@openleash/core 0.3.0 → 0.5.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/audit.d.ts +45 -0
- package/dist/audit.d.ts.map +1 -1
- package/dist/audit.js +232 -5
- package/dist/audit.js.map +1 -1
- package/dist/file-store.d.ts +19 -0
- package/dist/file-store.d.ts.map +1 -0
- package/dist/file-store.js +233 -0
- package/dist/file-store.js.map +1 -0
- package/dist/identity-validators.d.ts +26 -0
- package/dist/identity-validators.d.ts.map +1 -0
- package/dist/identity-validators.js +664 -0
- package/dist/identity-validators.js.map +1 -0
- package/dist/identity.d.ts +250 -0
- package/dist/identity.d.ts.map +1 -0
- package/dist/identity.js +244 -0
- package/dist/identity.js.map +1 -0
- package/dist/index.d.ts +8 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +8 -0
- package/dist/index.js.map +1 -1
- package/dist/keys.d.ts +2 -0
- package/dist/keys.d.ts.map +1 -1
- package/dist/keys.js +2 -0
- package/dist/keys.js.map +1 -1
- package/dist/passphrase.d.ts +6 -0
- package/dist/passphrase.d.ts.map +1 -0
- package/dist/passphrase.js +61 -0
- package/dist/passphrase.js.map +1 -0
- package/dist/plugin-loader.d.ts +6 -0
- package/dist/plugin-loader.d.ts.map +1 -0
- package/dist/plugin-loader.js +24 -0
- package/dist/plugin-loader.js.map +1 -0
- package/dist/state.d.ts +47 -1
- package/dist/state.d.ts.map +1 -1
- package/dist/state.js +142 -0
- package/dist/state.js.map +1 -1
- package/dist/store.d.ts +61 -0
- package/dist/store.d.ts.map +1 -0
- package/dist/store.js +3 -0
- package/dist/store.js.map +1 -0
- package/dist/tokens.d.ts +35 -1
- package/dist/tokens.d.ts.map +1 -1
- package/dist/tokens.js +82 -0
- package/dist/tokens.js.map +1 -1
- package/dist/totp.d.ts +15 -0
- package/dist/totp.d.ts.map +1 -0
- package/dist/totp.js +149 -0
- package/dist/totp.js.map +1 -0
- package/dist/types.d.ts +240 -75
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js +38 -3
- package/dist/types.js.map +1 -1
- package/dist/webhook.d.ts +25 -0
- package/dist/webhook.d.ts.map +1 -0
- package/dist/webhook.js +114 -0
- package/dist/webhook.js.map +1 -0
- package/package.json +8 -4
package/dist/tokens.js
CHANGED
|
@@ -2,6 +2,10 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.issueProofToken = issueProofToken;
|
|
4
4
|
exports.verifyProofToken = verifyProofToken;
|
|
5
|
+
exports.issueSessionToken = issueSessionToken;
|
|
6
|
+
exports.verifySessionToken = verifySessionToken;
|
|
7
|
+
exports.issueApprovalToken = issueApprovalToken;
|
|
8
|
+
exports.verifyApprovalToken = verifyApprovalToken;
|
|
5
9
|
const paseto_1 = require("paseto");
|
|
6
10
|
const keys_js_1 = require("./keys.js");
|
|
7
11
|
async function issueProofToken(params) {
|
|
@@ -53,4 +57,82 @@ async function verifyProofToken(token, keys) {
|
|
|
53
57
|
}
|
|
54
58
|
return { valid: false, reason: 'No matching key found or invalid signature' };
|
|
55
59
|
}
|
|
60
|
+
async function issueSessionToken(params) {
|
|
61
|
+
const now = new Date();
|
|
62
|
+
const exp = new Date(now.getTime() + params.ttlSeconds * 1000);
|
|
63
|
+
const claims = {
|
|
64
|
+
iss: 'openleash',
|
|
65
|
+
kid: params.key.kid,
|
|
66
|
+
sub: params.ownerPrincipalId,
|
|
67
|
+
iat: now.toISOString(),
|
|
68
|
+
exp: exp.toISOString(),
|
|
69
|
+
purpose: 'owner_session',
|
|
70
|
+
};
|
|
71
|
+
const privateKey = (0, keys_js_1.getPrivateKeyObject)(params.key);
|
|
72
|
+
const token = await paseto_1.V4.sign({ ...claims }, privateKey, { expiresIn: `${params.ttlSeconds} seconds` });
|
|
73
|
+
return { token, expiresAt: exp.toISOString(), claims };
|
|
74
|
+
}
|
|
75
|
+
async function verifySessionToken(token, keys) {
|
|
76
|
+
for (const key of keys) {
|
|
77
|
+
try {
|
|
78
|
+
const publicKey = (0, keys_js_1.getPublicKeyObject)(key);
|
|
79
|
+
const payload = await paseto_1.V4.verify(token, publicKey);
|
|
80
|
+
if (payload.purpose !== 'owner_session') {
|
|
81
|
+
return { valid: false, reason: 'Invalid token purpose' };
|
|
82
|
+
}
|
|
83
|
+
if (payload.exp) {
|
|
84
|
+
const expDate = new Date(payload.exp);
|
|
85
|
+
if (expDate.getTime() < Date.now()) {
|
|
86
|
+
return { valid: false, reason: 'Session expired', claims: payload };
|
|
87
|
+
}
|
|
88
|
+
}
|
|
89
|
+
return { valid: true, claims: payload };
|
|
90
|
+
}
|
|
91
|
+
catch {
|
|
92
|
+
continue;
|
|
93
|
+
}
|
|
94
|
+
}
|
|
95
|
+
return { valid: false, reason: 'No matching key found or invalid signature' };
|
|
96
|
+
}
|
|
97
|
+
async function issueApprovalToken(params) {
|
|
98
|
+
const now = new Date();
|
|
99
|
+
const exp = new Date(now.getTime() + params.ttlSeconds * 1000);
|
|
100
|
+
const claims = {
|
|
101
|
+
iss: 'openleash',
|
|
102
|
+
kid: params.key.kid,
|
|
103
|
+
iat: now.toISOString(),
|
|
104
|
+
exp: exp.toISOString(),
|
|
105
|
+
approval_request_id: params.approvalRequestId,
|
|
106
|
+
owner_principal_id: params.ownerPrincipalId,
|
|
107
|
+
agent_id: params.agentId,
|
|
108
|
+
action_type: params.actionType,
|
|
109
|
+
action_hash: params.actionHash,
|
|
110
|
+
purpose: 'approval',
|
|
111
|
+
};
|
|
112
|
+
const privateKey = (0, keys_js_1.getPrivateKeyObject)(params.key);
|
|
113
|
+
const token = await paseto_1.V4.sign({ ...claims }, privateKey, { expiresIn: `${params.ttlSeconds} seconds` });
|
|
114
|
+
return { token, expiresAt: exp.toISOString(), claims };
|
|
115
|
+
}
|
|
116
|
+
async function verifyApprovalToken(token, keys) {
|
|
117
|
+
for (const key of keys) {
|
|
118
|
+
try {
|
|
119
|
+
const publicKey = (0, keys_js_1.getPublicKeyObject)(key);
|
|
120
|
+
const payload = await paseto_1.V4.verify(token, publicKey);
|
|
121
|
+
if (payload.purpose !== 'approval') {
|
|
122
|
+
return { valid: false, reason: 'Invalid token purpose' };
|
|
123
|
+
}
|
|
124
|
+
if (payload.exp) {
|
|
125
|
+
const expDate = new Date(payload.exp);
|
|
126
|
+
if (expDate.getTime() < Date.now()) {
|
|
127
|
+
return { valid: false, reason: 'Approval token expired', claims: payload };
|
|
128
|
+
}
|
|
129
|
+
}
|
|
130
|
+
return { valid: true, claims: payload };
|
|
131
|
+
}
|
|
132
|
+
catch {
|
|
133
|
+
continue;
|
|
134
|
+
}
|
|
135
|
+
}
|
|
136
|
+
return { valid: false, reason: 'No matching key found or invalid signature' };
|
|
137
|
+
}
|
|
56
138
|
//# sourceMappingURL=tokens.js.map
|
package/dist/tokens.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tokens.js","sourceRoot":"","sources":["../src/tokens.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"tokens.js","sourceRoot":"","sources":["../src/tokens.ts"],"names":[],"mappings":";;AAgCA,0CAkCC;AAED,4CA0BC;AAUD,8CAyBC;AAED,gDA2BC;AAcD,gDA6BC;AAED,kDA2BC;AAtOD,mCAA4B;AAE5B,uCAAoE;AA8B7D,KAAK,UAAU,eAAe,CAAC,MAAwB;IAK5D,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,MAAM,GAAG,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;IAE/D,MAAM,MAAM,GAAgB;QAC1B,GAAG,EAAE,WAAW;QAChB,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,GAAG;QACnB,GAAG,EAAE,GAAG,CAAC,WAAW,EAAE;QACtB,GAAG,EAAE,GAAG,CAAC,WAAW,EAAE;QACtB,WAAW,EAAE,MAAM,CAAC,UAAU;QAC9B,kBAAkB,EAAE,MAAM,CAAC,gBAAgB;QAC3C,QAAQ,EAAE,MAAM,CAAC,OAAO;QACxB,WAAW,EAAE,MAAM,CAAC,UAAU;QAC9B,WAAW,EAAE,MAAM,CAAC,UAAU;QAC9B,eAAe,EAAE,MAAM,CAAC,aAAa;KACtC,CAAC;IAEF,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;QACxB,MAAM,CAAC,aAAa,GAAG,MAAM,CAAC,YAAY,CAAC;IAC7C,CAAC;IACD,IAAI,MAAM,CAAC,mBAAmB,EAAE,CAAC;QAC/B,MAAM,CAAC,oBAAoB,GAAG,MAAM,CAAC,mBAAmB,CAAC;IAC3D,CAAC;IAED,MAAM,UAAU,GAAG,IAAA,6BAAmB,EAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACnD,MAAM,KAAK,GAAG,MAAM,WAAE,CAAC,IAAI,CAAC,EAAE,GAAG,MAAM,EAAwC,EAAE,UAAU,EAAE;QAC3F,SAAS,EAAE,GAAG,MAAM,CAAC,UAAU,UAAU;KAC1C,CAAC,CAAC;IAEH,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,CAAC,WAAW,EAAE,EAAE,MAAM,EAAE,CAAC;AACzD,CAAC;AAEM,KAAK,UAAU,gBAAgB,CACpC,KAAa,EACb,IAAqB;IAErB,eAAe;IACf,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,IAAA,4BAAkB,EAAC,GAAG,CAAC,CAAC;YAC1C,MAAM,OAAO,GAAG,MAAM,WAAE,CAAC,MAAM,CAAC,KAAK,EAAE,SAAS,CAAgB,CAAC;YAEjE,mBAAmB;YACnB,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;gBAChB,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBACtC,IAAI,OAAO,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;oBACnC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;gBACpE,CAAC;YACH,CAAC;YAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;QAC1C,CAAC;QAAC,MAAM,CAAC;YACP,eAAe;YACf,SAAS;QACX,CAAC;IACH,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,4CAA4C,EAAE,CAAC;AAChF,CAAC;AAUM,KAAK,UAAU,iBAAiB,CAAC,MAA0B;IAKhE,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,MAAM,GAAG,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;IAE/D,MAAM,MAAM,GAAkB;QAC5B,GAAG,EAAE,WAAW;QAChB,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,GAAG;QACnB,GAAG,EAAE,MAAM,CAAC,gBAAgB;QAC5B,GAAG,EAAE,GAAG,CAAC,WAAW,EAAE;QACtB,GAAG,EAAE,GAAG,CAAC,WAAW,EAAE;QACtB,OAAO,EAAE,eAAe;KACzB,CAAC;IAEF,MAAM,UAAU,GAAG,IAAA,6BAAmB,EAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACnD,MAAM,KAAK,GAAG,MAAM,WAAE,CAAC,IAAI,CACzB,EAAE,GAAG,MAAM,EAAwC,EACnD,UAAU,EACV,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC,UAAU,UAAU,EAAE,CAC9C,CAAC;IAEF,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,CAAC,WAAW,EAAE,EAAE,MAAM,EAAE,CAAC;AACzD,CAAC;AAEM,KAAK,UAAU,kBAAkB,CACtC,KAAa,EACb,IAAqB;IAErB,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,IAAA,4BAAkB,EAAC,GAAG,CAAC,CAAC;YAC1C,MAAM,OAAO,GAAG,MAAM,WAAE,CAAC,MAAM,CAAC,KAAK,EAAE,SAAS,CAAkB,CAAC;YAEnE,IAAI,OAAO,CAAC,OAAO,KAAK,eAAe,EAAE,CAAC;gBACxC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC;YAC3D,CAAC;YAED,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;gBAChB,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBACtC,IAAI,OAAO,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;oBACnC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;gBACtE,CAAC;YACH,CAAC;YAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;QAC1C,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;IACH,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,4CAA4C,EAAE,CAAC;AAChF,CAAC;AAcM,KAAK,UAAU,kBAAkB,CAAC,MAAgC;IAKvE,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,MAAM,GAAG,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;IAE/D,MAAM,MAAM,GAAwB;QAClC,GAAG,EAAE,WAAW;QAChB,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,GAAG;QACnB,GAAG,EAAE,GAAG,CAAC,WAAW,EAAE;QACtB,GAAG,EAAE,GAAG,CAAC,WAAW,EAAE;QACtB,mBAAmB,EAAE,MAAM,CAAC,iBAAiB;QAC7C,kBAAkB,EAAE,MAAM,CAAC,gBAAgB;QAC3C,QAAQ,EAAE,MAAM,CAAC,OAAO;QACxB,WAAW,EAAE,MAAM,CAAC,UAAU;QAC9B,WAAW,EAAE,MAAM,CAAC,UAAU;QAC9B,OAAO,EAAE,UAAU;KACpB,CAAC;IAEF,MAAM,UAAU,GAAG,IAAA,6BAAmB,EAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACnD,MAAM,KAAK,GAAG,MAAM,WAAE,CAAC,IAAI,CACzB,EAAE,GAAG,MAAM,EAAwC,EACnD,UAAU,EACV,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC,UAAU,UAAU,EAAE,CAC9C,CAAC;IAEF,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,CAAC,WAAW,EAAE,EAAE,MAAM,EAAE,CAAC;AACzD,CAAC;AAEM,KAAK,UAAU,mBAAmB,CACvC,KAAa,EACb,IAAqB;IAErB,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,IAAA,4BAAkB,EAAC,GAAG,CAAC,CAAC;YAC1C,MAAM,OAAO,GAAG,MAAM,WAAE,CAAC,MAAM,CAAC,KAAK,EAAE,SAAS,CAAwB,CAAC;YAEzE,IAAI,OAAO,CAAC,OAAO,KAAK,UAAU,EAAE,CAAC;gBACnC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC;YAC3D,CAAC;YAED,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;gBAChB,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBACtC,IAAI,OAAO,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;oBACnC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,wBAAwB,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;gBAC7E,CAAC;YACH,CAAC;YAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;QAC1C,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;IACH,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,4CAA4C,EAAE,CAAC;AAChF,CAAC"}
|
package/dist/totp.d.ts
ADDED
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
export declare function base32Encode(buffer: Buffer): string;
|
|
2
|
+
export declare function base32Decode(str: string): Buffer;
|
|
3
|
+
export declare function generateTotpSecret(): string;
|
|
4
|
+
export declare function generateTotpUri(secret: string, accountName: string, issuer?: string): string;
|
|
5
|
+
export declare function verifyTotp(secret: string, code: string, window?: number): boolean;
|
|
6
|
+
export declare function generateBackupCodes(count?: number): {
|
|
7
|
+
codes: string[];
|
|
8
|
+
hashes: string[];
|
|
9
|
+
};
|
|
10
|
+
export declare function verifyBackupCode(code: string, hashes: string[]): {
|
|
11
|
+
valid: boolean;
|
|
12
|
+
remainingHashes: string[];
|
|
13
|
+
};
|
|
14
|
+
export declare function generateTotpQrSvg(uri: string): string;
|
|
15
|
+
//# sourceMappingURL=totp.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"totp.d.ts","sourceRoot":"","sources":["../src/totp.ts"],"names":[],"mappings":"AAMA,wBAAgB,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAmBnD;AAED,wBAAgB,YAAY,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAkBhD;AAID,wBAAgB,kBAAkB,IAAI,MAAM,CAE3C;AAED,wBAAgB,eAAe,CAAC,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,SAAc,GAAG,MAAM,CAIjG;AAeD,wBAAgB,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,SAAI,GAAG,OAAO,CAS5E;AAID,wBAAgB,mBAAmB,CAAC,KAAK,SAAI,GAAG;IAAE,KAAK,EAAE,MAAM,EAAE,CAAC;IAAC,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,CAWpF;AAED,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,eAAe,EAAE,MAAM,EAAE,CAAA;CAAE,CAO9G;AAOD,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAYrD"}
|
package/dist/totp.js
ADDED
|
@@ -0,0 +1,149 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
+
var ownKeys = function(o) {
|
|
20
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
+
var ar = [];
|
|
22
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
+
return ar;
|
|
24
|
+
};
|
|
25
|
+
return ownKeys(o);
|
|
26
|
+
};
|
|
27
|
+
return function (mod) {
|
|
28
|
+
if (mod && mod.__esModule) return mod;
|
|
29
|
+
var result = {};
|
|
30
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
+
__setModuleDefault(result, mod);
|
|
32
|
+
return result;
|
|
33
|
+
};
|
|
34
|
+
})();
|
|
35
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
36
|
+
exports.base32Encode = base32Encode;
|
|
37
|
+
exports.base32Decode = base32Decode;
|
|
38
|
+
exports.generateTotpSecret = generateTotpSecret;
|
|
39
|
+
exports.generateTotpUri = generateTotpUri;
|
|
40
|
+
exports.verifyTotp = verifyTotp;
|
|
41
|
+
exports.generateBackupCodes = generateBackupCodes;
|
|
42
|
+
exports.verifyBackupCode = verifyBackupCode;
|
|
43
|
+
exports.generateTotpQrSvg = generateTotpQrSvg;
|
|
44
|
+
const crypto = __importStar(require("node:crypto"));
|
|
45
|
+
// ─── Base32 (RFC 4648) ──────────────────────────────────────────────
|
|
46
|
+
const BASE32_ALPHABET = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567';
|
|
47
|
+
function base32Encode(buffer) {
|
|
48
|
+
let bits = 0;
|
|
49
|
+
let value = 0;
|
|
50
|
+
let output = '';
|
|
51
|
+
for (const byte of buffer) {
|
|
52
|
+
value = (value << 8) | byte;
|
|
53
|
+
bits += 8;
|
|
54
|
+
while (bits >= 5) {
|
|
55
|
+
bits -= 5;
|
|
56
|
+
output += BASE32_ALPHABET[(value >>> bits) & 0x1f];
|
|
57
|
+
}
|
|
58
|
+
}
|
|
59
|
+
if (bits > 0) {
|
|
60
|
+
output += BASE32_ALPHABET[(value << (5 - bits)) & 0x1f];
|
|
61
|
+
}
|
|
62
|
+
return output;
|
|
63
|
+
}
|
|
64
|
+
function base32Decode(str) {
|
|
65
|
+
const cleaned = str.replace(/=+$/, '').toUpperCase();
|
|
66
|
+
let bits = 0;
|
|
67
|
+
let value = 0;
|
|
68
|
+
const bytes = [];
|
|
69
|
+
for (const char of cleaned) {
|
|
70
|
+
const idx = BASE32_ALPHABET.indexOf(char);
|
|
71
|
+
if (idx === -1)
|
|
72
|
+
throw new Error(`Invalid base32 character: ${char}`);
|
|
73
|
+
value = (value << 5) | idx;
|
|
74
|
+
bits += 5;
|
|
75
|
+
if (bits >= 8) {
|
|
76
|
+
bits -= 8;
|
|
77
|
+
bytes.push((value >>> bits) & 0xff);
|
|
78
|
+
}
|
|
79
|
+
}
|
|
80
|
+
return Buffer.from(bytes);
|
|
81
|
+
}
|
|
82
|
+
// ─── TOTP (RFC 6238 / RFC 4226) ─────────────────────────────────────
|
|
83
|
+
function generateTotpSecret() {
|
|
84
|
+
return base32Encode(crypto.randomBytes(20));
|
|
85
|
+
}
|
|
86
|
+
function generateTotpUri(secret, accountName, issuer = 'OpenLeash') {
|
|
87
|
+
const encodedIssuer = encodeURIComponent(issuer);
|
|
88
|
+
const encodedAccount = encodeURIComponent(accountName);
|
|
89
|
+
return `otpauth://totp/${encodedIssuer}:${encodedAccount}?secret=${secret}&issuer=${encodedIssuer}&algorithm=SHA1&digits=6&period=30`;
|
|
90
|
+
}
|
|
91
|
+
function computeHotp(secret, counter) {
|
|
92
|
+
const buf = Buffer.alloc(8);
|
|
93
|
+
buf.writeBigUInt64BE(counter);
|
|
94
|
+
const hmac = crypto.createHmac('sha1', secret).update(buf).digest();
|
|
95
|
+
const offset = hmac[hmac.length - 1] & 0x0f;
|
|
96
|
+
const code = ((hmac[offset] & 0x7f) << 24) |
|
|
97
|
+
((hmac[offset + 1] & 0xff) << 16) |
|
|
98
|
+
((hmac[offset + 2] & 0xff) << 8) |
|
|
99
|
+
(hmac[offset + 3] & 0xff);
|
|
100
|
+
return String(code % 1_000_000).padStart(6, '0');
|
|
101
|
+
}
|
|
102
|
+
function verifyTotp(secret, code, window = 1) {
|
|
103
|
+
if (!/^\d{6}$/.test(code))
|
|
104
|
+
return false;
|
|
105
|
+
const key = base32Decode(secret);
|
|
106
|
+
const counter = BigInt(Math.floor(Date.now() / 30_000));
|
|
107
|
+
for (let i = -window; i <= window; i++) {
|
|
108
|
+
if (computeHotp(key, counter + BigInt(i)) === code)
|
|
109
|
+
return true;
|
|
110
|
+
}
|
|
111
|
+
return false;
|
|
112
|
+
}
|
|
113
|
+
// ─── Backup codes ────────────────────────────────────────────────────
|
|
114
|
+
function generateBackupCodes(count = 8) {
|
|
115
|
+
const codes = [];
|
|
116
|
+
const hashes = [];
|
|
117
|
+
for (let i = 0; i < count; i++) {
|
|
118
|
+
const code = crypto.randomBytes(4).toString('hex'); // 8-char hex
|
|
119
|
+
codes.push(code);
|
|
120
|
+
hashes.push(crypto.createHash('sha256').update(code).digest('hex'));
|
|
121
|
+
}
|
|
122
|
+
return { codes, hashes };
|
|
123
|
+
}
|
|
124
|
+
function verifyBackupCode(code, hashes) {
|
|
125
|
+
const hash = crypto.createHash('sha256').update(code).digest('hex');
|
|
126
|
+
const idx = hashes.indexOf(hash);
|
|
127
|
+
if (idx === -1)
|
|
128
|
+
return { valid: false, remainingHashes: hashes };
|
|
129
|
+
const remainingHashes = [...hashes];
|
|
130
|
+
remainingHashes.splice(idx, 1);
|
|
131
|
+
return { valid: true, remainingHashes };
|
|
132
|
+
}
|
|
133
|
+
// ─── QR code SVG generation ──────────────────────────────────────────
|
|
134
|
+
// eslint-disable-next-line @typescript-eslint/no-require-imports
|
|
135
|
+
const QRCode = require('qrcode-svg');
|
|
136
|
+
function generateTotpQrSvg(uri) {
|
|
137
|
+
const qr = new QRCode({
|
|
138
|
+
content: uri,
|
|
139
|
+
padding: 4,
|
|
140
|
+
width: 200,
|
|
141
|
+
height: 200,
|
|
142
|
+
color: '#000000',
|
|
143
|
+
background: '#ffffff',
|
|
144
|
+
ecl: 'M',
|
|
145
|
+
join: true,
|
|
146
|
+
});
|
|
147
|
+
return qr.svg();
|
|
148
|
+
}
|
|
149
|
+
//# sourceMappingURL=totp.js.map
|
package/dist/totp.js.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"totp.js","sourceRoot":"","sources":["../src/totp.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAMA,oCAmBC;AAED,oCAkBC;AAID,gDAEC;AAED,0CAIC;AAeD,gCASC;AAID,kDAWC;AAED,4CAOC;AAOD,8CAYC;AA5HD,oDAAsC;AAEtC,uEAAuE;AAEvE,MAAM,eAAe,GAAG,kCAAkC,CAAC;AAE3D,SAAgB,YAAY,CAAC,MAAc;IACzC,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,IAAI,MAAM,GAAG,EAAE,CAAC;IAEhB,KAAK,MAAM,IAAI,IAAI,MAAM,EAAE,CAAC;QAC1B,KAAK,GAAG,CAAC,KAAK,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC;QAC5B,IAAI,IAAI,CAAC,CAAC;QACV,OAAO,IAAI,IAAI,CAAC,EAAE,CAAC;YACjB,IAAI,IAAI,CAAC,CAAC;YACV,MAAM,IAAI,eAAe,CAAC,CAAC,KAAK,KAAK,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;IAED,IAAI,IAAI,GAAG,CAAC,EAAE,CAAC;QACb,MAAM,IAAI,eAAe,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;IAC1D,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAgB,YAAY,CAAC,GAAW;IACtC,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IACrD,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,MAAM,IAAI,IAAI,OAAO,EAAE,CAAC;QAC3B,MAAM,GAAG,GAAG,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAC1C,IAAI,GAAG,KAAK,CAAC,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,6BAA6B,IAAI,EAAE,CAAC,CAAC;QACrE,KAAK,GAAG,CAAC,KAAK,IAAI,CAAC,CAAC,GAAG,GAAG,CAAC;QAC3B,IAAI,IAAI,CAAC,CAAC;QACV,IAAI,IAAI,IAAI,CAAC,EAAE,CAAC;YACd,IAAI,IAAI,CAAC,CAAC;YACV,KAAK,CAAC,IAAI,CAAC,CAAC,KAAK,KAAK,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAC5B,CAAC;AAED,uEAAuE;AAEvE,SAAgB,kBAAkB;IAChC,OAAO,YAAY,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;AAC9C,CAAC;AAED,SAAgB,eAAe,CAAC,MAAc,EAAE,WAAmB,EAAE,MAAM,GAAG,WAAW;IACvF,MAAM,aAAa,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;IACjD,MAAM,cAAc,GAAG,kBAAkB,CAAC,WAAW,CAAC,CAAC;IACvD,OAAO,kBAAkB,aAAa,IAAI,cAAc,WAAW,MAAM,WAAW,aAAa,oCAAoC,CAAC;AACxI,CAAC;AAED,SAAS,WAAW,CAAC,MAAc,EAAE,OAAe;IAClD,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC5B,GAAG,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAC9B,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC;IACpE,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC;IAC5C,MAAM,IAAI,GACR,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC7B,CAAC,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QACjC,CAAC,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC;QAChC,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;IAC5B,OAAO,MAAM,CAAC,IAAI,GAAG,SAAS,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;AACnD,CAAC;AAED,SAAgB,UAAU,CAAC,MAAc,EAAE,IAAY,EAAE,MAAM,GAAG,CAAC;IACjE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC;IACxC,MAAM,GAAG,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;IACjC,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC;IAExD,KAAK,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,IAAI,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,IAAI,WAAW,CAAC,GAAG,EAAE,OAAO,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI;YAAE,OAAO,IAAI,CAAC;IAClE,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,wEAAwE;AAExE,SAAgB,mBAAmB,CAAC,KAAK,GAAG,CAAC;IAC3C,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC;QAC/B,MAAM,IAAI,GAAG,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,aAAa;QACjE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjB,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;IACtE,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;AAC3B,CAAC;AAED,SAAgB,gBAAgB,CAAC,IAAY,EAAE,MAAgB;IAC7D,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACpE,MAAM,GAAG,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACjC,IAAI,GAAG,KAAK,CAAC,CAAC;QAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,eAAe,EAAE,MAAM,EAAE,CAAC;IACjE,MAAM,eAAe,GAAG,CAAC,GAAG,MAAM,CAAC,CAAC;IACpC,eAAe,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;IAC/B,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC;AAC1C,CAAC;AAED,wEAAwE;AAExE,iEAAiE;AACjE,MAAM,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;AAErC,SAAgB,iBAAiB,CAAC,GAAW;IAC3C,MAAM,EAAE,GAAG,IAAI,MAAM,CAAC;QACpB,OAAO,EAAE,GAAG;QACZ,OAAO,EAAE,CAAC;QACV,KAAK,EAAE,GAAG;QACV,MAAM,EAAE,GAAG;QACX,KAAK,EAAE,SAAS;QAChB,UAAU,EAAE,SAAS;QACrB,GAAG,EAAE,GAAG;QACR,IAAI,EAAE,IAAI;KACX,CAAC,CAAC;IACH,OAAO,EAAE,CAAC,GAAG,EAAY,CAAC;AAC5B,CAAC"}
|
package/dist/types.d.ts
CHANGED
|
@@ -1,19 +1,54 @@
|
|
|
1
1
|
import { z } from 'zod';
|
|
2
|
-
|
|
2
|
+
import type { IdentityAssuranceLevel, ContactIdentity, GovernmentId, CompanyId, Signatory, SignatoryRule } from './identity.js';
|
|
3
|
+
export declare const DecisionResult: z.ZodEnum<{
|
|
4
|
+
ALLOW: "ALLOW";
|
|
5
|
+
DENY: "DENY";
|
|
6
|
+
REQUIRE_APPROVAL: "REQUIRE_APPROVAL";
|
|
7
|
+
REQUIRE_STEP_UP: "REQUIRE_STEP_UP";
|
|
8
|
+
REQUIRE_DEPOSIT: "REQUIRE_DEPOSIT";
|
|
9
|
+
}>;
|
|
3
10
|
export type DecisionResult = z.infer<typeof DecisionResult>;
|
|
4
|
-
export declare const ObligationType: z.ZodEnum<
|
|
11
|
+
export declare const ObligationType: z.ZodEnum<{
|
|
12
|
+
HUMAN_APPROVAL: "HUMAN_APPROVAL";
|
|
13
|
+
STEP_UP_AUTH: "STEP_UP_AUTH";
|
|
14
|
+
DEPOSIT: "DEPOSIT";
|
|
15
|
+
COUNTERPARTY_ATTESTATION: "COUNTERPARTY_ATTESTATION";
|
|
16
|
+
}>;
|
|
5
17
|
export type ObligationType = z.infer<typeof ObligationType>;
|
|
6
|
-
export declare const ObligationStatus: z.ZodEnum<
|
|
18
|
+
export declare const ObligationStatus: z.ZodEnum<{
|
|
19
|
+
PENDING: "PENDING";
|
|
20
|
+
FULFILLED: "FULFILLED";
|
|
21
|
+
WAIVED: "WAIVED";
|
|
22
|
+
}>;
|
|
7
23
|
export type ObligationStatus = z.infer<typeof ObligationStatus>;
|
|
8
|
-
export declare const PrincipalType: z.ZodEnum<
|
|
24
|
+
export declare const PrincipalType: z.ZodEnum<{
|
|
25
|
+
HUMAN: "HUMAN";
|
|
26
|
+
ORG: "ORG";
|
|
27
|
+
}>;
|
|
9
28
|
export type PrincipalType = z.infer<typeof PrincipalType>;
|
|
10
|
-
export declare const PrincipalStatus: z.ZodEnum<
|
|
29
|
+
export declare const PrincipalStatus: z.ZodEnum<{
|
|
30
|
+
ACTIVE: "ACTIVE";
|
|
31
|
+
SUSPENDED: "SUSPENDED";
|
|
32
|
+
REVOKED: "REVOKED";
|
|
33
|
+
}>;
|
|
11
34
|
export type PrincipalStatus = z.infer<typeof PrincipalStatus>;
|
|
12
|
-
export declare const AgentStatus: z.ZodEnum<
|
|
35
|
+
export declare const AgentStatus: z.ZodEnum<{
|
|
36
|
+
ACTIVE: "ACTIVE";
|
|
37
|
+
REVOKED: "REVOKED";
|
|
38
|
+
}>;
|
|
13
39
|
export type AgentStatus = z.infer<typeof AgentStatus>;
|
|
14
|
-
export declare const TrustProfile: z.ZodEnum<
|
|
40
|
+
export declare const TrustProfile: z.ZodEnum<{
|
|
41
|
+
LOW: "LOW";
|
|
42
|
+
MEDIUM: "MEDIUM";
|
|
43
|
+
HIGH: "HIGH";
|
|
44
|
+
REGULATED: "REGULATED";
|
|
45
|
+
}>;
|
|
15
46
|
export type TrustProfile = z.infer<typeof TrustProfile>;
|
|
16
|
-
export declare const AssuranceLevel: z.ZodEnum<
|
|
47
|
+
export declare const AssuranceLevel: z.ZodEnum<{
|
|
48
|
+
LOW: "LOW";
|
|
49
|
+
HIGH: "HIGH";
|
|
50
|
+
SUBSTANTIAL: "SUBSTANTIAL";
|
|
51
|
+
}>;
|
|
17
52
|
export type AssuranceLevel = z.infer<typeof AssuranceLevel>;
|
|
18
53
|
export declare const ActionRequestSchema: z.ZodObject<{
|
|
19
54
|
action_id: z.ZodString;
|
|
@@ -21,82 +56,38 @@ export declare const ActionRequestSchema: z.ZodObject<{
|
|
|
21
56
|
requested_at: z.ZodString;
|
|
22
57
|
principal: z.ZodObject<{
|
|
23
58
|
agent_id: z.ZodString;
|
|
24
|
-
},
|
|
25
|
-
agent_id: string;
|
|
26
|
-
}, {
|
|
27
|
-
agent_id: string;
|
|
28
|
-
}>;
|
|
59
|
+
}, z.core.$strip>;
|
|
29
60
|
subject: z.ZodObject<{
|
|
30
61
|
principal_id: z.ZodString;
|
|
31
|
-
},
|
|
32
|
-
principal_id: string;
|
|
33
|
-
}, {
|
|
34
|
-
principal_id: string;
|
|
35
|
-
}>;
|
|
62
|
+
}, z.core.$strip>;
|
|
36
63
|
relying_party: z.ZodOptional<z.ZodObject<{
|
|
37
64
|
rp_id: z.ZodOptional<z.ZodString>;
|
|
38
65
|
domain: z.ZodOptional<z.ZodString>;
|
|
39
|
-
trust_profile: z.ZodOptional<z.ZodEnum<
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
domain?: string | undefined;
|
|
47
|
-
trust_profile?: "LOW" | "MEDIUM" | "HIGH" | "REGULATED" | undefined;
|
|
48
|
-
}>>;
|
|
66
|
+
trust_profile: z.ZodOptional<z.ZodEnum<{
|
|
67
|
+
LOW: "LOW";
|
|
68
|
+
MEDIUM: "MEDIUM";
|
|
69
|
+
HIGH: "HIGH";
|
|
70
|
+
REGULATED: "REGULATED";
|
|
71
|
+
}>>;
|
|
72
|
+
}, z.core.$strip>>;
|
|
49
73
|
payload: z.ZodRecord<z.ZodString, z.ZodUnknown>;
|
|
50
|
-
},
|
|
51
|
-
action_id: string;
|
|
52
|
-
action_type: string;
|
|
53
|
-
requested_at: string;
|
|
54
|
-
principal: {
|
|
55
|
-
agent_id: string;
|
|
56
|
-
};
|
|
57
|
-
subject: {
|
|
58
|
-
principal_id: string;
|
|
59
|
-
};
|
|
60
|
-
payload: Record<string, unknown>;
|
|
61
|
-
relying_party?: {
|
|
62
|
-
rp_id?: string | undefined;
|
|
63
|
-
domain?: string | undefined;
|
|
64
|
-
trust_profile?: "LOW" | "MEDIUM" | "HIGH" | "REGULATED" | undefined;
|
|
65
|
-
} | undefined;
|
|
66
|
-
}, {
|
|
67
|
-
action_id: string;
|
|
68
|
-
action_type: string;
|
|
69
|
-
requested_at: string;
|
|
70
|
-
principal: {
|
|
71
|
-
agent_id: string;
|
|
72
|
-
};
|
|
73
|
-
subject: {
|
|
74
|
-
principal_id: string;
|
|
75
|
-
};
|
|
76
|
-
payload: Record<string, unknown>;
|
|
77
|
-
relying_party?: {
|
|
78
|
-
rp_id?: string | undefined;
|
|
79
|
-
domain?: string | undefined;
|
|
80
|
-
trust_profile?: "LOW" | "MEDIUM" | "HIGH" | "REGULATED" | undefined;
|
|
81
|
-
} | undefined;
|
|
82
|
-
}>;
|
|
74
|
+
}, z.core.$strip>;
|
|
83
75
|
export type ActionRequest = z.infer<typeof ActionRequestSchema>;
|
|
84
76
|
export declare const ObligationSchema: z.ZodObject<{
|
|
85
77
|
obligation_id: z.ZodString;
|
|
86
|
-
type: z.ZodEnum<
|
|
87
|
-
|
|
78
|
+
type: z.ZodEnum<{
|
|
79
|
+
HUMAN_APPROVAL: "HUMAN_APPROVAL";
|
|
80
|
+
STEP_UP_AUTH: "STEP_UP_AUTH";
|
|
81
|
+
DEPOSIT: "DEPOSIT";
|
|
82
|
+
COUNTERPARTY_ATTESTATION: "COUNTERPARTY_ATTESTATION";
|
|
83
|
+
}>;
|
|
84
|
+
status: z.ZodEnum<{
|
|
85
|
+
PENDING: "PENDING";
|
|
86
|
+
FULFILLED: "FULFILLED";
|
|
87
|
+
WAIVED: "WAIVED";
|
|
88
|
+
}>;
|
|
88
89
|
details_json: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
|
|
89
|
-
},
|
|
90
|
-
type: "HUMAN_APPROVAL" | "STEP_UP_AUTH" | "DEPOSIT" | "COUNTERPARTY_ATTESTATION";
|
|
91
|
-
status: "PENDING" | "FULFILLED" | "WAIVED";
|
|
92
|
-
obligation_id: string;
|
|
93
|
-
details_json?: Record<string, unknown> | undefined;
|
|
94
|
-
}, {
|
|
95
|
-
type: "HUMAN_APPROVAL" | "STEP_UP_AUTH" | "DEPOSIT" | "COUNTERPARTY_ATTESTATION";
|
|
96
|
-
status: "PENDING" | "FULFILLED" | "WAIVED";
|
|
97
|
-
obligation_id: string;
|
|
98
|
-
details_json?: Record<string, unknown> | undefined;
|
|
99
|
-
}>;
|
|
90
|
+
}, z.core.$strip>;
|
|
100
91
|
export type Obligation = z.infer<typeof ObligationSchema>;
|
|
101
92
|
export interface AuthorizeResponse {
|
|
102
93
|
decision_id: string;
|
|
@@ -187,6 +178,8 @@ export interface StatePolicyEntry {
|
|
|
187
178
|
policy_id: string;
|
|
188
179
|
owner_principal_id: string;
|
|
189
180
|
applies_to_agent_principal_id: string | null;
|
|
181
|
+
name: string | null;
|
|
182
|
+
description: string | null;
|
|
190
183
|
path: string;
|
|
191
184
|
}
|
|
192
185
|
export interface StateBinding {
|
|
@@ -205,6 +198,8 @@ export interface StateData {
|
|
|
205
198
|
agents: StateAgentEntry[];
|
|
206
199
|
policies: StatePolicyEntry[];
|
|
207
200
|
bindings: StateBinding[];
|
|
201
|
+
approval_requests?: StateApprovalRequestEntry[];
|
|
202
|
+
policy_drafts?: StatePolicyDraftEntry[];
|
|
208
203
|
}
|
|
209
204
|
export interface ServerKeyFile {
|
|
210
205
|
kid: string;
|
|
@@ -220,6 +215,19 @@ export interface OwnerFrontmatter {
|
|
|
220
215
|
status: PrincipalStatus;
|
|
221
216
|
attributes: Record<string, unknown>;
|
|
222
217
|
created_at: string;
|
|
218
|
+
identity_assurance_level?: IdentityAssuranceLevel;
|
|
219
|
+
contact_identities?: ContactIdentity[];
|
|
220
|
+
government_ids?: GovernmentId[];
|
|
221
|
+
company_ids?: CompanyId[];
|
|
222
|
+
signatories?: Signatory[];
|
|
223
|
+
signatory_rules?: SignatoryRule[];
|
|
224
|
+
passphrase_hash?: string;
|
|
225
|
+
passphrase_salt?: string;
|
|
226
|
+
passphrase_set_at?: string;
|
|
227
|
+
totp_secret_b32?: string;
|
|
228
|
+
totp_enabled?: boolean;
|
|
229
|
+
totp_enabled_at?: string;
|
|
230
|
+
totp_backup_codes_hash?: string[];
|
|
223
231
|
}
|
|
224
232
|
export interface AgentFrontmatter {
|
|
225
233
|
agent_principal_id: string;
|
|
@@ -230,8 +238,153 @@ export interface AgentFrontmatter {
|
|
|
230
238
|
attributes: Record<string, unknown>;
|
|
231
239
|
created_at: string;
|
|
232
240
|
revoked_at: string | null;
|
|
241
|
+
webhook_url: string;
|
|
242
|
+
webhook_secret: string;
|
|
243
|
+
webhook_auth_token: string;
|
|
233
244
|
}
|
|
234
|
-
export declare const
|
|
245
|
+
export declare const ApprovalRequestStatus: z.ZodEnum<{
|
|
246
|
+
PENDING: "PENDING";
|
|
247
|
+
APPROVED: "APPROVED";
|
|
248
|
+
DENIED: "DENIED";
|
|
249
|
+
EXPIRED: "EXPIRED";
|
|
250
|
+
}>;
|
|
251
|
+
export type ApprovalRequestStatus = z.infer<typeof ApprovalRequestStatus>;
|
|
252
|
+
export interface ApprovalRequestFrontmatter {
|
|
253
|
+
approval_request_id: string;
|
|
254
|
+
decision_id: string;
|
|
255
|
+
agent_principal_id: string;
|
|
256
|
+
agent_id: string;
|
|
257
|
+
owner_principal_id: string;
|
|
258
|
+
action_type: string;
|
|
259
|
+
action_hash: string;
|
|
260
|
+
action: ActionRequest;
|
|
261
|
+
justification: string | null;
|
|
262
|
+
context: Record<string, unknown> | null;
|
|
263
|
+
status: ApprovalRequestStatus;
|
|
264
|
+
approval_token: string | null;
|
|
265
|
+
approval_token_expires_at: string | null;
|
|
266
|
+
resolved_at: string | null;
|
|
267
|
+
resolved_by: string | null;
|
|
268
|
+
denial_reason: string | null;
|
|
269
|
+
consumed_at: string | null;
|
|
270
|
+
created_at: string;
|
|
271
|
+
expires_at: string;
|
|
272
|
+
}
|
|
273
|
+
export interface StateApprovalRequestEntry {
|
|
274
|
+
approval_request_id: string;
|
|
275
|
+
owner_principal_id: string;
|
|
276
|
+
agent_principal_id: string;
|
|
277
|
+
status: ApprovalRequestStatus;
|
|
278
|
+
path: string;
|
|
279
|
+
}
|
|
280
|
+
export declare const PolicyDraftStatus: z.ZodEnum<{
|
|
281
|
+
PENDING: "PENDING";
|
|
282
|
+
APPROVED: "APPROVED";
|
|
283
|
+
DENIED: "DENIED";
|
|
284
|
+
}>;
|
|
285
|
+
export type PolicyDraftStatus = z.infer<typeof PolicyDraftStatus>;
|
|
286
|
+
export interface PolicyDraftFrontmatter {
|
|
287
|
+
policy_draft_id: string;
|
|
288
|
+
agent_principal_id: string;
|
|
289
|
+
agent_id: string;
|
|
290
|
+
owner_principal_id: string;
|
|
291
|
+
applies_to_agent_principal_id: string | null;
|
|
292
|
+
name: string | null;
|
|
293
|
+
description: string | null;
|
|
294
|
+
policy_yaml: string;
|
|
295
|
+
justification: string | null;
|
|
296
|
+
status: PolicyDraftStatus;
|
|
297
|
+
resulting_policy_id: string | null;
|
|
298
|
+
resolved_at: string | null;
|
|
299
|
+
resolved_by: string | null;
|
|
300
|
+
denial_reason: string | null;
|
|
301
|
+
created_at: string;
|
|
302
|
+
}
|
|
303
|
+
export interface StatePolicyDraftEntry {
|
|
304
|
+
policy_draft_id: string;
|
|
305
|
+
owner_principal_id: string;
|
|
306
|
+
agent_principal_id: string;
|
|
307
|
+
status: PolicyDraftStatus;
|
|
308
|
+
path: string;
|
|
309
|
+
}
|
|
310
|
+
export interface SetupInvite {
|
|
311
|
+
invite_id: string;
|
|
312
|
+
owner_principal_id: string;
|
|
313
|
+
token_hash: string;
|
|
314
|
+
token_salt: string;
|
|
315
|
+
expires_at: string;
|
|
316
|
+
used: boolean;
|
|
317
|
+
used_at: string | null;
|
|
318
|
+
created_at: string;
|
|
319
|
+
}
|
|
320
|
+
export interface AgentInvite {
|
|
321
|
+
invite_id: string;
|
|
322
|
+
owner_principal_id: string;
|
|
323
|
+
token_hash: string;
|
|
324
|
+
token_salt: string;
|
|
325
|
+
expires_at: string;
|
|
326
|
+
used: boolean;
|
|
327
|
+
used_at: string | null;
|
|
328
|
+
created_at: string;
|
|
329
|
+
}
|
|
330
|
+
export interface SessionClaims {
|
|
331
|
+
iss: string;
|
|
332
|
+
kid: string;
|
|
333
|
+
sub: string;
|
|
334
|
+
iat: string;
|
|
335
|
+
exp: string;
|
|
336
|
+
purpose: 'owner_session';
|
|
337
|
+
}
|
|
338
|
+
export interface ApprovalTokenClaims {
|
|
339
|
+
iss: string;
|
|
340
|
+
kid: string;
|
|
341
|
+
iat: string;
|
|
342
|
+
exp: string;
|
|
343
|
+
approval_request_id: string;
|
|
344
|
+
owner_principal_id: string;
|
|
345
|
+
agent_id: string;
|
|
346
|
+
action_type: string;
|
|
347
|
+
action_hash: string;
|
|
348
|
+
purpose: 'approval';
|
|
349
|
+
}
|
|
350
|
+
export declare const AuditEventType: z.ZodEnum<{
|
|
351
|
+
OWNER_CREATED: "OWNER_CREATED";
|
|
352
|
+
OWNER_UPDATED: "OWNER_UPDATED";
|
|
353
|
+
OWNER_IDENTITY_UPDATED: "OWNER_IDENTITY_UPDATED";
|
|
354
|
+
OWNER_SETUP_INVITE_CREATED: "OWNER_SETUP_INVITE_CREATED";
|
|
355
|
+
OWNER_SETUP_COMPLETED: "OWNER_SETUP_COMPLETED";
|
|
356
|
+
OWNER_LOGIN: "OWNER_LOGIN";
|
|
357
|
+
OWNER_LOGOUT: "OWNER_LOGOUT";
|
|
358
|
+
AGENT_CHALLENGE_ISSUED: "AGENT_CHALLENGE_ISSUED";
|
|
359
|
+
AGENT_REGISTERED: "AGENT_REGISTERED";
|
|
360
|
+
POLICY_UPSERTED: "POLICY_UPSERTED";
|
|
361
|
+
AUTHORIZE_CALLED: "AUTHORIZE_CALLED";
|
|
362
|
+
DECISION_CREATED: "DECISION_CREATED";
|
|
363
|
+
PROOF_ISSUED: "PROOF_ISSUED";
|
|
364
|
+
PROOF_VERIFIED: "PROOF_VERIFIED";
|
|
365
|
+
PLAYGROUND_RUN: "PLAYGROUND_RUN";
|
|
366
|
+
KEY_ROTATED: "KEY_ROTATED";
|
|
367
|
+
SERVER_STARTED: "SERVER_STARTED";
|
|
368
|
+
POLICY_UPDATED: "POLICY_UPDATED";
|
|
369
|
+
POLICY_DELETED: "POLICY_DELETED";
|
|
370
|
+
POLICY_UNBOUND: "POLICY_UNBOUND";
|
|
371
|
+
APPROVAL_REQUEST_CREATED: "APPROVAL_REQUEST_CREATED";
|
|
372
|
+
APPROVAL_REQUEST_APPROVED: "APPROVAL_REQUEST_APPROVED";
|
|
373
|
+
APPROVAL_REQUEST_DENIED: "APPROVAL_REQUEST_DENIED";
|
|
374
|
+
APPROVAL_REQUEST_EXPIRED: "APPROVAL_REQUEST_EXPIRED";
|
|
375
|
+
APPROVAL_TOKEN_USED: "APPROVAL_TOKEN_USED";
|
|
376
|
+
INITIAL_SETUP_COMPLETED: "INITIAL_SETUP_COMPLETED";
|
|
377
|
+
OWNER_TOTP_ENABLED: "OWNER_TOTP_ENABLED";
|
|
378
|
+
OWNER_TOTP_DISABLED: "OWNER_TOTP_DISABLED";
|
|
379
|
+
OWNER_TOTP_BACKUP_USED: "OWNER_TOTP_BACKUP_USED";
|
|
380
|
+
AGENT_INVITE_CREATED: "AGENT_INVITE_CREATED";
|
|
381
|
+
AGENT_REGISTERED_VIA_INVITE: "AGENT_REGISTERED_VIA_INVITE";
|
|
382
|
+
POLICY_DRAFT_CREATED: "POLICY_DRAFT_CREATED";
|
|
383
|
+
POLICY_DRAFT_APPROVED: "POLICY_DRAFT_APPROVED";
|
|
384
|
+
POLICY_DRAFT_DENIED: "POLICY_DRAFT_DENIED";
|
|
385
|
+
WEBHOOK_DELIVERED: "WEBHOOK_DELIVERED";
|
|
386
|
+
WEBHOOK_DELIVERY_FAILED: "WEBHOOK_DELIVERY_FAILED";
|
|
387
|
+
}>;
|
|
235
388
|
export type AuditEventType = z.infer<typeof AuditEventType>;
|
|
236
389
|
export interface AuditEvent {
|
|
237
390
|
event_id: string;
|
|
@@ -254,6 +407,7 @@ export interface OpenleashConfig {
|
|
|
254
407
|
security: {
|
|
255
408
|
nonce_ttl_seconds: number;
|
|
256
409
|
clock_skew_seconds: number;
|
|
410
|
+
require_totp?: boolean;
|
|
257
411
|
};
|
|
258
412
|
tokens: {
|
|
259
413
|
format: 'paseto_v4_public';
|
|
@@ -263,6 +417,17 @@ export interface OpenleashConfig {
|
|
|
263
417
|
gui?: {
|
|
264
418
|
enabled: boolean;
|
|
265
419
|
};
|
|
420
|
+
sessions?: {
|
|
421
|
+
ttl_seconds: number;
|
|
422
|
+
};
|
|
423
|
+
approval?: {
|
|
424
|
+
request_ttl_seconds: number;
|
|
425
|
+
token_ttl_seconds: number;
|
|
426
|
+
};
|
|
427
|
+
store?: {
|
|
428
|
+
type: string;
|
|
429
|
+
options?: Record<string, unknown>;
|
|
430
|
+
};
|
|
266
431
|
}
|
|
267
432
|
export interface RegistrationChallenge {
|
|
268
433
|
challenge_id: string;
|