@openleash/core 0.2.0 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/identity-validators.d.ts +26 -0
- package/dist/identity-validators.d.ts.map +1 -0
- package/dist/identity-validators.js +664 -0
- package/dist/identity-validators.js.map +1 -0
- package/dist/identity.d.ts +250 -0
- package/dist/identity.d.ts.map +1 -0
- package/dist/identity.js +244 -0
- package/dist/identity.js.map +1 -0
- package/dist/index.d.ts +5 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +5 -0
- package/dist/index.js.map +1 -1
- package/dist/passphrase.d.ts +6 -0
- package/dist/passphrase.d.ts.map +1 -0
- package/dist/passphrase.js +61 -0
- package/dist/passphrase.js.map +1 -0
- package/dist/state.d.ts +10 -1
- package/dist/state.d.ts.map +1 -1
- package/dist/state.js +65 -0
- package/dist/state.js.map +1 -1
- package/dist/taxonomy.d.ts +34 -0
- package/dist/taxonomy.d.ts.map +1 -0
- package/dist/taxonomy.js +293 -0
- package/dist/taxonomy.js.map +1 -0
- package/dist/tokens.d.ts +35 -1
- package/dist/tokens.d.ts.map +1 -1
- package/dist/tokens.js +82 -0
- package/dist/tokens.js.map +1 -1
- package/dist/totp.d.ts +15 -0
- package/dist/totp.d.ts.map +1 -0
- package/dist/totp.js +149 -0
- package/dist/totp.js.map +1 -0
- package/dist/types.d.ts +227 -75
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js +36 -3
- package/dist/types.js.map +1 -1
- package/package.json +8 -4
package/dist/tokens.js
CHANGED
|
@@ -2,6 +2,10 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.issueProofToken = issueProofToken;
|
|
4
4
|
exports.verifyProofToken = verifyProofToken;
|
|
5
|
+
exports.issueSessionToken = issueSessionToken;
|
|
6
|
+
exports.verifySessionToken = verifySessionToken;
|
|
7
|
+
exports.issueApprovalToken = issueApprovalToken;
|
|
8
|
+
exports.verifyApprovalToken = verifyApprovalToken;
|
|
5
9
|
const paseto_1 = require("paseto");
|
|
6
10
|
const keys_js_1 = require("./keys.js");
|
|
7
11
|
async function issueProofToken(params) {
|
|
@@ -53,4 +57,82 @@ async function verifyProofToken(token, keys) {
|
|
|
53
57
|
}
|
|
54
58
|
return { valid: false, reason: 'No matching key found or invalid signature' };
|
|
55
59
|
}
|
|
60
|
+
async function issueSessionToken(params) {
|
|
61
|
+
const now = new Date();
|
|
62
|
+
const exp = new Date(now.getTime() + params.ttlSeconds * 1000);
|
|
63
|
+
const claims = {
|
|
64
|
+
iss: 'openleash',
|
|
65
|
+
kid: params.key.kid,
|
|
66
|
+
sub: params.ownerPrincipalId,
|
|
67
|
+
iat: now.toISOString(),
|
|
68
|
+
exp: exp.toISOString(),
|
|
69
|
+
purpose: 'owner_session',
|
|
70
|
+
};
|
|
71
|
+
const privateKey = (0, keys_js_1.getPrivateKeyObject)(params.key);
|
|
72
|
+
const token = await paseto_1.V4.sign({ ...claims }, privateKey, { expiresIn: `${params.ttlSeconds} seconds` });
|
|
73
|
+
return { token, expiresAt: exp.toISOString(), claims };
|
|
74
|
+
}
|
|
75
|
+
async function verifySessionToken(token, keys) {
|
|
76
|
+
for (const key of keys) {
|
|
77
|
+
try {
|
|
78
|
+
const publicKey = (0, keys_js_1.getPublicKeyObject)(key);
|
|
79
|
+
const payload = await paseto_1.V4.verify(token, publicKey);
|
|
80
|
+
if (payload.purpose !== 'owner_session') {
|
|
81
|
+
return { valid: false, reason: 'Invalid token purpose' };
|
|
82
|
+
}
|
|
83
|
+
if (payload.exp) {
|
|
84
|
+
const expDate = new Date(payload.exp);
|
|
85
|
+
if (expDate.getTime() < Date.now()) {
|
|
86
|
+
return { valid: false, reason: 'Session expired', claims: payload };
|
|
87
|
+
}
|
|
88
|
+
}
|
|
89
|
+
return { valid: true, claims: payload };
|
|
90
|
+
}
|
|
91
|
+
catch {
|
|
92
|
+
continue;
|
|
93
|
+
}
|
|
94
|
+
}
|
|
95
|
+
return { valid: false, reason: 'No matching key found or invalid signature' };
|
|
96
|
+
}
|
|
97
|
+
async function issueApprovalToken(params) {
|
|
98
|
+
const now = new Date();
|
|
99
|
+
const exp = new Date(now.getTime() + params.ttlSeconds * 1000);
|
|
100
|
+
const claims = {
|
|
101
|
+
iss: 'openleash',
|
|
102
|
+
kid: params.key.kid,
|
|
103
|
+
iat: now.toISOString(),
|
|
104
|
+
exp: exp.toISOString(),
|
|
105
|
+
approval_request_id: params.approvalRequestId,
|
|
106
|
+
owner_principal_id: params.ownerPrincipalId,
|
|
107
|
+
agent_id: params.agentId,
|
|
108
|
+
action_type: params.actionType,
|
|
109
|
+
action_hash: params.actionHash,
|
|
110
|
+
purpose: 'approval',
|
|
111
|
+
};
|
|
112
|
+
const privateKey = (0, keys_js_1.getPrivateKeyObject)(params.key);
|
|
113
|
+
const token = await paseto_1.V4.sign({ ...claims }, privateKey, { expiresIn: `${params.ttlSeconds} seconds` });
|
|
114
|
+
return { token, expiresAt: exp.toISOString(), claims };
|
|
115
|
+
}
|
|
116
|
+
async function verifyApprovalToken(token, keys) {
|
|
117
|
+
for (const key of keys) {
|
|
118
|
+
try {
|
|
119
|
+
const publicKey = (0, keys_js_1.getPublicKeyObject)(key);
|
|
120
|
+
const payload = await paseto_1.V4.verify(token, publicKey);
|
|
121
|
+
if (payload.purpose !== 'approval') {
|
|
122
|
+
return { valid: false, reason: 'Invalid token purpose' };
|
|
123
|
+
}
|
|
124
|
+
if (payload.exp) {
|
|
125
|
+
const expDate = new Date(payload.exp);
|
|
126
|
+
if (expDate.getTime() < Date.now()) {
|
|
127
|
+
return { valid: false, reason: 'Approval token expired', claims: payload };
|
|
128
|
+
}
|
|
129
|
+
}
|
|
130
|
+
return { valid: true, claims: payload };
|
|
131
|
+
}
|
|
132
|
+
catch {
|
|
133
|
+
continue;
|
|
134
|
+
}
|
|
135
|
+
}
|
|
136
|
+
return { valid: false, reason: 'No matching key found or invalid signature' };
|
|
137
|
+
}
|
|
56
138
|
//# sourceMappingURL=tokens.js.map
|
package/dist/tokens.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tokens.js","sourceRoot":"","sources":["../src/tokens.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"tokens.js","sourceRoot":"","sources":["../src/tokens.ts"],"names":[],"mappings":";;AAgCA,0CAkCC;AAED,4CA0BC;AAUD,8CAyBC;AAED,gDA2BC;AAcD,gDA6BC;AAED,kDA2BC;AAtOD,mCAA4B;AAE5B,uCAAoE;AA8B7D,KAAK,UAAU,eAAe,CAAC,MAAwB;IAK5D,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,MAAM,GAAG,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;IAE/D,MAAM,MAAM,GAAgB;QAC1B,GAAG,EAAE,WAAW;QAChB,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,GAAG;QACnB,GAAG,EAAE,GAAG,CAAC,WAAW,EAAE;QACtB,GAAG,EAAE,GAAG,CAAC,WAAW,EAAE;QACtB,WAAW,EAAE,MAAM,CAAC,UAAU;QAC9B,kBAAkB,EAAE,MAAM,CAAC,gBAAgB;QAC3C,QAAQ,EAAE,MAAM,CAAC,OAAO;QACxB,WAAW,EAAE,MAAM,CAAC,UAAU;QAC9B,WAAW,EAAE,MAAM,CAAC,UAAU;QAC9B,eAAe,EAAE,MAAM,CAAC,aAAa;KACtC,CAAC;IAEF,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;QACxB,MAAM,CAAC,aAAa,GAAG,MAAM,CAAC,YAAY,CAAC;IAC7C,CAAC;IACD,IAAI,MAAM,CAAC,mBAAmB,EAAE,CAAC;QAC/B,MAAM,CAAC,oBAAoB,GAAG,MAAM,CAAC,mBAAmB,CAAC;IAC3D,CAAC;IAED,MAAM,UAAU,GAAG,IAAA,6BAAmB,EAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACnD,MAAM,KAAK,GAAG,MAAM,WAAE,CAAC,IAAI,CAAC,EAAE,GAAG,MAAM,EAAwC,EAAE,UAAU,EAAE;QAC3F,SAAS,EAAE,GAAG,MAAM,CAAC,UAAU,UAAU;KAC1C,CAAC,CAAC;IAEH,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,CAAC,WAAW,EAAE,EAAE,MAAM,EAAE,CAAC;AACzD,CAAC;AAEM,KAAK,UAAU,gBAAgB,CACpC,KAAa,EACb,IAAqB;IAErB,eAAe;IACf,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,IAAA,4BAAkB,EAAC,GAAG,CAAC,CAAC;YAC1C,MAAM,OAAO,GAAG,MAAM,WAAE,CAAC,MAAM,CAAC,KAAK,EAAE,SAAS,CAAgB,CAAC;YAEjE,mBAAmB;YACnB,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;gBAChB,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBACtC,IAAI,OAAO,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;oBACnC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;gBACpE,CAAC;YACH,CAAC;YAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;QAC1C,CAAC;QAAC,MAAM,CAAC;YACP,eAAe;YACf,SAAS;QACX,CAAC;IACH,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,4CAA4C,EAAE,CAAC;AAChF,CAAC;AAUM,KAAK,UAAU,iBAAiB,CAAC,MAA0B;IAKhE,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,MAAM,GAAG,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;IAE/D,MAAM,MAAM,GAAkB;QAC5B,GAAG,EAAE,WAAW;QAChB,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,GAAG;QACnB,GAAG,EAAE,MAAM,CAAC,gBAAgB;QAC5B,GAAG,EAAE,GAAG,CAAC,WAAW,EAAE;QACtB,GAAG,EAAE,GAAG,CAAC,WAAW,EAAE;QACtB,OAAO,EAAE,eAAe;KACzB,CAAC;IAEF,MAAM,UAAU,GAAG,IAAA,6BAAmB,EAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACnD,MAAM,KAAK,GAAG,MAAM,WAAE,CAAC,IAAI,CACzB,EAAE,GAAG,MAAM,EAAwC,EACnD,UAAU,EACV,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC,UAAU,UAAU,EAAE,CAC9C,CAAC;IAEF,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,CAAC,WAAW,EAAE,EAAE,MAAM,EAAE,CAAC;AACzD,CAAC;AAEM,KAAK,UAAU,kBAAkB,CACtC,KAAa,EACb,IAAqB;IAErB,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,IAAA,4BAAkB,EAAC,GAAG,CAAC,CAAC;YAC1C,MAAM,OAAO,GAAG,MAAM,WAAE,CAAC,MAAM,CAAC,KAAK,EAAE,SAAS,CAAkB,CAAC;YAEnE,IAAI,OAAO,CAAC,OAAO,KAAK,eAAe,EAAE,CAAC;gBACxC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC;YAC3D,CAAC;YAED,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;gBAChB,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBACtC,IAAI,OAAO,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;oBACnC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;gBACtE,CAAC;YACH,CAAC;YAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;QAC1C,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;IACH,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,4CAA4C,EAAE,CAAC;AAChF,CAAC;AAcM,KAAK,UAAU,kBAAkB,CAAC,MAAgC;IAKvE,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,MAAM,GAAG,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;IAE/D,MAAM,MAAM,GAAwB;QAClC,GAAG,EAAE,WAAW;QAChB,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,GAAG;QACnB,GAAG,EAAE,GAAG,CAAC,WAAW,EAAE;QACtB,GAAG,EAAE,GAAG,CAAC,WAAW,EAAE;QACtB,mBAAmB,EAAE,MAAM,CAAC,iBAAiB;QAC7C,kBAAkB,EAAE,MAAM,CAAC,gBAAgB;QAC3C,QAAQ,EAAE,MAAM,CAAC,OAAO;QACxB,WAAW,EAAE,MAAM,CAAC,UAAU;QAC9B,WAAW,EAAE,MAAM,CAAC,UAAU;QAC9B,OAAO,EAAE,UAAU;KACpB,CAAC;IAEF,MAAM,UAAU,GAAG,IAAA,6BAAmB,EAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACnD,MAAM,KAAK,GAAG,MAAM,WAAE,CAAC,IAAI,CACzB,EAAE,GAAG,MAAM,EAAwC,EACnD,UAAU,EACV,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC,UAAU,UAAU,EAAE,CAC9C,CAAC;IAEF,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,CAAC,WAAW,EAAE,EAAE,MAAM,EAAE,CAAC;AACzD,CAAC;AAEM,KAAK,UAAU,mBAAmB,CACvC,KAAa,EACb,IAAqB;IAErB,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,IAAA,4BAAkB,EAAC,GAAG,CAAC,CAAC;YAC1C,MAAM,OAAO,GAAG,MAAM,WAAE,CAAC,MAAM,CAAC,KAAK,EAAE,SAAS,CAAwB,CAAC;YAEzE,IAAI,OAAO,CAAC,OAAO,KAAK,UAAU,EAAE,CAAC;gBACnC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC;YAC3D,CAAC;YAED,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;gBAChB,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBACtC,IAAI,OAAO,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;oBACnC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,wBAAwB,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;gBAC7E,CAAC;YACH,CAAC;YAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;QAC1C,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;IACH,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,4CAA4C,EAAE,CAAC;AAChF,CAAC"}
|
package/dist/totp.d.ts
ADDED
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
export declare function base32Encode(buffer: Buffer): string;
|
|
2
|
+
export declare function base32Decode(str: string): Buffer;
|
|
3
|
+
export declare function generateTotpSecret(): string;
|
|
4
|
+
export declare function generateTotpUri(secret: string, accountName: string, issuer?: string): string;
|
|
5
|
+
export declare function verifyTotp(secret: string, code: string, window?: number): boolean;
|
|
6
|
+
export declare function generateBackupCodes(count?: number): {
|
|
7
|
+
codes: string[];
|
|
8
|
+
hashes: string[];
|
|
9
|
+
};
|
|
10
|
+
export declare function verifyBackupCode(code: string, hashes: string[]): {
|
|
11
|
+
valid: boolean;
|
|
12
|
+
remainingHashes: string[];
|
|
13
|
+
};
|
|
14
|
+
export declare function generateTotpQrSvg(uri: string): string;
|
|
15
|
+
//# sourceMappingURL=totp.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"totp.d.ts","sourceRoot":"","sources":["../src/totp.ts"],"names":[],"mappings":"AAMA,wBAAgB,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAmBnD;AAED,wBAAgB,YAAY,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAkBhD;AAID,wBAAgB,kBAAkB,IAAI,MAAM,CAE3C;AAED,wBAAgB,eAAe,CAAC,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,SAAc,GAAG,MAAM,CAIjG;AAeD,wBAAgB,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,SAAI,GAAG,OAAO,CAS5E;AAID,wBAAgB,mBAAmB,CAAC,KAAK,SAAI,GAAG;IAAE,KAAK,EAAE,MAAM,EAAE,CAAC;IAAC,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,CAWpF;AAED,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,eAAe,EAAE,MAAM,EAAE,CAAA;CAAE,CAO9G;AAOD,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAYrD"}
|
package/dist/totp.js
ADDED
|
@@ -0,0 +1,149 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
+
var ownKeys = function(o) {
|
|
20
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
+
var ar = [];
|
|
22
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
+
return ar;
|
|
24
|
+
};
|
|
25
|
+
return ownKeys(o);
|
|
26
|
+
};
|
|
27
|
+
return function (mod) {
|
|
28
|
+
if (mod && mod.__esModule) return mod;
|
|
29
|
+
var result = {};
|
|
30
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
+
__setModuleDefault(result, mod);
|
|
32
|
+
return result;
|
|
33
|
+
};
|
|
34
|
+
})();
|
|
35
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
36
|
+
exports.base32Encode = base32Encode;
|
|
37
|
+
exports.base32Decode = base32Decode;
|
|
38
|
+
exports.generateTotpSecret = generateTotpSecret;
|
|
39
|
+
exports.generateTotpUri = generateTotpUri;
|
|
40
|
+
exports.verifyTotp = verifyTotp;
|
|
41
|
+
exports.generateBackupCodes = generateBackupCodes;
|
|
42
|
+
exports.verifyBackupCode = verifyBackupCode;
|
|
43
|
+
exports.generateTotpQrSvg = generateTotpQrSvg;
|
|
44
|
+
const crypto = __importStar(require("node:crypto"));
|
|
45
|
+
// ─── Base32 (RFC 4648) ──────────────────────────────────────────────
|
|
46
|
+
const BASE32_ALPHABET = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567';
|
|
47
|
+
function base32Encode(buffer) {
|
|
48
|
+
let bits = 0;
|
|
49
|
+
let value = 0;
|
|
50
|
+
let output = '';
|
|
51
|
+
for (const byte of buffer) {
|
|
52
|
+
value = (value << 8) | byte;
|
|
53
|
+
bits += 8;
|
|
54
|
+
while (bits >= 5) {
|
|
55
|
+
bits -= 5;
|
|
56
|
+
output += BASE32_ALPHABET[(value >>> bits) & 0x1f];
|
|
57
|
+
}
|
|
58
|
+
}
|
|
59
|
+
if (bits > 0) {
|
|
60
|
+
output += BASE32_ALPHABET[(value << (5 - bits)) & 0x1f];
|
|
61
|
+
}
|
|
62
|
+
return output;
|
|
63
|
+
}
|
|
64
|
+
function base32Decode(str) {
|
|
65
|
+
const cleaned = str.replace(/=+$/, '').toUpperCase();
|
|
66
|
+
let bits = 0;
|
|
67
|
+
let value = 0;
|
|
68
|
+
const bytes = [];
|
|
69
|
+
for (const char of cleaned) {
|
|
70
|
+
const idx = BASE32_ALPHABET.indexOf(char);
|
|
71
|
+
if (idx === -1)
|
|
72
|
+
throw new Error(`Invalid base32 character: ${char}`);
|
|
73
|
+
value = (value << 5) | idx;
|
|
74
|
+
bits += 5;
|
|
75
|
+
if (bits >= 8) {
|
|
76
|
+
bits -= 8;
|
|
77
|
+
bytes.push((value >>> bits) & 0xff);
|
|
78
|
+
}
|
|
79
|
+
}
|
|
80
|
+
return Buffer.from(bytes);
|
|
81
|
+
}
|
|
82
|
+
// ─── TOTP (RFC 6238 / RFC 4226) ─────────────────────────────────────
|
|
83
|
+
function generateTotpSecret() {
|
|
84
|
+
return base32Encode(crypto.randomBytes(20));
|
|
85
|
+
}
|
|
86
|
+
function generateTotpUri(secret, accountName, issuer = 'OpenLeash') {
|
|
87
|
+
const encodedIssuer = encodeURIComponent(issuer);
|
|
88
|
+
const encodedAccount = encodeURIComponent(accountName);
|
|
89
|
+
return `otpauth://totp/${encodedIssuer}:${encodedAccount}?secret=${secret}&issuer=${encodedIssuer}&algorithm=SHA1&digits=6&period=30`;
|
|
90
|
+
}
|
|
91
|
+
function computeHotp(secret, counter) {
|
|
92
|
+
const buf = Buffer.alloc(8);
|
|
93
|
+
buf.writeBigUInt64BE(counter);
|
|
94
|
+
const hmac = crypto.createHmac('sha1', secret).update(buf).digest();
|
|
95
|
+
const offset = hmac[hmac.length - 1] & 0x0f;
|
|
96
|
+
const code = ((hmac[offset] & 0x7f) << 24) |
|
|
97
|
+
((hmac[offset + 1] & 0xff) << 16) |
|
|
98
|
+
((hmac[offset + 2] & 0xff) << 8) |
|
|
99
|
+
(hmac[offset + 3] & 0xff);
|
|
100
|
+
return String(code % 1_000_000).padStart(6, '0');
|
|
101
|
+
}
|
|
102
|
+
function verifyTotp(secret, code, window = 1) {
|
|
103
|
+
if (!/^\d{6}$/.test(code))
|
|
104
|
+
return false;
|
|
105
|
+
const key = base32Decode(secret);
|
|
106
|
+
const counter = BigInt(Math.floor(Date.now() / 30_000));
|
|
107
|
+
for (let i = -window; i <= window; i++) {
|
|
108
|
+
if (computeHotp(key, counter + BigInt(i)) === code)
|
|
109
|
+
return true;
|
|
110
|
+
}
|
|
111
|
+
return false;
|
|
112
|
+
}
|
|
113
|
+
// ─── Backup codes ────────────────────────────────────────────────────
|
|
114
|
+
function generateBackupCodes(count = 8) {
|
|
115
|
+
const codes = [];
|
|
116
|
+
const hashes = [];
|
|
117
|
+
for (let i = 0; i < count; i++) {
|
|
118
|
+
const code = crypto.randomBytes(4).toString('hex'); // 8-char hex
|
|
119
|
+
codes.push(code);
|
|
120
|
+
hashes.push(crypto.createHash('sha256').update(code).digest('hex'));
|
|
121
|
+
}
|
|
122
|
+
return { codes, hashes };
|
|
123
|
+
}
|
|
124
|
+
function verifyBackupCode(code, hashes) {
|
|
125
|
+
const hash = crypto.createHash('sha256').update(code).digest('hex');
|
|
126
|
+
const idx = hashes.indexOf(hash);
|
|
127
|
+
if (idx === -1)
|
|
128
|
+
return { valid: false, remainingHashes: hashes };
|
|
129
|
+
const remainingHashes = [...hashes];
|
|
130
|
+
remainingHashes.splice(idx, 1);
|
|
131
|
+
return { valid: true, remainingHashes };
|
|
132
|
+
}
|
|
133
|
+
// ─── QR code SVG generation ──────────────────────────────────────────
|
|
134
|
+
// eslint-disable-next-line @typescript-eslint/no-require-imports
|
|
135
|
+
const QRCode = require('qrcode-svg');
|
|
136
|
+
function generateTotpQrSvg(uri) {
|
|
137
|
+
const qr = new QRCode({
|
|
138
|
+
content: uri,
|
|
139
|
+
padding: 4,
|
|
140
|
+
width: 200,
|
|
141
|
+
height: 200,
|
|
142
|
+
color: '#000000',
|
|
143
|
+
background: '#ffffff',
|
|
144
|
+
ecl: 'M',
|
|
145
|
+
join: true,
|
|
146
|
+
});
|
|
147
|
+
return qr.svg();
|
|
148
|
+
}
|
|
149
|
+
//# sourceMappingURL=totp.js.map
|
package/dist/totp.js.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"totp.js","sourceRoot":"","sources":["../src/totp.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAMA,oCAmBC;AAED,oCAkBC;AAID,gDAEC;AAED,0CAIC;AAeD,gCASC;AAID,kDAWC;AAED,4CAOC;AAOD,8CAYC;AA5HD,oDAAsC;AAEtC,uEAAuE;AAEvE,MAAM,eAAe,GAAG,kCAAkC,CAAC;AAE3D,SAAgB,YAAY,CAAC,MAAc;IACzC,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,IAAI,MAAM,GAAG,EAAE,CAAC;IAEhB,KAAK,MAAM,IAAI,IAAI,MAAM,EAAE,CAAC;QAC1B,KAAK,GAAG,CAAC,KAAK,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC;QAC5B,IAAI,IAAI,CAAC,CAAC;QACV,OAAO,IAAI,IAAI,CAAC,EAAE,CAAC;YACjB,IAAI,IAAI,CAAC,CAAC;YACV,MAAM,IAAI,eAAe,CAAC,CAAC,KAAK,KAAK,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;IAED,IAAI,IAAI,GAAG,CAAC,EAAE,CAAC;QACb,MAAM,IAAI,eAAe,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;IAC1D,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAgB,YAAY,CAAC,GAAW;IACtC,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IACrD,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,MAAM,IAAI,IAAI,OAAO,EAAE,CAAC;QAC3B,MAAM,GAAG,GAAG,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAC1C,IAAI,GAAG,KAAK,CAAC,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,6BAA6B,IAAI,EAAE,CAAC,CAAC;QACrE,KAAK,GAAG,CAAC,KAAK,IAAI,CAAC,CAAC,GAAG,GAAG,CAAC;QAC3B,IAAI,IAAI,CAAC,CAAC;QACV,IAAI,IAAI,IAAI,CAAC,EAAE,CAAC;YACd,IAAI,IAAI,CAAC,CAAC;YACV,KAAK,CAAC,IAAI,CAAC,CAAC,KAAK,KAAK,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAC5B,CAAC;AAED,uEAAuE;AAEvE,SAAgB,kBAAkB;IAChC,OAAO,YAAY,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;AAC9C,CAAC;AAED,SAAgB,eAAe,CAAC,MAAc,EAAE,WAAmB,EAAE,MAAM,GAAG,WAAW;IACvF,MAAM,aAAa,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;IACjD,MAAM,cAAc,GAAG,kBAAkB,CAAC,WAAW,CAAC,CAAC;IACvD,OAAO,kBAAkB,aAAa,IAAI,cAAc,WAAW,MAAM,WAAW,aAAa,oCAAoC,CAAC;AACxI,CAAC;AAED,SAAS,WAAW,CAAC,MAAc,EAAE,OAAe;IAClD,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC5B,GAAG,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAC9B,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC;IACpE,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC;IAC5C,MAAM,IAAI,GACR,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC7B,CAAC,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QACjC,CAAC,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC;QAChC,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;IAC5B,OAAO,MAAM,CAAC,IAAI,GAAG,SAAS,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;AACnD,CAAC;AAED,SAAgB,UAAU,CAAC,MAAc,EAAE,IAAY,EAAE,MAAM,GAAG,CAAC;IACjE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC;IACxC,MAAM,GAAG,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;IACjC,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC;IAExD,KAAK,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,IAAI,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,IAAI,WAAW,CAAC,GAAG,EAAE,OAAO,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI;YAAE,OAAO,IAAI,CAAC;IAClE,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,wEAAwE;AAExE,SAAgB,mBAAmB,CAAC,KAAK,GAAG,CAAC;IAC3C,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC;QAC/B,MAAM,IAAI,GAAG,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,aAAa;QACjE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjB,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;IACtE,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;AAC3B,CAAC;AAED,SAAgB,gBAAgB,CAAC,IAAY,EAAE,MAAgB;IAC7D,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACpE,MAAM,GAAG,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACjC,IAAI,GAAG,KAAK,CAAC,CAAC;QAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,eAAe,EAAE,MAAM,EAAE,CAAC;IACjE,MAAM,eAAe,GAAG,CAAC,GAAG,MAAM,CAAC,CAAC;IACpC,eAAe,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;IAC/B,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC;AAC1C,CAAC;AAED,wEAAwE;AAExE,iEAAiE;AACjE,MAAM,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;AAErC,SAAgB,iBAAiB,CAAC,GAAW;IAC3C,MAAM,EAAE,GAAG,IAAI,MAAM,CAAC;QACpB,OAAO,EAAE,GAAG;QACZ,OAAO,EAAE,CAAC;QACV,KAAK,EAAE,GAAG;QACV,MAAM,EAAE,GAAG;QACX,KAAK,EAAE,SAAS;QAChB,UAAU,EAAE,SAAS;QACrB,GAAG,EAAE,GAAG;QACR,IAAI,EAAE,IAAI;KACX,CAAC,CAAC;IACH,OAAO,EAAE,CAAC,GAAG,EAAY,CAAC;AAC5B,CAAC"}
|
package/dist/types.d.ts
CHANGED
|
@@ -1,19 +1,54 @@
|
|
|
1
1
|
import { z } from 'zod';
|
|
2
|
-
|
|
2
|
+
import type { IdentityAssuranceLevel, ContactIdentity, GovernmentId, CompanyId, Signatory, SignatoryRule } from './identity.js';
|
|
3
|
+
export declare const DecisionResult: z.ZodEnum<{
|
|
4
|
+
ALLOW: "ALLOW";
|
|
5
|
+
DENY: "DENY";
|
|
6
|
+
REQUIRE_APPROVAL: "REQUIRE_APPROVAL";
|
|
7
|
+
REQUIRE_STEP_UP: "REQUIRE_STEP_UP";
|
|
8
|
+
REQUIRE_DEPOSIT: "REQUIRE_DEPOSIT";
|
|
9
|
+
}>;
|
|
3
10
|
export type DecisionResult = z.infer<typeof DecisionResult>;
|
|
4
|
-
export declare const ObligationType: z.ZodEnum<
|
|
11
|
+
export declare const ObligationType: z.ZodEnum<{
|
|
12
|
+
HUMAN_APPROVAL: "HUMAN_APPROVAL";
|
|
13
|
+
STEP_UP_AUTH: "STEP_UP_AUTH";
|
|
14
|
+
DEPOSIT: "DEPOSIT";
|
|
15
|
+
COUNTERPARTY_ATTESTATION: "COUNTERPARTY_ATTESTATION";
|
|
16
|
+
}>;
|
|
5
17
|
export type ObligationType = z.infer<typeof ObligationType>;
|
|
6
|
-
export declare const ObligationStatus: z.ZodEnum<
|
|
18
|
+
export declare const ObligationStatus: z.ZodEnum<{
|
|
19
|
+
PENDING: "PENDING";
|
|
20
|
+
FULFILLED: "FULFILLED";
|
|
21
|
+
WAIVED: "WAIVED";
|
|
22
|
+
}>;
|
|
7
23
|
export type ObligationStatus = z.infer<typeof ObligationStatus>;
|
|
8
|
-
export declare const PrincipalType: z.ZodEnum<
|
|
24
|
+
export declare const PrincipalType: z.ZodEnum<{
|
|
25
|
+
HUMAN: "HUMAN";
|
|
26
|
+
ORG: "ORG";
|
|
27
|
+
}>;
|
|
9
28
|
export type PrincipalType = z.infer<typeof PrincipalType>;
|
|
10
|
-
export declare const PrincipalStatus: z.ZodEnum<
|
|
29
|
+
export declare const PrincipalStatus: z.ZodEnum<{
|
|
30
|
+
ACTIVE: "ACTIVE";
|
|
31
|
+
SUSPENDED: "SUSPENDED";
|
|
32
|
+
REVOKED: "REVOKED";
|
|
33
|
+
}>;
|
|
11
34
|
export type PrincipalStatus = z.infer<typeof PrincipalStatus>;
|
|
12
|
-
export declare const AgentStatus: z.ZodEnum<
|
|
35
|
+
export declare const AgentStatus: z.ZodEnum<{
|
|
36
|
+
ACTIVE: "ACTIVE";
|
|
37
|
+
REVOKED: "REVOKED";
|
|
38
|
+
}>;
|
|
13
39
|
export type AgentStatus = z.infer<typeof AgentStatus>;
|
|
14
|
-
export declare const TrustProfile: z.ZodEnum<
|
|
40
|
+
export declare const TrustProfile: z.ZodEnum<{
|
|
41
|
+
LOW: "LOW";
|
|
42
|
+
MEDIUM: "MEDIUM";
|
|
43
|
+
HIGH: "HIGH";
|
|
44
|
+
REGULATED: "REGULATED";
|
|
45
|
+
}>;
|
|
15
46
|
export type TrustProfile = z.infer<typeof TrustProfile>;
|
|
16
|
-
export declare const AssuranceLevel: z.ZodEnum<
|
|
47
|
+
export declare const AssuranceLevel: z.ZodEnum<{
|
|
48
|
+
LOW: "LOW";
|
|
49
|
+
HIGH: "HIGH";
|
|
50
|
+
SUBSTANTIAL: "SUBSTANTIAL";
|
|
51
|
+
}>;
|
|
17
52
|
export type AssuranceLevel = z.infer<typeof AssuranceLevel>;
|
|
18
53
|
export declare const ActionRequestSchema: z.ZodObject<{
|
|
19
54
|
action_id: z.ZodString;
|
|
@@ -21,82 +56,38 @@ export declare const ActionRequestSchema: z.ZodObject<{
|
|
|
21
56
|
requested_at: z.ZodString;
|
|
22
57
|
principal: z.ZodObject<{
|
|
23
58
|
agent_id: z.ZodString;
|
|
24
|
-
},
|
|
25
|
-
agent_id: string;
|
|
26
|
-
}, {
|
|
27
|
-
agent_id: string;
|
|
28
|
-
}>;
|
|
59
|
+
}, z.core.$strip>;
|
|
29
60
|
subject: z.ZodObject<{
|
|
30
61
|
principal_id: z.ZodString;
|
|
31
|
-
},
|
|
32
|
-
principal_id: string;
|
|
33
|
-
}, {
|
|
34
|
-
principal_id: string;
|
|
35
|
-
}>;
|
|
62
|
+
}, z.core.$strip>;
|
|
36
63
|
relying_party: z.ZodOptional<z.ZodObject<{
|
|
37
64
|
rp_id: z.ZodOptional<z.ZodString>;
|
|
38
65
|
domain: z.ZodOptional<z.ZodString>;
|
|
39
|
-
trust_profile: z.ZodOptional<z.ZodEnum<
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
domain?: string | undefined;
|
|
47
|
-
trust_profile?: "LOW" | "MEDIUM" | "HIGH" | "REGULATED" | undefined;
|
|
48
|
-
}>>;
|
|
66
|
+
trust_profile: z.ZodOptional<z.ZodEnum<{
|
|
67
|
+
LOW: "LOW";
|
|
68
|
+
MEDIUM: "MEDIUM";
|
|
69
|
+
HIGH: "HIGH";
|
|
70
|
+
REGULATED: "REGULATED";
|
|
71
|
+
}>>;
|
|
72
|
+
}, z.core.$strip>>;
|
|
49
73
|
payload: z.ZodRecord<z.ZodString, z.ZodUnknown>;
|
|
50
|
-
},
|
|
51
|
-
action_id: string;
|
|
52
|
-
action_type: string;
|
|
53
|
-
requested_at: string;
|
|
54
|
-
principal: {
|
|
55
|
-
agent_id: string;
|
|
56
|
-
};
|
|
57
|
-
subject: {
|
|
58
|
-
principal_id: string;
|
|
59
|
-
};
|
|
60
|
-
payload: Record<string, unknown>;
|
|
61
|
-
relying_party?: {
|
|
62
|
-
rp_id?: string | undefined;
|
|
63
|
-
domain?: string | undefined;
|
|
64
|
-
trust_profile?: "LOW" | "MEDIUM" | "HIGH" | "REGULATED" | undefined;
|
|
65
|
-
} | undefined;
|
|
66
|
-
}, {
|
|
67
|
-
action_id: string;
|
|
68
|
-
action_type: string;
|
|
69
|
-
requested_at: string;
|
|
70
|
-
principal: {
|
|
71
|
-
agent_id: string;
|
|
72
|
-
};
|
|
73
|
-
subject: {
|
|
74
|
-
principal_id: string;
|
|
75
|
-
};
|
|
76
|
-
payload: Record<string, unknown>;
|
|
77
|
-
relying_party?: {
|
|
78
|
-
rp_id?: string | undefined;
|
|
79
|
-
domain?: string | undefined;
|
|
80
|
-
trust_profile?: "LOW" | "MEDIUM" | "HIGH" | "REGULATED" | undefined;
|
|
81
|
-
} | undefined;
|
|
82
|
-
}>;
|
|
74
|
+
}, z.core.$strip>;
|
|
83
75
|
export type ActionRequest = z.infer<typeof ActionRequestSchema>;
|
|
84
76
|
export declare const ObligationSchema: z.ZodObject<{
|
|
85
77
|
obligation_id: z.ZodString;
|
|
86
|
-
type: z.ZodEnum<
|
|
87
|
-
|
|
78
|
+
type: z.ZodEnum<{
|
|
79
|
+
HUMAN_APPROVAL: "HUMAN_APPROVAL";
|
|
80
|
+
STEP_UP_AUTH: "STEP_UP_AUTH";
|
|
81
|
+
DEPOSIT: "DEPOSIT";
|
|
82
|
+
COUNTERPARTY_ATTESTATION: "COUNTERPARTY_ATTESTATION";
|
|
83
|
+
}>;
|
|
84
|
+
status: z.ZodEnum<{
|
|
85
|
+
PENDING: "PENDING";
|
|
86
|
+
FULFILLED: "FULFILLED";
|
|
87
|
+
WAIVED: "WAIVED";
|
|
88
|
+
}>;
|
|
88
89
|
details_json: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
|
|
89
|
-
},
|
|
90
|
-
type: "HUMAN_APPROVAL" | "STEP_UP_AUTH" | "DEPOSIT" | "COUNTERPARTY_ATTESTATION";
|
|
91
|
-
status: "PENDING" | "FULFILLED" | "WAIVED";
|
|
92
|
-
obligation_id: string;
|
|
93
|
-
details_json?: Record<string, unknown> | undefined;
|
|
94
|
-
}, {
|
|
95
|
-
type: "HUMAN_APPROVAL" | "STEP_UP_AUTH" | "DEPOSIT" | "COUNTERPARTY_ATTESTATION";
|
|
96
|
-
status: "PENDING" | "FULFILLED" | "WAIVED";
|
|
97
|
-
obligation_id: string;
|
|
98
|
-
details_json?: Record<string, unknown> | undefined;
|
|
99
|
-
}>;
|
|
90
|
+
}, z.core.$strip>;
|
|
100
91
|
export type Obligation = z.infer<typeof ObligationSchema>;
|
|
101
92
|
export interface AuthorizeResponse {
|
|
102
93
|
decision_id: string;
|
|
@@ -205,6 +196,8 @@ export interface StateData {
|
|
|
205
196
|
agents: StateAgentEntry[];
|
|
206
197
|
policies: StatePolicyEntry[];
|
|
207
198
|
bindings: StateBinding[];
|
|
199
|
+
approval_requests?: StateApprovalRequestEntry[];
|
|
200
|
+
policy_drafts?: StatePolicyDraftEntry[];
|
|
208
201
|
}
|
|
209
202
|
export interface ServerKeyFile {
|
|
210
203
|
kid: string;
|
|
@@ -220,6 +213,19 @@ export interface OwnerFrontmatter {
|
|
|
220
213
|
status: PrincipalStatus;
|
|
221
214
|
attributes: Record<string, unknown>;
|
|
222
215
|
created_at: string;
|
|
216
|
+
identity_assurance_level?: IdentityAssuranceLevel;
|
|
217
|
+
contact_identities?: ContactIdentity[];
|
|
218
|
+
government_ids?: GovernmentId[];
|
|
219
|
+
company_ids?: CompanyId[];
|
|
220
|
+
signatories?: Signatory[];
|
|
221
|
+
signatory_rules?: SignatoryRule[];
|
|
222
|
+
passphrase_hash?: string;
|
|
223
|
+
passphrase_salt?: string;
|
|
224
|
+
passphrase_set_at?: string;
|
|
225
|
+
totp_secret_b32?: string;
|
|
226
|
+
totp_enabled?: boolean;
|
|
227
|
+
totp_enabled_at?: string;
|
|
228
|
+
totp_backup_codes_hash?: string[];
|
|
223
229
|
}
|
|
224
230
|
export interface AgentFrontmatter {
|
|
225
231
|
agent_principal_id: string;
|
|
@@ -231,7 +237,145 @@ export interface AgentFrontmatter {
|
|
|
231
237
|
created_at: string;
|
|
232
238
|
revoked_at: string | null;
|
|
233
239
|
}
|
|
234
|
-
export declare const
|
|
240
|
+
export declare const ApprovalRequestStatus: z.ZodEnum<{
|
|
241
|
+
PENDING: "PENDING";
|
|
242
|
+
APPROVED: "APPROVED";
|
|
243
|
+
DENIED: "DENIED";
|
|
244
|
+
EXPIRED: "EXPIRED";
|
|
245
|
+
}>;
|
|
246
|
+
export type ApprovalRequestStatus = z.infer<typeof ApprovalRequestStatus>;
|
|
247
|
+
export interface ApprovalRequestFrontmatter {
|
|
248
|
+
approval_request_id: string;
|
|
249
|
+
decision_id: string;
|
|
250
|
+
agent_principal_id: string;
|
|
251
|
+
agent_id: string;
|
|
252
|
+
owner_principal_id: string;
|
|
253
|
+
action_type: string;
|
|
254
|
+
action_hash: string;
|
|
255
|
+
action: ActionRequest;
|
|
256
|
+
justification: string | null;
|
|
257
|
+
context: Record<string, unknown> | null;
|
|
258
|
+
status: ApprovalRequestStatus;
|
|
259
|
+
approval_token: string | null;
|
|
260
|
+
approval_token_expires_at: string | null;
|
|
261
|
+
resolved_at: string | null;
|
|
262
|
+
resolved_by: string | null;
|
|
263
|
+
denial_reason: string | null;
|
|
264
|
+
consumed_at: string | null;
|
|
265
|
+
created_at: string;
|
|
266
|
+
expires_at: string;
|
|
267
|
+
}
|
|
268
|
+
export interface StateApprovalRequestEntry {
|
|
269
|
+
approval_request_id: string;
|
|
270
|
+
owner_principal_id: string;
|
|
271
|
+
agent_principal_id: string;
|
|
272
|
+
status: ApprovalRequestStatus;
|
|
273
|
+
path: string;
|
|
274
|
+
}
|
|
275
|
+
export declare const PolicyDraftStatus: z.ZodEnum<{
|
|
276
|
+
PENDING: "PENDING";
|
|
277
|
+
APPROVED: "APPROVED";
|
|
278
|
+
DENIED: "DENIED";
|
|
279
|
+
}>;
|
|
280
|
+
export type PolicyDraftStatus = z.infer<typeof PolicyDraftStatus>;
|
|
281
|
+
export interface PolicyDraftFrontmatter {
|
|
282
|
+
policy_draft_id: string;
|
|
283
|
+
agent_principal_id: string;
|
|
284
|
+
agent_id: string;
|
|
285
|
+
owner_principal_id: string;
|
|
286
|
+
applies_to_agent_principal_id: string | null;
|
|
287
|
+
policy_yaml: string;
|
|
288
|
+
justification: string | null;
|
|
289
|
+
status: PolicyDraftStatus;
|
|
290
|
+
resulting_policy_id: string | null;
|
|
291
|
+
resolved_at: string | null;
|
|
292
|
+
resolved_by: string | null;
|
|
293
|
+
denial_reason: string | null;
|
|
294
|
+
created_at: string;
|
|
295
|
+
}
|
|
296
|
+
export interface StatePolicyDraftEntry {
|
|
297
|
+
policy_draft_id: string;
|
|
298
|
+
owner_principal_id: string;
|
|
299
|
+
agent_principal_id: string;
|
|
300
|
+
status: PolicyDraftStatus;
|
|
301
|
+
path: string;
|
|
302
|
+
}
|
|
303
|
+
export interface SetupInvite {
|
|
304
|
+
invite_id: string;
|
|
305
|
+
owner_principal_id: string;
|
|
306
|
+
token_hash: string;
|
|
307
|
+
token_salt: string;
|
|
308
|
+
expires_at: string;
|
|
309
|
+
used: boolean;
|
|
310
|
+
used_at: string | null;
|
|
311
|
+
created_at: string;
|
|
312
|
+
}
|
|
313
|
+
export interface AgentInvite {
|
|
314
|
+
invite_id: string;
|
|
315
|
+
owner_principal_id: string;
|
|
316
|
+
token_hash: string;
|
|
317
|
+
token_salt: string;
|
|
318
|
+
expires_at: string;
|
|
319
|
+
used: boolean;
|
|
320
|
+
used_at: string | null;
|
|
321
|
+
created_at: string;
|
|
322
|
+
}
|
|
323
|
+
export interface SessionClaims {
|
|
324
|
+
iss: string;
|
|
325
|
+
kid: string;
|
|
326
|
+
sub: string;
|
|
327
|
+
iat: string;
|
|
328
|
+
exp: string;
|
|
329
|
+
purpose: 'owner_session';
|
|
330
|
+
}
|
|
331
|
+
export interface ApprovalTokenClaims {
|
|
332
|
+
iss: string;
|
|
333
|
+
kid: string;
|
|
334
|
+
iat: string;
|
|
335
|
+
exp: string;
|
|
336
|
+
approval_request_id: string;
|
|
337
|
+
owner_principal_id: string;
|
|
338
|
+
agent_id: string;
|
|
339
|
+
action_type: string;
|
|
340
|
+
action_hash: string;
|
|
341
|
+
purpose: 'approval';
|
|
342
|
+
}
|
|
343
|
+
export declare const AuditEventType: z.ZodEnum<{
|
|
344
|
+
OWNER_CREATED: "OWNER_CREATED";
|
|
345
|
+
OWNER_UPDATED: "OWNER_UPDATED";
|
|
346
|
+
OWNER_IDENTITY_UPDATED: "OWNER_IDENTITY_UPDATED";
|
|
347
|
+
OWNER_SETUP_INVITE_CREATED: "OWNER_SETUP_INVITE_CREATED";
|
|
348
|
+
OWNER_SETUP_COMPLETED: "OWNER_SETUP_COMPLETED";
|
|
349
|
+
OWNER_LOGIN: "OWNER_LOGIN";
|
|
350
|
+
OWNER_LOGOUT: "OWNER_LOGOUT";
|
|
351
|
+
AGENT_CHALLENGE_ISSUED: "AGENT_CHALLENGE_ISSUED";
|
|
352
|
+
AGENT_REGISTERED: "AGENT_REGISTERED";
|
|
353
|
+
POLICY_UPSERTED: "POLICY_UPSERTED";
|
|
354
|
+
AUTHORIZE_CALLED: "AUTHORIZE_CALLED";
|
|
355
|
+
DECISION_CREATED: "DECISION_CREATED";
|
|
356
|
+
PROOF_ISSUED: "PROOF_ISSUED";
|
|
357
|
+
PROOF_VERIFIED: "PROOF_VERIFIED";
|
|
358
|
+
PLAYGROUND_RUN: "PLAYGROUND_RUN";
|
|
359
|
+
KEY_ROTATED: "KEY_ROTATED";
|
|
360
|
+
SERVER_STARTED: "SERVER_STARTED";
|
|
361
|
+
POLICY_UPDATED: "POLICY_UPDATED";
|
|
362
|
+
POLICY_DELETED: "POLICY_DELETED";
|
|
363
|
+
POLICY_UNBOUND: "POLICY_UNBOUND";
|
|
364
|
+
APPROVAL_REQUEST_CREATED: "APPROVAL_REQUEST_CREATED";
|
|
365
|
+
APPROVAL_REQUEST_APPROVED: "APPROVAL_REQUEST_APPROVED";
|
|
366
|
+
APPROVAL_REQUEST_DENIED: "APPROVAL_REQUEST_DENIED";
|
|
367
|
+
APPROVAL_REQUEST_EXPIRED: "APPROVAL_REQUEST_EXPIRED";
|
|
368
|
+
APPROVAL_TOKEN_USED: "APPROVAL_TOKEN_USED";
|
|
369
|
+
INITIAL_SETUP_COMPLETED: "INITIAL_SETUP_COMPLETED";
|
|
370
|
+
OWNER_TOTP_ENABLED: "OWNER_TOTP_ENABLED";
|
|
371
|
+
OWNER_TOTP_DISABLED: "OWNER_TOTP_DISABLED";
|
|
372
|
+
OWNER_TOTP_BACKUP_USED: "OWNER_TOTP_BACKUP_USED";
|
|
373
|
+
AGENT_INVITE_CREATED: "AGENT_INVITE_CREATED";
|
|
374
|
+
AGENT_REGISTERED_VIA_INVITE: "AGENT_REGISTERED_VIA_INVITE";
|
|
375
|
+
POLICY_DRAFT_CREATED: "POLICY_DRAFT_CREATED";
|
|
376
|
+
POLICY_DRAFT_APPROVED: "POLICY_DRAFT_APPROVED";
|
|
377
|
+
POLICY_DRAFT_DENIED: "POLICY_DRAFT_DENIED";
|
|
378
|
+
}>;
|
|
235
379
|
export type AuditEventType = z.infer<typeof AuditEventType>;
|
|
236
380
|
export interface AuditEvent {
|
|
237
381
|
event_id: string;
|
|
@@ -254,6 +398,7 @@ export interface OpenleashConfig {
|
|
|
254
398
|
security: {
|
|
255
399
|
nonce_ttl_seconds: number;
|
|
256
400
|
clock_skew_seconds: number;
|
|
401
|
+
require_totp?: boolean;
|
|
257
402
|
};
|
|
258
403
|
tokens: {
|
|
259
404
|
format: 'paseto_v4_public';
|
|
@@ -263,6 +408,13 @@ export interface OpenleashConfig {
|
|
|
263
408
|
gui?: {
|
|
264
409
|
enabled: boolean;
|
|
265
410
|
};
|
|
411
|
+
sessions?: {
|
|
412
|
+
ttl_seconds: number;
|
|
413
|
+
};
|
|
414
|
+
approval?: {
|
|
415
|
+
request_ttl_seconds: number;
|
|
416
|
+
token_ttl_seconds: number;
|
|
417
|
+
};
|
|
266
418
|
}
|
|
267
419
|
export interface RegistrationChallenge {
|
|
268
420
|
challenge_id: string;
|