@kya-os/contracts 1.7.2 → 1.7.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/dashboard-config/schemas.d.ts +3179 -2262
- package/dist/tool-protection/index.d.ts +288 -31
- package/dist/tool-protection/index.js +181 -1
- package/package.json +1 -1
|
@@ -12,12 +12,25 @@ import { z } from 'zod';
|
|
|
12
12
|
* Authorization Requirement (Discriminated Union)
|
|
13
13
|
*
|
|
14
14
|
* Defines the type of authorization required for a tool.
|
|
15
|
-
* Extensible design to support OAuth, MDL, IDV, credentials, etc.
|
|
15
|
+
* Extensible design to support OAuth, password auth, MDL, IDV, verifiable credentials, etc.
|
|
16
|
+
*
|
|
17
|
+
* ## Type Naming Clarification
|
|
18
|
+
*
|
|
19
|
+
* - `oauth` - OAuth 2.0 provider authentication (GitHub, Google, etc.)
|
|
20
|
+
* - `password` - Username/password or API key authentication (HardwareWorld, etc.)
|
|
21
|
+
* - `verifiable_credential` - W3C Verifiable Credential requirement (preferred)
|
|
22
|
+
* - `credential` - **DEPRECATED** alias for `verifiable_credential` (for backward compatibility)
|
|
23
|
+
* - `mdl` - Mobile Driver's License (ISO 18013-5)
|
|
24
|
+
* - `idv` - Identity Verification provider (Stripe, Onfido, etc.)
|
|
25
|
+
* - `none` - Consent-only (clickwrap agreement, no authentication)
|
|
16
26
|
*/
|
|
17
27
|
export type AuthorizationRequirement = {
|
|
18
28
|
type: 'oauth';
|
|
19
29
|
provider: string;
|
|
20
30
|
requiredScopes?: string[];
|
|
31
|
+
} | {
|
|
32
|
+
type: 'password';
|
|
33
|
+
provider: string;
|
|
21
34
|
} | {
|
|
22
35
|
type: 'mdl';
|
|
23
36
|
issuer: string;
|
|
@@ -27,12 +40,40 @@ export type AuthorizationRequirement = {
|
|
|
27
40
|
provider: string;
|
|
28
41
|
verificationLevel?: 'basic' | 'enhanced' | 'loa3';
|
|
29
42
|
} | {
|
|
43
|
+
type: 'verifiable_credential';
|
|
44
|
+
credentialType: string;
|
|
45
|
+
issuer?: string;
|
|
46
|
+
} | {
|
|
47
|
+
/**
|
|
48
|
+
* @deprecated Use `verifiable_credential` instead. Kept for backward compatibility.
|
|
49
|
+
*/
|
|
30
50
|
type: 'credential';
|
|
31
51
|
credentialType: string;
|
|
32
52
|
issuer?: string;
|
|
33
53
|
} | {
|
|
34
54
|
type: 'none';
|
|
35
55
|
};
|
|
56
|
+
/**
|
|
57
|
+
* Canonical authorization type values
|
|
58
|
+
* Use these constants instead of string literals for type safety
|
|
59
|
+
*/
|
|
60
|
+
export declare const AUTHORIZATION_TYPES: {
|
|
61
|
+
/** OAuth 2.0 provider authentication */
|
|
62
|
+
readonly OAUTH: "oauth";
|
|
63
|
+
/** Username/password or API key authentication */
|
|
64
|
+
readonly PASSWORD: "password";
|
|
65
|
+
/** Mobile Driver's License (ISO 18013-5) */
|
|
66
|
+
readonly MDL: "mdl";
|
|
67
|
+
/** Identity Verification provider */
|
|
68
|
+
readonly IDV: "idv";
|
|
69
|
+
/** W3C Verifiable Credential requirement (preferred) */
|
|
70
|
+
readonly VERIFIABLE_CREDENTIAL: "verifiable_credential";
|
|
71
|
+
/** @deprecated Use VERIFIABLE_CREDENTIAL instead */
|
|
72
|
+
readonly CREDENTIAL: "credential";
|
|
73
|
+
/** Consent-only (clickwrap agreement) */
|
|
74
|
+
readonly NONE: "none";
|
|
75
|
+
};
|
|
76
|
+
export type AuthorizationType = (typeof AUTHORIZATION_TYPES)[keyof typeof AUTHORIZATION_TYPES];
|
|
36
77
|
/**
|
|
37
78
|
* Tool Protection Definition
|
|
38
79
|
*
|
|
@@ -176,6 +217,15 @@ export declare const AuthorizationRequirementSchema: z.ZodDiscriminatedUnion<"ty
|
|
|
176
217
|
type: "oauth";
|
|
177
218
|
provider: string;
|
|
178
219
|
requiredScopes?: string[] | undefined;
|
|
220
|
+
}>, z.ZodObject<{
|
|
221
|
+
type: z.ZodLiteral<"password">;
|
|
222
|
+
provider: z.ZodString;
|
|
223
|
+
}, "strip", z.ZodTypeAny, {
|
|
224
|
+
type: "password";
|
|
225
|
+
provider: string;
|
|
226
|
+
}, {
|
|
227
|
+
type: "password";
|
|
228
|
+
provider: string;
|
|
179
229
|
}>, z.ZodObject<{
|
|
180
230
|
type: z.ZodLiteral<"mdl">;
|
|
181
231
|
issuer: z.ZodString;
|
|
@@ -200,6 +250,18 @@ export declare const AuthorizationRequirementSchema: z.ZodDiscriminatedUnion<"ty
|
|
|
200
250
|
type: "idv";
|
|
201
251
|
provider: string;
|
|
202
252
|
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
253
|
+
}>, z.ZodObject<{
|
|
254
|
+
type: z.ZodLiteral<"verifiable_credential">;
|
|
255
|
+
credentialType: z.ZodString;
|
|
256
|
+
issuer: z.ZodOptional<z.ZodString>;
|
|
257
|
+
}, "strip", z.ZodTypeAny, {
|
|
258
|
+
type: "verifiable_credential";
|
|
259
|
+
credentialType: string;
|
|
260
|
+
issuer?: string | undefined;
|
|
261
|
+
}, {
|
|
262
|
+
type: "verifiable_credential";
|
|
263
|
+
credentialType: string;
|
|
264
|
+
issuer?: string | undefined;
|
|
203
265
|
}>, z.ZodObject<{
|
|
204
266
|
type: z.ZodLiteral<"credential">;
|
|
205
267
|
credentialType: z.ZodString;
|
|
@@ -236,6 +298,15 @@ export declare const ToolProtectionSchema: z.ZodObject<{
|
|
|
236
298
|
type: "oauth";
|
|
237
299
|
provider: string;
|
|
238
300
|
requiredScopes?: string[] | undefined;
|
|
301
|
+
}>, z.ZodObject<{
|
|
302
|
+
type: z.ZodLiteral<"password">;
|
|
303
|
+
provider: z.ZodString;
|
|
304
|
+
}, "strip", z.ZodTypeAny, {
|
|
305
|
+
type: "password";
|
|
306
|
+
provider: string;
|
|
307
|
+
}, {
|
|
308
|
+
type: "password";
|
|
309
|
+
provider: string;
|
|
239
310
|
}>, z.ZodObject<{
|
|
240
311
|
type: z.ZodLiteral<"mdl">;
|
|
241
312
|
issuer: z.ZodString;
|
|
@@ -260,6 +331,18 @@ export declare const ToolProtectionSchema: z.ZodObject<{
|
|
|
260
331
|
type: "idv";
|
|
261
332
|
provider: string;
|
|
262
333
|
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
334
|
+
}>, z.ZodObject<{
|
|
335
|
+
type: z.ZodLiteral<"verifiable_credential">;
|
|
336
|
+
credentialType: z.ZodString;
|
|
337
|
+
issuer: z.ZodOptional<z.ZodString>;
|
|
338
|
+
}, "strip", z.ZodTypeAny, {
|
|
339
|
+
type: "verifiable_credential";
|
|
340
|
+
credentialType: string;
|
|
341
|
+
issuer?: string | undefined;
|
|
342
|
+
}, {
|
|
343
|
+
type: "verifiable_credential";
|
|
344
|
+
credentialType: string;
|
|
345
|
+
issuer?: string | undefined;
|
|
263
346
|
}>, z.ZodObject<{
|
|
264
347
|
type: z.ZodLiteral<"credential">;
|
|
265
348
|
credentialType: z.ZodString;
|
|
@@ -280,12 +363,17 @@ export declare const ToolProtectionSchema: z.ZodObject<{
|
|
|
280
363
|
type: "none";
|
|
281
364
|
}>]>>;
|
|
282
365
|
}, "strip", z.ZodTypeAny, {
|
|
283
|
-
requiresDelegation: boolean;
|
|
284
366
|
requiredScopes: string[];
|
|
367
|
+
requiresDelegation: boolean;
|
|
368
|
+
riskLevel?: "low" | "medium" | "high" | "critical" | undefined;
|
|
369
|
+
oauthProvider?: string | undefined;
|
|
285
370
|
authorization?: {
|
|
286
371
|
type: "oauth";
|
|
287
372
|
provider: string;
|
|
288
373
|
requiredScopes?: string[] | undefined;
|
|
374
|
+
} | {
|
|
375
|
+
type: "password";
|
|
376
|
+
provider: string;
|
|
289
377
|
} | {
|
|
290
378
|
type: "mdl";
|
|
291
379
|
issuer: string;
|
|
@@ -294,6 +382,10 @@ export declare const ToolProtectionSchema: z.ZodObject<{
|
|
|
294
382
|
type: "idv";
|
|
295
383
|
provider: string;
|
|
296
384
|
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
385
|
+
} | {
|
|
386
|
+
type: "verifiable_credential";
|
|
387
|
+
credentialType: string;
|
|
388
|
+
issuer?: string | undefined;
|
|
297
389
|
} | {
|
|
298
390
|
type: "credential";
|
|
299
391
|
credentialType: string;
|
|
@@ -301,15 +393,18 @@ export declare const ToolProtectionSchema: z.ZodObject<{
|
|
|
301
393
|
} | {
|
|
302
394
|
type: "none";
|
|
303
395
|
} | undefined;
|
|
304
|
-
riskLevel?: "low" | "medium" | "high" | "critical" | undefined;
|
|
305
|
-
oauthProvider?: string | undefined;
|
|
306
396
|
}, {
|
|
307
|
-
requiresDelegation: boolean;
|
|
308
397
|
requiredScopes: string[];
|
|
398
|
+
requiresDelegation: boolean;
|
|
399
|
+
riskLevel?: "low" | "medium" | "high" | "critical" | undefined;
|
|
400
|
+
oauthProvider?: string | undefined;
|
|
309
401
|
authorization?: {
|
|
310
402
|
type: "oauth";
|
|
311
403
|
provider: string;
|
|
312
404
|
requiredScopes?: string[] | undefined;
|
|
405
|
+
} | {
|
|
406
|
+
type: "password";
|
|
407
|
+
provider: string;
|
|
313
408
|
} | {
|
|
314
409
|
type: "mdl";
|
|
315
410
|
issuer: string;
|
|
@@ -318,6 +413,10 @@ export declare const ToolProtectionSchema: z.ZodObject<{
|
|
|
318
413
|
type: "idv";
|
|
319
414
|
provider: string;
|
|
320
415
|
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
416
|
+
} | {
|
|
417
|
+
type: "verifiable_credential";
|
|
418
|
+
credentialType: string;
|
|
419
|
+
issuer?: string | undefined;
|
|
321
420
|
} | {
|
|
322
421
|
type: "credential";
|
|
323
422
|
credentialType: string;
|
|
@@ -325,8 +424,6 @@ export declare const ToolProtectionSchema: z.ZodObject<{
|
|
|
325
424
|
} | {
|
|
326
425
|
type: "none";
|
|
327
426
|
} | undefined;
|
|
328
|
-
riskLevel?: "low" | "medium" | "high" | "critical" | undefined;
|
|
329
|
-
oauthProvider?: string | undefined;
|
|
330
427
|
}>;
|
|
331
428
|
export declare const ToolProtectionMapSchema: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
332
429
|
requiresDelegation: z.ZodBoolean;
|
|
@@ -345,6 +442,15 @@ export declare const ToolProtectionMapSchema: z.ZodRecord<z.ZodString, z.ZodObje
|
|
|
345
442
|
type: "oauth";
|
|
346
443
|
provider: string;
|
|
347
444
|
requiredScopes?: string[] | undefined;
|
|
445
|
+
}>, z.ZodObject<{
|
|
446
|
+
type: z.ZodLiteral<"password">;
|
|
447
|
+
provider: z.ZodString;
|
|
448
|
+
}, "strip", z.ZodTypeAny, {
|
|
449
|
+
type: "password";
|
|
450
|
+
provider: string;
|
|
451
|
+
}, {
|
|
452
|
+
type: "password";
|
|
453
|
+
provider: string;
|
|
348
454
|
}>, z.ZodObject<{
|
|
349
455
|
type: z.ZodLiteral<"mdl">;
|
|
350
456
|
issuer: z.ZodString;
|
|
@@ -369,6 +475,18 @@ export declare const ToolProtectionMapSchema: z.ZodRecord<z.ZodString, z.ZodObje
|
|
|
369
475
|
type: "idv";
|
|
370
476
|
provider: string;
|
|
371
477
|
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
478
|
+
}>, z.ZodObject<{
|
|
479
|
+
type: z.ZodLiteral<"verifiable_credential">;
|
|
480
|
+
credentialType: z.ZodString;
|
|
481
|
+
issuer: z.ZodOptional<z.ZodString>;
|
|
482
|
+
}, "strip", z.ZodTypeAny, {
|
|
483
|
+
type: "verifiable_credential";
|
|
484
|
+
credentialType: string;
|
|
485
|
+
issuer?: string | undefined;
|
|
486
|
+
}, {
|
|
487
|
+
type: "verifiable_credential";
|
|
488
|
+
credentialType: string;
|
|
489
|
+
issuer?: string | undefined;
|
|
372
490
|
}>, z.ZodObject<{
|
|
373
491
|
type: z.ZodLiteral<"credential">;
|
|
374
492
|
credentialType: z.ZodString;
|
|
@@ -389,12 +507,17 @@ export declare const ToolProtectionMapSchema: z.ZodRecord<z.ZodString, z.ZodObje
|
|
|
389
507
|
type: "none";
|
|
390
508
|
}>]>>;
|
|
391
509
|
}, "strip", z.ZodTypeAny, {
|
|
392
|
-
requiresDelegation: boolean;
|
|
393
510
|
requiredScopes: string[];
|
|
511
|
+
requiresDelegation: boolean;
|
|
512
|
+
riskLevel?: "low" | "medium" | "high" | "critical" | undefined;
|
|
513
|
+
oauthProvider?: string | undefined;
|
|
394
514
|
authorization?: {
|
|
395
515
|
type: "oauth";
|
|
396
516
|
provider: string;
|
|
397
517
|
requiredScopes?: string[] | undefined;
|
|
518
|
+
} | {
|
|
519
|
+
type: "password";
|
|
520
|
+
provider: string;
|
|
398
521
|
} | {
|
|
399
522
|
type: "mdl";
|
|
400
523
|
issuer: string;
|
|
@@ -403,6 +526,10 @@ export declare const ToolProtectionMapSchema: z.ZodRecord<z.ZodString, z.ZodObje
|
|
|
403
526
|
type: "idv";
|
|
404
527
|
provider: string;
|
|
405
528
|
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
529
|
+
} | {
|
|
530
|
+
type: "verifiable_credential";
|
|
531
|
+
credentialType: string;
|
|
532
|
+
issuer?: string | undefined;
|
|
406
533
|
} | {
|
|
407
534
|
type: "credential";
|
|
408
535
|
credentialType: string;
|
|
@@ -410,15 +537,18 @@ export declare const ToolProtectionMapSchema: z.ZodRecord<z.ZodString, z.ZodObje
|
|
|
410
537
|
} | {
|
|
411
538
|
type: "none";
|
|
412
539
|
} | undefined;
|
|
413
|
-
riskLevel?: "low" | "medium" | "high" | "critical" | undefined;
|
|
414
|
-
oauthProvider?: string | undefined;
|
|
415
540
|
}, {
|
|
416
|
-
requiresDelegation: boolean;
|
|
417
541
|
requiredScopes: string[];
|
|
542
|
+
requiresDelegation: boolean;
|
|
543
|
+
riskLevel?: "low" | "medium" | "high" | "critical" | undefined;
|
|
544
|
+
oauthProvider?: string | undefined;
|
|
418
545
|
authorization?: {
|
|
419
546
|
type: "oauth";
|
|
420
547
|
provider: string;
|
|
421
548
|
requiredScopes?: string[] | undefined;
|
|
549
|
+
} | {
|
|
550
|
+
type: "password";
|
|
551
|
+
provider: string;
|
|
422
552
|
} | {
|
|
423
553
|
type: "mdl";
|
|
424
554
|
issuer: string;
|
|
@@ -427,6 +557,10 @@ export declare const ToolProtectionMapSchema: z.ZodRecord<z.ZodString, z.ZodObje
|
|
|
427
557
|
type: "idv";
|
|
428
558
|
provider: string;
|
|
429
559
|
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
560
|
+
} | {
|
|
561
|
+
type: "verifiable_credential";
|
|
562
|
+
credentialType: string;
|
|
563
|
+
issuer?: string | undefined;
|
|
430
564
|
} | {
|
|
431
565
|
type: "credential";
|
|
432
566
|
credentialType: string;
|
|
@@ -434,8 +568,6 @@ export declare const ToolProtectionMapSchema: z.ZodRecord<z.ZodString, z.ZodObje
|
|
|
434
568
|
} | {
|
|
435
569
|
type: "none";
|
|
436
570
|
} | undefined;
|
|
437
|
-
riskLevel?: "low" | "medium" | "high" | "critical" | undefined;
|
|
438
|
-
oauthProvider?: string | undefined;
|
|
439
571
|
}>>;
|
|
440
572
|
export declare const ToolProtectionResponseSchema: z.ZodObject<{
|
|
441
573
|
toolProtections: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
@@ -455,6 +587,15 @@ export declare const ToolProtectionResponseSchema: z.ZodObject<{
|
|
|
455
587
|
type: "oauth";
|
|
456
588
|
provider: string;
|
|
457
589
|
requiredScopes?: string[] | undefined;
|
|
590
|
+
}>, z.ZodObject<{
|
|
591
|
+
type: z.ZodLiteral<"password">;
|
|
592
|
+
provider: z.ZodString;
|
|
593
|
+
}, "strip", z.ZodTypeAny, {
|
|
594
|
+
type: "password";
|
|
595
|
+
provider: string;
|
|
596
|
+
}, {
|
|
597
|
+
type: "password";
|
|
598
|
+
provider: string;
|
|
458
599
|
}>, z.ZodObject<{
|
|
459
600
|
type: z.ZodLiteral<"mdl">;
|
|
460
601
|
issuer: z.ZodString;
|
|
@@ -479,6 +620,18 @@ export declare const ToolProtectionResponseSchema: z.ZodObject<{
|
|
|
479
620
|
type: "idv";
|
|
480
621
|
provider: string;
|
|
481
622
|
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
623
|
+
}>, z.ZodObject<{
|
|
624
|
+
type: z.ZodLiteral<"verifiable_credential">;
|
|
625
|
+
credentialType: z.ZodString;
|
|
626
|
+
issuer: z.ZodOptional<z.ZodString>;
|
|
627
|
+
}, "strip", z.ZodTypeAny, {
|
|
628
|
+
type: "verifiable_credential";
|
|
629
|
+
credentialType: string;
|
|
630
|
+
issuer?: string | undefined;
|
|
631
|
+
}, {
|
|
632
|
+
type: "verifiable_credential";
|
|
633
|
+
credentialType: string;
|
|
634
|
+
issuer?: string | undefined;
|
|
482
635
|
}>, z.ZodObject<{
|
|
483
636
|
type: z.ZodLiteral<"credential">;
|
|
484
637
|
credentialType: z.ZodString;
|
|
@@ -499,12 +652,17 @@ export declare const ToolProtectionResponseSchema: z.ZodObject<{
|
|
|
499
652
|
type: "none";
|
|
500
653
|
}>]>>;
|
|
501
654
|
}, "strip", z.ZodTypeAny, {
|
|
502
|
-
requiresDelegation: boolean;
|
|
503
655
|
requiredScopes: string[];
|
|
656
|
+
requiresDelegation: boolean;
|
|
657
|
+
riskLevel?: "low" | "medium" | "high" | "critical" | undefined;
|
|
658
|
+
oauthProvider?: string | undefined;
|
|
504
659
|
authorization?: {
|
|
505
660
|
type: "oauth";
|
|
506
661
|
provider: string;
|
|
507
662
|
requiredScopes?: string[] | undefined;
|
|
663
|
+
} | {
|
|
664
|
+
type: "password";
|
|
665
|
+
provider: string;
|
|
508
666
|
} | {
|
|
509
667
|
type: "mdl";
|
|
510
668
|
issuer: string;
|
|
@@ -513,6 +671,10 @@ export declare const ToolProtectionResponseSchema: z.ZodObject<{
|
|
|
513
671
|
type: "idv";
|
|
514
672
|
provider: string;
|
|
515
673
|
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
674
|
+
} | {
|
|
675
|
+
type: "verifiable_credential";
|
|
676
|
+
credentialType: string;
|
|
677
|
+
issuer?: string | undefined;
|
|
516
678
|
} | {
|
|
517
679
|
type: "credential";
|
|
518
680
|
credentialType: string;
|
|
@@ -520,15 +682,18 @@ export declare const ToolProtectionResponseSchema: z.ZodObject<{
|
|
|
520
682
|
} | {
|
|
521
683
|
type: "none";
|
|
522
684
|
} | undefined;
|
|
523
|
-
riskLevel?: "low" | "medium" | "high" | "critical" | undefined;
|
|
524
|
-
oauthProvider?: string | undefined;
|
|
525
685
|
}, {
|
|
526
|
-
requiresDelegation: boolean;
|
|
527
686
|
requiredScopes: string[];
|
|
687
|
+
requiresDelegation: boolean;
|
|
688
|
+
riskLevel?: "low" | "medium" | "high" | "critical" | undefined;
|
|
689
|
+
oauthProvider?: string | undefined;
|
|
528
690
|
authorization?: {
|
|
529
691
|
type: "oauth";
|
|
530
692
|
provider: string;
|
|
531
693
|
requiredScopes?: string[] | undefined;
|
|
694
|
+
} | {
|
|
695
|
+
type: "password";
|
|
696
|
+
provider: string;
|
|
532
697
|
} | {
|
|
533
698
|
type: "mdl";
|
|
534
699
|
issuer: string;
|
|
@@ -537,6 +702,10 @@ export declare const ToolProtectionResponseSchema: z.ZodObject<{
|
|
|
537
702
|
type: "idv";
|
|
538
703
|
provider: string;
|
|
539
704
|
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
705
|
+
} | {
|
|
706
|
+
type: "verifiable_credential";
|
|
707
|
+
credentialType: string;
|
|
708
|
+
issuer?: string | undefined;
|
|
540
709
|
} | {
|
|
541
710
|
type: "credential";
|
|
542
711
|
credentialType: string;
|
|
@@ -544,30 +713,33 @@ export declare const ToolProtectionResponseSchema: z.ZodObject<{
|
|
|
544
713
|
} | {
|
|
545
714
|
type: "none";
|
|
546
715
|
} | undefined;
|
|
547
|
-
riskLevel?: "low" | "medium" | "high" | "critical" | undefined;
|
|
548
|
-
oauthProvider?: string | undefined;
|
|
549
716
|
}>>;
|
|
550
717
|
metadata: z.ZodOptional<z.ZodObject<{
|
|
551
718
|
lastUpdated: z.ZodOptional<z.ZodString>;
|
|
552
719
|
version: z.ZodOptional<z.ZodString>;
|
|
553
720
|
source: z.ZodOptional<z.ZodString>;
|
|
554
721
|
}, "strip", z.ZodTypeAny, {
|
|
555
|
-
version?: string | undefined;
|
|
556
722
|
lastUpdated?: string | undefined;
|
|
723
|
+
version?: string | undefined;
|
|
557
724
|
source?: string | undefined;
|
|
558
725
|
}, {
|
|
559
|
-
version?: string | undefined;
|
|
560
726
|
lastUpdated?: string | undefined;
|
|
727
|
+
version?: string | undefined;
|
|
561
728
|
source?: string | undefined;
|
|
562
729
|
}>>;
|
|
563
730
|
}, "strip", z.ZodTypeAny, {
|
|
564
731
|
toolProtections: Record<string, {
|
|
565
|
-
requiresDelegation: boolean;
|
|
566
732
|
requiredScopes: string[];
|
|
733
|
+
requiresDelegation: boolean;
|
|
734
|
+
riskLevel?: "low" | "medium" | "high" | "critical" | undefined;
|
|
735
|
+
oauthProvider?: string | undefined;
|
|
567
736
|
authorization?: {
|
|
568
737
|
type: "oauth";
|
|
569
738
|
provider: string;
|
|
570
739
|
requiredScopes?: string[] | undefined;
|
|
740
|
+
} | {
|
|
741
|
+
type: "password";
|
|
742
|
+
provider: string;
|
|
571
743
|
} | {
|
|
572
744
|
type: "mdl";
|
|
573
745
|
issuer: string;
|
|
@@ -576,6 +748,10 @@ export declare const ToolProtectionResponseSchema: z.ZodObject<{
|
|
|
576
748
|
type: "idv";
|
|
577
749
|
provider: string;
|
|
578
750
|
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
751
|
+
} | {
|
|
752
|
+
type: "verifiable_credential";
|
|
753
|
+
credentialType: string;
|
|
754
|
+
issuer?: string | undefined;
|
|
579
755
|
} | {
|
|
580
756
|
type: "credential";
|
|
581
757
|
credentialType: string;
|
|
@@ -583,22 +759,25 @@ export declare const ToolProtectionResponseSchema: z.ZodObject<{
|
|
|
583
759
|
} | {
|
|
584
760
|
type: "none";
|
|
585
761
|
} | undefined;
|
|
586
|
-
riskLevel?: "low" | "medium" | "high" | "critical" | undefined;
|
|
587
|
-
oauthProvider?: string | undefined;
|
|
588
762
|
}>;
|
|
589
763
|
metadata?: {
|
|
590
|
-
version?: string | undefined;
|
|
591
764
|
lastUpdated?: string | undefined;
|
|
765
|
+
version?: string | undefined;
|
|
592
766
|
source?: string | undefined;
|
|
593
767
|
} | undefined;
|
|
594
768
|
}, {
|
|
595
769
|
toolProtections: Record<string, {
|
|
596
|
-
requiresDelegation: boolean;
|
|
597
770
|
requiredScopes: string[];
|
|
771
|
+
requiresDelegation: boolean;
|
|
772
|
+
riskLevel?: "low" | "medium" | "high" | "critical" | undefined;
|
|
773
|
+
oauthProvider?: string | undefined;
|
|
598
774
|
authorization?: {
|
|
599
775
|
type: "oauth";
|
|
600
776
|
provider: string;
|
|
601
777
|
requiredScopes?: string[] | undefined;
|
|
778
|
+
} | {
|
|
779
|
+
type: "password";
|
|
780
|
+
provider: string;
|
|
602
781
|
} | {
|
|
603
782
|
type: "mdl";
|
|
604
783
|
issuer: string;
|
|
@@ -607,6 +786,10 @@ export declare const ToolProtectionResponseSchema: z.ZodObject<{
|
|
|
607
786
|
type: "idv";
|
|
608
787
|
provider: string;
|
|
609
788
|
verificationLevel?: "basic" | "enhanced" | "loa3" | undefined;
|
|
789
|
+
} | {
|
|
790
|
+
type: "verifiable_credential";
|
|
791
|
+
credentialType: string;
|
|
792
|
+
issuer?: string | undefined;
|
|
610
793
|
} | {
|
|
611
794
|
type: "credential";
|
|
612
795
|
credentialType: string;
|
|
@@ -614,12 +797,10 @@ export declare const ToolProtectionResponseSchema: z.ZodObject<{
|
|
|
614
797
|
} | {
|
|
615
798
|
type: "none";
|
|
616
799
|
} | undefined;
|
|
617
|
-
riskLevel?: "low" | "medium" | "high" | "critical" | undefined;
|
|
618
|
-
oauthProvider?: string | undefined;
|
|
619
800
|
}>;
|
|
620
801
|
metadata?: {
|
|
621
|
-
version?: string | undefined;
|
|
622
802
|
lastUpdated?: string | undefined;
|
|
803
|
+
version?: string | undefined;
|
|
623
804
|
source?: string | undefined;
|
|
624
805
|
} | undefined;
|
|
625
806
|
}>;
|
|
@@ -632,15 +813,15 @@ export declare const DelegationRequiredErrorDataSchema: z.ZodObject<{
|
|
|
632
813
|
}, "strip", z.ZodTypeAny, {
|
|
633
814
|
requiredScopes: string[];
|
|
634
815
|
toolName: string;
|
|
816
|
+
consentUrl?: string | undefined;
|
|
635
817
|
authorizationUrl?: string | undefined;
|
|
636
818
|
reason?: string | undefined;
|
|
637
|
-
consentUrl?: string | undefined;
|
|
638
819
|
}, {
|
|
639
820
|
requiredScopes: string[];
|
|
640
821
|
toolName: string;
|
|
822
|
+
consentUrl?: string | undefined;
|
|
641
823
|
authorizationUrl?: string | undefined;
|
|
642
824
|
reason?: string | undefined;
|
|
643
|
-
consentUrl?: string | undefined;
|
|
644
825
|
}>;
|
|
645
826
|
/**
|
|
646
827
|
* Type Guards
|
|
@@ -661,6 +842,23 @@ export declare function hasOAuthAuthorization(protection: ToolProtection): prote
|
|
|
661
842
|
type: 'oauth';
|
|
662
843
|
};
|
|
663
844
|
};
|
|
845
|
+
/**
|
|
846
|
+
* Type guard to check if a ToolProtection has password authorization
|
|
847
|
+
*/
|
|
848
|
+
export declare function hasPasswordAuthorization(protection: ToolProtection): protection is ToolProtection & {
|
|
849
|
+
authorization: {
|
|
850
|
+
type: 'password';
|
|
851
|
+
};
|
|
852
|
+
};
|
|
853
|
+
/**
|
|
854
|
+
* Type guard to check if a ToolProtection requires a Verifiable Credential
|
|
855
|
+
* Handles both 'verifiable_credential' and legacy 'credential' types
|
|
856
|
+
*/
|
|
857
|
+
export declare function hasVerifiableCredentialAuthorization(protection: ToolProtection): protection is ToolProtection & {
|
|
858
|
+
authorization: {
|
|
859
|
+
type: 'verifiable_credential' | 'credential';
|
|
860
|
+
};
|
|
861
|
+
};
|
|
664
862
|
/**
|
|
665
863
|
* Validation Functions
|
|
666
864
|
*/
|
|
@@ -701,3 +899,62 @@ export declare function createDelegationRequiredError(toolName: string, required
|
|
|
701
899
|
* // TODO: Remove normalizeToolProtection() when all tools migrated (target: Phase 3)
|
|
702
900
|
*/
|
|
703
901
|
export declare function normalizeToolProtection(raw: ToolProtection | PartialToolProtection): ToolProtection;
|
|
902
|
+
/**
|
|
903
|
+
* Consent Provider Types
|
|
904
|
+
*
|
|
905
|
+
* These constants define the authentication method used during consent:
|
|
906
|
+
* - NONE: Consent-only mode (clickwrap) - user agrees without authentication
|
|
907
|
+
* - OAUTH2: OAuth provider authentication (GitHub, Google, etc.)
|
|
908
|
+
* - PASSWORD: Password-based authentication (email/password, username/password)
|
|
909
|
+
* - CREDENTIAL: Alias for PASSWORD (legacy compatibility)
|
|
910
|
+
* - MAGIC_LINK: Email magic link authentication
|
|
911
|
+
* - OTP: One-time password authentication
|
|
912
|
+
*
|
|
913
|
+
* NOTE: This is distinct from AUTHORIZATION_TYPES which define what a TOOL requires.
|
|
914
|
+
* CONSENT_PROVIDER_TYPES define what authentication method the USER used.
|
|
915
|
+
*/
|
|
916
|
+
export declare const CONSENT_PROVIDER_TYPES: {
|
|
917
|
+
/** Consent-only mode - no authentication, just clickwrap agreement */
|
|
918
|
+
readonly NONE: "none";
|
|
919
|
+
/** OAuth2 provider authentication */
|
|
920
|
+
readonly OAUTH2: "oauth2";
|
|
921
|
+
/** Password-based authentication (email/password, username/password) */
|
|
922
|
+
readonly PASSWORD: "password";
|
|
923
|
+
/** @deprecated Use PASSWORD instead. Alias for backward compatibility */
|
|
924
|
+
readonly CREDENTIAL: "credential";
|
|
925
|
+
/** Email magic link authentication */
|
|
926
|
+
readonly MAGIC_LINK: "magic_link";
|
|
927
|
+
/** One-time password (SMS/email code) */
|
|
928
|
+
readonly OTP: "otp";
|
|
929
|
+
};
|
|
930
|
+
export type ConsentProviderType = (typeof CONSENT_PROVIDER_TYPES)[keyof typeof CONSENT_PROVIDER_TYPES];
|
|
931
|
+
/**
|
|
932
|
+
* Determine consent provider type based on available identity information
|
|
933
|
+
*
|
|
934
|
+
* This is the single source of truth for consent provider type determination.
|
|
935
|
+
*
|
|
936
|
+
* @param hasOAuthIdentity - Whether OAuth identity is available
|
|
937
|
+
* @param isPasswordFlow - Whether this is a password/credential flow
|
|
938
|
+
* @param isMagicLinkFlow - Whether this is a magic link flow
|
|
939
|
+
* @param isOtpFlow - Whether this is an OTP flow
|
|
940
|
+
* @returns The consent provider type
|
|
941
|
+
*/
|
|
942
|
+
export declare function determineConsentProviderType(hasOAuthIdentity: boolean, isPasswordFlow?: boolean, isMagicLinkFlow?: boolean, isOtpFlow?: boolean): ConsentProviderType;
|
|
943
|
+
/**
|
|
944
|
+
* Normalize authorization requirement to use canonical type names
|
|
945
|
+
*
|
|
946
|
+
* Migrates legacy 'credential' type to 'verifiable_credential'
|
|
947
|
+
* This ensures consistent type usage across the codebase.
|
|
948
|
+
*
|
|
949
|
+
* @param auth - The authorization requirement (may have legacy type)
|
|
950
|
+
* @returns Normalized authorization requirement with canonical type
|
|
951
|
+
*/
|
|
952
|
+
export declare function normalizeAuthorizationType(auth: AuthorizationRequirement): AuthorizationRequirement;
|
|
953
|
+
/**
|
|
954
|
+
* Get a human-readable label for an authorization requirement type
|
|
955
|
+
*/
|
|
956
|
+
export declare function getAuthorizationTypeLabel(auth: AuthorizationRequirement): string;
|
|
957
|
+
/**
|
|
958
|
+
* Get a unique key for an authorization requirement (for React keys, caching, etc.)
|
|
959
|
+
*/
|
|
960
|
+
export declare function getAuthorizationTypeKey(auth: AuthorizationRequirement): string;
|