@nextera.one/axis-server-sdk 2.3.22 → 2.3.24

package/dist/{index-CjHt1HEv.d.ts → index-BRV_ohRW.d.ts}

@@ -282,6 +282,41 @@ type AxisObserverBindingInput = AxisObserverDefinition | AxisObserverBindingOpti
 declare function toObserverBinding(input?: AxisObserverBindingInput): AxisObserverBinding | null;
 declare function Observer(input?: AxisObserverBindingInput): ClassDecorator & MethodDecorator;
 
+declare const TLV_FIELDS_KEY = "axis:tlv:fields";
+declare const TLV_VALIDATORS_KEY = "axis:tlv:validators";
+type TlvFieldKind = "utf8" | "u64" | "bytes" | "bytes16" | "bool" | "obj" | "arr";
+interface TlvFieldEncodeRule {
+    onlyRoles?: readonly string[];
+    exceptRoles?: readonly string[];
+    policy?: string;
+}
+type TlvFieldEncodeVisibility = false | TlvFieldEncodeRule;
+interface TlvFieldOptions {
+    kind: TlvFieldKind;
+    required?: boolean;
+    maxLen?: number;
+    max?: string;
+    scope?: "header" | "body";
+    encode?: TlvFieldEncodeVisibility;
+}
+interface TlvFieldMeta {
+    property: string;
+    tag: number;
+    options: TlvFieldOptions;
+}
+type TlvValidatorFn = (value: Uint8Array, property: string) => string | null | undefined;
+interface TlvValidatorMeta {
+    property: string;
+    tag: number;
+    validators: TlvValidatorFn[];
+}
+declare function TlvField(tag: number, options: TlvFieldOptions): PropertyDecorator;
+declare function TlvValidate(validator: TlvValidatorFn): PropertyDecorator;
+declare function TlvUtf8Pattern(pattern: RegExp, message?: string): PropertyDecorator;
+declare function TlvMinLen(min: number, message?: string): PropertyDecorator;
+declare function TlvEnum(allowed: string[], message?: string): PropertyDecorator;
+declare function TlvRange(min: bigint, max: bigint, message?: string): PropertyDecorator;
+
 declare const INTENT_METADATA_KEY = "axis:intent";
 declare const INTENT_ROUTES_KEY = "axis:intent_routes";
 type IntentKind = "create" | "read" | "update" | "delete" | "action";
@@ -308,6 +343,7 @@ interface IntentTlvField {
     maxLen?: number;
     max?: string;
     scope?: "header" | "body";
+    encode?: TlvFieldEncodeVisibility;
 }
 interface IntentRoute extends AxisIntentSensorOptions {
     action: string;
@@ -336,34 +372,6 @@ interface IntentOptions extends AxisIntentSensorOptions {
 }
 declare function Intent(action: string, options?: IntentOptions): MethodDecorator;
 
-declare const TLV_FIELDS_KEY = "axis:tlv:fields";
-declare const TLV_VALIDATORS_KEY = "axis:tlv:validators";
-type TlvFieldKind = 'utf8' | 'u64' | 'bytes' | 'bytes16' | 'bool' | 'obj' | 'arr';
-interface TlvFieldOptions {
-    kind: TlvFieldKind;
-    required?: boolean;
-    maxLen?: number;
-    max?: string;
-    scope?: 'header' | 'body';
-}
-interface TlvFieldMeta {
-    property: string;
-    tag: number;
-    options: TlvFieldOptions;
-}
-type TlvValidatorFn = (value: Uint8Array, property: string) => string | null | undefined;
-interface TlvValidatorMeta {
-    property: string;
-    tag: number;
-    validators: TlvValidatorFn[];
-}
-declare function TlvField(tag: number, options: TlvFieldOptions): PropertyDecorator;
-declare function TlvValidate(validator: TlvValidatorFn): PropertyDecorator;
-declare function TlvUtf8Pattern(pattern: RegExp, message?: string): PropertyDecorator;
-declare function TlvMinLen(min: number, message?: string): PropertyDecorator;
-declare function TlvEnum(allowed: string[], message?: string): PropertyDecorator;
-declare function TlvRange(min: bigint, max: bigint, message?: string): PropertyDecorator;
-
 interface AxisDependencyResolver {
     resolve<T = unknown>(token: string | Function): T | undefined;
 }
@@ -428,6 +436,7 @@ interface IntentSchema {
         maxLen?: number;
         max?: string;
         scope?: "header" | "body";
+        encode?: IntentTlvField["encode"];
     }>;
 }
 interface AxisEffect {
@@ -929,4 +938,4 @@ declare class VarintHardeningSensor implements AxisSensor {
     run(input: SensorInput): Promise<SensorDecision>;
 }
 
-export { AxisRateLimit as $, type AxisIntentSensorOptions as A, type AxisIntentEnvelope as B, type ChainOptions as C, type AxisIntentObserver as D, type AxisIntentSensorBinding as E, type AxisIntentSensorBindingOptions as F, type AxisIntentSensorRef as G, type AxisIntentSensorWhen as H, type IntentTlvField as I, type AxisKeyExchangeRef as J, type AxisLawArticleSummary as K, type AxisLawDecision as L, type AxisLawEvaluationContext as M, type AxisLawEvaluationResult as N, ObserverDispatcherService as O, type AxisLawEvaluator as P, type AxisObserverBinding as Q, type RequiredProofKind as R, SensorRegistry as S, type TlvValidatorFn as T, type AxisObserverBindingOptions as U, type AxisObserverContext as V, type AxisObserverDefinition as W, type AxisObserverEvent as X, type AxisObserverRef as Y, type AxisObserverRegistration as Z, AxisPublic as _, type AxisObserverBindingInput as a, type TickAuthVerifier as a$, type AxisRateLimitConfig as a0, type AxisSensorConfigProvider as a1, AxisStream as a2, type AxisStreamOptions as a3, BodyBudgetSensor as a4, CAPSULE_POLICY_METADATA_KEY as a5, CONTRACT_METADATA_KEY as a6, CapabilityEnforcementSensor as a7, Capsule as a8, CapsulePolicy as a9, OBSERVER_METADATA_KEY as aA, Observer as aB, ObserverRegistry as aC, ProofPresenceSensor as aD, ProtocolStrictSensor as aE, REQUIRED_PROOF_METADATA_KEY as aF, ReceiptPolicySensor as aG, type RegisteredChainConfig as aH, RequiredProof as aI, RiskDecision as aJ, type RiskEvaluation as aK, RiskGateSensor as aL, type RiskGateSensorOptions as aM, type RiskSignal as aN, type RiskSignalCollector as aO, SENSITIVITY_METADATA_KEY as aP, SchemaValidationSensor as aQ, Sensitivity as aR, type SensorConfigSnapshot as aS, type SensorsSource as aT, StreamScopeSensor as aU, TLVParseSensor as aV, TLV_FIELDS_KEY as aW, TLV_VALIDATORS_KEY as aX, type TickAuthCapsuleRef as aY, TickAuthSensor as aZ, type TickAuthSensorOptions as a_, type CapsulePolicyOptions as aa, type CapsuleScopeMode as ab, ChunkHashSensor as ac, Contract as ad, DEFAULT_CONTRACTS as ae, EntropySensor as af, type ExecutionContract as ag, ExecutionTimeoutSensor as ah, FALLBACK_CONTRACT as ai, FrameBudgetSensor as aj, FrameHeaderSanitySensor as ak, HeaderTLVLimitSensor as al, INTENT_METADATA_KEY as am, INTENT_ROUTES_KEY as an, Intent as ao, IntentAllowlistSensor as ap, type IntentKind as aq, type IntentOptions as ar, IntentRegistrySensor as as, type IntentRoute as at, type LawArticlePresenceMode as au, LawArticlePresenceSensor as av, type LawArticlePresenceSensorOptions as aw, LawEvaluationSensor as ax, type LawEvaluationSensorOptions as ay, OBSERVER_BINDINGS_KEY as az, type AxisIntentSensorBindingInput as b, TlvEnum as b0, TlvField as b1, type TlvFieldKind as b2, type TlvFieldMeta as b3, type TlvFieldOptions as b4, TlvMinLen as b5, TlvRange as b6, TlvUtf8Pattern as b7, TlvValidate as b8, type TlvValidatorMeta as b9, TpsSensor as ba, type TpsSensorOptions as bb, VarintHardeningSensor as bc, Witness as bd, buildAxisLawEvaluationContext as be, toIntentSensorBinding as bf, toObserverBinding as bg, IntentRouter as c, type AxisChainEnvelope as d, type AxisChainResult as e, type AxisCapsuleRef as f, type AxisChainStep as g, type AxisContext as h, AXIS_ANONYMOUS_KEY as i, AXIS_AUTHORIZED_KEY as j, AXIS_META_KEY as k, AXIS_PUBLIC_KEY as l, AXIS_RATE_LIMIT_KEY as m, AXIS_STREAM_META_KEY as n, AccessProfileResolverSensor as o, Axis as p, AxisAnonymous as q, AxisAuthorized as r, type AxisChainEncryption as s, type AxisChainRequest as t, type AxisChainStatus as u, type AxisChainStepResult as v, type AxisChainStepStatus as w, type AxisConfigReader as x, type AxisEffect as y, type AxisExecutionMode as z };
+export { AxisRateLimit as $, type AxisIntentSensorOptions as A, type AxisIntentEnvelope as B, type ChainOptions as C, type AxisIntentObserver as D, type AxisIntentSensorBinding as E, type AxisIntentSensorBindingOptions as F, type AxisIntentSensorRef as G, type AxisIntentSensorWhen as H, type IntentTlvField as I, type AxisKeyExchangeRef as J, type AxisLawArticleSummary as K, type AxisLawDecision as L, type AxisLawEvaluationContext as M, type AxisLawEvaluationResult as N, ObserverDispatcherService as O, type AxisLawEvaluator as P, type AxisObserverBinding as Q, type RequiredProofKind as R, SensorRegistry as S, type TlvValidatorFn as T, type AxisObserverBindingOptions as U, type AxisObserverContext as V, type AxisObserverDefinition as W, type AxisObserverEvent as X, type AxisObserverRef as Y, type AxisObserverRegistration as Z, AxisPublic as _, type AxisObserverBindingInput as a, type TickAuthVerifier as a$, type AxisRateLimitConfig as a0, type AxisSensorConfigProvider as a1, AxisStream as a2, type AxisStreamOptions as a3, BodyBudgetSensor as a4, CAPSULE_POLICY_METADATA_KEY as a5, CONTRACT_METADATA_KEY as a6, CapabilityEnforcementSensor as a7, Capsule as a8, CapsulePolicy as a9, OBSERVER_METADATA_KEY as aA, Observer as aB, ObserverRegistry as aC, ProofPresenceSensor as aD, ProtocolStrictSensor as aE, REQUIRED_PROOF_METADATA_KEY as aF, ReceiptPolicySensor as aG, type RegisteredChainConfig as aH, RequiredProof as aI, RiskDecision as aJ, type RiskEvaluation as aK, RiskGateSensor as aL, type RiskGateSensorOptions as aM, type RiskSignal as aN, type RiskSignalCollector as aO, SENSITIVITY_METADATA_KEY as aP, SchemaValidationSensor as aQ, Sensitivity as aR, type SensorConfigSnapshot as aS, type SensorsSource as aT, StreamScopeSensor as aU, TLVParseSensor as aV, TLV_FIELDS_KEY as aW, TLV_VALIDATORS_KEY as aX, type TickAuthCapsuleRef as aY, TickAuthSensor as aZ, type TickAuthSensorOptions as a_, type CapsulePolicyOptions as aa, type CapsuleScopeMode as ab, ChunkHashSensor as ac, Contract as ad, DEFAULT_CONTRACTS as ae, EntropySensor as af, type ExecutionContract as ag, ExecutionTimeoutSensor as ah, FALLBACK_CONTRACT as ai, FrameBudgetSensor as aj, FrameHeaderSanitySensor as ak, HeaderTLVLimitSensor as al, INTENT_METADATA_KEY as am, INTENT_ROUTES_KEY as an, Intent as ao, IntentAllowlistSensor as ap, type IntentKind as aq, type IntentOptions as ar, IntentRegistrySensor as as, type IntentRoute as at, type LawArticlePresenceMode as au, LawArticlePresenceSensor as av, type LawArticlePresenceSensorOptions as aw, LawEvaluationSensor as ax, type LawEvaluationSensorOptions as ay, OBSERVER_BINDINGS_KEY as az, type AxisIntentSensorBindingInput as b, TlvEnum as b0, TlvField as b1, type TlvFieldEncodeRule as b2, type TlvFieldEncodeVisibility as b3, type TlvFieldKind as b4, type TlvFieldMeta as b5, type TlvFieldOptions as b6, TlvMinLen as b7, TlvRange as b8, TlvUtf8Pattern as b9, TlvValidate as ba, type TlvValidatorMeta as bb, TpsSensor as bc, type TpsSensorOptions as bd, VarintHardeningSensor as be, Witness as bf, buildAxisLawEvaluationContext as bg, toIntentSensorBinding as bh, toObserverBinding as bi, IntentRouter as c, type AxisChainEnvelope as d, type AxisChainResult as e, type AxisCapsuleRef as f, type AxisChainStep as g, type AxisContext as h, AXIS_ANONYMOUS_KEY as i, AXIS_AUTHORIZED_KEY as j, AXIS_META_KEY as k, AXIS_PUBLIC_KEY as l, AXIS_RATE_LIMIT_KEY as m, AXIS_STREAM_META_KEY as n, AccessProfileResolverSensor as o, Axis as p, AxisAnonymous as q, AxisAuthorized as r, type AxisChainEncryption as s, type AxisChainRequest as t, type AxisChainStatus as u, type AxisChainStepResult as v, type AxisChainStepStatus as w, type AxisConfigReader as x, type AxisEffect as y, type AxisExecutionMode as z };

package/dist/{index-OpaG6R6E.d.mts → index-DiWSbPZ8.d.mts}

@@ -282,6 +282,41 @@ type AxisObserverBindingInput = AxisObserverDefinition | AxisObserverBindingOpti
 declare function toObserverBinding(input?: AxisObserverBindingInput): AxisObserverBinding | null;
 declare function Observer(input?: AxisObserverBindingInput): ClassDecorator & MethodDecorator;
 
+declare const TLV_FIELDS_KEY = "axis:tlv:fields";
+declare const TLV_VALIDATORS_KEY = "axis:tlv:validators";
+type TlvFieldKind = "utf8" | "u64" | "bytes" | "bytes16" | "bool" | "obj" | "arr";
+interface TlvFieldEncodeRule {
+    onlyRoles?: readonly string[];
+    exceptRoles?: readonly string[];
+    policy?: string;
+}
+type TlvFieldEncodeVisibility = false | TlvFieldEncodeRule;
+interface TlvFieldOptions {
+    kind: TlvFieldKind;
+    required?: boolean;
+    maxLen?: number;
+    max?: string;
+    scope?: "header" | "body";
+    encode?: TlvFieldEncodeVisibility;
+}
+interface TlvFieldMeta {
+    property: string;
+    tag: number;
+    options: TlvFieldOptions;
+}
+type TlvValidatorFn = (value: Uint8Array, property: string) => string | null | undefined;
+interface TlvValidatorMeta {
+    property: string;
+    tag: number;
+    validators: TlvValidatorFn[];
+}
+declare function TlvField(tag: number, options: TlvFieldOptions): PropertyDecorator;
+declare function TlvValidate(validator: TlvValidatorFn): PropertyDecorator;
+declare function TlvUtf8Pattern(pattern: RegExp, message?: string): PropertyDecorator;
+declare function TlvMinLen(min: number, message?: string): PropertyDecorator;
+declare function TlvEnum(allowed: string[], message?: string): PropertyDecorator;
+declare function TlvRange(min: bigint, max: bigint, message?: string): PropertyDecorator;
+
 declare const INTENT_METADATA_KEY = "axis:intent";
 declare const INTENT_ROUTES_KEY = "axis:intent_routes";
 type IntentKind = "create" | "read" | "update" | "delete" | "action";
@@ -308,6 +343,7 @@ interface IntentTlvField {
     maxLen?: number;
     max?: string;
     scope?: "header" | "body";
+    encode?: TlvFieldEncodeVisibility;
 }
 interface IntentRoute extends AxisIntentSensorOptions {
     action: string;
@@ -336,34 +372,6 @@ interface IntentOptions extends AxisIntentSensorOptions {
 }
 declare function Intent(action: string, options?: IntentOptions): MethodDecorator;
 
-declare const TLV_FIELDS_KEY = "axis:tlv:fields";
-declare const TLV_VALIDATORS_KEY = "axis:tlv:validators";
-type TlvFieldKind = 'utf8' | 'u64' | 'bytes' | 'bytes16' | 'bool' | 'obj' | 'arr';
-interface TlvFieldOptions {
-    kind: TlvFieldKind;
-    required?: boolean;
-    maxLen?: number;
-    max?: string;
-    scope?: 'header' | 'body';
-}
-interface TlvFieldMeta {
-    property: string;
-    tag: number;
-    options: TlvFieldOptions;
-}
-type TlvValidatorFn = (value: Uint8Array, property: string) => string | null | undefined;
-interface TlvValidatorMeta {
-    property: string;
-    tag: number;
-    validators: TlvValidatorFn[];
-}
-declare function TlvField(tag: number, options: TlvFieldOptions): PropertyDecorator;
-declare function TlvValidate(validator: TlvValidatorFn): PropertyDecorator;
-declare function TlvUtf8Pattern(pattern: RegExp, message?: string): PropertyDecorator;
-declare function TlvMinLen(min: number, message?: string): PropertyDecorator;
-declare function TlvEnum(allowed: string[], message?: string): PropertyDecorator;
-declare function TlvRange(min: bigint, max: bigint, message?: string): PropertyDecorator;
-
 interface AxisDependencyResolver {
     resolve<T = unknown>(token: string | Function): T | undefined;
 }
@@ -428,6 +436,7 @@ interface IntentSchema {
         maxLen?: number;
         max?: string;
         scope?: "header" | "body";
+        encode?: IntentTlvField["encode"];
     }>;
 }
 interface AxisEffect {
@@ -929,4 +938,4 @@ declare class VarintHardeningSensor implements AxisSensor {
     run(input: SensorInput): Promise<SensorDecision>;
 }
 
-export { AxisRateLimit as $, type AxisIntentSensorOptions as A, type AxisIntentEnvelope as B, type ChainOptions as C, type AxisIntentObserver as D, type AxisIntentSensorBinding as E, type AxisIntentSensorBindingOptions as F, type AxisIntentSensorRef as G, type AxisIntentSensorWhen as H, type IntentTlvField as I, type AxisKeyExchangeRef as J, type AxisLawArticleSummary as K, type AxisLawDecision as L, type AxisLawEvaluationContext as M, type AxisLawEvaluationResult as N, ObserverDispatcherService as O, type AxisLawEvaluator as P, type AxisObserverBinding as Q, type RequiredProofKind as R, SensorRegistry as S, type TlvValidatorFn as T, type AxisObserverBindingOptions as U, type AxisObserverContext as V, type AxisObserverDefinition as W, type AxisObserverEvent as X, type AxisObserverRef as Y, type AxisObserverRegistration as Z, AxisPublic as _, type AxisObserverBindingInput as a, type TickAuthVerifier as a$, type AxisRateLimitConfig as a0, type AxisSensorConfigProvider as a1, AxisStream as a2, type AxisStreamOptions as a3, BodyBudgetSensor as a4, CAPSULE_POLICY_METADATA_KEY as a5, CONTRACT_METADATA_KEY as a6, CapabilityEnforcementSensor as a7, Capsule as a8, CapsulePolicy as a9, OBSERVER_METADATA_KEY as aA, Observer as aB, ObserverRegistry as aC, ProofPresenceSensor as aD, ProtocolStrictSensor as aE, REQUIRED_PROOF_METADATA_KEY as aF, ReceiptPolicySensor as aG, type RegisteredChainConfig as aH, RequiredProof as aI, RiskDecision as aJ, type RiskEvaluation as aK, RiskGateSensor as aL, type RiskGateSensorOptions as aM, type RiskSignal as aN, type RiskSignalCollector as aO, SENSITIVITY_METADATA_KEY as aP, SchemaValidationSensor as aQ, Sensitivity as aR, type SensorConfigSnapshot as aS, type SensorsSource as aT, StreamScopeSensor as aU, TLVParseSensor as aV, TLV_FIELDS_KEY as aW, TLV_VALIDATORS_KEY as aX, type TickAuthCapsuleRef as aY, TickAuthSensor as aZ, type TickAuthSensorOptions as a_, type CapsulePolicyOptions as aa, type CapsuleScopeMode as ab, ChunkHashSensor as ac, Contract as ad, DEFAULT_CONTRACTS as ae, EntropySensor as af, type ExecutionContract as ag, ExecutionTimeoutSensor as ah, FALLBACK_CONTRACT as ai, FrameBudgetSensor as aj, FrameHeaderSanitySensor as ak, HeaderTLVLimitSensor as al, INTENT_METADATA_KEY as am, INTENT_ROUTES_KEY as an, Intent as ao, IntentAllowlistSensor as ap, type IntentKind as aq, type IntentOptions as ar, IntentRegistrySensor as as, type IntentRoute as at, type LawArticlePresenceMode as au, LawArticlePresenceSensor as av, type LawArticlePresenceSensorOptions as aw, LawEvaluationSensor as ax, type LawEvaluationSensorOptions as ay, OBSERVER_BINDINGS_KEY as az, type AxisIntentSensorBindingInput as b, TlvEnum as b0, TlvField as b1, type TlvFieldKind as b2, type TlvFieldMeta as b3, type TlvFieldOptions as b4, TlvMinLen as b5, TlvRange as b6, TlvUtf8Pattern as b7, TlvValidate as b8, type TlvValidatorMeta as b9, TpsSensor as ba, type TpsSensorOptions as bb, VarintHardeningSensor as bc, Witness as bd, buildAxisLawEvaluationContext as be, toIntentSensorBinding as bf, toObserverBinding as bg, IntentRouter as c, type AxisChainEnvelope as d, type AxisChainResult as e, type AxisCapsuleRef as f, type AxisChainStep as g, type AxisContext as h, AXIS_ANONYMOUS_KEY as i, AXIS_AUTHORIZED_KEY as j, AXIS_META_KEY as k, AXIS_PUBLIC_KEY as l, AXIS_RATE_LIMIT_KEY as m, AXIS_STREAM_META_KEY as n, AccessProfileResolverSensor as o, Axis as p, AxisAnonymous as q, AxisAuthorized as r, type AxisChainEncryption as s, type AxisChainRequest as t, type AxisChainStatus as u, type AxisChainStepResult as v, type AxisChainStepStatus as w, type AxisConfigReader as x, type AxisEffect as y, type AxisExecutionMode as z };
+export { AxisRateLimit as $, type AxisIntentSensorOptions as A, type AxisIntentEnvelope as B, type ChainOptions as C, type AxisIntentObserver as D, type AxisIntentSensorBinding as E, type AxisIntentSensorBindingOptions as F, type AxisIntentSensorRef as G, type AxisIntentSensorWhen as H, type IntentTlvField as I, type AxisKeyExchangeRef as J, type AxisLawArticleSummary as K, type AxisLawDecision as L, type AxisLawEvaluationContext as M, type AxisLawEvaluationResult as N, ObserverDispatcherService as O, type AxisLawEvaluator as P, type AxisObserverBinding as Q, type RequiredProofKind as R, SensorRegistry as S, type TlvValidatorFn as T, type AxisObserverBindingOptions as U, type AxisObserverContext as V, type AxisObserverDefinition as W, type AxisObserverEvent as X, type AxisObserverRef as Y, type AxisObserverRegistration as Z, AxisPublic as _, type AxisObserverBindingInput as a, type TickAuthVerifier as a$, type AxisRateLimitConfig as a0, type AxisSensorConfigProvider as a1, AxisStream as a2, type AxisStreamOptions as a3, BodyBudgetSensor as a4, CAPSULE_POLICY_METADATA_KEY as a5, CONTRACT_METADATA_KEY as a6, CapabilityEnforcementSensor as a7, Capsule as a8, CapsulePolicy as a9, OBSERVER_METADATA_KEY as aA, Observer as aB, ObserverRegistry as aC, ProofPresenceSensor as aD, ProtocolStrictSensor as aE, REQUIRED_PROOF_METADATA_KEY as aF, ReceiptPolicySensor as aG, type RegisteredChainConfig as aH, RequiredProof as aI, RiskDecision as aJ, type RiskEvaluation as aK, RiskGateSensor as aL, type RiskGateSensorOptions as aM, type RiskSignal as aN, type RiskSignalCollector as aO, SENSITIVITY_METADATA_KEY as aP, SchemaValidationSensor as aQ, Sensitivity as aR, type SensorConfigSnapshot as aS, type SensorsSource as aT, StreamScopeSensor as aU, TLVParseSensor as aV, TLV_FIELDS_KEY as aW, TLV_VALIDATORS_KEY as aX, type TickAuthCapsuleRef as aY, TickAuthSensor as aZ, type TickAuthSensorOptions as a_, type CapsulePolicyOptions as aa, type CapsuleScopeMode as ab, ChunkHashSensor as ac, Contract as ad, DEFAULT_CONTRACTS as ae, EntropySensor as af, type ExecutionContract as ag, ExecutionTimeoutSensor as ah, FALLBACK_CONTRACT as ai, FrameBudgetSensor as aj, FrameHeaderSanitySensor as ak, HeaderTLVLimitSensor as al, INTENT_METADATA_KEY as am, INTENT_ROUTES_KEY as an, Intent as ao, IntentAllowlistSensor as ap, type IntentKind as aq, type IntentOptions as ar, IntentRegistrySensor as as, type IntentRoute as at, type LawArticlePresenceMode as au, LawArticlePresenceSensor as av, type LawArticlePresenceSensorOptions as aw, LawEvaluationSensor as ax, type LawEvaluationSensorOptions as ay, OBSERVER_BINDINGS_KEY as az, type AxisIntentSensorBindingInput as b, TlvEnum as b0, TlvField as b1, type TlvFieldEncodeRule as b2, type TlvFieldEncodeVisibility as b3, type TlvFieldKind as b4, type TlvFieldMeta as b5, type TlvFieldOptions as b6, TlvMinLen as b7, TlvRange as b8, TlvUtf8Pattern as b9, TlvValidate as ba, type TlvValidatorMeta as bb, TpsSensor as bc, type TpsSensorOptions as bd, VarintHardeningSensor as be, Witness as bf, buildAxisLawEvaluationContext as bg, toIntentSensorBinding as bh, toObserverBinding as bi, IntentRouter as c, type AxisChainEnvelope as d, type AxisChainResult as e, type AxisCapsuleRef as f, type AxisChainStep as g, type AxisContext as h, AXIS_ANONYMOUS_KEY as i, AXIS_AUTHORIZED_KEY as j, AXIS_META_KEY as k, AXIS_PUBLIC_KEY as l, AXIS_RATE_LIMIT_KEY as m, AXIS_STREAM_META_KEY as n, AccessProfileResolverSensor as o, Axis as p, AxisAnonymous as q, AxisAuthorized as r, type AxisChainEncryption as s, type AxisChainRequest as t, type AxisChainStatus as u, type AxisChainStepResult as v, type AxisChainStepStatus as w, type AxisConfigReader as x, type AxisEffect as y, type AxisExecutionMode as z };

package/dist/index.d.mts

@@ -1,5 +1,5 @@
-import { C as ChainOptions, A as AxisIntentSensorOptions, a as AxisObserverBindingInput, b as AxisIntentSensorBindingInput, R as RequiredProofKind, I as IntentTlvField, T as TlvValidatorFn, c as IntentRouter, O as ObserverDispatcherService, d as AxisChainEnvelope, e as AxisChainResult, f as AxisCapsuleRef, g as AxisChainStep, h as AxisContext, S as SensorRegistry } from './index-OpaG6R6E.mjs';
-export { i as AXIS_ANONYMOUS_KEY, j as AXIS_AUTHORIZED_KEY, k as AXIS_META_KEY, l as AXIS_PUBLIC_KEY, m as AXIS_RATE_LIMIT_KEY, n as AXIS_STREAM_META_KEY, o as AccessProfileResolverSensor, p as Axis, q as AxisAnonymous, r as AxisAuthorized, s as AxisChainEncryption, t as AxisChainRequest, u as AxisChainStatus, v as AxisChainStepResult, w as AxisChainStepStatus, x as AxisConfigReader, y as AxisEffect, z as AxisExecutionMode, B as AxisIntentEnvelope, D as AxisIntentObserver, E as AxisIntentSensorBinding, F as AxisIntentSensorBindingOptions, G as AxisIntentSensorRef, H as AxisIntentSensorWhen, J as AxisKeyExchangeRef, K as AxisLawArticleSummary, L as AxisLawDecision, M as AxisLawEvaluationContext, N as AxisLawEvaluationResult, P as AxisLawEvaluator, Q as AxisObserverBinding, U as AxisObserverBindingOptions, V as AxisObserverContext, W as AxisObserverDefinition, X as AxisObserverEvent, Y as AxisObserverRef, Z as AxisObserverRegistration, _ as AxisPublic, $ as AxisRateLimit, a0 as AxisRateLimitConfig, a1 as AxisSensorConfigProvider, a2 as AxisStream, a3 as AxisStreamOptions, a4 as BodyBudgetSensor, a5 as CAPSULE_POLICY_METADATA_KEY, a6 as CONTRACT_METADATA_KEY, a7 as CapabilityEnforcementSensor, a8 as Capsule, a9 as CapsulePolicy, aa as CapsulePolicyOptions, ab as CapsuleScopeMode, ac as ChunkHashSensor, ad as Contract, ae as DEFAULT_CONTRACTS, af as EntropySensor, ag as ExecutionContract, ah as ExecutionTimeoutSensor, ai as FALLBACK_CONTRACT, aj as FrameBudgetSensor, ak as FrameHeaderSanitySensor, al as HeaderTLVLimitSensor, am as INTENT_METADATA_KEY, an as INTENT_ROUTES_KEY, ao as Intent, ap as IntentAllowlistSensor, aq as IntentKind, ar as IntentOptions, as as IntentRegistrySensor, at as IntentRoute, au as LawArticlePresenceMode, av as LawArticlePresenceSensor, aw as LawArticlePresenceSensorOptions, ax as LawEvaluationSensor, ay as LawEvaluationSensorOptions, az as OBSERVER_BINDINGS_KEY, aA as OBSERVER_METADATA_KEY, aB as Observer, aC as ObserverRegistry, aD as ProofPresenceSensor, aE as ProtocolStrictSensor, aF as REQUIRED_PROOF_METADATA_KEY, aG as ReceiptPolicySensor, aH as RegisteredChainConfig, aI as RequiredProof, aJ as RiskDecision, aK as RiskEvaluation, aL as RiskGateSensor, aM as RiskGateSensorOptions, aN as RiskSignal, aO as RiskSignalCollector, aP as SENSITIVITY_METADATA_KEY, aQ as SchemaValidationSensor, aR as Sensitivity, aS as SensorConfigSnapshot, aT as SensorsSource, aU as StreamScopeSensor, aV as TLVParseSensor, aW as TLV_FIELDS_KEY, aX as TLV_VALIDATORS_KEY, aY as TickAuthCapsuleRef, aZ as TickAuthSensor, a_ as TickAuthSensorOptions, a$ as TickAuthVerifier, b0 as TlvEnum, b1 as TlvField, b2 as TlvFieldKind, b3 as TlvFieldMeta, b4 as TlvFieldOptions, b5 as TlvMinLen, b6 as TlvRange, b7 as TlvUtf8Pattern, b8 as TlvValidate, b9 as TlvValidatorMeta, ba as TpsSensor, bb as TpsSensorOptions, bc as VarintHardeningSensor, bd as Witness, be as buildAxisLawEvaluationContext, bf as toIntentSensorBinding, bg as toObserverBinding } from './index-OpaG6R6E.mjs';
+import { C as ChainOptions, A as AxisIntentSensorOptions, a as AxisObserverBindingInput, b as AxisIntentSensorBindingInput, R as RequiredProofKind, I as IntentTlvField, T as TlvValidatorFn, c as IntentRouter, O as ObserverDispatcherService, d as AxisChainEnvelope, e as AxisChainResult, f as AxisCapsuleRef, g as AxisChainStep, h as AxisContext, S as SensorRegistry } from './index-DiWSbPZ8.mjs';
+export { i as AXIS_ANONYMOUS_KEY, j as AXIS_AUTHORIZED_KEY, k as AXIS_META_KEY, l as AXIS_PUBLIC_KEY, m as AXIS_RATE_LIMIT_KEY, n as AXIS_STREAM_META_KEY, o as AccessProfileResolverSensor, p as Axis, q as AxisAnonymous, r as AxisAuthorized, s as AxisChainEncryption, t as AxisChainRequest, u as AxisChainStatus, v as AxisChainStepResult, w as AxisChainStepStatus, x as AxisConfigReader, y as AxisEffect, z as AxisExecutionMode, B as AxisIntentEnvelope, D as AxisIntentObserver, E as AxisIntentSensorBinding, F as AxisIntentSensorBindingOptions, G as AxisIntentSensorRef, H as AxisIntentSensorWhen, J as AxisKeyExchangeRef, K as AxisLawArticleSummary, L as AxisLawDecision, M as AxisLawEvaluationContext, N as AxisLawEvaluationResult, P as AxisLawEvaluator, Q as AxisObserverBinding, U as AxisObserverBindingOptions, V as AxisObserverContext, W as AxisObserverDefinition, X as AxisObserverEvent, Y as AxisObserverRef, Z as AxisObserverRegistration, _ as AxisPublic, $ as AxisRateLimit, a0 as AxisRateLimitConfig, a1 as AxisSensorConfigProvider, a2 as AxisStream, a3 as AxisStreamOptions, a4 as BodyBudgetSensor, a5 as CAPSULE_POLICY_METADATA_KEY, a6 as CONTRACT_METADATA_KEY, a7 as CapabilityEnforcementSensor, a8 as Capsule, a9 as CapsulePolicy, aa as CapsulePolicyOptions, ab as CapsuleScopeMode, ac as ChunkHashSensor, ad as Contract, ae as DEFAULT_CONTRACTS, af as EntropySensor, ag as ExecutionContract, ah as ExecutionTimeoutSensor, ai as FALLBACK_CONTRACT, aj as FrameBudgetSensor, ak as FrameHeaderSanitySensor, al as HeaderTLVLimitSensor, am as INTENT_METADATA_KEY, an as INTENT_ROUTES_KEY, ao as Intent, ap as IntentAllowlistSensor, aq as IntentKind, ar as IntentOptions, as as IntentRegistrySensor, at as IntentRoute, au as LawArticlePresenceMode, av as LawArticlePresenceSensor, aw as LawArticlePresenceSensorOptions, ax as LawEvaluationSensor, ay as LawEvaluationSensorOptions, az as OBSERVER_BINDINGS_KEY, aA as OBSERVER_METADATA_KEY, aB as Observer, aC as ObserverRegistry, aD as ProofPresenceSensor, aE as ProtocolStrictSensor, aF as REQUIRED_PROOF_METADATA_KEY, aG as ReceiptPolicySensor, aH as RegisteredChainConfig, aI as RequiredProof, aJ as RiskDecision, aK as RiskEvaluation, aL as RiskGateSensor, aM as RiskGateSensorOptions, aN as RiskSignal, aO as RiskSignalCollector, aP as SENSITIVITY_METADATA_KEY, aQ as SchemaValidationSensor, aR as Sensitivity, aS as SensorConfigSnapshot, aT as SensorsSource, aU as StreamScopeSensor, aV as TLVParseSensor, aW as TLV_FIELDS_KEY, aX as TLV_VALIDATORS_KEY, aY as TickAuthCapsuleRef, aZ as TickAuthSensor, a_ as TickAuthSensorOptions, a$ as TickAuthVerifier, b0 as TlvEnum, b1 as TlvField, b2 as TlvFieldEncodeRule, b3 as TlvFieldEncodeVisibility, b4 as TlvFieldKind, b5 as TlvFieldMeta, b6 as TlvFieldOptions, b7 as TlvMinLen, b8 as TlvRange, b9 as TlvUtf8Pattern, ba as TlvValidate, bb as TlvValidatorMeta, bc as TpsSensor, bd as TpsSensorOptions, be as VarintHardeningSensor, bf as Witness, bg as buildAxisLawEvaluationContext, bh as toIntentSensorBinding, bi as toObserverBinding } from './index-DiWSbPZ8.mjs';
 import { AxisFrame } from '@nextera.one/axis-protocol';
 export { AXIS_MAGIC, AXIS_VERSION, AxisBinaryFrame, AxisFrame, TLV as AxisTlvType, ERR_BAD_SIGNATURE, ERR_CONTRACT_VIOLATION, ERR_INVALID_PACKET, ERR_REPLAY_DETECTED, FLAG_BODY_TLV, FLAG_CHAIN_REQ, FLAG_HAS_WITNESS, MAX_BODY_LEN, MAX_FRAME_LEN, MAX_HDR_LEN, MAX_SIG_LEN, NCERT_ALG, NCERT_EXP, NCERT_ISSUER_KID, NCERT_KID, NCERT_NBF, NCERT_NODE_ID, NCERT_PAYLOAD, NCERT_PUB, NCERT_SCOPE, NCERT_SIG, PROOF_CAPSULE, PROOF_JWT, PROOF_KINDS, PROOF_LOOM, PROOF_MTLS, PROOF_NONE, PROOF_WITNESS, ProofKind, TLV, TLV_ACTOR_ID, TLV_AUD, TLV_BODY_ARR, TLV_BODY_OBJ, TLV_CAPSULE, TLV_EFFECT, TLV_ERROR_CODE, TLV_ERROR_MSG, TLV_INDEX, TLV_INTENT, TLV_KID, TLV_LOOM_PRESENCE_ID, TLV_LOOM_THREAD_HASH, TLV_LOOM_WRIT, TLV_NODE, TLV_NODE_CERT_HASH, TLV_NODE_KID, TLV_NONCE, TLV_OFFSET, TLV_OK, TLV_PID, TLV_LOOM_PRESENCE_ID as TLV_PRESENCE_ID, TLV_PREV_HASH, TLV_PROOF_REF, TLV_PROOF_TYPE, TLV_REALM, TLV_RECEIPT_HASH, TLV_RID, TLV_SHA256_CHUNK, TLV_LOOM_THREAD_HASH as TLV_THREAD_HASH, TLV_TRACE_ID, TLV_TS, TLV_UPLOAD_ID, TLV_LOOM_WRIT as TLV_WRIT, decodeArray, decodeFrame, decodeObject, decodeTLVs, decodeTLVsList, decodeVarint, encodeFrame, encodeTLVs, encodeVarint, getSignTarget, varintLength } from '@nextera.one/axis-protocol';
 import { A as AxisObservation, L as LoomReceipt, T as ThreadState, W as WritValidationResult, G as Grant, a as GrantCapability, P as PresenceDeclaration, b as PresenceChallenge, c as Writ, R as Revocation, d as WritBody, e as WritMeta, f as PresenceReceipt, g as GrantStatus, h as PresenceStatus, i as PresenceProof, j as GrantValidationResult, k as PresenceVerifyResult } from './index-CXewlhg-.mjs';
@@ -745,10 +745,26 @@ declare class AxisSensorChainService {
     evaluatePre(input: SensorInput): Promise<SensorDecision>;
     evaluatePost(input: SensorInput, baseDecision?: SensorDecision): Promise<SensorDecision>;
     private evaluateSensors;
+    private matchesProofKind;
+    private normalizeProofKinds;
 }
 
 type AxisTlvDtoCtor<T = object> = new (...args: never[]) => T;
-declare function encodeAxisTlvDto<T extends object>(dtoClass: AxisTlvDtoCtor<T>, data: Partial<Record<keyof T, unknown>>): Uint8Array;
+interface AxisTlvFieldPolicyInput<T extends object = object> {
+    field: IntentTlvField;
+    value: unknown;
+    data: Partial<Record<keyof T, unknown>>;
+    context: AxisTlvEncodeContext<T>;
+}
+type AxisTlvFieldPolicy<T extends object = object> = (input: AxisTlvFieldPolicyInput<T>) => boolean;
+interface AxisTlvEncodeContext<T extends object = object> {
+    roles?: readonly string[];
+    actorId?: string;
+    phase?: 'request' | 'response';
+    policies?: Record<string, AxisTlvFieldPolicy<T>>;
+}
+declare function encodeAxisTlvDto<T extends object>(dtoClass: AxisTlvDtoCtor<T>, data: Partial<Record<keyof T, unknown>>, context?: AxisTlvEncodeContext<T>): Uint8Array;
+declare function projectAxisTlvDto<T extends object>(dtoClass: AxisTlvDtoCtor<T>, data: Partial<Record<keyof T, unknown>>, context?: AxisTlvEncodeContext<T>): Partial<Record<keyof T, unknown>>;
 
 declare function createPresenceChallenge(declaration: PresenceDeclaration, ttlMs?: number): PresenceChallenge;
 declare function signPresenceChallenge(challenge: PresenceChallenge, privateKeyHex: string, publicKeyHex: string, declaration: PresenceDeclaration, kid?: string): PresenceProof;
@@ -785,4 +801,4 @@ declare function executeLoomPipeline(writ: Writ, publicKeyHex: string, presence:
     code: string;
 };
 
-export { ATS1_HDR, ATS1_SCHEMA, AXIS_EXECUTION_CONTEXT_KEY, AXIS_OPCODES, AXIS_UPLOAD_FILE_STORE, AXIS_UPLOAD_RECEIPT_SIGNER, AXIS_UPLOAD_SESSION_STORE, ats1 as Ats1Codec, Axis1DecodedFrame, type AxisPacket as AxisBinaryPacket, AxisCapsuleRef, AxisChainEnvelope, AxisChainExecutor, AxisChainResult, AxisChainStep, type AxisCrudHandler, type AxisDecoded, type AxisExecutionContext, type AxisHandler, type AxisHandlerInit, AxisIdDto, AxisIntentSensorBindingInput, AxisIntentSensorOptions, AxisMediaTypes, AxisObservation, AxisObserverBindingInput, T as AxisPacketTags, AxisPartialType, AxisResponseDto, AxisSensorChainService, AxisTlvDto, BAND, BodyProfile, type BodyProfileValidation, BodyProfileValidator, CAPABILITIES, CHAIN_METADATA_KEY, type Capability, Chain, ChainOptions, type ChainResult, ContractViolationError, DEFAULT_TIMEOUT, type DeviceSEContext, DiskUploadFileStore, type DtoSchema, ExecutionMeter, type ExecutionMetrics, Grant, GrantCapability, GrantStatus, GrantValidationResult, HANDLER_METADATA_KEY, HANDLER_SENSORS_KEY, Handler, type HandlerOptions, HandlerSensors, INTENT_BODY_KEY, INTENT_REQUIREMENTS, INTENT_SENSITIVITY_MAP, INTENT_SENSORS_KEY, INTENT_TIMEOUTS, IntentBody, type IntentDefinition, IntentRouter, IntentSensitivity, IntentSensors, IntentTlvField, type LoomExecutionResult, LoomReceipt, type MTLSContext, type ObservationQueueConfig, type ObservationQueueMessage, type ObservationStreamEntry, type ObservationWitnessSummary, ObserverDispatcherService, type ObserverVerdict, PRE_DECODE_BOUNDARY, PROOF_CAPABILITIES, PresenceChallenge, PresenceDeclaration, PresenceProof, PresenceReceipt, PresenceStatus, PresenceVerifyResult, type ProofType, type ProofVerificationResult, ProofVerificationService, RESPONSE_TAG_CREATED_AT, RESPONSE_TAG_CREATED_BY, RESPONSE_TAG_ID, RESPONSE_TAG_UPDATED_AT, RESPONSE_TAG_UPDATED_BY, type ReceiptEffect, RequiredProofKind, type ResponseContract, ResponseObserver, type ResponseObserverContext, Revocation, SENSOR_METADATA_KEY, Schema2002_PasskeyLoginOptionsRes, Schema2011_PasskeyLoginVerifyReq, Schema2012_PasskeyLoginVerifyRes, Schema2021_PasskeyRegisterOptionsReq, Sensor, type SensorBand, SensorDecision, SensorInput, type SensorOptions, type SensorPhase, SensorRegistry, ThreadState, TlvValidatorFn, type UnsignedObservationWitness, type UploadFileStat, type UploadFileStore, type UploadReceiptSigner, type UploadSessionRecord, type UploadSessionStatus, type UploadSessionStore, Writ, WritBody, WritMeta, WritValidationResult, b64urlDecode, b64urlDecodeString, b64urlEncode, b64urlEncodeString, buildAts1Hdr, buildDtoDecoder, buildPacket, buildQueueMessage, buildReceiptHash, buildTLVs, buildUnsignedWitness, bytes, canAccessResource, canonicalJson, canonicalJsonExcluding, canonicalizeObservation, classifyIntent, createGrant, createPresenceChallenge, createReceipt, createRevocation, createWrit, decodeQueueMessage, encVarint, encodeAxisTlvDto, encodeQueueMessage, executeLoomPipeline, extractDtoSchema, getAxisExecutionContext, getGrantStatus, getPresenceStatus, grantCoversAction, hasScope, hashObservation, isAdminOpcode, isKnownOpcode, isRevoked, isTimestampValid, mergeAxisExecutionContext, nonce16, packPasskeyLoginOptionsReq, packPasskeyLoginOptionsRes, packPasskeyLoginVerifyReq, packPasskeyLoginVerifyRes, packPasskeyRegisterOptionsReq, parseAutoClaimEntries, parseScope, parseStreamEntries, renewPresence, resolveTimeout, sensitivityName, signPresenceChallenge, stableJsonStringify, tlv, u64be, unpackPasskeyLoginOptionsReq, unpackPasskeyLoginVerifyReq, unpackPasskeyRegisterOptionsReq, updateThreadState, utf8, validateFrameShape, validateGrant, validateWrit, varintU, verifyPresenceProof, verifyReceiptChain, verifyResponse, withAxisExecutionContext };
+export { ATS1_HDR, ATS1_SCHEMA, AXIS_EXECUTION_CONTEXT_KEY, AXIS_OPCODES, AXIS_UPLOAD_FILE_STORE, AXIS_UPLOAD_RECEIPT_SIGNER, AXIS_UPLOAD_SESSION_STORE, ats1 as Ats1Codec, Axis1DecodedFrame, type AxisPacket as AxisBinaryPacket, AxisCapsuleRef, AxisChainEnvelope, AxisChainExecutor, AxisChainResult, AxisChainStep, type AxisCrudHandler, type AxisDecoded, type AxisExecutionContext, type AxisHandler, type AxisHandlerInit, AxisIdDto, AxisIntentSensorBindingInput, AxisIntentSensorOptions, AxisMediaTypes, AxisObservation, AxisObserverBindingInput, T as AxisPacketTags, AxisPartialType, AxisResponseDto, AxisSensorChainService, AxisTlvDto, type AxisTlvEncodeContext, type AxisTlvFieldPolicy, type AxisTlvFieldPolicyInput, BAND, BodyProfile, type BodyProfileValidation, BodyProfileValidator, CAPABILITIES, CHAIN_METADATA_KEY, type Capability, Chain, ChainOptions, type ChainResult, ContractViolationError, DEFAULT_TIMEOUT, type DeviceSEContext, DiskUploadFileStore, type DtoSchema, ExecutionMeter, type ExecutionMetrics, Grant, GrantCapability, GrantStatus, GrantValidationResult, HANDLER_METADATA_KEY, HANDLER_SENSORS_KEY, Handler, type HandlerOptions, HandlerSensors, INTENT_BODY_KEY, INTENT_REQUIREMENTS, INTENT_SENSITIVITY_MAP, INTENT_SENSORS_KEY, INTENT_TIMEOUTS, IntentBody, type IntentDefinition, IntentRouter, IntentSensitivity, IntentSensors, IntentTlvField, type LoomExecutionResult, LoomReceipt, type MTLSContext, type ObservationQueueConfig, type ObservationQueueMessage, type ObservationStreamEntry, type ObservationWitnessSummary, ObserverDispatcherService, type ObserverVerdict, PRE_DECODE_BOUNDARY, PROOF_CAPABILITIES, PresenceChallenge, PresenceDeclaration, PresenceProof, PresenceReceipt, PresenceStatus, PresenceVerifyResult, type ProofType, type ProofVerificationResult, ProofVerificationService, RESPONSE_TAG_CREATED_AT, RESPONSE_TAG_CREATED_BY, RESPONSE_TAG_ID, RESPONSE_TAG_UPDATED_AT, RESPONSE_TAG_UPDATED_BY, type ReceiptEffect, RequiredProofKind, type ResponseContract, ResponseObserver, type ResponseObserverContext, Revocation, SENSOR_METADATA_KEY, Schema2002_PasskeyLoginOptionsRes, Schema2011_PasskeyLoginVerifyReq, Schema2012_PasskeyLoginVerifyRes, Schema2021_PasskeyRegisterOptionsReq, Sensor, type SensorBand, SensorDecision, SensorInput, type SensorOptions, type SensorPhase, SensorRegistry, ThreadState, TlvValidatorFn, type UnsignedObservationWitness, type UploadFileStat, type UploadFileStore, type UploadReceiptSigner, type UploadSessionRecord, type UploadSessionStatus, type UploadSessionStore, Writ, WritBody, WritMeta, WritValidationResult, b64urlDecode, b64urlDecodeString, b64urlEncode, b64urlEncodeString, buildAts1Hdr, buildDtoDecoder, buildPacket, buildQueueMessage, buildReceiptHash, buildTLVs, buildUnsignedWitness, bytes, canAccessResource, canonicalJson, canonicalJsonExcluding, canonicalizeObservation, classifyIntent, createGrant, createPresenceChallenge, createReceipt, createRevocation, createWrit, decodeQueueMessage, encVarint, encodeAxisTlvDto, encodeQueueMessage, executeLoomPipeline, extractDtoSchema, getAxisExecutionContext, getGrantStatus, getPresenceStatus, grantCoversAction, hasScope, hashObservation, isAdminOpcode, isKnownOpcode, isRevoked, isTimestampValid, mergeAxisExecutionContext, nonce16, packPasskeyLoginOptionsReq, packPasskeyLoginOptionsRes, packPasskeyLoginVerifyReq, packPasskeyLoginVerifyRes, packPasskeyRegisterOptionsReq, parseAutoClaimEntries, parseScope, parseStreamEntries, projectAxisTlvDto, renewPresence, resolveTimeout, sensitivityName, signPresenceChallenge, stableJsonStringify, tlv, u64be, unpackPasskeyLoginOptionsReq, unpackPasskeyLoginVerifyReq, unpackPasskeyRegisterOptionsReq, updateThreadState, utf8, validateFrameShape, validateGrant, validateWrit, varintU, verifyPresenceProof, verifyReceiptChain, verifyResponse, withAxisExecutionContext };

package/dist/index.d.ts

@@ -1,5 +1,5 @@
-import { C as ChainOptions, A as AxisIntentSensorOptions, a as AxisObserverBindingInput, b as AxisIntentSensorBindingInput, R as RequiredProofKind, I as IntentTlvField, T as TlvValidatorFn, c as IntentRouter, O as ObserverDispatcherService, d as AxisChainEnvelope, e as AxisChainResult, f as AxisCapsuleRef, g as AxisChainStep, h as AxisContext, S as SensorRegistry } from './index-CjHt1HEv.js';
-export { i as AXIS_ANONYMOUS_KEY, j as AXIS_AUTHORIZED_KEY, k as AXIS_META_KEY, l as AXIS_PUBLIC_KEY, m as AXIS_RATE_LIMIT_KEY, n as AXIS_STREAM_META_KEY, o as AccessProfileResolverSensor, p as Axis, q as AxisAnonymous, r as AxisAuthorized, s as AxisChainEncryption, t as AxisChainRequest, u as AxisChainStatus, v as AxisChainStepResult, w as AxisChainStepStatus, x as AxisConfigReader, y as AxisEffect, z as AxisExecutionMode, B as AxisIntentEnvelope, D as AxisIntentObserver, E as AxisIntentSensorBinding, F as AxisIntentSensorBindingOptions, G as AxisIntentSensorRef, H as AxisIntentSensorWhen, J as AxisKeyExchangeRef, K as AxisLawArticleSummary, L as AxisLawDecision, M as AxisLawEvaluationContext, N as AxisLawEvaluationResult, P as AxisLawEvaluator, Q as AxisObserverBinding, U as AxisObserverBindingOptions, V as AxisObserverContext, W as AxisObserverDefinition, X as AxisObserverEvent, Y as AxisObserverRef, Z as AxisObserverRegistration, _ as AxisPublic, $ as AxisRateLimit, a0 as AxisRateLimitConfig, a1 as AxisSensorConfigProvider, a2 as AxisStream, a3 as AxisStreamOptions, a4 as BodyBudgetSensor, a5 as CAPSULE_POLICY_METADATA_KEY, a6 as CONTRACT_METADATA_KEY, a7 as CapabilityEnforcementSensor, a8 as Capsule, a9 as CapsulePolicy, aa as CapsulePolicyOptions, ab as CapsuleScopeMode, ac as ChunkHashSensor, ad as Contract, ae as DEFAULT_CONTRACTS, af as EntropySensor, ag as ExecutionContract, ah as ExecutionTimeoutSensor, ai as FALLBACK_CONTRACT, aj as FrameBudgetSensor, ak as FrameHeaderSanitySensor, al as HeaderTLVLimitSensor, am as INTENT_METADATA_KEY, an as INTENT_ROUTES_KEY, ao as Intent, ap as IntentAllowlistSensor, aq as IntentKind, ar as IntentOptions, as as IntentRegistrySensor, at as IntentRoute, au as LawArticlePresenceMode, av as LawArticlePresenceSensor, aw as LawArticlePresenceSensorOptions, ax as LawEvaluationSensor, ay as LawEvaluationSensorOptions, az as OBSERVER_BINDINGS_KEY, aA as OBSERVER_METADATA_KEY, aB as Observer, aC as ObserverRegistry, aD as ProofPresenceSensor, aE as ProtocolStrictSensor, aF as REQUIRED_PROOF_METADATA_KEY, aG as ReceiptPolicySensor, aH as RegisteredChainConfig, aI as RequiredProof, aJ as RiskDecision, aK as RiskEvaluation, aL as RiskGateSensor, aM as RiskGateSensorOptions, aN as RiskSignal, aO as RiskSignalCollector, aP as SENSITIVITY_METADATA_KEY, aQ as SchemaValidationSensor, aR as Sensitivity, aS as SensorConfigSnapshot, aT as SensorsSource, aU as StreamScopeSensor, aV as TLVParseSensor, aW as TLV_FIELDS_KEY, aX as TLV_VALIDATORS_KEY, aY as TickAuthCapsuleRef, aZ as TickAuthSensor, a_ as TickAuthSensorOptions, a$ as TickAuthVerifier, b0 as TlvEnum, b1 as TlvField, b2 as TlvFieldKind, b3 as TlvFieldMeta, b4 as TlvFieldOptions, b5 as TlvMinLen, b6 as TlvRange, b7 as TlvUtf8Pattern, b8 as TlvValidate, b9 as TlvValidatorMeta, ba as TpsSensor, bb as TpsSensorOptions, bc as VarintHardeningSensor, bd as Witness, be as buildAxisLawEvaluationContext, bf as toIntentSensorBinding, bg as toObserverBinding } from './index-CjHt1HEv.js';
+import { C as ChainOptions, A as AxisIntentSensorOptions, a as AxisObserverBindingInput, b as AxisIntentSensorBindingInput, R as RequiredProofKind, I as IntentTlvField, T as TlvValidatorFn, c as IntentRouter, O as ObserverDispatcherService, d as AxisChainEnvelope, e as AxisChainResult, f as AxisCapsuleRef, g as AxisChainStep, h as AxisContext, S as SensorRegistry } from './index-BRV_ohRW.js';
+export { i as AXIS_ANONYMOUS_KEY, j as AXIS_AUTHORIZED_KEY, k as AXIS_META_KEY, l as AXIS_PUBLIC_KEY, m as AXIS_RATE_LIMIT_KEY, n as AXIS_STREAM_META_KEY, o as AccessProfileResolverSensor, p as Axis, q as AxisAnonymous, r as AxisAuthorized, s as AxisChainEncryption, t as AxisChainRequest, u as AxisChainStatus, v as AxisChainStepResult, w as AxisChainStepStatus, x as AxisConfigReader, y as AxisEffect, z as AxisExecutionMode, B as AxisIntentEnvelope, D as AxisIntentObserver, E as AxisIntentSensorBinding, F as AxisIntentSensorBindingOptions, G as AxisIntentSensorRef, H as AxisIntentSensorWhen, J as AxisKeyExchangeRef, K as AxisLawArticleSummary, L as AxisLawDecision, M as AxisLawEvaluationContext, N as AxisLawEvaluationResult, P as AxisLawEvaluator, Q as AxisObserverBinding, U as AxisObserverBindingOptions, V as AxisObserverContext, W as AxisObserverDefinition, X as AxisObserverEvent, Y as AxisObserverRef, Z as AxisObserverRegistration, _ as AxisPublic, $ as AxisRateLimit, a0 as AxisRateLimitConfig, a1 as AxisSensorConfigProvider, a2 as AxisStream, a3 as AxisStreamOptions, a4 as BodyBudgetSensor, a5 as CAPSULE_POLICY_METADATA_KEY, a6 as CONTRACT_METADATA_KEY, a7 as CapabilityEnforcementSensor, a8 as Capsule, a9 as CapsulePolicy, aa as CapsulePolicyOptions, ab as CapsuleScopeMode, ac as ChunkHashSensor, ad as Contract, ae as DEFAULT_CONTRACTS, af as EntropySensor, ag as ExecutionContract, ah as ExecutionTimeoutSensor, ai as FALLBACK_CONTRACT, aj as FrameBudgetSensor, ak as FrameHeaderSanitySensor, al as HeaderTLVLimitSensor, am as INTENT_METADATA_KEY, an as INTENT_ROUTES_KEY, ao as Intent, ap as IntentAllowlistSensor, aq as IntentKind, ar as IntentOptions, as as IntentRegistrySensor, at as IntentRoute, au as LawArticlePresenceMode, av as LawArticlePresenceSensor, aw as LawArticlePresenceSensorOptions, ax as LawEvaluationSensor, ay as LawEvaluationSensorOptions, az as OBSERVER_BINDINGS_KEY, aA as OBSERVER_METADATA_KEY, aB as Observer, aC as ObserverRegistry, aD as ProofPresenceSensor, aE as ProtocolStrictSensor, aF as REQUIRED_PROOF_METADATA_KEY, aG as ReceiptPolicySensor, aH as RegisteredChainConfig, aI as RequiredProof, aJ as RiskDecision, aK as RiskEvaluation, aL as RiskGateSensor, aM as RiskGateSensorOptions, aN as RiskSignal, aO as RiskSignalCollector, aP as SENSITIVITY_METADATA_KEY, aQ as SchemaValidationSensor, aR as Sensitivity, aS as SensorConfigSnapshot, aT as SensorsSource, aU as StreamScopeSensor, aV as TLVParseSensor, aW as TLV_FIELDS_KEY, aX as TLV_VALIDATORS_KEY, aY as TickAuthCapsuleRef, aZ as TickAuthSensor, a_ as TickAuthSensorOptions, a$ as TickAuthVerifier, b0 as TlvEnum, b1 as TlvField, b2 as TlvFieldEncodeRule, b3 as TlvFieldEncodeVisibility, b4 as TlvFieldKind, b5 as TlvFieldMeta, b6 as TlvFieldOptions, b7 as TlvMinLen, b8 as TlvRange, b9 as TlvUtf8Pattern, ba as TlvValidate, bb as TlvValidatorMeta, bc as TpsSensor, bd as TpsSensorOptions, be as VarintHardeningSensor, bf as Witness, bg as buildAxisLawEvaluationContext, bh as toIntentSensorBinding, bi as toObserverBinding } from './index-BRV_ohRW.js';
 import { AxisFrame } from '@nextera.one/axis-protocol';
 export { AXIS_MAGIC, AXIS_VERSION, AxisBinaryFrame, AxisFrame, TLV as AxisTlvType, ERR_BAD_SIGNATURE, ERR_CONTRACT_VIOLATION, ERR_INVALID_PACKET, ERR_REPLAY_DETECTED, FLAG_BODY_TLV, FLAG_CHAIN_REQ, FLAG_HAS_WITNESS, MAX_BODY_LEN, MAX_FRAME_LEN, MAX_HDR_LEN, MAX_SIG_LEN, NCERT_ALG, NCERT_EXP, NCERT_ISSUER_KID, NCERT_KID, NCERT_NBF, NCERT_NODE_ID, NCERT_PAYLOAD, NCERT_PUB, NCERT_SCOPE, NCERT_SIG, PROOF_CAPSULE, PROOF_JWT, PROOF_KINDS, PROOF_LOOM, PROOF_MTLS, PROOF_NONE, PROOF_WITNESS, ProofKind, TLV, TLV_ACTOR_ID, TLV_AUD, TLV_BODY_ARR, TLV_BODY_OBJ, TLV_CAPSULE, TLV_EFFECT, TLV_ERROR_CODE, TLV_ERROR_MSG, TLV_INDEX, TLV_INTENT, TLV_KID, TLV_LOOM_PRESENCE_ID, TLV_LOOM_THREAD_HASH, TLV_LOOM_WRIT, TLV_NODE, TLV_NODE_CERT_HASH, TLV_NODE_KID, TLV_NONCE, TLV_OFFSET, TLV_OK, TLV_PID, TLV_LOOM_PRESENCE_ID as TLV_PRESENCE_ID, TLV_PREV_HASH, TLV_PROOF_REF, TLV_PROOF_TYPE, TLV_REALM, TLV_RECEIPT_HASH, TLV_RID, TLV_SHA256_CHUNK, TLV_LOOM_THREAD_HASH as TLV_THREAD_HASH, TLV_TRACE_ID, TLV_TS, TLV_UPLOAD_ID, TLV_LOOM_WRIT as TLV_WRIT, decodeArray, decodeFrame, decodeObject, decodeTLVs, decodeTLVsList, decodeVarint, encodeFrame, encodeTLVs, encodeVarint, getSignTarget, varintLength } from '@nextera.one/axis-protocol';
 import { A as AxisObservation, L as LoomReceipt, T as ThreadState, W as WritValidationResult, G as Grant, a as GrantCapability, P as PresenceDeclaration, b as PresenceChallenge, c as Writ, R as Revocation, d as WritBody, e as WritMeta, f as PresenceReceipt, g as GrantStatus, h as PresenceStatus, i as PresenceProof, j as GrantValidationResult, k as PresenceVerifyResult } from './index-ChuwP1RU.js';
@@ -745,10 +745,26 @@ declare class AxisSensorChainService {
     evaluatePre(input: SensorInput): Promise<SensorDecision>;
     evaluatePost(input: SensorInput, baseDecision?: SensorDecision): Promise<SensorDecision>;
     private evaluateSensors;
+    private matchesProofKind;
+    private normalizeProofKinds;
 }
 
 type AxisTlvDtoCtor<T = object> = new (...args: never[]) => T;
-declare function encodeAxisTlvDto<T extends object>(dtoClass: AxisTlvDtoCtor<T>, data: Partial<Record<keyof T, unknown>>): Uint8Array;
+interface AxisTlvFieldPolicyInput<T extends object = object> {
+    field: IntentTlvField;
+    value: unknown;
+    data: Partial<Record<keyof T, unknown>>;
+    context: AxisTlvEncodeContext<T>;
+}
+type AxisTlvFieldPolicy<T extends object = object> = (input: AxisTlvFieldPolicyInput<T>) => boolean;
+interface AxisTlvEncodeContext<T extends object = object> {
+    roles?: readonly string[];
+    actorId?: string;
+    phase?: 'request' | 'response';
+    policies?: Record<string, AxisTlvFieldPolicy<T>>;
+}
+declare function encodeAxisTlvDto<T extends object>(dtoClass: AxisTlvDtoCtor<T>, data: Partial<Record<keyof T, unknown>>, context?: AxisTlvEncodeContext<T>): Uint8Array;
+declare function projectAxisTlvDto<T extends object>(dtoClass: AxisTlvDtoCtor<T>, data: Partial<Record<keyof T, unknown>>, context?: AxisTlvEncodeContext<T>): Partial<Record<keyof T, unknown>>;
 
 declare function createPresenceChallenge(declaration: PresenceDeclaration, ttlMs?: number): PresenceChallenge;
 declare function signPresenceChallenge(challenge: PresenceChallenge, privateKeyHex: string, publicKeyHex: string, declaration: PresenceDeclaration, kid?: string): PresenceProof;
@@ -785,4 +801,4 @@ declare function executeLoomPipeline(writ: Writ, publicKeyHex: string, presence:
     code: string;
 };
 
-export { ATS1_HDR, ATS1_SCHEMA, AXIS_EXECUTION_CONTEXT_KEY, AXIS_OPCODES, AXIS_UPLOAD_FILE_STORE, AXIS_UPLOAD_RECEIPT_SIGNER, AXIS_UPLOAD_SESSION_STORE, ats1 as Ats1Codec, Axis1DecodedFrame, type AxisPacket as AxisBinaryPacket, AxisCapsuleRef, AxisChainEnvelope, AxisChainExecutor, AxisChainResult, AxisChainStep, type AxisCrudHandler, type AxisDecoded, type AxisExecutionContext, type AxisHandler, type AxisHandlerInit, AxisIdDto, AxisIntentSensorBindingInput, AxisIntentSensorOptions, AxisMediaTypes, AxisObservation, AxisObserverBindingInput, T as AxisPacketTags, AxisPartialType, AxisResponseDto, AxisSensorChainService, AxisTlvDto, BAND, BodyProfile, type BodyProfileValidation, BodyProfileValidator, CAPABILITIES, CHAIN_METADATA_KEY, type Capability, Chain, ChainOptions, type ChainResult, ContractViolationError, DEFAULT_TIMEOUT, type DeviceSEContext, DiskUploadFileStore, type DtoSchema, ExecutionMeter, type ExecutionMetrics, Grant, GrantCapability, GrantStatus, GrantValidationResult, HANDLER_METADATA_KEY, HANDLER_SENSORS_KEY, Handler, type HandlerOptions, HandlerSensors, INTENT_BODY_KEY, INTENT_REQUIREMENTS, INTENT_SENSITIVITY_MAP, INTENT_SENSORS_KEY, INTENT_TIMEOUTS, IntentBody, type IntentDefinition, IntentRouter, IntentSensitivity, IntentSensors, IntentTlvField, type LoomExecutionResult, LoomReceipt, type MTLSContext, type ObservationQueueConfig, type ObservationQueueMessage, type ObservationStreamEntry, type ObservationWitnessSummary, ObserverDispatcherService, type ObserverVerdict, PRE_DECODE_BOUNDARY, PROOF_CAPABILITIES, PresenceChallenge, PresenceDeclaration, PresenceProof, PresenceReceipt, PresenceStatus, PresenceVerifyResult, type ProofType, type ProofVerificationResult, ProofVerificationService, RESPONSE_TAG_CREATED_AT, RESPONSE_TAG_CREATED_BY, RESPONSE_TAG_ID, RESPONSE_TAG_UPDATED_AT, RESPONSE_TAG_UPDATED_BY, type ReceiptEffect, RequiredProofKind, type ResponseContract, ResponseObserver, type ResponseObserverContext, Revocation, SENSOR_METADATA_KEY, Schema2002_PasskeyLoginOptionsRes, Schema2011_PasskeyLoginVerifyReq, Schema2012_PasskeyLoginVerifyRes, Schema2021_PasskeyRegisterOptionsReq, Sensor, type SensorBand, SensorDecision, SensorInput, type SensorOptions, type SensorPhase, SensorRegistry, ThreadState, TlvValidatorFn, type UnsignedObservationWitness, type UploadFileStat, type UploadFileStore, type UploadReceiptSigner, type UploadSessionRecord, type UploadSessionStatus, type UploadSessionStore, Writ, WritBody, WritMeta, WritValidationResult, b64urlDecode, b64urlDecodeString, b64urlEncode, b64urlEncodeString, buildAts1Hdr, buildDtoDecoder, buildPacket, buildQueueMessage, buildReceiptHash, buildTLVs, buildUnsignedWitness, bytes, canAccessResource, canonicalJson, canonicalJsonExcluding, canonicalizeObservation, classifyIntent, createGrant, createPresenceChallenge, createReceipt, createRevocation, createWrit, decodeQueueMessage, encVarint, encodeAxisTlvDto, encodeQueueMessage, executeLoomPipeline, extractDtoSchema, getAxisExecutionContext, getGrantStatus, getPresenceStatus, grantCoversAction, hasScope, hashObservation, isAdminOpcode, isKnownOpcode, isRevoked, isTimestampValid, mergeAxisExecutionContext, nonce16, packPasskeyLoginOptionsReq, packPasskeyLoginOptionsRes, packPasskeyLoginVerifyReq, packPasskeyLoginVerifyRes, packPasskeyRegisterOptionsReq, parseAutoClaimEntries, parseScope, parseStreamEntries, renewPresence, resolveTimeout, sensitivityName, signPresenceChallenge, stableJsonStringify, tlv, u64be, unpackPasskeyLoginOptionsReq, unpackPasskeyLoginVerifyReq, unpackPasskeyRegisterOptionsReq, updateThreadState, utf8, validateFrameShape, validateGrant, validateWrit, varintU, verifyPresenceProof, verifyReceiptChain, verifyResponse, withAxisExecutionContext };
+export { ATS1_HDR, ATS1_SCHEMA, AXIS_EXECUTION_CONTEXT_KEY, AXIS_OPCODES, AXIS_UPLOAD_FILE_STORE, AXIS_UPLOAD_RECEIPT_SIGNER, AXIS_UPLOAD_SESSION_STORE, ats1 as Ats1Codec, Axis1DecodedFrame, type AxisPacket as AxisBinaryPacket, AxisCapsuleRef, AxisChainEnvelope, AxisChainExecutor, AxisChainResult, AxisChainStep, type AxisCrudHandler, type AxisDecoded, type AxisExecutionContext, type AxisHandler, type AxisHandlerInit, AxisIdDto, AxisIntentSensorBindingInput, AxisIntentSensorOptions, AxisMediaTypes, AxisObservation, AxisObserverBindingInput, T as AxisPacketTags, AxisPartialType, AxisResponseDto, AxisSensorChainService, AxisTlvDto, type AxisTlvEncodeContext, type AxisTlvFieldPolicy, type AxisTlvFieldPolicyInput, BAND, BodyProfile, type BodyProfileValidation, BodyProfileValidator, CAPABILITIES, CHAIN_METADATA_KEY, type Capability, Chain, ChainOptions, type ChainResult, ContractViolationError, DEFAULT_TIMEOUT, type DeviceSEContext, DiskUploadFileStore, type DtoSchema, ExecutionMeter, type ExecutionMetrics, Grant, GrantCapability, GrantStatus, GrantValidationResult, HANDLER_METADATA_KEY, HANDLER_SENSORS_KEY, Handler, type HandlerOptions, HandlerSensors, INTENT_BODY_KEY, INTENT_REQUIREMENTS, INTENT_SENSITIVITY_MAP, INTENT_SENSORS_KEY, INTENT_TIMEOUTS, IntentBody, type IntentDefinition, IntentRouter, IntentSensitivity, IntentSensors, IntentTlvField, type LoomExecutionResult, LoomReceipt, type MTLSContext, type ObservationQueueConfig, type ObservationQueueMessage, type ObservationStreamEntry, type ObservationWitnessSummary, ObserverDispatcherService, type ObserverVerdict, PRE_DECODE_BOUNDARY, PROOF_CAPABILITIES, PresenceChallenge, PresenceDeclaration, PresenceProof, PresenceReceipt, PresenceStatus, PresenceVerifyResult, type ProofType, type ProofVerificationResult, ProofVerificationService, RESPONSE_TAG_CREATED_AT, RESPONSE_TAG_CREATED_BY, RESPONSE_TAG_ID, RESPONSE_TAG_UPDATED_AT, RESPONSE_TAG_UPDATED_BY, type ReceiptEffect, RequiredProofKind, type ResponseContract, ResponseObserver, type ResponseObserverContext, Revocation, SENSOR_METADATA_KEY, Schema2002_PasskeyLoginOptionsRes, Schema2011_PasskeyLoginVerifyReq, Schema2012_PasskeyLoginVerifyRes, Schema2021_PasskeyRegisterOptionsReq, Sensor, type SensorBand, SensorDecision, SensorInput, type SensorOptions, type SensorPhase, SensorRegistry, ThreadState, TlvValidatorFn, type UnsignedObservationWitness, type UploadFileStat, type UploadFileStore, type UploadReceiptSigner, type UploadSessionRecord, type UploadSessionStatus, type UploadSessionStore, Writ, WritBody, WritMeta, WritValidationResult, b64urlDecode, b64urlDecodeString, b64urlEncode, b64urlEncodeString, buildAts1Hdr, buildDtoDecoder, buildPacket, buildQueueMessage, buildReceiptHash, buildTLVs, buildUnsignedWitness, bytes, canAccessResource, canonicalJson, canonicalJsonExcluding, canonicalizeObservation, classifyIntent, createGrant, createPresenceChallenge, createReceipt, createRevocation, createWrit, decodeQueueMessage, encVarint, encodeAxisTlvDto, encodeQueueMessage, executeLoomPipeline, extractDtoSchema, getAxisExecutionContext, getGrantStatus, getPresenceStatus, grantCoversAction, hasScope, hashObservation, isAdminOpcode, isKnownOpcode, isRevoked, isTimestampValid, mergeAxisExecutionContext, nonce16, packPasskeyLoginOptionsReq, packPasskeyLoginOptionsRes, packPasskeyLoginVerifyReq, packPasskeyLoginVerifyRes, packPasskeyRegisterOptionsReq, parseAutoClaimEntries, parseScope, parseStreamEntries, projectAxisTlvDto, renewPresence, resolveTimeout, sensitivityName, signPresenceChallenge, stableJsonStringify, tlv, u64be, unpackPasskeyLoginOptionsReq, unpackPasskeyLoginVerifyReq, unpackPasskeyRegisterOptionsReq, updateThreadState, utf8, validateFrameShape, validateGrant, validateWrit, varintU, verifyPresenceProof, verifyReceiptChain, verifyResponse, withAxisExecutionContext };

package/dist/index.js

@@ -661,7 +661,8 @@ var require_dto_schema_util = __commonJS({
           required: m.options.required,
           maxLen: m.options.maxLen,
           max: m.options.max,
-          scope: m.options.scope
+          scope: m.options.scope,
+          encode: m.options.encode
         };
       });
       const validatorMetas = Reflect.getMetadata(tlv_field_decorator_1.TLV_VALIDATORS_KEY, dto) || [];
@@ -3657,7 +3658,8 @@ var init_intent_router = __esm({
               required: f.required,
               maxLen: f.maxLen,
               max: f.max,
-              scope: f.scope
+              scope: f.scope,
+              ...f.encode !== void 0 ? { encode: f.encode } : {}
             }))
           };
           this.intentSchemas.set(meta.intent, schema2);
@@ -3681,7 +3683,8 @@ var init_intent_router = __esm({
             required: f.required,
             maxLen: f.maxLen,
             max: f.max,
-            scope: f.scope
+            scope: f.scope,
+            ...f.encode !== void 0 ? { encode: f.encode } : {}
           }))
         };
         this.intentSchemas.set(meta.intent, schema);
@@ -8811,9 +8814,11 @@ var init_axis_observation = __esm({
 });
 
 // src/security/axis-sensor-chain.service.ts
-var AxisSensorChainService;
+var import_reflect_metadata13, AxisSensorChainService;
 var init_axis_sensor_chain_service = __esm({
   "src/security/axis-sensor-chain.service.ts"() {
+    import_reflect_metadata13 = require("reflect-metadata");
+    init_sensor_decorator();
     init_axis_sensor();
     init_axis_observation();
     AxisSensorChainService = class {
@@ -8856,6 +8861,9 @@ var init_axis_sensor_chain_service = __esm({
       async evaluateSensors(sensors, input, baseDecision) {
         const relevantSensors = [];
         for (const sensor of sensors) {
+          if (!this.matchesProofKind(sensor, input)) {
+            continue;
+          }
           if (!sensor.supports) {
             relevantSensors.push(sensor);
             continue;
@@ -8955,6 +8963,28 @@ var init_axis_sensor_chain_service = __esm({
           } : void 0
         };
       }
+      matchesProofKind(sensor, input) {
+        const meta = Reflect.getMetadata(
+          SENSOR_METADATA_KEY,
+          sensor.constructor
+        );
+        if (!meta || meta === true) return true;
+        const currentProofKinds = this.normalizeProofKinds(
+          input.metadata?.proofKind ?? input.requiredProof
+        );
+        const excludedProofKinds = this.normalizeProofKinds(meta.excludeProofKind);
+        if (excludedProofKinds.length > 0 && currentProofKinds.some((kind) => excludedProofKinds.includes(kind))) {
+          return false;
+        }
+        const requiredProofKinds = this.normalizeProofKinds(meta.proofKind);
+        if (requiredProofKinds.length === 0) return true;
+        return currentProofKinds.some((kind) => requiredProofKinds.includes(kind));
+      }
+      normalizeProofKinds(value) {
+        if (value === void 0 || value === null) return [];
+        const items = Array.isArray(value) ? value : [value];
+        return items.map((item) => String(item).trim().toUpperCase()).filter(Boolean);
+      }
     };
   }
 });
@@ -9328,10 +9358,11 @@ var init_timeline_store = __esm({
 });
 
 // src/utils/axis-tlv-codec.ts
-function encodeAxisTlvDto(dtoClass, data) {
+function encodeAxisTlvDto(dtoClass, data, context = {}) {
   const schema = (0, import_dto_schema2.extractDtoSchema)(dtoClass);
   const items = schema.fields.flatMap((field) => {
     const value = data[field.name];
+    if (!shouldEncodeField(field, value, data, context)) return [];
     if (value === void 0 || value === null) {
       if (field.required) {
         throw new Error(`Missing required TLV response field: ${field.name}`);
@@ -9342,6 +9373,42 @@ function encodeAxisTlvDto(dtoClass, data) {
   });
   return buildTLVs(items);
 }
+function projectAxisTlvDto(dtoClass, data, context = {}) {
+  const schema = (0, import_dto_schema2.extractDtoSchema)(dtoClass);
+  const result = {};
+  for (const field of schema.fields) {
+    const value = data[field.name];
+    if (!shouldEncodeField(field, value, data, context)) continue;
+    if (value === void 0 || value === null) continue;
+    result[field.name] = value;
+  }
+  return result;
+}
+function shouldEncodeField(field, value, data, context) {
+  const rule = field.encode;
+  if (rule === void 0) return true;
+  if (rule === false) return false;
+  if (rule.onlyRoles?.length && !hasAnyRole(context, rule.onlyRoles)) {
+    return false;
+  }
+  if (rule.exceptRoles?.length && hasAnyRole(context, rule.exceptRoles)) {
+    return false;
+  }
+  if (rule.policy) {
+    const policy = context.policies?.[rule.policy];
+    if (!policy) {
+      throw new Error(`Missing TLV encode policy: ${rule.policy}`);
+    }
+    if (!policy({ field, value, data, context })) {
+      return false;
+    }
+  }
+  return true;
+}
+function hasAnyRole(context, expectedRoles) {
+  const actualRoles = context.roles ?? [];
+  return expectedRoles.some((role) => actualRoles.includes(role));
+}
 function encodeField(field, value) {
   switch (field.kind) {
     case "utf8":
@@ -13359,6 +13426,7 @@ __export(index_exports, {
   parseScope: () => parseScope,
   parseStreamEntries: () => parseStreamEntries,
   projectAt: () => projectAt,
+  projectAxisTlvDto: () => projectAxisTlvDto,
   queryFabric: () => queryFabric,
   recordOccurrence: () => recordOccurrence,
   recordSensor: () => recordSensor,
@@ -13750,6 +13818,7 @@ init_index();
   parseScope,
   parseStreamEntries,
   projectAt,
+  projectAxisTlvDto,
   queryFabric,
   recordOccurrence,
   recordSensor,