npm - @nextera.one/axis-server-sdk - Versions diffs - 0.7.0 → 0.8.0 - Mend

@nextera.one/axis-server-sdk 0.7.0 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md CHANGED Viewed

@@ -32,7 +32,6 @@ import {
   TLV_AUD,
   TLV_REALM,
   AxisBinaryFrame,
-  AxisFrameZ,
   encodeFrame,
   decodeFrame,
   getSignTarget,
@@ -46,6 +45,8 @@ Notes:
 - `TLV_AUD` is the canonical name for tag `8`.
 - `TLV_REALM` remains available as a compatibility alias.
 - `AxisBinaryFrame` is the explicit low-level binary frame type.
+- The server `./core` surface is additive, but shared protocol constants and wire-format helpers are kept aligned with the client SDK.
+- `AxisFrameZ` is available from the server package as a server-side validation helper, not as part of the shared minimum core contract.
 ## Decorator Example

package/dist/index.d.mts CHANGED Viewed

@@ -1,6 +1,5 @@
 import { AxisFrame } from './core/index.mjs';
 export { AXIS_MAGIC, AXIS_VERSION, AxisBinaryFrame, AxisFrameZ, TLV as AxisTlvType, BodyProfile, ERR_BAD_SIGNATURE, ERR_CONTRACT_VIOLATION, ERR_INVALID_PACKET, ERR_REPLAY_DETECTED, FLAG_BODY_TLV, FLAG_CHAIN_REQ, FLAG_HAS_WITNESS, MAX_BODY_LEN, MAX_FRAME_LEN, MAX_HDR_LEN, MAX_SIG_LEN, NCERT_ALG, NCERT_EXP, NCERT_ISSUER_KID, NCERT_KID, NCERT_NBF, NCERT_NODE_ID, NCERT_PAYLOAD, NCERT_PUB, NCERT_SCOPE, NCERT_SIG, PROOF_CAPSULE, PROOF_JWT, PROOF_LOOM, PROOF_MTLS, PROOF_NONE, PROOF_WITNESS, ProofType, TLV, TLV_ACTOR_ID, TLV_AUD, TLV_BODY_ARR, TLV_BODY_OBJ, TLV_CAPSULE, TLV_EFFECT, TLV_ERROR_CODE, TLV_ERROR_MSG, TLV_INDEX, TLV_INTENT, TLV_KID, TLV_LOOM_PRESENCE_ID, TLV_LOOM_THREAD_HASH, TLV_LOOM_WRIT, TLV_NODE, TLV_NODE_CERT_HASH, TLV_NODE_KID, TLV_NONCE, TLV_OFFSET, TLV_OK, TLV_PID, TLV_PREV_HASH, TLV_PROOF_REF, TLV_PROOF_TYPE, TLV_REALM, TLV_RECEIPT_HASH, TLV_RID, TLV_SHA256_CHUNK, TLV_TRACE_ID, TLV_TS, TLV_UPLOAD_ID, computeReceiptHash, computeSignaturePayload, decodeArray, decodeFrame, decodeObject, decodeTLVs, decodeTLVsList, decodeVarint, encodeFrame, encodeTLVs, encodeVarint, generateEd25519KeyPair, getSignTarget, sha256, signFrame, varintLength, verifyFrameSignature } from './core/index.mjs';
-import { OnModuleInit } from '@nestjs/common';
 import 'zod';
 declare const HANDLER_METADATA_KEY = "axis:handler";
@@ -578,7 +577,8 @@ interface AxisSensor {
     supports?(input: SensorInput): boolean;
     run(input: SensorInput): Promise<SensorDecision>;
 }
-interface AxisSensorInit extends AxisSensor, OnModuleInit {
+interface AxisSensorInit extends AxisSensor {
+    onModuleInit?(): void | Promise<void>;
 }
 interface AxisPreSensor extends AxisSensor {
     phase: 'PRE_DECODE';
@@ -672,7 +672,8 @@ interface AxisHandler {
     readonly description?: string;
     readonly execute?: (body: Uint8Array, headers?: Map<number, Uint8Array>) => Promise<Uint8Array | any>;
 }
-interface AxisHandlerInit extends AxisHandler, OnModuleInit {
+interface AxisHandlerInit extends AxisHandler {
+    onModuleInit?(): void | Promise<void>;
 }
 interface AxisCrudHandler extends AxisHandlerInit {
@@ -702,9 +703,6 @@ type Capability = keyof typeof CAPABILITIES;
 declare const PROOF_CAPABILITIES: Record<number, Capability[]>;
 declare const INTENT_REQUIREMENTS: Record<string, Capability[]>;
-declare function validateFrameShape(frame: any): boolean;
-declare function isTimestampValid(ts: number, skewSeconds?: number): boolean;
 declare const AXIS_OPCODES: Set<string>;
 declare function isKnownOpcode(op: string): boolean;
 declare function isAdminOpcode(op: string): boolean;
@@ -739,4 +737,4 @@ interface IntentDefinition {
     deprecated?: boolean;
 }
-export { ATS1_HDR, ATS1_SCHEMA, AXIS_OPCODES, type ActorKeyRecord, ats1 as Ats1Codec, type Axis1DecodedFrame, type Axis1FrameToEncode, type AxisAlg, type AxisPacket as AxisBinaryPacket, type AxisCapsule, type AxisCapsuleConstraints, type AxisCapsulePayload, type AxisCrudHandler, type AxisEffect, type AxisHandler, type AxisHandlerInit, type AxisObservedContext, type AxisPacket$1 as AxisPacket, T as AxisPacketTags, type AxisPostSensor, type AxisPreSensor, type AxisRequestContext, type AxisResponse, type AxisSensor, type AxisSensorInit, type AxisSig, CAPABILITIES, type Capability, type CapsuleBatchBody, type CapsuleBatchResult, type CapsuleIssueBody, type CapsuleIssueResult, type CapsuleMode, type CapsuleRecord, type CapsuleRevokeBody, type CapsuleStatus, ContractViolationError, DEFAULT_CONTRACTS, DEFAULT_TIMEOUT, Decision, type ExecutionContract, ExecutionMeter, type ExecutionMetrics, FALLBACK_CONTRACT, HANDLER_METADATA_KEY, Handler, INTENT_REQUIREMENTS, INTENT_ROUTES_KEY, INTENT_SENSITIVITY_MAP, INTENT_TIMEOUTS, Intent, type IntentDefinition, type IntentExecBody, type IntentOptions, type IntentRoute, IntentRouter, IntentSensitivity, type IssuerKeyRecord, type KeyStatus, PROOF_CAPABILITIES, type ReceiptEffect, Schema2002_PasskeyLoginOptionsRes, Schema2011_PasskeyLoginVerifyReq, Schema2012_PasskeyLoginVerifyRes, Schema2021_PasskeyRegisterOptionsReq, type SensorDecision, SensorDecisions, type SensorInput, type SensorMinifiedDecision, type SensorPhaseMetadata, type TickWindow, axis1SigningBytes, b64urlDecode, b64urlDecodeString, b64urlEncode, b64urlEncodeString, buildAts1Hdr, buildPacket, buildReceiptHash, buildTLVs, bytes, canAccessResource, canonicalJson, canonicalJsonExcluding, classifyIntent, decodeAxis1Frame, encVarint, encodeAxis1Frame, hasScope, isAdminOpcode, isKnownOpcode, isTimestampValid, nonce16, normalizeSensorDecision, packPasskeyLoginOptionsReq, packPasskeyLoginOptionsRes, packPasskeyLoginVerifyReq, packPasskeyLoginVerifyRes, packPasskeyRegisterOptionsReq, parseScope, resolveTimeout, sensitivityName, tlv, u64be, unpackPasskeyLoginOptionsReq, unpackPasskeyLoginVerifyReq, unpackPasskeyRegisterOptionsReq, utf8, validateFrameShape, varintU };
+export { ATS1_HDR, ATS1_SCHEMA, AXIS_OPCODES, type ActorKeyRecord, ats1 as Ats1Codec, type Axis1DecodedFrame, type Axis1FrameToEncode, type AxisAlg, type AxisPacket as AxisBinaryPacket, type AxisCapsule, type AxisCapsuleConstraints, type AxisCapsulePayload, type AxisCrudHandler, type AxisEffect, type AxisHandler, type AxisHandlerInit, type AxisObservedContext, type AxisPacket$1 as AxisPacket, T as AxisPacketTags, type AxisPostSensor, type AxisPreSensor, type AxisRequestContext, type AxisResponse, type AxisSensor, type AxisSensorInit, type AxisSig, CAPABILITIES, type Capability, type CapsuleBatchBody, type CapsuleBatchResult, type CapsuleIssueBody, type CapsuleIssueResult, type CapsuleMode, type CapsuleRecord, type CapsuleRevokeBody, type CapsuleStatus, ContractViolationError, DEFAULT_CONTRACTS, DEFAULT_TIMEOUT, Decision, type ExecutionContract, ExecutionMeter, type ExecutionMetrics, FALLBACK_CONTRACT, HANDLER_METADATA_KEY, Handler, INTENT_REQUIREMENTS, INTENT_ROUTES_KEY, INTENT_SENSITIVITY_MAP, INTENT_TIMEOUTS, Intent, type IntentDefinition, type IntentExecBody, type IntentOptions, type IntentRoute, IntentRouter, IntentSensitivity, type IssuerKeyRecord, type KeyStatus, PROOF_CAPABILITIES, type ReceiptEffect, Schema2002_PasskeyLoginOptionsRes, Schema2011_PasskeyLoginVerifyReq, Schema2012_PasskeyLoginVerifyRes, Schema2021_PasskeyRegisterOptionsReq, type SensorDecision, SensorDecisions, type SensorInput, type SensorMinifiedDecision, type SensorPhaseMetadata, type TickWindow, axis1SigningBytes, b64urlDecode, b64urlDecodeString, b64urlEncode, b64urlEncodeString, buildAts1Hdr, buildPacket, buildReceiptHash, buildTLVs, bytes, canAccessResource, canonicalJson, canonicalJsonExcluding, classifyIntent, decodeAxis1Frame, encVarint, encodeAxis1Frame, hasScope, isAdminOpcode, isKnownOpcode, nonce16, normalizeSensorDecision, packPasskeyLoginOptionsReq, packPasskeyLoginOptionsRes, packPasskeyLoginVerifyReq, packPasskeyLoginVerifyRes, packPasskeyRegisterOptionsReq, parseScope, resolveTimeout, sensitivityName, tlv, u64be, unpackPasskeyLoginOptionsReq, unpackPasskeyLoginVerifyReq, unpackPasskeyRegisterOptionsReq, utf8, varintU };

package/dist/index.d.ts CHANGED Viewed

@@ -1,6 +1,5 @@
 import { AxisFrame } from './core/index.js';
 export { AXIS_MAGIC, AXIS_VERSION, AxisBinaryFrame, AxisFrameZ, TLV as AxisTlvType, BodyProfile, ERR_BAD_SIGNATURE, ERR_CONTRACT_VIOLATION, ERR_INVALID_PACKET, ERR_REPLAY_DETECTED, FLAG_BODY_TLV, FLAG_CHAIN_REQ, FLAG_HAS_WITNESS, MAX_BODY_LEN, MAX_FRAME_LEN, MAX_HDR_LEN, MAX_SIG_LEN, NCERT_ALG, NCERT_EXP, NCERT_ISSUER_KID, NCERT_KID, NCERT_NBF, NCERT_NODE_ID, NCERT_PAYLOAD, NCERT_PUB, NCERT_SCOPE, NCERT_SIG, PROOF_CAPSULE, PROOF_JWT, PROOF_LOOM, PROOF_MTLS, PROOF_NONE, PROOF_WITNESS, ProofType, TLV, TLV_ACTOR_ID, TLV_AUD, TLV_BODY_ARR, TLV_BODY_OBJ, TLV_CAPSULE, TLV_EFFECT, TLV_ERROR_CODE, TLV_ERROR_MSG, TLV_INDEX, TLV_INTENT, TLV_KID, TLV_LOOM_PRESENCE_ID, TLV_LOOM_THREAD_HASH, TLV_LOOM_WRIT, TLV_NODE, TLV_NODE_CERT_HASH, TLV_NODE_KID, TLV_NONCE, TLV_OFFSET, TLV_OK, TLV_PID, TLV_PREV_HASH, TLV_PROOF_REF, TLV_PROOF_TYPE, TLV_REALM, TLV_RECEIPT_HASH, TLV_RID, TLV_SHA256_CHUNK, TLV_TRACE_ID, TLV_TS, TLV_UPLOAD_ID, computeReceiptHash, computeSignaturePayload, decodeArray, decodeFrame, decodeObject, decodeTLVs, decodeTLVsList, decodeVarint, encodeFrame, encodeTLVs, encodeVarint, generateEd25519KeyPair, getSignTarget, sha256, signFrame, varintLength, verifyFrameSignature } from './core/index.js';
-import { OnModuleInit } from '@nestjs/common';
 import 'zod';
 declare const HANDLER_METADATA_KEY = "axis:handler";
@@ -578,7 +577,8 @@ interface AxisSensor {
     supports?(input: SensorInput): boolean;
     run(input: SensorInput): Promise<SensorDecision>;
 }
-interface AxisSensorInit extends AxisSensor, OnModuleInit {
+interface AxisSensorInit extends AxisSensor {
+    onModuleInit?(): void | Promise<void>;
 }
 interface AxisPreSensor extends AxisSensor {
     phase: 'PRE_DECODE';
@@ -672,7 +672,8 @@ interface AxisHandler {
     readonly description?: string;
     readonly execute?: (body: Uint8Array, headers?: Map<number, Uint8Array>) => Promise<Uint8Array | any>;
 }
-interface AxisHandlerInit extends AxisHandler, OnModuleInit {
+interface AxisHandlerInit extends AxisHandler {
+    onModuleInit?(): void | Promise<void>;
 }
 interface AxisCrudHandler extends AxisHandlerInit {
@@ -702,9 +703,6 @@ type Capability = keyof typeof CAPABILITIES;
 declare const PROOF_CAPABILITIES: Record<number, Capability[]>;
 declare const INTENT_REQUIREMENTS: Record<string, Capability[]>;
-declare function validateFrameShape(frame: any): boolean;
-declare function isTimestampValid(ts: number, skewSeconds?: number): boolean;
 declare const AXIS_OPCODES: Set<string>;
 declare function isKnownOpcode(op: string): boolean;
 declare function isAdminOpcode(op: string): boolean;
@@ -739,4 +737,4 @@ interface IntentDefinition {
     deprecated?: boolean;
 }
-export { ATS1_HDR, ATS1_SCHEMA, AXIS_OPCODES, type ActorKeyRecord, ats1 as Ats1Codec, type Axis1DecodedFrame, type Axis1FrameToEncode, type AxisAlg, type AxisPacket as AxisBinaryPacket, type AxisCapsule, type AxisCapsuleConstraints, type AxisCapsulePayload, type AxisCrudHandler, type AxisEffect, type AxisHandler, type AxisHandlerInit, type AxisObservedContext, type AxisPacket$1 as AxisPacket, T as AxisPacketTags, type AxisPostSensor, type AxisPreSensor, type AxisRequestContext, type AxisResponse, type AxisSensor, type AxisSensorInit, type AxisSig, CAPABILITIES, type Capability, type CapsuleBatchBody, type CapsuleBatchResult, type CapsuleIssueBody, type CapsuleIssueResult, type CapsuleMode, type CapsuleRecord, type CapsuleRevokeBody, type CapsuleStatus, ContractViolationError, DEFAULT_CONTRACTS, DEFAULT_TIMEOUT, Decision, type ExecutionContract, ExecutionMeter, type ExecutionMetrics, FALLBACK_CONTRACT, HANDLER_METADATA_KEY, Handler, INTENT_REQUIREMENTS, INTENT_ROUTES_KEY, INTENT_SENSITIVITY_MAP, INTENT_TIMEOUTS, Intent, type IntentDefinition, type IntentExecBody, type IntentOptions, type IntentRoute, IntentRouter, IntentSensitivity, type IssuerKeyRecord, type KeyStatus, PROOF_CAPABILITIES, type ReceiptEffect, Schema2002_PasskeyLoginOptionsRes, Schema2011_PasskeyLoginVerifyReq, Schema2012_PasskeyLoginVerifyRes, Schema2021_PasskeyRegisterOptionsReq, type SensorDecision, SensorDecisions, type SensorInput, type SensorMinifiedDecision, type SensorPhaseMetadata, type TickWindow, axis1SigningBytes, b64urlDecode, b64urlDecodeString, b64urlEncode, b64urlEncodeString, buildAts1Hdr, buildPacket, buildReceiptHash, buildTLVs, bytes, canAccessResource, canonicalJson, canonicalJsonExcluding, classifyIntent, decodeAxis1Frame, encVarint, encodeAxis1Frame, hasScope, isAdminOpcode, isKnownOpcode, isTimestampValid, nonce16, normalizeSensorDecision, packPasskeyLoginOptionsReq, packPasskeyLoginOptionsRes, packPasskeyLoginVerifyReq, packPasskeyLoginVerifyRes, packPasskeyRegisterOptionsReq, parseScope, resolveTimeout, sensitivityName, tlv, u64be, unpackPasskeyLoginOptionsReq, unpackPasskeyLoginVerifyReq, unpackPasskeyRegisterOptionsReq, utf8, validateFrameShape, varintU };
+export { ATS1_HDR, ATS1_SCHEMA, AXIS_OPCODES, type ActorKeyRecord, ats1 as Ats1Codec, type Axis1DecodedFrame, type Axis1FrameToEncode, type AxisAlg, type AxisPacket as AxisBinaryPacket, type AxisCapsule, type AxisCapsuleConstraints, type AxisCapsulePayload, type AxisCrudHandler, type AxisEffect, type AxisHandler, type AxisHandlerInit, type AxisObservedContext, type AxisPacket$1 as AxisPacket, T as AxisPacketTags, type AxisPostSensor, type AxisPreSensor, type AxisRequestContext, type AxisResponse, type AxisSensor, type AxisSensorInit, type AxisSig, CAPABILITIES, type Capability, type CapsuleBatchBody, type CapsuleBatchResult, type CapsuleIssueBody, type CapsuleIssueResult, type CapsuleMode, type CapsuleRecord, type CapsuleRevokeBody, type CapsuleStatus, ContractViolationError, DEFAULT_CONTRACTS, DEFAULT_TIMEOUT, Decision, type ExecutionContract, ExecutionMeter, type ExecutionMetrics, FALLBACK_CONTRACT, HANDLER_METADATA_KEY, Handler, INTENT_REQUIREMENTS, INTENT_ROUTES_KEY, INTENT_SENSITIVITY_MAP, INTENT_TIMEOUTS, Intent, type IntentDefinition, type IntentExecBody, type IntentOptions, type IntentRoute, IntentRouter, IntentSensitivity, type IssuerKeyRecord, type KeyStatus, PROOF_CAPABILITIES, type ReceiptEffect, Schema2002_PasskeyLoginOptionsRes, Schema2011_PasskeyLoginVerifyReq, Schema2012_PasskeyLoginVerifyRes, Schema2021_PasskeyRegisterOptionsReq, type SensorDecision, SensorDecisions, type SensorInput, type SensorMinifiedDecision, type SensorPhaseMetadata, type TickWindow, axis1SigningBytes, b64urlDecode, b64urlDecodeString, b64urlEncode, b64urlEncodeString, buildAts1Hdr, buildPacket, buildReceiptHash, buildTLVs, bytes, canAccessResource, canonicalJson, canonicalJsonExcluding, classifyIntent, decodeAxis1Frame, encVarint, encodeAxis1Frame, hasScope, isAdminOpcode, isKnownOpcode, nonce16, normalizeSensorDecision, packPasskeyLoginOptionsReq, packPasskeyLoginOptionsRes, packPasskeyLoginVerifyReq, packPasskeyLoginVerifyRes, packPasskeyRegisterOptionsReq, parseScope, resolveTimeout, sensitivityName, tlv, u64be, unpackPasskeyLoginOptionsReq, unpackPasskeyLoginVerifyReq, unpackPasskeyRegisterOptionsReq, utf8, varintU };

package/dist/index.js CHANGED Viewed

@@ -160,7 +160,6 @@ __export(index_exports, {
   hasScope: () => hasScope,
   isAdminOpcode: () => isAdminOpcode,
   isKnownOpcode: () => isKnownOpcode,
-  isTimestampValid: () => isTimestampValid,
   nonce16: () => nonce16,
   normalizeSensorDecision: () => normalizeSensorDecision,
   packPasskeyLoginOptionsReq: () => packPasskeyLoginOptionsReq,
@@ -179,7 +178,6 @@ __export(index_exports, {
   unpackPasskeyLoginVerifyReq: () => unpackPasskeyLoginVerifyReq,
   unpackPasskeyRegisterOptionsReq: () => unpackPasskeyRegisterOptionsReq,
   utf8: () => utf8,
-  validateFrameShape: () => validateFrameShape,
   varintLength: () => varintLength,
   varintU: () => varintU,
   verifyFrameSignature: () => verifyFrameSignature
@@ -2111,49 +2109,6 @@ var INTENT_REQUIREMENTS = {
   "admin.*": ["admin"]
 };
-// src/core/frame-validator.ts
-function validateFrameShape(frame) {
-  if (!frame || typeof frame !== "object") {
-    return false;
-  }
-  if (frame.v !== 1) {
-    return false;
-  }
-  const requiredStrings = ["pid", "nonce", "actorId", "opcode"];
-  for (const key of requiredStrings) {
-    if (typeof frame[key] !== "string" || frame[key].length < 6) {
-      return false;
-    }
-  }
-  if (typeof frame.ts !== "number" || !Number.isFinite(frame.ts)) {
-    return false;
-  }
-  if (frame.aud !== void 0 && (typeof frame.aud !== "string" || frame.aud.length === 0)) {
-    return false;
-  }
-  if (!frame.sig || typeof frame.sig !== "object") {
-    return false;
-  }
-  if (frame.sig.alg !== "EdDSA") {
-    return false;
-  }
-  if (typeof frame.sig.kid !== "string" || frame.sig.kid.length < 8) {
-    return false;
-  }
-  if (typeof frame.sig.value !== "string" || frame.sig.value.length < 32) {
-    return false;
-  }
-  if (typeof frame.body !== "object" || frame.body === null) {
-    return false;
-  }
-  return true;
-}
-function isTimestampValid(ts, skewSeconds = 120) {
-  const now = Math.floor(Date.now() / 1e3);
-  const diff = Math.abs(now - ts);
-  return diff <= skewSeconds;
-}
 // src/core/opcodes.ts
 var AXIS_OPCODES = /* @__PURE__ */ new Set([
   "CAPSULE.ISSUE",
@@ -2398,7 +2353,6 @@ function resolveTimeout(intent) {
   hasScope,
   isAdminOpcode,
   isKnownOpcode,
-  isTimestampValid,
   nonce16,
   normalizeSensorDecision,
   packPasskeyLoginOptionsReq,
@@ -2417,7 +2371,6 @@ function resolveTimeout(intent) {
   unpackPasskeyLoginVerifyReq,
   unpackPasskeyRegisterOptionsReq,
   utf8,
-  validateFrameShape,
   varintLength,
   varintU,
   verifyFrameSignature