@net-mesh/sdk 0.19.0

package/dist/deck.js

@@ -0,0 +1,717 @@
+"use strict";
+/**
+ * Deck SDK — operator-side TypeScript wrapper.
+ *
+ * Sits on top of the napi-rs binding at `@net-mesh/core`. Adds:
+ *
+ * - {@link DeckSdkError} typed Error subclass that parses the
+ *   substrate `<<deck-sdk-kind:KIND>>MSG` envelope.
+ * - Auto-JSON-parsing for `status()` and `snapshots()`.
+ * - `AsyncIterable<unknown>` (parsed `MeshOsSnapshot` JSON) / `AsyncIterable<StatusSummary>`
+ *   wrappers over the raw `nextSnapshot()` / `nextSummary()`
+ *   methods.
+ *
+ * Slice 1 ships client + admin (all 9 methods) + snapshot/status
+ * streams + operator identity. Audit / logs / failures land in
+ * slice 2; ICE in slice 3.
+ *
+ * @example
+ * ```ts
+ * import { MeshOsDaemonSdk } from '@net-mesh/sdk/meshos';
+ * import { DeckClient, OperatorIdentity } from '@net-mesh/sdk/deck';
+ *
+ * const sdk = await MeshOsDaemonSdk.start();
+ * const identity = OperatorIdentity.generate();
+ * const client = await DeckClient.fromMeshos(sdk, identity);
+ *
+ * const commit = await client.admin.enterMaintenance(0xABCDn, 600_000n);
+ * console.log(`committed at ${commit.commitId} kind=${commit.eventKind}`);
+ *
+ * for await (const snap of client.snapshots()) {
+ *   // snap is a parsed object
+ *   break;
+ * }
+ *
+ * await sdk.shutdown();
+ * ```
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AdminVerifier = exports.OperatorRegistry = exports.SimulatedIceProposal = exports.IceProposal = exports.IceCommands = exports.AuditQuery = exports.DeckClient = exports.AdminCommands = exports.OperatorIdentity = exports.DeckSdkError = void 0;
+const core_1 = require("@net-mesh/core");
+Object.defineProperty(exports, "OperatorIdentity", { enumerable: true, get: function () { return core_1.OperatorIdentity; } });
+// ----------------------------------------------------------------------------
+// Typed error envelope (mirrors MeshOS SDK's MeshOsSdkError)
+// ----------------------------------------------------------------------------
+class DeckSdkError extends Error {
+    kind;
+    constructor(kind, message) {
+        super(`<<deck-sdk-kind:${kind}>>${message}`);
+        this.name = 'DeckSdkError';
+        this.kind = kind;
+        Object.setPrototypeOf(this, DeckSdkError.prototype);
+    }
+    static fromCaught(err) {
+        if (err instanceof DeckSdkError)
+            return err;
+        if (!(err instanceof Error)) {
+            return new Error(String(err));
+        }
+        const parsed = parseEnvelope(err.message);
+        if (!parsed)
+            return err;
+        return new DeckSdkError(parsed.kind, parsed.body);
+    }
+}
+exports.DeckSdkError = DeckSdkError;
+function parseEnvelope(message) {
+    const marker = '<<deck-sdk-kind:';
+    const start = message.indexOf(marker);
+    if (start === -1)
+        return null;
+    const kindStart = start + marker.length;
+    const end = message.indexOf('>>', kindStart);
+    if (end === -1)
+        return null;
+    return { kind: message.slice(kindStart, end), body: message.slice(end + 2) };
+}
+async function rethrowAsync(fn) {
+    try {
+        return await fn();
+    }
+    catch (e) {
+        throw DeckSdkError.fromCaught(e);
+    }
+}
+// ----------------------------------------------------------------------------
+// AdminCommands
+// ----------------------------------------------------------------------------
+class AdminCommands {
+    raw;
+    constructor(raw) {
+        this.raw = raw;
+    }
+    async drain(node, drainForMs) {
+        return chainCommitFromJs(await rethrowAsync(() => this.raw.drain(node, drainForMs)));
+    }
+    async enterMaintenance(node, drainForMs) {
+        return chainCommitFromJs(await rethrowAsync(() => this.raw.enterMaintenance(node, drainForMs)));
+    }
+    async exitMaintenance(node) {
+        return chainCommitFromJs(await rethrowAsync(() => this.raw.exitMaintenance(node)));
+    }
+    async cordon(node) {
+        return chainCommitFromJs(await rethrowAsync(() => this.raw.cordon(node)));
+    }
+    async uncordon(node) {
+        return chainCommitFromJs(await rethrowAsync(() => this.raw.uncordon(node)));
+    }
+    async dropReplicas(node, chains) {
+        return chainCommitFromJs(await rethrowAsync(() => this.raw.dropReplicas(node, chains)));
+    }
+    async invalidatePlacement(node) {
+        return chainCommitFromJs(await rethrowAsync(() => this.raw.invalidatePlacement(node)));
+    }
+    async restartAllDaemons(node) {
+        return chainCommitFromJs(await rethrowAsync(() => this.raw.restartAllDaemons(node)));
+    }
+    async clearAvoidList(node) {
+        return chainCommitFromJs(await rethrowAsync(() => this.raw.clearAvoidList(node)));
+    }
+}
+exports.AdminCommands = AdminCommands;
+function chainCommitFromJs(c) {
+    return {
+        commitId: c.commitId,
+        operatorId: c.operatorId,
+        eventKind: c.eventKind,
+        committedAtMs: c.committedAtMs,
+    };
+}
+function statusSummaryFromJs(s) {
+    return {
+        peers: { ...s.peers },
+        daemons: { ...s.daemons },
+        replicaChains: s.replicaChains,
+        avoidListEntries: s.avoidListEntries,
+        recentlyEmittedCount: s.recentlyEmittedCount,
+        recentFailureCount: s.recentFailureCount,
+        adminAuditRingDepth: s.adminAuditRingDepth,
+        freezeRemainingMs: s.freezeRemainingMs ?? null,
+        localMaintenanceActive: s.localMaintenanceActive,
+    };
+}
+// ----------------------------------------------------------------------------
+// Streams — AsyncIterable wrappers around the raw napi handles
+// ----------------------------------------------------------------------------
+/**
+ * Wrap a raw napi snapshot stream as `AsyncIterable<unknown>` (parsed `MeshOsSnapshot` JSON).
+ * The napi side emits JSON-encoded snapshots; we parse here so
+ * consumers see a native object. Returns `null` from `nextSnapshot()`
+ * when the underlying stream closes.
+ */
+function snapshotsToAsyncIterable(raw) {
+    return {
+        [Symbol.asyncIterator]() {
+            return {
+                async next() {
+                    try {
+                        const json = await raw.nextSnapshot();
+                        if (json === null)
+                            return { value: undefined, done: true };
+                        return { value: JSON.parse(json), done: false };
+                    }
+                    catch (e) {
+                        throw DeckSdkError.fromCaught(e);
+                    }
+                },
+                async return() {
+                    await raw.close();
+                    return { value: undefined, done: true };
+                },
+            };
+        },
+        async close() {
+            await raw.close();
+        },
+    };
+}
+function statusSummariesToAsyncIterable(raw) {
+    return {
+        [Symbol.asyncIterator]() {
+            return {
+                async next() {
+                    try {
+                        const item = await raw.nextSummary();
+                        if (item === null)
+                            return { value: undefined, done: true };
+                        return { value: statusSummaryFromJs(item), done: false };
+                    }
+                    catch (e) {
+                        throw DeckSdkError.fromCaught(e);
+                    }
+                },
+                async return() {
+                    await raw.close();
+                    return { value: undefined, done: true };
+                },
+            };
+        },
+        async close() {
+            await raw.close();
+        },
+    };
+}
+// ----------------------------------------------------------------------------
+// DeckClient
+// ----------------------------------------------------------------------------
+class DeckClient {
+    raw;
+    constructor(raw) {
+        this.raw = raw;
+    }
+    /**
+     * Construct a deck client that owns a private supervisor
+     * runtime. Mirrors the cdylib's `net_deck_client_new`
+     * (operator-only mode) for consumers without a separately-
+     * managed `MeshOsDaemonSdk`.
+     *
+     * `operatorSeed` must be exactly 32 bytes of ed25519 seed
+     * material. Call `.close()` (or use `await using`) to drain
+     * the supervisor at end of scope; otherwise the runtime
+     * releases on GC.
+     */
+    static async new(operatorSeed, meshosConfig, deckConfig) {
+        return rethrowAsync(async () => {
+            const meshos = meshosConfig
+                ? {
+                    thisNode: meshosConfig.thisNode,
+                    tickIntervalMs: meshosConfig.tickIntervalMs,
+                    eventQueueCapacity: meshosConfig.eventQueueCapacity,
+                    actionQueueCapacity: meshosConfig.actionQueueCapacity,
+                }
+                : undefined;
+            const deck = deckConfig
+                ? {
+                    snapshotPollIntervalMs: deckConfig.snapshotPollIntervalMs,
+                    iceSignatureThreshold: deckConfig.iceSignatureThreshold,
+                }
+                : undefined;
+            const raw = await core_1.DeckClient.new(operatorSeed, meshos, deck);
+            return new DeckClient(raw);
+        });
+    }
+    /**
+     * Construct against a running `MeshOsDaemonSdk`. Reuses the
+     * SDK's tokio runtime so streams + admin commits run on the
+     * same supervisor scheduler.
+     */
+    static async fromMeshos(sdk, identity, config) {
+        return rethrowAsync(async () => {
+            const rawSdk = sdk.__rawNapiSdk();
+            const cfg = config
+                ? {
+                    snapshotPollIntervalMs: config.snapshotPollIntervalMs,
+                    iceSignatureThreshold: config.iceSignatureThreshold,
+                }
+                : undefined;
+            const raw = await core_1.DeckClient.fromMeshos(rawSdk, identity, cfg);
+            return new DeckClient(raw);
+        });
+    }
+    /**
+     * Tear down the private supervisor runtime if this client owns
+     * one (constructed via `DeckClient.new`). No-op for clients
+     * built via `fromMeshos` against an externally-managed SDK.
+     * Idempotent: subsequent calls return without throwing.
+     */
+    async close() {
+        await rethrowAsync(() => this.raw.shutdown());
+    }
+    /**
+     * `await using` hook so `await using deck = await DeckClient.new(...)`
+     * drains the supervisor at scope exit.
+     */
+    async [Symbol.asyncDispose]() {
+        await this.close();
+    }
+    /** Operator identity bound to this client. */
+    identity() {
+        return this.raw.identity();
+    }
+    /** Typed admin-event surface. */
+    get admin() {
+        return new AdminCommands(this.raw.admin);
+    }
+    /** Break-glass surface. Returns `IceCommands` whose factories
+     * produce `IceProposal`s. Each must be `.simulate()`-d
+     * (yielding a `SimulatedIceProposal`) before `.commit(...)`. */
+    get ice() {
+        return new IceCommands(this.raw.ice);
+    }
+    /**
+     * One-shot read of the latest `MeshOsSnapshot` (parsed JSON;
+     * `unknown` because the substrate snapshot's exact shape isn't
+     * mirrored in the TS surface — consumers cast or use a runtime
+     * validator).
+     */
+    status() {
+        try {
+            return JSON.parse(this.raw.status());
+        }
+        catch (e) {
+            throw DeckSdkError.fromCaught(e);
+        }
+    }
+    /** One-shot read of the rolled-up `StatusSummary`. */
+    statusSummary() {
+        return statusSummaryFromJs(this.raw.statusSummary());
+    }
+    /**
+     * Live snapshot stream as `AsyncIterable<unknown>` (parsed `MeshOsSnapshot` JSON). JSON
+     * parsing happens automatically.
+     *
+     * Async on the napi side because the substrate creates a
+     * `tokio::time::Interval` that needs a runtime context.
+     */
+    async snapshots() {
+        return snapshotsToAsyncIterable(await this.raw.snapshots());
+    }
+    /** Live status-summary stream. */
+    async statusSummaryStream() {
+        return statusSummariesToAsyncIterable(await this.raw.statusSummaryStream());
+    }
+    // =========================================================================
+    // Slice 2 — audit + logs + failures
+    // =========================================================================
+    /**
+     * Fluent admin-audit query builder. Chain `.recent(n)` /
+     * `.byOperator(id)` / `.between(start, end)` / `.forceOnly()` /
+     * `.since(seq)` before calling `.collect()` (eager list of
+     * parsed audit records) or `.stream()` (`AsyncIterable`).
+     */
+    audit() {
+        return new AuditQuery(this.raw.audit());
+    }
+    /**
+     * Subscribe to the runtime's log ring. Returns an
+     * `AsyncIterable<LogRecord>`. Filter fields are all optional
+     * — missing fields match every record.
+     */
+    async subscribeLogs(filter) {
+        return rethrowAsync(async () => {
+            const raw = await this.raw.subscribeLogs(filter ? toNapiLogFilter(filter) : null);
+            return logStreamToAsyncIterable(raw);
+        });
+    }
+    /**
+     * Subscribe to the executor failure ring starting at
+     * `sinceSeq + 1`. Pass `0n` (or omit) to start from whatever
+     * is still in the ring.
+     */
+    async subscribeFailures(sinceSeq) {
+        return rethrowAsync(async () => {
+            const raw = await this.raw.subscribeFailures(sinceSeq);
+            return failureStreamToAsyncIterable(raw);
+        });
+    }
+}
+exports.DeckClient = DeckClient;
+function toNapiLogFilter(f) {
+    return {
+        minLevel: f.minLevel,
+        daemonId: f.daemonId,
+        nodeId: f.nodeId,
+        sinceSeq: f.sinceSeq,
+    };
+}
+function logRecordFromJs(r) {
+    return {
+        seq: r.seq,
+        tsMs: r.tsMs,
+        level: r.level,
+        daemonId: r.daemonId ?? null,
+        nodeId: r.nodeId ?? null,
+        message: r.message,
+    };
+}
+function failureRecordFromJs(r) {
+    return {
+        seq: r.seq,
+        source: r.source,
+        reason: r.reason,
+        recordedAtMs: r.recordedAtMs,
+    };
+}
+// ----------------------------------------------------------------------------
+// Slice 2 — Log + Failure AsyncIterable wrappers
+// ----------------------------------------------------------------------------
+function logStreamToAsyncIterable(raw) {
+    return {
+        [Symbol.asyncIterator]() {
+            return {
+                async next() {
+                    try {
+                        const item = await raw.nextRecord();
+                        if (item === null)
+                            return { value: undefined, done: true };
+                        return { value: logRecordFromJs(item), done: false };
+                    }
+                    catch (e) {
+                        throw DeckSdkError.fromCaught(e);
+                    }
+                },
+                async return() {
+                    await raw.close();
+                    return { value: undefined, done: true };
+                },
+            };
+        },
+        async close() {
+            await raw.close();
+        },
+    };
+}
+function failureStreamToAsyncIterable(raw) {
+    return {
+        [Symbol.asyncIterator]() {
+            return {
+                async next() {
+                    try {
+                        const item = await raw.nextRecord();
+                        if (item === null)
+                            return { value: undefined, done: true };
+                        return { value: failureRecordFromJs(item), done: false };
+                    }
+                    catch (e) {
+                        throw DeckSdkError.fromCaught(e);
+                    }
+                },
+                async return() {
+                    await raw.close();
+                    return { value: undefined, done: true };
+                },
+            };
+        },
+        async close() {
+            await raw.close();
+        },
+    };
+}
+function auditStreamToAsyncIterable(raw) {
+    return {
+        [Symbol.asyncIterator]() {
+            return {
+                async next() {
+                    try {
+                        const json = await raw.nextRecord();
+                        if (json === null)
+                            return { value: undefined, done: true };
+                        return { value: JSON.parse(json), done: false };
+                    }
+                    catch (e) {
+                        throw DeckSdkError.fromCaught(e);
+                    }
+                },
+                async return() {
+                    await raw.close();
+                    return { value: undefined, done: true };
+                },
+            };
+        },
+        async close() {
+            await raw.close();
+        },
+    };
+}
+// ----------------------------------------------------------------------------
+// Slice 2 — AuditQuery fluent builder
+// ----------------------------------------------------------------------------
+/**
+ * Fluent admin-audit query builder.
+ *
+ * @example
+ * ```ts
+ * const records = await client.audit()
+ *   .recent(100)
+ *   .byOperator(operatorId)
+ *   .forceOnly()
+ *   .collect();
+ *
+ * for await (const record of (await client.audit().since(lastSeq).stream())) {
+ *   handle(record);
+ * }
+ * ```
+ */
+class AuditQuery {
+    raw;
+    constructor(raw) {
+        this.raw = raw;
+    }
+    recent(limit) {
+        this.raw.recent(limit);
+        return this;
+    }
+    byOperator(operatorId) {
+        this.raw.byOperator(operatorId);
+        return this;
+    }
+    between(startMs, endMs) {
+        this.raw.between(startMs, endMs);
+        return this;
+    }
+    forceOnly() {
+        this.raw.forceOnly();
+        return this;
+    }
+    since(seq) {
+        this.raw.since(seq);
+        return this;
+    }
+    /** Eager — returns a list of audit records (JSON-parsed into
+     * native objects). */
+    async collect() {
+        return rethrowAsync(async () => {
+            const raw = this.raw.collect();
+            return raw.map((s) => JSON.parse(s));
+        });
+    }
+    /** Async iterator over audit records. */
+    async stream() {
+        return rethrowAsync(async () => auditStreamToAsyncIterable(await this.raw.stream()));
+    }
+}
+exports.AuditQuery = AuditQuery;
+function avoidScopeToJs(scope) {
+    switch (scope.kind) {
+        case 'global':
+            return { kind: 'global', node: undefined, peer: undefined };
+        case 'local':
+            return { kind: 'local', node: scope.node, peer: undefined };
+        case 'onPeer':
+            return { kind: 'onPeer', node: undefined, peer: scope.peer };
+    }
+}
+function operatorSignatureToJs(sig) {
+    return {
+        operatorId: sig.operatorId,
+        signature: sig.signature,
+    };
+}
+class IceCommands {
+    raw;
+    constructor(raw) {
+        this.raw = raw;
+    }
+    freezeCluster(ttlMs) {
+        return rethrow(() => new IceProposal(this.raw.freezeCluster(ttlMs)));
+    }
+    flushAvoidLists(scope) {
+        return rethrow(() => new IceProposal(this.raw.flushAvoidLists(avoidScopeToJs(scope))));
+    }
+    forceEvictReplica(chain, victim) {
+        return rethrow(() => new IceProposal(this.raw.forceEvictReplica(chain, victim)));
+    }
+    /** Propose force-restarting a daemon. `id` is the registry-
+     * local daemon id; `name` is `MeshDaemon::name()`. */
+    forceRestartDaemon(id, name) {
+        return rethrow(() => new IceProposal(this.raw.forceRestartDaemon(id, name)));
+    }
+    forceCutover(chain, target) {
+        return rethrow(() => new IceProposal(this.raw.forceCutover(chain, target)));
+    }
+    killMigration(migration) {
+        return rethrow(() => new IceProposal(this.raw.killMigration(migration)));
+    }
+    thawCluster() {
+        return new IceProposal(this.raw.thawCluster());
+    }
+}
+exports.IceCommands = IceCommands;
+/** Pre-simulation ICE proposal. No `commit` method —
+ * `simulate()` must run first. */
+class IceProposal {
+    raw;
+    constructor(raw) {
+        this.raw = raw;
+    }
+    get issuedAtMs() {
+        return this.raw.issuedAtMs;
+    }
+    /** Pre-execution preview. Consumes the proposal — subsequent
+     * `simulate()` calls throw `DeckSdkError(kind: "already_simulated")`. */
+    async simulate() {
+        return rethrowAsync(async () => new SimulatedIceProposal(await this.raw.simulate()));
+    }
+}
+exports.IceProposal = IceProposal;
+/** A simulated ICE proposal. Only class exposing `commit`. */
+class SimulatedIceProposal {
+    raw;
+    constructor(raw) {
+        this.raw = raw;
+    }
+    get issuedAtMs() {
+        return this.raw.issuedAtMs;
+    }
+    /** Pre-execution blast radius, parsed from the binding's JSON. */
+    async blastRadius() {
+        return rethrowAsync(async () => JSON.parse(await this.raw.blastRadius()));
+    }
+    /** Blake3 digest of the blast radius (32 bytes). */
+    async blastHash() {
+        return rethrowAsync(() => this.raw.blastHash());
+    }
+    /** Commit with operator signatures. Consumes the proposal —
+     * subsequent calls throw `already_committed`. */
+    async commit(signatures) {
+        return rethrowAsync(async () => {
+            const raw = await this.raw.commit(signatures.map(operatorSignatureToJs));
+            return chainCommitFromJs(raw);
+        });
+    }
+}
+exports.SimulatedIceProposal = SimulatedIceProposal;
+// `rethrow` for sync entry points — mirrors `rethrowAsync`.
+function rethrow(fn) {
+    try {
+        return fn();
+    }
+    catch (e) {
+        throw DeckSdkError.fromCaught(e);
+    }
+}
+// ----------------------------------------------------------------------------
+// Operator-policy verifier surface — OperatorRegistry + AdminVerifier
+// ----------------------------------------------------------------------------
+/** Cluster operator-policy registry. Authoring tool for the
+ * substrate's known-operator set; offline-friendly verifier for
+ * bundles before invoking
+ * {@link SimulatedIceProposal.commit}.
+ *
+ * Mutations are thread-safe at the napi binding layer. */
+class OperatorRegistry {
+    /** @internal — exposed so {@link AdminVerifier} can re-use the
+     * underlying napi handle without round-tripping the public-key
+     * set through JS. */
+    raw;
+    constructor(raw) {
+        this.raw = raw ?? new core_1.OperatorRegistry();
+    }
+    /** Insert an operator's 32-byte ed25519 public key under
+     * `operatorId`. */
+    insert(operatorId, publicKey) {
+        rethrow(() => this.raw.insert(operatorId, publicKey));
+    }
+    /** Register an `OperatorIdentity`'s public key under its
+     * derived operator id. */
+    register(identity) {
+        rethrow(() => this.raw.register(identity));
+    }
+    /** `true` iff `operatorId` is registered. */
+    contains(operatorId) {
+        return rethrow(() => this.raw.contains(operatorId));
+    }
+    /** Number of registered operators. */
+    get size() {
+        return rethrow(() => this.raw.size);
+    }
+    /** `true` iff no operators are registered. */
+    isEmpty() {
+        return rethrow(() => this.raw.isEmpty());
+    }
+    /** Verify a single signature over `payload`. Throws
+     * `DeckSdkError` with the substrate's stable kind discriminator
+     * (`not_authorized`, `signature_invalid`, etc.). */
+    verify(signature, payload) {
+        rethrow(() => this.raw.verify(operatorSignatureToJs(signature), payload));
+    }
+    /** Verify every signature in the bundle and confirm at least
+     * `threshold` *distinct* operator ids signed `payload`. */
+    verifyBundle(signatures, payload, threshold) {
+        rethrow(() => this.raw.verifyBundle(signatures.map(operatorSignatureToJs), payload, threshold));
+    }
+}
+exports.OperatorRegistry = OperatorRegistry;
+/** Substrate-side admin commit verifier. Bundles an
+ * {@link OperatorRegistry} snapshot with the cluster's signature
+ * threshold + freshness/skew/ICE-cooldown windows. Useful for
+ * offline unit testing of operator-policy decisions.
+ *
+ * Constructors snapshot the registry at build time — later
+ * mutations on the source registry are not reflected. Rebuild
+ * the verifier after every policy change. */
+class AdminVerifier {
+    raw;
+    constructor(raw) {
+        this.raw = raw;
+    }
+    /** Build a verifier with `threshold` minimum signatures and
+     * the substrate defaults (300s freshness, 30s future-skew,
+     * 300s ICE cooldown). `threshold = 0` is clamped to `1`. */
+    static new(registry, threshold) {
+        return rethrow(() => new AdminVerifier(new core_1.AdminVerifier(registry.raw, threshold)));
+    }
+    /** Build with explicit freshness + future-skew windows and
+     * the default ICE cooldown. */
+    static withFreshness(registry, threshold, freshnessWindowMs, futureSkewMs) {
+        return rethrow(() => new AdminVerifier(core_1.AdminVerifier.withFreshness(registry.raw, threshold, freshnessWindowMs, futureSkewMs)));
+    }
+    /** Build with every policy knob explicit. Primarily for tests
+     * that need a short cooldown window. */
+    static withFullPolicy(registry, threshold, freshnessWindowMs, futureSkewMs, iceCooldownMs) {
+        return rethrow(() => new AdminVerifier(core_1.AdminVerifier.withFullPolicy(registry.raw, threshold, freshnessWindowMs, futureSkewMs, iceCooldownMs)));
+    }
+    get threshold() {
+        return this.raw.threshold;
+    }
+    get freshnessWindowMs() {
+        return this.raw.freshnessWindowMs;
+    }
+    get futureSkewMs() {
+        return this.raw.futureSkewMs;
+    }
+    get iceCooldownMs() {
+        return this.raw.iceCooldownMs;
+    }
+}
+exports.AdminVerifier = AdminVerifier;