npm - @nextera.one/axis-server-sdk - Versions diffs - 0.6.0 → 0.7.0 - Mend

@nextera.one/axis-server-sdk 0.6.0 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/dist/index.mjs CHANGED Viewed

@@ -264,6 +264,22 @@ var PROOF_JWT = 2;
 var PROOF_MTLS = 3;
 var PROOF_LOOM = 4;
 var PROOF_WITNESS = 5;
+var ProofType = /* @__PURE__ */ ((ProofType2) => {
+  ProofType2[ProofType2["NONE"] = 0] = "NONE";
+  ProofType2[ProofType2["CAPSULE"] = 1] = "CAPSULE";
+  ProofType2[ProofType2["JWT"] = 2] = "JWT";
+  ProofType2[ProofType2["MTLS"] = 3] = "MTLS";
+  ProofType2[ProofType2["LOOM"] = 4] = "LOOM";
+  ProofType2[ProofType2["WITNESS"] = 5] = "WITNESS";
+  return ProofType2;
+})(ProofType || {});
+var BodyProfile = /* @__PURE__ */ ((BodyProfile2) => {
+  BodyProfile2[BodyProfile2["RAW"] = 0] = "RAW";
+  BodyProfile2[BodyProfile2["TLV_MAP"] = 1] = "TLV_MAP";
+  BodyProfile2[BodyProfile2["OBJ"] = 2] = "OBJ";
+  BodyProfile2[BodyProfile2["ARR"] = 3] = "ARR";
+  return BodyProfile2;
+})(BodyProfile || {});
 var ERR_INVALID_PACKET = "INVALID_PACKET";
 var ERR_BAD_SIGNATURE = "BAD_SIGNATURE";
 var ERR_REPLAY_DETECTED = "REPLAY_DETECTED";
@@ -1867,16 +1883,243 @@ var SensorDecisions = {
     };
   }
 };
+// src/security/scopes.ts
+function hasScope(scopes, required) {
+  if (!Array.isArray(scopes) || scopes.length === 0) {
+    return false;
+  }
+  if (scopes.includes(required)) {
+    return true;
+  }
+  const [resource, id] = required.split(":");
+  if (resource && id) {
+    const wildcard = `${resource}:*`;
+    if (scopes.includes(wildcard)) {
+      return true;
+    }
+  }
+  return false;
+}
+function parseScope(scope) {
+  const parts = scope.split(":");
+  if (parts.length !== 2) return null;
+  return { resource: parts[0], id: parts[1] };
+}
+function canAccessResource(scopes, resourceType, resourceId) {
+  const required = `${resourceType}:${resourceId}`;
+  return hasScope(scopes, required);
+}
+// src/security/capabilities.ts
+var CAPABILITIES = {
+  read: "read",
+  write: "write",
+  execute: "execute",
+  admin: "admin",
+  sign: "sign",
+  witness: "witness"
+};
+var PROOF_CAPABILITIES = {
+  [PROOF_NONE]: [],
+  [PROOF_CAPSULE]: ["read", "write", "execute"],
+  [PROOF_JWT]: ["read"],
+  [PROOF_MTLS]: ["read", "write", "admin"],
+  [PROOF_LOOM]: ["read", "write", "execute"],
+  [PROOF_WITNESS]: ["read", "write", "execute", "witness"]
+};
+var INTENT_REQUIREMENTS = {
+  "public.*": [],
+  "schema.*": [],
+  "catalog.*": [],
+  "health.*": [],
+  "system.*": [],
+  "file.upload": ["write"],
+  "file.download": ["read"],
+  "file.delete": ["write", "admin"],
+  "passport.issue": ["write", "execute"],
+  "passport.revoke": ["write", "witness"],
+  "stream.publish": ["write"],
+  "stream.subscribe": ["read"],
+  "admin.*": ["admin"]
+};
+// src/core/frame-validator.ts
+function validateFrameShape(frame) {
+  if (!frame || typeof frame !== "object") {
+    return false;
+  }
+  if (frame.v !== 1) {
+    return false;
+  }
+  const requiredStrings = ["pid", "nonce", "actorId", "opcode"];
+  for (const key of requiredStrings) {
+    if (typeof frame[key] !== "string" || frame[key].length < 6) {
+      return false;
+    }
+  }
+  if (typeof frame.ts !== "number" || !Number.isFinite(frame.ts)) {
+    return false;
+  }
+  if (frame.aud !== void 0 && (typeof frame.aud !== "string" || frame.aud.length === 0)) {
+    return false;
+  }
+  if (!frame.sig || typeof frame.sig !== "object") {
+    return false;
+  }
+  if (frame.sig.alg !== "EdDSA") {
+    return false;
+  }
+  if (typeof frame.sig.kid !== "string" || frame.sig.kid.length < 8) {
+    return false;
+  }
+  if (typeof frame.sig.value !== "string" || frame.sig.value.length < 32) {
+    return false;
+  }
+  if (typeof frame.body !== "object" || frame.body === null) {
+    return false;
+  }
+  return true;
+}
+function isTimestampValid(ts, skewSeconds = 120) {
+  const now = Math.floor(Date.now() / 1e3);
+  const diff = Math.abs(now - ts);
+  return diff <= skewSeconds;
+}
+// src/core/opcodes.ts
+var AXIS_OPCODES = /* @__PURE__ */ new Set([
+  "CAPSULE.ISSUE",
+  "CAPSULE.BATCH",
+  "CAPSULE.REVOKE",
+  "INTENT.EXEC",
+  "ACTOR.KEY.ROTATE",
+  "ACTOR.KEY.REVOKE",
+  "ISSUER.KEY.ROTATE"
+]);
+function isKnownOpcode(op) {
+  return AXIS_OPCODES.has(op);
+}
+function isAdminOpcode(op) {
+  return op.startsWith("ACTOR.KEY.") || op.startsWith("ISSUER.KEY.");
+}
+// src/core/receipt.ts
+import { createHash as createHash3 } from "crypto";
+function buildReceiptHash(prevHash, pid, actorId, intent, effect, ts) {
+  const h = createHash3("sha256");
+  if (prevHash) h.update(prevHash);
+  h.update(pid);
+  h.update(Buffer.from(actorId, "utf8"));
+  h.update(Buffer.from(intent, "utf8"));
+  h.update(Buffer.from(effect, "utf8"));
+  h.update(Buffer.from(ts.toString(), "utf8"));
+  return h.digest();
+}
+// src/core/intent-sensitivity.ts
+var IntentSensitivity = /* @__PURE__ */ ((IntentSensitivity2) => {
+  IntentSensitivity2[IntentSensitivity2["LOW"] = 1] = "LOW";
+  IntentSensitivity2[IntentSensitivity2["MEDIUM"] = 2] = "MEDIUM";
+  IntentSensitivity2[IntentSensitivity2["HIGH"] = 3] = "HIGH";
+  IntentSensitivity2[IntentSensitivity2["CRITICAL"] = 4] = "CRITICAL";
+  return IntentSensitivity2;
+})(IntentSensitivity || {});
+var INTENT_SENSITIVITY_MAP = {
+  // System intents
+  "system.ping": 1 /* LOW */,
+  // Catalog intents
+  "catalog.list": 1 /* LOW */,
+  "catalog.search": 1 /* LOW */,
+  "catalog.intent.describe": 1 /* LOW */,
+  "catalog.intent.complete": 1 /* LOW */,
+  // Stream intents
+  "stream.publish": 2 /* MEDIUM */,
+  "stream.read": 2 /* MEDIUM */,
+  "stream.subscribe": 2 /* MEDIUM */,
+  // File intents
+  "file.init": 2 /* MEDIUM */,
+  "file.chunk": 2 /* MEDIUM */,
+  "file.finalize": 2 /* MEDIUM */,
+  "file.status": 1 /* LOW */,
+  // Passport intents
+  "passport.issue": 3 /* HIGH */,
+  "passport.verify": 2 /* MEDIUM */,
+  "passport.revoke": 4 /* CRITICAL */,
+  // Mail intents
+  "mail.send": 3 /* HIGH */,
+  // Admin intents
+  "admin.create_capsule": 4 /* CRITICAL */,
+  "admin.revoke_capsule": 4 /* CRITICAL */,
+  "admin.issue_node_cert": 4 /* CRITICAL */
+};
+function classifyIntent(intent) {
+  if (INTENT_SENSITIVITY_MAP[intent]) {
+    return INTENT_SENSITIVITY_MAP[intent];
+  }
+  const realm = intent.split(".")[0];
+  const wildcardKey = `${realm}.*`;
+  if (INTENT_SENSITIVITY_MAP[wildcardKey]) {
+    return INTENT_SENSITIVITY_MAP[wildcardKey];
+  }
+  return 2 /* MEDIUM */;
+}
+function sensitivityName(level) {
+  switch (level) {
+    case 1 /* LOW */:
+      return "LOW";
+    case 2 /* MEDIUM */:
+      return "MEDIUM";
+    case 3 /* HIGH */:
+      return "HIGH";
+    case 4 /* CRITICAL */:
+      return "CRITICAL";
+  }
+}
+// src/core/timeouts.ts
+var INTENT_TIMEOUTS = {
+  "public.*": 5e3,
+  "schema.*": 5e3,
+  "catalog.*": 5e3,
+  "health.*": 2e3,
+  "file.upload": 6e4,
+  "file.download": 6e4,
+  "file.chunk": 3e4,
+  "file.finalize": 3e4,
+  "stream.*": 3e4,
+  "passport.*": 15e3,
+  "admin.*": 3e4
+};
+var DEFAULT_TIMEOUT = 1e4;
+function resolveTimeout(intent) {
+  if (INTENT_TIMEOUTS[intent]) {
+    return INTENT_TIMEOUTS[intent];
+  }
+  for (const [pattern, timeout] of Object.entries(INTENT_TIMEOUTS)) {
+    if (pattern.endsWith(".*")) {
+      const prefix = pattern.slice(0, -1);
+      if (intent.startsWith(prefix)) {
+        return timeout;
+      }
+    }
+  }
+  return DEFAULT_TIMEOUT;
+}
 export {
   ATS1_HDR,
   ATS1_SCHEMA,
   AXIS_MAGIC,
+  AXIS_OPCODES,
   AXIS_VERSION,
   ats1_exports as Ats1Codec,
   AxisFrameZ,
   T as AxisPacketTags,
+  BodyProfile,
+  CAPABILITIES,
   ContractViolationError,
   DEFAULT_CONTRACTS,
+  DEFAULT_TIMEOUT,
   Decision,
   ERR_BAD_SIGNATURE,
   ERR_CONTRACT_VIOLATION,
@@ -1889,9 +2132,13 @@ export {
   FLAG_HAS_WITNESS,
   HANDLER_METADATA_KEY,
   Handler,
+  INTENT_REQUIREMENTS,
   INTENT_ROUTES_KEY,
+  INTENT_SENSITIVITY_MAP,
+  INTENT_TIMEOUTS,
   Intent,
   IntentRouter,
+  IntentSensitivity,
   MAX_BODY_LEN,
   MAX_FRAME_LEN,
   MAX_HDR_LEN,
@@ -1906,12 +2153,14 @@ export {
   NCERT_PUB,
   NCERT_SCOPE,
   NCERT_SIG,
+  PROOF_CAPABILITIES,
   PROOF_CAPSULE,
   PROOF_JWT,
   PROOF_LOOM,
   PROOF_MTLS,
   PROOF_NONE,
   PROOF_WITNESS,
+  ProofType,
   Schema2002_PasskeyLoginOptionsRes,
   Schema2011_PasskeyLoginVerifyReq,
   Schema2012_PasskeyLoginVerifyRes,
@@ -1955,10 +2204,13 @@ export {
   b64urlEncodeString,
   buildAts1Hdr,
   buildPacket,
+  buildReceiptHash,
   buildTLVs,
   bytes,
+  canAccessResource,
   canonicalJson,
   canonicalJsonExcluding,
+  classifyIntent,
   computeReceiptHash,
   computeSignaturePayload,
   decodeArray,
@@ -1975,6 +2227,10 @@ export {
   encodeVarint,
   generateEd25519KeyPair,
   getSignTarget,
+  hasScope,
+  isAdminOpcode,
+  isKnownOpcode,
+  isTimestampValid,
   nonce16,
   normalizeSensorDecision,
   packPasskeyLoginOptionsReq,
@@ -1982,6 +2238,9 @@ export {
   packPasskeyLoginVerifyReq,
   packPasskeyLoginVerifyRes,
   packPasskeyRegisterOptionsReq,
+  parseScope,
+  resolveTimeout,
+  sensitivityName,
   sha256,
   signFrame,
   tlv,
@@ -1990,6 +2249,7 @@ export {
   unpackPasskeyLoginVerifyReq,
   unpackPasskeyRegisterOptionsReq,
   utf8,
+  validateFrameShape,
   varintLength,
   varintU,
   verifyFrameSignature