@nextera.one/axis-server-sdk 2.3.21 → 2.3.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (15) hide show
  1. package/dist/{index-CjHt1HEv.d.ts → index-BOTVLcqR.d.ts} +37 -29
  2. package/dist/{index-OpaG6R6E.d.mts → index-dMZDesmq.d.mts} +37 -29
  3. package/dist/index.d.mts +20 -4
  4. package/dist/index.d.ts +20 -4
  5. package/dist/index.js +70 -3
  6. package/dist/index.js.map +1 -1
  7. package/dist/index.mjs +69 -2
  8. package/dist/index.mjs.map +1 -1
  9. package/dist/sensors/index.d.mts +1 -1
  10. package/dist/sensors/index.d.ts +1 -1
  11. package/dist/sensors/index.js +69 -3
  12. package/dist/sensors/index.js.map +1 -1
  13. package/dist/sensors/index.mjs +68 -2
  14. package/dist/sensors/index.mjs.map +1 -1
  15. package/package.json +3 -3
package/dist/{index-CjHt1HEv.d.ts → index-BOTVLcqR.d.ts} RENAMED
@@ -282,6 +282,41 @@ type AxisObserverBindingInput = AxisObserverDefinition | AxisObserverBindingOpti
282
282
  declare function toObserverBinding(input?: AxisObserverBindingInput): AxisObserverBinding | null;
283
283
  declare function Observer(input?: AxisObserverBindingInput): ClassDecorator & MethodDecorator;
284
284
 
285
+ declare const TLV_FIELDS_KEY = "axis:tlv:fields";
286
+ declare const TLV_VALIDATORS_KEY = "axis:tlv:validators";
287
+ type TlvFieldKind = "utf8" | "u64" | "bytes" | "bytes16" | "bool" | "obj" | "arr";
288
+ interface TlvFieldEncodeRule {
289
+ onlyRoles?: readonly string[];
290
+ exceptRoles?: readonly string[];
291
+ policy?: string;
292
+ }
293
+ type TlvFieldEncodeVisibility = false | TlvFieldEncodeRule;
294
+ interface TlvFieldOptions {
295
+ kind: TlvFieldKind;
296
+ required?: boolean;
297
+ maxLen?: number;
298
+ max?: string;
299
+ scope?: "header" | "body";
300
+ encode?: TlvFieldEncodeVisibility;
301
+ }
302
+ interface TlvFieldMeta {
303
+ property: string;
304
+ tag: number;
305
+ options: TlvFieldOptions;
306
+ }
307
+ type TlvValidatorFn = (value: Uint8Array, property: string) => string | null | undefined;
308
+ interface TlvValidatorMeta {
309
+ property: string;
310
+ tag: number;
311
+ validators: TlvValidatorFn[];
312
+ }
313
+ declare function TlvField(tag: number, options: TlvFieldOptions): PropertyDecorator;
314
+ declare function TlvValidate(validator: TlvValidatorFn): PropertyDecorator;
315
+ declare function TlvUtf8Pattern(pattern: RegExp, message?: string): PropertyDecorator;
316
+ declare function TlvMinLen(min: number, message?: string): PropertyDecorator;
317
+ declare function TlvEnum(allowed: string[], message?: string): PropertyDecorator;
318
+ declare function TlvRange(min: bigint, max: bigint, message?: string): PropertyDecorator;
319
+
285
320
  declare const INTENT_METADATA_KEY = "axis:intent";
286
321
  declare const INTENT_ROUTES_KEY = "axis:intent_routes";
287
322
  type IntentKind = "create" | "read" | "update" | "delete" | "action";
@@ -308,6 +343,7 @@ interface IntentTlvField {
308
343
  maxLen?: number;
309
344
  max?: string;
310
345
  scope?: "header" | "body";
346
+ encode?: TlvFieldEncodeVisibility;
311
347
  }
312
348
  interface IntentRoute extends AxisIntentSensorOptions {
313
349
  action: string;
@@ -336,34 +372,6 @@ interface IntentOptions extends AxisIntentSensorOptions {
336
372
  }
337
373
  declare function Intent(action: string, options?: IntentOptions): MethodDecorator;
338
374
 
339
- declare const TLV_FIELDS_KEY = "axis:tlv:fields";
340
- declare const TLV_VALIDATORS_KEY = "axis:tlv:validators";
341
- type TlvFieldKind = 'utf8' | 'u64' | 'bytes' | 'bytes16' | 'bool' | 'obj' | 'arr';
342
- interface TlvFieldOptions {
343
- kind: TlvFieldKind;
344
- required?: boolean;
345
- maxLen?: number;
346
- max?: string;
347
- scope?: 'header' | 'body';
348
- }
349
- interface TlvFieldMeta {
350
- property: string;
351
- tag: number;
352
- options: TlvFieldOptions;
353
- }
354
- type TlvValidatorFn = (value: Uint8Array, property: string) => string | null | undefined;
355
- interface TlvValidatorMeta {
356
- property: string;
357
- tag: number;
358
- validators: TlvValidatorFn[];
359
- }
360
- declare function TlvField(tag: number, options: TlvFieldOptions): PropertyDecorator;
361
- declare function TlvValidate(validator: TlvValidatorFn): PropertyDecorator;
362
- declare function TlvUtf8Pattern(pattern: RegExp, message?: string): PropertyDecorator;
363
- declare function TlvMinLen(min: number, message?: string): PropertyDecorator;
364
- declare function TlvEnum(allowed: string[], message?: string): PropertyDecorator;
365
- declare function TlvRange(min: bigint, max: bigint, message?: string): PropertyDecorator;
366
-
367
375
  interface AxisDependencyResolver {
368
376
  resolve<T = unknown>(token: string | Function): T | undefined;
369
377
  }
@@ -929,4 +937,4 @@ declare class VarintHardeningSensor implements AxisSensor {
929
937
  run(input: SensorInput): Promise<SensorDecision>;
930
938
  }
931
939
 
932
- export { AxisRateLimit as $, type AxisIntentSensorOptions as A, type AxisIntentEnvelope as B, type ChainOptions as C, type AxisIntentObserver as D, type AxisIntentSensorBinding as E, type AxisIntentSensorBindingOptions as F, type AxisIntentSensorRef as G, type AxisIntentSensorWhen as H, type IntentTlvField as I, type AxisKeyExchangeRef as J, type AxisLawArticleSummary as K, type AxisLawDecision as L, type AxisLawEvaluationContext as M, type AxisLawEvaluationResult as N, ObserverDispatcherService as O, type AxisLawEvaluator as P, type AxisObserverBinding as Q, type RequiredProofKind as R, SensorRegistry as S, type TlvValidatorFn as T, type AxisObserverBindingOptions as U, type AxisObserverContext as V, type AxisObserverDefinition as W, type AxisObserverEvent as X, type AxisObserverRef as Y, type AxisObserverRegistration as Z, AxisPublic as _, type AxisObserverBindingInput as a, type TickAuthVerifier as a$, type AxisRateLimitConfig as a0, type AxisSensorConfigProvider as a1, AxisStream as a2, type AxisStreamOptions as a3, BodyBudgetSensor as a4, CAPSULE_POLICY_METADATA_KEY as a5, CONTRACT_METADATA_KEY as a6, CapabilityEnforcementSensor as a7, Capsule as a8, CapsulePolicy as a9, OBSERVER_METADATA_KEY as aA, Observer as aB, ObserverRegistry as aC, ProofPresenceSensor as aD, ProtocolStrictSensor as aE, REQUIRED_PROOF_METADATA_KEY as aF, ReceiptPolicySensor as aG, type RegisteredChainConfig as aH, RequiredProof as aI, RiskDecision as aJ, type RiskEvaluation as aK, RiskGateSensor as aL, type RiskGateSensorOptions as aM, type RiskSignal as aN, type RiskSignalCollector as aO, SENSITIVITY_METADATA_KEY as aP, SchemaValidationSensor as aQ, Sensitivity as aR, type SensorConfigSnapshot as aS, type SensorsSource as aT, StreamScopeSensor as aU, TLVParseSensor as aV, TLV_FIELDS_KEY as aW, TLV_VALIDATORS_KEY as aX, type TickAuthCapsuleRef as aY, TickAuthSensor as aZ, type TickAuthSensorOptions as a_, type CapsulePolicyOptions as aa, type CapsuleScopeMode as ab, ChunkHashSensor as ac, Contract as ad, DEFAULT_CONTRACTS as ae, EntropySensor as af, type ExecutionContract as ag, ExecutionTimeoutSensor as ah, FALLBACK_CONTRACT as ai, FrameBudgetSensor as aj, FrameHeaderSanitySensor as ak, HeaderTLVLimitSensor as al, INTENT_METADATA_KEY as am, INTENT_ROUTES_KEY as an, Intent as ao, IntentAllowlistSensor as ap, type IntentKind as aq, type IntentOptions as ar, IntentRegistrySensor as as, type IntentRoute as at, type LawArticlePresenceMode as au, LawArticlePresenceSensor as av, type LawArticlePresenceSensorOptions as aw, LawEvaluationSensor as ax, type LawEvaluationSensorOptions as ay, OBSERVER_BINDINGS_KEY as az, type AxisIntentSensorBindingInput as b, TlvEnum as b0, TlvField as b1, type TlvFieldKind as b2, type TlvFieldMeta as b3, type TlvFieldOptions as b4, TlvMinLen as b5, TlvRange as b6, TlvUtf8Pattern as b7, TlvValidate as b8, type TlvValidatorMeta as b9, TpsSensor as ba, type TpsSensorOptions as bb, VarintHardeningSensor as bc, Witness as bd, buildAxisLawEvaluationContext as be, toIntentSensorBinding as bf, toObserverBinding as bg, IntentRouter as c, type AxisChainEnvelope as d, type AxisChainResult as e, type AxisCapsuleRef as f, type AxisChainStep as g, type AxisContext as h, AXIS_ANONYMOUS_KEY as i, AXIS_AUTHORIZED_KEY as j, AXIS_META_KEY as k, AXIS_PUBLIC_KEY as l, AXIS_RATE_LIMIT_KEY as m, AXIS_STREAM_META_KEY as n, AccessProfileResolverSensor as o, Axis as p, AxisAnonymous as q, AxisAuthorized as r, type AxisChainEncryption as s, type AxisChainRequest as t, type AxisChainStatus as u, type AxisChainStepResult as v, type AxisChainStepStatus as w, type AxisConfigReader as x, type AxisEffect as y, type AxisExecutionMode as z };
940
+ export { AxisRateLimit as $, type AxisIntentSensorOptions as A, type AxisIntentEnvelope as B, type ChainOptions as C, type AxisIntentObserver as D, type AxisIntentSensorBinding as E, type AxisIntentSensorBindingOptions as F, type AxisIntentSensorRef as G, type AxisIntentSensorWhen as H, type IntentTlvField as I, type AxisKeyExchangeRef as J, type AxisLawArticleSummary as K, type AxisLawDecision as L, type AxisLawEvaluationContext as M, type AxisLawEvaluationResult as N, ObserverDispatcherService as O, type AxisLawEvaluator as P, type AxisObserverBinding as Q, type RequiredProofKind as R, SensorRegistry as S, type TlvValidatorFn as T, type AxisObserverBindingOptions as U, type AxisObserverContext as V, type AxisObserverDefinition as W, type AxisObserverEvent as X, type AxisObserverRef as Y, type AxisObserverRegistration as Z, AxisPublic as _, type AxisObserverBindingInput as a, type TickAuthVerifier as a$, type AxisRateLimitConfig as a0, type AxisSensorConfigProvider as a1, AxisStream as a2, type AxisStreamOptions as a3, BodyBudgetSensor as a4, CAPSULE_POLICY_METADATA_KEY as a5, CONTRACT_METADATA_KEY as a6, CapabilityEnforcementSensor as a7, Capsule as a8, CapsulePolicy as a9, OBSERVER_METADATA_KEY as aA, Observer as aB, ObserverRegistry as aC, ProofPresenceSensor as aD, ProtocolStrictSensor as aE, REQUIRED_PROOF_METADATA_KEY as aF, ReceiptPolicySensor as aG, type RegisteredChainConfig as aH, RequiredProof as aI, RiskDecision as aJ, type RiskEvaluation as aK, RiskGateSensor as aL, type RiskGateSensorOptions as aM, type RiskSignal as aN, type RiskSignalCollector as aO, SENSITIVITY_METADATA_KEY as aP, SchemaValidationSensor as aQ, Sensitivity as aR, type SensorConfigSnapshot as aS, type SensorsSource as aT, StreamScopeSensor as aU, TLVParseSensor as aV, TLV_FIELDS_KEY as aW, TLV_VALIDATORS_KEY as aX, type TickAuthCapsuleRef as aY, TickAuthSensor as aZ, type TickAuthSensorOptions as a_, type CapsulePolicyOptions as aa, type CapsuleScopeMode as ab, ChunkHashSensor as ac, Contract as ad, DEFAULT_CONTRACTS as ae, EntropySensor as af, type ExecutionContract as ag, ExecutionTimeoutSensor as ah, FALLBACK_CONTRACT as ai, FrameBudgetSensor as aj, FrameHeaderSanitySensor as ak, HeaderTLVLimitSensor as al, INTENT_METADATA_KEY as am, INTENT_ROUTES_KEY as an, Intent as ao, IntentAllowlistSensor as ap, type IntentKind as aq, type IntentOptions as ar, IntentRegistrySensor as as, type IntentRoute as at, type LawArticlePresenceMode as au, LawArticlePresenceSensor as av, type LawArticlePresenceSensorOptions as aw, LawEvaluationSensor as ax, type LawEvaluationSensorOptions as ay, OBSERVER_BINDINGS_KEY as az, type AxisIntentSensorBindingInput as b, TlvEnum as b0, TlvField as b1, type TlvFieldEncodeRule as b2, type TlvFieldEncodeVisibility as b3, type TlvFieldKind as b4, type TlvFieldMeta as b5, type TlvFieldOptions as b6, TlvMinLen as b7, TlvRange as b8, TlvUtf8Pattern as b9, TlvValidate as ba, type TlvValidatorMeta as bb, TpsSensor as bc, type TpsSensorOptions as bd, VarintHardeningSensor as be, Witness as bf, buildAxisLawEvaluationContext as bg, toIntentSensorBinding as bh, toObserverBinding as bi, IntentRouter as c, type AxisChainEnvelope as d, type AxisChainResult as e, type AxisCapsuleRef as f, type AxisChainStep as g, type AxisContext as h, AXIS_ANONYMOUS_KEY as i, AXIS_AUTHORIZED_KEY as j, AXIS_META_KEY as k, AXIS_PUBLIC_KEY as l, AXIS_RATE_LIMIT_KEY as m, AXIS_STREAM_META_KEY as n, AccessProfileResolverSensor as o, Axis as p, AxisAnonymous as q, AxisAuthorized as r, type AxisChainEncryption as s, type AxisChainRequest as t, type AxisChainStatus as u, type AxisChainStepResult as v, type AxisChainStepStatus as w, type AxisConfigReader as x, type AxisEffect as y, type AxisExecutionMode as z };
package/dist/{index-OpaG6R6E.d.mts → index-dMZDesmq.d.mts} RENAMED
@@ -282,6 +282,41 @@ type AxisObserverBindingInput = AxisObserverDefinition | AxisObserverBindingOpti
282
282
  declare function toObserverBinding(input?: AxisObserverBindingInput): AxisObserverBinding | null;
283
283
  declare function Observer(input?: AxisObserverBindingInput): ClassDecorator & MethodDecorator;
284
284
 
285
+ declare const TLV_FIELDS_KEY = "axis:tlv:fields";
286
+ declare const TLV_VALIDATORS_KEY = "axis:tlv:validators";
287
+ type TlvFieldKind = "utf8" | "u64" | "bytes" | "bytes16" | "bool" | "obj" | "arr";
288
+ interface TlvFieldEncodeRule {
289
+ onlyRoles?: readonly string[];
290
+ exceptRoles?: readonly string[];
291
+ policy?: string;
292
+ }
293
+ type TlvFieldEncodeVisibility = false | TlvFieldEncodeRule;
294
+ interface TlvFieldOptions {
295
+ kind: TlvFieldKind;
296
+ required?: boolean;
297
+ maxLen?: number;
298
+ max?: string;
299
+ scope?: "header" | "body";
300
+ encode?: TlvFieldEncodeVisibility;
301
+ }
302
+ interface TlvFieldMeta {
303
+ property: string;
304
+ tag: number;
305
+ options: TlvFieldOptions;
306
+ }
307
+ type TlvValidatorFn = (value: Uint8Array, property: string) => string | null | undefined;
308
+ interface TlvValidatorMeta {
309
+ property: string;
310
+ tag: number;
311
+ validators: TlvValidatorFn[];
312
+ }
313
+ declare function TlvField(tag: number, options: TlvFieldOptions): PropertyDecorator;
314
+ declare function TlvValidate(validator: TlvValidatorFn): PropertyDecorator;
315
+ declare function TlvUtf8Pattern(pattern: RegExp, message?: string): PropertyDecorator;
316
+ declare function TlvMinLen(min: number, message?: string): PropertyDecorator;
317
+ declare function TlvEnum(allowed: string[], message?: string): PropertyDecorator;
318
+ declare function TlvRange(min: bigint, max: bigint, message?: string): PropertyDecorator;
319
+
285
320
  declare const INTENT_METADATA_KEY = "axis:intent";
286
321
  declare const INTENT_ROUTES_KEY = "axis:intent_routes";
287
322
  type IntentKind = "create" | "read" | "update" | "delete" | "action";
@@ -308,6 +343,7 @@ interface IntentTlvField {
308
343
  maxLen?: number;
309
344
  max?: string;
310
345
  scope?: "header" | "body";
346
+ encode?: TlvFieldEncodeVisibility;
311
347
  }
312
348
  interface IntentRoute extends AxisIntentSensorOptions {
313
349
  action: string;
@@ -336,34 +372,6 @@ interface IntentOptions extends AxisIntentSensorOptions {
336
372
  }
337
373
  declare function Intent(action: string, options?: IntentOptions): MethodDecorator;
338
374
 
339
- declare const TLV_FIELDS_KEY = "axis:tlv:fields";
340
- declare const TLV_VALIDATORS_KEY = "axis:tlv:validators";
341
- type TlvFieldKind = 'utf8' | 'u64' | 'bytes' | 'bytes16' | 'bool' | 'obj' | 'arr';
342
- interface TlvFieldOptions {
343
- kind: TlvFieldKind;
344
- required?: boolean;
345
- maxLen?: number;
346
- max?: string;
347
- scope?: 'header' | 'body';
348
- }
349
- interface TlvFieldMeta {
350
- property: string;
351
- tag: number;
352
- options: TlvFieldOptions;
353
- }
354
- type TlvValidatorFn = (value: Uint8Array, property: string) => string | null | undefined;
355
- interface TlvValidatorMeta {
356
- property: string;
357
- tag: number;
358
- validators: TlvValidatorFn[];
359
- }
360
- declare function TlvField(tag: number, options: TlvFieldOptions): PropertyDecorator;
361
- declare function TlvValidate(validator: TlvValidatorFn): PropertyDecorator;
362
- declare function TlvUtf8Pattern(pattern: RegExp, message?: string): PropertyDecorator;
363
- declare function TlvMinLen(min: number, message?: string): PropertyDecorator;
364
- declare function TlvEnum(allowed: string[], message?: string): PropertyDecorator;
365
- declare function TlvRange(min: bigint, max: bigint, message?: string): PropertyDecorator;
366
-
367
375
  interface AxisDependencyResolver {
368
376
  resolve<T = unknown>(token: string | Function): T | undefined;
369
377
  }
@@ -929,4 +937,4 @@ declare class VarintHardeningSensor implements AxisSensor {
929
937
  run(input: SensorInput): Promise<SensorDecision>;
930
938
  }
931
939
 
932
- export { AxisRateLimit as $, type AxisIntentSensorOptions as A, type AxisIntentEnvelope as B, type ChainOptions as C, type AxisIntentObserver as D, type AxisIntentSensorBinding as E, type AxisIntentSensorBindingOptions as F, type AxisIntentSensorRef as G, type AxisIntentSensorWhen as H, type IntentTlvField as I, type AxisKeyExchangeRef as J, type AxisLawArticleSummary as K, type AxisLawDecision as L, type AxisLawEvaluationContext as M, type AxisLawEvaluationResult as N, ObserverDispatcherService as O, type AxisLawEvaluator as P, type AxisObserverBinding as Q, type RequiredProofKind as R, SensorRegistry as S, type TlvValidatorFn as T, type AxisObserverBindingOptions as U, type AxisObserverContext as V, type AxisObserverDefinition as W, type AxisObserverEvent as X, type AxisObserverRef as Y, type AxisObserverRegistration as Z, AxisPublic as _, type AxisObserverBindingInput as a, type TickAuthVerifier as a$, type AxisRateLimitConfig as a0, type AxisSensorConfigProvider as a1, AxisStream as a2, type AxisStreamOptions as a3, BodyBudgetSensor as a4, CAPSULE_POLICY_METADATA_KEY as a5, CONTRACT_METADATA_KEY as a6, CapabilityEnforcementSensor as a7, Capsule as a8, CapsulePolicy as a9, OBSERVER_METADATA_KEY as aA, Observer as aB, ObserverRegistry as aC, ProofPresenceSensor as aD, ProtocolStrictSensor as aE, REQUIRED_PROOF_METADATA_KEY as aF, ReceiptPolicySensor as aG, type RegisteredChainConfig as aH, RequiredProof as aI, RiskDecision as aJ, type RiskEvaluation as aK, RiskGateSensor as aL, type RiskGateSensorOptions as aM, type RiskSignal as aN, type RiskSignalCollector as aO, SENSITIVITY_METADATA_KEY as aP, SchemaValidationSensor as aQ, Sensitivity as aR, type SensorConfigSnapshot as aS, type SensorsSource as aT, StreamScopeSensor as aU, TLVParseSensor as aV, TLV_FIELDS_KEY as aW, TLV_VALIDATORS_KEY as aX, type TickAuthCapsuleRef as aY, TickAuthSensor as aZ, type TickAuthSensorOptions as a_, type CapsulePolicyOptions as aa, type CapsuleScopeMode as ab, ChunkHashSensor as ac, Contract as ad, DEFAULT_CONTRACTS as ae, EntropySensor as af, type ExecutionContract as ag, ExecutionTimeoutSensor as ah, FALLBACK_CONTRACT as ai, FrameBudgetSensor as aj, FrameHeaderSanitySensor as ak, HeaderTLVLimitSensor as al, INTENT_METADATA_KEY as am, INTENT_ROUTES_KEY as an, Intent as ao, IntentAllowlistSensor as ap, type IntentKind as aq, type IntentOptions as ar, IntentRegistrySensor as as, type IntentRoute as at, type LawArticlePresenceMode as au, LawArticlePresenceSensor as av, type LawArticlePresenceSensorOptions as aw, LawEvaluationSensor as ax, type LawEvaluationSensorOptions as ay, OBSERVER_BINDINGS_KEY as az, type AxisIntentSensorBindingInput as b, TlvEnum as b0, TlvField as b1, type TlvFieldKind as b2, type TlvFieldMeta as b3, type TlvFieldOptions as b4, TlvMinLen as b5, TlvRange as b6, TlvUtf8Pattern as b7, TlvValidate as b8, type TlvValidatorMeta as b9, TpsSensor as ba, type TpsSensorOptions as bb, VarintHardeningSensor as bc, Witness as bd, buildAxisLawEvaluationContext as be, toIntentSensorBinding as bf, toObserverBinding as bg, IntentRouter as c, type AxisChainEnvelope as d, type AxisChainResult as e, type AxisCapsuleRef as f, type AxisChainStep as g, type AxisContext as h, AXIS_ANONYMOUS_KEY as i, AXIS_AUTHORIZED_KEY as j, AXIS_META_KEY as k, AXIS_PUBLIC_KEY as l, AXIS_RATE_LIMIT_KEY as m, AXIS_STREAM_META_KEY as n, AccessProfileResolverSensor as o, Axis as p, AxisAnonymous as q, AxisAuthorized as r, type AxisChainEncryption as s, type AxisChainRequest as t, type AxisChainStatus as u, type AxisChainStepResult as v, type AxisChainStepStatus as w, type AxisConfigReader as x, type AxisEffect as y, type AxisExecutionMode as z };
940
+ export { AxisRateLimit as $, type AxisIntentSensorOptions as A, type AxisIntentEnvelope as B, type ChainOptions as C, type AxisIntentObserver as D, type AxisIntentSensorBinding as E, type AxisIntentSensorBindingOptions as F, type AxisIntentSensorRef as G, type AxisIntentSensorWhen as H, type IntentTlvField as I, type AxisKeyExchangeRef as J, type AxisLawArticleSummary as K, type AxisLawDecision as L, type AxisLawEvaluationContext as M, type AxisLawEvaluationResult as N, ObserverDispatcherService as O, type AxisLawEvaluator as P, type AxisObserverBinding as Q, type RequiredProofKind as R, SensorRegistry as S, type TlvValidatorFn as T, type AxisObserverBindingOptions as U, type AxisObserverContext as V, type AxisObserverDefinition as W, type AxisObserverEvent as X, type AxisObserverRef as Y, type AxisObserverRegistration as Z, AxisPublic as _, type AxisObserverBindingInput as a, type TickAuthVerifier as a$, type AxisRateLimitConfig as a0, type AxisSensorConfigProvider as a1, AxisStream as a2, type AxisStreamOptions as a3, BodyBudgetSensor as a4, CAPSULE_POLICY_METADATA_KEY as a5, CONTRACT_METADATA_KEY as a6, CapabilityEnforcementSensor as a7, Capsule as a8, CapsulePolicy as a9, OBSERVER_METADATA_KEY as aA, Observer as aB, ObserverRegistry as aC, ProofPresenceSensor as aD, ProtocolStrictSensor as aE, REQUIRED_PROOF_METADATA_KEY as aF, ReceiptPolicySensor as aG, type RegisteredChainConfig as aH, RequiredProof as aI, RiskDecision as aJ, type RiskEvaluation as aK, RiskGateSensor as aL, type RiskGateSensorOptions as aM, type RiskSignal as aN, type RiskSignalCollector as aO, SENSITIVITY_METADATA_KEY as aP, SchemaValidationSensor as aQ, Sensitivity as aR, type SensorConfigSnapshot as aS, type SensorsSource as aT, StreamScopeSensor as aU, TLVParseSensor as aV, TLV_FIELDS_KEY as aW, TLV_VALIDATORS_KEY as aX, type TickAuthCapsuleRef as aY, TickAuthSensor as aZ, type TickAuthSensorOptions as a_, type CapsulePolicyOptions as aa, type CapsuleScopeMode as ab, ChunkHashSensor as ac, Contract as ad, DEFAULT_CONTRACTS as ae, EntropySensor as af, type ExecutionContract as ag, ExecutionTimeoutSensor as ah, FALLBACK_CONTRACT as ai, FrameBudgetSensor as aj, FrameHeaderSanitySensor as ak, HeaderTLVLimitSensor as al, INTENT_METADATA_KEY as am, INTENT_ROUTES_KEY as an, Intent as ao, IntentAllowlistSensor as ap, type IntentKind as aq, type IntentOptions as ar, IntentRegistrySensor as as, type IntentRoute as at, type LawArticlePresenceMode as au, LawArticlePresenceSensor as av, type LawArticlePresenceSensorOptions as aw, LawEvaluationSensor as ax, type LawEvaluationSensorOptions as ay, OBSERVER_BINDINGS_KEY as az, type AxisIntentSensorBindingInput as b, TlvEnum as b0, TlvField as b1, type TlvFieldEncodeRule as b2, type TlvFieldEncodeVisibility as b3, type TlvFieldKind as b4, type TlvFieldMeta as b5, type TlvFieldOptions as b6, TlvMinLen as b7, TlvRange as b8, TlvUtf8Pattern as b9, TlvValidate as ba, type TlvValidatorMeta as bb, TpsSensor as bc, type TpsSensorOptions as bd, VarintHardeningSensor as be, Witness as bf, buildAxisLawEvaluationContext as bg, toIntentSensorBinding as bh, toObserverBinding as bi, IntentRouter as c, type AxisChainEnvelope as d, type AxisChainResult as e, type AxisCapsuleRef as f, type AxisChainStep as g, type AxisContext as h, AXIS_ANONYMOUS_KEY as i, AXIS_AUTHORIZED_KEY as j, AXIS_META_KEY as k, AXIS_PUBLIC_KEY as l, AXIS_RATE_LIMIT_KEY as m, AXIS_STREAM_META_KEY as n, AccessProfileResolverSensor as o, Axis as p, AxisAnonymous as q, AxisAuthorized as r, type AxisChainEncryption as s, type AxisChainRequest as t, type AxisChainStatus as u, type AxisChainStepResult as v, type AxisChainStepStatus as w, type AxisConfigReader as x, type AxisEffect as y, type AxisExecutionMode as z };
package/dist/index.d.mts CHANGED
@@ -1,5 +1,5 @@
1
- import { C as ChainOptions, A as AxisIntentSensorOptions, a as AxisObserverBindingInput, b as AxisIntentSensorBindingInput, R as RequiredProofKind, I as IntentTlvField, T as TlvValidatorFn, c as IntentRouter, O as ObserverDispatcherService, d as AxisChainEnvelope, e as AxisChainResult, f as AxisCapsuleRef, g as AxisChainStep, h as AxisContext, S as SensorRegistry } from './index-OpaG6R6E.mjs';
2
- export { i as AXIS_ANONYMOUS_KEY, j as AXIS_AUTHORIZED_KEY, k as AXIS_META_KEY, l as AXIS_PUBLIC_KEY, m as AXIS_RATE_LIMIT_KEY, n as AXIS_STREAM_META_KEY, o as AccessProfileResolverSensor, p as Axis, q as AxisAnonymous, r as AxisAuthorized, s as AxisChainEncryption, t as AxisChainRequest, u as AxisChainStatus, v as AxisChainStepResult, w as AxisChainStepStatus, x as AxisConfigReader, y as AxisEffect, z as AxisExecutionMode, B as AxisIntentEnvelope, D as AxisIntentObserver, E as AxisIntentSensorBinding, F as AxisIntentSensorBindingOptions, G as AxisIntentSensorRef, H as AxisIntentSensorWhen, J as AxisKeyExchangeRef, K as AxisLawArticleSummary, L as AxisLawDecision, M as AxisLawEvaluationContext, N as AxisLawEvaluationResult, P as AxisLawEvaluator, Q as AxisObserverBinding, U as AxisObserverBindingOptions, V as AxisObserverContext, W as AxisObserverDefinition, X as AxisObserverEvent, Y as AxisObserverRef, Z as AxisObserverRegistration, _ as AxisPublic, $ as AxisRateLimit, a0 as AxisRateLimitConfig, a1 as AxisSensorConfigProvider, a2 as AxisStream, a3 as AxisStreamOptions, a4 as BodyBudgetSensor, a5 as CAPSULE_POLICY_METADATA_KEY, a6 as CONTRACT_METADATA_KEY, a7 as CapabilityEnforcementSensor, a8 as Capsule, a9 as CapsulePolicy, aa as CapsulePolicyOptions, ab as CapsuleScopeMode, ac as ChunkHashSensor, ad as Contract, ae as DEFAULT_CONTRACTS, af as EntropySensor, ag as ExecutionContract, ah as ExecutionTimeoutSensor, ai as FALLBACK_CONTRACT, aj as FrameBudgetSensor, ak as FrameHeaderSanitySensor, al as HeaderTLVLimitSensor, am as INTENT_METADATA_KEY, an as INTENT_ROUTES_KEY, ao as Intent, ap as IntentAllowlistSensor, aq as IntentKind, ar as IntentOptions, as as IntentRegistrySensor, at as IntentRoute, au as LawArticlePresenceMode, av as LawArticlePresenceSensor, aw as LawArticlePresenceSensorOptions, ax as LawEvaluationSensor, ay as LawEvaluationSensorOptions, az as OBSERVER_BINDINGS_KEY, aA as OBSERVER_METADATA_KEY, aB as Observer, aC as ObserverRegistry, aD as ProofPresenceSensor, aE as ProtocolStrictSensor, aF as REQUIRED_PROOF_METADATA_KEY, aG as ReceiptPolicySensor, aH as RegisteredChainConfig, aI as RequiredProof, aJ as RiskDecision, aK as RiskEvaluation, aL as RiskGateSensor, aM as RiskGateSensorOptions, aN as RiskSignal, aO as RiskSignalCollector, aP as SENSITIVITY_METADATA_KEY, aQ as SchemaValidationSensor, aR as Sensitivity, aS as SensorConfigSnapshot, aT as SensorsSource, aU as StreamScopeSensor, aV as TLVParseSensor, aW as TLV_FIELDS_KEY, aX as TLV_VALIDATORS_KEY, aY as TickAuthCapsuleRef, aZ as TickAuthSensor, a_ as TickAuthSensorOptions, a$ as TickAuthVerifier, b0 as TlvEnum, b1 as TlvField, b2 as TlvFieldKind, b3 as TlvFieldMeta, b4 as TlvFieldOptions, b5 as TlvMinLen, b6 as TlvRange, b7 as TlvUtf8Pattern, b8 as TlvValidate, b9 as TlvValidatorMeta, ba as TpsSensor, bb as TpsSensorOptions, bc as VarintHardeningSensor, bd as Witness, be as buildAxisLawEvaluationContext, bf as toIntentSensorBinding, bg as toObserverBinding } from './index-OpaG6R6E.mjs';
1
+ import { C as ChainOptions, A as AxisIntentSensorOptions, a as AxisObserverBindingInput, b as AxisIntentSensorBindingInput, R as RequiredProofKind, I as IntentTlvField, T as TlvValidatorFn, c as IntentRouter, O as ObserverDispatcherService, d as AxisChainEnvelope, e as AxisChainResult, f as AxisCapsuleRef, g as AxisChainStep, h as AxisContext, S as SensorRegistry } from './index-dMZDesmq.mjs';
2
+ export { i as AXIS_ANONYMOUS_KEY, j as AXIS_AUTHORIZED_KEY, k as AXIS_META_KEY, l as AXIS_PUBLIC_KEY, m as AXIS_RATE_LIMIT_KEY, n as AXIS_STREAM_META_KEY, o as AccessProfileResolverSensor, p as Axis, q as AxisAnonymous, r as AxisAuthorized, s as AxisChainEncryption, t as AxisChainRequest, u as AxisChainStatus, v as AxisChainStepResult, w as AxisChainStepStatus, x as AxisConfigReader, y as AxisEffect, z as AxisExecutionMode, B as AxisIntentEnvelope, D as AxisIntentObserver, E as AxisIntentSensorBinding, F as AxisIntentSensorBindingOptions, G as AxisIntentSensorRef, H as AxisIntentSensorWhen, J as AxisKeyExchangeRef, K as AxisLawArticleSummary, L as AxisLawDecision, M as AxisLawEvaluationContext, N as AxisLawEvaluationResult, P as AxisLawEvaluator, Q as AxisObserverBinding, U as AxisObserverBindingOptions, V as AxisObserverContext, W as AxisObserverDefinition, X as AxisObserverEvent, Y as AxisObserverRef, Z as AxisObserverRegistration, _ as AxisPublic, $ as AxisRateLimit, a0 as AxisRateLimitConfig, a1 as AxisSensorConfigProvider, a2 as AxisStream, a3 as AxisStreamOptions, a4 as BodyBudgetSensor, a5 as CAPSULE_POLICY_METADATA_KEY, a6 as CONTRACT_METADATA_KEY, a7 as CapabilityEnforcementSensor, a8 as Capsule, a9 as CapsulePolicy, aa as CapsulePolicyOptions, ab as CapsuleScopeMode, ac as ChunkHashSensor, ad as Contract, ae as DEFAULT_CONTRACTS, af as EntropySensor, ag as ExecutionContract, ah as ExecutionTimeoutSensor, ai as FALLBACK_CONTRACT, aj as FrameBudgetSensor, ak as FrameHeaderSanitySensor, al as HeaderTLVLimitSensor, am as INTENT_METADATA_KEY, an as INTENT_ROUTES_KEY, ao as Intent, ap as IntentAllowlistSensor, aq as IntentKind, ar as IntentOptions, as as IntentRegistrySensor, at as IntentRoute, au as LawArticlePresenceMode, av as LawArticlePresenceSensor, aw as LawArticlePresenceSensorOptions, ax as LawEvaluationSensor, ay as LawEvaluationSensorOptions, az as OBSERVER_BINDINGS_KEY, aA as OBSERVER_METADATA_KEY, aB as Observer, aC as ObserverRegistry, aD as ProofPresenceSensor, aE as ProtocolStrictSensor, aF as REQUIRED_PROOF_METADATA_KEY, aG as ReceiptPolicySensor, aH as RegisteredChainConfig, aI as RequiredProof, aJ as RiskDecision, aK as RiskEvaluation, aL as RiskGateSensor, aM as RiskGateSensorOptions, aN as RiskSignal, aO as RiskSignalCollector, aP as SENSITIVITY_METADATA_KEY, aQ as SchemaValidationSensor, aR as Sensitivity, aS as SensorConfigSnapshot, aT as SensorsSource, aU as StreamScopeSensor, aV as TLVParseSensor, aW as TLV_FIELDS_KEY, aX as TLV_VALIDATORS_KEY, aY as TickAuthCapsuleRef, aZ as TickAuthSensor, a_ as TickAuthSensorOptions, a$ as TickAuthVerifier, b0 as TlvEnum, b1 as TlvField, b2 as TlvFieldEncodeRule, b3 as TlvFieldEncodeVisibility, b4 as TlvFieldKind, b5 as TlvFieldMeta, b6 as TlvFieldOptions, b7 as TlvMinLen, b8 as TlvRange, b9 as TlvUtf8Pattern, ba as TlvValidate, bb as TlvValidatorMeta, bc as TpsSensor, bd as TpsSensorOptions, be as VarintHardeningSensor, bf as Witness, bg as buildAxisLawEvaluationContext, bh as toIntentSensorBinding, bi as toObserverBinding } from './index-dMZDesmq.mjs';
3
3
  import { AxisFrame } from '@nextera.one/axis-protocol';
4
4
  export { AXIS_MAGIC, AXIS_VERSION, AxisBinaryFrame, AxisFrame, TLV as AxisTlvType, ERR_BAD_SIGNATURE, ERR_CONTRACT_VIOLATION, ERR_INVALID_PACKET, ERR_REPLAY_DETECTED, FLAG_BODY_TLV, FLAG_CHAIN_REQ, FLAG_HAS_WITNESS, MAX_BODY_LEN, MAX_FRAME_LEN, MAX_HDR_LEN, MAX_SIG_LEN, NCERT_ALG, NCERT_EXP, NCERT_ISSUER_KID, NCERT_KID, NCERT_NBF, NCERT_NODE_ID, NCERT_PAYLOAD, NCERT_PUB, NCERT_SCOPE, NCERT_SIG, PROOF_CAPSULE, PROOF_JWT, PROOF_KINDS, PROOF_LOOM, PROOF_MTLS, PROOF_NONE, PROOF_WITNESS, ProofKind, TLV, TLV_ACTOR_ID, TLV_AUD, TLV_BODY_ARR, TLV_BODY_OBJ, TLV_CAPSULE, TLV_EFFECT, TLV_ERROR_CODE, TLV_ERROR_MSG, TLV_INDEX, TLV_INTENT, TLV_KID, TLV_LOOM_PRESENCE_ID, TLV_LOOM_THREAD_HASH, TLV_LOOM_WRIT, TLV_NODE, TLV_NODE_CERT_HASH, TLV_NODE_KID, TLV_NONCE, TLV_OFFSET, TLV_OK, TLV_PID, TLV_LOOM_PRESENCE_ID as TLV_PRESENCE_ID, TLV_PREV_HASH, TLV_PROOF_REF, TLV_PROOF_TYPE, TLV_REALM, TLV_RECEIPT_HASH, TLV_RID, TLV_SHA256_CHUNK, TLV_LOOM_THREAD_HASH as TLV_THREAD_HASH, TLV_TRACE_ID, TLV_TS, TLV_UPLOAD_ID, TLV_LOOM_WRIT as TLV_WRIT, decodeArray, decodeFrame, decodeObject, decodeTLVs, decodeTLVsList, decodeVarint, encodeFrame, encodeTLVs, encodeVarint, getSignTarget, varintLength } from '@nextera.one/axis-protocol';
5
5
  import { A as AxisObservation, L as LoomReceipt, T as ThreadState, W as WritValidationResult, G as Grant, a as GrantCapability, P as PresenceDeclaration, b as PresenceChallenge, c as Writ, R as Revocation, d as WritBody, e as WritMeta, f as PresenceReceipt, g as GrantStatus, h as PresenceStatus, i as PresenceProof, j as GrantValidationResult, k as PresenceVerifyResult } from './index-CXewlhg-.mjs';
@@ -745,10 +745,26 @@ declare class AxisSensorChainService {
745
745
  evaluatePre(input: SensorInput): Promise<SensorDecision>;
746
746
  evaluatePost(input: SensorInput, baseDecision?: SensorDecision): Promise<SensorDecision>;
747
747
  private evaluateSensors;
748
+ private matchesProofKind;
749
+ private normalizeProofKinds;
748
750
  }
749
751
 
750
752
  type AxisTlvDtoCtor<T = object> = new (...args: never[]) => T;
751
- declare function encodeAxisTlvDto<T extends object>(dtoClass: AxisTlvDtoCtor<T>, data: Partial<Record<keyof T, unknown>>): Uint8Array;
753
+ interface AxisTlvFieldPolicyInput<T extends object = object> {
754
+ field: IntentTlvField;
755
+ value: unknown;
756
+ data: Partial<Record<keyof T, unknown>>;
757
+ context: AxisTlvEncodeContext<T>;
758
+ }
759
+ type AxisTlvFieldPolicy<T extends object = object> = (input: AxisTlvFieldPolicyInput<T>) => boolean;
760
+ interface AxisTlvEncodeContext<T extends object = object> {
761
+ roles?: readonly string[];
762
+ actorId?: string;
763
+ phase?: 'request' | 'response';
764
+ policies?: Record<string, AxisTlvFieldPolicy<T>>;
765
+ }
766
+ declare function encodeAxisTlvDto<T extends object>(dtoClass: AxisTlvDtoCtor<T>, data: Partial<Record<keyof T, unknown>>, context?: AxisTlvEncodeContext<T>): Uint8Array;
767
+ declare function projectAxisTlvDto<T extends object>(dtoClass: AxisTlvDtoCtor<T>, data: Partial<Record<keyof T, unknown>>, context?: AxisTlvEncodeContext<T>): Partial<Record<keyof T, unknown>>;
752
768
 
753
769
  declare function createPresenceChallenge(declaration: PresenceDeclaration, ttlMs?: number): PresenceChallenge;
754
770
  declare function signPresenceChallenge(challenge: PresenceChallenge, privateKeyHex: string, publicKeyHex: string, declaration: PresenceDeclaration, kid?: string): PresenceProof;
@@ -785,4 +801,4 @@ declare function executeLoomPipeline(writ: Writ, publicKeyHex: string, presence:
785
801
  code: string;
786
802
  };
787
803
 
788
- export { ATS1_HDR, ATS1_SCHEMA, AXIS_EXECUTION_CONTEXT_KEY, AXIS_OPCODES, AXIS_UPLOAD_FILE_STORE, AXIS_UPLOAD_RECEIPT_SIGNER, AXIS_UPLOAD_SESSION_STORE, ats1 as Ats1Codec, Axis1DecodedFrame, type AxisPacket as AxisBinaryPacket, AxisCapsuleRef, AxisChainEnvelope, AxisChainExecutor, AxisChainResult, AxisChainStep, type AxisCrudHandler, type AxisDecoded, type AxisExecutionContext, type AxisHandler, type AxisHandlerInit, AxisIdDto, AxisIntentSensorBindingInput, AxisIntentSensorOptions, AxisMediaTypes, AxisObservation, AxisObserverBindingInput, T as AxisPacketTags, AxisPartialType, AxisResponseDto, AxisSensorChainService, AxisTlvDto, BAND, BodyProfile, type BodyProfileValidation, BodyProfileValidator, CAPABILITIES, CHAIN_METADATA_KEY, type Capability, Chain, ChainOptions, type ChainResult, ContractViolationError, DEFAULT_TIMEOUT, type DeviceSEContext, DiskUploadFileStore, type DtoSchema, ExecutionMeter, type ExecutionMetrics, Grant, GrantCapability, GrantStatus, GrantValidationResult, HANDLER_METADATA_KEY, HANDLER_SENSORS_KEY, Handler, type HandlerOptions, HandlerSensors, INTENT_BODY_KEY, INTENT_REQUIREMENTS, INTENT_SENSITIVITY_MAP, INTENT_SENSORS_KEY, INTENT_TIMEOUTS, IntentBody, type IntentDefinition, IntentRouter, IntentSensitivity, IntentSensors, IntentTlvField, type LoomExecutionResult, LoomReceipt, type MTLSContext, type ObservationQueueConfig, type ObservationQueueMessage, type ObservationStreamEntry, type ObservationWitnessSummary, ObserverDispatcherService, type ObserverVerdict, PRE_DECODE_BOUNDARY, PROOF_CAPABILITIES, PresenceChallenge, PresenceDeclaration, PresenceProof, PresenceReceipt, PresenceStatus, PresenceVerifyResult, type ProofType, type ProofVerificationResult, ProofVerificationService, RESPONSE_TAG_CREATED_AT, RESPONSE_TAG_CREATED_BY, RESPONSE_TAG_ID, RESPONSE_TAG_UPDATED_AT, RESPONSE_TAG_UPDATED_BY, type ReceiptEffect, RequiredProofKind, type ResponseContract, ResponseObserver, type ResponseObserverContext, Revocation, SENSOR_METADATA_KEY, Schema2002_PasskeyLoginOptionsRes, Schema2011_PasskeyLoginVerifyReq, Schema2012_PasskeyLoginVerifyRes, Schema2021_PasskeyRegisterOptionsReq, Sensor, type SensorBand, SensorDecision, SensorInput, type SensorOptions, type SensorPhase, SensorRegistry, ThreadState, TlvValidatorFn, type UnsignedObservationWitness, type UploadFileStat, type UploadFileStore, type UploadReceiptSigner, type UploadSessionRecord, type UploadSessionStatus, type UploadSessionStore, Writ, WritBody, WritMeta, WritValidationResult, b64urlDecode, b64urlDecodeString, b64urlEncode, b64urlEncodeString, buildAts1Hdr, buildDtoDecoder, buildPacket, buildQueueMessage, buildReceiptHash, buildTLVs, buildUnsignedWitness, bytes, canAccessResource, canonicalJson, canonicalJsonExcluding, canonicalizeObservation, classifyIntent, createGrant, createPresenceChallenge, createReceipt, createRevocation, createWrit, decodeQueueMessage, encVarint, encodeAxisTlvDto, encodeQueueMessage, executeLoomPipeline, extractDtoSchema, getAxisExecutionContext, getGrantStatus, getPresenceStatus, grantCoversAction, hasScope, hashObservation, isAdminOpcode, isKnownOpcode, isRevoked, isTimestampValid, mergeAxisExecutionContext, nonce16, packPasskeyLoginOptionsReq, packPasskeyLoginOptionsRes, packPasskeyLoginVerifyReq, packPasskeyLoginVerifyRes, packPasskeyRegisterOptionsReq, parseAutoClaimEntries, parseScope, parseStreamEntries, renewPresence, resolveTimeout, sensitivityName, signPresenceChallenge, stableJsonStringify, tlv, u64be, unpackPasskeyLoginOptionsReq, unpackPasskeyLoginVerifyReq, unpackPasskeyRegisterOptionsReq, updateThreadState, utf8, validateFrameShape, validateGrant, validateWrit, varintU, verifyPresenceProof, verifyReceiptChain, verifyResponse, withAxisExecutionContext };
804
+ export { ATS1_HDR, ATS1_SCHEMA, AXIS_EXECUTION_CONTEXT_KEY, AXIS_OPCODES, AXIS_UPLOAD_FILE_STORE, AXIS_UPLOAD_RECEIPT_SIGNER, AXIS_UPLOAD_SESSION_STORE, ats1 as Ats1Codec, Axis1DecodedFrame, type AxisPacket as AxisBinaryPacket, AxisCapsuleRef, AxisChainEnvelope, AxisChainExecutor, AxisChainResult, AxisChainStep, type AxisCrudHandler, type AxisDecoded, type AxisExecutionContext, type AxisHandler, type AxisHandlerInit, AxisIdDto, AxisIntentSensorBindingInput, AxisIntentSensorOptions, AxisMediaTypes, AxisObservation, AxisObserverBindingInput, T as AxisPacketTags, AxisPartialType, AxisResponseDto, AxisSensorChainService, AxisTlvDto, type AxisTlvEncodeContext, type AxisTlvFieldPolicy, type AxisTlvFieldPolicyInput, BAND, BodyProfile, type BodyProfileValidation, BodyProfileValidator, CAPABILITIES, CHAIN_METADATA_KEY, type Capability, Chain, ChainOptions, type ChainResult, ContractViolationError, DEFAULT_TIMEOUT, type DeviceSEContext, DiskUploadFileStore, type DtoSchema, ExecutionMeter, type ExecutionMetrics, Grant, GrantCapability, GrantStatus, GrantValidationResult, HANDLER_METADATA_KEY, HANDLER_SENSORS_KEY, Handler, type HandlerOptions, HandlerSensors, INTENT_BODY_KEY, INTENT_REQUIREMENTS, INTENT_SENSITIVITY_MAP, INTENT_SENSORS_KEY, INTENT_TIMEOUTS, IntentBody, type IntentDefinition, IntentRouter, IntentSensitivity, IntentSensors, IntentTlvField, type LoomExecutionResult, LoomReceipt, type MTLSContext, type ObservationQueueConfig, type ObservationQueueMessage, type ObservationStreamEntry, type ObservationWitnessSummary, ObserverDispatcherService, type ObserverVerdict, PRE_DECODE_BOUNDARY, PROOF_CAPABILITIES, PresenceChallenge, PresenceDeclaration, PresenceProof, PresenceReceipt, PresenceStatus, PresenceVerifyResult, type ProofType, type ProofVerificationResult, ProofVerificationService, RESPONSE_TAG_CREATED_AT, RESPONSE_TAG_CREATED_BY, RESPONSE_TAG_ID, RESPONSE_TAG_UPDATED_AT, RESPONSE_TAG_UPDATED_BY, type ReceiptEffect, RequiredProofKind, type ResponseContract, ResponseObserver, type ResponseObserverContext, Revocation, SENSOR_METADATA_KEY, Schema2002_PasskeyLoginOptionsRes, Schema2011_PasskeyLoginVerifyReq, Schema2012_PasskeyLoginVerifyRes, Schema2021_PasskeyRegisterOptionsReq, Sensor, type SensorBand, SensorDecision, SensorInput, type SensorOptions, type SensorPhase, SensorRegistry, ThreadState, TlvValidatorFn, type UnsignedObservationWitness, type UploadFileStat, type UploadFileStore, type UploadReceiptSigner, type UploadSessionRecord, type UploadSessionStatus, type UploadSessionStore, Writ, WritBody, WritMeta, WritValidationResult, b64urlDecode, b64urlDecodeString, b64urlEncode, b64urlEncodeString, buildAts1Hdr, buildDtoDecoder, buildPacket, buildQueueMessage, buildReceiptHash, buildTLVs, buildUnsignedWitness, bytes, canAccessResource, canonicalJson, canonicalJsonExcluding, canonicalizeObservation, classifyIntent, createGrant, createPresenceChallenge, createReceipt, createRevocation, createWrit, decodeQueueMessage, encVarint, encodeAxisTlvDto, encodeQueueMessage, executeLoomPipeline, extractDtoSchema, getAxisExecutionContext, getGrantStatus, getPresenceStatus, grantCoversAction, hasScope, hashObservation, isAdminOpcode, isKnownOpcode, isRevoked, isTimestampValid, mergeAxisExecutionContext, nonce16, packPasskeyLoginOptionsReq, packPasskeyLoginOptionsRes, packPasskeyLoginVerifyReq, packPasskeyLoginVerifyRes, packPasskeyRegisterOptionsReq, parseAutoClaimEntries, parseScope, parseStreamEntries, projectAxisTlvDto, renewPresence, resolveTimeout, sensitivityName, signPresenceChallenge, stableJsonStringify, tlv, u64be, unpackPasskeyLoginOptionsReq, unpackPasskeyLoginVerifyReq, unpackPasskeyRegisterOptionsReq, updateThreadState, utf8, validateFrameShape, validateGrant, validateWrit, varintU, verifyPresenceProof, verifyReceiptChain, verifyResponse, withAxisExecutionContext };
package/dist/index.d.ts CHANGED
@@ -1,5 +1,5 @@
1
- import { C as ChainOptions, A as AxisIntentSensorOptions, a as AxisObserverBindingInput, b as AxisIntentSensorBindingInput, R as RequiredProofKind, I as IntentTlvField, T as TlvValidatorFn, c as IntentRouter, O as ObserverDispatcherService, d as AxisChainEnvelope, e as AxisChainResult, f as AxisCapsuleRef, g as AxisChainStep, h as AxisContext, S as SensorRegistry } from './index-CjHt1HEv.js';
2
- export { i as AXIS_ANONYMOUS_KEY, j as AXIS_AUTHORIZED_KEY, k as AXIS_META_KEY, l as AXIS_PUBLIC_KEY, m as AXIS_RATE_LIMIT_KEY, n as AXIS_STREAM_META_KEY, o as AccessProfileResolverSensor, p as Axis, q as AxisAnonymous, r as AxisAuthorized, s as AxisChainEncryption, t as AxisChainRequest, u as AxisChainStatus, v as AxisChainStepResult, w as AxisChainStepStatus, x as AxisConfigReader, y as AxisEffect, z as AxisExecutionMode, B as AxisIntentEnvelope, D as AxisIntentObserver, E as AxisIntentSensorBinding, F as AxisIntentSensorBindingOptions, G as AxisIntentSensorRef, H as AxisIntentSensorWhen, J as AxisKeyExchangeRef, K as AxisLawArticleSummary, L as AxisLawDecision, M as AxisLawEvaluationContext, N as AxisLawEvaluationResult, P as AxisLawEvaluator, Q as AxisObserverBinding, U as AxisObserverBindingOptions, V as AxisObserverContext, W as AxisObserverDefinition, X as AxisObserverEvent, Y as AxisObserverRef, Z as AxisObserverRegistration, _ as AxisPublic, $ as AxisRateLimit, a0 as AxisRateLimitConfig, a1 as AxisSensorConfigProvider, a2 as AxisStream, a3 as AxisStreamOptions, a4 as BodyBudgetSensor, a5 as CAPSULE_POLICY_METADATA_KEY, a6 as CONTRACT_METADATA_KEY, a7 as CapabilityEnforcementSensor, a8 as Capsule, a9 as CapsulePolicy, aa as CapsulePolicyOptions, ab as CapsuleScopeMode, ac as ChunkHashSensor, ad as Contract, ae as DEFAULT_CONTRACTS, af as EntropySensor, ag as ExecutionContract, ah as ExecutionTimeoutSensor, ai as FALLBACK_CONTRACT, aj as FrameBudgetSensor, ak as FrameHeaderSanitySensor, al as HeaderTLVLimitSensor, am as INTENT_METADATA_KEY, an as INTENT_ROUTES_KEY, ao as Intent, ap as IntentAllowlistSensor, aq as IntentKind, ar as IntentOptions, as as IntentRegistrySensor, at as IntentRoute, au as LawArticlePresenceMode, av as LawArticlePresenceSensor, aw as LawArticlePresenceSensorOptions, ax as LawEvaluationSensor, ay as LawEvaluationSensorOptions, az as OBSERVER_BINDINGS_KEY, aA as OBSERVER_METADATA_KEY, aB as Observer, aC as ObserverRegistry, aD as ProofPresenceSensor, aE as ProtocolStrictSensor, aF as REQUIRED_PROOF_METADATA_KEY, aG as ReceiptPolicySensor, aH as RegisteredChainConfig, aI as RequiredProof, aJ as RiskDecision, aK as RiskEvaluation, aL as RiskGateSensor, aM as RiskGateSensorOptions, aN as RiskSignal, aO as RiskSignalCollector, aP as SENSITIVITY_METADATA_KEY, aQ as SchemaValidationSensor, aR as Sensitivity, aS as SensorConfigSnapshot, aT as SensorsSource, aU as StreamScopeSensor, aV as TLVParseSensor, aW as TLV_FIELDS_KEY, aX as TLV_VALIDATORS_KEY, aY as TickAuthCapsuleRef, aZ as TickAuthSensor, a_ as TickAuthSensorOptions, a$ as TickAuthVerifier, b0 as TlvEnum, b1 as TlvField, b2 as TlvFieldKind, b3 as TlvFieldMeta, b4 as TlvFieldOptions, b5 as TlvMinLen, b6 as TlvRange, b7 as TlvUtf8Pattern, b8 as TlvValidate, b9 as TlvValidatorMeta, ba as TpsSensor, bb as TpsSensorOptions, bc as VarintHardeningSensor, bd as Witness, be as buildAxisLawEvaluationContext, bf as toIntentSensorBinding, bg as toObserverBinding } from './index-CjHt1HEv.js';
1
+ import { C as ChainOptions, A as AxisIntentSensorOptions, a as AxisObserverBindingInput, b as AxisIntentSensorBindingInput, R as RequiredProofKind, I as IntentTlvField, T as TlvValidatorFn, c as IntentRouter, O as ObserverDispatcherService, d as AxisChainEnvelope, e as AxisChainResult, f as AxisCapsuleRef, g as AxisChainStep, h as AxisContext, S as SensorRegistry } from './index-BOTVLcqR.js';
2
+ export { i as AXIS_ANONYMOUS_KEY, j as AXIS_AUTHORIZED_KEY, k as AXIS_META_KEY, l as AXIS_PUBLIC_KEY, m as AXIS_RATE_LIMIT_KEY, n as AXIS_STREAM_META_KEY, o as AccessProfileResolverSensor, p as Axis, q as AxisAnonymous, r as AxisAuthorized, s as AxisChainEncryption, t as AxisChainRequest, u as AxisChainStatus, v as AxisChainStepResult, w as AxisChainStepStatus, x as AxisConfigReader, y as AxisEffect, z as AxisExecutionMode, B as AxisIntentEnvelope, D as AxisIntentObserver, E as AxisIntentSensorBinding, F as AxisIntentSensorBindingOptions, G as AxisIntentSensorRef, H as AxisIntentSensorWhen, J as AxisKeyExchangeRef, K as AxisLawArticleSummary, L as AxisLawDecision, M as AxisLawEvaluationContext, N as AxisLawEvaluationResult, P as AxisLawEvaluator, Q as AxisObserverBinding, U as AxisObserverBindingOptions, V as AxisObserverContext, W as AxisObserverDefinition, X as AxisObserverEvent, Y as AxisObserverRef, Z as AxisObserverRegistration, _ as AxisPublic, $ as AxisRateLimit, a0 as AxisRateLimitConfig, a1 as AxisSensorConfigProvider, a2 as AxisStream, a3 as AxisStreamOptions, a4 as BodyBudgetSensor, a5 as CAPSULE_POLICY_METADATA_KEY, a6 as CONTRACT_METADATA_KEY, a7 as CapabilityEnforcementSensor, a8 as Capsule, a9 as CapsulePolicy, aa as CapsulePolicyOptions, ab as CapsuleScopeMode, ac as ChunkHashSensor, ad as Contract, ae as DEFAULT_CONTRACTS, af as EntropySensor, ag as ExecutionContract, ah as ExecutionTimeoutSensor, ai as FALLBACK_CONTRACT, aj as FrameBudgetSensor, ak as FrameHeaderSanitySensor, al as HeaderTLVLimitSensor, am as INTENT_METADATA_KEY, an as INTENT_ROUTES_KEY, ao as Intent, ap as IntentAllowlistSensor, aq as IntentKind, ar as IntentOptions, as as IntentRegistrySensor, at as IntentRoute, au as LawArticlePresenceMode, av as LawArticlePresenceSensor, aw as LawArticlePresenceSensorOptions, ax as LawEvaluationSensor, ay as LawEvaluationSensorOptions, az as OBSERVER_BINDINGS_KEY, aA as OBSERVER_METADATA_KEY, aB as Observer, aC as ObserverRegistry, aD as ProofPresenceSensor, aE as ProtocolStrictSensor, aF as REQUIRED_PROOF_METADATA_KEY, aG as ReceiptPolicySensor, aH as RegisteredChainConfig, aI as RequiredProof, aJ as RiskDecision, aK as RiskEvaluation, aL as RiskGateSensor, aM as RiskGateSensorOptions, aN as RiskSignal, aO as RiskSignalCollector, aP as SENSITIVITY_METADATA_KEY, aQ as SchemaValidationSensor, aR as Sensitivity, aS as SensorConfigSnapshot, aT as SensorsSource, aU as StreamScopeSensor, aV as TLVParseSensor, aW as TLV_FIELDS_KEY, aX as TLV_VALIDATORS_KEY, aY as TickAuthCapsuleRef, aZ as TickAuthSensor, a_ as TickAuthSensorOptions, a$ as TickAuthVerifier, b0 as TlvEnum, b1 as TlvField, b2 as TlvFieldEncodeRule, b3 as TlvFieldEncodeVisibility, b4 as TlvFieldKind, b5 as TlvFieldMeta, b6 as TlvFieldOptions, b7 as TlvMinLen, b8 as TlvRange, b9 as TlvUtf8Pattern, ba as TlvValidate, bb as TlvValidatorMeta, bc as TpsSensor, bd as TpsSensorOptions, be as VarintHardeningSensor, bf as Witness, bg as buildAxisLawEvaluationContext, bh as toIntentSensorBinding, bi as toObserverBinding } from './index-BOTVLcqR.js';
3
3
  import { AxisFrame } from '@nextera.one/axis-protocol';
4
4
  export { AXIS_MAGIC, AXIS_VERSION, AxisBinaryFrame, AxisFrame, TLV as AxisTlvType, ERR_BAD_SIGNATURE, ERR_CONTRACT_VIOLATION, ERR_INVALID_PACKET, ERR_REPLAY_DETECTED, FLAG_BODY_TLV, FLAG_CHAIN_REQ, FLAG_HAS_WITNESS, MAX_BODY_LEN, MAX_FRAME_LEN, MAX_HDR_LEN, MAX_SIG_LEN, NCERT_ALG, NCERT_EXP, NCERT_ISSUER_KID, NCERT_KID, NCERT_NBF, NCERT_NODE_ID, NCERT_PAYLOAD, NCERT_PUB, NCERT_SCOPE, NCERT_SIG, PROOF_CAPSULE, PROOF_JWT, PROOF_KINDS, PROOF_LOOM, PROOF_MTLS, PROOF_NONE, PROOF_WITNESS, ProofKind, TLV, TLV_ACTOR_ID, TLV_AUD, TLV_BODY_ARR, TLV_BODY_OBJ, TLV_CAPSULE, TLV_EFFECT, TLV_ERROR_CODE, TLV_ERROR_MSG, TLV_INDEX, TLV_INTENT, TLV_KID, TLV_LOOM_PRESENCE_ID, TLV_LOOM_THREAD_HASH, TLV_LOOM_WRIT, TLV_NODE, TLV_NODE_CERT_HASH, TLV_NODE_KID, TLV_NONCE, TLV_OFFSET, TLV_OK, TLV_PID, TLV_LOOM_PRESENCE_ID as TLV_PRESENCE_ID, TLV_PREV_HASH, TLV_PROOF_REF, TLV_PROOF_TYPE, TLV_REALM, TLV_RECEIPT_HASH, TLV_RID, TLV_SHA256_CHUNK, TLV_LOOM_THREAD_HASH as TLV_THREAD_HASH, TLV_TRACE_ID, TLV_TS, TLV_UPLOAD_ID, TLV_LOOM_WRIT as TLV_WRIT, decodeArray, decodeFrame, decodeObject, decodeTLVs, decodeTLVsList, decodeVarint, encodeFrame, encodeTLVs, encodeVarint, getSignTarget, varintLength } from '@nextera.one/axis-protocol';
5
5
  import { A as AxisObservation, L as LoomReceipt, T as ThreadState, W as WritValidationResult, G as Grant, a as GrantCapability, P as PresenceDeclaration, b as PresenceChallenge, c as Writ, R as Revocation, d as WritBody, e as WritMeta, f as PresenceReceipt, g as GrantStatus, h as PresenceStatus, i as PresenceProof, j as GrantValidationResult, k as PresenceVerifyResult } from './index-ChuwP1RU.js';
@@ -745,10 +745,26 @@ declare class AxisSensorChainService {
745
745
  evaluatePre(input: SensorInput): Promise<SensorDecision>;
746
746
  evaluatePost(input: SensorInput, baseDecision?: SensorDecision): Promise<SensorDecision>;
747
747
  private evaluateSensors;
748
+ private matchesProofKind;
749
+ private normalizeProofKinds;
748
750
  }
749
751
 
750
752
  type AxisTlvDtoCtor<T = object> = new (...args: never[]) => T;
751
- declare function encodeAxisTlvDto<T extends object>(dtoClass: AxisTlvDtoCtor<T>, data: Partial<Record<keyof T, unknown>>): Uint8Array;
753
+ interface AxisTlvFieldPolicyInput<T extends object = object> {
754
+ field: IntentTlvField;
755
+ value: unknown;
756
+ data: Partial<Record<keyof T, unknown>>;
757
+ context: AxisTlvEncodeContext<T>;
758
+ }
759
+ type AxisTlvFieldPolicy<T extends object = object> = (input: AxisTlvFieldPolicyInput<T>) => boolean;
760
+ interface AxisTlvEncodeContext<T extends object = object> {
761
+ roles?: readonly string[];
762
+ actorId?: string;
763
+ phase?: 'request' | 'response';
764
+ policies?: Record<string, AxisTlvFieldPolicy<T>>;
765
+ }
766
+ declare function encodeAxisTlvDto<T extends object>(dtoClass: AxisTlvDtoCtor<T>, data: Partial<Record<keyof T, unknown>>, context?: AxisTlvEncodeContext<T>): Uint8Array;
767
+ declare function projectAxisTlvDto<T extends object>(dtoClass: AxisTlvDtoCtor<T>, data: Partial<Record<keyof T, unknown>>, context?: AxisTlvEncodeContext<T>): Partial<Record<keyof T, unknown>>;
752
768
 
753
769
  declare function createPresenceChallenge(declaration: PresenceDeclaration, ttlMs?: number): PresenceChallenge;
754
770
  declare function signPresenceChallenge(challenge: PresenceChallenge, privateKeyHex: string, publicKeyHex: string, declaration: PresenceDeclaration, kid?: string): PresenceProof;
@@ -785,4 +801,4 @@ declare function executeLoomPipeline(writ: Writ, publicKeyHex: string, presence:
785
801
  code: string;
786
802
  };
787
803
 
788
- export { ATS1_HDR, ATS1_SCHEMA, AXIS_EXECUTION_CONTEXT_KEY, AXIS_OPCODES, AXIS_UPLOAD_FILE_STORE, AXIS_UPLOAD_RECEIPT_SIGNER, AXIS_UPLOAD_SESSION_STORE, ats1 as Ats1Codec, Axis1DecodedFrame, type AxisPacket as AxisBinaryPacket, AxisCapsuleRef, AxisChainEnvelope, AxisChainExecutor, AxisChainResult, AxisChainStep, type AxisCrudHandler, type AxisDecoded, type AxisExecutionContext, type AxisHandler, type AxisHandlerInit, AxisIdDto, AxisIntentSensorBindingInput, AxisIntentSensorOptions, AxisMediaTypes, AxisObservation, AxisObserverBindingInput, T as AxisPacketTags, AxisPartialType, AxisResponseDto, AxisSensorChainService, AxisTlvDto, BAND, BodyProfile, type BodyProfileValidation, BodyProfileValidator, CAPABILITIES, CHAIN_METADATA_KEY, type Capability, Chain, ChainOptions, type ChainResult, ContractViolationError, DEFAULT_TIMEOUT, type DeviceSEContext, DiskUploadFileStore, type DtoSchema, ExecutionMeter, type ExecutionMetrics, Grant, GrantCapability, GrantStatus, GrantValidationResult, HANDLER_METADATA_KEY, HANDLER_SENSORS_KEY, Handler, type HandlerOptions, HandlerSensors, INTENT_BODY_KEY, INTENT_REQUIREMENTS, INTENT_SENSITIVITY_MAP, INTENT_SENSORS_KEY, INTENT_TIMEOUTS, IntentBody, type IntentDefinition, IntentRouter, IntentSensitivity, IntentSensors, IntentTlvField, type LoomExecutionResult, LoomReceipt, type MTLSContext, type ObservationQueueConfig, type ObservationQueueMessage, type ObservationStreamEntry, type ObservationWitnessSummary, ObserverDispatcherService, type ObserverVerdict, PRE_DECODE_BOUNDARY, PROOF_CAPABILITIES, PresenceChallenge, PresenceDeclaration, PresenceProof, PresenceReceipt, PresenceStatus, PresenceVerifyResult, type ProofType, type ProofVerificationResult, ProofVerificationService, RESPONSE_TAG_CREATED_AT, RESPONSE_TAG_CREATED_BY, RESPONSE_TAG_ID, RESPONSE_TAG_UPDATED_AT, RESPONSE_TAG_UPDATED_BY, type ReceiptEffect, RequiredProofKind, type ResponseContract, ResponseObserver, type ResponseObserverContext, Revocation, SENSOR_METADATA_KEY, Schema2002_PasskeyLoginOptionsRes, Schema2011_PasskeyLoginVerifyReq, Schema2012_PasskeyLoginVerifyRes, Schema2021_PasskeyRegisterOptionsReq, Sensor, type SensorBand, SensorDecision, SensorInput, type SensorOptions, type SensorPhase, SensorRegistry, ThreadState, TlvValidatorFn, type UnsignedObservationWitness, type UploadFileStat, type UploadFileStore, type UploadReceiptSigner, type UploadSessionRecord, type UploadSessionStatus, type UploadSessionStore, Writ, WritBody, WritMeta, WritValidationResult, b64urlDecode, b64urlDecodeString, b64urlEncode, b64urlEncodeString, buildAts1Hdr, buildDtoDecoder, buildPacket, buildQueueMessage, buildReceiptHash, buildTLVs, buildUnsignedWitness, bytes, canAccessResource, canonicalJson, canonicalJsonExcluding, canonicalizeObservation, classifyIntent, createGrant, createPresenceChallenge, createReceipt, createRevocation, createWrit, decodeQueueMessage, encVarint, encodeAxisTlvDto, encodeQueueMessage, executeLoomPipeline, extractDtoSchema, getAxisExecutionContext, getGrantStatus, getPresenceStatus, grantCoversAction, hasScope, hashObservation, isAdminOpcode, isKnownOpcode, isRevoked, isTimestampValid, mergeAxisExecutionContext, nonce16, packPasskeyLoginOptionsReq, packPasskeyLoginOptionsRes, packPasskeyLoginVerifyReq, packPasskeyLoginVerifyRes, packPasskeyRegisterOptionsReq, parseAutoClaimEntries, parseScope, parseStreamEntries, renewPresence, resolveTimeout, sensitivityName, signPresenceChallenge, stableJsonStringify, tlv, u64be, unpackPasskeyLoginOptionsReq, unpackPasskeyLoginVerifyReq, unpackPasskeyRegisterOptionsReq, updateThreadState, utf8, validateFrameShape, validateGrant, validateWrit, varintU, verifyPresenceProof, verifyReceiptChain, verifyResponse, withAxisExecutionContext };
804
+ export { ATS1_HDR, ATS1_SCHEMA, AXIS_EXECUTION_CONTEXT_KEY, AXIS_OPCODES, AXIS_UPLOAD_FILE_STORE, AXIS_UPLOAD_RECEIPT_SIGNER, AXIS_UPLOAD_SESSION_STORE, ats1 as Ats1Codec, Axis1DecodedFrame, type AxisPacket as AxisBinaryPacket, AxisCapsuleRef, AxisChainEnvelope, AxisChainExecutor, AxisChainResult, AxisChainStep, type AxisCrudHandler, type AxisDecoded, type AxisExecutionContext, type AxisHandler, type AxisHandlerInit, AxisIdDto, AxisIntentSensorBindingInput, AxisIntentSensorOptions, AxisMediaTypes, AxisObservation, AxisObserverBindingInput, T as AxisPacketTags, AxisPartialType, AxisResponseDto, AxisSensorChainService, AxisTlvDto, type AxisTlvEncodeContext, type AxisTlvFieldPolicy, type AxisTlvFieldPolicyInput, BAND, BodyProfile, type BodyProfileValidation, BodyProfileValidator, CAPABILITIES, CHAIN_METADATA_KEY, type Capability, Chain, ChainOptions, type ChainResult, ContractViolationError, DEFAULT_TIMEOUT, type DeviceSEContext, DiskUploadFileStore, type DtoSchema, ExecutionMeter, type ExecutionMetrics, Grant, GrantCapability, GrantStatus, GrantValidationResult, HANDLER_METADATA_KEY, HANDLER_SENSORS_KEY, Handler, type HandlerOptions, HandlerSensors, INTENT_BODY_KEY, INTENT_REQUIREMENTS, INTENT_SENSITIVITY_MAP, INTENT_SENSORS_KEY, INTENT_TIMEOUTS, IntentBody, type IntentDefinition, IntentRouter, IntentSensitivity, IntentSensors, IntentTlvField, type LoomExecutionResult, LoomReceipt, type MTLSContext, type ObservationQueueConfig, type ObservationQueueMessage, type ObservationStreamEntry, type ObservationWitnessSummary, ObserverDispatcherService, type ObserverVerdict, PRE_DECODE_BOUNDARY, PROOF_CAPABILITIES, PresenceChallenge, PresenceDeclaration, PresenceProof, PresenceReceipt, PresenceStatus, PresenceVerifyResult, type ProofType, type ProofVerificationResult, ProofVerificationService, RESPONSE_TAG_CREATED_AT, RESPONSE_TAG_CREATED_BY, RESPONSE_TAG_ID, RESPONSE_TAG_UPDATED_AT, RESPONSE_TAG_UPDATED_BY, type ReceiptEffect, RequiredProofKind, type ResponseContract, ResponseObserver, type ResponseObserverContext, Revocation, SENSOR_METADATA_KEY, Schema2002_PasskeyLoginOptionsRes, Schema2011_PasskeyLoginVerifyReq, Schema2012_PasskeyLoginVerifyRes, Schema2021_PasskeyRegisterOptionsReq, Sensor, type SensorBand, SensorDecision, SensorInput, type SensorOptions, type SensorPhase, SensorRegistry, ThreadState, TlvValidatorFn, type UnsignedObservationWitness, type UploadFileStat, type UploadFileStore, type UploadReceiptSigner, type UploadSessionRecord, type UploadSessionStatus, type UploadSessionStore, Writ, WritBody, WritMeta, WritValidationResult, b64urlDecode, b64urlDecodeString, b64urlEncode, b64urlEncodeString, buildAts1Hdr, buildDtoDecoder, buildPacket, buildQueueMessage, buildReceiptHash, buildTLVs, buildUnsignedWitness, bytes, canAccessResource, canonicalJson, canonicalJsonExcluding, canonicalizeObservation, classifyIntent, createGrant, createPresenceChallenge, createReceipt, createRevocation, createWrit, decodeQueueMessage, encVarint, encodeAxisTlvDto, encodeQueueMessage, executeLoomPipeline, extractDtoSchema, getAxisExecutionContext, getGrantStatus, getPresenceStatus, grantCoversAction, hasScope, hashObservation, isAdminOpcode, isKnownOpcode, isRevoked, isTimestampValid, mergeAxisExecutionContext, nonce16, packPasskeyLoginOptionsReq, packPasskeyLoginOptionsRes, packPasskeyLoginVerifyReq, packPasskeyLoginVerifyRes, packPasskeyRegisterOptionsReq, parseAutoClaimEntries, parseScope, parseStreamEntries, projectAxisTlvDto, renewPresence, resolveTimeout, sensitivityName, signPresenceChallenge, stableJsonStringify, tlv, u64be, unpackPasskeyLoginOptionsReq, unpackPasskeyLoginVerifyReq, unpackPasskeyRegisterOptionsReq, updateThreadState, utf8, validateFrameShape, validateGrant, validateWrit, varintU, verifyPresenceProof, verifyReceiptChain, verifyResponse, withAxisExecutionContext };
package/dist/index.js CHANGED
@@ -661,7 +661,8 @@ var require_dto_schema_util = __commonJS({
661
661
  required: m.options.required,
662
662
  maxLen: m.options.maxLen,
663
663
  max: m.options.max,
664
- scope: m.options.scope
664
+ scope: m.options.scope,
665
+ encode: m.options.encode
665
666
  };
666
667
  });
667
668
  const validatorMetas = Reflect.getMetadata(tlv_field_decorator_1.TLV_VALIDATORS_KEY, dto) || [];
@@ -8811,9 +8812,11 @@ var init_axis_observation = __esm({
8811
8812
  });
8812
8813
 
8813
8814
  // src/security/axis-sensor-chain.service.ts
8814
- var AxisSensorChainService;
8815
+ var import_reflect_metadata13, AxisSensorChainService;
8815
8816
  var init_axis_sensor_chain_service = __esm({
8816
8817
  "src/security/axis-sensor-chain.service.ts"() {
8818
+ import_reflect_metadata13 = require("reflect-metadata");
8819
+ init_sensor_decorator();
8817
8820
  init_axis_sensor();
8818
8821
  init_axis_observation();
8819
8822
  AxisSensorChainService = class {
@@ -8856,6 +8859,9 @@ var init_axis_sensor_chain_service = __esm({
8856
8859
  async evaluateSensors(sensors, input, baseDecision) {
8857
8860
  const relevantSensors = [];
8858
8861
  for (const sensor of sensors) {
8862
+ if (!this.matchesProofKind(sensor, input)) {
8863
+ continue;
8864
+ }
8859
8865
  if (!sensor.supports) {
8860
8866
  relevantSensors.push(sensor);
8861
8867
  continue;
@@ -8955,6 +8961,28 @@ var init_axis_sensor_chain_service = __esm({
8955
8961
  } : void 0
8956
8962
  };
8957
8963
  }
8964
+ matchesProofKind(sensor, input) {
8965
+ const meta = Reflect.getMetadata(
8966
+ SENSOR_METADATA_KEY,
8967
+ sensor.constructor
8968
+ );
8969
+ if (!meta || meta === true) return true;
8970
+ const currentProofKinds = this.normalizeProofKinds(
8971
+ input.metadata?.proofKind ?? input.requiredProof
8972
+ );
8973
+ const excludedProofKinds = this.normalizeProofKinds(meta.excludeProofKind);
8974
+ if (excludedProofKinds.length > 0 && currentProofKinds.some((kind) => excludedProofKinds.includes(kind))) {
8975
+ return false;
8976
+ }
8977
+ const requiredProofKinds = this.normalizeProofKinds(meta.proofKind);
8978
+ if (requiredProofKinds.length === 0) return true;
8979
+ return currentProofKinds.some((kind) => requiredProofKinds.includes(kind));
8980
+ }
8981
+ normalizeProofKinds(value) {
8982
+ if (value === void 0 || value === null) return [];
8983
+ const items = Array.isArray(value) ? value : [value];
8984
+ return items.map((item) => String(item).trim().toUpperCase()).filter(Boolean);
8985
+ }
8958
8986
  };
8959
8987
  }
8960
8988
  });
@@ -9328,10 +9356,11 @@ var init_timeline_store = __esm({
9328
9356
  });
9329
9357
 
9330
9358
  // src/utils/axis-tlv-codec.ts
9331
- function encodeAxisTlvDto(dtoClass, data) {
9359
+ function encodeAxisTlvDto(dtoClass, data, context = {}) {
9332
9360
  const schema = (0, import_dto_schema2.extractDtoSchema)(dtoClass);
9333
9361
  const items = schema.fields.flatMap((field) => {
9334
9362
  const value = data[field.name];
9363
+ if (!shouldEncodeField(field, value, data, context)) return [];
9335
9364
  if (value === void 0 || value === null) {
9336
9365
  if (field.required) {
9337
9366
  throw new Error(`Missing required TLV response field: ${field.name}`);
@@ -9342,6 +9371,42 @@ function encodeAxisTlvDto(dtoClass, data) {
9342
9371
  });
9343
9372
  return buildTLVs(items);
9344
9373
  }
9374
+ function projectAxisTlvDto(dtoClass, data, context = {}) {
9375
+ const schema = (0, import_dto_schema2.extractDtoSchema)(dtoClass);
9376
+ const result = {};
9377
+ for (const field of schema.fields) {
9378
+ const value = data[field.name];
9379
+ if (!shouldEncodeField(field, value, data, context)) continue;
9380
+ if (value === void 0 || value === null) continue;
9381
+ result[field.name] = value;
9382
+ }
9383
+ return result;
9384
+ }
9385
+ function shouldEncodeField(field, value, data, context) {
9386
+ const rule = field.encode;
9387
+ if (rule === void 0) return true;
9388
+ if (rule === false) return false;
9389
+ if (rule.onlyRoles?.length && !hasAnyRole(context, rule.onlyRoles)) {
9390
+ return false;
9391
+ }
9392
+ if (rule.exceptRoles?.length && hasAnyRole(context, rule.exceptRoles)) {
9393
+ return false;
9394
+ }
9395
+ if (rule.policy) {
9396
+ const policy = context.policies?.[rule.policy];
9397
+ if (!policy) {
9398
+ throw new Error(`Missing TLV encode policy: ${rule.policy}`);
9399
+ }
9400
+ if (!policy({ field, value, data, context })) {
9401
+ return false;
9402
+ }
9403
+ }
9404
+ return true;
9405
+ }
9406
+ function hasAnyRole(context, expectedRoles) {
9407
+ const actualRoles = context.roles ?? [];
9408
+ return expectedRoles.some((role) => actualRoles.includes(role));
9409
+ }
9345
9410
  function encodeField(field, value) {
9346
9411
  switch (field.kind) {
9347
9412
  case "utf8":
@@ -13359,6 +13424,7 @@ __export(index_exports, {
13359
13424
  parseScope: () => parseScope,
13360
13425
  parseStreamEntries: () => parseStreamEntries,
13361
13426
  projectAt: () => projectAt,
13427
+ projectAxisTlvDto: () => projectAxisTlvDto,
13362
13428
  queryFabric: () => queryFabric,
13363
13429
  recordOccurrence: () => recordOccurrence,
13364
13430
  recordSensor: () => recordSensor,
@@ -13750,6 +13816,7 @@ init_index();
13750
13816
  parseScope,
13751
13817
  parseStreamEntries,
13752
13818
  projectAt,
13819
+ projectAxisTlvDto,
13753
13820
  queryFabric,
13754
13821
  recordOccurrence,
13755
13822
  recordSensor,