@motebit/verifier 1.10.0 → 1.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -53,6 +53,8 @@ It also re-exports **`verifyApprovalDecision`** from `@motebit/crypto` — the "
53
53
 
54
54
  For the same reason — authority is the scope/chain, not a `motebit_id → key` ladder resolvable from the artifact alone — the **delegation family** is also re-exported as explicit verifiers (not auto-detected): **`verifyDelegation`** (a standalone or per-tick `DelegationToken`), **`verifyStandingDelegation`** (a standing grant: signature, activation, expiry, and an injected revocation seam), **`verifyTokenAgainstGrant`** (a per-tick token IS a valid tick of its grant — scope narrows, TTL bounded, grant not revoked), and **`verifyDelegationRevocation`** (a revocation's signature; the caller binds it to the grant). A standing grant's revocation check is the consumer's responsibility — the verifiers are I/O-free and cannot fetch a feed — so **`findGrantRevocation`** does that check correctly: it returns the revocation that authoritatively revokes a grant from a candidate set, binding on `grant_id` **and** the grant's `delegator_public_key` **and** a valid signature, so matching `grant_id` alone (the foot-gun) cannot spoof a revocation. Build the `verifyStandingDelegation` `isRevoked` seam from it. This lets a consumer validate a standing monitor's authorization root, every tick token, and revocation through this package alone. See [`standing-delegation@1.0`](https://github.com/motebit/motebit/blob/main/spec/standing-delegation-v1.md).
55
55
 
56
+ `settlement-invoice@1.0` extends the receipt chain to the money — a verifiable bill a customer re-derives offline (motebit owns the format; the issuer runs the rails). Two issuer-signed artifacts are re-exported as explicit verifiers, both checked against the issuer's REGISTERED key (a carried key, if present, must match it): **`verifyCostAttestation`** (an issuer's cost-of-one-execution declaration in nano-USD against a named rate table, bound to its `ExecutionReceipt` by digest, with an `attested_at >= completed_at` temporal axis) and **`verifyInvoice`** (a flat fee plus passthrough bounded by `passthrough_minor <= floor(Σ cost_nanos / 1e7)`, with per-line cost binding, issuer-consistency, and a detectable `stale_cost_overstatement` axis for a downward supersession). Both return a per-axis structured verdict, never a naked boolean. The two mandated digest helpers — **`executionReceiptDigest`** and **`costAttestationDigest`** — are re-exported too so a producer and verifier reproduce a binding by construction. See [`settlement-invoice@1.0`](https://github.com/motebit/motebit/blob/main/spec/settlement-invoice-v1.md).
57
+
56
58
  `standing-delegation@1.1` adds an optional, generic **`subject_binding`** on the grant (**`SubjectBindingV1`**): the delegator's signature reaches the EXACT resolved subjects the authority covers, by digest-binding a detached, vertically-typed scope artifact — closing the gap where an interpreter (not the delegator) chose the identities the agent acts on. **`subjectBindingDigest`** computes the canonical digest of that detached artifact (`hex(SHA-256(canonicalJson))`), and **`verifySubjectBinding`** checks, fail-closed, that a presented artifact matches the grant's signed binding (digest method, declared `artifact_schema`, digest). Authority only — subject _completeness_ ("every signed subject was attempted") is a monitor receipt-profile rule on top, never a property of the generic binding.
57
59
 
58
60
  On the same principle, the **signed-request-envelope family** is re-exported as explicit signer/verifier — **`signRequestEnvelope`** and **`verifyRequestEnvelope`** ([`signed-request-envelope@1.0`](https://github.com/motebit/motebit/blob/main/spec/signed-request-envelope-v1.md)): stateless per-request identity authentication where the signature is verified against the identity's **registered** public key (resolved by the caller from `motebit_id`, never carried by the request), the payload travels detached behind a `payload_digest`, and `aud` binding kills cross-service replay. Not auto-detected — the key comes from the registry, not the envelope.
package/dist/index.d.ts CHANGED
@@ -37,6 +37,8 @@ export { verifyApprovalDecision } from "@motebit/crypto";
37
37
  export { verifyDelegation, verifyStandingDelegation, verifyTokenAgainstGrant, verifyDelegationRevocation, findGrantRevocation, subjectBindingDigest, verifySubjectBinding, } from "@motebit/crypto";
38
38
  export { signRequestEnvelope, verifyRequestEnvelope } from "@motebit/crypto";
39
39
  export type { SignedRequestEnvelope } from "@motebit/crypto";
40
+ export { executionReceiptDigest, costAttestationDigest, verifyCostAttestation, verifyInvoice, } from "@motebit/crypto";
41
+ export type { CostAttestationV1, InvoiceV1, CostAttestationVerdict, InvoiceVerdict, } from "@motebit/crypto";
40
42
  export type { VerifyResult, ArtifactType, SkillVerifyResult, SkillFileVerifyResult, ApprovalDecision, DelegationToken, StandingDelegation, DelegationRevocation, SubjectBindingV1, } from "@motebit/crypto";
41
43
  export type { VerificationVerdict, VerdictSubject, IntegrityVerdict, IdentityBindingVerdict, AuthorityVerdict, RevocationStatus, RevocationVerdict, RevocationFreshness, TemporalBasis, EvidenceRef, RepairInstruction, } from "@motebit/crypto";
42
44
  export type { EvidenceProvenance, EvidenceProvenanceResult, DigestRef, DigestAlgorithm, ProjectionClass, } from "@motebit/crypto";
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAEH,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,oBAAoB,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AACzF,YAAY,EAAE,iBAAiB,EAAE,uBAAuB,EAAE,MAAM,UAAU,CAAC;AAO3E,OAAO,EAAE,sBAAsB,EAAE,MAAM,iBAAiB,CAAC;AAgBzD,OAAO,EACL,gBAAgB,EAChB,wBAAwB,EACxB,uBAAuB,EACvB,0BAA0B,EAC1B,mBAAmB,EACnB,oBAAoB,EACpB,oBAAoB,GACrB,MAAM,iBAAiB,CAAC;AAIzB,OAAO,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AAC7E,YAAY,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AAC7D,YAAY,EACV,YAAY,EACZ,YAAY,EACZ,iBAAiB,EACjB,qBAAqB,EACrB,gBAAgB,EAChB,eAAe,EACf,kBAAkB,EAClB,oBAAoB,EACpB,gBAAgB,GACjB,MAAM,iBAAiB,CAAC;AAMzB,YAAY,EACV,mBAAmB,EACnB,cAAc,EACd,gBAAgB,EAChB,sBAAsB,EACtB,gBAAgB,EAChB,gBAAgB,EAChB,iBAAiB,EACjB,mBAAmB,EACnB,aAAa,EACb,WAAW,EACX,iBAAiB,GAClB,MAAM,iBAAiB,CAAC;AASzB,YAAY,EACV,kBAAkB,EAClB,wBAAwB,EACxB,SAAS,EACT,eAAe,EAIf,eAAe,GAChB,MAAM,iBAAiB,CAAC;AAQzB,OAAO,EACL,oBAAoB,EACpB,4BAA4B,EAC5B,eAAe,GAChB,MAAM,iBAAiB,CAAC;AAIzB,OAAO,EAAE,wBAAwB,EAAE,MAAM,iBAAiB,CAAC"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAEH,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,oBAAoB,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AACzF,YAAY,EAAE,iBAAiB,EAAE,uBAAuB,EAAE,MAAM,UAAU,CAAC;AAO3E,OAAO,EAAE,sBAAsB,EAAE,MAAM,iBAAiB,CAAC;AAgBzD,OAAO,EACL,gBAAgB,EAChB,wBAAwB,EACxB,uBAAuB,EACvB,0BAA0B,EAC1B,mBAAmB,EACnB,oBAAoB,EACpB,oBAAoB,GACrB,MAAM,iBAAiB,CAAC;AAIzB,OAAO,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AAC7E,YAAY,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AAM7D,OAAO,EACL,sBAAsB,EACtB,qBAAqB,EACrB,qBAAqB,EACrB,aAAa,GACd,MAAM,iBAAiB,CAAC;AACzB,YAAY,EACV,iBAAiB,EACjB,SAAS,EACT,sBAAsB,EACtB,cAAc,GACf,MAAM,iBAAiB,CAAC;AACzB,YAAY,EACV,YAAY,EACZ,YAAY,EACZ,iBAAiB,EACjB,qBAAqB,EACrB,gBAAgB,EAChB,eAAe,EACf,kBAAkB,EAClB,oBAAoB,EACpB,gBAAgB,GACjB,MAAM,iBAAiB,CAAC;AAMzB,YAAY,EACV,mBAAmB,EACnB,cAAc,EACd,gBAAgB,EAChB,sBAAsB,EACtB,gBAAgB,EAChB,gBAAgB,EAChB,iBAAiB,EACjB,mBAAmB,EACnB,aAAa,EACb,WAAW,EACX,iBAAiB,GAClB,MAAM,iBAAiB,CAAC;AASzB,YAAY,EACV,kBAAkB,EAClB,wBAAwB,EACxB,SAAS,EACT,eAAe,EAIf,eAAe,GAChB,MAAM,iBAAiB,CAAC;AAQzB,OAAO,EACL,oBAAoB,EACpB,4BAA4B,EAC5B,eAAe,GAChB,MAAM,iBAAiB,CAAC;AAIzB,OAAO,EAAE,wBAAwB,EAAE,MAAM,iBAAiB,CAAC"}
package/dist/index.js CHANGED
@@ -59,6 +59,12 @@ export { verifyDelegation, verifyStandingDelegation, verifyTokenAgainstGrant, ve
59
59
  // like the delegation family — verified against the identity's REGISTERED key
60
60
  // (resolved by the caller from `motebit_id`), never a key the request carries.
61
61
  export { signRequestEnvelope, verifyRequestEnvelope } from "@motebit/crypto";
62
+ // Settlement invoice (settlement-invoice@1.0). Explicitly re-exported like the
63
+ // delegation family — both artifacts are verified against the ISSUER's registered
64
+ // key (the carried key, if present, must match it), never a key the artifact alone
65
+ // vouches for. The two digest helpers are mandated so a consumer's receipt_digest /
66
+ // cost_attestation_digest bindings reproduce by construction.
67
+ export { executionReceiptDigest, costAttestationDigest, verifyCostAttestation, verifyInvoice, } from "@motebit/crypto";
62
68
  // The verdict producers and the fail-closed collapse. `verifyReceiptVerdict`
63
69
  // (A.2.1) returns the structured verdict for a signed receipt;
64
70
  // `verifyDelegationTokenVerdict` (A.2.2) does so for a per-tick token against
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAEH,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,oBAAoB,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAEzF,6EAA6E;AAC7E,6EAA6E;AAC7E,oFAAoF;AACpF,8EAA8E;AAC9E,+EAA+E;AAC/E,2EAA2E;AAC3E,OAAO,EAAE,sBAAsB,EAAE,MAAM,iBAAiB,CAAC;AACzD,yEAAyE;AACzE,0EAA0E;AAC1E,yEAAyE;AACzE,6EAA6E;AAC7E,+EAA+E;AAC/E,uEAAuE;AACvE,8EAA8E;AAC9E,wEAAwE;AACxE,0FAA0F;AAC1F,sGAAsG;AACtG,gFAAgF;AAChF,2FAA2F;AAC3F,oIAAoI;AACpI,kHAAkH;AAClH,yHAAyH;AACzH,OAAO,EACL,gBAAgB,EAChB,wBAAwB,EACxB,uBAAuB,EACvB,0BAA0B,EAC1B,mBAAmB,EACnB,oBAAoB,EACpB,oBAAoB,GACrB,MAAM,iBAAiB,CAAC;AACzB,gFAAgF;AAChF,8EAA8E;AAC9E,+EAA+E;AAC/E,OAAO,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AAiD7E,6EAA6E;AAC7E,+DAA+D;AAC/D,8EAA8E;AAC9E,8EAA8E;AAC9E,sEAAsE;AACtE,gFAAgF;AAChF,uCAAuC;AACvC,OAAO,EACL,oBAAoB,EACpB,4BAA4B,EAC5B,eAAe,GAChB,MAAM,iBAAiB,CAAC;AACzB,iFAAiF;AACjF,8EAA8E;AAC9E,qEAAqE;AACrE,OAAO,EAAE,wBAAwB,EAAE,MAAM,iBAAiB,CAAC"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAEH,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,oBAAoB,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAEzF,6EAA6E;AAC7E,6EAA6E;AAC7E,oFAAoF;AACpF,8EAA8E;AAC9E,+EAA+E;AAC/E,2EAA2E;AAC3E,OAAO,EAAE,sBAAsB,EAAE,MAAM,iBAAiB,CAAC;AACzD,yEAAyE;AACzE,0EAA0E;AAC1E,yEAAyE;AACzE,6EAA6E;AAC7E,+EAA+E;AAC/E,uEAAuE;AACvE,8EAA8E;AAC9E,wEAAwE;AACxE,0FAA0F;AAC1F,sGAAsG;AACtG,gFAAgF;AAChF,2FAA2F;AAC3F,oIAAoI;AACpI,kHAAkH;AAClH,yHAAyH;AACzH,OAAO,EACL,gBAAgB,EAChB,wBAAwB,EACxB,uBAAuB,EACvB,0BAA0B,EAC1B,mBAAmB,EACnB,oBAAoB,EACpB,oBAAoB,GACrB,MAAM,iBAAiB,CAAC;AACzB,gFAAgF;AAChF,8EAA8E;AAC9E,+EAA+E;AAC/E,OAAO,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AAE7E,+EAA+E;AAC/E,kFAAkF;AAClF,mFAAmF;AACnF,oFAAoF;AACpF,8DAA8D;AAC9D,OAAO,EACL,sBAAsB,EACtB,qBAAqB,EACrB,qBAAqB,EACrB,aAAa,GACd,MAAM,iBAAiB,CAAC;AAsDzB,6EAA6E;AAC7E,+DAA+D;AAC/D,8EAA8E;AAC9E,8EAA8E;AAC9E,sEAAsE;AACtE,gFAAgF;AAChF,uCAAuC;AACvC,OAAO,EACL,oBAAoB,EACpB,4BAA4B,EAC5B,eAAe,GAChB,MAAM,iBAAiB,CAAC;AACzB,iFAAiF;AACjF,8EAA8E;AAC9E,qEAAqE;AACrE,OAAO,EAAE,wBAAwB,EAAE,MAAM,iBAAiB,CAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@motebit/verifier",
3
- "version": "1.10.0",
3
+ "version": "1.11.0",
4
4
  "description": "Apache-2.0 library for verifying signed Motebit artifacts (identity files, execution receipts, credentials, presentations) — file-reading and human-formatting helpers on top of @motebit/crypto. The canonical `motebit-verify` CLI now lives at @motebit/verify; this package is the Apache-2.0 library it sits on.",
5
5
  "type": "module",
6
6
  "main": "./dist/index.js",
@@ -54,8 +54,8 @@
54
54
  ]
55
55
  },
56
56
  "dependencies": {
57
- "@motebit/crypto": "3.14.0",
58
- "@motebit/protocol": "3.7.0"
57
+ "@motebit/crypto": "3.15.0",
58
+ "@motebit/protocol": "3.8.0"
59
59
  },
60
60
  "devDependencies": {
61
61
  "@noble/ed25519": "~3.1.0",