@nextera.one/axis-server-sdk 1.4.0 → 1.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/core/index.d.mts +1 -1
- package/dist/core/index.d.ts +1 -1
- package/dist/{index-B5xzROld.d.mts → index-1uEwnW-w.d.mts} +1 -1
- package/dist/{index-B5xzROld.d.ts → index-1uEwnW-w.d.ts} +1 -1
- package/dist/index.d.mts +1063 -532
- package/dist/index.d.ts +1063 -532
- package/dist/index.js +2257 -688
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +2204 -660
- package/dist/index.mjs.map +1 -1
- package/package.json +2 -1
package/dist/index.d.mts
CHANGED
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
import { ModuleRef, DiscoveryService, MetadataScanner, Reflector } from '@nestjs/core';
|
|
2
|
-
import { A as AxisFrame$2 } from './index-
|
|
3
|
-
export { a as AxisBinaryFrame, b as
|
|
2
|
+
import { A as AxisFrame$2 } from './index-1uEwnW-w.mjs';
|
|
3
|
+
export { a as AxisBinaryFrame, b as AxisError, c as AxisFrameZ, d as computeReceiptHash, e as computeSignaturePayload, i as core, f as decodeFrame, g as encodeFrame, h as generateEd25519KeyPair, j as getSignTarget, s as sha256, k as signFrame, v as verifyFrameSignature } from './index-1uEwnW-w.mjs';
|
|
4
4
|
import { PROOF_LOOM, TLV_LOOM_PRESENCE_ID, TLV_LOOM_THREAD_HASH, TLV_LOOM_WRIT } from '@nextera.one/axis-protocol';
|
|
5
5
|
export { AXIS_MAGIC, AXIS_VERSION, TLV as AxisTlvType, BodyProfile, ERR_BAD_SIGNATURE, ERR_CONTRACT_VIOLATION, ERR_INVALID_PACKET, ERR_REPLAY_DETECTED, FLAG_BODY_TLV, FLAG_CHAIN_REQ, FLAG_HAS_WITNESS, MAX_BODY_LEN, MAX_FRAME_LEN, MAX_HDR_LEN, MAX_SIG_LEN, NCERT_ALG, NCERT_EXP, NCERT_ISSUER_KID, NCERT_KID, NCERT_NBF, NCERT_NODE_ID, NCERT_PAYLOAD, NCERT_PUB, NCERT_SCOPE, NCERT_SIG, PROOF_CAPSULE, PROOF_JWT, PROOF_LOOM, PROOF_MTLS, PROOF_NONE, PROOF_WITNESS, ProofType, TLV, TLV_ACTOR_ID, TLV_AUD, TLV_BODY_ARR, TLV_BODY_OBJ, TLV_CAPSULE, TLV_EFFECT, TLV_ERROR_CODE, TLV_ERROR_MSG, TLV_INDEX, TLV_INTENT, TLV_KID, TLV_LOOM_PRESENCE_ID, TLV_LOOM_THREAD_HASH, TLV_LOOM_WRIT, TLV_NODE, TLV_NODE_CERT_HASH, TLV_NODE_KID, TLV_NONCE, TLV_OFFSET, TLV_OK, TLV_PID, TLV_PREV_HASH, TLV_PROOF_REF, TLV_PROOF_TYPE, TLV_REALM, TLV_RECEIPT_HASH, TLV_RID, TLV_SHA256_CHUNK, TLV_TRACE_ID, TLV_TS, TLV_UPLOAD_ID, decodeArray, decodeObject, decodeTLVs, decodeTLVsList, decodeVarint, encodeTLVs, encodeVarint, varintLength } from '@nextera.one/axis-protocol';
|
|
6
|
-
import * as z from 'zod';
|
|
7
6
|
import { OnModuleInit, OnApplicationBootstrap } from '@nestjs/common';
|
|
8
7
|
import { ConfigService } from '@nestjs/config';
|
|
8
|
+
import * as z from 'zod';
|
|
9
9
|
|
|
10
10
|
declare const HANDLER_METADATA_KEY = "axis:handler";
|
|
11
11
|
declare function Handler(intent?: string): ClassDecorator;
|
|
@@ -48,6 +48,16 @@ declare function IntentBody(decoder: (buf: Buffer) => any): MethodDecorator;
|
|
|
48
48
|
declare const INTENT_SENSORS_KEY = "axis:intent:sensors";
|
|
49
49
|
declare function IntentSensors(sensors: Function[]): MethodDecorator;
|
|
50
50
|
|
|
51
|
+
declare const HANDLER_SENSORS_KEY = "axis:handler:sensors";
|
|
52
|
+
declare function HandlerSensors(sensors: Function[]): ClassDecorator;
|
|
53
|
+
|
|
54
|
+
declare const SENSOR_METADATA_KEY = "axis:sensor";
|
|
55
|
+
type SensorPhase = 'PRE_DECODE' | 'POST_DECODE';
|
|
56
|
+
interface SensorOptions {
|
|
57
|
+
phase?: SensorPhase;
|
|
58
|
+
}
|
|
59
|
+
declare function Sensor(options?: SensorOptions): ClassDecorator;
|
|
60
|
+
|
|
51
61
|
declare const TLV_FIELDS_KEY = "axis:tlv:fields";
|
|
52
62
|
declare const TLV_VALIDATORS_KEY = "axis:tlv:validators";
|
|
53
63
|
type TlvFieldKind = 'utf8' | 'u64' | 'bytes' | 'bytes16' | 'bool' | 'obj' | 'arr';
|
|
@@ -92,31 +102,608 @@ declare class AxisIdDto extends AxisTlvDto {
|
|
|
92
102
|
|
|
93
103
|
declare function AxisPartialType<T extends new (...args: any[]) => AxisTlvDto>(BaseDto: T): new (...args: any[]) => Partial<InstanceType<T>> & AxisTlvDto;
|
|
94
104
|
|
|
95
|
-
declare const RESPONSE_TAG_ID = 1;
|
|
96
|
-
declare const RESPONSE_TAG_CREATED_AT = 2;
|
|
97
|
-
declare const RESPONSE_TAG_UPDATED_AT = 3;
|
|
98
|
-
declare const RESPONSE_TAG_CREATED_BY = 4;
|
|
99
|
-
declare const RESPONSE_TAG_UPDATED_BY = 5;
|
|
100
|
-
declare abstract class AxisResponseDto extends AxisTlvDto {
|
|
101
|
-
id?: string;
|
|
102
|
-
created_at?: bigint;
|
|
103
|
-
updated_at?: bigint;
|
|
104
|
-
created_by?: string;
|
|
105
|
-
updated_by?: string;
|
|
106
|
-
}
|
|
105
|
+
declare const RESPONSE_TAG_ID = 1;
|
|
106
|
+
declare const RESPONSE_TAG_CREATED_AT = 2;
|
|
107
|
+
declare const RESPONSE_TAG_UPDATED_AT = 3;
|
|
108
|
+
declare const RESPONSE_TAG_CREATED_BY = 4;
|
|
109
|
+
declare const RESPONSE_TAG_UPDATED_BY = 5;
|
|
110
|
+
declare abstract class AxisResponseDto extends AxisTlvDto {
|
|
111
|
+
id?: string;
|
|
112
|
+
created_at?: bigint;
|
|
113
|
+
updated_at?: bigint;
|
|
114
|
+
created_by?: string;
|
|
115
|
+
updated_by?: string;
|
|
116
|
+
}
|
|
117
|
+
|
|
118
|
+
declare const CCE_PROTOCOL_VERSION: "cce-v1";
|
|
119
|
+
declare const CCE_DERIVATION: {
|
|
120
|
+
readonly REQUEST: "axis:cce:req:v1";
|
|
121
|
+
readonly RESPONSE: "axis:cce:resp:v1";
|
|
122
|
+
readonly WITNESS: "axis:cce:witness:v1";
|
|
123
|
+
};
|
|
124
|
+
type CceAlgorithm = "AES-256-GCM";
|
|
125
|
+
type CceKemAlgorithm = "X25519" | "RSA-OAEP-256";
|
|
126
|
+
type CceKdfAlgorithm = "HKDF-SHA256";
|
|
127
|
+
declare const CCE_AES_KEY_BYTES = 32;
|
|
128
|
+
declare const CCE_IV_BYTES = 12;
|
|
129
|
+
declare const CCE_TAG_BYTES = 16;
|
|
130
|
+
declare const CCE_NONCE_BYTES = 32;
|
|
131
|
+
interface CceCapsuleClaims {
|
|
132
|
+
capsule_id: string;
|
|
133
|
+
ver: typeof CCE_PROTOCOL_VERSION;
|
|
134
|
+
sub: string;
|
|
135
|
+
kid: string;
|
|
136
|
+
intent: string;
|
|
137
|
+
aud: string;
|
|
138
|
+
tps_from: number;
|
|
139
|
+
tps_to: number;
|
|
140
|
+
capsule_nonce: string;
|
|
141
|
+
challenge_id: string;
|
|
142
|
+
policy_hash?: string;
|
|
143
|
+
iat: number;
|
|
144
|
+
exp: number;
|
|
145
|
+
mode: "SINGLE_USE" | "SESSION";
|
|
146
|
+
scope?: string[];
|
|
147
|
+
constraints?: CceConstraints;
|
|
148
|
+
issuer_sig: CceSignature;
|
|
149
|
+
}
|
|
150
|
+
interface CceConstraints {
|
|
151
|
+
max_payload_bytes?: number;
|
|
152
|
+
ip_allow?: string[];
|
|
153
|
+
device_allow?: string[];
|
|
154
|
+
country_allow?: string[];
|
|
155
|
+
}
|
|
156
|
+
interface CceSignature {
|
|
157
|
+
alg: "EdDSA" | "ES256";
|
|
158
|
+
kid: string;
|
|
159
|
+
value: string;
|
|
160
|
+
}
|
|
161
|
+
interface CceRequestEnvelope {
|
|
162
|
+
ver: typeof CCE_PROTOCOL_VERSION;
|
|
163
|
+
request_id: string;
|
|
164
|
+
correlation_id: string;
|
|
165
|
+
client_kid: string;
|
|
166
|
+
capsule: CceCapsuleClaims;
|
|
167
|
+
encrypted_key: CceEncryptedKey;
|
|
168
|
+
encrypted_payload: CceEncryptedPayload;
|
|
169
|
+
request_nonce: string;
|
|
170
|
+
client_sig: CceSignature;
|
|
171
|
+
content_type: string;
|
|
172
|
+
algorithms: CceAlgorithmDescriptor;
|
|
173
|
+
aad_descriptor?: string;
|
|
174
|
+
}
|
|
175
|
+
interface CceEncryptedKey {
|
|
176
|
+
alg: CceKemAlgorithm;
|
|
177
|
+
axis_kid: string;
|
|
178
|
+
ciphertext: string;
|
|
179
|
+
ephemeral_pk?: string;
|
|
180
|
+
}
|
|
181
|
+
interface CceEncryptedPayload {
|
|
182
|
+
alg: CceAlgorithm;
|
|
183
|
+
iv: string;
|
|
184
|
+
ciphertext: string;
|
|
185
|
+
tag: string;
|
|
186
|
+
}
|
|
187
|
+
interface CceAlgorithmDescriptor {
|
|
188
|
+
kem: CceKemAlgorithm;
|
|
189
|
+
enc: CceAlgorithm;
|
|
190
|
+
kdf: CceKdfAlgorithm;
|
|
191
|
+
sig: "EdDSA" | "ES256";
|
|
192
|
+
}
|
|
193
|
+
interface CceResponseEnvelope {
|
|
194
|
+
ver: typeof CCE_PROTOCOL_VERSION;
|
|
195
|
+
response_id: string;
|
|
196
|
+
request_id: string;
|
|
197
|
+
correlation_id: string;
|
|
198
|
+
encrypted_key: CceEncryptedKey;
|
|
199
|
+
encrypted_payload: CceEncryptedPayload;
|
|
200
|
+
response_nonce: string;
|
|
201
|
+
axis_sig: CceSignature;
|
|
202
|
+
witness_ref?: string;
|
|
203
|
+
algorithms: CceAlgorithmDescriptor;
|
|
204
|
+
status: CceResponseStatus;
|
|
205
|
+
}
|
|
206
|
+
type CceResponseStatus = "SUCCESS" | "DENIED" | "PARTIAL" | "FAILED" | "ERROR";
|
|
207
|
+
interface CceExecutionContext {
|
|
208
|
+
execution_key_hash: string;
|
|
209
|
+
request_id: string;
|
|
210
|
+
capsule_id: string;
|
|
211
|
+
sub: string;
|
|
212
|
+
kid: string;
|
|
213
|
+
intent: string;
|
|
214
|
+
aud: string;
|
|
215
|
+
tps_from: number;
|
|
216
|
+
tps_to: number;
|
|
217
|
+
policy_hash?: string;
|
|
218
|
+
derived_at: number;
|
|
219
|
+
valid: boolean;
|
|
220
|
+
}
|
|
221
|
+
interface CceWitnessRecord {
|
|
222
|
+
witness_id: string;
|
|
223
|
+
request_id: string;
|
|
224
|
+
capsule_id: string;
|
|
225
|
+
sub: string;
|
|
226
|
+
intent: string;
|
|
227
|
+
aud: string;
|
|
228
|
+
tps_from: number;
|
|
229
|
+
tps_to: number;
|
|
230
|
+
timestamp: number;
|
|
231
|
+
verification: {
|
|
232
|
+
client_sig: boolean;
|
|
233
|
+
capsule_sig: boolean;
|
|
234
|
+
tps_valid: boolean;
|
|
235
|
+
audience_match: boolean;
|
|
236
|
+
intent_match: boolean;
|
|
237
|
+
replay_clean: boolean;
|
|
238
|
+
nonce_unique: boolean;
|
|
239
|
+
decryption_ok: boolean;
|
|
240
|
+
};
|
|
241
|
+
execution: {
|
|
242
|
+
status: CceResponseStatus;
|
|
243
|
+
handler_duration_ms: number;
|
|
244
|
+
effect?: string;
|
|
245
|
+
};
|
|
246
|
+
response_encrypted: boolean;
|
|
247
|
+
execution_context_hash: string;
|
|
248
|
+
request_payload_hash?: string;
|
|
249
|
+
response_payload_hash?: string;
|
|
250
|
+
}
|
|
251
|
+
declare const CCE_ERROR: {
|
|
252
|
+
readonly INVALID_ENVELOPE: "CCE_INVALID_ENVELOPE";
|
|
253
|
+
readonly UNSUPPORTED_VERSION: "CCE_UNSUPPORTED_VERSION";
|
|
254
|
+
readonly MISSING_CAPSULE: "CCE_MISSING_CAPSULE";
|
|
255
|
+
readonly MISSING_ENCRYPTED_KEY: "CCE_MISSING_ENCRYPTED_KEY";
|
|
256
|
+
readonly CLIENT_SIG_INVALID: "CCE_CLIENT_SIG_INVALID";
|
|
257
|
+
readonly CLIENT_KEY_NOT_FOUND: "CCE_CLIENT_KEY_NOT_FOUND";
|
|
258
|
+
readonly CAPSULE_SIG_INVALID: "CCE_CAPSULE_SIG_INVALID";
|
|
259
|
+
readonly CAPSULE_EXPIRED: "CCE_CAPSULE_EXPIRED";
|
|
260
|
+
readonly CAPSULE_NOT_YET_VALID: "CCE_CAPSULE_NOT_YET_VALID";
|
|
261
|
+
readonly CAPSULE_REVOKED: "CCE_CAPSULE_REVOKED";
|
|
262
|
+
readonly CAPSULE_CONSUMED: "CCE_CAPSULE_CONSUMED";
|
|
263
|
+
readonly AUDIENCE_MISMATCH: "CCE_AUDIENCE_MISMATCH";
|
|
264
|
+
readonly INTENT_MISMATCH: "CCE_INTENT_MISMATCH";
|
|
265
|
+
readonly TPS_WINDOW_EXPIRED: "CCE_TPS_WINDOW_EXPIRED";
|
|
266
|
+
readonly TPS_WINDOW_FUTURE: "CCE_TPS_WINDOW_FUTURE";
|
|
267
|
+
readonly REPLAY_DETECTED: "CCE_REPLAY_DETECTED";
|
|
268
|
+
readonly NONCE_REUSED: "CCE_NONCE_REUSED";
|
|
269
|
+
readonly DECRYPTION_FAILED: "CCE_DECRYPTION_FAILED";
|
|
270
|
+
readonly KEY_UNWRAP_FAILED: "CCE_KEY_UNWRAP_FAILED";
|
|
271
|
+
readonly AEAD_TAG_MISMATCH: "CCE_AEAD_TAG_MISMATCH";
|
|
272
|
+
readonly PAYLOAD_TOO_LARGE: "CCE_PAYLOAD_TOO_LARGE";
|
|
273
|
+
readonly PAYLOAD_SCHEMA_INVALID: "CCE_PAYLOAD_SCHEMA_INVALID";
|
|
274
|
+
readonly INTENT_SCHEMA_MISMATCH: "CCE_INTENT_SCHEMA_MISMATCH";
|
|
275
|
+
readonly POLICY_DENIED: "CCE_POLICY_DENIED";
|
|
276
|
+
readonly CONSTRAINT_VIOLATED: "CCE_CONSTRAINT_VIOLATED";
|
|
277
|
+
readonly HANDLER_NOT_FOUND: "CCE_HANDLER_NOT_FOUND";
|
|
278
|
+
readonly HANDLER_EXECUTION_FAILED: "CCE_HANDLER_EXECUTION_FAILED";
|
|
279
|
+
readonly HANDLER_TIMEOUT: "CCE_HANDLER_TIMEOUT";
|
|
280
|
+
readonly RESPONSE_ENCRYPTION_FAILED: "CCE_RESPONSE_ENCRYPTION_FAILED";
|
|
281
|
+
};
|
|
282
|
+
type CceErrorCode = (typeof CCE_ERROR)[keyof typeof CCE_ERROR];
|
|
283
|
+
declare class CceError extends Error {
|
|
284
|
+
readonly code: CceErrorCode;
|
|
285
|
+
readonly metadata?: Record<string, unknown> | undefined;
|
|
286
|
+
constructor(code: CceErrorCode, message: string, metadata?: Record<string, unknown> | undefined);
|
|
287
|
+
get clientSafe(): boolean;
|
|
288
|
+
toClientError(): {
|
|
289
|
+
code: CceErrorCode;
|
|
290
|
+
message: string;
|
|
291
|
+
};
|
|
292
|
+
}
|
|
293
|
+
|
|
294
|
+
interface CceClientKeyEncryptor {
|
|
295
|
+
wrapKey(aesKey: Uint8Array, clientKid: string, clientPublicKeyHex: string): Promise<CceEncryptedKey>;
|
|
296
|
+
}
|
|
297
|
+
interface CceAxisSigner {
|
|
298
|
+
sign(payload: Uint8Array): Promise<CceSignature>;
|
|
299
|
+
}
|
|
300
|
+
interface CceResponseOptions {
|
|
301
|
+
request: CceRequestEnvelope;
|
|
302
|
+
capsule: CceCapsuleClaims;
|
|
303
|
+
status: CceResponseStatus;
|
|
304
|
+
body: Uint8Array;
|
|
305
|
+
clientPublicKeyHex: string;
|
|
306
|
+
witnessRef?: string;
|
|
307
|
+
}
|
|
308
|
+
declare function buildCceResponse(options: CceResponseOptions, clientKeyEncryptor: CceClientKeyEncryptor, axisSigner: CceAxisSigner): Promise<{
|
|
309
|
+
envelope: CceResponseEnvelope;
|
|
310
|
+
responsePayloadHash: string;
|
|
311
|
+
}>;
|
|
312
|
+
declare function buildCceErrorResponse(requestId: string, correlationId: string, status: CceResponseStatus, errorCode: string, message: string): {
|
|
313
|
+
ver: string;
|
|
314
|
+
request_id: string;
|
|
315
|
+
correlation_id: string;
|
|
316
|
+
status: CceResponseStatus;
|
|
317
|
+
error: {
|
|
318
|
+
code: string;
|
|
319
|
+
message: string;
|
|
320
|
+
};
|
|
321
|
+
};
|
|
322
|
+
|
|
323
|
+
interface CceWitnessStore {
|
|
324
|
+
record(witness: CceWitnessRecord): Promise<void>;
|
|
325
|
+
}
|
|
326
|
+
declare class InMemoryCceWitnessStore implements CceWitnessStore {
|
|
327
|
+
readonly records: CceWitnessRecord[];
|
|
328
|
+
record(witness: CceWitnessRecord): Promise<void>;
|
|
329
|
+
getByRequestId(requestId: string): CceWitnessRecord | undefined;
|
|
330
|
+
getByCapsuleId(capsuleId: string): CceWitnessRecord[];
|
|
331
|
+
}
|
|
332
|
+
interface CceVerificationState {
|
|
333
|
+
clientSigVerified: boolean;
|
|
334
|
+
capsuleSigVerified: boolean;
|
|
335
|
+
tpsValid: boolean;
|
|
336
|
+
audienceMatch: boolean;
|
|
337
|
+
intentMatch: boolean;
|
|
338
|
+
replayClean: boolean;
|
|
339
|
+
nonceUnique: boolean;
|
|
340
|
+
decryptionOk: boolean;
|
|
341
|
+
}
|
|
342
|
+
declare function buildWitnessRecord(envelope: CceRequestEnvelope, capsule: CceCapsuleClaims, verification: CceVerificationState, execution: {
|
|
343
|
+
status: CceResponseStatus;
|
|
344
|
+
handlerDurationMs: number;
|
|
345
|
+
effect?: string;
|
|
346
|
+
}, options: {
|
|
347
|
+
axisLocalSecret: string;
|
|
348
|
+
requestPayload?: Uint8Array;
|
|
349
|
+
responsePayload?: Uint8Array;
|
|
350
|
+
responseEncrypted: boolean;
|
|
351
|
+
}): CceWitnessRecord;
|
|
352
|
+
declare function extractVerificationState(metadata: Record<string, any>): CceVerificationState;
|
|
353
|
+
|
|
354
|
+
type AxisAlg$1 = 'EdDSA' | 'ES256' | 'RS256';
|
|
355
|
+
type CapsuleStatus = 'ACTIVE' | 'CONSUMED' | 'REVOKED' | 'EXPIRED';
|
|
356
|
+
type CapsuleMode = 'SINGLE_USE' | 'MULTI_USE';
|
|
357
|
+
type KeyStatus = 'ACTIVE' | 'GRACE' | 'REVOKED' | 'RETIRED';
|
|
358
|
+
interface AxisSig$1 {
|
|
359
|
+
alg: AxisAlg$1;
|
|
360
|
+
kid: string;
|
|
361
|
+
value: string;
|
|
362
|
+
}
|
|
363
|
+
interface AxisPacket$1<T = any> {
|
|
364
|
+
v: 1;
|
|
365
|
+
pid: string;
|
|
366
|
+
nonce: string;
|
|
367
|
+
ts: number;
|
|
368
|
+
actorId: string;
|
|
369
|
+
opcode: string;
|
|
370
|
+
body: T;
|
|
371
|
+
sig: AxisSig$1;
|
|
372
|
+
}
|
|
373
|
+
interface AxisCapsuleConstraints {
|
|
374
|
+
maxAmount?: number;
|
|
375
|
+
maxCount?: number;
|
|
376
|
+
ttlSeconds?: number;
|
|
377
|
+
ipCidrAllow?: string[];
|
|
378
|
+
countryAllow?: string[];
|
|
379
|
+
deviceIdAllow?: string[];
|
|
380
|
+
sessionIdLock?: string;
|
|
381
|
+
nonceRequired?: boolean;
|
|
382
|
+
}
|
|
383
|
+
interface TickWindow {
|
|
384
|
+
start: number;
|
|
385
|
+
end: number;
|
|
386
|
+
}
|
|
387
|
+
interface AxisCapsulePayload {
|
|
388
|
+
v: 1;
|
|
389
|
+
capsuleId: string;
|
|
390
|
+
actorId: string;
|
|
391
|
+
issuer: string;
|
|
392
|
+
audience: string;
|
|
393
|
+
subject?: string;
|
|
394
|
+
intent: string;
|
|
395
|
+
scopes: string[];
|
|
396
|
+
actions?: string[];
|
|
397
|
+
iat: number;
|
|
398
|
+
nbf?: number;
|
|
399
|
+
exp: number;
|
|
400
|
+
tickWindow?: TickWindow;
|
|
401
|
+
mode: CapsuleMode;
|
|
402
|
+
maxUses: number;
|
|
403
|
+
nonceSeed?: string;
|
|
404
|
+
policyRefs?: string[];
|
|
405
|
+
riskScore?: number;
|
|
406
|
+
constraints?: AxisCapsuleConstraints;
|
|
407
|
+
meta?: Record<string, unknown>;
|
|
408
|
+
}
|
|
409
|
+
interface AxisCapsule {
|
|
410
|
+
payload: AxisCapsulePayload;
|
|
411
|
+
sig: AxisSig$1;
|
|
412
|
+
}
|
|
413
|
+
interface CapsuleIssueBody {
|
|
414
|
+
intent: string;
|
|
415
|
+
audience: string;
|
|
416
|
+
scopes: string[];
|
|
417
|
+
subject?: string;
|
|
418
|
+
mode: CapsuleMode;
|
|
419
|
+
maxUses?: number;
|
|
420
|
+
expSeconds?: number;
|
|
421
|
+
constraints?: AxisCapsuleConstraints;
|
|
422
|
+
hints?: {
|
|
423
|
+
ip?: string;
|
|
424
|
+
ua?: string;
|
|
425
|
+
deviceId?: string;
|
|
426
|
+
geo?: string;
|
|
427
|
+
};
|
|
428
|
+
}
|
|
429
|
+
interface CapsuleBatchBody extends Omit<CapsuleIssueBody, 'mode' | 'maxUses'> {
|
|
430
|
+
count: number;
|
|
431
|
+
mode: 'SINGLE_USE';
|
|
432
|
+
}
|
|
433
|
+
interface IntentExecBody {
|
|
434
|
+
intent: string;
|
|
435
|
+
capsule: AxisCapsule;
|
|
436
|
+
execNonce?: string;
|
|
437
|
+
args: Record<string, any>;
|
|
438
|
+
}
|
|
439
|
+
interface CapsuleRevokeBody {
|
|
440
|
+
capsuleId: string;
|
|
441
|
+
reason: string;
|
|
442
|
+
}
|
|
443
|
+
interface AxisResponse$1<T = any> {
|
|
444
|
+
ok: boolean;
|
|
445
|
+
pid: string;
|
|
446
|
+
decisionId: string;
|
|
447
|
+
code: string;
|
|
448
|
+
message?: string;
|
|
449
|
+
data?: T;
|
|
450
|
+
meta?: Record<string, unknown>;
|
|
451
|
+
}
|
|
452
|
+
interface CapsuleIssueResult {
|
|
453
|
+
capsule: AxisCapsule;
|
|
454
|
+
}
|
|
455
|
+
interface CapsuleBatchResult {
|
|
456
|
+
capsules: AxisCapsule[];
|
|
457
|
+
}
|
|
458
|
+
interface ActorKeyRecord {
|
|
459
|
+
id: Buffer;
|
|
460
|
+
actor_id: string;
|
|
461
|
+
key_id: string;
|
|
462
|
+
algorithm: string;
|
|
463
|
+
public_key: Buffer;
|
|
464
|
+
purpose: string;
|
|
465
|
+
status: KeyStatus;
|
|
466
|
+
is_primary: boolean;
|
|
467
|
+
not_before: Date | null;
|
|
468
|
+
expires_at: Date | null;
|
|
469
|
+
rotated_from_key_id: string | null;
|
|
470
|
+
revoked_at: Date | null;
|
|
471
|
+
revocation_reason: string | null;
|
|
472
|
+
metadata: any;
|
|
473
|
+
created_at: Date;
|
|
474
|
+
updated_at: Date;
|
|
475
|
+
}
|
|
476
|
+
interface IssuerKeyRecord {
|
|
477
|
+
id: Buffer;
|
|
478
|
+
kid: string;
|
|
479
|
+
issuer_id: string;
|
|
480
|
+
alg: string;
|
|
481
|
+
public_key_pem: string;
|
|
482
|
+
status: KeyStatus;
|
|
483
|
+
not_before: Date | null;
|
|
484
|
+
not_after: Date | null;
|
|
485
|
+
fingerprint: string | null;
|
|
486
|
+
metadata: any;
|
|
487
|
+
created_at: Date;
|
|
488
|
+
updated_at: Date;
|
|
489
|
+
}
|
|
490
|
+
interface CapsuleRecord {
|
|
491
|
+
id: Buffer;
|
|
492
|
+
capsule_id: string;
|
|
493
|
+
actor_id: string;
|
|
494
|
+
intent: string;
|
|
495
|
+
audience: string;
|
|
496
|
+
issuer: string;
|
|
497
|
+
subject: string | null;
|
|
498
|
+
status: CapsuleStatus;
|
|
499
|
+
mode: CapsuleMode;
|
|
500
|
+
max_uses: number;
|
|
501
|
+
used_count: number;
|
|
502
|
+
iat: Date;
|
|
503
|
+
nbf: Date | null;
|
|
504
|
+
exp: Date;
|
|
505
|
+
scopes_json: any;
|
|
506
|
+
constraints_json: any;
|
|
507
|
+
policy_refs_json: any;
|
|
508
|
+
risk_score: number | null;
|
|
509
|
+
payload_hash: Buffer;
|
|
510
|
+
sig_alg: string;
|
|
511
|
+
sig_kid: string;
|
|
512
|
+
sig_value: Buffer;
|
|
513
|
+
created_at: Date;
|
|
514
|
+
updated_at: Date;
|
|
515
|
+
last_used_at: Date | null;
|
|
516
|
+
}
|
|
517
|
+
|
|
518
|
+
type AxisAlg = Extract<AxisAlg$1, 'EdDSA'>;
|
|
519
|
+
type AxisSig = AxisSig$1 & {
|
|
520
|
+
alg: AxisAlg;
|
|
521
|
+
};
|
|
522
|
+
interface AxisFrame$1<T = any> {
|
|
523
|
+
v: 1;
|
|
524
|
+
pid: string;
|
|
525
|
+
nonce: string;
|
|
526
|
+
ts: number;
|
|
527
|
+
actorId: string;
|
|
528
|
+
aud?: string;
|
|
529
|
+
opcode: string;
|
|
530
|
+
headers: Map<number, Uint8Array>;
|
|
531
|
+
body: T;
|
|
532
|
+
sig: AxisSig;
|
|
533
|
+
}
|
|
534
|
+
type AxisResponse<T = any> = AxisResponse$1<T> & {
|
|
535
|
+
policyRefs?: string[];
|
|
536
|
+
riskScore?: number;
|
|
537
|
+
};
|
|
538
|
+
interface AxisObservedContext {
|
|
539
|
+
ip?: string;
|
|
540
|
+
ua?: string;
|
|
541
|
+
geo?: string;
|
|
542
|
+
}
|
|
543
|
+
interface AxisRequestContext {
|
|
544
|
+
observed: AxisObservedContext;
|
|
545
|
+
actorKeyKid?: string;
|
|
546
|
+
issuerKeyKid?: string;
|
|
547
|
+
decisionId: string;
|
|
548
|
+
actorId: string;
|
|
549
|
+
aud?: string;
|
|
550
|
+
opcode: string;
|
|
551
|
+
deviceId?: string;
|
|
552
|
+
sessionId?: string;
|
|
553
|
+
}
|
|
554
|
+
|
|
555
|
+
interface SensorPhaseMetadata {
|
|
556
|
+
phase: 'PRE_DECODE' | 'POST_DECODE';
|
|
557
|
+
dependencies?: string[];
|
|
558
|
+
asyncOk?: boolean;
|
|
559
|
+
cryptoOk?: boolean;
|
|
560
|
+
description?: string;
|
|
561
|
+
}
|
|
562
|
+
interface AxisSensor {
|
|
563
|
+
readonly name: string;
|
|
564
|
+
readonly order?: number;
|
|
565
|
+
phase?: SensorPhaseMetadata | 'PRE_DECODE' | 'POST_DECODE';
|
|
566
|
+
supports?(input: SensorInput): boolean;
|
|
567
|
+
run(input: SensorInput): Promise<SensorDecision>;
|
|
568
|
+
}
|
|
569
|
+
interface AxisSensorInit extends AxisSensor {
|
|
570
|
+
onModuleInit?(): void | Promise<void>;
|
|
571
|
+
}
|
|
572
|
+
interface AxisPreSensor extends AxisSensor {
|
|
573
|
+
phase: 'PRE_DECODE';
|
|
574
|
+
}
|
|
575
|
+
interface AxisPostSensor extends AxisSensor {
|
|
576
|
+
phase: 'POST_DECODE';
|
|
577
|
+
}
|
|
578
|
+
interface SensorInput {
|
|
579
|
+
rawBytes?: Buffer | Uint8Array;
|
|
580
|
+
intent?: string;
|
|
581
|
+
ip?: string;
|
|
582
|
+
path?: string;
|
|
583
|
+
contentLength?: number;
|
|
584
|
+
peek?: Uint8Array;
|
|
585
|
+
country?: string;
|
|
586
|
+
clientId?: string;
|
|
587
|
+
isWs?: boolean;
|
|
588
|
+
metadata?: Record<string, any>;
|
|
589
|
+
actorId?: string;
|
|
590
|
+
opcode?: string;
|
|
591
|
+
aud?: string;
|
|
592
|
+
observed?: AxisObservedContext;
|
|
593
|
+
frameBody?: any;
|
|
594
|
+
deviceId?: string;
|
|
595
|
+
sessionId?: string;
|
|
596
|
+
packet?: Record<string, any>;
|
|
597
|
+
[key: string]: any;
|
|
598
|
+
}
|
|
599
|
+
declare enum Decision {
|
|
600
|
+
ALLOW = "ALLOW",
|
|
601
|
+
DENY = "DENY",
|
|
602
|
+
THROTTLE = "THROTTLE",
|
|
603
|
+
FLAG = "FLAG"
|
|
604
|
+
}
|
|
605
|
+
type SensorDecision = {
|
|
606
|
+
decision?: Decision;
|
|
607
|
+
allow: boolean;
|
|
608
|
+
riskScore: number;
|
|
609
|
+
reasons: string[];
|
|
610
|
+
code?: string;
|
|
611
|
+
retryAfterMs?: number;
|
|
612
|
+
scoreDelta?: number;
|
|
613
|
+
tags?: Record<string, any>;
|
|
614
|
+
meta?: any;
|
|
615
|
+
tighten?: {
|
|
616
|
+
expSecondsMax?: number;
|
|
617
|
+
constraintsPatch?: Record<string, any>;
|
|
618
|
+
};
|
|
619
|
+
} | {
|
|
620
|
+
action: 'ALLOW';
|
|
621
|
+
meta?: any;
|
|
622
|
+
} | {
|
|
623
|
+
action: 'DENY';
|
|
624
|
+
code: string;
|
|
625
|
+
reason?: string;
|
|
626
|
+
retryAfterMs?: number;
|
|
627
|
+
meta?: any;
|
|
628
|
+
} | {
|
|
629
|
+
action: 'THROTTLE';
|
|
630
|
+
retryAfterMs: number;
|
|
631
|
+
meta?: any;
|
|
632
|
+
} | {
|
|
633
|
+
action: 'FLAG';
|
|
634
|
+
scoreDelta: number;
|
|
635
|
+
reasons: string[];
|
|
636
|
+
meta?: any;
|
|
637
|
+
};
|
|
638
|
+
type SensorMinifiedDecision = {
|
|
639
|
+
allow: boolean;
|
|
640
|
+
riskScore: number;
|
|
641
|
+
reasons: string[];
|
|
642
|
+
tags?: Record<string, any>;
|
|
643
|
+
meta?: any;
|
|
644
|
+
tighten?: {
|
|
645
|
+
expSecondsMax?: number;
|
|
646
|
+
constraintsPatch?: Record<string, any>;
|
|
647
|
+
};
|
|
648
|
+
retryAfterMs?: number;
|
|
649
|
+
};
|
|
650
|
+
declare function normalizeSensorDecision(sensorDecision: SensorDecision): SensorMinifiedDecision;
|
|
651
|
+
declare const SensorDecisions: {
|
|
652
|
+
allow(meta?: any, tags?: Record<string, any>): SensorDecision;
|
|
653
|
+
deny(code: string, reason?: string, meta?: any): SensorDecision;
|
|
654
|
+
throttle(retryAfterMs: number, meta?: any): SensorDecision;
|
|
655
|
+
flag(scoreDelta: number, reasons: string[], meta?: any): SensorDecision;
|
|
656
|
+
};
|
|
657
|
+
|
|
658
|
+
type CceHandler = (payload: Uint8Array, context: CceHandlerContext) => Promise<CceHandlerResult>;
|
|
659
|
+
interface CceHandlerContext {
|
|
660
|
+
capsule: CceCapsuleClaims;
|
|
661
|
+
executionContext: CceExecutionContext;
|
|
662
|
+
envelope: CceRequestEnvelope;
|
|
663
|
+
clientPublicKeyHex: string;
|
|
664
|
+
intent: string;
|
|
665
|
+
sub: string;
|
|
666
|
+
}
|
|
667
|
+
interface CceHandlerResult {
|
|
668
|
+
status: CceResponseStatus;
|
|
669
|
+
body: Uint8Array;
|
|
670
|
+
effect?: string;
|
|
671
|
+
}
|
|
672
|
+
interface CcePipelineConfig {
|
|
673
|
+
axisLocalSecret: string;
|
|
674
|
+
axisAudience: string;
|
|
675
|
+
sensors: AxisSensor[];
|
|
676
|
+
handlers: Map<string, CceHandler>;
|
|
677
|
+
witnessStore: CceWitnessStore;
|
|
678
|
+
clientKeyEncryptor: CceClientKeyEncryptor;
|
|
679
|
+
axisSigner: CceAxisSigner;
|
|
680
|
+
}
|
|
681
|
+
type CcePipelineResult = {
|
|
682
|
+
ok: true;
|
|
683
|
+
response: CceResponseEnvelope;
|
|
684
|
+
witnessId: string;
|
|
685
|
+
} | {
|
|
686
|
+
ok: false;
|
|
687
|
+
error: {
|
|
688
|
+
code: string;
|
|
689
|
+
message: string;
|
|
690
|
+
};
|
|
691
|
+
status: CceResponseStatus;
|
|
692
|
+
};
|
|
693
|
+
declare function executeCcePipeline(envelope: CceRequestEnvelope, config: CcePipelineConfig): Promise<CcePipelineResult>;
|
|
107
694
|
|
|
108
695
|
interface IntentSchema$1 {
|
|
109
696
|
intent: string;
|
|
110
697
|
version: number;
|
|
111
|
-
bodyProfile:
|
|
698
|
+
bodyProfile: "TLV_MAP" | "RAW" | "TLV_OBJ" | "TLV_ARR";
|
|
112
699
|
fields: Array<{
|
|
113
700
|
name: string;
|
|
114
701
|
tlv: number;
|
|
115
|
-
kind: IntentTlvField[
|
|
702
|
+
kind: IntentTlvField["kind"];
|
|
116
703
|
required?: boolean;
|
|
117
704
|
maxLen?: number;
|
|
118
705
|
max?: string;
|
|
119
|
-
scope?:
|
|
706
|
+
scope?: "header" | "body";
|
|
120
707
|
}>;
|
|
121
708
|
}
|
|
122
709
|
interface AxisEffect {
|
|
@@ -136,6 +723,8 @@ declare class IntentRouter {
|
|
|
136
723
|
private intentSchemas;
|
|
137
724
|
private intentValidators;
|
|
138
725
|
private intentKinds;
|
|
726
|
+
private cceHandlers;
|
|
727
|
+
private ccePipelineConfig;
|
|
139
728
|
constructor(moduleRef?: ModuleRef | undefined);
|
|
140
729
|
getSchema(intent: string): IntentSchema$1 | undefined;
|
|
141
730
|
getValidators(intent: string): Map<number, TlvValidatorFn[]> | undefined;
|
|
@@ -152,11 +741,26 @@ declare class IntentRouter {
|
|
|
152
741
|
registerHandler(instance: any): void;
|
|
153
742
|
route(frame: AxisFrame$2): Promise<AxisEffect>;
|
|
154
743
|
private logIntent;
|
|
155
|
-
registerIntentMeta(intent: string, proto: object, methodName: string): void;
|
|
744
|
+
registerIntentMeta(intent: string, proto: object, methodName: string, handlerSensors?: Function[]): void;
|
|
156
745
|
private runIntentSensors;
|
|
746
|
+
configureCce(config: Omit<CcePipelineConfig, "handlers">): void;
|
|
747
|
+
registerCceHandler(intent: string, handler: CceHandler): void;
|
|
748
|
+
hasCceHandler(intent: string): boolean;
|
|
749
|
+
routeCce(envelope: CceRequestEnvelope): Promise<CcePipelineResult>;
|
|
157
750
|
private storeSchema;
|
|
158
751
|
}
|
|
159
752
|
|
|
753
|
+
declare const BAND: {
|
|
754
|
+
readonly WIRE: 0;
|
|
755
|
+
readonly IDENTITY: 40;
|
|
756
|
+
readonly POLICY: 90;
|
|
757
|
+
readonly CONTENT: 140;
|
|
758
|
+
readonly BUSINESS: 200;
|
|
759
|
+
readonly AUDIT: 900;
|
|
760
|
+
};
|
|
761
|
+
type SensorBand = keyof typeof BAND;
|
|
762
|
+
declare const PRE_DECODE_BOUNDARY = 40;
|
|
763
|
+
|
|
160
764
|
declare function stableJsonStringify(value: unknown): string;
|
|
161
765
|
|
|
162
766
|
interface ObservationStage {
|
|
@@ -498,216 +1102,52 @@ declare function packPasskeyLoginOptionsRes(params: {
|
|
|
498
1102
|
type: string;
|
|
499
1103
|
transports?: string[];
|
|
500
1104
|
}[];
|
|
501
|
-
}): Buffer;
|
|
502
|
-
declare const Schema2012_PasskeyLoginVerifyRes: Ats1SchemaDescriptor;
|
|
503
|
-
declare function packPasskeyLoginVerifyRes(params: {
|
|
504
|
-
actorId: string;
|
|
505
|
-
keyId: string;
|
|
506
|
-
capsule: Buffer;
|
|
507
|
-
expiresAt: bigint;
|
|
508
|
-
}): Buffer;
|
|
509
|
-
|
|
510
|
-
type Axis1FrameToEncode = {
|
|
511
|
-
ver: number;
|
|
512
|
-
flags: number;
|
|
513
|
-
hdr: Buffer;
|
|
514
|
-
body: Buffer;
|
|
515
|
-
sig: Buffer;
|
|
516
|
-
};
|
|
517
|
-
declare function encodeAxis1Frame(f: Axis1FrameToEncode): Buffer;
|
|
518
|
-
|
|
519
|
-
declare function axis1SigningBytes(params: {
|
|
520
|
-
ver: number;
|
|
521
|
-
flags: number;
|
|
522
|
-
hdr: Buffer;
|
|
523
|
-
body: Buffer;
|
|
524
|
-
}): Buffer;
|
|
525
|
-
|
|
526
|
-
declare function encVarint(x: bigint): Buffer;
|
|
527
|
-
declare function varintU(x: number | bigint): Buffer;
|
|
528
|
-
declare function u64be(x: bigint): Buffer;
|
|
529
|
-
declare function utf8(s: string): Buffer;
|
|
530
|
-
declare function bytes(b: Uint8Array | Buffer): Buffer;
|
|
531
|
-
declare function nonce16(): Buffer;
|
|
532
|
-
declare function tlv(type: number, value: Buffer): Buffer;
|
|
533
|
-
declare function buildTLVs(items: {
|
|
534
|
-
type: number;
|
|
535
|
-
value: Buffer;
|
|
536
|
-
}[], opts?: {
|
|
537
|
-
allowDupTypes?: Set<number>;
|
|
538
|
-
}): Buffer;
|
|
539
|
-
|
|
540
|
-
declare function b64urlEncode(buf: Buffer): string;
|
|
541
|
-
declare function b64urlDecode(str: string): Buffer;
|
|
542
|
-
declare function b64urlEncodeString(str: string, encoding?: BufferEncoding): string;
|
|
543
|
-
declare function b64urlDecodeString(str: string, encoding?: BufferEncoding): string;
|
|
544
|
-
|
|
545
|
-
declare function canonicalJson(value: any): string;
|
|
546
|
-
declare function canonicalJsonExcluding(obj: Record<string, any>, exclude: string[]): string;
|
|
547
|
-
|
|
548
|
-
type AxisAlg$1 = 'EdDSA' | 'ES256' | 'RS256';
|
|
549
|
-
type CapsuleStatus = 'ACTIVE' | 'CONSUMED' | 'REVOKED' | 'EXPIRED';
|
|
550
|
-
type CapsuleMode = 'SINGLE_USE' | 'MULTI_USE';
|
|
551
|
-
type KeyStatus = 'ACTIVE' | 'GRACE' | 'REVOKED' | 'RETIRED';
|
|
552
|
-
interface AxisSig$1 {
|
|
553
|
-
alg: AxisAlg$1;
|
|
554
|
-
kid: string;
|
|
555
|
-
value: string;
|
|
556
|
-
}
|
|
557
|
-
interface AxisPacket$1<T = any> {
|
|
558
|
-
v: 1;
|
|
559
|
-
pid: string;
|
|
560
|
-
nonce: string;
|
|
561
|
-
ts: number;
|
|
562
|
-
actorId: string;
|
|
563
|
-
opcode: string;
|
|
564
|
-
body: T;
|
|
565
|
-
sig: AxisSig$1;
|
|
566
|
-
}
|
|
567
|
-
interface AxisCapsuleConstraints {
|
|
568
|
-
maxAmount?: number;
|
|
569
|
-
maxCount?: number;
|
|
570
|
-
ttlSeconds?: number;
|
|
571
|
-
ipCidrAllow?: string[];
|
|
572
|
-
countryAllow?: string[];
|
|
573
|
-
deviceIdAllow?: string[];
|
|
574
|
-
sessionIdLock?: string;
|
|
575
|
-
nonceRequired?: boolean;
|
|
576
|
-
}
|
|
577
|
-
interface TickWindow {
|
|
578
|
-
start: number;
|
|
579
|
-
end: number;
|
|
580
|
-
}
|
|
581
|
-
interface AxisCapsulePayload {
|
|
582
|
-
v: 1;
|
|
583
|
-
capsuleId: string;
|
|
584
|
-
actorId: string;
|
|
585
|
-
issuer: string;
|
|
586
|
-
audience: string;
|
|
587
|
-
subject?: string;
|
|
588
|
-
intent: string;
|
|
589
|
-
scopes: string[];
|
|
590
|
-
actions?: string[];
|
|
591
|
-
iat: number;
|
|
592
|
-
nbf?: number;
|
|
593
|
-
exp: number;
|
|
594
|
-
tickWindow?: TickWindow;
|
|
595
|
-
mode: CapsuleMode;
|
|
596
|
-
maxUses: number;
|
|
597
|
-
nonceSeed?: string;
|
|
598
|
-
policyRefs?: string[];
|
|
599
|
-
riskScore?: number;
|
|
600
|
-
constraints?: AxisCapsuleConstraints;
|
|
601
|
-
meta?: Record<string, unknown>;
|
|
602
|
-
}
|
|
603
|
-
interface AxisCapsule {
|
|
604
|
-
payload: AxisCapsulePayload;
|
|
605
|
-
sig: AxisSig$1;
|
|
606
|
-
}
|
|
607
|
-
interface CapsuleIssueBody {
|
|
608
|
-
intent: string;
|
|
609
|
-
audience: string;
|
|
610
|
-
scopes: string[];
|
|
611
|
-
subject?: string;
|
|
612
|
-
mode: CapsuleMode;
|
|
613
|
-
maxUses?: number;
|
|
614
|
-
expSeconds?: number;
|
|
615
|
-
constraints?: AxisCapsuleConstraints;
|
|
616
|
-
hints?: {
|
|
617
|
-
ip?: string;
|
|
618
|
-
ua?: string;
|
|
619
|
-
deviceId?: string;
|
|
620
|
-
geo?: string;
|
|
621
|
-
};
|
|
622
|
-
}
|
|
623
|
-
interface CapsuleBatchBody extends Omit<CapsuleIssueBody, 'mode' | 'maxUses'> {
|
|
624
|
-
count: number;
|
|
625
|
-
mode: 'SINGLE_USE';
|
|
626
|
-
}
|
|
627
|
-
interface IntentExecBody {
|
|
628
|
-
intent: string;
|
|
629
|
-
capsule: AxisCapsule;
|
|
630
|
-
execNonce?: string;
|
|
631
|
-
args: Record<string, any>;
|
|
632
|
-
}
|
|
633
|
-
interface CapsuleRevokeBody {
|
|
634
|
-
capsuleId: string;
|
|
635
|
-
reason: string;
|
|
636
|
-
}
|
|
637
|
-
interface AxisResponse$1<T = any> {
|
|
638
|
-
ok: boolean;
|
|
639
|
-
pid: string;
|
|
640
|
-
decisionId: string;
|
|
641
|
-
code: string;
|
|
642
|
-
message?: string;
|
|
643
|
-
data?: T;
|
|
644
|
-
meta?: Record<string, unknown>;
|
|
645
|
-
}
|
|
646
|
-
interface CapsuleIssueResult {
|
|
647
|
-
capsule: AxisCapsule;
|
|
648
|
-
}
|
|
649
|
-
interface CapsuleBatchResult {
|
|
650
|
-
capsules: AxisCapsule[];
|
|
651
|
-
}
|
|
652
|
-
interface ActorKeyRecord {
|
|
653
|
-
id: Buffer;
|
|
654
|
-
actor_id: string;
|
|
655
|
-
key_id: string;
|
|
656
|
-
algorithm: string;
|
|
657
|
-
public_key: Buffer;
|
|
658
|
-
purpose: string;
|
|
659
|
-
status: KeyStatus;
|
|
660
|
-
is_primary: boolean;
|
|
661
|
-
not_before: Date | null;
|
|
662
|
-
expires_at: Date | null;
|
|
663
|
-
rotated_from_key_id: string | null;
|
|
664
|
-
revoked_at: Date | null;
|
|
665
|
-
revocation_reason: string | null;
|
|
666
|
-
metadata: any;
|
|
667
|
-
created_at: Date;
|
|
668
|
-
updated_at: Date;
|
|
669
|
-
}
|
|
670
|
-
interface IssuerKeyRecord {
|
|
671
|
-
id: Buffer;
|
|
672
|
-
kid: string;
|
|
673
|
-
issuer_id: string;
|
|
674
|
-
alg: string;
|
|
675
|
-
public_key_pem: string;
|
|
676
|
-
status: KeyStatus;
|
|
677
|
-
not_before: Date | null;
|
|
678
|
-
not_after: Date | null;
|
|
679
|
-
fingerprint: string | null;
|
|
680
|
-
metadata: any;
|
|
681
|
-
created_at: Date;
|
|
682
|
-
updated_at: Date;
|
|
683
|
-
}
|
|
684
|
-
interface CapsuleRecord {
|
|
685
|
-
id: Buffer;
|
|
686
|
-
capsule_id: string;
|
|
687
|
-
actor_id: string;
|
|
688
|
-
intent: string;
|
|
689
|
-
audience: string;
|
|
690
|
-
issuer: string;
|
|
691
|
-
subject: string | null;
|
|
692
|
-
status: CapsuleStatus;
|
|
693
|
-
mode: CapsuleMode;
|
|
694
|
-
max_uses: number;
|
|
695
|
-
used_count: number;
|
|
696
|
-
iat: Date;
|
|
697
|
-
nbf: Date | null;
|
|
698
|
-
exp: Date;
|
|
699
|
-
scopes_json: any;
|
|
700
|
-
constraints_json: any;
|
|
701
|
-
policy_refs_json: any;
|
|
702
|
-
risk_score: number | null;
|
|
703
|
-
payload_hash: Buffer;
|
|
704
|
-
sig_alg: string;
|
|
705
|
-
sig_kid: string;
|
|
706
|
-
sig_value: Buffer;
|
|
707
|
-
created_at: Date;
|
|
708
|
-
updated_at: Date;
|
|
709
|
-
last_used_at: Date | null;
|
|
710
|
-
}
|
|
1105
|
+
}): Buffer;
|
|
1106
|
+
declare const Schema2012_PasskeyLoginVerifyRes: Ats1SchemaDescriptor;
|
|
1107
|
+
declare function packPasskeyLoginVerifyRes(params: {
|
|
1108
|
+
actorId: string;
|
|
1109
|
+
keyId: string;
|
|
1110
|
+
capsule: Buffer;
|
|
1111
|
+
expiresAt: bigint;
|
|
1112
|
+
}): Buffer;
|
|
1113
|
+
|
|
1114
|
+
type Axis1FrameToEncode = {
|
|
1115
|
+
ver: number;
|
|
1116
|
+
flags: number;
|
|
1117
|
+
hdr: Buffer;
|
|
1118
|
+
body: Buffer;
|
|
1119
|
+
sig: Buffer;
|
|
1120
|
+
};
|
|
1121
|
+
declare function encodeAxis1Frame(f: Axis1FrameToEncode): Buffer;
|
|
1122
|
+
|
|
1123
|
+
declare function axis1SigningBytes(params: {
|
|
1124
|
+
ver: number;
|
|
1125
|
+
flags: number;
|
|
1126
|
+
hdr: Buffer;
|
|
1127
|
+
body: Buffer;
|
|
1128
|
+
}): Buffer;
|
|
1129
|
+
|
|
1130
|
+
declare function encVarint(x: bigint): Buffer;
|
|
1131
|
+
declare function varintU(x: number | bigint): Buffer;
|
|
1132
|
+
declare function u64be(x: bigint): Buffer;
|
|
1133
|
+
declare function utf8(s: string): Buffer;
|
|
1134
|
+
declare function bytes(b: Uint8Array | Buffer): Buffer;
|
|
1135
|
+
declare function nonce16(): Buffer;
|
|
1136
|
+
declare function tlv(type: number, value: Buffer): Buffer;
|
|
1137
|
+
declare function buildTLVs(items: {
|
|
1138
|
+
type: number;
|
|
1139
|
+
value: Buffer;
|
|
1140
|
+
}[], opts?: {
|
|
1141
|
+
allowDupTypes?: Set<number>;
|
|
1142
|
+
}): Buffer;
|
|
1143
|
+
|
|
1144
|
+
declare function b64urlEncode(buf: Buffer): string;
|
|
1145
|
+
declare function b64urlDecode(str: string): Buffer;
|
|
1146
|
+
declare function b64urlEncodeString(str: string, encoding?: BufferEncoding): string;
|
|
1147
|
+
declare function b64urlDecodeString(str: string, encoding?: BufferEncoding): string;
|
|
1148
|
+
|
|
1149
|
+
declare function canonicalJson(value: any): string;
|
|
1150
|
+
declare function canonicalJsonExcluding(obj: Record<string, any>, exclude: string[]): string;
|
|
711
1151
|
|
|
712
1152
|
declare class ContractViolationError extends Error {
|
|
713
1153
|
code: string;
|
|
@@ -784,146 +1224,6 @@ type AxisPacket = {
|
|
|
784
1224
|
};
|
|
785
1225
|
declare function buildPacket(hdr: Buffer, body: Buffer, sig: Buffer, flags?: number): AxisPacket;
|
|
786
1226
|
|
|
787
|
-
type AxisAlg = Extract<AxisAlg$1, 'EdDSA'>;
|
|
788
|
-
type AxisSig = AxisSig$1 & {
|
|
789
|
-
alg: AxisAlg;
|
|
790
|
-
};
|
|
791
|
-
interface AxisFrame$1<T = any> {
|
|
792
|
-
v: 1;
|
|
793
|
-
pid: string;
|
|
794
|
-
nonce: string;
|
|
795
|
-
ts: number;
|
|
796
|
-
actorId: string;
|
|
797
|
-
aud?: string;
|
|
798
|
-
opcode: string;
|
|
799
|
-
headers: Map<number, Uint8Array>;
|
|
800
|
-
body: T;
|
|
801
|
-
sig: AxisSig;
|
|
802
|
-
}
|
|
803
|
-
type AxisResponse<T = any> = AxisResponse$1<T> & {
|
|
804
|
-
policyRefs?: string[];
|
|
805
|
-
riskScore?: number;
|
|
806
|
-
};
|
|
807
|
-
interface AxisObservedContext {
|
|
808
|
-
ip?: string;
|
|
809
|
-
ua?: string;
|
|
810
|
-
geo?: string;
|
|
811
|
-
}
|
|
812
|
-
interface AxisRequestContext {
|
|
813
|
-
observed: AxisObservedContext;
|
|
814
|
-
actorKeyKid?: string;
|
|
815
|
-
issuerKeyKid?: string;
|
|
816
|
-
decisionId: string;
|
|
817
|
-
actorId: string;
|
|
818
|
-
aud?: string;
|
|
819
|
-
opcode: string;
|
|
820
|
-
deviceId?: string;
|
|
821
|
-
sessionId?: string;
|
|
822
|
-
}
|
|
823
|
-
|
|
824
|
-
interface SensorPhaseMetadata {
|
|
825
|
-
phase: 'PRE_DECODE' | 'POST_DECODE';
|
|
826
|
-
dependencies?: string[];
|
|
827
|
-
asyncOk?: boolean;
|
|
828
|
-
cryptoOk?: boolean;
|
|
829
|
-
description?: string;
|
|
830
|
-
}
|
|
831
|
-
interface AxisSensor {
|
|
832
|
-
readonly name: string;
|
|
833
|
-
readonly order?: number;
|
|
834
|
-
phase?: SensorPhaseMetadata | 'PRE_DECODE' | 'POST_DECODE';
|
|
835
|
-
supports?(input: SensorInput): boolean;
|
|
836
|
-
run(input: SensorInput): Promise<SensorDecision>;
|
|
837
|
-
}
|
|
838
|
-
interface AxisSensorInit extends AxisSensor {
|
|
839
|
-
onModuleInit?(): void | Promise<void>;
|
|
840
|
-
}
|
|
841
|
-
interface AxisPreSensor extends AxisSensor {
|
|
842
|
-
phase: 'PRE_DECODE';
|
|
843
|
-
}
|
|
844
|
-
interface AxisPostSensor extends AxisSensor {
|
|
845
|
-
phase: 'POST_DECODE';
|
|
846
|
-
}
|
|
847
|
-
interface SensorInput {
|
|
848
|
-
rawBytes?: Buffer | Uint8Array;
|
|
849
|
-
intent?: string;
|
|
850
|
-
ip?: string;
|
|
851
|
-
path?: string;
|
|
852
|
-
contentLength?: number;
|
|
853
|
-
peek?: Uint8Array;
|
|
854
|
-
country?: string;
|
|
855
|
-
clientId?: string;
|
|
856
|
-
isWs?: boolean;
|
|
857
|
-
metadata?: Record<string, any>;
|
|
858
|
-
actorId?: string;
|
|
859
|
-
opcode?: string;
|
|
860
|
-
aud?: string;
|
|
861
|
-
observed?: AxisObservedContext;
|
|
862
|
-
frameBody?: any;
|
|
863
|
-
deviceId?: string;
|
|
864
|
-
sessionId?: string;
|
|
865
|
-
packet?: Record<string, any>;
|
|
866
|
-
[key: string]: any;
|
|
867
|
-
}
|
|
868
|
-
declare enum Decision {
|
|
869
|
-
ALLOW = "ALLOW",
|
|
870
|
-
DENY = "DENY",
|
|
871
|
-
THROTTLE = "THROTTLE",
|
|
872
|
-
FLAG = "FLAG"
|
|
873
|
-
}
|
|
874
|
-
type SensorDecision = {
|
|
875
|
-
decision?: Decision;
|
|
876
|
-
allow: boolean;
|
|
877
|
-
riskScore: number;
|
|
878
|
-
reasons: string[];
|
|
879
|
-
code?: string;
|
|
880
|
-
retryAfterMs?: number;
|
|
881
|
-
scoreDelta?: number;
|
|
882
|
-
tags?: Record<string, any>;
|
|
883
|
-
meta?: any;
|
|
884
|
-
tighten?: {
|
|
885
|
-
expSecondsMax?: number;
|
|
886
|
-
constraintsPatch?: Record<string, any>;
|
|
887
|
-
};
|
|
888
|
-
} | {
|
|
889
|
-
action: 'ALLOW';
|
|
890
|
-
meta?: any;
|
|
891
|
-
} | {
|
|
892
|
-
action: 'DENY';
|
|
893
|
-
code: string;
|
|
894
|
-
reason?: string;
|
|
895
|
-
retryAfterMs?: number;
|
|
896
|
-
meta?: any;
|
|
897
|
-
} | {
|
|
898
|
-
action: 'THROTTLE';
|
|
899
|
-
retryAfterMs: number;
|
|
900
|
-
meta?: any;
|
|
901
|
-
} | {
|
|
902
|
-
action: 'FLAG';
|
|
903
|
-
scoreDelta: number;
|
|
904
|
-
reasons: string[];
|
|
905
|
-
meta?: any;
|
|
906
|
-
};
|
|
907
|
-
type SensorMinifiedDecision = {
|
|
908
|
-
allow: boolean;
|
|
909
|
-
riskScore: number;
|
|
910
|
-
reasons: string[];
|
|
911
|
-
tags?: Record<string, any>;
|
|
912
|
-
meta?: any;
|
|
913
|
-
tighten?: {
|
|
914
|
-
expSecondsMax?: number;
|
|
915
|
-
constraintsPatch?: Record<string, any>;
|
|
916
|
-
};
|
|
917
|
-
retryAfterMs?: number;
|
|
918
|
-
};
|
|
919
|
-
declare function normalizeSensorDecision(sensorDecision: SensorDecision): SensorMinifiedDecision;
|
|
920
|
-
declare const SensorDecisions: {
|
|
921
|
-
allow(meta?: any, tags?: Record<string, any>): SensorDecision;
|
|
922
|
-
deny(code: string, reason?: string, meta?: any): SensorDecision;
|
|
923
|
-
throttle(retryAfterMs: number, meta?: any): SensorDecision;
|
|
924
|
-
flag(scoreDelta: number, reasons: string[], meta?: any): SensorDecision;
|
|
925
|
-
};
|
|
926
|
-
|
|
927
1227
|
interface AxisHandler {
|
|
928
1228
|
readonly name: string;
|
|
929
1229
|
readonly open?: boolean;
|
|
@@ -1097,79 +1397,7 @@ declare class DiskUploadFileStore implements UploadFileStore {
|
|
|
1097
1397
|
readFinalRange(fileId: string, filename: string | undefined, start: number, length: number): Promise<Buffer>;
|
|
1098
1398
|
hasTemp(fileId: string): Promise<boolean>;
|
|
1099
1399
|
moveTempToFinal(fileId: string, filename?: string): Promise<string>;
|
|
1100
|
-
createTempReadStream(fileId: string): NodeJS.ReadableStream;
|
|
1101
|
-
}
|
|
1102
|
-
|
|
1103
|
-
type ProofType$1 = 1 | 2 | 3 | 4;
|
|
1104
|
-
interface ProofVerificationResult {
|
|
1105
|
-
valid: boolean;
|
|
1106
|
-
actorId?: string;
|
|
1107
|
-
error?: string;
|
|
1108
|
-
metadata?: Record<string, any>;
|
|
1109
|
-
}
|
|
1110
|
-
interface MTLSContext {
|
|
1111
|
-
clientCertPem?: string;
|
|
1112
|
-
clientCertFingerprint?: string;
|
|
1113
|
-
clientCertSubject?: string;
|
|
1114
|
-
clientCertIssuer?: string;
|
|
1115
|
-
verified?: boolean;
|
|
1116
|
-
}
|
|
1117
|
-
interface DeviceSEContext {
|
|
1118
|
-
deviceId: string;
|
|
1119
|
-
signature: Uint8Array;
|
|
1120
|
-
publicKey: Uint8Array;
|
|
1121
|
-
challenge?: Uint8Array;
|
|
1122
|
-
}
|
|
1123
|
-
declare class ProofVerificationService {
|
|
1124
|
-
private readonly logger;
|
|
1125
|
-
private readonly deviceKeys;
|
|
1126
|
-
private readonly trustedCerts;
|
|
1127
|
-
verifyProof(proofType: ProofType$1, proofRef: Uint8Array, context: {
|
|
1128
|
-
signTarget?: Uint8Array;
|
|
1129
|
-
signature?: Uint8Array;
|
|
1130
|
-
mtls?: MTLSContext;
|
|
1131
|
-
deviceSE?: DeviceSEContext;
|
|
1132
|
-
}): Promise<ProofVerificationResult>;
|
|
1133
|
-
private verifyCapsuleProof;
|
|
1134
|
-
private verifyJWTProof;
|
|
1135
|
-
private verifyMTLSProof;
|
|
1136
|
-
private verifyDeviceSEProof;
|
|
1137
|
-
registerDeviceKey(deviceId: string, publicKey: Uint8Array): void;
|
|
1138
|
-
unregisterDevice(deviceId: string): boolean;
|
|
1139
|
-
registerMTLSCert(fingerprint: string, actorId: string): void;
|
|
1140
|
-
revokeMTLSCert(fingerprint: string): boolean;
|
|
1141
|
-
static calculateFingerprint(certPem: string): string;
|
|
1142
|
-
}
|
|
1143
|
-
|
|
1144
|
-
type index$8_ActorKeyRecord = ActorKeyRecord;
|
|
1145
|
-
type index$8_AxisCapsule = AxisCapsule;
|
|
1146
|
-
type index$8_AxisCapsuleConstraints = AxisCapsuleConstraints;
|
|
1147
|
-
type index$8_AxisCapsulePayload = AxisCapsulePayload;
|
|
1148
|
-
type index$8_CapsuleBatchBody = CapsuleBatchBody;
|
|
1149
|
-
type index$8_CapsuleBatchResult = CapsuleBatchResult;
|
|
1150
|
-
type index$8_CapsuleIssueBody = CapsuleIssueBody;
|
|
1151
|
-
type index$8_CapsuleIssueResult = CapsuleIssueResult;
|
|
1152
|
-
type index$8_CapsuleMode = CapsuleMode;
|
|
1153
|
-
type index$8_CapsuleRecord = CapsuleRecord;
|
|
1154
|
-
type index$8_CapsuleRevokeBody = CapsuleRevokeBody;
|
|
1155
|
-
type index$8_CapsuleStatus = CapsuleStatus;
|
|
1156
|
-
type index$8_DeviceSEContext = DeviceSEContext;
|
|
1157
|
-
type index$8_IntentExecBody = IntentExecBody;
|
|
1158
|
-
type index$8_IssuerKeyRecord = IssuerKeyRecord;
|
|
1159
|
-
type index$8_KeyStatus = KeyStatus;
|
|
1160
|
-
type index$8_MTLSContext = MTLSContext;
|
|
1161
|
-
type index$8_ProofVerificationResult = ProofVerificationResult;
|
|
1162
|
-
type index$8_ProofVerificationService = ProofVerificationService;
|
|
1163
|
-
declare const index$8_ProofVerificationService: typeof ProofVerificationService;
|
|
1164
|
-
type index$8_TickWindow = TickWindow;
|
|
1165
|
-
declare const index$8_b64urlDecode: typeof b64urlDecode;
|
|
1166
|
-
declare const index$8_b64urlDecodeString: typeof b64urlDecodeString;
|
|
1167
|
-
declare const index$8_b64urlEncode: typeof b64urlEncode;
|
|
1168
|
-
declare const index$8_b64urlEncodeString: typeof b64urlEncodeString;
|
|
1169
|
-
declare const index$8_canonicalJson: typeof canonicalJson;
|
|
1170
|
-
declare const index$8_canonicalJsonExcluding: typeof canonicalJsonExcluding;
|
|
1171
|
-
declare namespace index$8 {
|
|
1172
|
-
export { type index$8_ActorKeyRecord as ActorKeyRecord, type AxisAlg$1 as AxisAlg, type index$8_AxisCapsule as AxisCapsule, type index$8_AxisCapsuleConstraints as AxisCapsuleConstraints, type index$8_AxisCapsulePayload as AxisCapsulePayload, type AxisPacket$1 as AxisPacket, type AxisResponse$1 as AxisResponse, type AxisSig$1 as AxisSig, type index$8_CapsuleBatchBody as CapsuleBatchBody, type index$8_CapsuleBatchResult as CapsuleBatchResult, type index$8_CapsuleIssueBody as CapsuleIssueBody, type index$8_CapsuleIssueResult as CapsuleIssueResult, type index$8_CapsuleMode as CapsuleMode, type index$8_CapsuleRecord as CapsuleRecord, type index$8_CapsuleRevokeBody as CapsuleRevokeBody, type index$8_CapsuleStatus as CapsuleStatus, type index$8_DeviceSEContext as DeviceSEContext, type index$8_IntentExecBody as IntentExecBody, type index$8_IssuerKeyRecord as IssuerKeyRecord, type index$8_KeyStatus as KeyStatus, type index$8_MTLSContext as MTLSContext, type ProofType$1 as ProofType, type index$8_ProofVerificationResult as ProofVerificationResult, index$8_ProofVerificationService as ProofVerificationService, type index$8_TickWindow as TickWindow, index$8_b64urlDecode as b64urlDecode, index$8_b64urlDecodeString as b64urlDecodeString, index$8_b64urlEncode as b64urlEncode, index$8_b64urlEncodeString as b64urlEncodeString, index$8_canonicalJson as canonicalJson, index$8_canonicalJsonExcluding as canonicalJsonExcluding };
|
|
1400
|
+
createTempReadStream(fileId: string): NodeJS.ReadableStream;
|
|
1173
1401
|
}
|
|
1174
1402
|
|
|
1175
1403
|
interface AxisRequestData {
|
|
@@ -1184,53 +1412,40 @@ declare const AxisContext$1: (...dataOrPipes: unknown[]) => ParameterDecorator;
|
|
|
1184
1412
|
declare const AxisDemoPubkey: (...dataOrPipes: unknown[]) => ParameterDecorator;
|
|
1185
1413
|
declare const AxisFrame: (...dataOrPipes: unknown[]) => ParameterDecorator;
|
|
1186
1414
|
|
|
1187
|
-
declare
|
|
1188
|
-
|
|
1189
|
-
|
|
1190
|
-
|
|
1415
|
+
declare class HandlerDiscoveryService implements OnModuleInit {
|
|
1416
|
+
private readonly discovery;
|
|
1417
|
+
private readonly scanner;
|
|
1418
|
+
private readonly router;
|
|
1419
|
+
private readonly logger;
|
|
1420
|
+
constructor(discovery: DiscoveryService, scanner: MetadataScanner, router: IntentRouter);
|
|
1421
|
+
onModuleInit(): void;
|
|
1191
1422
|
}
|
|
1192
|
-
declare function Sensor(options?: SensorOptions): ClassDecorator;
|
|
1193
1423
|
|
|
1194
|
-
declare
|
|
1195
|
-
|
|
1196
|
-
|
|
1197
|
-
|
|
1198
|
-
|
|
1199
|
-
|
|
1200
|
-
|
|
1201
|
-
|
|
1202
|
-
|
|
1203
|
-
|
|
1204
|
-
|
|
1205
|
-
|
|
1206
|
-
|
|
1207
|
-
|
|
1208
|
-
|
|
1209
|
-
|
|
1210
|
-
|
|
1211
|
-
|
|
1212
|
-
|
|
1213
|
-
|
|
1214
|
-
|
|
1215
|
-
|
|
1216
|
-
|
|
1217
|
-
|
|
1218
|
-
|
|
1219
|
-
declare const index$7_TlvEnum: typeof TlvEnum;
|
|
1220
|
-
declare const index$7_TlvField: typeof TlvField;
|
|
1221
|
-
type index$7_TlvFieldKind = TlvFieldKind;
|
|
1222
|
-
type index$7_TlvFieldMeta = TlvFieldMeta;
|
|
1223
|
-
type index$7_TlvFieldOptions = TlvFieldOptions;
|
|
1224
|
-
declare const index$7_TlvMinLen: typeof TlvMinLen;
|
|
1225
|
-
declare const index$7_TlvRange: typeof TlvRange;
|
|
1226
|
-
declare const index$7_TlvUtf8Pattern: typeof TlvUtf8Pattern;
|
|
1227
|
-
declare const index$7_TlvValidate: typeof TlvValidate;
|
|
1228
|
-
type index$7_TlvValidatorFn = TlvValidatorFn;
|
|
1229
|
-
type index$7_TlvValidatorMeta = TlvValidatorMeta;
|
|
1230
|
-
declare const index$7_buildDtoDecoder: typeof buildDtoDecoder;
|
|
1231
|
-
declare const index$7_extractDtoSchema: typeof extractDtoSchema;
|
|
1232
|
-
declare namespace index$7 {
|
|
1233
|
-
export { AxisContext$1 as AxisContext, index$7_AxisDemoPubkey as AxisDemoPubkey, index$7_AxisFrame as AxisFrame, index$7_AxisIp as AxisIp, index$7_AxisRaw as AxisRaw, type index$7_AxisRequestData as AxisRequestData, type index$7_DtoSchema as DtoSchema, index$7_HANDLER_METADATA_KEY as HANDLER_METADATA_KEY, index$7_Handler as Handler, index$7_INTENT_BODY_KEY as INTENT_BODY_KEY, index$7_INTENT_METADATA_KEY as INTENT_METADATA_KEY, index$7_INTENT_ROUTES_KEY as INTENT_ROUTES_KEY, index$7_INTENT_SENSORS_KEY as INTENT_SENSORS_KEY, index$7_Intent as Intent, index$7_IntentBody as IntentBody, type index$7_IntentKind as IntentKind, type index$7_IntentOptions as IntentOptions, type index$7_IntentRoute as IntentRoute, index$7_IntentSensors as IntentSensors, type index$7_IntentTlvField as IntentTlvField, index$7_SENSOR_METADATA_KEY as SENSOR_METADATA_KEY, index$7_Sensor as Sensor, type index$7_SensorOptions as SensorOptions, type index$7_SensorPhase as SensorPhase, index$7_TLV_FIELDS_KEY as TLV_FIELDS_KEY, index$7_TLV_VALIDATORS_KEY as TLV_VALIDATORS_KEY, index$7_TlvEnum as TlvEnum, index$7_TlvField as TlvField, type index$7_TlvFieldKind as TlvFieldKind, type index$7_TlvFieldMeta as TlvFieldMeta, type index$7_TlvFieldOptions as TlvFieldOptions, index$7_TlvMinLen as TlvMinLen, index$7_TlvRange as TlvRange, index$7_TlvUtf8Pattern as TlvUtf8Pattern, index$7_TlvValidate as TlvValidate, type index$7_TlvValidatorFn as TlvValidatorFn, type index$7_TlvValidatorMeta as TlvValidatorMeta, index$7_buildDtoDecoder as buildDtoDecoder, index$7_extractDtoSchema as extractDtoSchema };
|
|
1424
|
+
declare class SensorRegistry {
|
|
1425
|
+
private readonly configService;
|
|
1426
|
+
private sensors;
|
|
1427
|
+
private readonly logger;
|
|
1428
|
+
constructor(configService: ConfigService);
|
|
1429
|
+
register(sensor: AxisSensor): void;
|
|
1430
|
+
list(): AxisSensor[];
|
|
1431
|
+
getPreDecodeSensors(): AxisPreSensor[];
|
|
1432
|
+
getPostDecodeSensors(): AxisPostSensor[];
|
|
1433
|
+
private isPreDecodeSensor;
|
|
1434
|
+
private isPostDecodeSensor;
|
|
1435
|
+
getSensorCountByPhase(): {
|
|
1436
|
+
preDecodeCount: number;
|
|
1437
|
+
postDecodeCount: number;
|
|
1438
|
+
};
|
|
1439
|
+
clear(): void;
|
|
1440
|
+
}
|
|
1441
|
+
|
|
1442
|
+
declare class SensorDiscoveryService implements OnApplicationBootstrap {
|
|
1443
|
+
private readonly discovery;
|
|
1444
|
+
private readonly reflector;
|
|
1445
|
+
private readonly registry;
|
|
1446
|
+
private readonly logger;
|
|
1447
|
+
constructor(discovery: DiscoveryService, reflector: Reflector, registry: SensorRegistry);
|
|
1448
|
+
onApplicationBootstrap(): void;
|
|
1234
1449
|
}
|
|
1235
1450
|
|
|
1236
1451
|
declare const SensorDecisionZ: z.ZodUnion<readonly [z.ZodObject<{
|
|
@@ -1680,7 +1895,7 @@ declare const ChunkHashInputZ: z.ZodObject<{
|
|
|
1680
1895
|
intent: z.ZodString;
|
|
1681
1896
|
}, z.core.$strip>;
|
|
1682
1897
|
type ChunkHashInput = z.infer<typeof ChunkHashInputZ>;
|
|
1683
|
-
declare enum ProofType {
|
|
1898
|
+
declare enum ProofType$1 {
|
|
1684
1899
|
CAPSULE = 1,
|
|
1685
1900
|
JWT = 2,
|
|
1686
1901
|
MTLS_ID = 3,
|
|
@@ -1692,7 +1907,7 @@ declare const AxisContextZ: z.ZodObject<{
|
|
|
1692
1907
|
ts: z.ZodBigInt;
|
|
1693
1908
|
intent: z.ZodString;
|
|
1694
1909
|
actorId: z.ZodCustom<Buffer<ArrayBufferLike>, Buffer<ArrayBufferLike>>;
|
|
1695
|
-
proofType: z.ZodEnum<typeof ProofType>;
|
|
1910
|
+
proofType: z.ZodEnum<typeof ProofType$1>;
|
|
1696
1911
|
proofRef: z.ZodCustom<Buffer<ArrayBufferLike>, Buffer<ArrayBufferLike>>;
|
|
1697
1912
|
nonce: z.ZodCustom<Buffer<ArrayBufferLike>, Buffer<ArrayBufferLike>>;
|
|
1698
1913
|
ip: z.ZodString;
|
|
@@ -1751,51 +1966,364 @@ interface AxisDecoded {
|
|
|
1751
1966
|
observation: AxisObservation;
|
|
1752
1967
|
}
|
|
1753
1968
|
|
|
1754
|
-
|
|
1755
|
-
|
|
1756
|
-
|
|
1757
|
-
|
|
1758
|
-
|
|
1759
|
-
|
|
1760
|
-
|
|
1969
|
+
interface ChainResult {
|
|
1970
|
+
allowed: boolean;
|
|
1971
|
+
scoreDelta: number;
|
|
1972
|
+
statusCode: number;
|
|
1973
|
+
body?: string | Buffer | Uint8Array;
|
|
1974
|
+
headers?: Map<number, Uint8Array>;
|
|
1975
|
+
}
|
|
1976
|
+
declare class AxisSensorChainService {
|
|
1977
|
+
private readonly registry;
|
|
1978
|
+
constructor(registry: SensorRegistry);
|
|
1979
|
+
evaluate(input: SensorInput, phase?: 'PRE_DECODE' | 'POST_DECODE' | 'BOTH', baseDecision?: SensorDecision): Promise<SensorDecision>;
|
|
1980
|
+
evaluatePre(input: SensorInput): Promise<SensorDecision>;
|
|
1981
|
+
evaluatePost(input: SensorInput, baseDecision?: SensorDecision): Promise<SensorDecision>;
|
|
1982
|
+
private evaluateSensors;
|
|
1983
|
+
}
|
|
1984
|
+
|
|
1985
|
+
interface CceDerivationInput {
|
|
1986
|
+
axisLocalSecret: string;
|
|
1987
|
+
capsule: CceCapsuleClaims;
|
|
1988
|
+
requestNonce: string;
|
|
1989
|
+
responseNonce?: string;
|
|
1990
|
+
}
|
|
1991
|
+
declare function deriveRequestExecutionKey(input: CceDerivationInput): Uint8Array;
|
|
1992
|
+
declare function deriveResponseExecutionKey(input: CceDerivationInput & {
|
|
1993
|
+
responseNonce: string;
|
|
1994
|
+
}): Uint8Array;
|
|
1995
|
+
declare function deriveWitnessKey(input: CceDerivationInput): Uint8Array;
|
|
1996
|
+
declare function buildExecutionContext(input: CceDerivationInput, requestId: string): CceExecutionContext;
|
|
1997
|
+
declare function generateCceNonce(): string;
|
|
1998
|
+
|
|
1999
|
+
interface CceAxisKeyProvider {
|
|
2000
|
+
unwrapKey(encryptedKeyB64: string, algorithm: string, axisKid: string, ephemeralPkB64?: string): Promise<Uint8Array | null>;
|
|
2001
|
+
}
|
|
2002
|
+
interface CceAesGcmProvider {
|
|
2003
|
+
decrypt(key: Uint8Array, iv: Uint8Array, ciphertext: Uint8Array, tag: Uint8Array, aad?: Uint8Array): Promise<Uint8Array | null>;
|
|
2004
|
+
}
|
|
2005
|
+
declare class CcePayloadDecryptionSensor implements AxisSensor {
|
|
2006
|
+
private readonly keyProvider;
|
|
2007
|
+
private readonly aesProvider;
|
|
2008
|
+
private readonly maxPayloadBytes;
|
|
2009
|
+
readonly name = "cce.payload.decryption";
|
|
2010
|
+
readonly order = 145;
|
|
2011
|
+
readonly phase: "POST_DECODE";
|
|
2012
|
+
constructor(keyProvider: CceAxisKeyProvider, aesProvider: CceAesGcmProvider, maxPayloadBytes?: number);
|
|
2013
|
+
supports(input: SensorInput): boolean;
|
|
2014
|
+
run(input: SensorInput): Promise<SensorDecision>;
|
|
1761
2015
|
}
|
|
1762
2016
|
|
|
1763
|
-
declare
|
|
1764
|
-
|
|
1765
|
-
|
|
1766
|
-
|
|
1767
|
-
readonly CONTENT: 140;
|
|
1768
|
-
readonly BUSINESS: 200;
|
|
1769
|
-
readonly AUDIT: 900;
|
|
2017
|
+
declare function aesGcmEncrypt(key: Uint8Array, plaintext: Uint8Array, aad?: Uint8Array): {
|
|
2018
|
+
iv: Uint8Array;
|
|
2019
|
+
ciphertext: Uint8Array;
|
|
2020
|
+
tag: Uint8Array;
|
|
1770
2021
|
};
|
|
1771
|
-
|
|
1772
|
-
declare
|
|
2022
|
+
declare function aesGcmDecrypt(key: Uint8Array, iv: Uint8Array, ciphertext: Uint8Array, tag: Uint8Array, aad?: Uint8Array): Uint8Array | null;
|
|
2023
|
+
declare function generateAesKey(): Uint8Array;
|
|
2024
|
+
declare function generateIv(): Uint8Array;
|
|
2025
|
+
declare function base64UrlEncode(bytes: Uint8Array): string;
|
|
2026
|
+
declare function base64UrlDecode(input: string): Uint8Array;
|
|
2027
|
+
declare function hashPayload(payload: Uint8Array): string;
|
|
2028
|
+
|
|
2029
|
+
declare const nodeAesGcmProvider: CceAesGcmProvider;
|
|
2030
|
+
|
|
2031
|
+
declare class CceEnvelopeValidationSensor implements AxisSensor {
|
|
2032
|
+
readonly name = "cce.envelope.validation";
|
|
2033
|
+
readonly order = 5;
|
|
2034
|
+
readonly phase: "PRE_DECODE";
|
|
2035
|
+
supports(input: SensorInput): boolean;
|
|
2036
|
+
run(input: SensorInput): Promise<SensorDecision>;
|
|
2037
|
+
}
|
|
1773
2038
|
|
|
1774
|
-
|
|
1775
|
-
|
|
1776
|
-
|
|
1777
|
-
|
|
1778
|
-
|
|
1779
|
-
|
|
1780
|
-
|
|
1781
|
-
|
|
1782
|
-
|
|
1783
|
-
|
|
1784
|
-
private
|
|
1785
|
-
|
|
1786
|
-
|
|
1787
|
-
|
|
1788
|
-
|
|
1789
|
-
|
|
2039
|
+
interface CceClientKeyResolver {
|
|
2040
|
+
resolve(kid: string): Promise<{
|
|
2041
|
+
publicKeyHex: string;
|
|
2042
|
+
alg: string;
|
|
2043
|
+
} | null>;
|
|
2044
|
+
}
|
|
2045
|
+
interface CceSignatureVerifier {
|
|
2046
|
+
verify(message: Uint8Array, signatureHex: string, publicKeyHex: string, alg: string): Promise<boolean>;
|
|
2047
|
+
}
|
|
2048
|
+
declare class CceClientSignatureSensor implements AxisSensor {
|
|
2049
|
+
private readonly keyResolver;
|
|
2050
|
+
private readonly signatureVerifier;
|
|
2051
|
+
readonly name = "cce.client.signature";
|
|
2052
|
+
readonly order = 45;
|
|
2053
|
+
readonly phase: "POST_DECODE";
|
|
2054
|
+
constructor(keyResolver: CceClientKeyResolver, signatureVerifier: CceSignatureVerifier);
|
|
2055
|
+
supports(input: SensorInput): boolean;
|
|
2056
|
+
run(input: SensorInput): Promise<SensorDecision>;
|
|
1790
2057
|
}
|
|
1791
2058
|
|
|
1792
|
-
|
|
1793
|
-
|
|
1794
|
-
|
|
1795
|
-
|
|
2059
|
+
interface CceIssuerKeyResolver {
|
|
2060
|
+
resolve(kid: string): Promise<{
|
|
2061
|
+
publicKeyHex: string;
|
|
2062
|
+
} | null>;
|
|
2063
|
+
}
|
|
2064
|
+
interface CceCapsuleSignatureVerifier {
|
|
2065
|
+
verify(claims: Omit<CceCapsuleClaims, "issuer_sig">, signature: {
|
|
2066
|
+
alg: string;
|
|
2067
|
+
kid: string;
|
|
2068
|
+
value: string;
|
|
2069
|
+
}, publicKeyHex: string): Promise<boolean>;
|
|
2070
|
+
}
|
|
2071
|
+
declare class CceCapsuleVerificationSensor implements AxisSensor {
|
|
2072
|
+
private readonly issuerKeyResolver;
|
|
2073
|
+
private readonly capsuleVerifier;
|
|
2074
|
+
readonly name = "cce.capsule.verification";
|
|
2075
|
+
readonly order = 50;
|
|
2076
|
+
readonly phase: "POST_DECODE";
|
|
2077
|
+
constructor(issuerKeyResolver: CceIssuerKeyResolver, capsuleVerifier: CceCapsuleSignatureVerifier);
|
|
2078
|
+
supports(input: SensorInput): boolean;
|
|
2079
|
+
run(input: SensorInput): Promise<SensorDecision>;
|
|
2080
|
+
}
|
|
2081
|
+
|
|
2082
|
+
declare class CceTpsWindowSensor implements AxisSensor {
|
|
2083
|
+
private readonly skewMs;
|
|
2084
|
+
readonly name = "cce.tps.window";
|
|
2085
|
+
readonly order = 92;
|
|
2086
|
+
readonly phase: "POST_DECODE";
|
|
2087
|
+
constructor(skewMs?: number);
|
|
2088
|
+
supports(input: SensorInput): boolean;
|
|
2089
|
+
run(input: SensorInput): Promise<SensorDecision>;
|
|
2090
|
+
}
|
|
2091
|
+
|
|
2092
|
+
declare class CceAudienceIntentBindingSensor implements AxisSensor {
|
|
2093
|
+
private readonly axisAudience;
|
|
2094
|
+
readonly name = "cce.audience.intent.binding";
|
|
2095
|
+
readonly order = 95;
|
|
2096
|
+
readonly phase: "POST_DECODE";
|
|
2097
|
+
constructor(axisAudience: string);
|
|
2098
|
+
supports(input: SensorInput): boolean;
|
|
2099
|
+
run(input: SensorInput): Promise<SensorDecision>;
|
|
2100
|
+
}
|
|
2101
|
+
|
|
2102
|
+
interface CceReplayStore {
|
|
2103
|
+
checkAndMark(key: string, ttlMs: number): Promise<boolean>;
|
|
2104
|
+
isCapsuleConsumed(capsuleId: string): Promise<boolean>;
|
|
2105
|
+
markCapsuleConsumed(capsuleId: string, ttlMs: number): Promise<void>;
|
|
2106
|
+
isCapsuleRevoked(capsuleId: string): Promise<boolean>;
|
|
2107
|
+
}
|
|
2108
|
+
declare class InMemoryCceReplayStore implements CceReplayStore {
|
|
2109
|
+
private nonces;
|
|
2110
|
+
private consumed;
|
|
2111
|
+
private revoked;
|
|
2112
|
+
checkAndMark(key: string, ttlMs: number): Promise<boolean>;
|
|
2113
|
+
isCapsuleConsumed(capsuleId: string): Promise<boolean>;
|
|
2114
|
+
markCapsuleConsumed(capsuleId: string, _ttlMs: number): Promise<void>;
|
|
2115
|
+
isCapsuleRevoked(capsuleId: string): Promise<boolean>;
|
|
2116
|
+
revoke(capsuleId: string): void;
|
|
2117
|
+
private cleanup;
|
|
2118
|
+
}
|
|
2119
|
+
declare class CceReplayProtectionSensor implements AxisSensor {
|
|
2120
|
+
private readonly replayStore;
|
|
2121
|
+
readonly name = "cce.replay.protection";
|
|
2122
|
+
readonly order = 98;
|
|
2123
|
+
readonly phase: "POST_DECODE";
|
|
2124
|
+
private readonly nonceTtlMs;
|
|
2125
|
+
constructor(replayStore: CceReplayStore, options?: {
|
|
2126
|
+
nonceTtlMs?: number;
|
|
2127
|
+
});
|
|
2128
|
+
supports(input: SensorInput): boolean;
|
|
2129
|
+
run(input: SensorInput): Promise<SensorDecision>;
|
|
2130
|
+
}
|
|
2131
|
+
|
|
2132
|
+
declare const index$9_CCE_AES_KEY_BYTES: typeof CCE_AES_KEY_BYTES;
|
|
2133
|
+
declare const index$9_CCE_DERIVATION: typeof CCE_DERIVATION;
|
|
2134
|
+
declare const index$9_CCE_ERROR: typeof CCE_ERROR;
|
|
2135
|
+
declare const index$9_CCE_IV_BYTES: typeof CCE_IV_BYTES;
|
|
2136
|
+
declare const index$9_CCE_NONCE_BYTES: typeof CCE_NONCE_BYTES;
|
|
2137
|
+
declare const index$9_CCE_PROTOCOL_VERSION: typeof CCE_PROTOCOL_VERSION;
|
|
2138
|
+
declare const index$9_CCE_TAG_BYTES: typeof CCE_TAG_BYTES;
|
|
2139
|
+
type index$9_CceAesGcmProvider = CceAesGcmProvider;
|
|
2140
|
+
type index$9_CceAlgorithm = CceAlgorithm;
|
|
2141
|
+
type index$9_CceAlgorithmDescriptor = CceAlgorithmDescriptor;
|
|
2142
|
+
type index$9_CceAudienceIntentBindingSensor = CceAudienceIntentBindingSensor;
|
|
2143
|
+
declare const index$9_CceAudienceIntentBindingSensor: typeof CceAudienceIntentBindingSensor;
|
|
2144
|
+
type index$9_CceAxisKeyProvider = CceAxisKeyProvider;
|
|
2145
|
+
type index$9_CceAxisSigner = CceAxisSigner;
|
|
2146
|
+
type index$9_CceCapsuleClaims = CceCapsuleClaims;
|
|
2147
|
+
type index$9_CceCapsuleSignatureVerifier = CceCapsuleSignatureVerifier;
|
|
2148
|
+
type index$9_CceCapsuleVerificationSensor = CceCapsuleVerificationSensor;
|
|
2149
|
+
declare const index$9_CceCapsuleVerificationSensor: typeof CceCapsuleVerificationSensor;
|
|
2150
|
+
type index$9_CceClientKeyEncryptor = CceClientKeyEncryptor;
|
|
2151
|
+
type index$9_CceClientKeyResolver = CceClientKeyResolver;
|
|
2152
|
+
type index$9_CceClientSignatureSensor = CceClientSignatureSensor;
|
|
2153
|
+
declare const index$9_CceClientSignatureSensor: typeof CceClientSignatureSensor;
|
|
2154
|
+
type index$9_CceConstraints = CceConstraints;
|
|
2155
|
+
type index$9_CceDerivationInput = CceDerivationInput;
|
|
2156
|
+
type index$9_CceEncryptedKey = CceEncryptedKey;
|
|
2157
|
+
type index$9_CceEncryptedPayload = CceEncryptedPayload;
|
|
2158
|
+
type index$9_CceEnvelopeValidationSensor = CceEnvelopeValidationSensor;
|
|
2159
|
+
declare const index$9_CceEnvelopeValidationSensor: typeof CceEnvelopeValidationSensor;
|
|
2160
|
+
type index$9_CceError = CceError;
|
|
2161
|
+
declare const index$9_CceError: typeof CceError;
|
|
2162
|
+
type index$9_CceErrorCode = CceErrorCode;
|
|
2163
|
+
type index$9_CceExecutionContext = CceExecutionContext;
|
|
2164
|
+
type index$9_CceHandler = CceHandler;
|
|
2165
|
+
type index$9_CceHandlerContext = CceHandlerContext;
|
|
2166
|
+
type index$9_CceHandlerResult = CceHandlerResult;
|
|
2167
|
+
type index$9_CceIssuerKeyResolver = CceIssuerKeyResolver;
|
|
2168
|
+
type index$9_CceKdfAlgorithm = CceKdfAlgorithm;
|
|
2169
|
+
type index$9_CceKemAlgorithm = CceKemAlgorithm;
|
|
2170
|
+
type index$9_CcePayloadDecryptionSensor = CcePayloadDecryptionSensor;
|
|
2171
|
+
declare const index$9_CcePayloadDecryptionSensor: typeof CcePayloadDecryptionSensor;
|
|
2172
|
+
type index$9_CcePipelineConfig = CcePipelineConfig;
|
|
2173
|
+
type index$9_CcePipelineResult = CcePipelineResult;
|
|
2174
|
+
type index$9_CceReplayProtectionSensor = CceReplayProtectionSensor;
|
|
2175
|
+
declare const index$9_CceReplayProtectionSensor: typeof CceReplayProtectionSensor;
|
|
2176
|
+
type index$9_CceReplayStore = CceReplayStore;
|
|
2177
|
+
type index$9_CceRequestEnvelope = CceRequestEnvelope;
|
|
2178
|
+
type index$9_CceResponseEnvelope = CceResponseEnvelope;
|
|
2179
|
+
type index$9_CceResponseOptions = CceResponseOptions;
|
|
2180
|
+
type index$9_CceResponseStatus = CceResponseStatus;
|
|
2181
|
+
type index$9_CceSignature = CceSignature;
|
|
2182
|
+
type index$9_CceSignatureVerifier = CceSignatureVerifier;
|
|
2183
|
+
type index$9_CceTpsWindowSensor = CceTpsWindowSensor;
|
|
2184
|
+
declare const index$9_CceTpsWindowSensor: typeof CceTpsWindowSensor;
|
|
2185
|
+
type index$9_CceVerificationState = CceVerificationState;
|
|
2186
|
+
type index$9_CceWitnessRecord = CceWitnessRecord;
|
|
2187
|
+
type index$9_CceWitnessStore = CceWitnessStore;
|
|
2188
|
+
type index$9_InMemoryCceReplayStore = InMemoryCceReplayStore;
|
|
2189
|
+
declare const index$9_InMemoryCceReplayStore: typeof InMemoryCceReplayStore;
|
|
2190
|
+
type index$9_InMemoryCceWitnessStore = InMemoryCceWitnessStore;
|
|
2191
|
+
declare const index$9_InMemoryCceWitnessStore: typeof InMemoryCceWitnessStore;
|
|
2192
|
+
declare const index$9_aesGcmDecrypt: typeof aesGcmDecrypt;
|
|
2193
|
+
declare const index$9_aesGcmEncrypt: typeof aesGcmEncrypt;
|
|
2194
|
+
declare const index$9_base64UrlDecode: typeof base64UrlDecode;
|
|
2195
|
+
declare const index$9_base64UrlEncode: typeof base64UrlEncode;
|
|
2196
|
+
declare const index$9_buildCceErrorResponse: typeof buildCceErrorResponse;
|
|
2197
|
+
declare const index$9_buildCceResponse: typeof buildCceResponse;
|
|
2198
|
+
declare const index$9_buildExecutionContext: typeof buildExecutionContext;
|
|
2199
|
+
declare const index$9_buildWitnessRecord: typeof buildWitnessRecord;
|
|
2200
|
+
declare const index$9_deriveRequestExecutionKey: typeof deriveRequestExecutionKey;
|
|
2201
|
+
declare const index$9_deriveResponseExecutionKey: typeof deriveResponseExecutionKey;
|
|
2202
|
+
declare const index$9_deriveWitnessKey: typeof deriveWitnessKey;
|
|
2203
|
+
declare const index$9_executeCcePipeline: typeof executeCcePipeline;
|
|
2204
|
+
declare const index$9_extractVerificationState: typeof extractVerificationState;
|
|
2205
|
+
declare const index$9_generateAesKey: typeof generateAesKey;
|
|
2206
|
+
declare const index$9_generateCceNonce: typeof generateCceNonce;
|
|
2207
|
+
declare const index$9_generateIv: typeof generateIv;
|
|
2208
|
+
declare const index$9_hashPayload: typeof hashPayload;
|
|
2209
|
+
declare const index$9_nodeAesGcmProvider: typeof nodeAesGcmProvider;
|
|
2210
|
+
declare namespace index$9 {
|
|
2211
|
+
export { index$9_CCE_AES_KEY_BYTES as CCE_AES_KEY_BYTES, index$9_CCE_DERIVATION as CCE_DERIVATION, index$9_CCE_ERROR as CCE_ERROR, index$9_CCE_IV_BYTES as CCE_IV_BYTES, index$9_CCE_NONCE_BYTES as CCE_NONCE_BYTES, index$9_CCE_PROTOCOL_VERSION as CCE_PROTOCOL_VERSION, index$9_CCE_TAG_BYTES as CCE_TAG_BYTES, type index$9_CceAesGcmProvider as CceAesGcmProvider, type index$9_CceAlgorithm as CceAlgorithm, type index$9_CceAlgorithmDescriptor as CceAlgorithmDescriptor, index$9_CceAudienceIntentBindingSensor as CceAudienceIntentBindingSensor, type index$9_CceAxisKeyProvider as CceAxisKeyProvider, type index$9_CceAxisSigner as CceAxisSigner, type index$9_CceCapsuleClaims as CceCapsuleClaims, type index$9_CceCapsuleSignatureVerifier as CceCapsuleSignatureVerifier, index$9_CceCapsuleVerificationSensor as CceCapsuleVerificationSensor, type index$9_CceClientKeyEncryptor as CceClientKeyEncryptor, type index$9_CceClientKeyResolver as CceClientKeyResolver, index$9_CceClientSignatureSensor as CceClientSignatureSensor, type index$9_CceConstraints as CceConstraints, type index$9_CceDerivationInput as CceDerivationInput, type index$9_CceEncryptedKey as CceEncryptedKey, type index$9_CceEncryptedPayload as CceEncryptedPayload, index$9_CceEnvelopeValidationSensor as CceEnvelopeValidationSensor, index$9_CceError as CceError, type index$9_CceErrorCode as CceErrorCode, type index$9_CceExecutionContext as CceExecutionContext, type index$9_CceHandler as CceHandler, type index$9_CceHandlerContext as CceHandlerContext, type index$9_CceHandlerResult as CceHandlerResult, type index$9_CceIssuerKeyResolver as CceIssuerKeyResolver, type index$9_CceKdfAlgorithm as CceKdfAlgorithm, type index$9_CceKemAlgorithm as CceKemAlgorithm, index$9_CcePayloadDecryptionSensor as CcePayloadDecryptionSensor, type index$9_CcePipelineConfig as CcePipelineConfig, type index$9_CcePipelineResult as CcePipelineResult, index$9_CceReplayProtectionSensor as CceReplayProtectionSensor, type index$9_CceReplayStore as CceReplayStore, type index$9_CceRequestEnvelope as CceRequestEnvelope, type index$9_CceResponseEnvelope as CceResponseEnvelope, type index$9_CceResponseOptions as CceResponseOptions, type index$9_CceResponseStatus as CceResponseStatus, type index$9_CceSignature as CceSignature, type index$9_CceSignatureVerifier as CceSignatureVerifier, index$9_CceTpsWindowSensor as CceTpsWindowSensor, type index$9_CceVerificationState as CceVerificationState, type index$9_CceWitnessRecord as CceWitnessRecord, type index$9_CceWitnessStore as CceWitnessStore, index$9_InMemoryCceReplayStore as InMemoryCceReplayStore, index$9_InMemoryCceWitnessStore as InMemoryCceWitnessStore, index$9_aesGcmDecrypt as aesGcmDecrypt, index$9_aesGcmEncrypt as aesGcmEncrypt, index$9_base64UrlDecode as base64UrlDecode, index$9_base64UrlEncode as base64UrlEncode, index$9_buildCceErrorResponse as buildCceErrorResponse, index$9_buildCceResponse as buildCceResponse, index$9_buildExecutionContext as buildExecutionContext, index$9_buildWitnessRecord as buildWitnessRecord, index$9_deriveRequestExecutionKey as deriveRequestExecutionKey, index$9_deriveResponseExecutionKey as deriveResponseExecutionKey, index$9_deriveWitnessKey as deriveWitnessKey, index$9_executeCcePipeline as executeCcePipeline, index$9_extractVerificationState as extractVerificationState, index$9_generateAesKey as generateAesKey, index$9_generateCceNonce as generateCceNonce, index$9_generateIv as generateIv, index$9_hashPayload as hashPayload, index$9_nodeAesGcmProvider as nodeAesGcmProvider };
|
|
2212
|
+
}
|
|
2213
|
+
|
|
2214
|
+
type ProofType = 1 | 2 | 3 | 4;
|
|
2215
|
+
interface ProofVerificationResult {
|
|
2216
|
+
valid: boolean;
|
|
2217
|
+
actorId?: string;
|
|
2218
|
+
error?: string;
|
|
2219
|
+
metadata?: Record<string, any>;
|
|
2220
|
+
}
|
|
2221
|
+
interface MTLSContext {
|
|
2222
|
+
clientCertPem?: string;
|
|
2223
|
+
clientCertFingerprint?: string;
|
|
2224
|
+
clientCertSubject?: string;
|
|
2225
|
+
clientCertIssuer?: string;
|
|
2226
|
+
verified?: boolean;
|
|
2227
|
+
}
|
|
2228
|
+
interface DeviceSEContext {
|
|
2229
|
+
deviceId: string;
|
|
2230
|
+
signature: Uint8Array;
|
|
2231
|
+
publicKey: Uint8Array;
|
|
2232
|
+
challenge?: Uint8Array;
|
|
2233
|
+
}
|
|
2234
|
+
declare class ProofVerificationService {
|
|
1796
2235
|
private readonly logger;
|
|
1797
|
-
|
|
1798
|
-
|
|
2236
|
+
private readonly deviceKeys;
|
|
2237
|
+
private readonly trustedCerts;
|
|
2238
|
+
verifyProof(proofType: ProofType, proofRef: Uint8Array, context: {
|
|
2239
|
+
signTarget?: Uint8Array;
|
|
2240
|
+
signature?: Uint8Array;
|
|
2241
|
+
mtls?: MTLSContext;
|
|
2242
|
+
deviceSE?: DeviceSEContext;
|
|
2243
|
+
}): Promise<ProofVerificationResult>;
|
|
2244
|
+
private verifyCapsuleProof;
|
|
2245
|
+
private verifyJWTProof;
|
|
2246
|
+
private verifyMTLSProof;
|
|
2247
|
+
private verifyDeviceSEProof;
|
|
2248
|
+
registerDeviceKey(deviceId: string, publicKey: Uint8Array): void;
|
|
2249
|
+
unregisterDevice(deviceId: string): boolean;
|
|
2250
|
+
registerMTLSCert(fingerprint: string, actorId: string): void;
|
|
2251
|
+
revokeMTLSCert(fingerprint: string): boolean;
|
|
2252
|
+
static calculateFingerprint(certPem: string): string;
|
|
2253
|
+
}
|
|
2254
|
+
|
|
2255
|
+
type index$8_ActorKeyRecord = ActorKeyRecord;
|
|
2256
|
+
type index$8_AxisCapsule = AxisCapsule;
|
|
2257
|
+
type index$8_AxisCapsuleConstraints = AxisCapsuleConstraints;
|
|
2258
|
+
type index$8_AxisCapsulePayload = AxisCapsulePayload;
|
|
2259
|
+
type index$8_CapsuleBatchBody = CapsuleBatchBody;
|
|
2260
|
+
type index$8_CapsuleBatchResult = CapsuleBatchResult;
|
|
2261
|
+
type index$8_CapsuleIssueBody = CapsuleIssueBody;
|
|
2262
|
+
type index$8_CapsuleIssueResult = CapsuleIssueResult;
|
|
2263
|
+
type index$8_CapsuleMode = CapsuleMode;
|
|
2264
|
+
type index$8_CapsuleRecord = CapsuleRecord;
|
|
2265
|
+
type index$8_CapsuleRevokeBody = CapsuleRevokeBody;
|
|
2266
|
+
type index$8_CapsuleStatus = CapsuleStatus;
|
|
2267
|
+
type index$8_DeviceSEContext = DeviceSEContext;
|
|
2268
|
+
type index$8_IntentExecBody = IntentExecBody;
|
|
2269
|
+
type index$8_IssuerKeyRecord = IssuerKeyRecord;
|
|
2270
|
+
type index$8_KeyStatus = KeyStatus;
|
|
2271
|
+
type index$8_MTLSContext = MTLSContext;
|
|
2272
|
+
type index$8_ProofType = ProofType;
|
|
2273
|
+
type index$8_ProofVerificationResult = ProofVerificationResult;
|
|
2274
|
+
type index$8_ProofVerificationService = ProofVerificationService;
|
|
2275
|
+
declare const index$8_ProofVerificationService: typeof ProofVerificationService;
|
|
2276
|
+
type index$8_TickWindow = TickWindow;
|
|
2277
|
+
declare const index$8_b64urlDecode: typeof b64urlDecode;
|
|
2278
|
+
declare const index$8_b64urlDecodeString: typeof b64urlDecodeString;
|
|
2279
|
+
declare const index$8_b64urlEncode: typeof b64urlEncode;
|
|
2280
|
+
declare const index$8_b64urlEncodeString: typeof b64urlEncodeString;
|
|
2281
|
+
declare const index$8_canonicalJson: typeof canonicalJson;
|
|
2282
|
+
declare const index$8_canonicalJsonExcluding: typeof canonicalJsonExcluding;
|
|
2283
|
+
declare namespace index$8 {
|
|
2284
|
+
export { type index$8_ActorKeyRecord as ActorKeyRecord, type AxisAlg$1 as AxisAlg, type index$8_AxisCapsule as AxisCapsule, type index$8_AxisCapsuleConstraints as AxisCapsuleConstraints, type index$8_AxisCapsulePayload as AxisCapsulePayload, type AxisPacket$1 as AxisPacket, type AxisResponse$1 as AxisResponse, type AxisSig$1 as AxisSig, type index$8_CapsuleBatchBody as CapsuleBatchBody, type index$8_CapsuleBatchResult as CapsuleBatchResult, type index$8_CapsuleIssueBody as CapsuleIssueBody, type index$8_CapsuleIssueResult as CapsuleIssueResult, type index$8_CapsuleMode as CapsuleMode, type index$8_CapsuleRecord as CapsuleRecord, type index$8_CapsuleRevokeBody as CapsuleRevokeBody, type index$8_CapsuleStatus as CapsuleStatus, type index$8_DeviceSEContext as DeviceSEContext, type index$8_IntentExecBody as IntentExecBody, type index$8_IssuerKeyRecord as IssuerKeyRecord, type index$8_KeyStatus as KeyStatus, type index$8_MTLSContext as MTLSContext, type index$8_ProofType as ProofType, type index$8_ProofVerificationResult as ProofVerificationResult, index$8_ProofVerificationService as ProofVerificationService, type index$8_TickWindow as TickWindow, index$8_b64urlDecode as b64urlDecode, index$8_b64urlDecodeString as b64urlDecodeString, index$8_b64urlEncode as b64urlEncode, index$8_b64urlEncodeString as b64urlEncodeString, index$8_canonicalJson as canonicalJson, index$8_canonicalJsonExcluding as canonicalJsonExcluding };
|
|
2285
|
+
}
|
|
2286
|
+
|
|
2287
|
+
declare const index$7_AxisDemoPubkey: typeof AxisDemoPubkey;
|
|
2288
|
+
declare const index$7_AxisFrame: typeof AxisFrame;
|
|
2289
|
+
declare const index$7_AxisIp: typeof AxisIp;
|
|
2290
|
+
declare const index$7_AxisRaw: typeof AxisRaw;
|
|
2291
|
+
type index$7_AxisRequestData = AxisRequestData;
|
|
2292
|
+
type index$7_DtoSchema = DtoSchema;
|
|
2293
|
+
declare const index$7_HANDLER_METADATA_KEY: typeof HANDLER_METADATA_KEY;
|
|
2294
|
+
declare const index$7_Handler: typeof Handler;
|
|
2295
|
+
declare const index$7_INTENT_BODY_KEY: typeof INTENT_BODY_KEY;
|
|
2296
|
+
declare const index$7_INTENT_METADATA_KEY: typeof INTENT_METADATA_KEY;
|
|
2297
|
+
declare const index$7_INTENT_ROUTES_KEY: typeof INTENT_ROUTES_KEY;
|
|
2298
|
+
declare const index$7_INTENT_SENSORS_KEY: typeof INTENT_SENSORS_KEY;
|
|
2299
|
+
declare const index$7_Intent: typeof Intent;
|
|
2300
|
+
declare const index$7_IntentBody: typeof IntentBody;
|
|
2301
|
+
type index$7_IntentKind = IntentKind;
|
|
2302
|
+
type index$7_IntentOptions = IntentOptions;
|
|
2303
|
+
type index$7_IntentRoute = IntentRoute;
|
|
2304
|
+
declare const index$7_IntentSensors: typeof IntentSensors;
|
|
2305
|
+
type index$7_IntentTlvField = IntentTlvField;
|
|
2306
|
+
declare const index$7_SENSOR_METADATA_KEY: typeof SENSOR_METADATA_KEY;
|
|
2307
|
+
declare const index$7_Sensor: typeof Sensor;
|
|
2308
|
+
type index$7_SensorOptions = SensorOptions;
|
|
2309
|
+
type index$7_SensorPhase = SensorPhase;
|
|
2310
|
+
declare const index$7_TLV_FIELDS_KEY: typeof TLV_FIELDS_KEY;
|
|
2311
|
+
declare const index$7_TLV_VALIDATORS_KEY: typeof TLV_VALIDATORS_KEY;
|
|
2312
|
+
declare const index$7_TlvEnum: typeof TlvEnum;
|
|
2313
|
+
declare const index$7_TlvField: typeof TlvField;
|
|
2314
|
+
type index$7_TlvFieldKind = TlvFieldKind;
|
|
2315
|
+
type index$7_TlvFieldMeta = TlvFieldMeta;
|
|
2316
|
+
type index$7_TlvFieldOptions = TlvFieldOptions;
|
|
2317
|
+
declare const index$7_TlvMinLen: typeof TlvMinLen;
|
|
2318
|
+
declare const index$7_TlvRange: typeof TlvRange;
|
|
2319
|
+
declare const index$7_TlvUtf8Pattern: typeof TlvUtf8Pattern;
|
|
2320
|
+
declare const index$7_TlvValidate: typeof TlvValidate;
|
|
2321
|
+
type index$7_TlvValidatorFn = TlvValidatorFn;
|
|
2322
|
+
type index$7_TlvValidatorMeta = TlvValidatorMeta;
|
|
2323
|
+
declare const index$7_buildDtoDecoder: typeof buildDtoDecoder;
|
|
2324
|
+
declare const index$7_extractDtoSchema: typeof extractDtoSchema;
|
|
2325
|
+
declare namespace index$7 {
|
|
2326
|
+
export { AxisContext$1 as AxisContext, index$7_AxisDemoPubkey as AxisDemoPubkey, index$7_AxisFrame as AxisFrame, index$7_AxisIp as AxisIp, index$7_AxisRaw as AxisRaw, type index$7_AxisRequestData as AxisRequestData, type index$7_DtoSchema as DtoSchema, index$7_HANDLER_METADATA_KEY as HANDLER_METADATA_KEY, index$7_Handler as Handler, index$7_INTENT_BODY_KEY as INTENT_BODY_KEY, index$7_INTENT_METADATA_KEY as INTENT_METADATA_KEY, index$7_INTENT_ROUTES_KEY as INTENT_ROUTES_KEY, index$7_INTENT_SENSORS_KEY as INTENT_SENSORS_KEY, index$7_Intent as Intent, index$7_IntentBody as IntentBody, type index$7_IntentKind as IntentKind, type index$7_IntentOptions as IntentOptions, type index$7_IntentRoute as IntentRoute, index$7_IntentSensors as IntentSensors, type index$7_IntentTlvField as IntentTlvField, index$7_SENSOR_METADATA_KEY as SENSOR_METADATA_KEY, index$7_Sensor as Sensor, type index$7_SensorOptions as SensorOptions, type index$7_SensorPhase as SensorPhase, index$7_TLV_FIELDS_KEY as TLV_FIELDS_KEY, index$7_TLV_VALIDATORS_KEY as TLV_VALIDATORS_KEY, index$7_TlvEnum as TlvEnum, index$7_TlvField as TlvField, type index$7_TlvFieldKind as TlvFieldKind, type index$7_TlvFieldMeta as TlvFieldMeta, type index$7_TlvFieldOptions as TlvFieldOptions, index$7_TlvMinLen as TlvMinLen, index$7_TlvRange as TlvRange, index$7_TlvUtf8Pattern as TlvUtf8Pattern, index$7_TlvValidate as TlvValidate, type index$7_TlvValidatorFn as TlvValidatorFn, type index$7_TlvValidatorMeta as TlvValidatorMeta, index$7_buildDtoDecoder as buildDtoDecoder, index$7_extractDtoSchema as extractDtoSchema };
|
|
1799
2327
|
}
|
|
1800
2328
|
|
|
1801
2329
|
type index$6_ObservationQueueConfig = ObservationQueueConfig;
|
|
@@ -2084,8 +2612,6 @@ type index$3_ProofKind = ProofKind;
|
|
|
2084
2612
|
declare const index$3_ProofKindZ: typeof ProofKindZ;
|
|
2085
2613
|
type index$3_ProofPresenceInput = ProofPresenceInput;
|
|
2086
2614
|
declare const index$3_ProofPresenceInputZ: typeof ProofPresenceInputZ;
|
|
2087
|
-
type index$3_ProofType = ProofType;
|
|
2088
|
-
declare const index$3_ProofType: typeof ProofType;
|
|
2089
2615
|
type index$3_ProtocolStrictInput = ProtocolStrictInput;
|
|
2090
2616
|
declare const index$3_ProtocolStrictInputZ: typeof ProtocolStrictInputZ;
|
|
2091
2617
|
type index$3_RateLimitConfig = RateLimitConfig;
|
|
@@ -2121,18 +2647,23 @@ declare const index$3_WsHandshakeDecisionZ: typeof WsHandshakeDecisionZ;
|
|
|
2121
2647
|
type index$3_WsHandshakeInput = WsHandshakeInput;
|
|
2122
2648
|
declare const index$3_WsHandshakeInputZ: typeof WsHandshakeInputZ;
|
|
2123
2649
|
declare namespace index$3 {
|
|
2124
|
-
export { type index$3_AccessProfile as AccessProfile, index$3_AccessProfileZ as AccessProfileZ, type index$3_AxisContext as AxisContext, index$3_AxisContextZ as AxisContextZ, type index$3_AxisError as AxisError, index$3_AxisErrorZ as AxisErrorZ, type index$3_BodyBudgetInput as BodyBudgetInput, index$3_BodyBudgetInputZ as BodyBudgetInputZ, type index$3_BodyBudgetPolicy as BodyBudgetPolicy, index$3_BodyBudgetPolicyZ as BodyBudgetPolicyZ, index$3_BodyProfile as BodyProfile, type index$3_BodyProfileValidation as BodyProfileValidation, index$3_BodyProfileValidator as BodyProfileValidator, index$3_BodyProfileZ as BodyProfileZ, type index$3_Capsule as Capsule, type index$3_CapsuleClaims as CapsuleClaims, index$3_CapsuleClaimsZ as CapsuleClaimsZ, type index$3_CapsuleValidationResult as CapsuleValidationResult, index$3_CapsuleValidationResultZ as CapsuleValidationResultZ, type index$3_CapsuleVerifyResult as CapsuleVerifyResult, index$3_CapsuleVerifyResultZ as CapsuleVerifyResultZ, type index$3_CapsuleVerifySensorInput as CapsuleVerifySensorInput, index$3_CapsuleVerifySensorInputZ as CapsuleVerifySensorInputZ, index$3_CapsuleZ as CapsuleZ, type index$3_ChunkHashInput as ChunkHashInput, index$3_ChunkHashInputZ as ChunkHashInputZ, type index$3_CountryBlockDecision as CountryBlockDecision, index$3_CountryBlockDecisionZ as CountryBlockDecisionZ, type index$3_CountryBlockSensorInput as CountryBlockSensorInput, index$3_CountryBlockSensorInputZ as CountryBlockSensorInputZ, type index$3_EntropySensorInput as EntropySensorInput, index$3_EntropySensorInputZ as EntropySensorInputZ, index$3_ExecutionMetricsZ as ExecutionMetricsZ, type index$3_IPReputation as IPReputation, type index$3_IPReputationInput as IPReputationInput, index$3_IPReputationInputZ as IPReputationInputZ, index$3_IPReputationZ as IPReputationZ, type index$3_IntentPolicy as IntentPolicy, type index$3_IntentPolicyDecision as IntentPolicyDecision, index$3_IntentPolicyDecisionZ as IntentPolicyDecisionZ, type index$3_IntentPolicySensorInput as IntentPolicySensorInput, index$3_IntentPolicySensorInputZ as IntentPolicySensorInputZ, index$3_IntentPolicyZ as IntentPolicyZ, type index$3_IntentSchema as IntentSchema, index$3_IntentSchemaZ as IntentSchemaZ, type index$3_Passport as Passport, index$3_PassportZ as PassportZ, type index$3_ProofKind as ProofKind, index$3_ProofKindZ as ProofKindZ, type index$3_ProofPresenceInput as ProofPresenceInput, index$3_ProofPresenceInputZ as ProofPresenceInputZ,
|
|
2650
|
+
export { type index$3_AccessProfile as AccessProfile, index$3_AccessProfileZ as AccessProfileZ, type index$3_AxisContext as AxisContext, index$3_AxisContextZ as AxisContextZ, type index$3_AxisError as AxisError, index$3_AxisErrorZ as AxisErrorZ, type index$3_BodyBudgetInput as BodyBudgetInput, index$3_BodyBudgetInputZ as BodyBudgetInputZ, type index$3_BodyBudgetPolicy as BodyBudgetPolicy, index$3_BodyBudgetPolicyZ as BodyBudgetPolicyZ, index$3_BodyProfile as BodyProfile, type index$3_BodyProfileValidation as BodyProfileValidation, index$3_BodyProfileValidator as BodyProfileValidator, index$3_BodyProfileZ as BodyProfileZ, type index$3_Capsule as Capsule, type index$3_CapsuleClaims as CapsuleClaims, index$3_CapsuleClaimsZ as CapsuleClaimsZ, type index$3_CapsuleValidationResult as CapsuleValidationResult, index$3_CapsuleValidationResultZ as CapsuleValidationResultZ, type index$3_CapsuleVerifyResult as CapsuleVerifyResult, index$3_CapsuleVerifyResultZ as CapsuleVerifyResultZ, type index$3_CapsuleVerifySensorInput as CapsuleVerifySensorInput, index$3_CapsuleVerifySensorInputZ as CapsuleVerifySensorInputZ, index$3_CapsuleZ as CapsuleZ, type index$3_ChunkHashInput as ChunkHashInput, index$3_ChunkHashInputZ as ChunkHashInputZ, type index$3_CountryBlockDecision as CountryBlockDecision, index$3_CountryBlockDecisionZ as CountryBlockDecisionZ, type index$3_CountryBlockSensorInput as CountryBlockSensorInput, index$3_CountryBlockSensorInputZ as CountryBlockSensorInputZ, type index$3_EntropySensorInput as EntropySensorInput, index$3_EntropySensorInputZ as EntropySensorInputZ, index$3_ExecutionMetricsZ as ExecutionMetricsZ, type index$3_IPReputation as IPReputation, type index$3_IPReputationInput as IPReputationInput, index$3_IPReputationInputZ as IPReputationInputZ, index$3_IPReputationZ as IPReputationZ, type index$3_IntentPolicy as IntentPolicy, type index$3_IntentPolicyDecision as IntentPolicyDecision, index$3_IntentPolicyDecisionZ as IntentPolicyDecisionZ, type index$3_IntentPolicySensorInput as IntentPolicySensorInput, index$3_IntentPolicySensorInputZ as IntentPolicySensorInputZ, index$3_IntentPolicyZ as IntentPolicyZ, type index$3_IntentSchema as IntentSchema, index$3_IntentSchemaZ as IntentSchemaZ, type index$3_Passport as Passport, index$3_PassportZ as PassportZ, type index$3_ProofKind as ProofKind, index$3_ProofKindZ as ProofKindZ, type index$3_ProofPresenceInput as ProofPresenceInput, index$3_ProofPresenceInputZ as ProofPresenceInputZ, ProofType$1 as ProofType, type index$3_ProtocolStrictInput as ProtocolStrictInput, index$3_ProtocolStrictInputZ as ProtocolStrictInputZ, type index$3_RateLimitConfig as RateLimitConfig, index$3_RateLimitConfigZ as RateLimitConfigZ, type index$3_RateLimitInput as RateLimitInput, index$3_RateLimitInputZ as RateLimitInputZ, type index$3_RateLimitProfile as RateLimitProfile, index$3_RateLimitProfileZ as RateLimitProfileZ, type index$3_ScanBurstDecision as ScanBurstDecision, index$3_ScanBurstDecisionZ as ScanBurstDecisionZ, type index$3_ScanBurstSensorInput as ScanBurstSensorInput, index$3_ScanBurstSensorInputZ as ScanBurstSensorInputZ, type index$3_SchemaField as SchemaField, type index$3_SchemaFieldKind as SchemaFieldKind, index$3_SchemaFieldKindZ as SchemaFieldKindZ, index$3_SchemaFieldZ as SchemaFieldZ, type index$3_Scope as Scope, index$3_ScopeZ as ScopeZ, type index$3_SensitivityLevel as SensitivityLevel, index$3_SensitivityLevelZ as SensitivityLevelZ, type index$3_SensorChainInput as SensorChainInput, index$3_SensorChainInputZ as SensorChainInputZ, index$3_SensorDecisionWithMetadataZ as SensorDecisionWithMetadataZ, index$3_SensorDecisionZ as SensorDecisionZ, type index$3_SensorResult as SensorResult, index$3_SensorResultZ as SensorResultZ, type index$3_UploadSession as UploadSession, index$3_UploadSessionZ as UploadSessionZ, type index$3_UploadStatus as UploadStatus, index$3_UploadStatusZ as UploadStatusZ, type index$3_WsHandshakeDecision as WsHandshakeDecision, index$3_WsHandshakeDecisionZ as WsHandshakeDecisionZ, type index$3_WsHandshakeInput as WsHandshakeInput, index$3_WsHandshakeInputZ as WsHandshakeInputZ };
|
|
2125
2651
|
}
|
|
2126
2652
|
|
|
2653
|
+
type index$2_AxisSensorChainService = AxisSensorChainService;
|
|
2654
|
+
declare const index$2_AxisSensorChainService: typeof AxisSensorChainService;
|
|
2127
2655
|
declare const index$2_CAPABILITIES: typeof CAPABILITIES;
|
|
2128
2656
|
type index$2_Capability = Capability;
|
|
2657
|
+
type index$2_ChainResult = ChainResult;
|
|
2129
2658
|
declare const index$2_INTENT_REQUIREMENTS: typeof INTENT_REQUIREMENTS;
|
|
2130
2659
|
declare const index$2_PROOF_CAPABILITIES: typeof PROOF_CAPABILITIES;
|
|
2660
|
+
type index$2_SensorDecision = SensorDecision;
|
|
2661
|
+
type index$2_SensorInput = SensorInput;
|
|
2131
2662
|
declare const index$2_canAccessResource: typeof canAccessResource;
|
|
2132
2663
|
declare const index$2_hasScope: typeof hasScope;
|
|
2133
2664
|
declare const index$2_parseScope: typeof parseScope;
|
|
2134
2665
|
declare namespace index$2 {
|
|
2135
|
-
export { index$2_CAPABILITIES as CAPABILITIES, type index$2_Capability as Capability, index$2_INTENT_REQUIREMENTS as INTENT_REQUIREMENTS, index$2_PROOF_CAPABILITIES as PROOF_CAPABILITIES, index$2_canAccessResource as canAccessResource, index$2_hasScope as hasScope, index$2_parseScope as parseScope };
|
|
2666
|
+
export { index$2_AxisSensorChainService as AxisSensorChainService, index$2_CAPABILITIES as CAPABILITIES, type index$2_Capability as Capability, type index$2_ChainResult as ChainResult, index$2_INTENT_REQUIREMENTS as INTENT_REQUIREMENTS, index$2_PROOF_CAPABILITIES as PROOF_CAPABILITIES, type index$2_SensorDecision as SensorDecision, type index$2_SensorInput as SensorInput, index$2_canAccessResource as canAccessResource, index$2_hasScope as hasScope, index$2_parseScope as parseScope };
|
|
2136
2667
|
}
|
|
2137
2668
|
|
|
2138
2669
|
declare class AccessProfileResolverSensor implements AxisSensor {
|
|
@@ -2353,4 +2884,4 @@ declare namespace index {
|
|
|
2353
2884
|
export { index_encodeAxisTlvDto as encodeAxisTlvDto };
|
|
2354
2885
|
}
|
|
2355
2886
|
|
|
2356
|
-
export { ATS1_HDR, ATS1_SCHEMA, AXIS_OPCODES, AXIS_UPLOAD_FILE_STORE, AXIS_UPLOAD_RECEIPT_SIGNER, AXIS_UPLOAD_SESSION_STORE, ats1 as Ats1Codec, type Axis1DecodedFrame, type Axis1FrameToEncode, type AxisAlg$1 as AxisAlg, type AxisPacket as AxisBinaryPacket, type AxisCapsule, type AxisCapsuleConstraints, type AxisCapsulePayload, type AxisCrudHandler, type AxisEffect, AxisFilesDownloadHandler, AxisFilesFinalizeHandler, AxisFrame$2 as AxisFrame, type AxisHandler, type AxisHandlerInit, AxisIdDto, type AxisAlg as AxisJsonAlg, type AxisFrame$1 as AxisJsonFrame, type AxisResponse as AxisJsonResponse, type AxisSig as AxisJsonSig, type AxisObservedContext, type AxisPacket$1 as AxisPacket, T as AxisPacketTags, AxisPartialType, type AxisPostSensor, type AxisPreSensor, type AxisRequestContext, AxisResponseDto, type AxisSensor, type AxisSensorInit, type AxisSig$1 as AxisSig, AxisTlvDto, CAPABILITIES, type Capability, type CapsuleMode, ContractViolationError, DEFAULT_CONTRACTS, DEFAULT_TIMEOUT, Decision, DiskUploadFileStore, type DtoSchema, type ExecutionContract, ExecutionMeter, type ExecutionMetrics, FALLBACK_CONTRACT, HANDLER_METADATA_KEY, Handler, INTENT_BODY_KEY, INTENT_METADATA_KEY, INTENT_REQUIREMENTS, INTENT_ROUTES_KEY, INTENT_SENSITIVITY_MAP, INTENT_SENSORS_KEY, INTENT_TIMEOUTS, Intent, IntentBody, type IntentDefinition, type IntentKind, type IntentOptions, type IntentRoute, IntentRouter, IntentSensitivity, IntentSensors, type IntentTlvField, type KeyStatus, type ObservationQueueConfig, type ObservationQueueMessage, type ObservationStreamEntry, type ObservationWitnessSummary, type ObserverVerdict, PROOF_CAPABILITIES, RESPONSE_TAG_CREATED_AT, RESPONSE_TAG_CREATED_BY, RESPONSE_TAG_ID, RESPONSE_TAG_UPDATED_AT, RESPONSE_TAG_UPDATED_BY, type ReceiptEffect, type ResponseContract, type ResponseObserverContext, RiskDecision, type RiskEvaluation, type RiskSignal, Schema2002_PasskeyLoginOptionsRes, Schema2011_PasskeyLoginVerifyReq, Schema2012_PasskeyLoginVerifyRes, Schema2021_PasskeyRegisterOptionsReq, type SensorDecision, SensorDecisions, type SensorInput, type SensorMinifiedDecision, type SensorPhaseMetadata, TLV_FIELDS_KEY, TLV_VALIDATORS_KEY, TlvEnum, TlvField, type TlvFieldKind, type TlvFieldMeta, type TlvFieldOptions, TlvMinLen, TlvRange, TlvUtf8Pattern, TlvValidate, type TlvValidatorFn, type TlvValidatorMeta, type UnsignedObservationWitness, type UploadFileStat, type UploadFileStore, type UploadReceiptSigner, type UploadSessionRecord, type UploadSessionStatus, type UploadSessionStore, axis1SigningBytes, b64urlDecode, b64urlDecodeString, b64urlEncode, b64urlEncodeString, buildAts1Hdr, buildDtoDecoder, buildPacket, buildQueueMessage, buildReceiptHash, buildTLVs, buildUnsignedWitness, bytes, canAccessResource, canonicalJson, canonicalJsonExcluding, canonicalizeObservation, classifyIntent, index$8 as crypto, decodeAxis1Frame, decodeQueueMessage, index$7 as decorators, encVarint, encodeAxis1Frame, encodeQueueMessage, index$5 as engine, extractDtoSchema, hasScope, hashObservation, isAdminOpcode, isKnownOpcode, isTimestampValid, index$4 as loom, nonce16, normalizeSensorDecision, packPasskeyLoginOptionsReq, packPasskeyLoginOptionsRes, packPasskeyLoginVerifyReq, packPasskeyLoginVerifyRes, packPasskeyRegisterOptionsReq, parseAutoClaimEntries, parseScope, parseStreamEntries, resolveTimeout, index$3 as schemas, index$2 as security, sensitivityName, index$1 as sensors, stableJsonStringify, tlv, u64be, unpackPasskeyLoginOptionsReq, unpackPasskeyLoginVerifyReq, unpackPasskeyRegisterOptionsReq, utf8, index as utils, validateFrameShape, varintU, verifyResponse };
|
|
2887
|
+
export { ATS1_HDR, ATS1_SCHEMA, AXIS_OPCODES, AXIS_UPLOAD_FILE_STORE, AXIS_UPLOAD_RECEIPT_SIGNER, AXIS_UPLOAD_SESSION_STORE, ats1 as Ats1Codec, type Axis1DecodedFrame, type Axis1FrameToEncode, type AxisAlg$1 as AxisAlg, type AxisPacket as AxisBinaryPacket, type AxisCapsule, type AxisCapsuleConstraints, type AxisCapsulePayload, AxisContext$1 as AxisContext, type AxisCrudHandler, type AxisDecoded, AxisDemoPubkey, type AxisEffect, AxisFilesDownloadHandler, AxisFilesFinalizeHandler, AxisFrame$2 as AxisFrame, type AxisHandler, type AxisHandlerInit, AxisIdDto, AxisIp, type AxisAlg as AxisJsonAlg, type AxisFrame$1 as AxisJsonFrame, type AxisResponse as AxisJsonResponse, type AxisSig as AxisJsonSig, type AxisObservation, type AxisObservedContext, type AxisPacket$1 as AxisPacket, T as AxisPacketTags, AxisPartialType, type AxisPostSensor, type AxisPreSensor, AxisRaw, type AxisRequestContext, type AxisRequestData, AxisResponseDto, type AxisSensor, AxisSensorChainService, type AxisSensorInit, type AxisSig$1 as AxisSig, AxisTlvDto, BAND, CAPABILITIES, CCE_ERROR, CCE_PROTOCOL_VERSION, type Capability, type CapsuleMode, type CceCapsuleClaims as CceCapsuleClaimsType, CceError, type CceExecutionContext as CceExecutionContextType, type CceHandler, type CceHandlerContext, type CceHandlerResult, type CcePipelineConfig, type CcePipelineResult, type CceRequestEnvelope as CceRequestEnvelopeType, type CceResponseEnvelope as CceResponseEnvelopeType, type CceWitnessRecord as CceWitnessRecordType, type ChainResult, ContractViolationError, DEFAULT_CONTRACTS, DEFAULT_TIMEOUT, Decision, DiskUploadFileStore, type DtoSchema, type ExecutionContract, ExecutionMeter, type ExecutionMetrics, FALLBACK_CONTRACT, HANDLER_METADATA_KEY, HANDLER_SENSORS_KEY, Handler, HandlerDiscoveryService, HandlerSensors, INTENT_BODY_KEY, INTENT_METADATA_KEY, INTENT_REQUIREMENTS, INTENT_ROUTES_KEY, INTENT_SENSITIVITY_MAP, INTENT_SENSORS_KEY, INTENT_TIMEOUTS, Intent, IntentBody, type IntentDefinition, type IntentKind, type IntentOptions, type IntentRoute, IntentRouter, IntentSensitivity, IntentSensors, type IntentTlvField, type KeyStatus, type ObservationQueueConfig, type ObservationQueueMessage, type ObservationSensor, type ObservationStage, type ObservationStreamEntry, type ObservationWitnessSummary, type ObserverVerdict, PRE_DECODE_BOUNDARY, PROOF_CAPABILITIES, RESPONSE_TAG_CREATED_AT, RESPONSE_TAG_CREATED_BY, RESPONSE_TAG_ID, RESPONSE_TAG_UPDATED_AT, RESPONSE_TAG_UPDATED_BY, type ReceiptEffect, type ResponseContract, type ResponseObserverContext, RiskDecision, type RiskEvaluation, type RiskSignal, SENSOR_METADATA_KEY, Schema2002_PasskeyLoginOptionsRes, Schema2011_PasskeyLoginVerifyReq, Schema2012_PasskeyLoginVerifyRes, Schema2021_PasskeyRegisterOptionsReq, Sensor, type SensorBand, type SensorDecision, SensorDecisions, SensorDiscoveryService, type SensorInput, type SensorMinifiedDecision, type SensorOptions, type SensorPhase, type SensorPhaseMetadata, SensorRegistry, TLV_FIELDS_KEY, TLV_VALIDATORS_KEY, TlvEnum, TlvField, type TlvFieldKind, type TlvFieldMeta, type TlvFieldOptions, TlvMinLen, TlvRange, TlvUtf8Pattern, TlvValidate, type TlvValidatorFn, type TlvValidatorMeta, type UnsignedObservationWitness, type UploadFileStat, type UploadFileStore, type UploadReceiptSigner, type UploadSessionRecord, type UploadSessionStatus, type UploadSessionStore, axis1SigningBytes, b64urlDecode, b64urlDecodeString, b64urlEncode, b64urlEncodeString, buildAts1Hdr, buildDtoDecoder, buildPacket, buildQueueMessage, buildReceiptHash, buildTLVs, buildUnsignedWitness, bytes, canAccessResource, canonicalJson, canonicalJsonExcluding, canonicalizeObservation, index$9 as cce, classifyIntent, createObservation, index$8 as crypto, decodeAxis1Frame, decodeQueueMessage, index$7 as decorators, encVarint, encodeAxis1Frame, encodeQueueMessage, endStage, index$5 as engine, executeCcePipeline, extractDtoSchema, finalizeObservation, hasScope, hashObservation, isAdminOpcode, isKnownOpcode, isTimestampValid, index$4 as loom, nonce16, normalizeSensorDecision, packPasskeyLoginOptionsReq, packPasskeyLoginOptionsRes, packPasskeyLoginVerifyReq, packPasskeyLoginVerifyRes, packPasskeyRegisterOptionsReq, parseAutoClaimEntries, parseScope, parseStreamEntries, recordSensor, resolveTimeout, index$3 as schemas, index$2 as security, sensitivityName, index$1 as sensors, stableJsonStringify, startStage, tlv, u64be, unpackPasskeyLoginOptionsReq, unpackPasskeyLoginVerifyReq, unpackPasskeyRegisterOptionsReq, utf8, index as utils, validateFrameShape, varintU, verifyResponse };
|