@naughtbot/e2ee-payloads 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. package/dist/index.d.ts +37 -0
  2. package/dist/index.d.ts.map +1 -0
  3. package/dist/index.js +2 -0
  4. package/dist/index.js.map +1 -0
  5. package/dist/schema.d.ts +810 -0
  6. package/dist/schema.d.ts.map +1 -0
  7. package/dist/schema.js +6 -0
  8. package/dist/schema.js.map +1 -0
  9. package/package.json +36 -0
  10. package/src/index.test.ts +136 -0
  11. package/src/index.ts +40 -0
  12. package/src/schema.ts +810 -0
package/dist/schema.d.ts ADDED
@@ -0,0 +1,810 @@
1
+ /**
2
+ * This file was auto-generated by openapi-typescript.
3
+ * Do not make direct changes to the file.
4
+ */
5
+ export type paths = Record<string, never>;
6
+ export type webhooks = Record<string, never>;
7
+ export interface components {
8
+ schemas: {
9
+ /**
10
+ * MailboxEnvelopeV1
11
+ * @description Typed plaintext envelope for NaughtBot mailbox payloads. Receivers dispatch on `type`. The schema is documentary — the auth/mailbox backend never sees the envelope (it is inside HPKE plaintext) and no endpoint accepts it directly. See `core/memories/mailbox-envelope.md` for the canonical decode rules until that memory migrates here with the rest of the schema-relocation follow-up.
12
+ */
13
+ MailboxEnvelopeV1: {
14
+ /**
15
+ * @description Envelope version. Receivers reject unknown versions.
16
+ * @enum {integer}
17
+ */
18
+ v: 1;
19
+ /**
20
+ * @description Registered type discriminator. Receivers SHOULD validate against the `MailboxEnvelopeType` registry enum at runtime; unknown values MUST be logged and dropped without rejecting the envelope.
21
+ * @example ssh_sign
22
+ */
23
+ type: string;
24
+ /**
25
+ * Format: uuid
26
+ * @description Canonical lower-case RFC 4122 UUID string for idempotency / dedup on the receiver.
27
+ */
28
+ id: string;
29
+ /**
30
+ * @description RFC 3339 UTC timestamp with the canonical `Z` suffix. Senders SHOULD emit fractional seconds (`2026-05-03T05:00:00.123Z`); receivers MUST also accept the plain second-precision form (`2026-05-03T05:00:00Z`). Times outside UTC and timestamps lacking the `T` delimiter are rejected.
31
+ * @example 2026-05-03T05:00:00.123Z
32
+ */
33
+ issued_at: string;
34
+ /** @description Type-specific payload, MUST be a JSON object (`{...}`); scalar / array / string roots are not valid envelopes. The internal schema is validated by the per-`type` handler defined under `payloads/`, not by the envelope codec. */
35
+ payload: {
36
+ [key: string]: unknown;
37
+ };
38
+ };
39
+ /**
40
+ * MailboxEnvelopeType
41
+ * @description Registered set of envelope `type` discriminators. Receivers may decode the envelope successfully but log+drop on unknown values. Adding a new type requires adding it here and shipping the matching payload schema under `payloads/<surface>.yaml`.
42
+ * @example ssh_sign
43
+ * @enum {string}
44
+ */
45
+ MailboxEnvelopeType: "link_request" | "link_approval" | "link_rejection" | "captcha_request" | "captcha_response" | "ssh_auth" | "ssh_sign" | "gpg_sign" | "gpg_decrypt" | "age_unwrap" | "pkcs11_sign" | "pkcs11_derive" | "enroll";
46
+ /**
47
+ * ApprovalChallenge
48
+ * @description Canonical Longfellow / attested-key-zk approval challenge. Producer sends this inside the request payload; the approver binds it into the approval proof returned in the response payload.
49
+ */
50
+ ApprovalChallenge: {
51
+ /**
52
+ * @description Canonical approval challenge format version.
53
+ * @enum {string}
54
+ */
55
+ version: "approval-challenge/v1";
56
+ /** @description Opaque nonce bound into the approval challenge and proof statement. */
57
+ nonce: string;
58
+ /** @description Relay request id that scopes the approval proof. */
59
+ request_id: string;
60
+ /** @description SHA-256 digest of the approved plaintext, formatted as `sha256:<hex>`. */
61
+ plaintext_hash: string;
62
+ };
63
+ /**
64
+ * ApprovalProofStatement
65
+ * @description Public Longfellow statement bound into the zero-knowledge proof.
66
+ */
67
+ ApprovalProofStatement: {
68
+ /** @description Lowercase hex-encoded compressed P-256 issuer public key (66 hex chars, 33 bytes: `0x02`/`0x03` || X). */
69
+ issuer_public_key_hex: string;
70
+ /** @description Lowercase hex-encoded SHA-256 hash of the mobile app identifier. */
71
+ app_id_hash_hex: string;
72
+ /**
73
+ * Format: int32
74
+ * @description Policy version embedded into the approval proof statement.
75
+ */
76
+ policy_version: number;
77
+ /**
78
+ * Format: int64
79
+ * @description Unix timestamp in seconds embedded into the approval proof statement.
80
+ */
81
+ now: number;
82
+ /** @description Lowercase hex-encoded SHA-256 hash of `ApprovalChallenge.nonce`. */
83
+ challenge_nonce_hex: string;
84
+ /** @description Lowercase hex-encoded SHA-256 hash of the verifier audience string. */
85
+ audience_hash_hex: string;
86
+ /** @description Lowercase hex-encoded SHA-256 hash of the canonical approval challenge JSON. */
87
+ approval_hash_hex: string;
88
+ };
89
+ /**
90
+ * ApprovalAttestationV1
91
+ * @description Service-issued approval attestation embedded into the Longfellow proof witness.
92
+ */
93
+ ApprovalAttestationV1: {
94
+ /**
95
+ * @description Canonical approval attestation format version.
96
+ * @enum {string}
97
+ */
98
+ version: "approval-attestation/v1";
99
+ /**
100
+ * Format: byte
101
+ * @description RFC 4648 standard base64 with `=` padding for the `approval-attestation/v1` bytes embedded into the Longfellow proof witness.
102
+ */
103
+ bytes: string;
104
+ /**
105
+ * Format: byte
106
+ * @description RFC 4648 standard base64 with `=` padding for the raw 64-byte P-256 `r || s` signature over `SHA256(bytes)`.
107
+ */
108
+ signature: string;
109
+ };
110
+ /**
111
+ * ApprovalAttestedKeyProof
112
+ * @description Canonical Longfellow approval proof carried inside encrypted approval responses.
113
+ */
114
+ ApprovalAttestedKeyProof: {
115
+ /**
116
+ * @description Canonical approval proof format version.
117
+ * @enum {string}
118
+ */
119
+ version: "approval-attested-key-proof/v1";
120
+ challenge: components["schemas"]["ApprovalChallenge"];
121
+ statement: components["schemas"]["ApprovalProofStatement"];
122
+ attestation: components["schemas"]["ApprovalAttestationV1"];
123
+ /**
124
+ * Format: byte
125
+ * @description RFC 4648 standard base64 with `=` padding for the Longfellow approval proof bytes.
126
+ */
127
+ proof: string;
128
+ };
129
+ /**
130
+ * AttestationSecurityType
131
+ * @description Combined platform and security level for attestation.
132
+ * @enum {string}
133
+ */
134
+ AttestationSecurityType: "ios_secure_enclave" | "android_tee" | "android_strongbox" | "software" | "play_integrity";
135
+ /**
136
+ * KeyMetadataAttestation
137
+ * @description Attestation proof that a key was created on attested device hardware.
138
+ */
139
+ KeyMetadataAttestation: {
140
+ /** @description Lowercase hex-encoded public key being attested (66 hex chars for P-256 33-byte compressed key, or 64 hex chars for Ed25519 32-byte key). */
141
+ public_key_hex: string;
142
+ /**
143
+ * Format: byte
144
+ * @description RFC 4648 standard base64 with `=` padding for the App Attest assertion or software signature.
145
+ */
146
+ assertion: string;
147
+ attestation_type: components["schemas"]["AttestationSecurityType"];
148
+ /**
149
+ * Format: byte
150
+ * @description RFC 4648 standard base64 with `=` padding for the Apple CBOR attestation object used by hardware attestation.
151
+ */
152
+ attestation_object?: string;
153
+ /**
154
+ * Format: byte
155
+ * @description RFC 4648 standard base64 with `=` padding for `SHA256(id || public_key || created_at || device_auth_public_key)`.
156
+ */
157
+ challenge: string;
158
+ /**
159
+ * Format: int64
160
+ * @description Unix timestamp in milliseconds.
161
+ */
162
+ attestation_timestamp: number;
163
+ /** @description Lowercase hex-encoded attestation key public key (66 hex chars for P-256 33-byte compressed key). */
164
+ attestation_public_key_hex?: string;
165
+ };
166
+ /**
167
+ * SigningErrorCode
168
+ * @description Numeric error code returned in `*ResponsePayloadV1.error_code` when an approval flow fails. `1=rejected`, `2=timeout`, `3=key_not_found`, `4=invalid_payload`, `5=attestation_failed`, `6=internal_error`.
169
+ * @example 1
170
+ * @enum {integer}
171
+ */
172
+ SigningErrorCode: 1 | 2 | 3 | 4 | 5 | 6;
173
+ /**
174
+ * KeyPurpose
175
+ * @description Purpose of an enrolled key.
176
+ * @example ssh
177
+ * @enum {string}
178
+ */
179
+ KeyPurpose: "ssh" | "gpg" | "age";
180
+ /**
181
+ * DisplayField
182
+ * @description A single label/value row rendered on the approval surface.
183
+ */
184
+ DisplayField: {
185
+ /**
186
+ * @description Short label for the field.
187
+ * @example Repository
188
+ */
189
+ label: string;
190
+ /**
191
+ * @description Value to display.
192
+ * @example github.com/user/repo
193
+ */
194
+ value: string;
195
+ /**
196
+ * @description Render the value in a monospace font.
197
+ * @default false
198
+ */
199
+ monospace?: boolean;
200
+ /**
201
+ * @description Field can be expanded to show additional content.
202
+ * @default false
203
+ */
204
+ expandable?: boolean;
205
+ /**
206
+ * @description Render the value across multiple lines.
207
+ * @default false
208
+ */
209
+ multiline?: boolean;
210
+ /**
211
+ * @description Value contains sensitive information; UI may mask it.
212
+ * @default false
213
+ */
214
+ sensitive?: boolean;
215
+ /** @description Optional SF Symbol or Material icon name. */
216
+ icon?: string;
217
+ };
218
+ /**
219
+ * DisplaySchema
220
+ * @description Optional approval-UI metadata. Producers populate this on a best-effort basis; approvers MUST render the wire payload regardless of presence.
221
+ */
222
+ DisplaySchema: {
223
+ /**
224
+ * @description Main title for the approval screen.
225
+ * @example Sign Git Commit
226
+ */
227
+ title: string;
228
+ /** @description Shorter title for the history list view. */
229
+ history_title?: string;
230
+ /** @description Subtitle with additional context. */
231
+ subtitle?: string;
232
+ /** @description Optional icon name. */
233
+ icon?: string;
234
+ fields: components["schemas"]["DisplayField"][];
235
+ };
236
+ /**
237
+ * ProcessEntry
238
+ * @description Entry in a process ancestry chain.
239
+ */
240
+ ProcessEntry: {
241
+ /**
242
+ * Format: int32
243
+ * @description Process id.
244
+ */
245
+ pid: number;
246
+ /** @description Username running the process. */
247
+ username: string;
248
+ /** @description Command line of the process. */
249
+ command: string;
250
+ };
251
+ /**
252
+ * SourceInfo
253
+ * @description Optional context about the requesting system. Producers populate this on a best-effort basis; approvers MUST NOT make security decisions on unauthenticated source metadata.
254
+ */
255
+ SourceInfo: {
256
+ /** @description Source machine hostname. */
257
+ hostname?: string;
258
+ /** @description Local/private IP address. */
259
+ local_ip?: string;
260
+ /** @description User running the requesting process. */
261
+ username?: string;
262
+ /** @description Command line of the current process. */
263
+ command?: string;
264
+ /** @description Full process tree from the current process up to init. */
265
+ process_chain?: components["schemas"]["ProcessEntry"][];
266
+ };
267
+ /**
268
+ * MailboxSshAuthRequestPayloadV1
269
+ * @description Request payload for the `ssh_auth` envelope type. The approver signs an SSH user-authentication challenge constructed from `raw_data`, using the on-device key selected by `device_key_id`.
270
+ */
271
+ MailboxSshAuthRequestPayloadV1: {
272
+ /**
273
+ * Format: byte
274
+ * @description RFC 4648 standard base64 with `=` padding for the raw SSH challenge preimage. The approver builds the canonical SSH signature input from this preimage.
275
+ * @example c3NoIGNoYWxsZW5nZQ==
276
+ */
277
+ raw_data: string;
278
+ /**
279
+ * @description Identifier of the key to sign with.
280
+ * @example key_abc123
281
+ */
282
+ key_id?: string;
283
+ /**
284
+ * @description SSH application identifier (e.g. `ssh:`).
285
+ * @example ssh:
286
+ */
287
+ application?: string;
288
+ /**
289
+ * Format: int32
290
+ * @description SSH SK flags bitmask. Default `0x01` requires user presence.
291
+ * @default 1
292
+ * @example 1
293
+ */
294
+ flags?: number;
295
+ /** @description Device-side key identifier (e.g. iOS Secure Enclave handle) used to select among enrolled signing keys on the approver. */
296
+ device_key_id: string;
297
+ approval_challenge?: components["schemas"]["ApprovalChallenge"];
298
+ display?: components["schemas"]["DisplaySchema"];
299
+ source_info?: components["schemas"]["SourceInfo"];
300
+ };
301
+ /**
302
+ * MailboxSshAuthResponsePayloadV1
303
+ * @description Response payload for the `ssh_auth` envelope type. Discriminated as a success / failure pair. Decoders pick `MailboxSshAuthResponseSuccessV1` if `signature` is present and `MailboxSshAuthResponseFailureV1` if `error_code` is present.
304
+ */
305
+ MailboxSshAuthResponsePayloadV1: components["schemas"]["MailboxSshAuthResponseSuccessV1"] | components["schemas"]["MailboxSshAuthResponseFailureV1"];
306
+ /**
307
+ * MailboxSshAuthResponseSuccessV1
308
+ * @description Success branch of `MailboxSshAuthResponsePayloadV1`.
309
+ */
310
+ MailboxSshAuthResponseSuccessV1: {
311
+ /**
312
+ * Format: byte
313
+ * @description RFC 4648 standard base64 with `=` padding for the raw SSH signature blob (no SSH-wire framing).
314
+ */
315
+ signature: string;
316
+ approval_proof?: components["schemas"]["ApprovalAttestedKeyProof"];
317
+ };
318
+ /**
319
+ * MailboxSshAuthResponseFailureV1
320
+ * @description Failure branch of `MailboxSshAuthResponsePayloadV1`.
321
+ */
322
+ MailboxSshAuthResponseFailureV1: {
323
+ error_code: components["schemas"]["SigningErrorCode"];
324
+ /**
325
+ * @description Human-readable error message.
326
+ * @example User rejected the request
327
+ */
328
+ error_message?: string;
329
+ };
330
+ /**
331
+ * MailboxSshSignRequestPayloadV1
332
+ * @description Request payload for the `ssh_sign` envelope type. The approver signs an SSH signature input derived from `raw_data` (e.g. `git commit -S` SSH signing), using the on-device key selected by `device_key_id`.
333
+ */
334
+ MailboxSshSignRequestPayloadV1: {
335
+ /**
336
+ * Format: byte
337
+ * @description RFC 4648 standard base64 with `=` padding for the raw data to sign (preimage). The approver builds the canonical SSH signature input from this preimage.
338
+ * @example ZGF0YSB0byBzaWdu
339
+ */
340
+ raw_data: string;
341
+ /**
342
+ * @description Identifier of the key to sign with.
343
+ * @example key_abc123
344
+ */
345
+ key_id?: string;
346
+ /**
347
+ * @description SSH application identifier (e.g. `ssh:`).
348
+ * @example ssh:
349
+ */
350
+ application?: string;
351
+ /**
352
+ * Format: int32
353
+ * @description SSH SK flags bitmask. Default `0x01` requires user presence.
354
+ * @default 1
355
+ * @example 1
356
+ */
357
+ flags?: number;
358
+ /** @description Device-side key identifier (e.g. iOS Secure Enclave handle) used to select among enrolled signing keys on the approver. */
359
+ device_key_id: string;
360
+ approval_challenge?: components["schemas"]["ApprovalChallenge"];
361
+ display?: components["schemas"]["DisplaySchema"];
362
+ source_info?: components["schemas"]["SourceInfo"];
363
+ };
364
+ /**
365
+ * MailboxSshSignResponsePayloadV1
366
+ * @description Response payload for the `ssh_sign` envelope type. Discriminated as a success / failure pair.
367
+ */
368
+ MailboxSshSignResponsePayloadV1: components["schemas"]["MailboxSshSignResponseSuccessV1"] | components["schemas"]["MailboxSshSignResponseFailureV1"];
369
+ /**
370
+ * MailboxSshSignResponseSuccessV1
371
+ * @description Success branch of `MailboxSshSignResponsePayloadV1`.
372
+ */
373
+ MailboxSshSignResponseSuccessV1: {
374
+ /**
375
+ * Format: byte
376
+ * @description RFC 4648 standard base64 with `=` padding for the raw SSH signature blob (no SSH-wire framing).
377
+ */
378
+ signature: string;
379
+ approval_proof?: components["schemas"]["ApprovalAttestedKeyProof"];
380
+ };
381
+ /**
382
+ * MailboxSshSignResponseFailureV1
383
+ * @description Failure branch of `MailboxSshSignResponsePayloadV1`.
384
+ */
385
+ MailboxSshSignResponseFailureV1: {
386
+ error_code: components["schemas"]["SigningErrorCode"];
387
+ /**
388
+ * @description Human-readable error message.
389
+ * @example User rejected the request
390
+ */
391
+ error_message?: string;
392
+ };
393
+ /**
394
+ * MailboxGpgSignRequestPayloadV1
395
+ * @description Request payload for the `gpg_sign` envelope type. The approver builds the OpenPGP hash input from `raw_data` and signs the resulting digest with the primary GPG signing key selected by `device_key_id`.
396
+ */
397
+ MailboxGpgSignRequestPayloadV1: {
398
+ /**
399
+ * Format: byte
400
+ * @description RFC 4648 standard base64 with `=` padding for the raw data to sign (preimage). The approver builds the OpenPGP hash input from this preimage and signs the resulting digest.
401
+ * @example cmF3IGRhdGE=
402
+ */
403
+ raw_data: string;
404
+ /**
405
+ * @description Hex-encoded public key selecting which on-device GPG primary key the approver should use for signing. The mailbox/poll path requires this because the envelope does not otherwise carry a key identifier.
406
+ * @example 034dc708f0fda9462584485537d588657e68c808dae0edb8cc556459a7975229e8
407
+ */
408
+ device_key_id: string;
409
+ approval_challenge?: components["schemas"]["ApprovalChallenge"];
410
+ display?: components["schemas"]["DisplaySchema"];
411
+ source_info?: components["schemas"]["SourceInfo"];
412
+ };
413
+ /**
414
+ * MailboxGpgSignResponsePayloadV1
415
+ * @description Response payload for the `gpg_sign` envelope type. Discriminated as a success / failure pair.
416
+ */
417
+ MailboxGpgSignResponsePayloadV1: components["schemas"]["MailboxGpgSignResponseSuccessV1"] | components["schemas"]["MailboxGpgSignResponseFailureV1"];
418
+ /**
419
+ * MailboxGpgSignResponseSuccessV1
420
+ * @description Success branch of `MailboxGpgSignResponsePayloadV1`.
421
+ */
422
+ MailboxGpgSignResponseSuccessV1: {
423
+ /**
424
+ * @description ASCII-armored OpenPGP signature.
425
+ * @example -----BEGIN PGP SIGNATURE-----...
426
+ */
427
+ armored_signature: string;
428
+ approval_proof?: components["schemas"]["ApprovalAttestedKeyProof"];
429
+ };
430
+ /**
431
+ * MailboxGpgSignResponseFailureV1
432
+ * @description Failure branch of `MailboxGpgSignResponsePayloadV1`.
433
+ */
434
+ MailboxGpgSignResponseFailureV1: {
435
+ error_code: components["schemas"]["SigningErrorCode"];
436
+ /**
437
+ * @description Human-readable error message.
438
+ * @example User rejected the request
439
+ */
440
+ error_message?: string;
441
+ };
442
+ /**
443
+ * MailboxGpgDecryptRequestPayloadV1
444
+ * @description Request payload for the `gpg_decrypt` envelope type. The approver unwraps the OpenPGP Public Key Encrypted Session Key packet using the encryption subkey selected by `device_key_id`.
445
+ */
446
+ MailboxGpgDecryptRequestPayloadV1: {
447
+ /**
448
+ * Format: byte
449
+ * @description RFC 4648 standard base64 with `=` padding for the encrypted data to decrypt.
450
+ * @example ZW5jcnlwdGVkIGRhdGE=
451
+ */
452
+ encrypted_data: string;
453
+ pkesk: components["schemas"]["PkeskData"];
454
+ /**
455
+ * @description Hex-encoded public key selecting which on-device GPG encryption subkey the approver should use for ECDH. The mailbox/poll path requires this because the envelope does not otherwise carry a key identifier.
456
+ * @example 034dc708f0fda9462584485537d588657e68c808dae0edb8cc556459a7975229e8
457
+ */
458
+ device_key_id: string;
459
+ approval_challenge?: components["schemas"]["ApprovalChallenge"];
460
+ display?: components["schemas"]["DisplaySchema"];
461
+ source_info?: components["schemas"]["SourceInfo"];
462
+ };
463
+ /**
464
+ * MailboxGpgDecryptResponsePayloadV1
465
+ * @description Response payload for the `gpg_decrypt` envelope type. Discriminated as a success / failure pair. The success branch carries both `session_key` and `algorithm`; the failure branch carries `error_code`.
466
+ */
467
+ MailboxGpgDecryptResponsePayloadV1: components["schemas"]["MailboxGpgDecryptResponseSuccessV1"] | components["schemas"]["MailboxGpgDecryptResponseFailureV1"];
468
+ /**
469
+ * MailboxGpgDecryptResponseSuccessV1
470
+ * @description Success branch of `MailboxGpgDecryptResponsePayloadV1`.
471
+ */
472
+ MailboxGpgDecryptResponseSuccessV1: {
473
+ /**
474
+ * Format: byte
475
+ * @description RFC 4648 standard base64 with `=` padding for the unwrapped session key.
476
+ * @example c2Vzc2lvbiBrZXk=
477
+ */
478
+ session_key: string;
479
+ /**
480
+ * Format: int32
481
+ * @description OpenPGP symmetric algorithm id (RFC 4880 §9.2).
482
+ * @example 9
483
+ */
484
+ algorithm: number;
485
+ approval_proof?: components["schemas"]["ApprovalAttestedKeyProof"];
486
+ };
487
+ /**
488
+ * MailboxGpgDecryptResponseFailureV1
489
+ * @description Failure branch of `MailboxGpgDecryptResponsePayloadV1`.
490
+ */
491
+ MailboxGpgDecryptResponseFailureV1: {
492
+ error_code: components["schemas"]["SigningErrorCode"];
493
+ /**
494
+ * @description Human-readable error message.
495
+ * @example User rejected the request
496
+ */
497
+ error_message?: string;
498
+ };
499
+ /**
500
+ * PkeskData
501
+ * @description OpenPGP Public Key Encrypted Session Key packet data.
502
+ */
503
+ PkeskData: {
504
+ /**
505
+ * Format: int32
506
+ * @description PKESK packet version (typically 3).
507
+ * @example 3
508
+ */
509
+ version: number;
510
+ /**
511
+ * Format: byte
512
+ * @description RFC 4648 standard base64 with `=` padding for the 8-byte recipient key id.
513
+ * @example a2V5X2lkMTIz
514
+ */
515
+ key_id: string;
516
+ /**
517
+ * Format: int32
518
+ * @description OpenPGP public key algorithm (RFC 4880 §9.1). `18` is ECDH.
519
+ * @example 18
520
+ */
521
+ algorithm: number;
522
+ /**
523
+ * Format: byte
524
+ * @description RFC 4648 standard base64 with `=` padding for the ephemeral ECDH public point (33 bytes compressed).
525
+ * @example ZXBoZW1lcmFsX3BvaW50
526
+ */
527
+ ephemeral_point: string;
528
+ /**
529
+ * Format: byte
530
+ * @description RFC 4648 standard base64 with `=` padding for the AES-wrapped session key.
531
+ * @example d3JhcHBlZF9rZXk=
532
+ */
533
+ wrapped_key: string;
534
+ };
535
+ /**
536
+ * MailboxAgeUnwrapRequestPayloadV1
537
+ * @description Request payload for the `age_unwrap` envelope type. The approver unwraps an age `X25519` recipient stanza using the on-device X25519 key matching `recipient_public_hex`.
538
+ */
539
+ MailboxAgeUnwrapRequestPayloadV1: {
540
+ /**
541
+ * @description Lowercase hex-encoded sender's ephemeral X25519 public key (64 hex chars for the 32-byte key).
542
+ * @example a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2
543
+ */
544
+ ephemeral_public_hex: string;
545
+ /**
546
+ * Format: byte
547
+ * @description RFC 4648 standard base64 with `=` padding for the wrapped file key for decryption.
548
+ * @example d3JhcHBlZCBmaWxlIGtleQ==
549
+ */
550
+ wrapped_file_key: string;
551
+ /**
552
+ * @description Lowercase hex-encoded recipient's X25519 public key (64 hex chars for the 32-byte key).
553
+ * @example b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3
554
+ */
555
+ recipient_public_hex: string;
556
+ approval_challenge?: components["schemas"]["ApprovalChallenge"];
557
+ display?: components["schemas"]["DisplaySchema"];
558
+ source_info?: components["schemas"]["SourceInfo"];
559
+ };
560
+ /**
561
+ * MailboxAgeUnwrapResponsePayloadV1
562
+ * @description Response payload for the `age_unwrap` envelope type. Discriminated as a success / failure pair.
563
+ */
564
+ MailboxAgeUnwrapResponsePayloadV1: components["schemas"]["MailboxAgeUnwrapResponseSuccessV1"] | components["schemas"]["MailboxAgeUnwrapResponseFailureV1"];
565
+ /**
566
+ * MailboxAgeUnwrapResponseSuccessV1
567
+ * @description Success branch of `MailboxAgeUnwrapResponsePayloadV1`.
568
+ */
569
+ MailboxAgeUnwrapResponseSuccessV1: {
570
+ /**
571
+ * Format: byte
572
+ * @description RFC 4648 standard base64 with `=` padding for the unwrapped age file key.
573
+ * @example ZmlsZSBrZXk=
574
+ */
575
+ file_key: string;
576
+ approval_proof?: components["schemas"]["ApprovalAttestedKeyProof"];
577
+ };
578
+ /**
579
+ * MailboxAgeUnwrapResponseFailureV1
580
+ * @description Failure branch of `MailboxAgeUnwrapResponsePayloadV1`.
581
+ */
582
+ MailboxAgeUnwrapResponseFailureV1: {
583
+ error_code: components["schemas"]["SigningErrorCode"];
584
+ /**
585
+ * @description Human-readable error message.
586
+ * @example User rejected the request
587
+ */
588
+ error_message?: string;
589
+ };
590
+ /**
591
+ * MailboxPkcs11SignRequestPayloadV1
592
+ * @description Request payload for the `pkcs11_sign` envelope type. The approver computes the SHA-256 digest of `raw_data` and signs it with the on-device key selected by `device_key_id`.
593
+ */
594
+ MailboxPkcs11SignRequestPayloadV1: {
595
+ /**
596
+ * Format: byte
597
+ * @description RFC 4648 standard base64 with `=` padding for the raw data to sign (preimage). The approver computes the SHA-256 digest and signs it.
598
+ * @example cGtjczExIGRhdGE=
599
+ */
600
+ raw_data: string;
601
+ /** @description Hex-encoded public key selecting which on-device key the approver should use for signing. */
602
+ device_key_id: string;
603
+ display?: components["schemas"]["DisplaySchema"];
604
+ approval_challenge?: components["schemas"]["ApprovalChallenge"];
605
+ source_info?: components["schemas"]["SourceInfo"];
606
+ };
607
+ /**
608
+ * MailboxPkcs11SignResponsePayloadV1
609
+ * @description Response payload for the `pkcs11_sign` envelope type. Discriminated as a success / failure pair.
610
+ */
611
+ MailboxPkcs11SignResponsePayloadV1: components["schemas"]["MailboxPkcs11SignResponseSuccessV1"] | components["schemas"]["MailboxPkcs11SignResponseFailureV1"];
612
+ /**
613
+ * MailboxPkcs11SignResponseSuccessV1
614
+ * @description Success branch of `MailboxPkcs11SignResponsePayloadV1`.
615
+ */
616
+ MailboxPkcs11SignResponseSuccessV1: {
617
+ /**
618
+ * Format: byte
619
+ * @description RFC 4648 standard base64 with `=` padding for the raw signature bytes (no PKCS#1 framing).
620
+ */
621
+ signature: string;
622
+ approval_proof?: components["schemas"]["ApprovalAttestedKeyProof"];
623
+ };
624
+ /**
625
+ * MailboxPkcs11SignResponseFailureV1
626
+ * @description Failure branch of `MailboxPkcs11SignResponsePayloadV1`.
627
+ */
628
+ MailboxPkcs11SignResponseFailureV1: {
629
+ error_code: components["schemas"]["SigningErrorCode"];
630
+ /**
631
+ * @description Human-readable error message.
632
+ * @example User rejected the request
633
+ */
634
+ error_message?: string;
635
+ };
636
+ /**
637
+ * MailboxPkcs11DeriveRequestPayloadV1
638
+ * @description Request payload for the `pkcs11_derive` envelope type. The approver runs ECDH between the on-device private key selected by `device_key_id` and the peer public key, optionally feeding the shared secret through a KDF.
639
+ */
640
+ MailboxPkcs11DeriveRequestPayloadV1: {
641
+ /**
642
+ * @description Lowercase hex-encoded peer public key for ECDH (66 hex chars for P-256 33-byte compressed key).
643
+ * @example 02a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2
644
+ */
645
+ peer_public_hex: string;
646
+ /** @description Hex-encoded public key selecting which on-device key the approver should use for ECDH. */
647
+ device_key_id: string;
648
+ kdf?: components["schemas"]["Pkcs11DeriveKdfParams"];
649
+ approval_challenge?: components["schemas"]["ApprovalChallenge"];
650
+ display?: components["schemas"]["DisplaySchema"];
651
+ source_info?: components["schemas"]["SourceInfo"];
652
+ };
653
+ /**
654
+ * MailboxPkcs11DeriveResponsePayloadV1
655
+ * @description Response payload for the `pkcs11_derive` envelope type. Discriminated as a success / failure pair.
656
+ */
657
+ MailboxPkcs11DeriveResponsePayloadV1: components["schemas"]["MailboxPkcs11DeriveResponseSuccessV1"] | components["schemas"]["MailboxPkcs11DeriveResponseFailureV1"];
658
+ /**
659
+ * MailboxPkcs11DeriveResponseSuccessV1
660
+ * @description Success branch of `MailboxPkcs11DeriveResponsePayloadV1`.
661
+ */
662
+ MailboxPkcs11DeriveResponseSuccessV1: {
663
+ /**
664
+ * Format: byte
665
+ * @description RFC 4648 standard base64 with `=` padding for the derived shared secret (post-KDF if `kdf` was supplied, otherwise raw ECDH X output).
666
+ * @example c2hhcmVkIHNlY3JldA==
667
+ */
668
+ shared_secret: string;
669
+ approval_proof?: components["schemas"]["ApprovalAttestedKeyProof"];
670
+ };
671
+ /**
672
+ * MailboxPkcs11DeriveResponseFailureV1
673
+ * @description Failure branch of `MailboxPkcs11DeriveResponsePayloadV1`.
674
+ */
675
+ MailboxPkcs11DeriveResponseFailureV1: {
676
+ error_code: components["schemas"]["SigningErrorCode"];
677
+ /**
678
+ * @description Human-readable error message.
679
+ * @example User rejected the request
680
+ */
681
+ error_message?: string;
682
+ };
683
+ /**
684
+ * Pkcs11DeriveKdfParams
685
+ * @description Optional key derivation parameters applied to the ECDH shared secret.
686
+ */
687
+ Pkcs11DeriveKdfParams: {
688
+ /**
689
+ * @description KDF algorithm name. Approvers MUST reject unknown algorithms.
690
+ * @example HKDF-SHA256
691
+ */
692
+ algorithm: string;
693
+ /**
694
+ * Format: int32
695
+ * @description Desired output key length in bytes.
696
+ * @example 32
697
+ */
698
+ key_length?: number;
699
+ /**
700
+ * Format: byte
701
+ * @description RFC 4648 standard base64 with `=` padding for the optional KDF `info` parameter.
702
+ */
703
+ info?: string;
704
+ };
705
+ /**
706
+ * MailboxEnrollRequestPayloadV1
707
+ * @description Request payload for the `enroll` envelope type. The approver creates a new key for the requested `purpose` and returns its public material.
708
+ */
709
+ MailboxEnrollRequestPayloadV1: {
710
+ purpose: components["schemas"]["KeyPurpose"];
711
+ /**
712
+ * @description Human-readable label for the new key.
713
+ * @example Work Laptop SSH Key
714
+ */
715
+ label?: string;
716
+ /**
717
+ * @description Key algorithm to use. Approver MUST reject unknown algorithms.
718
+ * @example ed25519
719
+ */
720
+ algorithm?: string;
721
+ /**
722
+ * @description Include a self-certification signature for GPG export. Ignored for non-GPG purposes.
723
+ * @default false
724
+ */
725
+ include_certification?: boolean;
726
+ approval_challenge?: components["schemas"]["ApprovalChallenge"];
727
+ display?: components["schemas"]["DisplaySchema"];
728
+ source_info?: components["schemas"]["SourceInfo"];
729
+ };
730
+ /**
731
+ * MailboxEnrollResponsePayloadV1
732
+ * @description Response payload for the `enroll` envelope type. Discriminated on `status`: `approved` requires the full key material set; `rejected` requires `error_code`.
733
+ */
734
+ MailboxEnrollResponsePayloadV1: components["schemas"]["MailboxEnrollResponseApprovedV1"] | components["schemas"]["MailboxEnrollResponseRejectedV1"];
735
+ /**
736
+ * MailboxEnrollResponseApprovedV1
737
+ * @description Approved branch of `MailboxEnrollResponsePayloadV1`. Carries the freshly minted public key material so the requester can refer to the new key in subsequent signing / decryption requests.
738
+ */
739
+ MailboxEnrollResponseApprovedV1: {
740
+ /**
741
+ * @description Enrollment outcome discriminator (`approved`). (enum property replaced by openapi-typescript)
742
+ * @enum {string}
743
+ */
744
+ status: "approved";
745
+ /**
746
+ * @description New key identifier. UUID for GPG keys; format defined by the algorithm for other purposes.
747
+ * @example 550e8400-e29b-41d4-a716-446655440000
748
+ */
749
+ id: string;
750
+ /** @description Lowercase hex-encoded public key. 66 hex chars for P-256 33-byte compressed key, or 64 hex chars for Ed25519 32-byte key. */
751
+ public_key_hex: string;
752
+ /** @description Device-side key identifier (e.g. iOS Secure Enclave handle) the requester can use to refer to the new key in subsequent requests. */
753
+ device_key_id: string;
754
+ /**
755
+ * @description Key algorithm used.
756
+ * @example ed25519
757
+ */
758
+ algorithm: string;
759
+ /** @description GPG fingerprint for GPG keys (40 hex chars). */
760
+ fingerprint?: string;
761
+ /**
762
+ * Format: int64
763
+ * @description Unix timestamp (seconds) when the key was created.
764
+ * @example 1705320000
765
+ */
766
+ key_creation_timestamp?: number;
767
+ /**
768
+ * Format: byte
769
+ * @description RFC 4648 standard base64 with `=` padding for the GPG self-certification signature.
770
+ */
771
+ user_id_signature?: string;
772
+ /**
773
+ * Format: byte
774
+ * @description RFC 4648 standard base64 with `=` padding for the GPG subkey binding signature.
775
+ */
776
+ subkey_signature?: string;
777
+ /** @description Lowercase hex-encoded ECDH encryption subkey public key (66 hex chars for P-256 33-byte compressed key). */
778
+ encryption_public_key_hex?: string;
779
+ /** @description 40-character hex fingerprint of the ECDH encryption subkey. */
780
+ encryption_fingerprint?: string;
781
+ attestation?: components["schemas"]["KeyMetadataAttestation"];
782
+ approval_proof?: components["schemas"]["ApprovalAttestedKeyProof"];
783
+ };
784
+ /**
785
+ * MailboxEnrollResponseRejectedV1
786
+ * @description Rejected branch of `MailboxEnrollResponsePayloadV1`. Carries the signing error code (and optional human-readable message).
787
+ */
788
+ MailboxEnrollResponseRejectedV1: {
789
+ /**
790
+ * @description Enrollment outcome discriminator (`rejected`). (enum property replaced by openapi-typescript)
791
+ * @enum {string}
792
+ */
793
+ status: "rejected";
794
+ error_code: components["schemas"]["SigningErrorCode"];
795
+ /**
796
+ * @description Human-readable error message.
797
+ * @example User rejected the enrollment
798
+ */
799
+ error_message?: string;
800
+ };
801
+ };
802
+ responses: never;
803
+ parameters: never;
804
+ requestBodies: never;
805
+ headers: never;
806
+ pathItems: never;
807
+ }
808
+ export type $defs = Record<string, never>;
809
+ export type operations = Record<string, never>;
810
+ //# sourceMappingURL=schema.d.ts.map