@motebit/verifier 1.11.0 → 1.11.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -0
- package/dist/index.d.ts +2 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +5 -0
- package/dist/index.js.map +1 -1
- package/package.json +4 -4
package/README.md
CHANGED
|
@@ -57,6 +57,8 @@ For the same reason — authority is the scope/chain, not a `motebit_id → key`
|
|
|
57
57
|
|
|
58
58
|
`standing-delegation@1.1` adds an optional, generic **`subject_binding`** on the grant (**`SubjectBindingV1`**): the delegator's signature reaches the EXACT resolved subjects the authority covers, by digest-binding a detached, vertically-typed scope artifact — closing the gap where an interpreter (not the delegator) chose the identities the agent acts on. **`subjectBindingDigest`** computes the canonical digest of that detached artifact (`hex(SHA-256(canonicalJson))`), and **`verifySubjectBinding`** checks, fail-closed, that a presented artifact matches the grant's signed binding (digest method, declared `artifact_schema`, digest). Authority only — subject _completeness_ ("every signed subject was attempted") is a monitor receipt-profile rule on top, never a property of the generic binding.
|
|
59
59
|
|
|
60
|
+
The **withdrawal receipt** closes the money-out side of the self-attesting contract: a completed withdrawal is a truth the relay asserts, so it must be verifiable without relay contact. **`verifyWithdrawalReceipt`** re-checks the relay's Ed25519 signature over a `WithdrawalReceiptPayload` — the money-relevant subset of the market-v1 §2.9 wire record (`withdrawal_id`, `motebit_id`, `amount`, `currency`, `destination`, `payout_reference`, `completed_at`, `relay_id`). A consumer reconstructs the payload from the record's fields (all present on the response, including `relay_id`) and verifies against the carried `relay_public_key`, fail-closed on any decode or mismatch.
|
|
61
|
+
|
|
60
62
|
On the same principle, the **signed-request-envelope family** is re-exported as explicit signer/verifier — **`signRequestEnvelope`** and **`verifyRequestEnvelope`** ([`signed-request-envelope@1.0`](https://github.com/motebit/motebit/blob/main/spec/signed-request-envelope-v1.md)): stateless per-request identity authentication where the signature is verified against the identity's **registered** public key (resolved by the caller from `motebit_id`, never carried by the request), the payload travels detached behind a `payload_digest`, and `aud` binding kills cross-service replay. Not auto-detected — the key comes from the registry, not the envelope.
|
|
61
63
|
|
|
62
64
|
## Guarantees
|
package/dist/index.d.ts
CHANGED
|
@@ -38,6 +38,8 @@ export { verifyDelegation, verifyStandingDelegation, verifyTokenAgainstGrant, ve
|
|
|
38
38
|
export { signRequestEnvelope, verifyRequestEnvelope } from "@motebit/crypto";
|
|
39
39
|
export type { SignedRequestEnvelope } from "@motebit/crypto";
|
|
40
40
|
export { executionReceiptDigest, costAttestationDigest, verifyCostAttestation, verifyInvoice, } from "@motebit/crypto";
|
|
41
|
+
export { verifyWithdrawalReceipt } from "@motebit/crypto";
|
|
42
|
+
export type { WithdrawalReceiptPayload } from "@motebit/protocol";
|
|
41
43
|
export type { CostAttestationV1, InvoiceV1, CostAttestationVerdict, InvoiceVerdict, } from "@motebit/crypto";
|
|
42
44
|
export type { VerifyResult, ArtifactType, SkillVerifyResult, SkillFileVerifyResult, ApprovalDecision, DelegationToken, StandingDelegation, DelegationRevocation, SubjectBindingV1, } from "@motebit/crypto";
|
|
43
45
|
export type { VerificationVerdict, VerdictSubject, IntegrityVerdict, IdentityBindingVerdict, AuthorityVerdict, RevocationStatus, RevocationVerdict, RevocationFreshness, TemporalBasis, EvidenceRef, RepairInstruction, } from "@motebit/crypto";
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAEH,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,oBAAoB,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AACzF,YAAY,EAAE,iBAAiB,EAAE,uBAAuB,EAAE,MAAM,UAAU,CAAC;AAO3E,OAAO,EAAE,sBAAsB,EAAE,MAAM,iBAAiB,CAAC;AAgBzD,OAAO,EACL,gBAAgB,EAChB,wBAAwB,EACxB,uBAAuB,EACvB,0BAA0B,EAC1B,mBAAmB,EACnB,oBAAoB,EACpB,oBAAoB,GACrB,MAAM,iBAAiB,CAAC;AAIzB,OAAO,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AAC7E,YAAY,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AAM7D,OAAO,EACL,sBAAsB,EACtB,qBAAqB,EACrB,qBAAqB,EACrB,aAAa,GACd,MAAM,iBAAiB,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAEH,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,oBAAoB,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AACzF,YAAY,EAAE,iBAAiB,EAAE,uBAAuB,EAAE,MAAM,UAAU,CAAC;AAO3E,OAAO,EAAE,sBAAsB,EAAE,MAAM,iBAAiB,CAAC;AAgBzD,OAAO,EACL,gBAAgB,EAChB,wBAAwB,EACxB,uBAAuB,EACvB,0BAA0B,EAC1B,mBAAmB,EACnB,oBAAoB,EACpB,oBAAoB,GACrB,MAAM,iBAAiB,CAAC;AAIzB,OAAO,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AAC7E,YAAY,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AAM7D,OAAO,EACL,sBAAsB,EACtB,qBAAqB,EACrB,qBAAqB,EACrB,aAAa,GACd,MAAM,iBAAiB,CAAC;AAKzB,OAAO,EAAE,uBAAuB,EAAE,MAAM,iBAAiB,CAAC;AAC1D,YAAY,EAAE,wBAAwB,EAAE,MAAM,mBAAmB,CAAC;AAClE,YAAY,EACV,iBAAiB,EACjB,SAAS,EACT,sBAAsB,EACtB,cAAc,GACf,MAAM,iBAAiB,CAAC;AACzB,YAAY,EACV,YAAY,EACZ,YAAY,EACZ,iBAAiB,EACjB,qBAAqB,EACrB,gBAAgB,EAChB,eAAe,EACf,kBAAkB,EAClB,oBAAoB,EACpB,gBAAgB,GACjB,MAAM,iBAAiB,CAAC;AAMzB,YAAY,EACV,mBAAmB,EACnB,cAAc,EACd,gBAAgB,EAChB,sBAAsB,EACtB,gBAAgB,EAChB,gBAAgB,EAChB,iBAAiB,EACjB,mBAAmB,EACnB,aAAa,EACb,WAAW,EACX,iBAAiB,GAClB,MAAM,iBAAiB,CAAC;AASzB,YAAY,EACV,kBAAkB,EAClB,wBAAwB,EACxB,SAAS,EACT,eAAe,EAIf,eAAe,GAChB,MAAM,iBAAiB,CAAC;AAQzB,OAAO,EACL,oBAAoB,EACpB,4BAA4B,EAC5B,eAAe,GAChB,MAAM,iBAAiB,CAAC;AAIzB,OAAO,EAAE,wBAAwB,EAAE,MAAM,iBAAiB,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -65,6 +65,11 @@ export { signRequestEnvelope, verifyRequestEnvelope } from "@motebit/crypto";
|
|
|
65
65
|
// vouches for. The two digest helpers are mandated so a consumer's receipt_digest /
|
|
66
66
|
// cost_attestation_digest bindings reproduce by construction.
|
|
67
67
|
export { executionReceiptDigest, costAttestationDigest, verifyCostAttestation, verifyInvoice, } from "@motebit/crypto";
|
|
68
|
+
// Completed-withdrawal receipt verification — an external consumer with the
|
|
69
|
+
// market-v1 §2.9 wire record can confirm a completed withdrawal offline,
|
|
70
|
+
// through the pinned aggregate (never a crypto fork). See the withdrawal
|
|
71
|
+
// arm of `check-signed-artifact-verifiers`.
|
|
72
|
+
export { verifyWithdrawalReceipt } from "@motebit/crypto";
|
|
68
73
|
// The verdict producers and the fail-closed collapse. `verifyReceiptVerdict`
|
|
69
74
|
// (A.2.1) returns the structured verdict for a signed receipt;
|
|
70
75
|
// `verifyDelegationTokenVerdict` (A.2.2) does so for a per-tick token against
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAEH,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,oBAAoB,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAEzF,6EAA6E;AAC7E,6EAA6E;AAC7E,oFAAoF;AACpF,8EAA8E;AAC9E,+EAA+E;AAC/E,2EAA2E;AAC3E,OAAO,EAAE,sBAAsB,EAAE,MAAM,iBAAiB,CAAC;AACzD,yEAAyE;AACzE,0EAA0E;AAC1E,yEAAyE;AACzE,6EAA6E;AAC7E,+EAA+E;AAC/E,uEAAuE;AACvE,8EAA8E;AAC9E,wEAAwE;AACxE,0FAA0F;AAC1F,sGAAsG;AACtG,gFAAgF;AAChF,2FAA2F;AAC3F,oIAAoI;AACpI,kHAAkH;AAClH,yHAAyH;AACzH,OAAO,EACL,gBAAgB,EAChB,wBAAwB,EACxB,uBAAuB,EACvB,0BAA0B,EAC1B,mBAAmB,EACnB,oBAAoB,EACpB,oBAAoB,GACrB,MAAM,iBAAiB,CAAC;AACzB,gFAAgF;AAChF,8EAA8E;AAC9E,+EAA+E;AAC/E,OAAO,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AAE7E,+EAA+E;AAC/E,kFAAkF;AAClF,mFAAmF;AACnF,oFAAoF;AACpF,8DAA8D;AAC9D,OAAO,EACL,sBAAsB,EACtB,qBAAqB,EACrB,qBAAqB,EACrB,aAAa,GACd,MAAM,iBAAiB,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAEH,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,oBAAoB,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAEzF,6EAA6E;AAC7E,6EAA6E;AAC7E,oFAAoF;AACpF,8EAA8E;AAC9E,+EAA+E;AAC/E,2EAA2E;AAC3E,OAAO,EAAE,sBAAsB,EAAE,MAAM,iBAAiB,CAAC;AACzD,yEAAyE;AACzE,0EAA0E;AAC1E,yEAAyE;AACzE,6EAA6E;AAC7E,+EAA+E;AAC/E,uEAAuE;AACvE,8EAA8E;AAC9E,wEAAwE;AACxE,0FAA0F;AAC1F,sGAAsG;AACtG,gFAAgF;AAChF,2FAA2F;AAC3F,oIAAoI;AACpI,kHAAkH;AAClH,yHAAyH;AACzH,OAAO,EACL,gBAAgB,EAChB,wBAAwB,EACxB,uBAAuB,EACvB,0BAA0B,EAC1B,mBAAmB,EACnB,oBAAoB,EACpB,oBAAoB,GACrB,MAAM,iBAAiB,CAAC;AACzB,gFAAgF;AAChF,8EAA8E;AAC9E,+EAA+E;AAC/E,OAAO,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AAE7E,+EAA+E;AAC/E,kFAAkF;AAClF,mFAAmF;AACnF,oFAAoF;AACpF,8DAA8D;AAC9D,OAAO,EACL,sBAAsB,EACtB,qBAAqB,EACrB,qBAAqB,EACrB,aAAa,GACd,MAAM,iBAAiB,CAAC;AACzB,4EAA4E;AAC5E,yEAAyE;AACzE,yEAAyE;AACzE,4CAA4C;AAC5C,OAAO,EAAE,uBAAuB,EAAE,MAAM,iBAAiB,CAAC;AAuD1D,6EAA6E;AAC7E,+DAA+D;AAC/D,8EAA8E;AAC9E,8EAA8E;AAC9E,sEAAsE;AACtE,gFAAgF;AAChF,uCAAuC;AACvC,OAAO,EACL,oBAAoB,EACpB,4BAA4B,EAC5B,eAAe,GAChB,MAAM,iBAAiB,CAAC;AACzB,iFAAiF;AACjF,8EAA8E;AAC9E,qEAAqE;AACrE,OAAO,EAAE,wBAAwB,EAAE,MAAM,iBAAiB,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@motebit/verifier",
|
|
3
|
-
"version": "1.11.
|
|
3
|
+
"version": "1.11.1",
|
|
4
4
|
"description": "Apache-2.0 library for verifying signed Motebit artifacts (identity files, execution receipts, credentials, presentations) — file-reading and human-formatting helpers on top of @motebit/crypto. The canonical `motebit-verify` CLI now lives at @motebit/verify; this package is the Apache-2.0 library it sits on.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/index.js",
|
|
@@ -54,15 +54,15 @@
|
|
|
54
54
|
]
|
|
55
55
|
},
|
|
56
56
|
"dependencies": {
|
|
57
|
-
"@motebit/crypto": "3.
|
|
58
|
-
"@motebit/protocol": "3.
|
|
57
|
+
"@motebit/crypto": "3.16.0",
|
|
58
|
+
"@motebit/protocol": "3.9.0"
|
|
59
59
|
},
|
|
60
60
|
"devDependencies": {
|
|
61
61
|
"@noble/ed25519": "~3.1.0",
|
|
62
62
|
"@noble/hashes": "^2.2.0",
|
|
63
63
|
"@types/node": "^22.0.0",
|
|
64
64
|
"typescript": "^5.6.0",
|
|
65
|
-
"vitest": "^4.1.
|
|
65
|
+
"vitest": "^4.1.9"
|
|
66
66
|
},
|
|
67
67
|
"engines": {
|
|
68
68
|
"node": ">=20"
|