@nextera.one/axis-server-sdk 1.7.0 → 1.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/index.d.mts +42 -5
  2. package/dist/index.d.ts +42 -5
  3. package/dist/index.js +5560 -4754
  4. package/dist/index.js.map +1 -1
  5. package/dist/index.mjs +5594 -4522
  6. package/dist/index.mjs.map +1 -1
  7. package/package.json +2 -1
package/dist/index.d.mts CHANGED
@@ -139,6 +139,7 @@ interface CceCapsuleClaims {
139
139
  tps_to: number;
140
140
  capsule_nonce: string;
141
141
  challenge_id: string;
142
+ proof_hash?: string;
142
143
  policy_hash?: string;
143
144
  iat: number;
144
145
  exp: number;
@@ -195,6 +196,7 @@ interface CceResponseEnvelope {
195
196
  response_id: string;
196
197
  request_id: string;
197
198
  correlation_id: string;
199
+ capsule_id: string;
198
200
  encrypted_key: CceEncryptedKey;
199
201
  encrypted_payload: CceEncryptedPayload;
200
202
  response_nonce: string;
@@ -669,6 +671,21 @@ interface CceHandlerResult {
669
671
  body: Uint8Array;
670
672
  effect?: string;
671
673
  }
674
+ interface CcePolicyContext {
675
+ envelope: CceRequestEnvelope;
676
+ capsule: CceCapsuleClaims;
677
+ executionContext: CceExecutionContext;
678
+ decryptedPayload: Uint8Array;
679
+ clientPublicKeyHex: string;
680
+ }
681
+ interface CcePolicyDecision {
682
+ allow: boolean;
683
+ code?: string;
684
+ message?: string;
685
+ }
686
+ interface CcePolicyEvaluator {
687
+ evaluate(context: CcePolicyContext): Promise<CcePolicyDecision>;
688
+ }
672
689
  interface CcePipelineConfig {
673
690
  axisLocalSecret: string;
674
691
  axisAudience: string;
@@ -677,6 +694,7 @@ interface CcePipelineConfig {
677
694
  witnessStore: CceWitnessStore;
678
695
  clientKeyEncryptor: CceClientKeyEncryptor;
679
696
  axisSigner: CceAxisSigner;
697
+ policyEvaluator?: CcePolicyEvaluator;
680
698
  }
681
699
  type CcePipelineResult = {
682
700
  ok: true;
@@ -874,6 +892,8 @@ interface ObserverVerdict {
874
892
  reason?: string;
875
893
  }
876
894
  declare function verifyResponse(ctx: ResponseObserverContext, response: ResponseContract): ObserverVerdict;
895
+ type ResponseObserver = (ctx: ResponseObserverContext, response: ResponseContract) => ObserverVerdict;
896
+ declare const ResponseObserver: ResponseObserver;
877
897
 
878
898
  declare const ATS1_HDR: {
879
899
  readonly INTENT_ID: 1;
@@ -2140,14 +2160,24 @@ interface CceAxisKeyProvider {
2140
2160
  interface CceAesGcmProvider {
2141
2161
  decrypt(key: Uint8Array, iv: Uint8Array, ciphertext: Uint8Array, tag: Uint8Array, aad?: Uint8Array): Promise<Uint8Array | null>;
2142
2162
  }
2163
+ interface CcePayloadValidatorResult {
2164
+ ok: boolean;
2165
+ intent?: string;
2166
+ code?: string;
2167
+ reason?: string;
2168
+ }
2169
+ interface CcePayloadValidator {
2170
+ validate(plaintext: Uint8Array, envelope: CceRequestEnvelope): Promise<CcePayloadValidatorResult>;
2171
+ }
2143
2172
  declare class CcePayloadDecryptionSensor implements AxisSensor {
2144
2173
  private readonly keyProvider;
2145
2174
  private readonly aesProvider;
2146
2175
  private readonly maxPayloadBytes;
2176
+ private readonly payloadValidator?;
2147
2177
  readonly name = "cce.payload.decryption";
2148
2178
  readonly order = 145;
2149
2179
  readonly phase: "POST_DECODE";
2150
- constructor(keyProvider: CceAxisKeyProvider, aesProvider: CceAesGcmProvider, maxPayloadBytes?: number);
2180
+ constructor(keyProvider: CceAxisKeyProvider, aesProvider: CceAesGcmProvider, maxPayloadBytes?: number, payloadValidator?: CcePayloadValidator | undefined);
2151
2181
  supports(input: SensorInput): boolean;
2152
2182
  run(input: SensorInput): Promise<SensorDecision>;
2153
2183
  }
@@ -2307,8 +2337,13 @@ type index$9_CceKdfAlgorithm = CceKdfAlgorithm;
2307
2337
  type index$9_CceKemAlgorithm = CceKemAlgorithm;
2308
2338
  type index$9_CcePayloadDecryptionSensor = CcePayloadDecryptionSensor;
2309
2339
  declare const index$9_CcePayloadDecryptionSensor: typeof CcePayloadDecryptionSensor;
2340
+ type index$9_CcePayloadValidator = CcePayloadValidator;
2341
+ type index$9_CcePayloadValidatorResult = CcePayloadValidatorResult;
2310
2342
  type index$9_CcePipelineConfig = CcePipelineConfig;
2311
2343
  type index$9_CcePipelineResult = CcePipelineResult;
2344
+ type index$9_CcePolicyContext = CcePolicyContext;
2345
+ type index$9_CcePolicyDecision = CcePolicyDecision;
2346
+ type index$9_CcePolicyEvaluator = CcePolicyEvaluator;
2312
2347
  type index$9_CceReplayProtectionSensor = CceReplayProtectionSensor;
2313
2348
  declare const index$9_CceReplayProtectionSensor: typeof CceReplayProtectionSensor;
2314
2349
  type index$9_CceReplayStore = CceReplayStore;
@@ -2346,7 +2381,7 @@ declare const index$9_generateIv: typeof generateIv;
2346
2381
  declare const index$9_hashPayload: typeof hashPayload;
2347
2382
  declare const index$9_nodeAesGcmProvider: typeof nodeAesGcmProvider;
2348
2383
  declare namespace index$9 {
2349
- export { index$9_CCE_AES_KEY_BYTES as CCE_AES_KEY_BYTES, index$9_CCE_DERIVATION as CCE_DERIVATION, index$9_CCE_ERROR as CCE_ERROR, index$9_CCE_IV_BYTES as CCE_IV_BYTES, index$9_CCE_NONCE_BYTES as CCE_NONCE_BYTES, index$9_CCE_PROTOCOL_VERSION as CCE_PROTOCOL_VERSION, index$9_CCE_TAG_BYTES as CCE_TAG_BYTES, type index$9_CceAesGcmProvider as CceAesGcmProvider, type index$9_CceAlgorithm as CceAlgorithm, type index$9_CceAlgorithmDescriptor as CceAlgorithmDescriptor, index$9_CceAudienceIntentBindingSensor as CceAudienceIntentBindingSensor, type index$9_CceAxisKeyProvider as CceAxisKeyProvider, type index$9_CceAxisSigner as CceAxisSigner, type index$9_CceCapsuleClaims as CceCapsuleClaims, type index$9_CceCapsuleSignatureVerifier as CceCapsuleSignatureVerifier, index$9_CceCapsuleVerificationSensor as CceCapsuleVerificationSensor, type index$9_CceClientKeyEncryptor as CceClientKeyEncryptor, type index$9_CceClientKeyResolver as CceClientKeyResolver, index$9_CceClientSignatureSensor as CceClientSignatureSensor, type index$9_CceConstraints as CceConstraints, type index$9_CceDerivationInput as CceDerivationInput, type index$9_CceEncryptedKey as CceEncryptedKey, type index$9_CceEncryptedPayload as CceEncryptedPayload, index$9_CceEnvelopeValidationSensor as CceEnvelopeValidationSensor, index$9_CceError as CceError, type index$9_CceErrorCode as CceErrorCode, type index$9_CceExecutionContext as CceExecutionContext, type index$9_CceHandler as CceHandler, type index$9_CceHandlerContext as CceHandlerContext, type index$9_CceHandlerResult as CceHandlerResult, type index$9_CceIssuerKeyResolver as CceIssuerKeyResolver, type index$9_CceKdfAlgorithm as CceKdfAlgorithm, type index$9_CceKemAlgorithm as CceKemAlgorithm, index$9_CcePayloadDecryptionSensor as CcePayloadDecryptionSensor, type index$9_CcePipelineConfig as CcePipelineConfig, type index$9_CcePipelineResult as CcePipelineResult, index$9_CceReplayProtectionSensor as CceReplayProtectionSensor, type index$9_CceReplayStore as CceReplayStore, type index$9_CceRequestEnvelope as CceRequestEnvelope, type index$9_CceResponseEnvelope as CceResponseEnvelope, type index$9_CceResponseOptions as CceResponseOptions, type index$9_CceResponseStatus as CceResponseStatus, type index$9_CceSignature as CceSignature, type index$9_CceSignatureVerifier as CceSignatureVerifier, index$9_CceTpsWindowSensor as CceTpsWindowSensor, type index$9_CceVerificationState as CceVerificationState, type index$9_CceWitnessRecord as CceWitnessRecord, type index$9_CceWitnessStore as CceWitnessStore, index$9_InMemoryCceReplayStore as InMemoryCceReplayStore, index$9_InMemoryCceWitnessStore as InMemoryCceWitnessStore, index$9_aesGcmDecrypt as aesGcmDecrypt, index$9_aesGcmEncrypt as aesGcmEncrypt, index$9_base64UrlDecode as base64UrlDecode, index$9_base64UrlEncode as base64UrlEncode, index$9_buildCceErrorResponse as buildCceErrorResponse, index$9_buildCceResponse as buildCceResponse, index$9_buildExecutionContext as buildExecutionContext, index$9_buildWitnessRecord as buildWitnessRecord, index$9_deriveRequestExecutionKey as deriveRequestExecutionKey, index$9_deriveResponseExecutionKey as deriveResponseExecutionKey, index$9_deriveWitnessKey as deriveWitnessKey, index$9_executeCcePipeline as executeCcePipeline, index$9_extractVerificationState as extractVerificationState, index$9_generateAesKey as generateAesKey, index$9_generateCceNonce as generateCceNonce, index$9_generateIv as generateIv, index$9_hashPayload as hashPayload, index$9_nodeAesGcmProvider as nodeAesGcmProvider };
2384
+ export { index$9_CCE_AES_KEY_BYTES as CCE_AES_KEY_BYTES, index$9_CCE_DERIVATION as CCE_DERIVATION, index$9_CCE_ERROR as CCE_ERROR, index$9_CCE_IV_BYTES as CCE_IV_BYTES, index$9_CCE_NONCE_BYTES as CCE_NONCE_BYTES, index$9_CCE_PROTOCOL_VERSION as CCE_PROTOCOL_VERSION, index$9_CCE_TAG_BYTES as CCE_TAG_BYTES, type index$9_CceAesGcmProvider as CceAesGcmProvider, type index$9_CceAlgorithm as CceAlgorithm, type index$9_CceAlgorithmDescriptor as CceAlgorithmDescriptor, index$9_CceAudienceIntentBindingSensor as CceAudienceIntentBindingSensor, type index$9_CceAxisKeyProvider as CceAxisKeyProvider, type index$9_CceAxisSigner as CceAxisSigner, type index$9_CceCapsuleClaims as CceCapsuleClaims, type index$9_CceCapsuleSignatureVerifier as CceCapsuleSignatureVerifier, index$9_CceCapsuleVerificationSensor as CceCapsuleVerificationSensor, type index$9_CceClientKeyEncryptor as CceClientKeyEncryptor, type index$9_CceClientKeyResolver as CceClientKeyResolver, index$9_CceClientSignatureSensor as CceClientSignatureSensor, type index$9_CceConstraints as CceConstraints, type index$9_CceDerivationInput as CceDerivationInput, type index$9_CceEncryptedKey as CceEncryptedKey, type index$9_CceEncryptedPayload as CceEncryptedPayload, index$9_CceEnvelopeValidationSensor as CceEnvelopeValidationSensor, index$9_CceError as CceError, type index$9_CceErrorCode as CceErrorCode, type index$9_CceExecutionContext as CceExecutionContext, type index$9_CceHandler as CceHandler, type index$9_CceHandlerContext as CceHandlerContext, type index$9_CceHandlerResult as CceHandlerResult, type index$9_CceIssuerKeyResolver as CceIssuerKeyResolver, type index$9_CceKdfAlgorithm as CceKdfAlgorithm, type index$9_CceKemAlgorithm as CceKemAlgorithm, index$9_CcePayloadDecryptionSensor as CcePayloadDecryptionSensor, type index$9_CcePayloadValidator as CcePayloadValidator, type index$9_CcePayloadValidatorResult as CcePayloadValidatorResult, type index$9_CcePipelineConfig as CcePipelineConfig, type index$9_CcePipelineResult as CcePipelineResult, type index$9_CcePolicyContext as CcePolicyContext, type index$9_CcePolicyDecision as CcePolicyDecision, type index$9_CcePolicyEvaluator as CcePolicyEvaluator, index$9_CceReplayProtectionSensor as CceReplayProtectionSensor, type index$9_CceReplayStore as CceReplayStore, type index$9_CceRequestEnvelope as CceRequestEnvelope, type index$9_CceResponseEnvelope as CceResponseEnvelope, type index$9_CceResponseOptions as CceResponseOptions, type index$9_CceResponseStatus as CceResponseStatus, type index$9_CceSignature as CceSignature, type index$9_CceSignatureVerifier as CceSignatureVerifier, index$9_CceTpsWindowSensor as CceTpsWindowSensor, type index$9_CceVerificationState as CceVerificationState, type index$9_CceWitnessRecord as CceWitnessRecord, type index$9_CceWitnessStore as CceWitnessStore, index$9_InMemoryCceReplayStore as InMemoryCceReplayStore, index$9_InMemoryCceWitnessStore as InMemoryCceWitnessStore, index$9_aesGcmDecrypt as aesGcmDecrypt, index$9_aesGcmEncrypt as aesGcmEncrypt, index$9_base64UrlDecode as base64UrlDecode, index$9_base64UrlEncode as base64UrlEncode, index$9_buildCceErrorResponse as buildCceErrorResponse, index$9_buildCceResponse as buildCceResponse, index$9_buildExecutionContext as buildExecutionContext, index$9_buildWitnessRecord as buildWitnessRecord, index$9_deriveRequestExecutionKey as deriveRequestExecutionKey, index$9_deriveResponseExecutionKey as deriveResponseExecutionKey, index$9_deriveWitnessKey as deriveWitnessKey, index$9_executeCcePipeline as executeCcePipeline, index$9_extractVerificationState as extractVerificationState, index$9_generateAesKey as generateAesKey, index$9_generateCceNonce as generateCceNonce, index$9_generateIv as generateIv, index$9_hashPayload as hashPayload, index$9_nodeAesGcmProvider as nodeAesGcmProvider };
2350
2385
  }
2351
2386
 
2352
2387
  type ProofType = 1 | 2 | 3 | 4;
@@ -2470,6 +2505,7 @@ type index$6_ObservationStreamEntry = ObservationStreamEntry;
2470
2505
  type index$6_ObservationWitnessSummary = ObservationWitnessSummary;
2471
2506
  type index$6_ObserverVerdict = ObserverVerdict;
2472
2507
  type index$6_ResponseContract = ResponseContract;
2508
+ declare const index$6_ResponseObserver: typeof ResponseObserver;
2473
2509
  type index$6_ResponseObserverContext = ResponseObserverContext;
2474
2510
  type index$6_UnsignedObservationWitness = UnsignedObservationWitness;
2475
2511
  declare const index$6_buildQueueMessage: typeof buildQueueMessage;
@@ -2483,7 +2519,7 @@ declare const index$6_parseStreamEntries: typeof parseStreamEntries;
2483
2519
  declare const index$6_stableJsonStringify: typeof stableJsonStringify;
2484
2520
  declare const index$6_verifyResponse: typeof verifyResponse;
2485
2521
  declare namespace index$6 {
2486
- export { type index$6_ObservationQueueConfig as ObservationQueueConfig, type index$6_ObservationQueueMessage as ObservationQueueMessage, type index$6_ObservationStreamEntry as ObservationStreamEntry, type index$6_ObservationWitnessSummary as ObservationWitnessSummary, type index$6_ObserverVerdict as ObserverVerdict, type index$6_ResponseContract as ResponseContract, type index$6_ResponseObserverContext as ResponseObserverContext, type index$6_UnsignedObservationWitness as UnsignedObservationWitness, index$6_buildQueueMessage as buildQueueMessage, index$6_buildUnsignedWitness as buildUnsignedWitness, index$6_canonicalizeObservation as canonicalizeObservation, index$6_decodeQueueMessage as decodeQueueMessage, index$6_encodeQueueMessage as encodeQueueMessage, index$6_hashObservation as hashObservation, index$6_parseAutoClaimEntries as parseAutoClaimEntries, index$6_parseStreamEntries as parseStreamEntries, index$6_stableJsonStringify as stableJsonStringify, index$6_verifyResponse as verifyResponse };
2522
+ export { type index$6_ObservationQueueConfig as ObservationQueueConfig, type index$6_ObservationQueueMessage as ObservationQueueMessage, type index$6_ObservationStreamEntry as ObservationStreamEntry, type index$6_ObservationWitnessSummary as ObservationWitnessSummary, type index$6_ObserverVerdict as ObserverVerdict, type index$6_ResponseContract as ResponseContract, index$6_ResponseObserver as ResponseObserver, type index$6_ResponseObserverContext as ResponseObserverContext, type index$6_UnsignedObservationWitness as UnsignedObservationWitness, index$6_buildQueueMessage as buildQueueMessage, index$6_buildUnsignedWitness as buildUnsignedWitness, index$6_canonicalizeObservation as canonicalizeObservation, index$6_decodeQueueMessage as decodeQueueMessage, index$6_encodeQueueMessage as encodeQueueMessage, index$6_hashObservation as hashObservation, index$6_parseAutoClaimEntries as parseAutoClaimEntries, index$6_parseStreamEntries as parseStreamEntries, index$6_stableJsonStringify as stableJsonStringify, index$6_verifyResponse as verifyResponse };
2487
2523
  }
2488
2524
 
2489
2525
  type index$5_AxisDecoded = AxisDecoded;
@@ -2503,6 +2539,7 @@ type index$5_ObservationWitnessSummary = ObservationWitnessSummary;
2503
2539
  type index$5_ObserverVerdict = ObserverVerdict;
2504
2540
  declare const index$5_PRE_DECODE_BOUNDARY: typeof PRE_DECODE_BOUNDARY;
2505
2541
  type index$5_ResponseContract = ResponseContract;
2542
+ declare const index$5_ResponseObserver: typeof ResponseObserver;
2506
2543
  type index$5_ResponseObserverContext = ResponseObserverContext;
2507
2544
  type index$5_SensorBand = SensorBand;
2508
2545
  type index$5_SensorDiscoveryService = SensorDiscoveryService;
@@ -2526,7 +2563,7 @@ declare const index$5_stableJsonStringify: typeof stableJsonStringify;
2526
2563
  declare const index$5_startStage: typeof startStage;
2527
2564
  declare const index$5_verifyResponse: typeof verifyResponse;
2528
2565
  declare namespace index$5 {
2529
- export { type index$5_AxisDecoded as AxisDecoded, type index$5_AxisEffect as AxisEffect, type index$5_AxisObservation as AxisObservation, index$5_BAND as BAND, index$5_HandlerDiscoveryService as HandlerDiscoveryService, index$5_IntentRouter as IntentRouter, type IntentSchema$1 as IntentSchema, type index$5_ObservationQueueConfig as ObservationQueueConfig, type index$5_ObservationQueueMessage as ObservationQueueMessage, type index$5_ObservationSensor as ObservationSensor, type index$5_ObservationStage as ObservationStage, type index$5_ObservationStreamEntry as ObservationStreamEntry, type index$5_ObservationWitnessSummary as ObservationWitnessSummary, type index$5_ObserverVerdict as ObserverVerdict, index$5_PRE_DECODE_BOUNDARY as PRE_DECODE_BOUNDARY, type index$5_ResponseContract as ResponseContract, type index$5_ResponseObserverContext as ResponseObserverContext, type index$5_SensorBand as SensorBand, index$5_SensorDiscoveryService as SensorDiscoveryService, index$5_SensorRegistry as SensorRegistry, type index$5_UnsignedObservationWitness as UnsignedObservationWitness, index$5_buildQueueMessage as buildQueueMessage, index$5_buildUnsignedWitness as buildUnsignedWitness, index$5_canonicalizeObservation as canonicalizeObservation, index$5_createObservation as createObservation, index$5_decodeQueueMessage as decodeQueueMessage, index$5_encodeQueueMessage as encodeQueueMessage, index$5_endStage as endStage, index$5_finalizeObservation as finalizeObservation, index$5_hashObservation as hashObservation, index$6 as observation, index$5_parseAutoClaimEntries as parseAutoClaimEntries, index$5_parseStreamEntries as parseStreamEntries, index$5_recordSensor as recordSensor, index$5_stableJsonStringify as stableJsonStringify, index$5_startStage as startStage, index$5_verifyResponse as verifyResponse };
2566
+ export { type index$5_AxisDecoded as AxisDecoded, type index$5_AxisEffect as AxisEffect, type index$5_AxisObservation as AxisObservation, index$5_BAND as BAND, index$5_HandlerDiscoveryService as HandlerDiscoveryService, index$5_IntentRouter as IntentRouter, type IntentSchema$1 as IntentSchema, type index$5_ObservationQueueConfig as ObservationQueueConfig, type index$5_ObservationQueueMessage as ObservationQueueMessage, type index$5_ObservationSensor as ObservationSensor, type index$5_ObservationStage as ObservationStage, type index$5_ObservationStreamEntry as ObservationStreamEntry, type index$5_ObservationWitnessSummary as ObservationWitnessSummary, type index$5_ObserverVerdict as ObserverVerdict, index$5_PRE_DECODE_BOUNDARY as PRE_DECODE_BOUNDARY, type index$5_ResponseContract as ResponseContract, index$5_ResponseObserver as ResponseObserver, type index$5_ResponseObserverContext as ResponseObserverContext, type index$5_SensorBand as SensorBand, index$5_SensorDiscoveryService as SensorDiscoveryService, index$5_SensorRegistry as SensorRegistry, type index$5_UnsignedObservationWitness as UnsignedObservationWitness, index$5_buildQueueMessage as buildQueueMessage, index$5_buildUnsignedWitness as buildUnsignedWitness, index$5_canonicalizeObservation as canonicalizeObservation, index$5_createObservation as createObservation, index$5_decodeQueueMessage as decodeQueueMessage, index$5_encodeQueueMessage as encodeQueueMessage, index$5_endStage as endStage, index$5_finalizeObservation as finalizeObservation, index$5_hashObservation as hashObservation, index$6 as observation, index$5_parseAutoClaimEntries as parseAutoClaimEntries, index$5_parseStreamEntries as parseStreamEntries, index$5_recordSensor as recordSensor, index$5_stableJsonStringify as stableJsonStringify, index$5_startStage as startStage, index$5_verifyResponse as verifyResponse };
2530
2567
  }
2531
2568
 
2532
2569
  type index$4_Grant = Grant;
@@ -2902,4 +2939,4 @@ declare namespace index {
2902
2939
  export { index_encodeAxisTlvDto as encodeAxisTlvDto };
2903
2940
  }
2904
2941
 
2905
- export { ATS1_HDR, ATS1_SCHEMA, AXIS_OPCODES, AXIS_UPLOAD_FILE_STORE, AXIS_UPLOAD_RECEIPT_SIGNER, AXIS_UPLOAD_SESSION_STORE, ats1 as Ats1Codec, type Axis1DecodedFrame, type Axis1FrameToEncode, type AxisAlg$1 as AxisAlg, type AxisPacket as AxisBinaryPacket, type AxisCapsule, type AxisCapsuleConstraints, type AxisCapsulePayload, AxisContext$1 as AxisContext, type AxisCrudHandler, type AxisDecoded, AxisDemoPubkey, type AxisEffect, AxisFilesDownloadHandler, AxisFilesFinalizeHandler, AxisFrame$2 as AxisFrame, type AxisHandler, type AxisHandlerInit, AxisIdDto, AxisIp, type AxisAlg as AxisJsonAlg, type AxisFrame$1 as AxisJsonFrame, type AxisResponse as AxisJsonResponse, type AxisSig as AxisJsonSig, type AxisObservation, type AxisObservedContext, type AxisPacket$1 as AxisPacket, T as AxisPacketTags, AxisPartialType, type AxisPostSensor, type AxisPreSensor, AxisRaw, type AxisRequestContext, type AxisRequestData, AxisResponseDto, type AxisSensor, AxisSensorChainService, type AxisSensorInit, type AxisSig$1 as AxisSig, AxisTlvDto, BAND, CAPABILITIES, CCE_ERROR, CCE_PROTOCOL_VERSION, type Capability, type CapsuleMode, type CceCapsuleClaims as CceCapsuleClaimsType, CceError, type CceExecutionContext as CceExecutionContextType, type CceHandler, type CceHandlerContext, type CceHandlerResult, type CcePipelineConfig, type CcePipelineResult, type CceRequestEnvelope as CceRequestEnvelopeType, type CceResponseEnvelope as CceResponseEnvelopeType, type CceWitnessRecord as CceWitnessRecordType, type ChainResult, ContractViolationError, DEFAULT_CONTRACTS, DEFAULT_TIMEOUT, Decision, DiskUploadFileStore, type DtoSchema, type ExecutionContract, ExecutionMeter, type ExecutionMetrics, FALLBACK_CONTRACT, type Grant, type GrantCapability, type GrantMeta, type GrantStatus, type GrantType, type GrantValidationResult, HANDLER_METADATA_KEY, HANDLER_SENSORS_KEY, Handler, HandlerDiscoveryService, HandlerSensors, INTENT_BODY_KEY, INTENT_METADATA_KEY, INTENT_REQUIREMENTS, INTENT_ROUTES_KEY, INTENT_SENSITIVITY_MAP, INTENT_SENSORS_KEY, INTENT_TIMEOUTS, Intent, IntentBody, type IntentDefinition, type IntentKind, type IntentOptions, type IntentRoute, IntentRouter, IntentSensitivity, IntentSensors, type IntentTlvField, type KeyStatus, type LoomReceipt, type LoomValidationResult, type ObservationQueueConfig, type ObservationQueueMessage, type ObservationSensor, type ObservationStage, type ObservationStreamEntry, type ObservationWitnessSummary, type ObserverVerdict, PRE_DECODE_BOUNDARY, PROOF_CAPABILITIES, type PresenceChallenge, type PresenceDeclaration, type PresenceProof, type PresenceReceipt, type PresenceStatus, type PresenceVerifyResult, RESPONSE_TAG_CREATED_AT, RESPONSE_TAG_CREATED_BY, RESPONSE_TAG_ID, RESPONSE_TAG_UPDATED_AT, RESPONSE_TAG_UPDATED_BY, type ReceiptEffect, type ResponseContract, verifyResponse as ResponseObserver, type ResponseObserverContext, type Revocation, type RevocationTargetType, RiskDecision, type RiskEvaluation, type RiskSignal, SENSOR_METADATA_KEY, Schema2002_PasskeyLoginOptionsRes, Schema2011_PasskeyLoginVerifyReq, Schema2012_PasskeyLoginVerifyRes, Schema2021_PasskeyRegisterOptionsReq, Sensor, type SensorBand, type SensorDecision, SensorDecisions, SensorDiscoveryService, type SensorInput, type SensorMinifiedDecision, type SensorOptions, type SensorPhase, type SensorPhaseMetadata, SensorRegistry, TLV_FIELDS_KEY, TLV_VALIDATORS_KEY, type ThreadState, TlvEnum, TlvField, type TlvFieldKind, type TlvFieldMeta, type TlvFieldOptions, TlvMinLen, TlvRange, TlvUtf8Pattern, TlvValidate, type TlvValidatorFn, type TlvValidatorMeta, type UnsignedObservationWitness, type UploadFileStat, type UploadFileStore, type UploadReceiptSigner, type UploadSessionRecord, type UploadSessionStatus, type UploadSessionStore, type Writ, type WritBody, type WritHead, type WritMeta, type WritSignature, type WritValidationResult, axis1SigningBytes, b64urlDecode, b64urlDecodeString, b64urlEncode, b64urlEncodeString, buildAts1Hdr, buildDtoDecoder, buildPacket, buildQueueMessage, buildReceiptHash, buildTLVs, buildUnsignedWitness, bytes, canAccessResource, canonicalJson, canonicalJsonExcluding, canonicalizeGrant, canonicalizeObservation, canonicalizeWrit, index$9 as cce, classifyIntent, createObservation, index$8 as crypto, decodeAxis1Frame, decodeQueueMessage, index$7 as decorators, deriveAnchorReflection, encVarint, encodeAxis1Frame, encodeAxisTlvDto, encodeQueueMessage, endStage, index$5 as engine, executeCcePipeline, extractDtoSchema, finalizeObservation, hasScope, hashObservation, isAdminOpcode, isKnownOpcode, isTimestampValid, index$4 as loom, nonce16, normalizeSensorDecision, packPasskeyLoginOptionsReq, packPasskeyLoginOptionsRes, packPasskeyLoginVerifyReq, packPasskeyLoginVerifyRes, packPasskeyRegisterOptionsReq, parseAutoClaimEntries, parseScope, parseStreamEntries, recordSensor, resolveTimeout, index$3 as schemas, index$2 as security, sensitivityName, index$1 as sensors, stableJsonStringify, startStage, tlv, u64be, unpackPasskeyLoginOptionsReq, unpackPasskeyLoginVerifyReq, unpackPasskeyRegisterOptionsReq, utf8, index as utils, validateFrameShape, varintU, verifyResponse };
2942
+ export { ATS1_HDR, ATS1_SCHEMA, AXIS_OPCODES, AXIS_UPLOAD_FILE_STORE, AXIS_UPLOAD_RECEIPT_SIGNER, AXIS_UPLOAD_SESSION_STORE, ats1 as Ats1Codec, type Axis1DecodedFrame, type Axis1FrameToEncode, type AxisAlg$1 as AxisAlg, type AxisPacket as AxisBinaryPacket, type AxisCapsule, type AxisCapsuleConstraints, type AxisCapsulePayload, AxisContext$1 as AxisContext, type AxisCrudHandler, type AxisDecoded, AxisDemoPubkey, type AxisEffect, AxisFilesDownloadHandler, AxisFilesFinalizeHandler, AxisFrame$2 as AxisFrame, type AxisHandler, type AxisHandlerInit, AxisIdDto, AxisIp, type AxisAlg as AxisJsonAlg, type AxisFrame$1 as AxisJsonFrame, type AxisResponse as AxisJsonResponse, type AxisSig as AxisJsonSig, type AxisObservation, type AxisObservedContext, type AxisPacket$1 as AxisPacket, T as AxisPacketTags, AxisPartialType, type AxisPostSensor, type AxisPreSensor, AxisRaw, type AxisRequestContext, type AxisRequestData, AxisResponseDto, type AxisSensor, AxisSensorChainService, type AxisSensorInit, type AxisSig$1 as AxisSig, AxisTlvDto, BAND, CAPABILITIES, CCE_ERROR, CCE_PROTOCOL_VERSION, type Capability, type CapsuleMode, type CceCapsuleClaims as CceCapsuleClaimsType, CceError, type CceExecutionContext as CceExecutionContextType, type CceHandler, type CceHandlerContext, type CceHandlerResult, type CcePipelineConfig, type CcePipelineResult, type CcePolicyContext, type CcePolicyDecision, type CcePolicyEvaluator, type CceRequestEnvelope as CceRequestEnvelopeType, type CceResponseEnvelope as CceResponseEnvelopeType, type CceWitnessRecord as CceWitnessRecordType, type ChainResult, ContractViolationError, DEFAULT_CONTRACTS, DEFAULT_TIMEOUT, Decision, DiskUploadFileStore, type DtoSchema, type ExecutionContract, ExecutionMeter, type ExecutionMetrics, FALLBACK_CONTRACT, type Grant, type GrantCapability, type GrantMeta, type GrantStatus, type GrantType, type GrantValidationResult, HANDLER_METADATA_KEY, HANDLER_SENSORS_KEY, Handler, HandlerDiscoveryService, HandlerSensors, INTENT_BODY_KEY, INTENT_METADATA_KEY, INTENT_REQUIREMENTS, INTENT_ROUTES_KEY, INTENT_SENSITIVITY_MAP, INTENT_SENSORS_KEY, INTENT_TIMEOUTS, Intent, IntentBody, type IntentDefinition, type IntentKind, type IntentOptions, type IntentRoute, IntentRouter, IntentSensitivity, IntentSensors, type IntentTlvField, type KeyStatus, type LoomReceipt, type LoomValidationResult, type ObservationQueueConfig, type ObservationQueueMessage, type ObservationSensor, type ObservationStage, type ObservationStreamEntry, type ObservationWitnessSummary, type ObserverVerdict, PRE_DECODE_BOUNDARY, PROOF_CAPABILITIES, type PresenceChallenge, type PresenceDeclaration, type PresenceProof, type PresenceReceipt, type PresenceStatus, type PresenceVerifyResult, RESPONSE_TAG_CREATED_AT, RESPONSE_TAG_CREATED_BY, RESPONSE_TAG_ID, RESPONSE_TAG_UPDATED_AT, RESPONSE_TAG_UPDATED_BY, type ReceiptEffect, type ResponseContract, ResponseObserver, type ResponseObserverContext, type Revocation, type RevocationTargetType, RiskDecision, type RiskEvaluation, type RiskSignal, SENSOR_METADATA_KEY, Schema2002_PasskeyLoginOptionsRes, Schema2011_PasskeyLoginVerifyReq, Schema2012_PasskeyLoginVerifyRes, Schema2021_PasskeyRegisterOptionsReq, Sensor, type SensorBand, type SensorDecision, SensorDecisions, SensorDiscoveryService, type SensorInput, type SensorMinifiedDecision, type SensorOptions, type SensorPhase, type SensorPhaseMetadata, SensorRegistry, TLV_FIELDS_KEY, TLV_VALIDATORS_KEY, type ThreadState, TlvEnum, TlvField, type TlvFieldKind, type TlvFieldMeta, type TlvFieldOptions, TlvMinLen, TlvRange, TlvUtf8Pattern, TlvValidate, type TlvValidatorFn, type TlvValidatorMeta, type UnsignedObservationWitness, type UploadFileStat, type UploadFileStore, type UploadReceiptSigner, type UploadSessionRecord, type UploadSessionStatus, type UploadSessionStore, type Writ, type WritBody, type WritHead, type WritMeta, type WritSignature, type WritValidationResult, axis1SigningBytes, b64urlDecode, b64urlDecodeString, b64urlEncode, b64urlEncodeString, buildAts1Hdr, buildDtoDecoder, buildPacket, buildQueueMessage, buildReceiptHash, buildTLVs, buildUnsignedWitness, bytes, canAccessResource, canonicalJson, canonicalJsonExcluding, canonicalizeGrant, canonicalizeObservation, canonicalizeWrit, index$9 as cce, classifyIntent, createObservation, index$8 as crypto, decodeAxis1Frame, decodeQueueMessage, index$7 as decorators, deriveAnchorReflection, encVarint, encodeAxis1Frame, encodeAxisTlvDto, encodeQueueMessage, endStage, index$5 as engine, executeCcePipeline, extractDtoSchema, finalizeObservation, hasScope, hashObservation, isAdminOpcode, isKnownOpcode, isTimestampValid, index$4 as loom, nonce16, normalizeSensorDecision, packPasskeyLoginOptionsReq, packPasskeyLoginOptionsRes, packPasskeyLoginVerifyReq, packPasskeyLoginVerifyRes, packPasskeyRegisterOptionsReq, parseAutoClaimEntries, parseScope, parseStreamEntries, recordSensor, resolveTimeout, index$3 as schemas, index$2 as security, sensitivityName, index$1 as sensors, stableJsonStringify, startStage, tlv, u64be, unpackPasskeyLoginOptionsReq, unpackPasskeyLoginVerifyReq, unpackPasskeyRegisterOptionsReq, utf8, index as utils, validateFrameShape, varintU, verifyResponse };
package/dist/index.d.ts CHANGED
@@ -139,6 +139,7 @@ interface CceCapsuleClaims {
139
139
  tps_to: number;
140
140
  capsule_nonce: string;
141
141
  challenge_id: string;
142
+ proof_hash?: string;
142
143
  policy_hash?: string;
143
144
  iat: number;
144
145
  exp: number;
@@ -195,6 +196,7 @@ interface CceResponseEnvelope {
195
196
  response_id: string;
196
197
  request_id: string;
197
198
  correlation_id: string;
199
+ capsule_id: string;
198
200
  encrypted_key: CceEncryptedKey;
199
201
  encrypted_payload: CceEncryptedPayload;
200
202
  response_nonce: string;
@@ -669,6 +671,21 @@ interface CceHandlerResult {
669
671
  body: Uint8Array;
670
672
  effect?: string;
671
673
  }
674
+ interface CcePolicyContext {
675
+ envelope: CceRequestEnvelope;
676
+ capsule: CceCapsuleClaims;
677
+ executionContext: CceExecutionContext;
678
+ decryptedPayload: Uint8Array;
679
+ clientPublicKeyHex: string;
680
+ }
681
+ interface CcePolicyDecision {
682
+ allow: boolean;
683
+ code?: string;
684
+ message?: string;
685
+ }
686
+ interface CcePolicyEvaluator {
687
+ evaluate(context: CcePolicyContext): Promise<CcePolicyDecision>;
688
+ }
672
689
  interface CcePipelineConfig {
673
690
  axisLocalSecret: string;
674
691
  axisAudience: string;
@@ -677,6 +694,7 @@ interface CcePipelineConfig {
677
694
  witnessStore: CceWitnessStore;
678
695
  clientKeyEncryptor: CceClientKeyEncryptor;
679
696
  axisSigner: CceAxisSigner;
697
+ policyEvaluator?: CcePolicyEvaluator;
680
698
  }
681
699
  type CcePipelineResult = {
682
700
  ok: true;
@@ -874,6 +892,8 @@ interface ObserverVerdict {
874
892
  reason?: string;
875
893
  }
876
894
  declare function verifyResponse(ctx: ResponseObserverContext, response: ResponseContract): ObserverVerdict;
895
+ type ResponseObserver = (ctx: ResponseObserverContext, response: ResponseContract) => ObserverVerdict;
896
+ declare const ResponseObserver: ResponseObserver;
877
897
 
878
898
  declare const ATS1_HDR: {
879
899
  readonly INTENT_ID: 1;
@@ -2140,14 +2160,24 @@ interface CceAxisKeyProvider {
2140
2160
  interface CceAesGcmProvider {
2141
2161
  decrypt(key: Uint8Array, iv: Uint8Array, ciphertext: Uint8Array, tag: Uint8Array, aad?: Uint8Array): Promise<Uint8Array | null>;
2142
2162
  }
2163
+ interface CcePayloadValidatorResult {
2164
+ ok: boolean;
2165
+ intent?: string;
2166
+ code?: string;
2167
+ reason?: string;
2168
+ }
2169
+ interface CcePayloadValidator {
2170
+ validate(plaintext: Uint8Array, envelope: CceRequestEnvelope): Promise<CcePayloadValidatorResult>;
2171
+ }
2143
2172
  declare class CcePayloadDecryptionSensor implements AxisSensor {
2144
2173
  private readonly keyProvider;
2145
2174
  private readonly aesProvider;
2146
2175
  private readonly maxPayloadBytes;
2176
+ private readonly payloadValidator?;
2147
2177
  readonly name = "cce.payload.decryption";
2148
2178
  readonly order = 145;
2149
2179
  readonly phase: "POST_DECODE";
2150
- constructor(keyProvider: CceAxisKeyProvider, aesProvider: CceAesGcmProvider, maxPayloadBytes?: number);
2180
+ constructor(keyProvider: CceAxisKeyProvider, aesProvider: CceAesGcmProvider, maxPayloadBytes?: number, payloadValidator?: CcePayloadValidator | undefined);
2151
2181
  supports(input: SensorInput): boolean;
2152
2182
  run(input: SensorInput): Promise<SensorDecision>;
2153
2183
  }
@@ -2307,8 +2337,13 @@ type index$9_CceKdfAlgorithm = CceKdfAlgorithm;
2307
2337
  type index$9_CceKemAlgorithm = CceKemAlgorithm;
2308
2338
  type index$9_CcePayloadDecryptionSensor = CcePayloadDecryptionSensor;
2309
2339
  declare const index$9_CcePayloadDecryptionSensor: typeof CcePayloadDecryptionSensor;
2340
+ type index$9_CcePayloadValidator = CcePayloadValidator;
2341
+ type index$9_CcePayloadValidatorResult = CcePayloadValidatorResult;
2310
2342
  type index$9_CcePipelineConfig = CcePipelineConfig;
2311
2343
  type index$9_CcePipelineResult = CcePipelineResult;
2344
+ type index$9_CcePolicyContext = CcePolicyContext;
2345
+ type index$9_CcePolicyDecision = CcePolicyDecision;
2346
+ type index$9_CcePolicyEvaluator = CcePolicyEvaluator;
2312
2347
  type index$9_CceReplayProtectionSensor = CceReplayProtectionSensor;
2313
2348
  declare const index$9_CceReplayProtectionSensor: typeof CceReplayProtectionSensor;
2314
2349
  type index$9_CceReplayStore = CceReplayStore;
@@ -2346,7 +2381,7 @@ declare const index$9_generateIv: typeof generateIv;
2346
2381
  declare const index$9_hashPayload: typeof hashPayload;
2347
2382
  declare const index$9_nodeAesGcmProvider: typeof nodeAesGcmProvider;
2348
2383
  declare namespace index$9 {
2349
- export { index$9_CCE_AES_KEY_BYTES as CCE_AES_KEY_BYTES, index$9_CCE_DERIVATION as CCE_DERIVATION, index$9_CCE_ERROR as CCE_ERROR, index$9_CCE_IV_BYTES as CCE_IV_BYTES, index$9_CCE_NONCE_BYTES as CCE_NONCE_BYTES, index$9_CCE_PROTOCOL_VERSION as CCE_PROTOCOL_VERSION, index$9_CCE_TAG_BYTES as CCE_TAG_BYTES, type index$9_CceAesGcmProvider as CceAesGcmProvider, type index$9_CceAlgorithm as CceAlgorithm, type index$9_CceAlgorithmDescriptor as CceAlgorithmDescriptor, index$9_CceAudienceIntentBindingSensor as CceAudienceIntentBindingSensor, type index$9_CceAxisKeyProvider as CceAxisKeyProvider, type index$9_CceAxisSigner as CceAxisSigner, type index$9_CceCapsuleClaims as CceCapsuleClaims, type index$9_CceCapsuleSignatureVerifier as CceCapsuleSignatureVerifier, index$9_CceCapsuleVerificationSensor as CceCapsuleVerificationSensor, type index$9_CceClientKeyEncryptor as CceClientKeyEncryptor, type index$9_CceClientKeyResolver as CceClientKeyResolver, index$9_CceClientSignatureSensor as CceClientSignatureSensor, type index$9_CceConstraints as CceConstraints, type index$9_CceDerivationInput as CceDerivationInput, type index$9_CceEncryptedKey as CceEncryptedKey, type index$9_CceEncryptedPayload as CceEncryptedPayload, index$9_CceEnvelopeValidationSensor as CceEnvelopeValidationSensor, index$9_CceError as CceError, type index$9_CceErrorCode as CceErrorCode, type index$9_CceExecutionContext as CceExecutionContext, type index$9_CceHandler as CceHandler, type index$9_CceHandlerContext as CceHandlerContext, type index$9_CceHandlerResult as CceHandlerResult, type index$9_CceIssuerKeyResolver as CceIssuerKeyResolver, type index$9_CceKdfAlgorithm as CceKdfAlgorithm, type index$9_CceKemAlgorithm as CceKemAlgorithm, index$9_CcePayloadDecryptionSensor as CcePayloadDecryptionSensor, type index$9_CcePipelineConfig as CcePipelineConfig, type index$9_CcePipelineResult as CcePipelineResult, index$9_CceReplayProtectionSensor as CceReplayProtectionSensor, type index$9_CceReplayStore as CceReplayStore, type index$9_CceRequestEnvelope as CceRequestEnvelope, type index$9_CceResponseEnvelope as CceResponseEnvelope, type index$9_CceResponseOptions as CceResponseOptions, type index$9_CceResponseStatus as CceResponseStatus, type index$9_CceSignature as CceSignature, type index$9_CceSignatureVerifier as CceSignatureVerifier, index$9_CceTpsWindowSensor as CceTpsWindowSensor, type index$9_CceVerificationState as CceVerificationState, type index$9_CceWitnessRecord as CceWitnessRecord, type index$9_CceWitnessStore as CceWitnessStore, index$9_InMemoryCceReplayStore as InMemoryCceReplayStore, index$9_InMemoryCceWitnessStore as InMemoryCceWitnessStore, index$9_aesGcmDecrypt as aesGcmDecrypt, index$9_aesGcmEncrypt as aesGcmEncrypt, index$9_base64UrlDecode as base64UrlDecode, index$9_base64UrlEncode as base64UrlEncode, index$9_buildCceErrorResponse as buildCceErrorResponse, index$9_buildCceResponse as buildCceResponse, index$9_buildExecutionContext as buildExecutionContext, index$9_buildWitnessRecord as buildWitnessRecord, index$9_deriveRequestExecutionKey as deriveRequestExecutionKey, index$9_deriveResponseExecutionKey as deriveResponseExecutionKey, index$9_deriveWitnessKey as deriveWitnessKey, index$9_executeCcePipeline as executeCcePipeline, index$9_extractVerificationState as extractVerificationState, index$9_generateAesKey as generateAesKey, index$9_generateCceNonce as generateCceNonce, index$9_generateIv as generateIv, index$9_hashPayload as hashPayload, index$9_nodeAesGcmProvider as nodeAesGcmProvider };
2384
+ export { index$9_CCE_AES_KEY_BYTES as CCE_AES_KEY_BYTES, index$9_CCE_DERIVATION as CCE_DERIVATION, index$9_CCE_ERROR as CCE_ERROR, index$9_CCE_IV_BYTES as CCE_IV_BYTES, index$9_CCE_NONCE_BYTES as CCE_NONCE_BYTES, index$9_CCE_PROTOCOL_VERSION as CCE_PROTOCOL_VERSION, index$9_CCE_TAG_BYTES as CCE_TAG_BYTES, type index$9_CceAesGcmProvider as CceAesGcmProvider, type index$9_CceAlgorithm as CceAlgorithm, type index$9_CceAlgorithmDescriptor as CceAlgorithmDescriptor, index$9_CceAudienceIntentBindingSensor as CceAudienceIntentBindingSensor, type index$9_CceAxisKeyProvider as CceAxisKeyProvider, type index$9_CceAxisSigner as CceAxisSigner, type index$9_CceCapsuleClaims as CceCapsuleClaims, type index$9_CceCapsuleSignatureVerifier as CceCapsuleSignatureVerifier, index$9_CceCapsuleVerificationSensor as CceCapsuleVerificationSensor, type index$9_CceClientKeyEncryptor as CceClientKeyEncryptor, type index$9_CceClientKeyResolver as CceClientKeyResolver, index$9_CceClientSignatureSensor as CceClientSignatureSensor, type index$9_CceConstraints as CceConstraints, type index$9_CceDerivationInput as CceDerivationInput, type index$9_CceEncryptedKey as CceEncryptedKey, type index$9_CceEncryptedPayload as CceEncryptedPayload, index$9_CceEnvelopeValidationSensor as CceEnvelopeValidationSensor, index$9_CceError as CceError, type index$9_CceErrorCode as CceErrorCode, type index$9_CceExecutionContext as CceExecutionContext, type index$9_CceHandler as CceHandler, type index$9_CceHandlerContext as CceHandlerContext, type index$9_CceHandlerResult as CceHandlerResult, type index$9_CceIssuerKeyResolver as CceIssuerKeyResolver, type index$9_CceKdfAlgorithm as CceKdfAlgorithm, type index$9_CceKemAlgorithm as CceKemAlgorithm, index$9_CcePayloadDecryptionSensor as CcePayloadDecryptionSensor, type index$9_CcePayloadValidator as CcePayloadValidator, type index$9_CcePayloadValidatorResult as CcePayloadValidatorResult, type index$9_CcePipelineConfig as CcePipelineConfig, type index$9_CcePipelineResult as CcePipelineResult, type index$9_CcePolicyContext as CcePolicyContext, type index$9_CcePolicyDecision as CcePolicyDecision, type index$9_CcePolicyEvaluator as CcePolicyEvaluator, index$9_CceReplayProtectionSensor as CceReplayProtectionSensor, type index$9_CceReplayStore as CceReplayStore, type index$9_CceRequestEnvelope as CceRequestEnvelope, type index$9_CceResponseEnvelope as CceResponseEnvelope, type index$9_CceResponseOptions as CceResponseOptions, type index$9_CceResponseStatus as CceResponseStatus, type index$9_CceSignature as CceSignature, type index$9_CceSignatureVerifier as CceSignatureVerifier, index$9_CceTpsWindowSensor as CceTpsWindowSensor, type index$9_CceVerificationState as CceVerificationState, type index$9_CceWitnessRecord as CceWitnessRecord, type index$9_CceWitnessStore as CceWitnessStore, index$9_InMemoryCceReplayStore as InMemoryCceReplayStore, index$9_InMemoryCceWitnessStore as InMemoryCceWitnessStore, index$9_aesGcmDecrypt as aesGcmDecrypt, index$9_aesGcmEncrypt as aesGcmEncrypt, index$9_base64UrlDecode as base64UrlDecode, index$9_base64UrlEncode as base64UrlEncode, index$9_buildCceErrorResponse as buildCceErrorResponse, index$9_buildCceResponse as buildCceResponse, index$9_buildExecutionContext as buildExecutionContext, index$9_buildWitnessRecord as buildWitnessRecord, index$9_deriveRequestExecutionKey as deriveRequestExecutionKey, index$9_deriveResponseExecutionKey as deriveResponseExecutionKey, index$9_deriveWitnessKey as deriveWitnessKey, index$9_executeCcePipeline as executeCcePipeline, index$9_extractVerificationState as extractVerificationState, index$9_generateAesKey as generateAesKey, index$9_generateCceNonce as generateCceNonce, index$9_generateIv as generateIv, index$9_hashPayload as hashPayload, index$9_nodeAesGcmProvider as nodeAesGcmProvider };
2350
2385
  }
2351
2386
 
2352
2387
  type ProofType = 1 | 2 | 3 | 4;
@@ -2470,6 +2505,7 @@ type index$6_ObservationStreamEntry = ObservationStreamEntry;
2470
2505
  type index$6_ObservationWitnessSummary = ObservationWitnessSummary;
2471
2506
  type index$6_ObserverVerdict = ObserverVerdict;
2472
2507
  type index$6_ResponseContract = ResponseContract;
2508
+ declare const index$6_ResponseObserver: typeof ResponseObserver;
2473
2509
  type index$6_ResponseObserverContext = ResponseObserverContext;
2474
2510
  type index$6_UnsignedObservationWitness = UnsignedObservationWitness;
2475
2511
  declare const index$6_buildQueueMessage: typeof buildQueueMessage;
@@ -2483,7 +2519,7 @@ declare const index$6_parseStreamEntries: typeof parseStreamEntries;
2483
2519
  declare const index$6_stableJsonStringify: typeof stableJsonStringify;
2484
2520
  declare const index$6_verifyResponse: typeof verifyResponse;
2485
2521
  declare namespace index$6 {
2486
- export { type index$6_ObservationQueueConfig as ObservationQueueConfig, type index$6_ObservationQueueMessage as ObservationQueueMessage, type index$6_ObservationStreamEntry as ObservationStreamEntry, type index$6_ObservationWitnessSummary as ObservationWitnessSummary, type index$6_ObserverVerdict as ObserverVerdict, type index$6_ResponseContract as ResponseContract, type index$6_ResponseObserverContext as ResponseObserverContext, type index$6_UnsignedObservationWitness as UnsignedObservationWitness, index$6_buildQueueMessage as buildQueueMessage, index$6_buildUnsignedWitness as buildUnsignedWitness, index$6_canonicalizeObservation as canonicalizeObservation, index$6_decodeQueueMessage as decodeQueueMessage, index$6_encodeQueueMessage as encodeQueueMessage, index$6_hashObservation as hashObservation, index$6_parseAutoClaimEntries as parseAutoClaimEntries, index$6_parseStreamEntries as parseStreamEntries, index$6_stableJsonStringify as stableJsonStringify, index$6_verifyResponse as verifyResponse };
2522
+ export { type index$6_ObservationQueueConfig as ObservationQueueConfig, type index$6_ObservationQueueMessage as ObservationQueueMessage, type index$6_ObservationStreamEntry as ObservationStreamEntry, type index$6_ObservationWitnessSummary as ObservationWitnessSummary, type index$6_ObserverVerdict as ObserverVerdict, type index$6_ResponseContract as ResponseContract, index$6_ResponseObserver as ResponseObserver, type index$6_ResponseObserverContext as ResponseObserverContext, type index$6_UnsignedObservationWitness as UnsignedObservationWitness, index$6_buildQueueMessage as buildQueueMessage, index$6_buildUnsignedWitness as buildUnsignedWitness, index$6_canonicalizeObservation as canonicalizeObservation, index$6_decodeQueueMessage as decodeQueueMessage, index$6_encodeQueueMessage as encodeQueueMessage, index$6_hashObservation as hashObservation, index$6_parseAutoClaimEntries as parseAutoClaimEntries, index$6_parseStreamEntries as parseStreamEntries, index$6_stableJsonStringify as stableJsonStringify, index$6_verifyResponse as verifyResponse };
2487
2523
  }
2488
2524
 
2489
2525
  type index$5_AxisDecoded = AxisDecoded;
@@ -2503,6 +2539,7 @@ type index$5_ObservationWitnessSummary = ObservationWitnessSummary;
2503
2539
  type index$5_ObserverVerdict = ObserverVerdict;
2504
2540
  declare const index$5_PRE_DECODE_BOUNDARY: typeof PRE_DECODE_BOUNDARY;
2505
2541
  type index$5_ResponseContract = ResponseContract;
2542
+ declare const index$5_ResponseObserver: typeof ResponseObserver;
2506
2543
  type index$5_ResponseObserverContext = ResponseObserverContext;
2507
2544
  type index$5_SensorBand = SensorBand;
2508
2545
  type index$5_SensorDiscoveryService = SensorDiscoveryService;
@@ -2526,7 +2563,7 @@ declare const index$5_stableJsonStringify: typeof stableJsonStringify;
2526
2563
  declare const index$5_startStage: typeof startStage;
2527
2564
  declare const index$5_verifyResponse: typeof verifyResponse;
2528
2565
  declare namespace index$5 {
2529
- export { type index$5_AxisDecoded as AxisDecoded, type index$5_AxisEffect as AxisEffect, type index$5_AxisObservation as AxisObservation, index$5_BAND as BAND, index$5_HandlerDiscoveryService as HandlerDiscoveryService, index$5_IntentRouter as IntentRouter, type IntentSchema$1 as IntentSchema, type index$5_ObservationQueueConfig as ObservationQueueConfig, type index$5_ObservationQueueMessage as ObservationQueueMessage, type index$5_ObservationSensor as ObservationSensor, type index$5_ObservationStage as ObservationStage, type index$5_ObservationStreamEntry as ObservationStreamEntry, type index$5_ObservationWitnessSummary as ObservationWitnessSummary, type index$5_ObserverVerdict as ObserverVerdict, index$5_PRE_DECODE_BOUNDARY as PRE_DECODE_BOUNDARY, type index$5_ResponseContract as ResponseContract, type index$5_ResponseObserverContext as ResponseObserverContext, type index$5_SensorBand as SensorBand, index$5_SensorDiscoveryService as SensorDiscoveryService, index$5_SensorRegistry as SensorRegistry, type index$5_UnsignedObservationWitness as UnsignedObservationWitness, index$5_buildQueueMessage as buildQueueMessage, index$5_buildUnsignedWitness as buildUnsignedWitness, index$5_canonicalizeObservation as canonicalizeObservation, index$5_createObservation as createObservation, index$5_decodeQueueMessage as decodeQueueMessage, index$5_encodeQueueMessage as encodeQueueMessage, index$5_endStage as endStage, index$5_finalizeObservation as finalizeObservation, index$5_hashObservation as hashObservation, index$6 as observation, index$5_parseAutoClaimEntries as parseAutoClaimEntries, index$5_parseStreamEntries as parseStreamEntries, index$5_recordSensor as recordSensor, index$5_stableJsonStringify as stableJsonStringify, index$5_startStage as startStage, index$5_verifyResponse as verifyResponse };
2566
+ export { type index$5_AxisDecoded as AxisDecoded, type index$5_AxisEffect as AxisEffect, type index$5_AxisObservation as AxisObservation, index$5_BAND as BAND, index$5_HandlerDiscoveryService as HandlerDiscoveryService, index$5_IntentRouter as IntentRouter, type IntentSchema$1 as IntentSchema, type index$5_ObservationQueueConfig as ObservationQueueConfig, type index$5_ObservationQueueMessage as ObservationQueueMessage, type index$5_ObservationSensor as ObservationSensor, type index$5_ObservationStage as ObservationStage, type index$5_ObservationStreamEntry as ObservationStreamEntry, type index$5_ObservationWitnessSummary as ObservationWitnessSummary, type index$5_ObserverVerdict as ObserverVerdict, index$5_PRE_DECODE_BOUNDARY as PRE_DECODE_BOUNDARY, type index$5_ResponseContract as ResponseContract, index$5_ResponseObserver as ResponseObserver, type index$5_ResponseObserverContext as ResponseObserverContext, type index$5_SensorBand as SensorBand, index$5_SensorDiscoveryService as SensorDiscoveryService, index$5_SensorRegistry as SensorRegistry, type index$5_UnsignedObservationWitness as UnsignedObservationWitness, index$5_buildQueueMessage as buildQueueMessage, index$5_buildUnsignedWitness as buildUnsignedWitness, index$5_canonicalizeObservation as canonicalizeObservation, index$5_createObservation as createObservation, index$5_decodeQueueMessage as decodeQueueMessage, index$5_encodeQueueMessage as encodeQueueMessage, index$5_endStage as endStage, index$5_finalizeObservation as finalizeObservation, index$5_hashObservation as hashObservation, index$6 as observation, index$5_parseAutoClaimEntries as parseAutoClaimEntries, index$5_parseStreamEntries as parseStreamEntries, index$5_recordSensor as recordSensor, index$5_stableJsonStringify as stableJsonStringify, index$5_startStage as startStage, index$5_verifyResponse as verifyResponse };
2530
2567
  }
2531
2568
 
2532
2569
  type index$4_Grant = Grant;
@@ -2902,4 +2939,4 @@ declare namespace index {
2902
2939
  export { index_encodeAxisTlvDto as encodeAxisTlvDto };
2903
2940
  }
2904
2941
 
2905
- export { ATS1_HDR, ATS1_SCHEMA, AXIS_OPCODES, AXIS_UPLOAD_FILE_STORE, AXIS_UPLOAD_RECEIPT_SIGNER, AXIS_UPLOAD_SESSION_STORE, ats1 as Ats1Codec, type Axis1DecodedFrame, type Axis1FrameToEncode, type AxisAlg$1 as AxisAlg, type AxisPacket as AxisBinaryPacket, type AxisCapsule, type AxisCapsuleConstraints, type AxisCapsulePayload, AxisContext$1 as AxisContext, type AxisCrudHandler, type AxisDecoded, AxisDemoPubkey, type AxisEffect, AxisFilesDownloadHandler, AxisFilesFinalizeHandler, AxisFrame$2 as AxisFrame, type AxisHandler, type AxisHandlerInit, AxisIdDto, AxisIp, type AxisAlg as AxisJsonAlg, type AxisFrame$1 as AxisJsonFrame, type AxisResponse as AxisJsonResponse, type AxisSig as AxisJsonSig, type AxisObservation, type AxisObservedContext, type AxisPacket$1 as AxisPacket, T as AxisPacketTags, AxisPartialType, type AxisPostSensor, type AxisPreSensor, AxisRaw, type AxisRequestContext, type AxisRequestData, AxisResponseDto, type AxisSensor, AxisSensorChainService, type AxisSensorInit, type AxisSig$1 as AxisSig, AxisTlvDto, BAND, CAPABILITIES, CCE_ERROR, CCE_PROTOCOL_VERSION, type Capability, type CapsuleMode, type CceCapsuleClaims as CceCapsuleClaimsType, CceError, type CceExecutionContext as CceExecutionContextType, type CceHandler, type CceHandlerContext, type CceHandlerResult, type CcePipelineConfig, type CcePipelineResult, type CceRequestEnvelope as CceRequestEnvelopeType, type CceResponseEnvelope as CceResponseEnvelopeType, type CceWitnessRecord as CceWitnessRecordType, type ChainResult, ContractViolationError, DEFAULT_CONTRACTS, DEFAULT_TIMEOUT, Decision, DiskUploadFileStore, type DtoSchema, type ExecutionContract, ExecutionMeter, type ExecutionMetrics, FALLBACK_CONTRACT, type Grant, type GrantCapability, type GrantMeta, type GrantStatus, type GrantType, type GrantValidationResult, HANDLER_METADATA_KEY, HANDLER_SENSORS_KEY, Handler, HandlerDiscoveryService, HandlerSensors, INTENT_BODY_KEY, INTENT_METADATA_KEY, INTENT_REQUIREMENTS, INTENT_ROUTES_KEY, INTENT_SENSITIVITY_MAP, INTENT_SENSORS_KEY, INTENT_TIMEOUTS, Intent, IntentBody, type IntentDefinition, type IntentKind, type IntentOptions, type IntentRoute, IntentRouter, IntentSensitivity, IntentSensors, type IntentTlvField, type KeyStatus, type LoomReceipt, type LoomValidationResult, type ObservationQueueConfig, type ObservationQueueMessage, type ObservationSensor, type ObservationStage, type ObservationStreamEntry, type ObservationWitnessSummary, type ObserverVerdict, PRE_DECODE_BOUNDARY, PROOF_CAPABILITIES, type PresenceChallenge, type PresenceDeclaration, type PresenceProof, type PresenceReceipt, type PresenceStatus, type PresenceVerifyResult, RESPONSE_TAG_CREATED_AT, RESPONSE_TAG_CREATED_BY, RESPONSE_TAG_ID, RESPONSE_TAG_UPDATED_AT, RESPONSE_TAG_UPDATED_BY, type ReceiptEffect, type ResponseContract, verifyResponse as ResponseObserver, type ResponseObserverContext, type Revocation, type RevocationTargetType, RiskDecision, type RiskEvaluation, type RiskSignal, SENSOR_METADATA_KEY, Schema2002_PasskeyLoginOptionsRes, Schema2011_PasskeyLoginVerifyReq, Schema2012_PasskeyLoginVerifyRes, Schema2021_PasskeyRegisterOptionsReq, Sensor, type SensorBand, type SensorDecision, SensorDecisions, SensorDiscoveryService, type SensorInput, type SensorMinifiedDecision, type SensorOptions, type SensorPhase, type SensorPhaseMetadata, SensorRegistry, TLV_FIELDS_KEY, TLV_VALIDATORS_KEY, type ThreadState, TlvEnum, TlvField, type TlvFieldKind, type TlvFieldMeta, type TlvFieldOptions, TlvMinLen, TlvRange, TlvUtf8Pattern, TlvValidate, type TlvValidatorFn, type TlvValidatorMeta, type UnsignedObservationWitness, type UploadFileStat, type UploadFileStore, type UploadReceiptSigner, type UploadSessionRecord, type UploadSessionStatus, type UploadSessionStore, type Writ, type WritBody, type WritHead, type WritMeta, type WritSignature, type WritValidationResult, axis1SigningBytes, b64urlDecode, b64urlDecodeString, b64urlEncode, b64urlEncodeString, buildAts1Hdr, buildDtoDecoder, buildPacket, buildQueueMessage, buildReceiptHash, buildTLVs, buildUnsignedWitness, bytes, canAccessResource, canonicalJson, canonicalJsonExcluding, canonicalizeGrant, canonicalizeObservation, canonicalizeWrit, index$9 as cce, classifyIntent, createObservation, index$8 as crypto, decodeAxis1Frame, decodeQueueMessage, index$7 as decorators, deriveAnchorReflection, encVarint, encodeAxis1Frame, encodeAxisTlvDto, encodeQueueMessage, endStage, index$5 as engine, executeCcePipeline, extractDtoSchema, finalizeObservation, hasScope, hashObservation, isAdminOpcode, isKnownOpcode, isTimestampValid, index$4 as loom, nonce16, normalizeSensorDecision, packPasskeyLoginOptionsReq, packPasskeyLoginOptionsRes, packPasskeyLoginVerifyReq, packPasskeyLoginVerifyRes, packPasskeyRegisterOptionsReq, parseAutoClaimEntries, parseScope, parseStreamEntries, recordSensor, resolveTimeout, index$3 as schemas, index$2 as security, sensitivityName, index$1 as sensors, stableJsonStringify, startStage, tlv, u64be, unpackPasskeyLoginOptionsReq, unpackPasskeyLoginVerifyReq, unpackPasskeyRegisterOptionsReq, utf8, index as utils, validateFrameShape, varintU, verifyResponse };
2942
+ export { ATS1_HDR, ATS1_SCHEMA, AXIS_OPCODES, AXIS_UPLOAD_FILE_STORE, AXIS_UPLOAD_RECEIPT_SIGNER, AXIS_UPLOAD_SESSION_STORE, ats1 as Ats1Codec, type Axis1DecodedFrame, type Axis1FrameToEncode, type AxisAlg$1 as AxisAlg, type AxisPacket as AxisBinaryPacket, type AxisCapsule, type AxisCapsuleConstraints, type AxisCapsulePayload, AxisContext$1 as AxisContext, type AxisCrudHandler, type AxisDecoded, AxisDemoPubkey, type AxisEffect, AxisFilesDownloadHandler, AxisFilesFinalizeHandler, AxisFrame$2 as AxisFrame, type AxisHandler, type AxisHandlerInit, AxisIdDto, AxisIp, type AxisAlg as AxisJsonAlg, type AxisFrame$1 as AxisJsonFrame, type AxisResponse as AxisJsonResponse, type AxisSig as AxisJsonSig, type AxisObservation, type AxisObservedContext, type AxisPacket$1 as AxisPacket, T as AxisPacketTags, AxisPartialType, type AxisPostSensor, type AxisPreSensor, AxisRaw, type AxisRequestContext, type AxisRequestData, AxisResponseDto, type AxisSensor, AxisSensorChainService, type AxisSensorInit, type AxisSig$1 as AxisSig, AxisTlvDto, BAND, CAPABILITIES, CCE_ERROR, CCE_PROTOCOL_VERSION, type Capability, type CapsuleMode, type CceCapsuleClaims as CceCapsuleClaimsType, CceError, type CceExecutionContext as CceExecutionContextType, type CceHandler, type CceHandlerContext, type CceHandlerResult, type CcePipelineConfig, type CcePipelineResult, type CcePolicyContext, type CcePolicyDecision, type CcePolicyEvaluator, type CceRequestEnvelope as CceRequestEnvelopeType, type CceResponseEnvelope as CceResponseEnvelopeType, type CceWitnessRecord as CceWitnessRecordType, type ChainResult, ContractViolationError, DEFAULT_CONTRACTS, DEFAULT_TIMEOUT, Decision, DiskUploadFileStore, type DtoSchema, type ExecutionContract, ExecutionMeter, type ExecutionMetrics, FALLBACK_CONTRACT, type Grant, type GrantCapability, type GrantMeta, type GrantStatus, type GrantType, type GrantValidationResult, HANDLER_METADATA_KEY, HANDLER_SENSORS_KEY, Handler, HandlerDiscoveryService, HandlerSensors, INTENT_BODY_KEY, INTENT_METADATA_KEY, INTENT_REQUIREMENTS, INTENT_ROUTES_KEY, INTENT_SENSITIVITY_MAP, INTENT_SENSORS_KEY, INTENT_TIMEOUTS, Intent, IntentBody, type IntentDefinition, type IntentKind, type IntentOptions, type IntentRoute, IntentRouter, IntentSensitivity, IntentSensors, type IntentTlvField, type KeyStatus, type LoomReceipt, type LoomValidationResult, type ObservationQueueConfig, type ObservationQueueMessage, type ObservationSensor, type ObservationStage, type ObservationStreamEntry, type ObservationWitnessSummary, type ObserverVerdict, PRE_DECODE_BOUNDARY, PROOF_CAPABILITIES, type PresenceChallenge, type PresenceDeclaration, type PresenceProof, type PresenceReceipt, type PresenceStatus, type PresenceVerifyResult, RESPONSE_TAG_CREATED_AT, RESPONSE_TAG_CREATED_BY, RESPONSE_TAG_ID, RESPONSE_TAG_UPDATED_AT, RESPONSE_TAG_UPDATED_BY, type ReceiptEffect, type ResponseContract, ResponseObserver, type ResponseObserverContext, type Revocation, type RevocationTargetType, RiskDecision, type RiskEvaluation, type RiskSignal, SENSOR_METADATA_KEY, Schema2002_PasskeyLoginOptionsRes, Schema2011_PasskeyLoginVerifyReq, Schema2012_PasskeyLoginVerifyRes, Schema2021_PasskeyRegisterOptionsReq, Sensor, type SensorBand, type SensorDecision, SensorDecisions, SensorDiscoveryService, type SensorInput, type SensorMinifiedDecision, type SensorOptions, type SensorPhase, type SensorPhaseMetadata, SensorRegistry, TLV_FIELDS_KEY, TLV_VALIDATORS_KEY, type ThreadState, TlvEnum, TlvField, type TlvFieldKind, type TlvFieldMeta, type TlvFieldOptions, TlvMinLen, TlvRange, TlvUtf8Pattern, TlvValidate, type TlvValidatorFn, type TlvValidatorMeta, type UnsignedObservationWitness, type UploadFileStat, type UploadFileStore, type UploadReceiptSigner, type UploadSessionRecord, type UploadSessionStatus, type UploadSessionStore, type Writ, type WritBody, type WritHead, type WritMeta, type WritSignature, type WritValidationResult, axis1SigningBytes, b64urlDecode, b64urlDecodeString, b64urlEncode, b64urlEncodeString, buildAts1Hdr, buildDtoDecoder, buildPacket, buildQueueMessage, buildReceiptHash, buildTLVs, buildUnsignedWitness, bytes, canAccessResource, canonicalJson, canonicalJsonExcluding, canonicalizeGrant, canonicalizeObservation, canonicalizeWrit, index$9 as cce, classifyIntent, createObservation, index$8 as crypto, decodeAxis1Frame, decodeQueueMessage, index$7 as decorators, deriveAnchorReflection, encVarint, encodeAxis1Frame, encodeAxisTlvDto, encodeQueueMessage, endStage, index$5 as engine, executeCcePipeline, extractDtoSchema, finalizeObservation, hasScope, hashObservation, isAdminOpcode, isKnownOpcode, isTimestampValid, index$4 as loom, nonce16, normalizeSensorDecision, packPasskeyLoginOptionsReq, packPasskeyLoginOptionsRes, packPasskeyLoginVerifyReq, packPasskeyLoginVerifyRes, packPasskeyRegisterOptionsReq, parseAutoClaimEntries, parseScope, parseStreamEntries, recordSensor, resolveTimeout, index$3 as schemas, index$2 as security, sensitivityName, index$1 as sensors, stableJsonStringify, startStage, tlv, u64be, unpackPasskeyLoginOptionsReq, unpackPasskeyLoginVerifyReq, unpackPasskeyRegisterOptionsReq, utf8, index as utils, validateFrameShape, varintU, verifyResponse };