@nextera.one/axis-server-sdk 2.2.6 → 2.2.7

package/dist/sensors/index.d.mts

@@ -1,5 +1,5 @@
-export { m as AccessProfileResolverSensor, Y as BodyBudgetSensor, $ as CapabilityEnforcementSensor, a4 as ChunkHashSensor, a7 as EntropySensor, a9 as ExecutionTimeoutSensor, ab as FrameBudgetSensor, ac as FrameHeaderSanitySensor, ad as HeaderTLVLimitSensor, ah as IntentAllowlistSensor, ak as IntentRegistrySensor, am as LawEvaluationSensor, as as ProofPresenceSensor, at as ProtocolStrictSensor, av as ReceiptPolicySensor, aB as RiskGateSensor, aC as RiskGateSensorOptions, aE as RiskSignalCollector, aG as SchemaValidationSensor, aI as StreamScopeSensor, aJ as TLVParseSensor, aM as TickAuthCapsuleRef, aN as TickAuthSensor, aO as TickAuthSensorOptions, aP as TickAuthVerifier, a_ as TpsSensor, a$ as TpsSensorOptions, b0 as VarintHardeningSensor } from '../index-ldPtIocV.mjs';
-import '../axis-sensor-GBEI3Fab.mjs';
-import '../cce-pipeline-B-zUBHo3.mjs';
+export { m as AccessProfileResolverSensor, Y as BodyBudgetSensor, $ as CapabilityEnforcementSensor, a4 as ChunkHashSensor, a7 as EntropySensor, a9 as ExecutionTimeoutSensor, ab as FrameBudgetSensor, ac as FrameHeaderSanitySensor, ad as HeaderTLVLimitSensor, ah as IntentAllowlistSensor, ak as IntentRegistrySensor, am as LawEvaluationSensor, as as ProofPresenceSensor, at as ProtocolStrictSensor, av as ReceiptPolicySensor, aB as RiskGateSensor, aC as RiskGateSensorOptions, aE as RiskSignalCollector, aG as SchemaValidationSensor, aI as StreamScopeSensor, aJ as TLVParseSensor, aM as TickAuthCapsuleRef, aN as TickAuthSensor, aO as TickAuthSensorOptions, aP as TickAuthVerifier, a_ as TpsSensor, a$ as TpsSensorOptions, b0 as VarintHardeningSensor } from '../index-BLK3AtRm.mjs';
+import '../axis-sensor-DMW4rfRg.mjs';
+import '../cce-pipeline-CBt56guN.mjs';
 import '@nextera.one/axis-protocol';
 import 'zod';

package/dist/sensors/index.d.ts

@@ -1,5 +1,5 @@
-export { m as AccessProfileResolverSensor, Y as BodyBudgetSensor, $ as CapabilityEnforcementSensor, a4 as ChunkHashSensor, a7 as EntropySensor, a9 as ExecutionTimeoutSensor, ab as FrameBudgetSensor, ac as FrameHeaderSanitySensor, ad as HeaderTLVLimitSensor, ah as IntentAllowlistSensor, ak as IntentRegistrySensor, am as LawEvaluationSensor, as as ProofPresenceSensor, at as ProtocolStrictSensor, av as ReceiptPolicySensor, aB as RiskGateSensor, aC as RiskGateSensorOptions, aE as RiskSignalCollector, aG as SchemaValidationSensor, aI as StreamScopeSensor, aJ as TLVParseSensor, aM as TickAuthCapsuleRef, aN as TickAuthSensor, aO as TickAuthSensorOptions, aP as TickAuthVerifier, a_ as TpsSensor, a$ as TpsSensorOptions, b0 as VarintHardeningSensor } from '../index-CwXlBXJf.js';
-import '../axis-sensor-GBEI3Fab.js';
-import '../cce-pipeline-DbGBSsCG.js';
+export { m as AccessProfileResolverSensor, Y as BodyBudgetSensor, $ as CapabilityEnforcementSensor, a4 as ChunkHashSensor, a7 as EntropySensor, a9 as ExecutionTimeoutSensor, ab as FrameBudgetSensor, ac as FrameHeaderSanitySensor, ad as HeaderTLVLimitSensor, ah as IntentAllowlistSensor, ak as IntentRegistrySensor, am as LawEvaluationSensor, as as ProofPresenceSensor, at as ProtocolStrictSensor, av as ReceiptPolicySensor, aB as RiskGateSensor, aC as RiskGateSensorOptions, aE as RiskSignalCollector, aG as SchemaValidationSensor, aI as StreamScopeSensor, aJ as TLVParseSensor, aM as TickAuthCapsuleRef, aN as TickAuthSensor, aO as TickAuthSensorOptions, aP as TickAuthVerifier, a_ as TpsSensor, a$ as TpsSensorOptions, b0 as VarintHardeningSensor } from '../index-BAoKsEOu.js';
+import '../axis-sensor-DMW4rfRg.js';
+import '../cce-pipeline-BJ-F1isr.js';
 import '@nextera.one/axis-protocol';
 import 'zod';

package/dist/sensors/index.js

@@ -98,8 +98,9 @@ var require_access_profile_resolver_sensor = __commonJS({
         this.name = "AccessProfileResolverSensor";
         this.order = sensor_bands_1.BAND.IDENTITY + 10;
       }
-      supports() {
-        return true;
+      async supports(input) {
+        void input;
+        return { action: "ALLOW" };
       }
       async run(input) {
         const hasCapsule = !!input.metadata?.capsuleId;
@@ -249,8 +250,12 @@ var require_body_budget_sensor = __commonJS({
         this.name = "BodyBudgetSensor";
         this.order = sensor_bands_1.BAND.CONTENT + 10;
       }
-      supports(input) {
-        return !!input.peek && input.peek.length >= 8;
+      async supports(input) {
+        return !!input.peek && input.peek.length >= 8 ? { action: "ALLOW" } : {
+          action: "DENY",
+          code: "SENSOR_NOT_APPLICABLE",
+          reason: "Insufficient peek data to read headers"
+        };
       }
       async run(input) {
         const { peek } = input;
@@ -1571,6 +1576,7 @@ var init_cce_types = __esm({
       CAPSULE_NOT_YET_VALID: "CCE_CAPSULE_NOT_YET_VALID",
       CAPSULE_REVOKED: "CCE_CAPSULE_REVOKED",
       CAPSULE_CONSUMED: "CCE_CAPSULE_CONSUMED",
+      CAPSULE_NOT_VERIFIED: "CCE_CAPSULE_NOT_VERIFIED",
       // Binding errors
       AUDIENCE_MISMATCH: "CCE_AUDIENCE_MISMATCH",
       INTENT_MISMATCH: "CCE_INTENT_MISMATCH",
@@ -8550,9 +8556,37 @@ var init_axis_sensor_chain_service = __esm({
         );
       }
       async evaluateSensors(sensors, input, baseDecision) {
-        const relevantSensors = sensors.filter(
-          (s) => !s.supports || s.supports(input)
-        );
+        const relevantSensors = [];
+        for (const sensor of sensors) {
+          if (!sensor.supports) {
+            relevantSensors.push(sensor);
+            continue;
+          }
+          try {
+            const supportsDecision = normalizeSensorDecision(
+              await sensor.supports(input)
+            );
+            if (supportsDecision.allow) {
+              relevantSensors.push(sensor);
+            }
+          } catch (error) {
+            console.error(
+              `[AXIS][SENSOR] ${sensor.name} supports() failed:`,
+              error
+            );
+            const obs = input.metadata?.observation;
+            if (obs) {
+              recordSensor(obs, sensor.name, false, 100, 0, [
+                `sensor_support_error:${sensor.name}`
+              ]);
+            }
+            return {
+              allow: false,
+              riskScore: 100,
+              reasons: [`sensor_support_error:${sensor.name}`]
+            };
+          }
+        }
         const normalizedBase = baseDecision ? normalizeSensorDecision(baseDecision) : void 0;
         let riskScore = normalizedBase?.riskScore ?? 0;
         const reasons = normalizedBase?.reasons ? [...normalizedBase.reasons] : [];
@@ -10897,8 +10931,9 @@ var require_capability_enforcement_sensor = __commonJS({
         this.name = "CapabilityEnforcementSensor";
         this.order = sensor_bands_1.BAND.POLICY + 10;
       }
-      supports(input) {
-        return !!input.intent;
+      async supports(input) {
+        void input;
+        return { action: "ALLOW" };
       }
       async run(input) {
         const { intent, packet } = input;
@@ -10964,8 +10999,12 @@ var require_chunk_hash_sensor = __commonJS({
         this.name = "ChunkHashSensor";
         this.order = sensor_bands_1.BAND.CONTENT + 50;
       }
-      supports(input) {
-        return input.intent === "file.chunk";
+      async supports(input) {
+        return input.intent === "file.chunk" ? { action: "ALLOW" } : {
+          action: "DENY",
+          code: "SENSOR_NOT_APPLICABLE",
+          reason: "Only file.chunk intent is supported"
+        };
       }
       async run(input) {
         const headerTLVs = input.headerTLVs;
@@ -11155,8 +11194,8 @@ var require_execution_timeout_sensor = __commonJS({
         this.name = "ExecutionTimeoutSensor";
         this.order = sensor_bands_1.BAND.BUSINESS + 10;
       }
-      supports(input) {
-        return !!input.intent;
+      async supports() {
+        return Promise.resolve({ action: "ALLOW" });
       }
       async run(input) {
         const { intent, context } = input;
@@ -11209,8 +11248,12 @@ var require_frame_budget_sensor = __commonJS({
         this.name = "FrameBudgetSensor";
         this.order = sensor_bands_1.BAND.WIRE + 20;
       }
-      supports(input) {
-        return typeof input.contentLength === "number";
+      async supports(input) {
+        return typeof input.contentLength === "number" ? { action: "ALLOW" } : {
+          action: "DENY",
+          code: "SENSOR_NOT_APPLICABLE",
+          reason: "Content-Length not available"
+        };
       }
       async run(input) {
         const maxBytes = Number(process.env["AXIS_MAX_FRAME_SIZE"]) || 50 * 1024 * 1024;
@@ -11255,8 +11298,12 @@ var require_frame_header_sanity_sensor = __commonJS({
         this.name = "FrameHeaderSanitySensor";
         this.order = sensor_bands_1.BAND.WIRE + 30;
       }
-      supports(input) {
-        return !!input.peek && input.peek.length >= 7;
+      async supports(input) {
+        return !!input.peek && input.peek.length >= 7 ? { action: "ALLOW" } : {
+          action: "DENY",
+          code: "SENSOR_NOT_APPLICABLE",
+          reason: "Insufficient peek data for header sanity checks"
+        };
       }
       async run(input) {
         const peek = input.peek;
@@ -11322,8 +11369,12 @@ var require_header_tlv_limit_sensor = __commonJS({
         this.order = sensor_bands_1.BAND.CONTENT + 0;
         this.MAX_TLVS = 64;
       }
-      supports(input) {
-        return !!input.headerTLVs || !!input.packet;
+      async supports(input) {
+        return !!input.headerTLVs || !!input.packet ? { action: "ALLOW" } : {
+          action: "DENY",
+          code: "SENSOR_NOT_APPLICABLE",
+          reason: "Header TLV context is not available"
+        };
       }
       async run(input) {
         if (input.headerTLVs && input.headerTLVs.size > this.MAX_TLVS) {
@@ -11379,8 +11430,12 @@ var require_intent_allowlist_sensor = __commonJS({
         this.name = "IntentAllowlistSensor";
         this.order = sensor_bands_1.BAND.IDENTITY + 20;
       }
-      supports(input) {
-        return !!input.intent;
+      async supports(input) {
+        return !!input.intent ? { action: "ALLOW" } : {
+          action: "DENY",
+          code: "SENSOR_NOT_APPLICABLE",
+          reason: "Intent is not available"
+        };
       }
       async run(input) {
         const profile = input.metadata?.profile || "PUBLIC";
@@ -11430,8 +11485,8 @@ var require_intent_registry_sensor = __commonJS({
         this.name = "IntentRegistrySensor";
         this.order = sensor_bands_1.BAND.IDENTITY + 25;
       }
-      supports(input) {
-        return !!input.intent;
+      async supports() {
+        return Promise.resolve({ action: "ALLOW" });
       }
       async run(input) {
         const intent = input.intent;
@@ -11480,8 +11535,12 @@ var require_law_evaluation_sensor = __commonJS({
         this.name = "LawEvaluationSensor";
         this.order = sensor_bands_1.BAND.POLICY + 5;
       }
-      supports(input) {
-        return !!this.options.evaluator && !!input.intent;
+      async supports(input) {
+        return !!this.options.evaluator && !!input.intent ? { action: "ALLOW" } : {
+          action: "DENY",
+          code: "SENSOR_NOT_APPLICABLE",
+          reason: "Law evaluator or intent missing"
+        };
       }
       async run(input) {
         const evaluator = this.options.evaluator;
@@ -11547,7 +11606,9 @@ var require_law_evaluation_sensor = __commonJS({
             return {
               action: "FLAG",
               scoreDelta: 25,
-              reasons: reasons.length > 0 ? reasons : ["Execution is conditionally permitted pending additional requirements"],
+              reasons: reasons.length > 0 ? reasons : [
+                "Execution is conditionally permitted pending additional requirements"
+              ],
               meta: result
             };
           }
@@ -11938,8 +11999,11 @@ var require_proof_presence_sensor = __commonJS({
         this.name = "ProofPresenceSensor";
         this.order = sensor_bands_1.BAND.IDENTITY + 30;
       }
-      supports(input) {
-        return !!input.profile && !!input.visibility;
+      async supports(input) {
+        if (!!input.profile && !!input.visibility) {
+          return { action: "ALLOW" };
+        }
+        return { action: "DENY", code: "MISSING_REQUIRED_FIELDS" };
       }
       async run(input) {
         const validatedInput = axis_schemas_1.ProofPresenceInputZ.safeParse(input);
@@ -12233,8 +12297,8 @@ var require_receipt_policy_sensor = __commonJS({
         this.name = "ReceiptPolicySensor";
         this.order = sensor_bands_1.BAND.BUSINESS + 20;
       }
-      supports() {
-        return true;
+      async supports() {
+        return { action: "ALLOW" };
       }
       async run() {
         return { action: "ALLOW" };
@@ -12394,8 +12458,11 @@ var require_schema_validation_sensor = __commonJS({
         this.name = "SchemaValidationSensor";
         this.order = sensor_bands_1.BAND.CONTENT + 35;
       }
-      supports(input) {
-        return !!input.metadata?.schema;
+      async supports(input) {
+        if (input.metadata?.schema) {
+          return { action: "ALLOW" };
+        }
+        return { action: "DENY", code: "SCHEMA_NOT_CONFIGURED" };
       }
       async run(input) {
         const schema = input.metadata?.schema;
@@ -12520,8 +12587,8 @@ var require_stream_scope_sensor = __commonJS({
         this.name = "StreamScopeSensor";
         this.order = sensor_bands_1.BAND.BUSINESS + 0;
       }
-      supports() {
-        return true;
+      async supports() {
+        return { action: "ALLOW" };
       }
       async run() {
         return { action: "ALLOW" };
@@ -12559,8 +12626,12 @@ var require_tickauth_sensor = __commonJS({
         this.matchIntent = options.matchIntent ?? true;
         this.acceptTypes = options.acceptTypes?.length ? new Set(options.acceptTypes) : null;
       }
-      supports(input) {
-        return !!(input.metadata?.capsule || input.metadata?.tickauthCapsule || input.metadata?.cceEnvelope?.capsule);
+      async supports(input) {
+        return !!(input.metadata?.capsule || input.metadata?.tickauthCapsule || input.metadata?.cceEnvelope?.capsule) ? { action: "ALLOW" } : {
+          action: "DENY",
+          code: "SENSOR_NOT_APPLICABLE",
+          reason: "TickAuth capsule not found"
+        };
       }
       async run(input) {
         const capsule = input.metadata?.capsule ?? input.metadata?.tickauthCapsule ?? input.metadata?.cceEnvelope?.capsule;
@@ -12666,8 +12737,12 @@ var require_tlv_parse_sensor = __commonJS({
         this.name = "TLVParseSensor";
         this.order = sensor_bands_1.BAND.CONTENT + 20;
       }
-      supports(input) {
-        return !!input.packet;
+      async supports(input) {
+        return !!input.packet ? { action: "ALLOW" } : {
+          action: "DENY",
+          code: "SENSOR_NOT_APPLICABLE",
+          reason: "Packet is not available"
+        };
       }
       async run(input) {
         const packet = input.packet;
@@ -12799,9 +12874,13 @@ var require_tps_sensor = __commonJS({
         this.maxDriftMs = options.maxDriftMs ?? 3e4;
         this.resolver = options.resolver ?? parseINotation;
       }
-      supports(input) {
+      async supports(input) {
         const tps = input.metadata?.tps_coordinate ?? input.metadata?.tps ?? input.packet?.tps;
-        return typeof tps === "string" && tps.length > 0;
+        return typeof tps === "string" && tps.length > 0 ? { action: "ALLOW" } : {
+          action: "DENY",
+          code: "SENSOR_NOT_APPLICABLE",
+          reason: "TPS coordinate not available"
+        };
       }
       async run(input) {
         const tps = input.metadata?.tps_coordinate ?? input.metadata?.tps ?? input.packet?.tps;
@@ -12867,8 +12946,12 @@ var require_varint_hardening_sensor = __commonJS({
         this.order = sensor_bands_1.BAND.WIRE + 35;
         this.MAX_VARINT_BYTES = 5;
       }
-      supports(input) {
-        return !!input.peek && input.peek.length >= 7;
+      async supports(input) {
+        return !!input.peek && input.peek.length >= 7 ? { action: "ALLOW" } : {
+          action: "DENY",
+          code: "SENSOR_NOT_APPLICABLE",
+          reason: "Insufficient peek data for varint hardening"
+        };
       }
       async run(input) {
         const peek = input.peek;