npm - @openvtc/trust-tasks - Versions diffs - 0.1.0 → 0.2.1 - Mend

@openvtc/trust-tasks 0.1.0 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (256) hide show

package/dist/_framework/0.2/framework.d.ts +11 -0
package/dist/_framework/0.2/framework.d.ts.map +1 -0
package/dist/_framework/0.2/framework.js +6 -0
package/dist/_framework/0.2/framework.js.map +1 -0
package/dist/acl/grant/0.1/payload.d.ts +13 -0
package/dist/acl/grant/0.1/payload.d.ts.map +1 -1
package/dist/acl/grant/0.1/payload.js.map +1 -1
package/dist/auth/passkey/login/finish/0.2/payload.d.ts +42 -0
package/dist/auth/passkey/login/finish/0.2/payload.d.ts.map +1 -0
package/dist/auth/passkey/login/finish/0.2/payload.js +9 -0
package/dist/auth/passkey/login/finish/0.2/payload.js.map +1 -0
package/dist/auth/passkey/login/start/0.2/payload.d.ts +29 -0
package/dist/auth/passkey/login/start/0.2/payload.d.ts.map +1 -0
package/dist/auth/passkey/login/start/0.2/payload.js +9 -0
package/dist/auth/passkey/login/start/0.2/payload.js.map +1 -0
package/dist/auth/step-up/approve-request/0.1/payload.d.ts +28 -0
package/dist/auth/step-up/approve-request/0.1/payload.d.ts.map +1 -1
package/dist/auth/step-up/approve-request/0.1/payload.js.map +1 -1
package/dist/auth/step-up/approve-request/0.2/payload.d.ts +73 -0
package/dist/auth/step-up/approve-request/0.2/payload.d.ts.map +1 -0
package/dist/auth/step-up/approve-request/0.2/payload.js +9 -0
package/dist/auth/step-up/approve-request/0.2/payload.js.map +1 -0
package/dist/auth/step-up/approve-response/0.1/payload.d.ts +31 -0
package/dist/auth/step-up/approve-response/0.1/payload.d.ts.map +1 -1
package/dist/auth/step-up/approve-response/0.1/payload.js.map +1 -1
package/dist/auth/step-up/approve-response/0.2/payload.d.ts +76 -0
package/dist/auth/step-up/approve-response/0.2/payload.d.ts.map +1 -0
package/dist/auth/step-up/approve-response/0.2/payload.js +9 -0
package/dist/auth/step-up/approve-response/0.2/payload.js.map +1 -0
package/dist/auth/step-up/policy/0.1/payload.d.ts +43 -0
package/dist/auth/step-up/policy/0.1/payload.d.ts.map +1 -0
package/dist/auth/step-up/policy/0.1/payload.js +9 -0
package/dist/auth/step-up/policy/0.1/payload.js.map +1 -0
package/dist/auth/step-up/policy/0.2/payload.d.ts +43 -0
package/dist/auth/step-up/policy/0.2/payload.d.ts.map +1 -0
package/dist/auth/step-up/policy/0.2/payload.js +9 -0
package/dist/auth/step-up/policy/0.2/payload.js.map +1 -0
package/dist/device/_shared/0.2/device-binding.d.ts +11 -0
package/dist/device/_shared/0.2/device-binding.d.ts.map +1 -0
package/dist/device/_shared/0.2/device-binding.js +6 -0
package/dist/device/_shared/0.2/device-binding.js.map +1 -0
package/dist/device/heartbeat/0.2/payload.d.ts +29 -0
package/dist/device/heartbeat/0.2/payload.d.ts.map +1 -0
package/dist/device/heartbeat/0.2/payload.js +9 -0
package/dist/device/heartbeat/0.2/payload.js.map +1 -0
package/dist/device/list/0.2/payload.d.ts +37 -0
package/dist/device/list/0.2/payload.d.ts.map +1 -0
package/dist/device/list/0.2/payload.js +9 -0
package/dist/device/list/0.2/payload.js.map +1 -0
package/dist/device/register/0.1/payload.d.ts +18 -0
package/dist/device/register/0.1/payload.d.ts.map +1 -1
package/dist/device/register/0.1/payload.js.map +1 -1
package/dist/device/register/0.2/payload.d.ts +97 -0
package/dist/device/register/0.2/payload.d.ts.map +1 -0
package/dist/device/register/0.2/payload.js +9 -0
package/dist/device/register/0.2/payload.js.map +1 -0
package/dist/device/set-wake/0.1/payload.d.ts +43 -0
package/dist/device/set-wake/0.1/payload.d.ts.map +1 -0
package/dist/device/set-wake/0.1/payload.js +9 -0
package/dist/device/set-wake/0.1/payload.js.map +1 -0
package/dist/device/set-wake/0.2/payload.d.ts +43 -0
package/dist/device/set-wake/0.2/payload.d.ts.map +1 -0
package/dist/device/set-wake/0.2/payload.js +9 -0
package/dist/device/set-wake/0.2/payload.js.map +1 -0
package/dist/device/wipe/0.2/payload.d.ts +37 -0
package/dist/device/wipe/0.2/payload.d.ts.map +1 -0
package/dist/device/wipe/0.2/payload.js +9 -0
package/dist/device/wipe/0.2/payload.js.map +1 -0
package/dist/did-management/did/check-name/0.1/payload.d.ts +5 -2
package/dist/did-management/did/check-name/0.1/payload.d.ts.map +1 -1
package/dist/did-management/did/check-name/0.1/payload.js.map +1 -1
package/dist/index.d.ts +63 -17
package/dist/index.d.ts.map +1 -1
package/dist/index.js +63 -17
package/dist/index.js.map +1 -1
package/dist/policy/_shared/0.2/policy.d.ts +11 -0
package/dist/policy/_shared/0.2/policy.d.ts.map +1 -0
package/dist/policy/_shared/0.2/policy.js +6 -0
package/dist/policy/_shared/0.2/policy.js.map +1 -0
package/dist/policy/evaluate/0.2/payload.d.ts +99 -0
package/dist/policy/evaluate/0.2/payload.d.ts.map +1 -0
package/dist/policy/evaluate/0.2/payload.js +9 -0
package/dist/policy/evaluate/0.2/payload.js.map +1 -0
package/dist/policy/list/0.2/payload.d.ts +22 -0
package/dist/policy/list/0.2/payload.d.ts.map +1 -0
package/dist/policy/list/0.2/payload.js +9 -0
package/dist/policy/list/0.2/payload.js.map +1 -0
package/dist/policy/upsert/0.2/payload.d.ts +29 -0
package/dist/policy/upsert/0.2/payload.d.ts.map +1 -0
package/dist/policy/upsert/0.2/payload.js +9 -0
package/dist/policy/upsert/0.2/payload.js.map +1 -0
package/dist/provision/integration/0.2/payload.d.ts +178 -0
package/dist/provision/integration/0.2/payload.d.ts.map +1 -0
package/dist/provision/integration/0.2/payload.js +9 -0
package/dist/provision/integration/0.2/payload.js.map +1 -0
package/dist/push/provision/0.1/payload.d.ts +35 -0
package/dist/push/provision/0.1/payload.d.ts.map +1 -0
package/dist/push/provision/0.1/payload.js +9 -0
package/dist/push/provision/0.1/payload.js.map +1 -0
package/dist/push/provision/0.2/payload.d.ts +35 -0
package/dist/push/provision/0.2/payload.d.ts.map +1 -0
package/dist/push/provision/0.2/payload.js +9 -0
package/dist/push/provision/0.2/payload.js.map +1 -0
package/dist/push/register/0.1/payload.d.ts +72 -0
package/dist/push/register/0.1/payload.d.ts.map +1 -0
package/dist/push/register/0.1/payload.js +9 -0
package/dist/push/register/0.1/payload.js.map +1 -0
package/dist/push/register/0.2/payload.d.ts +72 -0
package/dist/push/register/0.2/payload.d.ts.map +1 -0
package/dist/push/register/0.2/payload.js +9 -0
package/dist/push/register/0.2/payload.js.map +1 -0
package/dist/push/wake/0.1/payload.d.ts +41 -0
package/dist/push/wake/0.1/payload.d.ts.map +1 -0
package/dist/push/wake/0.1/payload.js +9 -0
package/dist/push/wake/0.1/payload.js.map +1 -0
package/dist/push/wake/0.2/payload.d.ts +41 -0
package/dist/push/wake/0.2/payload.d.ts.map +1 -0
package/dist/push/wake/0.2/payload.js +9 -0
package/dist/push/wake/0.2/payload.js.map +1 -0
package/dist/sync/_shared/0.2/sync-event.d.ts +11 -0
package/dist/sync/_shared/0.2/sync-event.d.ts.map +1 -0
package/dist/sync/_shared/0.2/sync-event.js +6 -0
package/dist/sync/_shared/0.2/sync-event.js.map +1 -0
package/dist/sync/event/0.2/payload.d.ts +208 -0
package/dist/sync/event/0.2/payload.d.ts.map +1 -0
package/dist/sync/event/0.2/payload.js +9 -0
package/dist/sync/event/0.2/payload.js.map +1 -0
package/dist/trust-task-error/0.2/payload.d.ts +36 -0
package/dist/trust-task-error/0.2/payload.d.ts.map +1 -0
package/dist/trust-task-error/0.2/payload.js +9 -0
package/dist/trust-task-error/0.2/payload.js.map +1 -0
package/dist/vault/_shared/0.2/consumer-context.d.ts +11 -0
package/dist/vault/_shared/0.2/consumer-context.d.ts.map +1 -0
package/dist/vault/_shared/0.2/consumer-context.js +6 -0
package/dist/vault/_shared/0.2/consumer-context.js.map +1 -0
package/dist/vault/_shared/0.2/sealed-envelope.d.ts +15 -0
package/dist/vault/_shared/0.2/sealed-envelope.d.ts.map +1 -0
package/dist/vault/_shared/0.2/sealed-envelope.js +6 -0
package/dist/vault/_shared/0.2/sealed-envelope.js.map +1 -0
package/dist/vault/_shared/0.2/session-blob.d.ts +13 -0
package/dist/vault/_shared/0.2/session-blob.d.ts.map +1 -0
package/dist/vault/_shared/0.2/session-blob.js +6 -0
package/dist/vault/_shared/0.2/session-blob.js.map +1 -0
package/dist/vault/_shared/0.2/vault-entry.d.ts +13 -0
package/dist/vault/_shared/0.2/vault-entry.d.ts.map +1 -0
package/dist/vault/_shared/0.2/vault-entry.js +6 -0
package/dist/vault/_shared/0.2/vault-entry.js.map +1 -0
package/dist/vault/_shared/0.2/vault-secret.d.ts +15 -0
package/dist/vault/_shared/0.2/vault-secret.d.ts.map +1 -0
package/dist/vault/_shared/0.2/vault-secret.js +6 -0
package/dist/vault/_shared/0.2/vault-secret.js.map +1 -0
package/dist/vault/get/0.2/payload.d.ts +25 -0
package/dist/vault/get/0.2/payload.d.ts.map +1 -0
package/dist/vault/get/0.2/payload.js +9 -0
package/dist/vault/get/0.2/payload.js.map +1 -0
package/dist/vault/list/0.2/payload.d.ts +74 -0
package/dist/vault/list/0.2/payload.d.ts.map +1 -0
package/dist/vault/list/0.2/payload.js +9 -0
package/dist/vault/list/0.2/payload.js.map +1 -0
package/dist/vault/proxy-login/0.2/payload.d.ts +109 -0
package/dist/vault/proxy-login/0.2/payload.d.ts.map +1 -0
package/dist/vault/proxy-login/0.2/payload.js +9 -0
package/dist/vault/proxy-login/0.2/payload.js.map +1 -0
package/dist/vault/release/0.2/payload.d.ts +102 -0
package/dist/vault/release/0.2/payload.d.ts.map +1 -0
package/dist/vault/release/0.2/payload.js +9 -0
package/dist/vault/release/0.2/payload.js.map +1 -0
package/dist/vault/sign-trust-task/0.2/payload.d.ts +99 -0
package/dist/vault/sign-trust-task/0.2/payload.d.ts.map +1 -0
package/dist/vault/sign-trust-task/0.2/payload.js +9 -0
package/dist/vault/sign-trust-task/0.2/payload.js.map +1 -0
package/dist/vault/sync/0.2/payload.d.ts +33 -0
package/dist/vault/sync/0.2/payload.d.ts.map +1 -0
package/dist/vault/sync/0.2/payload.js +9 -0
package/dist/vault/sync/0.2/payload.js.map +1 -0
package/dist/vault/upsert/0.2/payload.d.ts +150 -0
package/dist/vault/upsert/0.2/payload.d.ts.map +1 -0
package/dist/vault/upsert/0.2/payload.js +9 -0
package/dist/vault/upsert/0.2/payload.js.map +1 -0
package/dist/vault/usage/0.2/payload.d.ts +38 -0
package/dist/vault/usage/0.2/payload.d.ts.map +1 -0
package/dist/vault/usage/0.2/payload.js +9 -0
package/dist/vault/usage/0.2/payload.js.map +1 -0
package/dist/vta/_shared/0.1/passkey-vm.d.ts +11 -0
package/dist/vta/_shared/0.1/passkey-vm.d.ts.map +1 -0
package/dist/vta/_shared/0.1/passkey-vm.js +6 -0
package/dist/vta/_shared/0.1/passkey-vm.js.map +1 -0
package/dist/vta/passkey-vms/enroll-challenge/0.1/payload.d.ts +29 -0
package/dist/vta/passkey-vms/enroll-challenge/0.1/payload.d.ts.map +1 -0
package/dist/vta/passkey-vms/enroll-challenge/0.1/payload.js +9 -0
package/dist/vta/passkey-vms/enroll-challenge/0.1/payload.js.map +1 -0
package/dist/vta/passkey-vms/enroll-submit/0.1/payload.d.ts +61 -0
package/dist/vta/passkey-vms/enroll-submit/0.1/payload.d.ts.map +1 -0
package/dist/vta/passkey-vms/enroll-submit/0.1/payload.js +9 -0
package/dist/vta/passkey-vms/enroll-submit/0.1/payload.js.map +1 -0
package/dist/vta/passkey-vms/list/0.1/payload.d.ts +25 -0
package/dist/vta/passkey-vms/list/0.1/payload.d.ts.map +1 -0
package/dist/vta/passkey-vms/list/0.1/payload.js +9 -0
package/dist/vta/passkey-vms/list/0.1/payload.js.map +1 -0
package/dist/vta/passkey-vms/revoke/0.1/payload.d.ts +29 -0
package/dist/vta/passkey-vms/revoke/0.1/payload.d.ts.map +1 -0
package/dist/vta/passkey-vms/revoke/0.1/payload.js +9 -0
package/dist/vta/passkey-vms/revoke/0.1/payload.js.map +1 -0
package/package.json +2 -2
package/src/_framework/0.2/framework.ts +11 -0
package/src/acl/grant/0.1/payload.ts +13 -0
package/src/auth/passkey/login/finish/0.2/payload.ts +44 -0
package/src/auth/passkey/login/start/0.2/payload.ts +31 -0
package/src/auth/step-up/approve-request/0.1/payload.ts +28 -0
package/src/auth/step-up/approve-request/0.2/payload.ts +75 -0
package/src/auth/step-up/approve-response/0.1/payload.ts +32 -0
package/src/auth/step-up/approve-response/0.2/payload.ts +79 -0
package/src/auth/step-up/policy/0.1/payload.ts +45 -0
package/src/auth/step-up/policy/0.2/payload.ts +45 -0
package/src/device/_shared/0.2/device-binding.ts +11 -0
package/src/device/heartbeat/0.2/payload.ts +31 -0
package/src/device/list/0.2/payload.ts +48 -0
package/src/device/register/0.1/payload.ts +18 -0
package/src/device/register/0.2/payload.ts +106 -0
package/src/device/set-wake/0.1/payload.ts +45 -0
package/src/device/set-wake/0.2/payload.ts +45 -0
package/src/device/wipe/0.2/payload.ts +39 -0
package/src/did-management/did/check-name/0.1/payload.ts +5 -2
package/src/index.ts +63 -17
package/src/policy/_shared/0.2/policy.ts +11 -0
package/src/policy/evaluate/0.2/payload.ts +102 -0
package/src/policy/list/0.2/payload.ts +24 -0
package/src/policy/upsert/0.2/payload.ts +31 -0
package/src/provision/integration/0.2/payload.ts +181 -0
package/src/push/provision/0.1/payload.ts +37 -0
package/src/push/provision/0.2/payload.ts +37 -0
package/src/push/register/0.1/payload.ts +75 -0
package/src/push/register/0.2/payload.ts +75 -0
package/src/push/wake/0.1/payload.ts +43 -0
package/src/push/wake/0.2/payload.ts +43 -0
package/src/sync/_shared/0.2/sync-event.ts +11 -0
package/src/sync/event/0.2/payload.ts +219 -0
package/src/trust-task-error/0.2/payload.ts +55 -0
package/src/vault/_shared/0.2/consumer-context.ts +11 -0
package/src/vault/_shared/0.2/sealed-envelope.ts +15 -0
package/src/vault/_shared/0.2/session-blob.ts +13 -0
package/src/vault/_shared/0.2/vault-entry.ts +13 -0
package/src/vault/_shared/0.2/vault-secret.ts +15 -0
package/src/vault/get/0.2/payload.ts +27 -0
package/src/vault/list/0.2/payload.ts +85 -0
package/src/vault/proxy-login/0.2/payload.ts +112 -0
package/src/vault/release/0.2/payload.ts +105 -0
package/src/vault/sign-trust-task/0.2/payload.ts +101 -0
package/src/vault/sync/0.2/payload.ts +35 -0
package/src/vault/upsert/0.2/payload.ts +161 -0
package/src/vault/usage/0.2/payload.ts +40 -0
package/src/vta/_shared/0.1/passkey-vm.ts +11 -0
package/src/vta/passkey-vms/enroll-challenge/0.1/payload.ts +31 -0
package/src/vta/passkey-vms/enroll-submit/0.1/payload.ts +63 -0
package/src/vta/passkey-vms/list/0.1/payload.ts +27 -0
package/src/vta/passkey-vms/revoke/0.1/payload.ts +31 -0

package/dist/device/_shared/0.2/device-binding.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+/**
+ * Generated by scripts/build-ts-bindings.mjs — DO NOT EDIT BY HAND.
+ * Source: specs/device/_shared/0.2/device-binding.schema.json
+ */
+/**
+ * Canonical metadata view of a registered consumer device — a Companion (browser plugin, mobile app, desktop app) or a Service (mediator, AI agent, daemon) enrolled to a VTA. Referenced by every device/* specification. Pairs with the ACL: a DeviceBinding is the device-facing half of an AclEntry. Most fields are maintainer-side observations (device id, attestation, timestamps); a few are consumer-supplied at registration time (form factor, display name).
+ */
+export interface DeviceBindingSharedDefinitionForTheDeviceSpecFamily {
+    [k: string]: unknown | undefined;
+}
+//# sourceMappingURL=device-binding.d.ts.map

package/dist/device/_shared/0.2/device-binding.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"device-binding.d.ts","sourceRoot":"","sources":["../../../../src/device/_shared/0.2/device-binding.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH;;GAEG;AACH,MAAM,WAAW,mDAAmD;IAClE,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC;CAClC"}

package/dist/device/_shared/0.2/device-binding.js ADDED Viewed

@@ -0,0 +1,6 @@
+/**
+ * Generated by scripts/build-ts-bindings.mjs — DO NOT EDIT BY HAND.
+ * Source: specs/device/_shared/0.2/device-binding.schema.json
+ */
+export {};
+//# sourceMappingURL=device-binding.js.map

package/dist/device/_shared/0.2/device-binding.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"device-binding.js","sourceRoot":"","sources":["../../../../src/device/_shared/0.2/device-binding.ts"],"names":[],"mappings":"AAAA;;;GAGG"}

package/dist/device/heartbeat/0.2/payload.d.ts ADDED Viewed

@@ -0,0 +1,29 @@
+/**
+ * Generated by scripts/build-ts-bindings.mjs — DO NOT EDIT BY HAND.
+ * Source: specs/device/heartbeat/0.2/payload.schema.json
+ */
+/**
+ * Periodic check-in from a Companion or Service. Refreshes `lastSeenAt`, carries optional state digests, and gives the maintainer a chance to deliver queued operations (notably queued wipes for targets that were offline at issuance).
+ */
+export interface DeviceHeartbeatPayload {
+    /**
+     * Updated platform descriptor if it changed since registration (e.g. browser updated).
+     */
+    platform?: string;
+    /**
+     * Optional — consumer's current sync baseline. If the maintainer notices a gap (consumer is behind), the response can hint that a vault/sync is due.
+     */
+    vaultSeq?: number;
+    ext?: Ext;
+}
+/**
+ * Vendor-namespaced extension object per SPEC.md §4.5.1. Each immediate key MUST be a reverse-DNS namespace; structure under each namespace is opaque to the framework.
+ */
+export interface Ext {
+    [k: string]: unknown | undefined;
+}
+/** Trust Task type URI. */
+export declare const TYPE_URI: "https://trusttasks.org/spec/device/heartbeat/0.2";
+/** Trust Task response type URI (request type URI + "#response"). */
+export declare const RESPONSE_TYPE_URI: "https://trusttasks.org/spec/device/heartbeat/0.2#response";
+//# sourceMappingURL=payload.d.ts.map

package/dist/device/heartbeat/0.2/payload.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"payload.d.ts","sourceRoot":"","sources":["../../../../src/device/heartbeat/0.2/payload.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,GAAG,CAAC,EAAE,GAAG,CAAC;CACX;AACD;;GAEG;AACH,MAAM,WAAW,GAAG;IAClB,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC;CAClC;AAED,2BAA2B;AAC3B,eAAO,MAAM,QAAQ,EAAG,kDAA2D,CAAC;AAEpF,qEAAqE;AACrE,eAAO,MAAM,iBAAiB,EAAG,2DAAoE,CAAC"}

package/dist/device/heartbeat/0.2/payload.js ADDED Viewed

@@ -0,0 +1,9 @@
+/**
+ * Generated by scripts/build-ts-bindings.mjs — DO NOT EDIT BY HAND.
+ * Source: specs/device/heartbeat/0.2/payload.schema.json
+ */
+/** Trust Task type URI. */
+export const TYPE_URI = "https://trusttasks.org/spec/device/heartbeat/0.2";
+/** Trust Task response type URI (request type URI + "#response"). */
+export const RESPONSE_TYPE_URI = "https://trusttasks.org/spec/device/heartbeat/0.2#response";
+//# sourceMappingURL=payload.js.map

package/dist/device/heartbeat/0.2/payload.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"payload.js","sourceRoot":"","sources":["../../../../src/device/heartbeat/0.2/payload.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAuBH,2BAA2B;AAC3B,MAAM,CAAC,MAAM,QAAQ,GAAG,kDAA2D,CAAC;AAEpF,qEAAqE;AACrE,MAAM,CAAC,MAAM,iBAAiB,GAAG,2DAAoE,CAAC"}

package/dist/device/list/0.2/payload.d.ts ADDED Viewed

@@ -0,0 +1,37 @@
+/**
+ * Generated by scripts/build-ts-bindings.mjs — DO NOT EDIT BY HAND.
+ * Source: specs/device/list/0.2/payload.schema.json
+ */
+/**
+ * Fine-grained capability flag scoped to the device's allowed contexts. See SPEC.md for the full semantics of each.
+ */
+export type Capability = "vaultRead" | "vaultWrite" | "proxyLogin" | "fillRelease" | "policyAdmin" | "deviceAdmin" | "sign" | "keyMint";
+/**
+ * List DeviceBindings known to the maintainer, optionally filtered by consumer kind, capability, status, and last-seen time.
+ */
+export interface DeviceListPayload {
+    consumerKindFilter?: "companion" | "service";
+    formFactorFilter?: "browser" | "mobile" | "desktop";
+    serviceKindFilter?: "mediator" | "aiAgent" | "daemon";
+    capabilityFilter?: Capability;
+    /**
+     * When true, include devices with `disabledAt` set. Default omits disabled.
+     */
+    includeDisabled?: boolean;
+    includeWiped?: boolean;
+    lastSeenSince?: string;
+    pageSize?: number;
+    cursor?: string;
+    ext?: Ext;
+}
+/**
+ * Vendor-namespaced extension object per SPEC.md §4.5.1. Each immediate key MUST be a reverse-DNS namespace; structure under each namespace is opaque to the framework.
+ */
+export interface Ext {
+    [k: string]: unknown | undefined;
+}
+/** Trust Task type URI. */
+export declare const TYPE_URI: "https://trusttasks.org/spec/device/list/0.2";
+/** Trust Task response type URI (request type URI + "#response"). */
+export declare const RESPONSE_TYPE_URI: "https://trusttasks.org/spec/device/list/0.2#response";
+//# sourceMappingURL=payload.d.ts.map

package/dist/device/list/0.2/payload.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"payload.d.ts","sourceRoot":"","sources":["../../../../src/device/list/0.2/payload.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH;;GAEG;AACH,MAAM,MAAM,UAAU,GAClB,WAAW,GACX,YAAY,GACZ,YAAY,GACZ,aAAa,GACb,aAAa,GACb,aAAa,GACb,MAAM,GACN,SAAS,CAAC;AAEd;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,kBAAkB,CAAC,EAAE,WAAW,GAAG,SAAS,CAAC;IAC7C,gBAAgB,CAAC,EAAE,SAAS,GAAG,QAAQ,GAAG,SAAS,CAAC;IACpD,iBAAiB,CAAC,EAAE,UAAU,GAAG,SAAS,GAAG,QAAQ,CAAC;IACtD,gBAAgB,CAAC,EAAE,UAAU,CAAC;IAC9B;;OAEG;IACH,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,GAAG,CAAC,EAAE,GAAG,CAAC;CACX;AACD;;GAEG;AACH,MAAM,WAAW,GAAG;IAClB,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC;CAClC;AAED,2BAA2B;AAC3B,eAAO,MAAM,QAAQ,EAAG,6CAAsD,CAAC;AAE/E,qEAAqE;AACrE,eAAO,MAAM,iBAAiB,EAAG,sDAA+D,CAAC"}

package/dist/device/list/0.2/payload.js ADDED Viewed

@@ -0,0 +1,9 @@
+/**
+ * Generated by scripts/build-ts-bindings.mjs — DO NOT EDIT BY HAND.
+ * Source: specs/device/list/0.2/payload.schema.json
+ */
+/** Trust Task type URI. */
+export const TYPE_URI = "https://trusttasks.org/spec/device/list/0.2";
+/** Trust Task response type URI (request type URI + "#response"). */
+export const RESPONSE_TYPE_URI = "https://trusttasks.org/spec/device/list/0.2#response";
+//# sourceMappingURL=payload.js.map

package/dist/device/list/0.2/payload.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"payload.js","sourceRoot":"","sources":["../../../../src/device/list/0.2/payload.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAwCH,2BAA2B;AAC3B,MAAM,CAAC,MAAM,QAAQ,GAAG,6CAAsD,CAAC;AAE/E,qEAAqE;AACrE,MAAM,CAAC,MAAM,iBAAiB,GAAG,sDAA+D,CAAC"}

package/dist/device/register/0.1/payload.d.ts CHANGED Viewed

@@ -18,6 +18,7 @@ export interface DeviceRegisterPayload {
     displayName: string;
     platform?: string;
     attestation?: DeviceAttestation;
+    keyCustody?: KeyCustody;
     /**
      * X25519 public key (did:key form) the maintainer will use to HPKE-seal sensitive payloads to this device (sealed secrets, session blobs, sync events). REQUIRED — every Companion/Service needs a recipient key.
      */
@@ -66,6 +67,23 @@ export interface NitroEnclave {
 export interface NoAttestation {
     kind: "none";
 }
+/**
+ * OPTIONAL. How the device custodies its private keys (tier + algorithms). RECOMMENDED for mobile Companions. Maintainer policy input — see docs/design-notes/mobile-key-custody-profile.md.
+ */
+export interface KeyCustody {
+    /**
+     * `hardware`: the key is non-exportable in the secure keystore (iOS Secure Enclave / Android StrongBox) and every signing / key-agreement operation runs in-chip — achievable only with P-256. `software`: the key is held in app memory during use, stored hardware-wrapped at rest. Maintainers MAY apply stricter policy (shorter sessions, more frequent step-up) to `software`-tier devices.
+     */
+    tier: "hardware" | "software";
+    /**
+     * JOSE `alg` of the holder's signing key, e.g. `ES256` (hardware-custodiable on mobile) or `EdDSA` (not).
+     */
+    signingAlg?: string;
+    /**
+     * Curve of the holder's keyAgreement key, e.g. `P-256` (hardware-custodiable on mobile) or `X25519` (not).
+     */
+    keyAgreementCurve?: string;
+}
 /**
  * Vendor-namespaced extension object per SPEC.md §4.5.1. Each immediate key MUST be a reverse-DNS namespace; structure under each namespace is opaque to the framework.
  */

package/dist/device/register/0.1/payload.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"payload.d.ts","sourceRoot":"","sources":["../../../../src/device/register/0.1/payload.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG,SAAS,GAAG,OAAO,CAAC;AAC/C;;GAEG;AACH,MAAM,MAAM,iBAAiB,GACzB,mBAAmB,GACnB,cAAc,GACd,aAAa,GACb,GAAG,GACH,YAAY,GACZ,aAAa,CAAC;AAElB;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,YAAY,EAAE,YAAY,CAAC;IAC3B,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,iBAAiB,CAAC;IAChC;;OAEG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,GAAG,CAAC,EAAE,GAAG,CAAC;CACX;AACD,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,WAAW,CAAC;IAClB,UAAU,EAAE,SAAS,GAAG,QAAQ,GAAG,SAAS,CAAC;CAC9C;AACD,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,SAAS,CAAC;IAChB,WAAW,EAAE,UAAU,GAAG,UAAU,GAAG,QAAQ,CAAC;CACjD;AACD,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,UAAU,CAAC;IACjB;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC;IACf;;OAEG;IACH,oBAAoB,CAAC,EAAE,MAAM,CAAC;CAC/B;AACD,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,kBAAkB,CAAC;IACzB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;CACrB;AACD,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,gBAAgB,CAAC;IACvB,KAAK,EAAE,MAAM,CAAC;CACf;AACD,MAAM,WAAW,GAAG;IAClB,IAAI,EAAE,KAAK,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;CACf;AACD,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,eAAe,CAAC;IACtB,KAAK,EAAE,MAAM,CAAC;CACf;AACD;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;CACd;AACD;;GAEG;AACH,MAAM,WAAW,GAAG;IAClB,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC;CAClC;AAED,2BAA2B;AAC3B,eAAO,MAAM,QAAQ,EAAG,iDAA0D,CAAC;AAEnF,qEAAqE;AACrE,eAAO,MAAM,iBAAiB,EAAG,0DAAmE,CAAC"}
1	+ {"version":3,"file":"payload.d.ts","sourceRoot":"","sources":["../../../../src/device/register/0.1/payload.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG,SAAS,GAAG,OAAO,CAAC;AAC/C;;GAEG;AACH,MAAM,MAAM,iBAAiB,GACzB,mBAAmB,GACnB,cAAc,GACd,aAAa,GACb,GAAG,GACH,YAAY,GACZ,aAAa,CAAC;AAElB;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,YAAY,EAAE,YAAY,CAAC;IAC3B,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,iBAAiB,CAAC;IAChC,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB;;OAEG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,GAAG,CAAC,EAAE,GAAG,CAAC;CACX;AACD,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,WAAW,CAAC;IAClB,UAAU,EAAE,SAAS,GAAG,QAAQ,GAAG,SAAS,CAAC;CAC9C;AACD,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,SAAS,CAAC;IAChB,WAAW,EAAE,UAAU,GAAG,UAAU,GAAG,QAAQ,CAAC;CACjD;AACD,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,UAAU,CAAC;IACjB;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC;IACf;;OAEG;IACH,oBAAoB,CAAC,EAAE,MAAM,CAAC;CAC/B;AACD,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,kBAAkB,CAAC;IACzB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;CACrB;AACD,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,gBAAgB,CAAC;IACvB,KAAK,EAAE,MAAM,CAAC;CACf;AACD,MAAM,WAAW,GAAG;IAClB,IAAI,EAAE,KAAK,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;CACf;AACD,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,eAAe,CAAC;IACtB,KAAK,EAAE,MAAM,CAAC;CACf;AACD;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;CACd;AACD;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB;;OAEG;IACH,IAAI,EAAE,UAAU,GAAG,UAAU,CAAC;IAC9B;;OAEG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB;;OAEG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B;AACD;;GAEG;AACH,MAAM,WAAW,GAAG;IAClB,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC;CAClC;AAED,2BAA2B;AAC3B,eAAO,MAAM,QAAQ,EAAG,iDAA0D,CAAC;AAEnF,qEAAqE;AACrE,eAAO,MAAM,iBAAiB,EAAG,0DAAmE,CAAC"}

package/dist/device/register/0.1/payload.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"payload.js","sourceRoot":"","sources":["../../../../src/device/register/0.1/payload.ts"],"names":[],"mappings":"AAAA;;;GAGG;~~AAgFH~~,2BAA2B;AAC3B,MAAM,CAAC,MAAM,QAAQ,GAAG,iDAA0D,CAAC;AAEnF,qEAAqE;AACrE,MAAM,CAAC,MAAM,iBAAiB,GAAG,0DAAmE,CAAC"}
1	+ {"version":3,"file":"payload.js","sourceRoot":"","sources":["../../../../src/device/register/0.1/payload.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAkGH,2BAA2B;AAC3B,MAAM,CAAC,MAAM,QAAQ,GAAG,iDAA0D,CAAC;AAEnF,qEAAqE;AACrE,MAAM,CAAC,MAAM,iBAAiB,GAAG,0DAAmE,CAAC"}

package/dist/device/register/0.2/payload.d.ts ADDED Viewed

@@ -0,0 +1,97 @@
+/**
+ * Generated by scripts/build-ts-bindings.mjs — DO NOT EDIT BY HAND.
+ * Source: specs/device/register/0.2/payload.schema.json
+ */
+/**
+ * Discriminator: is this consumer a user-driven Companion or a headless Service?
+ */
+export type ConsumerKind = Companion | Service;
+/**
+ * Producer-supplied attestation at registration time, verifiable by the maintainer against the platform's attestation infrastructure. Tagged union over the discriminator `kind`.
+ */
+export type DeviceAttestation = WebAuthnAttestation | AppleAppAttest | PlayIntegrity | Tpm | NitroEnclave | NoAttestation;
+/**
+ * Public discovery surface that wraps the maintainer's existing two-phase enrolment (provision-integration → acl/swap-key). A new Companion or Service hands the maintainer its long-term VTA-derived key, its consumer kind, display name, and an optional device attestation; the maintainer creates the DeviceBinding and returns it. Phase 1 (provision-integration) is assumed to have already happened — this task is the post-bootstrap claim step.
+ */
+export interface DeviceRegisterPayload {
+    consumerKind: ConsumerKind;
+    displayName: string;
+    platform?: string;
+    attestation?: DeviceAttestation;
+    keyCustody?: KeyCustody;
+    /**
+     * X25519 public key (did:key form) the maintainer will use to HPKE-seal sensitive payloads to this device (sealed secrets, session blobs, sync events). REQUIRED — every Companion/Service needs a recipient key.
+     */
+    hpkePublicKey?: string;
+    ext?: Ext;
+}
+export interface Companion {
+    kind: "companion";
+    formFactor: "browser" | "mobile" | "desktop";
+}
+export interface Service {
+    kind: "service";
+    serviceKind: "mediator" | "aiAgent" | "daemon";
+}
+export interface WebAuthnAttestation {
+    kind: "webauthn";
+    /**
+     * WebAuthn Authenticator AAGUID (UUID).
+     */
+    aaguid: string;
+    /**
+     * Base64url-encoded WebAuthn attestation statement, when supplied by the platform.
+     */
+    attestationStatement?: string;
+}
+export interface AppleAppAttest {
+    kind: "appleAppAttest";
+    keyId: string;
+    attestation: string;
+}
+export interface PlayIntegrity {
+    kind: "playIntegrity";
+    token: string;
+}
+export interface Tpm {
+    kind: "tpm";
+    quote: string;
+}
+export interface NitroEnclave {
+    kind: "nitroEnclave";
+    quote: string;
+}
+/**
+ * No device-level attestation is available. Maintainers MAY still register the device but SHOULD apply stricter policy (shorter session TTL, more frequent step-up).
+ */
+export interface NoAttestation {
+    kind: "none";
+}
+/**
+ * OPTIONAL. How the device custodies its private keys (tier + algorithms). RECOMMENDED for mobile Companions. Maintainer policy input — see docs/design-notes/mobile-key-custody-profile.md.
+ */
+export interface KeyCustody {
+    /**
+     * `hardware`: the key is non-exportable in the secure keystore (iOS Secure Enclave / Android StrongBox) and every signing / key-agreement operation runs in-chip — achievable only with P-256. `software`: the key is held in app memory during use, stored hardware-wrapped at rest. Maintainers MAY apply stricter policy (shorter sessions, more frequent step-up) to `software`-tier devices.
+     */
+    tier: "hardware" | "software";
+    /**
+     * JOSE `alg` of the holder's signing key, e.g. `ES256` (hardware-custodiable on mobile) or `EdDSA` (not).
+     */
+    signingAlg?: string;
+    /**
+     * Curve of the holder's keyAgreement key, e.g. `P-256` (hardware-custodiable on mobile) or `X25519` (not).
+     */
+    keyAgreementCurve?: string;
+}
+/**
+ * Vendor-namespaced extension object per SPEC.md §4.5.1. Each immediate key MUST be a reverse-DNS namespace; structure under each namespace is opaque to the framework.
+ */
+export interface Ext {
+    [k: string]: unknown | undefined;
+}
+/** Trust Task type URI. */
+export declare const TYPE_URI: "https://trusttasks.org/spec/device/register/0.2";
+/** Trust Task response type URI (request type URI + "#response"). */
+export declare const RESPONSE_TYPE_URI: "https://trusttasks.org/spec/device/register/0.2#response";
+//# sourceMappingURL=payload.d.ts.map

package/dist/device/register/0.2/payload.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"payload.d.ts","sourceRoot":"","sources":["../../../../src/device/register/0.2/payload.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG,SAAS,GAAG,OAAO,CAAC;AAC/C;;GAEG;AACH,MAAM,MAAM,iBAAiB,GACzB,mBAAmB,GACnB,cAAc,GACd,aAAa,GACb,GAAG,GACH,YAAY,GACZ,aAAa,CAAC;AAElB;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,YAAY,EAAE,YAAY,CAAC;IAC3B,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,iBAAiB,CAAC;IAChC,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB;;OAEG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,GAAG,CAAC,EAAE,GAAG,CAAC;CACX;AACD,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,WAAW,CAAC;IAClB,UAAU,EAAE,SAAS,GAAG,QAAQ,GAAG,SAAS,CAAC;CAC9C;AACD,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,SAAS,CAAC;IAChB,WAAW,EAAE,UAAU,GAAG,SAAS,GAAG,QAAQ,CAAC;CAChD;AACD,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,UAAU,CAAC;IACjB;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC;IACf;;OAEG;IACH,oBAAoB,CAAC,EAAE,MAAM,CAAC;CAC/B;AACD,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,gBAAgB,CAAC;IACvB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;CACrB;AACD,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,eAAe,CAAC;IACtB,KAAK,EAAE,MAAM,CAAC;CACf;AACD,MAAM,WAAW,GAAG;IAClB,IAAI,EAAE,KAAK,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;CACf;AACD,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,cAAc,CAAC;IACrB,KAAK,EAAE,MAAM,CAAC;CACf;AACD;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;CACd;AACD;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB;;OAEG;IACH,IAAI,EAAE,UAAU,GAAG,UAAU,CAAC;IAC9B;;OAEG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB;;OAEG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B;AACD;;GAEG;AACH,MAAM,WAAW,GAAG;IAClB,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC;CAClC;AAED,2BAA2B;AAC3B,eAAO,MAAM,QAAQ,EAAG,iDAA0D,CAAC;AAEnF,qEAAqE;AACrE,eAAO,MAAM,iBAAiB,EAAG,0DAAmE,CAAC"}

package/dist/device/register/0.2/payload.js ADDED Viewed

@@ -0,0 +1,9 @@
+/**
+ * Generated by scripts/build-ts-bindings.mjs — DO NOT EDIT BY HAND.
+ * Source: specs/device/register/0.2/payload.schema.json
+ */
+/** Trust Task type URI. */
+export const TYPE_URI = "https://trusttasks.org/spec/device/register/0.2";
+/** Trust Task response type URI (request type URI + "#response"). */
+export const RESPONSE_TYPE_URI = "https://trusttasks.org/spec/device/register/0.2#response";
+//# sourceMappingURL=payload.js.map

package/dist/device/register/0.2/payload.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"payload.js","sourceRoot":"","sources":["../../../../src/device/register/0.2/payload.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAkGH,2BAA2B;AAC3B,MAAM,CAAC,MAAM,QAAQ,GAAG,iDAA0D,CAAC;AAEnF,qEAAqE;AACrE,MAAM,CAAC,MAAM,iBAAiB,GAAG,0DAAmE,CAAC"}

package/dist/device/set-wake/0.1/payload.d.ts ADDED Viewed

@@ -0,0 +1,43 @@
+/**
+ * Generated by scripts/build-ts-bindings.mjs — DO NOT EDIT BY HAND.
+ * Source: specs/device/set-wake/0.1/payload.schema.json
+ */
+/**
+ * A device conveys to its VTA the opaque WakeHandle it obtained from a push gateway, so the VTA can own the trigger allowlist and provision the gateway. Carries no platform push token — only the handle. Present `wakeHandle` sets/replaces the wake channel; absent clears it (device becomes non-wakeable). Idempotent; re-issued on token rotation. See the push wake-up binding (https://trusttasks.org/binding/push/0.1).
+ */
+export interface DeviceSetWakePayload {
+    wakeHandle?: WakeHandle;
+    /**
+     * OPTIONAL, advisory. The abstract platform behind the handle, for device/list visibility only. The VTA never sees the token; this is a non-authoritative hint.
+     */
+    pushPlatform?: "apns" | "fcm" | "webpush";
+    /**
+     * OPTIONAL, advisory. DIDs the device suggests as wake triggers (e.g. its mediator). The VTA owns the allowlist and MAY ignore this entirely — it is a hint, not an instruction.
+     */
+    suggestedTriggers?: string[];
+    ext?: Ext;
+}
+/**
+ * OPTIONAL. The opaque gateway-issued handle for this device's push channel. Omit to clear the wake channel (the VTA empties the gateway allowlist; the device becomes non-wakeable).
+ */
+export interface WakeHandle {
+    /**
+     * The push gateway that issued this handle and acts on it — a DID (DIDComm-reachable gateway) or an https URL (REST gateway). A trigger sends its contentless wake request here.
+     */
+    gateway: string;
+    /**
+     * Opaque gateway-issued identifier for the device's push channel. Reveals no platform token. Rotates whenever the device re-registers a new platform token with the gateway; the device then re-conveys the fresh handle via device/set-wake.
+     */
+    handle: string;
+}
+/**
+ * Vendor-namespaced extension object per SPEC.md §4.5.1. Each immediate key MUST be a reverse-DNS namespace; structure under each namespace is opaque to the framework.
+ */
+export interface Ext {
+    [k: string]: unknown | undefined;
+}
+/** Trust Task type URI. */
+export declare const TYPE_URI: "https://trusttasks.org/spec/device/set-wake/0.1";
+/** Trust Task response type URI (request type URI + "#response"). */
+export declare const RESPONSE_TYPE_URI: "https://trusttasks.org/spec/device/set-wake/0.1#response";
+//# sourceMappingURL=payload.d.ts.map

package/dist/device/set-wake/0.1/payload.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"payload.d.ts","sourceRoot":"","sources":["../../../../src/device/set-wake/0.1/payload.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB;;OAEG;IACH,YAAY,CAAC,EAAE,MAAM,GAAG,KAAK,GAAG,SAAS,CAAC;IAC1C;;OAEG;IACH,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC7B,GAAG,CAAC,EAAE,GAAG,CAAC;CACX;AACD;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB;;OAEG;IACH,OAAO,EAAE,MAAM,CAAC;IAChB;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC;CAChB;AACD;;GAEG;AACH,MAAM,WAAW,GAAG;IAClB,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC;CAClC;AAED,2BAA2B;AAC3B,eAAO,MAAM,QAAQ,EAAG,iDAA0D,CAAC;AAEnF,qEAAqE;AACrE,eAAO,MAAM,iBAAiB,EAAG,0DAAmE,CAAC"}

package/dist/device/set-wake/0.1/payload.js ADDED Viewed

@@ -0,0 +1,9 @@
+/**
+ * Generated by scripts/build-ts-bindings.mjs — DO NOT EDIT BY HAND.
+ * Source: specs/device/set-wake/0.1/payload.schema.json
+ */
+/** Trust Task type URI. */
+export const TYPE_URI = "https://trusttasks.org/spec/device/set-wake/0.1";
+/** Trust Task response type URI (request type URI + "#response"). */
+export const RESPONSE_TYPE_URI = "https://trusttasks.org/spec/device/set-wake/0.1#response";
+//# sourceMappingURL=payload.js.map

package/dist/device/set-wake/0.1/payload.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"payload.js","sourceRoot":"","sources":["../../../../src/device/set-wake/0.1/payload.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAqCH,2BAA2B;AAC3B,MAAM,CAAC,MAAM,QAAQ,GAAG,iDAA0D,CAAC;AAEnF,qEAAqE;AACrE,MAAM,CAAC,MAAM,iBAAiB,GAAG,0DAAmE,CAAC"}

package/dist/device/set-wake/0.2/payload.d.ts ADDED Viewed

@@ -0,0 +1,43 @@
+/**
+ * Generated by scripts/build-ts-bindings.mjs — DO NOT EDIT BY HAND.
+ * Source: specs/device/set-wake/0.2/payload.schema.json
+ */
+/**
+ * A device conveys to its VTA the opaque WakeHandle it obtained from a push gateway, so the VTA can own the trigger allowlist and provision the gateway. Carries no platform push token — only the handle. Present `wakeHandle` sets/replaces the wake channel; absent clears it (device becomes non-wakeable). Idempotent; re-issued on token rotation. See the push wake-up binding (https://trusttasks.org/binding/push/0.1).
+ */
+export interface DeviceSetWakePayload {
+    wakeHandle?: WakeHandle;
+    /**
+     * OPTIONAL, advisory. The abstract platform behind the handle, for device/list visibility only. The VTA never sees the token; this is a non-authoritative hint.
+     */
+    pushPlatform?: "apns" | "fcm" | "webpush";
+    /**
+     * OPTIONAL, advisory. DIDs the device suggests as wake triggers (e.g. its mediator). The VTA owns the allowlist and MAY ignore this entirely — it is a hint, not an instruction.
+     */
+    suggestedTriggers?: string[];
+    ext?: Ext;
+}
+/**
+ * OPTIONAL. The opaque gateway-issued handle for this device's push channel. Omit to clear the wake channel (the VTA empties the gateway allowlist; the device becomes non-wakeable).
+ */
+export interface WakeHandle {
+    /**
+     * The push gateway that issued this handle and acts on it — a DID (DIDComm-reachable gateway) or an https URL (REST gateway). A trigger sends its contentless wake request here.
+     */
+    gateway: string;
+    /**
+     * Opaque gateway-issued identifier for the device's push channel. Reveals no platform token. Rotates whenever the device re-registers a new platform token with the gateway; the device then re-conveys the fresh handle via device/set-wake.
+     */
+    handle: string;
+}
+/**
+ * Vendor-namespaced extension object per SPEC.md §4.5.1. Each immediate key MUST be a reverse-DNS namespace; structure under each namespace is opaque to the framework.
+ */
+export interface Ext {
+    [k: string]: unknown | undefined;
+}
+/** Trust Task type URI. */
+export declare const TYPE_URI: "https://trusttasks.org/spec/device/set-wake/0.2";
+/** Trust Task response type URI (request type URI + "#response"). */
+export declare const RESPONSE_TYPE_URI: "https://trusttasks.org/spec/device/set-wake/0.2#response";
+//# sourceMappingURL=payload.d.ts.map

package/dist/device/set-wake/0.2/payload.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"payload.d.ts","sourceRoot":"","sources":["../../../../src/device/set-wake/0.2/payload.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB;;OAEG;IACH,YAAY,CAAC,EAAE,MAAM,GAAG,KAAK,GAAG,SAAS,CAAC;IAC1C;;OAEG;IACH,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC7B,GAAG,CAAC,EAAE,GAAG,CAAC;CACX;AACD;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB;;OAEG;IACH,OAAO,EAAE,MAAM,CAAC;IAChB;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC;CAChB;AACD;;GAEG;AACH,MAAM,WAAW,GAAG;IAClB,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC;CAClC;AAED,2BAA2B;AAC3B,eAAO,MAAM,QAAQ,EAAG,iDAA0D,CAAC;AAEnF,qEAAqE;AACrE,eAAO,MAAM,iBAAiB,EAAG,0DAAmE,CAAC"}

package/dist/device/set-wake/0.2/payload.js ADDED Viewed

@@ -0,0 +1,9 @@
+/**
+ * Generated by scripts/build-ts-bindings.mjs — DO NOT EDIT BY HAND.
+ * Source: specs/device/set-wake/0.2/payload.schema.json
+ */
+/** Trust Task type URI. */
+export const TYPE_URI = "https://trusttasks.org/spec/device/set-wake/0.2";
+/** Trust Task response type URI (request type URI + "#response"). */
+export const RESPONSE_TYPE_URI = "https://trusttasks.org/spec/device/set-wake/0.2#response";
+//# sourceMappingURL=payload.js.map

package/dist/device/set-wake/0.2/payload.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"payload.js","sourceRoot":"","sources":["../../../../src/device/set-wake/0.2/payload.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAqCH,2BAA2B;AAC3B,MAAM,CAAC,MAAM,QAAQ,GAAG,iDAA0D,CAAC;AAEnF,qEAAqE;AACrE,MAAM,CAAC,MAAM,iBAAiB,GAAG,0DAAmE,CAAC"}

package/dist/device/wipe/0.2/payload.d.ts ADDED Viewed

@@ -0,0 +1,37 @@
+/**
+ * Generated by scripts/build-ts-bindings.mjs — DO NOT EDIT BY HAND.
+ * Source: specs/device/wipe/0.2/payload.schema.json
+ */
+/**
+ * The maintainer issues a wipe to a Companion or Service. The target is expected to destroy its local cache and (depending on scope) its device-local key material. The action is best-effort — a compromised device may silently drop the wipe — so the maintainer additionally revokes ACL access and rotates the device's cache-key derivation root, so that defence in depth means a non-compliant device is still neutralised.
+ */
+export interface DeviceWipePayload {
+    deviceId: string;
+    /**
+     * How aggressively the target should wipe:
+     * - `cache` — discard the encrypted vault cache; consumer can re-sync with valid creds.
+     * - `cacheAndKeys` — discard cache + device-local key material; consumer must re-onboard.
+     * - `full` — `cacheAndKeys` + clear all extension/app storage + revoke OS credential-provider registration where APIs permit.
+     */
+    scope: "cache" | "cacheAndKeys" | "full";
+    /**
+     * Human-readable reason. Required (not optional) because every wipe is consequential and the audit log must capture intent.
+     */
+    reason: string;
+    /**
+     * Wipe-issuance timestamp; identical to the document's `issuedAt`, repeated here so the body is self-contained for offline-queued delivery.
+     */
+    issuedAt?: string;
+    ext?: Ext;
+}
+/**
+ * Vendor-namespaced extension object per SPEC.md §4.5.1. Each immediate key MUST be a reverse-DNS namespace; structure under each namespace is opaque to the framework.
+ */
+export interface Ext {
+    [k: string]: unknown | undefined;
+}
+/** Trust Task type URI. */
+export declare const TYPE_URI: "https://trusttasks.org/spec/device/wipe/0.2";
+/** Trust Task response type URI (request type URI + "#response"). */
+export declare const RESPONSE_TYPE_URI: "https://trusttasks.org/spec/device/wipe/0.2#response";
+//# sourceMappingURL=payload.d.ts.map

package/dist/device/wipe/0.2/payload.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"payload.d.ts","sourceRoot":"","sources":["../../../../src/device/wipe/0.2/payload.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,MAAM,CAAC;IACjB;;;;;OAKG;IACH,KAAK,EAAE,OAAO,GAAG,cAAc,GAAG,MAAM,CAAC;IACzC;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC;IACf;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,GAAG,CAAC,EAAE,GAAG,CAAC;CACX;AACD;;GAEG;AACH,MAAM,WAAW,GAAG;IAClB,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC;CAClC;AAED,2BAA2B;AAC3B,eAAO,MAAM,QAAQ,EAAG,6CAAsD,CAAC;AAE/E,qEAAqE;AACrE,eAAO,MAAM,iBAAiB,EAAG,sDAA+D,CAAC"}

package/dist/device/wipe/0.2/payload.js ADDED Viewed

@@ -0,0 +1,9 @@
+/**
+ * Generated by scripts/build-ts-bindings.mjs — DO NOT EDIT BY HAND.
+ * Source: specs/device/wipe/0.2/payload.schema.json
+ */
+/** Trust Task type URI. */
+export const TYPE_URI = "https://trusttasks.org/spec/device/wipe/0.2";
+/** Trust Task response type URI (request type URI + "#response"). */
+export const RESPONSE_TYPE_URI = "https://trusttasks.org/spec/device/wipe/0.2#response";
+//# sourceMappingURL=payload.js.map

package/dist/device/wipe/0.2/payload.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"payload.js","sourceRoot":"","sources":["../../../../src/device/wipe/0.2/payload.ts"],"names":[],"mappings":"AAAA;;;GAGG;AA+BH,2BAA2B;AAC3B,MAAM,CAAC,MAAM,QAAQ,GAAG,6CAAsD,CAAC;AAE/E,qEAAqE;AACrE,MAAM,CAAC,MAAM,iBAAiB,GAAG,sDAA+D,CAAC"}

package/dist/did-management/did/check-name/0.1/payload.d.ts CHANGED Viewed

@@ -3,9 +3,12 @@
  * Source: specs/did-management/did/check-name/0.1/payload.schema.json
  */
 export interface DIDManagementCheckNamePayload {
-    path: string;
     /**
-     * When true and the path is available, atomically reserve it under the caller and return the resulting DidRecord.
+     * Local path to test. REQUIRED for an availability probe (`reserve: false`). OPTIONAL when `reserve: true`: omit it to ask the host to auto-assign a fresh, server-generated mnemonic for the reservation.
+     */
+    path?: string;
+    /**
+     * When true and the path is available — or, when `path` is omitted, always — atomically reserve a slot under the caller and return the resulting DidRecord. When `path` is omitted the host generates a fresh unused mnemonic (auto-assign).
      */
     reserve?: boolean;
     /**

package/dist/did-management/did/check-name/0.1/payload.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"payload.d.ts","sourceRoot":"","sources":["../../../../../src/did-management/did/check-name/0.1/payload.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,WAAW,6BAA6B;IAC5C,IAAI,EAAE,MAAM,CAAC;~~IACb~~;;OAEG;IACH,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,GAAG,CAAC,EAAE,GAAG,CAAC;CACX;AACD;;GAEG;AACH,MAAM,WAAW,GAAG;IAClB,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC;CAClC;AAED,2BAA2B;AAC3B,eAAO,MAAM,QAAQ,EAAG,+DAAwE,CAAC;AAEjG,qEAAqE;AACrE,eAAO,MAAM,iBAAiB,EAAG,wEAAiF,CAAC"}
1	+ {"version":3,"file":"payload.d.ts","sourceRoot":"","sources":["../../../../../src/did-management/did/check-name/0.1/payload.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,WAAW,6BAA6B;IAC5C;;OAEG;IACH,IAAI,CAAC,EAAE,MAAM,CAAC;IACd;;OAEG;IACH,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,GAAG,CAAC,EAAE,GAAG,CAAC;CACX;AACD;;GAEG;AACH,MAAM,WAAW,GAAG;IAClB,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC;CAClC;AAED,2BAA2B;AAC3B,eAAO,MAAM,QAAQ,EAAG,+DAAwE,CAAC;AAEjG,qEAAqE;AACrE,eAAO,MAAM,iBAAiB,EAAG,wEAAiF,CAAC"}

package/dist/did-management/did/check-name/0.1/payload.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"payload.js","sourceRoot":"","sources":["../../../../../src/did-management/did/check-name/0.1/payload.ts"],"names":[],"mappings":"AAAA;;;GAGG;~~AAqBH~~,2BAA2B;AAC3B,MAAM,CAAC,MAAM,QAAQ,GAAG,+DAAwE,CAAC;AAEjG,qEAAqE;AACrE,MAAM,CAAC,MAAM,iBAAiB,GAAG,wEAAiF,CAAC"}
1	+ {"version":3,"file":"payload.js","sourceRoot":"","sources":["../../../../../src/did-management/did/check-name/0.1/payload.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAwBH,2BAA2B;AAC3B,MAAM,CAAC,MAAM,QAAQ,GAAG,+DAAwE,CAAC;AAEjG,qEAAqE;AACrE,MAAM,CAAC,MAAM,iBAAiB,GAAG,wEAAiF,CAAC"}