npm - @nextera.one/axis-server-sdk - Versions diffs - 0.9.3 → 1.1.0 - Mend

@nextera.one/axis-server-sdk 0.9.3 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.d.mts CHANGED Viewed

@@ -5,19 +5,95 @@ import 'zod';
 declare const HANDLER_METADATA_KEY = "axis:handler";
 declare function Handler(intent?: string): ClassDecorator;
+declare const INTENT_METADATA_KEY = "axis:intent";
 declare const INTENT_ROUTES_KEY = "axis:intent_routes";
+type IntentKind = 'create' | 'read' | 'update' | 'delete' | 'action';
+interface IntentTlvField {
+    name: string;
+    tag: number;
+    kind: 'utf8' | 'u64' | 'bytes' | 'bytes16' | 'bool' | 'obj' | 'arr';
+    required?: boolean;
+    maxLen?: number;
+    max?: string;
+    scope?: 'header' | 'body';
+}
 interface IntentRoute {
     action: string;
     methodName: string | symbol;
     absolute?: boolean;
     frame?: boolean;
+    kind?: IntentKind;
+    bodyProfile?: 'TLV_MAP' | 'RAW' | 'TLV_OBJ' | 'TLV_ARR';
+    tlv?: IntentTlvField[];
+    dto?: Function;
 }
 interface IntentOptions {
+    kind?: IntentKind;
     absolute?: boolean;
     frame?: boolean;
+    bodyProfile?: 'TLV_MAP' | 'RAW' | 'TLV_OBJ' | 'TLV_ARR';
+    tlv?: IntentTlvField[];
+    dto?: Function;
 }
 declare function Intent(action: string, options?: IntentOptions): MethodDecorator;
+declare const TLV_FIELDS_KEY = "axis:tlv:fields";
+declare const TLV_VALIDATORS_KEY = "axis:tlv:validators";
+type TlvFieldKind = 'utf8' | 'u64' | 'bytes' | 'bytes16' | 'bool' | 'obj' | 'arr';
+interface TlvFieldOptions {
+    kind: TlvFieldKind;
+    required?: boolean;
+    maxLen?: number;
+    max?: string;
+    scope?: 'header' | 'body';
+}
+interface TlvFieldMeta {
+    property: string;
+    tag: number;
+    options: TlvFieldOptions;
+}
+type TlvValidatorFn = (value: Uint8Array, property: string) => string | null | undefined;
+interface TlvValidatorMeta {
+    property: string;
+    tag: number;
+    validators: TlvValidatorFn[];
+}
+declare function TlvField(tag: number, options: TlvFieldOptions): PropertyDecorator;
+declare function TlvValidate(validator: TlvValidatorFn): PropertyDecorator;
+declare function TlvUtf8Pattern(pattern: RegExp, message?: string): PropertyDecorator;
+declare function TlvMinLen(min: number, message?: string): PropertyDecorator;
+declare function TlvEnum(allowed: string[], message?: string): PropertyDecorator;
+declare function TlvRange(min: bigint, max: bigint, message?: string): PropertyDecorator;
+interface DtoSchema {
+    fields: IntentTlvField[];
+    validators: Map<number, TlvValidatorFn[]>;
+}
+declare function extractDtoSchema(dto: Function): DtoSchema;
+declare function buildDtoDecoder(dto: Function): (bodyBytes: Buffer) => Record<string, any>;
+declare abstract class AxisTlvDto {
+}
+declare class AxisIdDto extends AxisTlvDto {
+    id: string;
+}
+declare function AxisPartialType<T extends new (...args: any[]) => AxisTlvDto>(BaseDto: T): new (...args: any[]) => Partial<InstanceType<T>> & AxisTlvDto;
+declare const RESPONSE_TAG_ID = 1;
+declare const RESPONSE_TAG_CREATED_AT = 2;
+declare const RESPONSE_TAG_UPDATED_AT = 3;
+declare const RESPONSE_TAG_CREATED_BY = 4;
+declare const RESPONSE_TAG_UPDATED_BY = 5;
+declare abstract class AxisResponseDto extends AxisTlvDto {
+    id?: string;
+    created_at?: bigint;
+    updated_at?: bigint;
+    created_by?: string;
+    updated_by?: string;
+}
 interface AxisEffect {
     ok: boolean;
     effect: string;
@@ -335,7 +411,7 @@ interface AxisCapsuleConstraints {
     sessionIdLock?: string;
     nonceRequired?: boolean;
 }
-interface TickWindow$1 {
+interface TickWindow {
     start: number;
     end: number;
 }
@@ -352,7 +428,7 @@ interface AxisCapsulePayload {
     iat: number;
     nbf?: number;
     exp: number;
-    tickWindow?: TickWindow$1;
+    tickWindow?: TickWindow;
     mode: CapsuleMode;
     maxUses: number;
     nonceSeed?: string;
@@ -597,11 +673,11 @@ interface AxisHandlerInit extends AxisHandler {
 }
 interface AxisCrudHandler extends AxisHandlerInit {
-    create(body: Uint8Array, headers?: Map<number, Uint8Array>): Promise<Uint8Array>;
-    findAll(body: Uint8Array, headers?: Map<number, Uint8Array>): Promise<Uint8Array>;
-    findOne(body: Uint8Array, headers?: Map<number, Uint8Array>): Promise<Uint8Array>;
-    update(body: Uint8Array, headers?: Map<number, Uint8Array>): Promise<Uint8Array>;
-    remove(body: Uint8Array, headers?: Map<number, Uint8Array>): Promise<Uint8Array>;
+    create(body: Uint8Array | AxisTlvDto, headers?: Map<number, Uint8Array>): Promise<Uint8Array>;
+    findAll(body: Uint8Array | AxisTlvDto, headers?: Map<number, Uint8Array>): Promise<Uint8Array>;
+    findOne(body: Uint8Array | AxisTlvDto, headers?: Map<number, Uint8Array>): Promise<Uint8Array>;
+    update(body: Uint8Array | AxisTlvDto, headers?: Map<number, Uint8Array>): Promise<Uint8Array>;
+    remove(body: Uint8Array | AxisTlvDto, headers?: Map<number, Uint8Array>): Promise<Uint8Array>;
 }
 declare function hasScope(scopes: string[], required: string): boolean;
@@ -681,246 +757,4 @@ interface IntentDefinition {
 declare function validateFrameShape(frame: any): boolean;
 declare function isTimestampValid(ts: number, skewSeconds?: number): boolean;
-declare enum DeviceType {
-    MOBILE = "mobile",
-    BROWSER = "browser",
-    CLI = "cli",
-    SERVICE = "service"
-}
-declare enum DeviceTrustLevel {
-    PRIMARY = "primary",
-    TRUSTED = "trusted",
-    EPHEMERAL = "ephemeral"
-}
-declare enum DeviceStatus {
-    ACTIVE = "active",
-    REVOKED = "revoked",
-    SUSPENDED = "suspended"
-}
-interface DeviceRecord {
-    device_uid: string;
-    user_uid: string;
-    name: string;
-    type: DeviceType;
-    trust_level: DeviceTrustLevel;
-    status: DeviceStatus;
-    public_key: string;
-    key_algorithm: string;
-    created_at: string;
-    last_seen_at?: string;
-    revoked_at?: string;
-    revoked_reason?: string;
-}
-declare enum LoginChallengeStatus {
-    PENDING = "pending",
-    SCANNED = "scanned",
-    APPROVED = "approved",
-    REJECTED = "rejected",
-    EXPIRED = "expired"
-}
-interface LoginChallengeRecord {
-    challenge_uid: string;
-    status: LoginChallengeStatus;
-    browser_public_key: string;
-    browser_key_algorithm: string;
-    browser_label?: string;
-    requested_trust: DeviceTrustLevel;
-    origin?: string;
-    qr_hash: string;
-    created_at: string;
-    expires_at: string;
-    scanned_at?: string;
-    scanned_by_device_uid?: string;
-    approved_at?: string;
-}
-declare enum TickAuthChallengeStatus {
-    PENDING = "pending",
-    FULFILLED = "fulfilled",
-    REJECTED = "rejected",
-    EXPIRED = "expired"
-}
-interface TickWindow {
-    start: string;
-    end: string;
-}
-interface TickAuthChallengeRecord {
-    challenge_uid: string;
-    login_challenge_uid?: string;
-    status: TickAuthChallengeStatus;
-    tick_window: TickWindow;
-    purpose: string;
-    payload_hash?: string;
-    fulfilled_at?: string;
-    fulfilled_by_device_uid?: string;
-}
-declare enum NestFlowCapsuleType {
-    LOGIN = "login",
-    DEVICE_REGISTRATION = "device_registration",
-    STEP_UP = "step_up",
-    RECOVERY = "recovery"
-}
-declare enum CapsuleStatus {
-    ACTIVE = "active",
-    CONSUMED = "consumed",
-    REVOKED = "revoked",
-    EXPIRED = "expired"
-}
-interface NestFlowCapsuleScope {
-    type: NestFlowCapsuleType;
-    intents: string[];
-    device_uid?: string;
-    login_challenge_uid?: string;
-}
-declare enum SessionStatus {
-    ACTIVE = "active",
-    EXPIRED = "expired",
-    REVOKED = "revoked"
-}
-interface SessionRecord {
-    session_uid: string;
-    user_uid: string;
-    device_uid: string;
-    capsule_uid: string;
-    status: SessionStatus;
-    issued_at: string;
-    expires_at: string;
-    last_refreshed_at?: string;
-    revoked_at?: string;
-    revoked_reason?: string;
-}
-declare enum TrustLinkType {
-    LOGIN = "login",
-    PROMOTION = "promotion",
-    RECOVERY = "recovery"
-}
-declare enum TrustLinkStatus {
-    ACTIVE = "active",
-    REVOKED = "revoked"
-}
-interface DeviceTrustLinkRecord {
-    link_uid: string;
-    issuer_device_uid: string;
-    target_device_uid: string;
-    type: TrustLinkType;
-    status: TrustLinkStatus;
-    issued_at: string;
-    revoked_at?: string;
-}
-declare enum AuthLevel {
-    SESSION = "session",
-    SESSION_BROWSER = "session_browser",
-    STEP_UP = "step_up",
-    PRIMARY_DEVICE = "primary_device"
-}
-interface BrowserProof {
-    server_nonce: string;
-    signature: string;
-    signature_algorithm: string;
-}
-declare const NESTFLOW_INTENTS: {
-    readonly AUTH_WEB_LOGIN_REQUEST: "auth.web.login.request";
-    readonly AUTH_WEB_LOGIN_SCAN: "auth.web.login.scan";
-    readonly TICKAUTH_CHALLENGE_CREATE: "tickauth.challenge.create";
-    readonly TICKAUTH_CHALLENGE_FULFILL: "tickauth.challenge.fulfill";
-    readonly TICKAUTH_CHALLENGE_REJECT: "tickauth.challenge.reject";
-    readonly CAPSULE_ISSUE_LOGIN: "capsule.issue.login";
-    readonly CAPSULE_ISSUE_DEVICE_REGISTRATION: "capsule.issue.device_registration";
-    readonly CAPSULE_ISSUE_STEP_UP: "capsule.issue.step_up";
-    readonly CAPSULE_ISSUE_RECOVERY: "capsule.issue.recovery";
-    readonly SESSION_ACTIVATE: "session.activate";
-    readonly SESSION_REFRESH: "session.refresh";
-    readonly SESSION_LOGOUT: "session.logout";
-    readonly DEVICE_TRUST_REQUEST: "device.trust.request";
-    readonly DEVICE_TRUST_PROMOTE: "device.trust.promote";
-    readonly DEVICE_REVOKE: "device.revoke";
-    readonly DEVICE_LIST: "device.list";
-    readonly DEVICE_RENAME: "device.rename";
-    readonly FLOW_PUBLISH: "flow.publish";
-    readonly FLOW_DELETE: "flow.delete";
-    readonly NODE_DELETE: "node.delete";
-    readonly SECRET_ROTATE: "secret.rotate";
-    readonly ORG_SECURITY_UPDATE: "org.security.update";
-    readonly PRODUCTION_EXECUTION_APPROVE: "production.execution.approve";
-    readonly IDENTITY_RECOVERY_START: "identity.recovery.start";
-    readonly IDENTITY_RECOVERY_COMPLETE: "identity.recovery.complete";
-    readonly PRIMARY_DEVICE_ROTATE: "primary.device.rotate";
-    readonly IDENTITY_LOCK: "identity.lock";
-    readonly IDENTITY_UNLOCK: "identity.unlock";
-};
-type NestFlowIntent = (typeof NESTFLOW_INTENTS)[keyof typeof NESTFLOW_INTENTS];
-declare const NESTFLOW_INTENT_SET: Set<string>;
-declare function isNestFlowIntent(intent: string): boolean;
-declare const NESTFLOW_POLICY_MAP: Record<string, AuthLevel>;
-declare function getRequiredAuthLevel(intent: string): AuthLevel | undefined;
-declare function satisfiesAuthLevel(provided: AuthLevel, required: AuthLevel): boolean;
-interface GuardResult {
-    allowed: boolean;
-    reason?: string;
-    step_up_intent?: string;
-}
-declare function checkIntentPolicy(intent: string, currentAuthLevel: AuthLevel): GuardResult;
-interface SessionContext {
-    session_uid: string;
-    status: SessionStatus;
-    expires_at: string;
-    device_uid: string;
-    user_uid: string;
-}
-declare function checkSession(session: SessionContext | null): GuardResult;
-declare function checkBrowserProof(proof: BrowserProof | null | undefined, expectedNonce: string): GuardResult;
-interface DeviceContext {
-    device_uid: string;
-    trust_level: DeviceTrustLevel;
-    status: DeviceStatus;
-}
-declare function checkDeviceTrust(device: DeviceContext | null, minimumTrust: DeviceTrustLevel): GuardResult;
-interface CapsuleContext {
-    capsule_uid: string;
-    status: CapsuleStatus;
-    type: string;
-    intents: string[];
-    device_uid?: string;
-    expires_at: string;
-}
-declare function checkCapsule(capsule: CapsuleContext | null, intent: string, requestingDeviceUid?: string): GuardResult;
-interface LoginChallengeContext {
-    challenge_uid: string;
-    status: LoginChallengeStatus;
-    expires_at: string;
-}
-declare function checkLoginChallenge(challenge: LoginChallengeContext | null, expectedStatus: LoginChallengeStatus): GuardResult;
-interface TickAuthContext {
-    challenge_uid: string;
-    status: TickAuthChallengeStatus;
-    tick_window: {
-        start: string;
-        end: string;
-    };
-}
-declare function checkTickAuth(challenge: TickAuthContext | null): GuardResult;
-interface NonceStore {
-    has(nonce: string): Promise<boolean>;
-    add(nonce: string, expiresAt: Date): Promise<void>;
-}
-declare function checkReplayProtection(nonce: string, store: NonceStore, windowMs?: number): Promise<GuardResult>;
-interface TransitionResult {
-    valid: boolean;
-    reason?: string;
-}
-declare function validateLoginChallengeTransition(from: LoginChallengeStatus, to: LoginChallengeStatus): TransitionResult;
-declare function validateTickAuthTransition(from: TickAuthChallengeStatus, to: TickAuthChallengeStatus): TransitionResult;
-declare function validateCapsuleTransition(from: CapsuleStatus, to: CapsuleStatus): TransitionResult;
-declare function validateSessionTransition(from: SessionStatus, to: SessionStatus): TransitionResult;
-declare function validateDeviceTransition(from: DeviceStatus, to: DeviceStatus): TransitionResult;
-declare function validateTrustLinkTransition(from: TrustLinkStatus, to: TrustLinkStatus): TransitionResult;
-declare function isLoginChallengeTerminal(status: LoginChallengeStatus): boolean;
-declare function isTickAuthTerminal(status: TickAuthChallengeStatus): boolean;
-declare function isCapsuleTerminal(status: CapsuleStatus): boolean;
-declare function isSessionTerminal(status: SessionStatus): boolean;
-declare function isDeviceTerminal(status: DeviceStatus): boolean;
-export { ATS1_HDR, ATS1_SCHEMA, AXIS_OPCODES, ats1 as Ats1Codec, AuthLevel, type Axis1DecodedFrame, type Axis1FrameToEncode, type AxisAlg$1 as AxisAlg, type AxisPacket as AxisBinaryPacket, type AxisCapsuleConstraints, type AxisCapsulePayload, type AxisCrudHandler, type AxisEffect, type AxisHandler, type AxisHandlerInit, type AxisAlg as AxisJsonAlg, type AxisFrame as AxisJsonFrame, type AxisResponse as AxisJsonResponse, type AxisSig as AxisJsonSig, type AxisObservedContext, type AxisPacket$1 as AxisPacket, T as AxisPacketTags, type AxisPostSensor, type AxisPreSensor, type AxisRequestContext, type AxisSensor, type AxisSensorInit, type AxisSig$1 as AxisSig, type BrowserProof, CAPABILITIES, type Capability, type CapsuleContext, type CapsuleMode, CapsuleStatus, ContractViolationError, DEFAULT_CONTRACTS, DEFAULT_TIMEOUT, Decision, type DeviceContext, type DeviceRecord, DeviceStatus, DeviceTrustLevel, type DeviceTrustLinkRecord, DeviceType, type ExecutionContract, ExecutionMeter, type ExecutionMetrics, FALLBACK_CONTRACT, type GuardResult, HANDLER_METADATA_KEY, Handler, INTENT_REQUIREMENTS, INTENT_ROUTES_KEY, INTENT_SENSITIVITY_MAP, INTENT_TIMEOUTS, Intent, type IntentDefinition, type IntentOptions, type IntentRoute, IntentRouter, IntentSensitivity, type KeyStatus, type LoginChallengeContext, type LoginChallengeRecord, LoginChallengeStatus, NESTFLOW_INTENTS, NESTFLOW_INTENT_SET, NESTFLOW_POLICY_MAP, type NestFlowCapsuleScope, NestFlowCapsuleType, type NestFlowIntent, type NonceStore, PROOF_CAPABILITIES, type ReceiptEffect, RiskDecision, type RiskEvaluation, type RiskSignal, Schema2002_PasskeyLoginOptionsRes, Schema2011_PasskeyLoginVerifyReq, Schema2012_PasskeyLoginVerifyRes, Schema2021_PasskeyRegisterOptionsReq, type SensorDecision, SensorDecisions, type SensorInput, type SensorMinifiedDecision, type SensorPhaseMetadata, type SessionContext, type SessionRecord, SessionStatus, type TickAuthChallengeRecord, TickAuthChallengeStatus, type TickAuthContext, type TickWindow, type TransitionResult, TrustLinkStatus, TrustLinkType, axis1SigningBytes, b64urlDecode, b64urlDecodeString, b64urlEncode, b64urlEncodeString, buildAts1Hdr, buildPacket, buildReceiptHash, buildTLVs, bytes, canAccessResource, canonicalJson, canonicalJsonExcluding, checkBrowserProof, checkCapsule, checkDeviceTrust, checkIntentPolicy, checkLoginChallenge, checkReplayProtection, checkSession, checkTickAuth, classifyIntent, decodeAxis1Frame, encVarint, encodeAxis1Frame, getRequiredAuthLevel, hasScope, isAdminOpcode, isCapsuleTerminal, isDeviceTerminal, isKnownOpcode, isLoginChallengeTerminal, isNestFlowIntent, isSessionTerminal, isTickAuthTerminal, isTimestampValid, nonce16, normalizeSensorDecision, packPasskeyLoginOptionsReq, packPasskeyLoginOptionsRes, packPasskeyLoginVerifyReq, packPasskeyLoginVerifyRes, packPasskeyRegisterOptionsReq, parseScope, resolveTimeout, satisfiesAuthLevel, sensitivityName, tlv, u64be, unpackPasskeyLoginOptionsReq, unpackPasskeyLoginVerifyReq, unpackPasskeyRegisterOptionsReq, utf8, validateCapsuleTransition, validateDeviceTransition, validateFrameShape, validateLoginChallengeTransition, validateSessionTransition, validateTickAuthTransition, validateTrustLinkTransition, varintU };
+export { ATS1_HDR, ATS1_SCHEMA, AXIS_OPCODES, ats1 as Ats1Codec, type Axis1DecodedFrame, type Axis1FrameToEncode, type AxisAlg$1 as AxisAlg, type AxisPacket as AxisBinaryPacket, type AxisCapsuleConstraints, type AxisCapsulePayload, type AxisCrudHandler, type AxisEffect, type AxisHandler, type AxisHandlerInit, AxisIdDto, type AxisAlg as AxisJsonAlg, type AxisFrame as AxisJsonFrame, type AxisResponse as AxisJsonResponse, type AxisSig as AxisJsonSig, type AxisObservedContext, type AxisPacket$1 as AxisPacket, T as AxisPacketTags, AxisPartialType, type AxisPostSensor, type AxisPreSensor, type AxisRequestContext, AxisResponseDto, type AxisSensor, type AxisSensorInit, type AxisSig$1 as AxisSig, AxisTlvDto, CAPABILITIES, type Capability, type CapsuleMode, ContractViolationError, DEFAULT_CONTRACTS, DEFAULT_TIMEOUT, Decision, type DtoSchema, type ExecutionContract, ExecutionMeter, type ExecutionMetrics, FALLBACK_CONTRACT, HANDLER_METADATA_KEY, Handler, INTENT_METADATA_KEY, INTENT_REQUIREMENTS, INTENT_ROUTES_KEY, INTENT_SENSITIVITY_MAP, INTENT_TIMEOUTS, Intent, type IntentDefinition, type IntentKind, type IntentOptions, type IntentRoute, IntentRouter, IntentSensitivity, type IntentTlvField, type KeyStatus, PROOF_CAPABILITIES, RESPONSE_TAG_CREATED_AT, RESPONSE_TAG_CREATED_BY, RESPONSE_TAG_ID, RESPONSE_TAG_UPDATED_AT, RESPONSE_TAG_UPDATED_BY, type ReceiptEffect, RiskDecision, type RiskEvaluation, type RiskSignal, Schema2002_PasskeyLoginOptionsRes, Schema2011_PasskeyLoginVerifyReq, Schema2012_PasskeyLoginVerifyRes, Schema2021_PasskeyRegisterOptionsReq, type SensorDecision, SensorDecisions, type SensorInput, type SensorMinifiedDecision, type SensorPhaseMetadata, TLV_FIELDS_KEY, TLV_VALIDATORS_KEY, TlvEnum, TlvField, type TlvFieldKind, type TlvFieldMeta, type TlvFieldOptions, TlvMinLen, TlvRange, TlvUtf8Pattern, TlvValidate, type TlvValidatorFn, type TlvValidatorMeta, axis1SigningBytes, b64urlDecode, b64urlDecodeString, b64urlEncode, b64urlEncodeString, buildAts1Hdr, buildDtoDecoder, buildPacket, buildReceiptHash, buildTLVs, bytes, canAccessResource, canonicalJson, canonicalJsonExcluding, classifyIntent, decodeAxis1Frame, encVarint, encodeAxis1Frame, extractDtoSchema, hasScope, isAdminOpcode, isKnownOpcode, isTimestampValid, nonce16, normalizeSensorDecision, packPasskeyLoginOptionsReq, packPasskeyLoginOptionsRes, packPasskeyLoginVerifyReq, packPasskeyLoginVerifyRes, packPasskeyRegisterOptionsReq, parseScope, resolveTimeout, sensitivityName, tlv, u64be, unpackPasskeyLoginOptionsReq, unpackPasskeyLoginVerifyReq, unpackPasskeyRegisterOptionsReq, utf8, validateFrameShape, varintU };