@openleash/core 0.0.2 → 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (64) hide show
  1. package/LICENSE +191 -0
  2. package/dist/audit.d.ts +11 -0
  3. package/dist/audit.d.ts.map +1 -0
  4. package/dist/audit.js +76 -0
  5. package/dist/audit.js.map +1 -0
  6. package/dist/canonicalize.d.ts +5 -0
  7. package/dist/canonicalize.d.ts.map +1 -0
  8. package/dist/canonicalize.js +51 -0
  9. package/dist/canonicalize.js.map +1 -0
  10. package/dist/constraints.d.ts +3 -0
  11. package/dist/constraints.d.ts.map +1 -0
  12. package/dist/constraints.js +51 -0
  13. package/dist/constraints.js.map +1 -0
  14. package/dist/engine.d.ts +21 -0
  15. package/dist/engine.d.ts.map +1 -0
  16. package/dist/engine.js +139 -0
  17. package/dist/engine.js.map +1 -0
  18. package/dist/expression.d.ts +3 -0
  19. package/dist/expression.d.ts.map +1 -0
  20. package/dist/expression.js +60 -0
  21. package/dist/expression.js.map +1 -0
  22. package/dist/index.d.ts +15 -0
  23. package/dist/index.d.ts.map +1 -0
  24. package/dist/index.js +31 -0
  25. package/dist/index.js.map +1 -0
  26. package/dist/jsonpath.d.ts +8 -0
  27. package/dist/jsonpath.d.ts.map +1 -0
  28. package/dist/jsonpath.js +48 -0
  29. package/dist/jsonpath.js.map +1 -0
  30. package/dist/keys.d.ts +9 -0
  31. package/dist/keys.d.ts.map +1 -0
  32. package/dist/keys.js +80 -0
  33. package/dist/keys.js.map +1 -0
  34. package/dist/nonce-cache.d.ts +17 -0
  35. package/dist/nonce-cache.d.ts.map +1 -0
  36. package/dist/nonce-cache.js +53 -0
  37. package/dist/nonce-cache.js.map +1 -0
  38. package/dist/obligations.d.ts +9 -0
  39. package/dist/obligations.d.ts.map +1 -0
  40. package/dist/obligations.js +89 -0
  41. package/dist/obligations.js.map +1 -0
  42. package/dist/policy-parser.d.ts +192 -0
  43. package/dist/policy-parser.d.ts.map +1 -0
  44. package/dist/policy-parser.js +153 -0
  45. package/dist/policy-parser.js.map +1 -0
  46. package/dist/signing.d.ts +34 -0
  47. package/dist/signing.d.ts.map +1 -0
  48. package/dist/signing.js +79 -0
  49. package/dist/signing.js.map +1 -0
  50. package/dist/state.d.ts +11 -0
  51. package/dist/state.d.ts.map +1 -0
  52. package/dist/state.js +111 -0
  53. package/dist/state.js.map +1 -0
  54. package/dist/tokens.d.ts +38 -0
  55. package/dist/tokens.d.ts.map +1 -0
  56. package/dist/tokens.js +56 -0
  57. package/dist/tokens.js.map +1 -0
  58. package/dist/types.d.ts +273 -0
  59. package/dist/types.d.ts.map +1 -0
  60. package/dist/types.js +67 -0
  61. package/dist/types.js.map +1 -0
  62. package/package.json +21 -20
  63. package/README.md +0 -46
  64. package/index.js +0 -3
package/dist/policy-parser.d.ts ADDED
@@ -0,0 +1,192 @@
1
+ import type { Policy } from './types.js';
2
+ export declare function parsePolicyYaml(yamlStr: string): Policy;
3
+ export declare function validatePolicyYaml(yamlStr: string): {
4
+ valid: boolean;
5
+ errors?: string[];
6
+ };
7
+ export declare const policyJsonSchema: {
8
+ title: string;
9
+ type: string;
10
+ required: string[];
11
+ properties: {
12
+ version: {
13
+ enum: number[];
14
+ };
15
+ default: {
16
+ enum: string[];
17
+ };
18
+ rules: {
19
+ type: string;
20
+ items: {
21
+ type: string;
22
+ required: string[];
23
+ properties: {
24
+ id: {
25
+ type: string;
26
+ };
27
+ effect: {
28
+ enum: string[];
29
+ };
30
+ action: {
31
+ type: string;
32
+ };
33
+ description: {
34
+ type: string;
35
+ };
36
+ when: {
37
+ $ref: string;
38
+ };
39
+ constraints: {
40
+ type: string;
41
+ properties: {
42
+ amount_max: {
43
+ type: string;
44
+ };
45
+ amount_min: {
46
+ type: string;
47
+ };
48
+ currency: {
49
+ type: string;
50
+ items: {
51
+ type: string;
52
+ };
53
+ };
54
+ merchant_domain: {
55
+ type: string;
56
+ items: {
57
+ type: string;
58
+ };
59
+ };
60
+ allowed_domains: {
61
+ type: string;
62
+ items: {
63
+ type: string;
64
+ };
65
+ };
66
+ blocked_domains: {
67
+ type: string;
68
+ items: {
69
+ type: string;
70
+ };
71
+ };
72
+ };
73
+ additionalProperties: boolean;
74
+ };
75
+ requirements: {
76
+ type: string;
77
+ properties: {
78
+ min_assurance_level: {
79
+ enum: string[];
80
+ };
81
+ credential_scheme: {
82
+ type: string;
83
+ };
84
+ };
85
+ additionalProperties: boolean;
86
+ };
87
+ obligations: {
88
+ type: string;
89
+ items: {
90
+ type: string;
91
+ required: string[];
92
+ properties: {
93
+ type: {
94
+ type: string;
95
+ };
96
+ params: {
97
+ type: string;
98
+ };
99
+ };
100
+ };
101
+ };
102
+ proof: {
103
+ type: string;
104
+ properties: {
105
+ required: {
106
+ type: string;
107
+ };
108
+ ttl_seconds: {
109
+ type: string;
110
+ };
111
+ };
112
+ additionalProperties: boolean;
113
+ };
114
+ };
115
+ additionalProperties: boolean;
116
+ };
117
+ };
118
+ };
119
+ additionalProperties: boolean;
120
+ $defs: {
121
+ expr: {
122
+ oneOf: ({
123
+ type: string;
124
+ required: string[];
125
+ properties: {
126
+ all: {
127
+ type: string;
128
+ items: {
129
+ $ref: string;
130
+ };
131
+ };
132
+ any?: undefined;
133
+ not?: undefined;
134
+ match?: undefined;
135
+ };
136
+ additionalProperties: boolean;
137
+ } | {
138
+ type: string;
139
+ required: string[];
140
+ properties: {
141
+ any: {
142
+ type: string;
143
+ items: {
144
+ $ref: string;
145
+ };
146
+ };
147
+ all?: undefined;
148
+ not?: undefined;
149
+ match?: undefined;
150
+ };
151
+ additionalProperties: boolean;
152
+ } | {
153
+ type: string;
154
+ required: string[];
155
+ properties: {
156
+ not: {
157
+ $ref: string;
158
+ };
159
+ all?: undefined;
160
+ any?: undefined;
161
+ match?: undefined;
162
+ };
163
+ additionalProperties: boolean;
164
+ } | {
165
+ type: string;
166
+ required: string[];
167
+ properties: {
168
+ match: {
169
+ type: string;
170
+ required: string[];
171
+ properties: {
172
+ path: {
173
+ type: string;
174
+ pattern: string;
175
+ };
176
+ op: {
177
+ enum: string[];
178
+ };
179
+ value: {};
180
+ };
181
+ additionalProperties: boolean;
182
+ };
183
+ all?: undefined;
184
+ any?: undefined;
185
+ not?: undefined;
186
+ };
187
+ additionalProperties: boolean;
188
+ })[];
189
+ };
190
+ };
191
+ };
192
+ //# sourceMappingURL=policy-parser.d.ts.map
package/dist/policy-parser.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"policy-parser.d.ts","sourceRoot":"","sources":["../src/policy-parser.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,YAAY,CAAC;AAYzC,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CASvD;AAED,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAA;CAAE,CAezF;AAGD,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAwG5B,CAAC"}
package/dist/policy-parser.js ADDED
@@ -0,0 +1,153 @@
1
+ "use strict";
2
+ var __importDefault = (this && this.__importDefault) || function (mod) {
3
+ return (mod && mod.__esModule) ? mod : { "default": mod };
4
+ };
5
+ Object.defineProperty(exports, "__esModule", { value: true });
6
+ exports.policyJsonSchema = void 0;
7
+ exports.parsePolicyYaml = parsePolicyYaml;
8
+ exports.validatePolicyYaml = validatePolicyYaml;
9
+ const yaml_1 = require("yaml");
10
+ const ajv_1 = __importDefault(require("ajv"));
11
+ let _ajv = null;
12
+ let _validate = null;
13
+ function getValidator() {
14
+ if (_validate)
15
+ return _validate;
16
+ _ajv = new ajv_1.default({ allErrors: true, strict: false });
17
+ _validate = _ajv.compile(exports.policyJsonSchema);
18
+ return _validate;
19
+ }
20
+ function parsePolicyYaml(yamlStr) {
21
+ const parsed = (0, yaml_1.parse)(yamlStr);
22
+ const validate = getValidator();
23
+ const valid = validate(parsed);
24
+ if (!valid) {
25
+ const errors = validate.errors?.map((e) => `${e.instancePath} ${e.message}`).join('; ');
26
+ throw new Error(`Policy validation failed: ${errors}`);
27
+ }
28
+ return parsed;
29
+ }
30
+ function validatePolicyYaml(yamlStr) {
31
+ try {
32
+ const parsed = (0, yaml_1.parse)(yamlStr);
33
+ const validate = getValidator();
34
+ const valid = validate(parsed);
35
+ if (!valid) {
36
+ return {
37
+ valid: false,
38
+ errors: validate.errors?.map((e) => `${e.instancePath} ${e.message}`) ?? ['Unknown error'],
39
+ };
40
+ }
41
+ return { valid: true };
42
+ }
43
+ catch (e) {
44
+ return { valid: false, errors: [e.message] };
45
+ }
46
+ }
47
+ // Inline JSON Schema for policy validation (also exported for docs/policy.schema.json)
48
+ exports.policyJsonSchema = {
49
+ "title": "openleash policy v1",
50
+ "type": "object",
51
+ "required": ["version", "default", "rules"],
52
+ "properties": {
53
+ "version": { "enum": [1] },
54
+ "default": { "enum": ["allow", "deny"] },
55
+ "rules": {
56
+ "type": "array",
57
+ "items": {
58
+ "type": "object",
59
+ "required": ["id", "effect", "action"],
60
+ "properties": {
61
+ "id": { "type": "string" },
62
+ "effect": { "enum": ["allow", "deny"] },
63
+ "action": { "type": "string" },
64
+ "description": { "type": "string" },
65
+ "when": { "$ref": "#/$defs/expr" },
66
+ "constraints": {
67
+ "type": "object",
68
+ "properties": {
69
+ "amount_max": { "type": "number" },
70
+ "amount_min": { "type": "number" },
71
+ "currency": { "type": "array", "items": { "type": "string" } },
72
+ "merchant_domain": { "type": "array", "items": { "type": "string" } },
73
+ "allowed_domains": { "type": "array", "items": { "type": "string" } },
74
+ "blocked_domains": { "type": "array", "items": { "type": "string" } }
75
+ },
76
+ "additionalProperties": false
77
+ },
78
+ "requirements": {
79
+ "type": "object",
80
+ "properties": {
81
+ "min_assurance_level": { "enum": ["LOW", "SUBSTANTIAL", "HIGH"] },
82
+ "credential_scheme": { "type": "string" }
83
+ },
84
+ "additionalProperties": false
85
+ },
86
+ "obligations": {
87
+ "type": "array",
88
+ "items": {
89
+ "type": "object",
90
+ "required": ["type"],
91
+ "properties": {
92
+ "type": { "type": "string" },
93
+ "params": { "type": "object" }
94
+ }
95
+ }
96
+ },
97
+ "proof": {
98
+ "type": "object",
99
+ "properties": {
100
+ "required": { "type": "boolean" },
101
+ "ttl_seconds": { "type": "number" }
102
+ },
103
+ "additionalProperties": false
104
+ }
105
+ },
106
+ "additionalProperties": false
107
+ }
108
+ }
109
+ },
110
+ "additionalProperties": false,
111
+ "$defs": {
112
+ "expr": {
113
+ "oneOf": [
114
+ {
115
+ "type": "object",
116
+ "required": ["all"],
117
+ "properties": { "all": { "type": "array", "items": { "$ref": "#/$defs/expr" } } },
118
+ "additionalProperties": false
119
+ },
120
+ {
121
+ "type": "object",
122
+ "required": ["any"],
123
+ "properties": { "any": { "type": "array", "items": { "$ref": "#/$defs/expr" } } },
124
+ "additionalProperties": false
125
+ },
126
+ {
127
+ "type": "object",
128
+ "required": ["not"],
129
+ "properties": { "not": { "$ref": "#/$defs/expr" } },
130
+ "additionalProperties": false
131
+ },
132
+ {
133
+ "type": "object",
134
+ "required": ["match"],
135
+ "properties": {
136
+ "match": {
137
+ "type": "object",
138
+ "required": ["path", "op"],
139
+ "properties": {
140
+ "path": { "type": "string", "pattern": "^\\$\\." },
141
+ "op": { "enum": ["eq", "neq", "in", "nin", "lt", "lte", "gt", "gte", "regex", "exists"] },
142
+ "value": {}
143
+ },
144
+ "additionalProperties": false
145
+ }
146
+ },
147
+ "additionalProperties": false
148
+ }
149
+ ]
150
+ }
151
+ }
152
+ };
153
+ //# sourceMappingURL=policy-parser.js.map
package/dist/policy-parser.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"policy-parser.js","sourceRoot":"","sources":["../src/policy-parser.ts"],"names":[],"mappings":";;;;;;AAcA,0CASC;AAED,gDAeC;AAxCD,+BAA0C;AAC1C,8CAAsB;AAGtB,IAAI,IAAI,GAAe,IAAI,CAAC;AAC5B,IAAI,SAAS,GAAsC,IAAI,CAAC;AAExD,SAAS,YAAY;IACnB,IAAI,SAAS;QAAE,OAAO,SAAS,CAAC;IAChC,IAAI,GAAG,IAAI,aAAG,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;IACnD,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,wBAAgB,CAAC,CAAC;IAC3C,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAgB,eAAe,CAAC,OAAe;IAC7C,MAAM,MAAM,GAAG,IAAA,YAAS,EAAC,OAAO,CAAC,CAAC;IAClC,MAAM,QAAQ,GAAG,YAAY,EAAE,CAAC;IAChC,MAAM,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC;IAC/B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,YAAY,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACxF,MAAM,IAAI,KAAK,CAAC,6BAA6B,MAAM,EAAE,CAAC,CAAC;IACzD,CAAC;IACD,OAAO,MAAgB,CAAC;AAC1B,CAAC;AAED,SAAgB,kBAAkB,CAAC,OAAe;IAChD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAA,YAAS,EAAC,OAAO,CAAC,CAAC;QAClC,MAAM,QAAQ,GAAG,YAAY,EAAE,CAAC;QAChC,MAAM,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC;QAC/B,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,YAAY,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC;aAC3F,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IACzB,CAAC;IAAC,OAAO,CAAU,EAAE,CAAC;QACpB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,CAAE,CAAW,CAAC,OAAO,CAAC,EAAE,CAAC;IAC1D,CAAC;AACH,CAAC;AAED,uFAAuF;AAC1E,QAAA,gBAAgB,GAAG;IAC9B,OAAO,EAAE,qBAAqB;IAC9B,MAAM,EAAE,QAAQ;IAChB,UAAU,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,OAAO,CAAC;IAC3C,YAAY,EAAE;QACZ,SAAS,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE;QAC1B,SAAS,EAAE,EAAE,MAAM,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,EAAE;QACxC,OAAO,EAAE;YACP,MAAM,EAAE,OAAO;YACf,OAAO,EAAE;gBACP,MAAM,EAAE,QAAQ;gBAChB,UAAU,EAAE,CAAC,IAAI,EAAE,QAAQ,EAAE,QAAQ,CAAC;gBACtC,YAAY,EAAE;oBACZ,IAAI,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC1B,QAAQ,EAAE,EAAE,MAAM,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,EAAE;oBACvC,QAAQ,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC9B,aAAa,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE;oBACnC,MAAM,EAAE,EAAE,MAAM,EAAE,cAAc,EAAE;oBAClC,aAAa,EAAE;wBACb,MAAM,EAAE,QAAQ;wBAChB,YAAY,EAAE;4BACZ,YAAY,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE;4BAClC,YAAY,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE;4BAClC,UAAU,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE;4BAC9D,iBAAiB,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE;4BACrE,iBAAiB,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE;4BACrE,iBAAiB,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE;yBACtE;wBACD,sBAAsB,EAAE,KAAK;qBAC9B;oBACD,cAAc,EAAE;wBACd,MAAM,EAAE,QAAQ;wBAChB,YAAY,EAAE;4BACZ,qBAAqB,EAAE,EAAE,MAAM,EAAE,CAAC,KAAK,EAAE,aAAa,EAAE,MAAM,CAAC,EAAE;4BACjE,mBAAmB,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE;yBAC1C;wBACD,sBAAsB,EAAE,KAAK;qBAC9B;oBACD,aAAa,EAAE;wBACb,MAAM,EAAE,OAAO;wBACf,OAAO,EAAE;4BACP,MAAM,EAAE,QAAQ;4BAChB,UAAU,EAAE,CAAC,MAAM,CAAC;4BACpB,YAAY,EAAE;gCACZ,MAAM,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE;gCAC5B,QAAQ,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE;6BAC/B;yBACF;qBACF;oBACD,OAAO,EAAE;wBACP,MAAM,EAAE,QAAQ;wBAChB,YAAY,EAAE;4BACZ,UAAU,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE;4BACjC,aAAa,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE;yBACpC;wBACD,sBAAsB,EAAE,KAAK;qBAC9B;iBACF;gBACD,sBAAsB,EAAE,KAAK;aAC9B;SACF;KACF;IACD,sBAAsB,EAAE,KAAK;IAC7B,OAAO,EAAE;QACP,MAAM,EAAE;YACN,OAAO,EAAE;gBACP;oBACE,MAAM,EAAE,QAAQ;oBAChB,UAAU,EAAE,CAAC,KAAK,CAAC;oBACnB,YAAY,EAAE,EAAE,KAAK,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,MAAM,EAAE,cAAc,EAAE,EAAE,EAAE;oBACjF,sBAAsB,EAAE,KAAK;iBAC9B;gBACD;oBACE,MAAM,EAAE,QAAQ;oBAChB,UAAU,EAAE,CAAC,KAAK,CAAC;oBACnB,YAAY,EAAE,EAAE,KAAK,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,MAAM,EAAE,cAAc,EAAE,EAAE,EAAE;oBACjF,sBAAsB,EAAE,KAAK;iBAC9B;gBACD;oBACE,MAAM,EAAE,QAAQ;oBAChB,UAAU,EAAE,CAAC,KAAK,CAAC;oBACnB,YAAY,EAAE,EAAE,KAAK,EAAE,EAAE,MAAM,EAAE,cAAc,EAAE,EAAE;oBACnD,sBAAsB,EAAE,KAAK;iBAC9B;gBACD;oBACE,MAAM,EAAE,QAAQ;oBAChB,UAAU,EAAE,CAAC,OAAO,CAAC;oBACrB,YAAY,EAAE;wBACZ,OAAO,EAAE;4BACP,MAAM,EAAE,QAAQ;4BAChB,UAAU,EAAE,CAAC,MAAM,EAAE,IAAI,CAAC;4BAC1B,YAAY,EAAE;gCACZ,MAAM,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE;gCAClD,IAAI,EAAE,EAAE,MAAM,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,CAAC,EAAE;gCACzF,OAAO,EAAE,EAAE;6BACZ;4BACD,sBAAsB,EAAE,KAAK;yBAC9B;qBACF;oBACD,sBAAsB,EAAE,KAAK;iBAC9B;aACF;SACF;KACF;CACF,CAAC"}
package/dist/signing.d.ts ADDED
@@ -0,0 +1,34 @@
1
+ /**
2
+ * Build the signing input string for agent request signing.
3
+ */
4
+ export declare function buildSigningInput(method: string, urlPath: string, timestamp: string, nonce: string, bodySha256: string): string;
5
+ /**
6
+ * Sign a request using Ed25519 private key.
7
+ */
8
+ export declare function signRequest(params: {
9
+ method: string;
10
+ path: string;
11
+ timestamp: string;
12
+ nonce: string;
13
+ bodyBytes: Buffer;
14
+ privateKeyB64: string;
15
+ }): {
16
+ 'X-Agent-Id'?: string;
17
+ 'X-Timestamp': string;
18
+ 'X-Nonce': string;
19
+ 'X-Body-Sha256': string;
20
+ 'X-Signature': string;
21
+ };
22
+ /**
23
+ * Verify an agent's request signature.
24
+ */
25
+ export declare function verifyRequestSignature(params: {
26
+ method: string;
27
+ path: string;
28
+ timestamp: string;
29
+ nonce: string;
30
+ bodySha256: string;
31
+ signatureB64: string;
32
+ publicKeyB64: string;
33
+ }): boolean;
34
+ //# sourceMappingURL=signing.d.ts.map
package/dist/signing.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"signing.d.ts","sourceRoot":"","sources":["../src/signing.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,wBAAgB,iBAAiB,CAC/B,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,KAAK,EAAE,MAAM,EACb,UAAU,EAAE,MAAM,GACjB,MAAM,CAER;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,MAAM,EAAE;IAClC,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;CACvB,GAAG;IACF,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe,EAAE,MAAM,CAAC;IACxB,aAAa,EAAE,MAAM,CAAC;CACvB,CAwBA;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE;IAC7C,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;CACtB,GAAG,OAAO,CAiBV"}
package/dist/signing.js ADDED
@@ -0,0 +1,79 @@
1
+ "use strict";
2
+ var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
3
+ if (k2 === undefined) k2 = k;
4
+ var desc = Object.getOwnPropertyDescriptor(m, k);
5
+ if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
6
+ desc = { enumerable: true, get: function() { return m[k]; } };
7
+ }
8
+ Object.defineProperty(o, k2, desc);
9
+ }) : (function(o, m, k, k2) {
10
+ if (k2 === undefined) k2 = k;
11
+ o[k2] = m[k];
12
+ }));
13
+ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
14
+ Object.defineProperty(o, "default", { enumerable: true, value: v });
15
+ }) : function(o, v) {
16
+ o["default"] = v;
17
+ });
18
+ var __importStar = (this && this.__importStar) || (function () {
19
+ var ownKeys = function(o) {
20
+ ownKeys = Object.getOwnPropertyNames || function (o) {
21
+ var ar = [];
22
+ for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
23
+ return ar;
24
+ };
25
+ return ownKeys(o);
26
+ };
27
+ return function (mod) {
28
+ if (mod && mod.__esModule) return mod;
29
+ var result = {};
30
+ if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
31
+ __setModuleDefault(result, mod);
32
+ return result;
33
+ };
34
+ })();
35
+ Object.defineProperty(exports, "__esModule", { value: true });
36
+ exports.buildSigningInput = buildSigningInput;
37
+ exports.signRequest = signRequest;
38
+ exports.verifyRequestSignature = verifyRequestSignature;
39
+ const crypto = __importStar(require("node:crypto"));
40
+ const canonicalize_js_1 = require("./canonicalize.js");
41
+ /**
42
+ * Build the signing input string for agent request signing.
43
+ */
44
+ function buildSigningInput(method, urlPath, timestamp, nonce, bodySha256) {
45
+ return `${method}\n${urlPath}\n${timestamp}\n${nonce}\n${bodySha256}`;
46
+ }
47
+ /**
48
+ * Sign a request using Ed25519 private key.
49
+ */
50
+ function signRequest(params) {
51
+ const bodySha256 = (0, canonicalize_js_1.sha256Hex)(params.bodyBytes);
52
+ const signingInput = buildSigningInput(params.method, params.path, params.timestamp, params.nonce, bodySha256);
53
+ const privateKey = crypto.createPrivateKey({
54
+ key: Buffer.from(params.privateKeyB64, 'base64'),
55
+ format: 'der',
56
+ type: 'pkcs8',
57
+ });
58
+ const signature = crypto.sign(null, Buffer.from(signingInput), privateKey);
59
+ return {
60
+ 'X-Timestamp': params.timestamp,
61
+ 'X-Nonce': params.nonce,
62
+ 'X-Body-Sha256': bodySha256,
63
+ 'X-Signature': signature.toString('base64'),
64
+ };
65
+ }
66
+ /**
67
+ * Verify an agent's request signature.
68
+ */
69
+ function verifyRequestSignature(params) {
70
+ const signingInput = buildSigningInput(params.method, params.path, params.timestamp, params.nonce, params.bodySha256);
71
+ const publicKey = crypto.createPublicKey({
72
+ key: Buffer.from(params.publicKeyB64, 'base64'),
73
+ format: 'der',
74
+ type: 'spki',
75
+ });
76
+ const signature = Buffer.from(params.signatureB64, 'base64');
77
+ return crypto.verify(null, Buffer.from(signingInput), publicKey, signature);
78
+ }
79
+ //# sourceMappingURL=signing.js.map
package/dist/signing.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"signing.js","sourceRoot":"","sources":["../src/signing.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAMA,8CAQC;AAKD,kCAqCC;AAKD,wDAyBC;AAtFD,oDAAsC;AACtC,uDAA8C;AAE9C;;GAEG;AACH,SAAgB,iBAAiB,CAC/B,MAAc,EACd,OAAe,EACf,SAAiB,EACjB,KAAa,EACb,UAAkB;IAElB,OAAO,GAAG,MAAM,KAAK,OAAO,KAAK,SAAS,KAAK,KAAK,KAAK,UAAU,EAAE,CAAC;AACxE,CAAC;AAED;;GAEG;AACH,SAAgB,WAAW,CAAC,MAO3B;IAOC,MAAM,UAAU,GAAG,IAAA,2BAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAC/C,MAAM,YAAY,GAAG,iBAAiB,CACpC,MAAM,CAAC,MAAM,EACb,MAAM,CAAC,IAAI,EACX,MAAM,CAAC,SAAS,EAChB,MAAM,CAAC,KAAK,EACZ,UAAU,CACX,CAAC;IAEF,MAAM,UAAU,GAAG,MAAM,CAAC,gBAAgB,CAAC;QACzC,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,QAAQ,CAAC;QAChD,MAAM,EAAE,KAAK;QACb,IAAI,EAAE,OAAO;KACd,CAAC,CAAC;IAEH,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,UAAU,CAAC,CAAC;IAE3E,OAAO;QACL,aAAa,EAAE,MAAM,CAAC,SAAS;QAC/B,SAAS,EAAE,MAAM,CAAC,KAAK;QACvB,eAAe,EAAE,UAAU;QAC3B,aAAa,EAAE,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC;KAC5C,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAgB,sBAAsB,CAAC,MAQtC;IACC,MAAM,YAAY,GAAG,iBAAiB,CACpC,MAAM,CAAC,MAAM,EACb,MAAM,CAAC,IAAI,EACX,MAAM,CAAC,SAAS,EAChB,MAAM,CAAC,KAAK,EACZ,MAAM,CAAC,UAAU,CAClB,CAAC;IAEF,MAAM,SAAS,GAAG,MAAM,CAAC,eAAe,CAAC;QACvC,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,QAAQ,CAAC;QAC/C,MAAM,EAAE,KAAK;QACb,IAAI,EAAE,MAAM;KACb,CAAC,CAAC;IAEH,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;IAC7D,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;AAC9E,CAAC"}
package/dist/state.d.ts ADDED
@@ -0,0 +1,11 @@
1
+ import type { AgentFrontmatter, OwnerFrontmatter, StateData } from './types.js';
2
+ export declare function readState(dataDir: string): StateData;
3
+ export declare function writeState(dataDir: string, state: StateData): void;
4
+ export declare function parseStateMd(content: string): StateData;
5
+ export declare function writeOwnerFile(dataDir: string, owner: OwnerFrontmatter, body?: string): void;
6
+ export declare function readOwnerFile(dataDir: string, ownerPrincipalId: string): OwnerFrontmatter;
7
+ export declare function writeAgentFile(dataDir: string, agent: AgentFrontmatter, body?: string): void;
8
+ export declare function readAgentFile(dataDir: string, agentPrincipalId: string): AgentFrontmatter;
9
+ export declare function writePolicyFile(dataDir: string, policyId: string, yamlContent: string): void;
10
+ export declare function readPolicyFile(dataDir: string, policyId: string): string;
11
+ //# sourceMappingURL=state.d.ts.map
package/dist/state.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"state.d.ts","sourceRoot":"","sources":["../src/state.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EACV,gBAAgB,EAChB,gBAAgB,EAChB,SAAS,EACV,MAAM,YAAY,CAAC;AAKpB,wBAAgB,SAAS,CAAC,OAAO,EAAE,MAAM,GAAG,SAAS,CAIpD;AAED,wBAAgB,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,SAAS,GAAG,IAAI,CAKlE;AAED,wBAAgB,YAAY,CAAC,OAAO,EAAE,MAAM,GAAG,SAAS,CAMvD;AAED,wBAAgB,cAAc,CAC5B,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,gBAAgB,EACvB,IAAI,CAAC,EAAE,MAAM,GACZ,IAAI,CAON;AAED,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,GAAG,gBAAgB,CAIzF;AAED,wBAAgB,cAAc,CAC5B,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,gBAAgB,EACvB,IAAI,CAAC,EAAE,MAAM,GACZ,IAAI,CAON;AAED,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,GAAG,gBAAgB,CAIzF;AAED,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,IAAI,CAK5F;AAED,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,MAAM,CAGxE"}
package/dist/state.js ADDED
@@ -0,0 +1,111 @@
1
+ "use strict";
2
+ var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
3
+ if (k2 === undefined) k2 = k;
4
+ var desc = Object.getOwnPropertyDescriptor(m, k);
5
+ if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
6
+ desc = { enumerable: true, get: function() { return m[k]; } };
7
+ }
8
+ Object.defineProperty(o, k2, desc);
9
+ }) : (function(o, m, k, k2) {
10
+ if (k2 === undefined) k2 = k;
11
+ o[k2] = m[k];
12
+ }));
13
+ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
14
+ Object.defineProperty(o, "default", { enumerable: true, value: v });
15
+ }) : function(o, v) {
16
+ o["default"] = v;
17
+ });
18
+ var __importStar = (this && this.__importStar) || (function () {
19
+ var ownKeys = function(o) {
20
+ ownKeys = Object.getOwnPropertyNames || function (o) {
21
+ var ar = [];
22
+ for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
23
+ return ar;
24
+ };
25
+ return ownKeys(o);
26
+ };
27
+ return function (mod) {
28
+ if (mod && mod.__esModule) return mod;
29
+ var result = {};
30
+ if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
31
+ __setModuleDefault(result, mod);
32
+ return result;
33
+ };
34
+ })();
35
+ Object.defineProperty(exports, "__esModule", { value: true });
36
+ exports.readState = readState;
37
+ exports.writeState = writeState;
38
+ exports.parseStateMd = parseStateMd;
39
+ exports.writeOwnerFile = writeOwnerFile;
40
+ exports.readOwnerFile = readOwnerFile;
41
+ exports.writeAgentFile = writeAgentFile;
42
+ exports.readAgentFile = readAgentFile;
43
+ exports.writePolicyFile = writePolicyFile;
44
+ exports.readPolicyFile = readPolicyFile;
45
+ const fs = __importStar(require("node:fs"));
46
+ const path = __importStar(require("node:path"));
47
+ const yaml_1 = require("yaml");
48
+ const STATE_HEADER = '# openleash state\n\n```yaml\n';
49
+ const STATE_FOOTER = '```\n';
50
+ function readState(dataDir) {
51
+ const filePath = path.join(dataDir, 'state.md');
52
+ const content = fs.readFileSync(filePath, 'utf-8');
53
+ return parseStateMd(content);
54
+ }
55
+ function writeState(dataDir, state) {
56
+ const filePath = path.join(dataDir, 'state.md');
57
+ const yamlStr = (0, yaml_1.stringify)(state, { lineWidth: 0 });
58
+ const content = STATE_HEADER + yamlStr + STATE_FOOTER;
59
+ fs.writeFileSync(filePath, content, 'utf-8');
60
+ }
61
+ function parseStateMd(content) {
62
+ const yamlMatch = content.match(/```yaml\n([\s\S]*?)```/);
63
+ if (!yamlMatch) {
64
+ throw new Error('Could not find YAML block in state.md');
65
+ }
66
+ return (0, yaml_1.parse)(yamlMatch[1]);
67
+ }
68
+ function writeOwnerFile(dataDir, owner, body) {
69
+ const ownersDir = path.join(dataDir, 'owners');
70
+ fs.mkdirSync(ownersDir, { recursive: true });
71
+ const filePath = path.join(ownersDir, `${owner.owner_principal_id}.md`);
72
+ const frontmatter = (0, yaml_1.stringify)(owner, { lineWidth: 0 }).trim();
73
+ const content = `---\n${frontmatter}\n---\n\n${body ?? `Owner: ${owner.display_name}`}\n`;
74
+ fs.writeFileSync(filePath, content, 'utf-8');
75
+ }
76
+ function readOwnerFile(dataDir, ownerPrincipalId) {
77
+ const filePath = path.join(dataDir, 'owners', `${ownerPrincipalId}.md`);
78
+ const content = fs.readFileSync(filePath, 'utf-8');
79
+ return parseFrontmatter(content);
80
+ }
81
+ function writeAgentFile(dataDir, agent, body) {
82
+ const agentsDir = path.join(dataDir, 'agents');
83
+ fs.mkdirSync(agentsDir, { recursive: true });
84
+ const filePath = path.join(agentsDir, `${agent.agent_principal_id}.md`);
85
+ const frontmatter = (0, yaml_1.stringify)(agent, { lineWidth: 0 }).trim();
86
+ const content = `---\n${frontmatter}\n---\n\n${body ?? `Agent: ${agent.agent_id}`}\n`;
87
+ fs.writeFileSync(filePath, content, 'utf-8');
88
+ }
89
+ function readAgentFile(dataDir, agentPrincipalId) {
90
+ const filePath = path.join(dataDir, 'agents', `${agentPrincipalId}.md`);
91
+ const content = fs.readFileSync(filePath, 'utf-8');
92
+ return parseFrontmatter(content);
93
+ }
94
+ function writePolicyFile(dataDir, policyId, yamlContent) {
95
+ const policiesDir = path.join(dataDir, 'policies');
96
+ fs.mkdirSync(policiesDir, { recursive: true });
97
+ const filePath = path.join(policiesDir, `${policyId}.yaml`);
98
+ fs.writeFileSync(filePath, yamlContent, 'utf-8');
99
+ }
100
+ function readPolicyFile(dataDir, policyId) {
101
+ const filePath = path.join(dataDir, 'policies', `${policyId}.yaml`);
102
+ return fs.readFileSync(filePath, 'utf-8');
103
+ }
104
+ function parseFrontmatter(content) {
105
+ const match = content.match(/^---\n([\s\S]*?)\n---/);
106
+ if (!match) {
107
+ throw new Error('No frontmatter found');
108
+ }
109
+ return (0, yaml_1.parse)(match[1]);
110
+ }
111
+ //# sourceMappingURL=state.js.map
package/dist/state.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"state.js","sourceRoot":"","sources":["../src/state.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAYA,8BAIC;AAED,gCAKC;AAED,oCAMC;AAED,wCAWC;AAED,sCAIC;AAED,wCAWC;AAED,sCAIC;AAED,0CAKC;AAED,wCAGC;AAjFD,4CAA8B;AAC9B,gDAAkC;AAClC,+BAAsE;AAOtE,MAAM,YAAY,GAAG,gCAAgC,CAAC;AACtD,MAAM,YAAY,GAAG,OAAO,CAAC;AAE7B,SAAgB,SAAS,CAAC,OAAe;IACvC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;IAChD,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IACnD,OAAO,YAAY,CAAC,OAAO,CAAC,CAAC;AAC/B,CAAC;AAED,SAAgB,UAAU,CAAC,OAAe,EAAE,KAAgB;IAC1D,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;IAChD,MAAM,OAAO,GAAG,IAAA,gBAAa,EAAC,KAAK,EAAE,EAAE,SAAS,EAAE,CAAC,EAAE,CAAC,CAAC;IACvD,MAAM,OAAO,GAAG,YAAY,GAAG,OAAO,GAAG,YAAY,CAAC;IACtD,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;AAC/C,CAAC;AAED,SAAgB,YAAY,CAAC,OAAe;IAC1C,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;IAC1D,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;IAC3D,CAAC;IACD,OAAO,IAAA,YAAS,EAAC,SAAS,CAAC,CAAC,CAAC,CAAc,CAAC;AAC9C,CAAC;AAED,SAAgB,cAAc,CAC5B,OAAe,EACf,KAAuB,EACvB,IAAa;IAEb,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC/C,EAAE,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC7C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,KAAK,CAAC,kBAAkB,KAAK,CAAC,CAAC;IACxE,MAAM,WAAW,GAAG,IAAA,gBAAa,EAAC,KAAK,EAAE,EAAE,SAAS,EAAE,CAAC,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IAClE,MAAM,OAAO,GAAG,QAAQ,WAAW,YAAY,IAAI,IAAI,UAAU,KAAK,CAAC,YAAY,EAAE,IAAI,CAAC;IAC1F,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;AAC/C,CAAC;AAED,SAAgB,aAAa,CAAC,OAAe,EAAE,gBAAwB;IACrE,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,EAAE,GAAG,gBAAgB,KAAK,CAAC,CAAC;IACxE,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IACnD,OAAO,gBAAgB,CAAC,OAAO,CAAgC,CAAC;AAClE,CAAC;AAED,SAAgB,cAAc,CAC5B,OAAe,EACf,KAAuB,EACvB,IAAa;IAEb,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC/C,EAAE,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC7C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,KAAK,CAAC,kBAAkB,KAAK,CAAC,CAAC;IACxE,MAAM,WAAW,GAAG,IAAA,gBAAa,EAAC,KAAK,EAAE,EAAE,SAAS,EAAE,CAAC,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IAClE,MAAM,OAAO,GAAG,QAAQ,WAAW,YAAY,IAAI,IAAI,UAAU,KAAK,CAAC,QAAQ,EAAE,IAAI,CAAC;IACtF,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;AAC/C,CAAC;AAED,SAAgB,aAAa,CAAC,OAAe,EAAE,gBAAwB;IACrE,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,EAAE,GAAG,gBAAgB,KAAK,CAAC,CAAC;IACxE,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IACnD,OAAO,gBAAgB,CAAC,OAAO,CAAgC,CAAC;AAClE,CAAC;AAED,SAAgB,eAAe,CAAC,OAAe,EAAE,QAAgB,EAAE,WAAmB;IACpF,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;IACnD,EAAE,CAAC,SAAS,CAAC,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC/C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,QAAQ,OAAO,CAAC,CAAC;IAC5D,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC;AACnD,CAAC;AAED,SAAgB,cAAc,CAAC,OAAe,EAAE,QAAgB;IAC9D,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,GAAG,QAAQ,OAAO,CAAC,CAAC;IACpE,OAAO,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;AAC5C,CAAC;AAED,SAAS,gBAAgB,CAAC,OAAe;IACvC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;IACrD,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;IAC1C,CAAC;IACD,OAAO,IAAA,YAAS,EAAC,KAAK,CAAC,CAAC,CAAC,CAA4B,CAAC;AACxD,CAAC"}
package/dist/tokens.d.ts ADDED
@@ -0,0 +1,38 @@
1
+ import type { ServerKeyFile } from './types.js';
2
+ export interface ProofClaims {
3
+ iss: string;
4
+ kid: string;
5
+ iat: string;
6
+ exp: string;
7
+ decision_id: string;
8
+ owner_principal_id: string;
9
+ agent_id: string;
10
+ action_type: string;
11
+ action_hash: string;
12
+ matched_rule_id: string | null;
13
+ trust_profile?: string;
14
+ constraints_snapshot?: Record<string, unknown>;
15
+ }
16
+ export interface IssueProofParams {
17
+ key: ServerKeyFile;
18
+ decisionId: string;
19
+ ownerPrincipalId: string;
20
+ agentId: string;
21
+ actionType: string;
22
+ actionHash: string;
23
+ matchedRuleId: string | null;
24
+ ttlSeconds: number;
25
+ trustProfile?: string;
26
+ constraintsSnapshot?: Record<string, unknown>;
27
+ }
28
+ export declare function issueProofToken(params: IssueProofParams): Promise<{
29
+ token: string;
30
+ expiresAt: string;
31
+ claims: ProofClaims;
32
+ }>;
33
+ export declare function verifyProofToken(token: string, keys: ServerKeyFile[]): Promise<{
34
+ valid: boolean;
35
+ claims?: ProofClaims;
36
+ reason?: string;
37
+ }>;
38
+ //# sourceMappingURL=tokens.d.ts.map
package/dist/tokens.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"tokens.d.ts","sourceRoot":"","sources":["../src/tokens.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAGhD,MAAM,WAAW,WAAW;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,WAAW,EAAE,MAAM,CAAC;IACpB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,oBAAoB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAChD;AAED,MAAM,WAAW,gBAAgB;IAC/B,GAAG,EAAE,aAAa,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,gBAAgB,EAAE,MAAM,CAAC;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,mBAAmB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC/C;AAED,wBAAsB,eAAe,CAAC,MAAM,EAAE,gBAAgB,GAAG,OAAO,CAAC;IACvE,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,WAAW,CAAC;CACrB,CAAC,CA8BD;AAED,wBAAsB,gBAAgB,CACpC,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,aAAa,EAAE,GACpB,OAAO,CAAC;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,WAAW,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAuBpE"}