
|
6792
|
+
notAfter?: number | undefined;
|
|
6657
6793
|
crisp?: z.objectOutputType<{
|
|
6658
6794
|
budget: z.ZodOptional<z.ZodObject<{
|
|
6659
6795
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -6700,22 +6836,26 @@ export declare const DelegationCredentialSchema: z.ZodObject<{
|
|
|
6700
6836
|
} & {
|
|
6701
6837
|
[k: string]: unknown;
|
|
6702
6838
|
};
|
|
6839
|
+
issuerDid: string;
|
|
6840
|
+
subjectDid: string;
|
|
6841
|
+
scopes?: string[] | undefined;
|
|
6842
|
+
metadata?: Record<string, any> | undefined;
|
|
6843
|
+
createdAt?: number | undefined;
|
|
6844
|
+
sessionId?: string | undefined;
|
|
6845
|
+
userDid?: string | undefined;
|
|
6703
6846
|
controller?: string | undefined;
|
|
6704
6847
|
parentId?: string | undefined;
|
|
6705
|
-
|
|
6706
|
-
metadata?: Record<string, any> | undefined;
|
|
6848
|
+
userIdentifier?: string | undefined;
|
|
6707
6849
|
};
|
|
6708
|
-
}, {
|
|
6709
6850
|
id: string;
|
|
6851
|
+
}, {
|
|
6710
6852
|
delegation: {
|
|
6711
6853
|
id: string;
|
|
6712
|
-
issuerDid: string;
|
|
6713
|
-
subjectDid: string;
|
|
6714
6854
|
constraints: {
|
|
6715
|
-
notBefore?: number | undefined;
|
|
6716
|
-
notAfter?: number | undefined;
|
|
6717
6855
|
scopes?: string[] | undefined;
|
|
6718
6856
|
audience?: string | string[] | undefined;
|
|
6857
|
+
notBefore?: number | undefined;
|
|
6858
|
+
notAfter?: number | undefined;
|
|
6719
6859
|
crisp?: z.objectInputType<{
|
|
6720
6860
|
budget: z.ZodOptional<z.ZodObject<{
|
|
6721
6861
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -6762,12 +6902,19 @@ export declare const DelegationCredentialSchema: z.ZodObject<{
|
|
|
6762
6902
|
} & {
|
|
6763
6903
|
[k: string]: unknown;
|
|
6764
6904
|
};
|
|
6765
|
-
|
|
6766
|
-
|
|
6905
|
+
issuerDid: string;
|
|
6906
|
+
subjectDid: string;
|
|
6767
6907
|
status?: "active" | "revoked" | "expired" | undefined;
|
|
6768
|
-
|
|
6908
|
+
scopes?: string[] | undefined;
|
|
6769
6909
|
metadata?: Record<string, any> | undefined;
|
|
6910
|
+
createdAt?: number | undefined;
|
|
6911
|
+
sessionId?: string | undefined;
|
|
6912
|
+
userDid?: string | undefined;
|
|
6913
|
+
controller?: string | undefined;
|
|
6914
|
+
parentId?: string | undefined;
|
|
6915
|
+
userIdentifier?: string | undefined;
|
|
6770
6916
|
};
|
|
6917
|
+
id: string;
|
|
6771
6918
|
}>;
|
|
6772
6919
|
credentialStatus: z.ZodOptional<z.ZodObject<{
|
|
6773
6920
|
id: z.ZodString;
|
|
@@ -6776,14 +6923,14 @@ export declare const DelegationCredentialSchema: z.ZodObject<{
|
|
|
6776
6923
|
statusListIndex: z.ZodString;
|
|
6777
6924
|
statusListCredential: z.ZodString;
|
|
6778
6925
|
}, "strip", z.ZodTypeAny, {
|
|
6779
|
-
id: string;
|
|
6780
6926
|
type: "StatusList2021Entry";
|
|
6927
|
+
id: string;
|
|
6781
6928
|
statusPurpose: "revocation" | "suspension";
|
|
6782
6929
|
statusListIndex: string;
|
|
6783
6930
|
statusListCredential: string;
|
|
6784
6931
|
}, {
|
|
6785
|
-
id: string;
|
|
6786
6932
|
type: "StatusList2021Entry";
|
|
6933
|
+
id: string;
|
|
6787
6934
|
statusPurpose: "revocation" | "suspension";
|
|
6788
6935
|
statusListIndex: string;
|
|
6789
6936
|
statusListCredential: string;
|
|
@@ -6829,6 +6976,38 @@ export declare const DelegationCredentialSchema: z.ZodObject<{
|
|
|
6829
6976
|
issuerDid: z.ZodString;
|
|
6830
6977
|
/** DID of the delegatee (subject, e.g., agent) */
|
|
6831
6978
|
subjectDid: z.ZodString;
|
|
6979
|
+
/**
|
|
6980
|
+
* DID of the user who granted the delegation.
|
|
6981
|
+
*
|
|
6982
|
+
* This is the authorizing user's identity. In simple cases, this equals
|
|
6983
|
+
* issuerDid. In delegated scenarios (e.g., AgentShield issuing on behalf
|
|
6984
|
+
* of a user), userDid identifies the actual user who consented.
|
|
6985
|
+
*
|
|
6986
|
+
* Required by Agent Shield API for user-scoped delegations.
|
|
6987
|
+
* @see delegationCredentialSchema in agentshield-api/schemas.ts
|
|
6988
|
+
*/
|
|
6989
|
+
userDid: z.ZodOptional<z.ZodString>;
|
|
6990
|
+
/**
|
|
6991
|
+
* Human-readable identifier for the user (e.g., email, OAuth subject).
|
|
6992
|
+
*
|
|
6993
|
+
* Used for backward compatibility and display purposes.
|
|
6994
|
+
* Should not be used for cryptographic identity verification.
|
|
6995
|
+
*/
|
|
6996
|
+
userIdentifier: z.ZodOptional<z.ZodString>;
|
|
6997
|
+
/**
|
|
6998
|
+
* MCP session ID for session tracking and integration.
|
|
6999
|
+
*
|
|
7000
|
+
* Links the delegation to a specific MCP session, enabling
|
|
7001
|
+
* session-scoped token caching and audit trails.
|
|
7002
|
+
*/
|
|
7003
|
+
sessionId: z.ZodOptional<z.ZodString>;
|
|
7004
|
+
/**
|
|
7005
|
+
* Authorized scopes for this delegation.
|
|
7006
|
+
*
|
|
7007
|
+
* Array of scope strings (e.g., ['tool:execute', 'resource:read']).
|
|
7008
|
+
* When present, defines what actions the delegatee is authorized to perform.
|
|
7009
|
+
*/
|
|
7010
|
+
scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
6832
7011
|
/** Optional controller (user account ID or DID) */
|
|
6833
7012
|
controller: z.ZodOptional<z.ZodString>;
|
|
6834
7013
|
/** Optional parent delegation ID for chain tracking */
|
|
@@ -7238,15 +7417,13 @@ export declare const DelegationCredentialSchema: z.ZodObject<{
|
|
|
7238
7417
|
/** Optional metadata */
|
|
7239
7418
|
metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
|
|
7240
7419
|
}, "strip", z.ZodTypeAny, {
|
|
7241
|
-
id: string;
|
|
7242
|
-
issuerDid: string;
|
|
7243
|
-
subjectDid: string;
|
|
7244
7420
|
status: "active" | "revoked" | "expired";
|
|
7421
|
+
id: string;
|
|
7245
7422
|
constraints: {
|
|
7246
|
-
notBefore?: number | undefined;
|
|
7247
|
-
notAfter?: number | undefined;
|
|
7248
7423
|
scopes?: string[] | undefined;
|
|
7249
7424
|
audience?: string | string[] | undefined;
|
|
7425
|
+
notBefore?: number | undefined;
|
|
7426
|
+
notAfter?: number | undefined;
|
|
7250
7427
|
crisp?: z.objectOutputType<{
|
|
7251
7428
|
budget: z.ZodOptional<z.ZodObject<{
|
|
7252
7429
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -7293,19 +7470,23 @@ export declare const DelegationCredentialSchema: z.ZodObject<{
|
|
|
7293
7470
|
} & {
|
|
7294
7471
|
[k: string]: unknown;
|
|
7295
7472
|
};
|
|
7473
|
+
issuerDid: string;
|
|
7474
|
+
subjectDid: string;
|
|
7475
|
+
scopes?: string[] | undefined;
|
|
7476
|
+
metadata?: Record<string, any> | undefined;
|
|
7477
|
+
createdAt?: number | undefined;
|
|
7478
|
+
sessionId?: string | undefined;
|
|
7479
|
+
userDid?: string | undefined;
|
|
7296
7480
|
controller?: string | undefined;
|
|
7297
7481
|
parentId?: string | undefined;
|
|
7298
|
-
|
|
7299
|
-
metadata?: Record<string, any> | undefined;
|
|
7482
|
+
userIdentifier?: string | undefined;
|
|
7300
7483
|
}, {
|
|
7301
7484
|
id: string;
|
|
7302
|
-
issuerDid: string;
|
|
7303
|
-
subjectDid: string;
|
|
7304
7485
|
constraints: {
|
|
7305
|
-
notBefore?: number | undefined;
|
|
7306
|
-
notAfter?: number | undefined;
|
|
7307
7486
|
scopes?: string[] | undefined;
|
|
7308
7487
|
audience?: string | string[] | undefined;
|
|
7488
|
+
notBefore?: number | undefined;
|
|
7489
|
+
notAfter?: number | undefined;
|
|
7309
7490
|
crisp?: z.objectInputType<{
|
|
7310
7491
|
budget: z.ZodOptional<z.ZodObject<{
|
|
7311
7492
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -7352,24 +7533,27 @@ export declare const DelegationCredentialSchema: z.ZodObject<{
|
|
|
7352
7533
|
} & {
|
|
7353
7534
|
[k: string]: unknown;
|
|
7354
7535
|
};
|
|
7355
|
-
|
|
7356
|
-
|
|
7536
|
+
issuerDid: string;
|
|
7537
|
+
subjectDid: string;
|
|
7357
7538
|
status?: "active" | "revoked" | "expired" | undefined;
|
|
7358
|
-
|
|
7539
|
+
scopes?: string[] | undefined;
|
|
7359
7540
|
metadata?: Record<string, any> | undefined;
|
|
7541
|
+
createdAt?: number | undefined;
|
|
7542
|
+
sessionId?: string | undefined;
|
|
7543
|
+
userDid?: string | undefined;
|
|
7544
|
+
controller?: string | undefined;
|
|
7545
|
+
parentId?: string | undefined;
|
|
7546
|
+
userIdentifier?: string | undefined;
|
|
7360
7547
|
}>;
|
|
7361
7548
|
}, "strip", z.ZodTypeAny, {
|
|
7362
|
-
id: string;
|
|
7363
7549
|
delegation: {
|
|
7364
|
-
id: string;
|
|
7365
|
-
issuerDid: string;
|
|
7366
|
-
subjectDid: string;
|
|
7367
7550
|
status: "active" | "revoked" | "expired";
|
|
7551
|
+
id: string;
|
|
7368
7552
|
constraints: {
|
|
7369
|
-
notBefore?: number | undefined;
|
|
7370
|
-
notAfter?: number | undefined;
|
|
7371
7553
|
scopes?: string[] | undefined;
|
|
7372
7554
|
audience?: string | string[] | undefined;
|
|
7555
|
+
notBefore?: number | undefined;
|
|
7556
|
+
notAfter?: number | undefined;
|
|
7373
7557
|
crisp?: z.objectOutputType<{
|
|
7374
7558
|
budget: z.ZodOptional<z.ZodObject<{
|
|
7375
7559
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -7416,22 +7600,26 @@ export declare const DelegationCredentialSchema: z.ZodObject<{
|
|
|
7416
7600
|
} & {
|
|
7417
7601
|
[k: string]: unknown;
|
|
7418
7602
|
};
|
|
7603
|
+
issuerDid: string;
|
|
7604
|
+
subjectDid: string;
|
|
7605
|
+
scopes?: string[] | undefined;
|
|
7606
|
+
metadata?: Record<string, any> | undefined;
|
|
7607
|
+
createdAt?: number | undefined;
|
|
7608
|
+
sessionId?: string | undefined;
|
|
7609
|
+
userDid?: string | undefined;
|
|
7419
7610
|
controller?: string | undefined;
|
|
7420
7611
|
parentId?: string | undefined;
|
|
7421
|
-
|
|
7422
|
-
metadata?: Record<string, any> | undefined;
|
|
7612
|
+
userIdentifier?: string | undefined;
|
|
7423
7613
|
};
|
|
7424
|
-
}, {
|
|
7425
7614
|
id: string;
|
|
7615
|
+
}, {
|
|
7426
7616
|
delegation: {
|
|
7427
7617
|
id: string;
|
|
7428
|
-
issuerDid: string;
|
|
7429
|
-
subjectDid: string;
|
|
7430
7618
|
constraints: {
|
|
7431
|
-
notBefore?: number | undefined;
|
|
7432
|
-
notAfter?: number | undefined;
|
|
7433
7619
|
scopes?: string[] | undefined;
|
|
7434
7620
|
audience?: string | string[] | undefined;
|
|
7621
|
+
notBefore?: number | undefined;
|
|
7622
|
+
notAfter?: number | undefined;
|
|
7435
7623
|
crisp?: z.objectInputType<{
|
|
7436
7624
|
budget: z.ZodOptional<z.ZodObject<{
|
|
7437
7625
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -7478,12 +7666,19 @@ export declare const DelegationCredentialSchema: z.ZodObject<{
|
|
|
7478
7666
|
} & {
|
|
7479
7667
|
[k: string]: unknown;
|
|
7480
7668
|
};
|
|
7481
|
-
|
|
7482
|
-
|
|
7669
|
+
issuerDid: string;
|
|
7670
|
+
subjectDid: string;
|
|
7483
7671
|
status?: "active" | "revoked" | "expired" | undefined;
|
|
7484
|
-
|
|
7672
|
+
scopes?: string[] | undefined;
|
|
7485
7673
|
metadata?: Record<string, any> | undefined;
|
|
7674
|
+
createdAt?: number | undefined;
|
|
7675
|
+
sessionId?: string | undefined;
|
|
7676
|
+
userDid?: string | undefined;
|
|
7677
|
+
controller?: string | undefined;
|
|
7678
|
+
parentId?: string | undefined;
|
|
7679
|
+
userIdentifier?: string | undefined;
|
|
7486
7680
|
};
|
|
7681
|
+
id: string;
|
|
7487
7682
|
}>;
|
|
7488
7683
|
credentialStatus: z.ZodOptional<z.ZodObject<{
|
|
7489
7684
|
id: z.ZodString;
|
|
@@ -7492,14 +7687,14 @@ export declare const DelegationCredentialSchema: z.ZodObject<{
|
|
|
7492
7687
|
statusListIndex: z.ZodString;
|
|
7493
7688
|
statusListCredential: z.ZodString;
|
|
7494
7689
|
}, "strip", z.ZodTypeAny, {
|
|
7495
|
-
id: string;
|
|
7496
7690
|
type: "StatusList2021Entry";
|
|
7691
|
+
id: string;
|
|
7497
7692
|
statusPurpose: "revocation" | "suspension";
|
|
7498
7693
|
statusListIndex: string;
|
|
7499
7694
|
statusListCredential: string;
|
|
7500
7695
|
}, {
|
|
7501
|
-
id: string;
|
|
7502
7696
|
type: "StatusList2021Entry";
|
|
7697
|
+
id: string;
|
|
7503
7698
|
statusPurpose: "revocation" | "suspension";
|
|
7504
7699
|
statusListIndex: string;
|
|
7505
7700
|
statusListCredential: string;
|
|
@@ -7553,6 +7748,38 @@ export declare function validateDelegationCredential(credential: unknown): z.Saf
|
|
|
7553
7748
|
issuerDid: z.ZodString;
|
|
7554
7749
|
/** DID of the delegatee (subject, e.g., agent) */
|
|
7555
7750
|
subjectDid: z.ZodString;
|
|
7751
|
+
/**
|
|
7752
|
+
* DID of the user who granted the delegation.
|
|
7753
|
+
*
|
|
7754
|
+
* This is the authorizing user's identity. In simple cases, this equals
|
|
7755
|
+
* issuerDid. In delegated scenarios (e.g., AgentShield issuing on behalf
|
|
7756
|
+
* of a user), userDid identifies the actual user who consented.
|
|
7757
|
+
*
|
|
7758
|
+
* Required by Agent Shield API for user-scoped delegations.
|
|
7759
|
+
* @see delegationCredentialSchema in agentshield-api/schemas.ts
|
|
7760
|
+
*/
|
|
7761
|
+
userDid: z.ZodOptional<z.ZodString>;
|
|
7762
|
+
/**
|
|
7763
|
+
* Human-readable identifier for the user (e.g., email, OAuth subject).
|
|
7764
|
+
*
|
|
7765
|
+
* Used for backward compatibility and display purposes.
|
|
7766
|
+
* Should not be used for cryptographic identity verification.
|
|
7767
|
+
*/
|
|
7768
|
+
userIdentifier: z.ZodOptional<z.ZodString>;
|
|
7769
|
+
/**
|
|
7770
|
+
* MCP session ID for session tracking and integration.
|
|
7771
|
+
*
|
|
7772
|
+
* Links the delegation to a specific MCP session, enabling
|
|
7773
|
+
* session-scoped token caching and audit trails.
|
|
7774
|
+
*/
|
|
7775
|
+
sessionId: z.ZodOptional<z.ZodString>;
|
|
7776
|
+
/**
|
|
7777
|
+
* Authorized scopes for this delegation.
|
|
7778
|
+
*
|
|
7779
|
+
* Array of scope strings (e.g., ['tool:execute', 'resource:read']).
|
|
7780
|
+
* When present, defines what actions the delegatee is authorized to perform.
|
|
7781
|
+
*/
|
|
7782
|
+
scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
7556
7783
|
/** Optional controller (user account ID or DID) */
|
|
7557
7784
|
controller: z.ZodOptional<z.ZodString>;
|
|
7558
7785
|
/** Optional parent delegation ID for chain tracking */
|
|
@@ -7962,15 +8189,13 @@ export declare function validateDelegationCredential(credential: unknown): z.Saf
|
|
|
7962
8189
|
/** Optional metadata */
|
|
7963
8190
|
metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
|
|
7964
8191
|
}, "strip", z.ZodTypeAny, {
|
|
7965
|
-
id: string;
|
|
7966
|
-
issuerDid: string;
|
|
7967
|
-
subjectDid: string;
|
|
7968
8192
|
status: "active" | "revoked" | "expired";
|
|
8193
|
+
id: string;
|
|
7969
8194
|
constraints: {
|
|
7970
|
-
notBefore?: number | undefined;
|
|
7971
|
-
notAfter?: number | undefined;
|
|
7972
8195
|
scopes?: string[] | undefined;
|
|
7973
8196
|
audience?: string | string[] | undefined;
|
|
8197
|
+
notBefore?: number | undefined;
|
|
8198
|
+
notAfter?: number | undefined;
|
|
7974
8199
|
crisp?: z.objectOutputType<{
|
|
7975
8200
|
budget: z.ZodOptional<z.ZodObject<{
|
|
7976
8201
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -8017,19 +8242,23 @@ export declare function validateDelegationCredential(credential: unknown): z.Saf
|
|
|
8017
8242
|
} & {
|
|
8018
8243
|
[k: string]: unknown;
|
|
8019
8244
|
};
|
|
8245
|
+
issuerDid: string;
|
|
8246
|
+
subjectDid: string;
|
|
8247
|
+
scopes?: string[] | undefined;
|
|
8248
|
+
metadata?: Record<string, any> | undefined;
|
|
8249
|
+
createdAt?: number | undefined;
|
|
8250
|
+
sessionId?: string | undefined;
|
|
8251
|
+
userDid?: string | undefined;
|
|
8020
8252
|
controller?: string | undefined;
|
|
8021
8253
|
parentId?: string | undefined;
|
|
8022
|
-
|
|
8023
|
-
metadata?: Record<string, any> | undefined;
|
|
8254
|
+
userIdentifier?: string | undefined;
|
|
8024
8255
|
}, {
|
|
8025
8256
|
id: string;
|
|
8026
|
-
issuerDid: string;
|
|
8027
|
-
subjectDid: string;
|
|
8028
8257
|
constraints: {
|
|
8029
|
-
notBefore?: number | undefined;
|
|
8030
|
-
notAfter?: number | undefined;
|
|
8031
8258
|
scopes?: string[] | undefined;
|
|
8032
8259
|
audience?: string | string[] | undefined;
|
|
8260
|
+
notBefore?: number | undefined;
|
|
8261
|
+
notAfter?: number | undefined;
|
|
8033
8262
|
crisp?: z.objectInputType<{
|
|
8034
8263
|
budget: z.ZodOptional<z.ZodObject<{
|
|
8035
8264
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -8076,24 +8305,27 @@ export declare function validateDelegationCredential(credential: unknown): z.Saf
|
|
|
8076
8305
|
} & {
|
|
8077
8306
|
[k: string]: unknown;
|
|
8078
8307
|
};
|
|
8079
|
-
|
|
8080
|
-
|
|
8308
|
+
issuerDid: string;
|
|
8309
|
+
subjectDid: string;
|
|
8081
8310
|
status?: "active" | "revoked" | "expired" | undefined;
|
|
8082
|
-
|
|
8311
|
+
scopes?: string[] | undefined;
|
|
8083
8312
|
metadata?: Record<string, any> | undefined;
|
|
8313
|
+
createdAt?: number | undefined;
|
|
8314
|
+
sessionId?: string | undefined;
|
|
8315
|
+
userDid?: string | undefined;
|
|
8316
|
+
controller?: string | undefined;
|
|
8317
|
+
parentId?: string | undefined;
|
|
8318
|
+
userIdentifier?: string | undefined;
|
|
8084
8319
|
}>;
|
|
8085
8320
|
}, "strip", z.ZodTypeAny, {
|
|
8086
|
-
id: string;
|
|
8087
8321
|
delegation: {
|
|
8088
|
-
id: string;
|
|
8089
|
-
issuerDid: string;
|
|
8090
|
-
subjectDid: string;
|
|
8091
8322
|
status: "active" | "revoked" | "expired";
|
|
8323
|
+
id: string;
|
|
8092
8324
|
constraints: {
|
|
8093
|
-
notBefore?: number | undefined;
|
|
8094
|
-
notAfter?: number | undefined;
|
|
8095
8325
|
scopes?: string[] | undefined;
|
|
8096
8326
|
audience?: string | string[] | undefined;
|
|
8327
|
+
notBefore?: number | undefined;
|
|
8328
|
+
notAfter?: number | undefined;
|
|
8097
8329
|
crisp?: z.objectOutputType<{
|
|
8098
8330
|
budget: z.ZodOptional<z.ZodObject<{
|
|
8099
8331
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -8140,22 +8372,26 @@ export declare function validateDelegationCredential(credential: unknown): z.Saf
|
|
|
8140
8372
|
} & {
|
|
8141
8373
|
[k: string]: unknown;
|
|
8142
8374
|
};
|
|
8375
|
+
issuerDid: string;
|
|
8376
|
+
subjectDid: string;
|
|
8377
|
+
scopes?: string[] | undefined;
|
|
8378
|
+
metadata?: Record<string, any> | undefined;
|
|
8379
|
+
createdAt?: number | undefined;
|
|
8380
|
+
sessionId?: string | undefined;
|
|
8381
|
+
userDid?: string | undefined;
|
|
8143
8382
|
controller?: string | undefined;
|
|
8144
8383
|
parentId?: string | undefined;
|
|
8145
|
-
|
|
8146
|
-
metadata?: Record<string, any> | undefined;
|
|
8384
|
+
userIdentifier?: string | undefined;
|
|
8147
8385
|
};
|
|
8148
|
-
}, {
|
|
8149
8386
|
id: string;
|
|
8387
|
+
}, {
|
|
8150
8388
|
delegation: {
|
|
8151
8389
|
id: string;
|
|
8152
|
-
issuerDid: string;
|
|
8153
|
-
subjectDid: string;
|
|
8154
8390
|
constraints: {
|
|
8155
|
-
notBefore?: number | undefined;
|
|
8156
|
-
notAfter?: number | undefined;
|
|
8157
8391
|
scopes?: string[] | undefined;
|
|
8158
8392
|
audience?: string | string[] | undefined;
|
|
8393
|
+
notBefore?: number | undefined;
|
|
8394
|
+
notAfter?: number | undefined;
|
|
8159
8395
|
crisp?: z.objectInputType<{
|
|
8160
8396
|
budget: z.ZodOptional<z.ZodObject<{
|
|
8161
8397
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -8202,12 +8438,19 @@ export declare function validateDelegationCredential(credential: unknown): z.Saf
|
|
|
8202
8438
|
} & {
|
|
8203
8439
|
[k: string]: unknown;
|
|
8204
8440
|
};
|
|
8205
|
-
|
|
8206
|
-
|
|
8441
|
+
issuerDid: string;
|
|
8442
|
+
subjectDid: string;
|
|
8207
8443
|
status?: "active" | "revoked" | "expired" | undefined;
|
|
8208
|
-
|
|
8444
|
+
scopes?: string[] | undefined;
|
|
8209
8445
|
metadata?: Record<string, any> | undefined;
|
|
8446
|
+
createdAt?: number | undefined;
|
|
8447
|
+
sessionId?: string | undefined;
|
|
8448
|
+
userDid?: string | undefined;
|
|
8449
|
+
controller?: string | undefined;
|
|
8450
|
+
parentId?: string | undefined;
|
|
8451
|
+
userIdentifier?: string | undefined;
|
|
8210
8452
|
};
|
|
8453
|
+
id: string;
|
|
8211
8454
|
}>;
|
|
8212
8455
|
credentialStatus: z.ZodOptional<z.ZodObject<{
|
|
8213
8456
|
id: z.ZodString;
|
|
@@ -8216,14 +8459,14 @@ export declare function validateDelegationCredential(credential: unknown): z.Saf
|
|
|
8216
8459
|
statusListIndex: z.ZodString;
|
|
8217
8460
|
statusListCredential: z.ZodString;
|
|
8218
8461
|
}, "strip", z.ZodTypeAny, {
|
|
8219
|
-
id: string;
|
|
8220
8462
|
type: "StatusList2021Entry";
|
|
8463
|
+
id: string;
|
|
8221
8464
|
statusPurpose: "revocation" | "suspension";
|
|
8222
8465
|
statusListIndex: string;
|
|
8223
8466
|
statusListCredential: string;
|
|
8224
8467
|
}, {
|
|
8225
|
-
id: string;
|
|
8226
8468
|
type: "StatusList2021Entry";
|
|
8469
|
+
id: string;
|
|
8227
8470
|
statusPurpose: "revocation" | "suspension";
|
|
8228
8471
|
statusListIndex: string;
|
|
8229
8472
|
statusListCredential: string;
|
|
@@ -8269,6 +8512,38 @@ export declare function validateDelegationCredential(credential: unknown): z.Saf
|
|
|
8269
8512
|
issuerDid: z.ZodString;
|
|
8270
8513
|
/** DID of the delegatee (subject, e.g., agent) */
|
|
8271
8514
|
subjectDid: z.ZodString;
|
|
8515
|
+
/**
|
|
8516
|
+
* DID of the user who granted the delegation.
|
|
8517
|
+
*
|
|
8518
|
+
* This is the authorizing user's identity. In simple cases, this equals
|
|
8519
|
+
* issuerDid. In delegated scenarios (e.g., AgentShield issuing on behalf
|
|
8520
|
+
* of a user), userDid identifies the actual user who consented.
|
|
8521
|
+
*
|
|
8522
|
+
* Required by Agent Shield API for user-scoped delegations.
|
|
8523
|
+
* @see delegationCredentialSchema in agentshield-api/schemas.ts
|
|
8524
|
+
*/
|
|
8525
|
+
userDid: z.ZodOptional<z.ZodString>;
|
|
8526
|
+
/**
|
|
8527
|
+
* Human-readable identifier for the user (e.g., email, OAuth subject).
|
|
8528
|
+
*
|
|
8529
|
+
* Used for backward compatibility and display purposes.
|
|
8530
|
+
* Should not be used for cryptographic identity verification.
|
|
8531
|
+
*/
|
|
8532
|
+
userIdentifier: z.ZodOptional<z.ZodString>;
|
|
8533
|
+
/**
|
|
8534
|
+
* MCP session ID for session tracking and integration.
|
|
8535
|
+
*
|
|
8536
|
+
* Links the delegation to a specific MCP session, enabling
|
|
8537
|
+
* session-scoped token caching and audit trails.
|
|
8538
|
+
*/
|
|
8539
|
+
sessionId: z.ZodOptional<z.ZodString>;
|
|
8540
|
+
/**
|
|
8541
|
+
* Authorized scopes for this delegation.
|
|
8542
|
+
*
|
|
8543
|
+
* Array of scope strings (e.g., ['tool:execute', 'resource:read']).
|
|
8544
|
+
* When present, defines what actions the delegatee is authorized to perform.
|
|
8545
|
+
*/
|
|
8546
|
+
scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
8272
8547
|
/** Optional controller (user account ID or DID) */
|
|
8273
8548
|
controller: z.ZodOptional<z.ZodString>;
|
|
8274
8549
|
/** Optional parent delegation ID for chain tracking */
|
|
@@ -8678,15 +8953,13 @@ export declare function validateDelegationCredential(credential: unknown): z.Saf
|
|
|
8678
8953
|
/** Optional metadata */
|
|
8679
8954
|
metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
|
|
8680
8955
|
}, "strip", z.ZodTypeAny, {
|
|
8681
|
-
id: string;
|
|
8682
|
-
issuerDid: string;
|
|
8683
|
-
subjectDid: string;
|
|
8684
8956
|
status: "active" | "revoked" | "expired";
|
|
8957
|
+
id: string;
|
|
8685
8958
|
constraints: {
|
|
8686
|
-
notBefore?: number | undefined;
|
|
8687
|
-
notAfter?: number | undefined;
|
|
8688
8959
|
scopes?: string[] | undefined;
|
|
8689
8960
|
audience?: string | string[] | undefined;
|
|
8961
|
+
notBefore?: number | undefined;
|
|
8962
|
+
notAfter?: number | undefined;
|
|
8690
8963
|
crisp?: z.objectOutputType<{
|
|
8691
8964
|
budget: z.ZodOptional<z.ZodObject<{
|
|
8692
8965
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -8733,19 +9006,23 @@ export declare function validateDelegationCredential(credential: unknown): z.Saf
|
|
|
8733
9006
|
} & {
|
|
8734
9007
|
[k: string]: unknown;
|
|
8735
9008
|
};
|
|
9009
|
+
issuerDid: string;
|
|
9010
|
+
subjectDid: string;
|
|
9011
|
+
scopes?: string[] | undefined;
|
|
9012
|
+
metadata?: Record<string, any> | undefined;
|
|
9013
|
+
createdAt?: number | undefined;
|
|
9014
|
+
sessionId?: string | undefined;
|
|
9015
|
+
userDid?: string | undefined;
|
|
8736
9016
|
controller?: string | undefined;
|
|
8737
9017
|
parentId?: string | undefined;
|
|
8738
|
-
|
|
8739
|
-
metadata?: Record<string, any> | undefined;
|
|
9018
|
+
userIdentifier?: string | undefined;
|
|
8740
9019
|
}, {
|
|
8741
9020
|
id: string;
|
|
8742
|
-
issuerDid: string;
|
|
8743
|
-
subjectDid: string;
|
|
8744
9021
|
constraints: {
|
|
8745
|
-
notBefore?: number | undefined;
|
|
8746
|
-
notAfter?: number | undefined;
|
|
8747
9022
|
scopes?: string[] | undefined;
|
|
8748
9023
|
audience?: string | string[] | undefined;
|
|
9024
|
+
notBefore?: number | undefined;
|
|
9025
|
+
notAfter?: number | undefined;
|
|
8749
9026
|
crisp?: z.objectInputType<{
|
|
8750
9027
|
budget: z.ZodOptional<z.ZodObject<{
|
|
8751
9028
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -8792,24 +9069,27 @@ export declare function validateDelegationCredential(credential: unknown): z.Saf
|
|
|
8792
9069
|
} & {
|
|
8793
9070
|
[k: string]: unknown;
|
|
8794
9071
|
};
|
|
8795
|
-
|
|
8796
|
-
|
|
9072
|
+
issuerDid: string;
|
|
9073
|
+
subjectDid: string;
|
|
8797
9074
|
status?: "active" | "revoked" | "expired" | undefined;
|
|
8798
|
-
|
|
9075
|
+
scopes?: string[] | undefined;
|
|
8799
9076
|
metadata?: Record<string, any> | undefined;
|
|
9077
|
+
createdAt?: number | undefined;
|
|
9078
|
+
sessionId?: string | undefined;
|
|
9079
|
+
userDid?: string | undefined;
|
|
9080
|
+
controller?: string | undefined;
|
|
9081
|
+
parentId?: string | undefined;
|
|
9082
|
+
userIdentifier?: string | undefined;
|
|
8800
9083
|
}>;
|
|
8801
9084
|
}, "strip", z.ZodTypeAny, {
|
|
8802
|
-
id: string;
|
|
8803
9085
|
delegation: {
|
|
8804
|
-
id: string;
|
|
8805
|
-
issuerDid: string;
|
|
8806
|
-
subjectDid: string;
|
|
8807
9086
|
status: "active" | "revoked" | "expired";
|
|
9087
|
+
id: string;
|
|
8808
9088
|
constraints: {
|
|
8809
|
-
notBefore?: number | undefined;
|
|
8810
|
-
notAfter?: number | undefined;
|
|
8811
9089
|
scopes?: string[] | undefined;
|
|
8812
9090
|
audience?: string | string[] | undefined;
|
|
9091
|
+
notBefore?: number | undefined;
|
|
9092
|
+
notAfter?: number | undefined;
|
|
8813
9093
|
crisp?: z.objectOutputType<{
|
|
8814
9094
|
budget: z.ZodOptional<z.ZodObject<{
|
|
8815
9095
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -8856,22 +9136,26 @@ export declare function validateDelegationCredential(credential: unknown): z.Saf
|
|
|
8856
9136
|
} & {
|
|
8857
9137
|
[k: string]: unknown;
|
|
8858
9138
|
};
|
|
9139
|
+
issuerDid: string;
|
|
9140
|
+
subjectDid: string;
|
|
9141
|
+
scopes?: string[] | undefined;
|
|
9142
|
+
metadata?: Record<string, any> | undefined;
|
|
9143
|
+
createdAt?: number | undefined;
|
|
9144
|
+
sessionId?: string | undefined;
|
|
9145
|
+
userDid?: string | undefined;
|
|
8859
9146
|
controller?: string | undefined;
|
|
8860
9147
|
parentId?: string | undefined;
|
|
8861
|
-
|
|
8862
|
-
metadata?: Record<string, any> | undefined;
|
|
9148
|
+
userIdentifier?: string | undefined;
|
|
8863
9149
|
};
|
|
8864
|
-
}, {
|
|
8865
9150
|
id: string;
|
|
9151
|
+
}, {
|
|
8866
9152
|
delegation: {
|
|
8867
9153
|
id: string;
|
|
8868
|
-
issuerDid: string;
|
|
8869
|
-
subjectDid: string;
|
|
8870
9154
|
constraints: {
|
|
8871
|
-
notBefore?: number | undefined;
|
|
8872
|
-
notAfter?: number | undefined;
|
|
8873
9155
|
scopes?: string[] | undefined;
|
|
8874
9156
|
audience?: string | string[] | undefined;
|
|
9157
|
+
notBefore?: number | undefined;
|
|
9158
|
+
notAfter?: number | undefined;
|
|
8875
9159
|
crisp?: z.objectInputType<{
|
|
8876
9160
|
budget: z.ZodOptional<z.ZodObject<{
|
|
8877
9161
|
unit: z.ZodEnum<["USD", "ops", "points"]>;
|
|
@@ -8918,12 +9202,19 @@ export declare function validateDelegationCredential(credential: unknown): z.Saf
|
|
|
8918
9202
|
} & {
|
|
8919
9203
|
[k: string]: unknown;
|
|
8920
9204
|
};
|
|
8921
|
-
|
|
8922
|
-
|
|
9205
|
+
issuerDid: string;
|
|
9206
|
+
subjectDid: string;
|
|
8923
9207
|
status?: "active" | "revoked" | "expired" | undefined;
|
|
8924
|
-
|
|
9208
|
+
scopes?: string[] | undefined;
|
|
8925
9209
|
metadata?: Record<string, any> | undefined;
|
|
9210
|
+
createdAt?: number | undefined;
|
|
9211
|
+
sessionId?: string | undefined;
|
|
9212
|
+
userDid?: string | undefined;
|
|
9213
|
+
controller?: string | undefined;
|
|
9214
|
+
parentId?: string | undefined;
|
|
9215
|
+
userIdentifier?: string | undefined;
|
|
8926
9216
|
};
|
|
9217
|
+
id: string;
|
|
8927
9218
|
}>;
|
|
8928
9219
|
credentialStatus: z.ZodOptional<z.ZodObject<{
|
|
8929
9220
|
id: z.ZodString;
|
|
@@ -8932,14 +9223,14 @@ export declare function validateDelegationCredential(credential: unknown): z.Saf
|
|
|
8932
9223
|
statusListIndex: z.ZodString;
|
|
8933
9224
|
statusListCredential: z.ZodString;
|
|
8934
9225
|
}, "strip", z.ZodTypeAny, {
|
|
8935
|
-
id: string;
|
|
8936
9226
|
type: "StatusList2021Entry";
|
|
9227
|
+
id: string;
|
|
8937
9228
|
statusPurpose: "revocation" | "suspension";
|
|
8938
9229
|
statusListIndex: string;
|
|
8939
9230
|
statusListCredential: string;
|
|
8940
9231
|
}, {
|
|
8941
|
-
id: string;
|
|
8942
9232
|
type: "StatusList2021Entry";
|
|
9233
|
+
id: string;
|
|
8943
9234
|
statusPurpose: "revocation" | "suspension";
|
|
8944
9235
|
statusListIndex: string;
|
|
8945
9236
|
statusListCredential: string;
|
|
@@ -8978,7 +9269,7 @@ export declare function extractDelegationFromVC(vc: DelegationCredential): Deleg
|
|
|
8978
9269
|
* The caller must sign this to create a valid DelegationCredential.
|
|
8979
9270
|
*
|
|
8980
9271
|
* @param delegation - The delegation record
|
|
8981
|
-
* @param options - Optional VC options (id, issuanceDate, etc.)
|
|
9272
|
+
* @param options - Optional VC options (id, issuanceDate, userDid, sessionId, etc.)
|
|
8982
9273
|
* @returns Unsigned DelegationCredential
|
|
8983
9274
|
*/
|
|
8984
9275
|
export declare function wrapDelegationAsVC(delegation: DelegationRecord, options?: {
|
|
@@ -8986,6 +9277,14 @@ export declare function wrapDelegationAsVC(delegation: DelegationRecord, options
|
|
|
8986
9277
|
issuanceDate?: string;
|
|
8987
9278
|
expirationDate?: string;
|
|
8988
9279
|
credentialStatus?: z.infer<typeof CredentialStatusSchema>;
|
|
9280
|
+
/** User DID who granted the delegation (if different from issuer) */
|
|
9281
|
+
userDid?: string;
|
|
9282
|
+
/** Human-readable user identifier */
|
|
9283
|
+
userIdentifier?: string;
|
|
9284
|
+
/** MCP session ID for session tracking */
|
|
9285
|
+
sessionId?: string;
|
|
9286
|
+
/** Authorized scopes */
|
|
9287
|
+
scopes?: string[];
|
|
8989
9288
|
}): Omit<DelegationCredential, 'proof'>;
|
|
8990
9289
|
/**
|
|
8991
9290
|
* Check if a delegation credential is expired
|