@nextera.one/axis-server-sdk 2.3.9 → 2.3.12

package/dist/sensors/index.d.mts

@@ -1,4 +1,4 @@
-export { n as AccessProfileResolverSensor, $ as BodyBudgetSensor, a2 as CapabilityEnforcementSensor, a7 as ChunkHashSensor, aa as EntropySensor, ac as ExecutionTimeoutSensor, ae as FrameBudgetSensor, af as FrameHeaderSanitySensor, ag as HeaderTLVLimitSensor, ak as IntentAllowlistSensor, an as IntentRegistrySensor, ap as LawEvaluationSensor, av as ProofPresenceSensor, aw as ProtocolStrictSensor, ay as ReceiptPolicySensor, aD as RiskGateSensor, aE as RiskGateSensorOptions, aG as RiskSignalCollector, aI as SchemaValidationSensor, aK as StreamScopeSensor, aL as TLVParseSensor, aO as TickAuthCapsuleRef, aP as TickAuthSensor, aQ as TickAuthSensorOptions, aR as TickAuthVerifier, b0 as TpsSensor, b1 as TpsSensorOptions, b2 as VarintHardeningSensor } from '../index-DfG00R_f.mjs';
+export { n as AccessProfileResolverSensor, $ as BodyBudgetSensor, a2 as CapabilityEnforcementSensor, a7 as ChunkHashSensor, aa as EntropySensor, ac as ExecutionTimeoutSensor, ae as FrameBudgetSensor, af as FrameHeaderSanitySensor, ag as HeaderTLVLimitSensor, ak as IntentAllowlistSensor, an as IntentRegistrySensor, ap as LawArticlePresenceMode, aq as LawArticlePresenceSensor, ar as LawArticlePresenceSensorOptions, as as LawEvaluationSensor, ay as ProofPresenceSensor, az as ProtocolStrictSensor, aB as ReceiptPolicySensor, aG as RiskGateSensor, aH as RiskGateSensorOptions, aJ as RiskSignalCollector, aL as SchemaValidationSensor, aN as StreamScopeSensor, aO as TLVParseSensor, aR as TickAuthCapsuleRef, aS as TickAuthSensor, aT as TickAuthSensorOptions, aU as TickAuthVerifier, b3 as TpsSensor, b4 as TpsSensorOptions, b5 as VarintHardeningSensor } from '../index-DZdmfbDZ.mjs';
 import '../axis-sensor-BLUemDiZ.mjs';
 import 'zod';
 import '@nextera.one/axis-protocol';

package/dist/sensors/index.d.ts

@@ -1,4 +1,4 @@
-export { n as AccessProfileResolverSensor, $ as BodyBudgetSensor, a2 as CapabilityEnforcementSensor, a7 as ChunkHashSensor, aa as EntropySensor, ac as ExecutionTimeoutSensor, ae as FrameBudgetSensor, af as FrameHeaderSanitySensor, ag as HeaderTLVLimitSensor, ak as IntentAllowlistSensor, an as IntentRegistrySensor, ap as LawEvaluationSensor, av as ProofPresenceSensor, aw as ProtocolStrictSensor, ay as ReceiptPolicySensor, aD as RiskGateSensor, aE as RiskGateSensorOptions, aG as RiskSignalCollector, aI as SchemaValidationSensor, aK as StreamScopeSensor, aL as TLVParseSensor, aO as TickAuthCapsuleRef, aP as TickAuthSensor, aQ as TickAuthSensorOptions, aR as TickAuthVerifier, b0 as TpsSensor, b1 as TpsSensorOptions, b2 as VarintHardeningSensor } from '../index-DPQEO0Qh.js';
+export { n as AccessProfileResolverSensor, $ as BodyBudgetSensor, a2 as CapabilityEnforcementSensor, a7 as ChunkHashSensor, aa as EntropySensor, ac as ExecutionTimeoutSensor, ae as FrameBudgetSensor, af as FrameHeaderSanitySensor, ag as HeaderTLVLimitSensor, ak as IntentAllowlistSensor, an as IntentRegistrySensor, ap as LawArticlePresenceMode, aq as LawArticlePresenceSensor, ar as LawArticlePresenceSensorOptions, as as LawEvaluationSensor, ay as ProofPresenceSensor, az as ProtocolStrictSensor, aB as ReceiptPolicySensor, aG as RiskGateSensor, aH as RiskGateSensorOptions, aJ as RiskSignalCollector, aL as SchemaValidationSensor, aN as StreamScopeSensor, aO as TLVParseSensor, aR as TickAuthCapsuleRef, aS as TickAuthSensor, aT as TickAuthSensorOptions, aU as TickAuthVerifier, b3 as TpsSensor, b4 as TpsSensorOptions, b5 as VarintHardeningSensor } from '../index-D_6djkZB.js';
 import '../axis-sensor-BLUemDiZ.js';
 import 'zod';
 import '@nextera.one/axis-protocol';

package/dist/sensors/index.js

@@ -381,6 +381,31 @@ var init_capsule_policy_decorator = __esm({
 });
 
 // src/decorators/intent-policy.decorator.ts
+function appendRequiredProof(target, propertyKey, proof) {
+  const existing = propertyKey !== void 0 ? Reflect.getMetadata(
+    REQUIRED_PROOF_METADATA_KEY,
+    target,
+    propertyKey
+  ) ?? [] : Reflect.getMetadata(
+    REQUIRED_PROOF_METADATA_KEY,
+    target
+  ) ?? [];
+  const merged = existing.includes(proof) ? existing : [...existing, proof];
+  if (propertyKey !== void 0) {
+    Reflect.defineMetadata(
+      REQUIRED_PROOF_METADATA_KEY,
+      merged,
+      target,
+      propertyKey
+    );
+    return;
+  }
+  Reflect.defineMetadata(
+    REQUIRED_PROOF_METADATA_KEY,
+    merged,
+    target
+  );
+}
 function Sensitivity(level) {
   return ((target, propertyKey) => {
     if (propertyKey !== void 0) {
@@ -429,56 +454,12 @@ function RequiredProof(proofs) {
 }
 function Capsule() {
   return ((target, propertyKey) => {
-    const existing = propertyKey !== void 0 ? Reflect.getMetadata(
-      REQUIRED_PROOF_METADATA_KEY,
-      target,
-      propertyKey
-    ) ?? [] : Reflect.getMetadata(
-      REQUIRED_PROOF_METADATA_KEY,
-      target
-    ) ?? [];
-    const merged = existing.includes("CAPSULE") ? existing : [...existing, "CAPSULE"];
-    if (propertyKey !== void 0) {
-      Reflect.defineMetadata(
-        REQUIRED_PROOF_METADATA_KEY,
-        merged,
-        target,
-        propertyKey
-      );
-    } else {
-      Reflect.defineMetadata(
-        REQUIRED_PROOF_METADATA_KEY,
-        merged,
-        target
-      );
-    }
+    appendRequiredProof(target, propertyKey, "CAPSULE");
   });
 }
 function Witness() {
   return ((target, propertyKey) => {
-    const existing = propertyKey !== void 0 ? Reflect.getMetadata(
-      REQUIRED_PROOF_METADATA_KEY,
-      target,
-      propertyKey
-    ) ?? [] : Reflect.getMetadata(
-      REQUIRED_PROOF_METADATA_KEY,
-      target
-    ) ?? [];
-    const merged = existing.includes("WITNESS") ? existing : [...existing, "WITNESS"];
-    if (propertyKey !== void 0) {
-      Reflect.defineMetadata(
-        REQUIRED_PROOF_METADATA_KEY,
-        merged,
-        target,
-        propertyKey
-      );
-    } else {
-      Reflect.defineMetadata(
-        REQUIRED_PROOF_METADATA_KEY,
-        merged,
-        target
-      );
-    }
+    appendRequiredProof(target, propertyKey, "WITNESS");
   });
 }
 function Axis() {
@@ -488,31 +469,37 @@ function Axis() {
 }
 function AxisPublic() {
   return (target, propertyKey, descriptor) => {
-    if (descriptor) {
+    if (propertyKey !== void 0) {
       Reflect.defineMetadata(AXIS_PUBLIC_KEY, true, target, propertyKey);
+      appendRequiredProof(target, propertyKey, "NONE");
       return descriptor;
     }
     Reflect.defineMetadata(AXIS_PUBLIC_KEY, true, target);
+    appendRequiredProof(target, void 0, "NONE");
     return target;
   };
 }
 function AxisAuthorized() {
   return (target, propertyKey, descriptor) => {
-    if (descriptor) {
+    if (propertyKey !== void 0) {
       Reflect.defineMetadata(AXIS_AUTHORIZED_KEY, true, target, propertyKey);
+      appendRequiredProof(target, propertyKey, "AUTHORIZED");
       return descriptor;
     }
     Reflect.defineMetadata(AXIS_AUTHORIZED_KEY, true, target);
+    appendRequiredProof(target, void 0, "AUTHORIZED");
     return target;
   };
 }
 function AxisAnonymous() {
   return (target, propertyKey, descriptor) => {
-    if (descriptor) {
+    if (propertyKey !== void 0) {
       Reflect.defineMetadata(AXIS_ANONYMOUS_KEY, true, target, propertyKey);
+      appendRequiredProof(target, propertyKey, "ANONYMOUS");
       return descriptor;
     }
     Reflect.defineMetadata(AXIS_ANONYMOUS_KEY, true, target);
+    appendRequiredProof(target, void 0, "ANONYMOUS");
     return target;
   };
 }
@@ -2465,6 +2452,22 @@ function sensorRefKey(ref) {
 function sensorBindingKey(binding) {
   return `${binding.when}:${sensorRefKey(binding.ref)}`;
 }
+function mergeProofKinds(...proofGroups) {
+  const merged = /* @__PURE__ */ new Set();
+  for (const proofs of proofGroups) {
+    for (const proof of proofs ?? []) {
+      merged.add(proof);
+    }
+  }
+  return Array.from(merged);
+}
+function accessProofKinds(isPublic, isAnonymous, isAuthorized) {
+  const proofs = [];
+  if (isPublic) proofs.push("NONE");
+  if (isAnonymous) proofs.push("ANONYMOUS");
+  if (isAuthorized) proofs.push("AUTHORIZED");
+  return proofs;
+}
 function mergeIntentSensorBindings(...sensorGroups) {
   const merged = /* @__PURE__ */ new Map();
   for (const group of sensorGroups) {
@@ -3000,10 +3003,6 @@ var init_intent_router = __esm({
           REQUIRED_PROOF_METADATA_KEY,
           proto.constructor
         );
-        const requiredProof = methodProof ?? classProof;
-        if (requiredProof && requiredProof.length > 0) {
-          this.intentRequiredProof.set(intent, requiredProof);
-        }
         const isPublicMethod = Reflect.getMetadata(
           AXIS_PUBLIC_KEY,
           proto,
@@ -3013,9 +3012,6 @@ var init_intent_router = __esm({
           AXIS_PUBLIC_KEY,
           proto.constructor
         );
-        if (isPublicMethod || isPublicClass) {
-          this.publicIntents.add(intent);
-        }
         const isAnonMethod = Reflect.getMetadata(
           AXIS_ANONYMOUS_KEY,
           proto,
@@ -3025,9 +3021,6 @@ var init_intent_router = __esm({
           AXIS_ANONYMOUS_KEY,
           proto.constructor
         );
-        if (isAnonMethod || isAnonClass) {
-          this.anonymousIntents.add(intent);
-        }
         const isAuthorizedMethod = Reflect.getMetadata(
           AXIS_AUTHORIZED_KEY,
           proto,
@@ -3037,7 +3030,25 @@ var init_intent_router = __esm({
           AXIS_AUTHORIZED_KEY,
           proto.constructor
         );
-        if (isAuthorizedMethod || isAuthorizedClass) {
+        const methodPolicyProof = mergeProofKinds(
+          methodProof,
+          accessProofKinds(isPublicMethod, isAnonMethod, isAuthorizedMethod)
+        );
+        const classPolicyProof = mergeProofKinds(
+          classProof,
+          accessProofKinds(isPublicClass, isAnonClass, isAuthorizedClass)
+        );
+        const requiredProof = methodPolicyProof.length ? methodPolicyProof : classPolicyProof;
+        if (requiredProof.length > 0) {
+          this.intentRequiredProof.set(intent, requiredProof);
+        }
+        if (requiredProof.includes("NONE")) {
+          this.publicIntents.add(intent);
+        }
+        if (requiredProof.includes("ANONYMOUS")) {
+          this.anonymousIntents.add(intent);
+        }
+        if (requiredProof.includes("AUTHORIZED")) {
           this.authorizedIntents.add(intent);
         }
         const rateLimit = Reflect.getMetadata(
@@ -11745,6 +11756,80 @@ var require_intent_registry_sensor = __commonJS({
   }
 });
 
+// src/sensors/law-article-presence.sensor.ts
+var require_law_article_presence_sensor = __commonJS({
+  "src/sensors/law-article-presence.sensor.ts"(exports2) {
+    "use strict";
+    var __decorate = exports2 && exports2.__decorate || function(decorators, target, key, desc) {
+      var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+      if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+      else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+      return c > 3 && r && Object.defineProperty(target, key, r), r;
+    };
+    var __metadata = exports2 && exports2.__metadata || function(k, v) {
+      if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+    };
+    Object.defineProperty(exports2, "__esModule", { value: true });
+    exports2.LawArticlePresenceSensor = void 0;
+    var sensor_decorator_1 = (init_sensor_decorator(), __toCommonJS(sensor_decorator_exports));
+    var sensor_bands_1 = (init_sensor_bands(), __toCommonJS(sensor_bands_exports));
+    var LawArticlePresenceSensor = class LawArticlePresenceSensor {
+      constructor(options) {
+        this.options = options;
+        this.name = "LawArticlePresenceSensor";
+        this.order = sensor_bands_1.BAND.IDENTITY + 27;
+      }
+      supports(input) {
+        if (this.mode() === "off")
+          return false;
+        if (!input.intent)
+          return false;
+        if (this.exemptIntents().includes(input.intent))
+          return false;
+        return true;
+      }
+      async run(input) {
+        const intent = input.intent;
+        const count = await this.options.getLawArticleCount(intent, input);
+        if (count > 0) {
+          return {
+            action: "ALLOW",
+            meta: { lawArticles: count }
+          };
+        }
+        const reason = `Intent '${intent}' has no law article mapping`;
+        if (this.mode() === "strict") {
+          return {
+            action: "DENY",
+            code: this.options.missingCode ?? "CAPSULE_NOT_LAWFUL",
+            reason
+          };
+        }
+        return {
+          action: "FLAG",
+          scoreDelta: this.options.auditScoreDelta ?? 5,
+          reasons: ["LAW_ARTICLE_MISSING", reason],
+          meta: { lawArticles: 0 }
+        };
+      }
+      mode() {
+        const configured = this.options.mode;
+        if (typeof configured === "function")
+          return configured();
+        return configured ?? "audit";
+      }
+      exemptIntents() {
+        return this.options.exemptIntents ?? ["system.ping"];
+      }
+    };
+    exports2.LawArticlePresenceSensor = LawArticlePresenceSensor;
+    exports2.LawArticlePresenceSensor = LawArticlePresenceSensor = __decorate([
+      (0, sensor_decorator_1.Sensor)({ phase: "POST_DECODE" }),
+      __metadata("design:paramtypes", [Object])
+    ], LawArticlePresenceSensor);
+  }
+});
+
 // src/sensors/law-evaluation.sensor.ts
 var require_law_evaluation_sensor = __commonJS({
   "src/sensors/law-evaluation.sensor.ts"(exports2) {
@@ -13217,6 +13302,7 @@ var init_sensors = __esm({
     __reExport(sensors_exports, __toESM(require_header_tlv_limit_sensor()), module.exports);
     __reExport(sensors_exports, __toESM(require_intent_allowlist_sensor()), module.exports);
     __reExport(sensors_exports, __toESM(require_intent_registry_sensor()), module.exports);
+    __reExport(sensors_exports, __toESM(require_law_article_presence_sensor()), module.exports);
     __reExport(sensors_exports, __toESM(require_law_evaluation_sensor()), module.exports);
     __reExport(sensors_exports, __toESM(require_proof_presence_sensor()), module.exports);
     __reExport(sensors_exports, __toESM(require_protocol_strict_sensor()), module.exports);